StarTech.com CONYX ECS0016 Instruction Manual
  1. Manuals
  2. Brands
  3. StarTech.com Manuals
  4. Network Hardware
  5. CONYX ECS0016
  6. Instruction manual
StarTech.com CONYX ECS0016 Instruction Manual

StarTech.com CONYX ECS0016 Instruction Manual

Enhanced console server
Hide thumbs Also See for CONYX ECS0016:
Table of Contents

Advertisement

Quick Links

Download this manual
Enhanced Console Server
ECS0016

Advertisement

Table of Contents
loading

Related Manuals for StarTech.com CONYX ECS0016

Summary of Contents for StarTech.com CONYX ECS0016

  • Page 1 Enhanced Console Server ECS0016...
  • Page 2 StarTech.com, or an endorsement of the product(s) to which this manual applies by the third-party company in question. Regardless of any direct acknowl- edgement elsewhere in the body of this document, StarTech.com hereby acknowledges that all...

  • Page 3: Table Of Contents

    Table of Contents Introduction ... 1 Features ...1 Package Contents ...1 Initial Configuration ... 2 Power Connection ...2 Management Console Connection ... 3 ARPPing IP Address Assignment...4 Administrator Password ...6 Network IP address ...7 System Services ...8 HTTPS ...9 HTTP ...9 Telnet ...9 SSH ...9 SNMP ...10...
  • Page 4 Serial Port and Network Host Configuration... 13 Configuring Serial Ports ...13 Common Settings ...15 Console Server Mode ...16 SDT Mode ...20 Power Strip Mode ...20 Terminal Server Mode ...20 Serial Bridging Mode ...21 Syslog ...21 Add / Edit Users...22 Authentication ...24 Network Hosts ...25 Serial Port Cascading ...27 Remote Power Control (RPC) ...32...
  • Page 5 Setting up MetaConnect for Remote Desktop access ...61 Set up MetaConnect Serial Ports on ECS0016 ...62 SSH port forward over the ECS0016 Serial Port ...63 Alerts and Logging ... 64 Enable SMTP, SNMP and/or Nagios ...64 Configure Alerts ...65 Remote Log Storage ...67 Power Control ...
  • Page 6 Status Reports ... 85 Port Access and Active Users ...85 Statistics ...86 Support Reports ...86 Syslog ...86 Device Management ...88 Port Log Management ...88 Power Management ...88 Serial Port Terminal Connection ...89 Basic Configuration - Linux Commands ... 90 The Linux Command line ...91 Administration Configuration ...93 Date and Time Configuration ...94 Network Configuration ...95...
  • Page 7 Raw Access to Serial Ports ...110 Access to Serial Ports ...110 Accessing the Console Port ...110 IP - Filtering ...111 Customizing the IP-Filter: ...112 Modifying SNMP Configuration ...113 Power Strip Control ...115 Glossary of Terms Used ...121 TERM ...121 MEANING ...121 Technical Specifications ...129 Technical Support ...

  • Page 8: Introduction

    Introduction Thank you for purchasing a StarTech.com Conyx ECS0016 Enhanced Console Server. This innovative remote service management solution enables system administrators and network managers to affordably moni- tor and control their computers, networks and connected serial devices remotely, from anywhere in the world (using an Internet connection).

  • Page 9: Initial Configuration

    Instruction Manual Initial Configuration Unpack the ECS0016 kit and verify you have all of the parts indicated in the Package Contents list shown on the previous page, and that they all appear in good working order. If you are installing your ECS0016 in a rack, you will need to attach the rack-mounting brackets supplied with the unit, and install the unit in the rack.

  • Page 10: Management Console Connection

    Management Console Connection The ECS0016 is pre-configured with a default IP Address: 192.168.0.1 and Subnet Mask: 255.255.255.0 . Directly connect a PC or workstation to the ECS0016. To configure the ECS0016 with a browser, the connected PC or workstation should have an IP address in the same range as the ECS0016 (e.g.

  • Page 11: Arpping Ip Address Assignment

    ARPPing IP Address Assignment If it is not convenient to change the PC/workstation network address, you can use the ARP-Ping command to reset the ECS0016 IP address. To do this from a Windows PC: Start > Run Click cmd in the text box provided and click OK to open the command Type line arp –d to flush the ARP cache:...
  • Page 12 After completing each of the steps listed, you can return to the configura- tion list by clicking in the top left corner of the screen on the StarTech.com logo. As you complete each step, the configuration list will be updated (e.g.

  • Page 13: Administrator Password

    Administrator Password For security reasons, only the Administrator (the administration user named root) can initially log into your gateway; only those people who know the root password can access and reconfigure the ECS0016 gate- way itself. As such, it is important that you enter and confirm a new password before giving the ECS0016 any access to, or control of, your computers and network appliances.

  • Page 14: Network Ip Address

    Network IP address You now must enter an IP address for the principal Ethernet (LAN/Net- work/Network1) port on the ECS0016 gateway, or enable its DHCP client so that it automatically obtains an IP address from a DHCP server on the network to which it is connected.

  • Page 15: System Services

    By default the ECS0016 LAN port auto detects the Ethernet connection speed. However you can use the Media menu to lock the Ethernet to 10 Mb/s or 100Mb/s and to Full Duplex (FD) or Half Duplex (HD). Please note: If you have changed the ECS0016 IP address, you may need to reconfigure your PC/workstation so it has an IP address that is in the same network range as this new address (as detailed in an earlier note in this chapter).

  • Page 16: Https

    Instruction Manual HTTPS This ensures secure browser access to all of the Management Console menus. It also allows appropriately configured Users secure browser ac- cess to selected Management Console Manage menus. If you enable HTTPS, the Administrator will be able to use a secure browser connection to the ECS0016 gateway’s Management Console.

