1. Manuals
  2. Brands
  3. Raritan Manuals
  4. Gateway
  5. CCA-0N-V5.1-E
  6. Administration manual

Raritan CCA-0N-V5.1-E Administration Manual

Commandcenter secure gateway
Hide thumbs
1
2
Table Of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
Table of Contents

Advertisement

Quick Links

Download this manual
CommandCenter Secure Gateway
Administrators Guide
Release 5.1
Copyright © 2011 Raritan, Inc.
CCA-0N-v5.1-E
February 2011
255-80-5140-00-0N

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the CCA-0N-V5.1-E and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Raritan CCA-0N-V5.1-E

Summary of Contents for Raritan CCA-0N-V5.1-E

  • Page 1 CommandCenter Secure Gateway Administrators Guide Release 5.1 Copyright © 2011 Raritan, Inc. CCA-0N-v5.1-E February 2011 255-80-5140-00-0N...
  • Page 2 This document contains proprietary information that is protected by copyright. All rights reserved. No part of this document may be photocopied, reproduced, or translated into another language without express prior written consent of Raritan, Inc. © Copyright 2011 Raritan, Inc. All third-party software and hardware mentioned in this document are registered trademarks or trademarks of and are the property of their respective holders.

  • Page 3: Table Of Contents

    Contents What's New in the CC-SG Administrators Guide Chapter 1 Introduction Prerequisites ... 1 Terminology/Acronyms ... 2 Client Browser Requirements ... 4 Chapter 2 Accessing CC-SG Browser-Based Access via the CC-SG Admin Client ... 5 JRE Incompatibility ... 6 Thick Client Access ... 6 Install the Thick Client ...
  • Page 4 Contents Licensing - Limited Operation Before License Install ... 28 Licensing - Existing Customers ... 29 Licensing - Rehosting ... 29 Add a License ... 30 Confirming IP Address ... 30 Setting CC-SG Server Time ... 30 Checking the Compatibility Matrix ... 31 Checking and Upgrading Application Versions ...
  • Page 5 Discovering Devices ... 53 Adding a Device ... 54 Add a KVM or Serial Device ... 54 Add a PowerStrip Device ... 56 Add a Dominion PX Device ... 56 Editing a Device ... 57 Change the HTTP and HTTPS Ports for a KX2 Device ... 57 Editing a PowerStrip Device or a Dominion PX Device ...
  • Page 6 Contents Copying Device Configuration ... 87 Restarting a Device ... 88 Pinging the Device ... 88 Pausing CC-SG's Management of a Device ... 88 Resuming Management of a Device ... 89 Pause and Resume Management of Devices Using a Scheduled Task ... 89 Device Power Manager...
  • Page 7 Adding Location and Contacts to a Node Profile ... 111 Adding Notes to a Node Profile ... 111 Configuring the Virtual Infrastructure in CC-SG ... 112 Terminology for Virtual Infrastructure ... 112 Virtual Nodes Overview ... 113 Add a Control System with Virtual Hosts and Virtual Machines ... 113 Add a Virtual Host with Virtual Machines ...
  • Page 8 Contents Limit the Number of KVM Sessions per User ... 162 Configuring Access Auditing for User Groups ... 162 Adding, Editing, and Deleting Users ... 163 Add a User ... 163 Edit a User ... 164 Delete a User ... 165 Assigning a User to a Group ...
  • Page 9 Specify a Base DN... 189 Specifying Modules for Authentication and Authorization ... 189 Establishing Order of External AA Servers ... 190 AD and CC-SG Overview ... 190 Adding an AD Module to CC-SG ... 190 AD General Settings ... 191 AD Advanced Settings ...
  • Page 10 Contents Audit Trail Report ... 210 Error Log Report ... 211 Access Report ... 212 Availability Report ... 212 Active Users Report ... 213 Locked Out Users Report ... 213 All Users Data Report ... 213 User Group Data Report ... 214 Device Asset Report ...
  • Page 11 Chapter 15 Advanced Administration Configuring a Message of the Day ... 237 Configuring Applications for Accessing Nodes ... 238 About Applications for Accessing Nodes ... 238 Checking and Upgrading Application Versions ... 238 Older Version of Application Opens After Upgrading ... 239 Add an Application ...
  • Page 12 Contents Refresh a Neighborhood ... 266 Delete a Neighborhood ... 266 Security Manager ... 266 Remote Authentication ... 266 AES Encryption... 266 Configure Browser Connection Protocol: HTTP or HTTPS/SSL ... 268 Set the Port Number for SSH Access to CC-SG ... 268 Login Settings ...
  • Page 13 Navigate Administrator Console ... 305 Edit Diagnostic Console Configuration ... 306 Edit Network Interfaces Configuration (Network Interfaces) ... 307 Ping an IP Address ... 308 Use Traceroute ... 309 Edit Static Routes ... 310 View Log Files in Diagnostic Console ... 312 Restart CC-SG with Diagnostic Console ...
  • Page 14 Contents Appendix B CC-SG and Network Configuration Required Open Ports for CC-SG Networks: Executive Summary ... 349 CC-SG Communication Channels ... 350 CC-SG and Raritan Devices ... 351 CC-SG Clustering ... 351 Access to Infrastructure Services ... 352 PC Clients to CC-SG ... 352 PC Clients to Nodes ...
  • Page 15 Appendix C User Group Privileges Appendix D SNMP Traps Appendix E CSV File Imports Common CSV File Requirements ... 369 Audit Trail Entries for Importing ... 370 Troubleshoot CSV File Problems ... 371 Appendix F Troubleshooting Appendix G Diagnostic Utilities Memory Diagnostic ...
  • Page 16 Contents User Information ... 389 Node Information ... 389 Location Information ... 390 Contact Information ... 390 Service Accounts ... 390 Device Information ... 390 Port Information ... 391 Associations ... 391 Administration ... 391 Appendix L Diagnostic Console Bootup Messages Index...

  • Page 17: What's New In The Cc-Sg Administrators Guide

    What's New in the CC-SG Administrators Guide The following sections have changed or information has been added to the CommandCenter Secure Gateway Administrators Guide based on enhancements and changes to the equipment and/or documentation.  Add a License (on page 30) ...

  • Page 19: Chapter 1 Introduction

    Chapter 1 Introduction The CommandCenter Secure Gateway (CC-SG) Administrators Guide offers instructions for administering and maintaining your CC-SG. This guide is intended for administrators who typically have all available privileges. Users who are not administrators should see Raritan's CommandCenter Secure Gateway User Guide. In This Chapter Prerequisites ...

  • Page 20: Terminology/Acronyms

    Chapter 1: Introduction Terminology/Acronyms Terms and acronyms found in this document include: Access Client - HTML-based client intended for use by normal access users who need to access a node managed by CC-SG. The Access Client does not allow the use of administration functions. Admin Client - Java-based client for CC-SG useable by both normal access users and administrators.
  • Page 21 Chapter 1: Introduction Ghosted Ports - when managing Paragon devices, a ghosted port can occur when a CIM or target server is removed from the system or powered off (manually or accidentally). See Raritan's Paragon II User Guide. Hostname - can be used if DNS server support is enabled. See About Network Setup (on page 242).

  • Page 22: Client Browser Requirements

    Chapter 1: Introduction Node Groups - a defined group of nodes that are accessible to a user. Node groups are used when creating a policy to control access to the nodes in the group. Ports - connection points between a Raritan device and a node. Ports exist only on Raritan devices, and they identify a pathway from that device to a node.

  • Page 23: Chapter 2 Accessing Cc-Sg

    Chapter 2 Accessing CC-SG You can access CC-SG in several ways:  Browser: CC-SG supports numerous web browsers (for a complete list of supported browsers, see the Compatibility Matrix on the Raritan Support website).  Thick Client: You can install a Java Web Start thick client on your client computer.

  • Page 24: Jre Incompatibility

    Chapter 2: Accessing CC-SG JRE Incompatibility If you do not have the minimum required version of JRE installed on your client computer, you will see a warning message before you can access the CC-SG Admin Client. The JRE Incompatibility Warning window opens when CC-SG cannot find the required JRE file on your client computer.

  • Page 25: Use The Thick Client

    4. If the CC-SG is configured for secure browser connections, you must select the Secure Socket Layer (SSL) checkbox. If the CC-SG is not configured for secure browser connections, you must deselect the Secure Socket Layer (SSL) checkbox. This setting must be correct or the thick client will not be able to connect to CC-SG.

  • Page 26: Cc-Sg Admin Client

    Chapter 2: Accessing CC-SG CC-SG Admin Client Upon valid login, the CC-SG Admin Client appears.
  • Page 27  Nodes tab: Click the Nodes tab to display all known target nodes in a tree view. Click a node to view the Node Profile. Interfaces are grouped under their parent nodes. Click the + and - signs to expand or collapse the tree.

  • Page 28: Chapter 3 Getting Started

    Chapter 3 Getting Started Before you can begin configuring and working in CC-SG, you must have valid licenses installed. Then, upon first login, you should confirm the IP address, set the CC-SG server time, and check the firmware and application versions installed. You may need to upgrade the firmware and applications.

  • Page 29: Licensing - Basic License Information

    Licensing - Basic License Information Licenses are based on the number of nodes configured in CC-SG. Your purchase of a physical or virtual appliance includes a license to use a specific number of nodes. This "base license" enables CC-SG functionality and includes licensing for up to the set number of nodes. If you need more nodes, you will also purchase an Add-On license for additional nodes.

  • Page 30: Find Your Physical Appliance Host Id And Check Number Of Nodes In Database

    Chapter 3: Getting Started CC-SG product Description CC-V1-256 CC-SG V1 Appliance, includes 256 Node License CCSG128-VA CC-SG Virtual Appliance, includes 128 Node License CC-2XE1-512 Cluster Kit: 2 CC-SG E1 Appliances, includes 512 Node License CC-2XE1-1024 Cluster Kit: 2 CC-SG E1 Appliances, includes 1024 Node License CC-2XV1-256...
  • Page 31 Chapter 3: Getting Started 3. Check the number of nodes in your database on this page. You can determine how many more nodes you can add up to your licensed limit.

  • Page 32: Licensing - New Customers - Physical Appliance

    Chapter 3: Getting Started Licensing - New Customers - Physical Appliance If you are a new customer who has just purchased a physical CC-SG 5.0 appliance, follow these instructions to ensure that you have valid licenses installed and activated. 1. The license administrator designated at time of purchase will receive 2.
  • Page 33 4. Click the link in the email to go to the Software License Key Login page on Raritan's website and login with the user account just created. 5. Click the Product License tab. The licenses you purchased display in a list. You may have only 1 license, or multiple licenses. See Available Licenses (on page 11).

  • Page 34: Licensing - Clusters - New Customers

    Chapter 3: Getting Started  Licensing - Clusters - New Customers A Cluster Kit license enables 2 CC-SG physical units operating as a cluster to share licenses. The system will allow limited operations until the cluster is created and actively operating, and the license is installed and checked out on the primary cluster node.

  • Page 35: Licensing - Virtual Appliance With License Server

    Licensing - Virtual Appliance with License Server The CC-SG virtual appliance requires you to install a license server to host your license. Raritan provides the license server software and tools and a vendor daemon, which you install on a physical server. See Virtual Appliance Installation Requirements If you are a new customer who has just purchased a virtual CC-SG appliance, follow these instructions to ensure that you have your license...

  • Page 36: Download Installation Files

    Chapter 3: Getting Started Download Installation Files The complete set of installation files is available at http://www.raritan.com/support/CommandCenter-Secure-Gateway/. You must log in to the Raritan Licensing Portal to access these files at this link. See If you prefer not to download the .OVF file due to its size, the .OVF file is also shipped to customers on the product DVD.

  • Page 37: Get Your License

    7. Move the Raritan vendor daemon file using this command: cp raritan /home/flex/flexserverv11.8/i86_lsb/ 8. Enter this command: chmod +x raritan 9. Make sure you have the redhat-lsb package installed. To install it, run yum install redhat-lsb as root. Windows Server 1.
  • Page 38 Chapter 3: Getting Started 3. Check your email for another message from Raritan Licensing Portal 4. Click the link in the email to go to the Software License Key Login 5. Click the Product License tab. The licenses you purchased display in 6.

  • Page 39: Copy The License File To The License Server

     Linux: su - root; dmidecode -s system-uuid  Windows: Use cd to change to the /flexnet-win/i86_n3 directory, then run dmidecode -s system-uuid  Enter the TCP port number that CC-SG will use to communicate with the license server. The default port is 27000.

  • Page 40: Install Commandcenter Secure Gateway On Vmware Esx Server 4.0

    Chapter 3: Getting Started 2. Enter this command to change to the directory. 3. Run lmgrd to start the server. In the sample commands, Install CommandCenter Secure Gateway on VMware ESX Server 4.0 1. Connect to the ESX 4.0 from your client computer using vSphere 2.

  • Page 41: Log In To Cc-Sg

    b. Type and then confirm the new password. The new password must be a strong password consisting of at least eight characters that are a combination of letters and numbers. 3. Press CTRL+X when you see the Welcome screen. 4. Choose Operation > Network Interfaces > Network Interface Config. The Administrator Console appears.

  • Page 42: License Server Communication

    Chapter 3: Getting Started 6. Select the CCSG128-VA base license then click Check-Out to 7. To activate Add-On licenses, select each license then click See the CC-SG Administrators Guide for more details about licenses. See the Flexera about managing your license server. You can download the FlexNet Publisher License Administration Guide for FlexNet Publisher Licensing Toolkit 11.8 from www.flexera.com, under Support >...

  • Page 43: Command Line Utilities For Managing License Server

    Restart License Servers After an Outage If the license server goes down, and then resumes operation, or if you move, add or delete license files, you should restart the license server. Restarting the license server ensures that CC-SG is synchronized with the most current information.
  • Page 44 Chapter 3: Getting Started lmdown lmhostid lminstall lmnewlog lmpath lmremove lmreread lmswitchr lmswitch lmstat Allows for the graceful shutdown of selected license daemons. lmdown -vendor raritan is used to shut down the Raritan vendor daemon Allows the user to retrieve the host ID of the current platform.

  • Page 45: Install Or Upgrade Vmware Tools

    lmver Reports the version of a FLEXnet Publisher library or binary file, such as lmgrd, lmadmin, lmdown, vendor daemon. Install or Upgrade VMware Tools VMware Tools is recommended by VMware for all virtual machine deployments. Once you install VMware Tools on your CommandCenter Secure Gateway virtual appliance, you can follow this process to upgrade it when VMware makes a new release.

  • Page 46: Licensing - Limited Operation Before License Install

    Chapter 3: Getting Started Licensing - Limited Operation Before License Install Until you have installed and checked out the proper licenses, CC-SG operations are limited. Only the following menu choices are enabled.         Diagnostic Console: To retrieve necessary information and logs, configure network interfaces.

  • Page 47: Licensing - Existing Customers

    Licensing - Existing Customers If you are an existing CC-SG customer, with a physical CC-SG appliance, when you upgrade your CC-SG unit to 5.0 or higher, a license file is created and installed that allows you to continue using CC-SG with the number of nodes configured at the time of upgrade.

  • Page 48: Add A License

    Chapter 3: Getting Started Add a License You can add a license to CC-SG if you purchase a new add-on license, or need to replace your licenses. When replacing licenses, add the base license first. Add-on licenses associated with the previous base license will be deleted automatically if they are not valid with the new base license, either because they are of a different type, such as standalone or cluster, or if the host IDs are different.

  • Page 49: Checking The Compatibility Matrix

    Only the CC Super-User and users with similar privileges can configure Time and Date. Changing the time zone is disabled in a cluster configuration. To configure the CC-SG server time and date: 1. Choose Administration > Configuration. 2. Click the Time/Date tab. a.

  • Page 50: Checking And Upgrading Application Versions

    Chapter 3: Getting Started Checking and Upgrading Application Versions Check and upgrade the CC-SG applications, including Raritan Console (RC) and Raritan Remote Client (RRC). 1. Choose Administration > Applications. 2. Select an Application name from the list. Note the number in the If the application version is not current, you must upgrade the application.

  • Page 51: Chapter 4 Configuring Cc-Sg With Guided Setup

    Chapter 4 Configuring CC-SG with Guided Setup Guided Setup offers a simple way to complete initial CC-SG configuration tasks once the network configuration is complete. The Guided Setup interface leads you through the process of defining Associations, discovering and adding devices to CC-SG, creating device groups and node groups, creating user groups, assigning policies and privileges to user groups, and adding users.

