Raritan Home Security System User Manual

Raritan computer home security system user manual

Table of Contents

Quick Links

Download this manual

CommandCenter Secure Gateway

Administrators Guide

Release 4.3

CCA-0K-v4.3-E

December 2009

255-80-5140-00

Table of Contents

Need help?

Do you have a question about the Home Security System and is the answer not in the manual?

Questions and answers

Summary of Contents for Raritan Home Security System

Page 2 This document contains proprietary information that is protected by copyright. All rights reserved. No part of this document may be photocopied, reproduced, or translated into another language without express prior written consent of Raritan, Inc. © Copyright 2009 Raritan, Inc., CommandCenter®, Dominion®, Paragon® and the Raritan company logo are trademarks or registered trademarks of Raritan, Inc.
Page 3: Table Of Contents
Contents What's New in the CC-SG Administrators Guide Chapter 1 Introduction Prerequisites ... 1 Terminology/Acronyms ... 2 Client Browser Requirements ... 4 Chapter 2 Accessing CC-SG Browser-Based Access via the CC-SG Admin Client...5 JRE Incompatibility ... 6 Thick Client Access... 6 Install the Thick Client ...
Page 4 Contents How to Create Associations ... 22 Adding, Editing, and Deleting Categories and Elements...22 Add a Category... 22 Delete a Category...23 Add an Element ...23 Adding Categories and Elements with CSV File Import ...23 Categories and Elements CSV File Requirements ...24 Sample Categories and Elements CSV File...25 Import Categories and Elements ...25 Export Categories and Elements...26...
Page 5 Delete a Device Group ...54 Adding Devices with CSV File Import ...54 Devices CSV File Requirements ...55 Sample Devices CSV File ...58 Import Devices... 58 Export Devices... 59 Upgrading a Device ... 59 Backing Up a Device Configuration ...60 Restoring Device Configurations ... 61 Restore a Device Configuration (KX, KSX, KX101, SX, IP-Reach) ...61 Restore All Configuration Data Except Network Settings to a KX2, KSX2, or KX2-101 Device...
Page 6 Contents About Interfaces... 78 Viewing Nodes ... 78 Nodes Tab ... 78 Node Profile ... 79 Node and Interface Icons ...81 Service Accounts ... 82 Service Accounts Overview...82 Add, Edit, and Delete Service Accounts...83 Change the Password for a Service Account...83 Assign Service Accounts to Interfaces ...84 Adding, Editing, and Deleting Nodes ...85 Add a Node...
Page 7 Chapter 9 Users and User Groups The Users Tab ...130 Default User Groups ...131 CC Super-User Group ...131 System Administrators Group...131 CC Users Group ...131 Adding, Editing, and Deleting User Groups...132 Add a User Group...132 Edit a User Group ...133 Delete a User Group...134 Limit the Number of KVM Sessions per User ...135 Configuring Access Auditing for User Groups ...135...
Page 8 Contents Using Custom Views in the Admin Client ...155 Custom Views for Nodes ...155 Custom Views for Devices...157 Chapter 12 Remote Authentication Authentication and Authorization (AA) Overview...161 Flow for Authentication ...161 User Accounts ...162 Distinguished Names for LDAP and AD ...162 Specify a Distinguished Name for AD ...162 Specify a Distinguished Name for LDAP...162 Specify a Username for AD ...163...
Page 9 Navigate Multiple Page Reports ...181 Print a Report...181 Save a Report to a File...181 Purge a Report's Data From CC-SG ...182 Hide or Show Report Filters ...182 Audit Trail Report ...182 Error Log Report ...183 Access Report...184 Availability Report ...184 Active Users Report ...185 Locked Out Users Report ...185 All Users Data Report ...185...
Page 10 Contents Chapter 15 Advanced Administration Configuring a Message of the Day ...206 Configuring Applications for Accessing Nodes...207 About Applications for Accessing Nodes...207 Checking and Upgrading Application Versions ...207 Older Version of Application Opens After Upgrading ...208 Add an Application...208 Delete an Application...209 Prerequisites for Using AKC...209 Configuring Default Applications...209 About Default Applications ...209...
Page 11 Security Manager...234 Remote Authentication ...234 AES Encryption...234 Configure Browser Connection Protocol: HTTP or HTTPS/SSL...236 Set the Port Number for SSH Access to CC-SG...236 Login Settings ...236 Configure the Inactivity Timer...239 Portal ...239 Certificates...241 Access Control List...244 Notification Manager ...245 Configure an External SMTP Server ...245 Task Manager ...246 Task Types ...246 Schedule Sequential Tasks ...247...
Page 12 Contents Edit Network Interfaces Configuration (Network Interfaces) ...275 Ping an IP Address...276 Use Traceroute ...277 Edit Static Routes ...278 View Log Files in Diagnostic Console ...280 Restart CC-SG with Diagnostic Console...283 Reboot CC-SG with Diagnostic Console...284 Power Off CC-SG System from Diagnostic Console...285 Reset CC Super-User Password with Diagnostic Console ...286 Reset CC-SG Factory Configuration (Admin) ...287 Diagnostic Console Password Settings...289...
Page 13 Contents CC-SG and Client for IPMI, iLO/RILOE, DRAC, RSA ...318 CC-SG and SNMP...318 CC-SG Internal Ports...319 CC-SG Access via NAT-enabled Firewall ...319 RDP Access to Nodes ...319 VNC Access to Nodes ...320 SSH Access to Nodes ...320 Remote System Monitoring Port...320 xiii...
Page 14 Contents Appendix C User Group Privileges Appendix D SNMP Traps Appendix E CSV File Imports Common CSV File Requirements...333 Audit Trail Entries for Importing ...334 Troubleshoot CSV File Problems ...335 Appendix F Troubleshooting Appendix G Diagnostic Utilities Memory Diagnostic ...338 Debug Mode ...339 CC-SG Disk Monitoring ...340 Appendix H Two-Factor Authentication...
Page 15 Node Information ...353 Location Information ...354 Contact Information...354 Service Accounts ...354 Device Information ...354 Port Information ...355 Associations...355 Administration ...355 Appendix L Diagnostic Console Bootup Messages Index Contents...
Page 16 What's New in the CC-SG Administrators Guide The following sections have changed or information has been added to the CommandCenter Secure Gateway Administrators Guide based on enhancements and changes to the equipment and/or documentation. • Discover and Add Devices • Add User Groups and Users •...
Page 17 • Configuring Power Control of Power IQ IT Devices • CC-SG Clustering (on page 315) See the Release Notes for a more detailed explanation of the changes applied to this version of the CommandCenter Secure Gateway. What's New in the CC-SG Administrators Guide (on page 306) xvii...
Page 19: Chapter 1 Introduction
Introduction Chapter 1 The CommandCenter Secure Gateway (CC-SG) Administrators Guide offers instructions for administering and maintaining your CC-SG. This guide is intended for administrators who typically have all available privileges. Users who are not administrators should see Raritan's CommandCenter Secure Gateway User Guide. In This Chapter Prerequisites...1 Terminology/Acronyms...2...
Page 20: Terminology/Acronyms
Chapter 1: Introduction Terminology/Acronyms Terms and acronyms found in this document include: Access Client - HTML-based client intended for use by normal access users who need to access a node managed by CC-SG. The Access Client does not allow the use of administration functions. Admin Client - Java-based client for CC-SG useable by both normal access users and administrators.
Page 21 Chapter 1: Introduction Ghosted Ports - when managing Paragon devices, a ghosted port can occur when a CIM or target server is removed from the system or powered off (manually or accidentally). See Raritan's Paragon II User Guide. Hostname - can be used if DNS server support is enabled. See About Network Setup (on page 211).
Page 22: Client Browser Requirements
Chapter 1: Introduction Node Groups - a defined group of nodes that are accessible to a user. Node groups are used when creating a policy to control access to the nodes in the group. Ports - connection points between a Raritan device and a node. Ports exist only on Raritan devices, and they identify a pathway from that device to a node.
Page 23: Chapter 2 Accessing Cc-Sg
Accessing CC-SG Chapter 2 You can access CC-SG in several ways: • Browser: CC-SG supports numerous web browsers (for a complete list of supported browsers, see the Compatibility Matrix on the Raritan Support website). • Thick Client: You can install a Java Web Start thick client on your client computer.
Page 24: Jre Incompatibility
Chapter 2: Accessing CC-SG JRE Incompatibility If you do not have the minimum required version of JRE installed on your client computer, you will see a warning message before you can access the CC-SG Admin Client. The JRE Incompatibility Warning window opens when CC-SG cannot find the required JRE file on your client computer.
Page 25: Use The Thick Client
5. To check the setting in CC-SG: Choose Administration > Security. In the Encryption tab, look at the Browser Connection Protocol option. If the HTTPS/SSL option is selected, then you must select the Secure Socket Layer SSL checkbox in the thick client's IP address specification window.
Page 26: Cc-Sg Admin Client
Chapter 2: Accessing CC-SG CC-SG Admin Client Upon valid login, the CC-SG Admin Client appears.
Page 27 • Nodes tab: Click the Nodes tab to display all known target nodes in a tree view. Click a node to view the Node Profile. Interfaces are grouped under their parent nodes. Click the + and - signs to expand or collapse the tree.
Page 28: Chapter 3 Getting Started
Getting Started Chapter 3 Upon the first login to CC-SG, you should confirm the IP address, set the CC-SG server time, and check the firmware and application versions installed. You may need to upgrade the firmware and applications. Once you have completed your initial configurations, proceed to Guided Setup.
Page 29: Checking The Compatibility Matrix
a. To set the date and time via NTP: Select the Enable Network Note: Network Time Protocol (NTP) is the protocol used to synchronize the attached computer's date and time data with a referenced NTP server. When CC-SG is configured with NTP, it can synchronize its clock time with the publicly available NTP reference server to maintain correct and consistent time.
Page 30 Chapter 3: Getting Started 2. Select an Application name from the list. Note the number in the If the application version is not current, you must upgrade the application. You can download the application upgrade file from the Raritan website. For a complete list of supported application versions, see the Compatibility Matrix on the Raritan Support website.
Page 31: Chapter 4 Configuring Cc-Sg With Guided Setup
Configuring CC-SG with Guided Chapter 4 Setup Guided Setup offers a simple way to complete initial CC-SG configuration tasks once the network configuration is complete. The Guided Setup interface leads you through the process of defining Associations, discovering and adding devices to CC-SG, creating device groups and node groups, creating user groups, assigning policies and privileges to user groups, and adding users.
Page 32: Associations In Guided Setup
Chapter 4: Configuring CC-SG with Guided Setup Associations in Guided Setup Create Categories and Elements 1. In the Guided Setup window, click Associations, and then click 2. In the Category Name field, type the name of a category into which 3.
Page 33: Discover And Add Devices
Discover and Add Devices The Discover Devices panel opens when you click Continue at the end of the Associations task. You can also click Device Setup, and then click Discover Devices in the Guided Tasks tree view in the left panel to open the Discover Devices panel.
Page 34: Creating Groups
Chapter 4: Configuring CC-SG with Guided Setup 14. If you are manually adding a PowerStrip device, click the Number of 15. If you are adding an IPMI Server, type an Interval, used to check for 16. If you want to configure all available ports on the device, select the 17.
Page 35 3. There are two ways to add devices to a group, Select Devices and Describe Devices. The Select Devices tab allows you to select which devices you want to assign to the group by selecting them from the list of available devices. The Describe Devices tab allows you to specify rules that describe devices, and the devices whose parameters follow those rules will be added to the group.
Page 36: User Management
Chapter 4: Configuring CC-SG with Guided Setup 9. Select the Create Full Access Policy for Group checkbox if you want 10. To add another node group, click Apply to save this group and 11. When you have finished adding node groups, click OK. The Groups 12.
Page 37: Add User Groups And Users
Add User Groups and Users The Add User Group panel opens when you click Continue at the end of the Create Groups task. You can also click User Management, and then click Add User Group in the Guided Tasks tree view in the left panel to open the Add User Group panel.
Page 38 Chapter 4: Configuring CC-SG with Guided Setup 13. Select the Login Enabled checkbox if you want the user to be able to 14. Select the Remote Authentication checkbox only if you want the user 15. In the New Password and Retype New Password fields, type the 16.
Page 39: Chapter 5 Associations, Categories, And Elements
Associations, Categories, and Chapter 5 Elements In This Chapter About Associations ...21 Adding, Editing, and Deleting Categories and Elements ...22 Adding Categories and Elements with CSV File Import...23 About Associations You can set up Associations to help organize the equipment that CC-SG manages.
Page 40: How To Create Associations
Chapter 5: Associations, Categories, and Elements Policies also use categories and elements to control user access to servers. For example, the category/element pair Location/America can be used to create a Policy to control user access to servers in America. page 149) You can assign more than one element of a category to a node or device via CSV file import.
Page 41: Delete A Category
5. In the Applicable For field, select whether this category applies to: Devices, Nodes, or Device and Nodes. 6. Click OK to create the new category. The new category name appears in the Category Name field. Delete a Category Deleting a category deletes all of the elements created within that category.
Page 42: Categories And Elements Csv File Requirements
Chapter 5: Associations, Categories, and Elements Categories and Elements CSV File Requirements The categories and elements CSV file defines the categories, their associated elements, their type, and whether they apply to devices, nodes or both. • • • • Column 1 Column 2 CATEGORY Column 1...
Page 43: Sample Categories And Elements Csv File
Sample Categories and Elements CSV File ADD, CATEGORY, OS, String, Node ADD, CATEGORYELEMENT, OS, UNIX ADD, CATEGORYELEMENT, OS, WINDOWS ADD, CATEGORYELEMENT, OS, LINUX ADD, CATEGORY, Location, String, Device ADD, CATEGORYELEMENT, Location, Aisle 1 ADD, CATEGORYELEMENT, Location, Aisle 2 ADD, CATEGORYELEMENT, Location, Aisle 3 Import Categories and Elements Once you've created the CSV file, validate it to check for errors then import it.
Page 44: Export Categories And Elements
Chapter 5: Associations, Categories, and Elements Export Categories and Elements The export file contains comments at the top that describe each item in the file. The comments can be used as instructions for creating a file for importing. 1. Choose Administration > Export > Export Categories. 2.
Page 45: Chapter 6 Devices, Device Groups, And Ports
Devices, Device Groups, and Ports Chapter 6 To add Raritan PowerStrip Devices that are connected to other Raritan devices to CC-SG, see Managed PowerStrips (on page 69). Note: To configure iLO/RILOE devices, IPMI devices, Dell DRAC devices, IBM RSA devices, or other non-Raritan devices, use the Add Node menu and add these items as an interface.
Page 46: Viewing Devices
Chapter 6: Devices, Device Groups, and Ports Viewing Devices The Devices Tab Click the Devices tab to display all devices under CC-SG management. Each device's configured ports are nested under the devices they belong to. Devices with configured ports appear in the list with a + symbol. Click the + or - to expand or collapse the list of ports.
Page 47: Port Sorting Options
Icon Meaning Serial port unavailable Ghosted port (See Raritan's Paragon II User Guide for details on Ghosting Mode.) Device paused Device unavailable Power strip Outlet port Blade chassis available Blade chassis unavailable Blade server available Blade server unavailable Port Sorting Options Configured ports are nested under their parent devices in the Devices tab.
Page 48: Device Profile Screen