  • Page 17: Snmp

    Instruction Manual There are also a number of related service options that can be configured at this stage: SNMP This will enable netsnmp in the gateway, which will keep a remote log of all posted information. SNMP is disabled by default. To modify the default SNMP settings, the Administrator must make the edits at the command line.

  • Page 18: Communications Software

    PuTTY and SSHTerm may be used, and these are all described below: MetaConnect StarTech.com recommends using the MetaConnect communications software tool for all communications with ECS0016 gateways, to ensure these communications are secure. Each ECS0016 is supplied with an unlimited number of MetaConnect licenses to use with that gateway.

  • Page 19: Putty

    MetaConnect is a Java client program that couples the SSH tunneling protocol with popular access tools such as Telnet, SSH, HTTP, HTTPS, VNC, RDP, to provide point-and-click secure remote management access to all the systems and devices being managed. MetaConnect can be installed on Windows 2000, XP, 2003, Vista™ PCs and on most Linux, UNIX and Solaris configurations PuTTY Communications packages like PuTTY can be also used to connect to the...

  • Page 20: Sshterm

    Instruction Manual SSHTerm Another common communications package that may be useful is SSH- Term, an open source package that can be downloaded from http://sourceforge.net/projects/sshtools To use SSHTerm for an SSH terminal session from a Windows Client, you simply Select the File option and click on New Connection A new dialog box will appear for your ‘Connection Profile’...

  • Page 21: Configuring Serial Ports

    Configuring Serial Ports To configure the serial port, you must first set the protocols and the RS232 parameters that are to be used for the data connection to that port (e.g. baud rate). Then you must select what mode the port is to operate in. Each port can be set to support one of five operating modes: Console Server mode enables remote network access to the attached devices serial console port...

  • Page 22: Common Settings

    • When you have reconfigured the common settings and the mode for each port, you set up any remote syslog, then click Apply Common Settings There are a number of common settings that can be set for each serial port, that are independent of the mode in which the port is being used. These serial port parameters must be set so they match the port param- eters of the devices you attach to that port: •...

  • Page 23: Console Server Mode

    • Before proceeding with further serial port configuration, you should connect the ports to the serial devices they will be controlling, and ensure they have matching settings Please Note that the serial ports are all factory set to RS232 9600 baud, no parity, 8 data bits, 1 stop bit and Console Server Mode.
  • Page 24 • From Win2000/XP/NT, you can run telnet from the command prompt (cmd.exe) • You can also use standard communications packages like PuTTY to set a direct Telnet (or SSH) connection to the serial ports (see box below) • Also, if the remote communications are being tunneled with MetaConnect, then Telnet can be used for securely accessing attached devices In Console Server mode, Users and Administrators can use MetaCon-...
  • Page 25 It is recommended that you use SSH as the protocol whereby the User or Administrator connects to the ECS0016 gateway (or connects to the attached serial consoles) over the Internet (or any other public network). This will provide authenticated SSH communications between the SSH client program on the remote user’s PC/workstation and the gateway, so the user’s communication with the serial device attached to the gateway is secure.
  • Page 26 Instruction Manual For a User named ‘Paul’ to access serial port 2, when setting up the SSHTerm or the PuTTY SSH client, instead of typing username = paul and ssh port = 3002, the alternate is to type username = paul:port02 (or username = fred:ttyS1) and ssh port = 22.

  • Page 27: Sdt Mode

    Instruction Manual RFC2217 also enables the serial port to be tunneled to a remote ECS0016 client gateway, so two serial port devices can be transparently interconnect over a network. Accumulation Period By default, once a connection has been established for a particular serial port (such as a RFC2217 redirection or Telnet connection to a remote computer) then any incoming characters on that port are forwarded over the network on a character by character basis.

  • Page 28: Serial Bridging Mode

    Data Carrier Detect (DCD) pin on the serial device being raised. When a connection is detected, the getty program issues a login: prompt, and then invokes the login program to handle the actual system login. Serial Bridging Mode Serial bridging is the encapsulation of serial data into network packets and the transport of the data over a network.

  • Page 29: Add / Edit Users

    can also be configured to support the remote syslog protocol on a per serial port basis. • Select the Syslog Facility/Priority fields to enable logging of traffic on the selected serial port to a syslog server; and to appropriately sort and action those logged messages (i.e.
  • Page 30 Serial & Network: Users & Groups to display the configured Select Groups and Users Add Group. Click Group name and Description for each new Group, then select Add a Accessible Hosts and Accessible Ports to specify the serial ports and hosts you wish any Users in this new Group to be able to access. Apply Click Serial &...

  • Page 31: Authentication

    The Administrator can also edit the Access settings for any existing Us- ers. To do so: Serial & Network: Users & Groups Select Edit for the User to be modified. Click Authentication For details on authentication, please refer to the section titled Remote Authentication Configuration.

  • Page 32: Network Hosts

    Network Hosts To access a locally networked computer or appliance (referred to as a Host) you must identify the network connected Host, then specify the TCP or UDP ports/services that will be used to control that Host. Selecting Serial & Network: Network Hosts presents all of the network connected Hosts that have been enabled for access, as well as the related access TCP ports/services.
  • Page 33 Trusted Networks The Trusted Networks utility provides the option to select specific IP addresses at which users (Administrators and Users) must be located, in order to have access to the ECS0016 serial ports. To add an address designation: Serial & Network: Trusted Networks. Select To add a new trusted network, select Accessible Port(s) to which the new rule is to be applied.