  • Page 52: Associations In Guided Setup

    Chapter 4: Configuring CC-SG with Guided Setup Associations in Guided Setup Create Categories and Elements 1. In the Guided Setup window, click Associations, and then click 2. In the Category Name field, type the name of a category into which 3.

  • Page 53: Discover And Add Devices

    Discover and Add Devices The Discover Devices panel opens when you click Continue at the end of the Associations task. You can also click Device Setup, and then click Discover Devices in the Guided Tasks tree view in the left panel to open the Discover Devices panel.

  • Page 54: Creating Groups

    Chapter 4: Configuring CC-SG with Guided Setup 14. If you are manually adding a PowerStrip device, click the Number of 15. If you are adding an IPMI Server, type an Interval, used to check for 16. If you want to configure all available ports on the device, select the 17.
  • Page 55 3. There are two ways to add devices to a group, Select Devices and Describe Devices. The Select Devices tab allows you to select which devices you want to assign to the group by selecting them from the list of available devices. The Describe Devices tab allows you to specify rules that describe devices, and the devices whose parameters follow those rules will be added to the group.

  • Page 56: User Management

    Chapter 4: Configuring CC-SG with Guided Setup 9. Select the Create Full Access Policy for Group checkbox if you want 10. To add another node group, click Apply to save this group and 11. When you have finished adding node groups, click OK. The Groups 12.

  • Page 57: Add User Groups And Users

    Add User Groups and Users The Add User Group panel opens when you click Continue at the end of the Create Groups task. You can also click User Management, and then click Add User Group in the Guided Tasks tree view in the left panel to open the Add User Group panel.
  • Page 58 Chapter 4: Configuring CC-SG with Guided Setup 13. Select the Login Enabled checkbox if you want the user to be able to 14. Select the Remote Authentication checkbox only if you want the user 15. In the New Password and Retype New Password fields, type the 16.

  • Page 59: Chapter 5 Associations, Categories, And Elements

    Chapter 5 Associations, Categories, and Elements In This Chapter About Associations ... 41 Adding, Editing, and Deleting Categories and Elements ... 42 Adding Categories and Elements with CSV File Import ... 43 About Associations You can set up Associations to help organize the equipment that CC-SG manages.

  • Page 60: How To Create Associations

    Chapter 5: Associations, Categories, and Elements Policies also use categories and elements to control user access to servers. For example, the category/element pair Location/America can be used to create a Policy to control user access to servers in America. You can assign more than one element of a category to a node or device via CSV file import.

  • Page 61: Delete A Category

     5. In the Applicable For field, select whether this category applies to: Devices, Nodes, or Device and Nodes. 6. Click OK to create the new category. The new category name appears in the Category Name field. Delete a Category Deleting a category deletes all of the elements created within that category.

  • Page 62: Categories And Elements Csv File Requirements

    Chapter 5: Associations, Categories, and Elements Categories and Elements CSV File Requirements The categories and elements CSV file defines the categories, their associated elements, their type, and whether they apply to devices, nodes or both.     Column 1 Column 2 CATEGORY Column 1...

  • Page 63: Sample Categories And Elements Csv File

    Sample Categories and Elements CSV File ADD, CATEGORY, OS, String, Node ADD, CATEGORYELEMENT, OS, UNIX ADD, CATEGORYELEMENT, OS, WINDOWS ADD, CATEGORYELEMENT, OS, LINUX ADD, CATEGORY, Location, String, Device ADD, CATEGORYELEMENT, Location, Aisle 1 ADD, CATEGORYELEMENT, Location, Aisle 2 ADD, CATEGORYELEMENT, Location, Aisle 3 Import Categories and Elements Once you've created the CSV file, validate it to check for errors then import it.

  • Page 64: Export Categories And Elements

    Chapter 5: Associations, Categories, and Elements Export Categories and Elements The export file contains comments at the top that describe each item in the file. The comments can be used as instructions for creating a file for importing. 1. Choose Administration > Export > Export Categories. 2.

  • Page 65: Chapter 6 Devices, Device Groups, And Ports

    Chapter 6 Devices, Device Groups, and Ports To add Raritan PowerStrip Devices that are connected to other Raritan devices to CC-SG, see Managed PowerStrips (on page 93). Note: To configure iLO/RILOE devices, IPMI devices, Dell DRAC devices, IBM RSA devices, or other non-Raritan devices, use the Add Node menu and add these items as an interface.

  • Page 66: Viewing Devices

    Chapter 6: Devices, Device Groups, and Ports Viewing Devices The Devices Tab Click the Devices tab to display all devices under CC-SG management. Each device's configured ports are nested under the devices they belong to. Devices with configured ports appear in the list with a + symbol. Click the + or - to expand or collapse the list of ports.

  • Page 67: Port Sorting Options

    Icon Meaning Serial port unavailable Ghosted port (See Raritan's Paragon II User Guide for details on Ghosting Mode.) Device paused Device unavailable Power strip Outlet port Blade chassis available Blade chassis unavailable Blade server available Blade server unavailable Port Sorting Options Configured ports are nested under their parent devices in the Devices tab.

  • Page 68: Device Profile Screen

    Chapter 6: Devices, Device Groups, and Ports Note: For blade servers without an integrated KVM switch, such as HP BladeSystem servers, their parent device is the virtual blade chassis that CC-SG creates, not the KX2 device. These servers will be sorted only within the virtual blade chassis device so they will not appear in order with the other KX2 ports unless you restore these blade servers ports to normal KX2 ports.

  • Page 69: Topology View

    The Device Profile includes tabs that contain information about the device. Associations tab The Associations tab contains all categories and elements assigned to the node. You can change the associations by making different selections. See Associations, Categories, and Elements Location & Contacts tab The Location &...

  • Page 70: Right Click Options In The Devices Tab

    Chapter 6: Devices, Device Groups, and Ports 2. Choose Devices > Device Manager > Topology View. The Topology Right Click Options in the Devices Tab You can right-click a device or port in the Devices tab to display a menu of commands available for the selected device or port.

  • Page 71: Discovering Devices

    Discovering Devices Discover Devices initiates a search for all devices on your network. After discovering the devices, you may add them to CC-SG if they are not already managed. To discover devices: 1. Choose Devices > Discover Devices. 2. Type the range of IP addresses where you expect to find the devices in the From Address and To Address fields.

  • Page 72: Adding A Device

    Chapter 6: Devices, Device Groups, and Ports Adding a Device Devices must be added to CC-SG before you can configure ports or add interfaces that provide access to the nodes connected to ports. The Add Device screen is used to add devices whose properties you know and can provide to CC-SG.
  • Page 73 6. Type the time (in seconds) that should elapse before timeout between the new device and CC-SG in the Heartbeat timeout (sec) field. 7. When adding a Dominion SX or Dominion KX2 version 2.2 or later device, the Allow Direct Device Access checkbox enables access to targets directly through the device even while it is under CC-SG management.

  • Page 74: Add A Powerstrip Device

    Chapter 6: Devices, Device Groups, and Ports 14. If the firmware version of the device is not compatible with CC-SG, a Add a PowerStrip Device The process of adding a PowerStrip Device to CC-SG varies, based on which Raritan device the powerstrip is connected to physically. See Managed PowerStrips To add a Dominion PX that is not connected to another Raritan device, Add a Dominion PX Device...

  • Page 75: Editing A Device

     8. When you are done configuring this device, click Apply to add this device and open a new blank Add Device screen that allows you to continue adding devices, or click OK to add this device without continuing to a new Add Device screen. Editing a Device You can edit a device to rename it and modify its properties, including the change of a PX device's username and password.

  • Page 76: Adding Notes To A Device Profile

    Chapter 6: Devices, Device Groups, and Ports 2. Type the new device properties in the appropriate fields on this 3. Click the Outlet tab to view all outlets of this PowerStrip. 4. If an outlet is associated with a node, click the Node hyperlink to 5.

  • Page 77: Adding Location And Contacts To A Device Profile

    Adding Location and Contacts to a Device Profile Enter details about the location of the device and contact information for the people who administer or use the device. To add location and contacts to a device profile: 1. Select a device in the Devices tab. The Device Profile page opens. 2.

  • Page 78: Configuring Ports

    Chapter 6: Devices, Device Groups, and Ports Configuring Ports If all ports of a device were not automatically added by selecting Configure all ports when you added the device, use the Configure Ports screen to add individual ports or a set of ports on the device to CC-SG. Once you configure ports, a node is created in CC-SG for each port, and the default interface is also created.

  • Page 79: Nodes Created By Configuring Ports

    3. Click the Configure button that corresponds to the KVM port you want to configure. 4. Type a port name in the Port Name field. For ease of use, name the port after the target that is connected to the port. See Conventions lengths.

  • Page 80: Deleting A Port

    Chapter 6: Devices, Device Groups, and Ports 3. Click the Access Application drop-down menu and select the 4. Click OK to save your changes. 1. Click the Devices tab and select the serial port you want to edit, or 2. Choose Devices > Device Manager > Launch Admin. The device's 3.

  • Page 81: Configuring A Blade Chassis Device Connected To Kx2

    Chapter 6: Devices, Device Groups, and Ports 3. Select the checkbox of the port you want to delete. 4. Click OK to delete the selected port. A message appears when the port has been deleted. Configuring a Blade Chassis Device Connected to KX2 Blade Chassis Overview There are two types of blade chassis devices: one is with an integrated KVM switch, which can function as an IP-enabled KVM switch, and the...

  • Page 82: Add A Blade Chassis Device

    Chapter 6: Devices, Device Groups, and Ports Add a Blade Chassis Device The procedure to add a blade chassis device varies depending on the blade chassis type. A blade chassis device always show two names in the Devices tab: the name without the parentheses is retrieved from the KX2 device, and the name within the parentheses is the chassis name saved on CC-SG.
  • Page 83 Configuring Slots on a Blade Chassis Device If the blade servers or slots are not configured yet in CC-SG. you must configure them by following the procedure in this section, or the blade servers do not appear in the Devices and Nodes tabs. An Out-of-Band KVM interface is automatically added to a blade server node.
  • Page 84 Chapter 6: Devices, Device Groups, and Ports Changing the Blade Server Status This section applies only to the blade chassis with an integrated KVM switch, such as Dell PowerEdge and IBM BladeCenter series. If the "Installed" status for the corresponding blade server or slot is not enabled on the KX2 device, CC-SG always shows "Down"...

  • Page 85: Edit A Blade Chassis Device

    To delete a slot using the Delete Blade command: 1. In the Devices tab, click the + next to the KX2 device that is connected to the blade chassis device. 2. Click the + next to the blade chassis device whose slots you want to delete.

  • Page 86: Move A Blade Chassis Device To A Different Port

    Chapter 6: Devices, Device Groups, and Ports Move a Blade Chassis Device to a Different Port When physically moving a blade chassis device from one KX2 device or port to another KX2 device or port, CC-SG cannot detect and automatically update the configuration data of the blade chassis device to the new port.

  • Page 87: Bulk Copying For Device Associations, Location And Contacts

    Bulk Copying for Device Associations, Location and Contacts The Bulk Copy command allows you to copy categories, elements, location and contact information from one device to multiple other devices. Note that the selected information is the only property copied in this process.

  • Page 88: Configuring Analog Kvm Switches Connected To Kx2 2.3 Or Higher

    Chapter 6: Devices, Device Groups, and Ports Configuring Analog KVM Switches Connected to KX2 2.3 or Higher KX2 version 2.3 enables you to connect a generic analog KVM switch to a target port. The generic analog KVM switch and its ports will be available as nodes to CC-SG.

  • Page 89: Device Group Manager

    4. Select the checkbox for each slot you want to configure, then click To configure slots from the Configure Ports screen: 1. In the Devices tab, click the + next to the KX2 device that is connected to the KVM switch device. 2.

  • Page 90: Device Groups Overview

    Chapter 6: Devices, Device Groups, and Ports Device Groups Overview Device groups are used to organize devices into a set. The device group will become the basis for a policy either allowing or denying access to this particular set of devices. See Devices can be grouped manually, using the Select method, or by creating a Boolean expression that describes a set of common attributes, using the Describe method.
  • Page 91 2. Click the New Group icon New panel appears. 3. In the Group Name field, type a name for a device group you want to create. See Naming Conventions CC-SG's rules for name lengths. 4. There are two ways to add devices to a group, Select Devices and Describe Devices.
  • Page 92 Chapter 6: Devices, Device Groups, and Ports 4. To add another rule, click the Add New Row icon 5. The table of rules only makes available criteria for evaluating nodes.  Category - Select an attribute that will be evaluated in the rule. All categories you created in the Association Manager are available here.
  • Page 93 Example 2: If you want to describe a group of devices that belong to the engineering department or are located in Philadelphia, and specify that all of the machines must have 1 GB of memory, you must create three rules. Department = Engineering (Rule0) Location = Philadelphia (Rule1) Memory = 1GB (Rule2).These rules must be arranged in relation to each other.

  • Page 94: Edit A Device Group

    Chapter 6: Devices, Device Groups, and Ports Describe Method versus Select Method Use the describe method when you want your group to be based on some attribute of the node or devices, such as the categories and elements. The advantage of the describe method is that when you add more devices or nodes with the same attributes as described, they will be pulled into the group automatically.

  • Page 95: Adding Devices With Csv File Import

    Adding Devices with CSV File Import You can add devices to CC-SG by importing a CSV file that contains the values. You must have the Device, Port, and Node Management and CC Setup and Control privileges to import and export devices. You must be assigned a policy that gives you access to all relevant devices and nodes.
  • Page 96 Chapter 6: Devices, Device Groups, and Ports Column number Tag or value Details spaces or certain special characters. Dominion PX device names cannot include periods. Upon import, periods are converted to hyphens. IP Address or Hostname Required field. Username Required field. Password Required field.
  • Page 97 To add a port to the CSV file: Use the DEVICE-PORT tag only if you add a device with Configure All Ports set to FALSE, and you want to specify ports individually. The ports you add must be un-configured in CC-SG when you import the CSV file. Column Tag or value number...
  • Page 98 Chapter 6: Devices, Device Groups, and Ports Column number To add a tiered KVM switch connected to a KX2: KX2 ports with tiered KVM switches connected must be imported as type "KVM". Column number To assign a category and element to a device to the CSV file: Categories and elements must already be created in CC-SG.

  • Page 99: Sample Devices Csv File

    Column Tag or value number DEVICE-CATEGORYELEME Device Name Category Name Element Name Sample Devices CSV File ADD, DEVICE, DOMINION KX2, Lab-Test,192.168.50.123,ST Lab KVM, username, password,,,, ADD, DEVICE-PORT, Lab-Test, KVM, 1, Mail Server, Mail Server ADD, DEVICE-PORT, Lab-Test, KVM, 2, DNS Server, DNS Server ADD, DEVICE-PORT, Lab-Test, KVM, 3 ADD, DEVICE-PORT, Lab-Test, KVM, 4 ADD, DEVICE-CATEGORYELEMENT, Lab-Test, Location, Rack17...

  • Page 100: Export Devices

    Chapter 6: Devices, Device Groups, and Ports 6. To view more import results details, check the Audit Trail report. See Export Devices The export file contains comments at the top that describe each item in the file. The comments can be used as instructions for creating a file for importing.

  • Page 101: Backing Up A Device Configuration

    Backing Up a Device Configuration You can back up all user configuration and system configuration files for a selected device. If anything happens to the device, you can restore the previous configurations from CC-SG using the backup file created. The maximum number of backup files that can be stored on CC-SG is 3 per device.

  • Page 102: Restoring Device Configurations

    Chapter 6: Devices, Device Groups, and Ports Restoring Device Configurations The following device types allow you to restore a full backup of the device configuration.      KX2, KSX2, and KX2-101 devices allow you to choose which components of a backup you want to restore to the device.

  • Page 103: Restore All Configuration Data Except Network Settings To A Kx2, Ksx2, Or Kx2-101 Device

    Restore All Configuration Data Except Network Settings to a KX2, KSX2, or KX2-101 Device The Protected restore option allows you to restore all configuration data in a backup file, except network settings, to a KX2, KSX2, or KX2-101 device. You can use the Protected option to restore a backup of one device to another device of the same model (KX2, KSX2, and KX2-101 only).

