Page 1 AlterPath OnBoard ™ User’s Guide Software Version 1.1.0 Cyclades Corporation 3541 Gateway Boulevard Fremont, CA 94538 USA 1.888.CYCLADES (292.5233) 1.510.771.6100 1.510.771.6200 (fax) http://www.cyclades.com Release Date: April 2006 Part Number: PAC0392...
Page 2 Information in this document is subject to change without notice. The following are registered or registration-pending trademarks of Cyclades Corporation in the United States and other countries: Cyclades and AlterPath. All trademarks, trade names, logos and service marks referenced herein, even when...
Page 3: Table Of Contents
Accessing the OnBoard Using SSH ..........21 Device Management Commands for Use With SSH ..... 21 Dial-in Access ..................22 Cyclades Web Manager ..............23 Power Management Options on the OnBoard ........23 Accessing a Device’s Native Management Features ......24 Native Web ..................
Page 4 Viewing IPDU Information ............69 Using the “Software Upgrade” Screen to View the IPDU’s Current Software Version ................71 Configuring Your Password ............... 72 Chapter 3: Accessing the OnBoard and Connected Devices..........73 Accessing the OnBoard’s Console ............. 75 AlterPath OnBoard User’s Guide...
Page 5 Accessing Device Management Features From the OnBoard’s Console Menu ..................77 Accessing the Console of a Device Through the OnBoard’s Console or By Using SSH ..................79 Creating an SSH Tunnel ..............82 Creating a VPN Tunnel ..............86 Routing Requirements for VPN Connections ........ 88 IPSec VPN Routing Requirements ..........
Page 6 AlterPath OnBoard User’s Guide...
Page 7 Figures Secure Path to a Connected Service Processor ..... 3 Figure 1-1: Figure 1-2: Example Graph for Readings From a Fan Sensor..28 Web Manager Login Screen........42 Figure 2-1: User Options on the Web Manager ......44 Figure 2-2: Figure 2-3: Devices Web Manager Screen........
Page 8 Figure 3-3: Service Processor Action Menu ........79 OnBoard VPN Example Using IPSec ......86 Figure 3-4: Root Log into MindTerm Running an SSH Figure A-1: Console Session ............101 Terminal Menu ............102 Figure A-2: viii AlterPath OnBoard User’s Guide...
Page 9 Tables Table P-1: Document Organization..........xiv Table P-2: Related Documentation ..........xvii Table P-3: Typographic Conventions........... xviii Other Terms and Conventions ........xviii Table P-4: Access-related Security Features........5 Table 1-1: User Types, Responsibilities, and Default Password ..6 Table 1-2: Services and Other Functions Controlled by Security ..
Page 10 AlterPath OnBoard User’s Guide...
Page 11 Procedures Chapter 2: Web Manager Introduction....35 To Check Browsers for Java Plug-in Support..........38 To Install JRE2 Software and Register the Java Plug-in ......39 To Log Into the Web Manager..............43 To Connect to a Service Processor’s Console [Web Manager]....48 To Connect to a Device’s Console [Web Manager] ........
Page 12 To Enable Native IP Access Through a PPTP VPN Tunnel ..... 94 To Access a Native Web Application When a VPN Tunnel Exists ..94 To Access a Native Management Application........... 95 To Generate an OTP Password When Challenged at Dial-in ....98 AlterPath OnBoard User’s Guide...
Page 13: Before You Begin
OnBoard and how to connect to the OnBoard before being able to perform the procedures in the AlterPath OnBoard Administrator’s Guide. Note: This manual describes use of the OnBoard only. It does not describe...
Page 14: Table P-1: Document Organization
Chapter Number and Title Description Provides an overview of the features of the 1: Introduction AlterPath OnBoard for the regular user, along with necessary prerequisite information for understanding the rest of the information in this guide and in the administrator’s guide.
Page 15 Manager. Also describes the special keys and commands the user can use once connected to the web interface or console of a service processor or device. Defines terms needed for understanding Glossary how to use Cyclades products. Before You Begin...
Page 16 Chapter Number and Title Description Provides a way to look up information and Index procedures. In the online version of this manual, clicking the terms in the index brings you to where they are used in the manual. AlterPath OnBoard User’s Guide...
Page 17: Table P-2: Related Documentation
“AlterPath OnBoard.” The following table lists the AlterPath OnBoard documents. As indicated, the QuickStart Guide is printed, and it is also included with the other AlterPath OnBoard documents in PDF format on the Documentation CD that is also shipped with the product.
Page 18: Table P-3: Typographic Conventions
Typographic and Other Conventions The following table describes the typographic conventions used in Cyclades manuals. Table P-3: Typographic Conventions Typeface Meaning Example Links Hypertext links or URLs Go to: http://www.cyclades.com. Emphasis Titles, emphasized or new words See the AlterPath OnBoard or terms Quick Start.
Page 19: Additional Resources
Additional Resources The following sections describe how to get technical support, training, and software upgrades. Cyclades Technical Support Cyclades offers free technical support. To find out how to contact the support center in your region, go to: http://www.cyclades.com/support/ technical_support.php. Before You Begin...
Page 20 OnBoard or for an AlterPath PM that you may also be using with this product. See the AlterPath OnBoard Administrator’s Guide for instructions on upgrading the software on your AlterPath OnBoard and on an optionally- connected AlterPath PM IPDUs. AlterPath OnBoard User’s Guide...
Page 21: Chapter 1: Introduction
The information in this introduction is needed for understanding the information and procedures in the rest of this guide and in the AlterPath OnBoard Administrator’s Guide. The following table lists the topics in this chapter.
Page 22 Cyclades Web Manager Page 23 Power Management Options on the OnBoard Page 23 Accessing a Device’s Native Management Features Page 24 Information Users Need Page 27 Sensor Plotting Page 27 Common Tasks for Device Management Page 31 AlterPath OnBoard User’s Guide...
Page 23: Onboard Advantages For Server Management
OnBoard Advantages for Server Management OnBoard Advantages for Server Management The OnBoard provides access to server-management services that are provided by service processors. Service processors are out-of-band management controllers that many vendors include in their servers. The OnBoard provides a single source for authentication, authorization, and management for multiple types of service processors.
Page 24 Depending on the mode of access, HTTPS or SSH can be used to protect communications that are transported on the public network between the user and the OnBoard. AlterPath OnBoard User’s Guide...
Page 25: Security Features Used In Access Control
Security Features Used in Access Control Security Features Used in Access Control The OnBoard allows administrators to enforce an organization’s security policies by providing security features that control who can access management features on connected devices. The access-related security features are shown in the following table with links to where the features are described in more detail.