Chapter 6: Devices, Device Groups, and Ports Note: For blade servers without an integrated KVM switch, such as HP BladeSystem servers, their parent device is the virtual blade chassis that CC-SG creates, not the KX2 device. These servers will be sorted only within the virtual blade chassis device so they will not appear in order with the other KX2 ports unless you restore these blade servers ports to normal KX2 ports.
Page 49: Topology View
The Device Profile includes tabs that contain information about the device. Associations tab The Associations tab contains all categories and elements assigned to the node. You can change the associations by making different selections. See Associations, Categories, and Elements Location & Contacts tab The Location &...
Page 50: Right Click Options In The Devices Tab
Chapter 6: Devices, Device Groups, and Ports 2. Choose Devices > Device Manager > Topology View. The Topology Right Click Options in the Devices Tab You can right-click a device or port in the Devices tab to display a menu of commands available for the selected device or port.
Page 51: Discovering Devices
Discovering Devices Discover Devices initiates a search for all devices on your network. After discovering the devices, you may add them to CC-SG if they are not already managed. To discover devices: 1. Choose Devices > Discover Devices. 2. Type the range of IP addresses where you expect to find the devices in the From Address and To Address fields.
Page 52: Adding A Device
Chapter 6: Devices, Device Groups, and Ports Adding a Device Devices must be added to CC-SG before you can configure ports or add interfaces that provide access to the nodes connected to ports. The Add Device screen is used to add devices whose properties you know and can provide to CC-SG.
Page 53 6. Type the time (in seconds) that should elapse before timeout between the new device and CC-SG in the Heartbeat timeout (sec) field. 7. When adding a Dominion SX or Dominion KX2 version 2.2 or later device, the Allow Direct Device Access checkbox enables access to targets directly through the device even while it is under CC-SG management.
Page 54: Add A Powerstrip Device
Chapter 6: Devices, Device Groups, and Ports 14. If the firmware version of the device is not compatible with CC-SG, a Add a PowerStrip Device The process of adding a PowerStrip Device to CC-SG varies, based on which Raritan device the powerstrip is connected to physically. See Managed PowerStrips To add a Dominion PX that is not connected to another Raritan device, Add a Dominion PX Device...
Page 55: Editing A Device
8. When you are done configuring this device, click Apply to add this device and open a new blank Add Device screen that allows you to continue adding devices, or click OK to add this device without continuing to a new Add Device screen. Editing a Device You can edit a device to rename it and modify its properties, including the change of a PX device's username and password.
Page 56: Adding Notes To A Device Profile
Chapter 6: Devices, Device Groups, and Ports Adding Notes to a Device Profile You can use the Notes tab to add notes about a device for other users to read. All notes display in the tab with the date, username, and IP address of the user who added the note.
Page 57: Deleting A Device
Deleting a Device You can delete a device to remove it from CC-SG management. Important: Deleting a device will remove all ports configured for that device. All interfaces associated with those ports will be removed from the nodes. If no other interface exists for these nodes, the nodes will also be removed from CC-SG.
Page 58: Configure A Kvm Port
Chapter 6: Devices, Device Groups, and Ports 6. Click the Access Application drop-down menu and select the 7. Click OK to add the port. Configure a KVM Port 1. Click the Devices tab and select a KVM device. 2. Choose Devices > Port Manager > Configure Ports. 3.
Page 59: Editing A Port
Editing a Port You can edit ports to change various parameters, such as port name, access application, and serial port settings. The changes you can make vary, based on port type and device type. Note: You can also edit Dominion KX2 port settings by using Launch Admin and using the KX2's web interface.
Page 60: Deleting A Port
Chapter 6: Devices, Device Groups, and Ports Deleting a Port Delete a port to remove the port entry from a Device. When a port is down, the information in the Port Profile screen is read-only. You can delete a port that is down. Important: If you delete a port that is associated with a node, the associated out-of-band KVM or Serial interface provided by the port will be removed from the node.
Page 61: Add A Blade Chassis Device
Blade Chassis without an Integrated KVM Switch A blade chassis without an integrated KVM switch, such as HP BladeSystem series, allows each blade server to connect to KX2 respectively via a CIM. As each blade server in that chassis has a CIM for access, when a user accesses one blade server, others still can access the other blade servers.
Page 62 Chapter 6: Devices, Device Groups, and Ports 3. CC-SG automatically creates a virtual blade chassis and adds the Note: If you did not configure a blade port group for the blade servers before configuring the KX2 ports in CC-SG, you can choose Devices > Device Manager >...
Page 63 To configure slots using the Configure Blades command: 1. In the Devices tab, click the + next to the KX2 device that is connected to the blade chassis device. 2. Select the blade chassis device whose slots you want to configure. 3.
Page 64: Edit A Blade Chassis Device
Chapter 6: Devices, Device Groups, and Ports Deleting Slots on a Blade Chassis Device You can delete unused blade servers or slots so they do not appear in the Devices and Nodes tabs. 1. In the Devices tab, click the + next to the KX2 device that is 2.
Page 65: Delete A Blade Chassis Device
Delete a Blade Chassis Device You can delete a blade chassis device connected to a KX2 device from CC-SG. When you delete the blade chassis device from the KX2 device, the blade chassis device and all configured blade servers or slots disappear from the Devices tab as well as from the Nodes tab.
Page 66: Bulk Copying For Device Associations, Location And Contacts
Chapter 6: Devices, Device Groups, and Ports 2. Change the blade port group for these blade servers to a non-blade 3. The virtual blade chassis disappears in the Devices tab. Now you Bulk Copying for Device Associations, Location and Contacts The Bulk Copy command allows you to copy categories, elements, location and contact information from one device to multiple other devices.
Page 67: Device Group Manager
7. In the Location and Contacts tab, select the checkbox for the information you want to copy: 8. Click OK to bulk copy. A message appears when the selected information has been copied. Device Group Manager Use the Device Groups Manager to add device groups, edit device groups, and remove device groups.
Page 68: Add A Device Group
Chapter 6: Devices, Device Groups, and Ports • Add a Device Group 1. Choose Associations > Device Groups. The Device Groups Manager 2. Click the New Group icon 3. In the Group Name field, type a name for a device group you want to 4.
Page 69 3. Select the Create Full Access Policy for Group checkbox to create a policy for this device group that allows access to all devices in the group at all times with control permission. 4. To add another device group, click Apply to save this group, then repeat these steps.
Page 70 Chapter 6: Devices, Device Groups, and Ports 6. Click Validate when a description has been written in the Short & - the AND operator. A node must satisfy rules on both sides of this operator for the description (or that section of a description) to be evaluated as true.
Page 71: Edit A Device Group
7. Click View Devices to see what nodes satisfy this expression. A Devices in Device Group Results window opens, displaying the devices that will be grouped by the current expression. This can be used to check if the description was correctly written. If not, you can return to the rules table or the Short Expression field to make adjustments.
Page 72: Delete A Device Group
Chapter 6: Devices, Device Groups, and Ports Delete a Device Group 1. Choose Associations > Device Groups. The Device Groups Manager 2. Existing device groups appear in the left panel. Select the device 3. Choose Groups > Delete. 4. The Delete Device Group panel appears. Click Delete. 5.
Page 73: Devices Csv File Requirements
Devices CSV File Requirements The devices CSV file defines the devices, ports, and their details required to add them to CC-SG. • For devices that support power strips connected to a port (SX, KX, KX2, KSX2), configuring the port will configure the power strip. •...
Page 74 Chapter 6: Devices, Device Groups, and Ports Column number To add a port to the CSV file: Use the DEVICE-PORT tag only if you add a device with Configure All Ports set to FALSE, and you want to specify ports individually. The ports you add must be un-configured in CC-SG when you import the CSV file.
Page 75 Column Tag or value number Port or Outlet Number Port or Outlet Name Node Name To add a blade to the CSV file: Column Tag or value number DEVICE-BLADE Device Name Port Number Blade Number Blade Name Node Name To assign a category and element to a device to the CSV file: Categories and elements must already be created in CC-SG.
Page 76: Sample Devices Csv File
Chapter 6: Devices, Device Groups, and Ports Column number Sample Devices CSV File ADD, DEVICE, DOMINION KX2, Lab-Test,192.168.50.123,ST Lab KVM, username, password,,,, ADD, DEVICE-PORT, Lab-Test, KVM, 1, Mail Server, Mail Server ADD, DEVICE-PORT, Lab-Test, KVM, 2, DNS Server, DNS Server ADD, DEVICE-PORT, Lab-Test, KVM, 3 ADD, DEVICE-PORT, Lab-Test, KVM, 4 ADD, DEVICE-CATEGORYELEMENT, Lab-Test, Location,...
Page 77: Export Devices
5. Check the Actions area to see the import results. Items that imported successfully show in green text. Items that failed import show in red text. Items that failed import because a duplicate item already exists or was already imported also show in red text. 6.
Page 78: Backing Up A Device Configuration
Chapter 6: Devices, Device Groups, and Ports 5. A message appears. Click Yes to restart the device. A message 6. To ensure that your browser loads all upgraded files, close your Backing Up a Device Configuration You can back up all user configuration and system configuration files for a selected device.
Page 79: Restoring Device Configurations
Restoring Device Configurations The following device types allow you to restore a full backup of the device configuration. • • • KX101 • • IP-Reach KX2, KSX2, and KX2-101 devices allow you to choose which components of a backup you want to restore to the device. •...
Page 80: Restore All Configuration Data Except Network Settings To A Kx2, Ksx2, Or Kx2-101 Device
Chapter 6: Devices, Device Groups, and Ports Restore All Configuration Data Except Network Settings to a KX2, KSX2, or KX2-101 Device The Protected restore option allows you to restore all configuration data in a backup file, except network settings, to a KX2, KSX2, or KX2-101 device.
Page 81: Restore All Configuration Data To A Kx2, Ksx2, Or Kx2-101 Device
Restore All Configuration Data to a KX2, KSX2, or KX2-101 Device The Full restore option allows you to restore all configuration data in a backup file to a KX2, KSX2, or KX2-101 device. To restore all configuration data to a KX2, KSX2, or KX2-101 device: 1.
Page 82: Copying Device Configuration
Chapter 6: Devices, Device Groups, and Ports 3. Click Upload. Navigate to and select the device backup file. The file Copying Device Configuration The following device types allow you to copy configurations from one device to one or more other devices. •...
Page 83: Restarting A Device
Restarting a Device Use the Restart Device function to restart a device. To restart a device 1. Click the Devices tab and select the device you want to restart. 2. Choose Devices > Device Manager > Restart Device. 3. Click OK to restart the device. 4.
Page 84: Device Power Manager
Chapter 6: Devices, Device Groups, and Ports 2. Choose Devices > Device Manager > Resume Management. The Device Power Manager Use the Device Power Manager to view the status of a PowerStrip device (including voltage, current, and temperature) and to manage all power outlets on the PowerStrip device.
Page 85: Disconnecting Users
Disconnecting Users Administrators can terminate any user's session on a device. This includes users who are performing any kind of operation on a device, such as connecting to ports, backing up the configuration of a device, restoring a device's configuration, or upgrading the firmware of a device. Firmware upgrades and device configuration backups and restores are allowed to complete before the user's session with the device is terminated.
Page 86: Ip-Reach And Ust-Ip Administration
Chapter 6: Devices, Device Groups, and Ports IP-Reach and UST-IP Administration You can perform administrative diagnostics on IP-Reach and UST-IP devices connected to your Paragon System setup directly from the CC- SG interface. After adding the Paragon System device to CC-SG, it appears in the Devices tree.
Page 87: Chapter 7 Managed Powerstrips
Managed Powerstrips Chapter 7 There are three ways to configure power control using powerstrips in CC-SG. 1. All supported Raritan-brand powerstrips can be connected to another Raritan device and added to CC-SG as a Powerstrip device. Raritan- brand powerstrips include Dominion PX and RPC powerstrips. Check the Compatibility Matrix for supported versions.
Page 88: Configuring Powerstrips That Are Managed By Another Device In Cc-Sg
Chapter 7: Managed Powerstrips Configuring Powerstrips that are Managed by Another Device in CC-SG In CC-SG, managed powerstrips can be connected to one of the following devices: • • • • • • • • • You must know which Raritan device the managed powerstrip is connected to physically.
Page 89: Configuring Powerstrips Connected To Kx, Kx2, Kx2-101, Ksx2, And P2Sc
Configuring PowerStrips Connected to KX, KX2, KX2-101, KSX2, and P2SC CC-SG automatically detects PowerStrips connected to KX, KX2, KX2- 101, KSX2, and P2SC devices. You can perform the following tasks in CC-SG to configure and manage PowerStrips connected to these devices.
Page 90: Delete A Powerstrip Connected To A Kx, Kx2, Kx2-101, Ksx2, Or P2Sc Device
Chapter 7: Managed Powerstrips Delete a PowerStrip Connected to a KX, KX2, KX2-101, KSX2, or P2SC Device You cannot delete a PowerStrip connected to a KX, KX2, KX2-101, KSX2, or P2SC device from CC-SG. You must physically disconnect the PowerStrip from the device to delete the PowerStrip from CC-SG. When you physically disconnect the PowerStrip from the device, the PowerStrip and all configured outlets disappear from the Devices tab.
Page 91: Delete A Powerstrip Connected To An Sx 3.0 Or Ksx Device
10. For each Category listed, click the Element drop-down menu and select the element you want to apply to the device. Select the blank item in the Element field for each Category you do not want to use. Associations, Categories, and Elements Optional.
Page 92: Configuring Powerstrips Connected To Sx 3.1
Chapter 7: Managed Powerstrips Configuring Powerstrips Connected to SX 3.1 You can perform the following tasks in CC-SG to configure and manage Powerstrips connected to SX 3.1 devices. • • • Add a Powerstrip Connected to an SX 3.1 Device The procedure for adding a powerstrip connected to an SX 3.1 device varies, based on whether the SX 3.1 device has been added to CC-SG.
Page 93: Move An Sx 3.1'S Powerstrip To A Different Port
Move an SX 3.1's Powerstrip to a Different Port When you physically move a Powerstrip from one SX 3.1 device or port to another SX 3.1 device or port, you must delete the Powerstrip from the old SX 3.1 port and add it to the new SX 3.1 port. See Powerstrip Connected to an SX 3.1 Device Powerstrip Device Connected to an SX 3.1 Device Powerstrip Connected to an SX 3.1 Device"...
Page 94 Chapter 7: Managed Powerstrips 3. Choose Devices > Port Manager > Configure Ports. 1. In the Devices tab, click the + next to the device that is connected to 2. Click the + next to the PowerStrip. 3. Choose Devices > Port Manager > Delete Ports. 4.
Page 95: Chapter 8 Nodes, Node Groups, And Interfaces
Nodes, Node Groups, and Interfaces Chapter 8 This section covers how to view, configure, and edit nodes and their associated interfaces, and how to create node groups. Connecting to nodes is covered briefly. See Raritan's CommandCenter Secure Gateway User Guide for details on connecting to nodes. In This Chapter Nodes and Interfaces Overview ...77 Viewing Nodes...78...