  • Page 34: Serial Port Cascading

    Network IP Address: 204.15.5.128 Subnet Mask: 255.255.255.224 Apply. Click The above Trusted Networks will limit access by Users and the Adminis- trator, to the ECS0016 serial ports and network attached hosts, however they do not restrict access by the Administrator to the ECS0016 console server itself.
  • Page 35 Next, you must register the Public Key as an Authorized Key on the Slave. In the simple case with only one Master with multiple Slaves, you need only upload the one RSA or DSA public key for each Slave. Please note: The use of key pairs can be confusing as in many cases one file (Public Key) fulfills two roles –...
  • Page 36 The next step is to Fingerprint each new Slave-Master connection, which will authenticate you as a legitimate user for the SSH session. On the first connection the Slave will receive a fingerprint from the Master which will be used on all future connections. •...
  • Page 37 of clustered console servers and the connected devices) Enter the full number of serial ports on the Slave unit in Number of Ports Click Apply. This will establish the SSH tunnel between the Master and the new Slave The Serial & Network: Cascaded Ports menu displays all of the Slaves and the port numbers that have been allocated on the Master.
  • Page 38 next time the Master sends out a configuration file update. • Also, while the Master is in control of all Slave serial port related functions, it is not Master over the Slave network host connections or over the Slave console server system itself. •...

  • Page 39: Remote Power Control (Rpc)

    Remote Power Control (RPC) The ECS0016 Management Console monitors and controls Remote Power Control devices using the embedded PowerMan open source management tool. RPCs include power distribution units (PDUs) and IPMI power devices. Serial PDUs invariably can be controlled using their command line console, so you could manage the PDU through the ECS0016 using a remote Telnet client.
  • Page 40 Select the Serial & Network: RPC Connections menu. This will display all the RPC connections that have already been configured. Click Add RPC. Enter a RPC Name and Description for the RPC. In “Connected Via” select the pre-configured serial port or the network host address that connects to the RPC.
  • Page 41 Enter the Username and Password used to login into the RPC (Note that these login credentials are not related the Users and access privileges you will have configured in Serial & Networks: Users & Groups). Check Log Status and specify the Log Rate (minutes between samples) if you wish the status from this RPC to be logged.
  • Page 42 Click on View Log or select the presented with a table of the history and detailed graphical information on the select RPC Manage to query or control the individual power outlet. This will Click take you to the Manage: Power screen User Power Management The Power Manager enables both Users and Administrators to access and control the configured serial and network attached PDU power strips,...

  • Page 43: Uninterruptible Power Supply Control (Ups)

    The outlet status is displayed and you can initiate the desired Action to be taken by selecting the appropriate icon: Power ON Power OFF Power Cycle Power Status You will only be presented with icons for those operations that are supported by the Target you have selected.
  • Page 44 The console server may or may not be drawing power through the Managed UPS (see the Configure UPS powering the console server section below). When the UPS’s battery power reaches critical, the console server signals and waits for slaves to shutdown, then powers off the UPS. Serial and network connected UPSes must first be configured on the console server with the relevant serial control ports reserved for UPS usage, or the with the UPS allocated as a connected Host:...
  • Page 45 UPS Name and Description (optional) and the select if the Enter a UPS will be Connected Via USB or over pre-configured serial port or via HTTP/HTTPS over the preconfigured network Host connection Enter the UPS login details. This Username and Password is used by slaves of this UPS (i.e.
  • Page 46 positive number, or -1. 0s are shut down first, then 1s, 2s, etc. -1s are not shut down at all. Defaults to 0 Select the Driver that will be used to communicate with the UPS. The drop down menu presents full selection of drivers from the latest Network UPS Tools (NUT version 2.2.0) and additional information on compatible Ups hardware can be found at http://www.networkupstools.
  • Page 47 Instruction Manual If the ECS0016 is drawing power through a Managed UPS that has already been configured, select Local, enter the Managed UPS Name and check Enabled. The ECS0016 continues to be the master of this UPS. If the UPS that powers the console server is not a Managed UPS for that console server, then then console server can still connect to a remote NUT server (upsd) to monitor its status as a slave.
  • Page 48 Instruction Manual Configuring Powered Computers to Monitor a Managed UPS Once you have added a Managed UPS, each server that is drawing power through the UPS should be setup to monitor the UPS status as a slave. This is done by installing the NUT package on each server, and setting up upsmon to connect to the ECS0016.
  • Page 49 - username is the Username of the Managed UPS - password is the Password of the Manager UPS UPS Alerts You can now set UPS alerts using Alerts & Logging: Alerts UPS Status You can monitor the current status of all of your network, serially or USB connected Managed UPSes or any Monitored UPS Status: UPS Status menu and a table with the summary Select the...

  • Page 50: Overview Of Network Ups Tools (Nut)

    Select UPS Logs and you will be presented with the log table of the load, battery charge level. temperature and other status information from all the Managed and Monitored UPS systems. This information will be logged for all UPSes which were configured with Log Status checked.
  • Page 51 NUT is built on a networked model with a layered scheme of drivers, server and clients. The driver programs talk directly to the UPS equipment and run on the same host as the NUT network server upsd. Drivers are provided for a wide assortment of equipment from most of the popular UPS vendors and they understand the specific language of each UPS and map it back to a compatibility layer.

  • Page 52: Environmental Monitoring

    status of a UPS, writing it to a file. All these clients all run on the ECS0016 (for Management Console presentations) but they also are run remotely (on locally powered servers and remote monitoring systems). This layered NUT architecture enables: •...
  • Page 53 Using the Management Console, Administrators can view the ambient temperature and humidity and set the EMD to automatically send alarms progressively from warning levels to critical alerts. Connecting the EMD The Environmental Monitor Device (EMD) connects to any serial port on the console server via a special EMD Adapter and standard CAT5 cable.
  • Page 54 Screw the bare wires on any smoke detector, water detector, vibration sensor, open-door sensor or general purpose open/close status sensors into the terminals on the EMD The EMD can be used only with an ECS0016 and cannot be connected to standard RS232 serial ports on other appliances. Select Environmental as the Device Type in the Serial Port menu for the port to which the EMD is to be attached.

