Page 2 This page intentionally left blank.
Page 3: Fcc Information
Copyright and Trademark Information This document contains proprietary information that is protected by copyright. All rights reserved. No part of this document may be photocopied, reproduced, or translated into another language without express prior written consent of Raritan, Inc. © Copyright 2006 Raritan, CommandCenter, RaritanConsole, Dominion, and the Raritan company logo are trademarks or registered trademarks of Raritan, Inc.
Page 4: Rack Mount Safety Guidelines
Safety Guidelines To avoid potentially fatal shock hazard and possible damage to Raritan equipment: • Do not use a 2-wire power cord in any product configuration. • Test AC outlets at your computer and monitor for proper polarity and grounding. •...
Page 5: Table Of Contents
ONTENTS Chapter 1: Introduction ...1 Prerequisites ...1 Intended Audience ...1 Product Photos...1 Product Features and Benefits ...2 Terminology/Acronyms ...3 New 3.0 Features...6 Chapter 2: Accessing CC-SG...7 Browser-Based Access ...7 Standalone Client Access ...9 Confirm IP Address ...9 Check and Upgrade CC-SG Firmware Version ...10 Check and Upgrade Application Versions ...10 Connection to Console and KVM Management Appliances ...11 Power Down CC-SG ...13...
Page 6 Copy Device Configuration ...57 Upgrade Device ...57 Ping Device ...58 Restart Device ...58 Pause Device ...59 Resume Device ...59 View Devices...59 Regular View ...59 Custom View ...60 Add Custom View ...61 Edit Custom View ...61 Delete Custom View ...62 Topological View...63 Special Access to Paragon II System Devices ...64 Paragon II System Controller (P2-SC)...64 IP-Reach and UST-IP Administration ...65...
Page 7 ONTENTS Edit Policy...111 Delete Policy...112 Chapter 9: Configuring Remote Authentication ...113 Authentication and Authorization ...113 Flow for Authentication ...113 User Accounts ...113 Establish Order of Authentication Databases ...114 Distinguished Names for LDAP and Active Directory ...114 Username ...114 Base DN ...115 Active Directory (AD)...115 Setup on AD Server...115 Setup on CC-SG...117...
Page 8 Inactivity Timer Configuration ...164 Time/Date Configuration...165 Modem Configuration ...166 Connection Mode...172 Device Settings...174 SNMP ...175 Configure Security...176 Strong Password Rules ...177 Enable User Lockout ...177 Application Manager ...178 Add Application...178 Edit Application ...179 Delete Application...180 Firmware Manager ...180 Upload Firmware ...180 Delete Firmware ...181 CommandCenter NOC...181 Add a CC-NOC ...182...
Page 9 ONTENTS CC-SG & SNMP ...234 CC-SG & CC-NOC ...234 CC-SG Internal Ports...234 CC-SG Access via NAT-enabled Firewall...234 Security and Open Port Scans...235 Appendix C: Initial Setup Process Overview ...237 Appendix D: User Group Privileges...239 Appendix E: SNMP Traps ...243 Appendix F: Troubleshooting...245 Client Browser Requirements ...245 Import CSV File (Category, Device, Port) Error Message ...245 Port and Policy Group Creation Failure ...246...
Page 10 IGURES Figures Figure 1 CC-SG Front View ... 1 Figure 2 CC-SG - Rear Panel ... 1 Figure 3 Security Alert Window... 7 Figure 4 Login Window ... 8 Figure 5 CC-SG Application Window ... 8 Figure 6 IP Specification Window ... 9 Figure 7 Set IP Address with Configuration Manager Commands ...
Page 11 IGURES Figure 52 Add Device Selection Screen ... 51 Figure 53 Add Device Screen for PowerStrip... 51 Figure 54 Add Device Screen for Raritan Devices... 52 Figure 55 Add Device Screen for iLO, RILOE... 52 Figure 56 Add Device Screen for IPMI Server (v 1.5) ... 53 Figure 57 Add Device Screen for Generic Device...
Page 12 viii IGURES Figure 105 Configure Ports Screen for IPMI Server... 84 Figure 106 Configure Outlet Port Screen ... 85 Figure 107 Delete Port Screen... 86 Figure 108 Bulk Copy Screen ... 87 Figure 109 Edit Serial Port Screen... 88 Figure 110 Edit KVM Port Screen ... 89 Figure 111 Edit Generic Port Screen ...
Page 13 IGURES Figure 158 Generate Certificate Signing Request Screen ... 132 Figure 159 Certificate Request Generated... 132 Figure 160 Generate Self Signed Certificate Window... 133 Figure 161 Security Manager IP-ACL Screen ... 134 Figure 162 Active Users Report ... 135 Figure 163 Manage Report Window ... 136 Figure 164 Active Ports Report ...
Page 14: Igures
IGURES Figure 211 Configuration Settings Device Settings Screen... 174 Figure 212 Configuration Settings Device Settings Screen... 175 Figure 213 Security Manager General Screen... 176 Figure 214 Lockout Settings ... 177 Figure 215 Error (User Being Locked Out) Screen ... 178 Figure 216 Application Manager Screen ...
Page 15 IGURES Figure 264 Selecting Network Interface Configuration... 209 Figure 265 Editing Network Interfaces ... 210 Figure 266 Pinging a Target... 211 Figure 267 Performing Traceroute on a Target... 212 Figure 268 Selecting Static Routes... 213 Figure 269 Editing Static Routes... 213 Figure 270 Viewing Log Files...
Page 17: Chapter 1: Introduction
1: I HAPTER NTRODUCTION Chapter 1: Introduction Congratulations on your purchase of CommandCenter Secure Gateway (CC-SG), Raritan’s convenient and secure method for managing various UNIX servers, firewalls, routers, load balancers, Power Management devices, and Windows servers. CC-SG provides central management and administration, using a set of serial and KVM appliances.
Page 18: Product Features And Benefits
Product Features and Benefits • Seamless Management CC-SG offers seamless management of Dominion series and Paragon® management appliances through Paragon remote User Stations (UST1R/UST2R) – leverage your embedded base with a CC-SG to draw substantial incremental value: − Constantly updated to keep up with changing needs. −...
Page 19: Terminology/Acronyms
1: I HAPTER NTRODUCTION • Comprehensive Logging − Logs events locally. − Can use an external syslog server for event logs (events are immediately posted or exported) and the ability to have other Raritan products use it as a syslog server. −...
Page 20 • CIM (Computer Interface Module)—is the hardware used to connect a target server and a Raritan device. Each target requires a CIM, except for the Dominion KX101 which is attached directly to one target and therefore, does not require a CIM. Targets servers should be powered on and connected to CIMs and CIMs should be connected to the Raritan Device BEFORE adding the ports in CC-SG.
Page 21 1: I HAPTER NTRODUCTION • Ports—are connection points between a Raritan Device and a target system or server. Or, a port can be a device that is directly connected to a LAN/CC-SG via In-band access. In CC- SG, you click on a port to access and manage the target. The port is essentially the destination system and should be named appropriately for that system, for example, NYC_SunSRV1.
Page 22: New 3.0 Features
New 3.0 Features These administrator features are now available in CC-SG 3.0: Note: If viewing a PDF file, click on the page number to navigate to the location in the document where the feature is described. EATURE Import of Categories, Devices, Ports from CSV File Support for adding IPMI Servers and Generic Devices Support for Encryption in KX Devices Discover Device Enhancement...
Page 23: Chapter 2: Accessing Cc-Sg
2: A CC-SG HAPTER CCESSING Chapter 2: Accessing CC-SG Once you have configured CC-SG with an IP address and have defined at least one user, as described in Raritan’s CommandCenter Secure Gateway Setup Guide, the CC-SG unit can be placed at its final destination. Make all necessary hardware connections to make the unit operational.
Page 24: Figure 4 Login Window
2. You will be warned if you are using an unsupported Java Runtime Environment version on your machine. From the window that pops up, select whether you will download the correct JRE version from the CC-SG server (if available), download it from the Sun Microsystems web site, or continue with the incorrect version, and click OK.
Page 25: Standalone Client Access
2: A CC-SG HAPTER CCESSING Standalone Client Access The standalone CC-SG client allows you to connect to CC-SG servers by launching a Java application instead of running an applet through a Web browser. 1. Install the standalone CC-SG client located on the included CD ROM onto your PC. 2.
Page 26: Check And Upgrade Cc-Sg Firmware Version
3. Click Update Configuration to submit the changes. A confirmation window asks if you wish to restart CC-SG in order to apply changes. 4. Click OK to log out from your current session and restart CC-SG. 5. Access CC-SG using the new IP address. Check and Upgrade CC-SG Firmware Version Note: Before you can upgrade CC-SG, you must be in Maintenance Mode.
Page 27: Connection To Console And Kvm Management Appliances
2: A CC-SG HAPTER CCESSING 2. Select an application from the pull-down menu and note the number in the version field. If the firmware needs upgrading, see the previous section Check and Upgrade CC-SG Firmware Version and continue to step 3. 3.
Page 28: Figure 11 Security Warning For Signed Console Applet
OMMAND ENTER ECURE ATEWAY DMINISTRATOR UIDE To access a remote target device that is connected via a serial port, click on the appropriate device in the Devices selection tree, under the Devices tab. If the port is configured for a console application, a Security Warning appears, indicating that the console applet is a signed applet from Raritan Systems.
Page 29: Power Down Cc-Sg
2: A CC-SG HAPTER CCESSING Power Down CC-SG If running CC-SG on the V1 platform and if it loses AC power while it is up and running, the V1 unit remembers its last power state. Once AC power is restored, the V1 unit automatically reboots. However, if a V1 unit loses AC power when it is turned OFF, the V1 unit will remain powered off when AC power is restored.
Page 30: Overview
Note: To make ports easier to find, right-click on the tree and select the desired listing method under Port Sorting Options. Ports sorted by name will be listed alphabetically; ports sorted by status will be grouped in the order of: Available Ports, Busy Ports, Unavailable Ports, and listed alphabetically within each group.
Page 31: Main Window Components
2: A CC-SG HAPTER CCESSING Main Window Components Menu Bar (Operation and Configuration commands) Toolbar (shortcuts for commands Selection tabs (Ports, Users, and Devices) Selection tree (expandable / collapsible using + and – signs) The CC-SG menu bar displays all operations and configuration commands. Active commands are based upon the privileges of the user, as established by the CC-SG Administrator.
Page 32: Configuring Cc-Sg Manager Components
Configuring CC-SG Manager Components In order to use CC-SG effectively, you must complete the following configuration steps, as described in this and the next chapter: • Configure and install Dominion series and IP-Reach appliances (both serial and KVM devices). − Configure the devices and establish them on your network.
Page 33: Compatibility Matrix
2: A CC-SG HAPTER CCESSING Compatibility Matrix The Compatibility Matrix lists the firmware versions of Raritan devices and software versions of applications that are compatible with the current version of CC-SG. To view the Compatibility Matrix, on the Devices menu, click Compatibility Matrix. Figure 14 Compatibility Matrix CC-SG checks against this data whenever you add a device, upgrade device firmware, or select an application for use.
Page 34 OMMAND ENTER ECURE ATEWAY DMINISTRATOR UIDE...
Page 35: Chapter 3: Example Configuration Workflow
3: E HAPTER XAMPLE ONFIGURATION ORKFLOW Chapter 3: Example Configuration Workflow Create Associations The Association Wizard guides you through steps to create categories and their associated elements. The Wizard then automatically creates a port group for each element and a policy for each port group.