Page 96: Node Names
Chapter 8: Nodes, Node Groups, and Interfaces Node Names Node names must be unique. CC-SG will prompt you with options if you attempt to manually add a node with an existing node name. When CC- SG automatically adds nodes, a numbering system ensures that node names are unique.
Page 97: Node Profile
Chapter 8: Nodes, Node Groups, and Interfaces Node Profile Click a Node in the Nodes tab to open the Node Profile page. The Node Profile page includes tabs that contain information about the node.
Page 98 Chapter 8: Nodes, Node Groups, and Interfaces The Interfaces tab contains all the node's interfaces. You can add, edit, and delete interfaces on this tab, and select the default interface. Nodes that support virtual media include an additional column that shows whether virtual media is enabled or disabled.
Page 99: Node And Interface Icons
Control system server nodes, such as VMware's Virtual Center, include the Control System Data tab. The Control System Data tab contains information from the control system server that is refreshed when the tab opens. You can access a topology view of the virtual infrastructure, link to associated node profiles, or connect to the control system and open the Summary tab.
Page 100: Service Accounts
Chapter 8: Nodes, Node Groups, and Interfaces Service Accounts Service Accounts Overview Service accounts are special login credentials that you can assign to multiple interfaces. You can save time by assigning a service account to a set of interfaces that often require a password change. You can update the login credentials in the service account, and the change is reflected in every interface that uses the service account.
Page 101: Add, Edit, And Delete Service Accounts
Add, Edit, and Delete Service Accounts To add a service account: 1. Choose Nodes > Service Accounts. The Service Accounts page opens. 2. Click the Add Row icon 3. Enter a name for this service account in the Service Account Name field.
Page 102: Assign Service Accounts To Interfaces
Chapter 8: Nodes, Node Groups, and Interfaces 2. Find the service account whose password you want to change. 3. Enter the new password in the Password field. 4. Re-type the password in the Retype Password field. 5. Click OK. Note: CC-SG updates all interfaces that use the service account to use the new login credentials when you change the username or password.
Page 103: Adding, Editing, And Deleting Nodes
Adding, Editing, and Deleting Nodes Add a Node To add a node to CC-SG: 1. Click the Nodes tab. 2. Choose Nodes > Add Node. 3. Type a name for the node in the Node Name field. All node names in CC-SG must be unique.
Page 104: Nodes Created By Configuring Ports
Chapter 8: Nodes, Node Groups, and Interfaces Nodes Created by Configuring Ports When you configure the ports of a device, a node is created automatically for each port. An interface is also created for each node. When a node is automatically created, it is given the same name as the port to which it is associated.
Page 105: Adding Location And Contacts To A Node Profile
Adding Location and Contacts to a Node Profile Enter details about the location of the node, and contact information for the people who administer or use the node. To add location and contacts to a node profile: 1. Select a node in the Nodes tab. The Node Profile page opens. 2.
Page 106: Configuring The Virtual Infrastructure In Cc-Sg
Chapter 8: Nodes, Node Groups, and Interfaces Configuring the Virtual Infrastructure in CC-SG Terminology for Virtual Infrastructure CC-SG uses the following terminology for virtual infrastructure components. Term Definition Control System The Control System is the managing server. The Control System manages one or more Virtual Hosts.
Page 107: Virtual Nodes Overview
Virtual Nodes Overview You can configure your virtual infrastructure for access in CC-SG. The Virtualization page offers two wizard tools, Add Control System wizard and Add Virtual Host wizard, that help you add control systems, virtual hosts, and their virtual machines properly. Once you complete the configuration, all control systems, virtual hosts, and virtual machines are available for access as nodes in CC-SG.
Page 108 Chapter 8: Nodes, Node Groups, and Interfaces 8. To allow users who access this control system to automatically log 9. Click Next. CC-SG discovers the control system's virtual hosts and 10. Add virtual machines to CC-SG. One node will be created for each 11.
Page 109: Add A Virtual Host With Virtual Machines
Leave these fields blank if you prefer to add names and login credentials to each interface individually. The interface will take the name of the node if the field is left blank. a. Enter names for interfaces. Maximum 32 characters. Virtual Host VI Client Interfaces VMware Viewer Interfaces Virtual Power Interfaces...
Page 110 Chapter 8: Nodes, Node Groups, and Interfaces 4. Click Add Virtual Host. 5. Hostname/IP Address: Enter the IP Address or hostname of the 6. Connection Protocol: Specify HTTP or HTTPS communications 7. TCP Port: Enter the TCP port. The default port is 443. 8.
Page 111 Use Ctrl+click or Shift+click to select multiple virtual machines that you want to add. In the Check/Uncheck Selected Rows section, select the Virtual Machine checkbox. To add a VNC, RDP, or SSH interface to the virtual host nodes and virtual machine nodes that will be created, select the VNC, RDP or SSH checkboxes in the Check/Uncheck Selected Rows section.
Page 112: Edit Control Systems, Virtual Hosts, And Virtual Machines
Chapter 8: Nodes, Node Groups, and Interfaces Edit Control Systems, Virtual Hosts, and Virtual Machines You can edit the control systems, virtual hosts, and virtual machines configured in CC-SG to change their properties. You can delete virtual machine nodes from CC-SG by deselecting the Configure checkbox for the virtual machine.
Page 113: Delete Control Systems And Virtual Hosts
10. For each interface type, enter a name and login credentials. The name and login credentials will be shared by all the interfaces added to each virtual machine node and virtual host node configured. Optional. You can leave these fields blank if you prefer to add names and login credentials to each interface individually.
Page 114: Delete A Virtual Machine Node
Chapter 8: Nodes, Node Groups, and Interfaces Delete a Virtual Machine Node There are two ways to delete virtual machine nodes: • • Delete a Virtual Infrastructure Follow these steps to delete a whole virtual infrastructure from CC-SG, including the control system, virtual hosts, and virtual machines. 1.
Page 115: Enable Or Disable Daily Synchronization Of The Virtual Infrastructure
2. In the list of nodes, select the nodes you want to synchronize. Use Ctrl+click to select multiple items. 3. Click Synchronize. If the virtual infrastructure had changed since the last synchronization, the information in CC-SG updates. Enable or Disable Daily Synchronization of the Virtual Infrastructure You can configure an automatic synchronization of CC-SG with your virtual infrastructure.
Page 116: Accessing The Virtual Topology View
Chapter 8: Nodes, Node Groups, and Interfaces 3. Click Reboot or Force Reboot. Accessing the Virtual Topology View The Topology View is a tree structure that shows the relationships of the control system, virtual hosts, and virtual machines associated with the selected node.
Page 117: Pinging A Node
Pinging a Node You can ping a node from CC-SG to make sure that the connection is active. To ping a node: 1. Click the Nodes tab, and then select the node you want to ping. 2. Choose Nodes > Ping Node. The ping results appear in the screen. Adding, Editing, and Deleting Interfaces Add an Interface Note: Interfaces for virtual nodes, such as control system, virtual hosts,...
Page 118 Chapter 8: Nodes, Node Groups, and Interfaces In-Band - VNC: Select this item to create a KVM connection to a node through VNC server software. Interfaces for In-Band Connections Out-of-Band Connections: Out-of-Band - KVM: Select this item to create a KVM connection to a node through a Raritan KVM device (KX, KX101, KSX, IP- Reach, Paragon II).
Page 119 Web Browser Interface 3. A default name appears in the Name field depending on the type of interface you select. You can change the name. This name appears next to the interface in the Nodes list. See page 353) for details on CC-SG's rules for name lengths. Interfaces for In-Band Connections In-band connections include RDP, VNC, SSH, RSA KVM, iLO Processor KVM, DRAC KVM, and TELNET.
Page 120 Chapter 8: Nodes, Node Groups, and Interfaces Microsoft RDP Connection Details • • • • Java RDP Connection Details The Java RDP interface supports Windows XP and Windows 2003 targets. Interfaces for Out-of-Band KVM, Out-of-Band Serial Connections 1. Application name: select the application you want to use to connect 2.
Page 121 Interfaces for DRAC Power Control Connections To add an interface for DRAC power control connections: 1. Type the IP Address or Hostname for this interface in the IP Address/Hostname field. 2. Type a TCP Port for this connection in the TCP Port field. DRAC 5 only.
Page 122 Chapter 8: Nodes, Node Groups, and Interfaces RSA Interface Details When you create an In-Band RSA KVM or Power interface, CC-SG discards the username and password associated with the interface, and creates two user accounts on the RSA server. This allows you to have simultaneous KVM and power access to the RSA server.
Page 123 6. Click OK to save your changes. Note: A Managed Power Strip interface can be added to a blade chassis node, but not to a blade server node. Interfaces for IPMI Power Control Connections To add an interface for IPMI power control connections: 1.
Page 124 Chapter 8: Nodes, Node Groups, and Interfaces 2. Select the Power IQ that manages the IT device in the Managing 3. Type a description of this interface in the Description field. 4. Click OK to save your changes. Web Browser Interface You can add a Web Browser Interface to create a connection to a device with an embedded web server, such as a Dominion PX.
Page 125 http(s)://www.example.com/cgi/login http(s)://example.com/home.html 4. Enter authentication information: Optional. To use a service account for authentication, select the Use Service Account Credentials checkbox. Select the service account to use in the Service Account Name menu. Enter a Username and Password for authentication. Type the username and password that will allow access to this interface.
Page 126: Edit An Interface
Chapter 8: Nodes, Node Groups, and Interfaces Example: Adding a Web Browser Interface to a PX Node A Dominion PX-managed powerstrip can be added to CC-SG as a node. Then you can add a Web Browser Interface that enables users to access the Dominion PX's Web-based administration application to the node.
Page 127: Delete An Interface
Delete an Interface You can delete any interface from a node except for these: To delete an interface from a node: 1. Click the Nodes tab. 2. Click the node with the interface you want to delete. 3. In the Interfaces table, click the row of interface you want to delete. 4.
Page 128: Configuring Direct Port Access To A Node
Chapter 8: Nodes, Node Groups, and Interfaces 4. A default name for the bookmark appears in the Bookmark Name 5. Click OK. The Add Favorite window opens. 6. Click OK to add the bookmark to your Favorites list. 1. Open a browser window. 2.
Page 129: Using Chat
6. In the Associations tab, select the Copy Node Associations checkbox to copy all categories and elements of the node. 7. In the Location and Contacts tab, select the checkbox for the information you want to copy: 8. Click OK to bulk copy. A message appears when the selected information has been copied.
Page 130: Adding Nodes With Csv File Import
Chapter 8: Nodes, Node Groups, and Interfaces Adding Nodes with CSV File Import You can add nodes and interfaces to CC-SG by importing a CSV file that contains the values. You must have the Device, Port, and Node Management and CC Setup and Control privileges to import and export nodes.
Page 131: Nodes Csv File Requirements
Nodes CSV File Requirements The nodes CSV file defines the nodes, interfaces, and their details required to add them to CC-SG. • Node names must be unique. If you enter duplicate node names, CC-SG adds a number in parentheses to the name to make it unique, and adds the node.
Page 132 Chapter 8: Nodes, Node Groups, and Interfaces Column number To add an out-of-band serial interface to the CSV file: Column number Tag or value Details Node Name Enter the same value as entered for Raritan Port Name. Raritan Device Name Required field.
Page 133 Chapter 8: Nodes, Node Groups, and Interfaces Column Tag or value number Parity Flow Control Description To add an RDP interface to the CSV file: Column Tag or value number in CSV file NODE-RDP-INTERFACE Node Name Interface Name IP Address or Hostname TCP Port Service Account Name Username...
Page 134 Chapter 8: Nodes, Node Groups, and Interfaces To add an SSH or TELNET interface to the CSV file: Column number To add a VNC interface to the CSV file: Column number Tag or value Details The first column for all tags is the command ADD.
Page 135 Column Tag or value number Password Description To add a DRAC KVM, DRAC Power, ILO KVM, ILO Power, Integrity ILO2 Power, or RSA Power interface to the CSV file: When importing DRAC, ILO and RSA interfaces, you must specify both the KVM interface and the Power interface, or the import will fail.
Page 136 Chapter 8: Nodes, Node Groups, and Interfaces Column number To add an RSA KVM interface to the CSV file: When importing DRAC, ILO and RSA interfaces, you must specify both the KVM interface and the Power interface, or the import will fail. Column number Tag or value...
Page 137 Chapter 8: Nodes, Node Groups, and Interfaces To add an IPMI power control interface to the CSV file: Column Tag or value number NODE-IPMI-INTERFACE Node Name Interface Name IP Address or Hostname UDP Port Authentication Interval Service Account Name Username Password Description To add a managed powerstrip interface to the CSV file:...
Page 138 Chapter 8: Nodes, Node Groups, and Interfaces Column number To add a Web Browser interface to the CSV file: Column number Tag or value Details power strip is connected to. Required field for all power strips except Dominion PX. Managing Port The name of the port on the device that the power strip is connected to.
Page 139 To add a Power IQ Proxy power control interface tothe CSV file: Power Control of Power IQ IT Devices about configuring this interface type. Column Tag or value number NODE-POWER-PIQ- INTERFACE Node Name Interface Name External Key Managing Power IQ Name Description Chapter 8: Nodes, Node Groups, and Interfaces (on page 305) for details...
Page 140: Sample Nodes Csv File
Chapter 8: Nodes, Node Groups, and Interfaces Categories and elements must already be created in CC-SG. You can assign multiple elements of the same category to a node in the CSV file. Column number Sample Nodes CSV File ADD, NODE, NJSomersetEmailServer, Physical Server ADD, NODE-OOBKVM-INTERFACE, NJSomersetEmailServer, NJSomersetEmailServer, DKX2-NY-Rack7, NJSomersetEmailServer ADD, NODE-RDP-INTERFACE,...
Page 141: Export Nodes
If the file is not valid, an error message appears. Click OK and look at the Problems area of the page for a description of the problems with the file. Click Save to File to save the problems list. Correct your CSV file and then try to validate it again. See Troubleshoot CSV File Problems 4.
Page 142: Adding, Editing, And Deleting Node Groups
Chapter 8: Nodes, Node Groups, and Interfaces Adding, Editing, and Deleting Node Groups Node Groups Overview Node groups are used to organize nodes into a set. The node group will become the basis for a policy either allowing or denying access to this particular set of nodes.
Page 143 2. Choose Groups > New. A template for a node group appears. 3. In the Group Name field, type a name for a node group you want to create. See Naming Conventions SG's rules for name lengths. 4. There are two ways to add nodes to a group, Select Nodes and Describe Nodes.
Page 144 Chapter 8: Nodes, Node Groups, and Interfaces 4. If you want to create a policy that allows access to the nodes in this 5. When you are done adding nodes to the group, click OK to create Describe Nodes 1. Click the Select Nodes tab. 2.
Page 145 4. If you want to add another rule, click the Add New Row icon again, and make the necessary configurations. Configuring multiple rules will allow more precise descriptions by providing multiple criteria for evaluating nodes. To remove a rule, highlight the rule in the table, and then click the Remove Row icon 5.