  • Page 104: Restore All Configuration Data To A Kx2, Ksx2, Or Kx2-101 Device

    Chapter 6: Devices, Device Groups, and Ports Restore All Configuration Data to a KX2, KSX2, or KX2-101 Device The Full restore option allows you to restore all configuration data in a backup file to a KX2, KSX2, or KX2-101 device. 1.

  • Page 105: Copying Device Configuration

    3. Click Upload. Navigate to and select the device backup file. The file type is .rfp. Click Open. The device backup file uploads to CC-SG and appears in the page. Copying Device Configuration The following device types allow you to copy configurations from one device to one or more other devices.

  • Page 106: Restarting A Device

    Chapter 6: Devices, Device Groups, and Ports Restarting a Device Use the Restart Device function to restart a device. 1. Click the Devices tab and select the device you want to restart. 2. Choose Devices > Device Manager > Restart Device. 3.

  • Page 107: Resuming Management Of A Device

    Resuming Management of a Device You can resume CC-SG management of a paused device to bring it back under CC-SG control. To resume CC-SG's management of a paused device: 1. Click the Devices tab and select the paused device from the Devices tree.

  • Page 108: Device Power Manager

    Chapter 6: Devices, Device Groups, and Ports 6. Select the devices to include in the task by selecting a device group 7. Click OK. Device Power Manager Use the Device Power Manager to view the status of a PowerStrip device (including voltage, current, and temperature) and to manage all power outlets on the PowerStrip device.

  • Page 109: Disconnecting Users

    Disconnecting Users Administrators can terminate any user's session on a device. This includes users who are performing any kind of operation on a device, such as connecting to ports, backing up the configuration of a device, restoring a device's configuration, or upgrading the firmware of a device. Firmware upgrades and device configuration backups and restores are allowed to complete before the user's session with the device is terminated.

  • Page 110: Ip-Reach And Ust-Ip Administration

    Chapter 6: Devices, Device Groups, and Ports IP-Reach and UST-IP Administration You can perform administrative diagnostics on IP-Reach and UST-IP devices connected to your Paragon System setup directly from the CC-SG interface. After adding the Paragon System device to CC-SG, it appears in the Devices tree.

  • Page 111: Chapter 7 Managed Powerstrips

    Chapter 7 Managed Powerstrips There are three ways to configure power control using powerstrips in CC-SG. 1. All supported Raritan-brand powerstrips can be connected to another Raritan device and added to CC-SG as a Powerstrip device. Raritan-brand powerstrips include Dominion PX and RPC powerstrips.

  • Page 112: Configuring Powerstrips That Are Managed By Another Device In Cc-Sg

    Chapter 7: Managed Powerstrips Configuring Powerstrips that are Managed by Another Device in CC-SG In CC-SG, managed powerstrips can be connected to one of the following devices:          You must know which Raritan device the managed powerstrip is connected to physically.

  • Page 113: Configuring Powerstrips Connected To Kx, Kx2, Kx2-101, Ksx2, And P2Sc

    Configuring PowerStrips Connected to KX, KX2, KX2-101, KSX2, and P2SC CC-SG automatically detects PowerStrips connected to KX, KX2, KX2-101, KSX2, and P2SC devices. You can perform the following tasks in CC-SG to configure and manage PowerStrips connected to these devices. ...

  • Page 114: Delete A Powerstrip Connected To A Kx, Kx2, Kx2-101, Ksx2, Or P2Sc Device

    Chapter 7: Managed Powerstrips Delete a PowerStrip Connected to a KX, KX2, KX2-101, KSX2, or P2SC Device You cannot delete a PowerStrip connected to a KX, KX2, KX2-101, KSX2, or P2SC device from CC-SG. You must physically disconnect the PowerStrip from the device to delete the PowerStrip from CC-SG. When you physically disconnect the PowerStrip from the device, the PowerStrip and all configured outlets disappear from the Devices tab.

  • Page 115: Delete A Powerstrip Connected To An Sx 3.0 Or Ksx Device

    10. For each Category listed, click the Element drop-down menu and select the element you want to apply to the device. Select the blank item in the Element field for each Category you do not want to use. Associations, Categories, and Elements Optional.

  • Page 116: Configuring Powerstrips Connected To Sx 3.1

    Chapter 7: Managed Powerstrips Configuring Powerstrips Connected to SX 3.1 You can perform the following tasks in CC-SG to configure and manage Powerstrips connected to SX 3.1 devices.    Add a Powerstrip Connected to an SX 3.1 Device The procedure for adding a powerstrip connected to an SX 3.1 device varies, based on whether the SX 3.1 device has been added to CC-SG.

  • Page 117: Move An Sx 3.1'S Powerstrip To A Different Port

    Move an SX 3.1's Powerstrip to a Different Port When you physically move a Powerstrip from one SX 3.1 device or port to another SX 3.1 device or port, you must delete the Powerstrip from the old SX 3.1 port and add it to the new SX 3.1 port. See Powerstrip Connected to an SX 3.1 Device Powerstrip Connected to an SX 3.1 Device Delete a Powerstrip Connected to an SX 3.1 Device...
  • Page 118 Chapter 7: Managed Powerstrips 1. In the Devices tab, click the + next to the device that is connected to 2. Click the + next to the PowerStrip. 3. Choose Devices > Port Manager > Delete Ports. 4. Select the checkbox for each outlet you want to delete, and then ...

  • Page 119: Chapter 8 Nodes, Node Groups, And Interfaces

    Chapter 8 Nodes, Node Groups, and Interfaces This section covers how to view, configure, and edit nodes and their associated interfaces, and how to create node groups. Connecting to nodes is covered briefly. See Raritan's CommandCenter Secure Gateway User Guide for details on connecting to nodes. In This Chapter Nodes and Interfaces Overview ...

  • Page 120: Node Names

    Chapter 8: Nodes, Node Groups, and Interfaces Node Names Node names must be unique. CC-SG will prompt you with options if you attempt to manually add a node with an existing node name. When CC-SG automatically adds nodes, a numbering system ensures that node names are unique.

  • Page 121: Node Profile

    Chapter 8: Nodes, Node Groups, and Interfaces Node Profile Click a Node in the Nodes tab to open the Node Profile page. The Node Profile page includes tabs that contain information about the node.
  • Page 122 Chapter 8: Nodes, Node Groups, and Interfaces The Interfaces tab contains all the node's interfaces. You can add, edit, and delete interfaces on this tab, and select the default interface. Nodes that support virtual media include an additional column that shows whether virtual media is enabled or disabled.

  • Page 123: Node And Interface Icons

    Control system server nodes, such as VMware's Virtual Center, include the Control System Data tab. The Control System Data tab contains information from the control system server that is refreshed when the tab opens. You can access a topology view of the virtual infrastructure, link to associated node profiles, or connect to the control system and open the Summary tab.

  • Page 124: Service Accounts

    Chapter 8: Nodes, Node Groups, and Interfaces Service Accounts Service Accounts Overview Service accounts are special login credentials that you can assign to multiple interfaces. You can save time by assigning a service account to a set of interfaces that often require a password change. You can update the login credentials in the service account, and the change is reflected in every interface that uses the service account.

  • Page 125: Add, Edit, And Delete Service Accounts

    Add, Edit, and Delete Service Accounts To add a service account: 1. Choose Nodes > Service Accounts. The Service Accounts page opens. 2. Click the Add Row icon 3. Enter a name for this service account in the Service Account Name field.

  • Page 126: Assign Service Accounts To Interfaces

    Chapter 8: Nodes, Node Groups, and Interfaces 2. Find the service account whose password you want to change. 3. Enter the new password in the Password field. 4. Re-type the password in the Retype Password field. 5. Click OK. Note: CC-SG updates all interfaces that use the service account to use the new login credentials when you change the username or password.

  • Page 127: Adding, Editing, And Deleting Nodes

    Adding, Editing, and Deleting Nodes Add a Node To add a node to CC-SG: 1. Click the Nodes tab. 2. Choose Nodes > Add Node. 3. Type a name for the node in the Node Name field. All node names in CC-SG must be unique.

  • Page 128: Nodes Created By Configuring Ports

    Chapter 8: Nodes, Node Groups, and Interfaces Nodes Created by Configuring Ports When you configure the ports of a device, a node is created automatically for each port. An interface is also created for each node. When a node is automatically created, it is given the same name as the port to which it is associated.

  • Page 129: Adding Location And Contacts To A Node Profile

    Adding Location and Contacts to a Node Profile Enter details about the location of the node, and contact information for the people who administer or use the node. To add location and contacts to a node profile: 1. Select a node in the Nodes tab. The Node Profile page opens. 2.

  • Page 130: Configuring The Virtual Infrastructure In Cc-Sg

    Chapter 8: Nodes, Node Groups, and Interfaces Configuring the Virtual Infrastructure in CC-SG Terminology for Virtual Infrastructure CC-SG uses the following terminology for virtual infrastructure components. Term Definition Control System The Control System is the managing server. The Control System manages one or more Virtual Hosts.

  • Page 131: Virtual Nodes Overview

    Virtual Nodes Overview You can configure your virtual infrastructure for access in CC-SG. The Virtualization page offers two wizard tools, Add Control System wizard and Add Virtual Host wizard, that help you add control systems, virtual hosts, and their virtual machines properly. Once you complete the configuration, all control systems, virtual hosts, and virtual machines are available for access as nodes in CC-SG.
  • Page 132 Chapter 8: Nodes, Node Groups, and Interfaces 8. To allow users who access this control system to automatically log 9. Click Next. CC-SG discovers the control system's virtual hosts and 10. Add virtual machines to CC-SG. One node will be created for each ...
  • Page 133  Use Ctrl+click or Shift+click to select multiple virtual machines that you want to add.  In the Check/Uncheck Selected Rows section, select the Virtual Machine checkbox.  To add a VNC, RDP, or SSH interface to the virtual host nodes and virtual machine nodes that will be created, select the VNC, RDP or SSH checkboxes in the Check/Uncheck Selected Rows section.

  • Page 134: Add A Virtual Host With Virtual Machines

    Chapter 8: Nodes, Node Groups, and Interfaces Add a Virtual Host with Virtual Machines When you add a virtual host, a wizard guides you through adding the virtual machines included in the virtual host. 1. Choose Nodes > Virtualization. 2. Click Add Virtual Host. 3.
  • Page 135 12. Add virtual machines to CC-SG. One node will be created for each virtual machine. Each associated virtual host will also be configured. Only one virtual host node will be added, even if the virtual host is associated with multiple virtual machines. ...

  • Page 136: Edit Control Systems, Virtual Hosts, And Virtual Machines

    Chapter 8: Nodes, Node Groups, and Interfaces 15. Click OK. Edit Control Systems, Virtual Hosts, and Virtual Machines You can edit the control systems, virtual hosts, and virtual machines configured in CC-SG to change their properties. You can delete virtual machine nodes from CC-SG by deselecting the Configure checkbox for the virtual machine.
  • Page 137 5. Change the information as needed. See with Virtual Hosts and Virtual Machines Virtual Host with Virtual Machines descriptions. 6. Click Next. 7. Delete one or multiple virtual machines from CC-SG.  To delete a virtual machine, deselect the Configure checkbox. ...

  • Page 138: Delete Control Systems And Virtual Hosts

    Chapter 8: Nodes, Node Groups, and Interfaces Delete Control Systems and Virtual Hosts You can delete control systems and virtual hosts from CC-SG. When you delete a control system, the virtual hosts and virtual machines associated with it are not deleted. When you delete a virtual host, the control systems and virtual machines associated with it are not deleted.

  • Page 139: Vsphere 4 Users Must Install New Plug-In

    vSphere 4 Users Must Install New Plug-In When upgrading your virtual environment from a previous version to vSphere 4, you must remove the VMware Remote Console plug-in from the browser. After removing the plug-in, the correct plug-in for vSphere4 will be installed the next time you connect to a Virtual Machine from CCSG.

  • Page 140: Synchronize The Virtual Infrastructure

    Chapter 8: Nodes, Node Groups, and Interfaces Synchronize the Virtual Infrastructure You can perform a synchronization of CC-SG with your virtual infrastructure. When you select a control system for synchronization, the associated virtual hosts will also be synchronized, whether or not you select the virtual hosts.

  • Page 141: Reboot Or Force Reboot A Virtual Host Node

    Reboot or Force Reboot a Virtual Host Node You can reboot or force reboot the virtual host server. A Reboot operation performs a normal reboot of the virtual host server when it is in maintenance mode. A Force Reboot operation forces the virtual host server to reboot, even if the server is not in maintenance mode.

  • Page 142: Connecting To A Node

    Chapter 8: Nodes, Node Groups, and Interfaces Connecting to a Node Once a node has an interface, you can connect to that node through the interface in several different ways. See Raritan's CommandCenter Secure Gateway User Guide. 1. Click the Nodes tab. 2.

  • Page 143: Adding, Editing, And Deleting Interfaces

    Adding, Editing, and Deleting Interfaces Add an Interface Note: Interfaces for virtual nodes, such as control system, virtual hosts, and virtual machines, can only be added using the Virtualization tools under Nodes > Virtualization. See Infrastructure in CC-SG To add an interface: 1.
  • Page 144 Chapter 8: Nodes, Node Groups, and Interfaces 3. A default name appears in the Name field depending on the type of Interfaces for Out-of-Band KVM, Out-of-Band Serial Connections (on page 128). Power Control Connections:  Power Control - DRAC: Select this item to create a power control connection to a Dell DRAC server.
  • Page 145 Interfaces for In-Band Connections In-band connections include RDP, VNC, SSH, RSA KVM, iLO Processor KVM, DRAC KVM, and TELNET. Telnet is not a secure access method. All usernames, passwords, and traffic are transmitted in clear text. To add an interface for in-band connections: 1.
  • Page 146 Chapter 8: Nodes, Node Groups, and Interfaces Microsoft RDP Connection Details      Java RDP Connection Details   Interfaces for Out-of-Band KVM, Out-of-Band Serial Connections 1. Application name: select the application you want to use to connect 2.
  • Page 147 Interfaces for DRAC Power Control Connections To add an interface for DRAC power control connections: 1. Type the IP Address or Hostname for this interface in the IP Address/Hostname field. 2. Type a TCP Port for this connection in the TCP Port field. DRAC 5 only.
  • Page 148 Chapter 8: Nodes, Node Groups, and Interfaces RSA Interface Details When you create an In-Band RSA KVM or Power interface, CC-SG discards the username and password associated with the interface, and creates two user accounts on the RSA server. This allows you to have simultaneous KVM and power access to the RSA server.
  • Page 149 3. Power Strip Name: select the Power Strip or PX device that provides power to the node. The power strip or PX device must be configured in CC-SG before it appears in this list. 4. Outlet Name: select the name of the outlet the node is plugged into. Optional.
  • Page 150 Chapter 8: Nodes, Node Groups, and Interfaces Interfaces for Power IQ Proxy Power Control Connections Add a Power IQ Proxy power control interface when you want to use CC-SG to control power to a Power IQ IT device that you've added to CC-SG as a node.
  • Page 151 Web Browser Interface You can add a Web Browser Interface to create a connection to a device with an embedded web server, such as a Dominion PX. See Adding a Web Browser Interface to a PX Node blade chassis with an integrated KVM switch, if you have assigned a URL or IP address to it on the KX2 device, a Web Browser interface is automatically added.
  • Page 152 Chapter 8: Nodes, Node Groups, and Interfaces 5. Type the field names for the username and password fields used in 6. Type a description of this interface in the Description field. Optional. 7. Click OK to save your changes. Tips for Adding a Web Browser Interface To configure the Web Browser Interface, you must gather some information from the HTML source to help identify the actual field names of the Username and Password fields.

  • Page 153: Edit An Interface

    Results of Adding an Interface When you add an interface to a node, it appears in the Interfaces table and the Default Interface drop-down menu of the Add Node or Node Profile screen. You can click the drop-down menu to select the default interface to use when making a connection to the node.

  • Page 154: Bookmarking An Interface

    Chapter 8: Nodes, Node Groups, and Interfaces Bookmarking an Interface If you frequently access a node via a particular interface, you can bookmark it so that it is readily available from your browser. 1. In the Nodes tab, select the interface you want to bookmark. You 2.

  • Page 155: Configuring Direct Port Access To A Node

    Configuring Direct Port Access to a Node You can configure Direct Port Access to a node using the Bookmark Node Interface feature. Bookmarking an Interface Bulk Copying for Node Associations, Location and Contacts The Bulk Copy command allows you to copy categories, elements, location and contact information from one node to multiple other nodes.

