1. Manuals
  2. Brands
  3. Raritan Manuals
  4. Network Hardware
  5. Dominion SX16
  6. Installation and operation manual

Raritan Dominion SX16 Installation And Operation Manual

Dominion sx ip console servers
Hide thumbs Also See for Dominion SX16:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual
Installation and
Operations Manual
SX16
SX32

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Dominion SX16 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Raritan Dominion SX16

Summary of Contents for Raritan Dominion SX16

  • Page 1 Installation and Operations Manual SX16 SX32...
  • Page 2 This page intentionally left blank.
  • Page 3 Installation and Operations Manual SX16 SX32 1F61 I.T.E. L I S T E D Copyright ©2003 Raritan Computer, Inc. DSX-0A-E October 2003 255-60-2000 Raritan Computer Inc. Raritan Computer Europe, B.V. Raritan Computer Japan, Inc. Raritan Computer Taiwan, Inc. 400 Cottontail Lane...
  • Page 4 This page intentionally left blank.
  • Page 5 ©Copyright 2003 Raritan Computer, Inc., Dominion™, RaritanConsole™, SecureChat™, Remote Power Control™, Paragon®, Powerboard™ and the Raritan company logo are trademarks of Raritan Computer, Inc. All rights reserved. Java® is a registered trademark of Sun Microsystems, Inc. Internet Explorer® is a registered trademark of Microsoft Corporation.
  • Page 6 This page intentionally left blank.

  • Page 7: Table Of Contents

    ABLE OF ONTENTS Table of Contents Chapter 1: Introduction ................1 Dominion SX Overview ...........................1 Product Photos ............................1 Product Features ............................1 Package Contents...........................2 Chapter 2: Installation ................3 Pre-Configuration Notes .........................3 Hardware Installation ..........................3 Initial Software Configuration ......................5 Configuration ............................5 Step-by-Step Configuration ......................6 Time and Date Configuration ........................8 Deployment .............................9 Chapter 3: Operation ................11...
  • Page 8 Installing Dominion SX CA-Root Certificate to a Browser ..............77 Installing CA Root for IE Browsers .......................78 Accept a Certificate (Session-Based).....................78 Install the Raritan Root Certificate....................78 Remove an Accepted Certificate....................81 Install CA Root for Netscape Navigator ....................82 Accept a Certificate (Session-Based).....................82 Install the Dominion SX Root Certificate ..................83...
  • Page 9 ABLE OF ONTENTS File Directory Structure.........................121 File System API through TCL.......................121 TCL Commands ...........................122 Accessing TCL Window .......................123 Resetting TCL Interpreter......................123 Editing TCL Scripts........................123 Executing TCL Scripts ........................124 Automatic Execution of a TCL Script upon Power Up..............124 Generating a User Event ........................125 Extensions to TCL..........................126 Basic TCL Server Example.........................135 Basic CPU Utilization Monitoring Example ..................136...
  • Page 10 ABLE OF ONTENTS...
  • Page 11 ABLE OF IGURES Table of Figures Figure 1 Dominion SX32 Unit........................1 Figure 2 Rear Panel ............................3 Figure 3 Default Settings for Factory Reset Mode ..................4 Figure 4 Hardware Setup for Initial Software Configuration................5 Figure 5 Initial Configuration showing Physical Installation was successful ..........6 Figure 6 Initial Configuration screen for the First Administrator Account............7 Figure 7 Initial Configuration screen for Network Settings ................7 Figure 8 End of Initial Setup ..........................8...
  • Page 12 ABLE OF IGURES Figure 44 Port Editing Display........................41 Figure 45 Users Tab Display........................43 Figure 46 New User Creation ........................44 Figure 47 User Modification ........................45 Figure 48 IP ACL Configuration Display......................46 Figure 49 Invalid Subnet Mask Message ....................47 Figure 50 Certificate Tab Display ........................48 Figure 51 Certificate Configuration Display....................49 Figure 52 Generate Certificate Display .......................50 Figure 53 View Self-Signed Certificate Display...................50...
  • Page 13 Figure 119 Connection Availability ......................113 Figure 120 Network Connection Wizard Completion ................114 Figure 121 IE Client Download Display.....................115 Figure 122 Raritan Plugin Security Warning Display ................115 Figure 123 Netscape Plugin Redirection Display..................116 Figure 124 TCL Architecture ........................119 Figure 125 Activating TCL Scripting Window ....................123...
  • Page 14 viii ABLE OF IGURES...

  • Page 15: Chapter 1: Introduction

    1: I HAPTER NTRODUCTION Chapter 1: Introduction Dominion SX Overview The Dominion SX Series of Serial over IP Console Servers offers convenient and secure, remote access and control via LAN/WAN, Internet or Dial-up modem of all networking devices. Dominion SX connects to any networking device (servers, firewalls, load balancer, etc.) via the serial port and provides the ability to remotely and securely manage the device using any Web browser.

  • Page 16: Package Contents

    Each Dominion SX ships with the following: • (1) Dominion SX unit with mounting racks installed (Rackmount kit is optional on some units) • (1) Raritan User Manual CD-ROM containing the Dominion SX Installation and Operations Manual • (1) Power cord •...

  • Page 17: Chapter 2: Installation

    If you are uncertain of any information, contact your system administrator for assistance. Network Information: • Raritan Unit Name: The name of this unit, a generic term for the Dominion SX unit. This can be 64 characters maximum, no minimum, no spaces. •...

  • Page 18: Figure 3 Default Settings For Factory Reset Mode

    SX I OMINION NSTALLATION AND PERATIONS ANUAL Physical Installation of Dominion SX for Initial Configuration: 1. Obtain a computer with a network card and crossover network cable. This computer will be referred to as the ‘installation computer.’ 2. A unique MAC address for each unit is shown on a sticker on the chassis. Make a note of this address prior to physical installation.

  • Page 19: Initial Software Configuration

    2: I HAPTER NSTALLATION Initial Software Configuration Crossover Network Cable Dominion SX Unit Browser Installation Computer Figure 4 Hardware Setup for Initial Software Configuration User Information: This information should be entered for each user, up to 50 user accounts, with at least one administrator for each Dominion SX unit: •...