Page 146: Edit A Node Group
Chapter 8: Nodes, Node Groups, and Interfaces 6. Click Validate when a description has been written in the Short 7. Click View Nodes to see what nodes satisfy this expression. A 8. If you know you want to create a policy that allows access to the 9.
Page 147: Chapter 9 Users And User Groups
Users and User Groups Chapter 9 User accounts are created so that users can be assigned a username and password to access CC-SG. A User Group defines a set of privileges for its members. You cannot assign privileges to users themselves, only to user groups. All users must belong to at least one user group.
Page 148: The Users Tab
Chapter 9: Users and User Groups The Users Tab Click the Users tab to display all user groups and users in CC-SG. Users are nested underneath the user groups to which they belong. User groups with users assigned to them appear in the list with a + symbol next to them.
Page 149: Default User Groups
Default User Groups CC-SG is configured with three default user groups: CC-Super User, System Administrators, and CC Users. CC Super-User Group The CC Super-User group has full administrative and access privileges. Only one user can be a member of this group. The default username is admin.
Page 150: Adding, Editing, And Deleting User Groups
Chapter 9: Users and User Groups Adding, Editing, and Deleting User Groups Add a User Group Creating user groups first will help you organize users when the users are added. When a user group is created, a set of privileges is assigned to the user group.
Page 151: Edit A User Group
The All Policies table lists all the policies available on CC-SG. Each policy represents a rule allowing or denying access to a group of nodes. See Policies for Access Control on policies and how they are created. 9. In the All Policies list, select a policy that you want to assign to the user group, and then click Add to move the policy to the Selected Policies list.
Page 152: Delete A User Group
Chapter 9: Users and User Groups 7. Select the checkbox that corresponds to each privilege you want to 8. In the Node Access area, click the drop-down menu for each kind of 9. Click the drop-down menu for each kind of interface you do not want 10.
Page 153: Limit The Number Of Kvm Sessions Per User
Limit the Number of KVM Sessions per User You can limit the number of KVM sessions allowed per user for sessions with Dominion KXII, KSXII and KX (KX1) devices. This prevents any single user from using all available channels at once. When a user attempts a connection to a node that would exceed the limit, a warning message displays with information on the current sessions.
Page 154: Adding, Editing, And Deleting Users
Chapter 9: Users and User Groups 2. Select the Require Users to Enter Access Information When 3. In the Message to Users field, enter a message that users will see 4. Move the user groups to enable access auditing for the group into 5.
Page 155: Edit A User
Note: See Naming Conventions SG's rules for name lengths. If strong passwords are enabled, the password entered must conform to the established rules. The information bar at the top of the screen will display messages to assist with the password requirements.
Page 156: Delete A User
Chapter 9: Users and User Groups 3. Select the Remote Authentication only checkbox if you want the user 4. In the New Password and Retype New Password fields, type a new 5. Select the Force Password Change on Next Login checkbox if you 6.
Page 157: Assigning A User To A Group
Assigning a User to a Group Use this command to assign an existing user to another group. Users assigned in this way will be added to the new group while still existing in any group they were previously assigned to. To move a user, use this command in conjunction with Delete User From Group.
Page 158: Adding Users With Csv File Import
Chapter 9: Users and User Groups Adding Users with CSV File Import You can add user information to CC-SG by importing a CSV file that contains the values. If you have multiple CC-SG units in a neighborhood, exporting users from one CC-SG then importing the users into another CC-SG is a quick way to ensure all locally authenticated users are present on both members.
Page 159 Column Tag or value number Maximum number of KVM sessions allowed per user To assign permissions to a user group in the CSV file: Enter the value TRUE to assign a permission to the user group. Enter the value FALSE to deny the permission to the user group. Column Tag or value number...
Page 160 Chapter 9: Users and User Groups Column number To associate an AD module to a user group in the CSV file: Column number To add a user to CC-SG: Column number Tag or value Details Tags are not case sensitive. User Group Name Required field.
Page 161 Column Tag or value number Telephone Number Login Enabled Remote Authentication Force Password Change Periodically Expiration Period To add a user to a user group: Column Tag or value number USERGROUP-MEMBER User Group Name User Name Chapter 9: Users and User Groups Details Email address is used with system notifications.
Page 162: Sample Users Csv File
Chapter 9: Users and User Groups Sample Users CSV File ADD, USERGROUP, Windows Administrators, MS IT Team ADD, USERGROUP-PERMISSIONS, Windows Administrators, FALSE, TRUE, TRUE, TRUE, TRUE, TRUE, TRUE, TRUE ADD, USERGROUP-POLICY, Windows Administrators, Full Access Policy ADD, USERGROUP-ADMODULE, Windows Administrators, AD-USA- 57-120 ADD, USERGROUP-MEMBER, Windows Administrators, user1 ADD, USERGROUP-MEMBER, Windows Administrators, user2...
Page 163: Export Users
Export Users The export file contains all users that have a user account created in CC- SG. This excludes AD-authorized users, unless they also have a user account created on CC-SG. The export file includes user and the details from the user profile, user groups, user group permissions and policies, associated AD modules.
Page 164: Change Your Name
Chapter 9: Users and User Groups Change your name You cannot change your user name. You can change the first and last name associated with your user name. 1. Choose Secure Gateway > My Profile. 2. Type your first and last name in the Full Name field. See Change your default search preference 1.
Page 165: Change The Cc-Sg Super User's Username
Change the CC-SG Super User's Username You must be logged into CC-SG using the CC Super User account to change the CC Super User's username. The default CC Super User username is admin. 1. Choose Secure Gateway > My Profile. 2.
Page 166: Bulk Copying Users
Chapter 9: Users and User Groups Bulk Copying Users You can use Bulk Copy for users to copy one user's user group affiliations to another user or list of users. If the users receiving the affiliations have existing group affiliations, the existing affiliations will be removed.
Page 167: Chapter 10 Policies For Access Control
Chapter 10 Policies for Access Control Policies are rules that define which nodes and devices users can access, when they can access them, and whether virtual-media permissions are enabled, where applicable. The easiest way to create policies is to categorize your nodes and devices into node groups and device groups, and then create policies that allow and deny access to the nodes and devices in each group.
Page 168: Adding A Policy
Chapter 10: Policies for Access Control Adding a Policy If you create a policy that denies access (Deny) to a node group or device group, you also must create a policy that allows access (Control) for the selected node group or device group. Users will not automatically receive Control rights when the Deny policy is not in effect.
Page 169: Editing A Policy
13. In the Device/Node Access Permission field, select Control to define this policy to allow access to the selected node or device group for the designated times and days. Select Deny to define this policy to deny access to the selected node or device group for the designated times and days.
Page 170: Deleting A Policy
Chapter 10: Policies for Access Control 7. Click the Days drop-down arrow, and then select which days of the 8. Select Custom to select your own set of days. The individual day 9. Select the checkbox that corresponds to each day you want this 10.
Page 171: Support For Virtual Media
Support for Virtual Media CC-SG provides remote virtual media support for nodes connected to virtual media-enabled KX2, KSX2, and KX2-101 devices. For detailed instructions on accessing virtual media with your device, see: • Dominion KX II User Guide • Dominion KSX II User Guide •...
Page 172: Chapter 11 Custom Views For Devices And Nodes
Chapter 11 Custom Views for Devices and Nodes Custom Views enable you to specify different ways to display the nodes and devices in the left panel, using Categories, Node Groups, and Device Groups. In This Chapter Types of Custom Views...154 Using Custom Views in the Admin Client ...155 Types of Custom Views There are three types of custom views: View by Category, Filter by Node...
Page 173: Using Custom Views In The Admin Client
Using Custom Views in the Admin Client Custom Views for Nodes Add a Custom View for Nodes To add a custom view for nodes: 1. Click the Nodes tab. 2. Choose Nodes > Change View > Create Custom View. The Custom View screen appears.
Page 174 Chapter 11: Custom Views for Devices and Nodes 2. Click the Name drop-down arrow and select a custom view from the 3. Click Apply View. • Change a Custom View for Nodes 1. Click the Nodes tab. 2. Choose Nodes > Change View > Create Custom View. The Custom 3.
Page 175: Custom Views For Devices
2. Choose Nodes > Change View > Create Custom View. The Custom View screen appears. 3. Click the Name drop-down arrow, and select a custom view from the list. Details of the items included and their order appear in the Custom View Details panel 4.
Page 176 Chapter 11: Custom Views for Devices and Nodes 3. In the Custom View panel, click Add. The Add Custom View window 4. Type a name for the new custom view in the Custom View Name 5. In the Custom View Type section: 6.
Page 177 2. Choose Devices > Change View > Create Custom View. The Custom View screen appears. 3. Click the Name drop-down arrow, and select a custom view from the list. Details of the items included and their order appear in the Custom View Details panel.
Page 178 Chapter 11: Custom Views for Devices and Nodes Assign a Default Custom View for Devices 1. Click the Devices tab. 2. Choose Devices > Change View > Create Custom View. The 3. Click the Name drop-down arrow, and select a custom view from the 4.
Page 179: Chapter 12 Remote Authentication
Chapter 12 Remote Authentication In This Chapter Authentication and Authorization (AA) Overview ...161 Distinguished Names for LDAP and AD...162 Specifying Modules for Authentication and Authorization ...163 Establishing Order of External AA Servers ...163 AD and CC-SG Overview ...164 Adding an AD Module to CC-SG...164 Editing an AD Module...168 Importing AD User Groups ...169 Synchronizing AD with CC-SG ...170...
Page 180: User Accounts
Chapter 12: Remote Authentication 3. Username and password are either accepted or rejected and sent 4. If authentication is successful, authorization is performed. CC-SG When remote authentication is disabled, both authentication and authorization are performed locally on CC-SG. User Accounts User Accounts must be added to the authentication server for remote authentication.
Page 181: Specify A Username For Ad
Specify a Username for AD When authenticating CC-SG users on an AD server by specifying cn=administrator,cn=users,dc=xyz,dc=com in username, if a CC-SG user is associated with an imported AD group, the user will be granted access with these credentials. Note that you can specify more than one common name, organizational unit, and domain component.
Page 182: Ad And Cc-Sg Overview
Chapter 12: Remote Authentication 2. Click the Authentication tab. All configured external Authorization 3. Select a server from the list, and then click the up and down arrows 4. Click Update to save your changes. AD and CC-SG Overview CC-SG supports authentication and authorization of users imported from an AD domain controller, without requiring that users be defined locally in CC-SG.
Page 183: Ad General Settings
AD General Settings In the General tab, you must add the information that allows CC-SG to query the AD server. Do not add duplicate AD modules. If your users see a message that says "You are not a member of any group" when attempting to login, you may have configured duplicate AD modules.
Page 184: Ad Advanced Settings
Chapter 12: Remote Authentication 5. Type the password for the user account you want to use to query the 6. Click Test Connection to test the connection to the AD server using 7. Click Next to proceed. The Advanced tab opens. AD Advanced Settings 1.
Page 185: Ad Group Settings
Select the Use Bind checkbox if the user logging in from the applet has permissions to perform search queries in the AD server. If a username pattern is specified in Bind username pattern, the pattern will be merged with the username supplied in the applet and the merged username will be used to connect to the AD server.
Page 186: Ad Trust Settings
Chapter 12: Remote Authentication 4. Click Next to proceed. The Trusts tab opens. AD Trust Settings In the Trusts tab, you can set up trust relationships between this new AD domain and any existing domains. A trust relationship allows resources to be accessible by authenticated users across domains.
Page 187: Importing Ad User Groups
3. Select the AD module you want edit, and then click Edit. 4. Click each tab in the Edit Module window to view the configured settings. Make changes as needed. See page 165), Settings 5. If you change the connection information, click Test Connection to test the connection to the AD server using the given parameters.
Page 188: Synchronizing Ad With Cc-Sg
Chapter 12: Remote Authentication 6. In the Policies column, select a CC-SG access policy from the list to 7. Click Import to import the selected user groups. Tip: To check that the group imported properly and to view the privileges of the group just imported, click the Users tab, then select the imported group to open the User Group Profile screen.
Page 189: Synchronize All User Groups With Ad
Synchronize All User Groups with AD You should synchronize all user groups if you have made a change to a user group, such as moving a user group from one AD module to another. You can also change the AD association of a user group manually, in the User Group Profile's Active Directory Associations tab.
Page 190: Synchronize All Ad Modules
Chapter 12: Remote Authentication Synchronize All AD Modules You should synchronize all AD Modules whenever you change or delete a user in AD, change user permissions in AD, or make changes to a domain controller. When you synchronize all AD modules, CC-SG retrieves the user groups for all configured AD modules, compares their names with the user groups that have been imported into CC-SG or associated with the AD module within CC-SG, and refreshes the CC-SG local cache.
Page 191: Change The Daily Ad Synchronization Time
To disable daily synchronization of all AD modules: 1. Choose Administration > Security. 2. Click the Authentication tab. All configured Authorization and Authentication Servers appear in a table. 3. Deselect the Daily synchronization of All Modules checkbox. 4. Click Update to save your changes. Change the Daily AD Synchronization Time When daily synchronization is enabled, you can specify the time at which automatic synchronization occurs.
Page 192: Ldap General Settings
Chapter 12: Remote Authentication LDAP General Settings 1. Click the General tab. 2. Type the IP address or hostname of the LDAP server in the IP 3. Type the port value in the Port field. The default port is 389. 4.
Page 193: Sun One Ldap (Iplanet) Configuration Settings
2. Select Base 64 if you want the password to be sent to the LDAP server with encryption. Select Plain Text if you want the password to be sent to the LDAP server as plain text. 3. Default Digest: select the default encryption of user passwords. 4.
Page 194: Openldap (Edirectory) Configuration Settings
Chapter 12: Remote Authentication OpenLDAP (eDirectory) Configuration Settings If using an OpenLDAP server for remote authentication, use this example: Parameter Name IP Address/Hostname User Name Password User Base User Filter Passwords (Advanced screen) Password Default Digest (Advanced) Crypt Use Bind Use Bind After Search IBM LDAP Configuration Settings If using an IBM LDAP server for remote authentication, use this example:...
