Raritan ComputerメーカーHome Security Systemの使用説明書/サービス説明書
ページ先へ移動 of 384
Copyright © 2010 Raritan, Inc. CCA-0K-v4.3-E December 2009 255-80-5140-00 CommandCenter Secure Gateway Administrators Guide Release 4.3.
This document contains propri etary information that is protected by copyright. All right s reserved. No part of this document may be photocopied, rep rod uced, or translated into another language without express prior written con sent of Raritan, Inc.
iii Contents What's New in the CC-SG Administrators Guide xvi Chapter 1 Introduction 1 Prerequisi tes .................................................................................................................................. 1 Terminology/ Acronyms .
Contents iv How to Create Associations .............................................................................................. 22 Adding, Editing, and Deleti ng Categories and Elements ...........................................................
Contents v Delete a Devi ce Group ...................................................................................................... 54 Adding Devices with CSV File Import ...........................................................................
Contents vi About Inte rfaces................................................................................................................. 78 Viewing Nodes ...........................................................................................
Contents vii Chapter 9 Users and User Groups 129 The Users Tab .................................................................................................................. ......... 130 Default User Groups .......................................
Contents viii Using Custom Views in the Admi n Client .................................................................................. 155 Custom Views for Nodes .......................................................................................
Contents ix Navigate Multiple Page Re ports ...................................................................................... 181 Print a Report......................................................................................................
Contents x Chapter 15 Advanced Administration 206 Configuring a Mess age of t he Day ............................................................................................ 206 Configuring Applications for Access ing Nodes .......................
Contents xi Security Manager ............................................................................................................... ........ 234 Remote Aut hentication ..........................................................................
Contents xii Edit Network Interfaces Confi guration (Network Interfaces ) ........................................... 275 Ping an IP Address .......................................................................................................... 276 Use Traceroute .
Contents xiii CC-SG and Client for IPM I, iLO/RILOE, DRAC, RSA ..................................................... 318 CC-SG an d SNMP ........................................................................................................... 318 CC-SG Intern al Ports .
Contents xiv Appendix C User Group Privileges 321 Appendix D SNMP Traps 330 Appendix E CSV File Imports 332 Common CSV File Requirem ent s .............................................................................................. 333 Audit Trail Entrie s for Importing .
Contents xv Node Info rmation ............................................................................................................... ........ 353 Location Info rmation ..........................................................................
xvi The following sections have cha nged or information has be en added to the CommandCenter Se cu re Gateway Administrators Guide b ased on enhancements and change s to the equip ment and/or documentation.
What's New in the CC-SG Administrators Guide xvii • Configuring Power Control of Power IQ IT Devices (on page 306) • CC-SG Clustering (on page 315) See the Rel ease Notes for a more detail ed explanation of the changes applied to this version of the CommandCenter Secure Gateway.
.
1 The CommandCenter Secure Gate way (CC-SG) Administrators Guide offers instructions fo r admi nistering and maintaining your CC-SG. This guide is intended for administrato rs who typically have all available privileges. Users who are not administr ators should see Raritan's Command Center Secure Gateway User Guide .
Chapter 1: Introduction 2 Terminology/Acronyms Terms and acronyms found in this docu ment include: Access Client - HTML-ba se d client inten ded for u se by normal access users who need to acce ss a node managed by CC-SG. The Access Client does not allow the use of administration functions.
Chapter 1: Introduction 3 Ghosted Ports - when managing Pa ragon devices, a ghosted port can occur when a CIM or target serve r is removed from the system or powered off (manually or accidentally ). See Rari tan's Paragon II Use r Guide. Hostname - can be used if DNS serv e r support is enabled.
Chapter 1: Introduction 4 Node Groups - a defined group of node s that are acce ssi ble to a user. Node groups are use d wh en creating a policy to control acce ss to the nodes in the group. Ports - connection points b etween a Raritan device and a node.
5 You can access CC-SG in several w ays: • Browser: CC-SG supports numerous we b browsers (for a complete list of supported browsers, see the Compatibility Matrix on the Raritan Support website). • Thick Client: You can install a Java We b Start thick client on your client computer.
Chapter 2: Accessing CC-SG 6 JRE Incompatibility If you do not have the minimum required version of JRE install ed on your client computer, you w ill see a warning message before you can access the CC-SG Admin Client. The JRE Incompatibility Warning window opens when CC-SG cannot find the requ ire d JRE file on your cli ent computer.
Chapter 2: Accessing CC-SG 7 5. To check the setting in CC-SG: Choo se Administration > Security. In the Encryption tab, look at the Br owser Connection Protocol option . If the HTTPS/SSL option is selected, then you must select the Secure Socket Layer SSL checkbox in the thick client's IP addres s specification window.
Chapter 2: Accessing CC-SG 8 CC-SG Admin Client Upon valid login, the CC-SG Admin Client appea rs..
Chapter 2: Accessing CC-SG 9 • Nodes tab: Click the Nod es tab to displa y all known target nodes in a tree view. Click a node to view the Nod e Profile. Interfaces are grouped under their paren t nodes. Click the + and - signs to expa n d or collapse the tree.
10 Upon the first login to CC-SG, you s hould confirm the IP address, set the CC-SG server time, and check the firmware and appli cation versi ons installed. You may need to upgrade the firmware and application s. Once you have completed your initial configuration s, proce ed to G uided Setup.
Chapter 3: Getting Started 11 Date - click the drop-down arrow to sele ct the Month, use the up and down arrows to select the Year, and then click the Day in the calendar area.
Chapter 3: Getting Started 12 2. Select an Application name from the list . Note the nu mber in the Version field. Some applications do not automatically show a ve rsi on number. To upgrade an application: If the application version is not current, you mu st upgrade the application.
13 Guided Setup offers a simple way to complete initial CC-SG configuration tasks once the netwo rk configuration is complete. The Guided Setup interface leads you through the proce ss of defining Ass.
Chapter 4: Configuring CC-SG with Guided Setup 14 Associations in Guided Setup Create Categories and E lements To create categories and elements in Guided Setu p: 1. In the Guided Setup window, click Associations, and then cli ck Create Categories in the left panel to open the Create Categorie s panel.
Chapter 4: Configuring CC-SG with Guided Setup 15 Discover and Add Devi ces The Discover Devices pan el open s when you click Continue at the end of the Associations task. You can al so cli ck Device Setup, and then click Discover Devices in the Guided Tasks tree view in the left panel to open the Discover Devices panel.
Chapter 4: Configuring CC-SG with Guided Setup 16 14. If you are manually adding a PowerS trip device, cli ck the Number of ports drop-down arro w and select the number of outlet s the PowerStrip contains.
Chapter 4: Configuring CC-SG with Guided Setup 17 3. There are two ways to add devices to a group, Select Devices an d Describe Dev ices. The Sele ct Devices tab allo ws y ou to select whi ch devices you want to assign to the group by selecting them from the list of available devices.
Chapter 4: Configuring CC-SG with Guided Setup 18 Select Nodes a. Click the Select Nodes tab in the Nod e G roup: New panel. b. In the Available list, select the node you want to add to the group, and then click Add to move the n ode into the Selected list.
Chapter 4: Configuring CC-SG with Guided Setup 19 Add User Groups and Users The Add User Group panel open s when you click Continue at the end of the Create Groups task. You can also cli ck User Management, and then click Add User Group in the Guided T asks tree vie w in the left panel to open the Add User Group panel.
Chapter 4: Configuring CC-SG with Guided Setup 20 13. Select the Login Enabled checkbox if you want the user to be able to log in to CC-SG. 14. Select the Remote Authentication checkbox only if you want the user to be authenticated by an outside server, such as TA CACS+, RADIUS, LDAP, or AD.
21 In This Chapter About Asso ciati ons .................................................................................. 21 Adding, Editing, and Deleti ng Categories and Elem ents ........................ 22 Adding Categories and Element s with CSV File Import .
Chapter 5: Associations, Categories, and Elements 22 Policies also use categ ories and elemen t s to control u ser access to servers. For example, the category /element pair Location/America can be used to create a Policy to control user access to servers in Ameri ca.
Chapter 5: Associations, Categories, and Elements 23 Select String if the value is read as text. Select Integer if the value is a number. 5. In the Applicable For field, select whethe r this catego ry applies to: Devices, Nodes, or Device and Nodes.
Chapter 5: Associations, Categories, and Elements 24 Categories and Elements CSV File Requirements The categories and element s CSV file defines the cate gories, their associated elements, their type, and wh ether they ap ply to devices, nodes or both.
Chapter 5: Associations, Categories, and Elements 25 Sample Categories and Elements CSV File ADD, CATEGORY, OS, String, Node ADD, CATEGORYELEMENT, OS, UNIX ADD, CATEGORYELEMENT, OS, WINDOWS ADD, CATEG.
Chapter 5: Associations, Categories, and Elements 26 Export Categories and Elements The export file contains co mments at th e top that descri be each item in the file. The comments can be used as i nstructions for creating a file for importing. To export categories and elements : 1.
27 To add Raritan PowerStrip Devices that are connected to other Raritan devices to CC-SG, see Managed PowerStrips (on page 69). Note: To conf igure iLO/RILOE devices, IPMI devices, Dell DRA C devices, IBM RSA devices, or other n on - Raritan devices, use the Add Node menu and add the se item s as an interface.
Chapter 6: Devices, Device Groups, and Ports 28 Viewing Devices The Devices Tab Click the Devices tab to display all devices under CC-SG manage ment. Each device's configure d p orts are nested under the device s they belong to. Devices with configured ports appe ar in the list with a + symbol.
Chapter 6: Devices, Device Groups, and Ports 29 Icon Meaning Serial port unavailable Ghosted port (See Raritan's Paragon II User Guide for details on Ghosting Mode.
Chapter 6: Devices, Device Groups, and Ports 30 Note: For blade servers without an integ rated KVM switch, such as HP BladeSystem servers, their parent devi ce is the virtual blade chassi s that CC-SG creates, not the KX2 device.
Chapter 6: Devices, Device Groups, and Ports 31 The Device Profile includes tabs that contain informati on about the device. Associations tab The Associations tab conta ins all catego ries and elements assi gned to the node. You can change the associ ations by making different selections.
Chapter 6: Devices, Device Groups, and Ports 32 2. Choose Devices > Device Mana ger > Topology View. The Topology View for the selected device appears.
Chapter 6: Devices, Device Groups, and Ports 33 Discovering Devices Discover Devices initiates a sear ch for a ll devices on your network. After discovering the devices, you may add them to CC-SG if they are not already managed. To discover devices: 1.
Chapter 6: Devices, Device Groups, and Ports 34 Adding a Device Devices must be added to CC-SG befo re you can configure ports or ad d interfaces that provide access to the nodes connecte d to ports. Th e Add Device screen is used to add dev ices whose properties you know and can provide to CC-SG.
Chapter 6: Devices, Device Groups, and Ports 35 6. Type the time (in seconds) that shoul d elapse before timeout between the new device and CC-SG in the Hea rtbeat timeout (sec) field.
Chapter 6: Devices, Device Groups, and Ports 36 14. If the firmware version of the devic e is not compatible with CC-SG, a message appears. Click Y es to add the device to CC-SG. You can upgrade the device firmware after ad din g it to CC-SG. See Upgrading a Device (on page 59).
Chapter 6: Devices, Device Groups, and Ports 37 If you do not see the Category or Element values you want to use, you can add others. See Associations, Categor ies, and Elements (on page 21).