Page 26: Table 1-2: User Types, Responsibilities, And Default Password
Cannot be deleted. Has full access to every cyclades admin function of the Web Manager. Also can run the cycli utility on the command line of the Linux shell and can use any Linux commands available to the non-root user. AlterPath OnBoard User’s Guide...
Page 27: Types Of User Authorizations
Types of User Authorizations Table 1-2: User Types, Responsibilities, and Default Password (Continued) User Name Responsibilities Default Password User account optionally configured by an administrator- administrator- administrator to be able to perform assigned assigned management functions on devices connected to the OnBoard. Users’ access to devices and to device-management features is controlled by authorizations.
Page 28: Authentication
The security profile may limit which services are available to users and which functions may be allowed or disallowed. Note: All of the features and procedures described in this guide work when the Moderate security profile is in effect. AlterPath OnBoard User’s Guide...
Page 29: Table 1-3: Services And Other Functions Controlled By Security
Services can also be turned on and off independently from the security profile. For more details, see “Understanding Services” in the AlterPath OnBoard Administrator’s Guide. Note: If you are prevented from using a service you need to use, such as FTP or SNMP, talk with the OnBoard’s administrator to find out if the service can...
Page 30: Types Of Managed Devices
The following means are available for logging into the OnBoard and performing the above-listed actions: • Using the Web Manager and choosing from a list of menu options. For more details, see “Cyclades Web Manager” on page 23. AlterPath OnBoard User’s Guide...
Page 31: Command Line Access Through Console Logins
Command Line Access Through Console Logins • Using an SSH application or the ssh command on the command line of the user’s workstation to connect to the OnBoard’s command line, and then choosing from a list of menu options. See “Accessing the OnBoard’s Console” on page 12, “User Shell (rmenush)”...
Page 32: Accessing The Onboard's Console
OnBoard’s console port as shown in the following figure. The user or administrator logs in through a terminal or through a terminal emulation program on the connected computer. AlterPath OnBoard User’s Guide...
Page 33: User Shell (Rmenush)
User Shell (rmenush) • By using SSH Remote administrators and authorized users can access the OnBoard’s command line through a SSH connection between the user’s computer and the OnBoard. See “Using SSH with the OnBoard” on page 20. • By clicking “Connect to OnBoard” on the Web Manager. After logging into the Web Manager, any type of user can access the console by clicking “OnBoard”...
Page 34: Onboard Shell (Onbdshell)
The option name for the feature in the Web Manager • The option name for the feature in the onbdshell action menu • The command name used with ssh on the command line to access the feature. AlterPath OnBoard User’s Guide...
Page 35: Table 1-1: Options And Command Names For Device Management
Management Features Available to Authorized Users The “Device” column shows the type of device that supports each feature (“dev” for device without a service processor and “SP” for a service processor). Table 1-1: Options and Command Names for Device Management (Sheet 1 of 3) Web Manager Option / onbdshell Option / ssh Command...
Page 36 See “What the Reset Command Does on Different Servers” on page 18. Sensors / Displays unformatted sensor data collected from the server by its service processor. The page sensors provides a button that displays graphs of data from individual sensors. AlterPath OnBoard User’s Guide...
Page 37 Management Features Available to Authorized Users Table 1-1: Options and Command Names for Device Management (Sheet 3 of 3) Web Manager Option / onbdshell Option / ssh Command Device Description Event Log / Displays the system event log (SEL) menu from the server where the service processor resides.
Page 38: What The Power Commands Do On Different Servers
• Warm reset (or warm boot): only the server’s operating system is restarted • Cold boot: the server is fully restarted (the same effect as issuing a “Power cycle” command) AlterPath OnBoard User’s Guide...
Page 39: Management Features Provided On Supported Device Types
“Reset” command to perform one of the lower levels of reset that are available on the service processor. Customizing service processor management scripts in described in the AlterPath OnBoard Administrator’s Guide. Management Features Provided on Supported Device Types...
Page 40: Using Ssh With The Onboard
OnBoard-specific device management commands. • Create an SSH tunnel to get access to a native web application on a device. See “Accessing a Device’s Native Management Features” on page 24 and “Information Users Need” on page 27. AlterPath OnBoard User’s Guide...
Page 41: Accessing The Onboard Using Ssh
Using SSH with the OnBoard OnBoard Using SSH Accessing the As described under “User Shell (rmenush)” on page 13 and “OnBoard Shell (onbdshell)” on page 14, authorized users who connect to the OnBoard’s console are presented with a menu of choices. From the initial menu, users can bring up a list of devices that they are authorized to access and then access a submenu of management actions they can perform on the selected device.
Page 42: Dial-In Access
A modem, GSM, or CDMA PCMCIA card inserted into one of the front PCMCIA slots The OnBoard can be accessed using PPP when the following prerequisites are completed: • The modem or phone card has been configured on the OnBoard for PPP or Autodetect and for optional callback AlterPath OnBoard User’s Guide...
Page 43: Cyclades Web Manager
Cyclades Web Manager • The PPP application at the remote caller’s end has been configured for dialing into the OnBoard and optionally for callback from the OnBoard. • The user account has been configured for PPP access, and the user knows the PPP username and password configured by the OnBoard administrator.
Page 44: Accessing A Device's Native Management Features
The monitoring and management features supported by some service processors through their native web interfaces include access to the server’s serial or graphical user interface, power control, access to sensor data and server event logs, SNMP agents, and virtual media. AlterPath OnBoard User’s Guide...
Page 45: Native Management Applications
Accessing a Device’s Native Management Features Native Management Applications Native applications are proprietary service processor management applications provided by some server vendors, such as HP InSight Manager, IBM Director, and Dell Open Manage. Access to a native application usually requires the user to have the application installed on the user’s computer. Some management applications reside on the service processor itself.
Page 46: Tasks For Creating Secure Tunnels And Obtaining Native Ip Access
• “To Enable Native IP Access Through a PPTP VPN Tunnel” on page 94 • “To Access a Native Web Application When a VPN Tunnel Exists” on page 94 • “To Access a Native Management Application” on page AlterPath OnBoard User’s Guide...
Page 47: Information Users Need