Page 195: About Tacacs+ And Cc-Sg
About TACACS+ and CC-SG CC-SG users who are remotely authenticated by a TACACS+ server must be created on the TACACS+ server and on CC-SG. The user name on the TACACS+ server and on CC-SG must be the same, although the passwords may be different.
Page 196: About Radius And Cc-Sg
Chapter 12: Remote Authentication About RADIUS and CC-SG CC-SG users who are remotely authenticated by a RADIUS server must be created on the RADIUS server and on CC-SG. The user name on the RADIUS server and on CC-SG must be the same, although the passwords may be different.
Page 197: Two-Factor Authentication Using Radius
Chapter 12: Remote Authentication Two-Factor Authentication Using RADIUS By using an RSA RADIUS Server that supports two-factor authentication in conjunction with an RSA Authentication Manager, CC-SG can make use of two-factor authentication schemes with dynamic tokens. In such an environment, users logs into CC-SG by first typing their usernames in the Username field, then typing their fixed passwords, and then the dynamic token value in the Password field.
Page 198: Chapter 13 Reports
Chapter 13 Reports In This Chapter Using Reports...180 Audit Trail Report...182 Error Log Report...183 Access Report ...184 Availability Report...184 Active Users Report...185 Locked Out Users Report ...185 All Users Data Report...185 User Group Data Report...186 Device Asset Report...186 Device Group Data Report ...187 Query Port Report ...187 Node Asset Report ...188 Active Nodes Report...189...
Page 199: View Report Details
View Report Details • Double-click a row to view details of the report. • When a row is highlighted, press the Enter key to view details. All details of the selected report display in a dialog that appears, not just the details you can view in the report screen.
Page 200: Purge A Report's Data From Cc-Sg
Chapter 13: Reports Purge a Report's Data From CC-SG You can purge the data that appears in the Audit Trail and Error Log reports. Purging these reports deletes all data that satisfy the search criteria used. For example, if you search for all Audit Trail entries from March 26, 2008 through March 27, 2008, only those records will be purged.
Page 201: Error Log Report
3. You can limit the data that the report will contain by entering additional parameters in the Message Type, Message, Username, and User IP address fields. Wildcards are accepted in these fields except for the Message Type field. 4. In the Entries to Display field, select the number of entries to display in the report screen.
Page 202: Access Report
Chapter 13: Reports Access Report Generate the Access report to view information about accessed devices and nodes, when they were accessed, and the user who accessed them. 1. Choose Reports > Access Report. 2. Select Devices or Nodes. 3. Set the date and time range for the report in the Start Date and Time 4.
Page 203: Active Users Report
3. Click Apply. Active Users Report The Active Users report displays current users and user sessions. You can select active users from the report and disconnect them from CC- To generate the Active Users report: • Choose Reports > Users > Active Users. To disconnect a user from an active session in CC-SG: 1.
Page 204: User Group Data Report
Chapter 13: Reports User Group Data Report The User Group Data report displays data on users and the groups with which they are associated. 1. Choose Reports > Users > User Group Data. 2. Double-click the User Group to view the assigned policies. Device Asset Report The Device Asset report displays data on devices currently managed by CC-SG.
Page 205: Device Group Data Report
Device Group Data Report The Device Group Data report displays device group information. To generate the Device Group Data report: 1. Choose Reports > Devices > Device Group Data. 2. Double-click a row to display the list of devices in the group. Query Port Report The Query Port Report displays all ports according to port status.
Page 206: Node Asset Report
Chapter 13: Reports 3. Select Ghosted Ports to include ports that are ghosted. A ghosted 4. Select Paused Ports or Locked Ports to include ports that are 5. Select the number of rows of data to display in the report screen in 6.
Page 207: Active Nodes Report
3. The URL column contains direct links to each node. You can use this information to create a web page with links to each node, instead of bookmarking each node individually. See Interface Active Nodes Report The Active Nodes report includes the name and type of each active interface, the connection mode, the associated device, a timestamp, the current user, and the user IP address for each node with an active connection.
Page 208: Node Group Data Report
Chapter 13: Reports Node Group Data Report The Node Group Data report displays the list of nodes that belong to each group, the user groups that have access to each node group, and, if applicable, the rules that define the node group. The list of nodes is in the report details, which you can view by double-clicking a row in the report page, or save to a CSV file.
Page 209: Scheduled Reports
Scheduled Reports Scheduled Reports displays reports that were scheduled in the Task Manager. You can find the Upgrade Device Firmware reports and Restart Device reports in the Scheduled Reports screen. Scheduled reports can be viewed in HTML format only. See page 246).
Page 210: Upgrade Device Firmware Report
Chapter 13: Reports Upgrade Device Firmware Report The Upgrade Device Firmware report is located in the Scheduled Reports list. This report is generated when an Upgrade Device Firmware task is running. View the report to get real-time status information about the task.
Page 211: Chapter 14 System Maintenance
Chapter 14 System Maintenance In This Chapter Maintenance Mode ...193 Entering Maintenance Mode...193 Exiting Maintenance Mode ...194 Backing Up CC-SG...194 Saving and Deleting Backup Files...196 Restoring CC-SG...197 Resetting CC-SG...198 Restarting CC-SG...200 Upgrading CC-SG ...201 CC-SG Shutdown ...203 Restarting CC-SG after Shutdown ...204 Powering Down CC-SG...204 Ending CC-SG Session ...205 Maintenance Mode...
Page 212: Exiting Maintenance Mode
Chapter 14: System Maintenance 2. Password: Type your password. Only users with the CC Setup and 3. Broadcast message: Type the message that will display to users who 4. Enter maintenance mode after (min): Enter the number of minutes 5. Click OK. 6.
Page 213 b. Type the IP address or hostname of the server in the IP Address/Hostname field. c. If you are not using the default port for the selected protocol (FTP: 21, SFTP: 22), type the communications port used in the Port Number field. d.
Page 214: What Is The Difference Between Full Backup And Standard Backup
Chapter 14: System Maintenance What is the difference between Full backup and Standard backup? A standard backup includes all data in all fields of all CCSG pages, except for data in the following pages: • • CCSG backup files stored on CCSG are also not backed up. You can view the list of backup files stored on CCSG in the System Maintenance >...
Page 215: Restoring Cc-Sg
3. Click OK to delete the backup from the CC-SG system. Restoring CC-SG You can restore CC-SG using a backup file that you created. Important: The Neighborhood configuration is included in the CC- SG backup file so make sure you remember or note down its setting at the backup time.
Page 216: Resetting Cc-Sg
Chapter 14: System Maintenance 5. Type the number of minutes (from 0-60) that CC-SG will wait before 6. In the Broadcast Message field, type a message to notify other CC- 7. Click Restore. CC-SG waits for the time specified before restoring its Resetting CC-SG You can reset CC-SG to purge the database or to reset other components to their factory default settings.
Page 217 Option Description part of the CC-SG database. The SNMP configuration and traps are reset. The SNMP agent is not reset. IP-ACL settings are reset with a Full Database reset whether you select the IP ACL Tables option or not. The Neighborhood configuration is removed with the reset so CC- SG no longer "remembers"...
Page 218: Restarting Cc-Sg
Chapter 14: System Maintenance Option Default Firmware Upload Firmware to Database After Reset Diagnostic Console IP-ACL Tables 1. Before you reset, back up CC-SG and save the backup file to a 2. Choose System Maintenance > Reset. 3. Select the reset options. 4.
Page 219: Upgrading Cc-Sg
3. Broadcast message: Type the message that will display to users who will be logged off CC-SG. 4. Restart after (min): Enter the number of minutes (from 0-720) that should elapse before CC-SG restarts. If specifying over 10 minutes, the broadcast message displays to users immediately, and then repeats at 10 and 5 minutes before the event occurs.
Page 220 Chapter 14: System Maintenance 4. Once CC-SG is in maintenance mode, choose System Maintenance 5. Click Browse. Navigate to and select the CC-SG firmware file (.zip) 6. Click OK to upload the firmware file to CC-SG. 7. You must wait for the upgrade to complete before logging into CC- 8.
Page 221: Clear The Browser's Cache
Clear the Browser's Cache These instructions may vary slightly for different browser versions. To clear the browser cache in Internet Explorer 6.0 or later: 1. Choose Tools > Internet Options. 2. On the General tab, click Delete Files then click OK to confirm. In FireFox 2.0 and 3.0: 1.
Page 222: Restarting Cc-Sg After Shutdown
Chapter 14: System Maintenance 5. Click OK to shut down CC-SG. Restarting CC-SG after Shutdown After shutting down CC-SG, use one of these two methods to restart the unit: • • Powering Down CC-SG If CC-SG loses AC power while it is up and running, it will remember the last power state.
Page 223: Ending Cc-Sg Session
Ending CC-SG Session There are two ways to end a CC-SG Session. • Log out to end your session while keeping the client window open. • Exit to end your session and close the client window. See Log Out of CC-SG 1.
Page 224: Chapter 15 Advanced Administration
Chapter 15 Advanced Administration In This Chapter Configuring a Message of the Day ...206 Configuring Applications for Accessing Nodes ...207 Configuring Default Applications ...209 Managing Device Firmware...210 Configuring the CC-SG Network ...211 Configuring Logging Activity ...217 Configuring the CC-SG Server Time and Date ...218 Connection Modes: Direct and Proxy...219 Device Settings...220 Configuring Custom JRE Settings...223...
Page 225: Configuring Applications For Accessing Nodes
c. Click the Font Size drop-down menu and select a font size for a. Click Browse to browse for the message file. b. Select the file in the dialog window that opens then click Open. c. Click Preview to review the contents of the file. 4.
Page 226: Older Version Of Application Opens After Upgrading
Chapter 15: Advanced Administration 2. Click the Application name drop-down arrow and select the 3. Click Browse, locate and select the application upgrade file from the 4. The application name appears in the New Application File field in the 5. Click Upload. A progress window indicates that the new application 6.
Page 227: Delete An Application
5. Click OK. An Open dialog appears. 6. Navigate to and select the application file (usually a .jar or .cab file), and then click Open. 7. The selected application loads onto CC-SG. Delete an Application To delete an application: 1. Choose Administration > Applications. 2.
Page 228: View The Default Application Assignments
Chapter 15: Advanced Administration View the Default Application Assignments 1. Choose Administration > Applications. 2. Click the Default Applications tab to view and edit the current default Set the Default Application for an Interface or Port Type 1. Choose Administration > Applications. 2.
Page 229: Delete Firmware
2. Click Add to add a new firmware file. A search window opens. 3. Navigate to and select the firmware file you want to upload to CC- SG, and then click Open. When the upload completes, the new firmware appears in the Firmware Name field. Delete Firmware To delete firmware: 1.
Page 230: What Is Ip Failover Mode
Chapter 15: Advanced Administration Model Primary LAN Name V1-0 or LAN1 V1-1 Model Primary LAN Name E1-0 Not labeled E1-1 LAN1 What is IP Failover mode? IP Failover mode enables you to use two CC-SG LAN ports to implement network failover and redundancy. Only one LAN port is active at a time. Primary LAN and Secondary LAN ports on each CC-SG model.
Page 231 If the Primary LAN is connected and receiving a Link Integrity signal, CC- SG uses this LAN port for all communications. If the Primary LAN loses Link Integrity, and Secondary LAN is connected, CC-SG will failover its assigned IP address to the Secondary LAN. The Secondary LAN will be used until the Primary LAN returns to service.
Page 232 Chapter 15: Advanced Administration 6. Click the Adapter Speed drop-down arrow and select a line speed 7. If you selected Auto in the Adapter Speed field, the Adapter Mode 8. Click Update Configuration to save your changes. Your changes will Note: If CC-SG is configured with DHCP, you can access CC-SG via the hostname after a successful registration with the DNS server.
Page 233: What Is Ip Isolation Mode
What is IP Isolation mode? IP Isolation mode allows you to isolate clients from devices by placing them on separate sub-networks and forcing clients to access the devices through CC-SG. In this mode, CC-SG manages traffic between the two separate IP domains. IP Isolation mode does not offer failover. If either LAN connection fails, users will not have access.
Page 234 Chapter 15: Advanced Administration • 1. Choose Administration > Configuration. 2. Click the Network Setup tab. 3. Select IP Isolation mode. 4. Type the CC-SG hostname in the Host name field. See 5. Configure the Primary LAN in the left column, and the Secondary 6.
Page 235: Recommended Dhcp Configurations For Cc-Sg
Recommended DHCP Configurations for CC-SG Review the following recommended DHCP configurations. Make sure that your DHCP server is set up properly before you configure CC-SG to use DHCP. • Configure the DHCP to statically allocate CC-SG's IP address. • Configure the DHCP and DNS servers to automatically register the CC-SG with the DNS when the DHCP allocates an IP address to CC-SG.
Page 236: Configuring The Cc-Sg Server Time And Date
Chapter 15: Advanced Administration 2. Click the Logs tab. 3. Click Purge. 4. Click Yes. Configuring the CC-SG Server Time and Date CC-SG's time and date must be accurately maintained to provide credibility for its device-management capabilities. Important: The Time/Date configuration is used when scheduling tasks in Task Manager.
Page 237: Connection Modes: Direct And Proxy
Connection Modes: Direct and Proxy About Connection Modes CC-SG offers three connection modes for in-band and out-of-band connections: Direct, Proxy, and Both. • Direct mode allows you to connect to a node or port directly, without passing data through CC-SG. Direct mode generally provides faster connections.
Page 238: Configure Proxy Mode For All Client Connections
Chapter 15: Advanced Administration Configure Proxy Mode for All Client Connections 1. Choose Administration > Configuration. 2. Click the Connection Mode tab. 3. Select Proxy mode. 4. Click Update Configuration. Configure a Combination of Direct Mode and Proxy Mode When you configure CC-SG to use a combination of Direct mode and Proxy mode, Proxy mode will be the default connection mode, and Direct mode will be used for the client IP addresses you specify.
Page 239 3. Type a new timeout duration in the Heartbeat (sec) field. The valid range is 30 seconds to 50,000 seconds. 4. Click Update Configuration to save your changes. To enable or disable a warning message for all power operations: Select the Display Warning Message For All Power Operations checkbox to enable a warning message that alerts a user before a requested power operation occurs.
Page 240: Enable Akc Download Server Certificate Validation Overview
Chapter 15: Advanced Administration Enable AKC Download Server Certificate Validation Overview If you are using the AKC client, you can choose to use the Enable AKC Download Server Certificate Validation feature or opt not to use this feature. Option 1: Do Not Enable AKC Download Server Certificate Validation (default setting) If you do not enable AKC Download Server Certificate Validation, all KX II users and CC-SG Bookmark and Access Client users must:...
Page 241: Configuring Custom Jre Settings