Chapter 6: Devices, Device Groups, and Ports 38 Adding Notes to a Device Profile You can use the Notes tab to add notes about a devi ce for other users to read. All notes display in the tab with the date, username, and IP address of the user who added the n ote.
Chapter 6: Devices, Device Groups, and Ports 39 Deleting a Device You can delete a device to remove it from CC-SG ma nagement. Important: Deleting a device will remove all ports configured fo r that device. All interfaces asso ciate d with those ports w ill be removed from the nodes.
Chapter 6: Devices, Device Groups, and Ports 40 6. Click the Access Applicati on drop-down menu an d select the application you want to use when you conne ct to this port from the list. To allow CC-SG to automatica lly select the correct application based on your browser, select Auto-Dete ct.
Chapter 6: Devices, Device Groups, and Ports 41 Editing a Port You can edit ports to change vario us parameters, such as po rt name, access application, and serial port settings.
Chapter 6: Devices, Device Groups, and Ports 42 Deleting a Port Delete a port to remove the port ent ry from a Device. When a port is down, the information in the Port Pr ofile screen is read-only.
Chapter 6: Devices, Device Groups, and Ports 43 Blade Chassis w ithout an Integrated KVM Switch A blade chassis without an integrated KVM switch, such a s HP BladeSystem series, allows each bl ade server to connect to KX2 respectively via a CIM.
Chapter 6: Devices, Device Groups, and Ports 44 3. CC-SG automatically creates a virtual b lade chassis and adds the blade chassis icon in one tab. Note that a virtual blade cha ssis never appears as a node in the Nodes tab.
Chapter 6: Devices, Device Groups, and Ports 45 To configure slots using the Configure Blade s command: 1. In the Devices tab, click the + next to the KX2 device that is connected to the blade chassi s device. 2. Select the blade chassis de vice wh ose slots you want to configure.
Chapter 6: Devices, Device Groups, and Ports 46 Deleting Slots on a Blade Chassis Device You can delete unused bl ade servers or slots so they do not app ear in the Devices and Nodes tabs. To delete a slot from the Delete Ports screen: 1. In the Devices tab, click the + next to the KX2 device that is connected to the blade chassi s device.
Chapter 6: Devices, Device Groups, and Ports 47 Delete a Blade Chassis Dev ice You can delete a blade cha ssi s device connected to a KX2 device from CC-SG.
Chapter 6: Devices, Device Groups, and Ports 48 2. Change the blade port gro up for the se blade servers to a non-bla de port group. a. In CC-SG, choose Devices > Device Manage r > L aunch Admin. The KX2 Admin Client opens. b. Click Port Group Managem ent.
Chapter 6: Devices, Device Groups, and Ports 49 7. In the Location and Contacts t ab, select the chec kbox for the information you want to copy: Select the Copy Location Info rmation checkbox to copy the location information displayed in the Location se ction.
Chapter 6: Devices, Device Groups, and Ports 50 If the group was formed based on co mm on attributes, the Describe Device s tab will appear, showing the rul es that govern selection of the devices for the group.
Chapter 6: Devices, Device Groups, and Ports 51 3. Select the Create Full Access Polic y for Group checkbox to create a policy for this device group that allows access to all de vices in the group at all times with control permi ssion. 4. To add another device group, clic k Apply to save this gro up, then repeat these steps.
Chapter 6: Devices, Device Groups, and Ports 52 & - the AND operator. A node must sati sfy rules on both sides of this operator for the descript ion (o r that section of a de scriptio n) to be evaluated as true.
Chapter 6: Devices, Device Groups, and Ports 53 7. Click View Devices to see what nodes satisfy this expre ssion. A Devices in Device Group Results window opens, displaying the devices that will be grouped by the current expression. This can be used to check if the description was corre ctly written.
Chapter 6: Devices, Device Groups, and Ports 54 Delete a Device Group To delete a device group: 1. Choose Associations > Device Group s. The Device G roups Manager window opens. 2. Existing device groups appear in the left panel. Select the device group you want to delete.
Chapter 6: Devices, Device Groups, and Ports 55 Devices CSV File Requirements The devices CSV file defines the devices, ports, and their details required to add them to CC-SG. • For devices that support power strips connected to a port (SX, KX, KX2, KSX2), configuring the port w ill configure the power strip.
Chapter 6: Devices, Device Groups, and Ports 56 Column number Tag or value Details 9 TCP Port Default is configured in the Admin Client in Administration > Configuration > Device Settings tab. 10 Configure All Ports TRUE or FALSE Default is TRUE for Dominion PX devices.
Chapter 6: Devices, Device Groups, and Ports 57 Column number Tag or value Details Use " OUTLET " for configuring outlets on a PX device. 5 Port or Outlet Number Required field. 6 Port or Outlet Name Optional. If left blank, a default name or the name already assigned at the device level will be used.
Chapter 6: Devices, Device Groups, and Ports 58 Column number Tag or value Details 2 DEVICE- CATEGORYELEMENT Enter the tag as shown. Tags are not case sensitive. 3 Device Name Required field. 4 Category Name Required field. 5 Element Name Required field.
Chapter 6: Devices, Device Groups, and Ports 59 5. Check the Actions area to see the import results. Items that imported successfully show in green text. Ite ms that failed import show in red text. Items that failed import because a duplicate item already exists or was already imported al so sho w in red text.
Chapter 6: Devices, Device Groups, and Ports 60 5. A message appears. Click Yes to restart the device. A message appears when the device has been u pgraded. 6. To ensure that your browser lo ads all upgrade d files, close your browser window, and the n login to CC-SG in a new browser win do w.
Chapter 6: Devices, Device Groups, and Ports 61 Restoring Device Configurations The following device types allow you to restore a full backup of the device configuration. • KX • KSX • KX101 • SX • IP-Reach KX2, KSX2, and KX2-101 devices allow you to choose which components of a backup y ou want to restore to the device.
Chapter 6: Devices, Device Groups, and Ports 62 Restore All Configuration Data Except Ne t work Settings to a KX2, KSX2, or KX2-101 Devi ce The Protected restore option allows yo u to restore all config uration data in a backup file, except network setting s, to a KX2, KSX2, or KX2-101 device.
Chapter 6: Devices, Device Groups, and Ports 63 Restore All Configuration Data to a KX2, KSX2, or KX2-101 Dev ice The Full restore option allows you to restore all configuration data i n a backup file to a KX2, KSX2, or KX2-101 device. To restore all configuration data to a KX2, KSX2, or KX2-101 device: 1.
Chapter 6: Devices, Device Groups, and Ports 64 3. Click Upload. Navigate to and select the device backup file. The file type is .rfp. Click Open. The device backup file uploads to CC-S G and appears in the page. Copying Device Configuration The following device types allow you to copy configurat ions from o ne device to one or more other devices.
Chapter 6: Devices, Device Groups, and Ports 65 Restarting a Device Use the Restart Device fu nction to rest art a device. To restart a device 1. Click the Devices tab and select the devi ce you want to restart. 2. Choose Devices > Devic e Manager > Restart Device.
Chapter 6: Devices, Device Groups, and Ports 66 2. Choose Devices > Device Mana ger > Resume Manageme nt. The device icon in the Device Tree will i ndicate the device's active state.
Chapter 6: Devices, Device Groups, and Ports 67 Disconnecting Users Administrators can termina t e any user's session on a device. Thi s includes users who are performing any kind of operati on o.
Chapter 6: Devices, Device Groups, and Ports 68 IP-Reach and UST-IP Administration You can perform administrative diagno stics on IP-Reach and UST-IP devices connected to your Paragon Sy stem setup dire ctly from the CC- SG interface. After adding the Paragon Sy stem devic e to CC-SG, it appears in the Devices tree.
69 There are three ways to configure power control using powe rstrips in CC-SG. 1. All supported Raritan-brand powe r strip s can be connected to another Raritan device and added t o CC-SG as a Powerstrip device. Rarita n- brand powerstrips inclu de Dominion PX and RPC po we rstrips.
Chapter 7: Managed Powerstrips 70 Configuring Powerstrips that are Ma naged by Another Device in CC-SG In CC-SG, managed powerstri ps can be connected to one of the following devices: • Dominion KX • Dominion KX2 • Dominion KX2-101 • Dominion SX 3.
Chapter 7: Managed Powerstrips 71 Configuring PowerStrips Connected to KX, KX2, KX2-101, KSX2, and P2SC CC-SG automatically detects PowerS trips connected to KX, KX2, KX2- 101, KSX2, and P2SC devices. You can perform the following tasks in CC-SG to configure and manage Po werStrips connected to these devices.
Chapter 7: Managed Powerstrips 72 Delete a PowerStrip Connec ted to a KX, KX2, KX2-101, KSX2, or P2SC Device You cannot delete a PowerStrip connected to a KX, KX2, KX2-101, KSX2, or P2SC device from CC-SG. You must physically disconnect the PowerStrip from the device to delete the PowerStrip from CC-SG.
Chapter 7: Managed Powerstrips 73 10. For each Category listed, c lick the Element dro p-down menu and select the element you want to appl y to the device. Select the blank item in the Element field for each Category you do not want to use. See Associations, Categories, and Elements (on page 21).
Chapter 7: Managed Powerstrips 74 Configuring Powerstrips Connected to SX 3.1 You can perform the following ta sks in CC-SG to co nfigure and manage Powerstrips conne cted to SX 3.1 devices. • Add a Powerstrip Connected to an SX 3.1 Devic e (on page 74) • M ove an SX 3.
Chapter 7: Managed Powerstrips 75 Move an SX 3.1's Powerstrip to a Different Port When you physically move a Powers trip from one SX 3.1 device or port to another SX 3.1 device or port, you mu st delete the Powerst rip from the old SX 3.1 port and add it to the new SX 3.
Chapter 7: Managed Powerstrips 76 3. Choose Devices > Port M anag er > Configure Ports. To configure multiple outlets wi th the default names shown in the screen, select the checkbox for each outlet you want to configure, and then click OK to configure each outlet with the default name.
77 This section covers how to view, configure, and edit no des a nd their associated interfaces, and how to cre ate node groups. Connectin g to nodes is covered briefly. See Ra ritan's CommandCenter Secure Gateway User Guide for details on connecting to n odes.
Chapter 8: Nodes, Node Groups, and Interfaces 78 Node Names Node names must be u niq ue. CC-SG wi ll prompt you with options if you attempt to manually add a node with an existing node name. When CC- SG automatically adds nodes, a num bering system en su res that node names are unique.
Chapter 8: Nodes, Node Groups, and Interfaces 79 Node Profile Click a Node in the Nodes tab to open the Nod e Profil e page. The Node Profile page includes tabs that contain information ab out the node.
Chapter 8: Nodes, Node Groups, and Interfaces 80 Interfaces tab The Interfaces tab contains all the node's interfa ce s. You ca n add, edit, and delete interfaces on this tab, and select the default interface. Node s that support virtual media include an ad ditional colum n that shows whether virtual media is enabled or di sabled.
Chapter 8: Nodes, Node Groups, and Interfaces 81 Control system serve r nodes, such as VM wa re's Virtual Center, include the Control System Data tab. The Control System Data tab contains information from the control system se rver that is ref r eshed when the tab opens.
Chapter 8: Nodes, Node Groups, and Interfaces 82 Service Accounts Service Accounts Overv iew Service accounts are spe c ial login cr ed entials that you can assign to multiple interfaces. You can save time by assig ning a service account to a set of interfaces that often require a password cha nge.