Information Users Need Information Users Need Users need to obtain the following information from the OnBoard administrator. • The user’s name and password • The names of devices that the user is authorized to manage and the device management actions that the user is authorized to perform •...
Page 48: Figure 1-2: Example Graph For Readings From A Fan Sensor
Table P-2: Sensor Graph Parameters Allowed Field/Menu Default Values Specify a different number of rows. 1-55 y-Axis Boxes AlterPath OnBoard User’s Guide...
Page 49 Sensor Plotting Table P-2: Sensor Graph Parameters (Continued) Allowed Field/Menu Default Values Specify a different number of columns. 1-999 x-Axis Boxes Each graph cell represents the interval between readings. Specify a different minimum sensor value Varies with Varies with Min Y Value to be plotted on the x axis.
Page 50 • light gray • yellow Graph BG Color green cyan gray darkgray lightgray magenta orange pink white For procedures for monitoring sensors, see “To View a Server’s Sensor Data from a Service Processor [Web Manager]” on page 54. AlterPath OnBoard User’s Guide...
Page 51: Common Tasks For Device Management
Common Tasks for Device Management Common Tasks for Device Management The following table shows the tasks related to accessing and managing devices and lists the options the OnBoard user and administrator have for performing those tasks. Table P-3: Tasks for Managing Devices Task Options and Where Described Connect to a device’s console...
Page 52 See “Accessing the OnBoard Using SSH” on page 21. Using ssh on the command line with event log commands. See “Device Management Commands for Use With SSH” on page 21. AlterPath OnBoard User’s Guide...
Page 53 Common Tasks for Device Management Table P-3: Tasks for Managing Devices (Continued) Task Options and Where Described View server sensor data through the • Using the Web Manager server’s service processor See “To View a Server’s Sensor Data from a Service Processor [Web Manager]”...
Page 54 Common Tasks for Device Management AlterPath OnBoard User’s Guide...
Page 55: Chapter 2: Web Manager Introduction
Chapter 2 Web Manager Introduction This chapter describes how authorized users and administrative users use the Web Manager to access the OnBoard, to manage connected service processors and other devices, to manage power outlets on any connected AlterPath PM IPDUs, and to manage their own passwords. This chapter provides background information listed in the following table.
Page 56 To Enable Access to Native Features on a Device [Web Manager] Page 62 To Access the OnBoard’s Console [Web Manager] Page 64 To Manage Power Outlets on a Connected IPDU Page 68 To View IPDUs Information Page 71 To Change Your Password Page 72 AlterPath OnBoard User’s Guide...
Page 57: Prerequisites For Using The Web Manager
Web Manager. For accessing the Web Manager, you can use any type of modern computer that has access to the network where the AlterPath OnBoard is installed and any modern browser (such as Internet Explorer 5.5 or above, Netscape 6.0 or above, Mozilla, or Firefox) with a Java 2 plug-in.
Page 58: Requirements For Java Plug-In Availability
A line with an adjacent checkbox should appear with the wording “Use JRE 1.5.0_NN” as shown in the following figure. If the line appears and the checkbox is not checked, check the checkbox to register the plug-in with the browser. AlterPath OnBoard User’s Guide...
Page 59: To Install Jre2 Software And Register The Java Plug-In
Requirements for Java Plug-In Availability ii. If the line does not appear, install the JRE 2 software as described under “To Install JRE2 Software and Register the Java Plug-in” on page 39. 2. To check Netscape or Mozilla on Windows, do the following steps. −>...
Page 60 Go to the Control Panel on the start menu on the Windows computer. The Control Panel appears. b. If the Java Plug-in icon appears, click it. The Java Plug-in Control Panel appears. c. Click the Browser tab. The Browser form appears. AlterPath OnBoard User’s Guide...
Page 61 Requirements for Java Plug-In Availability d. Check a checkbox next to the name of each browser in which to enable the Java plug-in. e. Click “Apply.” 6. Verify that the browser is successfully registered with the browser by performing this procedure: “To Check Browsers for Java Plug-in Support”...
Page 62: Logging Into The Web Manager For Regular Users
Web Manager at the same time. OnBoard administrators can perform additional user and device configuration tasks through the Web Manager. See the AlterPath OnBoard Administrator’s Guide for details. The following figure shows the login screen for the Web Manager that appears when the OnBoard’s IP address is entered in a Microsoft Internet Explorer...
Page 63: To Log Into The Web Manager
Any number of regular users can connect to the Web Manager at the same time. See “Cyclades Web Manager” on page 23 for more about how to use the Web Manager and “Prerequisites for Using the Web Manager” on page 37 for the required browsers, preparation, and browser plug-ins needed for different types of access.
Page 64: Features Of Regular Users' Windows
Figure 2-2: User Options on the Web Manager A menu of options appears on the left. When you select an option, the fields, buttons, and menus that appear in the screen in the middle change according to which option is selected. AlterPath OnBoard User’s Guide...
Page 65: Web Manager Menu Options For Regular Users
“Access” tab. The “Access” tab is one of multiple tabs that are available on the Web Manager whenever an administrator logs in. Administrators can refer to the AlterPath OnBoard Administrator’s Guide for more details. Using the Devices Screen The Devices screen lists device groups and individual devices that are not in groups for every device the user is authorized to access.
Page 66: Figure 2-3: Devices Web Manager Screen
“Accessing a Service Processor’s Console” on page 47 Device Console “Accessing a Device’s Console” on page 48 Power “Viewing and Clearing Event Logs” on page 55 Reset “Running Reset on a Service Processor” on page 51 AlterPath OnBoard User’s Guide...
Page 67: Accessing A Service Processor's Console
Accessing a Service Processor’s Console Table 2-3: Management Features Accessed Through the Web Manager (Continued) Feature Where Described Sensors “Viewing Sensor Data” on page 51 Event Log “Viewing and Clearing Event Logs” on page 55 Native IP “Accessing Native Features on a Service Processor” on page 57 Accessing a Service Processor’s Console Clicking the “Service Processor Console”...
Page 68: Accessing A Device's Console
Java applet and creates a console connection with the device. The following figure shows an example terminal window with a connection to a device console on a Compaq Proliant server with an iLO type service processor. AlterPath OnBoard User’s Guide...
Page 69: Managing Power Through A Service Processor
Managing Power Through a Service Processor Figure 2-5: Device Console Example To Connect to a Device’s Console [Web Manager] 1. Bring up the Web Manager and log in. See “To Log Into the Web Manager” on page 43. 2. From the list of devices that displays on the “Devices” screen, click the “Device Console”...
Page 70: Figure 2-6: Power Web Manager Screen