  • Page 156: Using Chat

    Chapter 8: Nodes, Node Groups, and Interfaces Using Chat Chat provides a way for users connected to the same node to communicate with each other. You must be connected to a node to start a chat session for that node. Only users on the same node can chat with each other.

  • Page 157: Nodes Csv File Requirements

    Nodes CSV File Requirements The nodes CSV file defines the nodes, interfaces, and their details required to add them to CC-SG.  Node names must be unique. If you enter duplicate node names, CC-SG adds a number in parentheses to the name to make it unique, and adds the node.
  • Page 158 Chapter 8: Nodes, Node Groups, and Interfaces Column number To add an out-of-band serial interface to the CSV file: Column number Tag or value Details Node Name Enter the same value as entered for Raritan Port Name. Raritan Device Name Required field.
  • Page 159 Chapter 8: Nodes, Node Groups, and Interfaces Column Tag or value number Baud Rate Parity Flow Control Description To add an RDP interface to the CSV file: Column Tag or value number in CSV file NODE-RDP-INTERFACE Node Name Interface Name IP Address or Hostname TCP Port Service Account Name...
  • Page 160 Chapter 8: Nodes, Node Groups, and Interfaces Column number in CSV file To add an SSH or TELNET interface to the CSV file: Column number To add a VNC interface to the CSV file: Column number Tag or value Details Default is Java.
  • Page 161 Column Tag or value number TCP Port Service Account Name Password Description To add a DRAC KVM, DRAC Power, ILO KVM, ILO Power, Integrity ILO2 Power, or RSA Power interface to the CSV file: When importing DRAC, ILO and RSA interfaces, you must specify both the KVM interface and the Power interface, or the import will fail.
  • Page 162 Chapter 8: Nodes, Node Groups, and Interfaces Column number To add an RSA KVM interface to the CSV file: When importing DRAC, ILO and RSA interfaces, you must specify both the KVM interface and the Power interface, or the import will fail. Column number Tag or value...
  • Page 163 Column Tag or value number Description To add an IPMI power control interface to the CSV file: Column Tag or value number NODE-IPMI-INTERFACE Node Name Interface Name IP Address or Hostname UDP Port Authentication Interval Service Account Name Username Password Description To add a managed powerstrip interface to the CSV file: Column...
  • Page 164 Chapter 8: Nodes, Node Groups, and Interfaces Column number To add a Web Browser interface to the CSV file: Column number Tag or value Details Powerstrip Name Required field. Outlet Required field. Managing Device The name of the device that the power strip is connected to.
  • Page 165 Column Tag or value number Description To add a Power IQ Proxy power control interface to the CSV file: Power Control of Power IQ IT Devices about configuring this interface type. Column Tag or value number NODE-POWER-PIQ-INTERFA Node Name Interface Name External Key Managing Power IQ Name Description...

  • Page 166: Sample Nodes Csv File

    Chapter 8: Nodes, Node Groups, and Interfaces Categories and elements must already be created in CC-SG. You can assign multiple elements of the same category to a node in the CSV file. Column number Sample Nodes CSV File ADD, NODE, NJSomersetEmailServer, Physical Server ADD, NODE-OOBKVM-INTERFACE, NJSomersetEmailServer, NJSomersetEmailServer, DKX2-NY-Rack7, NJSomersetEmailServer ADD, NODE-RDP-INTERFACE,...

  • Page 167: Export Nodes

     4. Click Import. 5. Check the Actions area to see the import results. Items that imported successfully show in green text. Items that failed import show in red text. Items that failed import because a duplicate item already exists or was already imported also show in red text.

  • Page 168: Adding, Editing, And Deleting Node Groups

    Chapter 8: Nodes, Node Groups, and Interfaces 7. Import the .csv file. See Adding, Editing, and Deleting Node Groups Node Groups Overview Node groups are used to organize nodes into a set. The node group will become the basis for a policy either allowing or denying access to this particular set of nodes.

  • Page 169: Add A Node Group

    Add a Node Group To add a node group: 1. Choose Associations > Node Group. The Node Groups Manager window appears 2. Choose Groups > New. A template for a node group appears. 3. In the Group Name field, type a name for a node group you want to create.
  • Page 170 Chapter 8: Nodes, Node Groups, and Interfaces 4. If you want to create a policy that allows access to the nodes in this 5. When you are done adding nodes to the group, click OK to create Describe Nodes 1. Click the Select Nodes tab. 2.
  • Page 171 An example rule might be Department = Engineering, meaning it describes all nodes that the category “Department” set to “Engineering.” This is exactly what happens when you configure the associations during an Add Node operation. 4. If you want to add another rule, click the Add New Row icon again, and make the necessary configurations.

  • Page 172: Edit A Node Group

    Chapter 8: Nodes, Node Groups, and Interfaces 6. Click Validate when a description has been written in the Short 7. Click View Nodes to see what nodes satisfy this expression. A 8. If you know you want to create a policy that allows access to the 9.
  • Page 173 Chapter 8: Nodes, Node Groups, and Interfaces...

  • Page 174: Chapter 9 Users And User Groups

    Chapter 9 Users and User Groups User accounts are created so that users can be assigned a username and password to access CC-SG. A User Group defines a set of privileges for its members. You cannot assign privileges to users themselves, only to user groups. All users must belong to at least one user group.

  • Page 175: The Users Tab

    Chapter 9: Users and User Groups The Users Tab Click the Users tab to display all user groups and users in CC-SG. Users are nested underneath the user groups to which they belong. User groups with users assigned to them appear in the list with a + symbol next to them.

  • Page 176: Default User Groups

    Chapter 9: Users and User Groups Default User Groups CC-SG is configured with three default user groups: CC-Super User, System Administrators, and CC Users. CC Super-User Group The CC Super-User group has full administrative and access privileges. Only one user can be a member of this group. The default username is admin.

  • Page 177: Adding, Editing, And Deleting User Groups

    Adding, Editing, and Deleting User Groups Add a User Group Creating user groups first will help you organize users when the users are added. When a user group is created, a set of privileges is assigned to the user group. Users assigned to the group will inherit those privileges.

  • Page 178: Edit A User Group

    Chapter 9: Users and User Groups 9. In the All Policies list, select a policy that you want to assign to the 10. When you are done configuring policies for this group, click Apply to 11. Click OK to save your changes. Edit a User Group Edit a User Group to change the existing privileges and policies for that group.

  • Page 179: Delete A User Group

    7. Select the checkbox that corresponds to each privilege you want to assign to the user group. Deselect a privilege to remove it from the group. 8. In the Node Access area, click the drop-down menu for each kind of interface you want this group to have access through and select Control.

  • Page 180: Limit The Number Of Kvm Sessions Per User

    Chapter 9: Users and User Groups Limit the Number of KVM Sessions per User You can limit the number of KVM sessions allowed per user for sessions with Dominion KXII, KSXII and KX (KX1) devices. This prevents any single user from using all available channels at once. When a user attempts a connection to a node that would exceed the limit, a warning message displays with information on the current sessions.

  • Page 181: Adding, Editing, And Deleting Users

    2. Select the Require Users to Enter Access Information When Connecting to a Node checkbox. 3. In the Message to Users field, enter a message that users will see when attempting to access a node. A default message is provided. 256 character maximum.

  • Page 182: Edit A User

    Chapter 9: Users and User Groups 8. Select the Force Password Change on Next Login checkbox to force 9. Select the Force Password Change Periodically checkbox to specify 10. If selected, in the Expiration Period (Days) field, type the number of 11.

  • Page 183: Delete A User

    4. In the New Password and Retype New Password fields, type a new password to change this user's password. Note: If Strong Passwords are enabled, the password entered must conform to the established rules. The information bar at the top of the screen will assist with the password requirements.

  • Page 184: Deleting A User From A Group

    Chapter 9: Users and User Groups 4. Users who are not assigned to the target group appear in the Users 5. When all the users have been moved to the appropriate column, Deleting a User From a Group When you delete a user from a group, the user is removed only from the specified group.

  • Page 185: Users Csv File Requirements

    Users CSV File Requirements The import enables you to add user groups, users, and AD modules, and assign policies and permissions and user groups.  Policies must already be created in CC-SG. The import assigns the policy to a user group. You cannot create new policies via import. ...
  • Page 186 Chapter 9: Users and User Groups Column number To assign a policy to a user group in the CSV file: Column number To associate an AD module to a user group in the CSV file: Column number Tag or value Details USERGROUP-PERMISSION Enter the tag as shown.
  • Page 187 Column Tag or value number USERGROUP-ADMODULE User Group Name AD Module Name To add a user to CC-SG: Column Tag or value number USER User Group Name User Name Password User's Full Name Email Address Telephone Number Login Enabled Remote Authentication Force Password Change Periodically Expiration Period...

  • Page 188: Sample Users Csv File

    Chapter 9: Users and User Groups Column number To add a user to a user group: Column number Sample Users CSV File ADD, USERGROUP, Windows Administrators, MS IT Team ADD, USERGROUP-PERMISSIONS, Windows Administrators, FALSE, TRUE, TRUE, TRUE, TRUE, TRUE, TRUE, TRUE ADD, USERGROUP-POLICY, Windows Administrators, Full Access Policy ADD, USERGROUP-ADMODULE, Windows Administrators,...

  • Page 189: Import Users

    Import Users Once you've created the CSV file, validate it to check for errors then import it. Duplicate records are skipped and are not added. 1. Choose Administration > Import > Import Users. 2. Click Browse and select the CSV file to import. Click Open. 3.

  • Page 190: Your User Profile

    Chapter 9: Users and User Groups Your User Profile My Profile allows all users to view details about their account, change some details, and customize usability settings. It is the only way for the CC Super User account to change the account name. Choose Secure Gateway >...

  • Page 191: Change The Cc-Sg Default Font Size

     3. Click OK to save your changes. Change the CC-SG default font size 1. Choose Secure Gateway > My Profile. 2. Click the Font Size drop-down menu to adjust the font size the standard CC-SG client uses. 3. Click OK to save your changes. Change your email address 1.

  • Page 192: Bulk Copying Users

    Chapter 9: Users and User Groups 1. In the Users tab, select the user group you want to log out of CC-SG. 2. Choose Users > User Group Manager > Logout Users. The Logout 3. Click OK to log the users out of CC-SG. Bulk Copying Users You can use Bulk Copy for users to copy one user's user group affiliations to another user or list of users.

  • Page 193: Chapter 10 Policies For Access Control

    Chapter 10 Policies for Access Control Policies are rules that define which nodes and devices users can access, when they can access them, and whether virtual-media permissions are enabled, where applicable. The easiest way to create policies is to categorize your nodes and devices into node groups and device groups, and then create policies that allow and deny access to the nodes and devices in each group.

  • Page 194: Adding A Policy

    Chapter 10: Policies for Access Control Adding a Policy If you create a policy that denies access (Deny) to a node group or device group, you also must create a policy that allows access (Control) for the selected node group or device group. Users will not automatically receive Control rights when the Deny policy is not in effect.

  • Page 195: Editing A Policy

    14. If you selected Control in the Device/Node Access Permission field, the Virtual Media Permission section will become enabled. In the Virtual Media Permission field, select an option to allow or deny access to virtual media available in the selected node or device groups for the designated times and days: ...

  • Page 196: Deleting A Policy

    Chapter 10: Policies for Access Control 9. Select the checkbox that corresponds to each day you want this 10. In the Start Time field, type the time of day this policy goes into 11. In the End Time field, type the time of day this policy ends. The time 12.

  • Page 197: Support For Virtual Media

    Support for Virtual Media CC-SG provides remote virtual media support for nodes connected to virtual media-enabled KX2, KSX2, and KX2-101 devices. For detailed instructions on accessing virtual media with your device, see:  Dominion KX II User Guide  Dominion KSX II User Guide ...

  • Page 198: Chapter 11 Custom Views For Devices And Nodes

    Chapter 11 Custom Views for Devices and Nodes Custom Views enable you to specify different ways to display the nodes and devices in the left panel, using Categories, Node Groups, and Device Groups. In This Chapter Types of Custom Views ... 180 Using Custom Views in the Admin Client ...

  • Page 199: Using Custom Views In The Admin Client

    Using Custom Views in the Admin Client Custom Views for Nodes Add a Custom View for Nodes To add a custom view for nodes: 1. Click the Nodes tab. 2. Choose Nodes > Change View > Create Custom View. The Custom View screen appears.
  • Page 200 Chapter 11: Custom Views for Devices and Nodes 2. Click the Name drop-down arrow and select a custom view from the 3. Click Apply View.  Change a Custom View for Nodes 1. Click the Nodes tab. 2. Choose Nodes > Change View > Create Custom View. The Custom 3.

  • Page 201: Custom Views For Devices

    2. Choose Nodes > Change View > Create Custom View. The Custom View screen appears. 3. Click the Name drop-down arrow, and select a custom view from the list. Details of the items included and their order appear in the Custom View Details panel 4.
  • Page 202 Chapter 11: Custom Views for Devices and Nodes 3. In the Custom View panel, click Add. The Add Custom View window 4. Type a name for the new custom view in the Custom View Name 5. In the Custom View Type section: 6.
  • Page 203 2. Choose Devices > Change View > Create Custom View. The Custom View screen appears. 3. Click the Name drop-down arrow, and select a custom view from the list. Details of the items included and their order appear in the Custom View Details panel.
  • Page 204 Chapter 11: Custom Views for Devices and Nodes Assign a Default Custom View for Devices 1. Click the Devices tab. 2. Choose Devices > Change View > Create Custom View. The 3. Click the Name drop-down arrow, and select a custom view from the 4.

  • Page 205: Chapter 12 Remote Authentication

    Chapter 12 Remote Authentication In This Chapter Authentication and Authorization (AA) Overview ... 187 Distinguished Names for LDAP and AD ... 188 Specifying Modules for Authentication and Authorization ... 189 Establishing Order of External AA Servers ... 190 AD and CC-SG Overview ... 190 Adding an AD Module to CC-SG ...

  • Page 206: User Accounts

    Chapter 12: Remote Authentication 2. CC-SG connects to the external server and sends the username and 3. Username and password are either accepted or rejected and sent 4. If authentication is successful, authorization is performed. CC-SG When remote authentication is disabled, both authentication and authorization are performed locally on CC-SG.

  • Page 207: Specify A Distinguished Name For Ldap

    Specify a Distinguished Name for LDAP Distinguished Names for Netscape LDAP and eDirectory LDAP should follow this structure:  user id (uid), organizational unit (ou), organization (o) Specify a Username for AD When authenticating CC-SG users on an AD server by specifying cn=administrator,cn=users,dc=xyz,dc=com in username, if a CC-SG user is associated with an imported AD group, the user will be granted access with these credentials.

  • Page 208: Establishing Order Of External Aa Servers

    Chapter 12: Remote Authentication Establishing Order of External AA Servers CC-SG will query the configured external authorization and authentication servers in the order that you specify. If the first checked option is unavailable, CC-SG will try the second, then the third, and so on, until it is successful.

  • Page 209: Ad General Settings

    5. Type a name for the AD server in the Module name field.  The maximum number of characters is 31.  All printable characters may be used.  The module name is optional and is specified only to distinguish this AD server module from any others that you configure in CC-SG.

  • Page 210: Ad Advanced Settings

    Chapter 12: Remote Authentication 5. Type the password for the user account you want to use to query the 6. Click Test Connection to test the connection to the AD server using 7. Click Next to proceed. The Advanced tab opens. AD Advanced Settings 1.

  • Page 211: Ad Group Settings

    5. Type a user's attributes in the Filter field so the search query will be restricted to only those entries that meet this criterion. The default filter is objectclass=user, which means that only entries of the type user are searched. 6.

  • Page 212: Ad Trust Settings

    Chapter 12: Remote Authentication 3. Type a user's attributes in the Filter field so the search query for the 4. Click Next to proceed. The Trusts tab opens. AD Trust Settings In the Trusts tab, you can set up trust relationships between this new AD domain and any existing domains.

  • Page 213: Editing An Ad Module

    Editing an AD Module Once you have configured AD modules, you can edit them at any time. To edit an AD module: 1. Choose Administration > Security. 2. Click the Authentication tab. All configured external Authorization and Authentication Servers appear in a table. 3.
  • Page 214 Chapter 12: Remote Authentication 2. Click the Authentication tab. All configured Authorization and 3. Select the AD server whose AD user groups you want to import. 4. Click Import AD User Groups to retrieve a list of user group values 5.