  • Page 20: Step-By-Step Configuration

    SX I OMINION NSTALLATION AND PERATIONS ANUAL Step-by-Step Configuration 1. Access the unit through your Web browser on an installation computer that is on the same subnet by typing the URL: https://192.0.0.192. Figure 5 Initial Configuration showing Physical Installation was successful 2.

  • Page 21: Figure 6 Initial Configuration Screen For The First Administrator Account

    5. The Network Configuration Window allows the user to specify the network settings for the unit. A network administrator typically assigns the values for these parameters. All fields are required: − Raritan Unit Name: Descriptive name for this unit − IP Address: Network address for this unit −...

  • Page 22: Time And Date Configuration

    SX I OMINION NSTALLATION AND PERATIONS ANUAL 6. Click on the [Finish] button to complete the initial configuration of Dominion SX. You will see a screen that indicates successful configuration of the unit. The system will reboot and apply the new settings. Figure 8 End of Initial Setup Time and Date Configuration We recommend that you configure the local Date and Time in the Dominion SX unit as soon as it is configured.

  • Page 23: Deployment

    2: I HAPTER NSTALLATION Deployment After the Initial Software Configuration phase, a Dominion SX unit is configured for operation on the LAN. Ethernet Connection Browser Dominion SX Unit Installation Computer Figure 10 Deployment 1. Make sure you have an allocated Ethernet cable connected to the network for use with the unit. 2.
  • Page 24 SX I OMINION NSTALLATION AND PERATIONS ANUAL...

  • Page 25: Chapter 3: Operation

    3: O HAPTER PERATION Chapter 3: Operation Overview Once the Dominion SX unit has been deployed in its final destination, you can access the console of the target device. This chapter explains the normal operational procedures. Accessing the Remote Device The remote device can be accessed in one of two ways, either browser-based or by direct port access, used either as a user based remote device access method or used for application programs to access the target device programmatically.

  • Page 26: Figure 12 Login Display

    SX I OMINION NSTALLATION AND PERATIONS ANUAL 3. When the login screen appears, enter your Login Name and Password, and click on the [Login] button. Figure 12 Login Display 4. When the main display page appears, click on the desired [Port#] button to launch that port’s console display. Figure 13 Main Display with Available Ports...

  • Page 27: Security Dialog For Console Display

    Security Dialog for Console Display RaritanConsole, an applet included with your Dominion SX unit, is designed by Raritan to enable the applet to access the resources of the user’s computer. Both the copy and paste and the logging features of these applications require the use of the client computer system resources.

  • Page 28: Netscape Navigator

    SX I OMINION NSTALLATION AND PERATIONS ANUAL Netscape Navigator RaritanConsole loads without displaying a Security Warning window. When actions that require user permissions are performed, a security dialog will appear. Each operation requires a unique permission. The Start Logging and Copy/Paste operations will prompt the user with a security dialog window.

  • Page 29: Sending A Break / Null

    3: O HAPTER PERATION Once the Security screens are completed, the console window appears, and the user can begin working with the remote target system. Figure 17 Console Window Sending a Break / Null Some target systems, such as Sun Servers, require a null character (Break) to be sent from the console. Pressing the <F8>...
  • Page 30 SX I OMINION NSTALLATION AND PERATIONS ANUAL...

  • Page 31: Chapter 4: Console Features

    4: C HAPTER ONSOLE EATURES Chapter 4: Console Features There are six drop-down menus available in the menu bar of the console window: • Emulator • Edit • Chat • Tools • Script • Help Emulator Settings The Settings window displays the Buffer Size, Terminal Type, and Cursor Type for the console window. •...

  • Page 32: History

    SX I OMINION NSTALLATION AND PERATIONS ANUAL History The History feature allows you to view the recent history of console sessions by displaying the console messages to and from the target device. This function displays up to 999 lines of recent console message history, allowing a user to see target device events over time.

  • Page 33: Write Access

    4: C HAPTER ONSOLE EATURES Write Access The user with Write Access can send commands to the target device. Write Access can be transferred among users working in RaritanConsole via the Get Write Access command or by using the <F8> key (please see Chapter 2: Operation for additional details).

  • Page 34: Figure 21 Console Without Write Access; With Write Access Warning Window

    SX I OMINION NSTALLATION AND PERATIONS ANUAL 4. When another user assumes Write Access from you, a modal display will appear on your screen. Loss of Write Access is indicated by a red block before Write Access in the status bar. The modal display appears only on the screen of the user who currently has Write Access.

  • Page 35: User List

    4: C HAPTER ONSOLE EATURES User List The User List command allows you to view a list of other users who are accessing the same port. An asterisk (*) appears before the user who has Write Access to the console. To View the User List: 1.

  • Page 36: Close

    SX I OMINION NSTALLATION AND PERATIONS ANUAL Close To Close RaritanConsole: 1. Click on Emulator in the main menu. 2. Select Close from the drop-down menu. Figure 23 Close Command...

  • Page 37: Edit

    4: C HAPTER ONSOLE EATURES Edit Use the Copy, Paste, and Select All Text commands to relocate and / or re-use important text. Figure 24 Edit Commands - Copy, Paste, and Select All Text To Copy and Paste All Text: 1.

  • Page 38: Tools

    SX I OMINION NSTALLATION AND PERATIONS ANUAL Tools Raw console data from the target device can be logged to a file in your computer. The Logging indicator on the status bar indicates whether Logging is on or off. Start Logging 1.

  • Page 39: Stop Logging

    4: C HAPTER ONSOLE EATURES Stop Logging 1. Click on Tools in the main menu. 2. Select Stop Logging from the drop-down menu. Logging is On until the Stop Logging command is executed. Figure 26 Stop Logging Command...

  • Page 40: Script

    TCL scripts. Please see Appendix I: TCL Programming Guide for additional information. RaritanConsole also comes with User Definable Events that can be generated by TCL scripts. Raritan has introduced an extension library to provide an API to the RaritanConsole’s functions. Additionally, the unit comes with an extensive list of notification events that can be used to audit, track and trace the conditions of and modifications to the unit itself.

  • Page 41: Securechat

    4: C HAPTER ONSOLE EATURES SecureChat A real-time interactive chat feature called SecureChat provides you and other users who are accessing the console port of the target device to conduct an online dialog for training or collaborative diagnostic activities. To use SecureChat: 1.