“Power” link that is associated with the server whose power you want to manage. 3. To turn power on for the server, click the “Turn power on” button. 4. To turn power off for the server, click the “Turn power off” button. AlterPath OnBoard User’s Guide...
Page 71: Running Reset On A Service Processor
Running Reset on a Service Processor 5. To turn power off and then on for the server (to reboot the server), click the “Power cycle” button. 6. To check the power status of the server, click the “Check power status” button.
Page 72: Figure 2-8: Sensors Data Loading Message
Viewing Sensor Data Figure 2-8: Sensors Data Loading Message The following screen example shows the Sensors screen that displays unformatted data. AlterPath OnBoard User’s Guide...
Page 73: Figure 2-9: Example Of Unformatted Sensor Data
Viewing Sensor Data View sensor plotter button Figure 2-9: Example of Unformatted Sensor Data Clicking the “View sensor plotter” button shown in Figure 2-6 brings up a screen that allows you to view data from individual sensors on the server. The sensor plotter page is shown in the following screen example.
Page 74: Figure 2-10:Graph Example
A list of sensors appears on the left with the main graph area empty. 4. Click the radio button next to the name of the sensor you want to view. 5. Click the “Display Graph” button. AlterPath OnBoard User’s Guide...
Page 75: Viewing And Clearing Event Logs
Viewing and Clearing Event Logs A graph of data from the selected sensor displays in the default graph format. Viewing and Clearing Event Logs Clicking the “Event Log” button on the Devices screen displays the system event log (SEL) menu from the server where the service processor resides. Event messages are sent by the service processor when system management events are detected.
Page 76: Figure 2-11: Example Event Log Web Manager Screen
Clicking the “Clear event log” button clears the log. To View or Clear a Server’s Event Log Through a Service Processor [Web Manager] 1. Log into the Web Manager. See “To Log Into the Web Manager” on page 43, if needed. AlterPath OnBoard User’s Guide...
Page 77: Accessing Native Features On A Service Processor
Accessing Native Features on a Service Processor 2. From the list of devices that displays on the “Devices” screen, click the “Event log” link associated with the server whose power you want to manage. The Event log displays for your review. 3.
Page 78 The user then enters the PPTP IP address in a browser to bring up the Web Manager and enable Native IP access. See “Tasks for Creating Secure Tunnels and Obtaining Native IP Access” on page 26 for more details. AlterPath OnBoard User’s Guide...
Page 79 Accessing Native Features on a Service Processor As shown in the following screen example, the words Enable | Disabled appear appears next to the Native IP option if a VPN connection exists, with the Enable link active. Clicking the Enable link enables native IP and makes the Disable link active and the “Go to native web interface”...
Page 80: Figure 2-13:Example Hp Ilo Native Web Interface
You are running Windows NT on your remote computer. If you are running any other Windows operating system, follow these steps as an example. • The OnBoard administrator has done all of the following: • Authorized your OnBoard user account for PPTP access. AlterPath OnBoard User’s Guide...
Page 81 Accessing Native Features on a Service Processor • Provided you with the PPTP password if it is different from your OnBoard password. • Enabled the PPTP service. • Configured the OnBoard for VPN PPTP connections • Provided you with an IP address that was assigned while configuring VPN PPTP access on the OnBoard.
Page 82: To Enable Access To Native Features On A Device [Web Manager]
5. From the list of devices that displays on the “Devices” screen, click “Enable” next to the “Native IP” link for the device on which you want native IP access. The “Go to native web interface” link becomes active. AlterPath OnBoard User’s Guide...
Page 83: Accessing The Onboard Console [Web Manager]
Accessing the OnBoard Console [Web Manager] 6. Click the “Go to native web interface” link to launch a browser that brings up the native web application on the service processor. 7. From your local computer, launch a previously-installed service processor management application for the server, if desired.
Page 84: Figure 2-15: User Menu When Connected To The Onboard's
Figure 2-15:User Menu When Connected to the OnBoard’s Console For information about what the administrative user can do on the OnBoard console, see AlterPath OnBoard Administrator’s Guide. To Access the OnBoard’s Console [Web Manager] 1. Bring up the Web Manager and log in.
Page 85: Managing Power Outlets On A Connected Ipdu
Managing Power Outlets on a Connected IPDU 2. Click the “OnBoard” option in the left menu. A terminal window displays and establishes a console connection to the OnBoard. 3. Enter the password, if prompted. A menu of options displays for the regular user. For an administrative user a shell prompt appears.
Page 86: Using The Outlets Manager Tab To Turn Power On And Off And Check Power Status
IPDUs. Administrative users can additionally assign names and set the power up interval for outlets and can upgrade software on the IPDU as described in the AlterPath OnBoard Administrator’s Guide. The three tabs are listed below with links to where they are described: •...
Page 87: Figure 2-17: Ipdu Access Failed Message From "Outlets
Managing Power Outlets on a Connected IPDU Figure 2-17:IPDU Access Failed Message from “Outlets Manager” −> If a regular user clicks the “Outlets Manager” tab under Access IPDU, the screen displays a list of all the outlets the user is authorized to manage. If an −>...
Page 88: Figure 2-19:Outlets Manager Outlets State Close-Up
2. Click the “IPDU” option in the left menu. The IPDU screen displays with the “Outlets Manager” screen active. 3. To switch an outlet on or off, click the adjacent light bulb. 4. To lock or unlock an outlet, click the adjacent padlock. AlterPath OnBoard User’s Guide...
Page 89: Viewing Ipdu Information
Managing Power Outlets on a Connected IPDU 5. To momentarily power an outlet off and then on again, click the adjacent “Cycle” button. 6. To save the state of the outlet(s), click “Save Outlets State.” Viewing IPDU Information −> −> When a regular user or admin goes to Access IPDU View IPDU Info, a...
Page 90 Current level on the IPDU 1.7A Current Maximum current detected 2.5A Maximum Detected Temperature on the AlterPath PM (only available on 37.0° C Temperature selected models that have temperature sensors) Maximum temperature detected 37.0° C Maximum Detected AlterPath OnBoard User’s Guide...
Page 91: Using The "Software Upgrade" Screen To View The Ipdu's Current Software Version
Managing Power Outlets on a Connected IPDU The following three buttons are also displayed on the screen: • “Clear max detected current” • “Clear max detected temperature” To View IPDUs Information 1. Bring up the Web Manager and log in. See “To Log Into the Web Manager”...
Page 92: Configuring Your Password
2. Click the “Password” option in the left menu. The Password screen displays. 3. Enter the new password in the “Password” field. 4. Enter the password again in the “Retype password” field. 5. Click the “Set Password” button. AlterPath OnBoard User’s Guide...
Page 93: Chapter 3: Accessing The Onboard And Connected Devices