Chapter 8: Nodes, Node Groups, and Interfaces 83 Add, Edit, and Delete Service Accounts To add a service account: 1. Choose Nodes > Servi ce A ccounts. The Service Accounts pa ge opens. 2. Click the Add Row icon to add a row to the table. 3. Enter a name for this service a c count in the Service Account Name field.
Chapter 8: Nodes, Node Groups, and Interfaces 84 2. Find the service account whose password you want to change. 3. Enter the new password in the Passwo rd field.
Chapter 8: Nodes, Node Groups, and Interfaces 85 Adding, Editing, and Deleting Nodes Add a Node To add a node to CC-SG: 1. Click the Nodes tab. 2. Choose Nodes > Add Nod e. 3. Type a name for the node in the Node Name field. All node names i n CC-SG must be unique.
Chapter 8: Nodes, Node Groups, and Interfaces 86 Nodes Created by Configuring Ports When you configure the ports of a device, a node is create d automatically for each port. An interface is also created for ea ch no de. When a node is automatically cre ated, it is given the same name as the port to which it is associated.
Chapter 8: Nodes, Node Groups, and Interfaces 87 Adding Location and Contacts to a Node Profile Enter details about the location of the node, and contact inform ation for the people who administer or use the node. To add location and contacts to a node profile: 1.
Chapter 8: Nodes, Node Groups, and Interfaces 88 Configuring the Virtual Infrastructure in CC-SG Terminology for Virtual Infrastructur e CC-SG uses the following terminol ogy for virtual infrastructure components. Term Definition Example Control System The Control System is the managing server.
Chapter 8: Nodes, Node Groups, and Interfaces 89 Virtual Nodes Overvie w You can configure your virtual infra stru cture for access in CC-SG. The Virtualization page offers two wi za rd tools, Add Control System wizard and Add Virtual Host wizard, that hel p you add contro l system s, virtual hosts, and their virtual machines p roperly.
Chapter 8: Nodes, Node Groups, and Interfaces 90 Enter a Username and Password for a uthentication. Maximum 64 characters eac h. 8. To allow users who access this control system to auto matically log into the VI Client interface, select the Enable Single Sign On For VI Client checkbox.
Chapter 8: Nodes, Node Groups, and Interfaces 91 Leave these fields blank if you p refer to add names and login credentials to each interface indivi dually. The interface will take the name of the node if the field is left blank. a. Enter names for interfac es.
Chapter 8: Nodes, Node Groups, and Interfaces 92 4. Click Add Virtual Host. 5. Hostname/IP Address: Enter the IP Addre ss o r hostname of the virtual host. Maximum 64 characters. 6. Connection Protocol: Specify HTTP or HTTPS commu nicatio ns between the virtual host and CC-SG.
Chapter 8: Nodes, Node Groups, and Interfaces 93 Use Ctrl+click or Shift+click to select multiple virtual machines that you want to add. In the Check/ Un check Select ed Rows sect ion, s elect the Virtual Machine checkbox.
Chapter 8: Nodes, Node Groups, and Interfaces 94 One node for each virtual host. Each virtual ho st node has a VI Client interface. Virtual host nodes are named with their IP addresses or host names.
Chapter 8: Nodes, Node Groups, and Interfaces 95 10. For each interface type, enter a name and login credentials. The name and login credentials will be shared by all the interfaces added to each virtual machine node and virtu al host node configured.
Chapter 8: Nodes, Node Groups, and Interfaces 96 Delete a Virtual Machine Node There are two ways to delete virtual machine nodes: • Use the Delete Node feature. See Delete a Node (on page 86). • De select the Configure checkbox for th e virtual machine.
Chapter 8: Nodes, Node Groups, and Interfaces 97 2. In the list of nodes, select the nodes you want to synchronize. Use Ctrl+click to select multiple items. 3. Click Synchronize. If the virtual infrastructure had ch an ged since the last synchronization, the information in CC-SG u pdates.
Chapter 8: Nodes, Node Groups, and Interfaces 98 3. Click Reboot or Force Reboot. Accessing the Virtual Topology View The Topology View is a tree stru ctur e that shows the relationships of the control system, virtual hosts, and virt ual machines associated with the selected nod e.
Chapter 8: Nodes, Node Groups, and Interfaces 99 Pinging a Node You can ping a node from CC-SG to make sure that the conne ctio n is active. To ping a node: 1. Click the Nodes tab, and then se lect the node you want to ping. 2. Choose Nodes > Ping Nod e.
Chapter 8: Nodes, Node Groups, and Interfaces 100 In-Band - VNC: Select this item to create a KVM connection to a node through VNC server software.
Chapter 8: Nodes, Node Groups, and Interfaces 101 See Web Browser Interface (on page 106). 3. A default name appears in the Name field dep endi ng on the type of interface you select. You can ch ang e the name. Thi s name appears next to the interface in the Nodes list.
Chapter 8: Nodes, Node Groups, and Interfaces 102 Microsoft RDP Connection Details • If using a Windows XP client, you must have Terminal Server Clien t 6.0 or higher to connect a Micr osoft RDP interface from CC-SG. Update the Terminal Server Cli ent to 6.
Chapter 8: Nodes, Node Groups, and Interfaces 103 Interfaces for DRAC Power Control Connections To add an interface for DRAC po wer control conn ections: 1. Type the IP Address or Hostname for this interfa ce in the IP Address/Host name field. 2. Type a TCP Port for this connection in the TCP Port field.
Chapter 8: Nodes, Node Groups, and Interfaces 104 RSA Interface Details When you create an In-Band RSA KVM or Power interfa ce, CC-S G discards the username and password a ssoci ated wit h the interface, and creates two user accounts on the RSA server.
Chapter 8: Nodes, Node Groups, and Interfaces 105 6. Click OK to save your changes. Note: A Managed Power Strip interfa ce can be added to a blade chassi s node, but not to a blade server node. Interfaces for IPMI Power Control Connections To add an interface for IPMI power control connections: 1.
Chapter 8: Nodes, Node Groups, and Interfaces 106 If the IT device has not been added to Power IQ yet, accept the default value for the external key or change it, but make sure to use the same value when addin g the IT device to Po wer IQ. You can quickly make a file of all node and in terface inform ation by exporting.
Chapter 8: Nodes, Node Groups, and Interfaces 107 http(s)://www.example.com/cgi/login http(s)://example.com/home.html 4. Enter authentication information: Option al. To use a service account for authentication, select the Use Service Account Credentials ch eckb ox.
Chapter 8: Nodes, Node Groups, and Interfaces 108 Example: Adding a Web Browser In terfac e to a PX Node A Dominion PX-managed powerstrip can be added to CC-SG as a node. Then you can add a Web Browser Interfa ce that enables users to access the Dominion PX's Web-based a dmini stration application to the node.
Chapter 8: Nodes, Node Groups, and Interfaces 109 Delete an Interface You can delete any interface fr om a nod e except for t hese: A VMW Viewer interface or a VMW Power interface on a virtual machine node.
Chapter 8: Nodes, Node Groups, and Interfaces 110 4. A default name for the bookmark appe ars in the Bookm ark Name field. You can change the name, which will appea r in your Favorites list in Internet Explorer. 5. Click OK. The Add Favorite window ope ns.
Chapter 8: Nodes, Node Groups, and Interfaces 111 6. In the Associations tab, select the Copy Node Asso ciations checkb ox to copy all categories and element s of the node.
Chapter 8: Nodes, Node Groups, and Interfaces 112 Adding Nodes with CSV File Import You can add nodes and interfa ces to CC -SG by importing a CSV file that contains the values. You must have the Device, Port, and Node Managem ent and CC S etup and Control privileges to import and export nodes.
Chapter 8: Nodes, Node Groups, and Interfaces 113 Nodes CSV File Requirements The nodes CSV file defines the nodes, interfa ce s, an d their detail s required to add them to CC-SG. • Node names must be uniq ue. If you enter du plicate node names, CC-SG adds a number in pare ntheses to the name to make it unique, and adds the node.
Chapter 8: Nodes, Node Groups, and Interfaces 114 Column number Tag or value Details 3 Node Name Enter the same value as entered for Raritan Port Name. 4 Raritan Device Name Required field. The device must already be added to CC-SG. 5 Port Number Required field.
Chapter 8: Nodes, Node Groups, and Interfaces 115 Column number Tag or value Details 9 Parity Valid for SX ports only. 10 Flow Control Valid for SX ports only. 11 Description Optional. To add an RDP interface to the CSV file: Column number in CSV file Tag or value Details 1 ADD The first column for all tags is the command ADD.
Chapter 8: Nodes, Node Groups, and Interfaces 116 To add an SSH or TELNET interface to the CSV file: Column number Tag or value Details 1 ADD The first column for all tags is the command ADD . 2 NODE-SSH-INTERFACE for SSH interfaces NODE-TELNET- INTERFACE for TELNET interfaces Enter the tag as shown.
Chapter 8: Nodes, Node Groups, and Interfaces 117 Column number Tag or value Details 8 Password Optional. Leave blank if specifying service accou nt. 9 Description Optional.
Chapter 8: Nodes, Node Groups, and Interfaces 118 Column number Tag or value Details account or a username and password. Leave blank if specifying service account. 8 Password You must enter either a service account or a username and password. Leave blank if specifying service account.
Chapter 8: Nodes, Node Groups, and Interfaces 119 To add an IPMI power control interface to the CSV file: Column number Tag or value Details 1 ADD The first column for all tags is the command ADD . 2 NODE-IPMI-INTERFACE Enter the tag as shown. Tags are not case sensitive.
Chapter 8: Nodes, Node Groups, and Interfaces 120 Column number Tag or value Details power strip is connected to. Required field for all powe r strip s except Dominion PX. 8 Managing Port The name of the port on the device that the power strip is connected to.
Chapter 8: Nodes, Node Groups, and Interfaces 121 To add a Power IQ Proxy power control interface tothe CSV file: See Power Control of Power IQ IT Devices (on page 305) for details about configu ring this interface type. Column number Tag or value Details 1 ADD The first column for all tags is the command ADD.
Chapter 8: Nodes, Node Groups, and Interfaces 122 To assign categories and elements to a node to the CSV file: Categories and elem ents must already be created in CC-SG. You can assign multiple element s of the same category to a node in the CSV file.
Chapter 8: Nodes, Node Groups, and Interfaces 123 If the file is not valid, an error message appears. Click OK and look at the Problems area of t he page for a descriptio n of the problems with the file. Click Save to File to save the problems list.
Chapter 8: Nodes, Node Groups, and Interfaces 124 Adding, Editing, and Deleting Node Groups Node Groups Overvi e w Node groups are used to organize nodes into a set. The node group will become the basis for a policy either allo wing or denying access to this particular set of nodes.
Chapter 8: Nodes, Node Groups, and Interfaces 125 2. Choose Groups > New. A template for a node g roup appears. 3. In the Group Name field, type a name for a node gro up you want to create. See Naming Conventions (on page 353) for details on CC- SG's rule s for name lengths.
Chapter 8: Nodes, Node Groups, and Interfaces 126 4. If you want to create a policy that allows access to the nodes in this group at any time, select the Create Full Access Policy for Group checkbox. 5. When you are done adding nodes to the group, cli ck OK to create the node group.
Chapter 8: Nodes, Node Groups, and Interfaces 127 4. If you want to add another rule, click the Add Ne w Ro w icon again, and make the necessary configu rations. Configuring multiple rules will allow more precise descriptions by providing multiple criteria for evaluating nodes.