  • Page 55: Environmental Alerts

    Name and Description for the EMD and select pre-configured Enter a serial port that the EMD will be “Connected Via”. Labels for each of the two alarms Provide Log Status and specify the Log Rate (minutes between Check samples) if you wish the status from this EMD to be logged. These logs can be views from the Status: Environmental Status screen Click Apply Environmental Alerts...
  • Page 56 Environmental Status You can monitor the current status of all of EMDs and their probes Status: Environmental Status menu and a table with the Select the summary status of all connected EMD hardware will be displayed Click on View Log or select the will be presented with a table and graphical plot of the log history of the select EMD Instruction Manual...

  • Page 57: Failover And Out-Of-Band Dial Access

    Failover and Out-of-Band Dial Access The ECS0016 has a number of failover and out-of-band access capabili- ties to ensure high availability. • If there are difficulties in accessing the gateway through the principal network path, the Administrator can access the ECS0016 out-of-band (OoB) from a remote location, using a dialup modem/ISDN connection •...

  • Page 58: Configure Dial In Ppp

    Please note: The ECS0016 requires an external modem attached (via a serial cable) to the DB9 port (marked Local, located on the front panel). Configure Dial In PPP To enable dial-in PPP access on the ECS0016 console/modem port: System: Dial menu option and the port to be configured Select the (Serial DB9 Port or Internal Modem Port).
  • Page 59 Authentication Type to be applied to the dial-in connection. Select the • The ECS0016 uses authentication to challenge Administrators who dial-in to the gateway. (For dial-in access, the username and pass word received from the dial-in client are verified against the local authentication database stored on the ECS0016).

  • Page 60: Using The Metaconnect Client

    ECS0016 gateways also support dial-back for additional security. Check the Enable Dial Back box and enter the phone number to be called to re- establish an OoB link, once a dial-in connection has been logged. Using The MetaConnect client Administrators can use the MetaConnect Java client software to set up secure OoB dial-in access to remote ECS0016 gateways.

  • Page 61: Set Up Linux Clients

    Instruction Manual Similarly for Windows® 98, you double-click My Computer on the Desk- top, then open Dial-Up Networking and double-click Make New Con- nection and proceed as outlined for Windows XP (see previous section). Set up Linux clients The online tutorial http://www.yolinux.com/TUTORIALS/LinuxTutorialPPP. html presents a selection of methods for establishing a dial up PPP con- nection:...
  • Page 62 • Command line PPP and manual configuration (which works with any Linux distribution) • Using the Linuxconf configuration tool (for Red Hat compatible distributions). This configures the scripts ifup/ifdown to start and stop a PPP connection • Using the Gnome control panel configuration tool •...

  • Page 63: Secure Tunneling & Metaconnect

    Secure Tunneling & MetaConnect Serial access to Linux consoles, Windows EMS/BIOS etc. Control serial connected firewalls, power switches and other devices MetaConnect establishes secure tunnel to gateway, then Telnet/SSH connection Remote or Local User/ Administrator Telnet or SSH connection to serially attached devices MetaConnect can also be used to access text consoles on devices that are attached to the ECS0016 gateway serial ports.
  • Page 64 then Close and Close again Assuming you have already set up the target ECS0016 as a gateway in your MetaConnect client (with username/ password etc), select this gateway and click the Host icon to create a host (alternatively, select File > New Host). 127.0.0.1 as the Host Address and select Serial Port 2 for Enter Service.

  • Page 65: Metaconnect For Oob Connection To The Gateway

    Users & Groups from Serial & Network. Select Add User. Click Username, Description and Password/Confirm. Enter a Select 127.0.0.1 from Accessible Host(s) and select Port 2 from Accessible Port(s). Apply. Click MetaConnect for OoB Connection to the Gateway MetaConnect can also be set up to connect to the gateway out-of-band (OoB).
  • Page 66 • To initiate a pre-configured dialup connection under Windows, use the following Start Command: cmd /c start “Starting Out of Band Connection” /wait /min rasdial network_connection login password (where network_connection is the name of the network connection as displayed in Control Panel -> Network Connections, login is the dial-in username, and password is the dial-in password for the connection) •...

  • Page 67: Metaconnect Public Key Authentication

    To make the OoB connection using MetaConnect: Select the gateway from the left hand list of gateways and hosts. Under Gateway Actions in the right hand pane, click Out Of Band. The status bar will change color to indicate this gateway is now being accessed us- ing the OoB link, rather than the primary link.

  • Page 68: Setting Up Metaconnect For Remote Desktop Access

    PuTTYgen: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html OpenSSH: http://www.openssh.org/ OpenSSH (Windows): http://sshwindows.sourceforge.net/download/ • Upload the public part of your SSH key pair (this file is typically named id_rsa.pub or id_dsa.pub) to the SSH gateway, or otherwise add to .ssh/authorized keys in your home directory on the SSH gateway. •...

  • Page 69: Set Up Metaconnect Serial Ports On Ecs0016

    system, reboot the machine etc. ECS0016’s Secure Tunneling uses SSH tunneling, so this RDP traffic is securely transferred through an authenti- cated and encrypted tunnel. MetaConnect with RDP also allows remote Users to connect to Windows XP, Windows 2003 computers and to Windows 2000 Terminal Servers, and to have access to all of the applications, files, and network resources (with full graphical interface just as though they were in front of the com- puter screen at work).

  • Page 70: Ssh Port Forward Over The Ecs0016 Serial Port

    ration protocols on that port Note: If you leave the Username and User Password fields blank, they default to portXX and portXX where XX is the serial port number. The default username and password for Secure RDP over Port 2 is port02 •...

