Raritan Computer CCA-0N-V5.1-E User's Manual
Contents
1. Raritan Chapter 15 Advanced Administration If one or more CC SG units cannot be found a message appears and these CC SG units will be highlighted in yellow in the table Remove these units or modify their IP addresses or hostnames and click Next again 7 CC SG displays a list of CC SG units along with their firmware version and state in the Neighborhood Configuration table Note The CC SG units which do not meet the Neighborhood criteria see What is a Neighborhood on page 262 are automatically deactivated 8 Adjust the Neighborhood configurations if necessary Optional To change any CC SG s Secure Gateway Name click the name type a new one and press Enter The default is a short CC SG hostname The name is what Access Client users will see when switching among the Neighborhood members so each name must be unique To deactivate any CC SG unit deselect the Activate checkbox next to that unit Deactivated CC SG units operate as standalone units and do not show up as one of the Neighborhood members to Access Client users Click the column header to sort the table by that attribute in ascending order Click the header again to sort the table in descending order 9 To return to previous screen click Back and repeat prior steps Optional 10 Click Finish Note Raritan recommends that you should 1 Configure the same Restricted Service Agreement setting and text for all Neighborhood members See2. ccccccceeceeeseeeeeeeceeeeeeaeeeeneeeennees 237 Configuring Applications for Accessing Nodes cccccscceeeesteeeeenees 238 Configuring Default Applications ccccccceeeeeeseeeeeeeeseeeeeseaeeeeneeeennees 240 Managing Device FINnMWAal ciscccccctecccecets esesssccdensssececeesssceneesse darsin 241 Configuring the CC SG Network c ccccccceeeeeceeseeeeeeeeceeeeeeaeeeeneeeeenees 242 Configuring Logging ACUVIty isisisi inienn 248 Configuring the CC SG Server Time and Date 0 ccceeceecseeeeeenees 249 Connection Modes Direct and PrOoxy ccccccceeeseeeeeeeeeeeeeeeaeeeeeeeeeenees 250 Device SeuiNOS i icviuvinent sedi mien ne healed 251 Configuring Custom JRE Setting ccccceseeeseeeeeeeeceeeeeeeeeeseeeeeeenees 254 Go tig ring SNMP wicsta cctv ccseevsdcereentacivasdvatecsevied a aa 255 Configuring CC SGCIUStETS oioneianicnonesii ianen agiia 256 CGontig ring aiNGighbornOO dent se ccs secieancvateceesied ciantietevetasteceat ndctiviedede 262 Securty MANAGER wesicsienesetivacsecvvreveyssacteasdeadevabsteeeshaad heretestcceantand ceive debe 266 Notitication Manag sosisini ERRE 277 TASK MAM AQ O a E N 278 SSH ACCESS 10 CO SG reidai etana i E EEA E 285 Seral ACMA POM setadi a a a 293 Web Services API ssicsctetevte dean atevets ea ia 294 CC NOCG ripe Per err E A E E a rerer ere 295 Configuring a Message of the Day Z Raritan The Message of the Day allows you to provide a message for a
3. Raritan Chapter 12 Remote Authentication 5 Type a name for the AD server in the Module name field The maximum number of characters is 31 All printable characters may be used The module name is optional and is specified only to distinguish this AD server module from any others that you configure in CC SG The name is not connected to the actual AD server name 6 Click Next to proceed The General tab opens AD General Settings In the General tab you must add the information that allows CC SG to query the AD server Do not add duplicate AD modules If your users see a message that says You are not a member of any group when attempting to login you may have configured duplicate AD modules Check the modules you have configured to see if they describe overlapping domain areas ik Type the AD domain you want to query in the Domain field For example if the AD domain is installed in the xyz com domain type xyz com in the Domain field CC SG and the AD server you want to query must be configured either on the same domain or on different domains that trust each other Note CC SG will query all known domain controllers for the domain specified Type the IP addresses of the Primary and Secondary DNS servers in the Primary DNS Server IP Address and Secondary DNS Server IP Address fields respectively or select the Use default CC SG DNS checkbox to use the DNS configured in the Configuration Manager secti
4. cccceeceeeeeeeeeeeeeeeeeeeeaeeeeeeeeee 77 Upgrading a Device vic cccissccndescscbenecsgcberssinectidesteoestatt costadin EE REEERE 82 Backing Up a Device Configuration cccccccceeeeseeeeeeeseteeeeeaeeeeneeeeaes 83 Restoring Device Configurations siisii 84 Copying Device Configuration scccissieccdecnetecetvincndeaciaseteuesscndeteine antes cavene 87 Restarting a Device so ssf cvssigenneveteis crtaceeneveatis Atiieanier elie aad 88 Pinging THE DEVICE sci acncsencs sects ences seeectenieeans cetsewodetinn aadteeere anne 88 Pausing CC SG s Management of a Device cceceeseeeeesteeeeeesteeeeeeee 88 Resuming Management of a Device eeececeeeeecceeeeeeceeeeeeeeceeteeeeeenenees 89 Pause and Resume Management of Devices Using a Scheduled Task 89 Device Power Manager sists svete civeteeyiedtacennseteen desieenedeed ERER 90 Launching a Device s Administrative Page ccceeseeeeeeteeeeeeneeees 90 DISCONNECIING USE Sessan n Aandi cern eee 91 Special Access to Paragon II System DeVICES cecseeeeeeesteeeeeeeees 91 47 48 Chapter 6 Devices Device Groups and Ports Viewing Devices The Devices Tab Click the Devices tab to display all devices under CC SG management Nodes Users Devices B kenny KSx440 Admin Kenny KSX440 Power Supply QI KVM Target 1 G3 KVM Target 2 Gd KVM Target 4 8 F PowerPort NinaPowerStrip 6 Dutlet_1 E Outlet_2 6 Outlet_3 E Outlet_4 Outl
5. cceeeeeteceeeenteeeeeeaeeeseeaeeeeeenaeeeeeeaeeeeneaas 241 Set the Default Application for an Interface or Port TyP cccccesceeeeeeseeeeessteeeeneeeeees 241 Managing Device Firmware is iccceis icckeist certs eectibintdanecheeens sdekesdedechdiay ined di dokedegledesesdecedestion 241 Upload FiritWateecccsiccsceiistece serrin cheitacecceidledeonitelachvivc et gecdsstncceedaslananted cestadin EE RAEE i 241 Delete FIN Ware sireenin aereas dreara EEn Aa AENEA EEEN AEEA RENEA ENERE EEEE 242 Gontiguring the CC SG NetWork scia ead a aaa a ad aE ieee 242 About Network Setup siiis aa a leds E aa aae 242 About CC SG LAN POMS misian aaa aE edd 242 Whatis IP Failover Mode cinnin aana a A Ea A ak 243 Whats IP Isolation ModE Zasu naaa aa 246 Recommended DHCP Configurations for CC SG eesseesseesseeseessessseessnessnnssnnesnnesnnens 248 Configuring Logging ACKIVITY usensu aa ada ade aaa aaae 248 Purge GG SG S Internal 100 iiceestcstesacccceusis sevens tects tedeeetas ana a E aaae 249 Configuring the CC SG Server Time and Date ssssnsiisrscsrisirinerrdiriarriddsineriidsiaraidiskaniddnnianiiaas 249 Connection Modes Direct and Proxy 2 scisascasiectvin veces na centian dene diaa 250 AbDout Gomnection MOOS sscs cives faced aneian eaa aE eens tenascin 250 Configure Direct Mode for All Client Connections ccceeeceeseeeeeeeeteeeeeseeeeseaeeseneeeeaees 251 Configure Proxy Mode for All Client Connections cceecceceeeceeeeecee
6. gt To clear the default message and minimum JRE version 1 Choose Administration gt Configuration Click the Custom JRE tab 2 Click Clear Simple Network Management Protocol allows CC SG to push SNMP traps event notifications to an existing SNMP manager on the network You should be trained in handling SNMP infrastructure to configure CC SG to work with SNMP CC SG also supports SNMP GET SET operations with third party solutions such as HP OpenView To support the operations you must provide SNMP agent identifier information such as these MIB II System Group objects sysContact sysName and sysLocation These identifiers provide contact administrative and location information regarding the managed node See RFC 1213 for details gt To configure SNMP in CC SG 1 Choose Administration gt Configuration Click the SNMP tab 2 3 Select the Enable SNMP Daemon checkbox to enable SNMP operations 4 To identify the SNMP agent running on CC SG to a third party enterprise Management Solutions provide agent information under Agent Configuration Type a Port for the agent default is 161 Type a Read Only Community string default is public and Read Write Community string default is private Multiple community strings are allowed separate them with a comma Type a System Contact System Name and System Location to provide information regarding the managed node Click Update Agent Configuration to save your changes
7. 2 The Host ID of the CommandCenter Secure Gateway unit you are logged into displays in the License Management page You can copy and paste the Host ID For virtual CC SG the Host ID displays in the License Summary section after you have installed the license server The License Manager page is slightly different for physical and virtual appliances Raritan Chapter 3 Getting Started 3 Check the number of nodes in your database on this page You can determine how many more nodes you can add up to your licensed limit License Manager E x The License Manager allows you to add and remove licenses check out and check in features required for operation of CommandCenter Secure Gateway Ensure that you have added and checked out the necessary base and add on licenses for the CC SG appliance for Additional Nodes Interfaces and services nms CC SG Host ID 7EC869EC 2BB3 9395 F32C S4B05936BB95 License Summary NOT SERVED CCSG 57 238 raritan com 7EC869EC 2BB3 9395 F32C 54B05986BB95 Operational 433 of 384 Licensed Nodes Currently in Database PAN anh tan nnn nnn agpantin nee Mee tines sap T a OY ae PE CTT ee ee a ZE Raritan Chapter 3 Getting Started Licensing New Customers Physical Appliance If you are a new customer who has just purchased a physical CC SG 5 0 appliance follow these instructions to ensure that you have valid licenses installed and activated g
8. 5 Type anode name in the Node Name field to create a new node with an Out of Band interface from this port For ease of use name the node after the target that is connected to the port This means that you will type the same name in the Port name and Node Name fields 6 Click the Access Application drop down menu and select the application you want to use when you connect to this port from the list To allow CC SG to automatically select the correct application based on your browser select Auto Detect 7 Click OK to add the port Nodes Created by Configuring Ports When you configure the ports of a device a node is created automatically for each port An interface is also created for each node When a node is automatically created it is given the same name as the port to which it is associated If this node name already exists an extension is added to the node name For example Channel1 1 The extension is the number in parentheses This extension is not included as part of the character count for the node name If you edit the node name the new name will be restricted to the maximum number of characters See Naming Conventions on page 389 Editing a Port You can edit ports to change various parameters such as port name access application and serial port settings The changes you can make vary based on port type and device type Note You can also edit Dominion KX2 port settings by using Launch Admin and using t
9. 8 Repeat these steps for the second network interface if you selected IP Isolation Mode 9 Click Save CC SG will restart logging out all CC SG GUI users and terminating their sessions A Warning screen will appear informing you of the impending network reconfiguration and associated CC SG GUI user impact Select lt YES gt to proceed System progress can be monitored in a Diagnostic Console Status Screen On the KVM port another terminal session can be selected by pressing Alt F2 and logging in as status Return to the original terminal session by pressing Alt F1 There are six available terminal sessions on F1 through F6 Ping an IP Address Use ping to check that the connection between CC SG computer and a particular IP address is working correctly Note Some sites explicitly block ping requests Verify that the target and intervening network allow pings if a ping is unsuccessful 1 Choose Operation gt Network Interfaces gt Ping 2 Enter the IP address or hostname if DNS is appropriately configured on the CC SG of the target you want to check in the Ping Target field 3 Select Optional Option Description Show other received ICMP Verbose output which lists other received packets ICMP packets in addition to ECHO_RESPONSE packets Rarely seen No DNS Resolution Does not resolve addresses to host names Raritan Raritan 6 Chapter 16 Diagnostic Console Option Description
10. Indicates a character in range Indicates zero or more characters Wildcard Examples Example Description KX Locates KX1 and KXZ but not KX1Z KX Locates KX1 KX KX1 and KX1Z KX 0 9 0 9 T Locates KX95T KX66T but not KXZ and KX5PT lt Raritan Chapter 6 Devices Device Groups and Ports Discovering Devices Z Raritan Discover Devices initiates a search for all devices on your network After discovering the devices you may add them to CC SG if they are not already managed gt To discover devices 1 Choose Devices gt Discover Devices 2 Type the range of IP addresses where you expect to find the devices in the From Address and To Address fields The To Address should be larger than the From Address Specify a mask to apply to the range If a mask is not specified then a broadcast address of 255 255 255 255 is sent which broadcasts to all local networks To discover devices across subnets you must specify a mask 3 Check Broadcast discovery if searching for devices on the same subnet on which CC SG resides Clear Broadcast Discovery to discover devices across different subnets 4 To search for a particular type of device select it in the list of Device types By default all device types are selected Use CTRL click to select more than one device type 5 Select the Include IPMI Agents checkbox to find targets that provide IPMI power control 6 Click Discover to start the s
11. Optional gt To add a DRAC KVM DRAC Power ILO KVM ILO Power Integrity ILO2 Power or RSA Power interface to the CSV file When importing DRAC ILO and RSA interfaces you must specify both the KVM interface and the Power interface or the import will fail Column number 1 O oa A O Tag or value ADD NODE DRAC KVM INTERFAC E for DRAC KVM interfaces NODE DRAC POWER INTEREF ACE for DRAC Power interfaces NODE ILO KVM INTERFACE for iLO KVM interfaces NODE ILO POWER INTERFA CE for iLO Power interfaces NODE INT ILO2 POWER IN TERFACE for Integrity ILO2 Power interfaces NODE RSA POWER INTERFA CE for RSA Power interfaces Node Name Interface Name IP Address or Hostname Service Account Name Details The first column for all tags is the command ADD Enter the tag as shown Tags are not case sensitive Required field Required field Required field You must enter either a service account or a username and password Leave blank if specifying username and password 143 144 Chapter 8 Nodes Node Groups and Interfaces Column Tag or value number 7 Username 8 Password 9 Description 10 TCP Port Details You must enter either a service account or a username and password Leave blank if specifying service account You must enter either a service account or a username and password
12. Telephone Number and Cell Phone Maximum 32 characters Click OK to save your changes Deleting a Device You can delete a device to remove it from CC SG management Important Deleting a device will remove all ports configured for that device All interfaces associated with those ports will be removed from the nodes If no other interface exists for these nodes the nodes will also be removed from CC SG gt 1 Raritan To delete a device Click the Devices tab and select the device you want to delete Choose Devices gt Device Manager gt Delete Device Click OK to delete the device A message appears when the device has been deleted 59 60 Chapter 6 Devices Device Groups and Ports Configuring Ports If all ports of a device were not automatically added by selecting Configure all ports when you added the device use the Configure Ports screen to add individual ports or a set of ports on the device to CC SG Once you configure ports a node is created in CC SG for each port and the default interface is also created See Nodes Created by Configuring Ports on page 61 Configure a Serial Port gt 1 2 To configure a serial port Click the Devices tab and select a serial device Choose Devices gt Port Manager gt Configure Ports Click a column header to sort the ports by that attribute in ascending order Click the header again to sort the ports in descending order Click the C
13. You may have problems using the escape character in the Linux terminal or client Raritan recommends that you define a new escape character when establishing a port connection The command is connect e lt escape char gt port id For example to define m as the escape character when connecting to the port with id 2360 type connect e m 2360 Create an SSH Connection to a Serial Enabled Device You can create an SSH connection to a serial enabled device to perform administrative operations on the device Once connected the administrative commands supported by the serial enabled device are available Note Before you connect ensure that the serial enabled device has been added to the CC SG 1 Type listdevices to ensure the serial enabled device has been added to CC SG 192 168 51 124 PuTTY ominion ominion eric Raritan i j i Raritan Chapter 15 Advanced Administration 2 Connect to the device by typing ssh id lt device id gt Using the figure above as an example you can connect to SX 229 by typing ssh id 1370 92 168 51 124 PuTTY ccRoot ssh id 1370 Authentic p for all commands vG550 Command gt Use SSH to Connect to a Node via a Serial Out of Band Interface You can use SSH to connect to a node through its associated serial out of band interface The SSH connection is in proxy mode 1 Type listinterfaces to view the node ids and associated
14. Chapter 8 Nodes Node Groups and Interfaces Nodes CSV File Requirements The nodes CSV file defines the nodes interfaces and their details required to add them to CC SG e Node names must be unique If you enter duplicate node names CC SG adds a number in parentheses to the name to make it unique and adds the node If you are also assigning categories and elements to nodes in the CSV file and you have duplicate node names categories and elements may be assigned to the wrong nodes To prevent this give each node a unique name Or import nodes first check their names in CC SG and then import a separate file to assign categories and elements to the correct node names e To add out of band interfaces the associated port must not be configured in CC SG e You cannot import virtual infrastructure nodes and interfaces Use the options in Nodes gt Virtualization e The first interface in the CSV file after the ADD NODE command is assigned as the node s default interface e Export a file from CC SG to view the Comments which include all tags and parameters needed to create a valid CSV file See Export Nodes on page 149 e Follow the additional requirements for all CSV files See Common CSV File Requirements on page 369 gt To add anode to the CSV file Column Tag or value Details number 1 ADD The first column for all tags is the command ADD 2 NODE Enter the tag as shown Tags are not case sensitive
15. Importing and Exporting Dominion PX Data from Power IQ You must have the CC Setup and Control and Device Port and Node Management privileges to import and export Dominion PX data from Power IQ G Z Raritan Raritan Chapter 17 Power IQ Integration Import Power Strips from Power IQ You can import Dominion PX devices and their outlet names from Power IQ If the Dominion PX devices are already managed by CC SG you must delete them first The import adds the Dominion PX devices and configures and names the outlets specified in the CSV file Non Dominion PX devices and outlets in the CSV file are ignored during import You can use the Power IQ Service to create nodes for Power IQ IT devices attached to Dominion PX devices and other vendors power strips that cannot be imported from Power IQ See Power Control of Power IQ IT Devices on page 337 gt Step 1 Export a CSV file from Power IQ 1 Login to Power IQ and go to the Dashboard Click Outlet Naming 2 3 Next to the Import click the link to export a CSV file of the current outlet names 4 Open or save the file The file contains all the outlets in Power IQ gt Step 2 Edit the CSV file 1 Edit the exported CSV file 2 Delete the column with the PX Name You ll add a row with a command to add each PX device later 3 Insert 2 columns in the beginning of all rows a Incolumn 1 enter the command ADD b In column 2 enter the tag OU
16. Select the Enable SNMP Traps checkbox to enable sending SNMP traps from CC SG to a SNMP host 7 Type the Trap Destination Host IP address and Port number used by SNMP hosts in the Trap Destinations section Default port is 162 8 Type the Community string and Version v1 or v2 used by SNMP hosts in the Trap Destinations section 255 Chapter 15 Advanced Administration 9 Select the checkboxes before the traps you want CC SG to push to your SNMP hosts Under Trap Sources a list of SNMP traps grouped into two different categories System Log traps which include notifications for the status of the CC unit itself such as a hard disk failure and Application Log traps for notifications generated by events in the CC application such as modifications to a user account To enable traps by type select the boxes marked System Log and Application Log Individual traps can be enabled or disabled by selecting their checkboxes Use the checkbox inside the Selected column header to enable all traps or deselect all checkboxes Refer to the MIB files for the list of SNMP traps that are provided See MIB Files for details 10 Click Add to add this destination host to the list of configured hosts There is no limit to the number of managers that can be set in this list 11 Click Update Trap Configuration to save your changes MIB Files Because CC SG pushes its own set of Raritan traps you must update all SNMP managers with a custom
17. The following two factor authentication components are known to work with CC SG e RSA RADIUS Server 6 1 on Windows Server 2003 e RSA Authentication Manager 6 1 on Windows Server 2003 e RSA Secure ID SID700 hardware token Earlier RSA product versions should also work with CC SG but they have not been verified Two Factor Authentication Setup Requirements The following tasks must be completed for two factor authentication setup Consult the RSA documentation 1 Import tokens Create a CC SG user and assign a token to the user Generate a user password Create an agent host for the RADIUS server Create an agent host type Communication Server for CC SG Create a RADIUS CC SG client Par woON Two Factor Authentication Known Issues The RSA RADIUS New PIN mode that requires a challenge password PIN will not work Instead all users in this scheme must be assigned fixed passwords Raritan Appendix General FAQs Question General What is CC SG FAQs In This Chapter Generali FAQS eonenna nterna haaat iia iiih 380 Authentication FAQ Sinningia aaaeei 382 Sec rity FAQS aeron eeen e eE a an ara Ea aaran 383 Accounting FAQS knina aa aa E a AE 384 Performance FAQS inanan aa a aaa eaa 384 Grouping FAQS Aasin oann a a a ania 385 Interoperability FAQS niiina aaaea 386 Authorization FAQS srren daie doana 386 User Experience FAQS viii egaa aE aaa A aR 386 Licensing FAQS sosisini tani i E Aa a 387 Ans
18. cceeeccceecceceeeeeeseeeeeneeceeeeeeeaeeeeaaeesenees 190 Editing an AD MOdUI6s iicts cctetezccscctiseectitsteebacsieeteedise nan 195 Importing AD User Groups oireisiin tintaina 195 synchronizing AD with CC SG 2 aicauindeniniieniieiainninineies 197 Renaming and Moving AD Group cceecceceeeeeeeeeeeeeseteeestaeeseneeenaes 201 About LDAP atid CG SGi narining aa ea 201 Add an LDAP Netscape Module to CC SG cccccecsseeeeeeesteeeeeees 201 About TACAGS and CG SGias svete secssstes cccetstedcgaasiedeneteveeceantandctiviedede 205 Adda TAGAGS Module isisccusctosecets ce ctancendecttateceshad indenters eiea 205 About RADIUS and GG S Girsan aada i a 206 Adda RADIUS MOQUE nsnossinr adaa a aai 206 Authentication and Authorization AA Overview Raritan Users of CC SG can be locally authenticated and authorized on the CC SG or remotely authenticated using the following supported directory servers e Microsoft Active Directory AD e Netscape s Lightweight Directory Access Protocol LDAP e TACACS e RADIUS Any number of remote servers can be used for external authentication For example you could configure three AD servers two iPlanet LDAP servers and three RADIUS servers Only AD can be used for remote authorization of users LDAP implementations use LDAP v3 Flow for Authentication When remote authentication is enabled authentication and authorization follow these steps 1 The user logs
19. 2 Specify the IP address or IP hostname if CC SG has been registered with a DNS server of the CC SG 3 Specify 23 for the port Default SSH port is 22 If you do not change the port to 23 the SSH client accesses the command line interface of CC SG not the Diagnostic Console 4 Click the button that allows you to connect A window opens prompting you for a login 296 Status Console Raritan Chapter 16 Diagnostic Console About Status Console e You can use the Status Console to check the health of CC SG the various services CC SG uses and the attached network e By default Status Console does not require a password e You can configure CC SG to provide the Status Console information over a Web interface You must enable the Web Status Console related options See Access Status Console via Web Browser on page 297 The Status Console information over the Web can be protected with an account and password Access Status Console There are different ways to view the Status Console information VGA keyboard mouse port SSH or web browser Access Status Console via VGA Keyboard Mouse Port or SSH gt To access Status Console via VGA Keyboard Mouse Port or SSH 1 Access the Diagnostic Console See Accessing Diagnostic Console on page 296 At the login prompt type status The current system information appears Access Status Console via Web Browser To retrieve the Status Console informati
20. AD Adv nced Setting Sonsarnneiannn ana aae AEN AE Ea 192 AD GFW SEINI Siasau aA en ce tee AEE EE ance ete ane 193 ADUS SUNOS oe css sec EEEE EOE eect E E a A EE 194 Editingcan AD MOGUIC i scccinceceiesveccetrseeeretesseeneerindecehy seenehe endear ante ete ents ene anes 195 Importing AD WS6r Groups spriocanna ae d EE E TEREE 195 Synchronizing AD with CCS Garasanina eda gaa E E aE ea ahaaa aaa i a daa 197 Synchronize All User Groups With AD viii ccceceascestssnccses sre cedeenaaceeeare neue teenecdeaceaeesiies Aaa 198 synchronize AWADMOQUIE Sessiounen a aaa aia ad a 199 Enable or Disable Daily Synchronization of All AD MOduleS ccceeeeeseeeeseeeeeeeees 199 Change the Daily AD Synchronization Time 0 ccccceesceceeeceeeeeeeeeeeeeeeeeseaeeeeaeeseneeesaees 200 Renaming and Moving AD Group ccccceeeeeeeeeeeeeaeeeeaee scenes caeeeeaaeeeeaeeseeeeeseaeeesaeeeeeeeeeeeees 201 About LDAP and CC SGiacec sec cestes tase sale eis intecgne sa sa deeuacas age sagacdve iad decessalneasebstenedeetdedb ead ceredeaudeed 201 Add an LDAP Netscape Module to CC SG eccccceccceceeeeeeeeeeeeeeeceaeeeseaeeeeeeeseeeesaaeeesaeeeeeeeeaas 201 LDAP General Settings cccccceccceeeececeeeeeceneeeeaaeeeeeeeseeeeeseaeeesaaeeseeeeseaeeesaaeeesaeeseeeeenaees 202 LDAP Advanced Settings c ccccccceeececeeeeeeeeeeeeaeeeeeeeceeeesaeeesaaeseeaeeseeeescaeeesaeeseeeeseaees 202 Sun One LDAP iPlanet Configuration Settings
21. Advanced Administration 164 165 191 195 237 AES Encryption 266 All Users Data Report 213 Allow concurrent logins per username 271 Apply a Custom View for Devices 184 Apply a Custom View for Nodes 181 Assign a Default Custom View for Devices 186 Assign a Default Custom View for Nodes 183 Assign a Default Custom View of Devices for All Users 186 Assign a Default Custom View of Nodes for All Users 183 Assign Service Accounts to Interfaces 108 Assigning a User to a Group 164 165 Assigning Policies To User Groups xvii 160 175 179 Association Terminology 41 Associations 391 Associations Defining Categories and Elements 41 Associations in Guided Setup 33 34 Associations Categories and Elements 41 51 55 57 72 97 104 109 150 Audit Trail Entries for Importing 45 82 149 171 344 370 Audit Trail Report 210 Authentication and Authorization AA Overview 187 Authentication FAQs 382 Authorization FAQs 386 Availability Report 212 234 Available Licenses 11 15 226 B Backing Up a Device Configuration 83 280 Backing Up CC SG 222 228 229 231 233 254 280 Before You Use Guided Setup 33 Blade Chassis Overview 63 394 Blade Chassis with an Integrated KVM Switch 63 Blade Chassis without an Integrated KVM Switch 63 Bookmarking an Interface 136 137 217 Browser Based Access via the CC SG Admin Cli
22. Limited Operation Before License Install on page 28 When the license server is up again you must check out each license again to resume normal operation See Install and Check Out Your License on page 23 Raritan Raritan Chapter 3 Getting Started Restart License Servers After an Outage If the license server goes down and then resumes operation or if you move add or delete license files you should restart the license server Restarting the license server ensures that CC SG is synchronized with the most current information Note A Windows license server will synchronize automatically after an outage A Linux license server will synchronize after a 2 hour timeout but restarting it will synchronize it immediately after an outage gt To restart a license server Run the command 1mdown for graceful shutdown of the license server Command Line Utilities for Managing License Server The following utilities are installed when you install your license server software You can execute each from the command line to manage the license server For the examples use these values for the items in brackets lt feature name gt is the value in the Feature column on the Administration gt License Manager page in the Admin Client For example CCSG128 VA is the feature name of the virtual appliance base license lt license file name gt is the file name of the license file installed as saved on your li
23. Raritan Chapter 13 Reports You can limit the data that the report will contain by entering additional parameters in the Message Type Message Username and User IP address fields Wildcards are accepted in these fields except for the Message Type field To limit the report to a type of message select a type in the Message Type field To limit the report by the message text associated with an activity type the text in the Message field To limit the report to a particular user s activities type the user s username in the Username field To limit the report to a particular IP address s activities type the user s IP address in the User IP address field In the Entries to Display field select the number of entries to display in the report screen Click Apply to generate the report To purge the records in the report click Purge See Purge a report s data from CC SG on page 210 CC SG stores error messages in a series of Error Log files which can be accessed and used to help troubleshoot problems The Error Log includes a subset of the Audit Trail entries that are associated with an error condition gt 1 To generate the Error Log report Choose Reports gt Error Log Set the date range for the report in the Start Date and Time and End Date and Time fields Click each component of the default date month day year hour minute to select it then click the up and down arrows to reach the desired
24. Scheduled Reports Scheduled reports are sent via email to the recipients that you specify You can specify either CSV or HTML for the version of the emailed report All reports that have a Finished status are stored in HTML format on CC SG for 30 days You can view the finished reports in HTML format only by selecting Scheduled Reports on the Reports menu See Scheduled Reports on page 219 Find and View Tasks You can view tasks in a list filtered by the criteria you choose For each task you can view details and history Note If a task is changed or updated its prior history no longer applies and the Last Execution Date will be blank gt To view a task 1 Choose Administration gt Tasks 2 To search for tasks use the up and down buttons to select the date range of the task you want to view 3 Filter the list further by selecting one or more Cirl click tasks status or owner from each list 4 Click View Tasks to view the list of tasks gt To view a task s history Select the task and click Task History gt To view a task s details Double click a task to open a dialog containing the task details 279 Chapter 15 Advanced Administration Schedule a Task This section covers most tasks that can be scheduled See Schedule a Device Firmware Upgrade on page 282 for details on scheduling device firmware upgrades gt To schedule a task 1 Choose Administration gt Tasks 2 Click
25. The default escape character is a tilde followed by a period e Atthe prompt type the following command and press Enter You may have problems using the escape character in the Linux terminal or client Raritan recommends that you define a new escape character when establishing a port connection The command is connect e lt escape char gt port id For example to define m as the escape character when connecting to the port with id 2360 type connect e m 2360 Raritan Serial Admin Port Raritan Chapter 15 Advanced Administration The serial admin port on CC SG can be connected directly to a Raritan serial device such as Dominion SX or KSX You can connect to the SX or KSX via the IP address using a terminal emulation program such as HyperTerminal or PUTTY Set the baud rate in the terminal emulation program to match the SX or KSX baud rate gt SX requirements Use an ASCSDB9F adapter to connect the CC SG unit to the SX Use the default SX port settings 9600 bps Parity None 8 Flow Control None Emulation VT100 gt V1 Serial Admin Port a eoece About Terminal Emulation Programs HyperTerminal is available on many Windows OS HyperTerminal is not available on Windows Vista PuTTY is a free program you can download from the internet 293 294 Chapter 15 Advanced Administration Web Services API Finding Your CC SG Serial Number gt To find your CC
26. ccccceeecceeeeeeeeeeeceeeeeseeeeseeeeeeeeeeeaees 203 OpenLDAP eDirectory Configuration Settings ccccceecceeeeeeeeeeeceeeeeseneeesseeeeeeeeeeaees 204 IBM LDAP Configuration Settings c cccccccecceeeeeseeceeeeeceeeeeeaaeeeeaeeeeeeeeseeeetaeeseneeeeneees 204 About TACACS and CO SG o ecccecccececcceceeeeeeeeeceeeeecaeeesaaeeeceeeeeeeesaaeeesaaeseceeeseaeessaaeeeeaeeeeeeeeeaas 205 Add a TACACS Module cccccceccceceeeeeceeeeeeeeceeeeecaeeesaaeeeeaeeseeeeeseaeeeeaaeseceeeseeeescaeeeeeeeeeeeeeaas 205 TACACS General Settings ccecccecesceeeeeeeeeeecaeeeeeeeseeeeecaeeesaaeeeeeeeseeeesaaeeeeeeeeeeeeseas 205 About RADIUS and CO SG oi eeeccecccececceeceeeeeeeeceeeeeceaeeeeaaeeeeeeeeeeeeecaaeeesaaeseeeeeseaeeesaaeeeeeeeeeeeeeaas 206 Adda RADIUS Mod le socso aa NRE A EENE SRSA 206 RADIUS General Settings niis iaprag aiaia ian ia aN qos N Na E 206 Two Factor Authentication Using RADIUS ssseseesseessesssssssssssrsssrsssnsssnsssnnssnnssnnesunees 207 Chapter 13 Reports 208 Usmo AS POOLS eeraa ioner sth acct tice EaN N EENAA SEE EAE tea EENE E EANES E ss eases AAS ETN EAEAN ERRESEINA 208 SOM Repon Data oraes ainen eaa Aa aTa anaa aaie Aiei aaan en 208 Resize Report Column Width ssssssessssessessnsssnsssnsssessrnssrnnsrnnssnnsrnntrnnstnntsnnnsnnntnnnennnenn nenn 208 View Report Details eecccecceseccceeeeeceeeeeeeceeeeneeceeesneeceeesseceeesneeaeeesneeeeeeeneeaeeeeesneeeeennes 209 Navigate Mu
27. 2 If any item does not show No under the Replace or Rebuild column contact Raritan Technical Support for assistance A good system File Operation CC SG Administrator Console Repair Rebuild RAID Disk Drive Status Self Tests Replace sHealth gt lt Attributes gt lt Errors gt lt Self Tests gt lt All gt RAID Array Status Array State Events Elements Mis Match Rebuild md clean 48 2 2 10 No mdl active 803765 2 2 10 No Potential Operations Replace Disk Drive lt Rebuild RAID Array gt SN ACD8605011 Ver 4 1 8 1 11 Updated Wed Dec 2008 12 03 10 50 24 EST 05600 Help lt Fl gt Exit lt ctl Q gt or lt ctl C gt Menus Top bar lt ctl xX gt A contrived system showing multiple problems File Operation CC SG Administrator Console Repair Rebuild RAID Disk Drive Status Health Attributes Errors Self Tests Replace Pre Fail Errors OK Yes PreFail OK Errors Errors Yes Warn sHealth gt lt Attributes gt lt Errors gt lt Self Tests gt lt All gt RAID Array Status Array State Events Elements Mis Match Rebuild md 6degraded clean 6 1 2 10 Yes gt sdal mdl active 5 2 2 10 No Potential Operations Replace Disk Drive lt Rebuild RAID Array gt SN ACD 798B052 Ver 4 1 0 5 2 Updated Tue Dec 2008 12 02 19 58 53 EST 0500 Help lt Fl gt Exit lt ctl Q gt or lt ctl C gt Menus Top bar lt ctl X gt The system will update disp
28. 6 Click Apply to generate the report The Node Asset report displays node name interface name and type device name and type and node group for all nodes under CC SG management You can filter the report to include only data about nodes that correspond to a specified node group interface type device type or device gt To generate the Node Asset report 1 Choose Reports gt Nodes gt Node Asset Report 2 Select the filtering criteria you want to apply to the report All Nodes Node Group Device Group or Devices f you select Node Group Interface Type or Device Group select a parameter from corresponding menu f you select Devices select the devices in the Available list whose node assets you want to include in the report then click Add to move them to the Selected list 3 Click Apply to generate the report The Node Asset Report generates gt To get bookmark URLs for nodes 1 Generate the Node Asset report then double click a node to view the details dialog 2 Click Save to File All report information is saved to a csv file Raritan 3 Active Nodes Report Chapter 13 Reports The URL column contains direct links to each node You can use this information to create a web page with links to each node instead of bookmarking each node individually See Bookmarking an Interface on page 136 The Active Nodes report includes the name and type of each active interface the connection mod
29. A Reboot operation performs a normal reboot of the virtual host server when it is in maintenance mode A Force Reboot operation forces the virtual host server to reboot even if the server is not in maintenance mode To access these commands you must have the Node In Band Access and Node Power Control privilege You must also be in a user group that is assigned a policy to access the node you want to reboot or force reboot gt To reboot or force reboot a virtual host node 1 Select the virtual host node you want to reboot or force reboot 2 Click the Virtual Host Data tab 3 Click Reboot or Force Reboot Accessing the Virtual Topology View The Topology View is a tree structure that shows the relationships of the control system virtual hosts and virtual machines associated with the selected node You must have the Device Port and Node Management privilege to open the topology view gt Open the topology view from the virtual node profile 1 Inthe node profile click the tab that contains virtualization information about the node Virtual Machine Data tab Virtual Host Data tab or Control System tab depending on the node type 2 Click the Topology View link The topology view opens in a new window Virtual nodes that are configured in CC SG display as links Double click a node s link to open the node profile for the virtual node Double click an interface link to either connect to the node Double click a
30. All existing customers must upgrade to 5 0 before upgrading to any release higher than 5 0 Follow the steps in this topic to confirm your license files are in place after upgrade to 5 0 gt Step 1 Upgrade to 5 0 See Upgrading CC SG on page 229 gt Step 2 View your license files 1 Inthe Admin Client choose Administration gt License Management The License Manager page opens The License Summary section shows high level information about your license or licenses You can view the CC SG Host ID associated with the license file The number of nodes in use and number of nodes allowed is listed in the center of the page Note If you discover that the number of nodes allowed is fewer than the number you originally purchased a license for contact your Raritan Sales person Licensing Rehosting Physical appliance licenses are associated with one specific CC SG unit Virtual appliance licenses are associated with one specific license server If these items change your license file is assigned the wrong Host ID or anything happens that would result in a mismatch between the license file and your CC SG system you must obtain a new license file with the correct Host ID gt To get anew license file with a different Host ID Contact Raritan Technical Support See Technical Support Contacts on page 2 Raritan Chapter 3 Getting Started Add a License You can add a license to CC SG if you pu
31. Asia Pacific and Europe You could set up an Association that organizes this equipment by location Then you can customize the CC SG to display your Raritan devices and nodes according to your chosen Category Location and its associated Elements America Asia Pacific and Europe in the CC SG interface You can customize the CC SG to organize and display your servers however you like Association Terminology e Associations the relationships between categories elements of a category and nodes and devices e Category a variable that contains a set of values called elements An example of a category is Location which may have elements such as America and Asia Pacific Another example of a category is OS Type which may have elements such as Windows or Unix or Linux e Elements the values of a category For example the America element belongs to the Location category Associations Defining Categories and Elements Raritan devices and nodes are organized by categories and elements Each category element pair is assigned to a device a node or both A category is a group of similar elements Category Elements OS Type Unix Windows Linux Department Sales IT Engineering 41 Chapter 5 Associations Categories and Elements Policies also use categories and elements to control user access to servers For example the category element pair Location America can b
32. Chapter 16 Diagnostic Console CC SG Title Date and Time The CC SG title is constant so users know that they are connected to a CC SG unit The date and time at the top of the screen is the last time when the CC SG data was polled The date and time reflect the timing values saved on the CC SG server Message of the Day The Message of the Day MOTD box displays the first 5 lines of the MOTD which are entered in the CC SG Admin Client Each line contains a maximum of 78 characters and does not support any special formatting System Server and Network Status This area of the screen provides information on the state of various CC SG components The following table explains the information and statuses for CC SG and CC SG database Description CC SG s Fully Qualified Domain Name FQDN It consists of both the unit s hostname and the associated domain name CC SG s current firmware version It consists of 5 tuple value CC SG s serial number CC SG s model type A number for licensing the CC SG unit The status of the CC SG server which handles most user requests Available statuses include Up CC SG is available and can accept user requests Down CC SG may be stopped or in the process of restarting If the Down status continual try restarting CC SG Restarting CC SG is in the process of restarting The CC SG server uses an internal database DB as part of its operations This database must be up and respond
33. Console via Web Browser on page 297 1 Using a supported Internet browser type this URL http s lt IP_address gt status where lt IP_address gt is the IP address of the CC SG Note the forward slash following status is mandatory For example https 10 20 3 30 status 2 A status page opens This page contains the same information as the Status Console Click CC SG Monitors under Evaluation at the bottom of the page Check the disk related information and take actions when necessary See the previous section for details Raritan 377 Appendix G Diagnostic Utilities Note For file system problems that are not mentioned in this section or when the corrective actions you take cannot resolve the problems contact Raritan Technical Support for assistance on Raritan Appendix H Two Factor Authentication CC SG can be configured to point to an RSA RADIUS Server that supports two factor authentication via an associated RSA Authentication Manager CC SG acts as a RADIUS client and sends user authentication requests to RSA RADIUS Server The authentication request includes user id a fixed password and a dynamic token code In This Chapter Supported Environments for Two Factor Authentication 0 379 Two Factor Authentication Setup Requirement s s s 379 Two Factor Authentication Known ISSUES cccesseseeeeeeeeeeeeneaees 379 Supported Environments for Two Factor Authentication
34. Device Groups and Ports To delete a slot using the Delete Blade command In the Devices tab click the next to the KX2 device that is connected to the blade chassis device Click the next to the blade chassis device whose slots you want to delete Right click the blade slot that you want to delete Select Delete Blade and then click OK to delete the slot Edit a Blade Chassis Device You can edit a blade chassis device to rename it modify its properties and view slot configuration status gt 1 To edit a blade chassis In the Devices tab click the next to the KX2 device that is connected to the blade chassis device Select the blade chassis device you want to edit Type the new device properties in the appropriate fields on this screen If necessary edit the Categories and Elements associated with this device Click the Blades tab to view all slots of this blade chassis device If a slot has been configured as a node you can click the Node hyperlink to open the Node Profile Optional Click OK to save your changes A message appears when the device has been modified Delete a Blade Chassis Device You can delete a blade chassis device connected to a KX2 device from CC SG When you delete the blade chassis device from the KX2 device the blade chassis device and all configured blade servers or slots disappear from the Devices tab as well as from the Nodes tab gt 1 To delete a blade
35. Enter names for interfaces maximum 32 characters Virtual Host VI Client Interfaces VMware Viewer Interfaces Virtual Power Interfaces RDP VNC and SSH Interfaces if specified b Enter login credentials To use a Service Account select the Use Service Account Credentials checkbox then select the name of the service account or Enter a username and password for the interface type Maximum 64 characters each Click OK 119 Chapter 8 Nodes Node Groups and Interfaces Delete Control Systems and Virtual Hosts You can delete control systems and virtual hosts from CC SG When you delete a control system the virtual hosts and virtual machines associated with it are not deleted When you delete a virtual host the control systems and virtual machines associated with it are not deleted Virtual machine nodes are not automatically deleted when their associated control systems or virtual hosts are deleted See Delete a Virtual Machine Node on page 120 gt To delete control systems and virtual hosts 1 Choose Nodes gt Virtualization 2 Select the control systems and virtual hosts you want to delete from the list Use Ctrl click to select multiple items 3 Click Delete Delete a Virtual Machine Node There are two ways to delete virtual machine nodes e Use the Delete Node feature See Delete a Node on page 110 e Deselect the Configure checkbox for the virtual machine See Edit Co
36. Import Devices 81 Import Nodes 148 150 Import Power Strips from Power IQ 337 343 Raritan Index Import Users 171 Importing AD User Groups 195 Importing and Exporting Dominion PX Data from Power IQ 342 Install and Check Out Your License 23 24 387 Install CommandCenter Secure Gateway on VMware ESX Server 4 0 22 Install License Server Software on a Linux or Windows Server 18 Install or Upgrade VMware Tools 27 Install the Thick Client 6 Interfaces for DRAC Power Control Connections 126 129 Interfaces for ILO Processor Integrity ILO2 and RSA Power Control Connections 126 129 Interfaces for In Band Connections 125 127 Interfaces for IPMI Power Control Connections e 131 Interfaces for Managed Powerstrip Connections 93 94 95 97 98 99 126 130 Interfaces for Out of Band KVM Out of Band Serial Connections 126 128 Interfaces for Power IQ Proxy Power Control Connections 126 132 339 Interoperability FAQs 386 Introduction 1 IP Reach and UST IP Administration e 92 J Java RDP Connection Details 128 JRE Incompatibility 5 6 K Keyboard Shortcuts 388 L Launching a Device s Administrative Page 90 LDAP Advanced Settings 202 LDAP General Settings 202 License Server Communication 24 License Server Outages 24 Licensing Basic License Information 11 Licensing Clusters New Customers 16 Licensing Exist
37. In the Custom View panel click Set as Default The next time you log in the selected custom view will be used by default Assign a Default Custom View of Nodes for All Users If you have the CC Setup and Control privilege you can assign a default custom view for all users On N 4 To assign a default custom view of nodes for all users Click the Nodes tab Choose Nodes gt Change View gt Create Custom View Click the Name drop down arrow and select the custom view you want assign as a system wide default view Select the System View checkbox and then click Save All users who log into CC SG will see the Nodes tab sorted according to the selected custom view Users can change the custom view Custom Views for Devices Add a Custom View for Devices To add a custom view for devices Click the Devices tab Choose Devices gt Change View gt Create Custom View The Custom View screen appears 183 Chapter 11 Custom Views for Devices and Nodes 184 In the Custom View panel click Add The Add Custom View window appears Type a name for the new custom view in the Custom View Name field In the Custom View Type section Select Filter by Device Group to create a custom view that displays only the device groups you specify Select View by Category to create a custom view that displays devices according to the categories you specify Click OK In the Custom View Details section a Inthe Ava
38. In the Net Address and Net Mask fields specify the client IP address range that should connect to nodes and ports via Direct mode and then click Add Click Update Configuration You can configure some settings that apply to all devices and configure each device type s default port number gt 1 2 To configure default port number for devices Choose Administration gt Configuration Click the Device Settings tab 251 252 Chapter 15 Advanced Administration a on gt Select a Device Type in the table and double click the Default Port value Type the new Default Port value Click Update Configuration to save your changes To configure timeout duration for devices Choose Administration gt Configuration Click the Device Settings tab Type a new timeout duration in the Heartbeat sec field The valid range is 30 seconds to 50 000 seconds Click Update Configuration to save your changes To enable or disable a warning message for all power operations Select the Display Warning Message For All Power Operations checkbox to enable a warning message that alerts a user before a requested power operation occurs Only the user who initiated the power operation sees the message The user can cancel the power operation or confirm it by clicking Yes or No in the message 1 2 3 Choose Administration gt Configuration Click the Device Settings tab Select the Display Warning Message For All P
39. Raritan 1M IIN Min Copyright 2011 Raritan Inc CCA 0N v5 1 E February 2011 255 80 5140 00 0N This document contains proprietary information that is protected by copyright All rights reserved No part of this document may be photocopied reproduced or translated into another language without express prior written consent of Raritan Inc Copyright 2011 Raritan Inc All third party software and hardware mentioned in this document are registered trademarks or trademarks of and are the property of their respective holders FCC Information This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a commercial installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications Operation of this equipment in a residential environment may cause harmful interference VCCI Information Japan CORRS HRLBRES SRRSAERMHBMS VCCI 0HE ESC TFAZAMRRHRECT TORE t RE CATS CBR MEENSRCFCEPHVET COMPILERS PBOICHREBT SBLIBKENSCEPHVET Raritan is not responsible for damage to this product resulting from accident disaster misuse abuse non Raritan modification of the product or other events outside of Raritan s reason
40. Select this item to create a KVM connection to a node through VNC server software See Interfaces for In Band Connections on page 127 Out of Band Connections a Out of Band KVM Select this item to create a KVM connection to a node through a Raritan KVM device KX KX101 KSX IP Reach Paragon Il Out of Band Serial Select this item to create a serial connection to a node through a Raritan serial device SX KSX 125 Chapter 8 Nodes Node Groups and Interfaces See Interfaces for Out of Band KVM Out of Band Serial Connections on page 128 Power Control Connections Power Control DRAC Select this item to create a power control connection to a Dell DRAC server Power Control iLO Processor Select this item to create a power control connection to an HP iLO RILOE server Power Control IPMI Select this item to create a power control connection to a node with an IPMI connection Power Control Integrity ILO2 Select this item to create a power control connection to an HP Integrity server or other servers that support Integrity ILO2 Power Control Power IQ Proxy Select this item to create a power control connection to a Power IQ IT device Power Control RSA Select this item to create a power control connection to an RSA server See Interfaces for DRAC Power Control Connections on page 129 Interfaces for ILO Processor Integrity ILO2 and RSA Power Control Connections on page
41. The message indicates that something on the system is trying to communicate with the DVD ROM drive Different scenarios can invoke the message For example e Auser opens or closes the DVD ROM drive door or e The operating system is checking the DVD ROM drive and finds no media when it boots up There are other scenarios that invoke the message as well but will not be described in the section avc The message comes from an internal security audit and control system SELinux sub system The system issues warnings without enforcing any security policy so they do not indicate any problem with the system ipcontracks The message always appears each time CC SG boots up so it is normal Note that CC SG turns off these messages since version 4 0 but they are still available in internal logs Therefore when you upgrade CC SG from 3 x to 4 x these Diagnostic Console messages disappear 392 Index A About Administrator Console 296 303 About Applications for Accessing Nodes 238 About Associations 41 About CC SG LAN Ports 242 243 246 About CC SG passwords 269 About Connection Modes 102 128 250 About Default Applications 240 About Interfaces 102 250 About LDAP and CC SG 201 About Network Setup 3 30 242 257 307 About Nodes 101 About RADIUS and CC SG 206 About Status Console 296 297 About TACACS and CC SG 205 About Terminal Emulation Programs 293 Access a
42. These default settings only apply to new ports To apply these settings to ports on existing devices click Apply Selections to Existing Devices then select the devices you want to change and click OK Managing Device Firmware Raritan CC SG stores firmware for Raritan devices that you can use to upgrade the devices under its control The firmware manager is used to upload and delete device firmware files to and from CC SG Once a firmware file has been uploaded you can access it to perform a device upgrade See Upgrading a Device on page 82 Upload Firmware You can upload different versions of device firmware to CC SG When new firmware versions become available they are posted on the Raritan website gt To upload firmware to CC SG 1 Choose Administration gt Firmware 241 242 Chapter 15 Advanced Administration Click Add to add a new firmware file A search window opens Navigate to and select the firmware file you want to upload to CC SG and then click Open When the upload completes the new firmware appears in the Firmware Name field Delete Firmware gt To delete firmware 1 Choose Administration gt Firmware 2 Click the Firmware Name drop down arrow and select the firmware you want to delete Click Delete A confirmation message appears Click Yes to delete the firmware Configuring the CC SG Network You can configure the network settings for your CC SG managed network in
43. To synchronize the virtual infrastructure Choose Nodes gt Virtualization In the list of nodes select the nodes you want to synchronize Use Ctrl click to select multiple items Click Synchronize If the virtual infrastructure had changed since the last synchronization the information in CC SG updates The Configured in Secure Gateway column shows the number of virtual machines or hosts that are configured in CC SG The Last Synchronization Date shows the date and time of the synchronization The Node Status column shows the status of the virtual node Enable or Disable Daily Synchronization of the Virtual Infrastructure You can configure an automatic synchronization of CC SG with your virtual infrastructure The automatic synchronization occurs daily at the time you specify gt 1 o N gt on gt N 122 To enable daily synchronization of the virtual infrastructure Choose Nodes gt Virtualization Select the Enable Daily Automatic Synchronization checkbox Enter the time when you want the daily synchronization to occur in the Start Time field Click Update To disable daily synchronization of the virtual infrastructure Choose Nodes gt Virtualization Deselect the Enable Daily Automatic Synchronization checkbox Click Update Raritan Chapter 8 Nodes Node Groups and Interfaces Reboot or Force Reboot a Virtual Host Node You can reboot or force reboot the virtual host server
44. and Otherwise the Short Expression field may return to the default expression that is RuleO amp Rule amp Rule2 and so on when you delete any rule from the table o remove a row from the table select the row and then click the Remove Row icon E To seethe list of devices whose parameters follow the rules you have defined click View Devices 6 Click Validate when a description has been written in the Short Expression field If the description is formed incorrectly you will receive a warning If the description is formed correctly a normalized form of the expression appears in the Normalized Expression field 7 Click View Devices to see what nodes satisfy this expression A Devices in Device Group Results window opens displaying the devices that will be grouped by the current expression This can be used to check if the description was correctly written If not you can return to the rules table or the Short Expression field to make adjustments 8 Select the Create Full Access Policy for Group checkbox to create a policy for this device group that allows access to all devices in the group at all times with control permission 9 To add another device group click Apply to save this group then repeat these steps Optional 10 If you have finished adding device groups click OK to save your changes Raritan i 76 Chapter 6 Devices Device Groups and Ports Describe Method versus Select Method Us
45. ccceesceceeeeeceeeeeeee scence ceeeeeeaeeeeaaesseneeseaeeeseaeeesaaeeeeneeeed 36 User Management cccceeeeceeeeecneeeeeeseeeeeeeeaeeeeeeaaeeeseeaeeeseeneneeeeeneneeeee 38 Before You Use Guided Setup Before proceeding with CC SG configuration you must complete system configuration e Configure and install Dominion series and IP Reach appliances both serial and KVM devices including assigning an IP address Raritan Chapter 4 Configuring CC SG with Guided Setup Associations in Guided Setup Create Categories and Elements gt To create categories and elements in Guided Setup 1 Inthe Guided Setup window click Associations and then click Create Categories in the left panel to open the Create Categories panel 2 Inthe Category Name field type the name of a category into which you want to organize your equipment such as Location 3 Inthe Applicable for field indicate whether you want the category to be available for devices nodes or both Click the Applicable for drop down menu and select a value from the list 4 Inthe Elements table type the name of an element within the category such as Raritan US Click the Add New Row icon E to add more rows to the Elements table o delete an element select its row and then click the Delete Row icon E 5 Repeat these steps until you have added all the elements within the category to the Elements table 6 To create another categ
46. checkbox If the CC SG is not configured for secure browser connections you must deselect the Secure Socket Layer SSL checkbox This setting must be correct or the thick client will not be able to connect to CC SG To check the setting in CC SG Choose Administration gt Security In the Encryption tab look at the Browser Connection Protocol option If the HTTPS SSL option is selected then you must select the Secure Socket Layer SSL checkbox in the thick client s IP address specification window If the HTTP option is selected deselect the Secure Socket Layer SSL checkbox in the thick client s IP address specification window Click Start Awarning message appears if you are using an unsupported Java Runtime Environment version on your machine Follow the prompts to either download a supported Java version or continue with the currently installed version The login screen appears If the Restricted Service Agreement is enabled read the agreement text and then select the Understand and Accept the Restricted Service Agreement checkbox Type your Username and Password in the corresponding fields and then click Login to continue Use the Thick Client The minimum Java version required for running the thick client is 1 6 0 10 Once the thick client is installed there are two ways to access it on your client computer gt To access the thick client Launch the thick client from the Java Control Panel s Java
47. description to be evaluated as true and grouping operators This breaks the description into a subsection contained within the parentheses The section within the parentheses is evaluated before the rest of the description is compared to the node Parenthetical groups can be nested inside other parenthetical groups Example1 If you want to describe devices that belong to the engineering department create a rule that says Department Engineering This will become Rule0 Type Ruled in the Short Expression field Raritan Chapter 6 Devices Device Groups and Ports Example 2 If you want to describe a group of devices that belong to the engineering department or are located in Philadelphia and specify that all of the machines must have 1 GB of memory you must create three rules Department Engineering RuleO Location Philadelphia Rule1 Memory 1GB Rule2 These rules must be arranged in relation to each other Since the device can either belong to the engineering department or be located in Philadelphia use the OR operator to join the two Ruleo Rule1 Make this comparison first by enclosing it parentheses RuleO Rule1 Since the devices must both satisfy this comparison AND contain 1GB of memory use the AND connector amp to join this section with Rule2 RuleO Rule1 amp Rule2 Type this final expression in the Short Expression field Note You should have a space before and after operators amp
48. e If the memory usage is rising dramatically or the browser session stops responding to your actions you may need to increase your Java Heap size for your client a Open Java plug in in the Control Panel b Click the Java tab c Click View inside the Java Applet Runtime Settings group box d Select the row of the current Java version you are running and type Xmx lt size gt m in the Java Runtime Parameters column For example type Xmx300m if you want to increase the Java Heap size to a maximum of 300MB It s not recommended to set the Java Heap size higher than half of the client computer s memory For example if the client computer has 1 0 GB of RAM set the parameter to Xmx512m maximum 372 ZE Raritan Appendix F Troubleshooting If you access more than one CC SG unit using the same client and Firefox you may see a Secure Connection Failed message that says you have an invalid certificate You can resume access by clearing the invalid certificate from your browser a b c d e In Firefox choose Tools gt Options Click Advanced Click the Encryption tab Click View Certificates and find Raritan in the list Select the CommandCenter item and click Delete Click OK to confirm 373 Appendix G Diagnostic Utilities CC SG comes with a few diagnostic utilities which may be extremely helpful for you or Raritan Technical Support to analyse and debug the cause of CC SG problems In This Cha
49. file to a remote location See Backing Up CC SG on page 222 3 Onthe CC SG that you are migrating from choose System Maintenance gt Shutdown to shutdown the CC SG application 4 Onthe CC SG that you are migrating to upload the Full Backup file then perform a Full Restore Make sure you select Full as the Restore Type See Restoring CC SG on page 225 233 Chapter 14 System Maintenance CC SG Shutdown Note The CC SG that you are migrating to must have its own valid licenses to be fully operational A valid license is not required to complete the Full Restore Resume management of all devices You can schedule a task to resume all devices if you are using CC SG firmware version 5 1 or higher See Schedule a Task on page 280 Run a Device Availability report to review the managed device status See Availability Report on page 212 When the new CC SG is running successfully reset the database on the CC SG that you migrated from to prevent conflicts if both are inadvertently brought online To reset the database access the Diagnostic Console and choose Operation gt Admin gt Factory Reset gt Full CC SG Database Reset option See Reset CC SG Factory Configuration on page 319 Shutting down CC SG shuts down the CC SG software but it does not power off the CC SG unit After CC SG shuts down all users are logged out Users cannot log back in until you restart CC SG either via the Diagnostic Console or by
50. gt Configuration 2 Click the Logs tab 3 Click Purge 4 Click Yes Configuring the CC SG Server Time and Date Raritan CC SG s time and date must be accurately maintained to provide credibility for its device management capabilities Important The Time Date configuration is used when scheduling tasks in Task Manager See Task Manager on page 278 The time set on your client PC may be different than the time set on CC SG Only the CC Super User and users with similar privileges can configure Time and Date Changing the time zone is disabled in a cluster configuration gt Toconfigure the CC SG server time and date 1 Choose Administration gt Configuration 2 Click the Time Date tab a To set the date and time manually Date click the drop down arrow to select the Month use the up and down arrows to select the Year and then click the Day in the calendar area Time use the up and down arrows to set the Hour Minutes and Seconds and then click the Time zone drop down arrow to select the time zone in which you are operating CC SG a To set the date and time via NTP Select the Enable Network Time Protocol checkbox at the bottom of the window and then type the IP addresses for the Primary NTP server and the Secondary NTP server in the corresponding fields 249 Chapter 15 Advanced Administration Note Network Time Protocol NTP is the protocol used to synchronize the attached compute
51. sets of users that share the same level of access and privileges Client Browser Requirements For a complete list of supported browsers see the Compatibility Matrix on the Raritan Support web site Raritan Chapter 2 Accessing CC SG You can access CC SG in several ways e Browser CC SG supports numerous web browsers for a complete list of supported browsers see the Compatibility Matrix on the Raritan Support website e Thick Client You can install a Java Web Start thick client on your client computer The thick client functions exactly like the browser based client e SSH Remote devices connected via the serial port can be accessed using SSH e Diagnostic Console Provides emergency repair and diagnostics only and is not a replacement for the browser based GUI to configure and operate CC SG See Diagnostic Console on page 296 Note Users can be connected simultaneously using the browser thick client and SSH while accessing CC SG In This Chapter Browser Based Access via the CC SG Admin Client oo 5 Thick Client ACCESS o ccccccccccccccceceeeeeeecesecsceaeee ease ceseesseaueeseceseeseuauaneasees 6 CC SG Admin Client 0c cccccecseesseeesecseseeeseseaeesessaeseeesaesaeeaeeseuenanans 8 Browser Based Access via the CC SG Admin Client Raritan The CC SG Admin client is a Java based client that provides a GUI for both administrative and access tasks depending on your permissions 1
52. the description was correctly written If not you can return to the rules table or the Short Expression field to make adjustments If you Know you want to create a policy that allows access to the nodes in this group at all times select the Create Full Access Policy for Group checkbox When you are done describing the nodes that belong in this group click OK to create the node group The group will be added to the list of Node Groups on the left Edit a Node Group Edit a node group to change the membership or description of the group gt 1 To edit a node group Choose Associations gt Node Group The Node Groups Manager window opens Click the node you want to edit in the Node Group List The details of that node appear in the Node Groups window Refer to the instructions in the Select Nodes or Describe Nodes sections for details on how to configure the node group Click OK to save your changes Delete a Node Group i a fF DN To delete a node group Choose Associations gt Node Group The Node Groups Manager window opens Select the node you want to delete in the Node Group List to the left Choose Groups gt Delete The Delete Node Group panel appears Click Delete Click Yes in the confirmation message that appears Raritan Chapter 8 Nodes Node Groups and Interfaces Z Raritan Chapter 9 Raritan Users and User Groups User accounts are created so that user
53. window appears Choose Groups gt New A template for a node group appears In the Group Name field type a name for a node group you want to create See Naming Conventions on page 389 for details on CC SG s rules for name lengths 4 There are two ways to add nodes to a group Select Nodes and Describe Nodes The Select Nodes method allows you to arbitrarily assign nodes to the group by selecting them from the list of available nodes The Describe Nodes method allows you to specify rules that describe nodes nodes that match the description will be included in the group Describe Method versus Select Method Use the describe method when you want your group to be based on some attribute of the node or devices such as the categories and elements The advantage of the describe method is that when you add more devices or nodes with the same attributes as described they will be pulled into the group automatically Use the select method when you just want to create a group of specific nodes manually New nodes and devices added to CC SG are not pulled into these groups automatically You must manually add the new nodes or devices to the group after you add them to CC SG These two methods cannot be combined Once a group is created with one method you must edit it using the same method Switching methods will overwrite the current group settings Select Nodes gt To add anode group with the Select Nodes option 1 Click the Sel
54. you can view the results in the Repair Rebuild RAID screen See Repair or Rebuild RAID Disks on page 331 If a non zero value displays in the Mis Match column for the given Array indicating that there may be a problem you should contact Raritan Technical Support for assistance Raritan ate 330 Chapter 16 Diagnostic Console Schedule Disk Tests You can schedule SMART based tests of the disk drives to be periodically performed Firmware on the disk drive will perform these tests and you can view the test results in the Repair Rebuild screen See Repair or Rebuild RAID Disks on page 331 SMART tests can be performed while CC SG is operational and in use They have a marginal impact on the CC SG performance but CC SG activities may significantly delay the completion of the SMART tests Therefore it is recommended that you do not schedule frequent tests When scheduling SMART tests be aware of these guidelines e Only one test can be performed on a given drive at a time e Another test will not be scheduled if a drive is currently under test e f two tests are scheduled for the same time slot the longer test takes priority e The test is performed within the hour specified not necessarily at the being of the hour e Do not schedule SMART tests for periods of higher disk activity such as heavy CC SG loads or vacuum operation that occurs every day at midnight and noon Note By default CC SG has a scheduled
55. 129 Interfaces for Power IQ Proxy Power Control Connections on page 132 Managed Powerstrip Connections Managed PowerStrip Select this item to create a power control connection to a node powered through a Raritan PowerStrip or Dominion PX device See Interfaces for Managed Powerstrip Connections on page 130 Web Browser Connections Web Browser Select this item to create a connection to a device with an embedded Web server See Web Browser Interface on page 133 3 A default name appears in the Name field depending on the type of interface you select You can change the name This name appears next to the interface in the Nodes list See Naming Conventions on page 389 for details on CC SG s rules for name lengths Raritan Chapter 8 Nodes Node Groups and Interfaces Interfaces for In Band Connections In band connections include RDP VNC SSH RSA KVM iLO Processor KVM DRAC KVM and TELNET Telnet is not a secure access method All usernames passwords and traffic are transmitted in clear text gt To add an interface for in band connections 1 Type the IP Address or Hostname for this interface in the IP Address Hostname field 2 Type a TCP Port for this connection in the TCP Port field Optional 3 For RDP interfaces select Java or Windows then select Console or Remote User When a Console user accesses a node all other users are disconnected Multiple Remote Users can access a no
56. 130 RSA Interface Details When you create an In Band RSA KVM or Power interface CC SG discards the username and password associated with the interface and creates two user accounts on the RSA server This allows you to have simultaneous KVM and power access to the RSA server New usernames e cc_kvm_user e cC_power_user These usernames replace the username you entered when you created the interfaces CCSG uses these new user accounts to connect to the RSA server through the interfaces Do not delete edit or change the passwords for these user accounts on the RSA server or CC SG will not be able to connect using the interfaces If you used a Service Account to create the interfaces CC SG does not create user accounts on the RSA server You cannot have simultaneous KVM and power access to the RSA server when using a Service Account on the interfaces RSA Compatibility with JRE IBM RSA II version 1 14 is compatible with JRE versions 1 6 0_10 and 1 6 0_11 CC SG also supports higher JRE versions but higher JRE versions do not work well with IBM RSA II cards Interfaces for Managed Powersirip Connections When you create a Managed Power Strip interface that specifies a KX as the managing device the outlet you specify will be renamed with the associated node s name gt To add an interface for managed powerstrip connections 1 Managing Device Select the Raritan device to which the Power Strip is connected The de
57. 2003 targets For more information on Microsoft RDP including usage information see http www microsoft com downloads details aspx FamilyID 469eee 3a 45b4 4b40 b695 b678646a728b amp displaylang en Java RDP Connection Details The Java RDP interface supports Windows XP and Windows 2003 targets Java RDP can be used for proxy mode connections See About Connection Modes on page 250 Interfaces for Out of Band KVM Out of Band Serial Connections gt To add an Interface for out of band KVM or out of band serial connections Application name select the application you want to use to connect to the node with the interface from the list To allow CC SG to automatically select the application based on your browser select Auto Detect There are prerequisites for using Active KVM Client See Prerequisites for Using AKC on page 240 and Enabling the AKC Download Server Certificate Validation on page 253 Raritan Device Name select the Raritan device providing access to this node Note that a device must be added to CC SG before it appears in this list Raritan Port Name select the port on the Raritan device providing access to this node The port must be configured in CC SG before it appears in this list On serial connections the Baud Rate Parity and Flow Control values will populate based on the port s configuration Type a description of this interface in the Description field Optional Click OK to save yo
58. 3 Getting Started Licensing Virtual Appliance with License Server The CC SG virtual appliance requires you to install a license server to host your license Raritan provides the license server software and tools and a vendor daemon which you install on a physical server See Virtual Appliance Installation Requirements on page 17 If you are a new customer who has just purchased a virtual CC SG appliance follow these instructions to ensure that you have your license server installed and valid licenses activated Virtual Appliance Installation Requirements e ESX 4 0 to deploy the CommandCenter Secure Gateway virtual appliance Must have a datastore with 40GB minimum available Must have 2GB memory available 2virtual NICs A high availability cluster with shared storage is recommended e Client computer running vSphere Client 4 0 e Aphysical Windows or Linux server to host the Flexera FlexNet Publisher license server and a supported OS Flexera s Imgrd utility is supported on a Windows 32 bit x86 on Windows Server 2008 Windows Server 2003 Windows XP Professional with SP3 Windows Vista Ultimate Windows 7 Ultimate Linux 32 bit Linux Standard Base LSB 3 0 Certified x86 on Red Hat Enterprise Linux 4 0 and 5 0 e The following files which are available at http www raritan com support commandcenter secure gateway See Download Installation Files on page 18 for details CommandCenter Sec
59. AES encryption is required and you try to access CC SG with a non AES browser you will not be able to connect to CC SG Raritan Raritan Chapter 15 Advanced Administration Check Your Browser for AES Encryption CC SG supports AES 128 and AES 256 If you do not know if your browser uses AES check with the browser manufacturer You may also want to try navigating to the following web site using the browser whose encryption method you want to check https www fortify net ssicheck himl htips www fortify net ssicheck html This web site will detect your browser s encryption method and display a report Raritan is not affiliated with this web site Note Internet Explorer 6 does not support AES 128 or 256 encryption AES 256 Prerequisites and Supported Configurations AES 256 encryption is supported on the following web browsers only e Firefox 2 0 0 x and later e Internet Explorer 7 Note Internet Explorer 7 supports AES 128 or 256 encryption in Windows Vista only It does not support any AES encryption in Windows XP In addition to browser support AES 256 encryption requires the installation of Java Cryptography Extension JCE Unlimited Strength Jurisdiction Policy Files 6 gt To enable the AES 256 encryption with your browser 1 Download JCE Unlimited Strength Jurisdiction Policy Files 6 from http java sun com javase downloads index jsp http java sun com javase downloads index jsp 2 Extrac
60. Add a PowerStrip Device 53 54 56 Add a PowerStrip Device Connected to a KX KX2 KX2 101 KSX2 or P2SC Device 95 Add a RADIUS Module 206 Add a TACACS Module 205 Add a User 163 213 214 Add a User Group 159 162 Add a Virtual Host with Virtual Machines 116 119 Add an Application 32 239 Add an Element 43 Add an Interface 109 125 135 339 Add an LDAP Netscape Module to CC SG 201 Add Device Groups and Node Groups 36 Add User Groups and Users 39 Add Edit and Delete Service Accounts 107 Adding a Device 54 Adding a Policy 72 150 175 176 179 Adding an AD Module to CC SG 190 Adding Categories and Elements with CSV File Import 43 Adding Devices with CSV File Import 77 Adding Location and Contacts to a Device Profile 51 59 Adding Location and Contacts to a Node Profile e 104 111 Adding Nodes with CSV File Import 138 Adding Notes to a Device Profile 51 58 Adding Notes to a Node Profile e 104 111 Adding Users with CSV File Import 166 Adding Editing and Deleting Categories and Elements 42 Adding Editing and Deleting Interfaces 108 125 393 Index Adding Editing and Deleting Node Groups 150 Adding Editing and Deleting Nodes 109 Adding Editing and Deleting User Groups 108 159 Adding Editing and Deleting Users 163 Administration 391 Administrator Console 303 Administrator Console Screen 304
61. Administrator Console Screen Administrator Console screen consists of 4 main areas e Menu bar You can perform Administrator Console functions by activating the menu bar Press Ctrl X to activate the menu bar or click a menu item using the mouse if you access Administrator Console via the SSH client The File menu provides an alternative option to exit the Diagnostic Console The Operation menu provides four menu commands which may have one or more sub menus For information on each menu command and sub menu see the rest of sections for Administrator Console e Main display area Contents vary according to the operation selected a Raritan e Status bar Chapter 16 Diagnostic Console Status bar is just above the navigation keys bar It displays some important system information including CC SG s serial number firmware version and the time when the information shown in the main display area was loaded or updated Screenshots containing this information may be useful when reporting your problems to Raritan Technical Support e Navigation keys bar See Navigate Administrator Console on page 305 Navigate Administrator Console Use keyboard combinations to navigate Administrator Console For some sessions the mouse may also be used to navigate However the mouse may not work in all SSH clients or on the KVM console Press Ctrl X F1 Ctrl C or Ctrl Q Ctrl L Tab Space bar Enter Arrow key
62. CC SG Disk Monitoring on page 376 Z Raritan Chapter 16 Diagnostic Console Administrator Console Raritan About Administrator Console The Administrator Console allows you to set some initial parameters provide initial networking configuration debug log files and perform some limited diagnostics and restarting CC SG The default login for the Administrator Console is e Username admin e Password raritan Important The Diagnostic Console admin account is separate and distinct from the CC Super User admin account and password used in the Java based CC SG Admin Client and the html based Access Client Changing one of these passwords does not affect the other Access Administrator Console All information displayed in the Administrator Console is static If the configuration changes through the CC SG Admin Client or the Diagnostic Console you must re log into Administrator Console after the changes have taken effect to view them in Administrator Console gt To access Administrator Console 1 Atthe login prompt type admin 2 Type the CC SG password The default password is raritan On first login this password expires and you must choose a new one Type this password and when prompted type a new password See Diagnostic Console Password Settings on page 321 for details on setting password strength 303 Chapter 16 Diagnostic Console The main Administrator Console screen appears
