User Manual KVM ACCESS Management Software
American Power Conversion Legal Disclaimer The information presented in this manual is not warranted by the American Power Conversion Corporation to be authoritative, error free, or complete. This publication is not meant to be a substitute for a detailed operational and site specific development plan.
Contents General Information ........................................................ 1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
KVM ACCESS Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 The Navigation Buttons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Tree view considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Interactive display panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Selecting list items . .
Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31 Add a user account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Managing User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Deleting User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Unlocking User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Groups . . . . . . . . . . .
Unsupported Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 System Management..................................................... 73 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Menu Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 The KVM ACCESS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Server Information . . . . . . . . . . . .
KVM ACCESS Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95 Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 KVM ACCESS Log Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 Notification Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Export Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Import Logs . .
View License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 Authentication Key Utility........................................... 113 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Key Status Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Key Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Key Firmware Upgrade. . . . .
General Information Overview Introduction KVM ACCESS provides single portal, single login, secure, centralized access, administration and management of your entire network - local and worldwide - anywhere, anytime. KVM ACCESS offers a single, integrated browser-based interface to manage all your devices. Users no longer need to learn the interface for each individual device, making system management easier and more efficient.
Security Security features include internal and external authentication. External authentication support includes LDAP, Active Directory, RADIUS, TACACS+, and NT Domain. Only after being authenticated can users gain access to the devices. Option to force users of all KVM ACCESS managed devices to be authenticated through KVM ACCESS. Users cannot log in to the devices directly. Compliant with the X.509 Digital Certificate Standard. 128-bit SSL encryption of all data on the web. Flexible session time-outs.
Requirements Server Requirements Systems that KVM ACCESS will be installed on should meet the following requirements: • Hardware Requirements – CPU: Pentium 4, 2.
Operating Systems. Supported operating systems for client workstations that connect to KVM ACCESS are shown below: OS Version Windows 2000 and higher Linux UNIX RedHat 7.1 and higher Fedora Core 2 and higher SuSE 9.0 and higher Mandriva (Mandrake) 9.0 and higher AIX 4.3 and higher FreeBSD 4.
Licenses The KVM ACCESS license controls the number of nodes permitted on the KVM ACCESS server installation. License information is contained on the USB License Key that came with your KVM ACCESS purchase. Upon completion of the KVM ACCESS software installation, a default license (one master and 80 nodes) is automatically provided. To add more nodes you must upgrade the license. See “Upgrading the License” on page 82 for detailed information. Nodes.
Installation Windows Version Installation Before you begin Before running the installation program make sure of that the Sun's Java Runtime Environment (JRE) 6, Update 11, or higher has been installed on your system. If not, you need to download and install it. You can get the latest version from the Java web site: http://java.com After the JRE has been installed on your system, you are ready to install the KVM ACCESS program. Starting the installation 1.
6. In the Choose Installation Folder dialog box, specify the KVM ACCESS' installation folder. If you don't want to use the default entry, click Choose... to browse to the location you want, then click Next to continue. 7. In the Choose Shortcut Folder dialog box, click one of the radio buttons to specify where you would like to create product icons, then click Next to continue.
8. Fill in the fields in the Config & Setup dialog box, according to the information in the table. Heading Description Server name The default name for the server - as defined in the Windows Computer Name setting. You can choose a different name to identify the server on the KVM ACCESS installation. The name can be from 2-32 bytes in any supported lantuage. Note: 1. The following characters may not be used: “ ‘ \ 2.
11. The Pre-Installation Summary dialog box opens. Click Previous to go back and make changes. If the information is correct, click Install. 12.When the dialog box opens informing you that the installation has completed successfully, click Done to exit the installer. 13.At the completion of the installation, a KVM ACCESS entry is created in the Windows Start menu. Post-installation check After installation completes, the KVM ACCESS program starts automatically (and starts automatically with every bootup).
Linux Version Installation Before you begin The procedure for installing KVM ACCESS on a Linux system is similar to that for Windows, but there are Java considerations to note. • If Java isn't already installed, download from the Java web site: http://java.com Installation instructions are provided on the Java download page.
Installing After making sure that the appropriate version of the JRE has been installed, do the following: 1. Put theKVM ACCESS software CD into the computer's CD or DVD drive. 2. Go to the folder where KVM ACCESS Setup_Linux.bin is located, and run it. Note: 1. You must run the installation program as the root user. 2. Make sure that the installation file has executable permissions 3. For some versions of Linux, the program must be run in a terminal. 3.
Uninstalling KVM ACCESS Software Uninstalling from a Windows system 1. Open the Start menu. 2. Navigate to the KVM ACCESS entry (Programs > KVM ACCESS), and select Uninstall KVM ACCESS. Note: Many KVM ACCESS files and folders that were created during installation must be removed manually for a complete removal (necessary if you plan on reinstalling). The default folder is C:\KVM ACCESS.
Browser Operation To ensure multi-platform operability, access to the KVM ACCESS is available through most standard web browsers. Once users log in and are authenticated, the KVM ACCESS's browser GUI comes up. This chapter explains the login procedure, and describes the KVM ACCESS's browser GUI components. Logging in To log in to KVM ACCESS: 1. Open the browser and specify the IP address of the KVM ACCESS in the browser's URL location bar.
KVM ACCESS Interface After you have successfully logged in, the KVM ACCESS web page opens. KVM ACCESS web page components: Item Item Name Number 14 Description 1 Tab bar The tab bar contains the main operation categories. The items that appear in the tab bar are determined by the user's type, and the authorization options that were selected when the user's account was created. 2 Page menu bar The page menu bar contains operational sub-categories that pertain to the item selected in the tab bar.