  • Page 71: Alerts And Logging

    Alerts and Logging This chapter describes the logging and alert generation features of the console server. The Alert facility monitors the serial ports, all logins and the power status and sends emails or Nagios or SNMP alerts when speci- fied trigger events occurs: First, you must enable and configure the service that will be used to carry the alert then specify the alert trigger condition and the actual destination to which that particular alert is to be sent.

  • Page 72: Configure Alerts

    SNMP alerts The Administrator can configure the Simple Network Management Proto- col (SNMP) agent that resides on the console server, to send Alerts to an SNMP management application: Alerts & Logging: SNMP. Select Enter the SNMP transport protocol. SNMP is generally a UDPbased protocol though infrequently it uses TCP instead.
  • Page 73 emailed to a nominated email address, or the SNMP or Nagios server is notified. The data stream from nominated serial ports can be monitored for matched patterns or flow control status changes can be configured to trigger alerts. As can user connections to serial ports and Hosts, or power events.

  • Page 74: Remote Log Storage

    disconnects from the applicable Host or Serial Port, or when a Slave con- nects or disconnects from the applicable UPS Serial Port Signal Alert: This alert will be triggered when the speci- fied signal changes state and is applicable to serial ports only. You must specify the particular Signal Type (DSR, DCD or CTS) trigger condition that will send a new alert Serial Port Pattern Match Alert: This alert will be triggered if a regular...

  • Page 75: Power Control

    port activity. These records are stored on an ‘offserver’. To specify which serial ports are to have activities recorded and to what level data is to be logged: Serial & Network: Serial Port and Edit the port to be logged. Select Logging Level of for each port as: Specify the...
  • Page 76 when connected using MetaConnect. These IPMI controlled power switches can also be controlled using the Management Console’s power control tools • Servers with embedded service processors (such as Dell’s DRAC) usually provide power control using the browser based management applications that are supplied with the service processor (such as Dell’s Open Manage) –...

  • Page 77: Configuring Serial Port Power Strips

    Configuring Serial Port Power Strips The Administrator can configure serially connected power strips, so both Users and Administrators can control them directly using the Manage- ment Console. First, the selected gateway serial port must be connected to and configured to communicate with the power strip: Connect the power strip to the selected serial port on the ECS0016 gateway Serial and Network: Serial menu option and configure the...

  • Page 78: Configuring Browser Controlled Power Strips

    Configuring Browser Controlled Power Strips The Administrator can configure network attached power strips, so both Users and Administrators can control them directly using the Manage- ment Console. User Power Management The Power Manager enables both Users and Administrators to access and control the configured serial and network attached power strips and servers with embedded IPMI service processors or BMCs: Manage: Power and the particular Target power device to...

  • Page 79: Nagios Integration

    Nagios monitoring host server, to provide additional diagnostics and points of access to managed devices. StarTech.com’s MetaConnect for Nagios extends the capabilities of the central Nagios server beyond monitoring, enabling it to be used for cen- tral management tasks. It incorporates the MetaConnect client, enabling...

  • Page 80: Central Management And Setting Up Metaconnect For Nagios

    it provides an outstanding network monitoring system. With Nagios you can: • Display tables showing the status of each monitored server and network service in real time • Use a wide range of freely available plugins to make detailed checks of specific services –...
  • Page 81 Clients • Typically a client PC, laptop, etc. running Windows, Linux or Mac OS X • Runs MetaConnect • Possibly remote to the central Nagios server or distributed ECS0016 console servers • May receive alert emails from the central Nagios server or distributed ECS0016 console servers •...

  • Page 82: Central Site

    You will also require a web server such as Apache to display the Nagios web UI (and this may be installed automatically as a dependency of the Nagios packages). Central Site Nagios Server Alternatively, you may wish to download the Nagios source code directly from the Nagios website, and build and install the software from scratch.
  • Page 83 The first step is to set up the Nagios features on the console server: System: Nagios on the ECS0016 Management Console. Select Check to make sure the Nagios service is Enter the IP address that the central Nagios server will use to contact the distributed ECS0016 servers in Nagios Host Address.
  • Page 84 Host. IP Address/DNS Name of the network server, e.g.: Enter the 192.168.1.10 and enter a Description, e.g.: Windows 2003 IIS Server Permitted Services. This server will be accessible using Remove all Terminal Services, so check TCP, Port 3389 and log level 1 then click Add.

  • Page 85: Remote Ecs0016 Gateway

    port attached. In Applicable Hosts, check the IP address/DNS name of the IIS server. Connection Alert. Click Apply. Click Now, you can set the console server to send alerts to the Nagios server. Lastly you need to add a User for the client running MetaConnect: Users &...
  • Page 86 upstream Nagios server will use to reach the ECS0016 – if unspecified this will default to the first network port’s IP (Network (1) as entered in System: IP) In Nagios Server Address enter the IP address or DNS name that the ECS0016 will use to reach the upstream Nagios monitoring server Disable SDT Nagios Extensions option if you wish to Check the...
  • Page 87 Enable NSCA monitoring NSCA is the mechanism that allows you to send passive check results from the remote ECS0016 to the Nagios daemon running on the monitor- ing server. To enable NSCA: System: Nagios and check NSCA Enabled Select Select the Encryption to be used from the drop down menu, then enter a Secret password and specify a check Interval.
  • Page 88 Check Permitted TCP/UDP to monitor a service that you have Select previously added as a Permitted Service. Check TCP/UDP to specify a service port that you wish to Select monitor, but to which you do not wish to allow external (MetaConnect) access.

  • Page 89: System Management

    System Management This chapter describes how the Administrator can perform a range of general ECS0016 system administration and configuration tasks such as: • Applying Soft and Hard Resets to the gateway • Reflashing the Firmware • Configuring the Date, Time and NTP System Administration and Reset The Administrator can reboot or reset the gateway to default settings A soft reset is effected by selecting Reboot in the System: Administra-...