Configuring Custom JRE Settings CC-SG will display a warning message to users who attempt to access CC-SG without the minimum JRE version that you specify. Check the Compatibility Matrix for the minimum supported JRE version. Choose Administration > Compatibility Matrix. If a user attempting to log into CC-SG does not have the specified JRE version installed, the JRE Incompatibility Warning window opens.
Page 242: Configuring Snmp
Chapter 15: Advanced Administration 1. Choose Administration > Configuration. Click the Custom JRE tab. 2. Click Clear. Configuring SNMP Simple Network Management Protocol allows CC-SG to push SNMP traps (event notifications) to an existing SNMP manager on the network. You should be trained in handling SNMP infrastructure to configure CC- SG to work with SNMP.
Page 243: Mib Files
9. Select the checkboxes before the traps you want CC-SG to push to your SNMP hosts: Under Trap Sources, a list of SNMP traps grouped into two different categories: System Log traps, which include notifications for the status of the CC unit itself, such as a hard disk failure, and Application Log traps for notifications generated by events in the CC application, such as modifications to a user account.
Page 244: Requirements For Cc-Sg Clusters
Chapter 15: Advanced Administration Requirements for CC-SG Clusters • • • Access a CC-SG Cluster Once a Cluster is created, users can access the Primary node directly, or if they point their browser to the Secondary node, they will be redirected. Redirection does not work for an already downloaded Admin Client applet, as the web browser needs to be closed and a new session opened and pointed to the new Primary system.
Page 245: Access A Cc-Sg Cluster
5. Type a valid user name and password for the Backup node in the Username for Backup Secure Gateway and Password for Backup Secure Gateway fields. 6. Select the Redirect by Hostname checkbox to specify that secondary to primary redirection access should be via DNS. Optional. See Access a CC-SG Cluster (on page 226).
Page 246: Switch The Primary And Secondary Node Status
Chapter 15: Advanced Administration Switch the Primary and Secondary Node Status You can exchange the roles of Primary and Secondary nodes when the Secondary, or Backup, node is in the "Joined" state. When the Secondary node is in the "Waiting" state, switching is disabled. After the roles are switched, the former Primary node is in the "Waiting"...
Page 247: Delete A Cluster
Note: If the clustered CC-SG units do not share the same time zone, when the Primary node failure occurs, and the Secondary node becomes the new Primary node, the time specified for Automatic Rebuild still follows the time zone of the old Primary node. Delete a Cluster Deleting a cluster completely deletes the information entered for the cluster, and restores both of Primary and Secondary CC-SG nodes to...
Page 248: Create A Neighborhood
Chapter 15: Advanced Administration Create a Neighborhood You can log into a CC-SG unit where you want to create a Neighborhood and which is not a member of any Neighborhood yet. After a Neighborhood is created, all members in the Neighborhood share the same Neighborhood information.
Page 249: Edit A Neighborhood
To deactivate any CC-SG unit, deselect the Activate checkbox next to that unit. Deactivated CC-SG units operate as standalone units and do not show up as one of the Neighborhood members to Access Client users. Click the column header to sort the table by that attribute in ascending order.
Page 250 Chapter 15: Advanced Administration 4. If new CC-SG units meet the Neighborhood criteria and are found, 5. Select the Active checkbox next to each new CC-SG unit. 6. To change any CC-SG's Secure Gateway Name, click the name, 7. Click Send Update to save the changes and distribute the latest Manage the Neighborhood Configuration You can deactivate or rename any CC-SG units in the Neighborhood configuration.
Page 251: Refresh A Neighborhood
Delete a Neighborhood Member When a CC-SG unit in a Neighborhood becomes inappropriate, you may either remove or deactivate it in the Neighborhood configuration. Otherwise, Access Client users may find these units inaccessible when trying to switch to them. For example, a Neighborhood member becomes inappropriate when you: •...
Page 252: Security Manager
Chapter 15: Advanced Administration 2. Choose Administration > Neighborhood. 3. Click Delete Neighborhood. 4. Click Yes to confirm the deletion. Security Manager The Security Manager is used to manage how CC-SG provides access to users. Within Security Manager you can configure authentication methods, SSL access, AES Encryption, strong password rules, lockout rules, the login portal, certificates, and access control lists.
Page 253 Check Your Browser for AES Encryption CC-SG supports AES-128 and AES-256. If you do not know if your browser uses AES, check with the browser manufacturer. You may also want to try navigating to the following web site using the browser whose encryption method you want to check: https://www.fortify.net/sslcheck.html https://www.fortify.net/sslcheck.html.
Page 254: Configure Browser Connection Protocol: Http Or Https/Ssl
Chapter 15: Advanced Administration 5. Click Update to save your changes. Configure Browser Connection Protocol: HTTP or HTTPS/SSL In Security Manager, you can configure CC-SG to either use regular HTTP connections from clients or require HTTPS/SSL connections. You must restart CC-SG for changes to this setting to take effect. The default setting is HTTPS/SSL.
Page 255 Require strong passwords for all users 1. Choose Administration > Security. 2. Click the Login Settings tab. 3. Select the Strong Passwords Required for All Users checkbox. 4. Select a Maximum Password Length. Passwords must contain fewer than the maximum number of characters. 5.
Page 256 Chapter 15: Advanced Administration Lockout settings Administrators can lock out CC-SG users and SSH users after a specified number of failed login attempts. You can enable this feature for locally authenticated users, for remotely authenticated users, or for all users. Note: By default, the admin account is locked out for five minutes after three failed login attempts.
Page 257: Configure The Inactivity Timer
2. Open the Login Settings tab. 3. Deselect the Lockout Enabled for Local Users checkbox to disable lockout for locally authenticated users. Deselect the Lockout Enabled for Remote Users checkbox to disable lockout for remotely authenticated users. 4. Click Update to save your changes. Allow concurrent logins per username You can permit more than one concurrent CC-SG session with the same username.
Page 258 Chapter 15: Advanced Administration Logo A small graphic file can be uploaded to CC-SG to act as a banner on the login page. The maximum size of the logo is 998 by 170 pixels. 1. Click Browse in the Logo area of the Portal tab. An Open dialog 2.
Page 259: Certificates
Click Browse. A dialog window opens. In the dialog window, select the text file with the message you want to use, and then click Open. The maximum length of the text message is 10,000 characters. Click Preview to preview the text contained in the file. The preview appears in the banner message field above.
Page 260 Chapter 15: Advanced Administration 5. Click OK to generate the CSR. The CSR and Private Key appear in 6. Select the text in the Certificate Request box, and then press Ctrl+C 7. Select the text in the Private Key box, and then press Ctrl+C to copy 8.
Page 261 14. Type raritan in the Password field if the CSR was generated by CC- SG. If a different application generated the CSR, use the password for that application. Note: If the imported certificate is signed by a root and subroot CA (certificate authority), using only a root or subroot certificate will fail.
Page 262: Access Control List
Chapter 15: Advanced Administration Access Control List An IP Access Control List specifies ranges of client IP addresses for which you want to deny or allow access to CC-SG. Each entry in the Access Control List becomes a rule that determines whether a user in a certain group, with a certain IP address, can access CC-SG.
Page 263: Notification Manager
6. Click the Action drop-down arrow and select Allow or Deny to specify whether the specified users in the IP range can access CC-SG. 7. Click Update to save your changes. To change the order in which CC-SG applies rules: 1.
Page 264: Task Manager
Chapter 15: Advanced Administration 7. Type a valid email address that will identify messages from CC-SG 8. Type the number of times emails should be re-sent should the send 9. Type the number of minutes (from 1-60) that should elapse between 10.
Page 265: Schedule Sequential Tasks
Schedule Sequential Tasks You may want to schedule tasks sequentially to confirm that expected behavior occurred. For example, you may want to schedule an Upgrade Device Firmware task for a given device group, and then schedule an Asset Management Report task immediately after it to confirm that the correct versions of firmware were upgraded.
Page 266: Schedule A Task
Chapter 15: Advanced Administration Schedule a Task This section covers most tasks that can be scheduled. See Device Firmware Upgrade device firmware upgrades. 1. Choose Administration > Tasks. 2. Click New. 3. In the Main tab, type a name and description for the task. Names can 4.
Page 267 b. Periodic: Use the up and down arrows to select the Start time at which the task should begin. Type the number of times the task should be executed in the Repeat Count field. Type the time that should elapse between repetitions in the Repeat Interval field. Click the drop-down menu and select the unit of time from the list.
Page 268: Schedule A Device Firmware Upgrade
Chapter 15: Advanced Administration 12. Specify email addresses to which a notification should be sent upon 13. Click OK to save your changes. Schedule a Device Firmware Upgrade You can schedule a task to upgrade multiple devices of the same type, such as KX or SX, within a device group.
Page 269 a. Start Date/Time: Select the date and time at which the task begins. The start date/time must be later than the current date/time. b. Restrict Upgrade Window and Latest Upgrade Start Date/Time: If you must finish all upgrades within a specific window of time, use these fields to specify the date and time after which no new upgrades can begin.
Page 270: Change A Scheduled Task
Chapter 15: Advanced Administration Change a Scheduled Task You can change a scheduled task before it runs. 1. Select the task you want to change. 2. Click Edit. 3. Change the task specifications as needed. See 4. Click Update to save your changes. Reschedule a Task The Save As function in Task Manager enables you to reschedule a completed task that you want to run again.
Page 271: Delete A Task
Delete a Task You can delete a task to remove it from the Task Manager. You cannot delete a task that is currently running. To delete a task: • Select the task, then click Delete. SSH Access to CC-SG Use Secure Shell (SSH) clients, such as Putty or OpenSHH Client, to access a command line interface to SSH (v2) server on CC-SG.
Page 272: Get Help For Ssh Commands
Chapter 15: Advanced Administration • Get Help for SSH Commands You can get limited help for all commands at once. You can also get in- depth help on a single command at a time. 1. At the shell prompt, type the command you want help for, followed by 2.
Page 273: Ssh Commands And Parameters
SSH Commands and Parameters The following table lists all commands available in SSH. You must be assigned the appropriate privileges in CC-SG to access each command. Some commands have additional parameters that you must type to execute the command. For more information about how to type commands, see Command Tips To list active ports:...
Page 274 Chapter 15: Advanced Administration grep search_term help listbackups <[-id <device_id>] | [host]> listdevices listfirmwares [[-id <device_id>] | [host]] listinterfaces [-id <node_id>] listnodes listports logoff more [-p <page_size>] pingdevice <[-id <device_id>] | [host]> restartcc minutes [message] To search for text from piped output stream: To view the help screen for all commands: To list available device configuration backups: To list available devices:...
Page 275: Command Tips
To restart a device: restartdevice <[-id <device_id>] | [host]> To restore a device configuration: restoredevice <[-host <host>] | [-id <device_id>]> [backup_id] To shutdown CC-SG: shutdowncc minutes [message] To open an SSH connection to an SX device: [-e <escape_char>] <[-id <device_id>] | [host]> To change a user: su [-u <user_name>] To upgrade a device's firmware:...
Page 276: Create An Ssh Connection To A Serial-Enabled Device
Chapter 15: Advanced Administration Command syntax ssh -id <device_id> • You may have problems using the escape character in the Linux terminal or client. Raritan recommends that you define a new escape character when establishing a port connection. The command is connect [-e <escape_char>] [port_id].
Page 277: Use Ssh To Connect To A Node Via A Serial Out-Of-Band Interface
2. Connect to the device by typing ssh -id <device_id> . Using the figure above as an example, you can connect to SX-229 by typing ssh -id 1370. Use SSH to Connect to a Node via a Serial Out-of-Band Interface You can use SSH to connect to a node through its associated serial out- of-band interface.
Page 278: End Ssh Connections
Chapter 15: Advanced Administration End SSH Connections You can make SSH connections to CC-SG only, or you can make a connection to CC-SG and then make a connection to a port, device, or node managed by CC-SG. There are different ways to end these connections, depending on which part you want to end.
Page 279: Serial Admin Port
Serial Admin Port The serial admin port on CC-SG can be connected directly to a Raritan serial device, such as Dominion SX or KSX. You can connect to the SX or KSX via the IP address using a terminal emulation program, such as HyperTerminal or PuTTY. Set the baud rate in the terminal emulation program to match the SX or KSX baud rate.
Page 280: Web Services Api
Chapter 15: Advanced Administration 3. A new window opens with your CC-SG serial number. Web Services API You must accept the End User Agreement before adding a Web Services API client to CC-SG. You can add up to five WS-API clients. See the CC-SG Web Services API Guide for details on using the API.
Page 281: Cc-Noc
h. Division/Department Name: CSR tag is Organization Unit Name. k. Challenge Password: Maximum 64 characters. Note: The Challenge Password is used internally by CC-SG to generate the certificate. You do not need to remember it. 6. Click Generate Certificate. The text appears in the Certificate box. 7.
Page 282: Chapter 16 Diagnostic Console
Chapter 16 Diagnostic Console The Diagnostic Console is a non-graphical, menu-based interface that provides local access to CC-SG. You can access Diagnostic Console from a serial or KVM port. See VGA/Keyboard/Mouse Port Diagnostic Console from a Secure Shell (SSH) client, such as PuTTY or OpenSSH Client.
Page 283: Status Console
Status Console About Status Console • You can use the Status Console to check the health of CC-SG, the various services CC-SG uses, and the attached network. • By default, Status Console does not require a password. • You can configure CC-SG to provide the Status Console information over a Web interface.
Page 284: Status Console Information
Chapter 16: Diagnostic Console 2: Access the Status Console via web browser: 1. Using a supported Internet browser, type this URL: http(s)://<IP_address>/status/ where <IP_address> is the IP address of the CC-SG. Note the forward slash (/) following /status is mandatory. For example, https://10.20.3.30/status/.
Page 285 CC-SG Title, Date and Time The CC-SG title is constant so users know that they are connected to a CC-SG unit. The date and time at the top of the screen is the last time when the CC- SG data was polled. The date and time reflect the timing values saved on the CC-SG server.
Page 286 Chapter 16: Diagnostic Console Information Web Status RAID Status Cluster Status Cluster Peer Network Information Description Restoring CC-SG is in the process of restoring itself and database queries are temporarily suspended. Down Database server has not started yet. Most of the access to the CC-SG server is through the Web. This field shows the state of the Web server and available statuses include: Responding/Unsecured...
Page 287 Information Description Speed Duplex IPAddr RX -Pkts TX -Pkts Navigation Keys Reminder The bottom line on the screen displays the keyboard combination keys for invoking Help and exiting Status Console. Status Console will ignore key inputs other than these keys described below. •...
