Dell™ Remote Console Switch User's Guide
Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. ____________________ Information in this document is subject to change without notice. © 2012 Dell Inc. All rights reserved.
Contents Product Overview 1 Features and Benefits Reduce Cable Bulk KVM Switching Capabilities Multiplatform Support True Serial Capabilities Local and Remote User Interfaces Virtual Media and Smart Card-capable Switches On-board Web Interface Access the Switch Using a Standard TCP/IP Network Encryption Video Flash Upgradeable Tier Expansion Avocent Management Software Plug-in FIPS cryptographic module 1 2 2 2 3 3 3 4 4 4 4 5 5 5 5 Sample Configuration 7 Safety Precautions 8 General 9 LAN Options
Installing the RCS 22 Connecting the RCS Hardware Connecting a SIP Adding a Tiered Switch Cascading with Legacy Switches Adding a PEM (Optional) 25 29 31 34 36 Configuring the Remote Console Switch Setting up the Built-in Web Server Connecting to the OBWI Through a Firewall 38 38 38 Verifying the Connections Rear Panel Ethernet Connection LEDs Rear Panel Power Status LEDs 41 41 41 Adjusting Mouse Settings on Target Devices 42 Local and Remote Configuration 43 Local User Interface (UI) Filtering
NTP Settings 57 SNMP Settings 57 Auditing Event Settings 58 Setting Event Destinations 58 Ports - Configuring SIPs Upgrading SIPs 59 59 Power Device Settings Associated Target Servers and Power Outlets Grouping Power Outlets Default Outlet Names Assigning an Outlet Name Local Session Page on the Local Port 60 61 63 64 65 69 Local Port UI Settings 70 Modem Settings 71 Setup Settings - Port Security 72 Sessions Configuring General Sessions Configuring KVM Sessions Configuring Local Virtual M
The Video Viewer Window Changing the Toolbar 81 83 Launching a Session Session Time-out 84 84 Window Size 85 Adjusting the View 85 Refreshing the Image 87 Video Settings Additional Video Adjustment Target Video Settings Automatic Video Adjustment Video Test Pattern Vendor-specific Video Settings 87 87 89 89 90 90 Color Settings Adjusting Color Depth Contrast and Brightness 90 90 91 Noise Settings Detection Thresholds 91 91 Mouse Settings Adjusting Mouse Options Cursor Type Mouse Scaling Mous
Keyboard Pass-through 103 Macros 104 Saving the View 104 Closing a Session 104 LDAP Feature for the RCS 105 The Structure of Active Directory Domain Controller Computers Object Classes Attributes Schema Extensions 105 105 106 107 107 Standard Schema versus Dell Extended Schema 108 Standard Installation 109 Configure the Override Admin Account 110 Configuring DNS Settings 110 Configuring the Network Time Protocol (NTP) Settings 112 Configuring the LDAP Authentication Parameters 112 Enab
LDAP SSL Certificates Enabling SSL on a Domain Controller Login Timeout 127 128 132 CA Certificate Information Display 133 Configuring Group Objects 134 Active Directory Object Overview for Standard Schema 137 Dell Extended Schema Active Directory Object Overview 139 Configuring Active Directory with Dell Schema Extensions to Access Your RCS 143 Extending the Active Directory Schema (Optional) 143 Installing the Dell Extension to the Active Directory Users and Computers Snap-In (Optional) 144 Opening th
Appendix B: Using SIPs 157 ACS Console Server Port Pinouts 157 Cisco Port Pinouts 158 Appendix C: MIB and SNMP Traps 159 Appendix D: Cable Pinouts Information 165 Modem Pinouts 165 Console/Setup Pinouts 166 Appendix E: UTP Cabling 167 UTP Copper Cabling 167 Wiring Standards 167 Cabling Installation, Maintenance, and Safety Tips 168 Appendix F: Sun Advanced Key Emulation 171 Appendix G: Technical Specifications 173 Appendix H: Technical Support 177 Contentsxxx | xxxvii
Contentsxxx | xxxviii
1 Product Overview The Dell 1082DS/2162DS/4322DS Remote Console Switch (RCS) digital keyboard, video and mouse (KVM) over IP and serial console switches combine analog and digital technology to provide flexible, centralized control of data center servers, and to facilitate the operations, activation, and maintenance of remote branch offices where trained operators may be unavailable.
• dual stack IPv4 (DHCP) and IPv6 (DHCPv6 and stateless autoconfiguration) for simultaneous access • accessibility to target devices across 10/100/1000BaseT LAN ports. • a MODEM port that supports V.34, V.90 or V.92-compatible modems that may be used to access the switch when an Ethernet connection is not available • FIPS support Reduce Cable Bulk With server densities continually increasing, cable bulk remains a major concern for network administrators.
Interoperability with Avocent® IQ Module Intelligent Cabling may also be used to connect devices to the RCS. PS/2, USB, Sun®, and serial module options are available. For more information, please refer to the appropriate Avocent installer/user guide for your product or visit avocent.com/manuals for more information.. True Serial Capabilities The RCS supports SIPs that provide true serial capabilities through Telnet.
NOTE: To open a virtual media or smart card session with a target device, you must first connect the target device to a switch using a SIP. On-board Web Interface The OBWI provides similar management functions as the RCS software, but does not require a software server or any installation. The OBWI is launched directly from the switch, and any servers connected to the RCS are automatically detected. You can use the OBWI to configure the RCS from a web browser.
Flash Upgradeable Upgrade your RCS and SIPs at any time to ensure you are always running the most current firmware version available. Flash Upgrades can be initiated through the OBWI or the serial console. The RCS can be configured to perform automatic firmware upgrades of SIPs. See "Upgrading RCS Firmware" on page 52 for more information. Tier Expansion The RCS features allow you to tier additional Dell RCSs from each of the Analog Rack Interface (ARI) port on the switch.