  • Page 42: Help

    SX I OMINION NSTALLATION AND PERATIONS ANUAL Help Help Topics include on-line assistance for operating RaritanConsole and the console window, and Release information about RaritanConsole. Help Topics To Access Help Topics: 1. Click on Help in the main menu. 2. Select Help Topics from the drop-down menu. Figure 29 Help Topics Command and Help File Window 3.

  • Page 43: About Raritanconsole

    About RaritanConsole The ‘About’ window displays version information (name and revision number) for the console terminal emulation software, and copyright information. When contacting Raritan for technical support when performing a software upgrade, etc., you may be asked for this information.

  • Page 44: Direct Port Access

    SX I OMINION NSTALLATION AND PERATIONS ANUAL Direct Port Access This approach provides a quick and direct method of connecting to the console port in order to access unit programmability or the console of the target device directly. There are two ways to access the target device console directly by giving the appropriate URL.

  • Page 45: Url With Port Number

    4: C HAPTER ONSOLE EATURES URL with Port Number 1. Type the following URL into the browser's location bar: https://<IPAddress>/dpa.htm?port="portnumber" − IPAddress: This is the IP Address of the unit. This can be either the actual IP address of the unit or IPAddress assigned for a modem.

  • Page 46: Exit The Application

    SX I OMINION NSTALLATION AND PERATIONS ANUAL Incomplete Parameters Specified: If the parameters specified in the URL are incomplete, for example, if only the user name and port number are specified and password is omitted in the URL, the user is alerted that there is missing information. Figure 35 Incomplete Parameter Error Display Exit the Application Click on the [Exit] button in the left panel of the Dominion SX window to exit Dominion SX.

  • Page 47: Figure 37 Exit Confirmation Display

    4: C HAPTER ONSOLE EATURES If changes have been saved already, the unit will confirm the request to exit. Click on the [OK] button to log out of the unit. Figure 37 Exit Confirmation Display A confirmation screen will indicate disconnection from the unit. Figure 38 Unit Disconnection Display...

  • Page 48: Dominion Sx Management

    SX I OMINION NSTALLATION AND PERATIONS ANUAL Dominion SX Management Aside from providing the capability to manage a remote target device, Dominion SX has a number of powerful built-in features and capabilities available to manage the unit itself. With Dominion SX, users can: •...

  • Page 49: Configuration Lock And The Configuration Save Commands

    4: C HAPTER ONSOLE EATURES • Configuration Tabs: Displays several screens in which the user configures different elements of the application • Configuration Save Commands: Used to save or ignore changes made to configuration Configuration Lock and the Configuration Save Commands Dominion SX is designed to allow only one user to configure it at any given time.
  • Page 50 SX I OMINION NSTALLATION AND PERATIONS ANUAL Note: If you are making changes to several different configuration screens in one session, click on the [Update] button in each screen, but wait until making changes in the final configuration screen, and then click on the [Save] button to save all changes with just one action. 7.

  • Page 51: Configuration

    4: C HAPTER ONSOLE EATURES Configuration Report Overview The Report configuration screen displays detailed information on how the Dominion SX has been configured, which can be useful if debugging or troubleshooting. • System time and date • Ethernet address • Network configuration (IP address, subnet mask, and gateway) •...

  • Page 52: Network

    SX I OMINION NSTALLATION AND PERATIONS ANUAL Network Overview The Network configuration screen provides an area for Administrators to define both the network and modem (optional) settings for the unit. Figure 41 Network Configuration Display Some Dominion SX units comes equipped with a 56Kbps (bits per second) modem, which allows dial-in access to the unit from virtually any location in the world.
  • Page 53 4: C HAPTER ONSOLE EATURES The parameters for configuring modem access include: PARAMETER DESCRIPTION Enable Modem Configures the modem to answer calls PPP Server IP IP address of the PPP server (Dominion SX unit) PPP Client IP IP address of the PPP client (remote computer) Configure Modem Parameters 1.

  • Page 54: Figure 42 Modem Connection To A Dominion Sx Unit

    SX I OMINION NSTALLATION AND PERATIONS ANUAL Modem Usage Dial-up connection support for the unit allows users to access the connected target device when normal network connectivity to Dominion SX is not available. Once the PPP connection is established between the client computer and the unit, the user can access the unit by using the browser.

  • Page 55: Ports

    • Application: Application type that is associated with a specific port; default application provided is RaritanConsole (contact Raritan for additional applications) • Baud rate: Baud rate of the serial port; should match that of the target device connected to the port (valid choices are 1200, 1800, 2400, 4800, 9600, 19200, 28800, 38400, 57600, 115200) •...
  • Page 56 SX I OMINION NSTALLATION AND PERATIONS ANUAL • Parity check: Enabling or disabling of the Parity function of the serial port; should also match the target device’s setting • Xon/Xoff: Can be enabled if the target system supports this feature; will allow the unit to control the data flow and reduce the chance of data loss •...

  • Page 57: Users

    4: C HAPTER ONSOLE EATURES Users Overview The Users configuration screen provides a place to define a user list with appropriate unit access permissions. There are three classes of users, each with different rights: • Administrators: Can view and modify all configuration information, including the user information for all user types (Administrators, Operators, and Observers).

  • Page 58: Figure 46 New User Creation

    SX I OMINION NSTALLATION AND PERATIONS ANUAL • Ports: List of ports that the user can access; by default, Administrators are given access to all ports, and can assign ports to Operators and Observers Add a New User Only an Administrator can create a new Administrator, Operator, or Observer. New users’ records are valid only after the configuration is saved, and users can change their passwords after the first time they log on.

  • Page 59: Figure 47 User Modification

    4: C HAPTER ONSOLE EATURES Edit Existing User Information All users can edit their own Passwords, but only Administrators can edit all other User information (except Login Name). Observers and Operators cannot change any User Information. If the user is logged in at the time the Administrator is editing that User’s information, only the Information and Password fields can be changed.

  • Page 60: Ip Acl

    SX I OMINION NSTALLATION AND PERATIONS ANUAL IP ACL Overview The IP ACL (Access Control List) Tab provides additional security by allowing Administrators to limit the client machines that can access the unit. Administrators can specify either specific IP addresses or ranges of IP addresses of machines that cannot connect to the unit.

  • Page 61: Figure 49 Invalid Subnet Mask Message

    4: C HAPTER ONSOLE EATURES If an invalid subnet mask is entered, an error message will appear. For example, 255.10.255.0 is an invalid subnet mask. Figure 49 Invalid Subnet Mask Message Add a New Address 1. Click on the [New] button. 2.