Page 288 Chapter 16: Diagnostic Console Status Console via Web Browser After connecting to the Status Console via the web browser, the read- only Status Console web page appears. The web page displays the same information as the Status Console, and also updates the information approximately every 5 seconds. For information on the links for CC-SG Monitors at the bottom of the web page, see Display Historical Data Trending Reports...
Page 289: Administrator Console
Administrator Console About Administrator Console The Administrator Console allows you to set some initial parameters, provide initial networking configuration, debug log files, and perform some limited diagnostics and restarting CC-SG. The default login for the Administrator Console is: • Username: admin •...
Page 290 Chapter 16: Diagnostic Console The main Administrator Console screen appears. Administrator Console Screen Administrator Console screen consists of 4 main areas. • Menu bar: You can perform Administrator Console functions by activating the menu bar. Press Ctrl+X to activate the menu bar or click a menu item using the mouse if you access Administrator Console via the SSH client.
Page 291: Navigate Administrator Console
• Status bar: Status bar is just above the navigation keys bar. It displays some important system information, including CC-SG's serial number, firmware version, and the time when the information shown in the main display area was loaded or updated. Screenshots containing this information may be useful when reporting your problems to Raritan Technical Support.
Page 292: Edit Diagnostic Console Configuration
Chapter 16: Diagnostic Console Edit Diagnostic Console Configuration The Diagnostic Console can be accessed via the serial port (COM1), VGA/Keyboard/Mouse (KVM) port, or from SSH clients. If you want to access Status Console, one more access mechanism, Web access, is also available.
Page 293: Edit Network Interfaces Configuration (Network Interfaces)
4. Click Save. Edit Network Interfaces Configuration (Network Interfaces) In Network Interface Configuration, you can perform initial setup tasks, such as setting the hostname and IP address of the CC-SG. 1. Choose Operation > Network Interfaces > Network Interface Config. 2.
Page 294: Ping An Ip Address
Chapter 16: Diagnostic Console 6. In the Adapter Speed, select a line speed. The other values of 10, 7. If you did not select AUTO for Adapter Speed, click Adapter Duplex 8. Repeat these steps for the second network interface if you selected 9.
Page 295: Use Traceroute
Option Record Route Use Broadcast Address Adaptive Timing 4. Type values for how many seconds the ping command will execute, how many ping requests are sent, and the size for the ping packets. Default is 56, which translates into 64 ICMP data bytes when combined with 8 bytes of ICMP header data.
Page 296: Edit Static Routes
Chapter 16: Diagnostic Console 4. Type values for how many hops the traceroute command will use in 5. Click Traceroute in the bottom right-hand corner of the window. 6. Press Ctrl+C or Ctrl+Q to terminate the traceroute session. A Edit Static Routes In Static Routes, you can view the current IP routing table and modify, add, or delete routes.
Page 297 Chapter 16: Diagnostic Console Although you can delete all other routes, including the Default Gateway, doing this will greatly impact the communication with CC-...
Page 298: View Log Files In Diagnostic Console
Chapter 16: Diagnostic Console View Log Files in Diagnostic Console You can view one or more log files simultaneously via LogViewer, which allows browsing through several files at once to examine system activity. The Logfile list is updated only when the associated list becomes active, as when a user enters the logfile list area, or when a new sorting option is selected.
Page 299 3. Click with the mouse or use the arrow keys to navigate and press the Space bar to select a log file, marking it with an X. You can view more than one log file at a time. To sort the Logfiles to View list: The Sort Logfile list by options control the order in which logfiles are displayed in the Logfile to View list.
Page 300 Chapter 16: Diagnostic Console Option View When View is selected with Individual Windows, the LogViewer displays: Description contents of this package is not available to customer. Exported logfiles will be available for up to 10 days, and then the system will automatically delete them. View the selected log(s).
Page 301: Restart Cc-Sg With Diagnostic Console
Note: System load is static as of the start of this Admin Console session - use the TOP utility to dynamically monitor system resources. To filter a log file with a regular expression: 1. Type e to add or edit a regular expression and select a log from the list if you have chosen to view several.
Page 302: Reboot Cc-Sg With Diagnostic Console
Chapter 16: Diagnostic Console Diagnostic Console. See Restarting CC-SG in Diagnostic Console will NOT notify users that it is being restarted. To restart CC-SG with Diagnostic Console: 1. Choose Operation > Admin > CC-SG Restart. 2. Either click Restart CC-SG Application or press Enter. Confirm the restart in the next screen to proceed.
Page 303: Power Off Cc-Sg System From Diagnostic Console
2. Either click REBOOT System or press Enter to reboot CC-SG. Confirm the reboot in the next screen to proceed. Power Off CC-SG System from Diagnostic Console This option will power off the CC-SG unit. Logged-in users will not receive a notification. CC-SG, SSH, and Diagnostic Console users (including this session) will be logged off.
Page 304: Reset Cc Super-User Password With Diagnostic Console
Chapter 16: Diagnostic Console 2. Either click Power OFF the CC-SG or press Enter to remove AC power from the CC-SG. Confirm the power off operation in the next screen to proceed. Reset CC Super-User Password with Diagnostic Console This option will reset the password for the CC Super User account to the factory default value.
Page 305: Reset Cc-Sg Factory Configuration (Admin)
2. Either click Reset CC-SG GUI Admin Password or press Enter to change the admin password back to factory default. Confirm the password reset in the next screen to proceed. Reset CC-SG Factory Configuration (Admin) This option will reset all or parts of the CC-SG system back to their factory default values.
Page 306 Chapter 16: Diagnostic Console Option Full CC-SG Database Reset Preserve CC-SG Personality during Reset Network Reset SNMP Reset Firmware Reset Install Firmware into CC- SG DB Description This option removes the existing CC-SG database and builds a new version with the factory default values. Network settings, SNMP settings, firmware, and diagnostic console settings are not part of the CC-SG database.
Page 307: Diagnostic Console Password Settings
Option Description Diagnostic Console Reset This option restores Diagnostic Console settings back to factory defaults. IP Access Control Lists This option removes all entries from the IP-ACL table. Reset IP-ACL settings are reset with a Full Database reset whether you select the IP Access Control Lists reset option or not.
Page 308 Chapter 16: Diagnostic Console 2. In the Password History Depth field, type the number of passwords that will be remembered. The default setting is five. 3. Select either Regular, Random, or Strong for the admin and status (if enabled) passwords. Password setting Regular Random...
Page 309: Diagnostic Console Account Configuration
Password setting Description every password must have at least one digit in it. Diagnostic Console Account Configuration By default, the status account does not require a password, but you can configure it to require one. Other aspects of the admin password can be configured and the Field Support accounts can be enabled or disabled.
Page 310 Chapter 16: Diagnostic Console Setting Description User \ User Name (Read-only). This is the current user name or ID for this account. Last Changed (Read-only). This is the date of the last password change for this account. Expire (Read-only). This is the day that this account must change its password.
Page 311: Configure Remote System Monitoring
Configure Remote System Monitoring You can enable the remote system monitoring feature to use the GKrellM tool. The GKrellM tool provides a graphical view of resource utilization on the CC-SG unit. This tool is similar to the Windows Task Manager's Performance tab.
Page 312: Display Historical Data Trending Reports
Chapter 16: Diagnostic Console Follow the instructions in the Read Me file to set the CC-SG unit as the target to monitor. Windows users must use the command line to locate the Gkrellm installation directory and then run the commands specified in the Read. Display Historical Data Trending Reports Historical data trending gathers information about CPU utilization, memory utilization, Java Heap space, and network traffic.
Page 313: Display Raid Status And Disk Utilization
Display RAID Status and Disk Utilization This option displays the status of CC-SG disks, including disk size, active and up status, state of the RAID-1, and amount of space currently used by various file systems. To display disk status of the CC-SG: 1.
Page 314: Perform Disk Or Raid Tests
Chapter 16: Diagnostic Console Perform Disk or RAID Tests You can manually perform SMART disk drive tests or RAID check and repair operations. To perform a disk drive test or a RAID check and repair operation: 1. Choose Operation > Utilities > Disk/RAID Utilities > Manual Disk/RAID Tests.
Page 315 Chapter 16: Diagnostic Console d. After the test is complete, you can view the results in the Repair/Rebuild RAID screen. See Repair or Rebuild RAID Disks (on page 299). If a non-zero value displays in the Mis- Match column for the given Array, indicating that there may be a problem, you should contact Raritan Technical Support for assistance.
Page 316: Schedule Disk Tests
Chapter 16: Diagnostic Console Schedule Disk Tests You can schedule SMART-based tests of the disk drives to be periodically performed. Firmware on the disk drive will perform these tests, and you can view the test results in the Repair/Rebuild screen. SMART tests can be performed while CC-SG is operational and in use.
Page 317: Repair Or Rebuild Raid Disks
2. Click with the mouse or use the arrow keys to navigate and press the Space bar to select a test type, marking it with an X. Different types of tests take a different period of time. A Short test takes about 2 minutes to complete when the system is lightly loaded.
Page 318 Chapter 16: Diagnostic Console 2. If any item does not show "No" under the "Replace??" or "Rebuild??" column, contact Raritan Technical Support for assistance. The system will update displayed information when you move between Disk Drive Status, RAID Array Status, and Potential Operations box using the Tab key or mouse clicks.
Page 319: View Top Display With Diagnostic Console
4. Selecting either Replace Disk Drive or Rebuild RAID Array, and follow onscreen instructions until you finish the operation. View Top Display with Diagnostic Console Top Display allows you to view the list of currently-running processes and their attributes, as well as overall system health. To display the processes running on CC-SG: 1.
Page 320 Chapter 16: Diagnostic Console NTP is not enabled or not configured properly: NTP is properly configured and running:...
Page 321: Take A System Snapshot
Take a System Snapshot When CC-SG does not function properly, it is extremely helpful if you can capture the information stored in CC-SG, such as the system logs, configurations or database, and provide it to Raritan Technical Support for analysis and troubleshooting. 1: Take a snapshot of CC-SG: 1.
Page 322: Change The Video Resolution For Diagnostic Console
Chapter 16: Diagnostic Console 1. Using a supported Internet browser, type this URL: 2. The Enter Network Password dialog appears. Type the User Name 3. All available snapshot files that CC-SG has ever taken are listed. 4. Click the snapshot file with the appropriate filename, or the file 5.
Page 323: Chapter 17 Power Iq Integration
Chapter 17 Power IQ Integration If you have a CC-SG and Power IQ, there are severals ways to use them together. 1. Control power to Power IQ IT devices via CC-SG. For example, if you want to control power to a Power IQ IT device which is also a CC-SG node, you can use a Power IQ Proxy interface to give power control commands in CC-SG.
Page 324: Configuring Power Control Of Power Iq It Devices
Chapter 17: Power IQ Integration 2. Type a name for the device in the Power IQ Device Name field. The 3. Type the IP Address or Hostname of the device in the IP 4. Type the time (in seconds) that should elapse before timeout 5.
Page 325: Import Power Strips From Power Iq
Import Power Strips from Power IQ You can import Dominion PX devices and their outlet names from Power IQ. If the Dominion PX devices are already managed by CC-SG, you must delete them first. The import adds the Dominion PX devices, and configures and names the outlets specified in the CSV file.
Page 326: Export Dominion Px Data To Use In Power Iq
Chapter 17: Power IQ Integration Column number Step 3: Import the edited CSV file into CC-SG 1. In the CC-SG Admin Client, choose Administration > Import > Import Powerstrips. 2. Click Browse and select the CSV file to import. Click Open. 3.
Page 327 Chapter 17: Power IQ Integration 4. Click Save. Step 2: Edit the CSV file and import into Power IQ: The export file contains three sections. Read the comments in the CSV file for instructions on how to use each section as part of a Power IQ multi-tabbed CSV import file.
Page 328: Appendix A Specifications For V1 And E1
Appendix A Specifications for V1 and E1 In This Chapter V1 Model...310 E1 Model...311 V1 Model V1 General Specifications Form Factor Dimensions (DxWxH) Weight Power Operating Temperature Mean Time Between Failure (MTBF) KVM Admin Port Serial Admin Port Console Port V1 Environmental Requirements Operating Humidity...
Page 329: E1 Model
Operating Humidity Altitude Vibration Shock E1 Model E1 General Specifications Form Factor Dimensions (DxWxH) Weight Power Operating Temperature Mean Time Between Failure (MTBF) KVM Admin Port Serial Admin Port Console Port E1 Environmental Requirements Operating Humidity Altitude Vibration Shock Appendix A: Specifications for V1 and E1 5% - 95% RH Operate properly at any altitude between 0 to 10,000 feet, storage 40,000 feet...
Page 330 Appendix A: Specifications for V1 and E1 Operating Non-Operating Temperature Humidity Altitude Vibration Shock -40°-70° C 5-90%, non-condensing Sea level to 40,000 feet 10 Hz to 300 Hz sweep at 2 g constant acceleration for one hour on each of the perpendicular axes X, Y, and Z 30 g for 11 ms with a ½...
Page 331: Appendix B Cc-Sg And Network Configuration
Appendix B CC-SG and Network Configuration This appendix contains network requirements, including addresses, protocols, and ports, of a typical CC-SG deployment. It includes information about how to configure your network for both external access and internal security and routing policy enforcement. Details are provided for the benefit of a TCP/IP network administrator.
Page 332: Cc-Sg Communication Channels
Appendix B: CC-SG and Network Configuration Port Number Protocol 80 and 443 for Control System nodes 80, 443, 902, and 903 for Virtual Host and Virtual Machine Nodes 51000 Possible exceptions to the required open ports: Port 80 can be closed if all access to the CC-SG is via HTTPS addresses.
Page 333: Cc-Sg And Raritan Devices
CC-SG and Raritan Devices A main role of CC-SG is to manage and control Raritan devices, such as Dominion KX II. Typically, CC-SG communicates with these devices over a TCP/IP network (local, WAN, or VPN) and both TCP and UDP protocols are used as follows: Communication Direction CC-SG to Local Broadcast...
Page 334: Access To Infrastructure Services
Appendix B: CC-SG and Network Configuration Communication Direction CC-SG to CC-SG CC-SG to CC-SG CC-SG to CC-SG Access to Infrastructure Services The CC-SG can be configured to use several industry-standard services like DHCP, DNS, and NTP. These ports and protocols are used to allow CC-SG to communicate with these optional servers.
Page 335: Pc Clients To Nodes
Communication Port Direction Number PC Client to CC-SG PC Client to CC-SG PC Client to CC-SG 8080 PC Client to CLI SSH PC Client to Diagnostic Console PC Clients to Nodes Another significant role of CC-SG is to connect PC clients to various nodes.
Page 336: Cc-Sg And Client For Ipmi, Ilo/Riloe, Drac, Rsa