  • Page 90: Firmware Upgrades

    Status: Support Report and note the Firmware Version To upgrade, you first must download the latest firmware image (http:// www.startech.com) selecting the most recently added file, and save the image to a system on the same subnet as the ECS0016.

  • Page 91: Configure Date And Time

    Configure Date and Time It is recommended that you set the local Date and Time in the ECS0016 as soon as it is configured. Features like Syslog and NFS logging use the system time for timestamping log entries, while certificate genera- tion depends on a correct Timestamp to check the validity period of the certificate.

  • Page 92: Status Reports

    Status Reports This chapter describes the selection of status reports that are available for review: • Port Access and Active Users • Statistics • Support Reports • Syslog • UPS Status Port Access and Active Users The Administrator can see which Users have access privileges with which serial ports: Select Status: Port Access The Administrator can also see the current status as to Users who have...

  • Page 93: Statistics

    Support Reports The Support Report provides useful status information that will assist the StarTech.com technical support team to solve any problems you may experience with your ECS0016. If you do experience a problem and have to contact support, you have the option of including the Support Report with your email support request.

  • Page 94: Syslog

    Syslog The Linux System Logger maintains a record of all system messages and errors. To view the System Log, select Status: Syslog Remote System Logging: The syslog record can be redirected to a remote Syslog Server. To do so, enter the remote Syslog Server address and port details and click Apply Local System Logging To view the local Syslog file: Select Alerts &...

  • Page 95: Device Management

    Management The ECS0016 has a number of Management reports and tools that can be accessed by both Administrators and Users: • Access and control configured devices • View serial port logs and host logs • Use MetaConnect or the Java terminal to access serially attached consoles •...

  • Page 96: Serial Port Terminal Connection

    Serial Port Terminal Connection Administrator and Users can communicate directly with the ECS0016 command line and with devices attached to the ECS0016 serial ports us- ing MetaConnect and their local telnet client, or using a Java terminal in their browser. To do so: Manage: Terminal Select Click Connect to MetaConnect to access the ECS0016’s command line...

  • Page 97: Basic Configuration - Linux Commands

    The alternate to using MetaConnect and your local telnet client is to download the open source jcterm Java terminal applet into your browser to connect to the ECS0016 and attached serial port devices. However jcterm does have some JRE compatibility issues which may prevent it from loading.

  • Page 98: The Linux Command Line

    Configuration) • Date and Time Configuration (Manually Change Clock Settings and Network Time Protocol Time Zone) • Network Configuration (Static and DHCP IP Configuration, Dial-in Configuration and Services Configuration) • Serial Port Configuration (Serial Port Settings, Supported Protocol Configuration, Users and Trusted Networks) •...
  • Page 99 The config Tool: Syntax config [ ahv ] [ d id ] [ g id ] [ p path ] [ r configurator ] [ s id=value ] Description The config tool allows manipulation and querying of the system configura- tion from the command line.

  • Page 100: Administration Configuration

    The config tool is designed to perform multiple actions from one com- mand if need be, so if necessary options can be chained together. Options Administration Configuration System Settings You can configure the system settings to the following values (denoted in bolded text) using the corresponding commands from the command lines (denoted by italicized text): System Name og.mydomain.com...

  • Page 101: Date And Time Configuration

    LDAP Base Node: Some base node # /bin/config –-set=”config.auth.ldap.basenode=some base node” The following command will synchronize the live system with the new configuration. # /bin/config –-run=auth Date and Time Configuration Manually Change Clock Settings To change the running system time you need to issue the following com- mands: # date 092216452005.05 Format is MMDDhhmm[[CC]YY][.ss] Then the following command will save this new system time to the hard-...

  • Page 102: Network Configuration

    The following command will synchronize the live system with the new configuration: # /bin/config –-run=time Time Zone To change the system time zone USA eastern standard time you need to issue the following commands: # /bin/config –-set=config.system.timezone=US/Eastern The following command will synchronize the live system with the new configuration.
  • Page 103 IP Configuration - Static To set static configuration on the LAN interface with the following at- tributes (denoted in bolded text), you would need to issue the following commands from the command lines (denoted by italicized text): Disable DHCP: # /bin/config –-set=config.interfaces.eth0.mode=static IP Address: 192.168.1.100 # /bin/config –-set=config.interfaces.eth0.address=192.168.1.100 Network Mask: 255.255.255.0...
  • Page 104 The following command will synchronize the live system with the new configuration. # /bin/config –-run=ipconfig Dial-in Configuration To enable dial-in access on the DB9 serial port from the command line with the following attributes: Local IP Address: 172.24.1.1 Remote IP Address: 172.24.1.2 Authentication Type: MSCHAPv2 Serial Port Baud Rate: 115200 Serial Port Flow Control: Hardware...

  • Page 105: Services Configuration

    ‘115200’, and ‘230400’. Supported parity values are ‘None’, ‘Odd’, ‘Even’, ‘Mark’ and ‘Space’. Supported data-bits values are ‘8’, ‘7’, ‘6’ and ‘5’. Supported stop-bits values are ‘1’, ‘1.5’ and ‘2’. Supported flow-control values are ‘Hardware’, ‘Software’ and ‘None’. Services Configuration You can manually enable or disable network servers from the command line.

  • Page 106: Serial Port Configuration

    Please Note: “/bin/config” commands can be combined into one com- mand for convenience. Serial Port Configuration Serial Port Settings To setup serial port 5 to use the following properties (denoted in bolded text), you would need to issue the following commands from the com- mand line (denoted in italicized text): Baud Rate: 115200 # /bin/config –-set=config.ports.port5.speed=115200...

  • Page 107: Users

    Supported stop-bits values are ‘1’, ‘1.5’ and ‘2’. Supported flow-control values are ‘Hardware’, ‘Software’ and ‘None’. Supported Protocol Configuration To ensure remote access to serial port 5 is configured as follows (denoted by bolded text), you would need to issue the following commands (de- noted with italicized text): Telnet Access LAN: Disabled # /bin/config –-set=config.ports.port5.ssh=on...