Page 36: Figure 16 Association Wizard - Category And Elements Screen
2. After reading the overview, click Next. The Create Category and Elements screen of the Wizard appears. Figure 16 Association Wizard - Category and Elements Screen 3. Type the name of a category you wish to organize your ports by (for example: Location) in the Category field.
Page 37: Figure 17 Adding Another Category
3: E HAPTER XAMPLE ONFIGURATION ORKFLOW 5. To create another category, click Add Another Category and repeat steps 3 and 4. To review categories and elements you have created, click Previous or Next to cycle through them. Figure 17 Adding Another Category 6.
Page 38: Add Devices
8. CC-SG will show a progress bar while it is creating the associations, port groups and policies. When this is complete, the Association Wizard Summary screen appears displaying the list what was created. Click Done to exit the wizard. Figure 19 Association Wizard - Summary Screen The Association Wizard has now created a port group for each element, and a policy for each port group.
Page 39: Figure 21 Add Device Powerstrip
3: E HAPTER XAMPLE ONFIGURATION ORKFLOW 4. Click Next to proceed. The Add Device description screen appears. Depending on the type of device you selected, you will see slightly different Add Device screens. 5. Type the device name in the Device Name field. Do not use spaces. 6.
Page 40: Configure Ports
Device Created successfully message confirms that device has been added. This step is very important. Make sure you select the correct associations and elements for the device. Some devices such as SX may take up to a minute to add. 9.
Page 41: Figure 24 Configure Serial Ports
3: E HAPTER XAMPLE ONFIGURATION ORKFLOW 3. Click Configure next to the serial port line item you wish to configure. The Configure Serial Port screen appears. 4. Type a port name in Port Name field. Typically, you should name the port after the target server the device connects to, for example, NYC_MsSrv1.
Page 42: Kvm Port
KVM Port 1. Click on the Devices tab and select a KVM device, for example, Dominion KX, from the Devices tree. 2. On the Devices menu, click Port Manager, and then click Configure Ports. Alternatively, you can right-click on the device and select Configure Ports. The Configure Ports screen appears.
Page 43: Add Users To System Administrators Group
3: E HAPTER XAMPLE ONFIGURATION ORKFLOW 5. Click on the Application Name drop-down menu and select name. This application, for example, Raritan Remote Console (RRC), is used to manage the target system. All ports should use RRC except for those on an SX. 6.
Page 44: Control User Access
5. If using local authentication, type the new password into the Password field (6-16 characters, alphanumeric characters and underscores). 6. If using local authentication, re-type password in Retype Password field. 7. Type a dial back number in the Dial Back Number field, if needed. 8.
Page 45: Figure 28 Add User Group Screen
3: E HAPTER XAMPLE ONFIGURATION ORKFLOW 2. On the Users menu, click Add User Group. Alternatively, right-click on a user group and select Add User Group. The Add User Group screen appears. 3. Type the group name in the User Group Name field (1-16 characters, alphanumeric characters and underscores).
Page 46: Create/Edit Port Groups
Create/Edit Port Groups CC-SG uses port groups to control user access. Policies can be applied to specific user groups that allow only access to those ports specified in the port group. For example, if you wanted to restrict user access to only UNIX ports, you would create a port group that included only UNIX ports.
Page 47: Create/Edit Policies
3: E HAPTER XAMPLE ONFIGURATION ORKFLOW 6. If needed, enter the Boolean logic to apply additional rules in the Validate panel. Example: use (Rule0 & Rule1) for AND or use (Rule0 | Rule1) for OR. Additional combinations can be used. 7.
Page 48: Apply Policies To User Groups
Sundays, and Custom to manually choose the days policy to be applied. If you choose Custom, check on the days of the week to apply the policy. 9. Click on a Permission value to select a permission type: Deny, or Control. 10.
Page 49: Add Users To User Group
3: E HAPTER XAMPLE ONFIGURATION ORKFLOW 6. Click OK to add the policy or policies to the group. A Group Policies Updated successfully message confirms that policies have been updated. 7. Repeat steps 1 through 6 to edit other groups’ policies. Add Users to User Group You now need to add users or drag and drop an existing user to the user group that has just been assigned a policy.
Page 50 OMMAND ENTER ECURE ATEWAY DMINISTRATOR UIDE 12. Type an email address for this user in the Email Address field, if desired. 13. Click OK to add this user to the system. A User Created successfully message indicates the user has been added to the system. 14.
Page 51: Chapter 4: Creating Associations
4: C HAPTER REATING SSOCIATIONS Chapter 4: Creating Associations Associations CC-SG provides powerful, highly customizable organizational capabilities. Associations provide this organizational capability and are used to organize your equipment. For example, you may have Raritan devices that manage target servers in a New York data center and a Philadelphia data center.
Page 52: Association Terminology
Other examples of typical Association configurations of Category and Elements are as follows: ATEGORY Location OS Type Department Port Type Association configurations should be kept simple to accomplish server/port organizational objectives and user access objectives. It is important to realize that a port can only be assigned to a single element of a category.
Page 53: How To Create Associations
4: C HAPTER REATING SSOCIATIONS • Devices—are Raritan products such as Dominion KX116, Dominion SX48, Dominion KSX440, IP-Reach, Paragon II System Controller, Paragon II UMT832 with USTIP, etc. that are managed by CC-SG. These devices control the target servers and systems that are connected to them.
Page 54: Add Category
Add Category 1. On the Associations menu, click Association Manager. The Association Manager screen appears. Figure 36 Association Manager Screen 2. Click Add in the Category panel to add a new category. The Add Category window appears. 3. Type a category name in the Category Name field. Maximum length is 31 characters. 4.
Page 55: Edit Category
4: C HAPTER REATING SSOCIATIONS Edit Category 1. On the Associations menu, click Association Manager. The Association Manager screen appears. 2. Click on the Category Name drop-down arrow and select the category to be edited. 3. Click Edit in the Category panel of the screen to edit the category. The Edit Category window appears.
Page 56: Add Element
Add Element 1. On the Associations menu, click Association Manager. The Associations Manager screen appears. Figure 40 Association Manager Screen 2. Click Add in the Element for Category panel to add a new element. The Add Element window appears. 3. Type the new element name in the Enter Value for Element field. 4.
Page 57: Edit Element
4: C HAPTER REATING SSOCIATIONS Edit Element 1. On the Associations menu, click Association Manager. The Association Manager screen appears. 2. Select the element to be edited from the Element For Category list and click Edit in the Elements For Category panel. The Edit Element window appears. 3.
Page 58: Association Wizard
Association Wizard The Association Wizard guides you through steps to create categories and their associated elements, as described in the Association Manager section above, then automates the creation of related Port Groups and Policies for those elements. 1. On the Associations menu, click Association Wizard. The Association Wizard screen appears.
Page 59: Figure 46 Adding Another Category
4: C HAPTER REATING SSOCIATIONS 5. If you wish to create another category, click Add Another Category and repeat steps 3 and Figure 46 Adding Another Category 6. When you are done creating categories, click Next at the bottom of the screen. The Confirm Choices screen of the Wizard appears.
Page 60: Figure 48 Association Wizard - Summary Screen
8. CC-SG will show a progress bar while it is creating the associations, port groups and policies. When this is complete, the Association Wizard Summary screen appears displaying the list what was created. Click Done to exit the wizard. Figure 48 Association Wizard - Summary Screen 9.
Page 61: Import Categories, Devices, Ports From Csv File
4: C HAPTER REATING SSOCIATIONS Import Categories, Devices, Ports from CSV File To expedite configuration, you can import pre-defined categories, elements of those categories, and the ports and devices to which the categories apply from a CSV file. After importing, you can have CC-SG validate the file to ensure the file was formatted properly.
Page 62: Csv File Format
CSV File Format The entries in the CSV file are case-sensitive and each row in the CSV file has this format: {tag},{value}[,{value},….] UBSEQUENT FIELDS CATEGORY Category Name,ValueType, Applicability CATEGORY Category Name, Element Name ELEMENT DEVICE Device Name, Category Name, Element Name PORT Device Name, Raritan Port ID or Port Number, Port Name, Category Name,...
Page 63: Figure 50 Analysis Report Screen
4: C HAPTER REATING SSOCIATIONS Once successfully imported, you should see something like: Figure 50 Analysis Report Screen If necessary, refer to Appendix F: Troubleshooting for problem resolution.
Page 64 OMMAND ENTER ECURE ATEWAY DMINISTRATOR UIDE...
Page 65: Chapter 5: Adding Devices And Device Groups
HAPTER ADDING DEVICES AND DEVICE ROUPS Chapter 5: Adding Devices and Device Groups Device Manager Device Manager commands allow you to configure Dominion series and IP-Reach units and their individual ports. From a CC-SG perspective, connection to a remote target device is made via a serial or KVM port.
Page 66: Device Icons
Device Icons Device available Port available KVM port connected – in current user session Port paused – because device is paused Port unavailable – because device is unavailable Port busy – other user connected to port Serial port available – not connected Serial port connected –...
Page 67: Add Device
HAPTER ADDING DEVICES AND DEVICE Add Device Use this command to add a new device to the system. 1. Click on the Devices tab. 2. On the Devices menu, click Device Manager, and then click Add Device. The Add Device selection screen appears.
Page 68: Figure 54 Add Device Screen For Raritan Devices
OMMAND ENTER ECURE ATEWAY DMINISTRATOR UIDE Figure 54 Add Device Screen for Raritan Devices Figure 55 Add Device Screen for iLO, RILOE...
Page 69: Figure 56 Add Device Screen For Ipmi Server (V 1.5)
HAPTER ADDING DEVICES AND DEVICE Figure 56 Add Device Screen for IPMI Server (v 1.5) Figure 57 Add Device Screen for Generic Device 5. Type the new device name in the Device name field. 6. Type the IP Address or Hostname of the new device in the Device IP or Hostname field. For hostname rules, see Terminology/Acronyms in Chapter 1: Introduction.
Page 70: Edit Device
KX Devices with Encryption CC-SG supports adding and managing Dominion KX devices, such as KX101, that have been configured with: • SSL authentication and no data encryption • SSL authentication and data encryption • SSL authentication and SSL data encryption •...
Page 71: Delete Device
HAPTER ADDING DEVICES AND DEVICE Delete Device 1. Click on the Devices tab and select a device from Devices tree. 2. On the Devices menu, click Device Manager, and then click Delete Device. The Delete Device screen appears. 3. Click OK to delete the device or Cancel to exit without deleting. A Device Deleted Successfully message confirms that the device has been deleted.