63. CSV file that contains the values If you have multiple CC SG units in a neighborhood exporting users from one CC SG then importing the users into another CC SG is a quick way to ensure all locally authenticated users are present on both members You must have the User Management and CC Setup and Control privileges to import and export user information Raritan Raritan Chapter 9 Users and User Groups Users CSV File Requirements The import enables you to add user groups users and AD modules and assign policies and permissions and user groups gt Policies must already be created in CC SG The import assigns the policy to a user group You cannot create new policies via import User Group names are case sensitive User names are not case sensitive Each USERGROUP defined must have a USERGROUP PERMISSIONS and a USERGROUP POLICY tag defined in the CSV file to create the user group Export a file from CC SG to view the Comments which include all tags and parameters needed to create a valid CSV file See Export Users on page 171 Follow the additional requirements for all CSV files See Common CSV File Requirements on page 369 To add a user group to the CSV file Column Tag or value Details number 1 ADD The first column for all tags is the command ADD 2 USERGROUP Enter the tag as shown Tags are not case sensitive 3 User Group Name Required field User Group names are case sensitiv
64. Click Yes in the confirmation message that appears Deleting a Policy You can delete a policy that is no longer needed gt To delete a policy 1 Choose Associations gt Policies The Policy Manager window opens 2 Click the Policy Name drop down arrow and then select the policy you want to delete Click Delete Click Yes in the confirmation message that appears aa Raritan Chapter 10 Policies for Access Control Support for Virtual Media CC SG provides remote virtual media support for nodes connected to virtual media enabled KX2 KSX2 and KX2 101 devices For detailed instructions on accessing virtual media with your device see e Dominion KX II User Guide e Dominion KSX Il User Guide e Dominion KXII 101 User Guide See Adding a Policy on page 176 for details on creating policies to assign virtual media permission to user groups in CC SG Assigning Policies To User Groups Policies must be assigned to a User Group before they take effect Once a policy is assigned to a User Group the members of the group will have their access governed by that policy See Users and User Groups on page 156 for details on assigning policies to a user group If a user belongs to more than 1 group the more permissive policy out of the groups they are assigned to will apply to the user gt For example Policy 123 Allows access to servers 1 2 3 Policy 456 Allows access to servers 4 5 6 Group A Group is assigned P
65. Device Port and Node Management privilege you can clear all notes from the node profile Click the Clear button See Adding Notes to a Node Profile on page 111 gt Audit tab You can view the reasons that a node was accessed in the Audit tab Users must enter a reason for access before connecting to a node when node auditing has been enabled for the user group The Audit tab is hidden if the feature is disabled or if no reasons for access have been entered See Configuring Access Auditing for User Groups on page 162 gt Control System Data tab m 5E Raritan Chapter 8 Nodes Node Groups and Interfaces Control system server nodes such as VMware s Virtual Center include the Control System Data tab The Control System Data tab contains information from the control system server that is refreshed when the tab opens You can access a topology view of the virtual infrastructure link to associated node profiles or connect to the control system and open the Summary tab gt Virtual Host Data tab Virtual host nodes such as VMware s ESX servers include the Virtual Host Data tab The Virtual Host Data tab contains information from the virtual host server that is refreshed when the tab opens You can access a topology view of the virtual infrastructure link to associated node profiles or connect to the virtual host and open the Summary tab If you have Device Port and Node Management permission you can Reboot and Fo
66. E 391 Appendix L Diagnostic Console Bootup Messages 392 Index 393 xvi Z Raritan What s New in the CC SG Administrators Guide The following sections have changed or information has been added to the CommandCenter Secure Gateway Administrators Guide based on enhancements and changes to the equipment and or documentation e Add a License on page 30 e Pause and Resume Management of Devices Using a Scheduled Task on page 89 e IBM IMM Module Connection Details on page 131 e Assigning Policies To User Groups on page 179 e Upgrading a Cluster on page 232 e Primary Node Upgrade Failure on page 233 e Migrating a CC SG Database on page 233 e Requirements for Migration on page 233 e Migrate a CC SG Database on page 233 e Cluster Licenses on page 261 e Licensing FAQs on page 387 See the Release Notes for a more detailed explanation of the changes applied to this version of the CommandCenter Secure Gateway Raritan ii Chapter1 Introduction The CommandCenter Secure Gateway CC SG Administrators Guide offers instructions for administering and maintaining your CC SG This guide is intended for administrators who typically have all available privileges Users who are not administrators should see Raritan s CommandCenter Secure Gateway User Guide In This Chapter PIOTEQUISILES E E E E eeee eed 1 Terminology ACrONYM iaccieccteccenscectesnecesceetactelseacdiessantbiieeaedbiesnaghatinadeeneien 2 Cli
67. Encryption Mode If Require AES Encryption between Client and Server is selected in the Administration gt Security gt Encryption screen AES 128 is the default If AES is not required DES 3 is the default Private Key Length 1024 is the default Validity Period days Maximum 4 numeric characters Country Code CSR tag is Country Name oag State or Province Maximum 64 characters Type in the whole state or province name Do not abbreviate City Locality CSR tag is Locality Name Maximum 64 characters g Registered Company Name CSR tag is Organization Name Maximum 64 characters h Division Department Name CSR tag is Organization Unit Name Maximum 64 characters i Fully Qualified Domain Name CSR tag is Common Name j Administrator Email Address Type in the email address of the administrator who is responsible for the certificate request k Challenge Password Maximum 64 characters Click OK to generate the CSR The CSR and Private Key appear in the corresponding fields of the Certificate screen Select the text in the Certificate Request box and then press Ctrl C to copy it Using an ASCII editor such as Notepad paste the CSR into a file and save it with a cer extension Select the text in the Private Key box and then press Ctrl C to copy it Using an ASCII editor such as Notepad paste the Private Key into a file and save it with a txt extension Submit the cer file to the Certificate Ser
68. Field and Password Field You must view the HTML source of the login screen to find the field names not the field labels See Tips for Adding a Web Browser Interface on page 134 6 Type a description of this interface in the Description field Optional 7 Click OK to save your changes Tips for Adding a Web Browser Interface To configure the Web Browser Interface you must gather some information from the HTML source to help identify the actual field names of the Username and Password fields All vendors implement these authentication fields differently and the names of these fields vary from device to device as well as among firmware versions for a particular device For this reason there isn t a single method for finding the field names See the procedure below for one possible method You may want the help of a software engineer or system administrator to locate and identify the proper field names gt Tip for locating field names 1 Inthe HTML source code for the login page of the web application search for the field s label such as Username and Password 2 When you find the field label look in the adjacent code for a tag that looks like this name user The word in quotes is the field name Example Adding a Web Browser Interface to a PX Node A Dominion PX managed powersirip can be added to CC SG as a node Then you can add a Web Browser Interface that enables users to access the Dominion PX s Web based administrat
69. Heartbeat timeout sec field 7 Enter authentication information To use a service account for authentication select the Use Service Account Credentials checkbox Select the service account to use in the Service Account Name menu or Enter a Username and Password for authentication 8 Type a short description of this device in the Description field Optional 9 Click Test Connection See Troubleshoot Connections to Power IQ on page 339 for error message information If you ll be using synchronization see Configuring Synchronization of Power IQ and CC SG on page 340 as Raritan Chapter 17 Power IQ Integration Troubleshoot Connections to Power IQ Check these possible error messages and solutions to troubleshoot your connection to a Power IQ Determine the cause then edit the configuration to correct it See Configuring Power IQ Services on page 338 Message Resolution Unable to communicate with This error could indicate several managing device lt Name gt at conditions lt IP gt The connection was refused remotely No process is listening on the remote address or port a Check firewalls The remote host cannot be reached because of an intervening firewall or if an intermediate router is down Unknown host The IP address could not be resolved from the hostname entered Authentication failed Incorrect username and password Unable to communicate with Web API is not enabled i
70. In such an environment users logs into CC SG by first typing their usernames in the Username field then typing their fixed passwords and then the dynamic token value in the Password field Configuration of CC SG is identical to standard RADIUS remote authentication described above See Two Factor Authentication on page 379 Raritan re Chapter 13 Using Reports Z Raritan Reports In This Chapter USING REPOMS ii cccissetsconisccbeoidetievabelatceatbeancetaeds leonedsdecesbedsccoubbstebeessshees 208 Audit Trail ROPO scccs scccevicciets dadeeiaiselies di sen devicdinessesieeeistielees i eeeeevend 210 Error LOG Ropo s ccte tesbeciescessedstieemetiheecs EENAA EEANN EEEE 211 Access RE DOM sexiicccsstisectieniddecs dite AE EEA EEEE EEDA NEEESE 212 Availability RepOtheccicsicccccivccecsdieaciiiatintvinaiiiei EENAA NAESER 212 Active Users Repol issrcisirciiircirierrisinernansn ikra i EEEa AEEA 213 Locked Out Users Reports anaa aiia 213 All Users Data Report eocircriirernieiicarneeanan a 213 User Group Data Re pottsepa anaa a aaa 214 Device Asset Repolan a N E 214 Device Group Data Report sisariensa aaea 215 Query Port Repot siusis aei aandae 215 Node Assat REDOIL eoetaida AER 216 Active Nodos REDON auniscsti 217 Node Creation Repor esiseinast a 217 Node Group Data RepOft isunik neanad aaaa de ede 218 AD User Group REP Olt sectetescsatesatevets se ceeancva aed aN dete 218 SGheduled REPOS se sis eccteag cetaeelacenetsiacteand
71. In the Devices tab select the KX2 device whose blade servers you want to re configure as normal KVM ports Change the blade port group for these blade servers to a non blade port group a In CC SG choose Devices gt Device Manager gt Launch Admin The KX2 Admin Client opens b Click Port Group Management c Click the blade port group whose group property you want to change d Deselect the Blade Server Group checkbox e Click OK f Exit the KX2 Admin Client The virtual blade chassis disappears in the Devices tab Now you can re configure the blade server ports as normal KX2 ports in CC SG See Configure a KVM Port on page 60 Raritan Chapter 6 Devices Device Groups and Ports Bulk Copying for Device Associations Location and Contacts The Bulk Copy command allows you to copy categories elements location and contact information from one device to multiple other devices Note that the selected information is the only property copied in this process If you have the same type of information existing on any selected devices performing the Bulk Copy command will REPLACE the existing data with newly assigned information gt To bulk copy device associations location and contact information 1 Click the Devices tab and select a device from Devices tree Choose Devices gt Device Manager gt Bulk Copy In the Available Devices list select the devices to which you are copying the associations locatio
72. JONY oniinn seraa aie AUN aa aana TEN 180 Filter by Node Group asninn aa a a ainai 180 Filter Dy Device Group ancien Aenea i ein aimee anes 180 Using Custom Views in the Admin Client ceccccccceeeceeeeeseeeeeeeecaeeeeeaeseeeeeseaeeesaeeeeaeeeseeeess 181 Custom Views for Nodes irinte etd Sista nine ina AEE aE Eaa E 181 Custom Views for DeViC Sinissaar naana aaay 183 Chapter 12 Remote Authentication 187 Authentication and Authorization AA OVerVieW ccccceeeseceeeeeeeeeeeeaeeceeeeeceaeeesaeeeeaeeeeeeeeeaas 187 Fow TOF AULNONTCAUIO Mids nonce ccengeces Saedihecaaviewed ened ecetyde ee cenigae canes nia cetedes avon tanne 187 MSOF ACCOUINUS coana 188 Distinguished Names for LDAP and AD ecoa eiaeia EA 188 Specify a Distinguished Name for AD c ccs csii ieee iiaieced Aactedi cbeustdliacedeae vedi alee 188 Specify a Distinguished Name for LDAP pasiaina iiaia 189 Specify a Username for AD iiite neniigi tested aiaa iE 189 jg Raritan Contents Specify a Base DNeiiiciiics tied eeteiteiied eaa a Ali eed aang 189 Specifying Modules for Authentication and Authorization cccccceeeeeeeeeceeeeeeeteeeeeeeeeeeeeeaees 189 Establishing Order of External AA Serversi iccccieccctiectecteitddesaaceiedeatetactedic dadaccdaiesnbeiediaceee 190 AD and CG SG Oveiview ceritera piaraan aaa aa edd ade ad si eed aed eo 190 Adding am AD Module t0 C C SGi niai Ei E EEEE 190 AD General Setting Siorsenayaenui nnie anea ia EA E N Eaa 191
73. Leave blank if specifying service account Optional For NODE DRAC POWER INTERFACE only specify a TCP port Default is 22 gt To add an RSA KVM interface to the CSV file When importing DRAC ILO and RSA interfaces you must specify both the KVM interface and the Power interface or the import will fail ERFA Column Tag or value number 1 ADD 2 NODE RSA KVM INTI CE 3 Node Name 4 Interface Name 5 IP Address or Hostname 6 TCP Port 7 Service Account Name 8 Username 9 Password Details The first column for all tags is the command ADD Enter the tag as shown Tags are not case sensitive Required field Required field Required field Default is 2000 Leave blank if specifying username and password Leave blank if specifying service account Leave blank if specifying service account Z Raritan Raritan Column number 10 Tag or value Description Chapter 8 Nodes Node Groups and Interfaces Details Optional gt To add an IPMI power control interface to the CSV file Column number 1 N O oO fF WwW 10 11 12 Tag or value ADD NODE IPMI INTERFACE Node Name Interface Name IP Address or Hostname UDP Port Authentication Interval Service Account Name Username Password Description Details The first column for all tags is the command ADD Enter the tag as shown Tags a
74. Management Editing users User Management Via User Profile gt Delete User User Management gt Delete User User Management from Group gt Logout User s User Management gt Bulk Copy User Management gt Add User User Management Group Editing user User Management Via User Group Profile groups gt Delete User User Management Group gt Assign Users to User Management Group gt Logout Users User Management Raritan Appendix C User Group Privileges Menu gt Sub menu Devices gt Device Manager gt gt Configuration 358 Menu Item Node Auditing Required Privilege Description User Management This menu and the Devices tree is available only for users with any one of the following privileges Device Port and Node Management Device Configuration and Upgrade Management Discover Devices gt Add Device Editing devices gt Delete Device gt Bulk Copy gt Upgrade Device gt gt Backup gt gt Restore gt gt Copy Configuration gt Restart Device gt Ping Device gt Pause Management gt Device Power Manager Device Port and Node Management Device Port and Node Management Device Port and Node Via Device Profile Management Device Port and Node Management Device Port and Node Management Device Configuration and Upgrade Management Device Configuration and Upgrade Management Device Configuration and Upgrade Manage
75. Number of Nodes In Database 12 Licensing New Customers Physical Appliance cccccseceeeeeeeeeeeeeeeeeeeeeceneeeseaeeeeneeeeeeeeeaas 14 Licensing Clusters New CUStOMEIS c cceecceeeeeeeeeeeeeeeeeceaeeeeaaeeeeaeeseeeescaeeeeaaeeeeeeeseas 16 Licensing Virtual Appliance with License Servel cccccccesseceeceeeeeeeeeeeeeeeeeceneeeseaeeeeeeeeeeeesaas 17 Virtual Appliance Installation Requirements c ce ceeeeeeeeeeeeeeeeeeeeseenaeeeseeaeeeeeeaeeeeeeaas 17 Download Installation Files cecceeeeeeeeeeeeneeeeeeeaeeeeeeaeeeeeeaaeeeeeeaaeeeeeeaaeeeseeaaeeeseenaeeeeeeaas 18 Install License Server Software on a Linux or Windows Server 18 Get Your LiC NS ceccceceneceenceceeeeeeaeeeeeaeeeeeeceaeeeeaaeseaeeseaeeeseaeegeaaeseeeeseaeessaeeeeaeeseeneess 19 Copy the License File to the License Servel cccccccseeceeeeeceeeeeeeeeeeeeeeseeeeseaeeeeeeseeeeees 21 Start the License Servet arcon saeni aaa nant liad AE ea ORE aE NARE A ea ASERID EEA 21 Install CommandCenter Secure Gateway on VMware ESX Server 4 0 seses 22 Log in to Diagnostic Console to Set CC SG IP Address cccccccceeceeessneeeessteeeeesseeeeees 22 LOG into GG S Gases cade cade i ieee EE AEE cede cher ak N AEE ENARA eas ENCARRAR AEE 23 Install and Check Out Your Lice Sesiisisi iaieiiea asiaa aai 23 License Server ComMUNiCation so cicicteseccesacktageeecueczece ch ainako eana Dicer a aE aaka aR 24 Command Line Uti
76. Portal on page 271 2 Use trusted official certificate for every Neighborhood member if SSL is enabled Edit a Neighborhood After setting up a Neighborhood configuration on one CC SG unit all CC SG units in the same Neighborhood share the same Neighborhood information Therefore you can log into any CC SG unit in the Neighborhood to change the Neighborhood configuration Note All changes to the members of a Neighborhood are sent out when you click Send Update in the Neighborhood Configuration panel However users who are currently logged into the Neighborhood will not be aware of these changes until they log out and log back in again 263 264 Chapter 15 Advanced Administration Add a Neighborhood Member N o N To add a new CC SG unit into the Neighborhood Choose Administration gt Neighborhood Click Add Member The Add Member dialog appears Add CC SG units The number of CC SG units that can be added varies depending on the number of existing Neighborhood members A Neighborhood contains a maximum of 10 members a Click the next empty row or press Tab or up down arrow keys b Type the IP address or host name of the CC SG unit that you want to add See Terminology Acronyms on page 2 for hostname rules c Repeat previous steps until you add all CC SG units d Click OK If new CC SG units meet the Neighborhood criteria and are found they display in the Neighborhood Configuration table Other
77. Ra aaa Ea 46 Chapter 6 Devices Device Groups and Ports 47 Viewing DoviCOS sirna OR 48 Toe DeOViCeS TaDecrara a E O i Qaaietyltdeseon neu 48 Device and Fon ICONS rine OR 48 Port Sorting OPONSE ERS 49 Device Profile Scree M arnein ionn a e EE EEE NS 50 TOPOlOGY VON reia O ietylteceenddndee 51 Right Click Options inthe Devices Tabseisisimecgieniscano a G 52 Searching for DeViCES soiis ia e a E N KA EEA Ea 52 Wildcards for SeatC Nssincn iarna a aa E aE nth area hes 52 Wildcard Examples sesiis saae AEA S EEEE RE EEEE A EES 52 Raritan Contents DISCOVEFING DEVICES civicesocid ssc 2ovii icc devendec lei cine lendd sic deeb AE EAEE USEE AAEE EE EEE EAEE REEE 53 Adding a DEVIC Gis scceiersecetocevdecedeiteds guetsaceconrdice EEAS EANA EEE IEEE AAEE EEIE AREEN 54 Adda KVM or Seral DEVICE seniii miini ee nde Ad de 54 Adda Powerstrip DeViC irises pieni ed sted ad seed eae ded 56 Adda Dominion PX DEVICE ausstoen NAREN 56 CITING A DEVIC n E RN EE EAEE 57 Change the HTTP and HTTPS Ports for a KX2 DeviCe ssisoscsinenieiiioinsniionnistiniid aisinn 57 Editing a PowerStrip Device or a Dominion PX DeVICEC cc cceeeceeeeeeeeeeeeeeeeteaeeeeaaesteneeesaees 57 Adding Notes to a Device Profile secca R 58 Adding Location and Contacts to a Device Profile ssississisiissminsieisnoissnaniiiiaiiiadiiindiaia 59 Deleting A DEV wicecis ssezetyicecens segecdunsn cecieus Heevebisa cetiiy E EEEE E ESE NEE NS 59 COATING A ONA E A E ne cee E acaet ee ee
78. Raritan To Activate the menu bar Select menu commands from the menu to perform various Administrator Console operations Bring up the help screen which displays available options along with the Diagnostic Console version Exit Diagnostic Console Clear screen and redraw the information but the information itself is not updated nor refreshed Move to next available option Select current option Select current option Move to different fields within an option 305 Chapter 16 Diagnostic Console Edit Diagnostic Console Configuration The Diagnostic Console can be accessed via the serial port COM1 VGA Keyboard Mouse KVM port or from SSH clients If you want to access Status Console one more access mechanism Web access is also available For each port type you can configure whether or not status or admin logins are allowed and whether field support can access Diagnostic Console from the port For SSH clients you can configure which port number should be used as long as no other CC SG service is using the desired port For Web access to Status Console you may specify an account which is distinct from any other account in the system for restricting the access Otherwise any user who can access CC SG via the Web can access the Status Console web page Important Be careful not to lock out all Admin or Field Support access gt To edit Diagnostic Console configuration 1 Choose Operation gt Diag
79. Record Route Records route Turns on the IP record route option which will store the route of the packet inside the IP header Use Broadcast Address Allows pinging a broadcast message Adaptive Timing Adaptive ping Interpacket interval adapts to round trip time so that effectively not more than one unanswered probes present in the network Minimal interval is 200 msec Type values for how many seconds the ping command will execute how many ping requests are sent and the size for the ping packets Default is 56 which translates into 64 ICMP data bytes when combined with 8 bytes of ICMP header data If left blank defaults are used Optional Click Ping If the results show a series of replies the connection is working The time shows you how fast the connection is If you see a timed out error instead of a reply the connection between your computer and the domain is not working See Edit Static Routes on page 310 Press Ctrl C to terminate the session Note Press CTRL Q to display a statistics summary for the session so far and continue to ping the destination Use Traceroute Traceroute is often used for network troubleshooting By showing a list of routers traversed it allows you to identify the path taken from your computer to reach a particular destination on the network It will list all the routers it passes through until it reaches its destination or fails to and is discarded In addition to this it will tel
80. Remote Authentication Synchronize All User Groups with AD You should synchronize all user groups if you have made a change to a user group such as moving a user group from one AD module to another You can also change the AD association of a user group manually in the User Group Profile s Active Directory Associations tab If you have made changes to users or domain controllers you should synchronize all AD modules See Synchronize All AD Modules on page 199 When you synchronize AD user groups CC SG retrieves the groups for the selected AD module compares their names with the user groups in CC SG and identifies the matches CC SG will present the matches and allow you to select which groups in AD you want to associate with CC SG This does not update user access information in CC SG Synchronizing AD User Groups only maps the group names from AD to CC SG gt To synchronize all user groups with AD 1 Choose Administration gt Security 2 Click the Authentication tab All configured Authorization and Authentication Servers appear in a table 3 Select the AD server whose user groups you want to synchronize with the user groups in CC SG 4 Inthe On Demand Synchronization list select All User Groups then click Synchronize Now 5 A list of all user groups found in the AD module whose names match user groups in CC SG appears Select the user groups you want to synchronize then click OK A confirmation message appe
81. Report s Data From CC SG 210 211 212 249 Purge CC SG s Internal Log 249 Raritan Q Query Port Report 215 R RADIUS General Settings 206 RDP Access to Nodes 355 Reboot CC SG with Diagnostic Console 316 336 374 Reboot or Force Reboot a Virtual Host Node 123 Recommended DHCP Configurations for CC SG 242 244 247 248 Recover a Cluster 259 Refresh a Neighborhood 266 Remote Authentication e 156 187 266 Remote System Monitoring Port 356 Renaming and Moving AD Groups 201 Repair or Rebuild RAID Disks 328 329 330 331 Reports 208 281 Require AES Encryption between Client and CC SG 267 Require strong passwords for all users 269 Required Open Ports for CC SG Networks Executive Summary 349 Requirements for CC SG Clusters 257 Requirements for Migration xvii 233 Reschedule a Task 284 Reset CC Super User Password with Diagnostic Console 318 Reset CC SG Factory Configuration 232 234 319 Resetting CC SG 226 Resize Report Column Width 208 Restart CC SG with Diagnostic Console 232 233 235 315 Restart License Servers After an Outage 25 Restarting a Device 88 280 Restarting CC SG 229 245 316 Restarting CC SG after Shutdown 235 Restore a Device Configuration KX KSX KX101 SX IP Reach 84 Restore All Configuration Data Except Network Settings to a KX2 KSX2 or KX2 101 Device 85 Restore All Configu
82. SG Settings IP Address 192 168 0 192 Subnet Mask 255 255 255 0 Username Password admin raritan Log in to CC SG 1 Launch a supported browser and type the URL of the CC SG https lt IP address gt admin For example https 192 168 0 192 admin Note The default setting for browser connections is HTTPS SSL encrypted When the security alert window appears accept the connection You will be warned if you are using an unsupported Java Runtime Environment version Follow the prompts to either download the correct version or continue The Login window appears Type the default username admin and password raritan and click Login The CC SG Admin Client opens Install and Check Out Your License 1 2 3 Choose Administration gt License Management Click Add License Read the license agreement and scroll down the whole text area then select the Agree checkbox Click Browse then select the base virtual appliance license file Click Open CC SG connects with the license server and retrieves a list of licensed features The features display in a list 23 Chapter 3 Getting Started 6 Select the CCSG128 VA base license then click Check Out to activate it 7 To activate Add On licenses select each license then click Check Out See the CC SG Administrators Guide for more details about licenses See the Flexera FlexNet Publisher documentation for more details about managing yo
83. SG serial number 1 Log into the Admin Client 2 Choose Help gt About Raritan Secure Gateway 3 Anew window opens with your CC SG serial number You must accept the End User Agreement before adding a Web Services API client to CC SG You can add up to five WS API clients See the CC SG Web Services API Guide for details on using the API gt To add a Web Services API 1 Select Access gt Add Web Services API This option is available only for users with the CC Setup and Control Privilege 2 Read the End User Agreement You can copy and paste the text to save it or choose Secure Gateway gt Print After you complete configuration this agreement will also be available in the Access menu 3 Click Accept The New Web Services API Configuration window opens 4 Type in the data requested about your web services client Web Services Client Name Maximum 64 characters License Key Your license key from Raritan Each CC SG unit must have a unique license key P Address Hostname Maximum 64 characters HTTPS Web Services Port Read only field CC SG uses port 9443 when trust establishment is generated Licensed Vendor Name Maximum 64 characters 5 Generate a self signed certificate a Encryption Mode If Require AES Encryption between Client and Server is selected in the Administration gt Security gt Encryption screen AES 128 is the default If AES is not required DES 3 is the default
84. SSH PC Client to Diagnostic Console Communication Direction Client to CC SG via Proxy to Node Raritan Port Number 443 80 8080 22 23 Protocol TCP TCP TCP TCP TCP Configurable Appendix B CC SG and Network Configuration Details Client server communication SSL AES 128 AES 256 encrypted if configured Client server communication Not encrypted If SSL is enabled Port 80 is redirected to 443 Client server communication SSL AES 128 AES 256 encrypted if configured Port 8080 is open on CC SG not on the PC client Client server communication SSL AES 128 AES 256 encrypted if configured Client server communication SSL AES 128 AES 256 encrypted if configured PC Clients to Nodes Another significant role of CC SG is to connect PC clients to various nodes These nodes can be serial or KVM console connections to Raritan devices called Out of Band connections Another mode is to use In Band access methods such as VNC RDP or SSH Another facet of PC client to node communication is whether e The PC client connects directly to the node either via a Raritan device or In Band access This is called Direct Mode e The PC client connects to the node through CC SG which acts as an application firewall This is called Proxy Mode Port Number 2400 on CC SG Configurable Details Client server communication Not encrypted 353 App
85. Select a server from the list and then click the up and down arrows to prioritize the order of engagement 4 Click Update to save your changes AD and CC SG Overview CC SG supports authentication and authorization of users imported from an AD domain controller without requiring that users be defined locally in CC SG This allows users to be maintained exclusively on the AD server Once your AD server is configured as a module in CC SG CC SG can query all domain controllers for a given domain You can synchronize your AD modules in CC SG with your AD servers to ensure that CCSG has the most current authorization information on your AD user groups Do not add duplicate AD modules If your users see a message that says You are not a member of any group when attempting to login you may have configured duplicate AD modules Check the modules you have configured to see if they describe overlapping domain areas Adding an AD Module to CC SG 190 Important Create appropriate AD user groups and assign AD users to them before starting this process Also make sure that you have configured the CC SG DNS and Domain Suffix in Configuration Manager See Configuring the CC SG Network on page 242 gt To add an AD module to CC SG 1 Choose Administration gt Security Click the Authentication tab Click Add to open the Add Module window Click the Module Type drop down menu and select AD from the list gt o SE Raritan
86. Setup to create categories and elements for nodes some means to organize devices along common attributes have already been created CC SG automatically creates default access policies based on these elements See Associations Categories and Elements on page 41 for details on creating categories and elements gt To view device groups e Choose Associations gt Device Groups The Device Groups Manager window appears A list of existing device groups is displayed on the left while details about the selected device group appear in the main panel A list of existing device groups is displayed on the left Click a device group to view the details of the group in the device group manager f the group was formed arbitrarily the Select Devices tab will be displayed showing a list of devices in the group and a list of devices not in the group f the group was formed based on common attributes the Describe Devices tab will appear showing the rules that govern selection of the devices for the group To search for a device in the device group list type a string in the Search field at the bottom of the list and then click Search The method of searching is configured through the My Profile screen See Users and User Groups on page 156 f viewing a group based on attributes click View Devices to display a list of devices currently in the Device Group A Devices in Device Group window opens displaying the devices and all
87. Short test that is performed at 2 AM every day and a scheduled Long test that is performed at 3 AM every Sunday These scheduled tests apply to both disk drives gt To change the Scheduling of Disk Tests 1 Choose Operation gt Utilities gt Disk RAID Utilities gt Schedule Disk Tests Raritan Chapter 16 Diagnostic Console 2 Click with the mouse or use the arrow keys to navigate and press the Space bar to select a test type marking it with an X Different types of tests take a different period of time A Short test takes about 2 minutes to complete when the system is lightly loaded A Conveyance test takes about 5 minutes A Long test takes about 50 minutes An OffLine test takes up to 50 minutes 3 Specify the date and time for running this test Type a number in the Month Day of Month Day of the Week and Hour fields Day of the Week field uses 1 for Monday through 7 for Sunday Hour must be in 24 Hour format Note A blank field matches all values 4 Select Submit Repair or Rebuild RAID Disks This option displays some detailed status information for disk drives and RAID Arrays and indicates whether you should replace a disk drive or rebuild a RAID 1 mirror Array Before replacing or hot swapping a disk drive obtain a replacement unit from Raritan gt To repair or rebuild the RAID 1 Choose Operation gt Utilities gt Disk RAID Utilities gt Repair Rebuild RAID 331
88. Using a supported Internet browser type the URL of the CC SG and then type admin http s P address admin for example http 10 0 3 30 admin https 10 0 3 30 admin or https 10 0 3 30 admin If you see the JRE Incompatibility Warning window select the JRE version that is appropriate for your client computer and install it Once JRE is installed try this procedure again See JRE Incompatibility on page 6 Or you can continue without installing a new JRE version 2 If you see a Restricted Service Agreement read the agreement text and select the Understand and Accept the Restricted Service Agreement checkbox Type your Username and Password and click Log In Upon valid login the CC SG Admin Client opens Chapter 2 Accessing CC SG JRE Incompatibility If you do not have the minimum required version of JRE installed on your client computer you will see a warning message before you can access the CC SG Admin Client The JRE Incompatibility Warning window opens when CC SG cannot find the required JRE file on your client computer If you see the JRE Incompatibility Warning window select the JRE version that is appropriate for your client computer and install it or you can continue without installing a new JRE version You must launch CC SG again once JRE is installed Administrators can configure the JRE minimum version that is recommended and the message that appears in the JRE Incompatibility Warning windo
89. Virtual Infrastructure Web Access e Virtual machine nodes are configured with a VMW Viewer interface and a VMW Power interface The VMW Viewer interface provides access to the virtual machine s viewer application For VMware virtual machines the VMW Viewer interface provides access to the virtual machine remote console The VMW Power interface provides power control for the node through CC SG e Beginning in CC SG 5 0 the VMWare Remote Console s Devices menu is accessible for vSphere 4 0 nodes accessed from CC SG This allows connection of devices and images to the virtual node e CC SG cannot manage or access ESXi virtual nodes that use a license for a free trial version of the VMware product Add a Control System with Virtual Hosts and Virtual Machines When you add a control system a wizard guides you through adding the virtual hosts and virtual machines included in the control system gt To add a control system with virtual hosts and virtual machines 1 Choose Nodes gt Virtualization Click Add Control System Hostname IP Address Enter the IP Address or hostname of the control system Maximum 64 characters 4 Connection Protocol Specify HTTP or HTTPS communications between the control system and CC SG TCP Port Enter the TCP port The default port is 443 Check Interval seconds Enter the time in seconds that should elapse before timeout between the control system and CC SG 7 Enter authentication informati
90. a Power IQ IT device which is also a CC SG node you can use a Power IQ Proxy interface to give power control commands in CC SG 2 Use CSV file imports and exports to share data between these two systems For example if you have a CC SG with a large number of Dominion PX devices deployed on the IP network you can export a CSV file from CC SG that contains all the node names edit the file to specifications then import it into Power IQ See Export Dominion PX Data to Use in Power IQ on page 344 Or if you have Power IQ with a large number of Dominion PX devices deployed and you want to get the current IT Device Names into CC SG as nodes you can export a file from Power IQ edit the file to specifications then import it into CC SG See Import Power Strips from Power IQ on page 343 3 Synchronize Power IQ with CC SG to automatically import IT Devices configured in Power IQ into CC SG See Configuring Synchronization of Power IQ and CC SG on page 340 In This Chapter Power Control of Power IQ IT Devices cccceseceeeeseeseeeeeeeeeeeneeeeneees 337 Configuring Synchronization of Power IQ and CC SG cceeeee 340 Importing and Exporting Dominion PX Data from Power IQ 342 Power Control of Power IQ IT Devices You can use CC SG to control power to a Power IQ IT device that you ve added to CC SG as a node This enables you to control power to nodes connected to PDUs not managed by CC SG Ra
91. and Check Number of Nodes In Database see Find Your Physical Appliance Host ID and Check Number of Nodes In Database on page 12 7 Click Create License The details you entered display in a pop up Verify that your Host ID is correct Warning Make sure the Host ID is correct A license created with an incorrect Host ID is not valid and requires Raritan Technical Support s help to fix 8 Click OK The license file is created 9 Click Download Now and save the license file gt Step 2 Install your license 1 Choose Administration gt License Management 2 Click Add License 3 Read the license agreement and scroll down the whole text area then select the Agree checkbox 15 16 Chapter 3 Getting Started gt Step 3 Check out the licenses you want to activate You must check out licenses to activate the features e Select a license from the list then click Check Out Check out all the licenses you want to activate Licensing Clusters New Customers A Cluster Kit license enables 2 CC SG physical units operating as a cluster to share licenses The system will allow limited operations until the cluster is created and actively operating and the license is installed and checked out on the primary cluster node The CC SG units in the cluster can temporarily operate as standalone units to allow for independent maintenance of each unit The 2 CC SG units must be re joined for continuous full functionality Clust
92. and Interfaces 101 Nodes and Interfaces OVErvieW ccccccecccsseceeessneeeeecneeececsaeeececsaeeeeeeeaeeeseseaeeeessaeeseseaeeeeseaas 101 About INO OSS iiien ora arain tewed 2s ania n E A aa N aN Aenda EN 101 Node N m Siriei eE Eaa aa aE n ANA E AEA 102 About lnterfacES kinna akiran aanak E A a A Aaaa AEA EN 102 VIGWING NGOGS eccrine Enaren ea EEA APEE EEEE EEE EEEE REEE INEAN E EEA EN 102 Nodes TaD iia neninanoaan in ea E ea a E A aAa aa SA aAa 102 Node Profileren EE a AE En E A EAEN 103 Node and Interfac ICONS wsiccieidsciesheseatorsidsicaedesaarestsdsiaiadesaavedsdaaqcauddsaacuavidancasdasnageatddabeaes 105 Serice ACCOU MIS orreri Ere eera EEE EEEE N EEEE E E EEE EEEE 106 Service Accounts OVEIVIOW s cccs sssnicts savectivinsetiavandstearonsattad sateinidvasehavsanineressnbindennniaeanend 106 Add Edit and Delete Service ACCOUNTS c csesesssesesesseesssessesseseesesesesesseeereneeseerereees 107 Change the Password for a Service ACCOUM c ccsesceceeeeeeeeeeeeaeeeeeeeeseaeeesaaeeseneetsaees 107 Assign Service Accounts to Interfaces wiciviscccesssseccstesascceness cedeatanscethvsacevetianacteseaacevevereecete 108 Adding Editing and Deleting NOOO sisisi cecusyeucewetven cenmauesceweten deck 109 PAG A NOC Ga fia es sacsettvasacens bsuadue rea E A E A 109 Nodes Created by Configuring POTS as ccccvss cccss ang cctesa eevee naceierancenesinecesetvanecaes cre ceeeiaieceee 110 Eda INO OG Jenisna aagsuaunea ccnnus at
93. are needed by CC SG and its associated components In This Chapter Required Open Ports for CC SG Networks Executive Summary 349 CC SG Communication Channels cccccccccsseeeeessneeeceesueeeeeeseeeeseaaes 350 Required Open Ports for CC SG Networks Executive Summary The following ports should be opened Port Number Protocol Purpose Details 80 TCP HTTP Access to CC SG Not encrypted 443 TCP HTTPS SSL Access to CC SG SSL AES 128 AES 256 and encrypted Node Access to Dominion KXII connected nodes in Direct Mode 8080 TCP CC SG to PC Client SSL AES 128 AES 256 encrypted if configured 2400 TCP Node Access Proxy Mode This port must be opened per Raritan device that will be externally accessed The other ports in the table must be opened only for accessing CC SG Encrypted only for Dominion KX II devices release 2 1 10 or higher if encryption is set in the device 5000 TGP Node Access Direct Mode This port must be opened per Raritan ia 350 Appendix B CC SG and Network Configuration Port Number Protocol Purpose Details Raritan device that will be externally accessed The other ports in the table must be opened only for accessing CC SG AES 128 AES 256 encrypted if configured 80 and 443 for Control TCP Virtual Node Access N A System nodes 80 443 902 and 903 for Virtual Host and Virtual Machine Nodes 51000 TCP SX Target Access Direct AES 128 AES 256 encrypted if Mode config
94. change for this account Read only This is the day that this account must change its password A configurable option if the account is disabled no login allowed or enabled authentication token required or access is allowed and no password is required Do not lock out both the Admin and FS1 accounts at the same time or you cannot use Diagnostic Console The minimum number of days after a password has been changed before it can be changed again Default is 0 The maximum number of days the password will stay in affect Default is 99999 The number of days that warning messages are issued before the password expires The maximum number of concurrent logins the account will allow Negative numbers indicate no restrictions 1 is the default for status login 0 means no one can log in A positive number defines the number of concurrent users who can be logged in 2 is the default for admin login Saves any changes that have been made for this ID Enter a new password for the account Raritan Chapter 16 Diagnostic Console Configure Remote System Monitoring You can enable the remote system monitoring feature to use the GKrellM tool The GKrellM tool provides a graphical view of resource utilization on the CC SG unit This tool is similar to the Windows Task Manager s Performance tab gt 1 Enable remote system monitoring for the CC SG unit 1 Choose Operation gt Utilities gt Remote System Monitori
95. change is reflected in every interface that uses the service account Service accounts cannot be used for Out of Band interfaces or Managed Powerstrip interfaces For DRAC iLO and RSA interfaces the login credentials apply to the embedded processor card not the underlying OS For RDP SSH and Telnet interfaces the login credentials apply to the OS For VNC interfaces the login credentials apply to the VNC server For Web Browser interfaces the login credentials apply to the form available at the URL specified in the interface To view service accounts Choose Nodes gt Service Accounts The Service Accounts page opens Click the column header to sort the table by that attribute in ascending order Click the header again to sort the table in descending order Optional Description This name is used to identify the service account in the interface dialogs and in the Assign Service Account page This username is used as part of the login credentials when the service account is assigned to an interface This password is used as part of the login credentials when the service account is assigned to an interface This field is used to ensure the password is typed correctly This description can contain any extra information you want to add about the service account Raritan Raritan Chapter 8 Nodes Node Groups and Interfaces Add Edit and Delete Service Accounts w y O N O oS To
96. chassis device Click the Devices tab and select a KX2 device whose blade chassis device you want to delete Choose Devices gt Port Manager gt Delete Ports Select the checkbox of the blade chassis port you want to delete Click OK to delete the selected blade chassis port A message appears asking you to confirm the deletion of the blade chassis device along with all of its blade servers 67 68 Chapter 6 Devices Device Groups and Ports Move a Blade Chassis Device to a Different Port When physically moving a blade chassis device from one KX2 device or port to another KX2 device or port CC SG cannot detect and automatically update the configuration data of the blade chassis device to the new port You must configure the blade chassis device on CC SG once again gt To move a blade chassis device to a different KX2 device or port Delete the blade chassis device from CC SG See Delete a Blade Chassis Device on page 67 Disconnect and reconnect the blade chassis to another KX2 device or port Add the blade chassis device in CC SG See Add a Blade Chassis Device on page 64 Restore Blade Servers Ports to Normal KX2 Ports This section applies only to the blade chassis without an integrated KVM switch such as HP BladeSystem series You may re configure blade servers beneath the virtual blade chassis as normal KX2 ports in the Devices tab gt 1 To restore blade servers to normal KX2 ports
97. connected IP Reach units to CC SG it appears in the Devices tree gt To access Paragon II System Controller from CC SG 1 Click the Device tab and then select the Paragon II System Controller 2 Choose Devices gt Device Manager gt Launch Admin to launch the Paragon II System Controller application in a new browser window You can configure the PII UMT units 91 92 Chapter 6 Devices Device Groups and Ports IP Reach and UST IP Administration You can perform administrative diagnostics on IP Reach and UST IP devices connected to your Paragon System setup directly from the CC SG interface After adding the Paragon System device to CC SG it appears in the Devices tree gt To access Remote User Station Administration 1 Click the Devices tab and then select the Paragon II System Controller 2 Choose Devices gt Device Manager gt Launch User Station Admin Raritan Chapter 7 Z Raritan Managed Powerstrips There are three ways to configure power control using powerstrips in CC SG 1 All supported Raritan brand powerstrips can be connected to another Raritan device and added to CC SG as a Powerstrip device Raritan brand powerstrips include Dominion PX and RPC powerstrips Check the Compatibility Matrix for supported versions To configure this type of managed powerstrip in CC SG you must know to which Raritan device the powerstrip is physically connected See Configuring Powerstrips T
98. csc ccens coeveey es cesuaaveceeteangcdeasenaeeeayes EANAN aN a EN EEVA Ea Eaa 385 Interoperability FA QSis isasama A EE E EEE AEAEE 386 Authorization FAQS ceccccccceeeececeeeeeceeeeceaeeeeaeeceeeeseaeeesaaeeeeaeeseeeeesaaesssaaeseeeeeseeeescaeeeeeeseeeeeeaas 386 User Experience FAQS cccceccccceseceeneeeeeeeecaeeeeeaeesneeceaeeeeaaeseeaeeseeeecaaeseeaaesgeeeeseeeeeaeseeaeeeeeeeess 386 Licensing FAQS eiciia iienaa cabs oti tt daca tarini Aeaaeai A Aari ania Aaaa a tend tka Ae 387 Appendix J Keyboard Shortcuts 388 Appendix K Naming Conventions 389 XV Raritan Contents Wserinormatio Men teaccinacecctda tants saccusuasg4sictcdneassievaaniage fencuraaiagcnancisesacidtagerseeiancareaieaenteaiaacncaasneenee 389 INOCGPOMMANIOMN az caatcsactcdercaitiunesacGasasiglsinnednesetaedaaeiateamacediasagciaaeseecata T 389 LOCATON MIOFMANOM enr r E aadesuatiadgadea langiugesaasebavaagenst 390 Contact NORMA A PARA EEEE R EEEE EAEE ERE EAEE EAEE EAE EA EEN EE A EENE 390 Service ACCOUNTS his dies sacvevsPenavcaanantecennsadu a a a aada aada 390 Device MTONM ANON ssnin aa a Aa E Adai ENa 390 POM Informati vsevezsnssssecruraasussyssineretunsaudessannedieeaedvaeesaanesttietaduaaanannedeaesadeseeeadneneeyabiadeanacereenanandts 391 ASSOCIATIONS sizcccssscusiesvasnrceuninseses vaanrceeesd sagas vontersenir duasdeaaiesstnatedualdes saveduneoeansesunameteisaaadeamaacnitenan ducts 391 ACGIMINMISTFATION ccisaadsseavaaseceussncesasvaanexeha r A AE AE EAE
99. delete any interface from a node except for these A VMW Viewer interface or a VMW Power interface on a virtual machine node A Web Browser interface on a blade chassis which has an integrated KVM switch and has a URL or IP address assigned to it on the KX2 device gt To delete an interface from a node 1 Click the Nodes tab Click the node with the interface you want to delete In the Interfaces table click the row of interface you want to delete Click Delete A confirmation message appears af DN Click Yes to delete the interface 135 Chapter 8 Nodes Node Groups and Interfaces Bookmarking an Interface 136 If you frequently access a node via a particular interface you can bookmark it so that it is readily available from your browser gt 1 oP ON To bookmark an interface in any browser In the Nodes tab select the interface you want to bookmark You must expand the node to view the interfaces Choose Nodes gt Bookmark Node Interface Select Copy URL to Clipboard Click OK The URL is copied to your clipboard Open a new browser window and paste the URL into the address field Press the Enter key to connect to the URL Add the URL as a bookmark also known as a Favorite to your browser To bookmark an interface in Internet Explorer add an interface to your Favorites In the Nodes tab select the interface you want to bookmark You must expand the node to view the interfa
100. device A message appears when all user and system configuration data has been restored Restore Only Device Settings or User and User Group Data to a KX2 KSX2 or KX2 101 Device The Custom restore option allows you restore Device Settings User and User Group Data or both gt To restore only device settings or user and user group data to a KX2 KSX2 or KX2 101 device 1 Click the Devices tab and select the device you want to restore to a backup configuration Choose Devices gt Device Manager gt Configuration gt Restore In the Available Backups table select the backup configuration you want to restore to the device Restore Type select Custom Restore Options select the components you want to restore to the device Device Settings User and User Group Data Click OK Click Yes to restart the device A message appears when data has been restored 85 86 Chapter 6 Devices Device Groups and Ports Restore All Configuration Data to a KX2 KSX2 or KX2 101 Device The Full restore option allows you to restore all configuration data in a backup file to a KX2 KSX2 or KX2 101 device gt To restore all configuration data to a KX2 KSX2 or KX2 101 device Click the Devices tab and select the device you want to restore to a backup configuration Choose Devices gt Device Manager gt Configuration gt Restore In the Available Backups table select the backup configuration you want to r
101. device including voltage current and temperature and to manage all power outlets on the PowerStrip device Device Power Manager provides a PowerStrip centric view of its outlets Before using the Device Power Manager a physical connection must be made between a PowerSirip and a Dominion SX or Dominion KSX unit When you add the PowerStrip device you must define which Raritan device is providing the connection This will associate it with the SX serial port or the KSX dedicated power port that is providing management of the PowerStrip gt 1 To view the device power manager In the Devices tab select a PowerStrip device Choose Devices gt Device Power Manager The outlets are listed in the Outlets Status panel You may have to scroll to view all outlets Select On or Off from the drop down list for each outlet to power ON or power OFF the outlet Select Recycle from the drop down list to restart the device connected to the outlet Launching a Device s Administrative Page If available for the device selected the Launch Admin command provides access to the device s administrator interface gt ls To launch a device s administrative page Click the Devices tab and select the device whose administrator interface you want to launch Choose Devices gt Device Manager gt Launch Admin The administrator interface for the selected device appears Raritan Chapter 6 Devices Device Groups and Por
102. egies eb esha Dd eee ed cde te EE tat gaee eck deee 138 Adding Nodes with CSV File IMport scccscccccsceseccencededescceseeseeasiceietcteeeteaes iaaa Raia 138 Nodes CSV File Requirements 22 isicicasgcevccededhe Seed cceeesh inatl avec cass iaataienlaceeedladbsiavgaecesieie 139 Sample Nodes CSV File sicccciccs cast zent cptges vast fads iealetaxedl jaaayl Gdciadan aN i an a i aR aTa aat 148 IM PONE Node orerar E E E N 148 EXPOMl NOUS riana RE EEN 149 Editing P Addresses with CSV File IMport sisccc ccccteces tet ccecnch ieaentaae cescnea faintest caexetdcsaitneregeee apie 149 Adding Editing and Deleting Node Group ccccceeeeeeeenceceeeeeeaeeeeaaeseeneeceaeeesaaeeeenaeeeeneeeaas 150 Node Groups Overview sariari aas arinaa dha avececads faataiendenexe Maas avenecseiaee 150 Adda Node GroUp seisan gae AER ae ANEA a ERA AR 151 Edita Node Grouper siiani sdeis nadaesuica anaana a a a ta aN aaa aaae EN aTa EAR 154 Delete d Node GrouPerisiisiucsgist srini unaia sane a ae aN aana Keia ERANA 154 Chapter 9 Users and User Groups 156 The Users TAO erika AEn AES EAE ESE cu ease AES Eer AEEA ESEON AEDE AAS ENE AEE ENARE SEENEN 157 Default User Grops sissie iiriraniisnraninuiaae aaae aeae Taaa eaaa aTa Eaa eaae ATIAN aA Ean 158 CC Super User Group cccccceccececceceeeeeseeeeeeeeceaeeeeaaeseaeeceaeeesaaeseeaaeseeeeseaeeeesaesseneeesaees 158 System Administrators GrOup cccccceceeeseeceeceeceeeeeeaeeeeeeeceeeeesaeeeeaeeseeeeeseeesseaeeseneee
103. file imports In This Chapter Common CSV File Requirement cccccceceeseeeeeeeeeeeeeeseaeeseneeteeeees 369 Audit Trail Entries for Mponing sisieun 370 Troubleshoot CSV File Problems cccccesceeeceeeeeceeeeeeeeseeeeeeeeneeeees 371 368 Common CSV File Raritan Appendix E CSV File Imports Requirements The best way to create the CSV file is to export a file from CC SG and then use the exported CSV file as an example for creating your own The export file contains comments at the top that describe each item in the file The comments can be used as instructions for creating a file for importing It is recommended to create the import file in a spreadsheet program like Microsoft Excel Enter each item in its own cell When you save the file choose CSV as the file type This adds comma separators automatically at the end of each cell organizing the data into columns separated by commas You can create the CSV file in a text editor but then you have to add commas manually after each item The first time you save the file in Excel you must choose Save As and MAKE SURE to select CSV as the file type After that Excel will continue to save the file as CSV If you don t set the file type correctly the file will corrupt and cannot be used to import e All import files must be in ASCII text only e The first column of each row must include the command ADD The basic structure is Command Tag Attrib
104. for the slot in the Port Name field and type a node name in the Node Name field The default Access Application is set according to the default application selected for Blade Chassis KVM in the Application Manager To change it click the Access Application drop down menu to select the one you prefer from the list Click OK to configure the slot gt To configure slots using the Configure Blades command 1 Inthe Devices tab click the next to the KX2 device that is connected to the blade chassis device Select the blade chassis device whose slots you want to configure Choose Nodes gt Configure Blades To configure multiple slots with the default names shown in the screen select the checkbox for each slot you want to configure and then click OK to configure each slot with the default name Raritan 66 Chapter 6 Devices Device Groups and Ports To configure each slot individually click the Configure button next to the slot Then type a name for the slot in the Port Name field and type a node name in the Node Name field The default Access Application is set according to the default application selected for Blade Chassis KVM in the Application Manager To change it click the Access Application drop down menu to select the one you prefer from the list Click OK to configure the slot Changing the Blade Server Status This section applies only to the blade chassis with an integrated KVM switch such as De
105. groups for the designated times and days Read Write allows both read and write permission to virtual media Read only allows only read permission to virtual media Deny denies all access to virtual media Click Update to add the new policy to CC SG and then click Yes in the confirmation message that appears When you edit a policy the changes do not affect users who are currently logged into CC SG The changes will go into effect at the next login To ensure that your changes go into effect sooner first enter Maintenance Mode and then edit policies When you enter Maintenance Mode all current users are logged out of CC SG until you exit Maintenance Mode when users can log in again See Maintenance Mode on page 221 gt 1 To edit a policy On the Associations menu click Policies The Policy Manager window opens Click the Policy Name drop down arrow and then select the policy you want to edit from the list To edit the name of the policy click Edit An Edit Policy window opens Type a new name for the policy in the field and then click OK to change the name of the policy Optional Click the Device Group drop down arrow and select the Device Group to which this policy governs access Click the Node Group drop down arrow and select the Node Group to which this policy governs access If the policy will cover only one type of group select a value only for that type Click the Days drop down arro
106. gt Device Manager gt Delete Device Click OK to delete the PowerStrip A message appears when the PowerStrip has been deleted The PowerStrip icon is removed from the Devices tab Change a PowerSirip s Device or Port Association SX 3 0 KSX If a PowerStrip is physically moved from one SX 3 0 or KSX device or port to another SX 3 0 or KSX device or port you must change the association in the PowerStrip Profile in CC SG 1 Inthe Devices tab select the PowerStrip that has been moved 2 Click the Managing Device drop down menu and then select the SX 3 0 or KSX device that is connected to this powerstrip 3 Click the Managing Port drop down menu and then select the port on the SX 3 0 or KSX device to which this powerstrip is connected 4 Click OK 97 Chapter 7 Managed Powerstrips Configuring Powerstrips Connected to SX 3 1 You can perform the following tasks in CC SG to configure and manage Powerstrips connected to SX 3 1 devices e Add a Powerstrip Connected to an SX 3 1 Device on page 98 e Move an SX 3 1 s Powerstrip to a Different Port on page 99 e Delete a Powerstrip Connected to an SX 3 1 Device on page 99 Add a Powersirip Connected to an SX 3 1 Device The procedure for adding a powerstrip connected to an SX 3 1 device varies based on whether the SX 3 1 device has been added to CC SG If the PowerStrip is connected to the SX 3 1 device and the device has not yet been added to CC SG 1 Add the
107. id gt gt backup id gt To shutdown CC SG shutdownce minutes message gt To open an SSH connection to an SX device ssh e lt escape char gt lt id lt device id gt host gt gt To change a user su u lt user_ name gt gt To upgrade a device s firmware upgradedevice lt id lt device id gt host gt gt To list all current users userlist gt To exit the SSH session exit Command Tips e For commands that pass an IP address such as upgradedevice you can substitute the hostname for an IP address See Terminology Acronyms on page 2 for hostname rules e The copydevice andrestartdevice commands apply only to some Raritan devices Dominion SX and IPMI servers are not supported by these commands e Parts of a command in square brackets are optional You do not have to use that part of the command e Some commands contains two segments separated by the Or sign You must enter one of the listed parts of the command but not both e Parts of a command in angle brackets show the text that you must type Do not type the angle brackets For example 289 Chapter 15 Advanced Administration 290 Command syntax Device ID value You should type ssh id lt device_id gt 100 ssh id 100 e The default escape character is a tilde followed by a period For example See End SSH Connections on page 292 for details on using the escape character and the exit command
108. into CC SG with the appropriate username and password 187 Chapter 12 Remote Authentication 2 CC SG connects to the external server and sends the username and password 3 Username and password are either accepted or rejected and sent back If authentication is rejected this results in a failed login attempt 4 If authentication is successful authorization is performed CC SG checks if the username entered matches a group that has been created in CC SG or imported from AD and grants privileges according to the assigned policy When remote authentication is disabled both authentication and authorization are performed locally on CC SG User Accounts User Accounts must be added to the authentication server for remote authentication Except when using AD for both authentication and authorization all remote authentication servers require that users be created on CC SG The user s username on both the authentication server and on CC SG must be the same although the passwords may be different The local CC SG password is used only when remote authentication is disabled See Users and User Groups on page 156 for details on adding users who will be remotely authenticated Note If remote authentication is used users must contact their Administrators to change their passwords on the remote server Passwords cannot be changed on CC SG for remotely authenticated users Distinguished Names for LDAP and AD Configuration of
109. it Duplicate records are skipped and are not added 1 Choose Administration gt Import gt Import Nodes 2 Click Browse and select the CSV file to import Click Open 3 Click Validate The Analysis Report area shows the file contents Raritan Chapter 8 Nodes Node Groups and Interfaces If the file is not valid an error message appears Click OK and look at the Problems area of the page for a description of the problems with the file Click Save to File to save the problems list Correct your CSV file and then try to validate it again See Troubleshoot CSV File Problems on page 371 4 Click Import 5 Check the Actions area to see the import results Items that imported successfully show in green text Items that failed import show in red text Items that failed import because a duplicate item already exists or was already imported also show in red text 6 To view more import results details check the Audit Trail report See Audit Trail Entries for Importing on page 370 Export Nodes The export file contains comments at the top that describe each item in the file The comments can be used as instructions for creating a file for importing gt To export nodes 1 Choose Administration gt Export gt Export Nodes Click Export to File Type a name for the file and choose the location where you want to save it 4 Click Save Editing IP Addresses with CSV File Import Raritan Edit IP a
110. located in Philadelphia and specify that all of the machines must have 1 GB of memory you must create three rules Department Engineering Rule0 Location Philadelphia Rule1 Memory 1GB Rule2 These rules must be arranged in relation to each other Since the device can either belong to the engineering department or be located in Philadelphia use the OR operator to join the two Ruleo Rule1 Make this comparison first by enclosing it parentheses RuleO Rule1 Since the devices must both satisfy this comparison AND contain 1GB of memory use the AND connector amp to join this section with Rule2 RuleO Rule1 amp Rule2 Type this final expression in the Short Expression field 153 Chapter 8 Nodes Node Groups and Interfaces 154 Note You should have a space before and after operators amp and Otherwise the Short Expression field may return to the default expression that is RuleO amp Rule amp Rule2 and so on when you delete any rule from the table Click Validate when a description has been written in the Short Expression field If the description is formed incorrectly a warning appears If the description is formed correctly a normalized form of the expression appears in the Normalized Expression field Click View Nodes to see what nodes satisfy this expression A Nodes in Node Group window opens displaying the nodes that will be grouped by the current expression This can be used to check if
111. machine then click the Console tab The Diagnostic Console displays 3 Right click the virtual machine then choose Guest gt Install Upgrade VMware Tools This mounts the files onto the virtual machine so that CC SG can do the installation 4 Open a browser and login to the Admin Client Choose System Maintenance gt Install Upgrade VMware Tools When the installation is complete a success message displays Configure Backups and Snapshots of Virtual Appliance and Storage Servers Once the CC SG virtual appliance is deployed make sure to configure backups of the virtual appliance through VMware and of the storage servers used by the virtual appliance You should also enable snapshots through VMware See the VMware documentation at http www vmware com support pubs vs_pubs html for details on configuring these features Virtual Appliances with Remote Storage Servers If your CC SG virtual appliance uses a remote server for file storage and access to that storage is lost you may experience an interruption in accessing CC SG until the storage server has completely booted up You may see a Problems Retrieving Configuration Data message 27 Chapter 3 Getting Started Licensing Limited Operation Before License Install Until you have installed and checked out the proper licenses CC SG operations are limited Only the following menu choices are enabled 28 Diagnostic Console To retrieve necessary inform
112. manually in Guided Setup or by CSV import See Add a User Group on page 159 Dominion KXII devices ONLY also give a warning when the maximum number of connections for the device has been reached The event is logged in the Access Report with the message Connection Denied The full message text is Connection Denied Exceeds the number of available video channels on the KVM switch this node is attached to Configuring Access Auditing for User Groups 162 You can require members of a user group to enter the reason why they are accessing the node before access is permitted A dialog will appear to all users in the user groups you select Users must enter the reason for access before the node connection is made This feature applies to all types of access with all interface types including power control The reasons for access are logged in the Audit Trail and in the Node Profile s Auditing tab gt To configure access auditing for user groups 1 Choose Users gt Node Auditing Raritan Chapter 9 Users and User Groups 2 Select the Require Users to Enter Access Information When Connecting to a Node checkbox 3 Inthe Message to Users field enter a message that users will see when attempting to access a node A default message is provided 256 character maximum 4 Move the user groups to enable access auditing for the group into the Selected list by clicking the arrow buttons Use Ctrl click to select multiple it
113. name includes backup with a date and time h Click Save As Default if you want to save current remote server settings as default values A confirmation message appears Click OK Optional 6 Click OK A message appears when the backup completes The backup file is saved in the CC SG file system and if specified in the Backup to Remote Location field to a remote server as well This backup can be restored at a later time See Restoring CC SG on page 225 Important The Neighborhood configuration is included in the CC SG backup file so make sure you remember or note down its setting at the backup time This is helpful for determining whether the backup file is appropriate for the CC SG unit you restore 223 Raritan 224 Chapter 14 System Maintenance What is the difference between Full backup and Standard backup gt Standard backup A standard backup includes all data in all fields of all CCSG pages except for data in the following pages e Administration gt Configuration Manager gt Network tab e Administration gt Cluster Configuration CCSG backup files stored on CCSG are also not backed up You can view the list of backup files stored on CCSG in the System Maintenance gt Restore page Standard backup also excludes other temporary data in fields such as date ranges in Report pages gt Full backup A Full backup includes everything in the Standard backup and also backs up the CC SG firmwa
114. number You can limit the data that the report will contain by entering additional parameters in the Message Username and User IP address fields Wildcards are accepted in these fields To limit the report by the message text associated with an activity type the text in the Message field To limit the report to a particular user s activities type the user s username in the Username field To limit the report to a particular IP address s activities type the user s IP address in the User IP address field In the Entries to Display field select the number of entries to display in the report screen Click Apply to generate the report 211 212 Chapter 13 Reports Access Report Availability Report Click Purge to delete the Error Log See Purge a Report s Data from CC SG on page 210 Generate the Access report to view information about accessed devices and nodes when they were accessed and the user who accessed them gt A 2 3 To generate the Access Report Choose Reports gt Access Report Select Devices or Nodes Set the date and time range for the report in the Start Date and Time and End Date and Time fields Click each component of the default date month day year hour minute to select it then click the up and down arrows to reach the desired number You can limit the data that the report will contain by entering additional parameters in the Device name Node name Username and
115. number of passwords that will be remembered The default setting is five 3 Select either Regular Random or Strong for the admin and status if enabled passwords Description These are standard Passwords must be longer than four characters with few restrictions This is the system default password configuration Provides randomly generated passwords Configure the maximum password size in bits minimum is 14 maximum is 70 default is 20 and number of retries default is 10 which is the number of times you will be asked if you want to accept the new password You can either accept by typing in the new password twice or reject the random password You cannot select your own password Enforce strong passwords Retries is the number of times you are prompted before an error message is issued DiffOK is how many characters can be the same in the new password relative to the old MinLEN is the minimum length of characters required in the password Specify how many Digits Upper case letters Lower case letters and Other special characters are required in the password Positive numbers indicate the maximum amount of credit of this character class can be accrued towards the simplicity count Negative numbers implies that the password MUST have at least that many characters from this given class Thus numbers of 1 means that Raritan Password setting ti hay Raritan Chapter 16 Diagnostic Cons
116. of band Access or Node Power Control This menu is available only for users with the User Security Management User Security Management Includes ability to add modify and delete User Security Management Includes ability to add modify and delete User Security Management Includes ability to add modify and delete User Security Management Includes ability to add modify and delete This menu is available for users with any administrative privilege except for users with the User Security Management privilege alone Audit Trail Error Log Access Report Availability Report gt Users gt Active Users gt Locked out Users gt All Users Data CC Setup and Control CC Setup and Control Device Port and Node Management Device Port and Node Management or Device Configuration and Upgrade Management User Management CC Setup and Control To view all user data User Management To view your own user data None Raritan Menu gt Sub menu gt Devices gt Nodes gt Active Directory Access Administration Menu Item gt User Group Data gt Device Asset Report gt Device Group Data gt Query Port gt Node Asset Report gt Active Nodes gt Node Creation gt Node Group Data AD Users Group Report Scheduled Reports Add Web Services API Appendix C User Group Privileges Required Privilege Description User Management De
117. or URLs will not resolve You do not need to have DNS configured for IP addresses gt To add a web browser interface 1 The default name for a Web Browser Interface is Web Browser You can change the name in the Name field See Naming Conventions on page 389 for details on CC SG s rules for name lengths 2 Type a TCP Port for this connection in the TCP Port field If you are using HTTPS in the URL you must set the TCP port to 443 Optional 3 Type the URL or domain name for the web application in the URL field Note that you must enter the URL at which the web application expects to read the username and password Maximum is 120 characters Follow these examples for correct formats http s 192 168 1 1 login asp http s www example com cgi login http s example com home htm 4 Enter authentication information Optional To use a service account for authentication select the Use Service Account Credentials checkbox Select the service account to use in the Service Account Name menu or Enter a Username and Password for authentication Type the username and password that will allow access to this interface Note Do not enter authentication information for DRAC ILO and RSA web applications or the connection will fail 133 134 Chapter 8 Nodes Node Groups and Interfaces 5 Type the field names for the username and password fields used in the login screen for the web application in the Username
118. page 389 for details on CC SG s rules for name lengths Element names are case sensitive Click OK to save your changes Adding Categories and Elements with CSV File Import Raritan You can add categories and elements to CC SG by importing a CSV file that contains the values You must have the User Security Management and CC Setup and Control privileges to import and export categories and elements 43 44 Chapter 5 Associations Categories and Elements Column 1 ADD Column 1 ADD Categories and Elements CSV File Requirements The categories and elements CSV file defines the categories their associated elements their type and whether they apply to devices nodes or both All CATEGORY and CATEGORYELEMENT records are related A CATEGORY record must have one or more CATEGORYELEMENT records CATEGORYELEMENT records can be present without a corresponding CATEGORY record if that CATEGORY already exists in CC SG For example if you are adding more elements to an existing category then you do not have to include a row to redefine the category that the new elements belong to Export a file from CC SG to view the Comments which include all tags and parameters needed to create a valid CSV file See Export Categories and Elements on page 46 Follow the additional requirements for all CSV files See Common CSV File Requirements on page 369 gt To add a category to the CSV file Colu
119. page reports Print a Report There are two printing options in CC SG You can print a report page as it appears in your screen print a screenshot or you can print a full report including all details for each item Note Printing options work for all CC SG pages gt To print a screenshot of a report 1 Generate the report you want to print 2 Choose Secure Gateway gt Print Screen gt To print all report details 1 Generate the report you want to print Make sure to select All in the Entries to Display field 2 Choose Secure Gateway gt Print Save a Report to a File You can save a report to a CSV file which can be opened in Excel When you save a report to a file all the report s details are saved not just the details you can view in the report screen For example the Access Report screen for nodes does not display the Type and Message columns but these columns are available after saving and opening the Access Report in Excel 1 Generate the report you want to save to a file Click Save to File Type a name for the file and choose the location where you want to save it 4 Click Save 209 Chapter 13 Reports Audit Trail Report 210 Purge a Report s Data From CC SG You can purge the data that appears in the Audit Trail and Error Log reports Purging these reports deletes all data that satisfy the search criteria used For example if you search for all Audit Trail entries from M
120. panel click Edit The Edit Custom View window opens 2 Type anew name for the custom view in the Enter new name for custom view field and then click OK The new view name appears in the Name field in the Custom View screen gt To change the custom view s contents 1 Inthe Custom View Details section a Inthe Available list select the item you want to include in the custom view and then click Add to add the item to the list Repeat this step to add as many items as you want b Arrange the items in the Selected list in the order you would like each grouping to display in the Nodes tab Select an item and click the up and down arrow buttons to move the item into the desired sequence c If you must remove an item from the list select it and click Remove 2 Click Save A message confirms that the custom view has been added 3 To apply the new custom view click Set Current Delete a Custom View for Devices gt To delete a custom view for devices 1 Click the Devices tab 2 Choose Devices gt Change View gt Create Custom View The Custom View screen appears 3 Click the Name drop down arrow and select a custom view from the list Details of the items included and their order appear in the Custom View Details panel 4 Inthe Custom View panel click Delete The Delete Custom View confirmation message appears 5 Click Yes 185 186 Chapter 11 Custom Views for Devices and Nodes Assign a Default C
121. ports 1 VGA port Fast UART 16550 serial port 2 USB 2 0 Ports E1 Environmental Requirements Operating Humidity 5 90 non condensing Altitude Sea level to 7 000 feet Vibration 10 Hz to 500 Hz sweep at 0 5 g constant acceleration for one hour on each of the perpendicular axes X Y and Z Shock 5 g for 11 ms with a 1 2 sine wave for each of the perpendicular axes X Y and Z 347 Appendix A Specifications for V1 and E1 348 Operating Non Operating Temperature Humidity Altitude Vibration Shock 40 70 C 5 90 non condensing Sea level to 40 000 feet 10 Hz to 300 Hz sweep at 2 g constant acceleration for one hour on each of the perpendicular axes X Y and Z 30 g for 11 ms with a sine wave for each of the perpendicular axes X Y and Z Raritan Appendix B CC SG and Network Configuration This appendix contains network requirements including addresses protocols and ports of a typical CC SG deployment It includes information about how to configure your network for both external access and internal security and routing policy enforcement Details are provided for the benefit of a TCP IP network administrator The TCP IP administrator s role and responsibilities may extend beyond that of a CC SG administrator This appendix will assist the administrator in incorporating CC SG and its components into a site s security access and routing policies The tables contain the protocols and ports that
122. rules that describe devices and the devices whose parameters follow those rules will be added to the group Select Devices Click the Select Devices tab in the Device Group New panel In the Available list select the device you want to add to the group and then click Add to move the device into the Selected list Devices in the Selected list will be added to the group c To remove a device from the group select the device name in the Selected list and then click Remove d Youcan search for a device in either the Available or Selected list Type the search terms in the field below the list and then click Go Describe Devices a Click the Describe Devices tab in the Device Group New panel In the Describe Devices tab you create a table of rules that describe the devices you want to assign to the group b Click the Add New Row icon Ej to add a row to the table c Double click the cell created for each column to activate a drop down menu Select the rule components you want to use from each list Select the Create Full Access Policy for Group checkbox if you want to create a policy for this device group that allows access to all nodes and devices in the group at all times with control permission To add another device group click Apply to save this group and repeat these steps Optional When you have finished adding device groups click OK The Node Group New panel opens You can also click Create Groups and th
123. select the Apply to Nodes checkbox If you want to add another device click Apply to save this device and repeat these steps Optional When you have finished adding devices click OK The Device Summary panel displays a list of the devices that you added Click Continue to start the next task Create Groups Follow the steps in the next section The third task of Guided Setup is Create Groups Create Groups allows you to define groups of devices and groups of nodes and specify the set of devices or nodes included in each group Administrators can save time by managing groups of similar devices and nodes rather than managing each device or node individually Add Device Groups and Node Groups gt 1 To add device groups and node groups in Guided Setup The Device Group New panel opens when you click Continue at the end of the Device Setup task You can also click Create Groups and then click Add Device Groups in the Guided Tasks tree view in the left panel to open the Device Group New panel In the Group Name field type a name for a device group you want to create Raritan Z Raritan Chapter 4 Configuring CC SG with Guided Setup There are two ways to add devices to a group Select Devices and Describe Devices The Select Devices tab allows you to select which devices you want to assign to the group by selecting them from the list of available devices The Describe Devices tab allows you to specify