NOTE: The FIPS mode can be changed via the DSView software plug-in. RCS switches use an embedded FIPS 140-2 validated cryptographic module (Certificate #1051) running on a Linux PPC platform per FIPS 140-2 Implementation Guidance section G.5 guidelines. The FIPS mode can be enabled/disabled via the OBWI, Local Port, or DSView plug-in. A reboot is required to enable or disable FIPS mode. A firmware upgrade to this version or setting the state to the default state (Setup Port menu) will disable FIPS mode.
Sample Configuration Figure 1.1: Example RCS Configuration Table 1.1: Descriptions for Figure 1.
Number Description Number Description 1 UTP connection 6 Telephone network 2 KVM connection to the RCS 7 Ethernet 3 Remote IP connection 8 Avocent Management Software Server 4 RCS 9 Analog User (local UI) 10 Digital user (computer with Internet browser for a remote OBWI or Dell RCS software) 5 Modem Safety Precautions Use the following safety guidelines to help ensure your own personal safety and to help protect your system and working environment from potential damage.
• Dell RTF Regulatory Tech Bulletin General • Observe and follow service markings. • Do not service any product except as explained in your system documentation. • Opening or removing covers that are marked with the triangular symbol with a lightning bolt may expose you to electrical shock. • Components inside these compartments should be serviced only by a trained service technician. • This product contains no serviceable components. Do not attempt to open.
• Operate the product only from the type of external power source indicated on the electrical ratings label. If you are not sure of the type of power source required, consult your service provider or local power company. NOTE: To help avoid damaging your system, be sure the voltage selection switch (if provided) on the power supply is set for the voltage that most closely matches the AC power available in your location. Also be sure that your monitor and attached devices are electrically rated to operate.
• Never connect or use in a wet environment.
12xxx | Product Overviewxxx
2 Installation The RCS transmits KVM and serial information between operators and target devices connected to the switch over a network using either an Ethernet or modem connection. The RCS uses TCP/IP for communication over Ethernet. For the best system performance, use a dedicated, switched 100BaseT or 1000BaseT network. You can also use 10BaseT Ethernet. The RCS uses the Point-to-Point Protocol (PPP) for communication over a V.34, V.90, or V.92 modem.
1 Adjust mouse acceleration on each server to Slow or None. 2 Install the RCS hardware, and connect a Server Interface Pod (SIP) or Avocent® IQ module to each server or tiered switch. Connect each SIP or Avocent IQ module to the RCS with CAT 5 cabling and connect the keyboard, monitor, and mouse connectors to the analog port of the RCS. 3 Connect the local port peripherals to the appropriate ports on the back panel of the RCS and set up the network configuration.
8 If the local user adds, deletes, or renames any SIPs after you have loaded this file, you can resynchronize your local switch by selecting the RCS and clicking Resync. To control a connected server, select it in the Explorer and click the Connect Video task button to launch a server session in the Viewer. 9 Adjust the resolution (select View - Scaling) and quality (select View Color) of the server video in the Viewer. Getting Started The following items are supplied with the Remote Console Switch.
NOTE: You cannot open a virtual media session or a CAC session if the server is connected via a PEM. Setting up Your Network The switch uses IP addresses to uniquely identify the switch and the target devices. The RCS supports both Dynamic Host Configuration Protocol (DHCP) and static IP addressing. Make sure that an IP address is reserved for each switch and that each IP address remains static while the switch is connected to the network.
Stabilize racks in a permanent location before loading begins. Mount components beginning at the bottom of the rack, then work to the top. Do not exceed your rack load rating. • Power considerations: Connect only to the power source specified on the unit. When multiple electrical components are installed in a rack, ensure that the total component power ratings do not exceed circuit capabilities. Overloaded power sources and extension cords present fire and shock hazards.
Figure 2.1: 1U Tool-less Configuration 2 Align and seat the front flange pegs in the holes on the front side of the vertical post (item 2). 3 Repeat this procedure for the second rail. 4 To remove each rail, pull on the latch release button on each flange ear (item 3) and unseat each rail. Two-post Flush-mount Configuration 1 For this configuration, the castings must be removed from the front side of each ReadyRails assembly (Figure 2.2, item 1).
2 Attach one rail to the front post flange with two user-supplied screws (item 2). 3 Slide the plunger bracket forward against the vertical post and secure the plunger bracket to the post flange with two user-supplied screws (item 3). 4 Repeat this procedure for the second rail.
Two-post Center-mount Configuration 1 Slide the plunger bracket rearward until it clicks into place and secure the bracket to the front post flange with two user-supplied screws (Figure 2.3, item 1). Figure 2.3: Two-post Center-mount Configuration 2 Slide the back bracket towards the post and secure it to the post flange with two user-supplied screws (item 2). 3 Repeat this procedure for the second rail.
screws from each flange ear and remove each casting (Figure 2.4, item 1). Retain castings for future rack requirements. 2 For each rail, attach the front and rear flanges to the post flanges with two user-supplied screws at each end (item 2). Figure 2.
Installing the RCS The switch may be mounted in the 1U rear-rack, 1U front-rack, 1U two-post (flush and center), and 0U configurations. The following are examples of 1U rearrack, 1U front-rack, and 0U configurations. For 1U two-post (flush and center) configurations, you can slide the switch into the rails in the same manner as the four-post configurations.
2 Secure each switch rail with the thumbscrew (item 2). 3 (Optional) Assemble the blanking panel to the rails on the front side of the rack and tighten the thumbscrews (item 3). To remove the switch from the rack: 1 Unscrew the thumbscrews and pull the switch assembly out of the rack until the travel stops are reached. The travel stop position is intended to provide the opportunity to reposition the rail grip; it is not intended for service.
2 Rotate each rail 180° (item 2) and then reassemble each rail to the switch (item 3). 3 Refer to the 1U rear-rack instructions to insert and remove the switch assembly from the ReadyRails system. NOTE: No blanking panel is required for this configuration. 0U RCS Installation 1 Align and assemble the 0U mounting bracket to the switch rails (Figure 2.7, item 1). Tighten the thumbscrews (item 2).
To remove the switch assembly, press the blue button (item 3) to unseat the bracket and then lift the assembly from the posts. Connecting the RCS Hardware The following diagram illustrates one possible configuration for your RCS hardware. Figure 2.