Chapter 8: Nodes, Node Groups, and Interfaces 128 6. Click Validate when a description has be en written in the Short Expression field. If the description is formed incorrectly, a warnin g appears. If the description is formed correctly, a normalized form of the expression appears in the No rmali zed Expression field.
129 User accounts are created so that users can be assig ned a username and password to access CC-SG. A User Group defines a set of priv ileges for its membe rs. You cannot assign privileges to users them selves, only to user groups. All users must belong to at least one user gro up.
Chapter 9: Users and User Grou ps 130 The Users Tab Click the Users tab to display all user group s and users in CC-SG. Users are nested underneath the use r groups to which they belong. User groups with users assigne d to them appear in the list with a + symbol next to them.
Chapter 9: Users and User Grou ps 131 Default User Groups CC-SG is c onfigured with th ree default user groups: CC- Super User, System Administrators, and CC Users. CC Super-User Group The CC Super-User group has full administrative and access privileges.
Chapter 9: Users and User Grou ps 132 Adding, Editing, and Deleting User Groups Add a User Group Creating user groups first will help you organize users when the users are added. When a user group is create d, a set of pri vileges is assigned to the user group.
Chapter 9: Users and User Grou ps 133 The All Policies table lists all the polici es available on CC-SG. Each policy represents a rule allowing or denying access t o a group of nodes. See Policies for Access Control (on pag e 149) for details on poli cies and how they are created.
Chapter 9: Users and User Grou ps 134 7. Select the checkbox that corres ponds to each privilege you want to assign to the user group. Deselect a privilege to remove it from the group. 8. In the Node Access area, click the dro p-d own menu for each kind of interface you want this group to have access th rou gh and select Control.
Chapter 9: Users and User Grou ps 135 Limit the Number of KVM Sessions per User You can limit the number of KVM sessi ons allowed per user for se ssions with Dominion KXII, KSXII and KX ( KX1) devices. This prevents any single user from using all available cha nnels at once.
Chapter 9: Users and User Grou ps 136 2. Select the Require Users to Enter Access Information Whe n Connectin g to a Node chec kbox. 3. In the Message to Users field, enter a message that users will see when attempting to access a node. A def ault message is provided.
Chapter 9: Users and User Grou ps 137 Note: See Naming Conventions (on page 353) for details on CC- SG's rules for name lengths. If strong passwords are enabled, the pa sswo rd entered must conform to the established rules. The information ba r at the top of the screen will display m essag es to assist with the password requirements.
Chapter 9: Users and User Grou ps 138 3. Select the Remote Authentication on ly checkbox if you want the user to be authenticated by an external server such as TA CACS+, RADIUS, LDAP, or AD. If you are using remote authenticatio n, a password is not required and the Ne w Password and Retype New Password fields will be disabled.
Chapter 9: Users and User Grou ps 139 Assigning a User to a Group Use this command to assign an existin g use r to anot her group. Users assigned in this way will be added to the new group while still existing in any group they were previously assig ned to.
Chapter 9: Users and User Grou ps 140 Adding Users with CSV File Import You can add user information to CC -SG by importing a CSV file that contains the values.
Chapter 9: Users and User Grou ps 141 Column number Tag or value Details 6 Maximum number of KVM sessions allo wed per user Enter just the number, from 1-8 . Default is 2 . To assign permissions to a user group in the CSV file: Enter the value TRUE to assign a permissi on to the u ser group.
Chapter 9: Users and User Grou ps 142 Column number Tag or value Details Tags are not case sensitive. 3 User Group Name Required field. User Group names are case sensitive.
Chapter 9: Users and User Grou ps 143 Column number Tag or value Details Email address is used with system notifications. 8 Telephone Number Optional. 9 Login Enabled TRUE or FALSE Default is TRUE Enable login to allow the user to log in to CC-SG.
Chapter 9: Users and User Grou ps 144 Sample Users CSV File ADD, USERGROUP, Windows Ad ministrators, MS IT Team ADD, USERGROUP-PERMISSIONS, Windows Administrators, FALSE, TRUE, TRUE, TRUE, TRUE, TRUE,.
Chapter 9: Users and User Grou ps 145 Export Users The export file contains all use r s that ha ve a use r account created in CC- SG. This excludes AD-authori zed u sers, unless they also have a us er account created on CC-SG.
Chapter 9: Users and User Grou ps 146 Change your name You cannot change your user name. You can cha nge the first and last name associated with you r user name. To change your name: 1. Choose Secure Gateway > My Profile. 2. Type your first and last name in the Full Name field.
Chapter 9: Users and User Grou ps 147 Change the CC-SG Super User's Use rname You must be logged into CC-SG using the CC Super User a ccount to change the CC Super User 's u sername. The default CC Super User username is admin . 1. Choose Secure Gateway > My Profile.
Chapter 9: Users and User Grou ps 148 Bulk Copying Users You can use Bulk Copy for users to copy one user's use r group affiliations to another user or list of users. If the users receiving the affiliations have existing group affiliati ons, the existing affiliations will be removed.
149 Policies are rules that define which nod es and devices users can acce ss, when they can access them , and wh et her virtual-media permissions are enabled, where applicable.
Chapter 10: Policies for Access Control 150 Adding a Policy If you create a policy that denies access (Deny) to a node group o r device group, you also must create a policy that allows acce ss (Co ntrol) for the selected node grou p or device group. Users will not automatically receive Control rights when the Deny p olicy is not in effect.
Chapter 10: Policies for Access Control 151 13. In the Device/Node Access Permissi on field, select Co ntrol to define this policy to allow access to the sele cted node or device grou p for the designated times and days. Select Deny to define this poli cy to deny access to the selected node or dev ice group for the designate d times and days.
Chapter 10: Policies for Access Control 152 7. Click the Days drop-down arrow, and then sel ect which days of the week this policy covers: All (everyday ), Wee kday (Monday through Friday only) and Weekend (Saturday an d Sunday only), or Custom (select specific days).
Chapter 10: Policies for Access Control 153 Support for Virtual Media CC-SG provides remote virtual medi a support for nodes connected to virtual media-enabled KX2, KSX2, and KX2-101 devices.
154 Custom Views enable you to specify different ways to display the n odes and devices in the left panel, using Categories, Node Groups, and Device Groups. In This Chapter Types of Cust om Views .......................................................
Chapter 11: Custom Views for Devices and Nodes 155 Using Custom Views in the Admin Client Custom Views for Nodes Add a Custom View for Nodes To add a custom view for nodes: 1. Click the Nodes tab. 2. Choose Nodes > Change V iew > Create Custom View.
Chapter 11: Custom Views for Devices and Nodes 156 2. Click the Name drop-down arrow and select a custo m view from the list. 3. Click Apply View. or • Choose Nodes > Change V iew. All defined custom views are options in the pop-up menu. Choose the custom view you wa nt to apply.
Chapter 11: Custom Views for Devices and Nodes 157 2. Choose Nodes > Change V iew > Create Custom View. The Custom View screen appears. 3. Click the Name drop-down arrow, and sele ct a custom view from the list. Details of the items included and thei r order appear in the Custom View Details panel 4.
Chapter 11: Custom Views for Devices and Nodes 158 3. In the Custom View panel, click Add. The Add Custo m View window appears. 4. Type a name for the new custom view in the Custom View Name field. 5. In the Custom View Type section: Select Filter by Device Group to create a custo m view that displays only the device group s you sp ecify.
Chapter 11: Custom Views for Devices and Nodes 159 2. Choose Devices > Chan g e View > Create Custom View. The Custom View screen appears. 3. Click the Name drop-down arrow, and sele ct a custom view from the list. Details of the items included and thei r order appear in the Custom View Details panel.
Chapter 11: Custom Views for Devices and Nodes 160 Assign a Default Cu sto m View for Devices To assign a default custom v iew for devices: 1. Click the Devices tab. 2. Choose Devices > Chan g e View > Create Custom View. The Custom View screen appears.
161 In This Chapter Authentication and Authoriz ation (AA) Overview .................................. 161 Distinguished Name s for LD AP and AD ................................................ 162 Specifying Modules for Authent ication and Au thori zation .
Chapter 12: Remote Authentication 162 3. Username and password are eith er accepted or rejected and sent back. If authentication is rejected, this results in a failed login attempt.
Chapter 12: Remote Authentication 163 Specify a Username for AD When authenticating CC-SG user s on a n AD server by specifying cn=administrator,cn=users,dc=xyz,d c=com in userna me, if a CC-S G user is associated with an imported AD group, the user will be granted access with these credentials.
Chapter 12: Remote Authentication 164 2. Click the Authentication tab. A ll configured external Authori zation and Authentication Servers appear in a table. 3. Select a server from the list, and then click the u p and down arrows to prioritize the order of engage ment.
Chapter 12: Remote Authentication 165 AD General Settings In the General tab, you must add the information that allows CC-SG to query the AD server. Do not add duplicate AD modules. If your u sers see a message that says "You are not a member of any group" when attempting to login, you may have configured duplicate AD modul es.
Chapter 12: Remote Authentication 166 5. Type the password for the user ac count you want to use to query the AD server in the Password and C onfirm Password fields. Maximum length is 32 characters. 6. Click Test Connection to test t he conne ction to the AD server using the given parameters.
Chapter 12: Remote Authentication 167 Select the Use Bind checkbox if the user logging in from the applet has permissions to perfo rm search queries in the AD server.
Chapter 12: Remote Authentication 168 4. Click Next to proceed. The Trusts tab opens. AD Trust Settings In the Trusts tab, you can set up tr ust relationships between this new AD domain and any existing domains. A trust relation shi p allows resources to be accessible by authenticat ed users acros s domains.
Chapter 12: Remote Authentication 169 3. Select the AD module you want edit, and then click E dit. 4. Click each tab in the Edit Module wind ow to view th e configured settings.
Chapter 12: Remote Authentication 170 To search for user groups, type a search string in the Search for User Group field, and then click Go. Click a column header to sort the list of user groups by the information in that column. Click Select all to select all user groups for import.
Chapter 12: Remote Authentication 171 Synchronize All User Groups with AD You should synchronize all user groups if you have made a change to a user group, such as moving a user group from one AD mod ule to another.
Chapter 12: Remote Authentication 172 Synchronize All AD Mod ules You should synchroni ze all AD Modules whenever you change o r delete a user in AD, change user permi ssion s in AD, or make changes to a domain controller.
Chapter 12: Remote Authentication 173 To disable daily synchronization of all AD modules: 1. Choose Administration > Security. 2. Click the Authentication tab. All configured Authori zati on and Authentication Servers appear in a tabl e. 3. Deselect the Daily synchroniz ation of All Modules checkbox.
Chapter 12: Remote Authentication 174 LDAP General Settings 1. Click the General tab. 2. Type the IP address or hostname of the LDAP server in the IP Address/Hostname field. See Terminol ogy/Acronyms (on page 2) for ho stname rules. 3. Type the port value in the Port field.
Chapter 12: Remote Authentication 175 2. Select Base 64 if you want the password to be sent to the LDAP server with encryption. Select Plain Text if you want the password to be sent to the LDAP server as plain text. 3. Default Digest: select the def ault encryption of use r passwords.
Chapter 12: Remote Authentication 176 OpenLDAP (eDirectory ) Configuration Settings If using an OpenLDAP server for remote authenti cation, use this example: Parameter Name Open LDAP Parameters IP Add.