  • Page 215: Synchronizing Ad With Cc-Sg

    Synchronizing AD with CC-SG There are several methods for synchronizing the information on CC-SG with the information on your AD server.  Daily synchronization of all modules: You can enable scheduled synchronization to allow CC-SG to synchronize all AD modules daily at the time you choose.

  • Page 216: Synchronize All User Groups With Ad

    Chapter 12: Remote Authentication Synchronize All User Groups with AD You should synchronize all user groups if you have made a change to a user group, such as moving a user group from one AD module to another. You can also change the AD association of a user group manually, in the User Group Profile's Active Directory Associations tab.

  • Page 217: Synchronize All Ad Modules

    Synchronize All AD Modules You should synchronize all AD Modules whenever you change or delete a user in AD, change user permissions in AD, or make changes to a domain controller. When you synchronize all AD modules, CC-SG retrieves the user groups for all configured AD modules, compares their names with the user groups that have been imported into CC-SG or associated with the AD module within CC-SG, and refreshes the CC-SG local cache.

  • Page 218: Change The Daily Ad Synchronization Time

    Chapter 12: Remote Authentication 1. Choose Administration > Security. 2. Click the Authentication tab. All configured Authorization and 3. Deselect the Daily synchronization of All Modules checkbox. 4. Click Update to save your changes. Change the Daily AD Synchronization Time When daily synchronization is enabled, you can specify the time at which automatic synchronization occurs.

  • Page 219: Renaming And Moving Ad Groups

    Renaming and Moving AD Groups Renaming a group in AD: When an AD group that has been imported into CC-SG changes its name in AD, CC-SG reports a warning in the Audit Trail when the name change is detected, either at synchronization or when an affected AD user logs in for the first time after.

  • Page 220: Ldap General Settings

    Chapter 12: Remote Authentication LDAP General Settings 1. Click the General tab. 2. Type the IP address or hostname of the LDAP server in the IP 3. Type the port value in the Port field. The default port is 389. 4.

  • Page 221: Sun One Ldap (Iplanet) Configuration Settings

    2. Select Base 64 if you want the password to be sent to the LDAP server with encryption. Select Plain Text if you want the password to be sent to the LDAP server as plain text. 3. Default Digest: select the default encryption of user passwords. 4.

  • Page 222: Openldap (Edirectory) Configuration Settings

    Chapter 12: Remote Authentication OpenLDAP (eDirectory) Configuration Settings If using an OpenLDAP server for remote authentication, use this example: Parameter Name IP Address/Hostname User Name Password User Base User Filter Passwords (Advanced screen) Password Default Digest (Advanced) Crypt Use Bind Use Bind After Search IBM LDAP Configuration Settings If using an IBM LDAP server for remote authentication, use this example:...

  • Page 223: About Tacacs+ And Cc-Sg

    About TACACS+ and CC-SG CC-SG users who are remotely authenticated by a TACACS+ server must be created on the TACACS+ server and on CC-SG. The user name on the TACACS+ server and on CC-SG must be the same, although the passwords may be different.

  • Page 224: About Radius And Cc-Sg

    Chapter 12: Remote Authentication About RADIUS and CC-SG CC-SG users who are remotely authenticated by a RADIUS server must be created on the RADIUS server and on CC-SG. The user name on the RADIUS server and on CC-SG must be the same, although the passwords may be different.

  • Page 225: Two-Factor Authentication Using Radius

    Chapter 12: Remote Authentication Two-Factor Authentication Using RADIUS By using an RSA RADIUS Server that supports two-factor authentication in conjunction with an RSA Authentication Manager, CC-SG can make use of two-factor authentication schemes with dynamic tokens. In such an environment, users logs into CC-SG by first typing their usernames in the Username field, then typing their fixed passwords, and then the dynamic token value in the Password field.

  • Page 226: Chapter 13 Reports

    Chapter 13 Reports In This Chapter Using Reports ... 208 Audit Trail Report ... 210 Error Log Report ... 211 Access Report ... 212 Availability Report ... 212 Active Users Report ... 213 Locked Out Users Report ... 213 All Users Data Report ... 213 User Group Data Report ...

  • Page 227: View Report Details

    View Report Details  Double-click a row to view details of the report.  When a row is highlighted, press the Enter key to view details. All details of the selected report display in a dialog that appears, not just the details you can view in the report screen.

  • Page 228: Purge A Report's Data From Cc-Sg

    Chapter 13: Reports Purge a Report's Data From CC-SG You can purge the data that appears in the Audit Trail and Error Log reports. Purging these reports deletes all data that satisfy the search criteria used. For example, if you search for all Audit Trail entries from March 26, 2008 through March 27, 2008, only those records will be purged.

  • Page 229: Error Log Report

    3. You can limit the data that the report will contain by entering additional parameters in the Message Type, Message, Username, and User IP address fields. Wildcards are accepted in these fields except for the Message Type field.   ...

  • Page 230: Access Report

    Chapter 13: Reports Access Report Generate the Access report to view information about accessed devices and nodes, when they were accessed, and the user who accessed them. 1. Choose Reports > Access Report. 2. Select Devices or Nodes. 3. Set the date and time range for the report in the Start Date and Time 4.

  • Page 231: Active Users Report

    3. Click Apply. Active Users Report The Active Users report displays current users and user sessions. You can select active users from the report and disconnect them from CC-SG. To generate the Active Users report:  Choose Reports > Users > Active Users. To disconnect a user from an active session in CC-SG: 1.

  • Page 232: User Group Data Report

    Chapter 13: Reports User Group Data Report The User Group Data report displays data on users and the groups with which they are associated. 1. Choose Reports > Users > User Group Data. 2. Double-click the User Group to view the assigned policies. Device Asset Report The Device Asset report displays data on devices currently managed by CC-SG.

  • Page 233: Device Group Data Report

    Device Group Data Report The Device Group Data report displays device group information. To generate the Device Group Data report: 1. Choose Reports > Devices > Device Group Data. 2. Double-click a row to display the list of devices in the group. Query Port Report The Query Port Report displays all ports according to port status.

  • Page 234: Node Asset Report

    Chapter 13: Reports 3. Select Ghosted Ports to include ports that are ghosted. A ghosted 4. Select Paused Ports or Locked Ports to include ports that are 5. Select the number of rows of data to display in the report screen in 6.

  • Page 235: Active Nodes Report

    3. The URL column contains direct links to each node. You can use this information to create a web page with links to each node, instead of bookmarking each node individually. See Interface Active Nodes Report The Active Nodes report includes the name and type of each active interface, the connection mode, the associated device, a timestamp, the current user, and the user IP address for each node with an active connection.

  • Page 236: Node Group Data Report

    Chapter 13: Reports Node Group Data Report The Node Group Data report displays the list of nodes that belong to each group, the user groups that have access to each node group, and, if applicable, the rules that define the node group. The list of nodes is in the report details, which you can view by double-clicking a row in the report page, or save to a CSV file.

  • Page 237: Scheduled Reports

    Scheduled Reports Scheduled Reports displays reports that were scheduled in the Task Manager. You can find the Upgrade Device Firmware reports and Restart Device reports in the Scheduled Reports screen. Scheduled reports can be viewed in HTML format only. See page 278).

  • Page 238: Upgrade Device Firmware Report

    Chapter 13: Reports Upgrade Device Firmware Report The Upgrade Device Firmware report is located in the Scheduled Reports list. This report is generated when an Upgrade Device Firmware task is running. View the report to get real-time status information about the task.

  • Page 239: Chapter 14 System Maintenance

    Chapter 14 System Maintenance In This Chapter Maintenance Mode ... 221 Entering Maintenance Mode... 222 Exiting Maintenance Mode ... 222 Backing Up CC-SG ... 222 Saving and Deleting Backup Files ... 224 Restoring CC-SG ... 225 Resetting CC-SG ... 226 Restarting CC-SG ...

  • Page 240: Entering Maintenance Mode

    Chapter 14: System Maintenance Entering Maintenance Mode 1. Choose System Maintenance > Maintenance Mode > Enter 2. Password: Type your password. Only users with the CC Setup and 3. Broadcast message: Type the message that will display to users who 4.
  • Page 241 4. Select a Backup Type: Full or Standard. See between Full backup and Standard backup? 5. To save a copy of this backup file to an external server, select the Backup to Remote Location checkbox. Optional. a. Select a Protocol used to connect to the remote server, either FTP or SFTP b.

  • Page 242: What Is The Difference Between Full Backup And Standard Backup

    Chapter 14: System Maintenance What is the difference between Full backup and Standard backup? A standard backup includes all data in all fields of all CCSG pages, except for data in the following pages:   CCSG backup files stored on CCSG are also not backed up. You can view the list of backup files stored on CCSG in the System Maintenance >...

  • Page 243: Restoring Cc-Sg

    3. Click OK to delete the backup from the CC-SG system. Restoring CC-SG You can restore CC-SG using a backup file that you created. Important: The Neighborhood configuration is included in the CC-SG backup file so make sure you remember or note down its setting at the backup time.

  • Page 244: Resetting Cc-Sg

    Chapter 14: System Maintenance 5. Type the number of minutes (from 0-60) that CC-SG will wait before 6. In the Broadcast Message field, type a message to notify other 7. Click Restore. CC-SG waits for the time specified before restoring its Resetting CC-SG You can reset CC-SG to purge the database or to reset other components to their factory default settings.
  • Page 245 Option Description Full Database This option removes the existing CC-SG database and builds a new version with the factory default values. Network settings, SNMP agents, firmware, and Diagnostic Console settings are not part of the CC-SG database. The SNMP configuration and traps are reset. The SNMP agent is not reset.
  • Page 246 Chapter 14: System Maintenance Option Default Firmware Upload Firmware to Database After Reset Diagnostic Console IP-ACL Tables Licenses 1. Before you reset, back up CC-SG and save the backup file to a 2. Choose System Maintenance > Reset. 3. Select the reset options. 4.

  • Page 247: Restarting Cc-Sg

    Restarting CC-SG The restart command is used to restart the CC-SG software. Restarting CC-SG will log all active users out of CC-SG. Restarting will not cycle power to the CC-SG. To perform a full reboot, you must access Diagnostic Console or the power switch on the CC-SG unit.
  • Page 248 Chapter 14: System Maintenance CC-SG will reboot as part of the upgrade process. DO NOT stop the process, reboot the unit manually, power off, or power cycle the unit during the upgrade 1. Download the firmware file to your client PC. 2.

  • Page 249: Clear The Browser's Cache

    10. Clear the Java cache. See Clear the Java Cache 11. Launch a new web browser window. 12. Log into the CC-SG Admin Client using an account that has the CC Setup and Control privilege. 13. Choose Help > About Raritan Secure Gateway. Check the version number to verify that the upgrade was successful.

  • Page 250: Primary Node Upgrade Failure

    Chapter 14: System Maintenance Upgrading a Cluster To upgrade a CC-SG cluster, follow this recommended upgrade procedure. Only physical CC-SG units can be in a cluster. A CC-SG cluster license is a special kind of license file that the 2 CC-SG units in the cluster share.

  • Page 251: Primary Node Upgrade Failure

    Primary Node Upgrade Failure If the upgrade of your primary node fails while following the Cluster cluster upgrade. 1. If the primary node upgrade fails, shutdown the CC-SG application by choosing System Maintenance > Shutdown. When you shutdown the CC-SG application, the unit is still powered on, and accessible through the Diagnostic Console.

  • Page 252: Cc-Sg Shutdown

    Chapter 14: System Maintenance 5. Resume management of all devices. You can schedule a task to 6. Run a Device Availability report to review the managed device 7. When the new CC-SG is running successfully, reset the database on CC-SG Shutdown Shutting down CC-SG shuts down the CC-SG software, but it does not power off the CC-SG unit.

  • Page 253: Restarting Cc-Sg After Shutdown

    Restarting CC-SG after Shutdown After shutting down CC-SG, use one of these two methods to restart the unit:  Use the Diagnostic Console. See Console  Recycle the power to your CC-SG unit. Powering Down CC-SG If CC-SG loses AC power while it is up and running, it will remember the last power state.

  • Page 254: Exit Cc-Sg

    Chapter 14: System Maintenance 2. Click Yes to log out of CC-SG. Once you log out, the CC-SG login window opens. Exit CC-SG 1. Choose Secure Gateway > Exit. 2. Click Yes to exit CC-SG.

  • Page 255: Chapter 15 Advanced Administration

    Chapter 15 Advanced Administration In This Chapter Configuring a Message of the Day ... 237 Configuring Applications for Accessing Nodes... 238 Configuring Default Applications ... 240 Managing Device Firmware ... 241 Configuring the CC-SG Network ... 242 Configuring Logging Activity ... 248 Configuring the CC-SG Server Time and Date ...

  • Page 256: Configuring Applications For Accessing Nodes

    Chapter 15: Advanced Administration 4. Click OK to save your changes. Configuring Applications for Accessing Nodes About Applications for Accessing Nodes CC-SG provides various applications that you can use to access nodes. You can use the Application Manager to view applications, add new applications, delete applications, and set the default application for each device type.

  • Page 257: Older Version Of Application Opens After Upgrading

    2. Click the Application name drop-down arrow and select the application that must be upgraded from the list. If you do not see the application, you must add it first. See 239). 3. Click Browse, locate and select the application upgrade file from the dialog that appears then click Open.

  • Page 258: Delete An Application

    Chapter 15: Advanced Administration 5. Click OK. An Open dialog appears. 6. Navigate to and select the application file (usually a .jar or .cab file), 7. The selected application loads onto CC-SG. Delete an Application 1. Choose Administration > Applications. 2.

  • Page 259: View The Default Application Assignments

    View the Default Application Assignments To view the default application assignments: 1. Choose Administration > Applications. 2. Click the Default Applications tab to view and edit the current default applications for various Interfaces and Port Types. Applications listed here will become the default choice when configuring a node to allow access through a selected interface.

  • Page 260: Delete Firmware

    Chapter 15: Advanced Administration 2. Click Add to add a new firmware file. A search window opens. 3. Navigate to and select the firmware file you want to upload to Delete Firmware 1. Choose Administration > Firmware. 2. Click the Firmware Name drop-down arrow and select the firmware 3.

  • Page 261: What Is Ip Failover Mode

    Model Primary LAN Name V1-0 or LAN1 V1-1 E1 LAN Ports: Model Primary LAN Name E1-0 Not labeled E1-1 LAN1 What is IP Failover mode? IP Failover mode enables you to use two CC-SG LAN ports to implement network failover and redundancy. Only one LAN port is active at a time. About CC-SG LAN Ports Primary LAN and Secondary LAN ports on each CC-SG model.
  • Page 262 Chapter 15: Advanced Administration If the Primary LAN is connected and receiving a Link Integrity signal, CC-SG uses this LAN port for all communications. If the Primary LAN loses Link Integrity, and Secondary LAN is connected, CC-SG will failover its assigned IP address to the Secondary LAN. The Secondary LAN will be used until the Primary LAN returns to service.
  • Page 263 6. Click the Adapter Speed drop-down arrow and select a line speed from the list. Make sure your selection agrees with your switch's adapter port setting. If your switch uses 1 Gig line speed, select Auto. 7. If you selected Auto in the Adapter Speed field, the Adapter Mode field is disabled, with Full Duplex selected automatically.

  • Page 264: What Is Ip Isolation Mode

    Chapter 15: Advanced Administration What is IP Isolation mode? IP Isolation mode allows you to isolate clients from devices by placing them on separate sub-networks and forcing clients to access the devices through CC-SG. In this mode, CC-SG manages traffic between the two separate IP domains.
  • Page 265  Specify at most one Default Gateway in the Network Setup panel in CC-SG. Use Diagnostic Console to add more static routes if needed. Edit Static Routes (on page 310). To configure IP Isolation mode in CC-SG: 1. Choose Administration > Configuration. 2.

  • Page 266: Recommended Dhcp Configurations For Cc-Sg

    Chapter 15: Advanced Administration Recommended DHCP Configurations for CC-SG Review the following recommended DHCP configurations. Make sure that your DHCP server is set up properly before you configure CC-SG to use DHCP.    Configuring Logging Activity You can configure CC-SG to report to external logging servers and specify what level of message is reported in each of the logs.

  • Page 267: Purge Cc-Sg's Internal Log

    Purge CC-SG's Internal Log You can purge the CC-SG's internal log. This operation does not delete any events recorded on your external log servers. Note: The Audit Trail and Error Log reports are based on CC-SG's internal log. If you purge CC-SG's internal log, these two reports will also be purged.