Table 2.
Number Description Number Description 3 Modem 9 SIPs 4 Telephone network 10 Target devices 5 Network 11 RCS (32-port model shown) 6 Digital user To connect and turn on your switch: CAUTION: To reduce the risk of electric shock or damage to your equipment, do not disable the jumper cord grounding plug. The grounding plug is an important safety feature. Plug the jumper cord into a grounded (earthed) outlet that is easily accessible at all times.
• This product has no user serviceable parts inside the product enclosure. Do not open or remove product cover. 1 Connect your VGA monitor and USB keyboard and mouse cables to the appropriately labeled ports. 2 Connect one end of a UTP cable (4-pair, up to 150 ft/45 m) to an available numbered port. Connect the other end to an RJ-45 connector of a SIP. 3 Connect a SIP to the appropriate port on the back of a target device. Repeat steps 2 and 3 for all target devices you want to connect.
second power socket on the rear of the RCS, and plug the other end into a different power source. NOTE: Plug the redundant power supplies into separate branch circuits to provide additional redundancy in the event one external AC power source should go away. 8 (Optional) Connect the virtual media devices or smart card readers to any of the USB ports on the switch. NOTE: For all virtual media sessions, you must use a USB2 or USB2+CAC SIP.
Table 2.2: Descriptions for Figure 2.9 Number Description 1 CAT 5 2 USB Connection 3 VGA Connection To connect a SIP to a serial device using a UTP connector: 1 Connect the SIP RJ-45 connector to the serial device.
Connect the SIP to an RJ-45 to 9-pin female adaptor. Connect the adaptor to the serial port of the serial device. 2 Connect one end of a UTP cable (4-pair, up to 150 ft/45 m) into an available numbered port on the rear of the switch. Connect the other end into the RJ-45 connector of the SIP. 3 Connect a USB-to-barrel power cord to the power connector on your SIP. Connect the USB connector on the USB-to-barrel power cord into any available USB port on the serial target device.
NOTE: The switch supports one tiered switch per target port of the main switch. You cannot attach a switch to the tiered switch. NOTE: When cascading with an RCS, an 8-port or 16-port analog console switch is not supported as the primary unit in a tiered configuration. The RCS must be the primary unit.
Figure 2.10: Tiering the RCS With a UTP Analog Switch Table 2.3: Descriptions for Figure 2.
Cascading with Legacy Switches To add a legacy switch (optional): 1 Mount the switch into your rack. Locate a UTP cable to connect your RCS to the legacy switch. 2 Attach one end of the UTP cabling to the ARI port on the Console Switch. 3 Connect the other end of the UTP cable to a PS/2 SIP. 4 Connect the SIP to your legacy switch according to the switch manufacturer's recommendations. 5 Repeat steps 1-4 for all the legacy switches you wish to attach to your switch.
Figure 2.11: Cascading Legacy Switches Table 2.4: Descriptions for Figure 2.
Number Description 3 PS2 Connection 4 Target Connection Adding a PEM (Optional) A Port Expansion Module (PEM) allows you to expand each ARI port to accommodate up to eight devices instead of one. See the following figure and figure description table. NOTE: The PEM operates passively. Therefore, once a user accesses a device attached to a PEM, any subsequent users attempting to access any of the devices attached to that PEM will be blocked. NOTE: The use of VM or CAC SIPs behind a PEM is not supported.
Table 2.5: Descriptions for Figure 2.
Configuring the Remote Console Switch Once all physical connections have been made, you will need to configure the switch for use in the overall switch system. This can be accomplished in two ways. To configure the switch using Avocent management software, see the applicable Avocent Installer/User Guide for detailed instructions. To configure the switch using the local UI: See "Network Settings" on page 55 for detailed instructions on using the local UI to configure initial network setup.
Port Number Function TCP 443 Used by the web browser interface for managing the switch and launching KVM sessions. The RCS Admin can change this value. TCP 2068 Transmission of KVM session data (mouse & keyboard) or transmission of video on switches. TCP/UDP 3211 Discovery.
Table 2.7: Descriptions for Figure 2.13 Number Description 1 RCS 2 Firewall 3 User’s computer 4 Firewall forwards HTTP requests and KVM traffic to the switch 5 User browses to firewall’s external IP address To configure the firewall: To access the switch from outside a firewall, configure your firewall to forward ports 22, 23 (if telnet is enabled), 80, 443, 2068, and 3211 from its external interface to the KVM switch through the firewall’s internal interface.
For information on launching the OBWI, see "OBWI" on page 45. Verifying the Connections Rear Panel Ethernet Connection LEDs On the RCS, the rear panel features two LEDs indicating the Ethernet LAN1 connection status and two LEDs indicating the Ethernet LAN2 connection status. • The green LEDs illuminate when a valid connection to the network is established and blink when there is activity on the port. • The bi-color LEDs may illuminate either green or amber.
Adjusting Mouse Settings on Target Devices Before a computer connected to the switch can be used for remote user control, you must set the target mouse speed and turn off acceleration. For machines running Microsoft® Windows® (Windows NT®, 2000, XP, Server 2003), use the default PS/2 mouse driver. To ensure that the local mouse movement and remote cursor display remain in sync, mouse acceleration must be set to “none” for all user accounts accessing a remote system through a KVM switch.
3 Local and Remote Configuration The RCS comes equipped with two “point-and-click” interfaces: a local user interface (local UI) and a remote OBWI. Using the configuration options provided by these interfaces, you can tailor the switch to your specific application, control any attached devices, and handle all basic KVM or serial switch needs. NOTE: The local UI and remote OBWI are almost identical. Unless specified, all information in this chapter applies to both interfaces.
Screen>, , , and . The defaults are and . To launch the local UI: 1 Connect your monitor, keyboard and mouse cables to the switch. For more information, see "Connecting the RCS Hardware" on page 25. 2 Press any of the enabled keystrokes to launch the local UI. 3 If local UI authentication has been enabled, enter your username and password.