Chapter 12: Remote Authentication 177 About TACACS+ and CC-SG CC-SG users who are remotely aut henti cated by a TACACS+ server must be created on the TACACS + serv er and on CC-SG. The user name on the TACACS+ server a nd on CC-SG must be the same, although the passwords may be different.
Chapter 12: Remote Authentication 178 About RADIUS and CC-SG CC-SG users who are remotely authent icated by a RADIUS se rver must be created on the RADIUS server an d on CC-SG. The user name on the RADIUS server and on CC-SG must be the sam e, although the passwords may be different.
Chapter 12: Remote Authentication 179 Two-Factor Authenticati on Using RADIUS By using an RSA RADIUS Server that supports two-f acto r authentication in conjunction with an RSA Authentication Mana ger, CC-SG can make use of two-factor authentication sche me s with dynamic tokens.
180 In This Chapter Using R eports ........................................................................................ 180 Audit Tra il Report ................................................................................... 182 Error Log Report .
Chapter 13: Reports 181 View Report Details • Double-click a row to view details of the rep ort. • When a row is highlighted, press the Enter key to view details. All details of the selected report display in a dialog that appears, not just the details you can view in the repo rt screen.
Chapter 13: Reports 182 Purge a Report's Da ta Fr om CC-SG You can purge the data that appears in t he Audit Trail and Error Log reports. Purging these repo rts del etes all data that satisfy the search criteria used.
Chapter 13: Reports 183 3. You can limit the data that t he report will contain by entering additional parameters in the Message T y pe, Messag e, Username, and User IP address fields. Wildcards are accepted in these field s except for the Message Type field.
Chapter 13: Reports 184 Click Purge to delete the Error Log. See Purge a Report's Da ta from CC-SG (on page 182). Access Report Generate the Access report to view information ab out acce ssed devices and nodes, when they were accessed, and the u ser who accessed them.
Chapter 13: Reports 185 3. Click Apply. Active Users Report The Active Users report displays cu rren t users and user sessions. You can select active use rs from the report and disconne ct them from CC- SG. To generate the Active Users re port: • Choose Repo rts > Users > Active User s.
Chapter 13: Reports 186 The Password Expiration field displays the number of days that the user can use the same password be fore being forced to change it. See Add a User (on page 136). The Groups field displays the user grou ps to whi ch the user belongs.
Chapter 13: Reports 187 Device Group Data Report The Device Group Data report displays device group informatio n. To generate the Devi ce Group Data re port: 1. Choose Reports > Devices > Device G roup Data. 2. Double-click a row to displ ay the list of devices in the group.
Chapter 13: Reports 188 State Type Port State Definition been configured. 3. Select Ghosted Ports to include po rts that are ghosted. A ghosted port can occur when a CIM or target server is remove d from a Paragon system or powe red off (manually or accidentally).
Chapter 13: Reports 189 3. The URL column contains direct links to each nod e. You can use this information to create a web page with links to ea ch node, instead of bookmarking each nod e in dividually.
Chapter 13: Reports 190 Node Group Data Report The Node Group Data report displays t he list of nod es that belong to each group, the user groups that have access to each node gro up , and, if applicable, the rules that define t he node group.
Chapter 13: Reports 191 Scheduled Reports Scheduled Reports di spla ys reports that were scheduled in the Ta sk Manager. You can find the Upgrad e Device Firmware reports a nd Restart Device reports in the Schedule d Reports screen. Schedule d reports can be viewed in HTML format o nly.
Chapter 13: Reports 192 Upgrade Device Firmware Report The Upgrade Device Firmware report is l ocate d in the Sche duled Reports list. This report is gene rated when an Upgrade Device Firmwa re task is running. View the report to get real-time statu s information a bout the task.
193 In This Chapter Maintenanc e Mode ................................................................................ 193 Entering Maint enance M ode.................................................................. 193 Exiting Maint enance M ode ...
Chapter 14: System Maintenance 194 2. Password: Type your password. Only users with the CC Setup and Control privilege can ente r mainten ance mode. 3. Broadcast message: Ty pe the message that will display to users who will be logged out of CC-SG. 4.
Chapter 14: System Maintenance 195 b. Type the IP address or hostnam e of the server in the IP Address/Host name field. c. If you are not using the default port for the selected p rotocol (FTP: 21, SFTP: 22), type the communications port u sed in the Port Number field.
Chapter 14: System Maintenance 196 What is the difference bet ween Full backup and Standard backup? Standard backup: A standard backup includes all data in al l fields of all CCS G pages, except for d.
Chapter 14: System Maintenance 197 3. Click OK to delete the backup from the CC-SG system. Restoring CC-SG You can restore CC-SG using a b a ckup file that you created. Important: The Neighborhood con figuration is included in the CC- SG backup file so make sure you remember or note do wn its setting at the backup time.
Chapter 14: System Maintenance 198 Restore Data - CC-SG configuration, De vice and Node configuration, and User Data. Selecting Data resto res the Standard backup portion of a Full backup file.
Chapter 14: System Maintenance 199 Option Description part of the CC-SG database. The SNMP configuration and traps are reset. The SNMP agent is not reset. IP-ACL settings are reset with a Full Database reset whether you select the IP ACL Tables option or not.
Chapter 14: System Maintenance 200 Option Description SNMP Tr ap Destinations Default Firmware This option resets all de vice firmware files to factory defaults. This option does not chan ge the CC-SG database. Upload Firmware to Database After Reset This option loads the firmware files for the cu rre nt CC-SG version into the CC-SG database.
Chapter 14: System Maintenance 201 3. Broadcast message: Ty pe the message that will display to users who will be logged off CC-SG. 4. Restart after (min): Enter the num ber of minutes (from 0-720) that should elapse before CC-SG restarts.
Chapter 14: System Maintenance 202 4. Once CC-SG is in maintenance mode, choose System Maintena nce > Upgrade. 5. Click Browse. Navigate to and sele ct the CC-SG firm ware file (.zip) then click Open. 6. Click OK to upload the firmware file to CC-SG.
Chapter 14: System Maintenance 203 Clear the Browser's Cache These instructions may vary slight ly for different browser versions. To clear the browser cache in Internet Explorer 6. 0 or later : 1. Choose Tools > Internet Options. 2. On the General tab, click Delete Files then click OK to confi rm.
Chapter 14: System Maintenance 204 If specifying over 10 minutes, the broadcast me ssage displays to users immediately, and then repeat s at 1 0 and 5 minutes before the event occurs.
Chapter 14: System Maintenance 205 Ending CC-SG Session There are two ways to end a CC-SG Session. • Log out to end your session while keepi ng the clie nt window open. See Log Out of CC-SG (on page 205). • Exit to end yo ur session and close the client window.
206 In This Chapter Configuring a Mess age of t he Day ........................................................ 206 Configuring Applications for Ac cessing Nodes ..................................... 207 Configuring Defaul t Applications .............
Chapter 15: Advanced Administration 207 c. Click the Font Size drop-down menu and sele ct a font size for the message text. If you select Message of the Day File: a. Click Browse to browse for the message file. b. Select the file in the dialog window that opens then cli ck Open.
Chapter 15: Advanced Administration 208 2. Click the Application name dro p-down arrow and select the application that must be upgraded from the list. If you do not see the application, you must add it first.
Chapter 15: Advanced Administration 209 5. Click OK. An Open dialog appears. 6. Navigate to and select the application file (u sually a .jar or .cab file), and then click Open. 7. The selected application loads onto CC-SG. Delete an Application To delete an application: 1.
Chapter 15: Advanced Administration 210 View the Default Application Assignments To view the default application assignments: 1. Choose Administration > Applications. 2. Click the Default Applications t ab to view and edit the current default applications for various Interface s and Port Types.
Chapter 15: Advanced Administration 211 2. Click Add to add a new firmware file. A sear ch wi ndow opens. 3. Navigate to and select the firmware file you want to u pload to CC- SG, and then click Open. When the upload compl ete s, the new firmware appears in the Firmware Name field.
Chapter 15: Advanced Administration 212 Model Primary LAN Name Primary LAN Location Secondary LAN Name Secondary LAN Location V1-0 or V1-1 LAN1 Left LAN port LAN2 Right LAN port E1 LAN Ports: Model Pr.
Chapter 15: Advanced Administration 213 If the Primary LAN is connected and receiving a Link Integrity signal, CC- SG uses this LAN port for all communi cations. If the Primary LA N loses Link Integrity, and Secondary LAN is connected, CC-SG will failover its assigned IP address to the Secondary LAN.
Chapter 15: Advanced Administration 214 6. Click the Adapter Speed drop- down arro w and select a line speed from the list. Make sure your sele ction agrees with your switch's adapter port setting. If your switch uses 1 Gig line speed, sele ct Auto.
Chapter 15: Advanced Administration 215 What is IP Isolation mode? IP Isolation mode allows you to isol ate clients from devices by placi n g them on separate sub-networks and fo rcing clie nt s t o access the dev i ce s through CC-SG. In this mode, CC-SG manages traffic betwee n the two separate IP domains.
Chapter 15: Advanced Administration 216 • Specify at most one Default Gateway in the Network Setup pan el in CC-SG. Use Diagnostic Console to add more static routes if nee d ed. See Edit Static Routes (on page 278). To configure IP Isolation mode in CC-SG: 1.
Chapter 15: Advanced Administration 217 Recommended DHCP Configurations for CC-S G Review the following recommended DHCP c onfigurations. Make sure that your DHCP server is set up properly before you config ure CC-SG to use DHCP. • Configure the DHCP to statically allocate CC -SG's IP address.
Chapter 15: Advanced Administration 218 2. Click the Logs tab. 3. Click Purge. 4. Click Yes. Configuring the CC-SG Server Time and Date CC-SG's time and date must be accurat ely maintained to provide credibility for its device-management capabilities.
Chapter 15: Advanced Administration 219 Connection Modes: Direct and Proxy About Connection Mod es CC-SG offers three connection modes for in-band a nd out-of-b and connections: Direct, Proxy, and Both. • Direct mode allows you to connect to a node or port directly, witho ut passing data through CC-S G.
Chapter 15: Advanced Administration 220 Configure Proxy Mode for All Client Connections To configure proxy mode for all client connections: 1. Choose Administration > Configuration. 2. Click the Connection Mode tab. 3. Select Proxy mode. 4. Click Update Configuration.
Chapter 15: Advanced Administration 221 3. Type a new timeout duration in the Heart beat (se c) field. The valid range is 30 seconds to 50,000 second s.
Chapter 15: Advanced Administration 222 Enable AKC Download Server Certifi cate Validation Overview If you are using the AKC client, you can cho ose to use the Enable AKC Download Server Certificate Validati on feature or opt not to use thi s feature.
Chapter 15: Advanced Administration 223 Configuring Custom JRE Settings CC-SG will display a warning message t o users who attempt to access CC-SG without the minimum JRE vers ion that you specify. Check the Compatibility Matrix for the minimu m supported JRE version.
Chapter 15: Advanced Administration 224 To clear the default message and minimum JRE version: 1. Choose Administration > Configuration. Click the Custom JRE tab. 2. Click Clear. Configuring SNMP Simple Network Management Protocol allows CC-SG to push S NMP traps (event notifications) to an ex isting SNMP manager on the network.
Chapter 15: Advanced Administration 225 9. Select the checkboxes before the traps you want CC-SG to push to your SNMP hosts: Under Trap Source s, a list of SNMP traps grouped into two different catego.