Chapter 3 Accessing the OnBoard and Connected Devices This chapter provides information about how authorized users and administrators can access the OnBoard and connected devices in the following ways: • Use the Web Manager or the ssh command to access the OnBoard’s console and use menu options to change passwords and perform device management actions •...
Page 94 To Enable Native IP Access Through a PPTP VPN Tunnel Page 94 To Access a Native Web Application When a VPN Tunnel Exists Page 94 To Access a Native Management Application Page 95 To Generate an OTP Password When Challenged at Dial-in Page 98 AlterPath OnBoard User’s Guide...
Page 95: Accessing The Onboard's Console
Accessing the OnBoard’s Console Accessing the OnBoard’s Console As described under “Accessing the OnBoard’s Console” on page 12, administrators and authorized users can access the OnBoard’s console through either of the following two ways: • Through a directly-connected terminal or computer that is running a terminal emulation program •...
Page 96: To Access The Onboard's Console
3. Log into the OnBoard when prompted. After authentication and login, for administrative users (root, admin, or additional users who are members of the admin group) a shell prompt appears. For authorized non-administrative users, the user shell menu appears. AlterPath OnBoard User’s Guide...
Page 97: Accessing Device Management Features From The Onboard's Console Menu
Accessing Device Management Features From the OnBoard’s Console Menu Accessing Device Management Features From the OnBoard’s Console Menu After logging in as described in “Accessing the OnBoard’s Console” on page 75, non-administrative users see a menu similar to the menu shown in the following screen example.
Page 98: Figure 3-2: Device Access Menu
After a device is selected, pressing the “Enter” or “Return” key brings up the list of actions the user is authorized to perform on the device. Not all listed actions are supported for all service processors. Figure 3-3 shows the service processor “action” menu for an rsa-type service processor. AlterPath OnBoard User’s Guide...
Page 99: Accessing The Console Of A Device Through The Onboard's Console Or By Using Ssh
Accessing the Console of a Device Through the OnBoard’s Console or By Using SSH rsa_au Access the service processor's console Access the device's console Manage power Reset Manage the event log Enable native IP Disable native IP Exit Back Figure 3-3: Service Processor Action Menu Accessing the Console of a Device Through the OnBoard’s Console or By Using SSH Any type of authorized user can access the console of a connected service...
Page 100: To Use A Ssh Command To Connect Directly To A Device's Or Service Processor's Console
2. To connect directly to a service processor’s console, use the ssh command with the spconsole command. The following screen example shows entering ssh with the username francisco and the IP address 192.168.44.111 with the spconsole command on the command line. % ssh -t francisco:rsa_au@192.168.44.111 spconsole AlterPath OnBoard User’s Guide...
Page 101: To Use Onboard's Console Menus To Access The Device Management Options
Accessing the Console of a Device Through the OnBoard’s Console or By Using SSH 3. When the login prompt appears, log into the console using the username and password configured for the device or service processor. Login: root Password: To Use OnBoard’s Console Menus to Access the Device Management Options 1.
Page 102: Creating An Ssh Tunnel
The feature works with SSH protocol v1 and v1. For additional clients, see http://www.openssh.com • PuTTY on Windows • OpenSSH on Linux Common port numbers are: • HTTP 80 • HTTPS 443 Our examples use port 443 for HTTPS. AlterPath OnBoard User’s Guide...
Page 103: To Use Openssh On Linux To Create An Ssh Tunnel
Creating an SSH Tunnel To Use OpenSSH on Linux to Create an SSH Tunnel Perform this procedure on a computer running Linux with OpenSSH installed to create an SSH tunnel to a device managed by the OnBoard. The command lines shown in this procedure forwards local TCP port 8080 on the SSH client to port 443 on the device whose IP address is 10.10.1.181.
Page 104 5. Enter the IP address or DNS name of the OnBoard in the “Host Name (or IP address)” field. This example uses “onboard.yahoo.com.” 6. Select SSH as the protocol. 7. Click Open. 8. Enter your username and password when prompted. AlterPath OnBoard User’s Guide...
Page 105: To Bring Up A Native Web Application When An Ssh Tunnel Exists
Creating an SSH Tunnel To Bring Up a Native Web Application When an SSH Tunnel Exists Do this procedure to bring up a native web application from a connected device after creating an SSH tunnel from your host to the OnBoard, as shown in the two examples: •...
Page 106: Creating A Vpn Tunnel
The following prerequisites must be complete: • The user on the remote workstation and the OnBoard administrator have configured VPN connection profiles from both sides to support the VPN connection. See “Creating a VPN Tunnel” on page 86 for more details. AlterPath OnBoard User’s Guide...
Page 107: Table 3-1: Tasks For Enabling And Using Native Ip Access Using
Creating a VPN Tunnel • The user has created a VPN tunnel between the user’s computer and the OnBoard. • The user has logged into the OnBoard, either through the Web Manager or through the command line, and has been authenticated. When all the above are true, an authorized user can enable native IP access in one of the following two ways: •...
Page 108: Routing Requirements For Vpn Connections
In addition, the user must manually create a static route after the PPTP connection is established to inform the workstation that the device to be contacted is at the other end of the point-to-point link. The route must include AlterPath OnBoard User’s Guide...
Page 109 Creating a VPN Tunnel the PPTP address assigned to the OnBoard, which the user can discover by running the ifconfig or ipconfig command. The following screen example shows the PPTP interface IP address output from the ipconfig command on an Windows NT operating system when PPTP has assigned an IP address of 192.168.2.1.
Page 110: Summary Of Vpn-Related Requirements For Native Ip Access
Access” on page 90 “VPN Through IPSec Connections” on page 91 “PPTP VPN Connections” on page 93 Create a VPN tunnel “To Create an IPSec VPN Tunnel” on page 92 “To Create a PPTP VPN Tunnel” on page 93 AlterPath OnBoard User’s Guide...
Page 111: Vpn Through Ipsec Connections
Creating a VPN Tunnel Table 3-2: Tasks for Enabling and Using Native IP Access Using VPN (Continued) Task Where Documented Enable Native IP access “To Enable Native IP Access Through an IPSec VPN Tunnel” on page 92 “To Enable Native IP Access Through a PPTP VPN Tunnel” on page 94 Access a native web “To Access a Native Web Application When a VPN Tunnel...
Page 112: To Create An Ipsec Vpn Tunnel
IP address configured for the private subnet where the device resides or a virtual IP address configured for the OnBoard.) 1. Create a VPN tunnel. See “To Create an IPSec VPN Tunnel” on page 92 or “To Create a PPTP VPN Tunnel” on page 93 if needed. AlterPath OnBoard User’s Guide...
Page 113: Pptp Vpn Connections