124. the CC SG unit you restore gt 1 Raritan To restore CC SG Choose System Maintenance gt Restore The Restore CommandCeniter page opens displaying a list of backup files available to CC SG You can see the type of backup the date of the backup the description what CC SG version it was made from and the size of the backup file If you want to restore from a backup stored off of the CC SG system you must first upload the backup file to CC SG Optional a b Click Upload Browse for the backup file and select it in the dialog window You can retrieve the file from anywhere on your client s network Click Open to upload this file to CC SG When complete the backup file appears in the Available Backups table Select the backup file you want to restore in the Available Backups table If applicable select what kind of restore you want to perform from this backup Standard Restores only critical Data to CC SG This includes CC SG configuration information Device and Node configurations and User configurations See What is the difference between Full backup and Standard backup on page 224 Full Restores all Data Logs firmware Application Files and license files stored in the backup file See What is the difference between Full backup and Standard backup on page 224 This requires that a full backup was made for the file Look at the Type column in the Available Backups table to see what ful
125. the User Name and Password of the Diagnostic Console admin account and click OK to log in All available snapshot files that CC SG has ever taken are listed Note CC SG keeps snapshot files for 10 days only so you should retrieve the files in a timely manner Click the snapshot file with the appropriate filename or the file named snapshot as it is the latest snapshot file The files are already compressed encrypted and signed so you must transfer them in the binary mode When saving the file with IE save it as a raw file by choosing All Files from the Save as type drop down list in the Save As dialog Change the Video Resolution for Diagnostic Console Raritan recommends that you adjust the video resolution of the Diagnostic Console for the monitor to display the menu properly gt 1 336 To adjust the video resolution Reboot CC SG See Reboot CC SG with Diagnostic Console on page 316 When it shows the messages below press any character within 5 seconds to enter the GRUB menu such as the Esc or arrow key Press any key to enter the menu Booting CentOS x x x in x seconds Highlight the option 1024x768 24 bit using the up or down arrow keys and press Enter Raritan Chapter 17 Power IQ Integration If you have a CC SG and Power IQ there are severals ways to use them together 1 Control power to Power IQ IT devices via CC SG For example if you want to control power to
126. the system or powered off manually or accidentally See Raritan s Paragon II User Guide Hostname can be used if DNS server support is enabled See About Network Setup on page 242 The hostname and its Fully Qualified Domain Name FQDN Hostname Suffix cannot exceed 257 characters It can consist of any number of components as long as they are separated by Each component has a maximum size of 63 characters and the first character must be alphabetic The remaining characters can be alphabetic numeric or hyphen or minus The last character of a component may not be While the system preserves the case of the characters entered into the system the FQDN is case insensitive when used iLO RILOE and iLO2 RILOE2 Hewlett Packard s Integrated Lights Out Remote Insight Lights Out servers that can be managed by CC SG Targets of an iLO RILOE device are powered on off and recycled directly iLO RILOE devices cannot be discovered by CC SG they have to be manually added as nodes In this guide the term iLO RILOE includes both iLO RILOE and iLO2 RILOE2 In band Access going through the TCP IP network to correct or troubleshoot a target in your network KVM and Serial devices can be accessed via these in band applications RemoteDesktop Viewer SSH Client RSA Client VNC Viewer IPMI Servers Intelligent Platform Management Interface servers that can be controlled by CC SG IPMI are discovered automatic
127. the type of device you want to upgrade If you need to upgrade more than one device type you must schedule a task for each type Raritan Z Raritan d Chapter 15 Advanced Administration Concurrent Upgrades Specify the number of devices that should begin the file transfer portion of the upgrade simultaneously Maximum is 10 As each file transfer completes a new file transfer will begin ensuring that only the maximum number of concurrent transfers occurs at once Upgrade File Select the firmware version to which you want to upgrade Only available upgrade files that are appropriate for the device type selected will appear as options Specify the time period for the upgrade a Start Date Time Select the date and time at which the task begins The start date time must be later than the current date time Restrict Upgrade Window and Latest Upgrade Start Date Time If you must finish all upgrades within a specific window of time use these fields to specify the date and time after which no new upgrades can begin Select Restrict Upgrade Window to enable the Latest Upgrade Start Date Time field Specify which devices will be upgraded and in what order Place higher priority devices at the top of the list a In the Available list select each device you want to upgrade and click Add to move it to the Selected list In the Selected list select a device and use the arrow buttons to move the devices into the o
128. their attributes e Choose Reports gt Devices gt Device Group Data A list of existing device groups is displayed Double click a row to view devices for any device group Add a Device Group gt To add a device group 1 Choose Associations gt Device Groups The Device Groups Manager window opens Existing device groups appear in the left panel Raritan Raritan Chapter 6 Devices Device Groups and Ports Click the New Group icon O in the toolbar The Device Group New panel appears In the Group Name field type a name for a device group you want to create See Naming Conventions on page 389 for details on CC SG s rules for name lengths There are two ways to add devices to a group Select Devices and Describe Devices The Select Devices tab allows you to choose which devices you want to assign to the group by selecting them from the list of available devices The Describe Devices tab allows you to specify rules that describe devices and the devices whose parameters follow those rules will be added to the group To add a device group with the Select Devices option Click the Select Devices tab in the Device Group New panel In the Available list select the device you want to add to the group then click Add to move the device into the Selected list Devices in the Selected list will be added to the group To remove a device from the group select the device name in the Selected list and click R
129. to Power IQ You can quickly make a file of all node and interface information by exporting See Export Nodes on page 149 Enter the name of the Power IQ that manages the IT device The name must match the value in the Power IQ Device Name field on the Access gt Power IQ Services gt Power IQ Device Name Configuration dialog See Configuring Power IQ Services on page 338 Optional 147 148 Chapter 8 Nodes Node Groups and Interfaces gt To assign categories and elements to a node to the CSV file Categories and elements must already be created in CC SG You can assign multiple elements of the same category to a node in the CSV file Column Tag or value Details number 1 ADD The first column for all tags is the command ADD 2 NODE CATEGORYELEMENT Enter the tag as shown Tags are not case sensitive Node Name Required field Category Name Required field Element Name Required field Sample Nodes CSV File ADD NODE NJSomersetEmailServer Physical Server ADD NODE OOBKVM INTERFACE NJSomersetEmailServer NJSomersetEmailServer DKX2 NY Rack7 NJSomersetEmailServer ADD NODE RDP INTERFACE NJSomersetEmailServer 192 168 53 42 admins ADD NODE POWER INTERFACE NJSomersetEmailServer Power Rack17 4 ADD NODE CATEGORYELEMENT NJSomersetEmailServer Location Somerset Import Nodes Once you ve created the CSV file validate it to check for errors then import
130. to View list Option Individual Windows Merged Windows Initial Buffer Remember Selected Items Use Default Color Scheme Use Default Filters Export Description Display the selected logs in separate sub windows Merge the selected logs into one display window Sets initial buffer or history size 5000 is default This system is configured to buffer all the new information that comes along If this box is checked the current logfile selections if any will be remembered Otherwise selection is reset each time a new Logfile list is generated This is useful if you want to step thorough files If this box is checked some of the logfiles will be viewed with a standard color scheme Note multitail commands can be used to change the color scheme once the logfile s are being viewed If this box is checked some of the logfiles will have automatic filters applied This option packages up all the selected logfiles and makes them available via Web access so that they can be retrieved and forwarded to Raritan Technical Support Access to the 313 Chapter 16 Diagnostic Console Option Description contents of this package is not available to customer Exported logfiles will be available for up to 10 days and then the system will automatically delete them View View the selected log s When View is selected with Individual Windows the LogViewer displays 60 sa httpd access Log 2MB 2008 12 02 17 18 26 3584
131. to a node group specified by the custom view will not appear in the list Filter by Device Group Only the device groups you specify will appear in the devices list when a Filter by Device Group custom view is applied The first level of organization is the device group name A device may appear several times in the list if the device belongs to more than one device group defined in the custom view Devices that do not belong to a device group specified by the custom view will not appear in the list 180 Chapter 11 Custom Views for Devices and Nodes Using Custom Views in the Admin Client Custom Views for Nodes Add a Custom View for Nodes gt To add a custom view for nodes 1 Click the Nodes tab 2 Choose Nodes gt Change View gt Create Custom View The Custom View screen appears 3 Inthe Custom View panel click Add The Add Custom View window opens 4 Type a name for the new custom view in the Custom View Name field 5 Inthe Custom View Type section Select Filter by Node Group to create a custom view that displays only the node groups you specify Select View by Category to create a custom view that displays nodes according to the categories you specify Click OK In the Custom View Details section a Inthe Available list select the item you want to include in the custom view and then click Add to add the item to the list Repeat this step to add as many items as you want b Arrange th
132. to remove the port entry from a Device When a port is down the information in the Port Profile screen is read only You can delete a port that is down Important If you delete a port that is associated with a node the associated out of band KVM or Serial interface provided by the port will be removed from the node If the node has no other interfaces the node will also be removed from CC SG To delete a port Click the Devices tab and select a device whose ports you want to delete Choose Devices gt Port Manager gt Delete Ports Raritan Chapter 6 Devices Device Groups and Ports 3 Select the checkbox of the port you want to delete 4 Click OK to delete the selected port A message appears when the port has been deleted Configuring a Blade Chassis Device Connected to KX2 Blade Chassis Overview There are two types of blade chassis devices one is with an integrated KVM switch which can function as an IP enabled KVM switch and the other is without Blade Chassis with an Integrated KVM Switch A blade chassis with an integrated KVM switch such as Dell PowerEdge and IBM BladeCenter series is connected to KX2 via a CIM As only one CIM is available to access all blade servers in that chassis when a user accesses one blade server there are no paths left to the others When configuring all KX2 ports in CC SG the blade chassis connected to the KX2 device is configured See Add a Blade Chassis Device
133. to see the progress of the RAID disks as they are being rebuilt and synchronized Note The disk drives are fully synchronized and full RAID 1 protection is available when you see a screen as shown above The status of both mdod and md1 arrays are UU 327 Chapter 16 Diagnostic Console Perform Disk or RAID Tests You can manually perform SMART disk drive tests or RAID check and repair operations gt To perform a disk drive test or a RAID check and repair operation 1 Choose Operation gt Utilities gt Disk RAID Utilities gt Manual Disk RAID Tests 2 To perform a SMART disk drive test a Inthe Disk Test section select the type of test and the disk drive that you want to test b Select Submit c The test is scheduled and a SMART information screen displays d When the required time has passed as indicated by the screen you can view the results in the Repair Rebuild RAID screen See Repair or Rebuild RAID Disks on page 331 3 To perform a RAID test and repair operation a Inthe RAID Test section select the type of test and the RAID Array that you want to test The mdO Array is a small boot partition while md1 Array covers the rest of the system b Select Submit c You can track the test progress in the RAID Status Disk Utilization screen See Display RAID Status and Disk Utilization on page 327 Optional a Raritan Chapter 16 Diagnostic Console d After the test is complete
134. unit belongs to one Neighborhood only e All CC SG units in the same Neighborhood must be of the same firmware version e CC SG units in the Neighborhood must be either standalone CC SG units or Primary Nodes of clustered CC SG units e A Neighborhood can consist of both physical and virtual CC SG units Create a Neighborhood You can log into a CC SG unit where you want to create a Neighborhood and which is not a member of any Neighborhood yet After a Neighborhood is created all members in the Neighborhood share the same Neighborhood information If any member is the Primary Node of clustered CC SG units the IP address or hostname of the Secondary or Backup Node also displays in the Neighborhood configuration gt To create a Neighborhood 1 Choose Administration gt Neighborhood Type a name in the Neighborhood Name field Click Create Neighborhood The IP address or hostname of current CC SG already displays in the Secure Gateway IP Address Hostname table You may click the drop down arrow to switch between its complete or short hostnames or IP address 5 Add one or more CC SG units in the table a Click the next empty row or press Tab or up down arrow keys Pe wo RN b Type the IP address or hostname of new CC SG unit that you want to add and press Enter See Terminology Acronyms on page 2 for hostname rules c Repeat previous steps until you finish adding all CC SG units 6 Click Next Raritan
135. virtual power interface link to open the Power Control page for the node Raritan ss Chapter 8 Nodes Node Groups and Interfaces Connecting to a Node Once a node has an interface you can connect to that node through the interface in several different ways See Raritan s CommandCenter Secure Gateway User Guide gt To connect to anode 1 Click the Nodes tab 2 Select the node to which you want to connect and Inthe Interfaces table click the name of the interface with which you want to connect or In the Nodes tab expand the list of interfaces underneath the node to which you want to connect Double click the name of the interface to which you want to connect or right click the interface and select Connect Firefox Users of the Access Client Must Download JNLP File Firefox users of the Access Client are prompted to download a JNLP file each time an out of band KVM port connection is made Select the Do this automatically for files like this from now on checkbox so that Firefox can automatically download the file for future connections Pinging a Node You can ping a node from CC SG to make sure that the connection is active gt To ping anode 1 Click the Nodes tab and then select the node you want to ping 2 Choose Nodes gt Ping Node The ping results appear in the screen ae Raritan Chapter 8 Nodes Node Groups and Interfaces Adding Editing and Deleting Interfaces Ra
136. where you want to save it 4 Click Save Raritan a Chapter 9 Users and User Groups Your User Profile My Profile allows all users to view details about their account change some details and customize usability settings It is the only way for the CC Super User account to change the account name gt To view your profile Choose Secure Gateway gt My Profile The Change My Profile screen appears displaying details about your account Change your password 1 Choose Secure Gateway gt My Profile 2 Check the Change Password For Local Authentication Only checkbox Type your current password in the Old Password field Type your new password in the New Password field A message appears if Strong Passwords are required Type your new password again in the Retype New Password field 6 Click OK to save your changes Change your name You cannot change your user name You can change the first and last name associated with your user name gt To change your name 1 Choose Secure Gateway gt My Profile 2 Type your first and last name in the Full Name field See Naming Conventions on page 389 for details on CC SG s rules for name lengths Change your default search preference 1 Choose Secure Gateway gt My Profile 2 Inthe Search Preference area select a preferred method to search nodes users and devices Filter by Search Results Allows the use of wildcards and will limit th
137. will search all users in the DCAdmins and IT organizational units under the xyz com domain Specifying Modules for Authentication and Authorization Once you have added all the external servers as modules in CC SG specify whether you want CC SG to use each of them for either authentication authorization or both gt To specify modules for authentication and authorization 1 Choose Administration gt Security 2 Click the Authentication tab All configured external Authorization and Authentication Servers appear in a table 3 For each server listed a Select the Authentication checkbox if you want CC SG to use the server for authentication of users b Select the Authorization checkbox if you want CC SG to use the server for authorization of users Only AD servers can be used for authorization 4 Click Update to save your changes Raritan Chapter 12 Remote Authentication Establishing Order of External AA Servers CC SG will query the configured external authorization and authentication servers in the order that you specify If the first checked option is unavailable CC SG will try the second then the third and so on until it is successful gt To establish the order in which CC SG uses external authentication and authorization servers 1 Choose Administration gt Security 2 Click the Authentication tab All configured external Authorization and Authentication Servers appear in a table 3
138. you want to delete Use Ctrl click and Shift click to select multiple reports Click Delete Reports Click Yes to confirm 219 Chapter 13 Reports Upgrade Device Firmware Report The Upgrade Device Firmware report is located in the Scheduled Reports list This report is generated when an Upgrade Device Firmware task is running View the report to get real time status information about the task Once the task has completed the report information is static See Scheduled Reports on page 219 for details on viewing the report Raritan Chapter 14 Maintenance Mode Z Raritan System Maintenance In This Chapter Maintenance ModE csiis eeina 221 Entering Maintenance Mode ssssesrseessrrssesrresrrrnnsnirnesrnnansnnnnasnnnnnennna 222 Exiting Maintenance Mode e icctsccccccsteetecsteebacsieedeedise ccctteeeuecateeeetcnseees 222 Backing Up CC SGi niak dieiiedet ee eaaa aE r aE a a 222 Saving and Deleting Backup Fil S cccccceeeseeeeeeeeseeeeeeeaeeeeeeeeennees 224 Restoring GG S Gis ivistdsecceeadeiet neti eu eee Ane 225 Resetting CC SG iis avisiectie tiie a aaaeaii 226 Restarting GC SGiicisciaiseiidenievind tert iceeesccee aaia enter 229 Upgrading CC SG sireni n nine neers 229 Upgrading a Cluster sssrinin aa ia a aai 232 Migrating a CC SG Database i 2c siiavveterertad deat ene tietatiedens 233 GG SG SMUT OWN ics cssctcceseag eee sun ceeasinecsesdeadereiniee a a 234 Restarting CC SG after SHUtG
139. 02 Service ACCOUNUS esseeride aaas ANa aa ANKA 106 Adding Editing and Deleting Nodes cccescccceeescceeeeeeeceeeeeeeeeeetees 109 Adding Location and Contacts to a Node Profile cccceeeeeeeees 111 Adding Notes to a Node Profile sc sjieccssseeeecteneede cccgete cee ne decenitedeteiee scene 111 Configuring the Virtual Infrastructure in CC SG cccceseeeessteeeeeeeees 112 Synchronizing the Virtual Infrastructure with CC SG ccceerees 121 Reboot or Force Reboot a Virtual Host Node 123 Accessing the Virtual Topology View ececeeeseteeeeeeteeeeeeeteeeeeeteeeenens 123 Connecting toa Noden 124 Pinging A NOJO wee sctescienccecnedtecdandeeccdisebetedsteebedateedecdapevgeassbbekedi te ebeidseeeds 124 Adding Editing and Deleting Interfaces 0 ee cceeeeeeeeeeteeeeetnteeeeeeee 125 Bookmarking ari Merat E sci cicccctiecscce cites covsessceitesseceeeesscdbewssivediescceds 136 Configuring Direct Port Access to a NOd ccccceceteeeceesteeeeeesteeeeeenaes 137 Bulk Copying for Node Associations Location and Contacts 137 Using Ghats iiiediiindd bin nadia nian tisinelinadialaglings 138 Adding Nodes with CSV File Import sinnsirean 138 Editing IP Addresses with CSV File Import 0 cceeeeeeeeseeeseeeeeeeeeeees 149 Adding Editing and Deleting Node GroupS cceeecceeseeeeseeeeeeees 150 Nodes and Interfaces Overview Raritan About Nodes Each node repres
140. 173 Bulk Copying USGIS ritanir vesd ie existtecetacaihevan teases sd ERETIERS 174 156 Chapter 9 Users and User Groups The Users Tab Click the Users tab to display all user groups and users in CC SG Devices E k CC Super User a a hg Users gt leseUser amp NinaUser i 3 System Administrators fee A charles be charlesm Charlie charlie2 hetal karl kunalg lese monica nina b owenc raritan b richardr shail A victor Y Search For User Users are nested underneath the user groups to which they belong User groups with users assigned to them appear in the list with a symbol next to them Click the to expand or collapse the list Active users those currently logged into CC SG appear in bold The Users tab provides the ability to search for users within the tree 5 Raritan ar Chapter 9 Users and User Groups Default User Groups CC SG is configured with three default user groups CC Super User System Administrators and CC Users CC Super User Group The CC Super User group has full administrative and access privileges Only one user can be a member of this group The default username is admin You can change the default username You cannot delete the CC Super User group You cannot change the privileges assigned to the CC Super User group add members to it or delete the only user from the group Strong passwords are always enforced for the member of the CC Super User group Stron
141. 284 Schedule a Task that is Similar to Another Task ccccccccccccccccceceeeseeeeeeeeeceeeeeseeaeeeueess 284 Delete a Taskinen ae a aE Aea a SAAT ea Aeara aaaea aaie ideaa iiaeaa 285 SSH Access to CC SG erreien aaea e Yetadsasauentsandeusecaeccdaeantaduncssuaceeidedweuesabecseetaevaencseseae 285 Get Help for SSH Commands cccccceeececeeeeeeceeeeaeeeeeeeceeeesaaeeeeaaeseeeeeseaeeesnaeeeeeeeeeaees 286 SSH Commands and Parameters ccccccccccccccecececececececececececeeececeeeeeeeceeacaeeeecenaeananans 287 Command Tips crecer e vic cecededecec vat ON aa ENE AS aE 289 Create an SSH Connection to a Serial Enabled Device essssesssesssessessrerererererrerererreeene 290 Use SSH to Connect to a Node via a Serial Out of Band Interface ceeeeeeeeee 291 End SSH Connections 0 ccccc cece ccceeececccccececeeeeececeeeeeceaueeseceseeueuaueaseeeeseeuaeaueeseeseeeeeeaneneess 292 Seral Admin POM sosisini enia cc Dedawnths dacsdddcacaiess Getta acedevacen ste svivGaevncete aN raana a teuivhcbeeenceds dase 293 About Terminal Emulation Programs ssc iiesiesdneests basi ained ait eM atoeealae 293 Finding Your CG SG Serial NUMBCH sce cic tecee teed odscacg iiiaae fain deed ceeds iaa 294 Web Services API u ecccccccccceeccccccccececeeeeececeseesseeueeseseceeueuauaeeesseeeeeuaeaueeseceeeeueeauausadseeeeeuaeaneaseeness 294 COC INO Gara caiccveranate cat haceean E acts tasnassaciaa esdiasnvaaganiesataia manaaasat eerie 295 Chapt
142. 30 Repair OF REDUIGURAID DISKS srair anae ae aa en aape aaraa dOa atama Eadie 331 View Top Display with Diagnostic Console cccceececeeseeceeeeeeeeeeeeeeeseneeesaeeeeaeeseeeeeteas 333 Display NI P Status se cciccceccececeesctdecee ninanais aaia aidia aiaia aiid 333 Take a System Snapshot cccccccccccceeseeceeeeeceeeeeeeaeeeeeeeeeeeeseaeeesaaesgeaeeseaeeesaeseeaaeeseneeseas 335 Change the Video Resolution for Diagnostic Console ee ceeceeeeeeeeeseeceeeeeeeeeneeeneeees 336 Chapter 17 Power IQ Integration 337 Power Control of Power 1Q Il D6VICES nnee aisan n iaaa aN 337 Configuring Power IQ SeIvViCeS sci cecccriccatsmtanian denied nent deat nes 338 Configuring Power Control of Power IQ IT Devices 00 cece cece eee tree tneteeeeneeeneeeeeees 339 Configuring Synchronization of Power IQ and CO SG ou eee cee ee ee terete eteeeeeetneeeneeenaees 340 Synchronize Power Q and CC SG sesser aaa AEE da 341 Power IQ Synchronization POlCIOS sts ccceives cesenetsceccussndeeenesacecnevencertieaseneteenacdaeaenerevenoeete 342 Importing and Exporting Dominion PX Data from Power 1Q c cceeeeeeeeceeee settee eteeeeeeeseeeeees 342 Import Power Strips from Power 1Q c cee eeceeceeseeeeeeeeeeseeeaeesaaesnaeceaeseaeeneeeseeeseeeseeeenaes 343 Export Dominion PX Data to Use in Power IQ ooo cece eeeeeeee cee cee cent eeeeeseeeseeeeeeeenaes 344 Appendix A Specifications for V1 and E1 346 MA MOOS cveisicccccsdticeneicicc count E E E
143. 38 gt Step 2 Create a filter optional Filters are optional If you do not create a filter all IT Devices configured in this Power IQ will be added to CC SG according to the synchronization policy Filters apply only to the Power IQ instance selected 1 Choose Access gt Power IQ Services then select the name of the Power IQ you want to synchronize 2 Inthe Synchronization section select a field name from the Field list The field names listed refer to fields in Power IQ 3 Select a search operator from the Operator list LIKE will return IT Devices where the value in the specified field contains the text specified For example the value win in contained in windows windows2k and win7 EQUAL will return only IT Devices that contain exactly the value in the specified field 4 Enter the value to search for in the specified field using the specified operator 5 Click OK to save or keep this dialog open and continue to Step 3 i Raritan Chapter 17 Power IQ Integration gt Step 3 Create a synchronization policy Note The synchronization policy applies to ALL Power IQ instances configured in CC SG See Power IQ Synchronization Policies on page 342 for details of each policy and other synchronization results 1 Inthe Synchronization section select the radio button for the synchronization policy Consolidate Nodes Rename Duplicate Nodes Reject Duplicate Nodes 2 Click O
144. 43 Check Interval seconds Enter the time in seconds that should elapse before timeout between the virtual host and CC SG Enter authentication information To use a service account for authentication select the Use Service Account Credentials checkbox Select the service account to use in the Service Account Name menu or Enter a Username and Password for authentication Maximum 64 characters each To allow users who access this virtual host to automatically login to the VI Client interface select the Enable Single Sign On For VI Client checkbox Optional Click Next CC SG discovers the virtual host s virtual machines Click the column header to sort the table by that attribute in ascending order Click the header again to sort the table in descending order Optional Raritan Chapter 8 Nodes Node Groups and Interfaces 12 Add virtual machines to CC SG One node will be created for each virtual machine Each associated virtual host will also be configured Only one virtual host node will be added even if the virtual host is associated with multiple virtual machines To add one virtual machine Select the Configure checkbox next to the virtual machine that you want to add To adda VNC RDP or SSH interface to the virtual host node and the virtual machine node select the checkboxes next to the virtual machine Optional To add all virtual machines Select the topmost checkbox in
145. 496 4292586 3586676 3586126 3516238 3497318 4299946 02 messages 339KB 2008 12 62 17 18 26 While viewing log files press Q Ctrl Q or Ctrl C to return to the previous screen You can change colors in a log file to highlight what is important Type C to change colors of a log file and select a log from the list Type for info to display system information i lt Raritan Chapter 16 Diagnostic Console Note System load is static as of the start of this Admin Console session use the TOP utility to dynamically monitor system resources gt To filter a log file with a regular expression 1 Type e to add or edit a regular expression and select a log from the list if you have chosen to view several 2 Type Ato add a regular expression For example to display information on the WARN messages in sg jboss console log log file enter WARN and select match Note This screen also shows the Default Filter Scheme for console log which removes most of the Java heap messages Restart CC SG with Diagnostic Console Restarting CC SG will log out all current CC SG users and terminate their sessions to remote target servers Important It is HIGHLY recommended to restart CC SG in the Admin Client unless it is absolutely necessary to restart it from 315 Chapter 16 Diagnostic Console Diagnostic Console See Restarting CC SG on page 229 Restarting CC SG in Diagnostic Console wi
146. A MOOG liriese aa a aa aane 346 ET MOG iirin iiien aaa ea aa aeiae 347 V1 General Specifications Form Factor 1U Dimensions DxWxH 24 21 x 19 09 x 1 75 615 mm x 485 mm x 44 mm Weight 23 80lb 10 80kg Power Single Supply 1 x 300 watt Operating Temperature 10 35 50 95 Mean Time Between 36 354 hours Failure MTBF KVM Admin Port DB15 PS2 or USB Keyboard Mouse Serial Admin Port DB9 Console Port 2 USB 2 0 Ports V1 Environmental Requirements Operating Humidity 8 90 RH Altitude Operate properly at any altitude between 0 to 10 000 feet storage 40 000 feet Estimated Vibration 5 55 5 HZ 0 38 mm 1 minutes per cycle 30 minutes for each axis X Y Z Shock N A Non Operating Temperature 40 60 40 140 346 E1 Model Raritan Appendix A Specifications for V1 and E1 Operating Humidity 5 95 RH Altitude Operate properly at any altitude between 0 to 10 000 feet storage 40 000 feet Estimated Vibration 5 55 5 HZ 0 38mm 1 minutes per cycle 30 minutes for each axis X Y Z Shock N A E1 General Specifications Form Factor Dimensions DxWxH Weight Power Operating Temperature Mean Time Between Failure MTBF KVM Admin Port Serial Admin Port Console Port 2U 27 05 x 18 7 x 3 46 687 mm x 475 mm x 88 mm 44 09 lbs 20 kg SP502 2S Hot Swappable 500W 2U power supply 0 50 C 53 564 hours PS 2 keyboard and mouse
147. Admin to set the blade port group Then configure the blade servers in CC SG See Configuring Slots ona Blade Chassis Device on page 65 Raritan Chapter 6 Devices Device Groups and Ports Configuring Slots on a Blade Chassis Device If the blade servers or slots are not configured yet in CC SG you must configure them by following the procedure in this section or the blade servers do not appear in the Devices and Nodes tabs An Out of Band KVM interface is automatically added to a blade server node gt To configure slots from the blade chassis profile 1 Inthe Devices tab click the next to the KX2 device that is connected to the blade chassis device Select the blade chassis device whose slots you want to configure In the Device Profile screen select the Blades tab Select the checkbox for each slot you want to configure and then click OK gt To configure slots from the Configure Ports screen 1 Inthe Devices tab click the next to the KX2 device that is connected to the blade chassis device Select the blade chassis device whose slots you want to configure Choose Devices gt Port Manager gt Configure Ports To configure multiple slots with the default names shown on the screen select the checkbox for each slot you want to configure and then click OK to configure each slot with the default name To configure each slot individually click the Configure button next to the slot Then type a name
148. Application Cache Viewer Use the Java Control Panel s Java Application Cache Viewer to install a shortcut icon on your desktop for the thick client Chapter 2 Accessing CC SG CC SG Admin Client Upon valid login the CC SG Admin Client appears Raritan CommandCenter Secure Gateway Becure Gateway Users Devices Nodes Assogations Reports Access Administration System Maintenance View Window Help OG ADA DA aA ASAT amp RO 0 10 Server time 16246 GHT 05 00 Nodes Users Devices J Message of the Day x g fie herded cal ekorme to Commandcenter Secure Gateway wf Admin amp us CC console UF Channel 12 test UF Channel 16 E BF WR 32 59 ef KVM Target 1 Gl Gf KYM Target 4 vf P2SC 32 60 E ef RichordTesta2 1 06 UF Serial Target 1 Vf Serial Target 2 amp UF Serial Target 3 J Serial Target 4 E uf sniffer 1 ug Tv Kym S ug Ty KVM V Search For Node Raritan Raritan Chapter 2 Accessing CC SG Nodes tab Click the Nodes tab to display all known target nodes in a tree view Click a node to view the Node Profile Interfaces are grouped under their parent nodes Click the and signs to expand or collapse the tree Right click an interface and select Connect to connect to that interface You can sort the nodes by Node Name alphabetically or Node Status Available Busy Unavailable Right click the tree view select Node Sorting Options and then select By No
149. Associations gt Association Click Add The Add Category window opens Type a category name in the Category Name field See Naming Conventions on page 389 for details on CC SG s rules for name lengths 4 Select the Data Type for Elements Select String if the value is read as text Raritan Chapter 5 Associations Categories and Elements Select Integer if the value is a number In the Applicable For field select whether this category applies to Devices Nodes or Device and Nodes Click OK to create the new category The new category name appears in the Category Name field Delete a Category Deleting a category deletes all of the elements created within that category The deleted category will no longer appear in the Nodes or Devices trees once the screen refreshes or the user logs out and then logs back into CC SG gt 1 2 To delete a category Choose Associations gt Association Click the Category Name drop down arrow and select the category you want to delete Click Delete in the Category panel of the screen to delete the category The Delete Category window opens Click Yes to delete the category Add an Element To add an element Choose Associations gt Association Click the Category Name drop down arrow and select the category to which you want to add a new element Click the Add a new row icon Type the new element name in the blank row See Naming Conventions on
150. CC SG Cluster 257 258 Access Administrator Console 230 303 Access Control List e 276 321 Access Diagnostic Console via SSH 296 Access Diagnostic Console via VGA Keyboard Mouse Port 296 Access Report 162 212 Access Status Console 297 Access Status Console via VGA Keyboard Mouse Port or SSH 297 Access Status Console via Web Browser 297 377 Access to Infrastructure Services 352 Access to Licenses 24 Accessing CC SG 5 Accessing Diagnostic Console 296 297 Accessing the Virtual Topology View 123 Accounting FAQs 384 Active Nodes Report 217 Active Users Report 213 AD Advanced Settings 192 195 AD and CC SG Overview 190 AD General Settings 191 195 AD Group Settings 193 195 AD Trust Settings 194 195 AD User Group Report 218 Add a Blade Chassis Device 63 64 68 Add a Category 42 Add a Control System with Virtual Hosts and Virtual Machines 113 119 Add a Custom View for Devices 183 Raritan Add a Custom View for Nodes 181 Add a Device Group 72 76 175 Add a Dominion PX Device 53 54 56 Add a KVM or Serial Device 53 54 64 70 96 98 Add a KVM Switch Connected to KX2 e 70 Add a License xvii 30 Add a Neighborhood Member 264 Add a Node 109 339 Add a Node Group 151 175 Add a PowerStrip Connected to an SX 3 0 or KSX device 96 Add a Powerstrip Connected to an SX 3 1 Device 98 99
151. Choose Administration gt Security 195 196 Chapter 12 Remote Authentication 2 Click the Authentication tab All configured Authorization and Authentication Servers appear in a table Select the AD server whose AD user groups you want to import Click Import AD User Groups to retrieve a list of user group values stored on the AD server If any of the user groups are not already on the CC SG you can import them here and assign them an access policy 5 Select the groups you want to import to CC SG Imported user group names can include up to 64 characters To search for user groups type a search string in the Search for User Group field and then click Go Click a column header to sort the list of user groups by the information in that column Click Select all to select all user groups for import Click Deselect all to deselect all selected user groups 6 Inthe Policies column select a CC SG access policy from the list to assign the policy to the selected group 7 Click Import to import the selected user groups Tip To check that the group imported properly and to view the privileges of the group just imported click the Users tab then select the imported group to open the User Group Profile screen Verify the information in the Privileges and Device Node Policies tab Click the Active Directory Associations tab to view information on the AD module associated with the user group Raritan Chapter 12 R
152. D Server list Select the user groups you want to include in the report then click Add to move the user groups to the Selected list 4 Click Apply to generate the report ou Raritan Scheduled Reports Chapter 13 Reports Scheduled Reports displays reports that were scheduled in the Task Manager You can find the Upgrade Device Firmware reports and Restart Device reports in the Scheduled Reports screen Scheduled reports can be viewed in HTML format only See Task Manager on page 278 gt a E oO N gt 1 2 To access scheduled reports Choose Reports gt Scheduled Reports Select a Report Type Select a Report Owner Enter a Report Name to filter on the name You can enter the full name or part of the name Matches are not case sensitive Wildcards are not allowed Set the date range for the report in the Start Date and Time and End Date and Time fields Click each component of the default date month day year hour minute to select it then click the up and down arrows to reach the desired number Click Apply The list of scheduled reports is generated To view a scheduled report Select the report in the list Click View Report Note Audit Trail Error Log and Access Report manual report will show all the entries in the report while the report generated from a scheduled task will show a maximum of 10 000 rows gt i Raritan To delete a scheduled report Select the reports
153. Devices 183 Custom Views for Devices and Nodes 102 180 Custom Views for Nodes 181 D Debug Mode 375 395 Index Default CC SG Settings 23 Default User Groups 158 Delete a Backup File 224 Delete a Blade Chassis Device 67 68 Delete a Category 43 Delete a Cluster 260 Delete a Custom View for Devices 185 Delete a Custom View for Nodes 182 Delete a Device Group 76 Delete a Neighborhood 266 Delete a Neighborhood Member 265 Delete a Node 110 120 Delete a Node Group 154 Delete a PowerStrip Connected to a KX KX2 KX2 101 KSX2 or P2SC Device 95 96 Delete a PowerStrip Connected to an SX 3 0 or KSX Device 96 97 Delete a Powerstrip Connected to an SX 3 1 Device 98 99 Delete a Task 285 Delete a User 165 Delete a User Group 161 Delete a Virtual Infrastructure 120 Delete a Virtual Machine Node 120 Delete an Application 240 Delete an Interface 119 135 Delete Control Systems and Virtual Hosts 120 Delete Firmware 242 Deleting a Device 50 59 Deleting a Policy 178 Deleting a Port 62 Deleting a User From a Group 165 166 Deleting Slots on a Blade Chassis Device 66 Describe Method versus Select Method 76 151 Describe Nodes 152 Device and Port Icons 48 Device Asset Report 214 Device Group Data Report 215 Device Group Manager 71 Device Groups Overview 72 Device Information 390 D
154. E 346 Vi General SpeCificatiOns senina a TE 346 V1 Environmental REQUIFGMCMS sosisini 346 EI Mode irea E eter etre rer tree or E E a rere errs 347 t General Specifications mnia naaa a 347 El Environmental ReguireMentS sssini 347 Raritan i Contents Appendix B CC SG and Network Configuration 349 Required Open Ports for CC SG Networks Executive SUMMAary s es 349 CC SG Communication Channels 0 ccccccceccccccceeecececeeeesceeeeeececesesuaueaeeeeeeesuaeaaeaseseeseeeeananeees 350 CC SG and Raritan DeVICES ou cece cece cece cece ee eececeeecuceaeeeeeceseesseaueeseseeeeseeaueaaeceeeeeeeaeas 351 GCO SG GCIUSESNING ssccciteeztexatind cexbacendesee ceancehaceeee on E tees TS 351 Access to Infrastructure S rviCe ccccesesesesesesseeeseeeceeecsececesesaseeusessseessesrerererees 352 PG Clients 10 CC SGre cece seascxdnctastovabsenceduceagesgacis E O A EEE 352 PG Clients 16 Nodos a ccrcotesceddexiccaxecs ra a a a E a O aaa EEA 353 CC SG and Client for IPMI iLO RILOE DRAC RSA eeeeceseeeseeeeerrerrrrrererrrrrrerenn 354 COSCA Gi SNMP r a a a a E ERE 354 COSG Intermall Port a a a a A ET ana a 355 CC SG Access via NAT enabled Firewall esssessseseseeeseeesernurrrririririrrrirrririririrerrereeren 355 RDP Access to NOQ Sensis eaae a E E EESE cence 355 VNG Access to Nod Scrin a E Ea Aa 356 SSH Access to NOdOS cnnrn n a trend ease decease 356 Remote System Monitoring POlii iiki ia aaa 356 n Raritan Contents Ap
155. E D511 A510 00112FCB87F6 To retrieve the Host ID of your license server run the dmidecode program on the license server from the directory Raritan Raritan Chapter 3 Getting Started Linux su root dmidecode s system uuid Windows Use cd to change to the flexnet win i86_n3 directory then run dmidecode s system uuid Enter the TCP port number that CC SG will use to communicate with the license server The default port is 27000 If the license server is behind a firewall make sure the port number you enter is open 11 Click Create License The details you entered display in a pop up Verify that your Host ID is correct Warning Make sure the Host ID is correct A license created with an incorrect Host ID is not valid and requires Raritan Technical Support s help to fix 12 Click OK The license file is created 13 Click Download Now and save the license file Copy the License File to the License Server License files must be added to the license server If you have more than 1 license file you can copy and paste the full contents of each file into one file and save it using a text editor on your license server Make sure that you save the file with the LIC extension Linux Server e Copy the license file to home flex flexserverv1 1 8 i86_Isb Windows Server e Copy the license file to c flexnet win i86_n3 Start the License Server Linux Server 1 cd home flex flexser
156. G You must configure this first in the KX2 web interface and then add the KX2 to CC SG Add a KVM Switch Connected to KX2 This procedure adds a KVM switch connected to KX2 via the Admin Client You can also add KVM switches via CSV import See Devices CSV File Requirements on page 77 gt To adda KVM switch connected to KX2 1 Configure the KVM switch in KX2 properly See Configuring and Enabling Tiering and Configuring KVM Switches in the Dominion KX II User Guide You can access the Dominion KX II online help at http www raritan com support online help 2 Configure the KX2 device in CC SG properly See Add a KVM or Serial Device on page 54 3 CC SG detects the KVM switch on the KX2 s port and adds the device icon in one or two tabs In the Devices tab the KVM switch device appears beneath the KX2 device to which it is connected In the Nodes tab if you have entered a URL for accessing the KVM switch on the KX2 device the KVM switch appears as a node with a Web Browser interface added to it Configuring Ports on an Analog KVM Switch Device Connected to KX2 If the analog KVM switch device ports are not configured yet in CC SG you must configure them by following the procedure in this section or the analog KVM switch and its ports do not appear in the Devices and Nodes tabs An Out of Band KVM interface is automatically added to a KVM Switch node gt To configure ports from the KVM switch device
157. Infrastructure a VI Client interface that provides access to the Web Access virtualization system s infrastructure client application VMW Viewer Virtual machine nodes have a VMW Viewer VMware s Virtual Machine interface interface that provides access to the virtual Remote Console machine s viewer application VMW Power Virtual machine nodes have a VMW Power N A interface interface that provides power control for the node through CC SG ia Z Raritan Raritan Chapter 8 Nodes Node Groups and Interfaces Virtual Nodes Overview You can configure your virtual infrastructure for access in CC SG The Virtualization page offers two wizard tools Add Control System wizard and Add Virtual Host wizard that help you add control systems virtual hosts and their virtual machines properly Once you complete the configuration all control systems virtual hosts and virtual machines are available for access as nodes in CC SG Each type of virtual node is configured with an interface for access and an interface for power e Control system nodes and virtual host nodes are configured with a VI Client interface The VI Client interface provides access to the virtualization system s infrastructure client For VMware control centers the VI Client interface provides access to the control center server via VMware Virtual Infrastructure Web Access For VMware ESX servers the VI Client interface provides access to the ESX server via VMware
158. JRE versions You can change the message to include any text and links to download options Users can download a new JRE version or continue to access CC SG with the current installed JRE version gt 1 To enable or disable custom JRE for login Back up CC SG and save the backup file to a remote location before you enable or disable this feature See Backing Up CC SG on page 222 Choose Administration gt Configuration Click the Custom JRE tab Select the Enable Custom JRE for Login checkbox to enable the option Deselect the checkbox to disable the option Enter the minimum JRE version required in the Require Minimum JRE field You must enter the full version number including at least three parts For example 1 6 0 is a correct version number 1 6 is not a correct version number For JRE Update versions use an underscore character For example 1 6 0_5 is a correct version number for JRE version 1 6 0 Update 5 Click Update To customize the message in the JRE Incompatibility Warning window Choose Administration gt Configuration Click the Custom JRE tab Using HTML code enter the message that appears in the JRE Incompatibility Warning window Click Update To restore the default message and minimum JRE version Choose Administration gt Configuration Click the Custom JRE tab Z Raritan Configuring SNMP Z Raritan Chapter 15 Advanced Administration Click Restore Default Click Update
159. K to save See Synchronize Power IQ and CC SG on page 341 for details on synchronizing manually and by task Synchronize Power IQ and CC SG Once you have configured your synchronization settings you can synchronize at any time manually Or you can create a task to synchronize on a recurring basis You must have the Device Port and Node Management permission to synchronize See Configuring Synchronization of Power IQ and CC SG on page 340 and Power IQ Synchronization Policies on page 342 for details on configuring synchronization settings gt To synchronize Power IQ and CC SG now When you click Synchronize Now only the selected Power IQ instance is synchronized If you want to synchronize all Power IQ instances on a schedule you can create a task See the next procedure 1 Choose Access gt Power IQ Services then select the Power IQ instance you want to synchronize Verify the filter and policy are correct then click Synchronize Now The Synchronization Status Message dialog opens Check the messages for the results of your synchronization gt To synchronize Power IQ and CC SG as a task 1 Create a PowerlQ Synchronization task See Schedule a Task on page 280 Raritan 7 Chapter 17 Power IQ Integration Power IQ Synchronization Policies When CC SG detects a duplicated node the synchronization policy you choose determines whether the nodes are consolidated renamed or rejected S
160. M POM SU SCIS EE A N E A saute A A T E oe 171 EPON U SEIS passaii a EE EEES EERENS EEEE 171 pee AUE E E NAA A E E A N A A A A A 172 Change your DASSWON seas ccctusntetescetecets deen N EE EEE EEE EE 172 Change your namen cnzasansiein tte an der E E EAE E acs iea cates 172 Change your default search preference ccceccceeseeceeeeeeeeeeeceaeeeeaeeseneeeseaeeesaeeseeeeseaees 172 Change the CC SG default font size seesseeseeesse eseese eerten test netr nssr nstnsstnssrnssrnssennnns 173 Change your email AddreSS ceccceceeceeeececeeeeeceeeeeeaaeeeeeeeseaeeesaaeeeeaaeseneeeseaeeesnaeeeeeeeseaees 173 Change the CC SG Super User s Username cccceeeceeeeeeeeeeeeeeeeseneeeseaeeesaeeseeeeeeaees 173 Logging WSers Out aiskina aneian iaaa ananin ataia Aa eia idana aina tet ian anian 173 Bulk Copying USC0S casi ssc ceceeitbetece ssa deesicangcsdve anaana adia aani aaiae aeaiia ai aa deh int eee anin 174 Chapter 10 Policies for Access Control 175 AGING a PONCY cesta cesies eacutaveeacteslvseccunaveneexeds S stncupueetecsnsacenenpentn decane acepieeactis 176 CITING A PONGCY T V ANA A A NA TA V EAS E 177 Deleting a PONCY seisis ENEE EREE AEE REENEN 178 SUPPOM TOM WLU MCN Giese catty AEE E A EA T 179 Assigning Policies TO User Group ives fdas eeencceteas ceveteen ecu aieiai aaraa aaa 179 Chapter 11 Custom Views for Devices and Nodes 180 Types Of CUSTOM VICWS essiri araa anaana naai aa Aaa Malesia node ia eta 180 View Dy CAE
161. MIB file that contains Raritan SNMP trap definitions See SNMP Traps on page 366 The custom MIB file can be found on on the Raritan Support web site Configuring CC SG Clusters A CC SG cluster uses two CC SG nodes one Primary node and one Secondary node for backup security in case of Primary node failure Both nodes share common data for active users and active connections and all status data is replicated between the two nodes Devices in a CC SG cluster must be aware of the IP of the Primary CC SG node in order to be able to notify the Primary node of status change events If the Primary node fails the Secondary node immediately assumes all Primary node functionality This requires initialization of the CC SG application and user sessions and all existing sessions originating on the Primary CC SG node will terminate The devices connected to the Primary node will recognize that the Primary node is not responding and will respond to requests initiated by the Secondary node Raritan Z Raritan Chapter 15 Advanced Administration Requirements for CC SG Clusters e The Primary and Secondary nodes in a cluster must be running the same firmware version on the same hardware version V1 or E1 e Your CC SG network must be in IP Failover mode to be used for clustering Clustering will not work with an IP Isolation mode configuration See About Network Setup on page 242 e Date time and time zone settings are not repl
162. Mode Password Type your password Only users with the CC Setup and Control privilege can enter maintenance mode Broadcast message Type the message that will display to users who will be logged out of CC SG Enter maintenance mode after min Enter the number of minutes from 0 720 that should elapse before CC SG enters maintenance mode Entering zero minutes causes Maintenance Mode to begin immediately If specifying over 10 minutes the broadcast message displays to users immediately and then repeats at 10 and 5 minutes before the event occurs Click OK Click OK in the confirmation dialog box Exiting Maintenance Mode Backing Up CC SG 1 Choose System Maintenance gt Maintenance Mode gt Exit Maintenance Mode Click OK to exit Maintenance Mode A message appears when CC SG has exited Maintenance Mode All users will now be able to access CC SG normally The best practice is to enter Maintenance Mode before backing up CC SG Entering Maintenance Mode ensures that no changes are made to the database while it is being backed up You can store up to 50 backup files on CC SG Once you have reached 50 backup files you cannot create any new backups until you delete some old backup files from CC SG See Saving and Deleting Backup Files on page 224 gt 1 To backup CC SG Choose System Maintenance gt Backup Type a name for this backup in the Backup Name field Type a description for the backup in
163. New In the Main tab type a name and description for the task Names can have 1 32 alphanumeric characters or underscores no spaces Click the Task Data tab Click the Task Operation drop down menu and select the task you want to schedule Note that the fields requiring data will vary according to the task selected See the following sections for details on each task Active Directory Synchronization See Synchronize All AD Modules on page 199 Backup CommandCenier See Backing Up CC SG on page 222 Backup Device Configuration See Backing Up a Device Configuration on page 83 Pause Resume Device Management See Pausing CC SG s Management of a Device on page 88 and Resuming Management see Resuming Management of a Device on page 89 for pausing and resuming individual devices See Pause and Resume Management of Devices Using a Scheduled Task on page 89 for details on scheduling a task to pause and resume multiple devices or device groups Copy Device Configuration See Copying Device Configuration on page 87 Group Power Control See Node Group Power Control Outlet Power Control See the CC SG User Guide Power IQ Synchronization See Synchronize Power IQ and CC SG on page 341 Purge Logs See Configuring Logging Activity on page 248 Restart Devices See Restarting a Device on page 88 Restore Device Configuration See Restoring Device Configurations on page 84 does not apply to d
164. New and Existing Customers Raritan In CC SG 5 0 Raritan introduces a new licensing technology You must have valid licenses installed before you can begin using CC SG 5 0 Until the licenses are installed your CC SG only allows access to limited functions See Licensing Limited Operation Before License Install on page 28 gt To get started with licensing If you re a new customer to CC SG with a physical appliance see Licensing New Customers Physical Appliance on page 14 If you re a new customer to CC SG with a virtual appliance see Licensing Virtual Appliance with License Server on page 17 If you re an existing customer who is upgrading to CC SG 5 0 see Licensing Existing Customers on page 29 10 Chapter 3 Getting Started Licensing Basic License Information CC SG product CC E1 128 CC E1 256 CC E1 512 CC V1 128 Raritan Licenses are based on the number of nodes configured in CC SG Your purchase of a physical or virtual appliance includes a license to use a specific number of nodes This base license enables CC SG functionality and includes licensing for up to the set number of nodes If you need more nodes you will also purchase an Add On license for additional nodes If you want to use the WS API feature you must also purchase an Add On license for WS API access License files for physical appliances are associated with a specific CC SG unit s Host ID Licens
165. Node Groups and Interfaces on page 101 In This Chapter VIGWING DEVICES u2seikccadaeys senteiey senate aden dted auentyiwceante ives cata aeeeteaes 48 Searching fOr DEVICES cis casecrecesdesjocetgel E EEA KRE 52 DISCOVERING DEVICES serorei anew niigdenarenioaeaaend 53 Adding a DEVICE etic elses sceastivesesyad OA 54 Eding a DEVICE rno ander tiyaticatveos inet O 57 Change the HTTP and HTTPS Ports for a KX2 Device eeeeeeees 57 Editing a PowerStrip Device or a Dominion PX Device 00ceee 57 Adding Notes to a Device Profile ceeccccecessceeeeeeeceeeeneeeeeeeneeeeeennenees 58 Adding Location and Contacts to a Device Profile ccceeceeseeeeeeees 59 Delsing a DEVIGO ite foecces cursed nonce ccatedia nett ceetieetivgdecstgted eaygaeceies 59 Contiguring POS eisni eainiie ae ana iae aE Eaa aia 60 Editing a POI sats citosteateesect2 cee setteteenentcenieddvacsedvedcabesvivecduemedincdebeaseedidectecues 61 Deleting a POrti sce sctcesccesreccsoutesccevettcceceedvsaceoutcacaeeetacdeeutienineteaaneeetieneons 62 Configuring a Blade Chassis Device Connected to KX2 ceeeeees 63 Restore Blade Servers Ports to Normal KX2 Ports ssassn 68 Bulk Copying for Device Associations Location and Contacts 69 Configuring Analog KVM Switches Connected to KX2 2 3 or Higher 70 Device Group Manager iiitcediiies herisendiiidsdicedid aiadncens 71 Adding Devices with CSV File IMpoOrt
166. Node Name Required field Description Optional gt To add an out of band KVM interface to the CSV file Column Tag or value Details number 1 ADD The first column for all tags is the command ADD 2 NODE OOBKVM INTERFAC Enter the tag as shown Tags are not case sensitive 139 Chapter 8 Nodes Node Groups and Interfaces Column Tag or value Details number 3 Node Name Enter the same value as entered for Raritan Port Name 4 Raritan Device Name Required field The device must already be added to CC SG 5 Port Number Required field 6 Blade Slot KVM Switch If the node is associated with a Port blade enter the slot number If the node is associated with a tiered generic analog KVM Switch enter the port number 7 Raritan Port Name If left blank CC SG will use the existing port name from the device If you enter a new name the name will be copied to the device with the exception of SX devices 8 Interface Name Enter the same value as entered for Raritan Port Name 9 Description Optional gt To add an out of band serial interface to the CSV file Column Tag or value Details number 1 ADD The first column for all tags is the command ADD 2 NODE OOBSERIAL INTER Enter the tag as shown FACE oh Tags are not case sensitive 3 Node Name Enter the same value as entered for Raritan Port Name 4 Raritan Device Name Required field Port Number Required field 6 Raritan Port Name If le
167. OWN cccecececeteeeeneeeeeeeeseeeeeaaeeeeneeeeaes 235 Powering Down GC S Gir sccsasiien tain ccensae eaaeeteceeaeesesacteaaeedesateis ile 235 Ending CG S Gi SOSSION sis dete esses aa a eaa 235 Maintenance mode restricts access to CC SG so that an administrator can perform operations without disruption Some examples of operations that are best performed in maintenance mode include changing the inactivity timer or backing up CC SG This ensures that system wide settings such as the inactivity timer will be changed for all users Current users except the administrator who is initiating Maintenance Mode are alerted and logged out after the configurable time period expires While in Maintenance Mode other administrators are allowed to log into CC SG but non administrators are prevented from logging in An SNMP trap is generated each time CC SG enters or exits Maintenance Mode Note 1 Maintenance Mode is available only on standalone CC SG units that are not in cluster configurations Note 2 Upgrade CC SG is disabled until you enter Maintenance Mode Scheduled Tasks and Maintenance Mode Scheduled tasks cannot execute while CC SG is in Maintenance Mode See Task Manager on page 278 When CC SG exits Maintenance Mode scheduled tasks will be executed as soon as possible 221 222 Chapter 14 System Maintenance Entering Maintenance Mode 1 Choose System Maintenance gt Maintenance Mode gt Enter Maintenance
168. SG 295 Chapter 16 Diagnostic Console The Diagnostic Console is a non graphical menu based interface that provides local access to CC SG You can access Diagnostic Console from a serial or KVM port See Access Diagnostic Console via VGA Keyboard Mouse Port on page 296 Or you can access Diagnostic Console from a Secure Shell SSH client such as PuTTY or OpenSSH Client See Access Diagnostic Console via SSH on page 296 Diagnostic Console includes two interfaces 1 Status Console See About Status Console on page 297 2 Administrator Console See About Administrator Console on page 303 Note When you access Diagnostic Console via SSH the Status Console and the Administrator Console inherit the appearance settings of your SSH client and keyboard bindings These appearance settings may differ from those in this documentation In This Chapter Accessing Diagnostic Consoles i ic cciie icc stetectecrnaciidaedbletnecieetsseese 296 Status Consolen riena eiaa ae aaa e aae aalies andea 297 Administrator GOnSON ecsedi iiaia iiaia E 303 Accessing Diagnostic Console Raritan Access Diagnostic Console via VGA Keyboard Mouse Port 1 Attach a VGA monitor plus PS2 keyboard and mouse to the rear of the CC SG unit 2 Press Enter to display a login prompt on the screen Access Diagnostic Console via SSH 1 Launch an SSH client such as PuTTY on a client PC that has network connectivity to the CC SG
169. SX 3 1 Device on page 98 Delete a Powerstrip Connected to an SX 3 1 Device You can visually delete a powerstrip connected to an SX 3 1 device even if the powerstrip is still physically connected If you physically disconnect the powerstrip from the SX 3 1 device with which it is associated the powerstrip still appears in the Devices tab beneath that device To remove it from display you must delete the powerstrip gt To delete a powerstrip connected to an SX 3 1 device 1 Inthe Devices tab select the powerstrip you want to delete Choose Devices gt Device Manager Delete Device Click OK to delete the powerstrip A message appears when the powerstrip has been deleted The powerstrip icon is removed from the Devices tab Configuring Outlets on a Powerstrip Raritan Before associating Powerstrip outlets with nodes you must configure the outlets by adding the Managed Powerstrip interface to the node See Interfaces for Managed Powerstrip Connections on page 130 gt To configure outlets from the PowerStrip profile 1 Inthe Devices tab click the next to the device that is connected to the PowerStrip Select the PowerStrip whose outlets you want to configure In the Device Profile PowerStrip screen select the Outlets tab Select the checkbox for each outlet you want to configure and then click OK The outlets will appear beneath the PowerStrip icon in the Devices tab gt To configure outlets from t
170. SX 3 1 device to CC SG See Add a KVM or Serial Device on page 54 2 CCSG detects the PowerStrip and adds it automatically The PowerStrip will appear in the Devices tab beneath the SX 3 1 device to which it is connected If the SX 3 1 device has already been added to CC SG and the PowersStrip is connected to the device later 1 Add the SX 3 1 device to CC SG See Add a KVM or Serial Device on page 54 2 Configure the ports of the SX 3 1 device See Configuring Ports on page 60 3 Inthe Devices tab select the SX 3 1 device to which the PowerStrip is connected 4 Click the next to the device icon to expand the list of ports Right click the SX 3 1 port to which the PowerSirip is connected and select Add Powerstrip from the pop up menu 6 Enter the number of outlets that the PowerStrip contains and then click OK Next Steps 1 Configure outlets See Configuring Outlets on a PowerStrip on page 99 2 Associate each outlet with the node that it powers See Interfaces for Managed Powerstrip Connections on page 130 Raritan Chapter 7 Managed Powerstrips Move an SX 3 1 s Powersirip to a Different Port When you physically move a Powerstrip from one SX 3 1 device or port to another SX 3 1 device or port you must delete the Powerstrip from the old SX 3 1 port and add it to the new SX 3 1 port See Delete a Powerstrip Connected to an SX 3 1 Device on page 99 and Add a Powerstrip Connected to an
171. Select the control system or virtual host you want to edit Click Edit ne Raritan Raritan Chapter 8 Nodes Node Groups and Interfaces Change the information as needed See Add a Control System with Virtual Hosts and Virtual Machines on page 113 and Add a Virtual Host with Virtual Machines on page 116 for complete field descriptions Click Next Delete one or multiple virtual machines from CC SG To delete a virtual machine deselect the Configure checkbox To delete multiple virtual machines use Ctrl click or Shift click to select multiple virtual machines Then select the Virtual Machine checkbox in the Check Uncheck Selected Rows section and click Uncheck To add VNC RDP or SSH interfaces to the virtual host node and the virtual machine node select the checkboxes next to each virtual machine You cannot remove SSH VNC and RDP interfaces from virtual machine nodes or virtual host nodes from this page You must delete the interfaces from the node profile See Delete an Interface on page 135 Click Next If you chose to delete virtual machines a message appears to alert you For each interface type enter a name and login credentials The name and login credentials will be shared by all the interfaces added to each virtual machine node and virtual host node configured Optional You can leave these fields blank if you prefer to add names and login credentials to each interface individually a
172. TLETS 4 Insert a row for each PX device to add Column Tag or value Details number 1 ADD The first column for all tags is the command ADD 2 PX DEVICE Enter the tag as shown Tags are not case sensitive 3 PX device s IP address or Required field hostname 4 Username Required field Password Required field 343 Chapter 17 Power IQ Integration 344 Column Tag or value Details number 6 Configure All Outlets TRUE Of FALSE Default is FALSE 7 Description Optional gt Step 3 Import the edited CSV file into CC SG 1 Inthe CC SG Admin Client choose Administration gt Import gt Import Powerstrips 2 Click Browse and select the CSV file to import Click Open Click Validate The Analysis Report area shows the file contents If the file is not valid an error message appears Click OK and look at the Problems area of the page for a description of the problems with the file Click Save to File to save the problems list Correct your CSV file and then try to validate it again See Troubleshoot CSV File Problems on page 371 Click Import Check the Actions area to see the import results Items that imported successfully show in green text Items that failed import show in red text Items that failed import because a duplicate item already exists or was already imported also show in red text 6 To view more import results details check the Audit Trail report See Audit Trai
173. Update to save your changes Reschedule a Task The Save As function in Task Manager enables you to reschedule a completed task that you want to run again This is also a convenient way to create a new task that is similar to a completed task gt 1 2 To reschedule a task Choose Administration gt Tasks In the Task Manager page select the task you want to reschedule Use the filtering criteria to search for the task Click Save As In the Save As Task window that opens the tabs are populated with the information from the previously configured task Change the task specifications as needed See Schedule a Task on page 280 and Schedule a Device Firmware Upgrade on page 282 for tab descriptions Click OK to save your changes Schedule a Task that is Similar to Another Task You can use a previously configured task as a template to schedule a new task with similar specifications gt To schedule a task that is similar to another task See Reschedule a Task on page 284 Raritan Chapter 15 Advanced Administration Delete a Task You can delete a task to remove it from the Task Manager You cannot delete a task that is currently running gt To delete a task e Select the task then click Delete SSH Access to CC SG Use Secure Shell SSH clients such as Putty or OpenSHH Client to access a command line interface to SSH v2 server on CC SG Only a subset of CC SG commands is pr
174. Updated Tue Dec 2008 12 02 26 47 35 EST 0500 Help lt Fl gt Exit lt ctl Q gt or lt ctl C gt Menus Top bar lt ctl X gt NTP is properly configured and running File Operation CC SG Administrator Console NIP Status NTP Daemon PID 16991 synchronised to NTP server 192 168 51 11 at stratum time correct to within 26 ms polling server every 64 s client 27 127 16 client 192 168 51 11 remote Local st poll reach delay 127 127 1 0 127 0 6 1 10 77 0 00000 192 168 51 11 192 168 51 26 5 64 377 0 00043 0 013413 0 08279 SH ACD7900052 Ver 4 1 0 5 2 Updated Tue Dec 2008 12 02 23 18 06 EST 0500 Help lt Fl gt Exit lt ctl Q gt or lt ctl C gt Menus Top bar lt ctl X gt Raritan Chapter 16 Diagnostic Console Take a System Snapshot When CC SG does not function properly it is extremely helpful if you can capture the information stored in CC SG such as the system logs configurations or database and provide it to Raritan Technical Support for analysis and troubleshooting gt 1 2 3 Z Raritan 1 Take a snapshot of CC SG Choose Operation gt Utilities gt System Snapshot Click or select Yes The System Snapshot menu opens Verify that every Used value shown on the screen is below 60 to ensure that there is sufficient space available for the snapshot operation Otherwise abort the operation and perform the clean up operation or contact Raritan Technical Supp
175. UpgradeStarted cclmageUpgradeResults ccUserAdded ccUserDeleted ccUserModified ccUserAuthenticationFailure ccLanCardFailure ccHardDiskFailure ccLeafNodeUnavailable ccLeafNodeAvailable cclncompatibleDeviceFirmware ccDeviceUpgrade ccEnterMaintenanceMode ccExitMaintenanceMode ccUserLockedOut ccDeviceAddedAfterCCNOCNotificati on ccScheduledTaskExecutionFailure ccDiagnosticConsoleLogin Raritan Description CC SG application is unavailable CC SG application is available CC SG user logged in CC SG user logged out CC SG session started CC SG session stopped CC SG session terminated CC SG image upgrade started CC SG image upgrade results New user added to CC SG User deleted from CC SG CC SG user has been modified CC SG user authentication failure CC SG detected a LAN Card Failure CC SG detected a hard disk failure CC SG detected a connection failure to a leaf node CC SG detected a leaf node that is reachable CC SG detected a device with incompatible firmware CC SG has upgraded the firmware on a device CC SG entered Maintenance Mode CC SG exited Maintenance Mode CC SG user has been locked out CC SG has added a device after receiving a notification from CC NOC The reason why the execution of a scheduled task failed User has logged into the CC SG Diagnostic Console 366 SNMP Trap ccDiagnosticConsoleLogout ccUserGroupAdded ccUserGroupDeleted ccUserGroupModifie
176. User IP address fields Wildcards are accepted in these fields To limit the report by the message text associated with an activity type the text in the Message field To limit the report to a particular device type the device name in the Device Name s field To limit the report to a particular node type the port name in the Node Name s field To limit the report to a particular user s activities type the user s username in the Username s field To limit the report to a particular IP address s activities type the user s IP address in the IP Address es field In the Entries to Display field select the number of entries to display in the report screen Click Apply to generate the report The Availability report displays the status of all connections to devices or nodes This report gives you full availability information for all devices or nodes in your CC SG managed network gt To generate the Availability Report 1 Choose Reports gt Availability Report 2 Select Nodes or Devices Raritan Active Users Report 3 Chapter 13 Reports Click Apply The Active Users report displays current users and user sessions You can select active users from the report and disconnect them from CC SG gt To generate the Active Users report Choose Reports gt Users gt Active Users To disconnect a user from an active session in CC SG In the Active Users report select the user name yo
177. Windows or Unix or Linux CIM Computer Interface Module hardware used to connect a target server and a Raritan device Each target requires a CIM except for the Dominion KX101 which is attached directly to one target and therefore does not require a CIM Target servers should be powered on and connected to CIMs and CIMs should be connected to the Raritan device BEFORE adding the device and configuring ports in CC SG Otherwise a blank CIM name will overwrite the CC SG port name Servers must be rebooted after connecting to a CIM Device Group defined group of devices that are accessible to a user Device groups are used when creating a policy to control access to the devices in the group Devices Raritan products such as Dominion KX Dominion KX II Dominion SX Dominion KSX IP Reach Paragon II System Controller and Paragon II UMT832 with USTIP that are managed by CC SG These devices control the target servers and systems or nodes that are connected to them Check the CC SG Compatibility Matrix on the Raritan Support web site for a list of supported devices Elements values of a category For example the New York City element belongs to the Location category and the Windows element belongs to the OS Type category Raritan Z Raritan Chapter 1 Introduction Ghosted Ports when managing Paragon devices a ghosted port can occur when a CIM or target server is removed from
178. a specified number of failed login attempts You can enable this feature for locally authenticated users for remotely authenticated users or for all users Note By default the admin account is locked out for five minutes after three failed login attempts For admin the number of failed login attempts before lockout and after lockout is not configurable gt 1 o N gt To enable lockout Choose Administration gt Security Click the Login Settings tab Select the Lockout Enabled for Local Users checkbox to enable lockout for users who are locally authenticated Select the Lockout Enabled for Remote Users checkbox to enable lockout for users who are remotely authenticated The default number of Failed Login Attempts before a user is locked out is three You can change this value by entering a number from 1 to 10 Choose a Lockout Strategy Lockout for Period specify the period of time in minutes the user will be locked out before they can login again The default number is five minutes You can specify a period from 1 minute up to 1440 minutes 24 hours After the time expires the user can log in again At any time during the lockout period an administrator can override this value and allow the user to log back into CC SG Lockout Until Admin Allows Access users are locked out until an administrator unlocks the user account Type an email address in the Lockout Notification Email field Notification is s
179. a cluster completely deletes the information entered for the cluster and restores both of Primary and Secondary CC SG nodes to the Standalone state In addition all configuration data except for the networking settings personality package on the Secondary node is reset to default including the CC Super User password gt To delete a cluster 1 Choose Administration gt Cluster Configuration Click Delete Cluster Click Yes to remove the Primary Node and Secondary Node status e oO RN A message appears when the cluster is deleted Upgrade a Cluster See Upgrading a Cluster on page 232 di Raritan Raritan Chapter 15 Advanced Administration Cluster Licenses You can operate a CC SG cluster using separate standalone licenses with the same node capacity or a cluster kit license Cluster licenses differ from standalone licenses in that they contain the host IDs of both CC SG units in the cluster Only one set of licenses is required to operate both CC SG units in a cluster Cluster licenses must be added to the primary CC SG unit The license is automatically copied onto the backup node when you create the cluster When upgrading a CC SG cluster to version 5 0 or higher follow the procedure for firmware upgrade to ensure that an identical set of licenses is created on each CC SG See Upgrading a Cluster on page 232 Since each CC SG in the cluster must be able to take over as primary they must
180. a for evaluating nodes Toremove a rule highlight the rule in the table and then click the Remove Row icon E The table of rules makes available criteria for evaluating nodes To write a description for the node group add the rules by Rule Name to the Short Expression field If the description only requires a single rule then type that rule s name in the field If multiple rules are being evaluated type the rules into the field using a set of logical operators to describe the rules in relation to each other amp the AND operator A node must satisfy rules on both sides of this operator for the description or that section of a description to be evaluated as true the OR operator A node only needs to satisfy one rule on either side of this operator for the description or that section of a description to be evaluated as true and grouping operators This breaks the description into a subsection contained within the parentheses The section within the parentheses is evaluated first before the rest of the description is compared to the node Parenthetical groups can be nested inside another parenthetical group Example 1 If you want to describe nodes that belong to the engineering department create a rule that says Department Engineering This will become RuleO Then type Rule0 in the Short Expression field Example 2 If you want to describe a group of devices that belong to the engineering department or are
181. ab Configuring PowerStrips Connected to SX 3 0 and KSX You can perform the following tasks in CC SG to configure and manage PowerStrips connected to SX 3 0 or KSX devices Note PowerStrips must be physically connected to the Power Port of a KSX device e Add a PowerSirip Connected to an SX 3 0 or KSX device on page 96 e Delete a PowerStrip Connected to an SX 3 0 or KSX Device on page 97 e Change a PowerStrip s Device or Port Association SX 3 0 KSX on page 97 Add a PowerStrip Connected to an SX 3 0 or KSX device 1 Add the SX 3 0 or KSX device to CC SG See Add a KVM or Serial Device on page 54 Choose Devices gt Device Manager gt Add Device Click the Device type drop down menu and select PowerStrip Type a name for the PowerStrip in the Power Strip Name field Hold your cursor over the field to see the number of characters allowed in the name Spaces are not permitted 5 Click the Number of Outlets drop down menu and select the number of outlets this PowerStrip contains 6 Click the Managing Device drop down menu and select the SX 3 0 or KSX device that is connected to this power strip 7 Click the Managing Port drop down menu and select the port on the SX 3 0 or KSX device to which this power strip is connected 8 Type a short description of this PowerStrip in the Description field Optional 9 Select Configure All Outlets if you want to automatically add each outlet on this PowerStrip device t
182. able control or not arising under normal operating conditions CE Crus i LISTED Contents Raritan What s New in the CC SG Administrators Guide xvii Chapter 1 Introduction 1 Proregui STOS ae a A 1 TOrmMiMOlOGy ACKOMYINS cirai E RE E AE ESE TET 2 Client Browser ReGuIreMeMS x iicciccocdescseteiacchai es ditietsiner na naiai eiaadani a aeiaai 4 Chapter 2 Accessing CC SG 5 Browser Based Access via the CC SG Admin Client 0 cccceecceeeeeeeseeeeeeeeceeeeeseaeeesaeeeeneeseaees 5 JRE Incompatibility saci f tect aacises tedacee ta nyeeee steuceeteaguasiesiesccet tung tame aeaii oei areitan ieena 6 Thick Client ACCESS c ccccceceseeeeeeeececeeecaeeeeaaececeeesaeeecaaeeecaaeseeeeeseaeeesaaesseaeeseeeeescaeeeeaeeseaeeseeneess 6 Install thie Thick Client sates saz ects ca Sees sate westcnch onnaa ea aE KES EAE ted dccee sag NNE 6 Use the THICK CUA ised ince satcceencg fees ei accek ace denen aca cess ca a EEA hes Mcp cai RA SNRA 7 CO SG Admin Chetii aieiaa a a Aa NEEE aaria fete aa ANNEER 8 Chapter 3 Getting Started 10 Licensing Getting Started New and Existing CUStOMeErS seeeseesseeesiessiesriseriesriesresrresree 10 Licensing Basic License Information eccccceeeeeeeeeeeeeeeeeeeeeeeeeeaeeeeeeaaeeeseeaaeeeseeaaeeeseenaeeeeeeaas 11 Available LIC NSES cceecceceeseceeeesseeeeeeaeeeeeeaaeeeeeeaaeeeseesaeeeseesaeeesesseneeseeneneeseeneneeeneneaes 11 Find Your Physical Appliance Host ID and Check
183. add a service account Choose Nodes gt Service Accounts The Service Accounts page opens Click the Add Row icon E to add a row to the table Enter a name for this service account in the Service Account Name field Enter the username in the Username field Enter the password in the Password field Re type the password in the Retype Password field Enter a description of this service account in the Description field Click OK To edit a service account Choose Nodes gt Service Accounts The Service Accounts page opens Find the service account you want to edit Edit the fields You cannot edit the Service Account Name Note CC SG updates all interfaces that use the service account to use the new login credentials when you change the username or password Click OK To delete a service account Choose Nodes gt Service Accounts The Service Accounts page opens Select the service account you want to delete E Click the Delete Row button E Click OK Change the Password for a Service Account gt 1 To change the password for a service account Choose Nodes gt Service Accounts The Service Accounts page opens 107 Chapter 8 Nodes Node Groups and Interfaces 2 Find the service account whose password you want to change 3 Enter the new password in the Password field 4 Re type the password in the Retype Password field 5 Click OK Note CC SG updates all interfaces that us
184. add the CA certificate or a copy of self signed certificate to the Trusted Root CA store in their browser When launching AKC from the CC SG Admin Client you must have JRE 1 6 0_10 or above Configuring Default Applications About Default Applications You can specify which application you want CC SG to use by default for each device type ie Raritan Chapter 15 Advanced Administration View the Default Application Assignments gt To view the default application assignments 1 Choose Administration gt Applications 2 Click the Default Applications tab to view and edit the current default applications for various Interfaces and Port Types Applications listed here will become the default choice when configuring a node to allow access through a selected interface Set the Default Application for an Interface or Port Type gt To set the default application for an interface or port type 1 Choose Administration gt Applications Click the Default Applications tab Select the Interface or Port Type whose default application you want to set 4 Double click the Application arrow listed on that row The value becomes a drop down menu Grayed out values cannot be changed 5 Select the default application to use when connecting to the selected Interface or Port Type Auto Detect CC SG will automatically select an appropriate application based on the client browser 6 Click OK to save your changes
185. ade Chassis Device on page 67 Note 2 Changing the node name of a Virtual Host or Virtual Control System node also changes the name in the Virtualization table Delete a Node Deleting a node removes it from the Nodes tab The node will no longer be available for users to access When you delete a node all interfaces associations and associated ports are deleted gt To delete a node 1 Inthe Nodes tab select the node you want to delete Choose Nodes gt Delete Node The Delete Node screen appears Click OK to delete the node Click Yes to confirm that deleting the node also deletes all interfaces and associated ports A list of all deleted items appears when the deletion is complete PP oO N Raritan Chapter 8 Nodes Node Groups and Interfaces Adding Location and Contacts to a Node Profile Enter details about the location of the node and contact information for the people who administer or use the node gt 1 To add location and contacts to a node profile Select a node in the Nodes tab The Node Profile page opens Click the Location amp Contacts tab Enter Location information Department Maximum 64 characters Site Maximum 64 characters Location Maximum 128 characters Enter Contacts information Primary Contact Name and Secondary Contact Name Maximum 64 characters Telephone Number and Cell Phone Maximum 32 characters Click OK to save your changes Adding No