Page 72: Backup Device Configuration
Backup Device Configuration Use this command to back up all user configuration and system configuration files. If anything happens to your system, you can restore your previous configurations from memory. Note: Only for Dominion SX 2.5 devices or later, network settings, such as IP address, subnet mask, IP gateway are not included in the backup file.
Page 73: Copy Device Configuration
HAPTER ADDING DEVICES AND DEVICE Copy Device Configuration This command allows you to copy configurations from one device to another or multiple devices. Note: Configuration can only be copied between Dominion SX units and DSX units that have the same number of ports. 1.
Page 74: Ping Device
If the firmware version of the device is not compatible with CC-SG, a message will alert you and ask if you want to proceed (please see Chapter 2: Accessing CC-SG for additional information). Click Yes to upgrade the device, or No to cancel the operation. A Restart message appears;...
Page 75: Pause Device
HAPTER ADDING DEVICES AND DEVICE Pause Device You can pause a device to temporarily suspend CC-SG’s control of it without losing any of the configuration data stored within the CC-SG Server. 1. Click on the Devices tab and select a device from the Devices tree. 2.
Page 76: Custom View
Custom View You can customize the Devices tree by organizing devices to appear in a particular format. You might want to view devices by Country, by Time Zone, or by any other option that helps you differentiate between them. Set up a Custom View using the next few sessions. Please also see section Association Manager in Chapter 4: Creating Associations for more details on adding Categories to CC-SG.
Page 77: Add Custom View
HAPTER ADDING DEVICES AND DEVICE Add Custom View 1. Click on the Devices tab. 2. On the Devices menu, click Change View, and then click Custom View. The Custom View screen appears. 3. In the Custom View panel, click Add. An Add Custom View window appears. Figure 69 Add Custom View Window 4.
Page 78: Delete Custom View
5. In the Custom View Details panel, click on the drop-down arrow at the bottom of the panel. This list contains categories that you can use to filter custom views. Select a detail from the drop-down list and click Add to add the detail to the Custom View Details panel. Select as many details as needed.
Page 79: Topological View
HAPTER ADDING DEVICES AND DEVICE Topological View Use the Topological View command to view the structural setup of all the connected appliances in your configuration. 1. Click on the Devices tab and select a device from the Devices tree. 2. On the Devices menu, click Topological View. The Topological View for the selected device appears.
Page 80: Special Access To Paragon Ii System Devices
OMMAND ENTER ECURE ATEWAY DMINISTRATOR UIDE Special Access to Paragon II System Devices Paragon II System Controller (P2-SC) Paragon II System Integration users can add their P2-SC devices to the CC-SG Devices tree and configure them via the P2-SC Admin application from within CC-SG. For more detailed directions on using P2-SC Admin, please see Raritan’s Paragon II System Controller User Guide.
Page 81: Ip-Reach And Ust-Ip Administration
HAPTER ADDING DEVICES AND DEVICE ROUPS IP-Reach and UST-IP Administration You can also perform administrative diagnostics on IP-Reach and UST-IP devices connected to your Paragon System setup directly from the CC-SG interface. After adding the Paragon System device to CC-SG, it appears in the Devices tree. Right-click on the device icon in the Devices tree and select Remote User Station Admin.
Page 82: Device Power Manager
Device Power Manager Before using the Device Power Manager view, make a physical connection of a PowerStrip to a Dominion SX or Dominion KSX unit. When you add the PowerStrip device, define this connection in CC-SG. Once the PowerStrip is added, you can associate it with the Dominion SX serial ports or with Dominion KSX dedicated power ports.
Page 83: Discover Devices
HAPTER ADDING DEVICES AND DEVICE Discover Devices Use this command to initiate a search for all devices on your system. The search will automatically detect all newly attached, and previously existing Raritan devices on your network, including Paragon, P2-SC, IP-Reach, Dominion KX, Dominion KSX units, IPMI servers, and CC-SGs.
Page 84: Figure 81 Add Device Screen
Select a device from the list and click Add to add the device to CC-SG or click Close to exit without adding the device. If you clicked Add, the Add Device screen appears. Type the user name and password (that were created specifically for CC-SG in the device) in the Username and Password fields to allow CC-SG to authenticate the device when communicating with it in the future.
Page 85: Device Group Manager
HAPTER ADDING DEVICES AND DEVICE Device Group Manager Use the Device Groups Manager screen to add, edit, assign, and remove device groups and the rules that govern them. First add a Device Group, then add a Device Rule(s) to make working with and viewing devices easier.
Page 86: Edit Device Group Name
Edit Device Group Name 1. On the Associations menu, click Groups Manager, and then click Device Group Manager. The Device Group Manager screen appears. Figure 84 Device Groups Manager Screen 2. Click on the Groups drop-down arrow and select the group to be edited from the list. Click Edit and the Edit Device Group window appears.
Page 87: Delete Device Group
HAPTER ADDING DEVICES AND DEVICE Delete Device Group 1. On the Associations menu, click Groups Manager, and then click Device Group Manager. The Device Groups Manager screen appears. Figure 86 Device Groups Manager Screen 2. Click on the Group Names drop down arrow and select the device group to be deleted. Click Delete and the Delete Device Group window appears.
Page 88: Delete Device Rule
Important: You can combine the application of two or more rules by using operators such as ‘&’ meaning ‘and’ or ‘ ⎜’ (vertical bar that shares the <\> key on your keyboard) meaning ‘or.’ Note: When you select a category, make sure you select a proper operator that relates to the element in order for the rule to take effect.
Page 89: Search For Devices
HAPTER ADDING DEVICES AND DEVICE Search for Devices CC-SG can search for a device name that satisfies the text entered in the search box. Searches are case-insensitive. 1. Click on the Devices tab. 2. At the bottom of the window, enter a search string in Search For Device. 3.
Page 90: Disconnect Users
Examples are as follows: XAMPLE Locates KX1, and KXZ, but not KX1Z Locates KX1, KX, KX1, and KX1Z KX[0-9][0-9]T Locates KX95T, KX66T, but not KXZ and KX5PT Disconnect Users Administrators can terminate any user's session with a device. This includes users who are performing any kind of operation on a device, such as, connecting to ports, backing up the configuration of a device, restoring a device’s configuration, or upgrading the firmware of a device.
Page 91: Chapter 6: Configuring Ports And Port Groups
6: C HAPTER ONFIGURING ORTS AND Chapter 6: Configuring Ports and Port Groups This chapter discusses how to configure and edit ports and port groups. Procedures on how to use ports (connect, disconnect, bookmark ports, search for ports, create views, use port power management, use port chat) are described in Raritan’s CommandCenter Secure Gateway User Guide.
Page 92: Figure 93 The Ports Tab And View Kvm Port Screen
OMMAND ENTER ECURE ATEWAY DMINISTRATOR UIDE When you click on the Ports tab, the Ports tree displays information about the Ports connected with CC-SG. Clicking on a port causes the View Port screen to appear. Ports are arranged alphabetically by name, or grouped by availability status. Ports arranged by status are sorted alphabetically within their availability grouping.
Page 93: Port Icons
6: C HAPTER ONFIGURING ORTS AND Port Icons For easier identification, different ports have different icons in the tree. In addition, availability status of each port also has a different icon. For a description of what the icons represent, please see the table below.
Page 94: Configure Port
Configure Port Configure a Serial Port Click on the Devices tab and select a serial device from the Devices tree. 1. On the Devices menu, click Port Manager, and then click Configure Ports. The Configure Ports screen appears. 2. To make ports easier to find, click on a column header to sort the ports by that attribute in ascending order.
Page 95: Figure 95 Configure Serial Ports Screen
6: C HAPTER ONFIGURING ORTS AND 3. Click the Configure button that corresponds to the serial port line item you wish to configure. The Configure Serial Port screen appears. Figure 95 Configure Serial Ports Screen 4. Type a port name in Port Name field. For ease of use, you should name the port after the server that is connected to the port.
Page 96: Figure 97 In-Band Parameters
11. Click In-Band Parameters if you want to allow in-band access for this Serial port. 12. Click on the In-band application drop-down arrow and select either RemoteDesktop Viewer, SSH Client, VNC Viewer. Type the IP address of the target associated with this port in the Target IP Address field, type the port used by the In-band application in Target TCP Port, and type a username that is used to login to the in-band application in the Target Username field.
Page 97: Configure A Kvm Port
6: C HAPTER ONFIGURING ORTS AND Configure a KVM Port 1. Click on the Devices tab and select a KVM device from the Devices tree. 2. On the Devices menu, click Port Manager, and then click Configure Ports. The Configure Ports screen appears.
Page 98: Figure 100 In-Band Parameters
5. Type a port name in the Port Name field. For ease of use, you should name the port after the server that is connected to the port. 6. Click on the Application Name drop-down arrow and either use the default application as configured in Application Manager or select another application if desired.
Page 99: Figure 102 Configure Ports Screen
6: C HAPTER ONFIGURING ORTS AND Configure a Generic Port with In-Band Access In-band access to Generic devices, such as hubs, Windows servers, CISCO routers, can be managed with one of these in-band applications: • Windows Remote Desktop (RDP) • Secure Shell (SSH) •...
Page 100: Figure 104 Configure Ports Screen For Powerstrip Device
7. Type a Target Username that the application will use as a Start-up parameter. If a target name is supplied, then only a password is required when accessing a target. 8. Select the associated category and element from the Port Associations table. 9.
Page 101: Figure 106 Configure Outlet Port Screen
6: C HAPTER ONFIGURING ORTS AND 3. Click the Configure button that corresponds to the outlet port line item you wish to configure. A Configure Outlet Port screen appears. Figure 106 Configure Outlet Port Screen 4. Type the port name in the Port Name field. For ease of use, you should name the port after the server that is connected to the port.
Page 102: Figure 107 Delete Port Screen
Delete Ports Delete a port to remove the port entry from the Ports tree and Cancel all accessibility of the remote target device. 1. Click on the Ports tab and select a port to be deleted. 2. On the Devices menu, click Port Manager, and then click Delete Port. The Delete Port screen appears.
Page 103: Figure 108 Bulk Copy Screen
6: C HAPTER ONFIGURING ORTS AND Bulk Copy To save time, use the Bulk Copy command to duplicate Port names or associations to other ports. 1. Click on the Ports tab and select a port whose data you want to copy to another. 2.
Page 104: Edit Port