Creating a VPN Tunnel 2. To enable native IP access through a browser, do the following steps. a. Enter the private IP address or virtual IP address assigned to the OnBoard in a browser. b. Log into the OnBoard. c. Make sure “Devices” is selected in the Web Manager’s left menu. d.
Page 114: To Enable Native Ip Access Through A Pptp Vpn Tunnel
Native Web Application When an SSH Tunnel Exists” on page 85 when an SSH tunnel exists. Perform one of the following steps, according to which access method you wish to use. 1. To use the Web Manager to launch a native web application, perform the following steps. AlterPath OnBoard User’s Guide...
Page 115: To Access A Native Management Application
Creating a VPN Tunnel a. Enter the private or virtual IP address assigned to the OnBoard in a browser. b. Log into the OnBoard. c. Select the Access menu option. d. Click the “Go to native web interface” link on the Access Devices screen.
Page 116 Log into the service processor if prompted. v. Bring up the management application up from the service processor’s command line. Caution! When finished, always disable the native IP access before terminating the IPSec VPN connection. AlterPath OnBoard User’s Guide...
Page 117: Obtaining And Using One Time Passwords For Dial-Ins
Obtaining and Using One Time Passwords for Dial-ins Obtaining and Using One Time Passwords for Dial-ins This section is for users who are authorized to dial into the OnBoard through a external modem or a PCMCIA modem or phone card if the one time password (OTP) authentication method is configured for logins to that device.
Page 118: To Generate An Otp Password When Challenged At Dial-In
GOLD ARK FISH DOVE SON ZION. 3. Copy the OTP password to the window where the login program is waiting with the “Response” prompt. Response: GOLD ARK FISH DOVE SON ZION The sequence number is decremented in the opiekeys file. AlterPath OnBoard User’s Guide...
Page 119: Appendix A: Mindterm Applet Reference
MindTerm Applet Reference When a user connects to any console using the Web Manager, a window running a MindTerm applet appears with an encrypted SSH connection between the user’s computer and the console. MindTerm is an SSH client that includes an integrated xterm/vt100 terminal emulator and that runs as a Java applet within a browser window.
Page 120: Java Plug-In Requirements For Using Mindterm
“rdqailo.” The same terminal window appears whether the connection is being made to the console of an OnBoard, a service processor, a server, or another type of device. AlterPath OnBoard User’s Guide...
Page 121: Mindterm Terminal Menu Options
MindTerm Terminal Menu Options MindTerm home: C:\Documents and Settings\username\mindterm\ Figure A-1: Root Log into MindTerm Running an SSH Console Session MindTerm Terminal Menu Options As is shown in first line of the screen output shown in Figure A-1, you can bring up the terminal menu by pressing Ctrl and the third mouse button at the same time: “Ctrl+[mouse right click]”.
Page 122: Figure A-2: Terminal Menu
Send ASCII File Sends the contents of a selected file to the terminal as input, as if the contents were being typed on the keyboard. AlterPath OnBoard User’s Guide...
Page 123 MindTerm Terminal Menu Options Table A-1: Console Session Terminal Menu Options (Sheet 2 of 6) 1st-level Option 2nd-level Option Description Close (Ctrl+Shift+c) Closes the current window. Note: If you close a window without logging out, you abort the SSH connection abnormally. The recommended procedure is to log out in the shell before closing or exiting the MindTerm window.
Page 124 • Proxy type • Server • Port • Authentication • Username • Password Security • Protocol • Host key type • Cipher • Mac • Compression Features • X11 forward • Local display • Send keep-alive • Interval AlterPath OnBoard User’s Guide...
Page 125 MindTerm Terminal Menu Options Table A-1: Console Session Terminal Menu Options (Sheet 4 of 6) 1st-level Option 2nd-level Option Description Terminal (Ctrl+Shift+t) Displays a dialog box for setting Settings, terminal characteristics. Continued General: • Terminal type • Columns • Rows •...
Page 126 When this option is enabled [default], settings are saved automatically whenever you disconnect from a server or exit the terminal. When this option is disabled, you must explicitly save settings to a file in order to preserve them. AlterPath OnBoard User’s Guide...
Page 127 MindTerm Terminal Menu Options Table A-1: Console Session Terminal Menu Options (Sheet 6 of 6) 1st-level Option 2nd-level Option Description Setup Displays a dialog box listing any Tunnels previously configured tunnels. Clicking the Add button displays a dialog box for configuring a tunnel.
Page 128: Using Hot Keys During Console Sessions
Send character by octal code \too For example, to send a broadcast message, you would enter “Cntrl+e+c b” and to tell the applet to abort, you would enter “Cntrl+e+c Enter” on a Windows keyboard. To exit the session, press “Ctrl+_”. AlterPath OnBoard User’s Guide...
Page 129: Glossary
3DES encryption is one of the security features provided by Cyclades products to enable data center security policies. See also...
Page 130 An easy-to-remember, usually-short, usually-descriptive name used instead of a full name or IP address. For example, on some Cyclades products, port names contain numbers by default (as in Port_1) but the administrator can assign an alias (such as SunBladeFremont that describes which server is connected to the ports.
Page 131 Cyclades products to enable data center security policies. A user who is customers to enforce their authorized to access a device or software function is referred to as an authorized user. See also authentication and...
Page 132 A standard for twisted-pair Ethernet cables defined by the Electronic Industries Association and Telecommunications Industry Association (commonly known as EIA/TIA).The support for CAT5 and later cabling (such as CAT5e) in many Cyclades products allows the use of existing cabling in the data center. AlterPath OnBoard User’s Guide...
Page 133 Linux shell. Command line access is achieved through several different means. For one example, a remote administrator can use Telnet or SSH to access an AlterPath OnBoard and then can enter commands on the Linux shell's command line.
Page 134 CLI parameter tree Each version of the Cyclades CLI utility has a set of commands and parameters nested in the form of a tree. The CLI for the AlterPath OnBoard and other products use the Cyclades Application Configuration Protocol (CACP) daemon (cacpd). The cacpd uses the param.conf file, which defines a different CLI parameter tree for each product.
Page 135 PPP, along with a modem, and a telephone line, which is supported on many Cyclades products. After the administrator of the Cyclades product has connected a modem from the Cyclades product to a live telephone line and made the phone number available, a remote authorized user can use the phone number to dial into the Cyclades product and access connected devices.
Page 136 DNS (domain name service or system) A service that translates domain names (such as cyclades.com) to network IP addresses (192.168.00.0) and that translates host names (such as “onboard”) to host IP addresses (192.168.44.11). To enable the use of this service, administrators need to configure one or more DNS servers when configuring AlterPath devices.