The Navigation Buttons The navigation buttons move you through the items in the Sidebar: Button Action Moves to the item in the tree that is one level out and one step up from the current selection (its parent item). In the diagram below: If the focus were on SLOT-01-TestA, it would move to CMC-599232S. Moves to the item in the tree that is on the same level of depth and one step up from the current selection (its sibling item). In the diagram below: 1.
Tree view considerations • Only items a user is authorized to access appear in the Sidebar tree view. • A plus (+) sign in front of an item means that there are additional items nested inside. Click the plus sign to expand the view and show the nested items. • The plus sign changes to a minus sign (-) when an item is expanded. Click the minus sign to collapse the view and hide the nested items. • For devices, if the device is on line, its icon is in color; if it is off line, its icon is gray.
Selecting list items Many of the pages displayed in the Interactive Display Panel contain a list of selection items (devices, users, groups, configuration files, etc.) on which to perform an operation. • To select an item, click to put a check in the checkbox in front of the name. • To select a group of items, put a check in the checkbox in front of each of their names. • To select all of the items, put a check in the checkbox at the top of the column.
Language. • To set KVM ACCESS to display pages in the same language your browser uses, Click the Use Browser Settings radio button. Note: If your browser is set to a non-supported language, KVM ACCESS looks at the the language of your server's operating system. If the operating system is set to a supported language it will use that language to display its pages. If the operating system is set to a non-supported language, KVM ACCESS defaults to English.
Port Access Overview Access and control the devices, ports and outlets that are managed over the KVM ACCESS network. The Menu Bar provides different organizational views. Click on a view in the Menu Bar to see the items organized according to the selected view’s parameters. Note: If no access rights have been assigned to a user, the Port Access tab and page do not display, even for System Administrators. Table Headings Headings vary depending on the view selected.
Action Buttons There are two buttons at the top right of the main panel: Filter, and Launch Multiviewer: Filter Filter allows you to control which items appear in the main panel list. Enter the information string and click the Filter button on the panel (or press the Enter key on your keyboard). Only items that have that particular information string in their names will display in the list. For example, if TD is your information string, only items with names containing TD, such as TD-AGG-01, will display.
Sidebar Filter. Control the number and type of devices, ports and outlets that display in the Sidebar. When you click the upward-pointing arrow at the bottom left of the Sidebar panel it brings up the Filter dialog box . Choices Description All This is the default view. With no other filter options selected, all of the devices, ports and outlets that are accessible to the user are listed in the Sidebar. Drop down the list box to see all of the available choices and select one of them instead of All.
Web Access Click Web Access to open a browser session for the device on your desktop (as if you had opened a browser and logged in from the URL bar).
Power ON / OFF • For Aggregate and Power devices you can choose All ON or All OFF to turn all the outlets belonging to that device on or off. • For Power outlets, you can choose ON or OFF. If the port's status is ON, the choice is OFF - click OFF to turn the power to the outlet off. Note: The change doesn't appear in the table until you leave the page and come back to it. SSH / Telnet Session Choose to open an SSH or Telnet session to the selected port.
Device View Device view displays all of the devices that have been deployed under the KVM ACCESS system. To only see the ports for a particular device, click on the device in the Sidebar. Department View Department view displays all of the departments that have been created under the KVM ACCESS system, and the ports that have been assigned to each. To only see the ports belonging to a particular department, click on the department in the Sidebar.
Type View Type View displays all of the device types that have been created under the KVM ACCESS system, and the ports that have been assigned to each. To see only the ports belonging to a particular device type, click on the type in the Sidebar. Favorites View The Favorites page is similar to a bookmarks feature. Frequently accessed devices and ports can be saved under favorite names of your choosing here. Open this page and select the name, rather than hunting for devices and ports in the Sidebar.
Adding a Favorite. To create a Favorite and populate it with ports. 1. Choose Add Favorites from the Select Operation list. 2. Give the Favorite a name in the page that opens. Click the checkboxes of the ports you want to include, then click Save. When the operation is finished your Favorite displays in the main panel and is also listed in the Sidebar. Viewing a Favorite. A filter panel at the bottom of the sidebar lets you control the items that display on this page.
Managing Favorites. To add or remove ports from a Favorite: 1. Select the Favorite in the filter list. 2. Click Edit Ports (at the top-right of the panel) to open a page showing all of the ports available to the user. The ports that are currently included in the Favorites have a check in their checkboxes. 3. Check any ports you want to include in Favorites; uncheck any ports you want to remove from Favorites. 4.
User Preferences User Preferences is different from the other Menu Bar items. It does not provide an organizational view of the devices and ports. It has two Panel Menu items: Port Display, and Alias. Port Display lets you configure how the device tree appears in the Sidebar; Alias lets you give nicknames to your devices and ports. Port Display The Port Display page is the default that opens when you select User Preferences.
Alias Selecting Alias on the Panel Menu, opens a page that allows you to give your devices, ports, and outlets a nickname to make it more convenient to remember which items you are managing. • The default view only shows devices. To give an alias to a port or outlet, click the arrowhead in front of the device's name to show them. • Enter the alias into the Alias field of the device, port, or outlet.
User Management Overview The User Management page is used to perform the following functions: • Add, modify and delete user accounts. • Create user groups and assign users to them. • Specify device access rights for users and groups based on system default or custom defined user types. • Specify whether the user's authentication will be performed via the KVM ACCESS (internal) or via an external authentication server. Click the User Management tab to open the default Accounts page.
Accounts Add a user account 1. Select Users in the Sidebar. 2. Click Add at the top-right of the main panel to open the Add User-Account Information page. 3. Enter the information in the fields. Field Description Login Name • Internal (KVM ACCESS) Accounts: A maximum of the equivalent of 16 English alphanumeric characters is allowed. The minimum number of characters is based on the KVM ACCESS's account policy settings (see “KVM ACCESS Authentication” on page 44).