OMMAND ENTER ECURE ATEWAY DMINISTRATOR UIDE Edit Port Edit a Serial Port 1. Click on the Ports tab and select a serial port to be edited. 2. On the Ports menu, click Edit Port. The Edit Serial Port screen appears. Figure 109 Edit Serial Port Screen 3.
Page 105: Figure 110 Edit Kvm Port Screen
6: C HAPTER ONFIGURING ORTS AND ROUPS Edit a KVM Port 1. Click on the Ports tab and select a KVM port to be edited. 2. On the Ports menu, click Edit Port. The Edit KVM Port screen appears. Figure 110 Edit KVM Port Screen 3.
Page 106: Figure 111 Edit Generic Port Screen
Edit a Generic Port 1. Click on the Ports tab and select a Generic port to be edited. 2. On the Ports menu, click Edit Port. The Edit Generic Port screen appears. Figure 111 Edit Generic Port Screen 3. Type a new port name in the Port Name field. 4.
Page 107: Port Group Manager
6: C HAPTER ONFIGURING ORTS AND Port Group Manager Add Port Group 1. On the Associations menu, click Groups Manager and then click Port Group Manager. The Port Groups Manager screen appears. Figure 112 Port Groups Manager Screen 2. Click Add in the Group panel to add a new group. The Add Port Group window appears. Figure 113 Add Port Group Window 3.
Page 108: Figure 114 Edit Port Group Window
Edit Port Group 1. On the Associations menu, click Groups Manager and then click Port Group Manager. The Port Groups Manager screen appears. 2. Click on the Group Name drop-down arrow and select a group to edit. Click Edit in the Group panel.
Page 109: Chapter 7: Adding Users And User Groups
7: A HAPTER DDING SERS AND ROUPS Chapter 7: Adding Users and User Groups User Manager commands are listed in the Users menu and allow you to define the CC-SG user list and assign user privileges for performing various functions. CC-SG maintains a centralized user access list.
Page 110: Edit User
8. Check the Force Change Password on Next Login check box if you want this user to be forced to change password the next time he or she logs in to CC-SG. 9. Check the Force Change Password Periodically check box if you want this user to have to change his or her password from time to time.
Page 111: Change User Password
7: A HAPTER DDING SERS AND ROUPS 5. Check the Force Change Password Periodically check box if you want this user to have to change his or her password from time to time and specify an expiration period for this user’s password in the Expiration Period field.
Page 112: Delete User
2. Type your old password in the Old Password field. 3. Type your new password in the Password field. You cannot re-use your old password. 4. Re-type your password in the Retype Password field. 5. Click OK to change your password or Cancel to exit without saving. A User Profile Updated Successfully message confirms that your password has been changed.
Page 113: Logoff User(S)
7: A HAPTER DDING SERS AND ROUPS Logoff User(s) Use this command to disconnect any logged-in user from CC-SG. 1. Click on the Users tab and select a user from the Users tree. Note: To select more than one user, hold the CTRL key and click on additional users. 2.
Page 114: Bulk Copy
Bulk Copy To save time, use the Bulk Copy command to duplicate user profiles or port assignments when creating new users. 1. Click on the Users tab and select a user from the Users tree whose properties you want to copy to another user(s).
Page 115: Add User To Group
7: A HAPTER DDING SERS AND ROUPS Add User to Group To manage users with similar privileges, you can assign them to groups. When you add a user to any group, you are assigning the group’s privileges to that user (please see the section Add User Group in this chapter for more information about groups).
Page 116: Add User Group
Add User Group Use the Add User Group command to create specific groups and assign them different privileges, depending on the needs of your work environment. Groups can help you keep your system organized. Assign privileges, or features, to Groups upon creating them. These Select Privileges are privileges of either a command type or an event type.
Page 117: Edit User Group
7: A HAPTER DDING SERS AND ROUPS Edit User Group This command allows you to rename group and modify its Features. Important: Please remember that you must be an Administrator to modify User Groups. The category Users Not In Group cannot be modified. Members of that group have observation rights only.
Page 118: Apply (Edit) User Group Policies
Apply (Edit) User Group Policies Groups can be assigned policies, or permissions, that allow them to view and/or control devices and ports. Depending on which policies are assigned to them, groups might have: No Rights, Some Rights, Control Rights, or Full Administration Rights. Policies can be set up using Policy Manager commands, as described in the section Policy Manager, later in this chapter.
Page 119: Delete User Group
7: A HAPTER DDING SERS AND ROUPS Delete User Group This command allows you to remove a group name from the system. Users from the deleted group will be re-assigned to the category Users Not In Group, displayed at the base of the Users tree.
Page 120: Search For Users
6. Click OK to assign users to the group or Cancel to exit without saving. A Users Assigned Successfully message confirms that users have been assigned. 7. Repeat steps 1 through 6 to assign users to other groups. Search for Users CC-SG can search for a user that satisfies the text entered in the search box.
Page 121: Supported Wildcards
7: A HAPTER DDING SERS AND ROUPS Supported Wildcards These wildcards are supported: ILDCARD Example: XAMPLE root? ccroot* admin[0-9][0-9] ESCRIPTION Indicates any character. Indicates a character in range. Indicates zero or more characters. ESCRIPTION Locates root1, and rootN, but not root1N Locates ccroot2SX, ccroot12KX Locates admin11, but not admin112...
Page 122 OMMAND ENTER ECURE ATEWAY DMINISTRATOR UIDE...
Page 123: Chapter 8: Creating Policies
8: C HAPTER REATING OLICIES Chapter 8: Creating Policies Controlling User Access with Policies Using policies to control user access to ports is entirely optional. You could decide to assign all users to the default System Administrators user group, which grants full access to all configuration tasks, devices, ports, target systems and servers.
Page 124: User Groups
User Groups User groups are used to define a group of users and CC-SG privileges they possess. When a user logs on, they will see the CC-SG interface. The user group privileges define what the user can do with CC-SG. The default System Administrators user group has access to all managed devices and ports as well as all CC-SG functions.
Page 125: Policies
8: C HAPTER REATING OLICIES Policies Policies define what you can do, what you can do it to, and when you can do it. Policies allow specification of days and times, port/device access, and if it was granted control access (Read/Write), or deny access (None).
Page 126: Policy Manager
Policy Manager Policy Manager commands allow you to add, edit, delete, and assign policies to Device and Port groups. Policies give users rights to allow or deny access to groups. Please see Appendix C: Initial Setup Process Overview for more information on using policies. Add Policy 1.
Page 127: Edit Policy
8: C HAPTER REATING OLICIES 10. Click Update to add the policy. The Update Policy window appears 11. Click Yes to add the policy or No to close the window. 12. Click Close to close the Policy Manager screen. 13. Repeat steps 1 through 12 to add other policies. Edit Policy 1.
Page 128: Delete Policy
OMMAND ENTER ECURE ATEWAY DMINISTRATOR UIDE Delete Policy 1. On the Associations menu, click Policy Manager. The Policy Manager screen appears. 2. Click on the Name drop-down arrow to select a policy to be deleted. Click Delete to delete the policy. The Delete Policy window appears. Figure 137 Delete Appliance Policy Window 3.
Page 129: Chapter 9: Configuring Remote Authentication
9: C HAPTER ONFIGURING EMOTE UTHENTICATION Chapter 9: Configuring Remote Authentication Authentication and Authorization Users of CC-SG can be locally authenticated and authorized on the CC-SG or remotely authenticated using the following supported directory servers: • Microsoft Active Directory (AD) •...
Page 130: Establish Order Of Authentication Databases
Establish Order of Authentication Databases The General properties allow you to set the order of your authentication databases. If the first checked option is unavailable, CC-SG will try the second, then the third, and so on, until it is successful. 1.
Page 131: Base Dn
9: C HAPTER ONFIGURING EMOTE UTHENTICATION Base DN You also enter a Distinguished Name (DN) to specify where the search for users begins. Enter a DN in the Base DN field to specify an Active Directory container in which the users can be found. For example, entering: ou=DCAdmins,ou=IT,dc=xyz,dc=com will search all users in the DCAdmins and IT organizational units under the xyz.com domain.
Page 132: Figure 140 Active Directory Users
2. On the Active Directory server, set up your users under the Users organizational unit (ou). These users will log into the CC-SG but are authenticated on the Active Directory server. Note that the display name of joe raritan can be different from the CC-SG login user name, for example jraritan.
Page 133: Setup On Cc-Sg
9: C HAPTER ONFIGURING EMOTE UTHENTICATION Setup on CC-SG 1. On CC-SG, click Security Manager from the Setup menu. When the Security Manager screen appears, click Add External AA Server. 2. In the Add Module screen, select AD from the Module Type pulldown menu. Figure 142 Specifying a Name for Active Directory Server 3.
Page 134: General Settings On Cc-Sg
General Settings on CC-SG 1. Type the IP Address/Hostname of the Active Directory server. For hostname rules, see Terminology/Acronyms in Chapter 1: Introduction. Figure 143 Specifying General Values for Active Directory Server 2. Check Anonymous Bind if you want to connect to the Active Directory server without specifying a username and password.
Page 135: Advanced Settings On Cc-Sg
9: C HAPTER ONFIGURING EMOTE UTHENTICATION Advanced Settings on CC-SG 1. If you want to configure advanced settings, click on the Advanced tab. Figure 144 Specifying Advanced Values for Active Directory Server 2. Specify a port (default is 389) on which the Active Directory server is listening. 3.
Page 136 5. Specify a Base DN (directory level/entry) under which the authentication search query will be executed. XAMPLE dc=raritan,dc=com cn=Administrators,cn=Users,dc=raritan,dc=com The search query for the user entry 6. Type a user’s attributes in Filter so the search query will be restricted to only those entries that meet this criterion.
Page 137: Group Settings On Cc-Sg
9: C HAPTER ONFIGURING EMOTE UTHENTICATION Group Settings on CC-SG Use to retrieve groups from the AD server and import into CC-SG local database for authorization purposes. 1. Click on the Groups tab. Figure 145 Specifying Group Values for Active Directory Server 2.
Page 138: Figure 146 Importing Groups From Active Directory Server
5. On CC-SG, in the Security Manager screen, click Import Groups… to retrieve a list of user group values stored on the Active Directory server. If any of the user groups are not already on the CC-SG, you can import them here and assign them an access policy. Figure 146 Importing Groups from Active Directory Server 6.
Page 139: Figure 148 Viewing Policy Of Imported Group
9: C HAPTER ONFIGURING EMOTE UTHENTICATION 10. Verify the policy of the group that was imported by clicking the Users tab, right-clicking on the group and selecting Edit User Group Policies. Look under Selected Policies to confirm the policy that the correct policy was assigned to the group. Figure 148 Viewing Policy of Imported Group 11.