OBWI The switch OBWI is a remote, web browser based user interface. For details on setting up your system, see "Connecting the RCS Hardware" on page 25. The following table lists the operating systems and browsers that are supported by the OBWI. Make sure that you are using the latest version of your Web browser. Table 3.1: Operating Systems Supported by the OBWI Browser Microsoft ®Internet Explorer version 6.0 SP1 and later Firefox version 2.
Browser Microsoft ®Internet Explorer version 6.0 SP1 and later Firefox version 2.
3 When the browser makes contact with the switch, enter your username and password, then click Login. The switch OBWI will appear. NOTE: The default username is Admin with no password. To log in to the switch OBWI from outside a firewall, repeat the above procedure, entering the external IP address of the firewall instead. NOTE: The RCS will attempt to detect if Java is already installed on your PC. If it is not, in order to use the on-board web interface, you will need to install it.
Table 3.2: User Interface Descriptions Number Description 1 Top option bar: Use the top option bar to contact Technical Support, view the software general information, or log out of an OBWI session. 2 Second option bar: Use this bar to print a web page, refresh the current web page or access the Help tool. 3 Version block: The firmware version of the product and the username of the user currently logged in appears on the left side of the top option bar.
Number Description 4 Side navigation bar: Use the side navigation bar to select the information to be displayed. You can use the side navigation bar to display windows in which you can specify settings or perform operations. 5 Navigation tabs: The selected tab displays the system information in the content area. Some tabs provide sub tabs that can be clicked to display and revise details within a category. 6 Content area: Use the content area to display or make changes to the switch OBWI system.
1 Enter the RCS host IP address that the Serial SIP is connected to. 2 Enter :, for example, jsmith:router. 3 Enter the password for the RCS user. NOTE: The Telnet feature default is disabled. To enable Telnet support, refer to "Configuring Serial Sessions" on page 77. To switch to the active session from the local UI (local users only): 1 From the side navigation bar, select Local Session. 2 Select the Resume Active Session checkbox.
3 Click Save. Viewing System Information You can view switch and target device information from the following screens in the user interface. Table 3.
RCS Tools From the Tools - Maintenance - Overview screen, you can view the appliance name and type. You can also perform basic appliance tasks. Rebooting the RCS To reboot the RCS: 1 From the side navigation bar, select the Unit View - RCS - Tools Maintenance - Overview tab to open the Unit Maintenance screen. 2 Click Reboot. 3 A dialog box appears, warning you that all active sessions will be disconnected. Click OK.
3 Select one of the following methods from which to load the firmware file: Filesystem, TFTP, FTP, or HTTP. NOTE: The Filesystem option is only available on the remote OBWI. 4 If you selected Filesystem, select Browse to specify the location of the firmware upgrade file. -orIf you selected TFTP, enter the Server IP Address and Firmware File you wish to load. -orIf you selected FTP or HTTP, enter the Server IP Address and Firmware File you wish to load, as well as the User Name and User Password.
If you selected FTP or HTTP, enter the Server IP Address, Username, User Password, and Firmware Filename you wish to load. 5 Enter an encryption password if you wish to encrypt the data before download. 6 Click Download. The Save As dialog box will open. 7 Navigate to the desired location and enter a name for the file. Click Save. To restore a managed appliance configuration or user database of a managed appliance: 1 From the side navigation bar, click the Unit View - RCS - Files tab.
1 Connect a serial cable to the SETUP port on the rear panel of the RCS. 2 Run a terminal program on the PC connected to the Setup port. The serial port settings should be: 9600 baud, 8 data bits, 1 stop bit, no parity, and no flow control. 3 Turn on the RCS. 4 In the terminal program, when the prompt "Hit any key to stop autoboot" appears, press any key. A menu will be displayed. 5 Enter <1> (Boot Alternate) and press . The RCS will automatically reboot to the previous firmware version.
To configure IPv4 network settings: 1 Click the IPv4 tab to display the IPv4 Settings screen. 2 Click to fill or clear the Enable IPv4 checkbox. 3 Enter the desired information in the Address, Subnet, and Gateway fields. IPv4 addresses are entered as the xxx.xxx.xxx.xxx dot notation. 4 Select either Enabled or Disabled from the DHCP drop-down menu. NOTE: If you enable DHCP, any information that you enter in the Address, Subnet, and Gateway fields will be ignored. 5 Click Save.
3 If you selected Manual, enter the DNS Server numbers in the Primary, Secondary, and Tertiary fields. 4 Click Save. NTP Settings The switch must have access to the current time to verify that certificates have not expired. You can configure the switch to request time updates from the NTP. Refer to Configuring the Network Time Protocol (NTP) Settings in Chapter 5. SNMP Settings SNMP is a protocol used to communicate management information between network management applications and the switch.
that protect access to the switch. The values can be up to 64 characters in length. These fields may not be left blank. 5 Type the address of up to four management workstations that are allowed to manage this switch in the Allowable Managers fields. Alternatively, you may leave these fields blank to allow any station to manage the RCS. 6 Click Save.
3 Click Save. Ports - Configuring SIPs From the switch, you can display a list of the attached SIPs, as well as the following information about each SIP: EID (electronic ID), Port, Status, Application, Interface Type, and USB Speed. You can click on one of the SIPs to view the following additional information: Switch Type, Boot Version, Application Version, Hardware Version, FPGA Version, Version Available, and Upgrade Status.
To change the SIP Auto-Upgrade feature: 1 From the side navigation bar, click Ports - SIPs to open the SIPs screen. 2 Select the checkbox(es) next to the SIP(s) that you wish to upgrade and click Enable Auto-Upgrade. Attention: Disconnecting a SIP during a firmware update or cycling power to the target device will render the module inoperable and require the SIP to be returned to the factory for repair.
that power device: Name, Description, Status, Version, Sockets, Vendor Name, Model, and Input Feeds. If a target device is connected to a power control device outlet, you can turn on, turn off or cycle (turn off, then turn on) the target device. To turn on, turn off or power cycle a target device: 1 From the side navigation bar, click Ports - Power Devices to open the Power Devices screen. 2 Click the name of the unit you wish to configure and select Outlet List.