Chapter 15: Advanced Administration 226 Requirements for CC-SG Clusters • The Primary and Secondary nodes in a clu ster must be running the same firmware version on the sa me hardware version (V1 or E1 ). • Your CC-SG network must be in IP Failover mode to be used for clustering.
Chapter 15: Advanced Administration 227 5. Type a valid user name and password for the Backup node in the Username for Backup Secure Gateway and Password for Backup Secure Gateway fields. 6. Select the Redirect by Hostname chec kbox to specify t hat secondary to primary redirection access should b e via DNS.
Chapter 15: Advanced Administration 228 Switch the Primary and Secondary Node Status You can exchange the roles of Primary and Secondary nodes when the Secondary, or Backup, node is in the "Joined" state. When the Secondary node is in the "Waiting" state, switchi ng is disabled.
Chapter 15: Advanced Administration 229 Note: If the clustered CC-SG units do not share the sa m e time zone, when the Primary nod e failure o ccurs, and the Secondary node becomes the new Primary node, the tim e specified for Automatic Rebuild still follows the time zone of the old Primary n ode.
Chapter 15: Advanced Administration 230 Create a Neighborhoo d You can log into a CC-SG unit where yo u want to cre ate a Neighborhood and which is not a member of any Neighborhood yet. After a Neighborhood is create d, all members in the Neighborh ood share the same Neighborhood info rmation.
Chapter 15: Advanced Administration 231 To deactivate any CC-SG unit, des elect the Activate chec kbox next to that unit. Deactivated CC-SG units operate as standal one units and do not show up as on e of the Neighborhood membe r s to Access Client users.
Chapter 15: Advanced Administration 232 4. If new CC-SG units meet the Ne ighborhood crite ria and are found, they display in the Neighborhood Confi guration table . Otherwise, a message appears and retu rn you to the Add Memb er dialog. Then make changes in the dialog as neede d.
Chapter 15: Advanced Administration 233 Delete a Neighborhood Member When a CC-SG unit in a Neighborhood become s inappropriate, you may either remove or deactivate it in the Neighborho od con figuration. Otherwise, Access Client users may find these u nits inaccessible when trying to switch to them.
Chapter 15: Advanced Administration 234 2. Choose Administration > Neighborhoo d. 3. Click Delete Neighborhoo d. 4. Click Yes to confirm the deletion.
Chapter 15: Advanced Administration 235 Check Your Browser fo r A ES Encryption CC-SG supports AES-128 and AES-256. If you do not know if your browser uses AES, check with the browser manufacturer. You may also want to try navigating to the following web site usi ng the browser whose encryption method you want to check: https://www.
Chapter 15: Advanced Administration 236 Click the Key Length drop-down ar row to select the e ncryption level - 128 or 256. The CC-SG Port field displays 80. The Browser Connection P rotocol field displays HTTPS/SSL selected. 5. Click Update to save your changes.
Chapter 15: Advanced Administration 237 Require strong pass words for all users 1. Choose Administration > Security. 2. Click the Login Settings tab. 3. Select the Strong Passwords Require d for All Users checkb ox. 4. Select a Maximum Password Length.
Chapter 15: Advanced Administration 238 Lockout settings Administrators can lock out CC-SG users and SSH u sers after a specified number of failed login attempt s. You ca n en able this feature for locally authenticated users, for remote ly authenti cated users, or for all users.
Chapter 15: Advanced Administration 239 2. Open the Login Settings tab. 3. Deselect the Lockout Enabled for Local Users checkbox to disable lockout for locally authenticated user s. Desele ct the Lockout Enabled for Remote Users checkbox to disable lockout for remotely authenticated users.
Chapter 15: Advanced Administration 240 Logo A small graphic file can be uploaded to CC-SG to act as a banner on the login page. The maximum size of the logo is 998 by 170 pixel s. To upload a logo: 1. Click Browse in the Logo ar ea of the Portal tab.
Chapter 15: Advanced Administration 241 Click Browse. A dialog win dow o pens. In the dialog window, select the text file with the message you want to use, and then click Open. The maximum length of the text message is 10,000 characters. Click Preview to preview the text contained in the file.
Chapter 15: Advanced Administration 242 a. Encryption Mode: If Require AES Encryption between Client and Server is selected in the Administration > Security > E ncryption screen, AES-128 is the default. If A ES is not required, DES 3 is the default.
Chapter 15: Advanced Administration 243 14. Type raritan in the Password fiel d if the CSR was generate d by CC- SG. If a different application generated the CS R, use the password for that application. Note: If the imported certificate is sign e d by a root and subroot CA (certificate authority), using only a root or subroot certificate will fail.
Chapter 15: Advanced Administration 244 Access Control List An IP Access Control List specifies ranges of client IP addresses for which you want to deny or allow ac cess to CC-SG. Each ent ry in the Access Control List becomes a rule that determines whether a user in a certain group, with a certai n IP addr ess, can access CC-SG.
Chapter 15: Advanced Administration 245 6. Click the Action drop-down arro w an d select Allow or Deny to specify whether the specified users in the IP range can access CC-SG. 7. Click Update to save your changes. To change the order in which CC-SG applies rules: 1.
Chapter 15: Advanced Administration 246 7. Type a valid email address that will identify messages from CC-SG in the From field. 8. Type the number of times emails sho uld be re-sent should the send process fail in the Sending retries field.
Chapter 15: Advanced Administration 247 Schedule Sequential Tasks You may want to schedule tasks sequ en tially to confirm that expect ed behavior occurred.
Chapter 15: Advanced Administration 248 Schedule a Task This section covers most tasks that can be sche dule d. See Schedule a Device Firmware Upgrade (on page 250) for d etails on scheduling device firm ware upgra de s. To schedule a task: 1. Choose Administration > Tasks.
Chapter 15: Advanced Administration 249 b. Periodic: Use the up and down arrows to select the Start time at which the task should begin. Type the numbe r of times the task should be executed in the Repeat Co un t field. Type the time that should elapse between repetitions in the Rep eat Interval field.
Chapter 15: Advanced Administration 250 12. Specify email addresses to which a notification should be sent up on task success or failure. By defaul t, the email address of the user currently logged in is available. User em ail add resses configured in the User Profile.
Chapter 15: Advanced Administration 251 a. Start Date/Time: Select the date and time at which the task begins. The start date/time must be later than the current date/time.
Chapter 15: Advanced Administration 252 Change a Scheduled Task You can change a schedul ed task before it runs. To change a scheduled task: 1. Select the task you want to change.
Chapter 15: Advanced Administration 253 Delete a Task You can delete a task to remove it from the Task Ma nager. You cannot delete a task that is currently running.
Chapter 15: Advanced Administration 254 To display all SSH commands: • At the shell prompt, type ls to display all commands av ailable. Get Help for SSH Commands You can get limited help for all commands at once. You can also g e t in- depth help on a single com mand at a time.
Chapter 15: Advanced Administration 255 SSH Commands and Parameters The following table lists all command s available in SSH. You must be assigned the appropriate privilege s in CC-SG to a ccess each command. Some commands have additional pa ra meters that you must type to execute the command.
Chapter 15: Advanced Administration 256 To search for text from piped output s tream: grep search_term To view the help screen for all commands: help To list available device configura tion backups: l.
Chapter 15: Advanced Administration 257 To restart a device: restartdevice <[-id <device_id>] | [host]> To restore a device configuration : restoredevice <[-host <host>] | [-id &l.
Chapter 15: Advanced Administration 258 Command syntax Device ID v alue You should type ssh -id <device_id> 100 ssh -id 100 • The default escape charac ter is a tilde followed by a peri od. For example: ~. See End SSH Connections (on page 260) for details on u sing th e escap e character and the ex it command.
Chapter 15: Advanced Administration 259 2. Connect to the device by typing ssh -id <device_id> . Using the figure above as an example, you ca n co nnect to SX-229 by typing ssh -id 1370 .
Chapter 15: Advanced Administration 260 Command Alias Description get_write gw Gets Write Access. Allows SSH user to execute commands at targ et serve r while browser user can o nly observe proceedings. get_history gh Gets History. Displays the last few commands and re sult s at target server.
Chapter 15: Advanced Administration 261 Serial Admin Port The serial admin port on CC-SG can b e connected directly to a Raritan serial device, such as Dominion SX or KSX. You can connect to the SX or KSX vi a the IP address using a terminal emulation program, such as HyperTerminal or PuTTY .
Chapter 15: Advanced Administration 262 3. A new window opens with your CC-S G serial number. Web Services API You must accept the End User Agreement before addi ng a We b Services API client to CC-SG. You can add up to five WS-API clients. See the CC-SG Web Services API Guide for details on using the API.
Chapter 15: Advanced Administration 263 h. Division/Department Name: CSR tag is Organization Unit Name. Maximum 64 characters. i. Fully Qualified Domain Na me: CSR tag is Common Name. j. Administrator Email Address: Type in th e email address of the administrator who is resp onsible for the certificate re quest.
264 The Diagnosti c Co nsole is a non-gr aphical, menu-based interfa ce t hat provides local access to CC-SG. You can access Di agno stic Console from a serial or KVM port.
Chapter 16: Diagnostic Console 265 Status Console About Status Console • You can use the Status Console to chec k the health o f CC-SG, the various services CC-SG uses, and the attached network. • By default, Status Console does not require a pa ssword.
Chapter 16: Diagnostic Console 266 2: Access the Status Con sole v ia web browser: 1. Using a supported Internet browser, type this URL: http(s)://<IP_address>/status/ where <IP_address> is the IP address of the CC-SG. Note the forward slash (/) followi ng /status is mandatory.
Chapter 16: Diagnostic Console 267 CC-SG Title, Date and Time The CC-SG title is constant so users know that they are conne cted to a CC-SG unit. The date and time at the top of the sc reen is the last time when the CC- SG data was polled. The date and time reflect the timing value s sav ed on the CC-SG server.
Chapter 16: Diagnostic Console 268 Information Description Restoring CC-SG is in t he process of restoring itself and database queri es are temporarily suspended. Down Database server has not st arted yet. Most of the access to the CC-SG server is through the Web.
Chapter 16: Diagnostic Console 269 Information Description Speed The speed that this interface is operating: 10, 100 or 1000 Mbits per se cond. Duplex Indicate whether the interface i s Full- or Half-duplex. IPAddr The current Ipv4 Address of this interface.
Chapter 16: Diagnostic Console 270 Status Console v ia Web Browser After connecting to the Status Console via the web bro wser, the re a d- only Status Console web page appears. The web page displays the same info rm ation as the Status Console, and also updates the information approximat ely every 5 seconds.
Chapter 16: Diagnostic Console 271 Administrator Console About Administrator Co nsole The Administrator Con sol e allows you to set some initial parameters, provide initial networking configuration, debu g log files, and perform some limited diagnostics a nd re starting CC-SG.
Chapter 16: Diagnostic Console 272 The main Administrator Console screen appears. Administrator Console Sc reen Administrator Console screen co nsists of 4 main areas. • Menu bar: You can perform Administ rator Console function s by activating the menu bar.
Chapter 16: Diagnostic Console 273 • Status bar: Status bar is just above the navigation keys bar. It displays some important system information, including CC-SG' s seri al number, firmware version, and the time when the information shown in the main display area wa s loa ded or updated.
Chapter 16: Diagnostic Console 274 Edit Diagnostic Console Configuration The Diagnostic Co nsole can be accessed via the serial port (COM 1), VGA/Keyboard/Mouse (KVM) port, or fr om SSH clients. If you want to access Status Console, one more a c ce ss mechanism, Web ac cess, is also available.