Page 140: Ldap (Netscape)
OMMAND ENTER ECURE ATEWAY DMINISTRATOR UIDE LDAP (Netscape) Once the CC-SG applet is started and a user name and password are entered, a query is forwarded either through CC-SG or directly to the LDAP server. If the username and password match those in the LDAP directory, the user is authenticated.
Page 141: Figure 151 Security Manager Ldap Screen General Tab
9: C HAPTER ONFIGURING EMOTE UTHENTICATION 2. In Add Module screen, select LDAP from the pulldown menu, specify a name for the server, and click Next. Figure 151 Security Manager LDAP Screen General Tab 3. Type the IP address or hostname of the LDAP server in the IP Address/Hostname field. For hostname rules, see Terminology/Acronyms in Chapter 1: Introduction.
Page 142: Figure 152 Security Manager Ldap Screen Advanced Tab
11. Click Test Connection to test the LDAP server using the given parameters. You should receive a confirmation of a successful connection. If not, review the settings carefully for errors and try again. 12. Click on the Advanced tab to set advanced configuration options for the LDAP server. Figure 152 Security Manager LDAP Screen Advanced Tab 13.
Page 143: Sun One Ldap (Iplanet) Configuration Settings
9: C HAPTER ONFIGURING EMOTE UTHENTICATION Sun One LDAP (iPlanet) Configuration Settings If using a Sun One LDAP server for remote authentication, use this example for parameter settings: ARAMETER IP Address/Hostname User Name Password BaseDN Filter Passwords (Advanced Screen) Password Default Digest (Advanced) Use Bind Use Bind After Search OpenLDAP (eDirectory) Configuration Settings...
Page 144: Tacacs
OMMAND ENTER ECURE ATEWAY DMINISTRATOR UIDE TACACS+ CC-SG users who are remotely authenticated by a TACACS+ server need to be created on the TACACS+ server and on CC-SG. The user’s user name on the TACACS+ server and on CC-SG must be the same, although the passwords may be different. Please see Chapter 7: Adding Users and User Groups for additional information on adding users who will be remotely authenticated.
Page 145: Figure 154 Specifying A Tacacs+ Server
9: C HAPTER ONFIGURING EMOTE UTHENTICATION 2. In the Add Module screen, select TACACS+ from the pulldown menu, specify a name for the server, and click Next. Figure 154 Specifying a TACACS+ Server 3. Type the IP address or hostname of the TACACS+ server in the IP Address/Hostname Name field.
Page 146: Radius
RADIUS CC-SG users who are remotely authenticated by a RADIUS server need to be created on the RADIUS server and on CC-SG. The user’s user name on the RADIUS server and on CC-SG must be the same, although the passwords may be different. Please see Chapter 7: Adding Users and User Groups for additional information on adding users who will be remotely authenticated.
Page 147: Certificate
9: C HAPTER ONFIGURING EMOTE UTHENTICATION 3. Type the IP address or hostname of the RADIUS server in the IP Address/Hostname field. For hostname rules, see Terminology/Acronyms in Chapter 1: Introduction. 4. Type the port number in the Port Number field. 5.
Page 148: Generate Certificate Signing Request
Generate Certificate Signing Request The following explains how to generate a CSR and a private key on CC-SG. The CSR will be submitted to the Certificate Server who will issue a signed certificate. A root certificate will also be exported from the Certificate Server and saved in a file. The signed certificate, root certificate, and private key will then be imported.
Page 149: Generate Self Signed Certificate Request
9: C HAPTER ONFIGURING EMOTE UTHENTICATION 11. Type raritan in the Password field if the CSR was generated by CC-SG. If a different application generated the CSR, use that password for that application. Note: If the imported certificate is signed by a root and subroot CA (certificate authority), using only a root or subroot certificate will fail.
Page 150: Ip-Acl
IP-ACL This feature restricts access to CC-SG based on IP addresses. Specify an IP-access control list (IP-ACL) by entering an IP address range, the group to which it applies, and an Allow/Deny privilege. 1. On the Setup menu, click Security Manager. When the Security Manager screen appears, click on the IP-ACL tab.
Page 151: Chapter 10: Generating Reports
10: G HAPTER ENERATING EPORTS Chapter 10: Generating Reports Reports can be sorted by clicking on the column headers. Click on a column header such as User Name, Access Time, etc., to sort report data by that value. The data will refresh in ascending order alphabetically, numerically, or chronologically.
Page 152: Active Ports Report
3. Click Manage Report Data… to save or print the report. Click Save to save the report to a location of your choice or Print to print the report. Figure 163 Manage Report Window 4. Click Close to close the Manage Report window. 5.
Page 153: Asset Management Report
10: G HAPTER ENERATING EPORTS Asset Management Report The Asset Management report displays data on current devices. 1. On the Reports menu click Asset Management Report. The Asset Management report is generated. Figure 165 Asset Management Report 2. Click on the Device Type drop-down arrow to display a list of possible devices for which to run the report.
Page 154: Audit Trail Report
Audit Trail Report The Audit Trail report displays audit logs and access in CC-SG. It captures actions such as adding, editing, or deleting devices or ports, and other modifications. CC-SG maintains an Audit Trail of the following events: • When CC-SG is launched •...
Page 155: Figure 167 Audit Trail Report
10: G HAPTER ENERATING EPORTS 6. The Audit Trail report is generated, displaying data about sessions that occurred during the designated time period. 7. Click Manage Report Data… to save or print the report. Click Save to save the records that are displayed to a CSV file or click Save All to save all records.
Page 156: Error Log Report
Error Log Report CC-SG stores error messages in a series of Error Log files, which can be brought up and used to help troubleshoot system problems. You can filter the search criteria by date, message type, username, class, host, and level. Messages can be grouped by fatal, error and warning level.
Page 157: Figure 169 Error Log Report
10: G HAPTER ENERATING EPORTS 6. The Error Log report is generated, displaying data about sessions that occurred during the designated time period. 7. Click Manage Report Data… to save or print the report. Click Save to save the records that are displayed to a CSV file or click Save All to save all records.
Page 158: Ping Report
OMMAND ENTER ECURE ATEWAY DMINISTRATOR UIDE Ping Report The Ping Report displays the status of all connections, showing devices by name and IP address. This report gives you the full accessibility picture for all devices on your system, and will supply information that could be useful in case troubleshooting is necessary.
Page 159: Accessed Devices Report
10: G HAPTER ENERATING EPORTS Accessed Devices Report Run the Accessed Devices report to view information about any accessed devices, when they were accessed, and the user who accessed them. Filters will help you define the search criteria for a more concise report. 1.
Page 160: Figure 172 Accessed Devices Report
5. Click OK to run the report. Figure 172 Accessed Devices Report 6. The Accessed Devices report is generated, displaying data about devices accessed during the designated time period. 7. Click Manage Report Data… to save or print the report. Click Save to save the records that are displayed to a CSV file or click Save All to save all records.
Page 161: Group Data Report
10: G HAPTER ENERATING EPORTS Group Data Report The Group Data report displays user, port, and device Group information. View user groups by name and description, view port groups by name, and view device groups by name, all in one screen.
Page 162: User Data Report
User Data Report The User Data report displays certain data on all users in the CC-SG database. From User Name field you can see names of users currently in session and view details of users currently not in session. From Phone field you can see user dial back telephone number. From Enabled field you can see information if check box Login is enabled.
Page 163: Users In Groups Report
10: G HAPTER ENERATING EPORTS Users In Groups Report The Users In Group report displays data on users and the groups with which they are associated. 1. On the Reports menu, click Users In Groups. The Users In Groups report is generated. Use the scroll bar to scroll through the list and view all entries.
Page 164: Query Port Report
Query Port Report The Query Port Report displays all ports according to port status. 1. On the Reports menu, click Query Port. The Query Port screen appears. 2. Click on one or more checkboxes to customize the port information you want to see in the report.
Page 165: View Stored Reports
10: G HAPTER ENERATING EPORTS View Stored Reports The View Stored Reports displays reports that were scheduled in the Task Managersee section Task Manager in Chapter 12: Advanced Administration. 1. On the Reports menu, click View Stored Reports. 2. Click Get Reports to view the entire list of all scheduled reports that were created by all owners.
Page 166: Locked Out Users Report
Locked Out Users Report The Locked Out Users report displays users who are currently locked out of CC-SG. You can unlock them from this report. 1. On the Reports menu, click Locked Out Users. Figure 178 Locked Out Users Report 2.
Page 167: Cc-Noc Synchronization Report
10: G HAPTER ENERATING EPORTS CC-NOC Synchronization Report The CC-NOC Synchronization report lists all targets, along with their IP addresses, that the CC- SG subscribes to and are monitored by a CC-NOC given a particular discovery date. Any new targets that are discovered in the configured range are displayed here as well. See Add a CC- NOC in Chapter 12: Advanced Administration for details.
Page 168 OMMAND ENTER ECURE ATEWAY DMINISTRATOR UIDE...
Page 169: Chapter 11: System Maintenance
11: S HAPTER YSTEM AINTENANCE Chapter 11: System Maintenance Reset CC-SG Use the Reset CommandCenter command to reset CC-SG database data – please note that this command will not reset system configuration data, such as the IP address of CC-SG. 1.
Page 170: Restore Cc-Sg
Restore CC-SG 1. On the Setup menu, click Restore CommandCenter. 2. When the Restore CommandCenter screen appears, choose if you want to click on the backup that you want to restore to your CC-SG unit, and then click OK. Figure 182 Restore CC-SG Screen 3.
Page 171: Saving And Uploading Backup Files
11: S HAPTER YSTEM AINTENANCE Saving and Uploading Backup Files You can also save and load CC-SG backups to and from your local PC using the Restore CommandCenter screen. 1. Click on the backup you wish to save to your PC, and then click Download. 2.
Page 172: Refresh Cc-Sg Display
Refresh CC-SG Display Any edits or modifications made to users, ports, categories, elements, and other system components are not reflected in the system until the database is updated. If you are logged in while another user is updating the database, you will not see these changes unless you refresh your screen (or log out of CC-SG and log back in).
Page 173: Upgrade Cc-Sg
11: S HAPTER YSTEM AINTENANCE Upgrade CC-SG Note: If you are operating a CC-SG cluster, you must remove the cluster first and upgrade each node separately.Before you can upgrade CC-SG, you must be in Maintenance Mode. See section Maintenance Mode in Chapter 11: System Maintenance for additional information. 1.
Page 174: Shut Down Cc-Sg