  • Page 62: Certificate

    Dominion SX provides different methods of generating certificates. • Default (or Self-Signed) Certificate: By default, the unit ships with a self-signed certificate signed by Raritan Computer. The certificate strength is 1024-bits and the certificate is valid for one year. •...

  • Page 63: Figure 51 Certificate Configuration Display

    Default Certificate The unit ships with a 1024-bit self-signed certificate signed by Raritan. When a user powers up the unit for the first time, an SSL certificate is generated that is associated to the default IP address 192.0.0.192. Once the unit is configured with its new IP address, the unit reboots and uses the new IP address to generate a new certificate.

  • Page 64: Figure 52 Generate Certificate Display

    SX I OMINION NSTALLATION AND PERATIONS ANUAL Generate Default Certificate This function is used when the certificate has expired and a new one is needed. 1. Click on the [Generate Default Certificate] button. 2. When the confirmation window appears, confirm that the correct date is displayed. If not, you must change the date by modifying the information on the Time configuration screen (click on the Time tab) before you generate the Certificate, or the Certificate generated may not be valid.

  • Page 65: Figure 54 Activating Default Certificate

    Bit strengths of 512, 1024, and 2048 are supported. If a user-installed certificate is active, a CSR cannot be generated. The default certificate from Raritan must be active in order to generate a CSR. To Generate a CSR Request: First click on the Certificate Signing Request radio button, and then click on the [Generate CSR] button to generate a CSR and a private key that is stored in the unit.

  • Page 66: Figure 56 Csr Configurable Parameters

    The first three fields in this screen are required; the other fields are optional: • Key strength: 512, 1024, or 2048 • Certificate validity period: In days, two years maximum • Common name: Fully qualified host name such as www.raritan.com or 10.0.3.65 • Country name • State/province name •...

  • Page 67: Figure 58 User Certificate

    4: C HAPTER ONSOLE EATURES User Certificate (Install Server Certificate) This function allows the user to install a certificate from various Certificate Authorities (CA) such as VeriSign, Thawte, and Baltimore. If you do not want to use the Certificate generated by the unit, you can obtain one from one of these Certificate Authorities and install it in the unit yourself.

  • Page 68: Figure 59 Schematic Of External Certificate Utilization

    SX I OMINION NSTALLATION AND PERATIONS ANUAL When a user connects to the unit, the Server Certificate is downloaded. The browser trusts the server certificate if the signer of this Certificate, or “CA Root,” is installed in the browser. Install the Server Certificate and the Trusted Agencies Private Key file...

  • Page 69: Radius

    4: C HAPTER ONSOLE EATURES RADIUS Overview The RADIUS configuration screen allows Administrators to modify information regarding RADIUS, or the Remote Authentication Dial-In User Service, an access server authentication, authorization, and accounting protocol developed by Livingston Enterprises, Inc. RADIUS protocol defines the communication between a RADIUS client and a RADIUS server.

  • Page 70: Figure 61 Unsuccessful Login Message Window

    SX I OMINION NSTALLATION AND PERATIONS ANUAL RADIUS users are treated differently from local users only until authentication comes from the RADIUS server. Once the RADIUS server authenticates a particular user, this RADIUS user enjoys the same privileges as any other local user.

  • Page 71: Figure 62 Radius Configuration Display

    4: C HAPTER ONSOLE EATURES Enabling RADIUS Every unit has to be configured for RADIUS Communication to obtain authentication from the RADIUS Server. Administrators should log on to the unit as any non-RADIUS user, and then configure the unit following these steps to obtain authentication: 1.

  • Page 72: Figure 63 Current Users List

    SX I OMINION NSTALLATION AND PERATIONS ANUAL Usage Once you are logged on to the unit as a RADIUS user, you can check your login name in the Current users list in the left panel. This list contains a list of RADIUS and as well as non-RADIUS users currently logged-in to the unit. Current Users List...

  • Page 73: Time

    4: C HAPTER ONSOLE EATURES Time Overview The Time configuration screen is important for modifying the time and date in the Dominion SX unit. Some features in Dominion SX, for example, Certificate generation, depend on the correct Timestamp, which is used to check the validity period of the certificate.

  • Page 74: Notification

    SX I OMINION NSTALLATION AND PERATIONS ANUAL Notification Overview The Notification configuration screen allows an Administrator to set up notification schemes based on events that occur on the target device. Notification events are sent out as email messages. It is possible to convert the email service to a page so that the notification can be received in a prompt manner.

  • Page 75: Figure 66 New Notification Display

    1. Click on the [New] button. 2. Select the desired event from the Event Name drop-down list, for which an email is to be generated. The event list contains events predefined by Raritan. To subscribe to a user-defined event, type the user defined event name.

  • Page 76: Figure 67 Edit Notification Destination

    SX I OMINION NSTALLATION AND PERATIONS ANUAL Edit a Notification Entry 1. Select the entry to be modified. 2. Click on the [Edit] button. 3. Make changes to the entry in the fields that appear in the lower portion of the screen. 4.
  • Page 77 Notification configuration has been modified. Dominion SX Standard Error Notification Events The following is a list of standard error events that are internally generated by the unit. Should these notifications occur, please call Raritan Support. ERROR EVENT NAME DESCRIPTION event.amp.error System related.

  • Page 78: Upgrade

    Figure 68 Upgrade Display Upgrades can be done of the complete software (AmpAdmin package) and the various applications (AmpApp package) supplied by Raritan. The upgrade steps are similar for both cases. To Perform a Complete Software Upgrade: 1. Click on the [Upgrade] button in the left panel.
  • Page 79 EATURES To Upgrade the Application: Dominion SX has the ability to run different applications on each port; Raritan has a library of applications available for purchase, please contact us for more information. To load these applications into the unit for deployment: 1.

  • Page 80: Reset

    SX I OMINION NSTALLATION AND PERATIONS ANUAL Reset Soft Reset Only an Administrator can execute a Soft Reset by clicking on the [Reset] button in the left panel of the main window. This resets the unit, logs off all the logged-in users and exits the application. A list of logged-in users who will be logged out upon reset will be displayed.