Appendix B: CC-SG and Network Configuration Communication Port Number Direction Client to Raritan Device 5000 to Out-of-Band KVM (on Raritan Node Device) (Direct Mode) Client to Raritan 51000 Dominion SX Device to (on Raritan Out-of-Band Serial Device) Node (Direct Mode) CC-SG and Client for IPMI, iLO/RILOE, DRAC, RSA You may need to open additional ports for CC-SG to manage third-party devices, such as iLO/RILOE and iLO2/RILOE2 servers.
Page 337: Cc-Sg Internal Ports
Communication Port Number Direction CC-SG to SNMP Manager CC-SG Internal Ports CC-SG uses several ports for internal functions, and its local firewall function blocks access to these ports. However, some external scanners may detect these as “blocked” or “filtered.” External access to these ports is not required and can be further blocked.
Page 338: Vnc Access To Nodes
Appendix B: CC-SG and Network Configuration VNC Access to Nodes Port 5800 or 5900 must be open for VNC access to nodes. SSH Access to Nodes Port 22 must be open for SSH access to nodes. Remote System Monitoring Port When the Remote System Monitoring feature is enabled, port 19150 is opened by default.
Page 339: Appendix C User Group Privileges
Appendix C User Group Privileges This table shows which privilege must be assigned for a user to have access to a CC-SG menu item. *None means that no particular privilege is required. Any user who has access to CC-SG will be able to view and access these menus and commands.
Page 340 Appendix C: User Group Privileges Menu > Sub- Menu Item menu Devices This menu and the Devices tree is available only for users with any one of the following privileges: Device, Port, and Node Management Device Configuration and Upgrade Management Discover Devices Device, Port, and Node >...
Page 341 Menu > Sub- Menu Item menu > Launch User Station Admin > Disconnect Users > Topology View > Change View > Create Custom View > Tree View > Port Manager > Connect > Configure Ports Device, Port, and Node > Disconnect Port Device, Port, and Node >...
Page 342 Appendix C: User Group Privileges Menu > Sub- Menu Item menu > By Port Number Device, Port, and Node Nodes This menu and the Nodes tree is available only for users with any one of the following privileges: Device, Port, and Node Management Node In-Band Access Node Out-of-Band Access Node Power Control...
Page 343 Menu > Sub- Menu Item menu Control Configure Blades Device, Port, and Node Ping Node Bookmark Node Interface > Node Sorting > By Node Name Any of the following: Options > By Node Status Any of the following: > Chat >...
Page 344 Appendix C: User Group Privileges Menu > Sub- Menu Item menu > Tree View Associations This menu is available only for users with the User Security Management privilege > Association > Device Groups > Node Groups > Policies Reports This menu is available for users with any administrative privilege except for users with the User Security Management privilege alone Audit Trail Error Log...
Page 345 Menu > Sub- Menu Item menu > Devices > Device Asset Report > Device Group Data > Query Port > Nodes > Node Asset Report > Active Nodes > Node Creation > Node Group Data > Active AD Users Group Directory Report Scheduled...
Page 346 Appendix C: User Group Privileges Menu > Sub- Menu Item menu Configuration Cluster Configuration Neighborhood Security Notifications Tasks Compatibility Matrix > Import Import Categories CC Setup and Control and Import Users Import Nodes Import Devices Import Powerstrips > Export Export Categories Export Users Export Nodes...
Page 347 Menu > Sub- Menu Item menu Export Devices Export Power IQ Data System Maintenance Backup Restore Reset Restart Upgrade Shutdown > Maintenance > Enter Mode Maintenance Mode > Exit Maintenance Mode View Window Help Required Privilege Device, Port, and Node Management CC Setup and Control and Device, Port, and Node...
Page 348: Appendix D Snmp Traps
Appendix D SNMP Traps CC-SG provides the following SNMP traps: SNMP Trap ccUnavailable ccAvailable ccUserLogin ccUserLogout ccPortConnectionStarted ccPortConnectionStopped ccPortConnectionTerminated ccImageUpgradeStarted ccImageUpgradeResults ccUserAdded ccUserDeleted ccUserModified ccUserAuthenticationFailure ccLanCardFailure ccHardDiskFailure ccLeafNodeUnavailable ccLeafNodeAvailable ccIncompatibleDeviceFirmware ccDeviceUpgrade ccEnterMaintenanceMode ccExitMaintenanceMode ccUserLockedOut ccDeviceAddedAfterCCNOCNotificati ccScheduledTaskExecutionFailure ccDiagnosticConsoleLogin Description CC-SG application is unavailable. CC-SG application is available.
Page 349 SNMP Trap ccDiagnosticConsoleLogout ccUserGroupAdded ccUserGroupDeleted ccUserGroupModified ccSuperuserNameChanged ccSuperuserPasswordChanged ccLoginBannerChanged ccMOTDChanged ccDominionPXReplaced ccSystemMonitorNotification ccNeighborhoodActivated ccNeighborhoodUpdated ccDominionPXFirmwareChanged ccClusterFailover ccClusterBackupFailed ccClusterWaitingPeerDetected ccClusterOperation ccCSVFileTransferred ccPIQAvailable ccPIQUnavailable Description User has logged out of the CC-SG Diagnostic Console. A new user group has been added to CC-SG. CC-SG user group has been deleted.
Page 350: Appendix E Csv File Imports
Appendix E CSV File Imports This section contains more information about CSV file imports. In This Chapter Common CSV File Requirements ...333 Audit Trail Entries for Importing ...334 Troubleshoot CSV File Problems ...335...
Page 351: Common Csv File Requirements
Common CSV File Requirements The best way to create the CSV file is to export a file from CC-SG, and then use the exported CSV file as an example for creating your own. The export file contains comments at the top that describe each item in the file.
Page 352: Audit Trail Entries For Importing
Appendix E: CSV File Imports Audit Trail Entries for Importing Each item imported into CC-SG is logged in the Audit Trail. Skipped duplicates are not logged in the Audit Trail. The Audit Trail includes an entry for the following actions, under the Message Type "Configuration."...
Page 353: Troubleshoot Csv File Problems
Troubleshoot CSV File Problems To troubleshoot CSV file validation: Error messages appear in the Problems area of the Import page. The error messages identify problems that are found in the CSV file during validation. You can save the list of errors to a CSV file. Each error includes the line number where the error occurs in the CSV file.
Page 354: Appendix F Troubleshooting
Appendix F Troubleshooting • Launching CC-SG from your web browser requires a Java plug-in. If your machine has an incorrect version, CC-SG will guide you through the installation steps. If your machine does not have a Java plug-in, CC-SG cannot automatically launch. In this case, you must uninstall or disable your old Java version and provide serial port connectivity to CC-SG to ensure proper operation.
Page 355 Appendix F: Troubleshooting • If you access more than one CC-SG unit using the same client and Firefox, you may see a "Secure Connection Failed" message that says you have an invalid certificate. You can resume access by clearing the invalid certificate from your browser. a.
Page 356: Appendix G Diagnostic Utilities
Appendix G Diagnostic Utilities CC-SG comes with a few diagnostic utilities which may be extremely helpful for you or Raritan Technical Support to analyse and debug the cause of CC-SG problems. In This Chapter Memory Diagnostic...338 Debug Mode ...339 CC-SG Disk Monitoring ...340 Memory Diagnostic CC-SG is implemented with the Memtest86+ diagnostic program, which can be invoked from the GRUB menu .
Page 357: Debug Mode
2: Terminate the Memtest86+ diagnostic program: 1. Press Esc. 2. CC-SG will reset and reboot. Debug Mode Although enabling the debug mode is extremely helpful for troubleshooting, it may impact the CC-SG operation and performance. Therefore, you should enable the debug mode only when Raritan Technical Support instructs you to do so.
Page 358: Cc-Sg Disk Monitoring
Appendix G: Diagnostic Utilities CC-SG Disk Monitoring If CC-SG disk space exhaustion in one or more file systems occurs, it may negatively impact your operation and even results in the loss of some engineering data. Therefore, you should monitor the CC-SG disk usage and take corrective actions to prevent or resolve potential issues.
Page 359 File system Data /sg/DB CC-SG database /opt CC-SG backups and snapshots /var Log files and system upgrades /tmp Scratch area (used by snapshots) To monitor the disk space via web browser This method applies only to CC-SG release 4.0 or later. You must enable Web Status Console-related options in Diagnostic Console before you can monitor the disk space using the web browser.
Page 360 Appendix G: Diagnostic Utilities Note: For file system problems that are not mentioned in this section, or when the corrective actions you take cannot resolve the problems, contact Raritan Technical Support for assistance.
Page 361: Appendix H Two-Factor Authentication
Appendix H Two-Factor Authentication CC-SG can be configured to point to an RSA RADIUS Server that supports two-factor authentication via an associated RSA Authentication Manager. CC-SG acts as a RADIUS client and sends user authentication requests to RSA RADIUS Server. The authentication request includes user id, a fixed password, and a dynamic token code.
Page 362: Appendix I Faqs
Appendix I FAQs In This Chapter General FAQs...344 Authentication FAQs...346 Security FAQs ...347 Accounting FAQs...348 Performance FAQs...348 Grouping FAQs...349 Interoperability FAQs...350 Authorization FAQs ...350 User Experience FAQs...350 General FAQs Question General What is CC-SG? Why would I need CC-SG? Which Raritan products does CC-SG support? How does CC-SG integrate with other Raritan Products?
Page 363 Question Can I upgrade to newer versions of CC-SG software as they become available? How many nodes and/or Dominion units and/or IP- Reach units can be connected to CC-SG? What do I do if I am unable to add a console/serial port to CC-SG? Which version of Java will Raritan's CC-SG be...
Page 364: Authentication Faqs
Appendix I: FAQs Question Will CC-SG auto-detect and update the blade chassis configuration when I move the blade chassis from one KX2 port to another KX2 port? How to merge the blade server node and the virtual host node if they refer to the same server? Authentication FAQs Question...
Page 365: Security Faqs
Question Answer security tools such as LDAP, TACACS+, RADIUS, and LDAP. AD, RADIUS, and so on? Why does the error message Check the user account in AD. If AD is set to "Logon "Incorrect username and/or To" specific computers on the domain, it disallows you password"...
Page 366: Accounting Faqs
Appendix I: FAQs Question WAN, but LAN, too)? Does CC-SG support CRL List, that is, LDAP list of invalid certificates? Does CC-SG support Client Certificate Request? Accounting FAQs Question Accounting The event times in the Audit Trail report seem incorrect. Why? Can audit/logging abilities track down who switched on...
Page 367: Grouping Faqs
Grouping FAQs Question Answer Grouping Is it possible to put a given Yes. Just as one user can belong to multiple groups, server in more than one one device can belong to multiple groups. group? For example, a Sun in NYC could be part of Group Sun: "Ostype = Solaris"...
Page 368: Interoperability Faqs
Appendix I: FAQs Interoperability FAQs Question Interoperability How does CC-SG integrate with Blade Chassis products? To what level is CC-SG able to integrate with third party KVM tools, down to third party KVM port level or simply box level? How would I mitigate the restriction of four simultaneous paths through any IP-Reach box, including...
Page 369 Appendix I: FAQs...
Page 370: Appendix J Keyboard Shortcuts
Appendix J Keyboard Shortcuts The following keyboard shortcuts can be used in the Java-based Admin Client. Operation Refresh Print panel Help Insert row in Associations table Keyboard Shortcut Ctrl + P Ctrl + I...
Page 371: Appendix K Naming Conventions
Appendix K Naming Conventions This appendix includes information about the naming conventions used in CC-SG. Comply with the maximum character lengths when naming all the parts of your CC-SG configuration. In This Chapter User Information ...353 Node Information ...353 Location Information ...354 Contact Information ...354 Service Accounts...354 Device Information...354...
Page 372: Location Information
Appendix K: Naming Conventions Field in CC-SG Audit Information Location Information Field in CC-SG Department Site Location Contact Information Field in CC-SG Primary Contact Name Telephone Number Cell Phone Secondary Contact Name Telephone Number Cell Phone Service Accounts Field in CC-SG Service Account Name User Name Password...
Page 373: Port Information
Field in CC-SG periods are converted to hyphens. Device Description Device IP/Hostname Username Password Notes Port Information Field in CC-SG Port Name Associations Field in CC-SG Category Name Element Name Device Group Name Node Group Name Administration Field in CC-SG Cluster Name Neighborhood Name Authentication Module Name...
Page 374: Appendix L Diagnostic Console Bootup Messages
Appendix L Diagnostic Console Bootup Messages Prior to version 4.0, CC-SG Diagnostic Console displays a number of messages on the screen each time when it boots up. These messages are standard Linux diagnostic and warning messages and usually do not imply any system problems.
Page 375: Index
Index About Administrator Console • 264, 271 About Applications for Accessing Nodes • 207 About Associations • 21 About CC-SG LAN Ports • 211, 212, 215 About CC-SG passwords • 237 About Connection Modes • 78, 219 About Default Applications • 209 About Interfaces •...
Page 376 Index Adding, Editing, and Deleting User Groups • 84, 132 Adding, Editing, and Deleting Users • 136 Administration • 355 Administrator Console • 271 Administrator Console Screen • 272 Advanced Administration • 137, 138, 165, 169, AES Encryption • 234 All Users Data Report •...
Page 377 Checking and Upgrading Application Versions • 11, 207 Checking the Compatibility Matrix • 11 Clear the Browser's Cache • 202, 203, 336 Clear the Java Cache • 202, 203, 208, 336 Client Browser Requirements • 4 Command Tips • 255, 257 Common CSV File Requirements •...
Page 378 Index Delete a User • 138 Delete a User Group • 134 Delete a Virtual Infrastructure • 96 Delete a Virtual Machine Node • 95, 96 Delete an Application • 209 Delete an Interface • 94, 109 Delete Control Systems and Virtual Hosts • 95, 96 Delete Firmware •...
Page 379 Finding Your CC-SG Serial Number • 261 Flow for Authentication • 161 General FAQs • 344 Get Help for SSH Commands • 254 Getting Started • 10 Grouping FAQs • 349 Hide or Show Report Filters • 182 How to Create Associations • 22 IBM LDAP Configuration Settings •...
Page 380 Index Notification Manager • 245, 247 Older Version of Application Opens After Upgrading • xvi, 12, 208 OpenLDAP (eDirectory) Configuration Settings • 176 Paragon II System Controller (P2-SC) • 67 Pausing CC-SG's Management of a Device • PC Clients to CC-SG • 316 PC Clients to Nodes •...
Page 381 Save, Upload, and Delete Device Backup Files • 63 Saving and Deleting Backup Files • 194, 196, Schedule a Device Firmware Upgrade • 248, 250, 252 Schedule a Task • 170, 172, 248, 252 Schedule a Task that is Similar to Another Task •...
Page 382 Index User Information • 353 User Management • 13, 18 Users and User Groups • 50, 124, 129, 153, 162, 177, 178 Users CSV File Requirements • xvi, 140 Using Chat • 111 Using Custom Views in the Admin Client • 155 Using Reports •...
Page 384 U.S./Canada/Latin America Monday - Friday 8 a.m. - 6 p.m. ET Phone: 800-724-8090 or 732-764-8886 For CommandCenter NOC: Press 6, then Press 1 For CommandCenter Secure Gateway: Press 6, then Press 2 Fax: 732-764-8887 Email for CommandCenter NOC: tech-ccnoc@raritan.com Email for all other products: tech@raritan.com China Beijing Monday - Friday...

Raritan Home Security System User Manual

Chapter 1 Introduction

Chapter 2 Accessing CC-SG

Chapter 3 Getting Started

In this Chapter before You Use Guided Setup

Chapter 4 Configuring CC-SG with Guided Setup

Chapter 5 Associations, Categories, and Elements

Chapter 6 Devices, Device Groups, and Ports

Chapter 7 Managed Powerstrips

In this Chapter Nodes and Interfaces Overview

Chapter 8 Nodes, Node Groups, and Interfaces

Chapter 9 Users and User Groups

Chapter 10 Policies for Access Control

Chapter 11 Custom Views for Devices and Nodes

Chapter 12 Remote Authentication

In this Chapter Using Reports

Chapter 13 Reports

Chapter 14 System Maintenance

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for Raritan Home Security System