In the following figure, the target device named Server2 has linked power outlets. Clicking on the drop-down menu arrow in the Action column shows the additional power actions available. Figure 3.2: Target List In the following figure, the target Unit Overview page for Server2 shows the Wall Outlet Power, where outlet 1 and outlet 9 from PDU 1 are linked to Server2. Figure 3.
Grouping Power Outlets The outlets can be linked or associated with the target server for easier control. To group outlets (or outlets to servers), the first device to be named must use the Manual name field. The second and subsequent devices must use the Link to Target Device menu, and then select the target name for the first device from the drop down list. Power actions performed on the Target List page are applied to all applicable outlets.
4 Select outlet 5 to display the Power Devices Outlet Settings page. 5 Select Link to Target Device, select Group2 from the drop down menu. 6 Click Save. After returning to the Outlet List, outlets 4 and 5 will have the same name. Figure 3.4: Target Overview for Group2 Default Outlet Names On the Power Devices page, the checkbox “Assign Default Names to Outlets” controls whether or not power outlets are given default names for a power device, as shown in the following figure.
Assigning an Outlet Name On the Power Device Outlet Settings page, three options are available for assigning the name of a outlet as shown in the following figure. The options are Manual Name assignment, Link to Target Device and Do Not Display as Target Device. Figure 3.
• The Manual Name assignment gives a unique name to an outlet. The name must be unique for all the SIPs and power outlet names. An attempt to specify a manual name which is not unique will result in an error and the name will not be saved. • The Link to Target List assignment links the outlet to another target name (either an outlet or SIP) for power control of the named target.
target, the new SIP inherits the access control from that target. When a target device is renamed, all the SIPs and outlets of that target are renamed, and they carry forward the access control previously configured for the old target name. Renaming of a Target Device On the Target List - Overview page, the name for that target may be changed to any unique target name. The name must be unique for the set of all targets, including SIPs and power outlets.
Status Value Applicable for: Status Description SIP Power Outlet No Power x N/A No power detected on SIP Partial Power N/A x Target has outlets in both on and off states Locked-Off N/A x One or more outlets are locked on Turned Off N/A x One or more outlets are turned off Locked-On N/A x One or more outlets are locked off Idle x N/A No session active; SIP has power Turned On N/A x Outlets are turned on When a target device has multiple power outlets linked by name and they d
Outlet 1 Status Outlet 2 Status Resulting Status Locked-On On Powered On Locked-On Locked-On Locked-On Locked-On Off Partial Power Locked-Off On Partial Power Locked-Off Locked-Off Locked-Off Locked-Off Off Powered Off Locked-On Locked-Off Partial Power Local Session Page on the Local Port On the local port's Local Session page, when the target of the active session has power outlets linked, three power controls are displayed on the page under the Active session.
Local Port UI Settings To change how the local UI is invoked: 1 From the side navigation bar, select Ports - Local Port UI to open the Local Port UI Settings screen. 2 Under the Invoke Local Port UI heading, select the checkbox next to one or more of the listed methods. 3 Click Save. You can turn on or turn off local port user interface authentication and choose a user access level. If you turn on local port user interface authentication, you will be required to log in to use the interface.
preemption level of users determines whether they may disconnect another user’s serial or KVM session with a target device. Preemption levels range from 1 - 4, with 4 being the highest level. For example, a user with a preemption level of 4 may preempt other level 4 users, as well as those with a level 1, 2, or 3 setting. To change the Local Port User Authentication (Administrator only): 1 From the side navigation bar, select Ports - Local Port UI to open the Local Port UI Settings screen.
Setup Settings - Port Security From the serial setup port, you can change the appliance network configuration, enable debug information, and reset the appliance. To enable a password to restrict access the serial setup port: 1 From the side navigation bar, select RCS Settings - Ports - Setup to display the Setup Port Settings page. 2 Click to enable the Enable Setup Port Security box. 3 Enter and confirm your password. 4 Click Save.
6 In the Preemption Timeout field, enter the amount of time (from 1 to 120 seconds) that a prompt will be displayed to inform you that your session is going to be preempted. 7 Select the applicable session sharing options (Enabled, Automatic, Exclusive, or Stealth). 8 Select the Input Control Timeout from 1 to 50, with 1 representing one tenth of a second. 9 Click Save. Configuring KVM Sessions To configure KVM session settings: 1 From the side navigation bar, select Sessions - KVM.
5 Select one of the Encryption Levels that you wish to be supported. 6 Click Save. 7 Select the checkbox next to each SIP for which you want to enable virtual media and click Enable VM. -orSelect the checkbox next to each SIP for which you want to disable virtual media and click Disable VM. Virtual Media Options You can determine the behavior of the switch during a virtual media session using the options provided in the Virtual Media Session Settings screen. Table 3.
Setting Description Session Settings: Allow Reserved Sessions Ensures that a virtual media connection can only be accessed with your username and that no other user can create a KVM connection to that target device. When the associated KVM session is disconnected, the virtual media session may be disconnected according to the Locked setting in the Virtual Media dialog box. Drive Mappings: Virtual Media Access Mode You may set the access mode for mapped drives to read-only or read-write.
Setting Description Virtual Media Access per SIP:Enable VM/Disable VM The Virtual Media Access per the SIP section lists all virtual media SIPs. The list includes details about each cable, including the option to enable or disable virtual media for each cable. Local Users Local users can also determine the behavior of virtual media from the Local Session screen. In addition to connecting and disconnecting a virtual media session, you can configure the settings in the following table. Table 3.
Configuring Serial Sessions To configure serial session settings: 1 From the side navigation bar, click Sessions - Serial to display the Serial Session Settings screen. 2 Either enable or disable the Telnet Access Enabled checkbox. 3 Click Save. Setting Up User Accounts Managing Local Accounts The switch OBWI provides local and login security through administratordefined user accounts.
Operation RCS Administrator User Administrator Users Change your own password Yes Yes Yes Access target device Yes, all target devices Yes, all target devices Yes, if allowed To add a new user account (User Administrator or RCS Administrator only): 1 On the side navigation bar, select User Accounts - Local User Accounts to open the Local User Accounts screen. 2 Click the Add button. 3 Enter the name and password of the new user in the blanks provided.