  • Page 108: Trusted Networks

    Note that if you see: config.users.total So, your new User will be the existing total plus 1; if the previous com- mand gave you 0, then you start with user number 1; if you already have 1 user your new user will be number 2 etc. If you want a user named “user1”...

  • Page 109: Event Logging Configuration

    config.portaccess.total new rule will be the existing total plus 1. So if the previous command gave you 0, then you start with rule number 1; if you already have 1 rule your new rule will be number 2 etc. If you want to restrict access to serial port 5 to computers from a single C class network 192.168.5.0, you need to issue the following commands (assuming you have a previous rule in place): # /bin/config –-set=config.portaccess.rule2.address=192.168.5.0...

  • Page 110: Alert Configuration

    The following command will synchronize the live system with the new configuration. # /bin/config –-run=eventlog Please note that supported remote storage server types are ‘None’, ‘cifs’, ‘nfs’ and ‘syslog’. Supported port logging levels are ‘0’, ‘1’ and ‘2’. Alert Configuration You can add an email alert to the system from the command line by fol- lowing these instructions: Determine the total number of existing alerts (if you have no existing...

  • Page 111: Metaconnect Host Configuration

    The following command will synchronize the live system with the new configuration: # /bin/config –-run=alerts MetaConnect Host Configuration MetaConnect host TCP Ports To setup the list of tcp ports for a host, you use the config command: # config -s config.sdt.hosts.host3.tcpports.tcport1 = 23 # config -s config.sdt.hosts.host3.tcpports.tcport2 = 5900 # config -s config.sdt.hosts.host3.tcpports.tcport3 = 3389 The above assumes the config below:...

  • Page 112: Advanced Configuration

    <user1>JohnWhite</user1> </users> <tcpports><tcpport1>23</tcpport1></tcpports> </host3> </hosts> </sdt> </config> Advanced Configuration Advanced Portmanager pmshell The pmshell command acts similar to the standard tip or cu commands, but all serial port access is directed via the portmanager. Example: To connect to port 8 via the portmanager: # pmshell -l port08 pmshell Commands: Once connected, the pmshell command supports a subset of the ‘~’...

  • Page 113: Pmchat

    History: Typing the character sequence ‘~h’ will generate a history on the serial port. Quit pmshell: Typing the character sequence ‘~.’ will exit from pmshell. To Set RTS to 1 run the command: # pmshell --rts=1 To show all signals: # pmshell –signals DSR=1 DTR=1 CTS=1 RTS=1 DCD=0 Read a line of text from the serial port:...

  • Page 114: Portmanager Daemon

    Example: To detect which users are currently active on which serial ports: # pmusers This command will output nothing if there are no active users currently connected to any ports, otherwise it will respond with a sorted list of usernames per active port: Port 1: user1 user2...

  • Page 115: Signals

    Change which configuration file it uses: -c /etc/config/portmanager.conf Signals Sending a SIGHUP signal to the portmanager will cause it to re-read it’s configuration file. External Scripts and Alerts The portmanager has the ability to execute external scripts on certain events. These events are: When a port is opened by the portmanager: When the portmanager opens a port, it attempts to execute /etc/config/ scripts/portXX.init (where XX is the number of the port, e.g.
  • Page 116 example: </etc/config/pmshell-start.sh > #!/bin/sh PORT=”$1” USER=”$2” echo “Welcome to port $PORT $USER” < /etc/config/pmshell-start.sh> The return value from the script controls whether the user is accepted or not, if 0 is returned (or nothing is done on exit as in the above script) the user is permitted, otherwise the user is denied access.

  • Page 117: Raw Access To Serial Ports

    Instruction Manual Raw Access to Serial Ports Access to Serial Ports You can tip and stty to completely bypass the portmanager and have raw access to the serial ports. When you run tip on a portmanager controlled port, portmanager closes that port, and stops monitoring it until tip releases control of it.

  • Page 118: Ip - Filtering

    • Modem initialization strings To override the standard modem initialization string either use the Management Console or the command line config tool • Enabling Boot Messages on the Console If you are not using a modem on the DB9 console port and instead wish to connect to it directly via a Null Modem cable you may want to enable verbose mode allowing you to see the standard linux start-up messages.

  • Page 119: Customizing The Ip-Filter

    The basic steps performed are as follows: a) The current iptables configuration is erased. b) If a customized IP-Filter script exists it is executed and no other actions are performed. c) Standard policies are inserted which will drop all traffic not explicitly allowed to and through the system.

  • Page 120: Modifying Snmp Configuration

    –-match state –-state ESTABLISHED,RELATED –-jump ACCEPT # Explicitly accept any connections from computers on # 192.168.10.0/24 iptables –-append INPUT –-source 192.168.10.0/24 –-jump ACCEPT More documentation about using the iptables command can be found at the linux netfilter website http://netfilter.org/documentation/index.html Modifying SNMP Configuration /etc/config/snmpd.conf The net-snmpd is an extensible SNMP agent, which when enabled should run with a default configuration.
  • Page 121 Adding more than one SNMP server To add more than one SNMP server for alert traps add the first SNMP server using the Management Console or the command line config tool. Secondary and any further SNMP servers are added manually using config.