4. Click Next at the top-right of the main panel. If KVM ACCESS was chosen for authentication, the Add User-Account Status page opens. Field Description Password • Click the checkbox to the left of Use "password" as default to set the user’s password as the word password. • If you do not select Use "password" as default, enter the user's password in the Password field. A maximum of the equivalent of 16 English alphanumeric characters is allowed.
Managing User Accounts 1. Select Users in the Sidebar. 2. Click the user's name in the Sidebar, or in the main panel to open the user's Account Information page. There are three Panel Menu items: User Information, Group Membership, and Access Rights. User Information. This item contains all three pages (Account Information, Account Status, and Personal Information) used in the Add a User task (see page 31). The pages are used to modify a user's account (such as changing the user's password).
Adding Device Access: 1. Click the Add button to open a list of all the devices on the installation. 2. Put a check in the boxes next to the devices, ports, and outlets that you want the user to access. 3. For each selection, click on the arrow in the Configuration Rights column. Allowed lets the user configure the device or port settings. Denied means that the user cannot configure the device or port settings. 4.
Removing Device Access. To remove access to a device, port, or outlet, open the user's Access Rights page; place a check in the box in front of the device you want to remove; then click Delete. Managing Devices. Open the Management page of any device, port, or outlet, by clicking on it in the Device Name or Port Name list. Deleting User Accounts 1. Select Users in the Sidebar. 2. From the Interactive Display panel, check the box of the user whose account will be deleted.
Unlocking User Accounts If a user is locked out after exceeding the allowed login attempts, and the Force Manual Unlock option has been enabled (see “Lockout Policy” on page 94): 1. Select Users in the Sidebar. The locked user account will show Locked in the Status column. 2. In the Interactive Display panel, check the user whose account you wish to unlock. 3. Click Unlock at the right of the panel. 4. In the popup that opens, click OK. Note: 1.
Groups Groups allow administrators to manage users and devices. Since device access rights apply to anyone who is a member of the group, administrators set them once for the group, instead of for each user individually. Multiple groups can be defined to allow some users access to specific devices while restricting other users. Creating Groups 1. Select Groups from the User Management menu bar to open the Group List page. 2.
Adding Users to Groups 1. Select Groups from the User Management menu bar. 2. In the Sidebar or the Interactive Display panel, click the group's name to open the Group Information page. 3. Select the user you wish to add to the group from the Available list, then click the Add button to move the user from the Available list to the Selected list. 4. Repeat step 3 for other users you wish to add to the group.
Removing Users from Groups 1. Select Groups from the User Management menu bar. 2. In the Sidebar or the Interactive Display panel, click the group's name to open the Group Information page. 3. Select the user to be removed from the Selected list, then click the Remove button to move the user from the Selected list to the Available list. 4. Repeat step 3 for any other users you wish to remove from the group.
Types There are two user type categories: System and Custom. By default, KVM ACCESS supports six user types. These are referred to as System user types because they are built into the system. The roles assigned to members of these user types are fixed and cannot be changed. The Custom category provides the flexibility of assigning various role combinations.
Type Information. From the Members page, click on Type Information to see a description of that user type and the roles that are assigned to it. Note: The only change you can make on this page is in the Description field where additional information can be added about the user type. System Types The roles performed by members of the System category are fixed.
Custom Types Create custom user types, with any combination of roles assigned to them. Custom types may better suit your requirements than the pre-defined System types. 1. Select Types from the User Management menu bar. 2. In the Sidebar, click Custom Types to open the User Type List. All Custom user types that have been configured are displayed. 3. Click Add. In the page that opens, enter a name and description for the new type, then check the roles you want the new user type to perform. Note: 1.
Authentication Services KVM ACCESS provides an internal Username / Password authentication service. In addition, KVM ACCESS supports the following third party external authentication servers: LDAP, Active Directory, RADIUS, TACACS+, and Windows NT Domain. Note: 1. Authentication refers to determining the authenticity of the person logging in; authorization refers to assigning permission to use the device's various functions. 2.
KVM ACCESS Authentication There are some configuration settings you can make to the password policy function. All user accounts must follow the requirements you set here. To configure KVM ACCESS's password policy: 1. Select Authentication Services from the User Management menu bar. 2. In the Sidebar or the Interactive Display Panel, click KVM ACCESS to open the Properties page. 3. Configuration choices: Item Description Minimum username length 1-16 English alphanumeric characters.
External Authentication Servers In order to use a third party external authentication server, you must first add it to the Authentication Server list. 1. Select Authentication Services from the User Management menu bar to open the Authentication Server list. 2. Click the Add button at the top-right of the main panel to open the Add Authentication Service page. Click on the Server type to see the list.
Service Information. 1. LDAP Heading Information Connection Settings Get the information for these fields from the LDAP administrator. The port default is 636. Check with the LDAP administrator to confirm. For example settings see “LDAP/LDAPS - OpenLDAP Setting Example” on page 118. SSL Mode • Click the Do not use SSL radio button to use LDAP. LDAP User Schema Get the information for these fields from the LDAP administrator.
Deleting an External Authentication Server. 1. Select Authentication Services from the User Management menu bar to bring up the Authentication Server list. 2. In the Interactive Display panel, click to put a check in front of the external authentication server you wish to delete. Note: 1. Delete more than one server by checking as many names as required. 2. Delete all eligible servers by checking the box at the top of the column. 3.