  • Page 268: Connection Modes: Direct And Proxy

    Chapter 15: Advanced Administration 3. Click Update Configuration to apply the time and date changes to 4. Click Refresh to reload the new server time in the Current Time field. 5. Choose System Maintenance > Restart to restart CC-SG. Connection Modes: Direct and Proxy About Connection Modes CC-SG offers three connection modes for in-band and out-of-band connections: Direct, Proxy, and Both.

  • Page 269: Configure Direct Mode For All Client Connections

    Configure Direct Mode for All Client Connections To configure direct mode for all client connections: 1. Choose Administration > Configuration. 2. Click the Connection Mode tab. 3. Select Direct mode. 4. Click Update Configuration. Configure Proxy Mode for All Client Connections To configure proxy mode for all client connections: 1.
  • Page 270 Chapter 15: Advanced Administration 3. Select a Device Type in the table and double-click the Default Port 4. Type the new Default Port value. 5. Click Update Configuration to save your changes. 1. Choose Administration > Configuration. 2. Click the Device Settings tab. 3.

  • Page 271: Enabling The Akc Download Server Certificate Validation

    Enabling the AKC Download Server Certificate Validation If you are using the AKC client, you can choose to use the Enable AKC Download Server Certificate Validation feature or opt not to use this feature. Option 1: Do Not Enable AKC Download Server Certificate Validation (default setting) If you do not enable AKC Download Server Certificate Validation, all Dominion device users and CC-SG Bookmark and Access Client users...

  • Page 272: Configuring Custom Jre Settings

    Chapter 15: Advanced Administration 3. Click OK. Configuring Custom JRE Settings CC-SG will display a warning message to users who attempt to access CC-SG without the minimum JRE version that you specify. Check the Compatibility Matrix for the minimum supported JRE version. Choose Administration >...

  • Page 273: Configuring Snmp

    3. Click Restore Default. 4. Click Update. To clear the default message and minimum JRE version: 1. Choose Administration > Configuration. Click the Custom JRE tab. 2. Click Clear. Configuring SNMP Simple Network Management Protocol allows CC-SG to push SNMP traps (event notifications) to an existing SNMP manager on the network.

  • Page 274: Mib Files

    Chapter 15: Advanced Administration 9. Select the checkboxes before the traps you want CC-SG to push to 10. Click Add to add this destination host to the list of configured hosts. 11. Click Update Trap Configuration to save your changes. MIB Files Because CC-SG pushes its own set of Raritan traps, you must update all SNMP managers with a custom MIB file that contains Raritan SNMP trap...

  • Page 275: Requirements For Cc-Sg Clusters

    Requirements for CC-SG Clusters  The Primary and Secondary nodes in a cluster must be running the same firmware version on the same hardware version (V1 or E1).  Your CC-SG network must be in IP Failover mode to be used for clustering.

  • Page 276: Configure Cluster Settings

    Chapter 15: Advanced Administration 5. Type a valid user name and password for the Backup node in the 6. Select the Redirect by Hostname checkbox to specify that secondary 7. Click Create Cluster. A message appears. 8. Click Yes. 9. Continue clicking OK for any onscreen messages. The Backup node 10.

  • Page 277: Switch The Primary And Secondary Node Status

    Switch the Primary and Secondary Node Status You can exchange the roles of Primary and Secondary nodes when the Secondary, or Backup, node is in the "Joined" state. When the Secondary node is in the "Waiting" state, switching is disabled. After the roles are switched, the former Primary node is in the "Waiting"...

  • Page 278: Delete A Cluster

    Chapter 15: Advanced Administration Delete a Cluster Deleting a cluster completely deletes the information entered for the cluster, and restores both of Primary and Secondary CC-SG nodes to the Standalone state. In addition, all configuration data, except for the networking settings (personality package), on the Secondary node is reset to default, including the CC Super-User password.

  • Page 279: Cluster Licenses

    Chapter 15: Advanced Administration Cluster Licenses You can operate a CC-SG cluster using separate standalone licenses with the same node capacity, or a cluster kit license. Cluster licenses differ from standalone licenses in that they contain the host IDs of both CC-SG units in the cluster. Only one set of licenses is required to operate both CC-SG units in a cluster.

  • Page 280: Configuring A Neighborhood

    Chapter 15: Advanced Administration Configuring a Neighborhood What is a Neighborhood? A Neighborhood is a collection of up to 10 CC-SG units. After setting up the Neighborhood in the Admin Client, users can access multiple CC-SG units in the same Neighborhood with single sign-on using the Access Client.

  • Page 281: Edit A Neighborhood

     If one or more CC-SG units cannot be found, a message appears and these CC-SG units will be highlighted in yellow in the table. Remove these units or modify their IP addresses or hostnames, and click Next again. 7. CC-SG displays a list of CC-SG units along with their firmware version and state in the Neighborhood Configuration table.
  • Page 282 Chapter 15: Advanced Administration Add a Neighborhood Member 1. Choose Administration > Neighborhood. 2. Click Add Member. The Add Member dialog appears. 3. Add CC-SG units. The number of CC-SG units that can be added 4. If new CC-SG units meet the Neighborhood criteria and are found, 5.
  • Page 283  To deactivate a CC-SG unit, deselect the Active checkbox next to the unit.  To change a Secure Gateway Name, click the name, type a new one and press Enter. The name must be unique.  To retrieve all CC-SG units' latest data, click Refresh Member Data.

  • Page 284: Refresh A Neighborhood

    Chapter 15: Advanced Administration Refresh a Neighborhood You can retrieve the latest status of all Neighborhood members immediately in the Neighborhood Configuration panel. 1. Choose Administration > Neighborhood. 2. Click Refresh Member Data. 3. Click Send Update to save the changes and distribute the latest Delete a Neighborhood 1.
  • Page 285 Check Your Browser for AES Encryption CC-SG supports AES-128 and AES-256. If you do not know if your browser uses AES, check with the browser manufacturer. You may also want to try navigating to the following web site using the browser whose encryption method you want to check: https://www.fortify.net/sslcheck.html https://www.fortify.net/sslcheck.html.

  • Page 286: Configure Browser Connection Protocol: Http Or Https/Ssl

    Chapter 15: Advanced Administration 5. Click Update to save your changes. Configure Browser Connection Protocol: HTTP or HTTPS/SSL In Security Manager, you can configure CC-SG to either use regular HTTP connections from clients or require HTTPS/SSL connections. You must restart CC-SG for changes to this setting to take effect. The default setting is HTTPS/SSL.
  • Page 287 Require strong passwords for all users 1. Choose Administration > Security. 2. Click the Login Settings tab. 3. Select the Strong Passwords Required for All Users checkbox. 4. Select a Maximum Password Length. Passwords must contain fewer than the maximum number of characters. 5.
  • Page 288 Chapter 15: Advanced Administration Lockout settings Administrators can lock out CC-SG users and SSH users after a specified number of failed login attempts. You can enable this feature for locally authenticated users, for remotely authenticated users, or for all users. Note: By default, the admin account is locked out for five minutes after three failed login attempts.

  • Page 289: Configure The Inactivity Timer

    2. Open the Login Settings tab. 3. Deselect the Lockout Enabled for Local Users checkbox to disable lockout for locally authenticated users. Deselect the Lockout Enabled for Remote Users checkbox to disable lockout for remotely authenticated users. 4. Click Update to save your changes. Allow concurrent logins per username You can permit more than one concurrent CC-SG session with the same username.
  • Page 290 Chapter 15: Advanced Administration Logo A small graphic file can be uploaded to CC-SG to act as a banner on the login page. The maximum size of the logo is 998 by 170 pixels. 1. Click Browse in the Logo area of the Portal tab. An Open dialog 2.

  • Page 291: Certificates

     Click Browse. A dialog window opens.  In the dialog window, select the text file with the message you want to use, and then click Open. The maximum length of the text message is 10,000 characters.  Click Preview to preview the text contained in the file. The preview appears in the banner message field above.
  • Page 292 Chapter 15: Advanced Administration 5. Click OK to generate the CSR. The CSR and Private Key appear in 6. Select the text in the Certificate Request box, and then press Ctrl+C 7. Select the text in the Private Key box, and then press Ctrl+C to copy 8.
  • Page 293 14. Type raritan in the Password field if the CSR was generated by CC-SG. If a different application generated the CSR, use the password for that application. Note: If the imported certificate is signed by a root and subroot CA (certificate authority), using only a root or subroot certificate will fail.

  • Page 294: Access Control List

    Chapter 15: Advanced Administration Access Control List An IP Access Control List specifies ranges of client IP addresses for which you want to deny or allow access to CC-SG. Each entry in the Access Control List becomes a rule that determines whether a user in a certain group, with a certain IP address, can access CC-SG.

  • Page 295: Notification Manager

    6. Click the Action drop-down arrow and select Allow or Deny to specify whether the specified users in the IP range can access CC-SG. 7. Click Update to save your changes. To change the order in which CC-SG applies rules: 1.

  • Page 296: Task Manager

    Chapter 15: Advanced Administration 7. Type a valid email address that will identify messages from CC-SG 8. Type the number of times emails should be re-sent should the send 9. Type the number of minutes (from 1-60) that should elapse between 10.

  • Page 297: Schedule Sequential Tasks

    Schedule Sequential Tasks You may want to schedule tasks sequentially to confirm that expected behavior occurred. For example, you may want to schedule an Upgrade Device Firmware task for a given device group, and then schedule an Asset Management Report task immediately after it to confirm that the correct versions of firmware were upgraded.

  • Page 298: Schedule A Task

    Chapter 15: Advanced Administration Schedule a Task This section covers most tasks that can be scheduled. See Device Firmware Upgrade device firmware upgrades. 1. Choose Administration > Tasks. 2. Click New. 3. In the Main tab, type a name and description for the task. Names can 4.
  • Page 299  Upgrade Device Firmware (individual device or device group): See Schedule a Device Firmware Upgrade 282).  Generate all reports: See 6. Click the Recurrence tab. The Recurrence tab is disabled for Upgrade Device Firmware tasks. 7. In the Period field, click the radio button that corresponds to the period of time when the scheduled task will recur.

  • Page 300: Schedule A Device Firmware Upgrade

    Chapter 15: Advanced Administration 10. If a task fails, CC-SG can retry the task at a later time as specified in 11. Click the Notification tab. 12. Specify email addresses to which a notification should be sent upon 13. Click OK to save your changes. Schedule a Device Firmware Upgrade You can schedule a task to upgrade multiple devices of the same type, such as KX or SX, within a device group.
  • Page 301 d. Concurrent Upgrades: Specify the number of devices that should begin the file transfer portion of the upgrade simultaneously. Maximum is 10. As each file transfer completes, a new file transfer will begin, ensuring that only the maximum number of concurrent transfers occurs at once.

  • Page 302: Change A Scheduled Task

    Chapter 15: Advanced Administration Change a Scheduled Task You can change a scheduled task before it runs. 1. Select the task you want to change. 2. Click Edit. 3. Change the task specifications as needed. See 4. Click Update to save your changes. Reschedule a Task The Save As function in Task Manager enables you to reschedule a completed task that you want to run again.

  • Page 303: Delete A Task

    Delete a Task You can delete a task to remove it from the Task Manager. You cannot delete a task that is currently running. To delete a task:  Select the task, then click Delete. SSH Access to CC-SG Use Secure Shell (SSH) clients, such as Putty or OpenSHH Client, to access a command line interface to SSH (v2) server on CC-SG.

  • Page 304: Get Help For Ssh Commands

    Chapter 15: Advanced Administration  Get Help for SSH Commands You can get limited help for all commands at once. You can also get in-depth help on a single command at a time. 1. At the shell prompt, type the command you want help for, followed by 2.

  • Page 305: Ssh Commands And Parameters

    SSH Commands and Parameters The following table lists all commands available in SSH. You must be assigned the appropriate privileges in CC-SG to access each command. Some commands have additional parameters that you must type to execute the command. For more information about how to type commands, see Command Tips To list active ports:...
  • Page 306 Chapter 15: Advanced Administration grep search_term help listbackups <[-id <device_id>] | [host]> listdevices listfirmwares [[-id <device_id>] | [host]] listinterfaces [-id <node_id>] listnodes listports [[-id <device_id>] | [host]] logoff [-u <username>] message more [-p <page_size>] pingdevice <[-id <device_id>] | [host]> restartcc minutes [message] To search for text from piped output stream: To view the help screen for all commands: To list available device configuration backups:...

  • Page 307: Command Tips

    To restart a device: restartdevice <[-id <device_id>] | [host]> To restore a device configuration: restoredevice <[-host <host>] | [-id <device_id>]> [backup_id] To shutdown CC-SG: shutdowncc minutes [message] To open an SSH connection to an SX device: ssh [-e <escape_char>] <[-id <device_id>] | [host]> To change a user: su [-u <user_name>] To upgrade a device's firmware:...

  • Page 308: Create An Ssh Connection To A Serial-Enabled Device

    Chapter 15: Advanced Administration Command syntax ssh -id <device_id>  You may have problems using the escape character in the Linux terminal or client. Raritan recommends that you define a new escape character when establishing a port connection. The command is connect [-e <escape_char>] [port_id].

  • Page 309: Use Ssh To Connect To A Node Via A Serial Out-Of-Band Interface

    2. Connect to the device by typing ssh -id <device_id> . Using the figure above as an example, you can connect to SX-229 by typing ssh -id 1370. Use SSH to Connect to a Node via a Serial Out-of-Band Interface You can use SSH to connect to a node through its associated serial out-of-band interface.

  • Page 310: End Ssh Connections

    Chapter 15: Advanced Administration End SSH Connections You can make SSH connections to CC-SG only, or you can make a connection to CC-SG and then make a connection to a port, device, or node managed by CC-SG. There are different ways to end these connections, depending on which part you want to end.

  • Page 311: Serial Admin Port

    Serial Admin Port The serial admin port on CC-SG can be connected directly to a Raritan serial device, such as Dominion SX or KSX. You can connect to the SX or KSX via the IP address using a terminal emulation program, such as HyperTerminal or PuTTY. Set the baud rate in the terminal emulation program to match the SX or KSX baud rate.

  • Page 312: Finding Your Cc-Sg Serial Number

    Chapter 15: Advanced Administration Finding Your CC-SG Serial Number 1. Log into the Admin Client. 2. Choose Help > About Raritan Secure Gateway. 3. A new window opens with your CC-SG serial number. Web Services API You must accept the End User Agreement before adding a Web Services API client to CC-SG.

  • Page 313: Cc-Noc

    e. State or Province: Maximum 64 characters. Type in the whole g. Registered Company Name: CSR tag is Organization Name. h. Division/Department Name: CSR tag is Organization Unit Name. k. Challenge Password: Maximum 64 characters. Note: The Challenge Password is used internally by CC-SG to generate the certificate.

  • Page 314: Chapter 16 Diagnostic Console

    Chapter 16 Diagnostic Console The Diagnostic Console is a non-graphical, menu-based interface that provides local access to CC-SG. You can access Diagnostic Console from a serial or KVM port. See VGA/Keyboard/Mouse Port Diagnostic Console from a Secure Shell (SSH) client, such as PuTTY or OpenSSH Client.

  • Page 315: Status Console

    Status Console About Status Console  You can use the Status Console to check the health of CC-SG, the various services CC-SG uses, and the attached network.  By default, Status Console does not require a password.  You can configure CC-SG to provide the Status Console information over a Web interface.

  • Page 316: Status Console Information

    Chapter 16: Diagnostic Console 2: Access the Status Console via web browser: 1. Using a supported Internet browser, type this URL: http(s)://<IP_address>/status/ where <IP_address> is the IP address of the CC-SG. Note the forward slash (/) following /status is mandatory. For example, https://10.20.3.30/status/.
  • Page 317 CC-SG Title, Date and Time The CC-SG title is constant so users know that they are connected to a CC-SG unit. The date and time at the top of the screen is the last time when the CC-SG data was polled. The date and time reflect the timing values saved on the CC-SG server.
  • Page 318 Chapter 16: Diagnostic Console Information Web Status RAID Status Cluster Status Cluster Peer Network Information Description suspended. Down Database server has not started yet. Most of the access to the CC-SG server is through the Web. This field shows the state of the Web server and available statuses include: Responding/Unsecured The Web server is up and...
  • Page 319 Information Description Duplex IPAddr RX -Pkts TX -Pkts Navigation Keys Reminder The bottom line on the screen displays the keyboard combination keys for invoking Help and exiting Status Console. Status Console will ignore key inputs other than these keys described below. ...
  • Page 320 Chapter 16: Diagnostic Console Status Console via Web Browser After connecting to the Status Console via the web browser, the read-only Status Console web page appears. The web page displays the same information as the Status Console, and also updates the information approximately every 5 seconds. For information on the links for CC-SG Monitors at the bottom of the web page, see Display Historical Data Trending Reports...