Page 137 SSH usually encrypts data using 3DES or better algorithms. Encryption is one of the security features provided on Cyclades products to enable customers to authentication enforce their data center security policies. See also authorization.
Page 138 A script written using expect, a scripting language based on Tcl, the Tool Command Language. Can be written to perform automation and testing operations that are not possible with other scripting languages. Cyclades uses expect scripts in some of its AlterPath products, and users can customize some of the default expect scripts.
Page 139 HTTP (hypertext transfer protocol) Protocol defining the rules for communication between Web servers and browser across the Internet. HTTPS (secure HTTP over SSL) Protocol enabling the secure transmission of Web pages by encrypting data using SSL encryption. URLs that require an SSL connection start with https.
Page 140 IPDU (intelligent power distribution unit) A device with multiple power inlets into which IIT assets can be plugged for remote power management. Cyclades supports a family of AlterPath PM IPDUs that can be remotely managed when they are connected to AlterPath devices, such as the AlterPath KVM/net or AlterPath OnBoard.
Page 141 KVM analog switch A KVM switch that requires a local user connection before a user can gain access to any servers that are connected to the switch. Cyclades AlterPath KVM analog switches are one component of the out-of-band infrastructure. KVM over IP switch...
Page 142 Cyclades AlterPath KVM analog switches are one component of the out-of- band infrastructure. LDAP (lightweight directory access protocol) A directory service protocol used for authentication. One of many standard authentication protocols supported on Cyclades devices. MAC address Also called the Ethernet address. A number that uniquely identifies a computer that has an Ethernet interface.
Page 143 Network address translation, an Internet standard that enables the use of one set of IP addresses for internal traffic and another set of IP addresses for traffic over the public network. The AlterPath OnBoard uses NAT to allow access to service processors and managed devices while not revealing their Ethernet addresses.
Page 144 Tests address heat release, surface temperature, fire AlterPath OnBoard User’s Guide...
Page 145 The OID naming scheme is governed by the IETF, which grants authority for parts of the OID name space to individual organizations. Cyclades has the authority to assign OIDs that can be derived by branching downward from the node in the MIB name tree that starts at 1.3.6.1.4.1.4413.
Page 146 Allows administrators to remotely connect to disconnected IT assets and to quickly return them to normal operation. Cyclades AlterPath products are designed as building blocks for an OOBI, including AlterPath ACS console servers, AlterPath KVM and KVM over P...
Page 147 PPP (point to point protocol) A method that creates a connection between a remote computer and a Cyclades device and enables a remote user access using the Web Manager or the command line. Supports the use of the PAP, SPAP, CHAP, MS-CHAP, and EAP authentication methods.
Page 148 30 minutes of power to RSC in case of a power failure. secure rack management (See SRM) security features Cyclades products provide security features, including encryption, data authentication, and authorization, to enable customers to enforce their AlterPath OnBoard User’s Guide...
Page 149 OnSite as admin and is in the /home/admin directory. Users tell the operating system to perform actions by typing commands in the shell, which interprets the commands and performs the specified actions. See also command line interface. The AlterPath OnBoard has two user shells: onbdshell and rmenush. Glossary...
Page 150 SNMP agent software send data from management information bases (MIBs) to the SNMP manager software. On certain Cyclades devices, administrators can enable SNMP to allow a remote administrator to manage the device and can configure the device to send alerts about events of interest. Before enabling SNMP, the administrator needs the following information: The contact person (administrator) of the AlterPath device;...
Page 151 Physically consolidates and logically secures the Ethernet connections between the AlterPath OnBoard and the connected service processors. By providing IP consolidation, SRM substantially lowers the cost and complexity of deploying service processors. SRM also lowers the security risks of using service...
Page 152 Unlike telnet, ftp, and the remsh programs, SSH encrypts everything it sends over the network. Many Cyclades products support SSH version 1 and SSH version 2. Since SSH1 and SSH2 are entirely different, incompatible protocols, it is...
Page 153 An operation started by an SNMP agent in response to an event of interest on a managed-object in a device, which sends an alert to the SNMP manager. The administrator of certain Cyclades device can configure which types of events generate trap messages and trap destinations. Also known as SNMP messages or as “PDUs”—protocol data units.
Page 154 AlterPath OnBoard User’s Guide...
Page 155: Index
Index 23, 42 accessing the Web Manager onbdshell list of devices responsibilities and default password AC devices autodetect Add and route IPSec VPN option modem and phone card configuration 6, 37 admin user option capabilities AUX ports administrative users with IPDUs connected accessing the OnBoard authorizations defined...
Page 156 10, 14, 21 actions enabling in a security profile 11, 20 commands 1, 6, 7, 8, 14 devices defined access control GSM PCMCIA card accessing list for authorized users list in onbdshell menu AlterPath OnBoard User’s Guide...
Page 157 tunnel, tasks for creating host route xviii hot keys, conventions for HP iLO Java 9, 27, 42 HTTP installing the JRE2 software and port number to access registering the plug-in 4, 9, 42 HTTPS Java plug-in port number to access required for MindTerm IBM RSA II keys...
Page 158 SSH tunnel passwords options authentication procedure for accessing through an SSH changing tunnel for Web Manager logins tasks for accessing managing through OnBoard native_ip_off device management user shell Change Password option command AlterPath OnBoard User’s Guide...
Page 159 PCMCIA cards private subnets modem for OnBoard access configuring PPTP VPN to communicate supported for dial-ins with more than one phone cards configuring VPN connections to access plug-in, Java. to register port numbers routing to common for accessing services on proxied communications devices public network...
Page 160 MindTerm xviii typographical conventions requirement for managed devices service controlled by security profiles SSH clients accessing OnBoard’s console username for authentication connecting to OnBoard users for different platforms types and authorizations, defined ssh command account types AlterPath OnBoard User’s Guide...
Page 161 accounts device management features available 23, 42 authorized through default shell prerequisites for using information they need regular users table of types, responsibilities, and features default passwords option for accessing OnBoard, /usr/bin/onbdshell shell connected devices and power 6, 23, 42 /usr/bin/rmenush login shell who can access introduction...
Page 162 AlterPath OnBoard User’s Guide...