Device Management Overview Use the Device Management page to add, configure, and organize the devices that will be managed over the KVM ACCESS network. Click the Device Management tab to open KVM ACCESS to the default Devices page. All devices and device folders in the KVM ACCESS database are listed in the Sidebar and in a table in the Interactive Display Panel. To access any device, click on it in either location. Note: The Device Management page is for System Administrators and Device Administrators.
Using VPN In some installations you may prefer to use a VPN (virtual private network) environment for your KVM ACCESS functions. This is accomplished by enabling the Management function (on the device's ANMS page - see page 104) and entering the IP address of the KVM ACCESS. See “VPNs” on page 104, for more details.
Device types that can be added and configured are found under the Add drop down list at the top of the main panel. Type Purpose Device Select to add devices into the KVM ACCESS system. Note: When devices are added all of their ports are locked by default and must be unlocked. See “Locking / Unlocking Ports” on page 60 for details. This allows addition of devices containing ports beyond the number allowed by the license.
Adding a Folder or Device 1. Click Add at the top right of the panel to open the list of items that can be added. Note: Before dropping down the list, you can click Show Available Devices for a list of the physical devices that are available. 2. Click on the item in the list that you would like to add. Depending on your selection, a page appears to provide the interface to set it up. Adding Folders. An organizational option that allows you to organize your enterprise-wide devices into useful categories.
To add a device: 1. Click to put a check in the checkbox in front of the device you wish to add. 2. Click Next to open the Configure Device Properties page. 3. Fill in the fields according to the information in the following table. Field Information Basic Information Name: Provide a name to identify the device. The default is the name given to the device under its independent configuration. If you change the name here, the change only takes place in the KVM ACCESS database.
KVM ACCESS Disable other authentication: An added security measure, if enabled, the device will only Options accept logins through the KVM ACCESS. While the device is connected to the KVM ACCESS system, users cannot log in to the device using the device's own authentication system, and they can only manage the device through the KVM ACCESS's interface. Note: 1.
To add an Aggregate Device: 1. Choose Aggregate Device Model from the drop down menu. Model options include Generic, IPMI, HP ILO2, IBM RSA II, Dell DRAC 5, and Dell DRAC 6. 2. Click Next to open the Configuration Properties page. • To configure Aggregate Device properties: – Provide a name to identify the aggregate device in the Name field. – Provide a further description of the aggregate device in the Description field.
4. Fill in the fields according to the information in the following table. Field Explanation Network Information Select the network: If the server for the aggregate device only has one network interface, select Primary, then configure the remaining fields. If it has more than one network interface, after you finish configuring the Primary network interface, come back to choose the additional network interfaces and configure each of them in turn.
Adding a Blade Chassis. Select Blade Chassis as an item to be added and the Add Group Device page opens. 1. Fill in the fields according to the information provided in the table below. Field Information Model Select the model type to add from the drop down list. Auto detect If you enable Auto detect, the Configure Blade Properties information (see page 57) will be filled in automatically.
5. When you have finished, click Next to open the Configure Blade Properties page. 6. For each blade, specify its Department, Location, and Type, and provide a brief Description. 7. When finished, click Save to open the Add Ports page. 8. Check the boxes for any ports to which the blade chassis connects and click Save. Adding a PDU: 1. Select Add APC PDU from the drop down menu. 2. Configure the Administrative Module Settings. When finished, click the Next button.
3. Configure the Device Properties. When finished, click the Next button. 4. The Configure Network Connectivity page opens. Select Enable web session, Enable SSO session, or Enable telnet session. Click Save to finish. Adding a Generic Device. Select Generic Device to open the Add Generic Device page. Note: See “Generic Device” on page 50, for an explanation of generic devices.
1. Fill in the fields according to the information provided in the table below. Field Information Device Information Name: Provide a name to identify the device. Description: If you wish to provide extra information to describe the device, enter it here. This field is optional. Department: For organizational purposes you can establish department categories (R&D, for example), and assign devices to them (see “Departments, Locations and Types” on page 71).
Modifying Devices. 1. Select Devices either in the Sidebar, or on the main menu bar. 2. Select the device you want to modify either from the Sidebar list, or in the main panel list. 3. Make your changes using the links that become available on the Panel Menu bar. See “Sidebar Device Configuration” on page 63 for details concerning these Panel Menus. Deleting Devices. To delete a device: 1. Select Devices either from the Sidebar list, or on the main menu bar. 2.
Tools Click Tools on the Panel Menu bar to open the page. Click an icon to perform a specific task described in the table. Icon Icon Name Task Broadcast IP address and port number to the devices Before a device can communicate with KVM ACCESS, its ANMS settings have to specify KVM ACCESS' IP address and device management port number. Click this icon and KVM ACCESS will broadcast its IP address and device management port number to the devices connected to it on its network.
Restoring Device Configurations. To restore a device's configuration and/or account information to one saved on a previously backed up configuration file: 1. In the Device Management > Devices > Tools Panel Menu, click Restore device configuration to open a list of saved configuration files. 2. Select the file to be restored, then click Next to open the Restore Configuration page. 3. In the Password field, enter the password you used when the file was created. 4.
Device Sync Click Device Sync on the Panel Menu bar to open the Device Sync Settings page. Configure automatic syncing of names between the KVM ACCESS and the installed devices. Check the boxes for the features you want to enable, then click Save. Sidebar Device Configuration Some device configuration aspects are established when devices are created. Manage additional device settings by selecting the device item in the Sidebar or from the Device List in the main panel.
Properties page contents: Item Explanation Basic Information Name: Provide a name to identify the port. The default is the port name it was given under its original device configuration. If you change the name here, the change only takes place in the KVM ACCESS database. The name on the original configuration remains the same. Model: KVM ACCESS recognizes the device model and fills in this field automatically. It cannot be edited.