  • Page 321: Administrator Console

    Administrator Console About Administrator Console The Administrator Console allows you to set some initial parameters, provide initial networking configuration, debug log files, and perform some limited diagnostics and restarting CC-SG. The default login for the Administrator Console is:  Username: admin ...
  • Page 322 Chapter 16: Diagnostic Console The main Administrator Console screen appears. Administrator Console Screen Administrator Console screen consists of 4 main areas.  Menu bar: You can perform Administrator Console functions by activating the menu bar. Press Ctrl+X to activate the menu bar or click a menu item using the mouse if you access Administrator Console via the SSH client.

  • Page 323: Navigate Administrator Console

     Status bar: Status bar is just above the navigation keys bar. It displays some important system information, including CC-SG's serial number, firmware version, and the time when the information shown in the main display area was loaded or updated. Screenshots containing this information may be useful when reporting your problems to Raritan Technical Support.

  • Page 324: Edit Diagnostic Console Configuration

    Chapter 16: Diagnostic Console Edit Diagnostic Console Configuration The Diagnostic Console can be accessed via the serial port (COM1), VGA/Keyboard/Mouse (KVM) port, or from SSH clients. If you want to access Status Console, one more access mechanism, Web access, is also available.

  • Page 325: Edit Network Interfaces Configuration (Network Interfaces)

    4. Click Save. Edit Network Interfaces Configuration (Network Interfaces) In Network Interface Configuration, you can perform initial setup tasks, such as setting the hostname and IP address of the CC-SG. 1. Choose Operation > Network Interfaces > Network Interface Config. 2.

  • Page 326: Ping An Ip Address

    Chapter 16: Diagnostic Console 6. In the Adapter Speed, select a line speed. The other values of 10, 7. If you did not select AUTO for Adapter Speed, click Adapter Duplex 8. Repeat these steps for the second network interface if you selected 9.

  • Page 327: Use Traceroute

    Option Record Route Use Broadcast Address Adaptive Timing 4. Type values for how many seconds the ping command will execute, how many ping requests are sent, and the size for the ping packets. Default is 56, which translates into 64 ICMP data bytes when combined with 8 bytes of ICMP header data.

  • Page 328: Edit Static Routes

    Chapter 16: Diagnostic Console 4. Type values for how many hops the traceroute command will use in 5. Click Traceroute in the bottom right-hand corner of the window. 6. Press Ctrl+C or Ctrl+Q to terminate the traceroute session. A Edit Static Routes In Static Routes, you can view the current IP routing table and modify, add, or delete routes.
  • Page 329 Chapter 16: Diagnostic Console Although you can delete all other routes, including the Default Gateway, doing this will greatly impact the communication with CC-SG.

  • Page 330: View Log Files In Diagnostic Console

    Chapter 16: Diagnostic Console View Log Files in Diagnostic Console You can view one or more log files simultaneously via LogViewer, which allows browsing through several files at once to examine system activity. The Logfile list is updated only when the associated list becomes active, as when a user enters the logfile list area, or when a new sorting option is selected.
  • Page 331 3. Click with the mouse or use the arrow keys to navigate and press the Space bar to select a log file, marking it with an X. You can view more than one log file at a time. To sort the Logfiles to View list: The Sort Logfile list by options control the order in which logfiles are displayed in the Logfile to View list.
  • Page 332 Chapter 16: Diagnostic Console Option View When View is selected with Individual Windows, the LogViewer displays:    Description contents of this package is not available to customer. Exported logfiles will be available for up to 10 days, and then the system will automatically delete them.

  • Page 333: Restart Cc-Sg With Diagnostic Console

    Note: System load is static as of the start of this Admin Console session - use the TOP utility to dynamically monitor system resources. To filter a log file with a regular expression: 1. Type e to add or edit a regular expression and select a log from the list if you have chosen to view several.

  • Page 334: Reboot Cc-Sg With Diagnostic Console

    Chapter 16: Diagnostic Console Diagnostic Console. See Restarting CC-SG in Diagnostic Console will NOT notify users that it is being restarted. To restart CC-SG with Diagnostic Console: 1. Choose Operation > Admin > CC-SG Restart. 2. Either click Restart CC-SG Application or press Enter. Confirm the restart in the next screen to proceed.

  • Page 335: Power Off Cc-Sg System From Diagnostic Console

    2. Either click REBOOT System or press Enter to reboot CC-SG. Confirm the reboot in the next screen to proceed. Power Off CC-SG System from Diagnostic Console This option will power off the CC-SG unit. Logged-in users will not receive a notification. CC-SG, SSH, and Diagnostic Console users (including this session) will be logged off.

  • Page 336: Reset Cc Super-User Password With Diagnostic Console

    Chapter 16: Diagnostic Console 2. Either click Power OFF the CC-SG or press Enter to remove AC power from the CC-SG. Confirm the power off operation in the next screen to proceed. Reset CC Super-User Password with Diagnostic Console This option will reset the password for the CC Super User account to the factory default value.

  • Page 337: Reset Cc-Sg Factory Configuration

    2. Either click Reset CC-SG GUI Admin Password or press Enter to change the admin password back to factory default. Confirm the password reset in the next screen to proceed. Reset CC-SG Factory Configuration This option will reset all or parts of the CC-SG system back to their factory default values.
  • Page 338 Chapter 16: Diagnostic Console Option Full CC-SG Database Reset Preserve CC-SG Personality during Reset Network Reset SNMP Reset Firmware Reset Install Firmware into CC-SG DB Description This option removes the existing CC-SG database and builds a new version with the factory default values. Network settings, SNMP settings, firmware, and diagnostic console settings are not part of the CC-SG database.

  • Page 339: Diagnostic Console Password Settings

    Option Description Diagnostic Console Reset This option restores Diagnostic Console settings back to factory defaults. IP Access Control Lists This option removes all entries from the IP-ACL table. Reset IP-ACL settings are reset with a Full Database reset whether you select the IP Access Control Lists reset option or not.
  • Page 340 Chapter 16: Diagnostic Console 2. In the Password History Depth field, type the number of passwords that will be remembered. The default setting is five. 3. Select either Regular, Random, or Strong for the admin and status (if enabled) passwords. Password setting Regular Random...

  • Page 341: Diagnostic Console Account Configuration

    Password setting Description every password must have at least one digit in it. Diagnostic Console Account Configuration By default, the status account does not require a password, but you can configure it to require one. Other aspects of the admin password can be configured and the Field Support accounts can be enabled or disabled.
  • Page 342 Chapter 16: Diagnostic Console Setting Description User \ User Name (Read-only). This is the current user name or ID for this account. Last Changed (Read-only). This is the date of the last password change for this account. Expire (Read-only). This is the day that this account must change its password.

  • Page 343: Configure Remote System Monitoring

    Configure Remote System Monitoring You can enable the remote system monitoring feature to use the GKrellM tool. The GKrellM tool provides a graphical view of resource utilization on the CC-SG unit. This tool is similar to the Windows Task Manager's Performance tab.

  • Page 344: Display Historical Data Trending Reports

    Chapter 16: Diagnostic Console Follow the instructions in the Read Me file to set the CC-SG unit as the target to monitor. Windows users must use the command line to locate the Gkrellm installation directory and then run the commands specified in the Read. Display Historical Data Trending Reports Historical data trending gathers information about CPU utilization, memory utilization, Java Heap space, and network traffic.

  • Page 345: Display Raid Status And Disk Utilization

    Display RAID Status and Disk Utilization This option displays the status of CC-SG disks, including disk size, active and up status, state of the RAID-1, and amount of space currently used by various file systems. To display disk status of the CC-SG: 1.

  • Page 346: Perform Disk Or Raid Tests

    Chapter 16: Diagnostic Console Perform Disk or RAID Tests You can manually perform SMART disk drive tests or RAID check and repair operations. To perform a disk drive test or a RAID check and repair operation: 1. Choose Operation > Utilities > Disk/RAID Utilities > Manual Disk/RAID Tests.
  • Page 347 Chapter 16: Diagnostic Console d. After the test is complete, you can view the results in the Repair/Rebuild RAID screen. See Repair or Rebuild RAID Disks (on page 331). If a non-zero value displays in the Mis-Match column for the given Array, indicating that there may be a problem, you should contact Raritan Technical Support for assistance.

  • Page 348: Schedule Disk Tests

    Chapter 16: Diagnostic Console Schedule Disk Tests You can schedule SMART-based tests of the disk drives to be periodically performed. Firmware on the disk drive will perform these tests, and you can view the test results in the Repair/Rebuild screen. SMART tests can be performed while CC-SG is operational and in use.

  • Page 349: Repair Or Rebuild Raid Disks

    2. Click with the mouse or use the arrow keys to navigate and press the Space bar to select a test type, marking it with an X. Different types of tests take a different period of time.  A Short test takes about 2 minutes to complete when the system is lightly loaded.
  • Page 350 Chapter 16: Diagnostic Console 2. If any item does not show "No" under the "Replace??" or "Rebuild??" column, contact Raritan Technical Support for assistance.   The system will update displayed information when you move between Disk Drive Status, RAID Array Status, and Potential Operations box using the Tab key or mouse clicks.

  • Page 351: View Top Display With Diagnostic Console

    4. Selecting either Replace Disk Drive or Rebuild RAID Array, and follow onscreen instructions until you finish the operation. View Top Display with Diagnostic Console Top Display allows you to view the list of currently-running processes and their attributes, as well as overall system health. To display the processes running on CC-SG: 1.
  • Page 352 Chapter 16: Diagnostic Console   NTP is not enabled or not configured properly: NTP is properly configured and running:...

  • Page 353: Take A System Snapshot

    Take a System Snapshot When CC-SG does not function properly, it is extremely helpful if you can capture the information stored in CC-SG, such as the system logs, configurations or database, and provide it to Raritan Technical Support for analysis and troubleshooting. 1: Take a snapshot of CC-SG: 1.

  • Page 354: Change The Video Resolution For Diagnostic Console

    Chapter 16: Diagnostic Console 1. Using a supported Internet browser, type this URL: 2. The Enter Network Password dialog appears. Type the User Name 3. All available snapshot files that CC-SG has ever taken are listed. 4. Click the snapshot file with the appropriate filename, or the file 5.

  • Page 355: Chapter 17 Power Iq Integration

    Chapter 17 Power IQ Integration If you have a CC-SG and Power IQ, there are severals ways to use them together. 1. Control power to Power IQ IT devices via CC-SG. For example, if you want to control power to a Power IQ IT device which is also a CC-SG node, you can use a Power IQ Proxy interface to give power control commands in CC-SG.

  • Page 356: Configuring Power Iq Services

    Chapter 17: Power IQ Integration Configuring Power IQ Services You must configure the Power IQ Service before you can add Power IQ proxy interfaces to nodes, or synchronize Power IQ with CC-SG to add IT Devices to CC-SG as nodes. This is done via the CC-SG Access menu.

  • Page 357: Configuring Power Control Of Power Iq It Devices

    Troubleshoot Connections to Power IQ Check these possible error messages and solutions to troubleshoot your connection to a Power IQ. Determine the cause, then edit the configuration to correct it. See Configuring Power IQ Services Message Unable to communicate with managing device <Name>...

  • Page 358: Configuring Synchronization Of Power Iq And Cc-Sg

    Chapter 17: Power IQ Integration Configuring Synchronization of Power IQ and CC-SG CC-SG will synchronize with Power IQ to add the IT Devices configured in Power IQ to CC-SG as nodes. When synchronizing, CC-SG will create a node with a PowerIQ Proxy interface for each new IT Device identified. When CC-SG detects a duplicated node, the synchronization policy you choose determines whether the nodes are consolidated, renamed, or rejected.

  • Page 359: Synchronize Power Iq And Cc-Sg

    Step 3 - Create a synchronization policy: Note: The synchronization policy applies to ALL Power IQ instances configured in CC-SG. See Power IQ Synchronization Policies page 342) for details of each policy and other synchronization results. 1. In the Synchronization section, select the radio button for the synchronization policy: ...

  • Page 360: Power Iq Synchronization Policies

    Chapter 17: Power IQ Integration Power IQ Synchronization Policies When CC-SG detects a duplicated node, the synchronization policy you choose determines whether the nodes are consolidated, renamed, or rejected. 340) to set the synchronization policy.    When synchronizing, if an IT Device no longer exists, as determined by the External Key, and the node only has a single interface of the type Power IQ Proxy Interface associated with it, the node is deleted from CC-SG.

  • Page 361: Import Power Strips From Power Iq

    Import Power Strips from Power IQ You can import Dominion PX devices and their outlet names from Power IQ. If the Dominion PX devices are already managed by CC-SG, you must delete them first. The import adds the Dominion PX devices, and configures and names the outlets specified in the CSV file.

  • Page 362: Export Dominion Px Data To Use In Power Iq

    Chapter 17: Power IQ Integration Column number Step 3: Import the edited CSV file into CC-SG 1. In the CC-SG Admin Client, choose Administration > Import > Import Powerstrips. 2. Click Browse and select the CSV file to import. Click Open. 3.
  • Page 363 3. Type a name for the file and choose the location where you want to save it 4. Click Save. Step 2: Edit the CSV file and import into Power IQ: The export file contains three sections. Read the comments in the CSV file for instructions on how to use each section as part of a Power IQ multi-tabbed CSV import file.

  • Page 364: Appendix A Specifications For V1 And E1

    Appendix A Specifications for V1 and E1 In This Chapter V1 Model... 346 E1 Model... 347 V1 Model V1 General Specifications Form Factor Dimensions (DxWxH) Weight Power Operating Temperature Mean Time Between Failure (MTBF) KVM Admin Port Serial Admin Port Console Port V1 Environmental Requirements Operating...

  • Page 365: E1 Model

    Operating Humidity Altitude Vibration Shock E1 Model E1 General Specifications Form Factor Dimensions (DxWxH) Weight Power Operating Temperature Mean Time Between Failure (MTBF) KVM Admin Port Serial Admin Port Console Port E1 Environmental Requirements Operating Humidity Altitude Vibration Shock Appendix A: Specifications for V1 and E1 5% - 95% RH Operate properly at any altitude between 0 to 10,000 feet, storage 40,000 feet...
  • Page 366 Appendix A: Specifications for V1 and E1 Operating Non-Operating Temperature Humidity Altitude Vibration Shock -40°-70° C 5-90%, non-condensing Sea level to 40,000 feet 10 Hz to 300 Hz sweep at 2 g constant acceleration for one hour on each of the perpendicular axes X, Y, and Z 30 g for 11 ms with a ½...

  • Page 367: Appendix B Cc-Sg And Network Configuration

    Appendix B CC-SG and Network Configuration This appendix contains network requirements, including addresses, protocols, and ports, of a typical CC-SG deployment. It includes information about how to configure your network for both external access and internal security and routing policy enforcement. Details are provided for the benefit of a TCP/IP network administrator.

  • Page 368: Cc-Sg Communication Channels

    Appendix B: CC-SG and Network Configuration Port Number Protocol 80 and 443 for Control System nodes 80, 443, 902, and 903 for Virtual Host and Virtual Machine Nodes 51000 Possible exceptions to the required open ports: Port 80 can be closed if all access to the CC-SG is via HTTPS addresses.

  • Page 369: Cc-Sg And Raritan Devices

    CC-SG and Raritan Devices A main role of CC-SG is to manage and control Raritan devices, such as Dominion KX II. Typically, CC-SG communicates with these devices over a TCP/IP network (local, WAN, or VPN) and both TCP and UDP protocols are used as follows: Communication Direction CC-SG to Local Broadcast...

  • Page 370: Access To Infrastructure Services

    Appendix B: CC-SG and Network Configuration Communication Direction CC-SG to CC-SG CC-SG to CC-SG CC-SG to CC-SG Access to Infrastructure Services The CC-SG can be configured to use several industry-standard services like DHCP, DNS, and NTP. These ports and protocols are used to allow CC-SG to communicate with these optional servers.