  • Page 81: Factory Reset

    4: C HAPTER ONSOLE EATURES Factory Reset You may want to perform a factory reset, or hard reset to the Dominion SX unit to revert the configuration to known defaults. This is useful if the IP address of the unit is no longer known. Using the following procedure, the network settings of the unit will be reset to the values shown in the table below, and all ports will be reset to 9600 baud, no parity checking, and no hardware flow control.
  • Page 82 SX I OMINION NSTALLATION AND PERATIONS ANUAL...

  • Page 83: Chapter 5: Dominion Sx Connectivity And Serial Pin-Out Guides

    5: D SX C HAPTER OMINION ONNECTIVITY AND ERIAL UIDES Chapter 5: Dominion SX Connectivity and Serial Pin- Out Guides Connectivity Table: This table lists the necessary Dominion SX hardware (adapters and/or cables) for connecting Dominion SX to common Vendor/Model combinations: VENDOR MODELS CONSOLECON...
  • Page 84 SX I OMINION NSTALLATION AND PERATIONS ANUAL...

  • Page 85: Appendix A: Specifications

    10 lbs. 110/220V auto-switching: 50-60 Hz (438mm x 288mm x 44mm) (4.53 kb.) General Models: SX4, SX8, SX16, SX32 Power Requirements: 110/220V auto-switching: 50-60 Hz Operating Temperature: 32° to 104° C (0° to 40° F) Operating Humidity: 20% - 85% RG...
  • Page 86 SX I OMINION NSTALLATION AND PERATIONS ANUAL...

  • Page 87: Appendix B: System Defaults

    B: S PPENDIX YSTEM EFAULTS Appendix B: System Defaults Dominion SX system defaults, as shipped from Raritan, are defined in the table below. EFAULT IP Address 192.0.0.192 Subnet Mask 255.255.0.0 Port Address ENERAL ETTINGS Modem Disabled RADIUS Disabled ERIAL ORTS...
  • Page 88 SX I OMINION NSTALLATION AND PERATIONS ANUAL...

  • Page 89: Appendix C: Certificates

    C: C PPENDIX ERTIFICATES Appendix C: Certificates Certificate A Certificate is an electronic document that is used to identify an individual, a server, or some other entity and to associate that identity with the public Key. Certificate Contents This section discusses certificate contents and the differences between the CA (Certificate Authority) Certificate and the Server Certificate that are present on the Dominion SX unit.

  • Page 90: Certificate Authority

    SX I OMINION NSTALLATION AND PERATIONS ANUAL Certificate Authority Certificates are issued by Certificate Authorities (CAs), such as Verisign, Thawte, Baltimore, and others. These certificate authorities validate the identity of the individual/entity before issuing the certificate. A Certificate Authority signs all certificates that it issues with its private key and the CA certificate contains the corresponding public key.

  • Page 91: Installing Dominion Sx Ca-Root Certificate To A Browser

    C: C PPENDIX ERTIFICATES Installing Dominion SX CA-Root Certificate to a Browser The CA Root Certificate generated in the Dominion SX unit must be installed in the browser in order for the browser to trust the Server Certificate. When the user connects to the Dominion SX unit by entering the IP address in the browser, the Server Certificate is downloaded.

  • Page 92: Installing Ca Root For Ie Browsers

    When the session closes, this certificate will expire and will have to be reloaded upon with the next connection. Install the Raritan Root Certificate By installing the Raritan root certificate in IE, you can prevent the Security Alert window from appearing whenever you access any SSL-secured Dominion SX unit.

  • Page 93: Figure 76 View Of Ca_Root.cer

    C: C PPENDIX ERTIFICATES 5. Paste the text into a text editor such as Notepad or WordPad, and save it as a CA_ROOT.cer file on your desktop. 6. Open the CA_ROOT.cer file by double-clicking on it. This will open the certificate. Figure 76 View of CA_ROOT.cer 7.

  • Page 94: Figure 78 Import Wizard, Select A Certificate Page

    SX I OMINION NSTALLATION AND PERATIONS ANUAL 9. Select the Certificate store, the system area where the certificates are stored. If you do not want the Certificate Manager to select the certificate store automatically, click on the Place all certificates into the following store radio button and click on the [Browse] button to choose a file you prefer.

  • Page 95: Remove An Accepted Certificate

    Removing a certificate that you have previously accepted from the unit is the same process whether removing an Raritan default certificate or a user-installed third-party certificate. 1. Open IE and select Tools Internet Options from the main menu. The Internet Options window will appear.

  • Page 96: Install Ca Root For Netscape Navigator

    You must repeat the acceptance process for each Dominion SX unit you wish to access. To eliminate the appearance of this window for every Dominion SX unit with a particular certificate, you must install the root certificate in your browser, described in the Install the Raritan Root Certificate section that follows.

  • Page 97: Install The Dominion Sx Root Certificate

    Raritan default certificate is the certificate in use. Figure 84 Viewing the Certificate 3. Click on the [View Certificate] button. The code for the Raritan certificate should appear in the Certificate text field. 4. Select the text in the Base64 Certificate field and copy it by selecting Edit Copy from the main menu.

  • Page 98: Figure 86 Netscape New Certificate Authority Window

    15. Click on the [Next] button in this screen, and click on the [Next] button in the next screen. When prompted to enter a name for the Certificate Authority, type Security Appliance CA. Click on the [Finish] button. The Raritan default root certificate is now installed.

  • Page 99: Remove An Accepted Certificate

    Removing a previously accepted certificate from a Dominion SX unit uses the same process whether removing a Raritan default certificate or removing a user-installed third-party certificate. 1. Open Netscape Navigator and click on either the [Security] button or on the lock icon in the lower left of the window.

  • Page 100: Install A Third-Party Root Certificate

    Note: Some CAs will provide the root certificate code in text format rather than providing a downloadable root certificate. If this occurs, select the root certificate code, copy it, and follow the steps outlined in the section Install the Raritan Root Certificate, then follow the steps outlined below.

  • Page 101: Figure 90 New Certificate Authority Window In Netscape

    C: C PPENDIX ERTIFICATES 4. Click on the [Delete] button and then click on the [OK] button. 5. Return to the CA’s website and try to download the root certificate again. Note: If an error message appears, it indicates that the certificate deleted from the list in the Netscape security settings may not have been the correct one.
  • Page 102 SX I OMINION NSTALLATION AND PERATIONS ANUAL...