When a port is selected only the Lock, Unlock and Save buttons appear at the top-right of the page. These buttons allow you to lock and unlock the ports individually. See “Locking / Unlocking Ports” on page 60 for more information. Access Rights - KVM Devices. When a KVM device is selected in the Sidebar or the Interactive Display Panel, you can set the configuration and access rights for it by clicking the Access Rights Panel Menu item. This opens a list of all users and groups given access to the device.
Action Buttons. In addition to Add, Delete, and Save, an Update All button (at the top-right of the panel) opens a page where configuration and access rights can be set for all users and groups on the selected device or port. Access Rights - KVM Ports. Select a port in the Sidebar or the Main panel list. Click the Access Rights Panel Menu item to open a page listing all users and groups with access. Set configuration and access rights here. Adding Users or Groups to the Port User/Group List. 1.
Deleting a User's or Group's Access Rights. 1. Click to put a check in front of the names of the users or groups to be removed. 2. Click Delete (at the top-right of the panel). Action Buttons. In addition to Add, Delete, and Save, an Update All button (at the top-right of the panel) opens a page where configuration and access rights can be set for all users and groups on the port. Device Configuration (For KVM Devices).
Port Configuration (For Cat5e KVM Devices). Allows you to configure the port from within KVM ACCESS, without accessing the device directly. Note: If the link between KVM ACCESS and the device is broken, device configuration changes will not be transmitted to the device. To make device configuration changes log in to the device directly (see “KVM ACCESS Options” on page 53, for details). This Panel Menu page is used to set the I/O attributes of the selected port.
Properties Page Action Buttons. The action buttons on the devices and outlets pages are the same, and perform the same functions as those found on the KVM properties pages. See “Properties Page Action Buttons” on page 64 for details. Access Rights (PDU), Stations, and Outlets. Access rights can be configured for the entire device (nested stations and outlets), station-by-station, or outlet-by-outlet.
Device Configuration (PDU). This Panel Menu item is similar to the one for KVM device configuration on page 67 except it has different secondary pages. The purpose of the secondary pages is to allow configuration of the device from within KVM ACCESS, without having to access the device directly. Note: 1. If the link between KVM ACCESS and the device is broken, device configuration changes made on these pages will not be transmitted to the device. You can log in to the device directly to make the changes.
Departments, Locations and Types For convenience and ease of management the Departments, Locations, and Types pages provide three more ways of organizing your devices. To use this organizational scheme, first create appropriate categories (such as R&D and Manufacturing under Departments; East Coast Operations under Locations; and Power under Types) and then assign devices to them (from the device's Properties page), as described in the sections that follow. Adding a Department Location or Type 1.
Unsupported Devices Devices whose firmware level is not compatible with the KVM ACCESS' current firmware level are unsupported. Click Unsupported Devices on the Menu Bar to open a page that lists all such devices deployed on the KVM ACCESS installation: To make these devices available for management under KVM ACCESS, upgrade their firmware to the latest version. 1. Add the device's firmware upgrade file to KVM ACCESS. See “Appliance Files” on page 92 for details. 2.
System Management Overview By connecting individual KVM ACCESS server segments through their IP addresses into an integrated worldwide network, KVM ACCESS provides secure, centralized, single IP address login access, to all your data center equipment from anywhere there is an internet connection. When you click the System Management tab, KVM ACCESS opens to the default page. Note: The System Management page is only available to System Administrators.
The KVM ACCESS Server This page refers to the KVM ACCESS server you are currently logged into. Other KVM ACCESS servers on the installation are ignored. The menu offers five Panel Menu choices: Server Information, Server Settings, Session, Security, and Certificate. Note: Changes to other servers on the installation can only be made by logging into them directly. Server Information The default page is Server Information: This page allows you to configure the KVM ACCESS server's settings.
Server Settings To modify the information, move through them sequentially by clicking the arrow icons at the left of the main panel in the grey bar, or go directly to a page by hovering over the menu and selecting the page from the popup menu that opens. SMTP. KVM ACCESS can send email notification of event traps on the installation to specified users. Note: Event notification recipients are designated on the The Notification Settings page. See page 97 for details. To enable SMTP server setting: 1.
5. If the SMTP server requires authentication, check the SMTP server requires authentication checkbox, then specify the authentication account name and password in the appropriate fields. 6. Click Test to check that the SMTP server setting is configured properly and the page opens. 7. Enter an email address for the recipient of the test email then click OK. If the settings have been configured correctly, the recipient will receive the test email.
Syslog. To record all the events that take place on KVM ACCESS and write them to a Syslog server: 1. Check Enable. 2. Enter the IP address and port number of the Syslog server. The valid port range is 1-65535. 3. Select whether to log a short message or a full message. 4. Select the message’s language from the drop down list. When all your settings have been made, click Save. Dial In. In addition to Internet connections, KVM ACCESS can also be accessed from PPP (modem).
Sessions Clicking the Sessions Panel Menu item that appears when KVM ACCESS Network is selected on the Page Menu, or in the Sidebar, lists all the sessions currently taking place on all the KVM ACCESS on the installation, and provides information concerning the "who, where and when" of each. Note: 1. To only see the sessions for a particular KVM ACCESS server, use the navigation buttons at the top-right of the main panel to select it. 2.
MAC Filtering. MAC filtering controls access to KVM ACCESS based on the MAC addresses of the computers attempting to connect to it. • To enable IP filtering, check the Enable IP Filter checkbox. – If Validate MAC at KVM ACCESS login is enabled, KVM ACCESS will verify the client PC's MAC address when the user attempts to log in. Otherwise, the MAC address will only be verified when attempting to open a viewer.