186. ade log Alternatively you may wait for the SNMP trap cclmageUpgradeResults with a success message d The server must reboot The reboot process begins when you see the Linux reboot message in the upgrade log The server will shut down and reboot Note For upgrades from CC SG 3 x to 4 0 x the system will reboot twice which is normal and expected e In approximately 2 minutes after the reboot you may re access the Diagnostic Console using the admin account and monitor the progress of the upgrade process Optional Click OK to exit CC SG 9 Clear the browser cache then close the browser window See Clear the Browser s Cache on page 231 za Raritan 10 11 12 14 15 Chapter 14 System Maintenance Clear the Java cache See Clear the Java Cache on page 231 Launch a new web browser window Log into the CC SG Admin Client using an account that has the CC Setup and Control privilege Choose Help gt About Raritan Secure Gateway Check the version number to verify that the upgrade was successful If the version has not upgraded repeat the previous steps f upgrade was successful proceed to the next step Exit Maintenance Mode See Exiting Maintenance Mode on page 222 Back up the CC SG See Backing Up CC SG on page 222 Clear the Browser s Cache These instructions may vary slightly for different browser versions gt 1 2 To clear the browser cache in Internet Explor
187. ag as shown Tags are not case sensitive Required field User Group names are case sensitive Required field gt To associate an AD module to a user group in the CSV file Column number 1 Tag or value ADD Details The first column for all tags is the Raritan Raritan Column Tag or value number 2 USERGROUP ADMODULE 3 User Group Name 4 AD Module Name To add a user to CC SG Column Tag or value number 1 ADD 2 USER 3 User Group Name 4 User Name 5 Password 6 User s Full Name 7 Email Address 8 Telephone Number 9 Login Enabled 10 Remote Authentication 11 Force Password Change Periodically 12 Expiration Period Chapter 9 Users and User Groups Details command ADD Enter the tag as shown Tags are not case sensitive Required field User Group names are case sensitive Required field Details The first column for all tags is the command ADD Enter the tag as shown Tags are not case sensitive Required field User Group names are case sensitive You must add the user to one user group You can add the user to more user groups with the USERGROUP MEMBER tag Required field Required field Optional Optional Email address is used with system notifications Optional TRUE Or FALSE Default is TRUE Enable login to allow the user to log in to CC SG TRUE Or FALSE TRUE Or FALSE If Force Pas
188. ails while following the Upgrading a Cluster on page 232 procedure follow these steps to complete the cluster upgrade 1 If the primary node upgrade fails shutdown the CC SG application by choosing System Maintenance gt Shutdown When you shutdown the CC SG application the unit is still powered on and accessible through the Diagnostic Console See CC SG Shutdown on page 234 for details 2 Restart your backup node See Restart CC SG with Diagnostic Console on page 315 for details on restarting The backup node goes into Primary status Contact Raritan Technical Support to determine why the upgrade failed Migrating a CC SG Database Raritan To replace a physical CC SG unit with a new one or migrate from a physical CC SG unit to a virtual CC SG follow this recommended migration procedure Requirements for Migration e Both CC SG units must be at the same version of firmware and version 5 1 or higher e You must have valid licenses for the CC SG you are migrating your database to before your migrated CC SG can be fully functional Migrate a CC SG Database gt To migrate a CC SG database 1 Pause management of all devices Optional You can schedule a task to pause all devices if you are using CC SG firmware version 5 1 or higher See Schedule a Task on page 280 2 Perform a Full Backup of the CC SG that you are migrating from Make sure you select Full as the Backup Type and save the backup
189. ally but can be added manually as well Out of Band Access using applications such as Raritan Remote Console RRC Raritan Console RC Multi Platform Client MPC Virtual KVM Client VKC or Active KVM Client AKC to correct or troubleshoot a KVM or serial managed node in your network Policies define a user group s access within the CC SG network Policies are applied to a user group and have several control parameters to determine the level of control such as date and time of access Nodes target systems such as servers desktop PCs and other networked equipment that CC SG users can access Interfaces the different ways a Node can be accessed whether through an out of band solution such as a Dominion KX2 connection or through an in band solution such as a VNC server Chapter 1 Introduction Node Groups a defined group of nodes that are accessible to a user Node groups are used when creating a policy to control access to the nodes in the group Ports connection points between a Raritan device and a node Ports exist only on Raritan devices and they identify a pathway from that device to a node SASL Simple Authentication and Security Layer method for adding authentication support to connection based protocols SSH clients such as PUTTY or OpenSSH that provide a command line interface to CC SG Only a subset of CC SG commands is provided via SSH to administer devices and CC SG itself User Groups
190. ame FQDN if known See Terminology Acronyms on page 2 for hostname rules In the Mode field select either IP Isolation or IP Failover See About Network Setup on page 242 In the Configuration Field select either DHCP or Static f you choose DHCP and your DHCP server has been configured appropriately the DNS information the domain suffix IP address default gateway and subnet mask will be automatically populated once you save and you exit and re enter Admin Console f you choose Static type an IP Address required Netmask required Default Gateway optional Primary DNS optional and Secondary DNS optional and Domain Name in Domain Suffix optional 307 Chapter 16 Diagnostic Console 308 Even if DHCP is being used to determine the IP configuration for an interface you must provide a properly formatted IP address and Netmask 6 Inthe Adapter Speed select a line speed The other values of 10 100 and 1000 Mbps are on a scrollable list where only one value is visible at any given time and the arrow keys are used to navigate to them Press the Space bar to select the option displayed For 1 GB line speeds select AUTO 7 If you did not select AUTO for Adapter Speed click Adapter Duplex and use the arrow keys to select a duplex mode FULL or HALF from the list if applicable While a duplex mode can be selected at any time it only has meaning and takes effect when Adapter Speed is not AUTO
191. ame System DDNS registration requests from CC SG Configuring Logging Activity You can configure CC SG to report to external logging servers and specify what level of message is reported in each of the logs gt 1 248 To configure CC SG logging activity Choose Administration gt Configuration Click the Logs tab To assign an external log server for CC SG to use type the IP address in the Server Address field under Primary Server Click the Level to Forward drop down arrow and select an event severity level All events of this level or higher will be sent to the logging server To configure a second external log server repeat steps 3 and 4 for the fields under Secondary Server Under CommandCenter Log click the Level to Forward drop down menu and select a severity level All events of this level or higher will be reported in CC SG s own internal log Click Update Configuration to save your changes Raritan Chapter 15 Advanced Administration Purge CC SG s Internal Log You can purge the CC SG s internal log This operation does not delete any events recorded on your external log servers Note The Audit Trail and Error Log reports are based on CC SG s internal log If you purge CC SG s internal log these two reports will also be purged You can also purge these reports individually See Purge a report s data from CC SG on page 210 gt To purge CC SG s internal log 1 Choose Administration
192. appear in the Devices tab beneath the device to which it is connected Next Steps 1 Configure outlets See Configuring Outlets on a PowerStrip on page 99 2 Associate each outlet with the node that it powers See Interfaces for Managed Powerstrip Connections on page 130 Move a KX KX2 KX2 101 KSX2 or P2SC s PowerSirip to a Different Port When you physically move a PowerStrip from one KX KX2 KX2 101 KSX2 or P2SC device or port to another KX KX2 KX2 101 KSX2 or P2SC device or port CC SG automatically detects the PowerSirip and updates its association to the correct device You do not have to add the PowerStrip to CC SG separately Note When you physically remove a PowerStrip from a P2SC port but do not connect it to another port CC SG does not remove the PowerStrip from the old port You must perform a partial or full database reset of the UMT to which the PowerSirip is connected to remove the PowerStrip from the Devices tab See the Raritan P2SC User Guide 95 Raritan Chapter 7 Managed Powerstrips Delete a PowerStrip Connected to a KX KX2 KX2 101 KSX2 or P2SC Device You cannot delete a PowerStrip connected toa KX KX2 KX2 101 KSX2 or P2SC device from CC SG You must physically disconnect the PowerSirip from the device to delete the PowerStrip from CC SG When you physically disconnect the PowerSirip from the device the PowerStrip and all configured outlets disappear from the Devices t
193. arch 26 2008 through March 27 2008 only those records will be purged Entries earlier than March 26 or later than March 27 will remain in the Audit Trail Purged data is removed from CC SG permanently gt To purge a report s data from CC SG 1 Generate the report whose data you want to delete from CC SG Click Purge Click Yes to confirm Hide or Show Report Filters Some reports offer a set of filtering criteria at the top of the report screen You can hide the filtering section which will allow the report area to expand gt To hide or show the report filters e Click the Filter toolbar at the top of the screen to hide the filtering section e Click the Filter toolbar again to show the filtering section CC SG maintains an Audit Trail of events in the system The Audit Trail logs events such as adding editing or deleting devices or ports and other modifications to the system Note The Audit Trail records an entry when a user connects to a bookmarked port but doesn t record the logout entry until the browser instance used to make the connection is closed gt To generate the Audit Trail report 1 Choose Reports gt Audit Trail 2 Set the date range for the report in the Start Date and Time and End Date and Time fields Click each component of the default date month day year hour minute to select it then click the up and down arrows to reach the desired number Raritan Error Log Report
194. ars when all imported user groups in the selected module have been successfully synchronized Raritan Raritan Chapter 12 Remote Authentication Synchronize All AD Modules You should synchronize all AD Modules whenever you change or delete a user in AD change user permissions in AD or make changes to a domain controller When you synchronize all AD modules CC SG retrieves the user groups for all configured AD modules compares their names with the user groups that have been imported into CC SG or associated with the AD module within CC SG and refreshes the CC SG local cache The CC SG local cache contains all domain controllers for each domain all user groups that are associated with modules in CC SG and the user information for the known AD users If user groups have been deleted from the AD modules CC SG removes all associations to the deleted group from its local cache as well This ensures that CC SG has the most current AD user group information gt To synchronize all AD modules 1 Choose Administration gt Security 2 Click the Authentication tab All configured Authorization and Authentication Servers appear in a table 3 Inthe On Demand Synchronization list select All Active Directory Modules then click Synchronize Now A confirmation message appears when all AD modules have been successfully synchronized If changing the password for a user in MSFT Windows Server 2003 AD both the old and the n
195. artbeat 10000 UDP no heartbeat 351 352 Appendix B CC SG and Network Configuration Communication Direction CC SG to CC SG CC SG to CC SG CC SG to CC SG Communication Direction DHCP server to CC SG CC SG to DHCP server NTP server to CC SG CC SG to DNS Port Protocol Number 5432 TCP 8732 TCP 3232 TCP Configurable no no no Details From HA JDBC on Primary to Backup PostgreSQL DB server Not encrypted Primary Backup server sync clustering control data exchange MD5 encrypted Primary Backup SNMP sync configuration changes forwarding Not encrypted Access to Infrastructure Services The CC SG can be configured to use several industry standard services like DHCP DNS and NTP These ports and protocols are used to allow CC SG to communicate with these optional servers Port Protocol Number 68 UDP 67 UDP 123 UDP 53 UDP Configurable no no no no Details IPv4 DHCP standard IPv4 DHCP standard NTP standard DNS standard PC Clients to CC SG PC Clients connect to the CC SG in one of three modes Admin or Access Client via a web browser CC SG supports SSL v2 SSL v3 and TLS v1 for browser connections You can configure these encryption methods in your browser Command Line Interface CLI via SSH Diagnostic Console Raritan Communication Direction PC Client to CC SG PC Client to CC SG PC Client to CC SG PC Client to CLI
196. ascaine ania ai 122 Enable or Disable Daily Synchronization of the Virtual InfrastruCtUre 0 ccceeeeeees 122 Reboot or Force Reboot a Virtual Host Node cceccceesecceeeeeeeceeeeneeeeeeeseneeeeesenseseeseneeeeeneeee 123 Accessing the Virtual Topology VieW 0 ecccceeeeeeeeeeeeeeeeeeeeeeeeeeneeeeeseeeeeeseneeeeeseeeeeeeseneeeeeeeeeaees 123 Connecting to a Node cccceceeeceeseeeeeeee cece eeeaae sence caeeecaaeeeeaaesaaneecaeeseaaesecaaeseeeescaeeeeaaesseneessaees 124 Firefox Users of the Access Client Must Download JNLP File 124 eaa LINO OG ace ce tac ene cals apg tn esac EO Cate ee eae deine tee chee Gece tag EEE 124 Adding Editing and Deleting Interfaces eecccceeceeee scene ee eeeeeeeeeeneeeeeseneeeeeseneeeeesenaeeeeeneaees 125 Add an IG ACG eissien iiginn rarei Ekainan aE E ta Spawn ENESENN ERNES ESETEKEN ESRAS RAEAN 125 Soan ELE e e E E E E E Leagoeawsthdoientettouenstboaee 135 Delete an Interface ei ticcccetcegereiaalscsei tatsdien akcuses tenduceweahsdiee ta tyeensskgucen tavdureeeseseiee tetettensabadie 135 Bookmarking an Interface ccccccccesccceeeeseceeeenseceeesneeeeeesneeeeeseeeeensneeeeesneeeeeesneeeeeesneeeeenennes 136 Configuring Direct Port Access to a Node cc ccceecceceeeeeeeeeeeeeeeceaeeecaaeeeeaeeseeeeescaeeestaeeeeeeseaees 137 Bulk Copying for Node Associations Location and Contacts ccccsccccsssseeeessneeeeesseeeeseaes 137 MVS UNG GINA ests ese E gee cg ct geet ae welch atta
197. ation and logs configure network interfaces Note You can access both the Administrator Console and Status Console interfaces via VGA Keyboard Mouse Port if applicable serial port if applicable or SSH Status Console interface is also available from a Web interface when enabled Change Password Secure Gateway To view Message Of The Day Print Print Screen Logout and Exit Administration gt Cluster Configuration To configure the cluster and assign roles to the cluster nodes Building the cluster is a pre requisite for operating with a cluster based license Clusters are available on physical appliances only Administration gt License Manager To allow uploading and removing license files and license check out and check in System Maintenance The following menu choices are enabled Restore To allow restore of licenses to CC SG in case you do a full reset and remove the licenses by mistake Maintenance Mode To enter and exit Maintenance Mode as needed to create cluster or perform upgrades Restart Upgrade Shutdown View Help To view online help documentation Raritan Chapter 3 Getting Started Licensing Existing Customers If you are an existing CC SG customer with a physical CC SG appliance when you upgrade your CC SG unit to 5 0 or higher a license file is created and installed that allows you to continue using CC SG with the number of nodes configured at the time of upgrade
198. attempt 217 Chapter 13 Reports Node Group Data Report The Node Group Data report displays the list of nodes that belong to each group the user groups that have access to each node group and if applicable the rules that define the node group The list of nodes is in the report details which you can view by double clicking a row in the report page or save to a CSV file See Save a Report to a File on page 209 The Node Asset report displays the list of groups each node is a member of See Node Asset Report on page 216 gt To generate the Node Group Data report 1 Choose Reports gt Users gt Node Group Data 2 Double click a row to display the list of nodes in the group AD User Group Report The AD Users Group report displays all users in groups that were imported into CC SG from AD servers that have been configured for both authentication and authorization The report does not include users who were added to the AD user groups locally via CC SG gt To generate the AD Users Group report 1 Choose Reports gt Active Directory gt AD Users Group Report 2 The AD Server list includes all AD servers that have been configured on CC SG for both authentication and authorization Select the checkbox that corresponds to each AD server you want to include in the report 3 Inthe AD User Groups section the Available list includes all user groups that were imported into CC SG from the AD servers you checked in the A
199. aucran E A E A sane 110 pelete a Node nioran oian o aaa ie EEE E E E EAE EAE a OA 110 Raritan Contents Adding Location and Contacts to a Node Profile 0 ccccceesceceeeeeeeeeeeeeeeeeeeeceeeesaeeesaeeeeeeeeeaas 111 Adding Notes to a Node Protile s 2ciciscctocivedsscensceccenateds cectadescendvaen coetdastapentedt ceetucat speddaancedsdeadeony 111 Configuring the Virtual Infrastructure in CC SG sssusa iini 112 Terminology tor Virtual lfrastrUCture sicccisiiccestececetsaiedesssieeisiaitebatscednedsgieddeaevidtiesniets 112 Virtual Nodes OVE RVICW sss esinin iaaea EE EAE AANA EEE TE 113 Add a Control System with Virtual Hosts and Virtual Machines sesseeeseeeseeeeeeseesseens 113 Add a Virtual Host with Virtual Machines sassseesssesssrresssrnesssnnesssnnessnnnastnnnesnnnnannennennnna 116 Edit Control Systems Virtual Hosts and Virtual MaChineS 0 cccccseceeeesseeeeeesteeeeees 118 Delete Control Systems and Virtual HOStS 0 cccceeeseeceeeeeeeaeeeeeeeeeeeeeseaeeeeaaeseeneeeeeeeees 120 Delete a Virtual Machine Node wis ci icceeseetene etteensccetete eetiaetaetinns atte neatin anaes eek 120 Delete a Virtual latraStrUCwune assisia 120 vSphere 4 Users Must Install New Plug In sssssessessseessesssesssesssesssesssesssnsssnessnnssnnesnnesnnens 121 Synchronizing the Virtual Infrastructure With CC SG esseesseesseesseessesssesssnessnsssnnssnnesnnesnnesnnens 121 synchronize the Virtual IMtraStruCtune e
200. b Private Key Length 1024 is the default c Validity Period days Maximum 4 numeric characters d Country Code CSR tag is Country Name Raritan CC NOC Raritan Chapter 15 Advanced Administration e State or Province Maximum 64 characters Type in the whole state or province name Do not abbreviate f City Locality CSR tag is Locality Name Maximum 64 characters g Registered Company Name CSR tag is Organization Name Maximum 64 characters h Division Department Name CSR tag is Organization Unit Name Maximum 64 characters i Fully Qualified Domain Name CSR tag is Common Name j Administrator Email Address Type in the email address of the administrator who is responsible for the certificate request k Challenge Password Maximum 64 characters Note The Challenge Password is used internally by CC SG to generate the certificate You do not need to remember tt Password Enter a keystore password Use this password to open the P12 file that you will save in step 7 If you copy the generated certificate and import into your own keystore instead you do not need to remember this keystore password Click Generate Certificate The text appears in the Certificate box Click Save to File to save the certificate to a P12 file Or copy the generated certificate and import it into your own keystore 8 Click Add to save your changes As of CC SG release 4 2 CC NOC is not accessible from CC
201. be requi Replacing a base does not clear all add ons if they are of the same type and the host IDs match For example a CC E1 512 could be used to replace a CC E1 256 Ifthe host IDs were the same on both lic the add on licenses are still valid When operating in a cluster with standalone licenses the cluster must be deleted to replace standalone licenses then re joined Since standalone licenses are not shared by cluster m each CC SG operating in a cluster with standalone lice must have equivalent licensed node capacity Instead of adding licensed node capacity to each of th units customers may prefer to transition to cluster lice order to be able to share the licenses between the two units Delete the cluster temporarily replace the licenses an re build the cluster Replacement of a base license will require the user to check out features After licenses are replaced go to the License Manage review the available features and check them out as n They will not be checked out automatically See Instal Check Out Your License on page 23 387 Appendix J Keyboard Shortcuts The following keyboard shortcuts can be used in the Java based Admin Client Operation Keyboard Shortcut Refresh F5 Print panel Ctrl P Help F1 Insert row in Associations Ctrl table Raritan Appendix K Naming Conventions User Information Node Information Raritan This appendix includes i
202. box next to the outlet name Click OK to save your changes A message appears when the device has been modified Adding Notes to a Device Profile You can use the Notes tab to add notes about a device for other users to read All notes display in the tab with the date username and IP address of the user who added the note If you have the Device Port and Node Management privilege you can clear all notes that display in the Notes tab gt To add notes to the device profile 1 Select a device in the Devices tab The Device Profile page opens 2 Click the Notes tab 3 Type your note in the New Note field 4 Click Add Your note appears in the Notes list gt To clear all notes 1 Click the Notes tab Click Clear Notes Click Yes to confirm All notes are deleted from the Notes tab Raritan Chapter 6 Devices Device Groups and Ports Adding Location and Contacts to a Device Profile Enter details about the location of the device and contact information for the people who administer or use the device gt 1 To add location and contacts to a device profile Select a device in the Devices tab The Device Profile page opens Click the Location amp Contacts tab Enter Location information Department Maximum 64 characters Site Maximum 64 characters Location Maximum 128 characters Enter Contacts information Primary Contact Name and Secondary Contact Name Maximum 64 characters
203. browsing through several files at once to examine system activity The Logfile list is updated only when the associated list becomes active as when a user enters the logfile list area or when a new sorting option is selected File names are preceded by a timestamp indicating either how recently the logfile has received new data or the file size of the logfile gt Timestamp and file size abbreviations Timestamps e S seconds e m minutes e h hours e d days File sizes e B Bytes e K Kilobytes 1 000 bytes e M Megabytes 1 000 000 bytes e G Gigabytes 1 000 000 000 bytes gt To view log files 1 Choose Operation gt Admin gt System Logfile Viewer 2 The Logviewer screen is divided into four main areas List of Logfiles currently available on the system If list is longer than the display window the list can be scrolled using the arrow keys Logfile List sort criteria Logfiles can be shown sort by their Full File Name the most recently changed logfile or by the largest logfile size Viewer Display options Export View selector Raritan Chapter 16 Diagnostic Console 3 Click with the mouse or use the arrow keys to navigate and press the Space bar to select a log file marking it with an X You can view more than one log file at a time gt To sort the Logfiles to View list The Sort Logfile list by options control the order in which logfiles are displayed in the Logfile
204. ccount Credentials checkbox then select the name of the service account or Enter a username and password for the interface type Maximum 64 characters each 13 Click OK CC SG creates One node for each virtual machine Each virtual machine node has a VMW Viewer interface a VMW Power interface and any other in band interfaces you specified Virtual machine nodes are named with their virtual machine names from the virtual host systems 115 Chapter 8 Nodes Node Groups and Interfaces One node for each virtual host Each virtual host node has a VI Client interface Virtual Host nodes are named with their IP addresses or host names One node for the control system The control system node has a VI Client interface Control System nodes are named Virtual Center plus the IP address For example Virtual Center 192 168 10 10 Add a Virtual Host with Virtual Machines When you add a virtual host a wizard guides you through adding the virtual machines included in the virtual host gt 1 a S wN 116 To add a virtual host with virtual machines Choose Nodes gt Virtualization Click Add Virtual Host Choose Nodes gt Virtualization Click Add Virtual Host Hostname IP Address Enter the IP Address or hostname of the virtual host Maximum 64 characters Connection Protocol Specify HTTP or HTTPS communications between the virtual host and CC SG TCP Port Enter the TCP port The default port is 4
205. ccount to use in the Service Account Name menu or Enter a Username and Password for authentication Optional Type a description of this interface in the Description field Optional Click OK to save your changes IBM IMM Module Connection Details You can connect to an IBM IMM module standard version through CC SG for power control operations using an IPMI Power Control interface Power on power off and power cycle functions are supported See Interfaces for IPM Power Control Connections on page 131 Note KVM access to IBM IMM modules is not available through CC SG Raritan 131 132 Chapter 8 Nodes Node Groups and Interfaces Interfaces for Power IQ Proxy Power Control Connections Add a Power IQ Proxy power control interface when you want to use CC SG to control power to a Power IQ IT device that you ve added to CC SG as a node This enables you to control power to nodes connected to PDUs not managed by CC SG gt To add an interface for Power IQ Proxy power control connections 1 Enter the IT device s External Key The External Key must match between Power IQ and CC SG Maximum of 255 characters Commas are not allowed The default value is the node name You can change this value If the IT device has already been added to Power IQ find the external key on the IT device s page in the Data Center tab then enter the text in the External Key field If the IT device has not been added to Pow
206. ce backup file uploads to CC SG and appears in the page Copying Device Configuration Raritan The following device types allow you to copy configurations from one device to one or more other devices SX KX2 KSX2 KX2 101 Configuration can be copied only between the same models with the same number of ports For example you can copy configuration from one KX2 864 device to other KX2 864 devices only The Copy Configuration command copies all configuration data except for network settings personality package and for KX2 devices the port configuration settings Device Settings and User and User Group Data are all copied in this process gt 1 To copy a device configuration Click the Devices tab and select the device whose configuration you wish to copy to other devices from the Devices tree Choose Devices gt Device Manager gt Configuration gt Copy Configuration Select the configuration copying method To copy current configuration data select Copy From Device To copy the configuration data in a backup file previously saved on CC SG select Copy From Backup File and then select the file from the drop down list If no backup file is available this option is disabled Click the Device Group drop down arrow and select a device group from the list All devices of the selected device group display in the Available column Highlight the devices to which you want to copy this configuration in th
207. ce you save this network setup and restart CC SG With the information the DHCP server provides CC SG registers itself dynamically with the DNS server if it accepts dynamic updates See Recommended DHCP Configurations for CC SG on page 248 Static f you choose Static type Primary DNS Secondary DNS Domain Suffix IP address and Subnet mask in the appropriate fields Specify only one Default gateway not both Click the Adapter Speed drop down arrow and select a line speed from the list Make sure your selection agrees with your switch s adapter port setting If your switch uses 1 Gig line speed select Auto If you selected Auto in the Adapter Speed field the Adapter Mode field is disabled with Full Duplex selected automatically If you specified an Adapter Speed other than Auto click the Adapter Mode drop down arrow and select a duplex mode from the list Click Update Configuration to save your changes CC SG restarts 247 Chapter 15 Advanced Administration Recommended DHCP Configurations for CC SG Review the following recommended DHCP configurations Make sure that your DHCP server is set up properly before you configure CC SG to use DHCP Configure the DHCP to statically allocate CC SG s IP address Configure the DHCP and DNS servers to automatically register the CC SG with the DNS when the DHCP allocates an IP address to CC SG Configure the DNS to accept un authenticated Dynamic Domain N
208. cense server See the Flexera FlexNet Publisher documentation for more details about managing your license server You can download the FlexNet Publisher License Administration Guide for FlexNet Publisher Licensing Toolkit 11 8 from www flexera com under Support gt Documentation Center Command Description Imborrow Allows a user to check out a feature and borrow it for a specified period although disconnected from the network Imdiag Allows user to diagnose problems when they cannot checkout a feature Will attempt feature check out and indicates success failure of the attempt lmdiag c lt license file name gt lt feature name gt n 25 Chapter 3 Getting Started Imdown Imhostid Iminstall Imnewlog Impath Imremove Imreread Imswitchr Imswitch Imstat 26 Allows for the graceful shutdown of selected license daemons lmdown vendor raritan is used to shut down the Raritan vendor daemon Allows the user to retrieve the host ID of the current platform Includes the uuid and hostdomain or internet arguments Allows conversion of licenses between readable text format and decimal format Move the existing Report log information to a new file and start a new report with original report log file name Add to override or get the current license path settings Remove a single user s license for a specified feature The license server manager can be configured to preven
209. ces Choose Nodes gt Bookmark Node Interface Select Add Bookmark IE Only A default name for the bookmark appears in the Bookmark Name field You can change the name which will appear in your Favorites list in Internet Explorer Click OK The Add Favorite window opens Click OK to add the bookmark to your Favorites list To access a bookmarked interface Open a browser window Choose the bookmarked interface from the list of bookmarks in the browser When the CC SG Access Client appears log in as a user who has access to the interface The connection to the interface opens To get bookmark URLs for all nodes You can get bookmark URLs for all nodes in the Node Asset Report See Node Asset Report on page 216 Raritan Chapter 8 Nodes Node Groups and Interfaces Configuring Direct Port Access to a Node You can configure Direct Port Access to a node using the Bookmark Node Interface feature See Bookmarking an Interface on page 136 Bulk Copying for Node Associations Location and Contacts Raritan The Bulk Copy command allows you to copy categories elements location and contact information from one node to multiple other nodes Note that the selected information is the only property copied in this process If you have the same type of information existing on any selected nodes performing the Bulk Copy command will REPLACE the existing data with newly assigned information gt To bulk co
210. ces Column Tag or value number in CSV file Details Default is Java gt To add an SSH or TELNET interface to the CSV file Column Tag or value number 1 ADD 2 NODE SSH INTERFACE fO SSH interfaces NODE TELNET INTERFAC E for TELNET interfaces 3 Node Name 4 Interface Name 5 IP Address or Hostname 6 TCP Port 7 Service Account Name 8 Username 9 Password 10 Description gt To add a VNC interface to the CSV file Column Tag or value number 1 ADD 2 NODE VNC INTERFACE Node Name Interface Name IP Address or Hostname Details The first column for all tags is the command ADD Enter the tag as shown Tags are not case sensitive Required field Required field Required field Default is 22 for SSH Default is 23 for TELNET Optional Leave blank if specifying username and password Optional Leave blank if specifying service account Optional Optional Details The first column for all tags is the command ADD Enter the tag as shown Tags are not case sensitive Required field Required field Required field Raritan Z Raritan Column number 6 7 Chapter 8 Nodes Node Groups and Interfaces Tag or value TCP Port Service Account Name Password Description Details Default is 5900 Optional Leave blank if specifying password Optional Leave blank if specifying service account
211. cessfully show in green text Items that failed import show in red text Items that failed import because a duplicate item already exists or was already imported also show in red text 6 To view more import results details check the Audit Trail report See Audit Trail Entries for Importing on page 370 Raritan 46 Chapter 5 Associations Categories and Elements Export Categories and Elements The export file contains comments at the top that describe each item in the file The comments can be used as instructions for creating a file for importing gt To export categories and elements 1 Choose Administration gt Export gt Export Categories 2 Click Export to File 3 Type a name for the file and choose the location where you want to save it 4 Click Save The first time you save the file in Excel you must choose Save As and MAKE SURE to select CSV as the file type After that Excel will continue to save the file as CSV If you don t set the file type correctly the file will corrupt and cannot be used to import Raritan Chapter 6 Z Raritan Devices Device Groups and Ports To add Raritan PowerStrip Devices that are connected to other Raritan devices to CC SG see Managed PowerSirips on page 93 Note To configure iLO RILOE devices IPMI devices Dell DRAC devices IBM RSA devices or other non Raritan devices use the Add Node menu and add these items as an interface See Nodes
212. ch device whose ports you want to configure Choose Nodes gt Configure Ports To configure multiple ports with the default names shown on the page select the checkbox for each port you want to configure and then click OK to configure each port with the default name To configure each port individually click the Configure button next to the port Then type a name for the port in the Port Name field and type a node name in the Node Name field The default Access Application is set according to the default application selected for KVM Switch KVM in the Application Manager To change it click the Access Application drop down menu to select the one you prefer from the list Click OK to configure the port Device Group Manager Z Raritan Use the Device Groups Manager to add device groups edit device groups and remove device groups When you add a new device group you can create a full access policy for the group See Policies for Access Control on page 175 71 Chapter 6 Devices Device Groups and Ports Device Groups Overview Device groups are used to organize devices into a set The device group will become the basis for a policy either allowing or denying access to this particular set of devices See Adding a Policy on page 176 Devices can be grouped manually using the Select method or by creating a Boolean expression that describes a set of common attributes using the Describe method If you used Guided
213. chassis in KX2 properly See the KX II User Guide 2 Configure the KX2 device in CC SG properly See Add a KVM or Serial Device on page 54 3 CC SG detects the blade chassis device and adds the blade chassis icon in one or two tabs In the Devices tab the blade chassis device appears beneath the KX2 device to which it is connected In the Nodes tab if you have entered the IP address or hostname for the blade chassis on the KX2 device the blade chassis appears as anode with a Web Browser interface added to it Note For this type of blade chassis you must configure blade servers later See Configuring Slots on a Blade Chassis Device on page 65 gt To add a blade chassis device without an integrated KVM switch 1 Configure a blade port group for the blade servers in KX2 properly See the KX II User Guide 2 Configure the KX2 device in CC SG properly See Add a KVM or Serial Device on page 54 3 CC SG automatically creates a virtual blade chassis and adds the blade chassis icon in one tab Note that a virtual blade chassis never appears as a node in the Nodes tab In the Devices tab the virtual blade chassis device appears beneath the KX2 device as a virtual container to the blade servers which appear beneath the virtual blade chassis Note If you did not configure a blade port group for the blade servers before configuring the KX2 ports in CC SG you can choose Devices gt Device Manager gt Launch
214. ciescut ctrttercnsnsiccntitheneletusucbie lurevteunia diate wauacuate sn daulstaukieee sein caakeeanaevebuaneudeeantisuxventy decks 271 Conical oS tsa cet dere ec ete seat cit ap dese eape nee he A eee cd ee etoeateatea del 273 ACCS 0 01H 0 Le Reena eee nO EAE A BO a Pa OP 276 INOTITICATION MGM AQ OR a2 cscccbeaycccccetiacceteay dace a EAER 277 Contigurean External SMTP Senve rs cjccivsis ccveveree conten desvsseenesevaacenesseeaceatenncceeareeeeaieie feck 277 TASK MANAGOT resien fan E E EEEE EAEE ATEREA 278 WSK TY DGS i EA EEEE E OE NEER 278 Schedule Sequential Tasks cccccccceceeesceceeeeeeeeeeeeaeeeeeeeceeeesaaeeeeaeeseneeeseaeeeseaeeseeeeseaees 279 Email Notifications for Tasks cccccccccccccscceecccseeeceeeeecesseueeeessaeeueeeeaesseseueeeeeuaaaeeueeeaseeees 279 Scheduled Reports cccccccceeccececeeeeeeeeeeeeeegeeeeceaeeeeeaeseeeeesceeeeeaaeseeaaeseeeeeseaeeeeaeseeneeseaees 279 Find and View Task ccccccctincccccesatcccie es cocueaavecuevbaccitcessae deve iacdueucsatddesttaccxevecedcdveantevexcsascere 279 SCMOCCUIC A MASK E E caste EEEE PEE EE E EE ETE EE EER 280 Schedule a Device Firmware Upgrade c ccccccceeseeceeseeceeeeeseaeeeeaeeseneeeseaeeeseaeeseaeeesaees 282 Change a Scheduled Task cccccceceeceeeeeeeeeeceeeeeaaeeeeeeeseaeeesaaeeeeaaeseneeeseaeeesaeeeeneeseaees 284 Reschedtile a Fas kei cccccAcsseccc tab cceceticcucueathectestanciaaeaiecduve tactueucsabdceskladexaveasedadveintegencsitcecs
215. ckboxes that correspond to them in this tab See Configuring Slots on a Blade Chassis Device on page 65 Topology View Topology View displays the structural setup of all connected appliances in your configuration Until you close the Topology View this view replaces the Device Profile screen that normally appears when a device is selected gt To open the topology view 1 Click the Devices tab and select the device whose topological view you want to see 51 Chapter 6 Devices Device Groups and Ports 2 Choose Devices gt Device Manager gt Topology View The Topology View for the selected device appears Click or to expand or collapse the view Right Click Options in the Devices Tab You can right click a device or port in the Devices tab to display a menu of commands available for the selected device or port Searching for Devices The Devices tab provides the ability to search for devices within the tree Searching will only return devices as results and will not include port names The method of searching can be configured in My Profile See Change your default search preference on page 172 gt To search for a device e Atthe bottom of the Devices Tab type a search string in Search For Device field then press the Enter key e Wildcards are supported in the search string See Wildcards for Search on page 52 Wildcards for Search Wildcard Description Indicates any character
216. create another one or click OK to add the user without creating more The users you create appear in the Users tab nested underneath the user groups to which they belong Edit a User You cannot edit a user to change what group they belong to See Assigning a User to a Group on page 165 gt 1 To edit a user In the Users tab click the symbol to expand the user group that contains a user you want to edit and then select the user The User Profile appears Deselect the Login enabled checkbox to prevent this user from logging into CC SG Select the Login enabled checkbox to allow this user to log into CC SG Select the Remote Authentication only checkbox if you want the user to be authenticated by an external server such as TACACS RADIUS LDAP or AD If you are using remote authentication a password is not required and the New Password and Retype New Password fields will be disabled Raritan Chapter 9 Users and User Groups 4 Inthe New Password and Retype New Password fields type a new password to change this user s password Note If Strong Passwords are enabled the password entered must conform to the established rules The information bar at the top of the screen will assist with the password requirements See Advanced Administration on page 237 for details on strong passwords 5 Select the Force Password Change on Next Login checkbox if you want to force the user to change the assigned password
217. ct multiple users hold the Shift key as you click additional users 2 Choose Users gt User Manager gt Logout Users The Logout Users screen appears with the list of selected users 3 Click OK to log the users out of CC SG 173 Chapter 9 Users and User Groups gt To log out all users of a User Group 1 Inthe Users tab select the user group you want to log out of CC SG To log out multiple user groups hold the Shift key as you click additional user groups 2 Choose Users gt User Group Manager gt Logout Users The Logout Users screen appears with a list of active users from the selected groups 3 Click OK to log the users out of CC SG Bulk Copying Users You can use Bulk Copy for users to copy one user s user group affiliations to another user or list of users If the users receiving the affiliations have existing group affiliations the existing affiliations will be removed gt To perform a Bulk Copy for users 1 Inthe Users tab click the symbol to expand the user group that contains the user whose policies and privileges you want to copy and then select the user 2 Choose Users gt User Manager gt Bulk Copy The Username field displays the user whose policies and privileges you are copying 3 Inthe All Users list select the users that will be adopting the policies and privileges of the user in the Username field a Click gt to move a user name to the Selected Users list a Click gt
218. d Choose Group gt System Z Raritan Notification Manager Raritan N a e N o N Chapter 15 Advanced Administration Click the Action drop down arrow and select Allow or Deny to specify whether the specified users in the IP range can access CC SG Click Update to save your changes To change the order in which CC SG applies rules Choose Administration gt Security Click the Access Control List tab Select a rule you want to move up or down in the list Click the up or down arrow until the rule is in position Click Update to save your changes To remove a rule from the Access Control List Choose Administration gt Security Click the Access Control List tab Select the rule you want to remove and then click the Remove Row icon E Click Update to save your changes Use Notification Manager to configure an external SMTP server so that notifications can be sent from CC SG Notifications are used to email reports that have been scheduled email reports if users are locked out and to email status of failed or successful scheduled tasks See Task Manager on page 278 After configuring the SMTP server you can elect to send a test email to the designated recipient and notify the recipient of the result of the test Configure an External SMTP Server f 2 3 Choose Administration gt Notifications Select the Enable SMTP Notification checkbox Type the SMTP host in the SMTP
219. d ccSuperuserNameChanged ccSuperuserPasswordChanged ccLoginBannerChanged ccMOTDChanged ccDominionPXReplaced ccSystemMonitorNotification ccNeighborhoodActivated ccNeighborhoodUpdated ccDominionPXFirmwareChanged ccClusterFailover ccClusterBackupFailed ccClusterWaitingPeerDetected ccClusterOperation ccCSVFileTransferred ccPIQAvailable ccPIQUnavailable Raritan Appendix D SNMP Traps Description User has logged out of the CC SG Diagnostic Console A new user group has been added to CC SG CC SG user group has been deleted CC SG user group has been modified CC SG Superuser username has changed CC SG Superuser password has changed CC SG login banner has changed CC SG Message of the Day MOTD has changed A Dominion PX device has been replaced with another Dominion PX device CC SG is out of memory CC SG neighborhood has been activated CC SG neighborhood has been updated A Dominion PX firmware version has been changed The Primary CC SG node has failed and the Backup CC SG node is now operational as the new Primary CC SG node The Backup CC SG node has failed The Primary CC SG node detected a peer in the Waiting mode A cluster operation has been executed A CSV file has been imported CC SG has detected that Power IQ is available CC SG has detected that Power IQ is unavailable 367 Appendix E Z Raritan CSV File Imports This section contains more information about CSV
220. d User Groups 4 Users who are not assigned to the target group appear in the Users not in group list Select the users you want to add from this list and then click gt to move them to the Users in group list Click the gt gt button to move all users not in the group to the Users in group list Select the users you want to remove from the Users in group list and then click the lt button to remove them Click the lt lt button to remove all users from the Users in group list 5 When all the users have been moved to the appropriate column click OK The users in the Users in group list will be added to the selected User Group Deleting a User From a Group When you delete a user from a group the user is removed only from the specified group The user remains in all other assigned groups Deleting a user from a group does not delete the user from CC SG If a user belongs to only one group you cannot delete the user from the group You can only delete the user from CC SG gt To delete a user from a group 1 Inthe Users tab click the symbol to expand the user group that contains the user you want to delete from the group and then select the user The User Profile appears 2 Choose Users gt User Manager gt Delete User From Group The Delete User screen appears 3 Click OK to delete the user from the group Adding Users with CSV File Import You can add user information to CC SG by importing a
221. d down the Ctrl key while you click device types to select multiple device types Select the Broadcast discovery checkbox if searching for devices on the same subnet on which CC SG resides Deselect the Broadcast discovery checkbox to discover devices across all subnets Click Discover If CC SG has discovered devices of the specified type and in the specified address range the devices appear in a table in the bottom section of the Discover Devices panel Click the black arrow at the top of the panel to hide the top section expanding your view of the discovery results in the bottom section of the panel In the table of discovered devices select the device you want to add to CC SG and then click Add The Add Device panel opens The Add Device panel is slightly different depending on the type of device you are adding You can change the Device name and Description by typing new information in the corresponding fields Confirm that the IP address you assigned when you prepared the device to be added to CC SG displays in the Device IP or Hostname field or type the correct address in the field if necessary The TCP Port Number field will be populated automatically based on the device type Type the Username and Password you created when you prepared the device to be added to CC SG in the corresponding fields In the Heartbeat timeout field type the number of seconds that should elapse before timeout between the device a
222. d in the Application Manager screen 5 Click Upload A progress window indicates that the new application is being uploaded When complete a new window will indicate that the application has been added to the CC SG database and is available to use 6 Ifthe Version field does not automatically update type the new version number in the Version field The Version field will automatically update for some applications 7 Click Update Note Users who were logged in during the upgrade must log out of CC SG then log in again to ensure that the new version of the application is launched Also see Older Version of Application Opens After Upgrading on page 239 Older Version of Application Opens After Upgrading If you attempt a connection and the newest versions of applications are supposed to be working but the incorrect older versions are opening clear the Java cache This can happen if the cache hasn t been cleared since a CC SG upgrade See Clear the Java Cache on page 231 Add an Application When you add an application to CC SG you must specify which device types function with the application If a device provides both KVM and serial access the device is listed twice once for each method gt To add an application 1 Choose Administration gt Applications Click Add The Add Applications dialog window opens Type a name for the application in the Application name field e O N Select the Raritan devices
223. d the cluster to recover the Primary and Secondary node status If the Primary and Secondary nodes lose communication with one another the Secondary node will assume the role of the Primary node When connectivity resumes you may have two Primary nodes It is impossible to recover the cluster with two Primary nodes Recover works only when there is one Primary and one Waiting To recover a cluster with two Primary nodes you have two options Log into each Primary node delete the cluster in each and then create the cluster again Or log into one of the Primary nodes and restart it so that it changes to the Waiting status then follow the instructions to recover a cluster gt To recover a cluster 1 Choose Administration gt Cluster Configuration 2 Click the Recovery tab and you can either have the cluster automatically rebuilt at the specified time or rebuild the cluster immediately Click Rebuild Now to immediately recover the cluster Select the Enable Automatic Rebuild checkbox and specify the time to rebuild the cluster in the From Time and To Time fields Click Update to save the changes 259 Chapter 15 Advanced Administration Note If the clustered CC SG units do not share the same time zone when the Primary node failure occurs and the Secondary node becomes the new Primary node the time specified for Automatic Rebuild still follows the time zone of the old Primary node Delete a Cluster Deleting
224. ddresses that have changed by uploading the new IP addresses in a CSV file import This method is best for updating many IP addresses quickly gt To edit IP addresses with CSV file import 1 Export the Nodes CSV file See Export Nodes on page 149 2 Open the exported file in the spreadsheet program such as Microsoft Excel Immediately save the file as a csv to ensure that it has the correct file type 3 Find the rows that contain the IP addresses you want to change Enter the new IP addresses in the cells 4 Inthe first cell of each row you want to change delete the ADD command and enter the command MODIFY Delete all rows of information you do not want to change 6 Save the file as a csv 149 Chapter 8 Nodes Node Groups and Interfaces 7 Import the csv file See Import Nodes on page 148 Adding Editing and Deleting Node Groups Node Groups Overview Node groups are used to organize nodes into a set The node group will become the basis for a policy either allowing or denying access to this particular set of nodes See Adding a Policy on page 176 Nodes can be grouped manually using the Select method or by creating a Boolean expression that describes a set of common attributes using the Describe method If you used Guided Setup to create categories and elements for nodes some means to organize nodes along common attributes have already been created CC SG automatically creates default acc
225. de Management Device Port and Node Management and Node Power Control Device Port and Node Management Device Port and Node Management or Device Configuration and Upgrade Management Device Port and Node Management or Device Configuration and Upgrade 359 360 Appendix C User Group Privileges Menu gt Sub menu Nodes Menu Item Required Privilege Description Management gt By Port Number Device Port and Node Management or Device Configuration and Upgrade Management This menu and the Nodes tree is available only for users with any one of the following privileges Device Port and Node Management Node In Band Access Node Out of Band Access Node Power Control Add Node Editing Nodes Delete Node lt interfaceName gt Disconnect Virtualization Bulk Copy Power Control Service Accounts Assign Service Accounts Device Port and Node Management Device Port and Node Via the Node Profile Management Device Port and Node Management Node In band Access or Node Out of band Access Any of the following Node In band Access or Node Out of band Access or Device Port and Node Management or Device Configuration and Upgrade Management Device Port and Node Management Device Port and Node Management Power Control Device Port and Node Management Device Port and Node Management Raritan Menu gt Menu Item Sub menu Group Po
226. de simultaneously 4 Enter authentication information To use a service account for authentication select the Use Service Account Credentials checkbox Select the service account to use in the Service Account Name menu or Enter a Username and Password for authentication For VNC interfaces only a password is required 5 Select the Keyboard layout for your language This option is not available for Microsoft RDP interfaces 6 Type a description of this interface in the Description field Optional 7 Click OK to save your changes DRAC 5 Connection Details When using Internet Explorer and connecting to DRAC 5 servers you must have a valid certificate installed on DRAC 5 or Internet Explorer will give an error If the certificate is not signed by a trusted CA also install the same certificate into the Trusted Root CA of the browser Raritan es 128 Chapter 8 Nodes Node Groups and Interfaces Microsoft RDP Connection Details If using a Windows XP client you must have Terminal Server Client 6 0 or higher to connect a Microsoft RDP interface from CC SG Update the Terminal Server Client to 6 0 using this link http support microsoft com kb 925876 Internet Explorer only Microsoft RDP cannot be used for proxy mode connections See About Connection Modes on page 250 Targets supported include Vista Win2008 server and Windows 7 and all prior Windows releases including Windows XP and Windows
227. de Name or By Node Status Users tab Click the Users tab to display all registered Users and Groups in a tree view Click the and signs to expand or collapse the tree Devices tab Click the Devices tab to display all known Raritan devices in a tree view Different device types have different icons Ports are grouped under their parent devices Click the and signs to expand or collapse the tree Click a port to view the Port Profile Right click a port and select Connect to connect to that port You can sort the ports by Port Name alphabetical Port Status Available Busy Unavailable or Port Number numerical Right click the tree view select Port Sorting Options and then select By Node Name or By Node Status Quick Commands toolbar This toolbar offers shortcut buttons for executing common commands Operation and Configuration menu bar These menus contain commands to operate and configure CC SG You can access some of these commands by right clicking on the icons in the Nodes Users and Devices Selection tabs The menus and menu items you see are based on your user access privileges Server time The current time and time zone as configured on CC SG in Configuration Manager This time is used when scheduling tasks in Task Manager See Task Manager on page 278 This time may be different than the time your client PC uses Chapter 3 Getting Started Before you can begin configuring and working in CC SG you must hav
228. description of this device in the Description field Optional 6 Select the Configure All Outlets checkbox to automatically add all outlets on this Dominion PX to the Devices tab 7 A list of Categories and Elements can be configured to better describe and organize this device For each Category listed select the element you want to apply to the device from the list Select the blank item in the Element field for each Category you do not want to use Raritan Editing a Device Chapter 6 Devices Device Groups and Ports f you do not see the Category or Element values you want to use you can add others See Associations Categories and Elements on page 41 8 When you are done configuring this device click Apply to add this device and open a new blank Add Device screen that allows you to continue adding devices or click OK to add this device without continuing to a new Add Device screen You can edit a device to rename it and modify its properties including the change of a PX device s username and password gt To edit a device 1 Click the Devices tab and select the device you want to edit In the Device Profile page change the parameters as needed 3 Click OK to save your changes Change the HTTP and HTTPS Ports for a KX2 Device Change the HTTP and HTTPS ports for a KX2 device version 2 3 or later by editing the device profile CC SG propagates the new port numbers to the KX2 device The new port
229. dix FAQs Answer Yes Just as one user can belong to multiple groups one device can belong to multiple groups For example a Sun in NYC could be part of Group Sun Ostype Solaris and Group New York location NYC A console is generally considered a secure and reliable access path of last resort Some UNIX systems allow root login only on the console For security reasons other systems might prevent multiple logins so that if the administrator is logged in on the console other access is denied Finally from the console the administrator can also disable the network interfaces when if necessary to block all other access Normal command activity on the console has no greater impact than the equivalent command run from any other interface However since it is not dependent upon the network a system that is too overloaded to be able to respond to a network login may still support console login So another benefit of console access is the ability to troubleshoot and diagnose system and network problems Each CIM includes a serial number and target system name Our systems assume that a CIM remains connected to its named target when its connection is moved between switches This movement is automatically reflected in the ports and interfaces in CC SG the port name and interface name are updated to reflect the change The interface appears beneath the node that is associated with the port However the node name does
230. e 4 Description Required field Limit Max Number of KVM TRUE or FALSE Sessions per Device Default is FALSE 6 Maximum number of KVM Enter just the number from 1 8 sessions allowed per user p Default is 2 To assign permissions to a user group in the CSV file Enter the value TRUE to assign a permission to the user group Enter the value FALSE to deny the permission to the user group Column Tag or value Details number 1 ADD The first column for all tags is the command ADD 167 168 Chapter 9 Users and User Groups Column Tag or value number 2 USERGROUP PERMISSION S 3 User Group Name 4 CC Setup and Control 5 Device Configuration Upgrade Management 6 Device Port Node Management 7 User Management 8 User Security Management 9 Node IBA 10 Node OOB 11 Node Power Details Enter the tag as shown Tags are not case sensitive Required field User Group names are case sensitive TRUE Or FALSE TRUE Or FALSE TRUE Or FALSE TRUE Or FALSE TRUE Or FALSE RUE Of FALSE D 4H oO fault is TRUE H 7 UE Or FALSE g efault is TRUE TRUE Or FALSE gt To assign a policy to a user group in the CSV file Column number 1 4 Tag or value ADD USERGROUP POLICY User Group Name Policy Name Details The first column for all tags is the command ADD Enter the t
231. e CC SG waits for the time specified before restoring its configuration from the selected backup When the restore occurs all other users are logged out If the backup file is corrupt a message appears and a message is written to the Audit Trail Corrupt backup files cannot be used to restore CC SG You can reset CC SG to purge the database or to reset other components to their factory default settings You should perform a backup and save the backup file to another location before using any reset options It is recommended to use the default options selected Note CC SG Backup files that are saved on the CC SG unit are not deleted by resetting CC SG You must manually delete each file to remove it from CC SG See Saving and Deleting Backup Files on page 224 Raritan Option Full Database Save Personality Settings Network Settings SNMP Configuration Raritan Chapter 14 System Maintenance Description This option removes the existing CC SG database and builds a new version with the factory default values Network settings SNMP agents firmware and Diagnostic Console settings are not part of the CC SG database The SNMP configuration and traps are reset The SNMP agent is not reset IP ACL settings are reset with a Full Database reset whether you select the IP ACL Tables option or not The Neighborhood configuration is removed with the reset so CC SG no longer remembers being a Neighborhood membe
232. e the associated device a timestamp the current user and the user IP address for each node with an active connection You can view the active nodes list and disconnect nodes from this report gt Node Creation Report To generate the Active Nodes report Choose Reports gt Nodes gt Active Nodes The Active Nodes report generates if there are currently active nodes To disconnect a node from an active session In the Active Nodes report select the node you want to disconnect then click Disconnect The Node Creation report lists all node creation attempts both successful and unsuccessful within a specified time frame You can specify whether you want to see all node creation attempts or only those that are potential duplicate nodes gt 1 2 Z Raritan To generate the Node Creation report Choose Reports gt Nodes gt Node Creation Select All Nodes or Potential Duplicates Potential Duplicates limits the report to only those nodes that have been flagged as potential duplicates If you selected All Nodes set the date range for the report in the Start Date and Time and End Date and Time fields Click each component of the default date month day year hour minute to select it then click the up and down arrows to reach the desired number Click Apply The Node Creation report is generated The Result field displays Success Failed or Potential Duplicate to describe the outcome of the node creation
233. e valid licenses installed Then upon first login you should confirm the IP address set the CC SG server time and check the firmware and application versions installed You may need to upgrade the firmware and applications Once you have completed your initial configurations proceed to Guided Setup See Configuring CC SG with Guided Setup on page 33 In This Chapter Licensing Getting Started New and Existing Customers 0 10 Licensing Basic License Information cc ccceeeeeeeeeeeeeeeeeeeneeeeeeeeeees 11 Licensing New Customers Physical Appliance c ccceeeeseeees 14 Licensing Virtual Appliance with License Server s 17 Licensing Limited Operation Before License Install 0 ceeeeeee 28 Licensing Existing CUStOMEYS cccccceeeeeeeeeeeeeeeeeseeeeeseeeeeeaeeeeaeeeeaes 29 Licensing Rehosting eis coctesewedenses toca yeuadenesSecttuaveusdenest cocdenseuedeneste cites 29 Adda EICQNS C8 sicceciiycsuceciacadeagavedauecsdesttegavstaupetacsdtegevedaieesdesttegavcdapectesttees 30 Confirming IP ACOreSS ccccccceeseeceeeeeseeeeeeeeeeeseaeeeeeeeseeeesaeessaeeeeeeeee 30 Setting CC SG Server Time 0 ccccceeesceceeeeeseeeeeeaeeeeneeeeeeeeeaeeeeaeeneneeeed 30 Checking the Compatibility Matrix ecccecceeseeeeeeeeeeeeeeeseaeeeeeeeeeeeeees 31 Checking and Upgrading Application Versions ccccceeeeeeeereeees 32 Licensing Getting Started
234. e 60 Contoare a Sernak Poltica sania ea N E E eE EN AE EA 60 CGontg re a KVM POM sesetiscectasiedteaies oe acon in dere na EAEE E AE EENE EAE 60 Nodes Created by Contiguring POMS in sacscssecccateasccrctvie cert nscihesssoreeti aande aiana 61 ECIUINGia POM E P E vase E O vatenedt vn dark N A A A E E T 61 Deleting a POM esses ccc Seen sausenseteceesandaidaney bA Eann EA AEN NA AEAN Sv alucuday tnd stage EAE ENNE RA EIENEN EAEE TARSEEE NENESE RS 62 Configuring a Blade Chassis Device Connected to KX2 essseessessrissrrssrresrrssrrssrrssrnssrrssrrssrns 63 Blade Chassis OV rVieW c cccccececeeeeeseeeeeeaeeceeeeecaeeeeaaeeeeeeeseaeeesaaeeecaaeseeeescaeeeeeeeeeeeeseas 63 Add a Blade Chassis Device ccccceeceeeeeceeeeeeaeeeeaeeceeeeesaeeesaaeeseaeeseeeescaeeeeaaeeeeneeseaees 64 Edit a Blade Chassis Device 0 cccccceeececeeeeeeeneeeeeaeeeceeeseeeeesaaeeeeaaeeeeeeeseaeeesaeeseaeeeneeeeaas 67 Delete a Blade Chassis Device ccccccceeeceeeneeeeeeeeeeeeeseeeeesaaeeeeaaeeeeeeeseaeeesaeeseaaeseeeeeeaas 67 Move a Blade Chassis Device to a Different Port 0 cccceeeeeeeeeeeeeeeeeceeeeeseeeeeeeeeeeeeteas 68 Restore Blade Servers Ports to Normal KX2 Potts ccccccceeeeeeeceeeeeeeeeeeaeeeeeeeeseeeesaeeseeeseaees 68 Bulk Copying for Device Associations Location and Contacts cccscccecsseeeeeesteeeeeesteeeeeeaes 69 Configuring Analog KVM Switches Connected to KX2 2 3 or Highel ccccececsseeeee
235. e Available column and then click the right arrow to move them to the Selected column The left arrow moves selected devices out of the Selected column Click OK to copy the configuration to the devices in the Selected column When the Restart message appears click Yes to restart the device A message appears when the device configuration has been copied 87 Chapter 6 Devices Device Groups and Ports Restarting a Device Use the Restart Device function to restart a device gt To restart a device 1 Click the Devices tab and select the device you want to restart Choose Devices gt Device Manager gt Restart Device Click OK to restart the device gt Click Yes to confirm that all users accessing the device will be logged off Pinging the Device You can ping a device to determine if the device is available in your network gt To ping a device 1 Click the Devices tab and select the device you want to ping 2 Choose Devices gt Device Manager gt Ping Device The Ping Device screen appears showing the result of the ping Pausing CC SG s Management of a Device You can pause a device to temporarily suspend CC SG control of it without losing any of the configuration data stored within CC SG To schedule a task that pauses or resumes devices see Schedule a Task on page 280 gt To pause CC SG management of a device 1 Click the Devices tab and select the device for which you want to paus
236. e CC SG management 2 Choose Devices gt Device Manager gt Pause Management The device s icon in the Device Tree will indicate the device s paused state Raritan Chapter 6 Devices Device Groups and Ports Resuming Management of a Device You can resume CC SG management of a paused device to bring it back under CC SG control gt To resume CC SG s management of a paused device 1 Click the Devices tab and select the paused device from the Devices tree 2 Choose Devices gt Device Manager gt Resume Management The device icon in the Device Tree will indicate the device s active state Pause and Resume Management of Devices Using a Scheduled Task Raritan To pause or resume multiple devices or device groups at once schedule a task to perform the operation on the group of devices sequentially The Pause Resume Device Management task does not apply to blade chassis attached to managed devices power strips attached to managed devices and managed power strips When the task runs it will be logged as successful if all device operations succeed The task is logged as successful with exceptions if the task completes but some device operations fail even after the allowed number of retries are attempted The task is logged as failed if all device operations fail gt To bulk pause and resume devices using a scheduled task 1 Choose Administration gt Tasks See Schedule a Task on page 280 for detai
237. e Name PX Device Names cannot include a period character If you import a PX Device Name with periods the Number of characters CC SG allows 256 Number of characters CC SG allows 64 64 128 Number of characters CC SG allows 64 32 32 64 32 32 Number of characters CC SG allows 64 64 64 128 Number of characters CC SG allows 64 Raritan Port Information Associations Administration Raritan Field in CC SG periods are converted to hyphens Device Description Device IP Hostname Username Password Notes Field in CC SG Port Name Field in CC SG Category Name Element Name Device Group Name Node Group Name Field in CC SG Cluster Name Neighborhood Name Authentication Module Name Backup Name Backup File Description Broadcast Message Appendix K Naming Conventions Number of characters CC SG allows 160 64 64 64 256 Number of characters CC SG allows 32 Number of characters CC SG allows 32 32 40 40 Number of characters CC SG allows 64 64 31 64 255 255 391 Appendix L Raritan Diagnostic Console Bootup Messages Prior to version 4 0 CC SG Diagnostic Console displays a number of messages on the screen each time when it boots up These messages are standard Linux diagnostic and warning messages and usually do not imply any system problems The table offers a short introduction to a few frequent messages Message Description hda
238. e components you want to use from each list See Policies for Access Control on page 175 Select the Create Full Access Policy for Group checkbox if you want to create a policy for this node group that allows access to all nodes in the group at all times with control permission To add another node group click Apply to save this group and repeat these steps Optional When you have finished adding node groups click OK The Groups Summary panel displays a list of the groups that you added Click Continue to start the next task User Management Follow the steps in the next section The fourth task of Guided Setup is User Management User Management allows you to select the Privileges and Policies that govern the access and activities of groups of users Privileges specify which activities the members of the user group can perform in CC SG Policies specify which devices and nodes the members of the user group can view and modify Policies are based on Categories and Elements When you have created the user groups you can define individual users and add them to the user groups Raritan Z Raritan Chapter 4 Configuring CC SG with Guided Setup Add User Groups and Users The Add User Group panel opens when you click Continue at the end of the Create Groups task You can also click User Management and then click Add User Group in the Guided Tasks tree view in the left panel to open the Add User Group panel g
239. e display of nodes users or devices to all names that contain the search criteria a Raritan Chapter 9 Users and User Groups Find Matching String Does not support the use of wildcards and will highlight the closest match in the nodes users or devices as you type The list will be limited to those items that contain the search criteria after clicking Search 3 Click OK to save your changes Change the CC SG default font size 1 Choose Secure Gateway gt My Profile 2 Click the Font Size drop down menu to adjust the font size the standard CC SG client uses 3 Click OK to save your changes Change your email address 1 Choose Secure Gateway gt My Profile 2 Type anew address in the Email address field to add or change the address CC SG will use to send you notifications 3 Click OK to save your changes Change the CC SG Super User s Username You must be logged into CC SG using the CC Super User account to change the CC Super User s username The default CC Super User username is admin 1 Choose Secure Gateway gt My Profile 2 Type anew name in the Username field 3 Click OK to save your changes Logging Users Out Raritan You can log active users out of CC SG either individually or by user group gt To log out users 1 Inthe Users tab click the symbol to expand the user group that contains a user you want to log out of CCSG and then select the user To sele
240. e files for virtual appliances are associated with a specific license server s Host ID This means that license files are not transferable e f you are a new customer with a physical appliance you will download your license files from the Raritan Licensing Page website See Licensing New Customers Physical Appliance on page 14 e f you are an existing pre 5 0 customer you do not need to download license files When a pre 5 0 CC SG unit is upgraded to 5 0 or higher the licenses are converted to the new format A new base license and any applicable Add On licenses are created and automatically installed and checked out as needed to accommodate your current configuration See Licensing Existing Customers on page 29 e f you are a virtual appliance customer you must deploy a license server See Licensing Virtual Appliance with License Server on page 17 Available Licenses Description Information needed to create license for first time CC SG E1 Appliance Host ID of the CC SG unit includes 128 Node License CC SG E1 Appliance Host ID of the CC SG unit includes 256 Node License CC SG E1 Appliance Host ID of the CC SG unit includes 512 Node License CC SG V1 Appliance Host ID of the CC SG unit includes 128 Node License 11 12 Chapter 3 Getting Started CC SG product CC V1 256 CCSG128 VA CC 2XE1 512 CC 2XE1 1024 CC 2XV 1 256 Add on Licenses Description Information needed to create
241. e items in the Selected list in the order you would like each grouping to display in the Nodes tab Select an item and click the up and down arrow buttons to move the item into the desired sequence c If you must remove an item from the list select it and click Remove 8 Click Save A message confirms that the custom view has been added 9 To apply the new custom view click Set Current Apply a Custom View for Nodes gt To apply a custom view to the nodes list 1 Choose Nodes gt Change View gt Custom View The Custom View screen appears Raritan ii Chapter 11 Custom Views for Devices and Nodes 182 or Click the Name drop down arrow and select a custom view from the list Click Apply View Choose Nodes gt Change View All defined custom views are options in the pop up menu Choose the custom view you want to apply Change a Custom View for Nodes Click the Nodes tab Choose Nodes gt Change View gt Create Custom View The Custom View screen appears Click the Name drop down arrow and select a custom view from the list Details of the items included and their order appear in the Custom View Details panel To change a custom view s name In the Custom View panel click Edit The Edit Custom View window opens Type a new name for the custom view in the Enter new name for custom view field and then click OK The new view name appears in the Name field in the Custom View screen To chang
242. e or the power switch on the CC SG unit 1 Choose System Maintenance gt Restart Type your password in the Password field 3 Broadcast message Use the default message or edit it The message will display to users who will be logged off CC SG 4 Restart after min Enter the number of minutes from 0 720 that should elapse before CC SG restarts If specifying over 10 minutes the broadcast message displays to users immediately and then repeats at 10 and 5 minutes before the event occurs 5 Click OK to restart CC SG You can upgrade CC SG s firmware when a newer version is released You can find firmware files in the Support section of the Raritan website To upgrade CC SG from version 3 x to version 4 1 you must upgrade it to 4 0 first To upgrade CC SG from version 4 x to any version higher than 5 0 you must upgrade it to 5 0 first CC SG version 4 0 or higher is not compatible with G1 hardware Do not upgrade a CC SG G1 unit to version 4 0 or later Download the firmware file to your client PC before proceeding with the upgrade Only users with the CC Setup and Control privilege can upgrade CC SG You should back up CC SG before upgrading and send the backup files to PCs for safe keeping See Backing Up CC SG on page 222 and Save a Backup File on page 224 If you are operating a CC SG cluster you must remove the cluster before upgrading Upgrade each CC SG node separately then re create the cluster Impor
243. e the custom view s contents In the Custom View Details section a Inthe Available list select the item you want to include in the custom view and then click Add to add the item to the list Repeat this step to add as many items as you want b Arrange the items in the Selected list in the order you would like each grouping to display in the Nodes tab Select an item and click the up and down arrow buttons to move the item into the desired sequence c If you must remove an item from the list select it and click Remove Click Save A message confirms that the custom view has been added To apply the new custom view click Set Current Delete a Custom View for Nodes gt 1 To delete a custom view for nodes Click the Nodes tab Raritan Raritan Chapter 11 Custom Views for Devices and Nodes Choose Nodes gt Change View gt Create Custom View The Custom View screen appears Click the Name drop down arrow and select a custom view from the list Details of the items included and their order appear in the Custom View Details panel In the Custom View panel click Delete The Delete Custom View confirmation message appears Click Yes Assign a Default Custom View for Nodes To assign a default custom view for nodes Click the Nodes tab Choose Nodes gt Change View gt Create Custom View The Custom View screen appears Click the Name drop down arrow and select a custom view from the list
244. e the describe method when you want your group to be based on some attribute of the node or devices such as the categories and elements The advantage of the describe method is that when you add more devices or nodes with the same attributes as described they will be pulled into the group automatically Use the select method when you just want to create a group of specific nodes manually New nodes and devices added to CC SG are not pulled into these groups automatically You must manually add the new nodes or devices to the group after you add them to CC SG These two methods cannot be combined Once a group is created with one method you must edit it using the same method Switching methods will overwrite the current group settings Edit a Device Group gt To edit a device group 1 Choose Associations gt Device Groups The Device Groups Manager window opens 2 Existing device groups appear in the left panel Select the Device Group whose name you want to edit The Device Group Details panel appears 3 Type anew name for the device group in the Group Name field Optional 4 Edit the device group s included devices using the Select Device or Describe Devices tabs See Add a Device Group on page 72 5 Click OK to save your changes Delete a Device Group gt To delete a device group 1 Choose Associations gt Device Groups The Device Groups Manager window opens 2 Existing device groups appear in t
245. e the service account to use the new login credentials when you change the username or password Assign Service Accounts to Interfaces You can assign a service account to multiple interfaces Each interface that is assigned the service account uses the same login information for connections CC SG updates all interfaces that use the service account to use the new login credentials when you change the username or password You can also select a service account when you configure an interface See Adding Editing and Deleting Interfaces on page 125 You must have the Device Port and Node Management privilege to assign service accounts to interfaces See Adding Editing and Deleting User Groups on page 159 gt To assign a service account to interfaces 1 Choose Nodes gt Assign Service Accounts The Assign Service Accounts page opens 2 Inthe Service Account Name field select the service account you want to assign to the nodes 3 Inthe Available list select the interfaces you want to assign the service account to Use Ctrl click or Shift click to select multiple interfaces at once Tip Type a node name in the Find field to highlight it in the list Type after a partial name to highlight all similar names in the list Click the column headers to sort the lists alphabetically Click Add to move the selected interfaces into the Selected list Click OK The service account is assigned to all nodes in the Selec
246. e used to create a Policy to control user access to servers in America See Policies for Access Control on page 175 You can assign more than one element of a category to a node or device via CSV file import As you add devices and nodes to CC SG you will link them to your predefined categories and elements When you create node and device groups and assign policies to them you will use your categories and elements to define which nodes and devices belong in each group How to Create Associations There are two ways to create associations Guided Setup and Association Manager e Guided Setup combines many configuration tasks into an automated interface Guided Setup is recommended for your initial CC SG configuration Once you have completed Guided Setup you can always edit your configurations individually See Configuring CC SG with Guided Setup on page 33 e Association Manager allows you to work only with associations and does not automate any configuration tasks You can use Association Manager to edit your Associations after using Guided Setup too See Adding Editing and Deleting Categories and Elements on page 42 Adding Editing and Deleting Categories and Elements Association Manager allows you to add edit or delete Categories and Elements Note By default CC SG keeps default category names System Type and US States and territories in English Add a Category gt To add a category 1 Choose