3 Fill out the user information on the screen, then click Save. Avocent Management Software Device IP Addresses You can contact and register an unmanaged switch with an Avocent management software server by specifying the IP address of the management software server. To configure the server IP address: 1 On the side navigation bar, select User Accounts - Avocent. The Avocent Management Software Settings screen is displayed. 2 Enter the server IP addresses that you want to contact.
Active Sessions From the Active Sessions screen, you can view a list of active sessions and the following information about each session: Target Device, Owner, Remote Host, Duration, and Type. Closing a Session To close a session: 1 From the side navigation bar, select Active Sessions to display the RCS Active Sessions screen. 2 Click the checkbox next to the desired target device(s). 3 Click Disconnect. NOTE: If there is an associated locked virtual media session, it will be disconnected.
4 The Video Viewer Window The Video Viewer is used to conduct a KVM session with the target devices attached to an switch using the OBWI. When you connect to a device using the Video Viewer, the target device desktop appears in a separate window containing both the local and the target device cursors. The switch OBWI software uses a Java-based program to display the Video Viewer window. The switch OBWI automatically downloads and installs the Video Viewer the first time it is opened. NOTE: Java 1.6.
Table 4.1: Video Viewer Descriptions NumbeDescription r 1 Title Bar: Displays the name of the target device being viewed. When in Full Screen mode, the title bar disappears and the target device name appears between the menu and toolbar. 2 Thumbtack icon: Locks the display of the menu and toolbar so that it is visible at all times.
NumbeDescription r 3 Menu and toolbar: Enables you to access many of the features in the Video Viewer window. The menu and toolbar is in a show/hide state if the thumbtack has not been used. Place your cursor over the toolbar to display the menu and toolbar. Up to ten commands and/or macro group buttons can be displayed on the toolbar. By default, the Single Cursor Mode, Refresh, Automatic Video Adjust and Align Local Cursor buttons appear on the toolbar.
-orClick the Session Options button. The Session Options dialog box appears. 2 Click the Toolbar tab. 3 Use the arrow keys to specify the number of elapsed seconds prior to hiding the toolbar. 4 Click OK to save your changes and close the dialog box. Launching a Session NOTE: When using a non-proxied connection, video performance over a slower network connection may be less than optimal.
To enable, disable, or configure the session time-out: 1 In the side menu, select Unit View - RCS - RCS Settings - Sessions General. 2 Select the desired setting for the Enable Activity Timeout box. 3 If necessary, select the time limit for the inactivity time-out. 4 Click Save. Window Size NOTE: The View - Scaling command is not available if the Video Viewer window is in Full Screen mode or to non-primary users of a shared session.
• • • Enable or disable Full Screen mode. When Full Screen mode is enabled, the image adjusts to fit the desktop up to a size of 1600 x 1200 or 1680 x 1050 (widescreen). If the desktop has a higher resolution, the following occurs: • The full-screen image is centered in the desktop, and the areas surrounding the Video Viewer window are black. • The menu and toolbar are locked so that they are visible at all times.
To disable Full Screen mode, click the Full Screen Mode button on the floating toolbar to return to the desktop window. To enable full scaling, select View - Scaling from the Video Viewer window menu and select Full Scale. The device image scales automatically to the resolution of the target device being viewed. To enable manual scaling, select View - Scaling from the Video Viewer window menu. Choose the dimension to scale the window. The available manual scaling sizes will vary according to your system.
1 Select Tools - Manual Video Adjust from the Video Viewer window menu. -orClick the Manual Video Adjustbutton. The Manual Video Adjust dialog box appears. Figure 4.2: Manual Video Adjust Dialog Box Table 4.2: Descriptions for Figure 4.
Number Description Number Description 4 Image Capture Vertical Position 12 Video Test Pattern 5 Contrast 13 Help 6 Brightness 14 Performance Monitor 7 Noise Threshold 15 Close button 8 Priority Threshold 2 Click the icon corresponding to the feature you wish to adjust. 3 Move the Contrast slider bar and then fine-tune the setting by clicking the Min (-) or Max (+) buttons to adjust the parameter for each icon pressed. The adjustments display immediately in the Video Viewer window.
You can easily adjust your video parameters to ideal settings by clicking on the Auto Adjust Video button in the Manual Video Adjust dialog box. NOTE: You can also select Tools - Automatic Video Adjust from the Video Viewer window menu or click the Automatic Video Adjust toolbar icon to automatically adjust the video. Video Test Pattern Clicking the Video Test Pattern button in the Manual Video Adjust dialog box toggles a display of a video test pattern.
Contrast and Brightness If the image in the Video Viewer window is too dark or too light, select Tools Automatic Video Adjust or click the Automatic Video Adjust button. This command is also available in the Video Adjustments dialog box. In most cases, this corrects video issues. When clicking Auto Adjust several times does not set the contrast and brightness as desired, adjusting the contrast and brightness manually can help. Increase the brightness.
Mouse Settings Adjusting Mouse Options The Video Viewer window mouse options affect cursor type, Cursor mode, scaling, alignment and resetting. Mouse settings are device-specific; that is, they may be set differently for each device. NOTE: If the device does not support the ability to disconnect and reconnect the mouse (almost all newer PCs do), then the mouse will become disabled and the device will have to be rebooted.
Table 4.3: Descriptions for Figure 4.3 Number Description 1 Remote Cursor 2 Local Cursor The Cursor mode status of the Video Viewer window displays in the title bar, including the keystroke that will exit Single Cursor mode. You can define the keystroke that will exit Single Cursor mode in the Session Options dialog box. NOTE: When using a device that captures keystrokes before they reach the client server, you should avoid using those keys to restore the mouse pointer.
To enter Single Cursor mode, select Tools - Single Cursor Mode from the Video Viewer window menu, or click the Single Cursor Mode button. The local cursor does not appear and all movements are relative to the target device. To select a key for exiting Single Cursor mode: 1 Select Tools - Session Options from the Video Viewer window menu. -orClick the Session Options button. The Session Options dialog box appears. 2 Click the Mouse tab.