Changing a Self-Signed Certificate. Changing a self-signed certificate allows you to provide additional information in the certificate that wasn't generated in the installation certificate. The way to change a self-signed SSL certificate is to create a new one. To create a new self-signed certificate: 1. At the top-right of the Certificate panel, click Update to open the page: 2.
To use a third party signed certificate: 1. After generating the self-signed certificate, click Get CSR (Certificate Signing Request) at the top-right of the panel. (See the screenshot on page 153.) 2. Go to the CA website of your choice and apply for an SSL certificate using the information generated in step 1. 3. After the CA sends you the certificate, open the Server Certificate page, click Update at the topright of the panel. 4.
Upgrading the License 1. Contact apc to obtain a license key for the number of nodes you want to access. 2. Insert the license key into a USB port on your master server. 3. Click Upgrade at the top right of the main panel. Note: 1. Once the upgrade has completed, it is not necessary to keep the key plugged into the USB port. Store the key in a secure location. It will be needed for future upgrades. 2. If you lose the USB license key, contact APC to obtain another one.
Tasks The Tasks menu allows authorized administrators to perform a number of system maintenance tasks. The tasks that can be performed are determined by the user's type, and the authorization options that were selected when the user's account was created. These include: • Backing up the server database Note: Restoring the database requires a separate utility and procedure. See “Restore” on page 111, for details.
Backup the Server Database When you choose the Backup the server database task, the following page appears: 1. Enter a name for the task, and a password. Note: The password is optional. If you set one, store it in a safe place. You will need it when restoring the database. (You can restore the database without a passord. See “Restore” on page 111, for information.) 3. The password cannot exceed the equivalent of 8 English alphanumeric characters. 4. The extension of the backup file is cbk (*.cbk). 2.
5. Complete the schedule choices and click Next. The task is now added to the Task List on the main page. Note: Run a task (or tasks) at any time by putting a check in the box in front of its name and clicking Run Now at the top-right of the panel. Export Event Log 1. Enter a name for the task in the Task name field. Note: The Export Event Log operation is performed on each server independently. To search a server's records you must look at its file.
3. Select an item to include in the exported file in the Available column. Click Add to move it into the Selected column. Repeat for any other log file items to be included. Note: To select multiple items, use Shift+Click or Ctrl+Click. 4. To change the order of the Selected items, click on the item you want to move, then click Up or Down to change the position. 5. For Choose Export Period, selecting All exports all the records in the database.
Power Control a PDU Set a schedule to automate turning power ports on and off for the selected device as a whole, or on a port-by-port basis. Choosing this task opens the Power Control page with the Target Device category selected: To perform the task on a port-by-port basis, select the Outlets category. 1. Provide a name for the task. 2. Put a check in front of the target devices or ports you want to control or put a check at the top of the column to select all of them. 3.
Upgrade Selected Appliance Firmware This task allows you to schedule firmware upgrades of devices on your installation to take place at the most convenient time. Choose Upgrade Selected Appliance Firmware to open the Firmware Upgrade page. To schedule firmware upgrade of selected appliances: 1. Click a radio button to choose the latest upgrade file stored with the KVM ACCESS server or a file that you have uploaded. Note: 1. The files stored with the KVM ACCESS server came as part of its firmware.
7. Choose Selected device and check the box in front of the devices to upgrade (or check the box at the top of the column to select them all). Note: For KVM switches with Adapter Cables, click the arrowhead in front of the switch's name to select the Adapter Cable firmware to upgrade. 8. Click Next. 9. Make schedule choices in the Schedule page that opens. Note: The schedule choices are similar to the ones described for “Backup the Server Database” on page 84. 10.Comlete the schedule choices and click Next.
3. Make schedule choices in the Schedule page. Note: The schedule choices are similar to those described for the Backup server database task. Refer back to page 84 for details. 4. Complete the schedule choices and click Next. When the procedure finishes, the Tasks main page opens, and the Backup device configuration/ account information task is now added to the Sidebar and the Task List.
4. For the Time Range: a. Selecting All exports all the records in the database. b. To export records for a particular time period, select the Include radio button and set the time parameters with the From and To settings. To export all records that do not include a particular time period, select the Exclude radio button and set the time parameters that you do not want to include with the From and To settings. 5. For Export File Type, click the radio button in front of your choice.
To change the parameters of the task: 1. Click on the task name on the Sidebar or in the Task List. 2. When the Schedule page opens, click Task Properties on the Panel Menu. 3. When the Task Properties page opens, make the changes and click Save. Deleting a Task If a task is no longer needed, put a check in the box in front of its name and click Delete at the top-right of the panel. Replicate Database Select Replicate Database, to open the Schedule page.
Adding Firmware Files. 1. Click Add to open the Add Firmware File page. 2. Browse to the location where the downloaded files are stored and select the file. 3. Provide a description for the file. 4. Click Save to complete the procedure and add the firmware file to the list. Note: If the firmware file isn't KVM ACCESS compliant (even though it is compliant for the device in a stand-alone configuration), KVM ACCESS will not let you load it. Deleting Firmware Files. 1. Select Firmware in the Sidebar. 2.
Sidebar Server Tree When KVM ACCESS Network is selected on the menu bar, clicking on a server name, either in the Sidebar or in the Interactive Display Panel, opens a page with two Panel Menu entries: Properties, and Sessions. Properties The Properties page opens as the default. This page displays information reflecting the server's configuration settings. It is view only. Any changes to these settings must be made through the Server Information Panel Menu of the This Server menu (see page 74).