247. eadevabsteeedhatidbereteetscendand ceive dees 219 Upgrade Device Firmware Report ecccceesecceceeseeeeeeeneeceeeeneneeenenenees 220 The default filter for any report is the user policy For example the nodes or devices that the user has no access permission will not display in the reports Sort Report Data e Click a column header to sort report data by the values in that column The data will refresh in ascending order alphabetically numerically or chronologically e Click the column header again to sort in descending order Resize Report Column Width The column widths you choose become the default report view the next time you log in and run reports 1 Hold your mouse pointer on the column divider in the header row until the pointer becomes a double headed arrow 2 Click and drag the arrow to the left or right to adjust column width 208 Z Raritan Chapter 13 Reports View Report Details e Double click a row to view details of the report e When a row is highlighted press the Enter key to view details All details of the selected report display in a dialog that appears not just the details you can view in the report screen For example the Access Report screen for nodes does not display the Interface Type and Message but these are available in the Node Access Details dialog Navigate Multiple Page Reports e Click the arrow icons at the bottom of the report to navigate through multiple
248. eaees 158 GC Users GroUDo erian Sashcaraas AA AE E La NA EK EERE 158 Adding Editing and Deleting User Group ccccceeseeeeeseeceeeeeeaeceeaaeseeneeceaeeesaaeseenaeeeeeeeeaas 159 Add a User Group eeemeberperer er erreerer aN aa ret tere rer pr cer erermeer eer ee eererrer reer LAE 159 Edita User GroUP esri isinan aiina aa iaaa a er crcrrrerer er creer rrerer ter ercerrrerrerr itt 160 Delete ai User Groupe vssecccacetce ccetsleceieneuesantad adeesaet qeaahth aaa aa ulin eee KaK Eih E aN 161 Raritan Contents Limit the Number of KVM Sessions per USE ccccccceceeeeeeneeceeeeeceaeeeeaaeseeeeeceaeeeteaeseeaeeeeeneess 162 Configuring Access Auditing for User Group cccccceeeeeeeeceeeeeceeeeeaaeeeeeeeseneeeseaeeesaeeseneeseaees 162 Adding Editing and Deleting USCIS tisicccoiiccccocesdsicceneeets chehddes atedvsiecctedaatenostect cestadancebvaanecendeceeny 163 AO a USSG E E E E 163 EC UU SOR x fence A A E A TA I E N E A E E A 164 Delet aA USO segini a n EAEE EAEE 165 Assigning a User to a Group tevcesesnaeestesectesseeaceiites aa a E ATEA 165 Deleting a User From a Grop sses uinnsinn aiaa AREER 166 Adding Userswith GS File Import stcsscccescsenccenes sereeeene cates scieeessecdeet acatiaaeeestianacdaeseceuy ean deane 166 UWsers CSV File REQUIFCMOMtS iss dcsitic sas cceuvss cece ang ectusn eevee naceieeancersabeeeeetvanc cans uneceeaveen deck 167 Salmple USers CSV File iesind scents ia ceres na ai aad 170 MI
249. earch At any time during the discovery you can click Stop to discontinue the discovery process Discovered devices appear in a list 7 To add one or more discovered devices to CC SG select the devices from the list and click Add The Add Device screen appears with some of the data already populated If you selected more than one device to add you can click Previous and Skip at the bottom of the screen to navigate through the Add Device screens for the devices you want to add 8 The Add Device page is different for different device types See the instructions on adding each device type CC SG discovered For KVM or Serial devices see Add a KVM or Serial Device on page 54 For Powerstrips see Add a PowerSitrip Device on page 56 For Dominion PX powerstrips on the IP network see Add a Dominion PX Device on page 56 9 Click Apply to add a discovered device and continue to the next discovered device Click OK to add the current discovered device and stop the process of adding the discovered devices 53 54 Chapter 6 Devices Device Groups and Ports Adding a Device Devices must be added to CC SG before you can configure ports or add interfaces that provide access to the nodes connected to ports The Add Device screen is used to add devices whose properties you know and can provide to CC SG To search for devices to add use the Discover Devices option See Discovering Devices on page 53 To add Raritan Po
250. ecaccecdsaadissaacacersersacnedienecevscasncadenscatedtanceaaia 92 Chapter 7 Managed Powerstrips 93 Configuring Powerstrips that are Managed by Another Device in CC SG cccceeeeesteeeeeees 94 Configuring PowerStrips Connected to KX KX2 KX2 101 KSX2 and P2SC ceeeeeee 95 Add a PowerStrip Device Connected to a KX KX2 KX2 101 KSX2 or P2SC Device 95 Move a KX KX2 KX2 101 KSX2 or P2SC s PowerStrip to a Different Port 95 Delete a PowerSirip Connected to a KX KX2 KX2 101 KSX2 or P2SC Device 96 Configuring PowerStrips Connected to SX 3 0 and KSX ceeccceeeeeeeeeeeeeeeeeeeeeseeeeeseaeeeeeeseenees 96 Add a PowerStrip Connected to an SX 3 0 or KSX device oo eee eecceceeseeeeeeeseeeeeeeaeeeeeeaas 96 Delete a PowerSitrip Connected to an SX 3 0 or KSX DeVICE cccecceceeceesteeeeeesteeeeeenes 97 Change a PowerStrip s Device or Port Association SX 3 0 KSX 97 Configuring Powerstrips Connected to SX Si caves ccccsetcg ceeds sdcceessee ccstesancceeseeadeaatseadecesenedessetea sarees 98 Add a Powerstrip Connected to an SX 3 1 Device eeeceeececeeeeeeeeeeeeeeceeeeeseaeeeesaeeteneeeeaees 98 Move an SX 3 1 s Powerstrip to a Different Port 0 ceecceceeeeeeeeeeeeeeeeeeeeesaeeeeaaeeseneeeaas 99 Delete a Powerstrip Connected to an SX 3 1 D VICE ee cceccececcteeeeeesteeeeeesaeeesesnaeeeeneaas 99 Configuring Outlets On A POWeCrSUMD sunean ad adane aad 99 Chapter 8 Nodes Node Groups
251. ecent Raritan CommandCenter Sec purchase Your Software License Key may now be generated This License required to activate this Software Product You can access that license key s as well as review the history of Raritan s products that you have purchased with their associated license keys at our v here http www _raritan com licensing SAR ements MBintmnnntian anA ainan MOOT n E E oben sah anes fl 4 Click the link in the email to go to the Software License Key Login page on Raritan s website and login with the user account just created 5 Click the Product License tab The licenses you purchased display in a list You may have only 1 license or multiple licenses 6 To get each license click Create next to the item in the list If you have more than 1 license create the base license first 7 Select New License Server Deployment if this is the first time you are creating a license If you have multiple CC SG deployments with more than 1 license server select Add to an Existing License Server Deployment then select the license server you want to add this license to 8 Select Single as the Deployment Mode and Path Leave Vendor Daemon Path blank then click Next 9 Select Hostname or Host IP then enter either the hostname or IP address of the license server 10 Enter the Host ID of the license server using these instructions to retrieve it The Host ID is a long string of letters and numbers such as A005B983 8DF
252. echnical Support requests from INFO to DEBUG 7 Click Apply Changes at the bottom of the window Reproduce the problem and take a snapshot See Take a System Snapshot on page 335 gt 2 Turn off the debug mode 1 Open the debug options window by following the first 4 steps of the previous section Change the value of the debug option from DEBUG to INFO Click Apply Changes at the bottom of the window 375 Appendix G Diagnostic Utilities CC SG Disk Monitoring If CC SG disk space exhaustion in one or more file systems occurs it may negatively impact your operation and even results in the loss of some engineering data Therefore you should monitor the CC SG disk usage and take corrective actions to prevent or resolve potential issues You may perform the disk monitoring either via the Diagnostic Console or via the Web browser If you are a sophisticated user you may use the gkrellm remote monitoring See Configure Remote System Monitoring on page 325 Important For CC SG units in a cluster configuration you must monitor both CC SG units gt To monitor the disk space via the Diagnostic Console 1 Log into the Diagnostic Console and invoke the Disk Status page See Display RAID Status and Disk Utilization on page 327 2 Check the disk related information and take actions when necessary Both RAID partitions should display as UU instead of U_ or LU Otherwise a disk failure is indicated and you must con
253. ect Nodes tab 2 Click the Device Name drop down menu and select a device to filter the Available list to display only nodes with interfaces from that device 3 Inthe Available list select the nodes you want to add to the group and then click Add to move the node into the Selected list Nodes in the Selected list will be added to the group 151 152 Chapter 8 Nodes Node Groups and Interfaces 4 To remove a node from the group select the node name in the Selected list and click Remove You can search for a node in either the Available or Selected list Type the search terms in the field below the list and then click Go If you want to create a policy that allows access to the nodes in this group at any time select the Create Full Access Policy for Group checkbox When you are done adding nodes to the group click OK to create the node group The group will be added to the list of Node Groups on the left Describe Nodes To add a node group with the Describe Nodes option Click the Select Nodes tab Click the Add New Row icon E to add a row in the table for a new rule Rules take the form of an expression which can be compared against nodes Double click each column in the row to turn the appropriate cell into a drop down menu then select the appropriate value for each component Prefix Leave this blank or select NOT If NOT is selected this rule will filter for values opposite of the rest of the e
254. ed on the TACACS server and on CC SG The user name on the TACACS server and on CC SG must be the same although the passwords may be different See Users and User Groups on page 156 Add a TACACS Module Par on To add a TACACS module Choose Administration gt Security Click the Authentication tab Click Add to open the Add Module window Choose Module Type gt TACACS Type a name for the TACACS server in the Module name field Click Next The General tab opens TACACS General Settings 1 Raritan Type the IP address or hostname of the TACACS server in the IP Address Hostname Name field See Terminology Acronyms on page 2 for hostname rules Type the port number on which the TACACS server is listening in the Port Number field The default port number is 49 Type the authentication port in the Authentication Port field Type the shared key in the Shared Key and Shared key confirm fields Maximum length is 128 characters Click OK to save your changes The new TACACS module appears in the Security Manager screen under External AA Servers Select the Authentication checkbox if you want CC SG to use the TACACS module for authentication of users Click Update to save your changes 205 Chapter 12 Remote Authentication About RADIUS and CC SG CC SG users who are remotely authenticated by a RADIUS server must be created on the RADIUS server and on CC SG The user name on the RADIUS serv
255. ee Adding a Policy on page 176 e Apply the policy to a user group See Assigning Policies To User Groups on page 179 In This Chapter Adding a POlCY ricessi tee aahenee tv seetidvaa a e sedated 176 Editing a PORGY scecsictencctecestetoseten te beceites oletansuheceastodeten iy haash cae tdetan TEE 177 Deleting a PONCY ic iiitectcccdessvhostente dees cedbtetanedeceasdbedeten escent cae dheean a 178 Support for Virtual Media sretan canceeaddewcsatdvadehanideecekie aneandebtepeds 179 Assigning Policies To User Group 2 cccecceeeeteeeeeeceeeeeseaeeeeeeeeenees 179 Raritan ats Chapter 10 Policies for Access Control Adding a Policy 176 If you create a policy that denies access Deny to a node group or device group you also must create a policy that allows access Control for the selected node group or device group Users will not automatically receive Control rights when the Deny policy is not in effect gt 1 2 To add a policy Choose Associations gt Policies The Policy Manager window opens Click Add A dialog window appears requesting a name for the policy Type a name for the new policy in the Enter policy name field See Naming Conventions on page 389 for details on CC SG s rules for name lengths Click OK The new policy will be added to the Policy Name list in the Policy Manager screen Click the Device Group drop down arrow and select the Device Group to which this policy governs acc
256. ee Configuring Synchronization of Power IQ and CC SG on page 340 to set the synchronization policy gt Synchronization policies e Consolidate Nodes If an IT Device as determined by the External Key is retrieved from more that one Power IQ the node will have a Power IQ Proxy interface for each PowerlQ CC SG allows duplicate interface names for a single node e Rename Duplicate Nodes If an IT Device as determined by the External Key is retrieved from more that one Power IQ a node will be created for each with a single Power IQ Proxy interface CC SG will rename the nodes to make them unique by adding a number in parentheses For example node node 2 node 3 e Reject Duplicate Nodes If an IT Device as determined by the External Key is retrieved from more than one Power IQ the first instance will have a node and Power IQ Proxy interface created subsequent instances will be rejected and logged as errors This is the default gt Other synchronization results When synchronizing if an IT Device no longer exists as determined by the External Key and the node only has a single interface of the type Power IQ Proxy Interface associated with it the node is deleted from CC SG If the node has other interfaces in addition to the single Power IQ Proxy Interface associated with it only that Power IQ Proxy interface is deleted from CC SG If a Power IQ instance is deleted from CC SG these results will be the same
257. eeeeeeeeeaeeeeeee eae eecaaeegeaaeegeeeseaeeeeaaeseeaaeseeeeseaeseeaaesseaeeseeeeess 235 Ending CC SG SeSSION cccecceceeeeeeeeeeeeeeeeeeeecaeeeeaaeeeeaaeseaeeeseaeeseaaeseeaaesgeeeeseaesseaaesseaeesseeeess 235 LOG OUT OT CO SG reiasa aeinn tatgnendshoeabaaedtew eat ecdutadyncessueden Mathes saad nteeeniteees 235 EX its CGS Gurgone ca defi nae cng scccaade ce sau A sas cae A E ad gaia Aa AaS 236 i Z Raritan Contents Chapter 15 Advanced Administration 237 Configuring a Message of the Day sierici iiaeiai E deste genie eaeatgaes 237 Configuring Applications for Accessing Nodes cccccceeseeceeeeeeeeeeeeaeeeeaeeseeeeeseaeeesaeeeeseeeeaees 238 About Applications for Accessing NOCES ccccceeeeeeeeeeeeeneeeeeenaeeeeeeaaeeeeeeaaeeeeeeaeeeeeeaas 238 Checking and Upgrading Application Versions cccccceeseeseeeceeneeseeeeeseeeeseaeeeeeeeesaees 238 Older Version of Application Opens After Upgrading cccccceeseeceeceeeeeeeeseeeeeeeeeees 239 AG an AD PIIC ATION sce cogececweeteed ocesteces E 239 Deletesan Applications siectcoisct cengecas troy ccnavitecniyed cenudiny igdianattenghecistiee neuen 240 Prerequisites for Using AKG aaah iaaa a a aer a a araa aak 240 Configuring Default Applications sirrien anana a aaan a aaae 240 About Default Applications 3 iccccis sired css ccereesiiionets th deateiay dedesnnndiedasdineedsthdcseedaadeeeatbienecestiecs 240 View the Default Application Assignments
258. eeeseeeeseaeeeeneeeeaees 251 Configure a Combination of Direct Mode and Proxy Mode ccceecceeeteeeseeeeeeeeeeees 251 Device SC TINGS cis darecescsceeetapdaceneas cexeteanand aay cae seat saaremeus tet eldaaeceiteeceettegeeeedeanacdine sence 251 Enabling the AKC Download Server Certificate Validation cc ccccceeceeeesteeeeeesteeeees 253 Configuring Custom JRE Settings ccccceceseceeeeeceeeeeeeaeeeeeeeceeeeeseaeeesaaeeeeeeeseeeeescaeeesaeeeeeeseaees 254 COMPUTING SNMP cisini aiganas naas asine aiian aaa Aaaa iaai iaaa aiaia akida 255 MIB File Sinsin anean aiaia aaae Aasia AA ENE AEE ANO AKE A AAEE EIIE ASEE A ESAn 256 Configuring CC SG CIUStCrS eeecceeceececeeeeeeeceeeeeceeeecaaeeeeaaeseeeeeseaeeesaaeeseeeeseeeeseaeeeseaeeseneeseaees 256 Requirements for CC SG Clusters ccecceececeeeeeeeeeeeeeeeseneeecaaeeeeaeeseeeeeseaeeesaeeseneeseneeees 257 Access a CC SG Cluster oo eeecceccce cece eeeaeceeeeeceaeeeeaaeedeaaeeaeeeceaeeeeaaeseeaeeseaeeesaaeseeaaeeseneesaas 257 Create a CIUSTOM 2 eccccccccccceeeceence cece eeeeaeeeeneeeeeeecaaeeeeaaeseaeeseaeeecaaeseeaaeseeeeseaeesesaeeseneessaees 257 Configure Cluster SettinS cccccecceeeeeseeceeeeeceeeeesaaeeeeeeeseeeesaaeeesaaeseneeeseaeessnaeeseeeeseaees 258 Switch the Primary and Secondary Node Status 0 c ccceeceseeeeeeeeeeeeeeeseeeeeseaeeeeeeeeeaees 259 Recover a Cluster cccceesceceecceceneeeeaaeeteaeeceaeeecaaeeeeaaesdaeeeceaeeecaaeseeaaes
259. eld Details The first column for all tags is the command ADD Enter the tag as shown Tags are not case sensitive Required field Required field Required field Default is 80 Optional Leave blank if specifying username and password Optional Leave blank if specifying service account Optional Leave blank if specifying service account Optional See Tips for Adding a Web Browser Interface on page 134 Optional See Tips for Adding a Web Browser Interface on page 134 Raritan Chapter 8 Nodes Node Groups and Interfaces Column Tag or value number 12 Description Details Optional gt To add a Power IQ Proxy power control interface to the CSV file See Power Control of Power IQ IT Devices on page 337 for details about configuring this interface type Column Tag or value number 1 ADD 2 NODE POWER PIQ INTERFA CE Node Name 4 Interface Name 5 External Key 6 Managing Power IQ Name 7 Description Raritan Details The first column for all tags is the command ADD Enter the tag as shown Tags are not case sensitive Required field Required field Ifthe IT device has already been added to Power IQ find the external key on the IT device s page in the Data Center tab and enter the text in this field Ifthe IT device has not been added to Power IQ yet enter a text value but make sure to use the same value when adding the IT device
260. emote Authentication Synchronizing AD with CC SG Raritan There are several methods for synchronizing the information on CC SG with the information on your AD server Daily synchronization of all modules You can enable scheduled synchronization to allow CC SG to synchronize all AD modules daily at the time you choose See Synchronize All AD Modules on page 199 This synchronization is necessary only when you are using AD for authorization Scheduled synchronization using Task Manager See Schedule a Task on page 280 On Demand Synchronization You can perform two types of synchronization whenever you choose 1 All Active Directory Modules This option performs the same operation as daily synchronization of all modules but you can use it to synchronize at any time on demand This synchronization is necessary only when you are using AD for authorization See Synchronize All AD Modules on page 199 All User Groups Use this option when you have changed a user group Synchronizing all user groups allows you to map imported and local user groups to user groups identified as part of an AD module Synchronizing user groups does not update access information in CC SG You must synchronize all AD modules either by waiting for daily synchronization to run or by running the on demand synchronization of all modules to update access information See Synchronize All User Groups with AD on page 198 197 198 Chapter 12
261. emove You can search for a device in either the Available or Selected list Type the search terms in the field below the list and then click Go Select the Create Full Access Policy for Group checkbox to create a policy for this device group that allows access to all devices in the group at all times with control permission To add another device group click Apply to save this group then repeat these steps Optional If you have finished adding device groups click OK to save your changes To add a device group with the Describe Devices option Click the Describe Devices tab in the Device Group New panel In the Describe Devices tab you can create a table of rules that describe the devices you want to assign to the group Click the Add New Row icon E to add a row to the table Double click the cell created for each column to activate a drop down menu Select the rule components you want to use from each list Prefix Leave this blank or select NOT If NOT is selected this rule will filter for values opposite of the rest of the expression 73 74 Chapter 6 Devices Device Groups and Ports Category Select an attribute that will be evaluated in the rule All categories you created in the Association Manager are available here If any blade chassis has been configured in the system a Blade Chassis category is available by default Operator Select a comparison operation to be performed between the Category a
262. ems Tip Type the name of a user group in the Find field to highlight it in the list Type after a partial name to highlight all similar names in the list Click the column headers to sort the lists alphabetically 5 Click Update Adding Editing and Deleting Users Raritan Add a User When you add a user to CC SG you must specify a user group to give the user the access privileges assigned to the user group gt To add a user 1 Inthe Users tab select the group to which you want to add a user 2 Choose Users gt User Manager gt Add User In the Username field type the user name of the user you want to add This name is used to log in to CC SG See Naming Conventions on page 389 for details on CC SG s rules for name lengths 4 Inthe Full Name field type the user s full first and last name See Naming Conventions on page 389 for details on CC SG s rules for name lengths 5 Select the Login Enabled checkbox if you want the user to be able to log in to CC SG 6 Select the Check Remote Authentication checkbox only if you want the user to be authenticated by an external server such as TACACS RADIUS LDAP or AD If you are using remote authentication a password is not required and the New Password and Retype New Password fields will be disabled 7 Inthe New Password and Retype New Password fields type the password that the user will use to log in to CC SG Note See Naming Conventions on
263. en click Add Node Groups in the Guided Tasks tree view in the left panel to open the Node Group New panel In the Group Name field type a name for a node group you want to create There are two ways to add nodes to a group Select Nodes and Describe Nodes The Select Nodes section allows you to select which nodes you want to assign to the group by selecting them from the list of available nodes The Describe Nodes section allows you to specify rules that describe nodes and the nodes whose parameters follow those rules will be added to the group 37 38 Chapter 4 Configuring CC SG with Guided Setup User Management Select Nodes Click the Select Nodes tab in the Node Group New panel In the Available list select the node you want to add to the group and then click Add to move the node into the Selected list Nodes in the Selected list will be added to the group To remove a node from the group select the node name in the Selected list and click Remove You can search for a node in either the Available or Selected list Type the search terms in the field below the list and then click Go Describe Nodes Click the Describe Nodes tab in the Node Group New panel In the Describe Nodes tab you create a table of rules that describe the nodes you want to assign to the group Click the Add New Row icon Ej to add a row to the table Double click the cell created for each column to activate a drop down menu Select the rul
264. en you back up an SX 3 0 1 device attached PowerStrip configurations are not backed up If you restore the SX 3 0 1 device from the backup you must reconfigure the PowerStrips gt To backup a device configuration 1 Click the Devices tab and select the device you want to back up Choose Devices gt Device Manager gt Configuration gt Backup Type a name in the Backup name field to identify this backup e oO N Type a short description of the backup in the Description field Optional 5 Click OK to back up the device configuration A message appears when the device configuration has been backed up 83 Chapter 6 Devices Device Groups and Ports Restoring Device Configurations The following device types allow you to restore a full backup of the device configuration KX KSX KX101 SX IP Reach KX2 KSX2 and KX2 101 devices allow you to choose which components of a backup you want to restore to the device Protected The entire content of the selected backup file except the network settings personality package and for KX2 devices the port configuration settings will be restored to the device You can use the Protected option to restore a backup of one device to another device of the same model KX2 KSX2 and KX2 101 only Full The entire content of the selected backup file will be restored to the device Custom Allows you to restore Device Setting User and User Group Data Settings or both Res
265. endix B CC SG and Network Configuration Communication Direction Client to Raritan Device to Out of Band KVM Node Direct Mode Client to Raritan Dominion SX Device to Out of Band Serial Node Direct Mode Port Number Protocol Configurable Details 5000 TCP yes Client server communication on Raritan Device SSL AES 128 AES 256 encrypted if configured 51000 TCP yes Client server communication on Raritan Device SSL AES 128 AES 256 encrypted if configured CC SG and Client for IPMI iLO RILOE DRAC RSA You may need to open additional ports for CC SG to manage third party devices such as iLO RILOE and iLO2 RILOE2 servers Targets of an iLO RILOE device are powered on off and recycled directly Intelligent Platform Management Interface IPMI servers can also be controlled by CC SG Dell DRAC and RSA targets can also be managed by CC SG Note Some in band interfaces require additional ports to be open See their respective guides for more information Communication Direction Port Number Protocol Configurable Details CC SG to IPMI 623 TCP no IPMI standard CC SG to iLO RILOE uses 80 or 443 TCP no Vendor standard HTTP ports CC SG to DRAC 80 or 443 TCP no Vendor standard CC SG to RSA 80 or 443 TCP no Vendor standard Communication Direction SNMP Manager to CC SG 354 CC SG and SNMP Simple Network Management Protocol SNMP allows CC SG to push SNMP traps event notifications to an ex
266. ent 5 Bulk Copying for Device Associations Location and Contacts 69 Bulk Copying for Node Associations Location and Contacts 137 Bulk Copying Users 174 C Categories and Elements CSV File Requirements 44 CC Super User Group 158 CC Users Group 158 CC NOC 295 CC SG Access via NAT enabled Firewall 355 CC SG Admin Client 8 CC SG and Client for IPMI iLO RILOE DRAC RSA 354 CC SG and Network Configuration 349 CC SG and Raritan Devices 351 CC SG and SNMP 354 CC SG Clustering 351 CC SG Communication Channels 350 CC SG Disk Monitoring 302 376 CC SG Internal Ports 355 CC SG Shutdown 232 233 234 CC SG Title Date and Time 299 Certificate Tasks 273 Certificates 273 Change a Custom View for Devices 184 Change a Custom View for Nodes 182 Change a PowerStrip s Device or Port Association SX 3 0 KSX 96 97 Change a Scheduled Task 284 Change the CC SG default font size 173 Change the CC SG Super User s Username 173 Change the Daily AD Synchronization Time 200 Change the HTTP and HTTPS Ports for a KX2 Device 57 Change the Password for a Service Account 107 Change the Video Resolution for Diagnostic Console 336 Raritan Change your default search preference 52 172 Change your email address 173 Change your name 172 Change your password 172 Changing the Blade Server Status 66 Check Your Browser f
267. ent Browser ReguiremMmentSksisiniiningiii iennige 4 Prerequisites Before configuring a CC SG according to the procedures in this document see Raritan s CommandCenter Secure Gateway Deployment Guide for more comprehensive instructions on deploying Raritan devices that are managed by CC SG Raritan Chapter 1 Introduction Terminology Acronyms Terms and acronyms found in this document include Access Client HTML based client intended for use by normal access users who need to access a node managed by CC SG The Access Client does not allow the use of administration functions Admin Client Java based client for CC SG useable by both normal access users and administrators It is the only client that permits administration Associations relationships between categories elements of a category and ports or devices or both For example if you want to associate the Location category with a device create associations before adding devices and ports in CC SG Category a variable that contains a set of values or elements An example of a Category is Location which may have elements such as New York City Philadelphia or Data Center 1 When you add devices and ports to CC SG you will associate this information with them It is easier if you set up associations correctly first before adding devices and ports to them Another example of a Category is OS Type which may have elements such as
268. ent to this email address when lockout has occurred If the field is blank notification is not sent Optional Type a phone number in the Administrator s Telephone field The phone number will appear in the notification email that is sent when lockout occurs Optional Click Update to save your changes To disable lockout When you disable lockout all users currently locked out of CC SG will be allowed to log in 1 Choose Administration gt Security Raritan Raritan Chapter 15 Advanced Administration Open the Login Settings tab Deselect the Lockout Enabled for Local Users checkbox to disable lockout for locally authenticated users Deselect the Lockout Enabled for Remote Users checkbox to disable lockout for remotely authenticated users 4 Click Update to save your changes Allow concurrent logins per username You can permit more than one concurrent CC SG session with the same username 1 Choose Administration gt Security 2 Click the Login Settings tab Select the Super User checkbox to allow more than one simultaneous login with the CC Super User account Select the System Administrators checkbox to allow concurrent logins by users in the System Administrators user group Select the Other Users checkbox to allow concurrent logins by all other users 3 Click Update to save your changes Configure the Inactivity Timer You can configure the inactivity timer to specify how
269. ents a target that is accessible through CC SG via either In Band direct IP or Out of Band connected to a Raritan device methods For example a node can be a server in a rack connected to a Raritan KVM over IP device a server with an HP iLO card a PC on the network running VNC or a piece of networking infrastructure with a remote serial management connection You can manually add nodes to CC SG after you have added the devices to which they are connected Nodes can also be created automatically by selecting the Configure all ports checkbox on the Add Device screen when you are adding a device This option allows CC SG to automatically add all device ports and add a node and an out of band KVM or serial interface for each port You can edit these nodes ports and interfaces at any time 101 Chapter 8 Nodes Node Groups and Interfaces Viewing Nodes 102 Node Names Node names must be unique CC SG will prompt you with options if you attempt to manually add a node with an existing node name When CC SG automatically adds nodes a numbering system ensures that node names are unique See Naming Conventions on page 389 for details on CC SG s rules for name lengths About Interfaces In CC SG nodes are accessed through interfaces You must add at least one interface to each new node You can add different types of interfaces to provide different kinds of access such as Out of Band KVM or serial power control In Ba
270. equired field Required field Required field 79 80 Chapter 6 Devices Device Groups and Ports Column number Tag or value Blade Name Node Name Details Optional If left blank the name assigned at the device level is used If a name is entered in the CSV file it will be copied to the device level Enter a name for the node that will be created when this blade is configured gt To add a tiered KVM switch connected to a KX2 KX2 ports with tiered KVM switches connected must be imported as type KYM Column number 1 Tag or value ADD DEVICE KVMSWITCHPORT Device Name Port Number KVM Switch Port Number KVM Switch Port Name Node Name Details The first column for all tags is the command ADD Enter the tag as shown Tags are not case sensitive Required field The port that the KVM Switch is connected to Required field Required field Optional If left blank the name assigned at the device level is used If a name is entered in the CSV file it will be copied to the device level Enter a name for the node that will be created when this KVM Switch port is configured gt To assign a category and element to a device to the CSV file Categories and elements must already be created in CC SG You can assign multiple elements of the same category to a device in the CSV file Column number 1 Tag or value ADD Details The first column
271. er Choose Tools gt Internet Options On the General tab click Delete Files then click OK to confirm In FireFox 2 0 and 3 0 Choose Tools gt Clear Private Data Make sure Cache is selected then click Clear Private Data Now Clear the Java Cache These instructions may vary slightly for different Java versions and different operating systems gt 1 e ON 5 Raritan In Windows XP with Java 1 6 Choose Control Panel gt Java On the General tab click Settings In the dialog box that opens click Delete Files Make sure the Applications and Applets checkbox is selected then click OK 231 Chapter 14 System Maintenance Upgrading a Cluster To upgrade a CC SG cluster follow this recommended upgrade procedure Only physical CC SG units can be in a cluster A CC SG cluster license is a special kind of license file that the 2 CC SG units in the cluster share See Cluster Licenses on page 261 for details If the upgrade of your primary node fails while following this procedure see Primary Node Upgrade Failure on page 233 gt To upgrade a cluster 1 Force a failover from your primary node to the backup node by choosing Administration gt Cluster Configuration In the Configuration tab click Switch Primary and Backup See Switch the Primary and Secondary Node Status on page 259 for details Your backup node becomes Primary Your former primary node goes into Waiting status 2 In your
272. er 16 Diagnostic Console 296 Accessing Diagnostic Console ccccccceeeeeseceeeeeeeaeeeeaaeeecaeeceeeeesaaeeeeaaeseeeeeseaeeesaaeeeeaaeeeeeeeeaas 296 Access Diagnostic Console via VGA Keyboard MouSse Poft cccccceeeceeeteeeesteeeeeeetees 296 Access Diagnostic Console Vid SSH cccccceeseceeeeeeeeeceeeeeceaeeesaaeeeceeeseeeeseaeeeeaeeeeeeeeeas 296 Srei R ONS OO A EEEE septs tind E E EPS E EEEE S E EE E EE EPEE EE 297 About Status CONSOlesserisiinerneiniairisnnnncirinnidnaunenadi aiee aaan eii ddannedd aideak aidien 297 Access Status Console cnici a EEEa EN nenmuesanaheuenshavetensnandaee 297 Status Consol Informatio N pressini aeiae N aAa a EN Aaaa Ea 298 Administrator COnSOI cccccececcccce cece eececcceseceaeeeeececeeueuaueaeeseeeeeeeseaueeseceeeeueeauaaseeeseseeaeaneaeeeees 303 About Administrator GONMSOlS is wisi scciei cccncsansi Snchaievanceanss ddenatetanenanss duenanavacdnansh aneieietenesanavauee 303 Access Administrator COnSole c c c csssssesssesssesseeseeeeseceseeeeeeeseeeeecesesesesesseseserssereeerees 303 Raritan Contents Navigate Administrator Console sissisodan itne 305 Edit Diagnostic Console Configuration siisii 306 Edit Network Interfaces Configuration Network Interfaces ccceeeeseeeeeeeeeeeeees 307 Ping a P AGGreSS sais sccictissecenscsiegsid bassenesdia a ca 308 Se TikACSrOUle A E ceva stecvetuin corns E E A E E cents 309 Edit Statie ROUTES rengana EE AEE AEE an
273. er IQ yet accept the default value for the external key or change it but make sure to use the same value when adding the IT device to Power IQ You can quickly make a file of all node and interface information by exporting See Export Nodes on page 149 2 Select the Power IQ that manages the IT device in the Managing Device field You must add information about this Power IQ to CC SG before it appears in this field See Configuring Power IQ Services on page 338 3 Type a description of this interface in the Description field Click OK to save your changes Raritan Raritan Chapter 8 Nodes Node Groups and Interfaces Web Browser Interface You can add a Web Browser Interface to create a connection to a device with an embedded web server such as a Dominion PX See Example Adding a Web Browser Interface to a PX Node on page 134 Fora blade chassis with an integrated KVM switch if you have assigned a URL or IP address to it on the KX2 device a Web Browser interface is automatically added A Web Browser interface can also be used to connect to any web application such as the web application associated with an RSA DRAC or ILO Processor card A Web Browser Interface may not allow automatic login if the web application requires information other than username and password such as a session ID Users must have the Node In Band Access privilege to access a Web Browser Interface You must have DNS configured
274. er and on CC SG must be the same although the passwords may be different See Users and User Groups on page 156 Add a RADIUS Module gt To adda RADIUS module 1 Choose Administration gt Security 2 Click the Authentication tab 3 Click Add to open the Add Module window 4 Click the Module Type drop down menu and select RADIUS from the list 5 Type aname for the RADIUS server in the Module name field Click Next to proceed The General tab opens RADIUS General Settings 1 Click the General tab 2 Type the IP address or hostname of the RADIUS server in the IP Address Hostname field See Terminology Acronyms on page 2 for hostname rules 3 Type the port number in the Port Number field The default port number is 1812 Type the authentication port in the Authentication Port field Type the shared key in the Shared Key and Shared key confirm fields Click OK to save your changes The new RADIUS module appears in the Security Manager screen under External AA Servers Select the Authentication checkbox if you want CC SG to use the RADIUS module for authentication of users 8 Click Update to save your changes i Z Raritan Chapter 12 Remote Authentication Two Factor Authentication Using RADIUS By using an RSA RADIUS Server that supports two factor authentication in conjunction with an RSA Authentication Manager CC SG can make use of two factor authentication schemes with dynamic tokens
275. er time in the Current Time field Choose System Maintenance gt Restart to restart CC SG Checking the Compatibility Matrix Raritan The Compatibility Matrix lists the firmware versions of Raritan devices and software versions of applications that are compatible with the current version of CC SG CC SG checks against this data when you add a device upgrade device firmware or select an application for use If the firmware or software version is incompatible CC SG displays a message to warn you before you continue Each version of CC SG will support only the current and previous firmware versions for Raritan devices at the time of release You can view the compatibility matrix on the Raritan Support web site gt To check the Compatibility Matrix e Choose Administration gt Compatibility Matrix 31 Chapter 3 Getting Started Checking and Upgrading Application Versions Check and upgrade the CC SG applications including Raritan Console RC and Raritan Remote Client RRC gt To check an application version 1 Choose Administration gt Applications 2 Select an Application name from the list Note the number in the Version field Some applications do not automatically show a version number gt To upgrade an application If the application version is not current you must upgrade the application You can download the application upgrade file from the Raritan website For a complete list of supported applica
276. ering is not supported for virtual appliances Note If the standalone grace period expires CC SG operations are limited until the cluster is joined See Licensing Limited Operation Before License Install on page 28 When creating your cluster license file on the Raritan Licensing Portal you must enter the Host IDs for each CC SG unit Find these numbers on the Administration gt License Management page of each CC SG unit gt To deploy a CC SG cluster with a Cluster Kit license See Configuring CC SG Clusters on page 256 for full details on CC SG clusters 1 Deploy both CC SG units to be clustered See the CC SG Quick Setup Guide for deployment details 2 Find the Host IDs for each CC SG unit See Find Your Host ID and Check Number of Nodes In Database see Find Your Physical Appliance Host ID and Check Number of Nodes In Database on page 12 3 Get the Cluster Kit license file See Licensing New Customers Physical Appliance on page 14 Create the cluster See Create a Cluster on page 257 Install the license file on the primary node in the cluster The file will be copied to the secondary node when the cluster is created See Licensing New Customers Physical Appliance on page 14 for details on installing a license file 6 Check out the licenses you want to activate Make sure to check out the Cluster Kit license See Licensing New Customers Physical Appliance on page 14 Raritan Chapter
277. es select the topmost checkboxes in the VNC RDP or SSH columns Optional To add more than one virtual machine a 5E Raritan Z Raritan Chapter 8 Nodes Node Groups and Interfaces Use Ctrl click or Shift click to select multiple virtual machines that you want to add Inthe Check Uncheck Selected Rows section select the Virtual Machine checkbox a To adda VNC RDP or SSH interface to the virtual host nodes and virtual machine nodes that will be created select the VNC RDP or SSH checkboxes in the Check Uncheck Selected Rows section Optional Click Check 11 Click Next CC SG displays a list of interface types that will be added You can add names and login credentials for each type 12 For each interface type enter a name and login credentials The name and login credentials will be shared by all the interfaces added to each virtual machine node and virtual host node configured Optional Leave these fields blank if you prefer to add names and login credentials to each interface individually The interface will take the name of the node if the field is left blank a Enter names for interfaces Maximum 32 characters a Virtual Host VI Client Interfaces VMware Viewer Interfaces Virtual Power Interfaces RDP VNC and SSH Interfaces if specified b Enter login credentials if needed Some interface types do not require login credentials To use a Service Account select the Use Service A
278. escription dc cn om raritan dc com The search query for the user in the group will be made over the whole directory structure Administrators cn Users dc raritan dc c The search query for the user in the group will be performed only in the Administrators sub directory entry 193 194 Chapter 12 Remote Authentication 3 4 Type a user s attributes in the Filter field so the search query for the user in the group will be restricted to only those entries that meet this criterion For example if you specify cn Groups dc raritan dc com as the Base DN and objectclass group as the Filter then all entries that are in the Groups entry and are of type group will be returned Click Next to proceed The Trusts tab opens AD Trust Settings In the Trusts tab you can set up trust relationships between this new AD domain and any existing domains A trust relationship allows resources to b e accessible by authenticated users across domains Trust relationships can be incoming outgoing bidirectional or disabled You should set up trust relationships if you want AD modules that represent different forests in AD to be able to access information from each other The AD 1 trusts you configure in CC SG should match the trusts configured in Click the Trusts tab If you have configured more than one AD domain all other domains are listed in the Trusts tab For each domain in the Trust Partner colu
279. eset whether you select the IP ACL Tables option or not The Neighborhood configuration is removed with the reset so CC SG no longer remembers being a Neighborhood member if it was This option is enabled when you select Full CC SG Database Reset As the CC SG database is rebuilt some previously configured options are saved Secure Communication between PC Clients and CC SG Enforce Strong Passwords Direct vs Proxy Connections to Out of Band nodes Inactivity Timer setting This option changes the network settings back to factory defaults Host name CommandCenter Domain name localdomain Mode IP Failover Configuration Static IP Address 192 168 0 192 Netmask 255 255 255 0 Gateway none Primary DNS none Secondary DNS none Adapter Speed Auto This option resets the SNMP settings back to factory defaults Port 161 Read only Community public Read write Community private System Contact Name Location none SNMP Trap Configuration SNMP Trap Destinations This option resets all device firmware files to factory defaults This option does not change the CC SG database This option loads the firmware files for the current CC SG version into the CC SG database Raritan Option Diagnostic Console Reset IP Access Control Lists Reset w oO N Chapter 16 Diagnostic Console Description This option restores Diagnostic Console settings back to factory defa
280. eshoot CSV File Problems on page 371 Click Import Check the Actions area to see the import results Items that imported successfully show in green text Items that failed import show in red text Items that failed import because a duplicate item already exists or was already imported also show in red text 81 Chapter 6 Devices Device Groups and Ports 6 To view more import results details check the Audit Trail report See Audit Trail Entries for Importing on page 370 Export Devices The export file contains comments at the top that describe each item in the file The comments can be used as instructions for creating a file for importing Note P2SC devices are not exported gt To export devices 1 Choose Administration gt Export gt Export Devices Click Export to File 3 Type a name for the file and choose the location where you want to save it 4 Click Save Upgrading a Device You can upgrade a device when a new versions of device firmware is available Important Check the Compatibility Matrix to make sure the new device firmware version is compatible with your CC SG firmware version If you need to upgrade both CC SG and a device or group of devices perform the CC SG upgrade first and then perform the device upgrade gt To upgrade a device 1 Click the Devices tab and select a device from the Devices tree Choose Devices gt Device Manager gt Upgrade Device 3 Firmware Name Selec
281. ess Click the Node Group drop down arrow and select the Node Group to which this policy governs access If the policy will cover only one type of group select a value only for that type Click the Days drop down arrow and then select which days of the week this policy covers All days Weekday Monday through Friday only and Weekend Saturday and Sunday only or Custom select specific days Select Custom to select your own set of days The individual day checkboxes will become enabled Select the checkbox that corresponds to each day you want this policy to cover Inthe Start Time field type the time of day this policy goes into effect The time must be in 24 Hour format Inthe End Time field type the time of day this policy ends The time must be in 24 Hour format In the Device Node Access Permission field select Control to define this policy to allow access to the selected node or device group for the designated times and days Select Deny to define this policy to deny access to the selected node or device group for the designated times and days Raritan Editing a Policy Z Raritan 14 Chapter 10 Policies for Access Control If you selected Control in the Device Node Access Permission field the Virtual Media Permission section will become enabled In the Virtual Media Permission field select an option to allow or deny access to virtual media available in the selected node or device
282. ess devices It also provides the convenience of single sign on CC SG does not auto detect and update the blade chassis configuration when you move it to another KX2 port or device The configuration is lost so you must configure the blade chassis in CC SG once again You should configure the Virtualization feature prior to configuring the blade slots When configuring the blade slot enter the same name as the virtual host node and choose to add this interface to the existing node when a message appears Answer Check your licensing restrictions There is no specified limit to the number of user accounts that can be created for CC SG but the number is not limitless The size of the database the performance of the processor and the amount of memory on the hosting server will determine how many user accounts can actually be created Yes if you have Administrator permissions Administrators have the ability to assign specific nodes per user CC SG works with Microsoft Active Directory Sun iPlanet or Novell eDirectory If a user account already exists in an authentication server then CC SG supports remote authentication using AD TACACS RADIUS LDAP authentication CC SG permits local authentication as well remote Raritan Question for authentication with directory services and security tools such as LDAP AD RADIUS and so on Why does the error message Incorrect username and or password appear after cor
283. ess policies based on these elements See Associations Categories and Elements on page 41 for details on creating categories and elements gt To view node groups e Choose Associations gt Node Groups The Node Groups Manager window appears A list of existing node groups is displayed on the left while details about the selected node group appear in the main panel A list of existing node groups is displayed on the left Click a node group to view the details of the group in the node group manager f the group was formed arbitrarily the Select Nodes tab will be displayed showing a list of nodes in the group and a list of nodes not in the group If the group was formed based on common attributes the Describe Nodes tab will appear showing the rules that govern selection of the nodes for the group To search for a node in the node group list type a string in the Search field at the bottom of the list and then click Search The method of searching is configured through the My Profile screen See Users and User Groups on page 156 f viewing a group based on attributes click View Nodes to display a list of nodes currently in the Node Group A Nodes In Node Group window opens displaying the nodes and all their attributes Raritan Raritan Chapter 8 Nodes Node Groups and Interfaces Add a Node Group gt To add anode group 1 Choose Associations gt Node Group The Node Groups Manager
284. esteeeeeeaes 70 Add a KVM Switch Connected to KX2 ccccceececeeeeeeeeeceeeeeseeeeecaaeeeeaeeseeeeeseaeessaeeeeeeeseaees 70 Configuring Ports on an Analog KVM Switch Device Connected to KX2 c cceeeeees 70 Device Group MANAG Sl ission aaa va jaciviata cee cadaieviatt eee cadence anaes e 71 Device Groups Overvie Wpisanie isnin ian aiaa aaa aaa dada tied ANE Ais a E dace 72 Add a Device GROUP eciseetatead ocaceviccceds cody as aana aaa cat asa date Aa A NERE S 72 Edita Device GroUP issiran siaga fades teed ces cacd E aa uta dais ined cease Ais badge ai tack 76 Delete a Device Group sts ccszavodacecfacies i ccdiges cach as aaa sana a aa tdi ined A NE jae nea gen cab AST 76 Adding Devices with CSV File Imports iiris iaria idk egiccceces ada date etaed caste e anaa dade 77 Devices CSV File Requirements isinisi aiias canain aa aa aa aaa a lacie 77 Sample Devices CSV File serrare s ainnean aeiae a aaae aS Naaa Ean 81 Inport DViCO contiene aa AE RENEE ia REE 81 EXPOMl DOVIGOS ausiren a E E E E 82 Upgrading a DEVICE sreasseran anaE EE EEEE 82 Backing Up a Device Comfiguratiomnsc s isc sate ccceavics iaiia aaea aaa E 83 Restoring Device Configurations vsccicccieccivesercs cae cseceivs aceecusanacd iaieiieith nienia ia 84 Restore a Device Configuration KX KSX KX101 SX IP Reach cceeeeeesseeeeeeees 84 Restore All Configuration Data Except Network Settings to a KX2 KSX2 or KX2 101 DV COVICG isis ins ssectaiaated edetae cede vanicaua
285. estore to the device Restore Type select Full Click OK Click Yes to restart the device A message appears when all user and system configuration data has been restored Save Upload and Delete Device Backup Files You can save the device backup files in the Restore Device Configuration page to a location on your network or local machine If you need to make space for new backups to be stored on CC SG you can delete device backup files You can also upload device backup files saved on your network back to CC SG to use them to restore a device configuration gt Save a device backup file from CC SG 1 Click the Devices tab and select a device 2 Choose Devices gt Device Manager gt Configuration gt Restore 3 Select the device backup file you want to save Click Save to File 4 Navigate to the location where you want to save the file Click Save gt Delete a device backup file from CC SG 1 Click the Devices tab and select a device 2 Choose Devices gt Device Manager gt Configuration gt Restore 3 Select the device backup file you want to delete Click Delete 4 Click Yes to confirm gt Upload a device backup file to CC SG Click the Devices tab and select a device 2 Choose Devices gt Device Manager gt Configuration gt Restore Raritan 3 Chapter 6 Devices Device Groups and Ports Click Upload Navigate to and select the device backup file The file type is rfp Click Open The devi
286. et_5 Outlet_6 Outlet_7 E Outlet_s Serial Target 1 Serial Target 2 Serial Target 3 Serial Target 4 amp Kenny KX216 Each device s configured ports are nested under the devices they belong to Devices with configured ports appear in the list with a symbol Click the or to expand or collapse the list of ports Device and Port Icons For easier identification KVM Serial and Power devices and ports have different icons in the Devices tree Hold the mouse pointer over an icon in the Devices tree to view a tool tip containing information about the device or port Icon Meaning Device available KVM port available or connected ti KVM port inactive a Serial port available E Z Raritan Icon Bl FF amp fw fh Chapter 6 Devices Device Groups and Ports Meaning Serial port unavailable Ghosted port See Raritan s Paragon Il User Guide for details on Ghosting Mode Device paused Device unavailable Power strip Outlet port Blade chassis available Blade chassis unavailable Blade server available Blade server unavailable Port Sorting Options Configured ports are nested under their parent devices in the Devices tab You can change the way ports are sorted Ports arranged by status are sorted alphabetically within their connection status grouping Devices will also be sorted accordingly gt To sort the ports in the Devices tab 1 Choose Devices
287. etetaeiesteiaedeeteiagietts 35 Greating GrOUDS nsen aa taeda ested E E aa a ee eae eee 36 Add Device Groups andi Node Groups isiingie aa aaia 36 User Manageme nits iccicicccscie ecasetteneacccetnncsdcnvategecetsneceunvsneceattnecessnesia egies aansauedeaagaviesaasdenesiagendsanentte 38 Add User Groups and USEF S esiti i sctescccout eitides dese agi sieved ade staniaieadideaaereeldaaaadi 39 Chapter 5 Associations Categories and Elements 41 ADOUt ASSOCIATIONS arere n R 41 Associaton Terminology Sesars teo ol aveeedieaeeienniiens suse a aavetyd tdeawoa nent 41 Associations Defining Categories and Elements cccccccceeeeeeeeceeeeeseeeeeneeeeeeeeeaees 41 How to Greate Associations cicccicceygendases cesecessnuvebeades locas in a NEE aE 42 Adding Editing and Deleting Categories and Element ccccccceeeeeeeeeeeeeeeeeeeaeeeseeeeeeeeeaees 42 Adda Gategolyrurorin uoe a A E E T 42 Delete a Categorieen aA A EAEE E aaa Ra heh 43 Aad an Elemen seereis dicise eria E rE AEAEE EE AAEE EREE EE EEEE EE AEE 43 Adding Categories and Elements with CSV File Import cc cccceceeeeeeeeeeeeceeeeeeeeeeeeneeeeeeeeeaees 43 Categories and Elements CSV File Requirement cc ccccceeeseeeeeeeeceeeeeeeaeeeeeeeeeeeeees 44 Sample Categories and Elements CSV File cccccceeesceceeeeeseeeeeeeaeeeeeeeseaeeeeaaeseeaeeeeeeees 45 Import Categories and Elements iinitan a aia Raa ana 45 Export Categories and Elementsin aana aaa aaa
288. etween powerstrips devices and nodes 2 Add the managing device to CC SG The procedure varies for different Raritan devices See the section that corresponds to the device the powerstrip is connected to Configuring PowerStrips Connected to KX KX2 KX2 101 KSX2 and P2SC on page 95 Configuring PowerSirips Connected to SX 3 0 and KSX on page 96 Configuring PowerStrips Connected to SX 3 1 on page 98 3 Configure outlets See Configuring Outlets on a PowerStrip on page 99 4 Associate each outlet with the node that it powers See Interfaces for Managed Powerstrip Connections on page 130 Raritan Chapter 7 Managed Powerstrips Configuring PowerStrips Connected to KX KX2 KX2 101 KSX2 and P2SC CC SG automatically detects PowerSirips connected to KX KX2 KX2 101 KSX2 and P2SC devices You can perform the following tasks in CC SG to configure and manage PowerStrips connected to these devices e Add a PowerSirip Device Connected to a KX KX2 KX2 101 KSX2 or P2SC Device on page 95 e Move a KX KX2 KX2 101 KSX2 or P2SC s PowerSirip to a Different Port on page 95 e Delete a PowerStrip Connected to a KX KX2 KX2 101 KSX2 or P2SC Device on page 96 Add a PowerStrip Device Connected to a KX KX2 KX2 101 KSX2 or P2SC Device When you add a KX KX2 KX2 101 KSX2 or P2SC device that is connected to a PowerStrip to CC SG the PowerStrip is added automatically The PowerStrip will
289. evice Power Manager 90 Device Profile Screen 50 Device Settings 251 Device Setup 33 34 Devices CSV File Requirements 70 77 Devices Device Groups and Ports 47 Diagnostic Console 5 296 396 Diagnostic Console Account Configuration 323 Diagnostic Console Bootup Messages 392 Diagnostic Console Password Settings 303 318 321 Diagnostic Utilities 374 Disconnecting Users 91 Discover and Add Devices 35 Discovering Devices 53 54 Display Historical Data Trending Reports 302 326 Display NTP Status 333 Display RAID Status and Disk Utilization 327 328 376 Distinguished Names for LDAP and AD 188 Download Installation Files 17 18 DRAC 5 Connection Details 127 E E1 Environmental Requirements 347 E1 General Specifications 347 E1 Model 347 Edit a Blade Chassis Device 67 110 Edit a Device Group 76 Edit a Neighborhood 263 Edit a Node 110 118 Edit a Node Group 154 Edit a User 164 Edit a User Group 160 Edit an Interface 135 Edit Control Systems Virtual Hosts and Virtual Machines 118 120 Edit Diagnostic Console Configuration 306 Edit Network Interfaces Configuration Network Interfaces 307 Edit Static Routes 247 309 310 Editing a Device 56 57 Editing a Policy 177 Editing a Port 61 Editing a PowerStrip Device or a Dominion PX Device 57 Editing an AD Module 195 Editing IP Addresses w
290. evice groups Raritan Z Raritan Chapter 15 Advanced Administration Upgrade Device Firmware individual device or device group See Schedule a Device Firmware Upgrade on page 282 Generate all reports See Reports on page 208 Click the Recurrence tab The Recurrence tab is disabled for Upgrade Device Firmware tasks In the Period field click the radio button that corresponds to the period of time when the scheduled task will recur a Once Use the up and down arrows to select the Start time at which the task should begin b Periodic Use the up and down arrows to select the Start time at which the task should begin Type the number of times the task should be executed in the Repeat Count field Type the time that should elapse between repetitions in the Repeat Interval field Click the drop down menu and select the unit of time from the list To set the task to run at a selected interval forever or until you change or delete the task select the Ongoing until the task is changed or canceled checkbox The Repeat Count is disabled Set the Repeat Interval c Daily Click the Every day radio button if you want the task to repeat every day of the week Click the Every weekday radio button if you want the task to repeat each day from Monday through Friday d Weekly Use the up and down arrows to select how many weeks should elapse between task executions then select the checkbox next to each day on whic
291. ew name for the user group in the User Group Name field Optional 4 Type anew description for the user group in the Description field Optional 5 To set a maximum number of KVM sessions per user in this user group when accessing devices that have this feature enabled select the Limit Number of KVM Sessions per Device checkbox and select the number of sessions allowed in the Max KVM Sessions 1 8 field Optional See Limit the Number of KVM Sessions per User on page 162 for details 6 Click the Privileges tab i Raritan Raritan 10 11 12 13 Chapter 9 Users and User Groups Select the checkbox that corresponds to each privilege you want to assign to the user group Deselect a privilege to remove it from the group In the Node Access area click the drop down menu for each kind of interface you want this group to have access through and select Control Click the drop down menu for each kind of interface you do not want this group to have access through and select Deny Click the Policies tab Two tables of policies appear For each policy you want to add to the group select policy in the All Policies then click Add to move the policy to the Selected Policies list Policies in the Selected Policies list will allow or deny users access to the node or devices controlled by this policy For each policy you want to remove from the user group select the policy name in the Selected Policies li
292. ew passwords are valid for around 30 minutes During this period the user can log into CC SG with either password This occurs because AD caches the old password for 30 minutes before the new password is fully updated Enable or Disable Daily Synchronization of All AD Modules To set more frequent synchronization schedule a task to synchronize all AD modules See Schedule a Task on page 280 gt To enable daily synchronization of all AD modules 1 Choose Administration gt Security 2 Click the Authentication tab All configured Authorization and Authentication Servers appear in a table Select the Daily synchronization of All Modules checkbox In the Synchronization Time field click the up and down arrows to select the time at which you want CC SG to perform the daily synchronization of all AD modules 5 Click Update to save your changes 199 200 Chapter 12 Remote Authentication To disable daily synchronization of all AD modules Choose Administration gt Security Click the Authentication tab All configured Authorization and Authentication Servers appear in a table Deselect the Daily synchronization of All Modules checkbox Click Update to save your changes Change the Daily AD Synchronization Time When daily synchronization is enabled you can specify the time at which automatic synchronization occurs By default daily synchronization occurs at 23 30 gt 1 To change the daily AD synch
293. firmation review the settings carefully for errors and try again Click Next to proceed The Advanced tab opens AD Advanced Settings gt 1 2 192 To configure advanced AD settings Click the Advanced tab Type the port number on which the AD server is listening The default port is 389 If you are using secure connections for LDAP you may need to change this port The standard port for secure LDAP connections is 636 Select the Secure Connection for LDAP checkbox if you want to use a secure channel for the connection If checked CC SG uses LDAP over SSL to connect to AD This option may not be supported by your AD configuration Specify a Base DN directory level entry under which the authentication search query will be executed CC SG can do a recursive search downward from this Base DN Example Description dc raritan dc com The search query for the user entry will be made over the whole directory structure cn Administrators cn Users dc raritan dc The search query for com the user entry will be performed only in the Administrators sub directory entry Raritan Raritan Chapter 12 Remote Authentication Type a user s attributes in the Filter field so the search query will be restricted to only those entries that meet this criterion The default filter is objectclass user which means that only entries of the type user are searched Specify the way in which the search query will be per
294. for all tags is the command ADD Raritan Raritan Chapter 6 Devices Device Groups and Ports Column Tag or value Details number 2 DEVICE CATEGORYELEME Enter the tag as shown NT ss Tags are not case sensitive Device Name Required field Category Name Required field 5 Element Name Required field Sample Devices CSV File ADD DEVICE DOMINION KX2 Lab Test 192 168 50 123 ST Lab KVM username password ADD DEVICE PORT Lab Test KVM 1 Mail Server Mail Server DD DEVICE PORT Lab Test KVM 2 DNS Server DNS Server DD DEVICE PORT Lab Test KVM 3 DD DEVICE PORT Lab Test KVM 4 gt pp gt P DD DEVICE CATEGORYELEMENT Lab Test Location Rack17 Import Devices Once you ve created the CSV file validate it to check for errors then import it Duplicate records are skipped and are not added gt To import devices a4 Choose Administration gt Import gt Import Devices Click Browse and select the CSV file to import Click Open o N Click Validate The Analysis Report area shows the file contents If the file is not valid an error message appears Click OK and look at the Problems area of the page for a description of the problems with the file Click Save to File to save the problems list Correct your CSV file and then try to validate it again See Troubl
295. formed for the user entry Select the Use Bind checkbox if the user logging in from the applet has permissions to perform search queries in the AD server If a username pattern is specified in Bind username pattern the pattern will be merged with the username supplied in the applet and the merged username will be used to connect to the AD server Example If you specify cn 0 cn Users dc raritan dc com and TestUser has been supplied in the applet then CC SG uses cn TestUser cn Users dc raritan dc com to connect to the AD server Select the Use Bind After Search checkbox to use the username and password you specified in the General tab to connect to the AD server The entry is searched in the specified Base DN and is found if it meets the specified filtering criterion and if the attribute samAccountName is equal to the username entered in the applet Then a second connection is attempted using the username and password supplied in the applet This second bind assures that the user provided the correct password 7 Click Next to proceed The Groups tab opens AD Group Settings In the Groups tab you can specify the exact location from which you want to import AD user groups Important You must specify Group settings before you can import groups from AD 1 2 Click the Groups tab Specify a Base DN directory level entry under which the groups containing the user to be authorized will be searched Example D
296. ft blank CC SG will use the existing port name from the device If you enter a new name the name will be copied to the device with the exception of SX devices 7 Interface Name Enter the same value as entered for oe Raritan Column number 8 9 10 11 gt To add an RDP interface to the CSV file Column number in CSV file 1 o ON ODO OT fF O 11 12 13 Raritan Chapter 8 Nodes Node Groups and Interfaces Tag or value Baud Rate Parity Flow Control Description Tag or value ADD NODE RDP INTERFACE Node Name Interface Name IP Address or Hostname TCP Port Service Account Name Username Password User Type Keyboard Type Description RDP Type Details Raritan Port Name Valid for SX ports only Valid for SX ports only Valid for SX ports only Optional Details The first column for all tags is the command ADD Enter the tag as shown Tags are not case sensitive Required field Required field Required field Default is 3389 Optional Optional Optional REMOTE or CONSOLE Default is REMOTE US UK Arabic Danish German Spanish Finnish French Belgian Croatian Italian Japanese Lithuanian Latvian Macedonian Norwegian Polish Portuguese Brazilian Russian Slovenian Swedish or Turkish Default is US Optional Java Or Microsoft 141 Chapter 8 Nodes Node Groups and Interfa
297. g ADD DEVICE PORT record in the CSV file are configured TRUE Or FALSE Default is FALSE This setting is for SX and KX2 version 2 2 or later devices only Optional Raritan Raritan Chapter 6 Devices Device Groups and Ports gt To adda port to the CSV file Use the DEVICE PORT tag only if you add a device with Configure All Ports set to FALSE and you want to specify ports individually The ports you add must be un configured in CC SG when you import the CSV file Column Tag or value number 1 ADD 2 DEVICE PORT Device Name Port Type 5 Port or Outlet Number 6 Port or Outlet Name 7 Node Name gt To add a blade to the CSV file Column Tag or value number 1 ADD 2 DEVICE BLADE Device Name Port Number 5 Blade Number Details The first column for all tags is the command ADD Enter the tag as shown Tags are not case sensitive Required field Required field Enter the port type as shown here KVM SERIAL OUTLET or POWER Use OUTLET or POWER for configuring outlets on a PX device Required field Optional If left blank a default name or the name already assigned at the device level will be used For KVM and Serial ports enter a name for the node that is created when this port is configured Details The first column for all tags is the command ADD Enter the tag as shown Tags are not case sensitive R
298. g password requirements are Passwords must contain at least one lowercase letter Passwords must contain at least one uppercase letter Passwords must contain at least one number Passwords must contain at least one special character for example an exclamation point or ampersand Note You cannot make any changes to the CC Super User Group via CSV file import System Administrators Group The System Administrators group has full administrative and access privileges You cannot change the privileges You can add or delete members CC Users Group The CC Users group has in band and out of band nodes access You can change the privileges and add or delete members Important Many menu items cannot be selected unless the appropriate User Group or User is first selected is Raritan Chapter 9 Users and User Groups Adding Editing and Deleting User Groups Raritan Add a User Group Creating user groups first will help you organize users when the users are added When a user group is created a set of privileges is assigned to the user group Users assigned to the group will inherit those privileges For example if you create a group and assign it the User Management privilege all users assigned to the group will be able to see and execute the commands on the User Manager menu See User Group Privileges on page 357 Configuring user groups involves four basic steps e Name the group and gi
299. ged but power control through CC SG can be logged to audit logs Answer When you as administrator have many nodes assigned to you CC SG downloads all information for all nodes during the logging process which slows the process considerably It is recommended that administrator accounts be used primarily to manage CC SG configuration do not have access to many nodes Remote access to a serial console over TCP IP is about the same level of network activity as a telnet session However it is limited to the RS232 bandwidth of the console port itself plus SSL TCP IP overhead The Raritan Remote Client RRC controls remote access to a KVM console This application provides tunable bandwidth from LAN levels down to something suitable for a remote dial up user Raritan Grouping FAQs Question Grouping Is it possible to put a given server in more than one group What impact to other usage would be blocked through the active usage of the console port for example some UNIX variants not allowing admin over network interfaces How do you recommend handling the issue of CIMs being moved swapped at the physical level with changes to the logical database For example what happens if physically move a CIM with target server from one port to another either on the same device or a different device What happens to the port names What happens to the node What happens to the interfaces Raritan Appen
300. gt Port Sorting Options 2 Select By Port Name By Port Status or By Port Number to arrange the ports within their devices alphabetically by name or by availability status or numerically by port number Raritan 49 50 Chapter 6 Devices Device Groups and Ports Note For blade servers without an integrated KVM switch such as HP BladeSystem servers their parent device is the virtual blade chassis that CC SG creates not the KX2 device These servers will be sorted only within the virtual blade chassis device so they will not appear in order with the other KX2 ports unless you restore these blade servers ports to normal KX2 ports See Restore Blade Servers Ports to Normal KX2 Ports on page 68 Device Profile Screen When you select a device in the Devices tab the Device Profile screen appears displaying information about the selected device When a device is down the information in the Device Profile screen is read only You can delete a device that is down See Deleting a Device on page 59 Device Profile Dominion KX2 Please provide device properties to change Device Neme X2 416 Device IP or Hostname 192 169 60 41 Subnet Mask Heartbeat seconds o D 2 o TCP Port Default Gateway 192 168 60 126 42 Encryption Firmware Version Serial Humber SSURC4 128 10 2 9999 HKA7670003 Associations Location amp Contacts Notes rOe
301. gt to move all users to the Selected Users list Select the user in the Selected Users list and then click lt to remove the user Click lt lt to remove all users from the Users in group list 4 Click OK to copy mn Raritan Chapter 10 Policies for Access Control Policies are rules that define which nodes and devices users can access when they can access them and whether virtual media permissions are enabled where applicable The easiest way to create policies is to categorize your nodes and devices into node groups and device groups and then create policies that allow and deny access to the nodes and devices in each group After you create a policy you assign it to a user group See Assigning Policies To User Groups on page 179 CC SG includes a Full Access Policy If you want to give all users access to all nodes and devices at all times assign the Full Access Policy to all user groups If you completed Guided Setup a number of basic policies may already have been created See Configuring CC SG with Guided Setup on page 33 gt To control access using policies e Create Node Groups to organize the nodes you want to create access rules for See Add a Node Group on page 151 e Create Device Groups to organize the devices you want to create access rules for See Add a Device Group on page 72 e Create a policy for a node or device group specifying when access to that node or device group can occur S
302. gy for Virtual Infrastructure 112 Terminology Acronyms 2 54 56 202 205 206 244 247 262 264 277 289 307 338 The Devices Tab 48 The Users Tab 157 Thick Client Access 6 Tips for Adding a Web Browser Interface 134 146 Topology View 51 Troubleshoot Connections to Power IQ 338 339 400 Troubleshoot CSV File Problems 45 81 149 171 344 371 Troubleshooting 372 Two Factor Authentication 207 379 Two Factor Authentication Known Issues e 379 Two Factor Authentication Setup Requirements 379 Two Factor Authentication Using RADIUS e 207 Types of Custom Views 180 U Upgrade a Cluster 260 Upgrade Device Firmware Report 220 284 Upgrading a Cluster xvii 232 233 260 261 Upgrading a Device 56 82 241 Upgrading CC SG 29 229 232 Upload Firmware 241 Use SSH to Connect to a Node via a Serial Out of Band Interface 291 Use the Thick Client 7 Use Traceroute 309 User Accounts 188 User Experience FAQs 386 User Group Data Report 214 User Group Privileges 159 214 357 User Information 389 User Management 33 38 Users and User Groups 72 150 156 179 188 205 206 Users CSV File Requirements 167 Using Chat 138 Using Custom Views in the Admin Client 181 Using Reports 208 V V1 Environmental Requirements 346 V1 General Specifications 346 V1 Model 346 View by Category 180 View Log Fi
303. h the task should recur each week that it runs e Monthly Type the date on which the task should execute in the Days field and then select the checkbox next to each month in which the task should recur on the specified date f Yearly Click the drop down menu and select the month in which the task should execute from the list Use the up and down arrows to select the day in that month on which the task should execute For Daily Weekly Monthly and Yearly tasks you must add a start and end time for the task in the Range of recurrence section Use the up and down arrows to select the Start at time and Start date Click the radio button next to No end date if the task should recur as specified indefinitely or click the radio button next to End date and then use the up and down arrows to select the date at which the task should stop recurring Click the Retry tab 281 Chapter 15 Advanced Administration 282 10 Ti 12 13 If a task fails CC SG can retry the task at a later time as specified in the Retry tab Type the number of times CC SG should retry to execute the task in the Retry count field Type the time that should elapse between retries in the Retry Interval field Click the drop down menu and select the unit of time from the list Important If you are scheduling a task to upgrade SX or KX devices set the Retry Interval for more than 20 minutes because it takes approximately 20 minutes to successfull
304. hat Are Managed by Another Device in CC SG on page 94 2 Dominion PX powerstrips can be connected directly to the IP network and added to CC SG as a PX device If you have PX powerstrips connected directly to the IP network they do not need to be connected to another Raritan device 3 Multi vendor support of PDUs is available by configuration of a Raritan s Power IQ service interface See Power Control of Power IQ IT Devices on page 337 With all methods you must add Managed Powerstrip interfaces to nodes to create power associations between the outlets and the nodes they power See Interfaces for Managed Powerstrip Connections on page 130 gt Special Note about Dominion PX Regardless of which method you choose to configure a PX you should configure all power associations using a single method that is as a powerstrip of the managed device or as a PX device but not both If the Dominion PX is managed by Power IQ you can create a Power Control Managed Power Strip interface or a Power Control Power IQ Proxy interface for a node but not both In addition you can connect the PX to a managing device and configure power associations and also connect the same PX device to the IP network so that you can use the PX web client to view and collect power data See the Raritan Dominion PX User Guide located in the Support section of the Raritan website under Firmware and Documentation In This Chapter Configuring Powerst
305. have identical licensed node capacity at all times Cluster kit licenses automatically ensure this is the case since they are copied from the primary onto the backup When operating a cluster with standalone licenses this is enforced through a licensed node capacity check when you join the cluster The backup s host ID is checked when you join the cluster to ensure it is consistent with the contents of the license files If the host ID does not match the license the backup will be prevented from joining the cluster When initially creating a cluster using a cluster kit license the primary CC SG will remain in a limited mode of operation until the backup has joined the cluster successfully After the primary has entered the operational state the cluster may be temporarily deleted and then re built as required to support maintenance activity such as firmware upgrades The cluster must be recreated within the 30 day grace period A 30 day grace period is provided each time a cluster is temporarily deleted 261 262 Chapter 15 Advanced Administration Configuring a Neighborhood What is a Neighborhood A Neighborhood is a collection of up to 10 CC SG units After setting up the Neighborhood in the Admin Client users can access multiple CC SG units in the same Neighborhood with single sign on using the Access Client Before setting up or managing the Neighborhood configuration keep the Neighborhood criteria in mind e ACC SG
306. he Configure Ports screen 1 Inthe Devices tab click the next to the device that is connected to the PowerStrip Select the PowerStrip whose outlets you want to configure Choose Devices gt Port Manager gt Configure Ports 99 100 Chapter 7 Managed Powerstrips To configure multiple outlets with the default names shown in the screen select the checkbox for each outlet you want to configure and then click OK to configure each outlet with the default name To configure each outlet individually click the Configure button next to the outlet and then type a name for the outlet in the Port name field Click OK to configure the port To delete an outlet In the Devices tab click the next to the device that is connected to the PowerStrip Click the next to the PowerStrip Choose Devices gt Port Manager gt Delete Ports Select the checkbox for each outlet you want to delete and then click OK to delete the outlet Raritan Chapter 8 Nodes Node Groups and Interfaces This section covers how to view configure and edit nodes and their associated interfaces and how to create node groups Connecting to nodes is covered briefly See Raritan s CommandCenter Secure Gateway User Guide for details on connecting to nodes In This Chapter Nodes and Interfaces OVeErview ccceecceceeeceeeeteeseeceeeeeseaeeeeaaeeseneeees 101 VIGWING Noge Sucios pa cine dexs un eetiedn deexyuaeebad aiestee cis 1
307. he Host where you want to deploy the CommandCenter Secure Gateway A host that is part of a high availability cluster is recommended for failover protection Click Next If you selected a cluster select the specific host Click Next Choose the datastore where all files will be stored Make sure the datastore has 40GB free Click Next Choose the network your CC SG is being deployed on Click Next View the summary then click Finish Wait several minutes while the virtual machine is created Power on the virtual machine Open the Console tab to access the Diagnostic Console of CC SG Log in to Diagnostic Console to Set CC SG IP Address 1 2 Log in as admin raritan Usernames and passwords are case sensitive You will be prompted to change the local console password a Type the default password raritan again Raritan Z Raritan Chapter 3 Getting Started b Type and then confirm the new password The new password must be a strong password consisting of at least eight characters that are a combination of letters and numbers Press CTRL X when you see the Welcome screen Choose Operation gt Network Interfaces gt Network Interface Config The Administrator Console appears In the Configuration field select DHCP or Static If you select Static type a static IP address If needed specify DNS servers netmask and gateway address Select Save Wait a few minutes as CC SG restarts Default CC
308. he KX2 s web interface gt To edit a KVM or serial port name or access application Some ports support only one access application so you cannot change the access application preference 1 Click the Devices tab and select a port you want to edit 2 Type anew name for the port in the Port Name field if necessary Raritan i 62 Chapter 6 Devices Device Groups and Ports Deleting a Port O Ol e 0 Click the Access Application drop down menu and select the application you want to use when you connect to this port from the list To allow CC SG to automatically select the correct application based on your browser select Auto Detect Click OK to save your changes To edit a KSX2 or KSX serial port s settings such as baud rate flow control or parity data bits Click the Devices tab and select the serial port you want to edit or just select the device that contains the port you want to edit Choose Devices gt Device Manager gt Launch Admin The device s administrative page opens Click Port Configuration Click the serial port you want to edit Edit the port settings Click OK to save your changes Close the administrative page and return to CC SG To edit an SX serial port s settings such as baud rate flow control or parity data bits Click the Devices tab and select a port you want to edit The Port Profile page opens Edit the port settings Click OK to save your changes Delete a port