5. Click OK to restart CC-SG or Cancel to exit the screen without restarting. Once you restart CC-SG, your Broadcast Message appears. 6. Click OK to restart CC-SG. 7. CC-SG will restart, and is ready for use. Shut Down CC-SG These are the recommended methods for Administrators to shut down and restart CC-SG.
Page 175: End Cc-Sg Session
11: S HAPTER YSTEM AINTENANCE End CC-SG Session Log Out To exit CC-SG at the end of a session, or to refresh the database in case you or another user has made changes while you were logged in, log off from CC-SG entirely, then log in again. 1.
Page 176: Scheduled Tasks
Scheduled Tasks Scheduled tasks cannot execute while CC-SG is in Maintenance Mode─please see section Task Manager in Chapter 12: Advanced Administration for additional information on scheduled tasks. When CC-SG exits Maintenance Mode, scheduled tasks will be executed as soon as possible.
Page 177: Chapter 12: Advanced Administration
HAPTER ADVANCED ADMINISTRATION Chapter 12: Advanced Administration Configuration Manager Network Configuration 1. On the Setup menu, click Configuration Manager. When the Configuration Manager screen appears, click on the Network Setup tab. Figure 192 Configuration Manager Network Settings Screen 2. Type the CC-SG hostname in the Host Name field. For hostname rules, see Terminology/Acronyms in Chapter 1: Introduction.
Page 178: Figure 193 Primary/Backup Network
A. Choose Primary/Backup mode to implement network failover and redundancy. In this mode, only one NIC is active at a given point of time and only one network IP address assignment is possible. Figure 193 Primary/Backup Network Typically, both NICs are attached to the same LAN sub-network, but different switches (or hubs) may be used for reliability.
Page 179: Log Configuration
HAPTER ADVANCED ADMINISTRATION In this mode, CC-SG acts as a “router” or “traffic cop” between two separate IP domains; particularly when Proxy mode is being used (please see Connection Mode, later in this chapter, for additional information). In Proxy mode, Active/Active mode is required so CC-SG routes proxied PC client sessions to their respective end-points.
Page 180: Inactivity Timer Configuration
Click on the Level to Forward drop-down arrow to select a level. Repeat steps 2 and 3 for Secondary Server fields (note that Secondary Server is optional). Click Update Configuration to save the server addresses to the system. Click Close to close the Configuration Manager screen. Inactivity Timer Configuration Use this screen to time out inactive user sessions.
Page 181: Time/Date Configuration
HAPTER ADVANCED ADMINISTRATION Time/Date Configuration CC-SG’s Time and Date stamps must be accurately maintained in order to provide credibility for its device-management capabilities. Important! This time is used when scheduling tasks in Task Manager⎯see section Task Manager in Chapter 12: Advanced Administration. The time set on the client may be different than the time set on CC-SG.
Page 182: Modem Configuration
Modem Configuration Use this screen to access CC-SG from a client machine over a dial-up connection. This method of accessing CC-SG can be used in emergency situations. Note: A modem is not available and cannot be configured on the V1 platform. Configure CC-SG 1.
Page 183: Figure 200 Extra Initialization Commands
HAPTER ADVANCED ADMINISTRATION 4. Click on the Advanced tab. Figure 200 Extra Initialization Commands 5. Type an initialization command in Extra initialization commands that will be used by your modem to set the “Carrier detection” flag. For example, type at&c for a SoftK56 Data Fax modem.
Page 184: Figure 202 New Connection Wizard
4. Click Next. Figure 202 New Connection Wizard 5. Click Connect to the network at my workplace. 6. Click Dial-up connection. 7. Type a name for CC-SG, for example CommandCenter. 8. Type the phone number used to connect to CC-SG and click Next. This is NOT the dial-back number that was configured as the Client phone under the Modem tab in Configuration Manager on CC-SG.
Page 185: Figure 205 Specify Dial-Up Script
HAPTER ADVANCED ADMINISTRATION 10. In the next screen, typically you want to click My use only in the next screen to make the connection available only to yourself. 11. Click Finish in the last screen to save the connection settings. Configure the Call-back Connection If the CC-SG uses a call-back connection, you need to use a script file that is described below.
Page 186: Figure 206 Connecting To Cc-Sg
transmit "ccclient^M" endproc Connect to CC-SG with Modem To connect to CC-SG: 1. On the start menu, click My Network Places. 2. Click view network connections under Network Tasks. 3. Double-click on the CommandCenter connection. 4. Type a username of ccclient and password of cbupass. Figure 207 Entering username and password 5.
Page 187: Figure 208 After Dial Terminal
HAPTER ADVANCED ADMINISTRATION 7. If Show terminal window was checked as described in section Configure the Call-back Connection earlier in this chapter, then a window similar to the one below will be displayed: 8. Wait 1 or 2 minutes and in a supported browser, enter the IP address of CC-SG that was configured as the Server address under the Modem tab in Configuration Manager on CC- SG and login to CC-SG.
Page 188: Connection Mode
Connection Mode When connected to a device, you have the option to pass data back and forth directly with that device (Direct Mode) or to route all the data through your CC-SG unit (Proxy Mode). While Proxy Mode increases the bandwidth load on your CC-SG server, you only need to keep the CC- SG TCP ports (80, 443, and 2400) open in your firewall.
Page 189: Figure 210 Configuration Manager Connection Screen - Both
HAPTER ADVANCED ADMINISTRATION iii. Click the Add button to add the Net Address and Mask to the screen. You may have to use the scroll bar on the right side of the screen to view the Add/Remove/Update buttons) Figure 210 Configuration Manager Connection Screen – Both...
Page 190: Device Settings
Device Settings 1. On the Setup menu, click Configuration Manager. When the Configuration Manager screen appears, click on the Device Settings tab. 2. To update device Default Port, select a Device Type in the table and double-click on the Default Port value. Type the new Default Port value and press the Enter key. 3.
Page 191: Snmp
HAPTER ADVANCED ADMINISTRATION SNMP Simple Network Management Protocol allows CC-SG to push SNMP traps (event notifications) to an existing SNMP manager on the network. Only a CC-SG Administrator trained in handling an SNMP infrastructure should configure CC-SG to work with SNMP. CC-SG also supports SNMP GET/SET operations with third-party enterprise Management Solutions, such as HP OpenView.
Page 192: Configure Security
System Log traps, which include notifications for the status of the CC unit itself, such as a hard disk failure, and Application Log traps for notifications generated by events in the CC application, such as modifications to a user account. To enable traps by type, check the boxes marked System Log and Application Log.
Page 193: Strong Password Rules
HAPTER ADVANCED ADMINISTRATION Strong Password Rules Strong password rules require users to observe strict guidelines when creating passwords, which makes the passwords more difficult to guess and, in theory, more secure. Administrators can enable or disable this feature ⎯ see the previous section Configure Security. When strong passwords are enabled, a password change will be rejected unless it meets the following criteria: •...
Page 194: Application Manager
OMMAND ENTER ECURE ATEWAY DMINISTRATOR UIDE 6. Type an email address in Lockout notification email so notification is sent to the address informing the recipient that lockout has occurred. If the field is blank, notification is not sent. 7. Type a phone number in Administrator’s Phone if the administrator needs to be contacted. 8.
Page 195: Edit Application
HAPTER ADVANCED ADMINISTRATION 4. Click OK to add the new application or Cancel to close the window. If you clicked OK, a search window appears. 5. Click on the Look In drop-down arrow and navigate to locate the application in your system. When you find the application, select it, and click Open.
Page 196: Delete Application
6. Modify parameters in the Parameters panel and click the Update button in the Details panel of the screen. The parameters will be updated. 7. Click Close to close the Application Manager screen. Delete Application Deleting an application from the Application Manager removes it from the CC-SG database, although it is still retained in the local directory.
Page 197: Delete Firmware
HAPTER ADVANCED ADMINISTRATION 2. Click Add to add a new firmware file. A search window appears. 3. Click on the Look In drop-down arrow and navigate to locate the firmware file in your system. When you find the firmware, select it, and click Open. The firmware name will appear in the Firmware Name field.
Page 198: Add A Cc-Noc
Add a CC-NOC Note: To create a valid connection, the time settings on both the CC-NOC and CC-SG should be synchronized. The best method of achieving this synchronization, it to use a common NTP (Network Time Protocol) server. For this reason, the CC-NOC and CC-SG are required to be configured to use an NTP server.
Page 199: Figure 226 Add Cc-Noc Configuration Screen
HAPTER ADVANCED ADMINISTRATION 3. Select a software version of CC-NOC you want to add and click Next. Version 5.1 has fewer integration features than 5.2 and only requires adding a name and an IP address. For additional information on CC-NOC 5.1, please see www.raritan.com/support. Click on Product Documentation, then CommandCenter NOC.
Page 200: Figure 227 Cc-Noc Passcodes
To stop CC-NOC from monitoring a device, it can be unmanaged – see the CommandCenter NOC Administrator Guide. Note: Use the CC-NOC Synchronization Report to view targets that the CC-SG is subscribing to. The report also displays any new targets that have been discovered by CC-NOC. See Chapter 10: Generating Reports, CC-NOC Synchronization Report for additional information.
Page 201: Edit A Cc-Noc
HAPTER ADVANCED ADMINISTRATION Important: To increase security, you must enter the passcodes in CC-NOC within five minutes after they are generated on CC-SG. This will minimize the window of opportunity for intruders to breach the system with a brute-force attack. Avoid transmitting the passcodes over email or other electronic means to avoid a possible interception by automated systems.
Page 202: Launch Cc-Noc
OMMAND ENTER ECURE ATEWAY DMINISTRATOR UIDE 2. Highlight a CC-NOC in the list and click Edit. The Edit CC-NOC Configuration screen appears. Figure 229 Edit CC-NOC Configuration Screen 3. Refer to the previous section Add a CC-NOC for field details. Launch CC-NOC To launch CC-NOC from CC-SG: 1.
Page 203: Delete A Cc-Noc
HAPTER ADVANCED ADMINISTRATION Delete a CC-NOC To remove and unregister a CC-NOC in CC-SG, do the following. 1. On the CommandCenter NOC menu, click Configuration. The CC-NOC Configuration screen appears. Figure 231 Delete CC-NOC Screen 2. Highlight a CC-NOC in the list and click Delete. You are prompted to confirm the deletion. 3.
Page 204: Create A Cluster
Create a Cluster In the event of a failover, the administrator should send an email to all CC-SG users, notifying them to use the IP address of the “new” Primary CC-SG node. Important: It is recommended to backup your configuration on both nodes before setting up a cluster configuration.
Page 205: Figure 234 Cluster Configuration - Set Secondary Cc-Sg
HAPTER ADVANCED ADMINISTRATION Set Secondary CC-SG Node 1. Click Discover CommandCenters to scan and display all CC-SG appliances on the same subset as your one you are currently using. Alternatively, you can add a CC-SG, perhaps from a different subnet, by specifying an IP address in CommandCenter address in the bottom of the window.