Logs Overview KVM ACCESS keeps a record of all transactions that take place on its installation. The Logs page provides filters and functions to view and export the log file data, as well as email alerts of specified events as they occur. KVM ACCESS Logs Logs Click the Logs tab to open the default KVM ACCESS Logs page. • The default layout shows information concerning all of the events on all the logs on the entire KVM ACCESS installation, displayed in reverse chronological order.
• Click on an item's Description to open a page with detailed information about the item. Use the buttons at the top-right of the panel to move to the previous or next item in the details view, or close the page and return to the Log page. • To save the log list to a file, click the Diskette icon button. Only the displayed list (All, or a filtered choice) is saved. • To print out the log list, click the Printer icon button. Only the displayed list (All, or a filtered choice) is printed.
Item Description Maintenance Click a radio button to select to maintain the log database on a Days or Records basis. Select the number of days or records. When the number is reached, events are discarded on a "first in, first out" basis. The range is from 7-90 days, and 1000-100,000 records. Display Set the maximum number of events to display on the web page. The range is from 10-100.
Adding and Configuring Notification Users. 1. Click Add at the top-right of the panel to open the Email Notification - Add/Edit Notification Events page. 2. Enter an appropriate title for the notification message in the Subject field 3. Enter the email address of one of the administrators in the Mail from field. 4. Enter the email address of the person who will receive the email notification in the Send to field.
Export Logs The Export Logs page is used to save selected logged events to a file. To save selected logged events to a file: 1. Select a log file item to include in the exported file in the Available column, then click Add to move it into the Selected column. Repeat for any other log file items to be included. 2. To change the order of the Selected items, click on the item to be moved, then click Up or Down to change the position. 3.
Import Logs The Import Logs page is used to open previously saved log files for viewing. To import a previously saved log file, do the following: 1. Enter the full path to the file in the Log file field or click Browse to navigate to it. 2. If the file has been encrypted, enter the password that was used when it was created into the Password field. 3. Click Import (at the top-right of the panel). When the file is imported, its contents appear in the KVM ACCESS Log List panel.
Device Logs KVM ACCESS acts as a log server for all APC devices, recording the system events that take place on those devices in a database. Click Device Logs on the Submenu bar to open the Device Logs Search page to search for events containing specific words or strings. • The default layout shows log information for all devices on the KVM ACCESS installation displayed in reverse chronological order.
Device Log Search To search the logs: 1. To search for a particular word or string, enter it in the Pattern field. 2. Time Range: Select All to search all the records in the database for the selected pattern. To search records for a particular time period, select the Include or Exclude radio button, and set the time parameters with the From and To settings. Note: 1. If Include is selected, all events in the specified time range are searched. 2.
Specifications Technical Support For online technical support, go to www.apc.com/support. Product information to have available: • Product model number, serial number, and date of purchase. • Your computer configuration, including operating system, revision level, expansion cards, and software. • Any error messages displayed at the time the error occurred. • The sequence of operations that led up to the error.
Device ANMS Settings To enable KVM ACCESS Management of a device from the device's ANMS settings page: 1. Log into the device. 2. Refer to the device's User Manual to locate its ANMS settings page. 3. In the ANMS page, click the checkbox to enable KVM ACCESS Management, then enter the IP address and device port number (see “Device port” on page 8), of the KVM ACCESS server that will manage the device.
Name, Description, and Range Parameters Note: Unless otherwise specified, field entries can be input in any supported language.
Departments/ Locations Name Description Tasks All Tasknames Master Database Backup Password Export Device Log Pattern KVM ACCESS By Period Log Options By Record Records per page Log Notification Subject Settings Mail from Send to Preferences: Web Display screen name options 0 - 32 Bytes. Up to 256 Bytes. No limit on the number of Bytes. 0 - 8 Bytes. 0 means no password authentication. No limit on the number of Bytes. 7 - 90 days 1000 - 100,000 10 - 100 1 - 128 Bytes. Up to 64 Bytes. Up to 128 Bytes.
Troubleshooting Problem Resolution After installing KVM ACCESS, The error message is generated by the Operating System, it indicates that the KVM the message: Error 1067 appears ACCESS service is unable to run. To resolve the problem try: a few minutes later. 1. Rebooting the computer. 2. Checking that your computer meets the minimum requirements to run KVM ACCESS (see “Server Requirements” on page 3). 3. Uninstalling and reinstalling KVM ACCESS.
Troubleshooting, continued I am not receiving email notifications of event trap situations. 1. Check that the email server settings have been specified correctly in the KVM ACCESS Manager. 2. Check that the email address in the related device's settings is correct. 3. Check that the event trap settings for the related device has been specified correctly. When I try to access my Generic Generic devices are accessed directly from the device's IP address.
Troubleshooting, continued When a viewer is opened, the web page does not display or work correctly, and an error message displays. Reset the Internet Explorer security settings to enable Active Scripting, ActiveX controls, and Java applets. By default, Internet Explorer 6 and some versions of Internet Explorer 5.x use the High security level for the Restricted sites zone. Microsoft Windows Server 2003 uses the High security level for both the Restricted sites zone and the Internet zone.
KVM ACCESS Utility Overview The KVM ACCESS Utility is installed as part of the installation procedure. It allows configuration of a number of KVM ACCESS' parameters from the desktop of the computer that KVM ACCESS runs on without invoking the browser GUI. In Windows, to run the program, open the Start menu; navigate to KVM ACCESS (Programs > KVM ACCESS), and select KVM ACCESS Utility: In Linux, as root, go to the /home/KVM ACCESS/Runable directory, and run the KVM ACCESS_Utility file.
System Settings The program that serves the KVM ACCESS' web pages is Apache Tomcat. KVM ACCESS' installation program asks you to specify the ports that Apache Tomcat monitors for web requests. • The HTTP port is the regular port that Apache Tomcat monitors. The default is 80. If you use a different port, specify the port number in the URL of the browser. • The HTTPS port is the secure port that Apache Tomcat monitors. The default is 443.