Chapter 16: Diagnostic Console 275 4. Click Save. Edit Network Interfaces Configuration (Network Interfaces) In Network Interface Configuration, you can perform i nitial setup tasks, such as setting the hostna m e and IP addre s s of the CC-SG. 1. Choose Operation > Network Inte rfaces > Network Interface Co nfig.
Chapter 16: Diagnostic Console 276 Even if DHCP is being used to determine the IP configuratio n for an interface, you must provide a properl y formatted IP address and Netmask.
Chapter 16: Diagnostic Console 277 Option Description Record Route Records route. Turns on the IP record route option, which will store the route of the packet inside the IP header. Use Broadcast Address Allows pingin g a bro ad cast message. Adaptive Timing Adaptive ping.
Chapter 16: Diagnostic Console 278 Option Description No DNS Resolution Does not resolve addresses to host names. Use ICMP (vs. normal UDP) Use ICMP ECHO instead of UDP datagrams.
Chapter 16: Diagnostic Console 279 Although you can delete all other routes, including the Default Gateway, doing this will greatly impact the communication with CC- SG.
Chapter 16: Diagnostic Console 280 View Log Files in Diagnostic Console You can view one or more log files si mul taneously via LogViewer, which allows browsing through se veral files at once to examine system activity.
Chapter 16: Diagnostic Console 281 3. Click with the mouse or use the arrow keys to navigat e and press the Space bar to select a log file, marking it with an X.
Chapter 16: Diagnostic Console 282 Option Description contents of this package is not available to customer. Exported logfiles will be available for up to 10 days, a nd then the system will automat ically delete them .
Chapter 16: Diagnostic Console 283 Note: System load is static as of the start of this Admin Console se ssion - use the TOP utility to dynamical ly monitor system resources. To filter a log file with a regular expression: 1. Type e to add or edit a regular expressi on and select a log from the list if you have chosen to view several.
Chapter 16: Diagnostic Console 284 Diagnostic Console. See Restarting CC-SG (on page 200). Restarting CC-SG in Diagnostic Cons ole will NOT notify users that it is being restarted. To restart CC-SG with Diagnostic Co nsole: 1. Choose Operation > Admin > CC-SG Resta rt.
Chapter 16: Diagnostic Console 285 2. Either click REBOOT System or press Enter to reboot CC-SG. Confirm the reboot in the next screen to proceed. Power Off CC-SG System from Diagnostic Console This option will power off the CC-SG unit. Logged -in users will not receive a notification.
Chapter 16: Diagnostic Console 286 2. Either click Power OFF the CC-S G or press Enter to remove AC power from the CC-SG. Confirm the power off operation in the next screen to proceed. Reset CC Super-User Pa ss word with Diagnostic Console This option will reset the password fo r the CC Super User account to the factory default value.
Chapter 16: Diagnostic Console 287 2. Either click Reset CC-SG GUI A d min Password or press Enter to change the admin password back to factory default. Confi rm the password reset in the next screen to proceed. Reset CC-SG Factory Configuration (Admin) This option will reset all or parts of the CC-SG system back to their factory default values.
Chapter 16: Diagnostic Console 288 Option Description Full CC-SG Database Reset This option removes the existing CC-SG databa se a nd builds a new version with the factory default val ues. Network settings, SNMP settings, firmware, and diagnostic console se ttings are not part of the CC-SG database.
Chapter 16: Diagnostic Console 289 Option Description Diagnostic Console Reset This option restores Di agnostic Con sole settings back to factory defaults.
Chapter 16: Diagnostic Console 290 2. In the Password History Depth field, type the number of passwords that will be remembered. The default setting is five. 3. Select either Regular, Random, or Strong for the admi n and statu s (if enabled) passwords.
Chapter 16: Diagnostic Console 291 Password setting Description every password must have at least one digit in it. Diagnostic Console Account Configuration By default, the status account does not require a passwo rd, but you can configure it to require one.
Chapter 16: Diagnostic Console 292 Setting Description User User Name (Read-only ). This i s the current user name or ID for this account. Last Changed (Read-only). This is the date of the last passwo rd ch ange fo r this account. Expire (Read-only).
Chapter 16: Diagnostic Console 293 Configure Remote System Monitoring You can enable the remote system mo ni toring feature to use the GKrellM tool. The GKrellM tool provides a graphical view of resource utilization on the CC-SG unit. This tool is simi lar to the Windows Task Manager's Performance tab.
Chapter 16: Diagnostic Console 294 3: Configure the remote sy stem monitoring client to work with CC-SG: Follow the instructions in the Read Me file to set the CC-SG unit as the target to monitor. Windows users must use the comman d line to locate the Gkrellm installation directory and then run the command s spe cified in the Read.
Chapter 16: Diagnostic Console 295 Display RAID Status and Disk Utilization This option displays the sta t us of CC -SG disks, incl uding disk size, active and up status, state of the RAID-1, and amount of space cu rrently used by various file sy st ems.
Chapter 16: Diagnostic Console 296 Perform Disk or RAID Tests You can manually perform SMART disk drive tests or RAID check and repair operations. To perform a disk drive test or a RAID chec k and repair operation: 1. Choose Operation > Utilities > Disk/RAID Utilities > Manual Disk/RAID Tests.
Chapter 16: Diagnostic Console 297 d. After the test is complete, you can view the results in the Repair/Rebuild RAID screen. See Repai r or Rebuild RAI D Disks (on page 299).
Chapter 16: Diagnostic Console 298 Schedule Disk Tests You can schedule SMART-based test s of the disk drives to be periodically performed. Firmware on the disk d rive wil l perform these tests, and you can view the test results in the Repair/ Rebuild screen.
Chapter 16: Diagnostic Console 299 2. Click with the mouse or use the arrow keys to navigat e and press the Space bar to select a test type, ma rking it with an X. Different types of tests take a different period of time. A Short test takes about 2 minut es to complete when the system is lightly loaded.
Chapter 16: Diagnostic Console 300 2. If any item does not show "No" un der the "Replace??" or "Rebuild??" column, contact Raritan T ech nical Support for assistance.
Chapter 16: Diagnostic Console 301 4. Selecting either Replace Di sk Drive or Rebuild RAID Array, and follow onscreen instru ction s unt il you finish the operation. View Top Display with Diagnostic Console Top Display allows you to view the list of currently-ru nning processes and their attributes, as well as overall sy stem he alth.
Chapter 16: Diagnostic Console 302 NTP is not enabled or not configured properly: NTP is properly configured and ru nning:.
Chapter 16: Diagnostic Console 303 Take a System Snapshot When CC-SG does not function properly , it is extremely helpful if you can capture the information stored in CC-SG, such as the system lo gs, configurations or database, and provid e it to Raritan T echnical Support for analysis and troublesho oting.
Chapter 16: Diagnostic Console 304 2: Retrieve the CC-SG snapshot file: 1. Using a supported Internet browser, type this URL: http(s)://<IP_address>/upload/ where <IP_address> is the IP address of the CC-SG. Note the forward slash (/) followi ng /upload is mandatory.
305 If you have a CC-SG and Power IQ, ther e are several s way s to use them together. 1. Control power to Power IQ IT devices vi a CC-SG. For example, if you want to control power to a Power IQ IT device which is also a CC-SG nod e, you can u se a Power IQ Proxy interface to give power control commands in CC-SG.
Chapter 17: Power IQ Integration 306 2. Type a name for the device in the Power IQ Device Name field. The name must be unique for the Power IQ Device providing the service. CC-SG does not accept duplicate names. See Nami ng Conventions (on page 353) for detail s on CC-SG's rules for name length s.
Chapter 17: Power IQ Integration 307 Import Power Strips from Power IQ You can import Dominion P X devices and their outlet names from Powe r IQ. If the Dominion PX devices are already mana ged by CC-SG, you must delete them first. The import adds the Dominio n PX devices, a nd configures and names the outlets spe cified in the CS V file.
Chapter 17: Power IQ Integration 308 Column number Tag or value Details Default is FALSE. 7 Description Optional. Step 3: Import the edit ed CSV file into CC-SG 1. In the CC-SG Admin Client, choose Adm inistration > I mport > Import Powerstrips.
Chapter 17: Power IQ Integration 309 4. Click Save. Step 2: Edit the CSV file and import into Power IQ: The export file contains three sect ion s. Rea d the co mments in the CSV file for instructions on how to use each section as part of a Power IQ multi-tabbed CSV import file.
310 In This Chapter V1 Model................................................................................................ 310 E1 Model................................................................................................ 311 V1 Model V1 General Specifications Form Factor 1U Dimensions (DxWxH) 24.
Appendix A: Specifications for V1 and E1 311 Operating Humidity 5% - 95% RH Altitude Operate properly at any altitude between 0 to 10,000 feet, storage 40,000 feet (Estimated) Vibration 5-55-5 HZ, 0.38mm,1 minut es pe r cycle; 30 minutes for each axis (X,Y,Z) Shock N/A E1 Model E1 General Specifications Form Factor 2U Dimensions (DxWxH) 27.
Appendix A: Specifications for V1 and E1 312 Operating Non-Operating Tempera ture -40°-70° C Humidity 5-90%, non-condensing Altitude Sea level to 40,000 feet Vibration 10 Hz to 300 Hz sweep at 2 g c.
313 This appendix contain s ne twork re quirements, including add resses, protocols, and ports, of a typical CC-SG deployme nt. It includes information about how to configure your netwo rk for both external access and internal security and routing poli c y enforcement.
Appendix B: CC-SG and Network Configuration 314 Port Number Protocol Purpose Details Raritan device that will be externally accessed. The other ports in the table must be opened only for accessing CC-SG.
Appendix B: CC-SG and Network Configuration 315 CC-SG and Raritan Devices A main role of CC-SG is to manage and cont rol Raritan devices, such as Dominion KX II.
Appendix B: CC-SG and Network Configuration 316 Communication Direction Port Number Protocol Configurable? Details CC-SG to CC-SG 5432 TCP no From HA-JDBC on Primary to Backup PostgreSQL DB server. Not encrypted. CC-SG to CC-SG 8732 TCP no Primary-Backup server sync clustering control data exchange.
Appendix B: CC-SG and Network Configuration 317 Communication Direction Port Number Protocol Configurable? Details PC Client to CC-SG 443 TCP no Client-server communi cati on. SSL/AES-128/AES-256 encrypted if configured. PC Client to CC-SG 80 TCP no Client-server communication.
Appendix B: CC-SG and Network Configuration 318 Communication Direction Port Number Protocol Configurable? Details Client to Raritan Device to Out-of-Band KVM Node (Direct Mode) 5000 (on Raritan Device) TCP yes Client-server communication. SSL/AES-128/AES-256 encrypted if configured.
Appendix B: CC-SG and Network Configuration 319 Communication Direction Port Number Protocol Configurable? Details CC-SG to SNMP Manager 162 UDP yes SNMP stand ard CC-SG Internal Ports CC-SG uses several ports for intern al function s, and its local firewall function blocks access to these port s.
Appendix B: CC-SG and Network Configuration 320 VNC Access to Nodes Port 5800 or 5900 must be open for VNC acce ss to node s. SSH Access to Nodes Port 22 must be open for SSH access to nodes. Remote System Monitori ng Port When the Remote System Monitoring feature i s enabled, port 19150 is opened by default.
321 This table shows which pri vilege must be assigned for a user to have access to a CC-SG menu item. *None means that no particular privilege is required.