  • Page 103: Appendix D: Radius Server

    Vendor-Specific: This Attribute is available to allow Raritan to support more detailed resource control. To control the number of ports being accessed by a particular user, a new Vendor code is added for Raritan Systems. The Vendor code takes a value of 8267 and the String to be entered should follow this format: −...

  • Page 104: Install And Configure The Radius Server For Windows 2000

    SX I OMINION NSTALLATION AND PERATIONS ANUAL − If the RADIUS Server is not configured for Vendor-Specific type or it fails to follow the above specifications, the value specified for the Service-Type will determine the privileges to be given to the user. In this case, the user will be given access to all the ports.
  • Page 105 4. Click on the [Add] button to specify a new condition, then: In the Select Attribute dialog box, click the attribute you want, and then click on the Add button. Please add Service-Type for Raritan. b. Select Authenticate only and click on the [OK] button.
  • Page 106 NSTALLATION AND PERATIONS ANUAL (1) Click on the [Advanced] button and add Vendor-Specific for Raritan. Please use Vendor Code = 8267 and enter String in the following format: (a) IP Address of the Dominion SX unit separated by a ‘:’.
  • Page 107 D: RADIUS S PPENDIX ERVER • For a Service-Type of Login, Framed, Callback Login, Callback Framed, Outbound, or Callback NAS Prompt, the user is mapped only to an Observer-type user and has read-only access to all ports. Note: The setting of Remote Access Permission on the user object will override this setting if set to either Grant remote access permission or Deny remote access permission.
  • Page 108 SX I OMINION NSTALLATION AND PERATIONS ANUAL H. Enable the Routing and Remote Access Service If this server is a member of a Windows 2000 Active Directory domain and you are not a domain administrator, your domain administrator must add the computer account of this server to the RAS and IAS Servers security group in the domain of which this server is a member.
  • Page 109 D: RADIUS S PPENDIX ERVER K. Add a User Account 1. Open Active Directory Users and Computers. 2. In the Console Tree, double-click on the domain node. 3. In the Details pane, right-click on the organizational unit to which you want to add the user, point to New and select User.
  • Page 110 SX I OMINION NSTALLATION AND PERATIONS ANUAL d. From the Attribute types pop-up menu, click on Windows-Groups Click on the [Add] button. Click on Groups menu. g. Click on the [Add] button. h. Click on the appropriate group and click on the [OK] button. After these steps are executed, a new user can connect to the NAS device and IAS will look at the user name, find the group in which it is a member, and use the policy associated with that group.

  • Page 111: Appendix E: Configuring Cisco Acs Radius Server

    E: C ACS RADIUS S PPENDIX ONFIGURING ISCO ERVER Appendix E: Configuring Cisco ACS RADIUS Server Use the following procedure to configure the Cisco RADIUS server so that you can work with Dominion SX. It is assumed here that Administrators are familiar with setting up and configuring the RADIUS server. In order for Dominion SX to support RADIUS, both the unit and the user information must be added into the RADIUS configuration.

  • Page 112: Figure 93 Interface Configuration Display

    SX I OMINION NSTALLATION AND PERATIONS ANUAL 3. Click on the [Interface Configuration] button in the left panel of the screen. Figure 93 Interface Configuration Display 4. Click on the RADIUS (IETF) link to edit properties. Under the User heading, click on the check boxes before Service-Type and Framed Protocol.

  • Page 113: Figure 95 New User Display

    E: C ACS RADIUS S PPENDIX ONFIGURING ISCO ERVER 6. To edit existing users, click on the [User Setup] button in the left panel of the screen. Click on the [List All Users] button and select a user from the list. Figure 95 New User Display 7.
  • Page 114 SX I OMINION NSTALLATION AND PERATIONS ANUAL...

  • Page 115: Appendix F: Rsa Ace/Server Configuration

    F: RSA ACE/S PPENDIX ERVER ONFIGURATION Appendix F: RSA ACE/Server Configuration This section provides guidelines for configuring the RSA ACE/Server 5.0 so that SecureID can be used as the authentication mechanism. Users in an ACE server native database can log on to Dominion SX units installed in the network using SecureID token authentication.

  • Page 116: Figure 99 Add Agent Host Display

    SX I OMINION NSTALLATION AND PERATIONS ANUAL 3. Define and configure all Dominion SX units. Figure 99 Add Agent Host Display Name: Name of the Agent Host; must be a primary name or alias listed in the local host file or DNS server. If an alias is entered, the primary name of the Agent Host appears upon clicking on the [OK] button.

  • Page 117: Figure 101 Add Profile Selection

    ONFIGURATION 4. Select Profile → Add Profile in the main menu. Figure 101 Add Profile Selection 5. In the Add Profile window, assign an appropriate name to identify the desired profile, such as Raritan- Administrator. Figure 102 Add Profile Display 6.

  • Page 118: Figure 103 Add Attribute Display

    SX I OMINION NSTALLATION AND PERATIONS ANUAL 7. Click on the [OK] button to save the changes, then click on the [OK] button in the Add Profile window to return to the main menu. Figure 103 Add Attribute Display Note: Only the user’s Role can be controlled on the Dominion SX units using specific Service- Type profiles.

  • Page 119: Figure 105 Profile Selection Display

    F: RSA ACE/S PPENDIX ERVER ONFIGURATION 9. Click on the [Assign Profile] button and select the appropriate profile from the Select Profile window. Only one profile can be assigned to each user. Click on the [OK] button. Figure 105 Profile Selection Display 10.
  • Page 120 SX I OMINION NSTALLATION AND PERATIONS ANUAL...

  • Page 121: Appendix G: Modem Configuration

    G: M PPENDIX ODEM ONFIGURATION Appendix G: Modem Configuration Client Dialup Networking Configuration Configuring Microsoft Windows Dialup Networking for use with Dominion SX allows configuration of a PC to reside on the same PPP network as the Dominion SX. After the dial-up connection is established, connecting to a Dominion SX is achieved by pointing the web browser to the PPP Server IP.

  • Page 122: Figure 108 New Phone Entry Display

    SX I OMINION NSTALLATION AND PERATIONS ANUAL 3. The New Phonebook Entry window allows you to configure the details of this connection. Click on the Basic tab and complete the following fields: Entry name: Name of the Dominion SX connection b.