309. he Port Number for SSH Access to CC SG In Security Manager you can set the port number you want to use for SSH access to CC SG See SSH Access to CC SG on page 285 gt To set the port number for SSH access to CC SG 1 Choose Administration gt Security 2 Inthe Encryption tab type the port number for accessing CC SG via SSH in the SSH Server Port field 3 Click Update to save your changes Login Settings The Login Settings tab allows you to configure Strong Password Settings and Lockout Settings View login settings 1 Choose Administration gt Security 2 Click the Login Settings tab Raritan Z Raritan Chapter 15 Advanced Administration Require strong passwords for all users 1 Choose Administration gt Security Click the Login Settings tab Select the Strong Passwords Required for All Users checkbox e ON Select a Maximum Password Length Passwords must contain fewer than the maximum number of characters 5 Select a Password History Depth The number specifies how many previous passwords are kept in the history and cannot be reused For example if Password History Depth is set to 5 users cannot reuse any of their previous five passwords 6 Select a Password Expiration Frequency All passwords expire after a set number of days After a password expires users will be asked to choose a new password the next time they log in 7 Select Strong Password Requirements Passwords must co
310. he left panel Select the device group you want to delete The Device Group Details panel appears Choose Groups gt Delete The Delete Device Group panel appears Click Delete Click Yes in the confirmation message that appears Raritan Chapter 6 Devices Device Groups and Ports Adding Devices with CSV File Import Raritan You can add devices to CC SG by importing a CSV file that contains the values You must have the Device Port and Node Management and CC Setup and Control privileges to import and export devices You must be assigned a policy that gives you access to all relevant devices and nodes A full access policy for All Nodes and All Devices is recommended Note You cannot add P2SC devices with CSV file import Devices CSV File Requirements The devices CSV file defines the devices ports and their details required to add them to CC SG For devices that support power strips connected to a port SX KX KX2 KSX2 configuring the port will configure the power strip If device ports are configured CC SG also adds a node with out of band KVM or out of band Serial interface for each port To add blades the blade server must be connected to a KX2 device via a CIM The KX2 device must either already be added to CC SG or be included in the same CSV file Export a file from CC SG to view the Comments which include all tags and parameters needed to create a valid CSV file See Export Devices on
311. host field See Terminology Acronyms on page 2 for hostname rules Type a valid SMTP port number in the SMTP port field Type a valid account name that can be used to log in to the SMTP server in the Account name field Optional Check with your email server administrator if this account information is required Type the account name s password in the Password and Re enter Password fields Optional Check with your email server administrator if this account information is required 277 278 Chapter 15 Advanced Administration Task Manager 7 Type a valid email address that will identify messages from CC SG in the From field 8 Type the number of times emails should be re sent should the send process fail in the Sending retries field 9 Type the number of minutes from 1 60 that should elapse between sending retries in the Sending retry interval minutes field 10 Check Use SSL if you want emails to be sent securely using Secure Sockets Layer SSL 11 Click Test Configuration to send a test email to the SMTP account specified You should check to make sure that the email arrives 12 Click Update Configuration to save your changes Use Task Manager to schedule CC SG tasks on a daily weekly monthly or yearly basis A task can be scheduled to run only once or periodically on a specified day of the week and at a specified interval For example you could schedule device backups to occur every three weeks on Friday
312. ia web browser 443 for HTTPS access via web browser 8080 for CC SG server operations 2400 for Proxy mode connections 5001 for IPR DKSX DKX P2 SC event notification If there is firewall between two cluster nodes the following ports should be opened for cluster to be worked properly 8732 for cluster nodes heartbeat 5432 for cluster nodes DB replication Raritan provides two models for server scalability the data center model and the network model The data center model uses Paragon to scale to thousands of systems in a single data center This 381 Appendix FAQs Question Will CC SG auto detect and update the blade chassis configuration when move the blade chassis from one KX2 port to another KX2 port How to merge the blade server node and the virtual host node if they refer to the same server Authentication FAQs Question Authentication How many user accounts can be created for CC SG Can assign specific node access to a specific user If we had more than 1 000 users how would this be managed Do you support Active Directory What options are available 382 Answer is the most effective and cost efficient way to scale a single location It also supports the network model with IP Reach and the IP User Station UST IP The network model scales through use of the TCP IP network and aggregates access through CC SG so users don t have to know IP addresses or the topology of acc
313. icated from the Primary node to the Secondary node You must configure these settings in each CC SG before you create the cluster Access a CC SG Cluster Once a Cluster is created users can access the Primary node directly or if they point their browser to the Secondary node they will be redirected Redirection does not work for an already downloaded Admin Client applet as the web browser needs to be closed and a new session opened and pointed to the new Primary system SSH access to a CC SG must be to the specific Primary node Create a Cluster You should backup your configuration on both CC SG units before creating a cluster gt To create a cluster 1 Choose Administration gt Cluster Configuration 2 The CC SG you are currently accessing displays in the Primary Secure Gateway IP Address Hostname field indicating that it will become a Primary Node 3 Specify a Secondary or Backup Node in the Backup Secure Gateway IP Address Hotsname field Make sure the specified CC SG has the same firmware version and hardware type as the Primary Node Use one of these methods to specify it Click Discover Secure Gateways to scan and display all CC SG units on the same subnet as the one you are currently accessing Then click a CC SG unit in the Standalone state from the table of discovered CC SG units to select it You can specify a CC SG perhaps from a different subnet by typing an IP address or hostname in the Bac
314. icensing account information page opens Your license files will be available shortly 3 Check your email for another message from Raritan Licensing Portal from the email address licensing raritan com with the subject line Your Raritan Commandcenter SG Software License Key is Available i Raritan Raritan Chapter 3 Getting Started Raritan i Know more Manage smarter Thank You for Registering 7 15 2010 0035000000ZexEa Customer Name Customer Address This is an important email regarding your recent Raritan CommandCenter Sec purchase Your Software License Key may now be generated This License required to activate this Software Product i Dear Customer You can access that license key s as well as review the history of Raritan s products that you have purchased with their associated license keys at our v here http www raritan com licensing caer TT a 4 IN E E sa aint Click the link in the email to go to the Software License Key Login page on Raritan s website and login with the user account just created 5 Click the Product License tab The licenses you purchased display in a list You may have only 1 license or multiple licenses See Available Licenses on page 11 6 To get each license click Create next to the item in the list then enter the CommandCenter Secure Gateway Host ID You can copy and paste the Host ID from the License Management page See Find Your Host ID
315. if needed Some interface types do not require login credentials To use a Service Account select the Use Service Account Credentials checkbox then select the name of the service account or Enter a username and password for the interface type Maximum 64 characters each 15 Click OK CC SG creates One node for each virtual machine Each virtual machine node has a VMW Viewer interface a VMW Power interface and any other in band interfaces you specified Virtual machine nodes are named with their virtual machine names from the virtual host systems One node for each virtual host Each virtual host node has a VI Client interface Virtual host nodes are named with their IP addresses or host names Edit Control Systems Virtual Hosts and Virtual Machines You can edit the control systems virtual hosts and virtual machines configured in CC SG to change their properties You can delete virtual machine nodes from CC SG by deselecting the Configure checkbox for the virtual machine Note To change the node name for a virtual host or control system node edit the node See Edit a Node on page 110 The name change also displays in the Virtualization table gt To edit control systems virtual hosts and virtual machines 1 Choose Nodes gt Virtualization 2 Click the column header to sort the table by that attribute in ascending order Click the header again to sort the table in descending order Optional
316. ified in the User Profile The User Type field displays local or remote depending on the user s access method User Group Data Report The User Group Data report displays data on users and the groups with which they are associated gt To generate the User Group Data report 1 Choose Reports gt Users gt User Group Data 2 Double click the User Group to view the assigned policies Device Asset Report The Device Asset report displays data on devices currently managed by CC SG gt 214 To generate the Device Asset report Choose Reports gt Devices gt Device Asset Report The report is generated for all devices To filter the report data by device type Select a device type then click Apply The report is generated again with the selected filter applied Devices whose versions do not comply with the Compatibility Matrix will appear in red text in the Device Name field Raritan Device Group Data Report Chapter 13 Reports The Device Group Data report displays device group information gt To generate the Device Group Data report 1 Choose Reports gt Devices gt Device Group Data 2 Double click a row to display the list of devices in the group Query Port Report The Query Port Report displays all ports according to port status gt To generate the Query Port report 1 Choose Reports gt Ports gt Query Port 2 Inthe Port Status Availability section select the p
317. ilable list select the item you want to include in the custom view and then click Add to add the item to the list Repeat this step to add as many items as you want b Arrange the items in the Selected list in the order you would like each grouping to display in the Nodes tab Select an item and click the up and down arrow buttons to move the item into the desired sequence c If you must remove an item from the list select it and click Remove Click Save A message confirms that the custom view has been added To apply the new custom view click Set Current Apply a Custom View for Devices 3 or To apply a custom view to the devices list Choose Devices gt Change View gt Custom View The Custom View screen appears Click the Name drop down arrow and select a custom view from the list Click Set Current to apply the custom view Choose Devices gt Change View All defined custom views are options in the pop up menu Choose the custom view you want to apply Change a Custom View for Devices 1 Click the Devices tab Raritan Z Raritan Chapter 11 Custom Views for Devices and Nodes 2 Choose Devices gt Change View gt Create Custom View The Custom View screen appears 3 Click the Name drop down arrow and select a custom view from the list Details of the items included and their order appear in the Custom View Details panel gt To change a custom view s name 1 Inthe Custom View
318. in information about the node Node Profile Please provide node properties Node Name Sample Virtual Machine Node Description Interfaces Associations Location amp Contacts Notes Audit Virtual Machine Data Default Interface Test MinixP 2 103 Chapter 8 Nodes Node Groups and Interfaces gt Interfaces tab The Interfaces tab contains all the node s interfaces You can add edit and delete interfaces on this tab and select the default interface Nodes that support virtual media include an additional column that shows whether virtual media is enabled or disabled gt Associations tab The Associations tab contains all categories and elements assigned to the node You can change the associations by making different selections See Associations Categories and Elements on page 41 gt Location amp Contacts tab The Location amp Contacts tab contains information about a device s location and contact information such as phone numbers that you may need when working on a device You can change the information in the fields by typing in new information See Adding Location and Contacts to a Node Profile on page 111 gt Notes tab The Notes tab contains a tool that enables users to leave notes for about a device for other users to read All notes display in the tab with the date username and IP address of the user who added the note If you have the
319. ing Customers 10 11 29 Licensing Getting Started New and Existing Customers 10 Licensing Limited Operation Before License Install e 10 16 24 28 397 Index Licensing New Customers Physical Appliance 10 11 12 14 16 Licensing Rehosting 29 Licensing Virtual Appliance with License Server 10 11 17 Licensing FAQs xvii 30 387 Limit the Number of KVM Sessions per User 39 159 160 162 Linux Server 18 21 Location Information 390 Locked Out Users Report 213 Lockout settings 213 270 Log in to CC SG 23 Log in to Diagnostic Console to Set CC SG IP Address 22 Log Out of CC SG 235 Logging Users Out 173 Login Settings 268 Maintenance Mode 177 221 Manage the Neighborhood Configuration 264 Managed Powerstrips 47 54 56 93 94 Managing Device Firmware 241 Memory Diagnostic 374 Message of the Day 299 MIB Files 256 Microsoft RDP Connection Details e 128 Migrate a CC SG Database xvii 233 Migrating a CC SG Database xvii 233 Move a Blade Chassis Device to a Different Port 68 Move a KX KX2 KX2 101 KSX2 or P2SC s PowerStrip to a Different Port 95 Move an SX 3 1 s Powerstrip to a Different Port 98 99 N Naming Conventions 33 42 43 54 56 60 61 73 102 109 110 126 133 151 159 163 172 176 338 369 389 Navigate Administrator Console 305 Navigate Multiple Page Reports 209 Navigation Ke
320. ing for the CC SG to function Available statuses include Responding CC SG database is available Up Some of the database routines are running but it is not answering local requests Restoring CC SG is in the process of restoring itself and database queries are temporarily 299 Chapter 16 Diagnostic Console Information Web Status RAID Status Cluster Status Cluster Peer Network Information 300 Description suspended Down Database server has not started yet Most of the access to the CC SG server is through the Web This field shows the state of the Web server and available statuses include Responding Unsecured The Web server is up and answering http unsecured requests Responding Secured The Web server is up and answering https Secured requests Up Some of the Web server processes are running but local requests are not answered Down Web server is currently not available CC SG stores its data on two mirrored RAID 1 disks Available statuses for RAID disks include Active RAID is fully functional Degraded One or more disk drives are having problems Contact Raritan Technical Support for assistance CC SG can work in conjunction with another CC SG to form a cluster See Configuring CC SG Clusters on page 256 If the field displays standalone the CC SG is not in a cluster configuration Otherwise the field displays the state of the cluster If the CC SG is in a clus
321. interfaces if 192 168 32 58 PuTTY 2 Type connect i lt interface_id gt to connect to the node associated with the interface 3 Atthe prompt that appears you can enter specific commands or aliases Command Alias Description quit q Terminates connection and returns to SSH prompt 291 Chapter 15 Advanced Administration 292 Command Alias Description get write gw Gets Write Access Allows SSH user to execute commands at target server while browser user can only observe proceedings get history gh Gets History Displays the last few commands and results at target server send break sb Sends Break Breaks the loop in target server initiated by browser user help h Prints help screen End SSH Connections You can make SSH connections to CC SG only or you can make a connection to CC SG and then make a connection to a port device or node managed by CC SG There are different ways to end these connections depending on which part you want to end gt To exit the entire SSH connection to CC SG This command ends the entire SSH connection including any port device or node connections made through CC SG e Atthe prompt type the following command and press the Enter key exit gt To end a connection to a port device or node while remaining connected to CC SG You can use the escape character to end a connection to a port device or node while keeping your SSH connection to CC SG open
322. ion application to the node gt Use the following values to add a Web Browser Interface for a Dominion PX node URL lt DOMINION PX IP ADDRESS gt auth asp TCP Port 80 Username The Dominion PX administrator s username Password The Dominion PX administrator s password Username Field login Password Field password Raritan Z Raritan Chapter 8 Nodes Node Groups and Interfaces Results of Adding an Interface When you add an interface to a node it appears in the Interfaces table and the Default Interface drop down menu of the Add Node or Node Profile screen You can click the drop down menu to select the default interface to use when making a connection to the node After saving changes to the Add Node or Node Profile screen the name of the interface s also appears on the Nodes list nested under the node it provides access to When you add a Managed Power Strip interface that specifies a KX as the managing device the outlet you specify will be renamed with the associated node s name Edit an Interface gt To edit an interface 1 Click the Nodes tab and select the node with the interface you want to edit The Node Profile page opens In the Interfaces tab select the row of the interface you want to edit Click Edit Edit the fields as needed See Add an Interface on page 125 for field details Some fields are read only 5 Click OK to save your changes Delete an Interface You can
323. ions 240 Raritan Index Configuring Direct Port Access to a Node 137 Configuring Logging Activity e 248 280 Configuring Outlets on a Powerstrip 94 95 96 97 98 99 Configuring Ports 60 98 Configuring Ports on an Analog KVM Switch Device Connected to KX2 70 Configuring Power Control of Power IQ IT Devices 339 Configuring Power IQ Services 132 147 338 339 340 Configuring PowerStrips Connected to KX KX2 KX2 101 KSX2 and P2SC 94 95 Configuring PowerStrips Connected to SX 3 0 and KSX 94 96 Configuring Powerstrips Connected to SX 3 1 94 98 Configuring Powerstrips that are Managed by Another Device in CC SG 93 94 Configuring Slots on a Blade Chassis Device 51 63 64 65 Configuring SNMP 255 Configuring Synchronization of Power IQ and CC SG 337 338 340 341 342 Configuring the CC SG Network 190 242 Configuring the CC SG Server Time and Date e 249 Configuring the Virtual Infrastructure in CC SG 112 125 Confirming IP Address 30 Connecting to a Node 124 Connection Modes Direct and Proxy 250 355 Contact Information 390 Copy the License File to the License Server 21 Copying Device Configuration 87 280 Create a Cluster 16 232 257 Create a Neighborhood 262 Create an SSH Connection to a Serial Enabled Device 290 Create Categories and Elements 34 Creating Groups 33 36 CSV File Imports 368 Custom Views for
324. irectly to the LDAP server If the username and password match those in the LDAP directory the user is authenticated The user will then be authorized against the local user groups on the LDAP server Add an LDAP Netscape Module to CC SG Raritan gt To add an LDAP Netscape module to CC SG Choose Administration gt Security Click the Authentication tab Click Add to open the Add Module window Click the Module Type drop down menu and select LDAP from the list E ON Type a name for the LDAP server in the Module name field 6 Click Next to proceed The General tab opens 201 Chapter 12 Remote Authentication LDAP General Settings 1 Click the General tab 2 Type the IP address or hostname of the LDAP server in the IP Address Hostname field See Terminology Acronyms on page 2 for hostname rules Type the port value in the Port field The default port is 389 Select LDAP over SSL if using a secure LDAP server Select Anonymous Bind if your LDAP server allows anonymous queries You do not need to enter a user name and password with anonymous binding Note By default Windows 2003 does NOT allow anonymous queries Windows 2000 servers do allow certain anonymous operations whose query results are based on the permissions of each object 6 If you are not using anonymous binding type a username in the User name field Type a Distinguished Name DN to specify the credentials used to query
325. isting SNMP manager on the network CC SG also supports SNMP GET SET operations with third party Enterprise Management Solutions such as HP OpenView PortNumber Protocol Configurable Details 161 UDP yes SNMP standard Raritan Communication Direction CC SG to SNMP Manager Raritan Appendix B CC SG and Network Configuration PortNumber Protocol Configurable Details 162 UDP yes SNMP standard CC SG Internal Ports CC SG uses several ports for internal functions and its local firewall function blocks access to these ports However some external scanners may detect these as blocked or filtered External access to these ports is not required and can be further blocked The ports currently in use are e 1088 e 1098 e 2222 e 4444 e 4445 e 8009 e 8083 e 8093 In addition to these ports CC SG may use TCP and UDP ports in the 32xxx or higher range External access to these ports is not required and can be blocked CC SG Access via NAT enabled Firewall If the firewall is using NAT Network Address Translation along with PAT Port Address Translation then Proxy mode should be used for all connections that use this firewall The firewall must be configured for external connections to ports 80 non SSL or 443 SSL 8080 and 2400 to be forwarded to CC SG since the PC Client will initiate sessions on these ports Note It is not recommended to run non SSL traffic through a firewall Con
326. ith CSV File Import 149 Email Notifications for Tasks 279 Enable or Disable Daily Synchronization of All AD Modules 199 Enable or Disable Daily Synchronization of the Virtual Infrastructure 122 Enabling the AKC Download Server Certificate Validation 128 253 Raritan End SSH Connections 290 292 Ending CC SG Session 235 Entering Maintenance Mode 32 222 230 232 238 Error Log Report 211 Establishing Order of External AA Servers 190 Example Adding a Web Browser Interface to a PX Node 133 134 Exit CC SG 235 236 Exiting Maintenance Mode 222 231 Export Categories and Elements 44 46 Export Devices 77 82 Export Dominion PX Data to Use in Power IQ e 337 344 Export Nodes 132 139 147 149 Export Users 167 171 F FAQs 380 Filter by Device Group 180 Filter by Node Group 180 Find and View Tasks 279 Find Your Physical Appliance Host ID and Check Number of Nodes In Database 12 15 16 Finding Your CC SG Serial Number 294 Firefox Users of the Access Client Must Download JNLP File 124 Flow for Authentication 187 G General FAQs 380 Get Help for SSH Commands 286 Get Your License 12 18 19 Getting Started 10 Grouping FAQs 385 H Hide or Show Report Filters 210 How to Create Associations 42 IBM IMM Module Connection Details xvii 131 IBM LDAP Configuration Settings 204 Import Categories and Elements 45
327. k configuration is complete The Guided Setup interface leads you through the process of defining Associations discovering and adding devices to CC SG creating device groups and node groups creating user groups assigning policies and privileges to user groups and adding users Once you have completed Guided Setup you can always edit your configurations individually Guided Setup is divided into four tasks e Associations Define the categories and elements that you use to organize your equipment See Associations in Guided Setup on page 34 e Device Setup Discover devices in your network and add them to CC SG Configure device ports See Device Setup on page 34 e Create Groups Categorize the devices and nodes that CC SG manages into groups and create full access policies for each group See Creating Groups on page 36 e User Management Add users and user groups to CC SG and select the policies and privileges that govern user access within CC SG and to devices and nodes See User Management on page 38 See Naming Conventions on page 389 for details on CC SG s rules for name lengths In This Chapter Before You Use Guided Setup ccccececsceeeeeeeeeeeeeeneeeeeeeeseaeeeeeaeeeeneeeeaes 33 Associations in Guided Setup ccccceecececeeeeeceneeeeeeeceeeeeseaeeeseaeeeeneeeea 34 Device Setup cccccecccceeseeeseneeceeeeeeaeceeaeeceaeeeceaeeeeaaesseneeseaeeeseaeseeaaeseenees 34 Creating Group
328. ks in Task Manager See Task Manager on page 278 The time set on your client PC may be different than the time set on CC SG Raritan Chapter 3 Getting Started Only the CC Super User and users with similar privileges can configure Time and Date Changing the time zone is disabled in a cluster configuration gt To configure the CC SG server time and date 1 Choose Administration gt Configuration 2 Click the Time Date tab a To set the date and time manually Date click the drop down arrow to select the Month use the up and down arrows to select the Year and then click the Day in the calendar area Time use the up and down arrows to set the Hour Minutes and Seconds and then click the Time zone drop down arrow to select the time zone in which you are operating CC SG a To set the date and time via NTP Select the Enable Network Time Protocol checkbox at the bottom of the window and then type the IP addresses for the Primary NTP server and the Secondary NTP server in the corresponding fields Note Network Time Protocol NTP is the protocol used to synchronize the attached computer s date and time data witha referenced NTP server When CC SG is configured with NTP it can synchronize its clock time with the publicly available NTP reference server to maintain correct and consistent time 3 Click Update Configuration to apply the time and date changes to CC SG 4 Click Refresh to reload the new serv
329. kup Secure Gateway IP Address Hostname field Then click Check Backup to verify whether it has the same firmware version and hardware type as the Primary Node 4 Type a name for this cluster in the Cluster name field 257 Chapter 15 Advanced Administration 5 Type a valid user name and password for the Backup node in the Username for Backup Secure Gateway and Password for Backup Secure Gateway fields 6 Select the Redirect by Hostname checkbox to specify that secondary to primary redirection access should be via DNS Optional See Access a CC SG Cluster on page 257 If you re using hostnames instead of IP addresses the DNS server should contain reverse lookup records for the IP addresses of the CC SGs to ensure the hostnames can be resolved Click Create Cluster A message appears Click Yes Important Once you begin the cluster creation process do not perform any other functions in CC SG until the process has completed 9 Continue clicking OK for any onscreen messages The Backup node will restart and the process takes several minutes 10 When the cluster creation is complete a message appears indicating the Backup node is successfully joined Configure Cluster Settings You cannot change the time zone in a cluster configuration gt To configure cluster settings 1 Choose Administration gt Cluster Configuration 2 Inthe Configuration tab modify or configure the settings If necessary modify the c
330. l Entries for Importing on page 370 Export Dominion PX Data to Use in Power IQ You can export data about Dominion PX devices that are configured in CC SG to a CSV file The data exported to the file can be used as part of a CSV file to import data into Power IQ The information includes Dominion PX devices Outlet Names and IT Device Names Only Dominion PX devices that are connected to the IP network can be exported This excludes Dominion PX power strips that are deployed only as managed power strips but are not accessible on the IP network as devices Note Exported Power IQ data is only for import into Power IQ after editing the file as specified You cannot import the file into CC SG gt Step 1 Export a CSV file from CC SG 1 Click Administration gt Export gt Export Power IQ Data 2 Click Export to File Raritan Chapter 17 Power IQ Integration 3 Type a name for the file and choose the location where you want to save it 4 Click Save gt Step 2 Edit the CSV file and import into Power IQ The export file contains three sections Read the comments in the CSV file for instructions on how to use each section as part of a Power IQ multi tabbed CSV import file See the Power IQ User Guide and CSV Import Template in the Support section of Raritan com on the Firmware and Documentation page Z Raritan Appendix A V1 Model Raritan Specifications for V1 and E1 In This Chapter W
331. l Policies table lists all the policies available on CC SG Each policy represents a rule allowing or denying access to a group of nodes See Policies for Access Control on page 175 for details on policies and how they are created 9 Inthe All Policies list select a policy that you want to assign to the user group and then click Add to move the policy to the Selected Policies list Policies in the Selected Policies list allow or deny access to the nodes or devices controlled by the policy See Assigning Policies To User Groups on page 179 for details on how policies interact Repeat this step to add additional policies to the user group f you want to allow this group to access all available nodes select the Full Access Policy in the Add Policies list and then click Add If you want to remove a policy from the user group select the policy name in the Selected Policies list and then click Remove 10 When you are done configuring policies for this group click Apply to save this group and create another Repeat the steps in this section to add user groups Optional 11 Click OK to save your changes Edit a User Group Edit a User Group to change the existing privileges and policies for that group Note You cannot edit the Privileges or Policies of the CC Super User group gt To edit a user group 1 Click the Users tab 2 Click the user group in the Users tab The User Group Profile appears 3 Type an
332. l backups are available Custom Allows you to specify which components of the backup to restore to CC SG by checking them in the Restore Options area Select each of the following to include them in the restore 225 226 Chapter 14 System Maintenance 5 Resetting CC SG Restore Data CC SG configuration Device and Node configuration and User Data Selecting Data restores the Standard backup portion of a Full backup file See What is the difference between Full backup and Standard backup on page 224 Restore Logs Error logs and event reports stored on CC SG a Restore CC Firmware Stored firmware files used for updating the CC SG server itself Restore Firmware binaries Stored firmware files used for updating Raritan devices managed by CC SG Restore Applications Stored applications used by CC SG to connect users to nodes Restore Licenses Stored license files that allow access to CC SG functions and nodes See Available Licenses on page 11 Type the number of minutes from 0 60 that CC SG will wait before performing the restore operation in the Restore after min field This gives users time to complete their work and log out If specifying over 10 minutes the broadcast message displays to users immediately and then repeats at 10 and 5 minutes before the event occurs In the Broadcast Message field type a message to notify other CC SG users that a restore will occur Click Restor
333. l you how long each hop from router to router takes This can help identify routing problems or firewalls that may be blocking access to a site gt 1 2 To perform a traceroute on an IP address or hostname Choose Operation gt Network Interfaces gt Traceroute Enter the IP address or hostname of the target you wish to check in the Traceroute Target field Select Optional Option Description Verbose Verbose output which lists received ICMP packets other than TIME EXCEEDED and UNREACHABLEs 309 310 Chapter 16 Diagnostic Console Option Description No DNS Resolution Does not resolve addresses to host names Use ICMP vs normal Use ICMP ECHO instead of UDP UDP datagrams Type values for how many hops the traceroute command will use in outgoing probe packets default is 30 the UDP destination port to use in probes default is 33434 and the size for the traceroute packets If left blank defaults will be used Optional Click Traceroute in the bottom right hand corner of the window Press Ctrl C or Ctrl Q to terminate the traceroute session A Return prompt appears press Enter to return to the Traceroute menu The Return prompt also appears when Traceroute terminates due to destination reached or hop count exceeded events occur Edit Static Routes In Static Routes you can view the current IP routing table and modify add or delete routes Careful use and placement of static
334. lated are connected to the Secondary LAN Clients that don t need to be isolated may be connected to the Primary LAN See Configure a Combination of Direct Mode and Proxy Mode on page 251 Note Isolated clients on the Secondary LAN will use Proxy mode The clients on the Primary LAN may use Direct mode Set the connection mode to Both to configure this combination Raritan Z Raritan E o D Chapter 15 Advanced Administration Specify at most one Default Gateway in the Network Setup panel in CC SG Use Diagnostic Console to add more static routes if needed See Edit Static Routes on page 310 To configure IP Isolation mode in CC SG Choose Administration gt Configuration Click the Network Setup tab Select IP Isolation mode Type the CC SG hostname in the Host name field See Terminology Acronyms on page 2 for hostname rules When you click Update Configuration to save the configuration the Host name field will be updated to reflect the Fully Qualified Domain Name FQDN if a DNS and domain suffix have been configured Configure the Primary LAN in the left column and the Secondary LAN in the right column Click the Configuration drop down arrow and select either DHCP or Static DHCP f you choose DHCP the Primary DNS Secondary DNS Domain Suffix IP address Subnet mask and Default gateway fields will be automatically populated if your DHCP server is configured to provide this information on
335. layed information when you move between Disk Drive Status RAID Array Status and Potential Operations box using the Tab key or mouse clicks 3 You can select any buttons below the table in the Disk Drive Status section for displaying detailed SMART information Optional oa Raritan ti hay Raritan Chapter 16 Diagnostic Console 4 Selecting either Replace Disk Drive or Rebuild RAID Array and follow onscreen instructions until you finish the operation View Top Display with Diagnostic Console Top Display allows you to view the list of currently running processes and their attributes as well as overall system health gt To display the processes running on CC SG 1 Choose Operation gt Utilities gt Top Display 2 View the total running sleeping total number and processes that have stopped 3 Type h to view a help screen for the top command F1 for help is not operational here Display NTP Status You can display the status of the NTP time daemon if it is configured and running on CC SG The NTP Daemon can only be configured in the CC SG administrator s GUI the Admin Client gt To display status of the NTP daemon on the CC SG 1 Choose Operation gt Utilities gt NTP Status Display 333 NTP is not enabled or not configured properly File Operation CC SG Administrator Console NIP Status NTP Daemon does not appear to be running lt Refresh gt SH ACD7980052 Ver 4 1 0 5 2
336. lds a o aoc k Encryption Mode If Require AES Encryption between Client and Server is selected in the Administration gt Security gt Encryption screen AES 128 is the default If AES is not required DES 3 is the default Private Key Length 1024 is the default Validity Period days Maximum 4 numeric characters Country Code CSR tag is Country Name State or Province Maximum 64 characters Type in the whole state or province name Do not abbreviate City Locality CSR tag is Locality Name Maximum 64 characters Registered Company Name CSR tag is Organization Name Maximum 64 characters Division Department Name CSR tag is Organization Unit Name Maximum 64 characters Fully Qualified Domain Name CSR tag is Common Name Administrator Email Address Type in the email address of the administrator who is responsible for the certificate request Challenge Password Maximum 64 characters Click OK to generate the certificate The Certificate and Private Key appear encrypted in the corresponding fields of the Certificate screen 275 276 Chapter 15 Advanced Administration Access Control List An IP Access Control List specifies ranges of client IP addresses for which you want to deny or allow access to CC SG Each entry in the Access Control List becomes a rule that determines whether a user in a certain group with a certain IP address can access CC SG You can also set rules that apply t
337. les in Diagnostic Console 312 View login settings 268 View Report Details 209 View the Default Application Assignments e 241 View Top Display with Diagnostic Console 333 Viewing Devices 48 Viewing Nodes 102 Raritan Virtual Appliance Installation Requirements 17 Virtual Appliances with Remote Storage Servers 27 Virtual Nodes Overview 113 VNC Access to Nodes 356 vSphere 4 Users Must Install New Plug In 121 WwW Web Browser Interface 126 133 Web Services API 294 What is a Neighborhood 242 262 263 265 What is IP Failover mode 242 243 What is IP Isolation mode 242 246 What is the difference between Full backup and Standard backup 223 224 225 226 What s New in the CC SG Administrators Guide xvii Wildcard Examples 52 Wildcards for Search 52 Windows Server 19 21 Y Your User Profile e 172 Z Raritan Index 401 Raritan gt U S Canada Latin America Monday Friday 8 a m 6 p m ET Phone 800 724 8090 or 732 764 8886 For CommandCenter NOC Press 6 then Press 1 For CommandCenter Secure Gateway Press 6 then Press 2 Fax 732 764 8887 Email for CommandCenter NOC tech ccnoc raritan com Email for all other products tech raritan com gt China Beijing Monday Friday 9 a m 6 p m local time Phone 86 10 88091890 Shanghai Monday Friday 9 a m 6 p m local time Phone 86 21 5425 2499 G
338. license for first time CC SG V1 Appliance Host ID of the CC SG unit includes 256 Node License CC SG Virtual Appliance Host ID of the Windows or Linux license server includes 128 Node License Hostname or IP address of the Windows or Linux license server Cluster Kit 2 CC SG E1 Host IDs of each CC SG unit in the cluster Appliances includes 512 Node License Cluster Kit 2 CC SG E1 Host IDs of each CC SG unit in the cluster Appliances includes 1024 Node License Cluster Kit 2 CC SG V1 Host IDs of each CC SG unit in the cluster Appliances includes 256 Node License Licenses for additional nodes and Host ID of the CC SG unit value added services such as WS API Find Your Physical Appliance Host ID and Check Number of Nodes In Database The License Manager page contains information about your licenses including the number of licensed nodes currently in your database You can retrieve the physical appliance Host ID from the License Management page You will need to enter your CommandCenter Secure Gateway s Host ID when creating a license file on the Raritan Licensing portal See Licensing New Customers Physical Appliance on page 14 for details on getting your new license files If you have a virtual appliance see Get Your License on page 19 for details on retrieving your license server Host ID gt To view your Host ID and check number of nodes in database 1 Choose Administration gt License Management
339. lities for Managing License Server cccccceceeeeeeeeeeeeeeeeeeeeneeeeeeeees 25 install or Upgrade VMware Tools i2 c since aici tenia ante eed ladaecinac 27 Configure Backups and Snapshots of Virtual Appliance and Storage Servers 27 Virtual Appliances with Remote Storage Servelrs cccsccceecceseeeeeeeeeeeeeeseeeeeseaeeeeteeeeeeees 27 iii Contents Licensing Limited Operation Before License Install 0 ccccccecceeeeeeeeeeeeeeeeeceeeeeseaeeeeeaeeseeeeees 28 Licensing Existing CuStO MENS 2i ccidigath ened nied asennad idea a aR aai 29 Licensing RENOSUING soriire ideran Ena EAA EE EEEE AAEREN EEA SEERE 29 Add a LICGNSS neciirenir terein irit ireen EEr EEA EEEE EEEE EE EAE EAEE REEE EE 30 Confirming IP AGOteSS a sccctesscevescanncccuvss dedenecetceehein ceva veenaceebvanccduvaes ocautleacenessenneaieandedanarnoeesinie eee 30 Setting GG SG Serwer WG sakyanan daaa Na Naiara Ea 30 Checking the Compatibility Matrix sssiise augsne AA 31 Checking and Upgrading Application Versions cccccesseceeceeceeeeeeeaeeeeaaeseeeeeseaeeesaaeeeeneeseeneess 32 Chapter 4 Configuring CC SG with Guided Setup 33 Before You Use Guided Setup iiitiwi itis ii ara RIAD eid anid ieee 33 Associations in G ided SetuP rripa aa eine AGN waded ede 34 Create Categories and Elements inisiga iad 34 DEVICE Setup aoaaa NE aie de ed ees ce A a AR SE 34 Discover and Add Devices sercis iriiri hs nants tececie ded RENEA netesede
340. ll NOT notify users that it is being restarted gt To restart CC SG with Diagnostic Console 1 Choose Operation gt Admin gt CC SG Restart 2 Either click Restart CC SG Application or press Enter Confirm the restart in the next screen to proceed Reboot CC SG with Diagnostic Console This option will reboot the entire CC SG which simulates a power cycle Users will not receive a notification CC SG SSH and Diagnostic Console users including this session will be logged out Any connections to remote target servers will be terminated gt To reboot CC SG 1 Choose Operation gt Admin gt CC SG System Reboot di E Raritan Chapter 16 Diagnostic Console 2 Either click REBOOT System or press Enter to reboot CC SG Confirm the reboot in the next screen to proceed Power Off CC SG System from Diagnostic Console This option will power off the CC SG unit Logged in users will not receive a notification CC SG SSH and Diagnostic Console users including this session will be logged off Any connections to remote target servers will be terminated The only way to power the CC SG unit back on is to press the power button on the front panel of the unit gt To power off the CC SG 1 Choose Operation gt Admin gt CC SG System Power OFF 317 Chapter 16 Diagnostic Console 2 Either click Power OFF the CC SG or press Enter to remove AC power from the CC SG Confirm the power off operation in the
341. ll PowerEdge and IBM BladeCenter series If the Installed status for the corresponding blade server or slot is not enabled on the KX2 device CC SG always shows Down as the port status of the blade server When you are sure some blade slots are live with blade servers installed you should change their status on the KX2 device to make CC SG reflect the status properly gt To change the blade server status 1 Click the Devices tab and select the KX2 device whose blade slot status you want to change 2 Choose Devices gt Device Manager gt Launch Admin The KX2 Admin Client opens Choose Device Settings gt Port Configuration Click the blade chassis port that you want to configure Scroll down the page until you see the blade slots section Select the Installed checkbox next to the blade slots that are live with blade servers installed 6 Click OK to save the changes Deleting Slots on a Blade Chassis Device You can delete unused blade servers or slots so they do not appear in the Devices and Nodes tabs gt To delete a slot from the Delete Ports screen 1 Inthe Devices tab click the next to the KX2 device that is connected to the blade chassis device Select the blade chassis device whose slots you want to delete Choose Devices gt Port Manager gt Delete Ports Select the checkbox for each slot you want to delete and then click OK to delete the slot Raritan Raritan Chapter 6 Devices
342. ll users to view upon login You must have the CC Setup and Control privilege to configure the Message of the Day gt 1 2 To configure the Message of the Day Choose Administration gt Message of the Day Setup Select the Display Message of the Day for All Users checkbox if you want the message to be displayed to all users after they log in Optional Select the Message of the Day Content checkbox if you want to type a message in CC SG or select the Message of the Day File checkbox if you want to load the message from an existing file f you select Message of the Day Content Type a message in the dialog box provided Click the Font Name drop down menu and select a font for the message text 237 238 Chapter 15 Advanced Administration c Click the Font Size drop down menu and select a font size for the message text If you select Message of the Day File a Click Browse to browse for the message file b Select the file in the dialog window that opens then click Open c Click Preview to review the contents of the file 4 Click OK to save your changes Configuring Applications for Accessing Nodes About Applications for Accessing Nodes CC SG provides various applications that you can use to access nodes You can use the Application Manager to view applications add new applications delete applications and set the default application for each device type gt To view applications available i
343. long a CC SG session can remain inactive before the user is logged out of CC SG If a user has any connections to nodes open the session is considered active and the user will not be logged out when the inactivity timer expires gt To configure the inactivity timer 1 Choose Administration gt Security 2 Click the Login Settings tab 3 Type the desired time limit in the Inactivity Time field 4 Click Update to save your changes Portal Portal settings allow administrators to configure a logo and an access agreement to greet users when they access CC SG gt To configure the portal settings 1 Choose Administration gt Security 2 Open the Portal tab 271 Chapter 15 Advanced Administration Logo A small graphic file can be uploaded to CC SG to act as a banner on the login page The maximum size of the logo is 998 by 170 pixels gt To upload a logo 1 Click Browse in the Logo area of the Portal tab An Open dialog appears 2 Select the graphic file you want to use as your logo in the dialog and then click Open 3 Click Preview to preview the logo The selected graphic file appears to the right 4 Click Update to save your changes Restricted Service Agreement A message can be configured to appear at the left of the login fields on the login screen This is intended for use as a Restricted Service Agreement or a statement users agree to upon accessing the CC SG A user s acceptance of the Re
344. ls on creating a new task and completing the Main Recurrence Retry and Notification tabs Recurrence The recurrence intervals are limited to hours and days Retry CC SG will only retry the operation on devices that fail to pause or resume 2 Inthe Task Data tab select Pause Resume Device Management in the Task Operation field 3 Select Pause Management or Resume Management If you need to perform both tasks schedule a task for each and coordinate the timing between the 2 tasks 4 Inthe Interval seconds field select the number of seconds you want CC SG to delay after completing one operation before starting the next operation 5 Select the Skip Device if Restart Required checkbox if you want CC SG to skip the pause or resume operation for any devices selected that would require a restart 89 90 Chapter 6 Devices Device Groups and Ports 6 7 Select the devices to include in the task by selecting a device group from the Device Group drop down list Select the devices to include in the Available list then use the arrow buttons to move the devices to the Selected list Devices in the Selected list will be included in the pause or resume operation Any devices selected that would require a restart will be skipped when the task runs if you have selected the Skip Device if Restart Required checkbox Click OK Device Power Manager Use the Device Power Manager to view the status of a PowerStrip
345. lt Digest Advanced SHA Use Bind unchecked Use Bind After Search Checked 203 204 Chapter 12 Remote Authentication OpenLDAP eDirectory Configuration Settings If using an OpenLDAP server for remote authentication use this example Parameter Name IP Address Hostname User Name Password User Base User Filter Passwords Advanced screen Password Default Digest Advanced Use Bind Use Bind After Search Open LDAP Parameters lt Directory Server IP Address gt CN lt Valid user id gt O lt Organization gt lt Password gt O accounts O lt Organization gt objectclass person Base64 Crypt Unchecked Checked IBM LDAP Configuration Settings If using an IBM LDAP server for remote authentication use this example Parameter Name IP Address Hostname User Name Password User Base User Filter Passwords Advanced screen Password Default Digest Advanced User Attribute Group Membership Attribute Bind Username Pattern Use Bind Use Bind After Search IBM LDAP Parameters lt Directory Server IP Address gt CN lt Valid user id gt lt Password gt For example cn users DC raritan DC com DC us objectclass person Base64 None uid Leave blank For example cn 0 cn users DC raritan DC com DC us Unchecked Checked Raritan Chapter 12 Remote Authentication About TACACS and CC SG CC SG users who are remotely authenticated by a TACACS server must be creat
346. ltiple Page Reports sessesssssssssssssrrsssrrsssirnnsinnnstinnnntinnnatinnnntunnnnnnnnnnnnnnnnnnn 209 Prnt a TRG POU orria cate tte cei tetas tee REESEN AAEE EAA TIENEN sdk geek betta Sedoek tn ESEN RAEE 209 Save a Report to a File cecececececccceeeeceeeceeeeeeeceaeeeeaaeseeneeceaeeeeaaeseeaaeseeeeeseaeesesaeeseneeesaees 209 Purge a Report s Data From CCO SG oi eecccecccecceeeeeeeeeeeeeceeeeeeaeeeeaeeeeeeeeseeeesaeeseneeseneees 210 Hide or Show Report Filters 0 cccccscceesceeeeeeeeeeeeeeeeeceeeeeseaeeesaaeeeeeeeseeeeescaeeeseaeeseeeeeeaees 210 Raritan 3 Contents Audit Trail ROPO ieia aena ecg cceedechdedi AE EAE EEEE AAEE EEEE EE 210 Error LOG Repol enasini incinerare EEPE EAEE EEA EEEE EREA 211 ACCESS ROpON osrsscccceivstecctaresdcenadecd EEan EEEE AREE e EAE EEE ESEE EEEE REEE 212 Availability REPOmtsccieicscztecitesge iets ceeiidenzecdshanceeedciterentactceehide iocduacstecsdaagemuitateceehddansecdsiancemddagenny 212 Acie Usors Repossessions EEEE RETENE E ENN 213 Locked Out Users Report ives scsecveseccetecatevetenscteceastn dice venacceede cadet saved aE ad AE aaaea 213 Al Users Data REPON enssins corks yeas cusde s sexuaaet revives EAEE 213 User Group Data Repor jsiecs ccseevaraccedesn ccvetenscecnssin dee venacceedereddetina yteveunae EE E ai EE aaae 214 Device Assor PRODO ssni NE EEE ENAERE ESEESE 214 Device Group Data Report afatccetvesecustesnaceetcasceey wets dcatee aaa Aaea ARE EEEE 215 Query Port REPOM scccscs
347. luster name For Time Interval enter how often CC SG should check its connection with the other nodes Valid range is 5 20 seconds Note Setting a low Time Interval will increase the network traffic generated by heartbeat checks You may want to set higher intervals for clusters with nodes located far apart from each other For Failure Threshold enter the number of consecutive heartbeats that must pass without a response before a CC SG node is considered failed Valid range is 2 10 heartbeats 3 Click Update to save your changes Z Raritan Raritan Chapter 15 Advanced Administration Switch the Primary and Secondary Node Status You can exchange the roles of Primary and Secondary nodes when the Secondary or Backup node is in the Joined state When the Secondary node is in the Waiting state switching is disabled After the roles are switched the former Primary node is in the Waiting state To recover the cluster configuration join the Waiting node as the Backup See Recover a Cluster on page 259 gt To switch the Primary and Secondary nodes a Choose Administration gt Cluster Configuration In the Configuration tab click Switch Primary And Backup o N Join the new Secondary node as the Backup node See Recover a Cluster on page 259 Recover a Cluster When a cluster is broken because of a node failure or the failed Secondary node is in Waiting status you can rebuil
348. m should display nothing in this area to indicate there are no errors If any of the above items indicates that there are memory errors you can 374 Debug Mode Raritan Appendix G Diagnostic Utilities Capture the Memtest86 screen containing the memory errors and contact Raritan Technical Support for assistance Shut down CC SG and re install the memory DIMM modules to ensure the contact is good Then perform the Memtest86 diagnostic to verify if the memory issue is resolved gt 2 Terminate the Memtest86 diagnostic program 1 Press Esc 2 CC SG will reset and reboot Although enabling the debug mode is extremely helpful for troubleshooting it may impact the CC SG operation and performance Therefore you should enable the debug mode only when Raritan Technical Support instructs you to do so You must turn off the debug mode after finishing the troubleshooting gt 1 Turn on the debug mode 1 Using a supported Internet browser type this URL http s lt IP_address gt 8080 jmx console where lt IP_address gt is the IP address of the CC SG For example https 10 20 3 30 8080 jmx console Type admin in the Username field Type the Super User password in the Password field Scroll down until you see com raritan cc bl logger OW Ps GO IN Click this hyperlink service LoggerService A list of debug options appear on the screen 6 Change the value of the debug option that the Raritan T
349. ment Device Configuration and Upgrade Management Device Port and Node Management or Device Configuration and Upgrade Management Device Port and Node Management or Device Configuration and Upgrade Management Device Port and Node Management or Device Configuration and Upgrade Management Device Port and Node Management and Node Power Control Raritan Menu gt Menu Item Sub menu gt Launch Admin gt Launch User Station Admin gt Disconnect Users gt Topology View gt Create Custom View gt Change View gt Tree View gt Port Manager gt Connect gt Configure Ports gt Disconnect Port gt Delete Ports gt Port Power Manager gt Add Powerstrip gt Port Sorting Options gt By Port Name gt By Port Status Raritan Appendix C User Group Privileges Required Privilege Description Device Port and Node Management or Device Configuration and Upgrade Management Device Port and Node Management Device Port and Node Management or Device Configuration and Upgrade Management Device Port and Node Management Device Port and Node Management or Device Configuration and Upgrade Management Device Port and Node Management or Device Configuration and Upgrade Management Device Port and Node Management and Node Out of band Access Device Port and Node Management Device Port and Node Management Device Port and No
350. mentation is to aggregate IP Reach boxes with CC SG In the future Raritan plans to increase simultaneous access paths per box These plans have yet to complete development as other projects have taken priority but we welcome comments about the market demand and use cases of an 8 path solution Answer LDAP and TACACS are used for remote authentication only not authorization Answer Logging into CC SG through the CC SG console itself is the same as gaining the root privilege of the operating system Linux upon with CC SG is running Syslog will record this event but what the user types at the CC SG console itself will be lost Raritan Licensing FAQs Raritan Appendix FAQs If you must replace your installed licenses follow these rules Base licenses must be replaced first For example if replacing stand alone licenses CC E1 CCL 512 with cluster licenses CC 2XE1 512 and CCL base license CC E1 512 must be replaced before repl CCL 512 add on license Note that while the add on feature CCL 512 is the sar stand alone and cluster the license file would have on for the stand alone and two host IDs for the cluster lice add on licenses must also be replaced in this situation Replacing a base clears all add ons if they are of a different type If you replace a standalone base license with a cluster license or vice versa the add ons will be cleared auto and new ones with the correct host IDs would
351. mn click the Trust Direction drop down menu and then select the direction of trust you want to establish between the domains Trust directions are updated in all AD modules when you make changes to one AD module Incoming information will be trusted coming in from the domain Outgoing information will be trusted going to the selected domain Bidirectional information will be trusted in both directions from each domain Disabled information will not be exchanged between the domains Click Apply to save your changes and then click OK to save the AD module and exit the window The new AD module appears in the Security Manager screen under External AA Servers Select the Authentication checkbox if you want CC SG to use the AD module for authentication of users Select the Authorization checkbox if you want CC SG to use the AD module for authorization of users Click Update to save your changes Raritan Chapter 12 Remote Authentication Editing an AD Module Once you have configured AD modules you can edit them at any time gt To edit an AD module 1 Choose Administration gt Security 2 Click the Authentication tab All configured external Authorization and Authentication Servers appear in a table Select the AD module you want edit and then click Edit Click each tab in the Edit Module window to view the configured settings Make changes as needed See AD General Settings on page 191 AD Ad
352. mn 2 Column 3 Column 4 Column 5 CATEGORY Category Name Type Apply Values Values Integer Nodes String Devices Default is Both Stennis Default is Both gt To add an element to the CSV file Column 2 Column 3 Column 4 CATEGORYELEMENT Category Name Element Name Raritan Chapter 5 Associations Categories and Elements Sample Categories and Elements CSV File ADD CATEGORY OS String Node ADD CATEGORYELEMENT OS UNIX ADD CATEGORYELEMENT OS WINDOWS ADD CATEGORYELEMENT OS LINUX ADD CATEGORY Location String Device ADD CATEGORYELEMENT Location Aisle 1 ADD CATEGORYELEMENT Location Aisle 2 ADD CATEGORYELEMENT Location Aisle 3 Import Categories and Elements Once you ve created the CSV file validate it to check for errors then import it Duplicate records are skipped and are not added gt To import the CSV file 1 Choose Administration gt Import gt Import Categories Click Browse and select the CSV file to import Click Open Click Validate The Analysis Report area shows the file contents If the file is not valid an error message appears Click OK and look at the Problems area of the page for a description of the problems with the file Click Save to File to save the problems list Correct your CSV file and then try to validate it again See Troubleshoot CSV File Problems on page 371 Click Import Check the Actions area to see the import results Items that imported suc
353. n and contact information of the device in the Device Name field 4 Click gt to add a device to the Selected Devices list Select the device and click lt to remove it from the Selected Devices list 6 Inthe Associations tab select the Copy Associations checkbox to copy all categories and elements of the device You may change add or delete any data in this tab The modified data will be copied to multiple devices in the Selected Devices list as well as the current device displayed in the Device Name field Optional 7 Inthe Location and Contacts tab select the checkbox for the information you want to copy Select the Copy Location Information checkbox to copy the location information displayed in the Location section Select the Copy Contact Information checkbox to copy the contact information displayed in the Contacts section You may change add or delete any data in these tabs The modified data will be copied to multiple devices in the Selected Devices list as well as the current device displayed in the Device Name field Optional 8 Click OK to bulk copy A message appears when the selected information has been copied Raritan j Chapter 6 Devices Device Groups and Ports Configuring Analog KVM Switches Connected to KX2 2 3 or Higher KX2 version 2 3 enables you to connect a generic analog KVM switch to a target port The generic analog KVM switch and its ports will be available as nodes to CC S
354. n CC SG 1 Choose Administration gt Applications 2 Click the Application name drop down menu to view the list of applications available in CC SG Checking and Upgrading Application Versions Check and upgrade the CC SG applications including Raritan Console RC and Raritan Remote Client RRC gt To check an application version 1 Choose Administration gt Applications 2 Select an Application name from the list Note the number in the Version field Some applications do not automatically show a version number gt To upgrade an application If the application version is not current you must upgrade the application You can download the application upgrade file from the Raritan website For a complete list of supported application versions see the Compatibility Matrix on the Raritan Support website The best practice is to enter Maintenance Mode before upgrading applications See Entering Maintenance Mode on page 222 1 Save the application file to your client PC Raritan Raritan Chapter 15 Advanced Administration 2 Click the Application name drop down arrow and select the application that must be upgraded from the list If you do not see the application you must add it first See Add an Application on page 239 3 Click Browse locate and select the application upgrade file from the dialog that appears then click Open 4 The application name appears in the New Application File fiel
355. n Power IQ managing device lt Name gt at Log into Power IQ go to Settings gt lt IP gt make sure its Web API Web API then select Enable Web is enabled API and click Save Configuring Power Control of Power IQ IT Devices Once you configure the Power IQ service you can configure CC SG to add the nodes and interfaces you need 1 Add the IT device you want to control power to See Add a Node on page 109 2 Add a Power IQ Proxy power control interface to the node See Add an Interface on page 125 and Interfaces for Power IQ Proxy Power Control Connections on page 132 Raritan Chapter 17 Power IQ Integration Configuring Synchronization of Power IQ and CC SG CC SG will synchronize with Power IQ to add the IT Devices configured in Power IQ to CC SG as nodes When synchronizing CC SG will create a node with a PowerlQ Proxy interface for each new IT Device identified When CC SG detects a duplicated node the synchronization policy you choose determines whether the nodes are consolidated renamed or rejected You can synchronize manually at any time or set up a task run on a recurring basis as a task See Task Manager on page 278 You can also choose to get all IT Devices from Power IQ or set up a filter so that CC SG only synchronizes the IT Devices allowed by the filter gt Step 1 Add a connection to the Power IQ to be synchronized with CC SG e See Configuring Power IQ Services on page 3
356. n a tease aces ieee aeets 224 Delete a BACKUP Wile eirinn inn EEEE EERENS EEE 224 Restonng GG S Giese cacetean acts ENE EE NEEE EEEE A EEE 225 Resetting CC S Gis tccesss teeta tats anaE EA E A tn endl AE EE EEE 226 Restarting GG S Cigar aac eee ee eaten nce E EE A EE 229 Upgrading G Gta eeemennerer ener ennenen anA A EE EEEE crater EE EEA E EEEa 229 Clear the Browser s Cache cccccceceeeceeeeeeeeeeeecaeeeeaaeeeeeeeseeeesaaeeseaeeseeeeeseaeessiaeeseeeeesaees 231 Clear the Java Cache cccccccescececeeeeeeeeeesaeeeeeeecaeeeeaaeseneeceaeeseaaesgeaaeseaeeeseaeeeeaesseneeseaees 231 Upgrading a CUSTOM ci faces tegeci sce caeaeat bisteerat danni betas biaadeeecat he iva ta tates student adenan tae i anien 232 Primary Node Upgrade Failure ecccccccescccceceeecceeseeeceeeseeeceeeseeecaeeseeeceeesneeaseeseeeesenenes 233 Migrating a CC SG Database 00 ce eeccecceceeeeeeneeeeeeee see eeeaaeeeeaee scenes caeeesaaeeseeeeseeeeseaeeseeeeeeeeess 233 Requirements for Migration cccccescccceeseeceeeeeeeceeeseeeceeeseeecaeeseeceeeeecaeeseeecaeeseeeeaentes 233 Migrate a CC SG Database eececccccceceeceeeeeeseeeeeeeeceeeeesaeeesaaeeeeeeeseeeeeseaeeeseaeeeeeeeseaees 233 GG SG SAUTAOWN iieis ieaiaia niiina asia aiiai te aaa Aada aiaa inadi aiaia adinin 234 Restarting CC SG after ShutdoWn sssesseeseesiresirssirssirssirssirssrnsstnnstnsstnsstnnstnnstennnnnnnnn stnn nn nent 235 Powering Down CO SG ccccccesecceceeee
357. name in the Host name field See Terminology Acronyms on page 2 for hostname rules Include a top level domain for example com The top level domain must be 2 to 6 characters Click the Configuration drop down arrow and select either DHCP or Static DHCP f you choose DHCP the Primary DNS Secondary DNS Domain Suffix IP address Subnet mask and Default gateway fields will be automatically populated if your DHCP server is configured to provide this information once you save this network setup and restart CC SG With the information the DHCP server provides CC SG registers itself dynamically with the DNS server if it accepts dynamic updates See Recommended DHCP Configurations for CC SG on page 248 Static f you choose Static type Primary DNS Secondary DNS Domain Suffix IP address Subnet mask and Default gateway in the appropriate fields Raritan Chapter 15 Advanced Administration 6 Click the Adapter Speed drop down arrow and select a line speed from the list Make sure your selection agrees with your switch s adapter port setting If your switch uses 1 Gig line speed select Auto 7 If you selected Auto in the Adapter Speed field the Adapter Mode field is disabled with Full Duplex selected automatically If you specified an Adapter Speed other than Auto click the Adapter Mode drop down arrow and select a duplex mode from the list 8 Click Update Configuration to save your change
358. nd 1 Atthe shell prompt type the command you want help for followed by a space and h For example connect h 2 Information on the command parameters and usage appear in the screen gt To get help for all SSH commands 1 Atthe shell prompt type the following command help 2 A short description and example for each SSH command appears in the screen ii gt Raritan 5 Raritan Chapter 15 Advanced Administration SSH Commands and Parameters The following table lists all commands available in SSH You must be assigned the appropriate privileges in CC SG to access each command Some commands have additional parameters that you must type to execute the command For more information about how to type commands see Command Tips on page 289 gt To list active ports activeports gt To list active users activeusers gt To backup a device configuration backup device lt host lt host gt id lt device_id gt gt backup name description gt To clear the screen clear gt To establish a connection to a serial port If lt port_name gt or lt device_name gt contains spaces surround the name by quotes connect d lt device name gt e lt escape_ char gt lt i lt interface id gt n lt port_ name gt port _id gt gt To copy a device configuration from one device to another SX devices with same number of ports only copydevice lt b lt back
359. nd CC SG If you are adding a Dominion SX or Dominion KXII version 2 2 or later device select the Allow Direct Device Access checkbox if you want to allow local access to the device Deselect the Local access Allowed checkbox if you do not want to allow local access to the device 35 36 Chapter 4 Configuring CC SG with Guided Setup Creating Groups 14 20 21 If you are manually adding a PowerStrip device click the Number of ports drop down arrow and select the number of outlets the PowerStrip contains If you are adding an IPMI Server type an Interval used to check for availability and an Authentication Method which needs to match what has been configured on the IPMI Server in the corresponding fields If you want to configure all available ports on the device select the Configure all ports checkbox CC SG will add all ports on the device to CC SG and create a node for each port In the Device Associations section at the bottom of the panel click the drop down arrow in the Element column that corresponds to each Category you want to assign to the device and then select the element you want to associate with the device from the list Note A node or device that has more than one element of the same category assigned to it will appear more than once in a Custom View based on categories and elements If you want the Element to apply to the device and to the nodes connected to the device
360. nd Element items Three operators are available is equal to LIKE used for find the Element in a name and lt gt is not equal to Element Select a value for the Category attribute to be compared against Only elements associated with the selected category will appear here for example if evaluating a Department category Location elements will not appear here Rule Name This is a name assigned to the rule in this row It is not editable it is used for writing descriptions in the Short Expression field 4 To add another rule click the Add New Row icon E and then make the necessary configurations Configuring multiple rules will allow more precise descriptions by providing multiple criteria for evaluating devices 5 The table of rules only makes available criteria for evaluating nodes To write a description for the device group add the rules by Rule Name to the Short Expression field If the description requires only a single rule type that rule s name in the field If multiple rules are being evaluated type the rules into the field using a set of logical operators to describe the rules in relation to each other amp the AND operator A node must satisfy rules on both sides of this operator for the description or that section of a description to be evaluated as true the OR operator A device needs to satisfy only one rule on either side of this operator for the description or that section of a
361. nd SSH RSA VNC DRAC RSA ILO web or Telnet access depending on the node type A node can have multiple interfaces but only one out of band serial or KVM interface For example a Windows Server may have an out of band KVM interface for the keyboard mouse and monitor ports and a power interface to manage the outlet to which the server is connected Some interfaces only work in Direct mode even though you configure CC SG to use Proxy mode These interfaces include ILO RSA Microsoft RDP DRAC Web Browser and VMware Viewer Java RDP interfaces can be used in proxy mode See About Connection Modes on page 250 In CC SG you can view all nodes in the Nodes tab and select a node to view its specific Node Profile Nodes Tab When you click the Nodes tab all nodes to which you have access appear in a tree structure Nodes are displayed alphabetically by name or grouped by their availability status Nodes grouped by availability status are sorted alphabetically within their availability grouping To switch between sorting methods right click the tree click Node Sorting Options then click By Node Name or By Node Status See Custom Views for Devices and Nodes on page 180 for details on viewing the Nodes tab in different ways Raritan Z Raritan Chapter 8 Nodes Node Groups and Interfaces Node Profile Click a Node in the Nodes tab to open the Node Profile page The Node Profile page includes tabs that conta
362. nd date the reports show a gap in the data gt 1 Enable historical data trending display 1 Choose Operation gt Diagnostic Console Config 2 Inthe Ports list select Web 3 Inthe Status list select the Status checkbox next to Web 4 Click Save gt 2 View the historical data trending reports Using a supported Internet browser type this URL http s lt IP_address gt status where lt IP_address gt is the IP address of the CC SG Note the forward slash following status is mandatory For example https 10 20 3 30 status 2 Astatus page opens This page contains the same information as the Status Console See Status Console on page 297 a Click the Historical CC SG Monitors link to view information about CPU utilization memory utilization Java Heap space and network traffic Click each graph to view details in a new page oe Raritan ti ia Raritan Chapter 16 Diagnostic Console Display RAID Status and Disk Utilization This option displays the status of CC SG disks including disk size active and up status state of the RAID 1 and amount of space currently used by various file systems gt To display disk status of the CC SG 1 Choose Operation gt Utilities gt Disk RAID Utilities gt RAID Status Disk Utilization 2 Either click Refresh or press Enter to refresh the display Refreshing the display is especially useful when upgrading or installing and you want
363. ne account access is now available to register the software product s y purchased Your registration will generate a license key to activate your soft provide you with access to a web portal where you can review the history of have purchased and their associated license keys Please follow this link to confirm your company and contact information for t that will have access to license keys for your Raritan software http www raritan com CreateAccount ContactID 0035000000ZexEa Your e mail address will be used as your username to access the License Should you have any questions or need assistance please contact Raritan Service 800 724 8090 prompt 5 then 1 or your Sales Representative Poe aa tha ae mts cen gettin m8 OR we tnt 2 Click the link in the email to go to the Software License Key Login page on Raritan s website Create a user account and login The username is your email address The licensing account information page opens Your license files will be available shortly 19 20 Chapter 3 Getting Started 3 Check your email for another message from Raritan Licensing Portal from the email address licensing raritan com with the subject line Your Raritan Commandcenter SG Software License Key is Available Raritan j Know more Manage smarter Thank You for Registering 7 15 2010 0035000000ZexXEa 3 Customer Name f Customer Address Dear Customer This is an important email regarding your r
364. nections using the firewall must be configured to use Proxy mode See Connection Modes Direct and Proxy on page 250 CC SG will connect to the various targets on behalf of the PC Client requests However the CC SG will terminate the PC Client to Target TCP IP connection that comes through the firewall RDP Access to Nodes Port 3389 must be open for RDP access to nodes 355 Appendix B CC SG and Network Configuration VNC Access to Nodes Port 5800 or 5900 must be open for VNC access to nodes SSH Access to Nodes Port 22 must be open for SSH access to nodes Remote System Monitoring Port When the Remote System Monitoring feature is enabled port 19150 is opened by default See Configure Remote System Monitoring on page 325 ie Raritan Appendix C User Group Privileges Menu gt Sub menu Secure Gateway Users gt User Manager gt User Group Manager This table shows which privilege must be assigned for a user to have access to a CC SG menu item None means that no particular privilege is required Any user who has access to CC SG will be able to view and access these menus and commands Menu Item Required Privilege Description This menu is available for all users My Profile None Message of The _None Day Print None Print Screen None Logout None Exit None This menu and the User tree are available only for users with the User Management privilege gt Add User User
365. new primary node shutdown the CC SG application by choosing System Maintenance gt Shutdown When you shutdown the CC SG application the unit is still powered on and accessible through the Diagnostic Console See CC SG Shutdown on page 234 for details 3 Restart the former primary node that has been in Waiting status See Restart CC SG with Diagnostic Console on page 315 for details on restarting The restarted CC SG unit goes into Primary status again The backup node that you shutdown is recognized as Failed status 4 Delete the cluster by choosing Administration gt Cluster Configuration Click Delete Cluster 5 Enter Maintenance Mode and then upgrade the primary node See Entering Maintenance Mode on page 222 and Upgrading CC SG on page 229 6 Ifthe primary node upgrade succeeds perform a factory reset of the backup node by accessing the Diagnostic Console and choosing Operation gt Admin gt Factory Reset gt Full CC SG Database Reset option See Reset CC SG Factory Configuration on page 319 If the primary node upgrade fails see Primary Node Upgrade Failure on page 233 7 Upgrade the backup node that you reset See Upgrading CC SG on page 229 8 Recreate the cluster See Create a Cluster on page 257 The data from the primary node synchronizes with the backup node a Raritan Chapter 14 System Maintenance Primary Node Upgrade Failure If the upgrade of your primary node f
366. next screen to proceed Reset CC Super User Password with Diagnostic Console This option will reset the password for the CC Super User account to the factory default value Factory default password raritan Note This is not the password for the Diagnostic Console admin user See Diagnostic Console Password Settings on page 321 gt To reset the CC SG GUI admin password 1 Choose Operation gt Admin gt CC SG ADMIN Password Reset ai E Raritan 2 Either click Reset CC SG GUI Admin Password or press Enter to change the admin password back to factory default Confirm the password reset in the next screen to proceed File Operation CC SG Administrator Console CC SG ADMIN Password Reset CC SG Administrator Password Reset This operation will reset the password for the ADMIN account of the CC SG GUI to the initial Factory Default value Note This is HOT the admin password for Diagnostic Console See ADMIN gt DiagCon Passwords gt Account Configuration to change the Diagnostic Console admin password lt Reset CC SG GUI Admin Password gt See ita ae SN ACD7980052 Ver 4 1 0 5 2 Created Mon Dec 2008 12 01 19 31 52 EST 0500 Help lt Fl gt Exit lt ctl Q gt or lt ctl C gt Menus Top bar lt ctl X gt Reset CC SG Factory Configuration This option will reset all or parts of the CC SG system back to their factory default values All active CC SG users will be logged out without
367. nformation about the naming conventions used in CC SG Comply with the maximum character lengths when naming all the parts of your CC SG configuration In This Chapter User Information ccccceeeeeeeeeees Node Information ccccceeeeeeseees Location Information 0088 Contact Information ccccccceees Service ACCOUNS cccccseeeeeeeeeeees Device Information cccceeeeeeee Port Information ss sssakissiiessccsastieccivaate Associations s sicciscisdeiasdesicciaccivesaavaris Administration ccccccceeeseeseeeeeees Field in CC SG Username Full Name User Password not strong password User Password strong password User Email Address User Phone Number User Group Name User Group Description Field in CC SG Node Name Node Description Notes Number of characters CC SG allows 64 64 6 16 Configurable Minimum 8 Maximum 16 64 60 32 64 160 Number of characters CC SG allows 64 160 256 389 Appendix K Naming Conventions Field in CC SG Audit Information Location Information Field in CC SG Department Site Location Contact Information Service Accounts Device Information 390 Field in CC SG Primary Contact Name Telephone Number Cell Phone Secondary Contact Name Telephone Number Cell Phone Field in CC SG Service Account Name User Name Password Description Field in CC SG Devic
368. ng Select Enabled in the Remote Monitoring Service field Enter the IP address of the client PC you want to allow to monitor the CC SG unit in the Allowed Remote Monitoring IP Addresses field You can enter up to three IP addresses 4 The default port for the GKrellM tool is 19150 You can change the port 5 Select Submit gt 2 Download the remote system monitoring client software 1 Navigate to www gkrellm net 2 Download and install the package that is appropriate for your client PC 325 k Raritan Chapter 16 Diagnostic Console gt 3 Configure the remote system monitoring client to work with CC SG Follow the instructions in the Read Me file to set the CC SG unit as the target to monitor Windows users must use the command line to locate the Gkrellm installation directory and then run the commands specified in the Read Display Historical Data Trending Reports Historical data trending gathers information about CPU utilization memory utilization Java Heap space and network traffic This information is compiled into a report that you view as a web page from CC SG The report contains the status of the CC SG and links to historical data Historical data trending reports stop collecting data if the CC SG system time and date change to an earlier time and date Data collection starts again when the time and date reaches the original time and date When the time and date is changed to a later time a
369. nostic Console Config 2 Determine how you want the Diagnostic Console configured and accessible There are four Diagnostic Console Access mechanisms Serial Port COM1 KVM Console SSH IP network and Web The Diagnostic Console offers three services Status Display Admin Console Raritan Field Support This screen allows the selection of which services are available via the various access mechanisms If the Web option and Status option are enabled the Status Console web page is always available as long as the Web Server is up and functional To restrict the access to the Status Console web page type an account and a password 3 Type the port number you want to set for SSH access to Diagnostic Console in the Port field The default port is 23 Raritan ti ia Raritan Chapter 16 Diagnostic Console 4 Click Save Edit Network Interfaces Configuration Network Interfaces In Network Interface Configuration you can perform initial setup tasks such as setting the hostname and IP address of the CC SG 1 2 Choose Operation gt Network Interfaces gt Network Interface Config If the network interfaces have already been configured you will see a Warning message stating that you should use the CC SG Admin Client to configure the interfaces If you want to continue click YES Type your hostname in the Host Name field After you save this field will be updated to reflect the Fully Qualified Domain N
370. not change You must rename the node manually by editing the node This scenario assumes all ports involved were already configured If you physically move the target server and CIM to a different and unconfigured port you can then configure the port in CC SG and the node will be created automatically 385 Appendix FAQs Interoperability FAQs Question Interoperability How does CC SG integrate with Blade Chassis products To what level is CC SG able to integrate with third party KVM tools down to third party KVM port level or simply box level How would mitigate the restriction of four simultaneous paths through any IP Reach box including the roadmap for the potential 8 path box Authorization FAQs Question Authorization Can authorization be achieved via RADIUS TACACS LDAP User Experience FAQs Question User Experience Regarding console management via network port or local serial port such as COM2 What happens to the logging Does CC SG capture local management 386 Answer CC SG can support any device with a KVM or serial interface as a transparent pass through Third party KVM switch integration is typically done through keyboard macros when the third party KVM vendors do not publicize the communications protocols for the third party KVM switches Depending on the capability of the third party KVM switches the tightness of integration will vary Currently the best possible imple