Cyclades AlterPath OnBoard User Manual

Before You Begin

Table P-1: Document Organization

Table P-2: Related Documentation

Table P-3: Typographic Conventions

Table P-4: Other Terms and Conventions

Chapter 1: Introduction

Figure 1-1: Secure Path to a Connected Service Processor

Table 1-1: Access-Related Security Features

Table 1-2: User Types, Responsibilities, and Default Password

Table 1-3: Services and Other Functions Controlled by Security

Table P-2: Console Login Types

Table P-3: User Shell Default Menu Options

Table 1-1: Options and Command Names for Device Management

Table P-2: Possible Power Management Command Effects

Table 1-1: Supported Device Types and Management Features

Table 1-2: Tasks for Creating Tunnels and Obtaining Native IP Access

Figure 1-2: Example Graph for Readings from a Fan Sensor

Table P-2: Sensor Graph Parameters

Table P-3: Tasks for Managing Devices

Chapter 2: Web Manager Introduction

Table 2-1: Supported Browser and JRE Versions

Figure 2-1: Web Manager Login Screen

Figure 2-2: User Options on the Web Manager

Figure 2-6: Power Web Manager Screen

Figure 2-19:Outlets Manager Outlets State Close-Up

Chapter 3: Accessing the Onboard and Connected Devices

Figure 3-1: User Shell Menu

Appendix A: Mindterm Applet Reference

Figure A-1: Root Log into Mindterm Running an SSH Console Session

Figure A-2: Terminal Menu

Table A-1: Console Session Terminal Menu Options

Table A-2: Hot Keys Available During Console Sessions

Glossary

Index

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Cyclades AlterPath OnBoard

Summary of Contents for Cyclades AlterPath OnBoard

Table of Contents