  • Page 123: Windows 98 Dialup Networking Configuration

    G: M PPENDIX ODEM ONFIGURATION Windows 98 Dialup Networking Configuration 1. Select Start → Programs → Accessories → Communications → Dialup Networking. 2. Double-click on the Make New Connection icon in the Dialup Networking window to launch it. Figure 110 Configuring Windows 98 Dialup Networking Figure 111 Make New Connection –...

  • Page 124: Figure 112 Make New Connection - Complete

    SX I OMINION NSTALLATION AND PERATIONS ANUAL The next window will inform you that you have successfully created the Dialup Networking Connection. Figure 112 Make New Connection – Complete g. Click on the [Finish] button and an icon will appear in the Dialup Networking window. 4.

  • Page 125: Windows 2000 Dialup Networking Configuration

    G: M PPENDIX ODEM ONFIGURATION Windows 2000 Dialup Networking Configuration 1. Select Start → Programs → Accessories → Communications → Network and Dial-Up Connections. 2. When the Network and Dial-Up Connections window appears, double-click on the Make New Connection icon. Figure 114 Windows 2000 Network and Dialup Connections 3.

  • Page 126: Figure 116 Network Connection Type

    SX I OMINION NSTALLATION AND PERATIONS ANUAL 4. Click on the Dial-up to private network radio button and click on the [Next] button. Figure 116 Network Connection Type 5. Click on the check box before the modem that you want to use to connect to the Dominion SX unit and then click on the [Next] button.

  • Page 127: Figure 118 Phone Number To Dial

    G: M PPENDIX ODEM ONFIGURATION 6. Click in the Use dialing rules check box and enter the Area code and Phone number you wish to dial in the fields. Click on the [Next] button. Figure 118 Phone Number to Dial 7.

  • Page 128: Figure 120 Network Connection Wizard Completion

    SX I OMINION NSTALLATION AND PERATIONS ANUAL 8. The Network Connection has been created, and you can complete set-up of the dial-up connection by entering the name of the Dial-up connection. Figure 120 Network Connection Wizard Completion 9. Click on the [Finish] button. 10.

  • Page 129: Appendix H: Client Software Installation

    5. Permission to allow IE to install the required files will be requested. Click on the [Yes] button to allow IE to install the Raritan Plugin on the client machine (this will take about six minutes with a 56Kbps modem). Please note that this action is performed only once if the files are not present on the client machine –...

  • Page 130: Netscape On Windows Nt/2000/98

    4. A download message appears in the browser. Figure 123 Netscape Plugin Redirection Display 5. Click on the link for Raritan, www.Raritan.com, which will redirect you to Raritan’s download site. 6. Click on the link for the plugin setup, ArulaPluginSetup.exe.

  • Page 131: Remove Raritanconsole On Windows Nt/2000/98

    2. Enter the unit’s modem IP address, which should have been configured in the unit. For example: https://15.0.0.1 3. Click on the Raritan link, www.raritan.com, to launch Raritan’s download site. 4. Click on the ArulaPlugin.tar link. 5. Select Save File in the download pop-up menu and save ArulaPlugin.tar to /var/spool/pkg/ArulaPlugin.
  • Page 132 SX I OMINION NSTALLATION AND PERATIONS ANUAL...

  • Page 133: Appendix I: Tcl Programming Guide

    Dominion SX features a TCL engine and a flash file system for the development and storage of TCL scripts. Dominion SX is pre-configured with a set of User Definable Events that can be generated by TCL scripts. Raritan has introduced an extension library to provide an API to Dominion SX’s functions. In addition, Dominion SX includes an extensive list of notification events that can be used to audit, track, and trace the conditions of and modifications to the unit itself.
  • Page 134 SX I OMINION NSTALLATION AND PERATIONS ANUAL • Data received from each target system on the RS-232 port is sent to all connected Java user consoles and also stored in an internal TCL buffer. Each internal buffer has the following properties: −...

  • Page 135: Boot Script Support

    I: TCL P PPENDIX ROGRAMMING UIDE • Access control for TCL. • By default, administrators are the only users that can access TCL. However, administrators may disable the check. amppermission, amplisten and ampresponse are commands to enable a TCL script to interact with other TCL users. •...

  • Page 136: Tcl Commands

    SX I OMINION NSTALLATION AND PERATIONS ANUAL mkdir <directory name> If absolute path is not provided, then the new directory is created in the present working directory. rmdir <directory name> Remove the specified directory. cd <directory name> Change the current directory to the new directory specified. This command will take a relative path or an absolute path.

  • Page 137: Accessing Tcl Window

    I: TCL P PPENDIX ROGRAMMING UIDE Accessing TCL Window The TCL Interpreter can be accessed through RaritanConsole using the Script menu selection, as described in Chapter 4: Console Features. The TCL prompt is “%”. The command(s) to be executed must be entered AFTER the prompt. The result will be echoed on the next new line.

  • Page 138: Executing Tcl Scripts

    SX I OMINION NSTALLATION AND PERATIONS ANUAL Executing TCL Scripts A stored TCL Script may be executed as follows. % source <filename> The prompt does not return if the script contains forever-loops, but the shell is active (listening) and will take input if the script is designed to accept them.

  • Page 139: Generating A User Event

    I: TCL P PPENDIX ROGRAMMING UIDE Generating a User Event TCL scripts are a powerful tool for performing true device management, in the form of customer-defined monitoring and notification of events. A sample script is shown below: #This script performs the monitoring of HTTP servers. proc pstat {procname port_num} { set psef [concat "ps -ef | grep "...