371. notification and SNMP processing will stop File Operation CC SG Administrator Console Factory Reset Factory Reset will restore the system to initial Default Configuration This will log off all currently active CC SG GUI sessions to this system and may terminate any sessions to remote targets that they might have This could also impact cluster operations if so configured Users will get no notification that this event will happen Reset Options ES EFuLL CC SG Database Reset X Preserve CC SG Personality during Reset Network Reset X SNHP Reset X Firgware Reset X Install Firmware into CC 5G DB X Diagnostic Console Reset IP Access Control Lists Reset lt RESET System gt lt Cancel gt SH ACD 7980052 Ver 4 1 0 5 2 Created Mon Dec 2008 12 01 19 31 52 EST 05600 Help lt Fl gt Exit lt ctl Q gt or lt ctl C gt Menus Top bar lt ctl xX gt It is recommended to use the default options selected 319 Raritan Chapter 16 Diagnostic Console Option Full CC SG Database Reset Preserve CC SG Personality during Reset Network Reset SNMP Reset Firmware Reset Install Firmware into CC SG DB 320 Description This option removes the existing CC SG database and builds a new version with the factory default values Network settings SNMP settings firmware and diagnostic console settings are not part of the CC SG database IP ACL settings are reset with a Full Database r
372. ntain at least one lowercase letter Passwords must contain at least one uppercase letter Passwords must contain at least one number Passwords must contain at least one special character for example an exclamation point or ampersand 8 Click Update to save your changes About CC SG passwords All passwords must meet all criteria that the administrator configures After configuring strong password rules all future passwords must meet these criteria All existing users must change their passwords at their next logins if the new criteria are stronger than the previous criteria Strong password rules apply only to user profiles stored locally Password rules on an authentication server must be managed by the authentication server In addition any four contiguous characters in the user name and the password cannot match Strong password rules require users to observe strict guidelines when creating passwords which makes the passwords more difficult to guess and in theory more secure Strong passwords are not enabled in CC SG by default A strong password that includes all strong password parameters is always required for the CC Super User You can use the Message of the Day feature to provide advanced notice to users when the strong password rules will be changing and what the new criteria are 269 270 Chapter 15 Advanced Administration Lockout settings Administrators can lock out CC SG users and SSH users after
373. ntrol Systems Virtual Hosts and Virtual Machines on page 118 Delete a Virtual Infrastructure Follow these steps to delete a whole virtual infrastructure from CC SG including the control system virtual hosts and virtual machines gt To delete a virtual infrastructure 1 Delete all virtual machine nodes by deselecting the Configure checkbox for each virtual machine See Edit Control Systems Virtual Hosts and Virtual Machines on page 118 2 Delete the control system and virtual hosts See Delete Control Systems and Virtual Hosts on page 120 All components of the virtual infrastructure are deleted including control system nodes virtual host nodes and virtual machine nodes and their interfaces ba Raritan Synchronizing the Z Raritan Chapter 8 Nodes Node Groups and Interfaces vSphere 4 Users Must Install New Plug In When upgrading your virtual environment from a previous version to vSphere 4 you must remove the VMware Remote Console plug in from the browser After removing the plug in the correct plug in for vSphere4 will be installed the next time you connect to a Virtual Machine from CCSG gt To remove the old plug in from Internet Explorer 1 Choose Tools gt Manage Add Ons gt Enable or Disable Add Ons 2 Select Add Ons that have been used by Internet Explorer in the Show list Scroll down to the VMware Remote Console Plug in and select it The Delete Active X button sh
374. o associate remotely authenticated users with Active Directory modules click the Active Directory Associations tab when the AD configured Active Directory Associations tab is not hidden Select the checkbox that corresponds with each Active Directory module you want to associate with the user group To add another user group click Apply to save this group and repeat these steps Optional When you have finished adding user groups click OK The Add User panel opens You can also click User Management and then click Add User in the Guided Tasks tree view in the left panel to open the Add User panel In the Username field type the name that the user you want to add will use to log in to CC SG 39 40 Chapter 4 Configuring CC SG with Guided Setup 13 14 19 20 21 22 Select the Login Enabled checkbox if you want the user to be able to log in to CC SG Select the Remote Authentication checkbox only if you want the user to be authenticated by an outside server such as TACACS RADIUS LDAP or AD If you are using remote authentication a password is not required The New Password and Retype New Password fields will be disabled when Remote Authentication is checked In the New Password and Retype New Password fields type the password that the user will use to log in to CC SG Check the Force Password Change on Next Login if you want the user to be forced to change the assigned password the nex
375. o the Devices tab If you don t configure all outlets now you can configure them later See Configuring Outlets on a Powerstrip on page 99 Optional Raritan Raritan Chapter 7 Managed Powerstrips 10 For each Category listed click the Element drop down menu and select the element you want to apply to the device Select the blank item in the Element field for each Category you do not want to use See Associations Categories and Elements on page 41 Optional 11 When you are done configuring this PowerStrip click Apply to add this device and open a new blank Add Device screen that allows you to continue adding devices or click OK to add this Power Strip without continuing to a new Add Device screen Next Steps 1 Configure outlets See Configuring Outlets on a PowerStrip on page 99 2 Associate each outlet with the node that it powers See Interfaces for Managed Powerstrip Connections on page 130 Delete a PowerStrip Connected to an SX 3 0 or KSX Device You can visually delete a powerstrip connected to an SX 3 0 KSX or P2SC device even if the powerstrip is still physically connected If you physically disconnect a powerstrip from the SX 3 0 KSX or P2SC device with which it is associated the powerstrip still appears in the Devices tab beneath that device To remove it from display you must delete the powerstrip 1 Inthe Devices tab select the PowerStrip you want to delete 2 Choose Devices
376. o the whole CC SG system select System instead of a user group at an operating system level Once you create rules you can arrange them in the list to specify the order in which they are applied Rules at the top of the list take precedence over rules in lower positions in the list gt 1 2 To view the Access Control List Choose Administration gt Security Click the Access Control List tab To add a rule to the Access Control List Choose Administration gt Security Click the Access Control List tab Click the Add Row icon E to add a row to the table Specify a range of IP addresses to which you want to apply the rule by typing the starting IP value in the Starting IP field and the ending IP value in the Ending IP field Click the Group drop down arrow to select a user group to apply the rule to Selecting System will apply the rule to the whole CC SG system Click the Action drop down arrow and select Allow or Deny to specify whether the specified users in the IP range can access CC SG Click Update to save your changes To add a rule to the Access Control List that allows or denies access at an operating system level Choose Administration gt Security Click the Access Control List tab Click the Add Row icon E to add a row to the table Specify a range of IP addresses to which you want to apply the rule by typing the starting IP value in the Starting IP field and the ending IP value in the Ending IP fiel
377. of Direct mode and Proxy mode In Both mode Proxy mode is the default but you can configure CC SG to use Direct mode when connections are made using client IP addresses in specified ranges Note Some interfaces only work in Direct mode even though you configure CC SG to use Proxy mode These interfaces include ILO RSA Microsoft RDP DRAC Web Browser and VMware Viewer Java RDP interfaces can be used in proxy mode See About Interfaces on page 102 Raritan Device Settings Raritan Chapter 15 Advanced Administration Configure Direct Mode for All Client Connections e oO N To configure direct mode for all client connections Choose Administration gt Configuration Click the Connection Mode tab Select Direct mode Click Update Configuration Configure Proxy Mode for All Client Connections gt ON To configure proxy mode for all client connections Choose Administration gt Configuration Click the Connection Mode tab Select Proxy mode Click Update Configuration Configure a Combination of Direct Mode and Proxy Mode When you configure CC SG to use a combination of Direct mode and Proxy mode Proxy mode will be the default connection mode and Direct mode will be used for the client IP addresses you specify gt 1 Po N To configure a combination of direct mode and proxy mode Choose Administration gt Configuration Click the Connection Mode tab Select Both
378. ole Description every password must have at least one digit in it Diagnostic Console Account Configuration By default the status account does not require a password but you can configure it to require one Other aspects of the admin password can be configured and the Field Support accounts can be enabled or disabled gt To configure accounts 1 Choose Operation gt Admin gt DiagCon Passwords gt Account Configuration 2 Inthe screen that appears you can view the settings for each account Status Admin FS1 and FS2 This screen is split into three main areas The top displays read only information about the accounts on the system The middle section displays the various parameters related and pertinent to each ID along with a set of buttons to allow the parameters to be updated or new passwords provided for the accounts The lower area restores the password configuration to Factory Defaults or to how the system was initially shipped 3 If you want to require a password for the Status account select Enabled underneath it 4 For the Admin and Status accounts you can configure 323 Chapter 16 Diagnostic Console Seiting User User Name Last Changed Expire Mode Min Days Max Days Warning Max of Logins UPDATE New Password 324 Description Read only This is the current user name or ID for this account Read only This is the date of the last password
379. olicy123 Group B Group B is assigned Policy456 User belongs to both Group A and B This allows user access servers 1 23456 Then create Policy Deny 1 Denies access to server 1 Assign Policy Deny 1 to Group A User will only have access to 23456 If Policy Deny 1 is switched from Group A to Group B user has access 10123456 Raritan me Chapter 11 Custom Views for Devices and Nodes Custom Views enable you to specify different ways to display the nodes and devices in the left panel using Categories Node Groups and Device Groups In This Chapter Types of Custom ViIGWS caussas a 180 Using Custom Views in the Admin Client ssnssssnneeeennneenn anneer nenene nane 181 Types of Custom Views Raritan There are three types of custom views View by Category Filter by Node Group and Filter by Device Group View by Category All nodes and devices described by the categories you specify will appear in the nodes or devices lists when a View by Category custom view is applied Nodes or devices that do not have a category assigned will also display as unassociated Filter by Node Group Only the node groups you specify will appear in the nodes list when a Filter by Node Group custom view is applied The first level of organization is the node group name A node may appear several times in the list if the node belongs to more than one node group defined in the custom view Nodes that do not belong
380. om your web browser requires a Java plug in If your machine has an incorrect version CC SG will guide you through the installation steps If your machine does not have a Java plug in CC SG cannot automatically launch In this case you must uninstall or disable your old Java version and provide serial port connectivity to CC SG to ensure proper operation e lf CC SG does not load check your web browser settings In Internet Explorer ensure Java Sun is enabled Open Java plug in in the Control Panel and adjust the settings for your browser e f you have problems adding devices ensure the devices have the correct firmware versions e If the network interface cable is disconnected between the device and CC SG wait for the configured heartbeat minutes and then plug the network interface cable back in During the configured heartbeat period the device operates in standalone mode and can be accessed through RRC MPC or RC e f you receive an error message that states your client version is different from the server version and that behavior may be unpredictable you should clear the browser s cache and the Java cache and restart the browser See Clear the Browser s Cache on page 231 and Clear the Java Cache on page 231 e f you have problems accessing a KX2 port via the MPC interface when using Internet Explorer you should clear the browser s cache and then re access the port See Clear the Browser s Cache on page 231
381. on 113 Chapter 8 Nodes Node Groups and Interfaces To use a service account for authentication select the Use Service Account Credentials checkbox Select the service account to use in the Service Account Name menu or Enter a Username and Password for authentication Maximum 64 characters each 8 To allow users who access this control system to automatically log into the VI Client interface select the Enable Single Sign On For VI Client checkbox Optional 9 Click Next CC SG discovers the control system s virtual hosts and virtual machines Click the column header to sort the table by that attribute in ascending order Click the header again to sort the table in descending order Optional 10 Add virtual machines to CC SG One node will be created for each virtual machine Each associated virtual host will also be configured Only one virtual host node will be added even if the virtual host is associated with multiple virtual machines To add one virtual machine Select the Configure checkbox next to the virtual machine that you want to add To adda VNC RDP or SSH interface to the virtual host node and the virtual machine node select the checkboxes next to the virtual machine Optional To add all virtual machines Select the topmost checkbox in the Configure column to select all virtual machines To adda VNC RDP or SSH interface to all virtual host nodes and all virtual machine nod
382. on page 64 The blade servers in this type of blade chassis are not configured yet so you must configure the blade servers later See Configuring Slots on a Blade Chassis Device on page 65 Blade Chassis without an Integrated KVM Switch A blade chassis without an integrated KVM switch such as HP BladeSystem series allows each blade server to connect to KX2 respectively via a CIM As each blade server in that chassis has a CIM for access when a user accesses one blade server others still can access the other blade servers When configuring all KX2 ports in CC SG the blade servers connected to the KX2 device are configured If you have properly configured a blade port group for these blade servers on the KX2 device CC SG then creates a virtual blade chassis at the KX2 port level as the container for these blade servers See Add a Blade Chassis Device on page 64 Otherwise these blade servers appear as normal KX2 ports in the Devices tab of CC SG 63 Raritan 64 Chapter 6 Devices Device Groups and Ports Add a Blade Chassis Device The procedure to add a blade chassis device varies depending on the blade chassis type A blade chassis device always show two names in the Devices tab the name without the parentheses is retrieved from the KX2 device and the name within the parentheses is the chassis name saved on CC SG gt To add a blade chassis device with an integrated KVM switch 1 Configure the blade
383. on of CC SG See Advanced Administration on page 237 Select the Anonymous Bind checkbox if you want to connect to the AD server without specifying a username and password If you use this option ensure that the AD server allows anonymous queries Note By default Windows 2003 does NOT allow anonymous queries Windows 2000 servers do allow certain anonymous operation whose query results are based on the permissions of each object If you are not using anonymous binding type the username of the user account you want to use to query the AD server in the User name field The format required depends on your AD version and configuration Use one of the following formats A user named User Name with a login name UserN in the raritan com domain could be entered as cn UserName cn users dc Raritan dc com 191 Chapter 12 Remote Authentication UserName raritan com Raritan UserName Note The user specified must have permission to execute search re queries in the AD domain For example the user may belong to a group within AD that has Group scope set to Global and Group type set to Security Type the password for the user account you want to use to query the AD server in the Password and Confirm Password fields Maximum length is 32 characters Click Test Connection to test the connection to the AD server using the given parameters You should receive a confirmation of a successful connection If you do not see a con
384. on over the Web you must enable relevant options in Diagnostic Console and the Web Server must be up and functional gt 1 Enable the Web Status Console related options in Diagnostic Console 1 Choose Operation gt Diagnostic Console Config In the Ports list select Web In the Status list select the Status checkbox next to Web Click Save Poe ON 297 Chapter 16 Diagnostic Console gt 2 Access the Status Console via web browser 1 Using a supported Internet browser type this URL http s lt IP_address gt status where lt IP_address gt is the IP address of the CC SG Note the forward slash following status is mandatory For example https 10 20 3 30 status 2 A status page opens This page contains the same information as the Status Console Status Console Information Status Console via VGA Keyboard Mouse Port or SSH After typing status at the login prompt the read only Status Console appears This screen dynamically displays information about the health of the system and whether CC SG and its sub components are working Information on this screen updates approximately every five seconds The Status Console consists of 4 main areas e CC SG title date and time e Message of the Day e System server and network status e Navigation keys reminder lt Raritan Information Host Name CC SG Version CC SG Serial Model Host ID CC SG Status DB Status Raritan
385. onfigure button that corresponds to the serial port you want to configure Type a name in the Port Name field For ease of use name the port after the target that is connected to the port See Naming Conventions on page 389 for details on CC SG s rules for name lengths Type a node name in the Node Name field to create a new node with an Out of Band interface from this port For ease of use name the node after the target that is connected to the port This means that you will type the same name in the Port name and Node Name fields Click the Access Application drop down menu and select the application you want to use when you connect to this port from the list To allow CC SG to automatically select the correct application based on your browser select Auto Detect Click OK to add the port Configure a KVM Port To configure a KVM port Click the Devices tab and select a KVM device Choose Devices gt Port Manager gt Configure Ports Click a column header to sort the ports by that attribute in ascending order Click the header again to sort the ports in descending order Raritan Chapter 6 Devices Device Groups and Ports 3 Click the Configure button that corresponds to the KVM port you want to configure 4 Type a port name in the Port Name field For ease of use name the port after the target that is connected to the port See Naming Conventions on page 389 for details on CC SG s rules for name lengths
386. ontrol Device Port and Node Management or Device Configuration and Upgrade Management CC Setup and Control and User Security Management CC Setup and Control and User Management CC Setup and Control and Device Port and Node Management CC Setup and Control and Device Port and Node Management CC Setup and Control and Device Port and Node Management CC Setup and Control and User Security Management CC Setup and Control and User Management Raritan Menu gt Menu Item Sub menu Export Nodes Export Devices Export Power IQ Data System Maintenance Backup Restore Reset Restart Upgrade Shutdown gt Maintenance gt Enter Mode Maintenance Mode gt Exit Maintenance Mode View Window Help Raritan Appendix C User Group Privileges Required Privilege Description CC Setup and Control and Device Port and Node Management CC Setup and Control and Device Port and Node Management CC Setup and Control and Device Port and Node Management CC Setup and Control CC Setup and Control CC Setup and Control CC Setup and Control CC Setup and Control CC Setup and Control CC Setup and Control CC Setup and Control None None None 365 Appendix D SNMP Traps CC SG provides the following SNMP traps SNMP Trap ccUnavailable ccAvailable ccUserLogin ccUserLogout ccPortConnectionStarted ccPortConnectionStopped ccPortConnectionT erminated cclmage
387. or AES Encryption 267 Checking and Upgrading Application Versions e 32 238 Checking the Compatibility Matrix 31 Clear the Browser s Cache 230 231 372 Clear the Java Cache 231 239 372 Client Browser Requirements 4 Cluster Licenses xvii 232 261 Command Line Utilities for Managing License Server 25 Command Tips 287 289 Common CSV File Requirements 44 77 139 167 369 Configure a Combination of Direct Mode and Proxy Mode 246 251 Configure a KVM Port 60 68 Configure a Serial Port 60 Configure an External SMTP Server 277 Configure Backups and Snapshots of Virtual Appliance and Storage Servers 27 Configure Browser Connection Protocol HTTP or HTTPS SSL 268 Configure Cluster Settings 258 Configure Direct Mode for All Client Connections 251 Configure Proxy Mode for All Client Connections 251 Configure Remote System Monitoring 325 356 376 Configure the Inactivity Timer 271 Configuring a Blade Chassis Device Connected to KX2 63 Configuring a Message of the Day 237 Configuring a Neighborhood 262 Configuring Access Auditing for User Groups 104 162 164 Configuring Analog KVM Switches Connected to KX2 2 3 or Higher 70 Configuring Applications for Accessing Nodes e 238 Configuring CC SG Clusters 16 256 300 Configuring CC SG with Guided Setup 10 33 42 175 Configuring Custom JRE Settings 6 254 Configuring Default Applicat
388. ort for assistance The System Snapshot options are divided into two areas Snapshot Configuration shows a list of CC SG data that you can snapshot Snapshot Operations shows a list of operations that can be performed when activating the snapshot operation Usually it is not necessary to change default snapshot selections unless Raritan Technical Support requests otherwise When requested click with the mouse or use the arrow keys to navigate and press the Space bar to select the snapshot options that you want marking them with X Click or select Submit to proceed with the snapshot operation You will see a list of items scroll by quickly on the screen during the snapshot process It is typical if sometimes CC SG pauses for a while When the snapshot operation finishes CC SG displays the information for the snapshot including The location and filename of the CC SG snapshot file Size MD5 checksum The snapshot information is for reference only so there is no need to note it down Press Enter to return to the System Snapshot menu 335 Chapter 16 Diagnostic Console gt 1 2 Retrieve the CC SG snapshot file Using a supported Internet browser type this URL http s lt IP_address gt upload where lt IP_ address gt is the IP address of the CC SG Note the forward slash following upload is mandatory For example https 10 20 3 30 upload The Enter Network Password dialog appears Type
389. ort states you want to include in the report Selecting more than one checkbox will include ports with all selected states You must select at least one Availability option when a Status option is specified State Type Status Availability Unconfigured Raritan Port State All Up Down Idle Connected Busy Power on Power off New Unused Definition All ports Connection to port is not possible since the device is down and unavailable Port has been configured and connection to port is possible A user is connected to this port Port has a target server attached but the port has not been configured Port does not have a target server connected and the port has not 215 216 Chapter 13 Reports Node Asset Report State Type Port State Definition been configured 3 Select Ghosted Ports to include ports that are ghosted A ghosted port can occur when a CIM or target server is removed from a Paragon system or powered off manually or accidentally See Raritan s Paragon Il User Guide Optional 4 Select Paused Ports or Locked Ports to include ports that are paused or locked Paused ports occur when a CC SG management of a device is paused Locked ports occur when a device is being upgraded Optional 5 Select the number of rows of data to display in the report screen in the Entries to Display field Note This preference doesn t apply when generating the report as a task
390. ory click Apply to save this category and then repeat the steps in this section to add additional categories Optional 7 When you have finished creating categories and elements click OK The Association Summary panel displays a list of the categories and elements that you created 8 Click Continue to start the next task Device Setup Follow the steps in the next section Device Setup The second task of Guided Setup is Device Setup Device Setup allows you to search for and discover devices in your network and add those devices to CC SG When adding devices you may select one element per category to be associated with the device Important Ensure that no other users are logged on to the device during CC SG configuration a Raritan Raritan Chapter 4 Configuring CC SG with Guided Setup Discover and Add Devices The Discover Devices panel opens when you click Continue at the end of the Associations task You can also click Device Setup and then click Discover Devices in the Guided Tasks tree view in the left panel to open the Discover Devices panel gt 1 To discover and add devices in Guided Setup Type the IP address range in which you want to search for devices in the From address and To address fields Type the subnet mask in which you want to search for devices in the Mask field In the Device types list select the type of device you want to search for in the range specified Press and hol
391. ould become enabled Click to delete the old plug in f the Delete button is not enabled go to Control Panel gt Add Remove Programs and look for an older VI Client If VI client 2 5 is installed uninstall it After the uninstalling the VI client 2 5 the plug in will be removed gt To remove the old plug in from Firefox users 1 Choose Tools gt Add Ons 2 Click the Plug Ins tab 3 Select the old plug in then select it and click Disable gt To install the new plug in 1 After removing the old plug in login to CCSG and connect to a Virtual Machine 2 You will be prompted to install the plug in for vSphere 4 Virtual Infrastructure with CC SG Synchronization ensures that the CC SG has the most up to date information about your virtual infrastructure Synchronization updates information specific to each virtual machine node and virtual infrastructure topology information You can configure an automatic daily synchronization of all control systems and virtual hosts configured You can also perform a synchronization of selected control systems and virtual hosts at any time 121 Chapter 8 Nodes Node Groups and Interfaces Synchronize the Virtual Infrastructure You can perform a synchronization of CC SG with your virtual infrastructure When you select a control system for synchronization the associated virtual hosts will also be synchronized whether or not you select the virtual hosts gt 1
392. our changes The node will be added to the node list Important If you move a blade chassis from one Dominion device port to another Dominion device port interfaces that were added to the blade chassis node in CC SG will be lost in CC SG All other information will be retained Raritan 109 110 Chapter 8 Nodes Node Groups and Interfaces Nodes Created by Configuring Ports When you configure the ports of a device a node is created automatically for each port An interface is also created for each node When a node is automatically created it is given the same name as the port to which it is associated If this node name already exists an extension is added to the node name For example Channel1 1 The extension is the number in parentheses This extension is not included as part of the character count for the node name If you edit the node name the new name will be restricted to the maximum number of characters See Naming Conventions on page 389 Edit a Node You can edit a node to change its name description interfaces default interface or associations gt To edit anode 1 Click the Nodes tab and then select the node you want to edit The Node Profile appears 2 Edit the fields as needed 3 Click OK to save your changes Note 1 Changing the node name of a blade chassis does not change its chassis name To modify the chassis name edit it in the Device Profile screen See Edit a Bl
393. ovided via SSH to administer devices and CC SG itself The SSH client user is authenticated by the CC SG in which existing authentication and authorization policies are applied to the SSH client The commands available to the SSH client are determined by the permissions for the user groups to which the SSH client user belongs Administrators who use SSH to access CC SG cannot log a CC Super User SSH user out but are able to log all other SSH client users out including System Administrators gt To access CC SG via SSH 1 Launch an SSH client such as PuTTY Specify the IP address of the CC SG 2 3 Specify the SSH port number Default is 22 You can configure the port for SSH access in Security Manager See Security Manager on page 266 gt Open the connection Log in with your CC SG username and password A shell prompt appears Raritan Chapter 15 Advanced Administration gt To display all SSH commands e Atthe shell prompt type Is to display all commands available lt 192 168 32 58 PuTTY login as admin admin i92 32 58 S password Welcome to C G CommandCenter admin ls activeports entermaint grep listinterfaces listports logoff more pingdevice shutdownec ul upgradec CommandCenter admin Get Help for SSH Commands You can get limited help for all commands at once You can also get in depth help on a single command at a time gt To get help for a single SSH comma
394. ower Operations checkbox to enable the warning message Deselect the checkbox to disable the warning message Click Update Configuration to save your changes Raritan Z Raritan Chapter 15 Advanced Administration Enabling the AKC Download Server Certificate Validation If you are using the AKC client you can choose to use the Enable AKC Download Server Certificate Validation feature or opt not to use this feature Option 1 Do Not Enable AKC Download Server Certificate Validation default setting If you do not enable AKC Download Server Certificate Validation all Dominion device users and CC SG Bookmark and Access Client users must e Ensure the cookies from the IP address of the device that is being accessed are not currently being blocked e Windows Vista Windows 7 and Windows 2008 server users should ensure that the IP address of the device being accessed is included in their browser s Trusted Sites Zone and that Protected Mode is not on when accessing the device Option 2 Enable AKC Download Server Certificate Validation If you do enable AKC Download Server Certificate Validation e Administrators must upload a valid certificate to the device or generate a self signed certificate on the device The certificate must have a valid host designation e Each user must add the CA certificate or a copy of self signed certificate to the Trusted Root CA store in their browser gt To install the self signed ce
395. page 389 for details on CC SG s rules for name lengths 163 164 Chapter 9 Users and User Groups 12 13 If strong passwords are enabled the password entered must conform to the established rules The information bar at the top of the screen will display messages to assist with the password requirements See Advanced Administration on page 237 for details on strong passwords Select the Force Password Change on Next Login checkbox to force the user to change the assigned password the next time they log in Select the Force Password Change Periodically checkbox to specify how often the user will be forced to change their password If selected in the Expiration Period Days field type the number of days that the user will be able to use the same password before being forced to change it Inthe Email address field type the user s email address This will be used to send the user notifications In the Telephone Number field type the user s telephone number Click the User Groups drop down menu and select the group to which the user will be added Depending on the user group you select the Require User to Enter Information When Connecting to a Node checkbox may or may not be selected If selected then this user is required to enter information when accessing a node See Configuring Access Auditing for User Groups on page 162 When you are done configuring this user click Apply to add this user and
396. page 82 Follow the additional requirements for all CSV files See Common CSV File Requirements on page 369 To add a device to the CSV file Column Tag or value Details number 1 ADD The first column for all tags is the command ADD 2 DEVICE Enter the tag as shown Tags are not case sensitive 3 Device Type Required field Enter the device type as shown here KX KX2 KSX KSX2 KX101 KX2 101 IP Reach SX or PX 4 Device Name Required field Device names cannot contain 77 Chapter 6 Devices Device Groups and Ports Column number oN O O 10 11 12 Tag or value IP Address or Hostname Username Password Heartbeat TCP Port Configure All Ports Allow Direct Access Description Details spaces or certain special characters Dominion PX device names cannot include periods Upon import periods are converted to hyphens Required field Required field Required field Default is configured in the Admin Client in Administration gt Configuration gt Device Settings tab Default is configured in the Admin Client in Administration gt Configuration gt Device Settings tab TRUE Or FALSE Default is TRUE for Dominion PX devices Default is FALSE for all other device types When set to TRUE all ports are configured and nodes with the appropriate out of band interface are created When set to FALSE only ports that have a correspondin
397. pendix C User Group Privileges 357 Appendix D SNMP Traps 366 Appendix E CSV File Imports 368 Common CSV Fil REQUIFG MOMS jscesigseceece cus set adeai ene tac aa aaae tad eaaa aa aaa 369 Audit Trail Entries tor Mm POG aise ccctuveecevesd see css sedan naia sas hbedan cuts E REAR 370 Troubleshoot CSV File Problems siiccvesesctsesescatsedan ccatbeacdesavtantedsedah cadauted ccededactedartarteduesaheataudenceds 371 Appendix F Troubleshooting 372 Appendix G Diagnostic Utilities 374 Memo DIAQMOSTIC onise ata edt tee ca ve iaeee cadieces A R 374 DeHUG il ole eeteretecter rere tre rere E er cere peer crnceeerr ree ter er rererrrereer errr erererrrer tere er er errerrr ey 375 CC SGiDisk MONIKON MO ucsr inii asanaci caste eases ass aia aca aak ANNEE a aan ENN ORE ENEN EAN 376 Appendix H Two Factor Authentication 379 Supported Environments for Two Factor Authentication ccccccccceceeseeeeeessneeeeeceeeeeesseeeeee 379 Two Factor Authentication Setup Requirements ccccecececeeeeeceeeeeeeeeeeeeeeseeeeseaeeeeneeeeeeeeeaas 379 Two Factor Authentication Known ISSUES ccccceeeeeeeeeceeeeeeeeecaeaeceeeeesesecaaeaeeeeeeeeeseenanaeeeeees 379 Appendix FAQs 380 General FAQS iscissi n a aa a ts E E S aa aa 380 Authenticaton FAQS enssins aine Nan a AAEE E Taaa AAEE 382 Securty FAQS ni E aa Ea AEE EEE AEA NE A EE 383 ACCOUMUIMG FAO Susreo eE SE EENE E ASEE EEEE A EEEE 384 PO rtorimanCe FAQS ssrin a aA aa A EE AE A REEE 384 Grouping FA OS en
398. pically CC SG communicates with these devices over a TCP IP network local WAN or VPN and both TCP and UDP protocols are used as follows CC SG to Local Broadcast CC SG to Remote LAN IP CC SG to Raritan Device Raritan Device to CC SG CC SG to Dominion PX CC SG to Dominion KXII in Direct Mode Communication Direction CC SG to Local Broadcast CC SG to Remote LAN IP Raritan Port Number Protocol Configurable Details 5000 UDP yes heartbeat 5000 UDP yes heartbeat 5000 TCP yes RDM protocol RC4 AES 128 AES 2 56 encrypted 5001 UDP no heartbeat 623 UDP no 443 no 443 TCP no CC SG Clustering When the optional CC SG clustering feature is used the following ports must be available for the inter connecting sub networks If the optional clustering feature is not used none of these ports has to be open Each CC SG in the cluster may be on a separate LAN However the inter connection between the units should be very reliable and not prone to periods of congestion Several TCP IP connections are maintained and initiated by the Primary to the Backup in a CC SG cluster These connections may be idle for extended periods of time but they are necessary for the cluster to operate Ensure that all CC SG to CC SG cluster connections over VPN or firewalls do not time out or become blocked Timing out these connections will cause the cluster to fail Port Protocol Configurable Details Number 10000 UDP no he
399. port it Duplicate records are skipped and are not added 1 Choose Administration gt Import gt Import Users Click Browse and select the CSV file to import Click Open Click Validate The Analysis Report area shows the file contents If the file is not valid an error message appears Click OK and look at the Problems area of the page for a description of the problems with the file Click Save to File to save the problems list Correct your CSV file and then try to validate it again See Troubleshoot CSV File Problems on page 371 Click Import Check the Actions area to see the import results Items that imported successfully show in green text Items that failed import show in red text Items that failed import because a duplicate item already exists or was already imported also show in red text 6 To view more import results details check the Audit Trail report See Audit Trail Entries for Importing on page 370 Export Users The export file contains all users that have a user account created in CC SG This excludes AD authorized users unless they also have a user account created on CC SG The export file includes user and the details from the user profile user groups user group permissions and policies associated AD modules Passwords export as a blank field gt To export users 1 Choose Administration gt Export gt Export Users Click Export to File Type a name for the file and choose the location
400. port to CC SG Which version of Java will Raritan s CC SG be supporting An administrator added a new node to the CC SG database and assigned it to me How can see it in my Nodes tree How will the Windows desktop be supported in the future What are some design guidelines for large scale systems Any constraints or assumptions Raritan Appendix FAQs Answer access CC SG Yes Contact your authorized Raritan sales representative or Raritan Inc directly There is no specified limit to the number of nodes and or Dominion and or IP Reach units that can be connected but the number is not limitless the performance of the processor and the amount of memory on the hosting server will determine how many nodes can actually be connected Assuming the console serial device is a Dominion ensure that the following conditions are met The Dominion device is active The Dominion device has not reached the maximum number of configured user accounts See the Compatibility Matrix on the Raritan website in the Support section under Firmware and Documentation To update the tree and see the newly assigned node click the Refresh shortcut button on the toolbar Remember that refreshing CC SG will close all of your current console sessions Accessing CC SG from outside the firewall can be achieved by configuring the right ports on the firewall The following ports are standard ports 80 for HTTP access v
401. profile 1 Inthe Devices tab click the next to the KX2 device that is connected to the KVM switch device Select the KVM switch whose ports you want to configure In the Device Profile screen select the KVM Switch Ports tab Raritan Chapter 6 Devices Device Groups and Ports Select the checkbox for each slot you want to configure then click OK To configure slots from the Configure Ports screen In the Devices tab click the next to the KX2 device that is connected to the KVM switch device Select the KVM switch device whose ports you want to configure Choose Devices gt Port Manager gt Configure Ports Toconfigure multiple ports with the default names shown on the page select the checkbox for each port you want to configure and then click OK to configure each port with the default name To configure each port individually click the Configure button next to the port Then type a name for the port in the Port Name field and type a node name in the Node Name field The default Access Application is set according to the default application selected for KVM Switch KVM in the Application Manager To change it click the Access Application drop down menu to select the one you prefer from the list Click OK to configure the port To configure slots using the Configure Blades command In the Devices tab click the next to the KX2 device that is connected to the KVM switch device Select the KVM swit
402. pter Memory DiaGnOStC setscsess lt sieteevetacheextetiseedliiwexssctiatex dened dtuaed dtegeeeadiexs 374 DODUG MOU canir a iydercaniictuesyads saree eatin eee hen ccttks 375 CG SG Disk MOnitoring sssusa 376 Memory Diagnostic Raritan CC SG is implemented with the Memtest86 diagnostic program which can be invoked from the GRUB menu When any memory problems occur you can perform the Memtest86 diagnostic test for troubleshooting gt 1 Perform the Memtest86 diagnostic program 1 Reboot CC SG See Reboot CC SG with Diagnostic Console on page 316 2 When it shows the messages below press any character within 5 seconds to enter the GRUB menu such as the Esc or arrow key Press any key to enter the menu Booting CentOS x x x in x seconds 3 Highlight the Memtest86 vX X option where vX X is the current version using the up or down arrow keys and press Enter 4 CC SG loads and performs the Memtest86 diagnostic program Let the program run at least one complete pass that is when the Pass column shows 1 For extensive test leave the program running for multiple hours or even overnight 5 Verify these items to determine whether there are memory errors Memory The amount of total memory should match your CC SG type 512M for G1 2048M for V1 and 4096M for E1 Errors The column should show 0 Error display area The area is the bottom area right below the WallTime row The progra
403. py node associations location and contact information Click the Nodes tab and select a node Choose Nodes gt Bulk Copy In the Available Nodes list select the nodes to which you are copying the associations location and contact information of the node in the Node Name field Click gt to add a node to the Selected Nodes list Select the node and click lt to remove it from the Selected Nodes list In the Associations tab select the Copy Node Associations checkbox to copy all categories and elements of the node You may change add or delete any data in this tab The modified data will be copied to multiple nodes in the Selected Nodes list as well as the current node displayed in the Node Name field Optional In the Location and Contacts tab select the checkbox for the information you want to copy Select the Copy Location Information checkbox to copy the location information displayed in the Location section Select the Copy Contact Information checkbox to copy the contact information displayed in the Contacts section You may change add or delete any data in this tab The modified data will be copied to multiple nodes in the Selected Nodes list as well as the current node displayed in the Node Name field Optional Click OK to bulk copy A message appears when the selected information has been copied 137 Chapter 8 Nodes Node Groups and Interfaces Using Chat Chat provides a way for users connec
404. r if it was When the database is removed all devices nodes and users are removed All remote authentication and authorization servers are removed Your CC Super User account will be reset to default After the reset operation is complete you must login with the default username and password admin raritan This option can be selected only when you select Full CC SG Database Reset This option saves some previously configured options as the CC SG database is rebuilt Enforce Strong Passwords Direct vs Proxy Connections to Out of Band nodes Inactivity Timer setting This option changes the network settings back to factory defaults Host name CommandCenter Domain name localdomain Mode IP Failover Configuration Static IP Address 192 168 0 192 Netmask 255 255 255 0 Gateway none Primary DNS none Secondary DNS none Adapter Speed Auto This option resets the SNMP settings back to factory defaults Port 161 Read only Community public 227 Chapter 14 System Maintenance Option Default Firmware Upload Firmware to Database After Reset Diagnostic Console Description Read write Community private System Contact Name Location none SNMP Trap Configuration SNMP Trap Destinations This option resets all device firmware files to factory defaults This option does not change the CC SG database This option loads the firmware files for the current CC SG ve
405. r s date and time data with a referenced NTP server When CC SG is configured with NTP it can synchronize its clock time with the publicly available NTP reference server to maintain correct and consistent time 3 Click Update Configuration to apply the time and date changes to CC SG 4 Click Refresh to reload the new server time in the Current Time field Choose System Maintenance gt Restart to restart CC SG Connection Modes Direct and Proxy About Connection Modes CC SG offers three connection modes for in band and out of band connections Direct Proxy and Both e Direct mode allows you to connect to a node or port directly without passing data through CC SG Direct mode generally provides faster connections e Proxy mode allows you to connect to a node or port by passing all data through CC SG Proxy mode increases the load on your CC SG server which may cause slower connections However Proxy mode is recommended if you are more concerned about the security of the connection You need to keep the CC SG TCP ports 80 8080 443 and 2400 open in your firewall Note Beginning with CC SG 4 2 proxy mode supports encryption of KVM data when using Dominion KXII release 2 1 10 and higher In this configuration KVM data is encrypted according to the security setting in the KXII device Encryption is not supported with devices other than Dominion KXII 2 1 10 e Both mode allows you to configure CC SG to use a combination
406. ration Data to a KX2 KSX2 or KX2 101 Device 83 86 Restore Blade Servers Ports to Normal KX2 Ports 50 68 Z Raritan Index Restore Only Device Settings or User and User Group Data to a KX2 KSX2 or KX2 101 Device 85 Restoring CC SG 223 225 233 Restoring Device Configurations 84 280 Results of Adding an Interface 135 Resuming Management of a Device 89 280 Right Click Options in the Devices Tab 52 RSA Compatibility with JRE 130 RSA Interface Details e 130 S Sample Categories and Elements CSV File 45 Sample Devices CSV File 81 Sample Nodes CSV File 148 Sample Users CSV File 170 Save a Backup File 224 229 Save a Report to a File 209 218 Save Upload and Delete Device Backup Files 86 Saving and Deleting Backup Files 222 224 226 Schedule a Device Firmware Upgrade 280 281 282 284 Schedule a Task 88 89 197 199 233 234 280 284 341 Schedule a Task that is Similar to Another Task 284 Schedule Disk Tests 330 Schedule Sequential Tasks 279 Scheduled Reports 219 220 279 Scheduled Tasks and Maintenance Mode 221 Searching for Devices 52 Security FAQs 383 Security Manager 266 285 Select Nodes 151 Serial Admin Port 293 Service Accounts 106 390 Service Accounts Overview 106 Set the Default Application for an Interface or Port Type 241 Set the Port Number for SSH Access to CC SG 268 Se
407. rce Reboot the virtual host server gt Virtual Machine Data tab Virtual machine nodes such as VMware s Virtual Machines include the Virtual Machine Data tab The Virtual Machine Data tab contains information from the virtual machine that is refreshed when the tab opens You can access a topology view of the virtual infrastructure link to associated node profiles or connect to the virtual host and open the Summary tab gt Blades tab Blade chassis nodes such as IBM BladeCenter include the Blades tab The Blades tab contains information about the blade servers residing in the blade chassis Node and Interface Icons For easier identification nodes have different icons in the Nodes tree Hold the mouse pointer over an icon in the Nodes tree to view a tool tip containing information about the node Icon Meaning a Node available the node has at least one interface that is a up a Node unavailable the node does not have an interface that bl is up Raritan i Chapter 8 Nodes Node Groups and Interfaces Service Accounts Field Service Account Name Username Password Retype Password Description 106 Service Accounts Overview Service accounts are special login credentials that you can assign to multiple interfaces You can save time by assigning a service account to a set of interfaces that often require a password change You can update the login credentials in the service account and the
408. rchase a new add on license or need to replace your licenses When replacing licenses add the base license first Add on licenses associated with the previous base license will be deleted automatically if they are not valid with the new base license either because they are of a different type such as standalone or cluster or if the host IDs are different See Licensing FAQs on page 387 for complete rules for license replacement gt To add a license 1 Choose Administration gt License Management 2 Click Add License Read the license agreement and scroll down the whole text area then select the Agree checkbox Click Browse then select the license file Click Open Note If you are using a license server CC SG will contact the license server and display the full list of features found on the server 6 Select the features you want to activate then click Check Out Confirming IP Address 1 Choose Administration gt Configuration Click the Network Setup tab 3 Check that the network settings are correct and make changes if needed See About Network Setup on page 242 Optional 4 Click Update Configuration to submit your changes Click Restart Now to confirm your settings and restart CC SG Setting CC SG Server Time CC SG s time and date must be accurately maintained to provide credibility for its device management capabilities Important The Time Date configuration is used when scheduling tas
409. rder in which you want upgrades to proceed Specify whether failed upgrades should be retried Click the Retry tab Retry Count Type the number of times CC SG should retry a failed upgrade Retry Interval Enter the time that should elapse between retries Default times are 30 60 and 90 minutes These are the optimal retry intervals Specify email addresses that should receive notifications of success and failure By default the email address of the user currently logged in is available User email addresses are configured in the User Profile a Click the Notification tab b Click Add type the email address in the window that opens and then click OK c Select On Failure if you want an email sent if an upgrade fails d Select On Success if you want an email sent when all upgrades complete successfully Click OK to save your changes 283 284 Chapter 15 Advanced Administration When the task starts running you can open the Upgrade Device Firmware report any time during the scheduled time period to view the status of the upgrades See Upgrade Device Firmware Report on page 220 Change a Scheduled Task You can change a scheduled task before it runs gt 1 To change a scheduled task Select the task you want to change Click Edit Change the task specifications as needed See Schedule a Task on page 280 and Schedule a Device Firmware Upgrade on page 282 for tab descriptions Click
410. re files device firmware files application files and logs Application files include RRC MPC RC and VNC Saving and Deleting Backup Files Use the Restore CommandCenter screen to save and delete backups stored on CC SG Saving backups allows you to maintain a copy of the backup file on another PC You can create an archive of backup files Backup files saved to another location can be uploaded to other CC SG units and then restored to copy a configuration from one CC SG to another Deleting backups you do not need saves space on the CC SG Save a Backup File 1 Choose System Maintenance gt Restore Command Center 2 Inthe Available Backups table select the backup you want to save to your PC Click Save to File A Save dialog appears Type a name for the file and choose the location where you want to save it 5 Click Save to copy the backup file to the specified location Delete a Backup File 1 Inthe Available Backups table select the backup you want to delete 2 Click Delete A confirmation dialog appears Raritan Chapter 14 System Maintenance 3 Click OK to delete the backup from the CC SG system Restoring CC SG You can restore CC SG using a backup file that you created Important The Neighborhood configuration is included in the CC SG backup file so make sure you remember or note down its setting at the backup time This is helpful for determining whether the backup file is appropriate for
411. re not case sensitive Required field Required field Required field Default is 623 MD5 None OEM or PASSWORD Default is PASSWORD Enter the check interval in seconds Default is 550 Leave blank if specifying username and password Leave blank if specifying service account Leave blank if specifying service account Optional gt To add a managed powerstrip interface to the CSV file Column number 1 Tag or value ADD NODE POWER INTERFACE Node Name Interface Name Details The first column for all tags is the command ADD Enter the tag as shown Tags are not case sensitive Required field Required field 145 Chapter 8 Nodes Node Groups and Interfaces Column number Tag or value Powerstrip Name Outlet Managing Device Managing Port Description Details Required field Required field The name of the device that the power strip is connected to Required field for all power strips except Dominion PX The name of the port on the device that the power strip is connected to Required field for all power strips except Dominion PX Optional gt To adda Web Browser interface to the CSV file Column number 1 N O oO fF WwW 10 11 146 Tag or value ADD NODE WEB INTERFACE Node Name Interface Name URL TCP Port Service Account Name Username Password Username Field Password Fi
412. rectly enter a valid username and password to log into CC SG Security FAQs Question Security Sometimes when try to log in receive a message that states my login is incorrect even though am sure am entering the correct username and password Why is this How is a password secure Sometimes receive a No longer logged in message when I click any menu in CC SG after leaving my workstation idle for a period of time Why As Raritan has root access to server this may potentially cause issue with government bodies Can customers also have root access or can Raritan provide a method of auditability accountability Is SSL encryption internal as Raritan Appendix FAQs Answer authentication Remote authentication servers supported include AD TACACS RADIUS and LDAP Check the user account in AD If AD is set to Logon To specific computers on the domain it disallows you to log into CC SG In this case remove the Logon To restriction in AD Answer There is a session specific ID that is sent out each time you begin to log into CC SG This ID has a time out feature so if you do not log into the unit before the time out occurs the session ID becomes invalid Performing a Shift Reload refreshes the page from CC SG or you may close the current browser open a new browser and log in again This provides an additional security feature so that no one can recall information s
413. recycling the CC SG power gt 1 234 To shutdown CC SG Choose System Maintenance gt Shutdown Type your password in the Password field Accept the default message or type a message to display to any users currently online in the Broadcast message field for example you might give users a brief time period to finish their tasks in CC SG and tell them when they can expect the system to be functional again All users will be disconnected when you shut down CC SG Type the number of minutes from 0 720 that should pass before CC SG shuts down in the Shutdown after min field If specifying over 10 minutes the broadcast message displays to users immediately and then repeats at 10 and 5 minutes before the event occurs Click OK to shut down CC SG Raritan Chapter 14 System Maintenance Restarting CC SG after Shutdown After shutting down CC SG use one of these two methods to restart the unit Use the Diagnostic Console See Restart CC SG with Diagnostic Console on page 315 Recycle the power to your CC SG unit Powering Down CC SG If CC SG loses AC power while it is up and running it will remember the last power state Once AC power is restored CC SG automatically reboots However if CC SG loses AC power when it is powered off it will remain powered off when AC power is restored Important Do not hold the POWER button to forcibly power down CC SG The recommended way to power down CC SG is to use
414. remotely authenticated users on LDAP or AD servers requires entering usernames and searches in Distinguished Name format The full Distinguished Name format is described in RFC2253 http www rfc editor org rfc ric2253 txt To configure CC SG you must know how to enter Distinguished Names and the order in which each component of the name should be listed Specify a Distinguished Name for AD Distinguished Names for AD should follow this structure You do not have to specify both common name and organization unit e common name cn organizational unit ou domain component dc ie Raritan Chapter 12 Remote Authentication Specify a Distinguished Name for LDAP Distinguished Names for Netscape LDAP and eDirectory LDAP should follow this structure e userid uid organizational unit ou organization o Specify a Username for AD When authenticating CC SG users on an AD server by specifying cn administrator cn users dc xyz dc com in username if a CC SG user is associated with an imported AD group the user will be granted access with these credentials Note that you can specify more than one common name organizational unit and domain component Specify a Base DN You also enter a Distinguished Name to specify where the search for users begins Enter a Distinguished Name in the Base DN field to specify an AD container in which the users can be found For example entering ou DCAdmins ou T dc xyz dc com
415. rent Message Type depending on the type of import you performed e User imports are logged under User maintenance e Device imports are logged under Device node port e Node imports are logged under Device node port e Category imports are logged under Configuration e Power Strip imports are logged under Device Node Port Use the filter by date and time fields in the Audit Report page to find all entries that pertain to the import Several entries may be logged in the Audit Trail for each record imported Raritan Appendix E CSV File Imports Troubleshoot CSV File Problems Raritan gt To troubleshoot CSV file validation Error messages appear in the Problems area of the Import page The error messages identify problems that are found in the CSV file during validation You can save the list of errors to a CSV file Each error includes the line number where the error occurs in the CSV file See the comments at the top of an export file to help you correct errors When the file has been corrected validate the file again gt To troubleshoot CSV file import Warning and error messages appear in the Problems areas of the Import page to alert you issues found during import If you see an error the information in that line of your file was not imported Duplicate entries are not imported and do not appear in the Audit Trail 371 Appendix F Z Raritan Troubleshooting e Launching CC SG fr
416. rips that are Managed by Another Device in CC SG94 Configuring PowerStrips Connected to KX KX2 KX2 101 KSX2 and PS Ges a fh scores cenet sk E A niee E 95 Configuring PowerStrips Connected to SX 3 0 and KSX ceeeeeeeees 96 Configuring Powerstrips Connected to SX 3 1 eeeeececeesteeeeeesteeeeeeeaes 98 Configuring Outlets on a POWEISHIiIP c cceeeeeeeeeeeeee sete eeseaeeeeneeeeeeeeees 99 93 Chapter 7 Managed Powerstrips Configuring Powerstrips that are Managed by Another Device in CC SG In CC SG managed powerstrips can be connected to one of the following devices e Dominion KX e Dominion KX2 e Dominion KX2 101 e Dominion SX 3 0 e Dominion SX 3 1 e Dominion KSX e Dominion KSX2 e Paragon II Paragon II System Controller P2SC e Power IQ See Power Control of Power IQ IT Devices on page 337 You must know which Raritan device the managed powerstrip is connected to physically Note You can also have a Dominion PX powerstrip that is connected to your IP network but not connected to any other Raritan device See Managed PowerSirips on page 93 for details on configuring power control for these powerstrips gt To configure managed powerstrips in CC SG 1 Complete all physical connections between the device the powerstrip and the nodes that are powered by the powerstrip See the RPC Quick Setup Guide Dominion PX Quick Setup Guide and CC SG Deployment Guide for details on physical connections b
417. ritan Add an Interface Note Interfaces for virtual nodes such as control system virtual hosts and virtual machines can only be added using the Virtualization tools under Nodes gt Virtualization See Configuring the Virtual gt 1 Infrastructure in CC SG on page 112 To add an interface For an existing node click the Nodes tab and then select the node to which you want to add an interface In the Node Profile screen that appears click Add in the Interfaces section If you are adding a new node click Add in the Interfaces section of the Add Node screen The Add Interface Window opens Click the Interface Type drop down menu and select the type of connection being made to the node In Band Connections n Band DRAC KVM Select this item to create a KVM connection to a Dell DRAC server through the DRAC interface You will be required to configure a DRAC Power interface as well n Band iLO Processor KVM Select this item to create a KVM connection to an HP server through an iLO or RILOE interface In Band RDP Select this item to create a KVM connection to a node using either Java or Microsoft Remote Desktop Protocol n Band RSA KVM Select this item to create a KVM connection to an IBM RSA server through its RSA interface You will be required to configure an RSA Power interface as well a n Band SSH Select this item to create an SSH connection to a node n Band VNC
418. ritan ca Chapter 17 Power IQ Integration Configuring Power IQ Services You must configure the Power IQ Service before you can add Power IQ proxy interfaces to nodes or synchronize Power IQ with CC SG to add IT Devices to CC SG as nodes This is done via the CC SG Access menu You must have the CC Setup and Control permission to configure Power IQ services gt To configure Power IQ services 1 Make sure the Web API is enabled in Power IQ In the Settings tab click Web API in the Security and Encryption section Select the Enable Web API checkbox then click Save 2 Make sure power control is enabled In Power IQ In the Settings tab click Power Control Options in the Appliance Administration section Select the Enable Power Control checkbox then click Save 3 Inthe CC SG Admin Client choose Access gt Power IQ Services gt Add Power IQ Services The New Power IQ Services Configuration dialog appears 4 Type aname for the device in the Power IQ Device Name field The name must be unique for the Power IQ Device providing the service CC SG does not accept duplicate names See Naming Conventions on page 389 for details on CC SG s rules for name lengths 5 Type the IP Address or Hostname of the device in the IP Address Hostname field See Terminology Acronyms on page 2 for hostname rules 6 Type the time in seconds from 30 to 50 000 that should elapse before timeout between the new device and CC SG in the
419. ronization time Choose Administration gt Security Select the Authentication tab Ensure that the Daily synchronization of All Modules checkbox is selected In the Synchronization Time field at the bottom of the screen click the up and down arrows to select the time at which you want CC SG to perform the daily synchronization of all AD modules Click Update to save your changes Raritan Chapter 12 Remote Authentication Renaming and Moving AD Groups gt Renaming a group in AD When an AD group that has been imported into CC SG changes its name in AD CC SG reports a warning in the Audit Trail when the name change is detected either at synchronization or when an affected AD user logs in for the first time after User group lt group name gt has been renamed to lt group new name gt in AD module lt module name gt gt Deleting or moving a group in AD When an AD group that has been imported into CC SG has been deleted or moved out of the group s search base CC SG reports a warning in the Audit Trail The AD association for the group is removed User group lt group name gt cannot be found in ADmodule lt module name gt gt Moving a group in AD within the search base When an AD group moves within the search base no warning is reported and the group functions as usual About LDAP and CC SG Once CC SG starts and a username and password are entered a query is forwarded either through CC SG or d
420. routes may actually improve the performance of your network allowing you to conserve bandwidth for important business applications Click with the mouse or use the Tab and arrow keys to navigate and press the Enter key to select a value gt 1 2 To view or change static routes Choose Operation gt Network Interfaces gt Static Routes The current IP routing table page opens You can add associated IP route to the routing table by selecting Add Host Route or Add Network Route The items in the routing table are selectable and you can delete a route from the table by selecting Delete Route The Refresh button updates the routing information in the table Add Host Route takes a Destination Host IP Address and either a Gateway IP Address or interface name as shown in Status Console or both Add Network Route is similar but takes a Destination Network and Netmask With every item selected or highlighted in the table you can select Delete Route to remove the route The only exception is the route associated with current host and interface which CC SG does not allow you to delete Raritan Chapter 16 Diagnostic Console Although you can delete all other routes including the Default Gateway doing this will greatly impact the communication with CC SG 311 Chapter 16 Diagnostic Console View Log Files in Diagnostic Console You can view one or more log files simultaneously via LogViewer which allows
421. rsion into the CC SG database This option restores Diagnostic Console settings back to factory defaults This option removes all entries from the IP ACL table IP ACL settings are reset with a Full Database reset whether you select the IP ACL Tables option or not This option removes all license files from CC SG To reset CC SG Before you reset back up CC SG and save the backup file to a remote location See Backing Up CC SG on page 222 Choose System Maintenance gt Reset Select the reset options Type your CC SG password Broadcast message Type the message that will display to users who will be logged off CC SG Enter the number of minutes from 0 720 that should elapse before CC SG performs the reset operation If specifying over 10 minutes the broadcast message displays to users immediately and then repeats at 10 and 5 minutes before the event occurs Click OK A message appears to confirm the reset Do NOT power off power cycle or interrupt CC SG when reset is in progress Doing this may result in the loss of CC SG data IP ACL Tables Licenses gt 2 3 4 5 6 7 228 Raritan Restarting CC SG Upgrading CC SG Raritan Chapter 14 System Maintenance The restart command is used to restart the CC SG software Restarting CC SG will log all active users out of CC SG Restarting will not cycle power to the CC SG To perform a full reboot you must access Diagnostic Consol
422. rtificate authority to apply for a digital identity certificate generate a self signed certificate or import and export certificates and their private keys Certificate Tasks Note The button at the bottom of the screen will change from Export to Import to Generate depending on which certificate option is selected To export current certificate and private key Choose Administration gt Security Click the Certificate tab Select Export current certificate and private key fF ON w Click Export The certificate appears in the Certificate panel and the private key appears in Private Key panel 5 In each panel select the text and then press Ctrl C to copy it You can then paste the text wherever needed gt To generate Certificate Signing Request and import pasted certificate and private key The CSR will be submitted to the Certificate Server who will issue a signed certificate A root certificate will also be exported from the Certificate Server and saved in a file Once you receive the signed certificate from the certificate signing authority you can import the signed certificate root certificate and private key 1 Choose Administration gt Security Click the Certificate tab Click Generate Certificate Signing Request and then click Generate The Generate Certificate Signing Request window opens 4 Type the requested data into the fields 273 274 Chapter 15 Advanced Administration 10 11 a
423. rtificate when using Windows Vista operating system and Windows 7 operating system 1 Include the CommandCenter Secure Gateway IP address in the Trusted Site zone and ensure Protected Mode is off 2 Launch Internet Explorer using the CommandCenter Secure Gateway IP address as the URL A Certificate Error message will be displayed Select View Certificates On the General tab click Install Certificate The certificate is then installed in the Trusted Root Certification Authorities store 5 After the certificate is installed the CommandCenter Secure Gateway IP address can be removed from the Trusted Site zone gt To enable AKC download server certificate validation 1 Choose Device Settings gt Device Services The Device Service Settings page opens 2 Select the Enable AKC Download Server Certificate Validation checkbox or you can leave the feature disabled default 253 Chapter 15 Advanced Administration 3 Click OK Configuring Custom JRE Settings 254 CC SG will display a warning message to users who attempt to access CC SG without the minimum JRE version that you specify Check the Compatibility Matrix for the minimum supported JRE version Choose Administration gt Compatibility Matrix If a user attempting to log into CC SG does not have the specified JRE version installed the JRE Incompatibility Warning window opens The window includes several options for downloading the default minimum
424. s Your changes will not take effect until CC SG restarts a Click Restart Now if you want to automatically restart CC SG now Click Restart Later if you would like to manually restart CC SG later See Restarting CC SG on page 229 Click Cancel to return to the Network Setup panel without saving your changes You must click Update Configuration then click Restart Now or Restart Later to save your changes Note If CC SG is configured with DHCP you can access CC SG via the hostname after a successful registration with the DNS server Raritan a 246 Chapter 15 Advanced Administration What is IP Isolation mode IP Isolation mode allows you to isolate clients from devices by placing them on separate sub networks and forcing clients to access the devices through CC SG In this mode CC SG manages traffic between the two separate IP domains IP Isolation mode does not offer failover If either LAN connection fails users will not have access See About CC SG LAN Ports on page 242 for the locations of the Primary LAN and Secondary LAN ports on each CC SG model Note Clustering cannot be configured when using IP Isolation mode 5 Secondary LAN Clients and Nodes only gt Setup for IP Isolation mode When implementing IP Isolation mode for your CC SG network Each CC SG LAN port must be connected to a different sub network Raritan devices must be connected to the Primary LAN only Clients to be iso
425. s or schedule a particular report to be emailed to one or more recipients every Monday Note Task Manager uses the server time that is set on CC SG for scheduling not the time on your client PC The server time is displayed in the upper right corner of each CC SG page Task Types These tasks can be scheduled e Active Directory Synchronization e Backup CC SG e Backup Device Configuration individual device or device group e Pause and Resume Device Management e Copy Device Configuration individual device or device group e Group Power Control e Outlet Power Control e Purge Logs e Restart Device e Restore Device Configuration does not apply to device groups e Upgrade Device Firmware individual device or device group e Generate all reports Raritan Raritan Chapter 15 Advanced Administration Schedule Sequential Tasks You may want to schedule tasks sequentially to confirm that expected behavior occurred For example you may want to schedule an Upgrade Device Firmware task for a given device group and then schedule an Asset Management Report task immediately after it to confirm that the correct versions of firmware were upgraded Email Notifications for Tasks Upon completion of a task an email message can be sent to a specified recipient You can specify where the email is sent and choose to send email securely via SSL in the Notification Manager See Notification Manager on page 277
426. s can be assigned a username and password to access CC SG A User Group defines a set of privileges for its members You cannot assign privileges to users themselves only to user groups All users must belong to at least one user group CC SG maintains a centralized user list and user group list for authentication and authorization You can also configure CC SG to use external authentication See Remote Authentication on page 187 You must also create policies for access that you can assign to user groups See Policies for Access Control on page 175 In This Chapter The Users Vea isaac tae gcince sas dace ete ewes deduce tad guaee sat dace teste AEAEE NANESENE 157 Default User Groups cccccceeeeeeeeeeeeeeeeeceeeeeseaeeeeaaeseneeeseaeeestaeeseeeeeaes 158 Adding Editing and Deleting User Groups esseeeeseeesteeeseeeeeeees 159 Limit the Number of KVM Sessions per USE cccceeeeeeeesteeeeeeeees 162 Configuring Access Auditing for User GroupS c cceccecesteeeseeeeeeees 162 Adding Editing and Deleting USIS 0 ecceeeeeeeeeeeeeeeenteeeeetneeeeneee 163 Assigning a User to a GrOUD sec isee ccsiecnt saints deencacn niian 165 Deleting a User From a Group lt cnccccccstcceesicetccees ca ian ia 166 Adding Users with CSV File IMport eee cece ener eee crescent eeneeeneees 166 Your User Proll ericirsrsi een eaeientae data as 172 Logging Users O trisimessi iire i anaa iaaa caste sd NELA
427. s flex and open the terminal e N Copy the flexserverv1 1 8 linux tar gz file you downloaded to home flex Unzip the contents to the same location 5 Type the command tar xvzf flexservervll 8 tar gz The files are unpacked The following directories are created flexserverv11 8 i86_Isb is created under flexserverv11 8 6 Unzip the 5 1 0 raritan daemon raritan linux32 1 1 zip file to home flex Raritan Raritan Chapter 3 Getting Started 7 Move the Raritan vendor daemon file using this command cp raritan home flex flexservervll1 8 i86 l1sb 8 Enter this command chmod x raritan 9 Make sure you have the redhat Isb package installed To install it run yum install redhat lsb as root Windows Server 1 Unpack the flexserverv1 1 8 win zip file to C on the Windows server This will create a folder called flexnet win 2 Unpack the raritan win32 1 0 zip to C flexnet win i86_n3 Get Your License 1 The license administrator designated at time of purchase will receive an email from Raritan Licensing Portal from the email address licensing raritan com with the subject line Thank You for Registering Raritan Know more Manage smarter Thank You for Registering 7 15 2010 0035000000ZexEa Customer Name Customer Address Dear Customer Raritan welcomes you to our firm as a new customer We know that you e satisfied with our award winning products and services Onli
428. s when they switch to another CC SG unit select the Disconnect Active Sessions when Switching Secure Gateways checkbox Otherwise deselect the checkbox 4 Click Send Update to save the changes and distribute the latest Neighborhood information to the other members Delete a Neighborhood Member When a CC SG unit in a Neighborhood becomes inappropriate you may either remove or deactivate it in the Neighborhood configuration Otherwise Access Client users may find these units inaccessible when trying to switch to them For example a Neighborhood member becomes inappropriate when you e Set the CC SG unit as a Backup CC SG node in a cluster configuration which is not a state meeting the Neighborhood criteria see What is a Neighborhood on page 262 e Reset the CC SG unit causing the unit to remove its Neighborhood configuration and return to factory defaults When deleting members ensure that a minimum of 2 CC SG units remain in the Neighborhood Otherwise CC SG will delete this Neighborhood gt To delete a CC SG unit from the Neighborhood 1 Choose Administration gt Neighborhood 2 Click the CC SG unit that you want to delete and click Remove Member Repeat this step until you remove all CC SG units you want 3 Click Send Update to save the changes and distribute the latest Neighborhood information to the other members Important To change the IP address of a CC SG unit which is already a Neighborhood member
429. s will be used for communication between CC SG and the KX2 devices or for communication by client applications such as AKC and VKC directly with the KX2 devices The new port numbers are not used for communication between the user s client computer and CC SG gt To change the HTTP and HTTPS ports for a KX2 Device Note Only for KX2 versions 2 3 and later 1 Click the Devices tab and select the device you want to edit 2 Inthe Device Profile page enter new values for HTTP and HTTPS port 3 Click OK Editing a PowerStrip Device or a Dominion PX Device Raritan You can edit a Managed PowerStrip device or a Dominion PX device to rename it modify its properties and view outlet configuration status gt To edit a powerstrip device 1 Click the Devices tab and select the PowerStrip device you want to edit 57 Chapter 6 Devices Device Groups and Ports 2 Type the new device properties in the appropriate fields on this screen If necessary edit the Categories and Elements associated with this device Click the Outlet tab to view all outlets of this PowerStrip If an outlet is associated with a node click the Node hyperlink to open the Node Profile 5 If an outlet is associated with a node select the outlet and then click Power Control to open the Power Control screen for the associated node To delete an outlet deselect the checkbox next to the outlet name To configure an outlet select the check
430. see What is a Neighborhood on page 262 you must remove it from the Neighborhood configuration first Otherwise you are unable to delete the CC SG from the Neighborhood Raritan zes 266 Chapter 15 Advanced Administration Security Manager Refresh a Neighborhood You can retrieve the latest status of all Neighborhood members immediately in the Neighborhood Configuration panel 1 Choose Administration gt Neighborhood Click Refresh Member Data 3 Click Send Update to save the changes and distribute the latest Neighborhood information to the other members Delete a Neighborhood gt To delete a Neighborhood 1 Log into any CC SG unit whose Neighborhood configuration you want to remove Choose Administration gt Neighborhood Click Delete Neighborhood Click Yes to confirm the deletion The Security Manager is used to manage how CC SG provides access to users Within Security Manager you can configure authentication methods SSL access AES Encryption strong password rules lockout rules the login portal certificates and access control lists Remote Authentication See Remote Authentication on page 187 for detailed instructions on configuring remote authentication servers AES Encryption You can configure CC SG to require AES 128 or AES 256 encryption between your client and the CC SG server When AES encryption is required all users must access CC SG using an AES enabled client If
431. seeeseaeeseaaeseeneeeeeneess 259 Delete a CIUStED 2 0 eeeceeesceeeeeeeceeeeeeaaeeeeneeceaeeeceaeeeeaaesgaeeecaeeeeaaeseeaaeseeeeseaeessaaesseaeeeseetess 260 Upgrade a CIUStCD 2 eecccecccececceeeceeeeaeeeeeeeeceaeeeeaaeseeaeecaeeecaaesseaaesgaeeseaeeeeaeeseaaeesaneeeeaees 260 GIUSTER Licenses iesin aeneon aAA RAEE La ANA ENEE ARRAN 261 Configuring a NeighborNood iiss raia asunsa ainia a ais a SEa E ENa 262 What isa Neighborhood a scaisccessetcess covges cans as aaa aa aE E E 262 Greate a Neighborhood iscscSaceccats iztes aiacav sas asndan iaaa ait Ne aata E aS Laa 262 EGit aINGIQNDOMMOO desiere raaa S NEA NANE EERE RAE 263 Raritan i Contents xii Retreshi a NGiGMbOrnOOd seseris ied aetiedeciideteieiiemndiiiaeietendiiiindtiinaiinieieedictiins 266 Delete a NGIQH DOM OOG esccc 2scccccthch cciasbedidd nad natte de devhtcansdebsaantedhdapii E EANN EE NAAA ENEEK 266 Security Manage esin Mirai ele SL eee ade Meee nei eee 266 Remote Authentication sssini 22s desea nec r E sack aa Eaa 266 AES EnciypUO Nisinsin a aa deeeh Ea 266 Configure Browser Connection Protocol HTTP or HTTPS SSL ccceceseeeeeesteeeeeeees 268 Set the Port Number for SSH Access to CO SG ou cc ccccccccccccccccecesececececeeeeeeeeeeeeeeenaeanaeans 268 Login CUE NGS tact aenn cae ENa ene EA OE A EE AE aE EEEE 268 Contigure the Inactivity Timer visa sevessecaicceensn ceri seeaccentetncenissee neducuaaceetsesneuaeendedessreaeeaties decks 271 Ponal scisaeetrcati