Mouse Scaling Some earlier versions of Linux did not support adjustable mouse accelerations. For installations that must support these earlier versions, you can choose among three pre-configured mouse scaling options or set your own custom scaling. The pre-configured settings are Default (1:1), High (2:1) or Low (1:2): • In a 1:1 scaling ratio, every mouse movement on the desktop window sends an equivalent mouse movement to the target device.
host system. If your mouse or keyboard no longer responds properly, you can align the mouse to reestablish proper tracking. Alignment causes the local cursor to align with the remote target device’s cursor. Resetting causes a simulation of a mouse and keyboard reconnect as if you had disconnected and reconnected them. To realign the mouse, click the Align Local Cursor button in the Video Viewer window toolbar.
The user (or user group to which the user belongs) must have permission to establish virtual media sessions and/or reserved virtual media sessions to the target device. See "Setting Up User Accounts" on page 77. Only one virtual media session may be active to a target device at one time. Sharing and Preemption Considerations The KVM and virtual media sessions are separate; therefore, there are many options for sharing, reserving or preempting sessions.
the client server that can be mapped as virtual drives. You may also add ISO and floppy image files and then map them using the Virtual Media dialog box. After a device is mapped, the Virtual Media dialog box Details View displays information about the amount of data transferred and the time elapsed since the device was mapped. You may specify that the virtual media session is reserved.
To map a virtual media drive: 1 Open a virtual media session from the Video Viewer menu by selecting Tools - Virtual Media. 2 To map a physical drive as a virtual media drive: a. In the Virtual Media dialog box, click the Mapped checkbox next to the drive(s) you wish to map. b. If you wish to limit the mapped drive to read-only access, click the Read Only checkbox next to the drive.
a. In the Virtual Media dialog box, click Add Image. b. The common file dialog box will appear, with the directory containing disk image files (that is, those ending in .iso or .img) displayed. Select the desired ISO or floppy image file and click Open. -orIf the client server’s operating system supports drag-and-drop, select the desired ISO or floppy image file from the common file dialog box, and drag it onto the Virtual Media dialog box. c. The file’s header is checked to ensure it is correct.
• Target Drive - Name used for the mapped drive, such as Virtual CD 1 or Virtual CD 2. • Mapped to - Identical to Drive information that appears in the Client View Drive column. • Read Bytes and Write Bytes - Amount of data transferred since the mapping. • Duration - Elapsed time since the drive was mapped. To close the Details view, click Details again.
Smart Cards You can connect a smart card reader to an available USB port on the client server and access attached target devices on the switch system. You can then launch a KVM session to open the Video Viewer and map a smart card. NOTE: For all smart card readers, you must use a Dell USB2+CAC SIP or an Avocent VMC IQ module. The smart card status is indicated by the smart card icon at the far right of the Video Viewer toolbar. The following table describes the smart card status icons. Table 4.
the smart card from the smart card reader or disconnecting the smart card reader from the client server. Keyboard Pass-through Keystrokes that a user enters when using a Video Viewer window may be interpreted in two ways, depending on the Screen mode of the Video Viewer window. • If a Video Viewer window is in Full Screen mode, all keystrokes and keyboard combinations except Ctrl-Alt-Del are sent to the remote target device being viewed.
3 Select Pass-through all keystrokes in regular window mode. 4 Click OK to save setting. Macros The switch OBWI comes pre-configured with macros for the Windows, Linux, and Sun platforms. To send a macro, select Macros - from the Video Viewer window menu, or select the desired macro from the buttons available on the Video Viewer menu. Saving the View You can save the display of a Video Viewer either to a file or to the clipboard for pasting into a word processor or other program.
5 LDAP Feature for the RCS LDAP is a protocol standard used for accessing and updating a directory using TCP/IP. The Dell RCS software and OBWI supports both standard and Dell extended schema, and offers strong security features including authentication, privacy, and integrity. NOTE: Windows 2008 Server is required to use LDAP in IPv6 mode. NOTE: Use of Microsoft Active Directory to recognize RCS users is supported on the Microsoft Windows® 2000 and Windows Server 2003 operating systems.
aspects of AD. DNS is used to determine the network coordinates of each Domain Controller so that the Dell RCSs can gracefully handle situations where some Domain Controllers are not available on the network. DNS SRV records are used for this purpose so the Dell RCSs always attempt to contact alternative Domain Controllers at the nearest site first, depending on the administrative settings configured in the SRV records.
Attributes There is one more hierarchy used in AD. Associated with each object class is a set of “attributes” used to store specific information about the entity that is being represented. For example, associated with the User object class is an attribute type named SAM ACCOUNT NAME and others such as FIRST NAME, SURNAME, PASSWORD, etc.
The suite of Dell RCSs is also designed to function using only object classes present in the AD packaged classes; this option is known as the Standard Schema. Under this option, the Computer object class is used to represent Dell RCSs and standard Group objects are used to associate specific access control information with specific instances of Dell RCSs and Users. In this case, access control information is stored in a specific attribute type in the Group object.
the privilege object is linked to device objects via association objects to assign usage permissions. This model provides an Administrator maximum flexibility over the different combinations of users, privileges, and SIPs on the Remote Console Switch without adding too much complexity. Before installing the Dell Schema Extensions, Administrators should read through the descriptions and instructions within this chapter to determine which schema is right for their particular installation.
2 Configure DNS Settings 3 Set the Network Time Protocol 4 Configure the Authentication Parameters 5 Configure Group Objects 6 Create and Download the CA Root certificate 7 Set the Login Timeout Configure the Override Admin Account Should a network failure occur, an account is provided that may be used regardless of the unit’s ability to authenticate against an LDAP server. Before configuring other settings, this account should be configured.