  • Page 140: Extensions To Tcl

    Raritan unit. ampsave must be executed in order for the changes to become effective, and may be executed at the end of executing a set of these commands or after each command.
  • Page 141 I: TCL P PPENDIX ROGRAMMING UIDE ampsetconfiguration Sets the specified field to the value passed. Returns an error if the interpreter cannot get the config lock. Usage: ampsetconfiguration <category> <field_name> <value> • Category: network, datacom, smtp, radius • Field_name: field to be altered in a particular category •...
  • Page 142 SX I OMINION NSTALLATION AND PERATIONS ANUAL Usage: ampadduser <loginname> <function> <user_name> <password> <portpermission> [information] • Loginname: user login name • Function: type of user (administrator, operator, observer) • User_name: name of user; if there are spaces in the name, the name must be entered in quotes •...
  • Page 143 I: TCL P PPENDIX ROGRAMMING UIDE Usage: ampreset ampupgrade Upgrades the unit. ip_address specifies the server to obtain the file specified by file_path. If the login and password are specified they are used by FTP. If they are not specified, anonymous FTP is used. Usage: ampupgrade <ip_address>...
  • Page 144 SX I OMINION NSTALLATION AND PERATIONS ANUAL ampsetipacl add Adds an IP address to the IP ACL list. Usage: ampsetipacl add <ip_address> <subnet_mask> • Ip_address: ip address to be added to the list • Subnet_mask: subnet mask % ampsetipacl add 10.0.1.120 255.255.0.0 set IP acl successful ampsave command % ampsave...
  • Page 145 Creates a subscription for the URL to the event specified. The URL encapsulates the service to be used for notification, and any parameters required by that service. % ampgetsubscription Has returned NULL because there are no user-defined subscriptions % ampaddsubscription event.user.statusupdate mailto://jsmith@Raritan.com subscription added % ampgetsubscription Has returned NULL because ampsave % ampsave command has not...
  • Page 146 SX I OMINION NSTALLATION AND PERATIONS ANUAL ampdelay <seconds> Pauses the TCL script a number of seconds equal to the integer argument. amptriggerevent <event> <message> Generates an event with the appropriate associated message. The event may not begin with the amp prefix. Events that begin with the amp prefix may only be generated by the AMP and not by a user created script or interactively.
  • Page 147 I: TCL P PPENDIX ROGRAMMING UIDE amppermission [on/off] In order for observers and operators to access a user programmed TCL Script Server, the script must issue amppermssion off to allow the access. Note: if the permission is left off without restoring security, non-administrator users may gain privilege access through TCL scripting shell.
  • Page 148 SX I OMINION NSTALLATION AND PERATIONS ANUAL ampclosesocket [socket_id] Closes the socket represented by the socket ID. If the command fails or the arguments are invalid, the command will return an error with an error message. Command Return Messages • 0 (TCL_OK) No message returned 1 (TCL_ERROR)

  • Page 149: Basic Tcl Server Example

    I: TCL P PPENDIX ROGRAMMING UIDE ampsetconfig datacom checkparity <value> Enables the parity bit if value is 1; disables the parity bit if value is 0. An administrator/operator user will not have write access in a console window when a TCL script is running and has executed amplock for that port.

  • Page 150: Basic Cpu Utilization Monitoring Example

    SX I OMINION NSTALLATION AND PERATIONS ANUAL Basic CPU Utilization Monitoring Example #Description: This TCL script checks the CPU utilization for each port connected to a HP-UX server. It alerts the subscribed user that the threshold limit has reached through e-mail notification. This TCL script uses vmstat to find out the CPU usage of the user process and checks with given threshold limit.
  • Page 151 I: TCL P PPENDIX ROGRAMMING UIDE set id 0 #lock the console amplock $port #clear any previous data in the read buffer ampclear $port #write to the console ampwrite "vmstat -n\n" $port #ignore the first 8 lines to read the cpu usage params. for {set i 0 } {$i <...
  • Page 152 SX I OMINION NSTALLATION AND PERATIONS ANUAL ampresponse ampresponse set ports 1 set noOfPorts 2 initEvents #Main loop starts here... while { 1>0 } { cpuUtil $ports ampdelay $intr set rval [ListenCmds] if { $rval == 1} { delEvents unset $ports unset $noOfPorts unset $thr unset $intr...

  • Page 153: Tcl Server Designed To Interact With A Tcl User

    I: TCL P PPENDIX ROGRAMMING UIDE • In the subscription option, the User must type in the EXACT event shown previously: event.alarm.cpu. • Delay 10 seconds so the script does not overflow the e-mail system. This is configurable using the command INTR while this script is running using the amplisten facility.
  • Page 154 SX I OMINION NSTALLATION AND PERATIONS ANUAL ampresponse break } else { puts “A TCL script is running.\rInputs accepted are DATA/READ1/READ2/READ3/CONSOLE/QUIT" ampresponse Input received is not as per expectation. Remind user what the expected inputs are.

  • Page 155: Appendix J: Troubleshooting

    J: T PPENDIX ROUBLESHOOTING Appendix J: Troubleshooting Problems and Suggested Solutions Page Access ROBLEM OLUTION Server Unreachable If a unit appears to be unreachable by a given browser, please run through the following troubleshooting list: • Verify that the unit is powered on. •...

  • Page 156: Firewall

    SX I OMINION NSTALLATION AND PERATIONS ANUAL Firewall ROBLEM OLUTION Unable to Access the Web Page Firewalls must allow access on port 80 and 443 in order for the unit to operate through a firewall. • Contact your system administrator and request port 80 and 443 access. Login Failure Firewalls must be configured to allow connections using the Dominion SX configurable port network parameter (Default 23).

  • Page 157: Port Access

    J: T PPENDIX ROUBLESHOOTING Port Access ROBLEM OLUTION Port Access Refresh The unit does not automatically refresh the Port Access List. It is refreshed only when the user clicks on the [Port Access] button, therefore, it is possible that a user will have permissions revoked and these changes will not be visible on the port access screen until the [Port Access] button is activated.
  • Page 158 SX I OMINION NSTALLATION AND PERATIONS ANUAL...

  • Page 159: Appendix K: Technical Faqs

    K: T PPENDIX ECHNICAL Appendix K: Technical FAQs UESTION NSWER What are the browsers (and versions) Netscape 4.7 or greater (but not 6.0), or Internet Explorer 5.0 with Java supported? VM 5.0 or greater. No, because the unit is a totally “out of band” solution that runs on its own Is the status of the unit limited by the dedicated microprocessor.
  • Page 160 SX I OMINION NSTALLATION AND PERATIONS ANUAL UESTION NSWER Can I assign specific port access to a Yes, but only if the user is NOT an Administrator. Administrator will specific user? always have access to all the ports. There is a session-specific ID that is sent out each time you login to the Sometimes when I try to log on, I see unit.
  • Page 161 K: T PPENDIX ECHNICAL DSX-0A-E 255-60-2000 ##########...
  • Page 162 SX I OMINION NSTALLATION AND PERATIONS ANUAL...

This manual is also suitable for:

Dominion sx32

Table of Contents