  • Page 122: Power Strip Control

    To set the Username field (SNMP version 3 only): config set config.system.snmp.username2=yourusername .. (replacing yourusername with the username config.system.snmp. username2 (3 only)) To set the Engine ID field (SNMP version 3 only): config set config.system.snmp.password2=yourpassword .. (replacing yourpassword with the password) Once the fields are set, apply the configuration with the following com- mand: config run snmp...
  • Page 123 powerman - power on/off nodes Synopsis powerman [-option] [targets] pm [-option] [targets] Options -1, --on Power ON targets. -0, --off Power OFF targets. -c, --cycle Power cycle targets. -r, --reset Assert hardware reset for targets (if implemented by RPC). -f, --flash Turn beacon ON for targets (if implemented by RPC). -u, --unflash Turn beacon OFF for targets (if implemented by RPC).
  • Page 124 Instruction Manual -h, --help Display option summary. -L, --license Show powerman license information. -d, --destination host[:port] Connect to a powerman daemon on non- default host and optionally port. -V, --version Display the powerman version number and exit. -D, --device Displays RPC status information. If targets are specified, only RPC’s matching the target list are displayed.
  • Page 125 As a reminder to the reader, some shells will interpret brackets ([ and ]) for pattern matching. Depending on your shell, it may be necessary to enclose ranged lists within quotes. For example, in tcsh, the last example above should be executed as: powerman --on “foo[0,4-5]”...
  • Page 126 PowerMan authors. However documentation on how they work can be found at http://linux.die.net/man/5/powerman.dev Once the new RPC support has been built into the PowerMan, StarTech.com will then include the updated PowerMan build in a subsequent firmware release. The second path is to directly add support for the new RPC devices (or to customize the existing RPC device support) on your particular console server.
  • Page 127 <off>script to power off</off> <cycle>script to cycle power</cycle> <status>script to write power status to /var/run/power-status</ status> <speed>baud rate</speed> <charsize>character size</charsize> <stop>stop bits</stop> <parity>parity setting</parity> </powerstrip> The id appears on the web page in the list of available devices types to configure.

  • Page 128: Glossary Of Terms Used

    Glossary of Terms Used TERM Authentication BIOS Bonding BOOTP Certificates Instruction Manual MEANING Authentication is the technique by which a process verifies that its communication partner is who it is supposed to be and not an imposter. Authentication confirms that data is sent to the intended recipient and assures the recipient that the data originated from the expected sender and has not been altered on route...
  • Page 129 TERM Certificate Authority Certificate Revocation List CHAP DHCP Encryption Ethernet Instruction Manual MEANING A Certificate Authority is a trusted third party, which certifies public key's to truly belong to their claimed owners. It is a key part of any Public Key Infrastructure, since it allows users to trust that a given public key is the one they wish to use, either to send a private message to its owner or to verify...
  • Page 130 TERM Firewall Gateway Internet Intranet IPMI Instruction Manual MEANING A network gateway device that protects a private network from users on other networks. A firewall is usually installed to allow users on an intranet access to the public Internet without allowing public Internet users access to the intranet.
  • Page 131 TERM Key lifetimes LDAP MAC address MSCHAP Instruction Manual MEANING The length of time before keys are renegotiated Local Area Network The Lightweight Directory Access Protocol (LDAP) is based on the X.500 standard, but sig- nificantly simpler and more readily adapted to meet custom needs.
  • Page 132 TERM Net mask OUT OF BAND Instruction Manual MEANING Network Address Translation. The translation of an IP address used on one network to an IP address on another network. Masquerading is one particular form of NAT. The way that computers know which part of a TCP/IP address refers to the network, and which part refers to the host range.
  • Page 133 TERM RADIUS Router SMASH SMTP Instruction Manual MEANING The Remote Authentication DialIn User Service (RADIUS) protocol was developed by Livingston Enterprises as an access server authentication and accounting protocol. The RADIUS server can support a variety of methods to authenti- cate a user.
  • Page 134 TERM TACACS+ TCP/IP TCP/IP address Instruction Manual MEANING Serial Over LAN (SOL) enables servers to transparently redirect the serial character stream from the baseboard universal asynchro- nous receiver/transmitter (UART) to and from the remoteclient system over a LAN. With SOL support and BIOS redirection (to serial) remote managers can view the BIOS/POST output dur- ing power on, and reconfigured.
  • Page 135 TERM Telnet WINS Instruction Manual MEANING Telnet is a terminal protocol that provides an easytouse method of creating terminal connec- tions to a network. Coordinated Universal Time. Unshielded Twisted Pair cabling. A type of Ethernet cable that can operate up to 100Mb/s. Also known as Category 5 or CAT 5.

  • Page 136: Technical Specifications

    Technical Specifications FEATURE Dimensions Weight Ambient operating temperature Non operating storage temperature Humidity Power Consumption Memory Serial Connectors Serial Baud Rates Ethernet Connectors Instruction Manual VALUE 17 x 8.5 x 1.75 in (43.2 x 21. x 4.5 cm) 3.9 kg (8.5 lbs) 5°C to 50°C (41°F to 122°F) 30°C to +60°C (20°F to +140°F) 5% to 90%...
  • Page 137 RJ45 Connector - PinoutWiring Signal Instruction Manual 1 2 3 4 5 6 7 8 Direction RS232 Signal Description Output Request To Send Input Data Set Ready Input Data Carrier Detect Input Receive Data Output Transmit Data Output Data Terminal Ready Input Clear to Send Ground...
  • Page 138 Instruction Manual Adapter (included Part # 319000) Pinout - (Straight through) Accessory (included Part # 319001) Pinout - (Crossover) Additional adapters available from StarTech.com: GC98FF...

  • Page 139: Technical Support

    Limitation of Liability In no event shall the liability of StarTech.com Ltd. and StarTech.com USA LLP (or their officers, directors, employees or agents) for any damages (whether direct or indirect, special, punitive, incidental, consequential, or...
  • Page 140 StarTech.com has been making “hard-to-find easy” since 1985, providing high quality solutions to a diverse IT and A/V customer base that spans many channels, including government, education and industrial facilities to name just a few. We offer an unmatched selection of computer parts, cables, A/V products, KVM and Serv-...

Table of Contents