View License View the licenses related to KVM ACCESS. To view a license, click its radio button.
Authentication Key Utility Overview The Authentication Key Utility (AuthKeyStatus.exe), is a Windows-based utility for accessing and updating the information and data contained in the KVM ACCESS Authentication Key. AuthKeyStatus.exe, can be found on the KVM ACCESS CD. Key Status Information The dialog box is described in the table below: Section Purpose Key Status Indicates whether the key has been recognized and accepted as valid or not.
Key Firmware Upgrade As new revisions of the KVM ACCESS Authentication Key's firmware are released, the upgrade files are posted on www.apc.com. Check the web site regularly to find the latest files and information. Starting the Upgrade 1. Go to www.apc.com to download the new firmware file to your computer. 2. With the authentication key plugged in, run the Key Status Utility (AuthKeyStatus.exe). Note: 1. AuthKeyStatus.exe only runs under Windows. 2. Firmware version 2.1.
6. The utility finds your device, and lists it in the Device List panel. Click Next to continue. Note: Check Firmware Version compares the device's firmware level with the upgrade files. If the device's version is higher than the upgrade version, a dialog box opens giving you the option to Continue or Cancel. If you don't enable Check Firmware Version, the Utility installs the upgrade files without checking them.
Key License Upgrade Overview KVM ACCESS allows ecustomers to update their authentication keys to reflect an increase to their number of licenses. Contact APC to purchase the 1024 key license upgrade (SEKVM1024N). Note: A separate order must be processed for each key. To upgrade the key: • A Windows-based Key Status Utility is used to extract the key's information and write it to a Key Information Data File. The key information data file is then used in a a browser session to generate a license upgrade file.
Performing the Upgrade. After the upgrade process is finished, an "Upgrade File" will be sent to allow you to upgrade your license key. To upgrade license key: 1. Run the Key Status Utility again. 2. In the License Upgrade panel, click Upgrade. 3. In the dialog box that opens, select the upgrade file (KeyUpgrade.dat). – Click Open. A window opens stating that the upgrade was successful. – The figure for the number of licenses in the License Information panel changes to reflect the upgrade.
External Authentication Services Overview In addition to its own internal Username / Password authentication procedure, KVM ACCESS supports authentication from external, third party authentication services. If a third party service has been specified for a user, KVM ACCESS transfers the login information to the appropriate service for authentication using an encrypted HTTPS (SSL) connection.
The KVM ACCESS Administrator gets this information to use in the Adding an External Authentication Server procedure (see “LDAP” on page 46). In this example, the fields would be filled in as follows: – IP: 192.168.10.100 – Port: 389 – BaseDN: dc=apc,dc=com – UserRDN: ou=software – Key attribute: cn – Object class: person – Full name attribute: sn After the LDAP Authentication server has been added, the KVM ACCESS Administrator can use the Browse button to browse all the user names in the software directory.
RADIUS Settings Example In this example the external server is RADIUS: Microsoft IAS for Windows Server 2003. Its IP address is 10.0.0.100. Configure RADIUS as follows: 1. Open Start > Control Panel > Administrative Tools > Internet Authentication Services. 2. In the screen that comes up, right click on RADIUS Client. 3. Select New RADIUS Client. 4. In the screen that opens, enter the Friendly name. For example: KVM ACCESS-10.0.0.131, then click Next. 5. In this example, the KVM ACCESS's IP is 10.0.0.131.
TACACS+ Settings Example In this example the external server is TCACS+: Microsoft IAS for Windows Server 2003 (ClearBox). Its IP address is 10.0.0.100. Configure TCACS+ as follows: 1. Open Start > All Programs > ClearBox RADIUS TACACS+ Server > Server Manager. 2. In the screen that comes up, click Connect. 3. Enter the password that you set when you installed the ClearBox RADIUS TACACS+ Server. 4. In the ClearBox Server Configurator screen, select the Server Settings tab. 5.
LDAP Group Authorization Setting Examples Example 1. In this example the external server is OpenLDAP on Windows Server 2003 as shown in the “LDAP/LDAPS - OpenLDAP Setting Example” on page 118. 1. Under the KVM ACCESS User Manager tab, select Authentication Services > Authentication Servers. 2. Select the OpenLDAP server, then click Group Authorization. 3. Click the Group has Member attribute radio button. 4. Click Add (at the top-right of the panel). 5. In this example add the groups1 group.
Example 2. By default OpenLDAP only supports the Group has Member attribute setting for the group related schema. This was the setting used in Example 1. An alternative setting used by other LDAP servers, User has Member Of attribute, is also supported under OpenLDAP by extending the schema. In this example the external server is OpenLDAP on Windows Server 2003 as shown in the “LDAP/ LDAPS - OpenLDAP Setting Example” on page 118. 1.
3. Check the group definition with LDAP Browser. 4. Repeat step 2 for each user account that you want to add to the group. Once these procedures are completed, KVM ACCESS users who are authenticated through the LDAP/ LDAPS server, are authorized according to the permissions assigned to the group. Active Directory Group Authorization Setting Example In this example the external server is Active Directory on Windows Server 2003 as shown in the “Active Directory Settings Example” on page 119. 1.
APC Worldwide Customer Support Customer support for this or any other APC product is available at no charge in any of the following ways: • Visit the APC Web site to access documents in the APC Knowledge Base and to submit customer support requests. – www.apc.com (Corporate Headquarters) Connect to localized APC Web sites for specific countries, each of which provides customer support information. – www.apc.com/support/ Global support searching APC Knowledge Base and using e-support.