Page 206: Remove Secondary Cc-Sg Node
Remove Secondary CC-SG Node 1. To remove Secondary Node status from a CC-SG unit and reassign it to a different unit in your configuration, select the Secondary CC-SG Node in the Cluster Configuration table and click Remove “Backup” Node. 2. When the confirmation message appears, click Yes to remove Secondary Node status, or click No to cancel.
Page 207: Set Advanced Settings
HAPTER ADVANCED ADMINISTRATION Set Advanced Settings To configure advanced settings of a cluster configuration: 1. Select the Primary node just created. 2. Click Advanced. The Advanced Settings window appears. Figure 236 Cluster Configuration Advanced Settings 3. For Time Interval, enter how often CC-SG should check its connection with the other node. Note: Setting a low Time Interval will increase the network traffic generated by heartbeat checks.
Page 208: Scheduling Sequential Tasks
• Outlet Port Power Management (Power On/Off/Recycle Outlet ports) • Generate all Reports (HTML or CSV formats) • Purge Logs Scheduling Sequential Tasks You may want to schedule tasks sequentially to confirm that expected behavior was actually carried out. For example, you may want to schedule an Upgrade Device Firmware task for a given device group and then schedule generating an Asset Management Report task immediately after it to confirm that the correct versions of firmware were upgraded.
Page 209: Create A New Task
HAPTER ADVANCED ADMINISTRATION Create a New Task To schedule a new task: Server Time 1. On the Setup menu, click Task Manager. Figure 237 Task Manager New Button 2. Click New. Figure 238 Create Task 3. In the Main tab, type a name (1-32 characters, alphanumeric characters or underscores, no spaces) and description for the task.
Page 210: Figure 239 Selecting A Task To Schedule
4. Click on the Task Data tab and from the pulldown menu, select the task to be scheduled, such as Upgrade Device Firmware. Note that the fields requiring data will vary according to the task selected. With the exception of Restart Device and Restore Device, a single device or devices in a group can be selected for tasks involving devices.
Page 211: View A Task, Details Of A Task, And Task History
HAPTER ADVANCED ADMINISTRATION 8. Change Own Password in Chapter 7: Adding Users and User Groups. If an email was not configured, then this field is blank. By default, email is sent if the task was successful. To notify the recipient of failed tasks, click the On Failure checkbox. Figure 241 Specifying Task Email Notification 9.
Page 212: Figure 243 Task History
4. To view the history of a task, select a task and click Task History. 5. To view details of a task, double-click on a task. Note: If a task is changed or updated, its prior history no longer applies and the “Last Execution Date”...
Page 213: Notification Manager
HAPTER ADVANCED ADMINISTRATION Notification Manager Use Notification Manager to configure an external SMTP server so notifications can be sent from CC-SG. Notifications are used to email reports that have been scheduled, email reports if users are locked out, email status of failed or successful scheduled tasks─please see section Task Manager earlier in this chapter for additional information.
Page 214: Ssh Access To Cc-Sg
SSH Access to CC-SG Use Secure Shell (SSH) clients, such as Putty or OpenSHH Client, to access a command line interface to SSH (v2) server on CC-SG. Only a subset of CC-SG commands is provided via SSH to administer devices and CC-SG itself. The SSH client user is authenticated by the CC-SG in which existing authentication and authorization policies are applied to the SSH client.
Page 215: Figure 248 Cc-Sg Commands Via Ssh
HAPTER ADVANCED ADMINISTRATION 4. A shell prompt appears. Type ls to display all commands available from SSH. Figure 248 CC-SG Commands via SSH 5. Typing help or ? provides the syntax and description of all available commands. Figure 249 SSH Help...
Page 216: Command Tips
6. Typing the command with the –h switch displays help for that command, such as listfirmwares –h. Command Tips The following describes several nuances of the SSH commands: • For commands that pass an IP address, such as upgradedevice, you can substitute the hostname for an IP address.
Page 217: Create A Ssh Connection To An Sx Device
HAPTER ADVANCED ADMINISTRATION Create a SSH Connection to an SX Device You can create an SSH connection to an SX device to perform administrative operations on the device. Once connected, the administrative commands supported by the SX device are available. Note: Before you can connect, ensure that the SX device has been added to the CC-SG.
Page 218: Connect To A Serial Port
OMMAND ENTER ECURE ATEWAY DMINISTRATOR UIDE Connect to a Serial Port Connect to a serial port to access a target server. You can access serial ports on a SX, KSX, or IP- Reach device. The SSH connection to the serial ports are in proxy mode. 1.
Page 219: Exit A Session
HAPTER ADVANCED ADMINISTRATION 3. Once connected to the port, type the default Escape keys of ‘~’ followed by a dot ‘.’. An intermediate prompt, typically named after port name, is displayed, for example testport>. At this intermediate prompt, you can enter specific commands or aliases as described below: OMMAND LIAS quit...
Page 220: Diagnostic Console
OMMAND ENTER ECURE ATEWAY DMINISTRATOR UIDE Diagnostic Console The Diagnostic Console is a standard, non-graphical interface that provides local access to CC- SG. It can be accessed from a serial or KVM port, or from Secure Shell (SSH) clients, such as Putty or OpenSSH Client.
Page 221: Accessing Status Console
HAPTER ADVANCED ADMINISTRATION Accessing Status Console Entering a password to access the Status Console is not required, but can be enforced if desired. 1. After login as:, type status. The read-only status console is displayed. This screen dynamically displays information to help you determine the health of your system and if CC-SG and its sub-components are working.
Page 222: Accessing Administrator Console
Accessing Administrator Console At the time of logging into Administrator Console, all information displayed is “static”. If configuration changes occur through the CC-SG GUI or the Diagnostic Console, you need to re- login to Administrator Console after the changes have taken effect to view the changes in Administrator Console.
Page 223: Figure 260 Selecting To Edit Pre-Login Message
HAPTER ADVANCED ADMINISTRATION Navigating Administrator Console PRESS.. CTRL+C or CTRL+Q CTRL+L SPACE Arrow Keys Mouse Editing Pre-Login Message/MOTD (Status Console) The Pre-Login message appears in the Administrator Console after entering any login username and before entering the password. The Message of the Day (MOTD) appears at the top of the Status Console.
Page 224: Figure 262 Selecting To Edit Status Console Config
3. Click Save as Default at the bottom of the screen or press the TAB key and press Enter once Save as Default is highlighted. Press ^Q or ^C to exit. The Pre-Login and Message of the Day have three separate buffers or areas: •...
Page 225: Figure 263 Edit Status Console Config
HAPTER ADVANCED ADMINISTRATION Figure 263 Edit Status Console Config 3. Click Save at the bottom of the screen or press the TAB key and press Enter once Save is highlighted. Press ^Q or ^C to exit. Editing Network Interfaces Configuration (Network Interfaces) In Network Interface Configuration, you can perform initial setup tasks such as setting the hostname and IP address of the CC-SG.
Page 226: Figure 265 Editing Network Interfaces
2. If this is the first time accessing CC-SG and the network interfaces have not been configured, it is strongly recommended to use CC-SG GUI to configure them instead of configuring them here. If the network interfaces have already been configured, you will see a Warning message, stating that you should use the CC-SG GUI to configure the interfaces.
Page 227: Figure 266 Pinging A Target
HAPTER ADVANCED ADMINISTRATION Ping an IP Address (Network Interfaces) Use ping to check that the connection between your computer and a particular IP address (domain) is working correctly. 1. To ping an IP address or hostname, click Operation, Network Interfaces, then Ping. 2.
Page 228: Figure 267 Performing Traceroute On A Target
Using Traceroute (Network Interfaces) Traceroute is often used for network troubleshooting. By showing a list of routers traversed, it allows you to identify the path taken from your computer to reach a particular destination on the network. It will list all the routers it passes through until it reaches its destination, or fails to and is discarded.
Page 229: Figure 268 Selecting Static Routes
HAPTER ADVANCED ADMINISTRATION Active/Active network settings where each interface is attached to a separate IP domain-see section Network Configuration in Chapter 12: Advanced Administration for additional information. Click with the mouse or use the TAB, ↓↑ keys to navigate and press the Enter key to select a value.
Page 230: Figure 271 Selecting Log Files To View
2. Click with the mouse or use the ↓↑ keys to navigate and press the Enter key to select a log file (marked with an X). More than one log file can be viewed at a time. (Some log files are not available;...
Page 231: Figure 272 Selecting Log Files To View
HAPTER ADVANCED ADMINISTRATION 3. When View is selected with Merged Windows, the LogViewer displays: Figure 272 Selecting Log Files to View 4. While viewing log files, type CTRL+C to return to the previous screen. 5. If desired, you can change colors in a log file to highlight what is important. Type c to change colors of a log file and select a log from the list if you have chosen to view several.
Page 232: Figure 275 Adding Expressions In Log Files
7. If desired, you can filter the log file with a regular expression. Type e to add or edit a regular expression and select a log from the list if you have chosen to view several. Figure 275 Adding Expressions in Log Files 8.
Page 233: Figure 277 Getting Help (F1)
HAPTER ADVANCED ADMINISTRATION 9. Select F1 to get help on all LogViewer options. Pressing CTL+C and CTL+Q (as well as a plain q) terminates this LogViewer session. Figure 277 Getting Help (F1) Restarting CC-SG (Admin) You can restart CC-SG, which will log off all current CC-SG users and terminate their sessions to remote target servers.
Page 234: Figure 279 Restarting Cc-Sg In Diagnostic Console
OMMAND ENTER ECURE ATEWAY DMINISTRATOR UIDE 2. Either click Restart CC-SG Application or press ENTER. Figure 279 Restarting CC-SG in Diagnostic Console Rebooting CC-SG (Admin) This option will reboot the entire CC-SG, which simulates a power cycle. Users will NOT receive a notification at all.
Page 235: Figure 281 Rebooting Cc-Sg In Diagnostic Console
HAPTER ADVANCED ADMINISTRATION 2. Either click REBOOT System or press ENTER to reboot CC-SG. A screen to confirm this action appears and needs to be acknowledged before this operation will commence. Figure 281 Rebooting CC-SG in Diagnostic Console Changing Passwords (Admin) This option provides the ability to configure the strength of passwords (status and admin) and allows you to configure password attributes, such as, the setting maximum number of days that must lapse before you need to change the password, which should be done via the Account...
Page 236: Figure 283 Configuring Password Settings
In Password Configuration, enter the number of passwords that will be remembered. This is the password history, which discourages password reuse and ensures that the new password has not been used within the specified number of previous password changes. Default is 5. With a setting of 5, the new password could not have been used within the last 5 password changes.