432. seve is case eiavecenteangcdeavnaeeease cnetaemeseniats casi deeded arta ances uai Eaa aarde 215 Node Asset REDON sit sicrccetesn sextet oE E EER EEEE EEEN 216 ACTIVE Nodes REDON oseriisssiiis tsini so NENEA 217 Node Creation REDON sesscccvts oceeevauacnetesn ccgetes cecieetn ia KE AAEE E E Eaa Aaaa a ad 217 Node Group Data REDON isxss ncceeeasgenetean severe teccieese deeeteeacceate a E aE E E T Eaa ada 218 ADUSS Group REDONA aiuiiaresnenini aai a A E AEA EEEE REEE 218 Scheduled Reports ccceccceeececeeneeceeeeeceaeeeeaaeseeneeceaeeeceaeseeaaesganeeceaeeeeaaeseeaeeeseeeesaeeeeaeseeneeseaees 219 Upgrade Device Firmware Report cccsccececssececeteeeceeeeneeceeesnseaeeesneeeeeesneeeeeesneeaeeesnneaeeeenaaes 220 Chapter 14 System Maintenance 221 Maintenance MOJE tiiccieicctetieiecceteacebeesisobehd iaeebdialothesd heute AEEA AEAEE 221 Scheduled Tasks and Maintenance Mode cccccesesceceeeeeeeeeeeaeeeeeeeeseaeeesaaesseneeesaees 221 Entering Maintenance MOOG vais sete ineactassateceet acerthy weeiets iA iret 222 Exiting Maintenance Modo weaves seasctvincecene sieeneuesn i ARE 222 Backing Up CGS Giren genti pi E comedy EN a ead E ven deal agen a E aa aeia 222 What is the difference between Full backup and Standard backup sssesseesseeeseesseess 224 Saving and Deleting Backup FileSs lt ccivss scssecanccettsacctesseaacenevaneceaiilenscueviuceneaaee ore a 224 Savea BACKUP Filerna eiaa a iadee eeaeseetuindete aban essecy
433. sienadieasted E A ET 85 Restore Only Device Settings or User and User Group Data to a KX2 KSX2 or KX2 101 PV OVICG races da viciecauvaaed catiane acu E E E dacs satcdanssild E ET 85 Restore All Configuration Data to a KX2 KSX2 or KX2 101 Device eee eee teens 86 Save Upload and Delete Device Backup Files 2 0 0 cceccceceeeeeeceeeeeeeseneeeeesseeeeeeseeeaees 86 Raritan l Contents Copying Device Confiquration g i i4 cio ieiieH nln nai Sibi Alas eg aeiedl dae 87 Restarting a D6ViCe veri scetces iicccheneds descai rete n eri dicdoenbade ERRAR diac dethd accent add Gone cae oeevsae ech daca overs 88 Pinging the Devit sisiraan EE AEAEE e EAE EAEEREN EEA E AREE 88 Pausing CC SG s Management Of a Devier aiia 88 Resuming Management of a DOVICC cccccsseccecsnieccseul a ceegeissccnebesecueeniuecnenssaceneensndetenesscensevineesines 89 Pause and Resume Management of Devices Using a Scheduled Task ccceseeeeeeteeetees 89 Device Power Managot occon i eonenna AERE EEANN NANE 90 Launching a Device s Administrative Page cc ccccccscceceesenceeeeeeeceeeeneneeeeeseneeseeseneeeeeseneeeeennes 90 Discornmecting USCIS aici aE EENE SEEE RERNE 91 Special Access to Paragon Il System DeViC S cccceeeseeeeneeceeeeeeaeeeeaaeseeeeeseaeessaaeseeneeeeeeees 91 Paragon I system Controller PZS G cccisis ssecseseccauvieccsatssssecnevencertiwecnetesserdaereacevysecevset 91 IP Reach and UST IP Administration wicccscacissv
434. st and click Remove Click OK to save your changes Delete a User Group You can delete a user group if it is does not have any members RoNMs To delete a User Group Click the Users tab Click the user group you want to delete Choose Users gt User Group Manager gt Delete User Group Click OK to delete the User Group 161 Chapter 9 Users and User Groups Limit the Number of KVM Sessions per User You can limit the number of KVM sessions allowed per user for sessions with Dominion KXII KSXII and KX KX1 devices This prevents any single user from using all available channels at once When a user attempts a connection to a node that would exceed the limit a warning message displays with information on the current sessions The event is logged in the Access Report with the message Connection Denied The user must disconnect a session on the device before starting another new session The full message text is Connection Denied Exceeds the allotted number of sessions for the KVM switch this node is attached to If possible please disconnect an existing session to the same KVM switch A list of the active connections to the KVM switch is included in the message Note You can filter the Access Report by message text to find out which devices have high traffic See Access Report on page 212 Limits on number of KVM sessions are set per user group You can enable limits when you add or edit a user group
435. stricted Service Agreement is noted in the log files and the audit trail report gt To add a restricted service agreement to the CC SG login screen 1 Select the Require Acceptance of Restricted Service Agreement checkbox to require users to check an agreement box on the login screen before they are allowed to enter their login information 2 Enter your message a Select Restricted Service Agreement Message if you want to enter the banner text directly Type an agreement message in the text field provided The maximum length of the text message is 10 000 characters Click the Font drop down menu and select a font for the message Click the Size drop down menu and select a font size for the message b Select Restricted Service Agreement Message File if you want to load a message from a text txt file a Z Raritan Raritan Chapter 15 Advanced Administration Click Browse A dialog window opens In the dialog window select the text file with the message you want to use and then click Open The maximum length of the text message is 10 000 characters Click Preview to preview the text contained in the file The preview appears in the banner message field above 3 Click Update to save your changes The updates will appear on the login screen the next time a user accesses CC SG Certificates In the Certificate tab you can generate a certificate signing request CSR to be sent to a ce
436. sword Change 169 Chapter 9 Users and User Groups 170 Column Tag or value Details number Periodically is set to TRUE specify the number of days after which password must be changed Enter just the number from 1 to 365 gt To add a user to a user group Column Tag or value Details number 1 ADD The first column for all tags is the command ADD 2 USERGROUP MEMBER Enter the tag as shown Tags are not case sensitive 3 User Group Name Required field User Group names are case sensitive 4 User Name Required field Sample Users CSV File ADD USERGROUP Windows Administrators MS IT Team ADD USERGROUP PERMISSIONS Windows Administrators FALSE TRUE TRUE TRUE TRUE TRUE TRUE TRUE ADD USERGROUP POLICY Windows Administrators Full Access Policy ADD USERGROUP ADMODULE Windows Administrators AD USA 57 120 ADD USERGROUP MEMBER Windows Administrators user1 ADD USERGROUP MEMBER Windows Administrators user2 ADD USER Windows Administrators user1 password userfirstname userlastname user1 company com 800 555 1212 TRUE ADD USER Windows Administrators user2 password userfirstname userlastname user2 raritan com 800 555 1212 TRUE ADD USERGROUP MEMBER System Administrators user1 ADD USERGROUP MEMBER CC Users user2 Raritan Chapter 9 Users and User Groups Import Users Once you ve created the CSV file validate it to check for errors then im
437. t 1 To add user groups and users in Guided Setup In the User Group Name field type a name for the user group you want to create User group names can contain up to 64 characters In the Description field type a description of the user group To set a maximum number of KVM sessions per user in this user group when accessing devices that have this feature enabled select the Limit Number of KVM Sessions per Device checkbox and select the number of sessions allowed in the Max KVM Sessions 1 8 field Optional See Limit the Number of KVM Sessions per User on page 162 for details Click the Privileges tab and then select the checkboxes that correspond to the Privileges or types of CC SG activities that you want to assign to the user group In the Node Access section you can specify whether you want the user group to have access to In band and Out of band nodes and to Power Management functions Select the checkboxes that correspond to the types of access you want to assign to the group Click the Policies tab In the All Policies list select the Policy that you want to assign to the user group and click Add to move the Policy to the Selected Policies list Policies in the Selected Policies list will be assigned to the user group Repeat this step to add additional policies to the user group To remove a policy from the user group select the policy name in the Selected Policies list and then click Remove If you want t
438. t Step 1 Get your license 1 The license administrator designated at time of purchase will receive an email from Raritan Licensing Portal from the email address licensing raritan com with the subject line Thank You for Registering Raritan Know more Manage smarter Thank You for Registering 7 15 2010 0035000000ZexEa Customer Name Customer Address Dear Customer Raritan welcomes you to our firm as a new customer We know that you d satisfied with our award winning products and services Online account access is now available to register the software product s y purchased Your registration will generate a license key to activate your soft provide you with access to a web portal where you can review the history of have purchased and their associated license keys Please follow this link to confirm your company and contact information for t that will have access to license keys for your Raritan software http www raritan com CreateAccount ContactID 0035000000ZexEa Your e mail address will be used as your username to access the License Should you have any questions or need assistance please contact Raritan Service 800 724 8090 prompt 5 then 1 or your Sales Representative oan ve er an tenn lS r Kinanti an a A 2 Click the link in the email to go to the Software License Key Login page on Raritan s website Create a user account and login The username is your email address The l
439. t is IP Failover mode IP Failover mode enables you to use two CC SG LAN ports to implement network failover and redundancy Only one LAN port is active at a time See About CC SG LAN Ports on page 242 for the locations of the Primary LAN and Secondary LAN ports on each CC SG model A CC Clients aid CC Cluster Dominion SecondaryLAN y j mt l Primary LAN Raritan a 244 Chapter 15 Advanced Administration If the Primary LAN is connected and receiving a Link Integrity signal CC SG uses this LAN port for all communications If the Primary LAN loses Link Integrity and Secondary LAN is connected CC SG will failover its assigned IP address to the Secondary LAN The Secondary LAN will be used until the Primary LAN returns to service When the Primary LAN is back in service CC SG automatically reverts to using the Primary LAN As long as one LAN connection is viable a client should not notice any disruption in service during a failure gt Setup for IP Failover mode When implementing IP Failover mode for your CC SG network E oO Both CC SG LAN ports must be attached to the same LAN sub network You can attach each LAN port to a different switch or hub on the same subnetwork for reliability Optional To configure IP Failover mode in CC SG Choose Administration gt Configuration Click the Network Setup tab Select IP Failover mode Type the CC SG host
440. t the appropriate firmware from the list Raritan or your reseller will provide this information 4 Click OK to upgrade the device Upgrading SX and KX devices takes about 20 minutes f the firmware version of the device is not compatible with CC SG a message appears Click Yes to upgrade the device Click No to cancel the upgrade 5 Amessage appears Click Yes to restart the device A message appears when the device has been upgraded 6 To ensure that your browser loads all upgraded files close your browser window and then login to CC SG in a new browser window Raritan Chapter 6 Devices Device Groups and Ports Backing Up a Device Configuration Raritan You can back up all user configuration and system configuration files for a selected device If anything happens to the device you can restore the previous configurations from CC SG using the backup file created The maximum number of backup files that can be stored on CC SG is 3 per device If you need more backups you can save a backup file to your network then delete it from CC SG Or you can opt to allow CC SG to delete the oldest backup file for you This option will appear as an alert when you attempt to do a fourth backup See Restore All Configuration Data to a KX2 KSX2 or KX2 101 Device on page 86 Each device may back up different components of the configuration See the User Guide for the device you want to back up for details Note Wh
441. t the files into your Java directory under lib security For example C Program Files Java 1 6 0 lib security Require AES Encryption between Client and CC SG In Security Manager you can configure CC SG to require AES encryption for sessions between the client and the CC SG server 1 Choose Administration gt Security 2 Open the Encryption tab Select the Require AES Encryption between Client and Server checkbox 4 Amessage appears to alert you that your clients must use AES encryption to connect to CC SG once this option is selected Click OK to confirm 267 268 Chapter 15 Advanced Administration Click the Key Length drop down arrow to select the encryption level 128 or 256 The CC SG Port field displays 80 The Browser Connection Protocol field displays HTTPS SSL selected 5 Click Update to save your changes Configure Browser Connection Protocol HTTP or HTTPS SSL In Security Manager you can configure CC SG to either use regular HTTP connections from clients or require HTTPS SSL connections You must restart CC SG for changes to this setting to take effect The default setting is HTTPS SSL gt To configure browser connection protocol 1 Choose Administration gt Security Open the Encryption tab 2 3 Select the HTTP or HTTPS SSL option to specify the Browser Connection Protocol you want clients to use when connecting to CC SG 4 Click Update to save your changes Set t
442. t time the user logs in Select the Force Password Change Periodically checkbox if you want to specify how often the user will be forced to change the password In the Expiration Period Days field type the number of days that the user will be able to use the same password before being forced to change it In the Email address field type the user s email address Click the User Group drop down arrow and select the user group to which you want to assign the user from the list If you want to add another user click Apply to save this user and then repeat the steps in this section to add additional users When you have finished adding users click OK The User Summary panel displays a list of the user groups and users that you added Optional Raritan Chapter 5 Associations Categories and Elements In This Chapter About Associations c ccceeeeeeeeeeeeceeceeeeeeeeeaaeceeeeeeeseeaaeeeeeeseeeensneaeees 41 Adding Editing and Deleting Categories and Elements 068 42 Adding Categories and Elements with CSV File Import 0 cc0 43 About Associations Raritan You can set up Associations to help organize the equipment that CC SG manages Each Association includes a Category which is the top level organizational group and its related Elements which are subsets of a Category For example you may have Raritan devices that manage target servers in data centers in America
443. t unauthorized execution of Imremove lmreread vendor raritan is used to cause the Raritan vendor daemon to re read the license and options files Closes the existing report log and starting a new report log with a new file name It can also be used to start a new report log file if one does not already exist Closes the existing debug log for a vendor daemon and starts a new debug log for that vendor daemon with a new file name It can also be used to start a new debug log file written by the vendor daemon if one does not already exist Retrieves and displays license file status feature availability and usage information that it receives from the license server lmstat c lt license file name gt f lt feature name gt Raritan Raritan Chapter 3 Getting Started Imver Reports the version of a FLEXnet Publisher library or binary file such as Imgrd Imadmin Imdown vendor daemon Install or Upgrade VMware Tools VMware Tools is recommended by VMware for all virtual machine deployments Once you install VMware Tools on your CommandCenter Secure Gateway virtual appliance you can follow this process to upgrade it when VMware makes a new release The virtual CC SG OVF package has a version of VMware Tools installed by default gt To install or upgrade VMware Tools 1 Login to the vSphere client and connect to the ESX host that is hosting the CC SG virtual appliance 2 Select the virtual
444. tact Raritan Technical Support None of the file systems Uses values the fifth column on the screen should be greater than 50 Different file systems contain different data and corrective actions are also different ae Raritan Filesystem Data sg DB CC SG database opt CC SG backups and snapshots var Log files and system upgrades tmp Scratch area used by snapshots Appendix G Diagnostic Utilities Corrective action Contact Raritan Technical Support 1 ON OAR w Save any new snapshot files on a remote client PC See Take a System Snapshot on page 335 for the retrieval procedure Enter the System Snapshot menu See Take a System Snapshot on page 335 Select Pre Clean up SNAP area Select Pre Clean up UPLOAD area Deselect SNAP Deselect Package amp Export Click or select Submit If the space problem remains use the Admin Client to connect to CC SG upload CC SG backups to a client PC and then remove them from the CC SG Contact Raritan Technical Support oe o Enter the System Snapshot menu See Take a System Snapshot on page 335 Deselect SNAP Deselect Package amp Export Select Clean up tmp Click or select Submit gt To monitor the disk space via web browser This method applies only to CC SG release 4 0 or later You must enable Web Status Console related options in Diagnostic Console before you can monitor the disk space using the web browser See Access Status
445. tant If you need to upgrade both CC SG and a device or group of devices perform the CC SG upgrade first then perform the device upgrade 229 Chapter 14 System Maintenance CC SG will reboot as part of the upgrade process DO NOT stop the process reboot the unit manually power off or power cycle the unit during the upgrade gt To upgrade CC SG 1 Download the firmware file to your client PC 2 Log into the CC SG Admin Client using an account that has the CC Setup and Control privilege 3 Enter Maintenance Mode See Entering Maintenance Mode on page 222 4 Once CC SG is in maintenance mode choose System Maintenance gt Upgrade 5 Click Browse Navigate to and select the CC SG firmware file zip then click Open 6 Click OK to upload the firmware file to CC SG After the firmware file is uploaded to CC SG a success message appears indicating that CC SG has begun the upgrade process All users will be disconnected from CC SG at this time 7 You must wait for the upgrade to complete before logging into CC SG again You can monitor the upgrade in the Diagnostic Console a Access Diagnostic Console using the admin account See Access Administrator Console on page 303 b Choose Admin gt System Logfile Viewer Select sg upgrade log then choose View to view the upgrade log c Wait for the upgrade process to run The upgrade process is complete when you see the Upgrade completed message in the upgr
446. te and group membership attribute parameters in the User Attribute and Group Membership Attribute fields These values should be obtained from your LDAP directory schema 5 Type the bind pattern in the Bind Username Pattern field Check Use bind if you want CC SG to send the username and password entered at login to the LDAP server for authentication If Use Bind is not checked CC SG will search the LDAP server for the user name and if found will retrieve the LDAP object and locally compare the associated password with the one entered On some LDAP servers the password cannot be retrieved as part of the LDAP object Select the Use bind after search checkbox to instruct CC SG to bind the password to the LDAP object again and send it back to the server for authentication 6 Click OK to save your changes The new LDAP module appears in the Security Manager screen under External AA Servers 7 Select the Authentication checkbox if you want CC SG to use the LDAP module for authentication of users 8 Click Update to save your changes Sun One LDAP iPlanet Configuration Settings If using a Sun One LDAP server for remote authentication use this example Parameter Name SUN One LDAP Parameters IP Address Hostname lt Directory Server IP Address gt User Name CN lt Valid user id gt Password lt Password gt BaseDN O lt Organization gt Filter objectclass person Passwords Advanced Screen Plain Text Password Defau
447. ted list Note CC SG updates all interfaces that use the service account to use the new login credentials when you change the username or password a Z Raritan Chapter 8 Nodes Node Groups and Interfaces Adding Editing and Deleting Nodes Add a Node gt 1 To add a node to CC SG Click the Nodes tab Choose Nodes gt Add Node Type a name for the node in the Node Name field All node names in CC SG must be unique See Naming Conventions on page 389 for details on CC SG s rules for name lengths Type a short description for this node in the Description field Optional You must configure at least one interface Click Add in the Interfaces area of the Add Node screen to add an interface See Add an Interface on page 125 A list of Categories and Elements can be configured to better describe and organize this node See Associations Categories and Elements on page 41 Optional For each Category listed click the Element drop down menu and then select the element you want to apply to the node from the list Note By default CC SG keeps default category names System Type and US States and territories in English Select the blank item in the Element field for each Category you do not want to use f you do not see the Category or Element values you want to use you can add them through the Associations menu See Associations Categories and Elements on page 41 Click OK to save y
448. ted to the same node to communicate with each other You must be connected to a node to start a chat session for that node Only users on the same node can chat with each other gt To start a chat session 1 Choose Nodes gt Chat gt Start Chat Session 2 Type a message in the lower left field and click Send The message appears in the upper left field for all users to see gt To join a chat session already in progress e Choose Nodes gt Chat gt Show Chat Session gt To end achat session 1 Click Close in the chat session A confirmation message appears Click Yes to close the chat session for all participants a Click No to exit the chat session but leave it running for other participants Adding Nodes with CSV File Import You can add nodes and interfaces to CC SG by importing a CSV file that contains the values You must have the Device Port and Node Management and CC Setup and Control privileges to import and export nodes You must be assigned a policy that gives you access to all relevant devices and nodes A full access policy for All Nodes and All Devices is recommended You must be assigned a policy that gives you access to all relevant devices to import or export Out of Band KVM or Out of Band Serial interfaces and Power interfaces Virtual Infrastructure nodes and interfaces such as Control Systems Virtual Hosts and Virtual Machines are not exported or imported es Raritan Raritan
449. ter configuration the field shows the IP address of the other CC SG unit in the cluster For each network interface a scrollable table is available for showing its information Dev The internal name of the interface Link The state of Link Integrity that is whether this port is connected to a working Ethernet switch port via an intact cable Auto Indicate whether auto negotiation is being applied to this port Speed The speed that this interface is operating 10 100 or 1000 Mbits per second Raritan Information Raritan Description Duplex IPAddr RX Pkts TX Pkts Chapter 16 Diagnostic Console Indicate whether the interface is Full or Half duplex The current lpv4 Address of this interface The number of IP packets received on this interface since CC SG was booted The number of IP packets transmitted on this interface since CC SG was booted Navigation Keys Reminder The bottom line on the screen displays the keyboard combination keys for invoking Help and exiting Status Console Status Console will ignore key inputs other than these keys described below e Press F1 to bring up the help screen which displays available options along with the Diagnostic Console version e Press Ctrl L to clear the current screen and redraw with updated information You can update the screen a maximum of once per second e Press Cirl Q or Ctrl C to exit Status Console e Press arrow keys to scroll
450. terface is assigned to a blade chassis node in CC SG by default A virtual blade chassis device will be created in the Devices tab for blade servers that are directly connected to KX2 ports if blade port groups have been configured properly for these blade servers in KX2 See the KX II User Guide A list of Categories and Elements can be configured to better describe and organize this device and the nodes connected to it See Associations Categories and Elements on page 41 For each Category listed click the Element drop down menu and then select the element you want to apply to the device from the list Select the blank item in the Element field for each Category you do not want to use If you want to assign the Element to the related nodes as well as the device select the Apply to Nodes checkbox If you do not see the Category or Element values you want to use you can add more through the Associations menu See Associations Categories and Elements on page 41 When you are done configuring this device click Apply to add this device and open a new blank Add Device screen that allows you to continue adding devices or click OK to add this device without continuing to a new Add Device screen 55 56 Chapter 6 Devices Device Groups and Ports 14 If the firmware version of the device is not compatible with CC SG a message appears Click Yes to add the device to CC SG You can upgrade the device firm
451. tes to a Node Profile Raritan You can use the Notes tab to add notes about a node for other users to read All notes appear in the tab with the date username and IP address of the user who added the note If you have the Device Port and Node Management privilege you can clear all notes that appear in the Notes tab To add notes to the node profile Select a node in the Nodes tab The Node Profile page opens Click the Notes tab Type your note in the New Note field Click Add Your note appears in the Notes list To clear all notes Click the Notes tab Click Clear Notes Click Yes to confirm All notes are deleted from the Notes tab 111 Chapter 8 Nodes Node Groups and Interfaces Configuring the Virtual Infrastructure in CC SG Terminology for Virtual Infrastructure CC SG uses the following terminology for virtual infrastructure components Term Definition Example Control System The Control System is the managing server The VMware s Virtual Center Control System manages one or more Virtual Hosts Virtual Host The Virtual Host is the physical hardware that VMware s ESX contains one or more Virtual Machines Virtual Machine A Virtual Machine is a virtual server that resides VMware s Virtual Machine or on a Virtual Host A Virtual Machine can be VM relocated from one Virtual Host to a different Virtual Host VI Client interface Control system nodes and virtual host nodes have VMware s Virtual
452. tes ves cee 310 View Log Files in Diagnostic COnSOle osicsis ccceceseccentsiaccxessne sedecueaceeseredeuateeaecdeaureaeeaiies seems 312 Restart CC SG with Diagnostic Console ccccceseeeneeceeeeeeeaeeeeneeeeeeeeseaeeseaaesteaeeeseeees 315 Reboot CC SG with Diagnostic Console wai ccsescecteccecsnccestesacecnessncessheensevadeanecdaassndceeeessceete 316 Power Off CC SG System from Diagnostic Console c cccccceseeeeeceeseteeeeeaeeseneeseeeeees 317 Reset CC Super User Password with Diagnostic Console 0 cceeeeeeeeeeretereeeeeeeees 318 Reset GC SG Factory Contiguration s j cctis evens ce eceesteccseesacebitieceeisneistienec annecee 319 Diagnostic Console Password SettinGS icisisccsesssccccsasteccdeteracecaesencesehivnseesdeeredacaesceeneceee 321 Diagnostic Console Account Configuration 0 c cceccceceeceeeeeeeeeeeeeeeeeseaeeeeaaeseeneeeeeeeees 323 Configure Remote System MOnitOring cc cccccceesceceeececeeeeeeeaeceeeeeseeneeeeaeseeaeeseeeaeenaees 325 Display Historical Data Trending Reports i ciiceccccctees cosctenecccanees cecdneesoccacens cusneeesecdeten deck 326 Display RAID Status and Disk Utilization 2 0 0 0 ceeceeeeeeeeeeeeeeeeeeeeeeeeee see eesaeeeeeeeeneeees 327 Perform Disk or RAID Tests 00 ccccceeeccceeeeeceeeeeeeceeeseeeaeeessaecaeesaeaaaeeseeecaeeseeeaaeeseeeeseeeses 328 Schedule Disk TeSts c cccesceceeeeeeeeeeeaeeeeeeeeceaeeeeaaeseeaeeseaeeesaaesgeaaeseaeeeseaeeseaesseneeeeaees 3
453. the Diagnostic Console s CC SG System Power OFF command See Power Off CC SG System from Diagnostic Console on page 317 gt 1 To power down the CC SG Remove the bezel and firmly tap the POWER button Wait approximately one minute while CC SG gracefully powers down Note Users logged into CC SG via Diagnostic Console will receive a short broadcast message when the CC SG unit is powered down Users logged into CC SG via a web browser or SSH will not receive a message when the CC SG unit is powered down If you must remove the AC power cord let the power down process finish completely before removing the power cord This is required for CC SG to complete all transactions close the databases and place the disk drives into a safe state for power removal Ending CC SG Session There are two ways to end a CC SG Session Log out to end your session while keeping the client window open See Log Out of CC SG on page 235 Exit to end your session and close the client window See Exit CC SG on page 236 Log Out of CC SG 1 Raritan Choose Secure Gateway gt Logout The Logout window opens 235 Chapter 14 System Maintenance 2 Click Yes to log out of CC SG Once you log out the CC SG login window opens Exit CC SG 1 Choose Secure Gateway gt Exit 2 Click Yes to exit CC SG i Raritan Chapter 15 Advanced Administration In This Chapter Configuring a Message of the Day
454. the Configuration Manager Important To change the IP address of a CC SG unit which is already a Neighborhood member see What is a Neighborhood on page 262 you must remove it from the Neighborhood configuration first Otherwise you are unable to delete the CC SG from the Neighborhood About Network Setup CC SG offers two modes for network setup e IP Failover mode See What is IP Failover mode on page 243 e P Isolation mode See What is IP Isolation mode on page 246 Important IP Failover mode is highly recommended for new deployments CC SG also allows either Static or DHCP assigned IP addresses See Recommended DHCP Configurations for CC SG on page 248 for best practices on using DHCP with your CC SG About CC SG LAN Ports CC SG provides two main LAN ports Primary LAN and Secondary LAN See the tables to check the locations of the Primary and Secondary LAN ports on your CC SG model gt V1LAN Ports Raritan Chapter 15 Advanced Administration Model Primary LAN Name Primary LAN Location Secondary LAN Name Secondary LAN Location V1 O or LAN1 Left LAN port LAN2 Right LAN port V1 1 gt E1LAN Ports Model Primary LAN Name Primary LAN Location Secondary LAN Name Secondary LAN Location E1 0 Not labeled Top LAN port in set of 2 Not labeled Bottom LAN port ports in center of unit in set of 2 ports in back panel center of unit back panel E1 1 LAN1 Left LAN port LAN2 Right LAN port Wha
455. the Configure column to select all virtual machines To adda VNC RDP or SSH interface to all virtual host nodes and all virtual machine nodes select the topmost checkboxes in the VNC RDP or SSH columns Optional To add more than one virtual machine Use Ctrl click or Shift click to select multiple virtual machines that you want to add a Inthe Check Uncheck Selected Rows section select the Virtual Machine checkbox To adda VNC RDP or SSH interface to the virtual host nodes and virtual machine nodes that will be created select the VNC RDP or SSH checkboxes in the Check Uncheck Selected Rows section Optional Click Check 13 Click Next CC SG displays a list of interface types that will be added You can add names and login credentials for each type 14 For each interface type enter a name and login credentials The name and login credentials will be shared by all the interfaces added to each virtual machine node and virtual host node configured Optional Leave these fields blank if you prefer to add names and login credentials to each interface individually The interface will take the name of the node if the field is left blank a Enter names for interfaces Maximum 32 characters Raritan Chapter 8 Nodes Node Groups and Interfaces VI Client Interfaces VMware Viewer Interfaces Virtual Power Interfaces RDP VNC and SSH Interfaces if specified b Enter login credentials
456. the Description field Optional Raritan Chapter 14 System Maintenance 4 Select a Backup Type Full or Standard See What is the difference between Full backup and Standard backup on page 224 5 To save a copy of this backup file to an external server select the Backup to Remote Location checkbox Optional a Select a Protocol used to connect to the remote server either FTP or SFTP b Type the IP address or hostname of the server in the IP Address Hostname field c If you are not using the default port for the selected protocol FTP 21 SFTP 22 type the communications port used in the Port Number field d Type ausername for the remote server in the Username field e Type a password for the remote server in the Password field f Inthe Directory Relative Path field specify the location to save the backup file on the FTP server Leave this field blank to save the backup file to the default home directory on the FTP server Enter a path relative to the default home directory to save the backup file in a level below the default home directory on the FTP server For example to save the backup file in a folder called Backups under the default home directory enter Backups in the Directory Relative Path field g Inthe Filename leave blank to use the default filename convention field type a filename for naming the backup on the remote server or leave blank to accept the default name The default
457. the LDAP server For DN enter the common name organizational unit and domain For example type uid admin ou Administrators ou T opologyManagement o Netscape Root Separate the values with commas but do not use spaces before or after the comma The values can include spaces for example Command Center 7 Type the password in the Password and Confirm Password fields To specify where the search for users begins enter a Distinguished Name in Base DN For example ou Administrators ou TopologyManagement o NetscapeRoot searches all organizational units under the domain 9 To narrow searching to only particular types of objects type a value in the Filter field For example objectclass person will narrow searching to only person objects 10 Click Test Connection to test the LDAP server using the given parameters You should receive a confirmation of a successful connection If not review the settings carefully for errors and try again 11 Click Next to proceed to the Advanced tab to set advanced configuration options for the LDAP server LDAP Advanced Settings 1 Click the Advanced tab or Raritan Raritan Chapter 12 Remote Authentication 2 Select Base 64 if you want the password to be sent to the LDAP server with encryption Select Plain Text if you want the password to be sent to the LDAP server as plain text Default Digest select the default encryption of user passwords Type the user attribu
458. the Network Information screen horizontally and vertically when it contains more data than the screen can display 301 302 Chapter 16 Diagnostic Console Status Console via Web Browser After connecting to the Status Console via the web browser the read only Status Console web page appears Raritan CommandCenter Secure Gateway Mon Dec 2008 12 01 EST CommandCenter Secure Gateway 19 22 40 EST 2300 Message of the Day ConmandCenter Secure Gateway Centralized access and control for your global IT infrastructure System Information Host Name CC SG Demo rariian com CC SG Version 4 1 0 5 2 Model CC SG E1 0 CC SG Serlal ACD7900052 Host ID 003048S5C0SEB Server Intormalion CC SG Slatus Up DB Slatus Responding Web Status Responding Unsecured RAID Active Cluster Status standalone Cluster Peer Not Configured Network Information Device Link Auto Speed Duplex IP_Addr AX_Pkts TX_Pkts ethO yes on 100Mb s Full 192 168 51 26 100244 32533 ethi no on Unknown Unknown Historical CC SG Monitors CC SG Monitors under Evaluation Tha page was generaied by 32020 CC SG Sos over ar Mon Dec 2008 12 01 EST 9 22 40 EST 0500 The web page displays the same information as the Status Console and also updates the information approximately every 5 seconds For information on the links for CC SG Monitors at the bottom of the web page see Display Historical Data Trending Reports on page 326 and
459. the next time they log in 6 Inthe Email address field type a new email address to add or change the user s configured email address This will be used to send the user notifications 7 Click OK to save your changes Delete a User Deleting a user completely removes the user from CC SG This is useful for removing user accounts that are no longer needed This procedure deletes all instances of a user even if the user exists in multiple user groups See Deleting a User From a Group on page 166 to remove the user from a group without deleting the user from CC SG gt To delete a user 1 Inthe Users tab click the symbol to expand the user group that contains a user you want to delete and then select the user The User Profile appears Choose Users gt User Manager Delete User Click OK to permanently delete the user from CC SG Assigning a User to a Group Raritan Use this command to assign an existing user to another group Users assigned in this way will be added to the new group while still existing in any group they were previously assigned to To move a user use this command in conjunction with Delete User From Group gt To assign a user to a group 1 Inthe Users tab select the user group to which you want to assign a users Choose Users gt User Group Manager gt Assign Users To Group The user group you selected appears in the User group name field 165 166 Chapter 9 Users an
460. tion versions see the Compatibility Matrix on the Raritan Support website The best practice is to enter Maintenance Mode before upgrading applications See Entering Maintenance Mode on page 222 1 Save the application file to your client PC 2 Click the Application name drop down arrow and select the application that must be upgraded from the list If you do not see the application you must add it first See Add an Application on page 239 3 Click Browse locate and select the application upgrade file from the dialog that appears then click Open 4 The application name appears in the New Application File field in the Application Manager screen 5 Click Upload A progress window indicates that the new application is being uploaded When complete a new window will indicate that the application has been added to the CC SG database and is available to use 6 Ifthe Version field does not automatically update type the new version number in the Version field The Version field will automatically update for some applications 7 Click Update Note Users who were logged in during the upgrade must log out of CC SG then log in again to ensure that the new version of the application is launched Also see Older Version of Application Opens After Upgrading on page 239 Raritan Chapter 4 Configuring CC SG with Guided Setup Guided Setup offers a simple way to complete initial CC SG configuration tasks once the networ
461. tore a Device Configuration KX KSX KX101 SX IP Reach You can restore a full backup configuration to KX KSX KX101 SX and IP Reach devices gt 1 To restore a full backup device configuration Click the Devices tab and select the device you want to restore to a backup configuration Choose Devices gt Device Manager gt Configuration gt Restore In the Available Backups table select the backup configuration you want to restore to the device Click OK Click Yes to restart the device A message appears when all data has been restored Raritan Z Raritan Chapter 6 Devices Device Groups and Ports Restore All Configuration Data Except Network Settings to a KX2 KSX2 or KX2 101 Device The Protected restore option allows you to restore all configuration data in a backup file except network settings to a KX2 KSX2 or KX2 101 device You can use the Protected option to restore a backup of one device to another device of the same model KX2 KSX2 and KX2 101 only gt To restore all configuration data except network settings to a KX2 KSX2 or KX2 101 device 1 Click the Devices tab and select the device you want to restore to a backup configuration Choose Devices gt Device Manager gt Configuration gt Restore In the Available Backups table select the backup configuration you want to restore to the device Restore Type select Protected Click OK Click Yes to restart the
462. tored in the web cache to access the unit Passwords are encrypted using MD5 encryption which is a one way hash This provides additional security to prevent unauthorized users from accessing the password list CC SG times each user session If no activity happens for a pre defined period of time CC SG logs the user out The length of the time period is pre set to 60 minutes but it can be reconfigured It is recommended that users exit CC SG when they finish a session No party will have root access to server once the unit is shipped out of Raritan Inc Both The session is encrypted regardless of source 383 Appendix FAQs Question well as external not just WAN but LAN too Does CC SG support CRL List that is LDAP list of invalid certificates Does CC SG support Client Certificate Request Accounting FAQs Question Accounting The event times in the Audit Trail report seem incorrect Why Can audit logging abilities track down who switched on or off a power plug Performance FAQs Question Performance As a CC SG administrator added over 500 nodes and assigned all of them to me Now it takes a long time to log into CC SG What is the bandwidth usage per client 384 Answer LAN or WAN No No Answer Log event times are logged according to the time settings of the client computer You can adjust the computer s time and date settings Direct power switch off is not log
463. ts Disconnecting Users Administrators can terminate any user s session on a device This includes users who are performing any kind of operation on a device such as connecting to ports backing up the configuration of a device restoring a device s configuration or upgrading the firmware of a device Firmware upgrades and device configuration backups and restores are allowed to complete before the user s session with the device is terminated All other operations will be terminated immediately For Dominion SX devices only you can disconnect users who are directly logged into the device as well as those who are connected to the device via CC SG gt To disconnect users from a device 1 Click the Devices tab and select the device from which you want to disconnect users Choose Devices gt Device Manager gt Disconnect Users Select the users whose session you want to disconnect in the Disconnect users table 4 Click Disconnect to disconnect the users from the device Special Access to Paragon Il System Devices Raritan Paragon II System Controller P2 SC Paragon II System Integration users can add their P2 SC devices to the CC SG Devices tree and configure them via the P2 SC Admin application from within CC SG See Raritan s Paragon II System Controller User Guide for details on using P2 SC Admin After adding the Paragon System device the Paragon System includes the P2 SC device connected UMT units and
464. tting CC SG Server Time 30 SNMP Traps 256 366 Sort Report Data 208 Special Access to Paragon II System Devices 91 Specifications for V1 and E1 346 Specify a Base DN 189 399 Index Specify a Distinguished Name for AD 188 Specify a Distinguished Name for LDAP 189 Specify a Username for AD 189 Specifying Modules for Authentication and Authorization 189 SSH Access to CC SG 268 285 SSH Access to Nodes 356 SSH Commands and Parameters 287 Start the License Server 21 Status Console 297 326 Status Console Information 298 Status Console via VGA Keyboard Mouse Port or SSH 298 Status Console via Web Browser 302 Sun One LDAP iPlanet Configuration Settings 203 Support for Virtual Media 179 Supported Environments for Two Factor Authentication 379 Switch the Primary and Secondary Node Status 232 259 Synchronize All AD Modules 195 197 198 199 280 Synchronize All User Groups with AD 195 197 198 Synchronize Power IQ and CC SG 280 341 Synchronize the Virtual Infrastructure 122 Synchronizing AD with CC SG 197 Synchronizing the Virtual Infrastructure with CC SG 121 System Administrators Group 158 System Maintenance 221 System Server and Network Status 299 T TACACS General Settings 205 Take a System Snapshot 335 375 377 Task Manager 9 30 219 221 249 277 278 340 Task Types 278 Terminolo
465. u want to disconnect Click Logout Locked Out Users Report All Users Data Report Raritan The Locked Out Users report displays users who are currently locked out of CC SG because they made too many unsuccessful login attempts You can unlock users from the report See Lockout settings on page 270 gt gt To generate the Locked Out Users report Choose Reports gt Users gt Locked Out Users To unlock a user who has been locked out of CC SG Select the user you want to unlock then click Unlock User The User Data report displays certain data on all users in the CC SG database gt To generate the All Users Data report Choose Reports gt Users gt All User Data The User Name field displays the user names of all CC SG users The Enabled field displays true if the user is able to log in to CC SG or false if the user is not able to log in to CC SG based on whether the Login Enabled option is selected in the User Profile See Add a User on page 163 213 Chapter 13 Reports The Password Expiration field displays the number of days that the user can use the same password before being forced to change it See Add a User on page 163 The Groups field displays the user groups to which the user belongs The Privileges field displays the CC SG privileges assigned to the user See User Group Privileges on page 357 The Email field displays the email address for the user as spec
466. uangZhou Monday Friday 9 a m 6 p m local time Phone 86 20 8755 5561 gt India Monday Friday 9 a m 6 p m local time Phone 91 124 410 7881 gt Japan Monday Friday 9 30 a m 5 30 p m local time Phone 81 3 3523 5991 Email support japan raritan com gt Europe Europe Monday Friday 8 30 a m 5 p m GMT 1 CET Phone 31 10 2844040 Email tech europe raritan com United Kingdom Monday Friday 8 30 a m to 5 p m GMT Phone 44 0 20 7090 1390 France Monday Friday 8 30 a m 5 p m GMT 1 CET Phone 33 1 47 56 20 39 Germany Monday Friday 8 30 a m 5 30 p m GMT 1 CET Phone 49 20 17 47 98 0 Email rg support raritan com gt Melbourne Australia Monday Friday 9 00 a m 6 p m local time Phone 61 3 9866 6887 gt Taiwan Monday Friday 9 a m 6 p m GMT 5 Standard 4 Daylight Phone 886 2 8919 1333 Email support apac raritan com
467. ults This option removes all entries from the IP ACL table IP ACL settings are reset with a Full Database reset whether you select the IP Access Control Lists reset option or not See Access Control List on page 276 To reset CC SG to the factory configuration Choose Operation gt Admin gt Factory Reset Select the reset options Click Reset System You see a warning message and a progress bar on the screen The progress bar indicates the current reset status and you cannot control CC SG before reset is complete Do NOT power off power cycle or interrupt CC SG when reset is in progress Doing this may result in the loss of CC SG data Diagnostic Console Password Settings This option provides the ability to configure the strength of passwords status and admin and allows you to configure password attributes such as setting maximum number of days that must lapse before you need to change the password which should be done via the Account Configuration menu The operation in these menus applies only to Diagnostic Console accounts status and admin and passwords it has no effect on the regular CC SG GUI accounts or passwords gt 1 Raritan To configure Diagnostic Console passwords Choose Operation gt Admin gt DiagCon Passwords gt Password Configuration 321 Chapter 16 Diagnostic Console Password setting Regular Random Strong 322 2 Inthe Password History Depth field type the
468. umber for most Raritan devices is 5000 4 Type the name used to log into this device in the Username field The user must have administrative access 5 Type the password needed to access this device in the Password field The user must have administrative access Raritan Z Raritan Chapter 6 Devices Device Groups and Ports Type the time in seconds that should elapse before timeout between the new device and CC SG in the Heartbeat timeout sec field When adding a Dominion SX or Dominion KX2 version 2 2 or later device the Allow Direct Device Access checkbox enables access to targets directly through the device even while it is under CC SG management Type a short description of this device in the Description field Optional Select the Configure all ports checkbox to automatically add all ports on this device to the Devices tab and to create a Node for each port on this device in the Nodes tab Corresponding nodes and ports will be configured with matching names Anew node will be created for each port and an out of band interface will be created for that node except for a blade chassis node or a generic analog KVM Switch node Anode may or may not be created for a blade chassis appliance or generic analog KVM switch connected to a KX2 port depending on whether an IP address or hostname for the blade chassis or generic analog KVM switch has been entered in KX2 See the KX II User Guide A Web Browser in
469. up_id gt source device _host gt target device host gt To close port connection disconnect lt u lt username gt p lt port_id gt id lt connection_id gt gt gt To enter maintenance mode entermaint minutes message gt To exit maintenance mode exitmaint 287 288 Chapter 15 Advanced Administration gt To search for text from piped output stream grep search term gt To view the help screen for all commands help gt To list available device configuration backups listbackups lt id lt device_ id gt host gt gt To list available devices listdevices gt To list firmware versions available for upgrade listfirmwares id lt device id gt host gt To list all interfaces listinterfaces id lt node_id gt gt To list all nodes listnodes gt To list all ports listports id lt device_id gt host gt To logoff a user logoff u lt username gt message gt To list all commands ls gt To specify paging more p lt page _size gt gt To ping a device pingdevice lt id lt device_id gt host gt gt Torestart CC SG restartcc minutes message lt Raritan 5E Raritan Chapter 15 Advanced Administration gt To restart a device restartdevice lt id lt device_id gt host gt gt To restore a device configuration restoredevice lt host lt host gt id lt device
470. ur changes Raritan Chapter 8 Nodes Node Groups and Interfaces Interfaces for DRAC Power Control Connections gt To add an interface for DRAC power control connections 1 Type the IP Address or Hostname for this interface in the IP Address Hostname field 2 Type a TCP Port for this connection in the TCP Port field DRAC 5 only TCP Port is not required for DRAC 4 3 Enter authentication information To use a service account for authentication select the Use Service Account Credentials checkbox Select the service account to use in the Service Account Name menu or Enter a Username and Password for authentication Type a description of this interface in the Description field Optional Click OK to save your changes Interfaces for ILO Processor Integrity ILO2 and RSA Power Control Connections gt To add an interface for ILO Processor Integrity ILO2 and RSA power control connections 1 Type the IP Address or Hostname for this interface in the IP Address Hostname field 2 Enter authentication information To use a service account for authentication select the Use Service Account Credentials checkbox Select the service account to use in the Service Account Name menu or Enter a Username and Password for authentication Type a description of this interface in the Description field Optional Click OK to save your changes Raritan es Chapter 8 Nodes Node Groups and Interfaces
471. ur license server You can download the FlexNet Publisher License Administration Guide for FlexNet Publisher Licensing Toolkit 11 8 from www flexera com under Support gt Documentation Center License Server Communication The connection between the CC SG virtual appliance and the license server must be maintained CC SG uses this connection to make sure the license server is up to determine which license files are available and when checking in and checking out licenses Access to Licenses All licenses that are checked out must be available on the license server at all times If a license file is moved or deleted from the license server CC SG will not be able to verify the license when it polls the license server If a license that is checked out cannot be found on the license server CC SG terminates access To prevent loss of access always check in a license before moving or deleting it from the license server License Server Outages If CC SG cannot connect with the license server your licenses will remain valid for a grace period of 7 days Each time you login to CC SG a message displays to remind you of the last day that access will be allowed unless the connection with the license server resumes If the 7 day grace period ends without restoring the connection to the license server your checked out licenses will be checked in CC SG terminates access You will be able to access limited options in CC SG See Licensing
472. ure Gateway Virtual Appliance OVF file Raritan vendor daemon file Flexera FlexNet Publisher license server Raritan i 18 Chapter 3 Getting Started Download Installation Files The complete set of installation files is available at http www raritan com support CommandCenter Secure Gateway You must log in to the Raritan Licensing Portal to access these files at this link See Get Your License on page 19 If you prefer not to download the OVF file due to its size the OVF file is also shipped to customers on the product DVD The DVD does not include the Flexera or vendor daemon files so you must download them from the website The installation files are packaged in two ZIP files The lt release number gt part of the filename will contain the actual CC SG release number The vecsg_rel_ lt release number gt _ovf ZIP file contains e OVF file used to deploy the virtual appliance The flexserver 11 8 raritan ZIP file contains e Raritan vendor daemons for Linux and Windows e Flexera FlexNet Publisher license server tool kit for Linux and Windows Install License Server Software on a Linux or Windows Server CommandCenter Secure Gateway virtual appliance requires the Flexera FlexNet Publisher license server software to be installed on a physical server See Requirements for supported servers Linux Server 1 Log in to the Linux server Add a user called flex to the system Log in a
473. ured gt Possible exceptions to the required open ports Port 80 can be closed if all access to the CC SG is via HTTPS addresses Ports 5000 and 51000 can be closed if CC SG Proxy mode is used for connections from the firewall CC SG Communication Channels Each communication channel is documented For each communication channel the table includes e The symbolic IP Addresses used by the communicating parties These addresses must be allowed over any communication path between the entities e The Direction in which the communication is initiated This may be important for your particular site policies For a given CC SG role the path between the corresponding communicating parties must be available and for any alternate re route paths that might be used in the case of a network outage e The Port Number and Protocol used by CC SG e Whether the port is Configurable which means the Admin Client or Diagnostic Console provides a field where you can change the port number to a different value from the default listed if there are conflicts with other applications on the network or for security reasons e Details about the method of communication the message that is passed via the communication channel or its encryption Raritan Communication Direction Appendix B CC SG and Network Configuration CC SG and Raritan Devices A main role of CC SG is to manage and control Raritan devices such as Dominion KX II Ty
474. ustom View for Devices To assign a default custom view for devices Click the Devices tab Choose Devices gt Change View gt Create Custom View The Custom View screen appears Click the Name drop down arrow and select a custom view from the list In the Custom View panel click Set as Default The next time you login the selected custom view will be used by default Assign a Default Custom View of Devices for All Users If you have the Device Port and Node Management privilege you can assign a default custom view for all users on gt yv 4 To assign a default custom view of devices for all users Click the Devices tab Choose Devices gt Change View gt Create Custom View Click the Name drop down arrow and select the custom view you want assign as a system wide default view Select the System Wide checkbox and then click Save All users who log into CC SG will see the Devices tab sorted according to the selected custom view Users can change the custom view Z Raritan Chapter 12 Remote Authentication In This Chapter Authentication and Authorization AA Overview s s s 187 Distinguished Names for LDAP and AD cceeeeeeeeeeeeeeeeeeteeeeeeeeeees 188 Specifying Modules for Authentication and Authorization 006 189 Establishing Order of External AA Servers ccceeceeeeteeessteeeeteeeeees 190 AD andi CG SG OVGrVIOW niipidi niigi aaaea 190 Adding an AD Module to CC SG
475. ute where ADD is the command e Column names are not supported You can add comment lines above the rows of data as long as each line begins with the symbol e To use the default value for a field type in the value or leave the field blank e See Naming Conventions on page 389 for details on CC SG s rules for name lengths e If you create the CSV file in a text editor rather than a spreadsheet program you must use commas and double quotes differently A value that contains a comma or double quote must be completely wrapped with double quotes Each double quote character within the value must also be preceded by another double quote character For example Value with Special Character Formatted for CSV File DeviceA B DeviceA B Device A Device A 369 370 Appendix E CSV File Imports Audit Trail Entries for Importing Each item imported into CC SG is logged in the Audit Trail Skipped duplicates are not logged in the Audit Trail The Audit Trail includes an entry for the following actions under the Message Type Configuration e Import of CSV file started e Import of CSV file completed including number of records successfully added number of records failed and number of duplicate records ignored The Audit Trail includes an entry for each change that occurs when a record is imported These entries are logged between the entries for Import started and Import completed They are logged under a diffe
476. vanced Settings on page 192 AD Group Settings on page 193 and AD Trust Settings on page 194 5 If you change the connection information click Test Connection to test the connection to the AD server using the given parameters You should receive a confirmation of a successful connection If you do not see a confirmation review the settings carefully for errors and try again Click OK to save your changes You must synchronize the AD user groups you changed or you can synchronize all AD modules to synchronize all groups and users in all modules See Synchronize All User Groups with AD on page 198 and Synchronize All AD Modules on page 199 Importing AD User Groups Raritan You must specify Group settings in the AD module before you can import groups from the AD server See AD Group Settings on page 193 After making a change to imported groups or users you must synchronize the AD user groups you changed so that the imported groups are mapped to the appropriate groups on AD and synchronize all AD modules to synchronize all groups and users in all modules See Synchronize All User Groups with AD on page 198 and Synchronize All AD Modules on page 199 You can import nested groups from AD Note Make sure that you have configured the CC SG DNS and Domain Suffix in Configuration Manager before attempting to import AD user groups See Advanced Administration on page 237 gt To import AD user groups 1
477. ve it a description e Select the privileges the user group will have e Select the interface types the user group can use to access nodes e Select policies that specify which nodes the user group can access gt To add a user group 1 Choose Users gt User Group Manager gt Add User Group The Add User Group screen appears 2 Type a name for the user group in the User Group Name field User Group names must be unique See Naming Conventions on page 389 for details on CC SG s rules for name lengths 3 Type a short description for the group in the Description field Optional 4 To seta maximum number of KVM sessions per user in this user group when accessing devices that have this feature enabled select the Limit Number of KVM Sessions per Device checkbox and select the number of sessions allowed in the Max KVM Sessions 1 8 field Optional See Limit the Number of KVM Sessions per User on page 162 for details Click the Privileges tab Select the checkbox that corresponds with each privilege you want to assign to the user group 7 Below the privileges table is the Node Access area with privileges for three kinds of node access Node Out of Band Access Node In Band Access and Node Power Control Select the checkbox that corresponds to each type of node access you want to assign to the user group 8 Click the Device Node Policies tab A table of policies appears 159 Chapter 9 Users and User Groups The Al
478. ver to obtain a signed certificate Download or export the root certificate from the Certificate Server and save it to a file with a cer extension This is a different certificate from the signed certificate that will be issued by the Certificate Server in the next step Click Browse next to CA file and select the root certificate file Once you receive the signed certificate from the Certificate Server select Import pasted certificate and private key Copy the text of the signed certificate and then press Ctrl V to paste it into the Certificate box Copy the text of the Private Key previously saved as a txt file and then press Ctrl V to paste it into the Private Key box Raritan Chapter 15 Advanced Administration 14 Type raritan in the Password field if the CSR was generated by CC SG If a different application generated the CSR use the password for that application Note If the imported certificate is signed by a root and subroot CA certificate authority using only a root or subroot certificate will fail To resolve this copy and paste both root and subroot certificate into one file and then import it gt T o N Raritan To generate self signed certificate request Choose Administration gt Security Click the Certificate tab Select Generate Self Signed Certificate and then click Generate The Generate Self Signed Certificate window opens Type the requested data into the fie
479. verv1l 8 i86 lsb 2 Run 1mgrd to start the server In the sample commands license file lic is the file name of the LIC file If you have more than 1 license file you must specify each file name in the command separating the file names by a colon See examples Imgrd c license file lic lmgrd c license filel lic license file2 lic Windows Server 1 Launch the Windows cmd exe shell 21 22 Chapter 3 Getting Started Enter this command to change to the directory cd c flexnet win i86 n3 Run 1lmgrd to start the server In the sample commands license file lic is the file name of the LIC file If you have more than 1 license file you must specify each file name in the command separating the file names by a semicolon See examples lmgrd z c license file lic lmgrd z c license filel lic license file2 lic Install CommandCenter Secure Gateway on VMware ESX Server 4 0 1 10 11 12 13 Connect to the ESX 4 0 from your client computer using vSphere 4 0 Log in as a user that has permission to create start and stop virtual machines Choose File gt Deploy OVF Template Select Deploy From File then click Browse to go to the directory where you unzipped the files Select the OVF file Click Next Details about the virtual machine that will be created display You can change the default name of the virtual machine Click Next Select the inventory location Click Next Select t
480. vice Port and Node Management or Device Configuration and Upgrade Management Device Port and Node Management Device Port and Node Management Device Port and Node Management Device Port and Node Management Device Port and Node Management Device Port and Node Management CC Setup and Control or User Management CC Setup and Control or Device Configuration and Upgrade Management CC Setup and Control This menu is available only for users with one of the following privilege s CC Setup and Control Combination of Device Port and Node Management User Management and User Security Management Guided Setup Message of the Day Setup Applications Raritan All of the following Device Port and Node Management User Management and User Security Management CC Setup and Control CC Setup and Control 363 364 Appendix C User Group Privileges Menu gt Menu Item Sub menu Firmware Configuration Cluster Configuration Neighborhood Security Notifications Tasks Compatibility Matrix gt Import Import Categories Import Users Import Nodes Import Devices Import Powerstrips gt Export Export Categories Export Users Required Privilege Description CC Setup and Control or Device Configuration and Upgrade Management CC Setup and Control CC Setup and Control CC Setup and Control CC Setup and Control CC Setup and Control CC Setup and C
481. vice Associations Z Raritan Raritan Chapter 6 Devices Device Groups and Ports The Device Profile includes tabs that contain information about the device gt Associations tab The Associations tab contains all categories and elements assigned to the node You can change the associations by making different selections See Associations Categories and Elements on page 41 gt Location amp Contacts tab The Location amp Contacts tab contains information about a device s location and contact information such as phone numbers that you may need when working on a device You can change the information in the fields by typing in new information See Adding Location and Contacts to a Device Profile on page 59 gt Notes tab The Notes tab contains a tool that enables users to leave notes about a device for other users to read All notes display in the tab with the date username and IP address of the user who added the note If you have the Device Port and Node Management privilege you can clear all notes from the node profile by clicking Clear See Adding Notes to a Device Profile on page 58 gt Blades tab Blade chassis nodes such as IBM BladeCenter include the Blades tab The Blades tab contains information about the blade servers residing in the blade chassis In addition to viewing the blade information you can configure the unconfigured blade servers by selecting the che
482. vice must be added to CC SG or Select Dominion PX if this power control interface uses a PX device on the IP network that is not connected to another Raritan device 2 Managing Port select the port on the Raritan device to which the Power Strip is connected This field is disabled when you select PX as the Managing Device Raritan 5 6 Chapter 8 Nodes Node Groups and Interfaces Power Strip Name select the Power Strip or PX device that provides power to the node The power strip or PX device must be configured in CC SG before it appears in this list Outlet Name select the name of the outlet the node is plugged into Optional Type a description of this interface in the Description field Click OK to save your changes Note A Managed Power Strip interface can be added to a blade chassis node but not to a blade server node Interfaces for IPMI Power Control Connections 6 7 To add an interface for IPMI power control connections Type the IP Address or Hostname for this interface in the IP Address Hostname field Type a UDP Port number for this interface in the UDP Port field Authentication select an authentication scheme for connecting to this interface Type a check interval for this interface in the Check Interval seconds field Enter authentication information To use a service account for authentication select the Use Service Account Credentials checkbox Select the service a
483. w See Configuring Custom JRE Settings on page 254 Thick Client Access The CC SG thick client allows you to connect to CC SG by launching a Java Web Start application instead of running an applet through a web browser The thick client can be faster than a browser The minimum Java version required for running the thick client is 1 6 0 10 Install the Thick Client gt To download the thick client from CC SG Note If you are using JRE version 1 6 0_20 ensure that Keep temporary files on my computer is selected in the Temporary Internet Files tab in the Java Control panel Without this setting the thick client cannot launch and displays the following message Unable to launch application 1 Launch a web browser and type this URL http s lt IP_address gt install where lt IP_address gt is the IP address of the CC SG If asecurity warning message appears click Start to continue the download 2 When the download is complete a new window in which you can specify the CC SG IP address opens 3 Type the IP address of the CC SG unit you want to access in the IP to Connect field Once you have connected this address will be available from the IP to Connect drop down list The IP addresses are stored in a properties file that is saved to your desktop Raritan Raritan Chapter 2 Accessing CC SG If the CC SG is configured for secure browser connections you must select the Secure Socket Layer SSL
484. w and then select which days of the week this policy covers All everyday Weekday Monday through Friday only and Weekend Saturday and Sunday only or Custom select specific days Select Custom to select your own set of days The individual day checkboxes will become enabled 177 Chapter 10 Policies for Access Control 9 Select the checkbox that corresponds to each day you want this policy to cover 10 In the Start Time field type the time of day this policy goes into effect The time must be in 24 Hour format 11 Inthe End Time field type the time of day this policy ends The time must be in 24 Hour format n the Device Node Access Permission field Select Control to define this policy to allow access to the selected node or device group for the designated times and days Select Deny to define this policy to deny access to the selected node or device group for the designated times and days 12 If you selected Control in the Device Node Access Permission field the Virtual Media Permission section will become enabled In the Virtual Media Permission field select an option to allow or deny access to virtual media available in the selected node or device groups for the designated times and days Read Write allows both read and write permission to virtual media Read only allows only read permission to virtual media Deny denies all access to virtual media 13 Click Update to save your changes 14
485. ware after adding it to CC SG See Upgrading a Device on page 82 Add a PowerStrip Device The process of adding a PowerStrip Device to CC SG varies based on which Raritan device the powerstrip is connected to physically See Managed PowersSirips on page 93 To add a Dominion PX that is not connected to another Raritan device see Add a Dominion PX Device on page 56 Add a Dominion PX Device Dominion PX devices are powerstrips that are connected only to your IP network A Dominion PX device is not managed by another Raritan device If you want to add a powerstrip that is managed by another Raritan device there is a different procedure See Managed PowerStrips on page 93 1 Type a name for the device in the Device Name field See Naming Conventions on page 389 for details on CC SG s rules for name lengths 2 Type the IP Address or Hostname of the device in the IP Address Hostname field See Terminology Acronyms on page 2 for hostname rules 3 Type the name used to log into this device in the Username field The user must have administrative access 4 Type the password needed to access this device in the Password field The user must have administrative access Warning CC SG will lose connectivity with the Dominion PX device if the username or password changes If you change the password on the PX you must modify the password for the PX device in CC SG See Editing a Device on page 57 5 Type a short
486. wer CC SG is a network management device for aggregating and integrating multiple servers and network equipment typically deployed in a data center and which are connected to a Raritan IP enabled product Why would need CC SG As you deploy more and more data center servers and devices their management becomes exponentially complex CC SG allows a systems administrator or manager to access and manage all servers equipment and users from a single device Which Raritan products does See the Compatibility Matrix on the Raritan website CC SG support in the Support section under Firmware and Documentation How does CC SG integrate CC SG uses a unique and proprietary search and with other Raritan Products discovery technology that identifies and connects to selected Raritan devices with known network addresses Once CC SG is connected and configured the devices connected to CC SG are transparent and operation and administration is extremely simple Is the status of CC SG limited No Because CC SG software resides on a by the status of the devices dedicated server even if a device being proxied by which it proxies Raritan the CC SG is turned off you will still be able to 380 Question Can upgrade to newer versions of CC SG software as they become available How many nodes and or Dominion units and or IP Reach units can be connected to CC SG What do do if am unable to add a console serial
487. wer Control Configure Blades Ping Node Bookmark Node Interface gt Node Sorting Options gt By Node Name gt By Node Status gt Chat gt Start Chat Session gt Show Chat Session gt End Chat Session gt Create Custom View gt Change View Raritan Appendix C User Group Privileges Required Privilege Description Power Control Device Port and Node Management Device Port and Node Management Node In band Access or Node Out of band Access Any of the following Device Port and Node Management or Node In band Access or Node Out of band Access or Power Control Any of the following Device Port and Node Management or Node In band Access or Node Out of band Access or Node Power Control Node In Band Access or Node Out of Band Access or Node Power Control Node In Band Access or Node Out of Band Access or Node Power Control Node In Band Access or Node Out of Band Access or Node Power Control Any of the following Device Port and Node Management or Node In Band Access or 361 362 Appendix C User Group Privileges Menu gt Menu Item Sub menu gt Tree View Associations privilege gt Association gt Device Groups gt Node Groups gt Policies Reports Required Privilege Description Node Out of Band Access or Node Power Control Any of the following Device Port and Node Management or Node In band Access or Node Out
488. werStrip Devices that are connected to other Raritan devices to CC SG see Managed Powerstrips on page 93 gt To add a device to CC SG 1 Choose Devices gt Device Manager gt Add Device 2 Click the Device Type drop down arrow and then select the type of device you are adding from the list Depending on the device type you select you will see a slightly different Add Device page e For instructions on adding KVM or serial devices see Add a KVM or Serial Device on page 54 e For instructions on adding Powerstrip devices see Add a PowerStrip Device on page 56 e For instructions on adding Dominion PX devices see Add a Dominion PX Device on page 56 Add a KVM or Serial Device KVM and serial devices may support 256 bit AES encryption which CC SG also supports as of release 4 1 If the device is set to the default encryption mode auto negotiate the device will negotiate with CC SG to select an appropriate encryption level to function with CC SG 1 Type a name for the device in the Device name field See Naming Conventions on page 389 for details on CC SG s rules for name lengths 2 Type the IP Address or Hostname of the device in the Device IP or Hostname field See Terminology Acronyms on page 2 for hostname rules 3 Type the number of the TCP communication port used to communicate with the device in the Discovery Port field The maximum is five numeric characters from 1 to 65535 The default port n
489. wise a message appears and return you to the Add Member dialog Then make changes in the dialog as needed Select the Active checkbox next to each new CC SG unit To change any CC SG s Secure Gateway Name click the name type a new one and press Enter The default is a short CC SG hostname Optional Click Send Update to save the changes and distribute the latest Neighborhood information to the other members Manage the Neighborhood Configuration You can deactivate or rename any CC SG units in the Neighborhood configuration Deactivating a CC SG unit causes it to become unavailable in the Neighborhood members list in the Access Client Or you can refresh all members data such as the firmware version or unit status in the Neighborhood configuration gt To deactivate or rename the CC SG units in the Neighborhood or retrieve the latest data Choose Administration gt Neighborhood Click the column header to sort the table by that attribute in ascending order Click the header again to sort the table in descending order Optional Manage the members now Raritan Chapter 15 Advanced Administration To deactivate a CC SG unit deselect the Active checkbox next to the unit To change a Secure Gateway Name click the name type a new one and press Enter The name must be unique To retrieve all CC SG units latest data click Refresh Member Data To always terminate users existing connection session
490. with which the application will function from the Available list then click Add to add them to the Selected list To remove devices from use with the application select the device in the Selected list then click Remove 239 Chapter 15 Advanced Administration Click OK An Open dialog appears Navigate to and select the application file usually a jar or cab file and then click Open 7 The selected application loads onto CC SG Delete an Application gt To delete an application 1 Choose Administration gt Applications Select an application from the Application Name drop down menu Click Delete A confirmation dialog appears e 0O N Click Yes to delete the application Prerequisites for Using AKC In order to use AKC e Ensure the cookies from the IP address of the device that is being accessed are not currently being blocked e Windows Vista Windows 7 and Windows 2008 server users should ensure that the IP address of the device being accessed is included in their browser s Trusted Sites Zone and that Protected Mode is not on when accessing the device Enable AKC Download Server Certificate Validation If the device or CC SG administrator has enabled the Enable AKC Download Server Certificate Validation option e Administrators must upload a valid certificate to the device or generate a self signed certificate on the device The certificate must have a valid host designation e Each user must
491. xpression Category Select an attribute that will be evaluated in the rule All categories you created in the Association Manager will be available here Also included are Node Name and Interface If any blade chassis has been configured in the system a Blade Chassis category is available by default Operator Select a comparison operation to be performed between the Category and Element items Three operators are available is equal to LIKE used for find the Element in a name and lt gt is not equal to Element Select a value for the Category attribute to be compared against Only elements associated with the selected category will appear here for example if evaluating a Department category Location elements will not appear here Rule Name This is a name assigned to the rule in this row You cannot edit these values Use these values for writing descriptions in the Short Expression field Z Raritan Z Raritan Chapter 8 Nodes Node Groups and Interfaces An example rule might be Department Engineering meaning it describes all nodes that the category Department set to Engineering This is exactly what happens when you configure the associations during an Add Node operation If you want to add another rule click the Add New Row icon again and make the necessary configurations Configuring multiple rules will allow more precise descriptions by providing multiple criteri
492. y upgrade these devices Click the Notification tab Specify email addresses to which a notification should be sent upon task success or failure By default the email address of the user currently logged in is available User email addresses configured in the User Profile To add another email address click Add type the email address in the window that opens and then click OK By default email is sent if the task is successful To notify recipients of failed tasks select On Failure Click OK to save your changes Schedule a Device Firmware Upgrade You can schedule a task to upgrade multiple devices of the same type such as KX or SX within a device group Once the task begins an Upgrade Device Firmware report is available in the Reports gt Scheduled Reports menu to view the upgrade status in real time This report is also emailed if you specify the option in the Notification tab See the Raritan User Guide for each device for estimated upgrade times gt 1 To schedule a Device Firmware Upgrade Choose Administration gt Tasks Click New In the Main tab type a name and description for the task The Name you choose will be used to identify the task and the report associated with the task Click the Task Data tab Specify the device upgrade details a Task Operation Select Upgrade Device Firmware b Device Group Select the device group that contains the devices you want to upgrade c Device Type Select
493. ys Reminder 301 Node and Interface Icons 105 Node Asset Report 136 216 218 Node Creation Report 217 Node Group Data Report 218 Node Groups Overview 150 Node Information 389 398 Node Names 102 Node Profile 103 Nodes and Interfaces Overview 101 Nodes Created by Configuring Ports 60 61 110 Nodes CSV File Requirements 139 Nodes Tab 102 Nodes Node Groups and Interfaces 47 101 Notification Manager 277 279 O Older Version of Application Opens After Upgrading 32 239 OpenLDAP eDirectory Configuration Settings e 204 P Paragon II System Controller P2 SC 91 Pause and Resume Management of Devices Using a Scheduled Task xvii 89 280 Pausing CC SG s Management of a Device 88 280 PC Clients to CC SG 352 PC Clients to Nodes 353 Perform Disk or RAID Tests 328 Performance FAQs 384 Ping an IP Address 308 Pinging a Node 124 Pinging the Device 88 Policies for Access Control 38 42 71 156 160 175 Port Information 391 Port Sorting Options 49 Portal 263 271 Power Control of Power IQ IT Devices 93 94 147 337 343 Power IQ Integration 337 Power IQ Synchronization Policies 341 342 Power Off CC SG System from Diagnostic Console 235 317 Powering Down CC SG 235 Prerequisites 1 Prerequisites for Using AKC e 128 240 Primary Node Upgrade Failure xvii 232 233 Print a Report 209 Purge a
Download Pdf Manuals
Related Search