  • Page 371: Pc Clients To Nodes

    Communication Port Direction Number PC Client to CC-SG PC Client to CC-SG PC Client to CC-SG 8080 PC Client to CLI SSH PC Client to Diagnostic Console PC Clients to Nodes Another significant role of CC-SG is to connect PC clients to various nodes.

  • Page 372: Cc-Sg And Client For Ipmi, Ilo/Riloe, Drac, Rsa

    Appendix B: CC-SG and Network Configuration Communication Port Number Direction Client to Raritan Device 5000 to Out-of-Band KVM (on Raritan Node Device) (Direct Mode) Client to Raritan 51000 Dominion SX Device to (on Raritan Out-of-Band Serial Device) Node (Direct Mode) CC-SG and Client for IPMI, iLO/RILOE, DRAC, RSA You may need to open additional ports for CC-SG to manage third-party devices, such as iLO/RILOE and iLO2/RILOE2 servers.

  • Page 373: Cc-Sg Internal Ports

    Communication Port Number Direction CC-SG to SNMP Manager CC-SG Internal Ports CC-SG uses several ports for internal functions, and its local firewall function blocks access to these ports. However, some external scanners may detect these as “blocked” or “filtered.” External access to these ports is not required and can be further blocked.

  • Page 374: Vnc Access To Nodes

    Appendix B: CC-SG and Network Configuration VNC Access to Nodes Port 5800 or 5900 must be open for VNC access to nodes. SSH Access to Nodes Port 22 must be open for SSH access to nodes. Remote System Monitoring Port When the Remote System Monitoring feature is enabled, port 19150 is opened by default.

  • Page 375: Appendix C User Group Privileges

    Appendix C User Group Privileges This table shows which privilege must be assigned for a user to have access to a CC-SG menu item. *None means that no particular privilege is required. Any user who has access to CC-SG will be able to view and access these menus and commands.
  • Page 376 Appendix C: User Group Privileges Menu > Menu Item Sub-menu Node Auditing Devices This menu and the Devices tree is available only for users with any one of the following privileges: Device, Port, and Node Management Device Configuration and Upgrade Management Discover Devices Device, Port, and Node >...
  • Page 377 Menu > Menu Item Sub-menu > Launch Admin > Launch User Station Admin > Disconnect Users > Topology View > Change View > Create Custom View > Tree View > Port Manager > Connect > Configure Ports Device, Port, and Node >...
  • Page 378 Appendix C: User Group Privileges Menu > Menu Item Sub-menu > By Port Number Device, Port, and Node Nodes This menu and the Nodes tree is available only for users with any one of the following privileges: Device, Port, and Node Management Node In-Band Access Node Out-of-Band Access Node Power Control...
  • Page 379 Menu > Menu Item Sub-menu Group Power Control Configure Blades Device, Port, and Node Ping Node Bookmark Node Interface > Node Sorting > By Node Name Any of the following: Options > By Node Status Any of the following: > Chat >...
  • Page 380 Appendix C: User Group Privileges Menu > Menu Item Sub-menu > Tree View Associations This menu is available only for users with the User Security Management privilege > Association > Device Groups > Node Groups > Policies Reports This menu is available for users with any administrative privilege except for users with the User Security Management privilege alone Audit Trail Error Log...
  • Page 381 Menu > Menu Item Sub-menu > User Group Data > Devices > Device Asset Report > Device Group Data > Query Port > Nodes > Node Asset Report > Active Nodes > Node Creation > Node Group Data > Active AD Users Group Directory Report...
  • Page 382 Appendix C: User Group Privileges Menu > Menu Item Sub-menu Firmware Configuration Cluster Configuration Neighborhood Security Notifications Tasks Compatibility Matrix > Import Import Categories CC Setup and Control and Import Users Import Nodes Import Devices Import Powerstrips > Export Export Categories Export Users Required Privilege...
  • Page 383 Menu > Menu Item Sub-menu Export Nodes Export Devices Export Power IQ Data System Maintenance Backup Restore Reset Restart Upgrade Shutdown > Maintenance > Enter Mode Maintenance Mode > Exit Maintenance Mode View Window Help Required Privilege CC Setup and Control and Device, Port, and Node Management CC Setup and Control and...

  • Page 384: Appendix D Snmp Traps

    Appendix D SNMP Traps CC-SG provides the following SNMP traps: SNMP Trap ccUnavailable ccAvailable ccUserLogin ccUserLogout ccPortConnectionStarted ccPortConnectionStopped ccPortConnectionTerminated ccImageUpgradeStarted ccImageUpgradeResults ccUserAdded ccUserDeleted ccUserModified ccUserAuthenticationFailure ccLanCardFailure ccHardDiskFailure ccLeafNodeUnavailable ccLeafNodeAvailable ccIncompatibleDeviceFirmware ccDeviceUpgrade ccEnterMaintenanceMode ccExitMaintenanceMode ccUserLockedOut ccDeviceAddedAfterCCNOCNotificati ccScheduledTaskExecutionFailure ccDiagnosticConsoleLogin Description CC-SG application is unavailable. CC-SG application is available.
  • Page 385 SNMP Trap ccDiagnosticConsoleLogout ccUserGroupAdded ccUserGroupDeleted ccUserGroupModified ccSuperuserNameChanged ccSuperuserPasswordChanged ccLoginBannerChanged ccMOTDChanged ccDominionPXReplaced ccSystemMonitorNotification ccNeighborhoodActivated ccNeighborhoodUpdated ccDominionPXFirmwareChanged ccClusterFailover ccClusterBackupFailed ccClusterWaitingPeerDetected ccClusterOperation ccCSVFileTransferred ccPIQAvailable ccPIQUnavailable Description User has logged out of the CC-SG Diagnostic Console. A new user group has been added to CC-SG. CC-SG user group has been deleted.

  • Page 386: Appendix E Csv File Imports

    Appendix E CSV File Imports This section contains more information about CSV file imports. In This Chapter Common CSV File Requirements ... 369 Audit Trail Entries for Importing ... 370 Troubleshoot CSV File Problems ... 371...

  • Page 387: Common Csv File Requirements

    Common CSV File Requirements The best way to create the CSV file is to export a file from CC-SG, and then use the exported CSV file as an example for creating your own. The export file contains comments at the top that describe each item in the file.

  • Page 388: Audit Trail Entries For Importing

    Appendix E: CSV File Imports Audit Trail Entries for Importing Each item imported into CC-SG is logged in the Audit Trail. Skipped duplicates are not logged in the Audit Trail. The Audit Trail includes an entry for the following actions, under the Message Type "Configuration."...

  • Page 389: Troubleshoot Csv File Problems

    Troubleshoot CSV File Problems To troubleshoot CSV file validation: Error messages appear in the Problems area of the Import page. The error messages identify problems that are found in the CSV file during validation. You can save the list of errors to a CSV file. Each error includes the line number where the error occurs in the CSV file.

  • Page 390: Appendix F Troubleshooting

    Appendix F Troubleshooting  Launching CC-SG from your web browser requires a Java plug-in. If your machine has an incorrect version, CC-SG will guide you through the installation steps. If your machine does not have a Java plug-in, CC-SG cannot automatically launch. In this case, you must uninstall or disable your old Java version and provide serial port connectivity to CC-SG to ensure proper operation.
  • Page 391 Appendix F: Troubleshooting  If you access more than one CC-SG unit using the same client and Firefox, you may see a "Secure Connection Failed" message that says you have an invalid certificate. You can resume access by clearing the invalid certificate from your browser. a.

  • Page 392: Appendix G Diagnostic Utilities

    Appendix G Diagnostic Utilities CC-SG comes with a few diagnostic utilities which may be extremely helpful for you or Raritan Technical Support to analyse and debug the cause of CC-SG problems. In This Chapter Memory Diagnostic ... 374 Debug Mode ... 375 CC-SG Disk Monitoring ...

  • Page 393: Debug Mode

      2: Terminate the Memtest86+ diagnostic program: 1. Press Esc. 2. CC-SG will reset and reboot. Debug Mode Although enabling the debug mode is extremely helpful for troubleshooting, it may impact the CC-SG operation and performance. Therefore, you should enable the debug mode only when Raritan Technical Support instructs you to do so.

  • Page 394: Cc-Sg Disk Monitoring

    Appendix G: Diagnostic Utilities CC-SG Disk Monitoring If CC-SG disk space exhaustion in one or more file systems occurs, it may negatively impact your operation and even results in the loss of some engineering data. Therefore, you should monitor the CC-SG disk usage and take corrective actions to prevent or resolve potential issues.
  • Page 395 File system Data /sg/DB CC-SG database /opt CC-SG backups and snapshots /var Log files and system upgrades /tmp Scratch area (used by snapshots) To monitor the disk space via web browser This method applies only to CC-SG release 4.0 or later. You must enable Web Status Console-related options in Diagnostic Console before you can monitor the disk space using the web browser.
  • Page 396 Appendix G: Diagnostic Utilities Note: For file system problems that are not mentioned in this section, or when the corrective actions you take cannot resolve the problems, contact Raritan Technical Support for assistance.

  • Page 397: Appendix H Two-Factor Authentication

    Appendix H Two-Factor Authentication CC-SG can be configured to point to an RSA RADIUS Server that supports two-factor authentication via an associated RSA Authentication Manager. CC-SG acts as a RADIUS client and sends user authentication requests to RSA RADIUS Server. The authentication request includes user id, a fixed password, and a dynamic token code.

  • Page 398: Appendix I Faqs

    Appendix I FAQs In This Chapter General FAQs ... 380 Authentication FAQs ... 382 Security FAQs ... 383 Accounting FAQs ... 384 Performance FAQs ... 384 Grouping FAQs ... 385 Interoperability FAQs ... 386 Authorization FAQs ... 386 User Experience FAQs ... 386 Licensing FAQs ...
  • Page 399 Question Can I upgrade to newer versions of CC-SG software as they become available? How many nodes and/or Dominion units and/or IP-Reach units can be connected to CC-SG? What do I do if I am unable to add a console/serial port to CC-SG? Which version of Java will Raritan's CC-SG be...

  • Page 400: Authentication Faqs

    Appendix I: FAQs Question Will CC-SG auto-detect and update the blade chassis configuration when I move the blade chassis from one KX2 port to another KX2 port? How to merge the blade server node and the virtual host node if they refer to the same server? Authentication FAQs Question...

  • Page 401: Security Faqs

    Question Answer for authentication with authentication. directory services and Remote authentication servers supported include: AD, security tools such as LDAP, TACACS+, RADIUS, and LDAP. AD, RADIUS, and so on? Why does the error message Check the user account in AD. If AD is set to "Logon "Incorrect username and/or To"...

  • Page 402: Accounting Faqs

    Appendix I: FAQs Question well as external (not just WAN, but LAN, too)? Does CC-SG support CRL List, that is, LDAP list of invalid certificates? Does CC-SG support Client Certificate Request? Accounting FAQs Question Accounting The event times in the Audit Trail report seem incorrect.

  • Page 403: Grouping Faqs

    Grouping FAQs Question Answer Grouping Is it possible to put a given Yes. Just as one user can belong to multiple groups, server in more than one one device can belong to multiple groups. group? For example, a Sun in NYC could be part of Group Sun: "Ostype = Solaris"...

  • Page 404: Interoperability Faqs

    Appendix I: FAQs Interoperability FAQs Question Interoperability How does CC-SG integrate with Blade Chassis products? To what level is CC-SG able to integrate with third party KVM tools, down to third party KVM port level or simply box level? How would I mitigate the restriction of four simultaneous paths through any IP-Reach box, including...

  • Page 405: Licensing Faqs

    Licensing FAQs If you must replace your installed licenses, follow these rules. Base licenses must be replaced first. Replacing a base clears all add-ons if they are of a different type. Replacing a base does not clear all add-ons if they are of the same type and the host IDs match.

  • Page 406: Appendix J Keyboard Shortcuts

    Appendix J Keyboard Shortcuts The following keyboard shortcuts can be used in the Java-based Admin Client. Operation Refresh Print panel Help Insert row in Associations table Keyboard Shortcut Ctrl + P Ctrl + I...

  • Page 407: Appendix K Naming Conventions

    Appendix K Naming Conventions This appendix includes information about the naming conventions used in CC-SG. Comply with the maximum character lengths when naming all the parts of your CC-SG configuration. In This Chapter User Information ... 389 Node Information ... 389 Location Information ...

  • Page 408: Location Information

    Appendix K: Naming Conventions Field in CC-SG Audit Information Location Information Field in CC-SG Department Site Location Contact Information Field in CC-SG Primary Contact Name Telephone Number Cell Phone Secondary Contact Name Telephone Number Cell Phone Service Accounts Field in CC-SG Service Account Name User Name Password...

  • Page 409: Port Information

    Field in CC-SG periods are converted to hyphens. Device Description Device IP/Hostname Username Password Notes Port Information Field in CC-SG Port Name Associations Field in CC-SG Category Name Element Name Device Group Name Node Group Name Administration Field in CC-SG Cluster Name Neighborhood Name Authentication Module Name...

  • Page 410: Appendix L Diagnostic Console Bootup Messages

    Appendix L Diagnostic Console Bootup Messages Prior to version 4.0, CC-SG Diagnostic Console displays a number of messages on the screen each time when it boots up. These messages are standard Linux diagnostic and warning messages and usually do not imply any system problems.

  • Page 411: Index

    Index About Administrator Console • 296, 303 About Applications for Accessing Nodes • 238 About Associations • 41 About CC-SG LAN Ports • 242, 243, 246 About CC-SG passwords • 269 About Connection Modes • 102, 128, 250 About Default Applications • 240 About Interfaces •...
  • Page 412 Index Adding, Editing, and Deleting Node Groups • Adding, Editing, and Deleting Nodes • 109 Adding, Editing, and Deleting User Groups • 108, 159 Adding, Editing, and Deleting Users • 163 Administration • 391 Administrator Console • 303 Administrator Console Screen • 304 Advanced Administration •...
  • Page 413 Change your default search preference • 52, Change your email address • 173 Change your name • 172 Change your password • 172 Changing the Blade Server Status • 66 Check Your Browser for AES Encryption • 267 Checking and Upgrading Application Versions •...
  • Page 414 Index Default CC-SG Settings • 23 Default User Groups • 158 Delete a Backup File • 224 Delete a Blade Chassis Device • 67, 68 Delete a Category • 43 Delete a Cluster • 260 Delete a Custom View for Devices • 185 Delete a Custom View for Nodes •...
  • Page 415 End SSH Connections • 290, 292 Ending CC-SG Session • 235 Entering Maintenance Mode • 32, 222, 230, 232, 238 Error Log Report • 211 Establishing Order of External AA Servers • Example Adding a Web Browser Interface to a PX Node •...
  • Page 416 Index Licensing - New Customers - Physical Appliance • 10, 11, 12, 14, 16 Licensing - Rehosting • 29 Licensing - Virtual Appliance with License Server • 10, 11, 17 Licensing FAQs • xvii, 30, 387 Limit the Number of KVM Sessions per User • 39, 159, 160, 162 Linux Server •...
  • Page 417 Query Port Report • 215 RADIUS General Settings • 206 RDP Access to Nodes • 355 Reboot CC-SG with Diagnostic Console • 316, 336, 374 Reboot or Force Reboot a Virtual Host Node • Recommended DHCP Configurations for CC-SG • 242, 244, 247, 248 Recover a Cluster •...
  • Page 418 Index Specify a Distinguished Name for AD • 188 Specify a Distinguished Name for LDAP • 189 Specify a Username for AD • 189 Specifying Modules for Authentication and Authorization • 189 SSH Access to CC-SG • 268, 285 SSH Access to Nodes • 356 SSH Commands and Parameters •...
  • Page 419 Virtual Appliance Installation Requirements • Virtual Appliances with Remote Storage Servers • 27 Virtual Nodes Overview • 113 VNC Access to Nodes • 356 vSphere 4 Users Must Install New Plug-In • Web Browser Interface • 126, 133 Web Services API • 294 What is a Neighborhood? •...
  • Page 420 U.S./Canada/Latin America Monday - Friday 8 a.m. - 6 p.m. ET Phone: 800-724-8090 or 732-764-8886 For CommandCenter NOC: Press 6, then Press 1 For CommandCenter Secure Gateway: Press 6, then Press 2 Fax: 732-764-8887 Email for CommandCenter NOC: tech-ccnoc@raritan.com Email for all other products: tech@raritan.com China Beijing Monday - Friday...

Table of Contents