Appendix C: User Group Privileges 322 Menu > Sub- menu Menu Item Required Privilege Description Devices This menu and the Devices tree is available only for users with any one of the following priv.
Appendix C: User Group Privileges 323 Menu > Sub- menu Menu Item Required Privilege Description Management or Device Configuration and Upgrade Management > Launch User Station Admin Device, Port.
Appendix C: User Group Privileges 324 Menu > Sub- menu Menu Item Required Privilege Description > By Port Number Device, Port, and Node Management or Device Configuration and Upgrade Management .
Appendix C: User Group Privileges 325 Menu > Sub- menu Menu Item Required Privilege Description Control Configure Blades Device, Port, and Node Management Ping Node Device, Port, and Node Managemen.
Appendix C: User Group Privileges 326 Menu > Sub- menu Menu Item Required Privilege Description Node Power Cont rol > Tree View Any of the following: Device, Port, and Node Management or Node In.
Appendix C: User Group Privileges 327 Menu > Sub- menu Menu Item Required Privilege Description > Devices > Device Asset Report Device, Port, and Node Management or Device Configuration and U.
Appendix C: User Group Privileges 328 Menu > Sub- menu Menu Item Required Privilege Description Upgrade Management Configuration CC Setup and Control Cluster Configuration CC Setup and Control Neig.
Appendix C: User Group Privileges 329 Menu > Sub- menu Menu Item Required Privilege Description Device, Port, and Node Management Export Devices CC Setup and Control and Device, Port, and Node Mana.
330 CC-SG provides the following SNMP traps: SNMP Trap Description ccUnavailable CC-SG applic ation is unavailable. ccAvailable CC-SG application is available. ccUserLogin CC-SG u se r logge d in. ccUserLogout CC-SG user logged out. ccPortConnectionStarted CC-SG session started.
Appendix D: SNMP Traps 331 SNMP Trap Description ccDiagnosticConsoleLo gout User has logged out of the CC-SG Diag nosti c Console. ccUserGroupAdded A new user group has been added to CC-SG. ccUserGroupDeleted CC-SG user group has been deleted. ccUserGroupModified CC-SG user group has been modified.
332 This section contains more information about CSV file import s. In This Chapter Common CSV File Requirem ent s ......................................................... 333 Audit Trail Entrie s for Importing .......................................
Appendix E: CSV File Imports 333 Common CSV File Requirements The best way to create the CSV file is to export a file from CC-SG, and then use the exported CSV file as an example for creating your own. The export file contains comments at the top that describ e each item in the file.
Appendix E: CSV File Imports 334 Audit Trail Entries for Importing Each item imported into CC-SG is logged in the Audi t Trail. Skippe d duplicates are not logged in the Audit Trail. The Audit Trail includes an entry for the following a ctio ns, und er the Message Type "Configuration.
Appendix E: CSV File Imports 335 Troubleshoot CSV File Problems To troubleshoot CSV file validation: Error messages appea r in the Problems area of the Import page. The error messages identify problems that a re foun d in the CSV file during validation.
336 • Launching CC-SG from your web brow ser requi re s a Java plug-in. If your machine has an incorrect version, CC-SG will guide you through the installation steps. If your machine do es n ot have a Java plug-in, CC-SG cannot aut omatically lau nch.
Appendix F: Troubleshooting 337 • If you access more than one CC-SG unit using the same client and Firefox, you may see a "Secure Conne ction Fail ed" message that says you have an invalid certificate. You can resume access by clearing the invalid certificate from your browser.
338 CC-SG comes with a few diagnostic utilities which ma y be extremely helpful for you or Raritan Technical Support to analy se and debug the cause of CC-SG problems. In This Chapter Memory Diagnostic .................................................
Appendix G: Diagnostic Utilities 339 Capture the Memtest86+ screen containing the memory errors and contact Raritan Technical Suppo rt for assi stance. Shut down CC-SG and re-install the memory DIMM modules to ensure the contact is good. Then perform the Memte st86+ diagnostic to verify if the memory issue is resolved.
Appendix G: Diagnostic Utilities 340 CC-SG Disk Monitoring If CC-SG disk space exhaustion in one or more f ile sy stems occurs, it may negatively impact your operation and even result s in the loss of some engineering data. Therefore, you shoul d monit or the CC-SG disk usage and take corrective actions to prev ent or re solve potential issues.
Appendix G: Diagnostic Utilities 341 File system Data Corrective action /sg/DB CC-SG database Contac t Raritan Te chnical Support /opt CC-SG backups and snapshots 1. Save any new snapshot files on a remote client PC. See Take a System Snapshot (on page 303 ) for the retrieval procedure.
Appendix G: Diagnostic Utilities 342 Note: For file system problem s that ar e not m entioned in this section, or when the corrective actions you take cannot re solve the problems, contact Raritan Te chni cal Support for assistan ce.
343 CC-SG can be configured to point to an RSA RADIUS Server that supports two-factor authent ication via an associated RSA Authentication Manager. CC-SG acts as a RADIUS clie nt and sends user authentication requests to RSA RADIUS Server. T he authentication request includes user id, a fixed password, and a dynamic toke n co de.
344 In This Chapter General FAQs ........................................................................................ 344 Authenticat ion FAQs .............................................................................. 346 Security FAQs .......
Appendix I: FAQs 345 Question Answer Can I upgrade to newer versions of CC-SG software as they become available? Yes. Contact your authori zed Ra ritan sales representative or Raritan, Inc.
Appendix I: FAQs 346 Question Answer model with IP-Reach and the IP User Station (UST-IP). The network model scale s throu gh use of the TCP/IP network and aggregates access through CC-SG, so users don't have to know IP addresse s or the topology of access device s.
Appendix I: FAQs 347 Question Answer security t ools su ch as LDAP, AD, RADIUS, and so on? TACACS+, RADIUS, and LDAP. Why does the erro r me ssage "Incorrect username and/or password" appear after I correctly enter a valid username and password to log into CC-SG? Check the user account in AD.
Appendix I: FAQs 348 Question Answer WAN, but LAN, too)? Does CC-SG support CRL List, that is, LDAP list of invalid certificates? No. Does CC-SG support Client Certificate Request? No. Accounting FAQs Question Answer Accounting The event times in the Audit Trail report seem incorrect.
Appendix I: FAQs 349 Grouping FAQs Question Answer Grouping Is it possible to put a given server in more than one group? Yes. Just as one user ca n belon g to multiple groups, one device can belong to multiple groups. For example, a Sun in NYC could be part of Group Sun: "Ostype = Solaris" and Group New York: "location = NYC.
Appendix I: FAQs 350 Interoperability FAQs Question Answer Interoperability How does CC-SG integrate with Blade Chassis products ? CC-SG can support any device with a KVM or se rial interface as a transparent pass-through.
Appendix I: FAQs 351.
352 The following keyboard sh ortcuts can b e used in the Java-based Admin Client. Operation Ke y board Shortcut Refresh F5 Print panel Ctrl + P Help F1 Insert row in Association s table Ctrl + I Appe.
353 This appendix include s inf ormation about the naming conventions used in CC-SG. Comply with the maximum character lengths when na ming all the parts of your CC -SG configuration. In This Chapter User Info rmation .................................
Appendix K: Naming Conventions 354 Field in CC-SG Number of characters CC-SG allo ws Audit Information 256 Location Information Field in CC-SG Number of characters CC-SG allo ws Department 64 Site 64 .
Appendix K: Naming Conventions 355 Field in CC-SG Number of characters CC-SG allo ws periods are converted to hyphens. Device Description 160 Device IP/Hostname 64 Username 64 Password 64 Notes 256 Po.
356 Prior to version 4.0, CC-SG Diagno stic Console displays a number of messages on the screen each time whe n it boots up. These messages are standard Linux diagnostic and warning messages and usually do not imply any system problems. The table o ffers a short introduction to a few frequent messages.
357 A About Administrator Console • 264, 271 About Applications for Accessing Nodes • 207 About Associations • 21 About CC-SG LAN Ports • 211, 212, 215 About CC-SG passwords • 237 About Conn.
Index 358 Adding, Editing, and Deleting User Groups • 84, 132 Adding, Editing, and Deleting Users • 136 Administration • 355 Administrator Console • 271 Administrator Console Screen • 272 Ad.
Index 359 Checking and Upg radi ng Application Versions • 11, 207 Checking the Compatibility Matrix • 11 Clear the Browser's Cache • 202, 203, 336 Clear the Java Cache • 202, 203, 208, 33.
Index 360 Delete a User • 138 Delete a User Group • 134 Delete a Virtual Infrastructure • 96 Delete a Virtual Machine Node • 95, 96 Delete an Application • 209 Delete an Interface • 94, 10.
Index 361 Finding Your CC-SG Serial Numb er • 261 Flow for Authentication • 161 G General FAQs • 344 Get Help for SSH Commands • 254 Getting Started • 10 Grouping FAQs • 349 H Hide or Show.
Index 362 Notification Manager • 245, 247 O Older Version of Application Opens After Upgrading • xvi, 12, 208 OpenLDAP (eDirectory) Configuration Settings • 176 P Paragon II System Controller (P.
Index 363 Save, Upload, and Delete Device Backup Files • 63 Saving and Deleting Backup Files • 194, 196, 198 Schedule a Device Firmware Upgrade • 248, 250, 252 Schedule a Task • 170, 172, 248,.
Index 364 User Information • 353 User Management • 13, 18 Users and User Groups • 50, 124, 129, 153, 162, 177, 178 Users CSV File Requirements • xvi, 140 Using Chat • 111 Using Custom Views .
.
U.S./Canada/Latin America Monday - Friday 8 a.m. - 6 p.m. ET Phone: 800-724- 809 0 or 732- 764- 8886 For CommandCenter NOC: Press 6, then Pr ess 1 For CommandCenter Secure Gateway : Press 6, then Press 2 Fax: 732-764-88 87 Email for CommandCenter NOC: tech-ccnoc@rarita n .
デバイスRaritan Computer Home Security Systemの購入後に(又は購入する前であっても)重要なポイントは、説明書をよく読むことです。その単純な理由はいくつかあります:
Raritan Computer Home Security Systemをまだ購入していないなら、この製品の基本情報を理解する良い機会です。まずは上にある説明書の最初のページをご覧ください。そこにはRaritan Computer Home Security Systemの技術情報の概要が記載されているはずです。デバイスがあなたのニーズを満たすかどうかは、ここで確認しましょう。Raritan Computer Home Security Systemの取扱説明書の次のページをよく読むことにより、製品の全機能やその取り扱いに関する情報を知ることができます。Raritan Computer Home Security Systemで得られた情報は、きっとあなたの購入の決断を手助けしてくれることでしょう。
Raritan Computer Home Security Systemを既にお持ちだが、まだ読んでいない場合は、上記の理由によりそれを行うべきです。そうすることにより機能を適切に使用しているか、又はRaritan Computer Home Security Systemの不適切な取り扱いによりその寿命を短くする危険を犯していないかどうかを知ることができます。
ですが、ユーザガイドが果たす重要な役割の一つは、Raritan Computer Home Security Systemに関する問題の解決を支援することです。そこにはほとんどの場合、トラブルシューティング、すなわちRaritan Computer Home Security Systemデバイスで最もよく起こりうる故障・不良とそれらの対処法についてのアドバイスを見つけることができるはずです。たとえ問題を解決できなかった場合でも、説明書にはカスタマー・サービスセンター又は最寄りのサービスセンターへの問い合わせ先等、次の対処法についての指示があるはずです。