Page 237: Figure 284 Account Configuration
HAPTER ADVANCED ADMINISTRATION Account Configuration By default, the status account does not require a password, but you can configure it to have one here. Other aspects of the admin password can be configured and the Field Support accounts can be enabled or disabled. 1.
Page 238: Figure 286 Selecting Disk Status In Diagnostic Console
4. For the Admin and Status accounts, you can configure: ETTING This is the current user name or ID for this account. (This may be User \ User Name operator changeable in a future release.) (Read-only). This is the date of the last password change for this Last Changed account.
Page 239: Figure 287 Displaying Disk Status Of Cc-Sg In Diagnostic Console
HAPTER ADVANCED ADMINISTRATION 2. Either click Refresh or press Enter to refresh the display. Refreshing the display is especially useful when upgrading or installing and you want to see the progress of the RAID disks as they are being rebuilt and being synchronized. Figure 287 Displaying Disk Status of CC-SG in Diagnostic Console The disk drives are fully synchronized and full RAID-1 protection is available when you see a screen as shown above (note the status of both md0 and md1 arrays are [UU]).
Page 240: Figure 289 Displaying Cc-Sg Processes In Diagnostic Console
2. View the total running, sleeping, total number and processes that have stopped. Figure 289 Displaying CC-SG Processes in Diagnostic Console 3. Type h to bring up an extensive help screen for the top command. The standard F1 help key is not operational at this point.
Page 241: Appendix A: Specifications
A: S PPENDIX PECIFICATIONS Appendix A: Specifications (G1, V1) G1 Platform General Specifications Form Factor Dimensions (DxWxH) Weight Power Mean Time Between Failure (MTBF) KVM Admin Port Serial Admin Port Console Port Hardware Specifications Processor Memory Network Interfaces Hard Disk & Controller CD/ROM Drive IPMI Remote Connection...
Page 242: Electrical Specifications
Temperature Humidity Altitude Vibration Shock Electrical Specifications Nominal Frequencies Nominal Voltage Range Maximum Current AC RMS AC Operating Range +5 VDC, +12VDC -5 VDC, -12VDC Maximum DC Power Output Maximum AC Power Consumption Maximum Heat Dissipation Volt-Ampere Rating OMMAND ENTER ECURE ATEWAY PERATING...
Page 243: V1 Platform
A: S PPENDIX PECIFICATIONS V1 Platform General Specifications Form Factor Dimensions (DxWxH) Weight Power Operating Temperature Mean Time Between Failure (MTBF) KVM Admin Port Serial Admin Port Console Port Hardware Specifications Processor Memory Network Interfaces Hard Disk & Controller CD/ROM Drive Remote Connection Modem Protocols...
Page 244: Electrical Specifications
Temperature Humidity Altitude Vibration Shock Electrical Specifications Nominal Frequencies Nominal Voltage Range Maximum Current AC RMS AC Operating Range +5 VDC, +12VDC -5 VDC, -12VDC Maximum DC Power Output Maximum AC Power Consumption Maximum Heat Dissipation Volt-Ampere Rating OMMAND ENTER ECURE ATEWAY PERATING...
Page 245: Appendix B: Cc-Sg And Network Configuration
PPENDIX B SG AND NETWORK CONFIGURATION Appendix B: CC-SG and Network Configuration Introduction This appendix discloses network requirements (addresses, protocols and ports) of a typical CommandCenter Secure Gateway (CC-SG) deployment. It provides what you need to know and how to configure your network for both external access (if desired) and internal security and routing policy enforcement (if used).
Page 246 OMMAND ENTER ECURE ATEWAY DMINISTRATOR UIDE CC Clients Internet (Unsecured Network) CC-NOC CC Clients CC-SG Cluster Peer Firewall Internal Network CC-SG Raritan Device Serial Out-of-Band Target Access In-Band Access Internal Network Raritan Device Figure 290 CC-SG Deployment Elements...
Page 247: Cc-Sg Communication Channels
PPENDIX B SG AND NETWORK CONFIGURATION CC-SG Communication Channels The communication channels are partitioned as follows: • CC-SG ↔ Raritan Devices • CC-SG ↔ CC-SG Clustering (optional) • CC-SG ↔ Infrastructure Services • Clients ↔ CC-SG • Clients ↔ Targets (Direct Mode) •...
Page 248: Access To Infrastructure Services
Each CC-SG in the cluster may be on a separate LAN. However, the inter-connection between the units should be very reliable and not prone to periods of congestion. Communication Direction Port Number CC-SG → Local Broadcast 10000 CC-SG → Remote LAN IP 10000 CC-SG ↔...
Page 249: Pc Clients To Targets
PPENDIX B SG AND NETWORK CONFIGURATION The first mode is the primary means for users and administrators to connect to CC-SG. The other two modes are less frequently used. These modes require the following networking configuration: Communication Direction Port Number Client →...
Page 250: Cc-Sg & Snmp
CC-SG & SNMP Simple Network Management Protocol (SNMP) allows CC-SG to push SNMP traps (event notifications) to an existing SNMP manager on the network. CC-SG also supports SNMP GET/SET operations with third-party Enterprise Management Solutions, such as HP OpenView. Communication Direction Port Number SNMP Manager →...
Page 251: Security And Open Port Scans
PPENDIX B SG AND NETWORK CONFIGURATION Security and Open Port Scans As part of the CC-SG Quality Assurance process, several open port scanners are applied to the product and Raritan Computer makes certain that its product is not vulnerable to these known attacks.
Page 253: Appendix C: Initial Setup Process Overview
C: I PPENDIX NITIAL ETUP ROCESS VERVIEW Appendix C: Initial Setup Process Overview Pre-requisites: • Add Devices with Category/Element clearly identified. • Add Ports with Category/Element clearly identified. Create Group(s)/Add User(s) 1. Add Device Group with rule based on Category/Element 2.
Page 254 OMMAND ENTER ECURE ATEWAY DMINISTRATOR UIDE...
Page 255: Appendix D: User Group Privileges
D: U PPENDIX ROUP RIVILEGES Appendix D: User Group Privileges SERS ROUP RIVILEGE Application Manager CC Setup And Control Security Manager Configuration Manager Users are able to make general Restart CommandCenter Users are able to restart CC-SG. Shutdown CommandCenter Backup CommandCenter Restore CommandCenter...
Page 256 SERS ROUP RIVILEGE Configuration Manager Users are able to change general device Device And Port Management Add Device Edit Device Delete Device Bulk Device Copy Ping Device Restart Device Pause/Resume Device Management Topological View Device Power Manager Users are able to turn on and off Discover Raritan Devices Change Port View...
Page 257 D: U PPENDIX ROUP RIVILEGES SERS ROUP RIVILEGE Association Manager User Security Management *Note that this privilege is not configurable and is only Device Group Manager Users are able to rename groups and assigned to the System Administrator user group by Port Group Manager default.
Page 258 OMMAND ENTER ECURE ATEWAY DMINISTRATOR UIDE...
Page 259: Appendix E: Snmp Traps
E: SNMP T PPENDIX RAPS Appendix E: SNMP Traps CC-SG provides the following traps: SNMP T CCDeviceUpgrade CCImageUpgradeResults CCImageUpgradeStarted CCIncompatibleDeviceFirmware CCLeafNodeAvailable CCLeafNodeUnavailable CCPortConnectionStarted CCPortConnectionStopped CCPortConnectionTerminated CCRootPasswordChanged CCUserAdded CCUserAuthenticationFailure CCUserDeleted CCUserLogin CCUserLogout CCUserModified CCAvailable CCDeviceAddedAfterCCNOCNotifica tion CCDiagnosticConsole CCDiagnosticConsoleLogout CCEnterMaintenanceMode CCExitMaintenanceMode CCHardDiskFailure CCLanCardFailure CCNOCAvailable CCNOCUnavailable...
Page 260 OMMAND ENTER ECURE ATEWAY DMINISTRATOR UIDE...
Page 261: Appendix F: Troubleshooting
F: T PPENDIX ROUBLESHOOTING Appendix F: Troubleshooting • In order to launch CC-SG from your web browser, it requires a Java plug-in. If your machine has an incorrect version, CC-SG will guide you through the installation steps. If your machine does not have a Java plug-in, CC-SG cannot automatically launch. In this case, you must uninstall or disable your old Java version and provide serial port connectivity to CC-SG to ensure proper operation.
Page 262: Port And Policy Group Creation Failure
OMMAND ENTER ECURE ATEWAY DMINISTRATOR UIDE Port and Policy Group Creation Failure The default port groups and policies created in the Association Wizard are named after the elements of a category. If the element names are not unique, the default port groups and policies cannot be created (see the screen below) and will appear in red.
Page 263: Appendix G: Faqs
G: FAQ PPENDIX Appendix G: FAQs UESTION General What is CC-SG? CC-SG is a network management device for aggregating and integrating multiple servers and network equipment typically deployed in a datacenter and which are connected to a Raritan IP-enabled product. Why would I need CC-SG? As you deploy more and more datacenter servers and devices, their management becomes exponentially complex.
Page 264 UESTION to add a console/serial port the following conditions are met: to CC-SG? - The Dominion unit is active. - The Dominion unit has not reached the maximum number of configured user accounts. Which version of Java will The earliest version CC-SG will support will be at least the Java Raritan’s CC-SG be 2 platform.
Page 265 G: FAQ PPENDIX UESTION If we had more than 1,000 CC-SG works with Microsoft Active Directory, Sun iPlanet or users, how would this be Novell eDirectory. If a user account already exists in an managed? That is, do you authentication server, then CC-SG supports remote support Active Directory? authentication using AD/TACACS+ /RADIUS/LDAP authentication.
Page 266 UESTION track down to who switched through the CC-SG GUI can be logged to audit logs. on or off a power plug? Performance As a CC-SG Administrator, When you, as Administrator, have many ports assigned to you, I added over 500 ports and CC-SG downloads all port information for all ports during the assigned all of them to me.
Page 267 G: FAQ PPENDIX UESTION or simply box level? switches, the tightness of integration will vary. How would I mitigate the Currently, the best possible implementation is to aggregate IP- restriction of four Reach boxes with CC-SG. In the future, Raritan plans to simultaneous paths through increase simultaneous access paths per box.
Page 268 OMMAND ENTER ECURE ATEWAY DMINISTRATOR UIDE 255-80-5140-00...
Page 269 G: FAQ PPENDIX...
Page 270 North American Headquarters Raritan Raritan U.K. 400 Cottontail Lane 36 Great St. Helen's Somerset, NJ 08873 London EC3A 6AP,United Kingdom U.S.A. Tel. (44) 20-7614-7700 Tel. (732) 764-8886 Fax (44) 20-7614-7701 or (800) 724-8090 Email: sales.uk@raritan.com Fax (732) 764-8887 Website: Raritan.co.uk Email: sales@raritan.com Website: Raritan.com Raritan Italy...

This manual is also suitable for:

Commandcenter cc-sg

Raritan Command Center CC-SG Administrator's Manual

Table of Contents

Chapter 1: Introduction

New 3.0 Features

Chapter 2: Accessing CC-SG

Chapter 3: Example Configuration Workflow

Chapter 4: Creating Associations

Chapter 5: Adding Devices and Device Groups

Chapter 6: Configuring Ports and Port Groups

Chapter 7: Adding Users and User Groups

Chapter 8: Creating Policies

Chapter 9: Configuring Remote Authentication

Chapter 10: Generating Reports

Chapter 11: System Maintenance

Chapter 12: Advanced Administration

Appendix A: Specifications (G1, V1)

Appendix B: CC-SG and Network Configuration

Appendix C: Initial Setup Process Overview

Appendix D: User Group Privileges

Appendix E: SNMP Traps

Appendix F: Troubleshooting

Appendix G: Faqs

Quick Links

Chapters

Need help?

Questions and answers

Related Manuals for Raritan Command Center CC-SG

Summary of Contents for Raritan Command Center CC-SG