The Network sub-category allows the entry and maintenance of up to three DNS Servers. These DNS servers are used to resolve DNS names provided on the LDAP authentication panel. NOTE: At least one DNS server must be configured for the LDAP feature to work. Whenever a primary server is unavailable, the RCS software will automatically failover to backup DNS servers, as identified here. NOTE: You can also set DNS server addresses using the RCS’s serial administrative interface.
Configuring the Network Time Protocol (NTP) Settings The switch must have access to the current time to verify that certificates have not expired. You can configure the switch to request time updates from the NTP. To configure NTP settings in the on-board web interface: 1 Click NTP to open the NTP screen. 2 Click the Enable NTP box. 3 Enter the name of your network time source in the provided boxes. You may also set an hour interval to specify how often to request time updates.
authentication. The available modes are: • Standard LDAP directory services (non-Microsoft) • Microsoft Active Directory services • Disable LDAP authentication If an alternate (non-LDAP) authentication method has already been selected for use, then LDAP authentication will automatically be disabled. It will be necessary to deselect this method to use LDAP Directory Services. To restore the ability to use LDAP authentication: 1 Under User Access, select the Avocent tab, see Figure 5.2.
NOTE: It is possible to externally sever the Avocent authentication association without performing these steps. Nonetheless, if an Avocent server association has been created for user authentication, it must be expressly removed via this procedure to permit LDAP authentication configuration to proceed. To enable LDAP Authentication: 1 Under User Access, select the LDAP tab, see Figure 5.3. Figure 5.
other fields will be permitted. In addition, the additional configuration screens under both the Standard and Active Directory tabs will also be disabled. When LDAP Authentication is disabled, User Access will be adjudicated by either locally-defined user access lists or Avocent management software (see the section on User Access). When LDAP Authentication is enabled, locally-defined user access lists take precedence over requests to LDAP Directory Servers.
Disable - do not permit user caching, and always ask the LDAP Directory Server for guidance on the authentication status for every user, every time it is required. By default, User Caching is disabled. Enable - hold results of recent user authorization requests as determined by the LDAP Directory Server. When identical authorization requests are received within a pre-determined time period, use those prior results to service the new request. Timeout Period - establishes the duration of the time window.
• IPv6 address (example: fe80::200:f8af:fe20:76ce ) Entering Authentication Parameters - Custom IP Port Assignments This section permits changes to the industry-standard IP Port numbers conventionally used for LDAP. In most instances, there should be no need to change these values. However, if the administrator of the LDAP Directory Server you are using requires different port assignments, then those may be entered here.
Standard LDAP Message Port via SSL - 636 Active Directory via Global Catalog server - 3268 Active Directory via Global Catalog server/SSL - 3269 IP Port numbers are permitted to range from 1 to 65535. Failure to match up port numbers with those in use by the LDAP Directory Server will result in a failure to establish communications with that server.
There is an equivalent display for Standard LDAP mode that appears whenever that mode is not enabled. Secondary LDAP Settings - Standard Configuration As with LDAP Active Directory Configurations, Standard LDAP authentication, search, and query parameters are configured through the remote OBWI. Settings in this section are accessed from the User Access / LDAP / Standard tabs via the OBWI window shown here in Figure 5.5 Figure 5.
To set up group queries: 1 Log in to your LDAP Directory Server software with administrator privileges. 2 Create an organizational unit (OU) to be used as group container. 3 Create a computer object in with a name identical to the switching system name for querying appliances or identical to the attached target devices for querying target devices. The name must match exactly and is case-sensitive. 4 The appliance names and target device names used for group queries are stored in the appliance.
Search password Search password is used if a password is required for search options. It authenticates the administrator or user specified in the Search DN field. Any printable ASCII characters are allowed. Search base Search Base defines a starting point from which all LDAP searches begin. The default values are dc=yourDomainName and dc=com. Each search component must be separated by a comma. For example, to define a search base for test.com, your values are dc=test, dc=com.
in Active Directory. If no values are found, the user is given no access to the appliance or target devices Group attribute A username, password, and group query sent to the directory service for an appliance and attached target devices when using Appliance query mode or for a selected target device when using Target Device query mode. If a group is found containing the user and appliance name, the user is given access to either the appliance or target devices when using Appliance query mode.
name is "info". Access control delimiters The LDAP Standards specify that the semi-colon character (;) is used to separate multiple properties within a single named attribute. Under normal circumstances, this need not be changed. For example, suppose we have a dryerase-board marker object in the LDAP Directory, and the attribute “Color” is used to identify colors that this marker might have.
results. By LDAP standards, the final authorization level reported is the highest (most permissive) level found among all positive results found for the specific user and device under scrutiny. Secondary LDAP Settings - Active Directory Configuration Settings in this section are accessed from the User Access / LDAP / Active Directory tabs via the OBWI window shown here in Figure 5.6. Figure 5.
Next, choose an attribute within the LDAP directory to be used to contain discretionary access control information. This should be a previously unused attribute that is capable of storing a string value. (The default is the “info” attribute of the Group Object.) Finally, you will need to enter the location for the Group Container, the Group Container Domain and the Access Control Attribute in the blanks provided in the Global - Authentication window.
Field Authentication Settings Description Users can choose to use LDAP authentication by clicking the box shown. The user may still log in with the Override admin account if the LDAP servers are inaccessible. Schema Radio Button to indicate which Active Directory (AD) object classes are used to store information related to authorization. For the default Standard schema, Microsoft Active Directory objects are used. When using the Extended schema, the extra Dell object classes are added.
Field Description Group Container Domain (Standard schema set only) This field, available when the Standard schema is selected, is the DNS name of the Active Directory domain where the group container resides. The value of this field specifies which attribute in the LDAP directory is to be used to contain discretionary access control information and is only enabled when Standard Schema is selected.
referred to as LDAPS (Lightweight Directory Access Protocol over SSL). Each LDAPS connection begins with a protocol handshake that triggers a security certificate transmission from the responding Active Directory server to the RCS. Once received, the RCS is responsible for verifying the certificate. In order to verify the certificate, the RCS must be configured with a copy of the root Certification Authority's (CA) certificate. Before this can be done, the certificate must first be generated.
where a user would need to set a value based on the criteria at the end of that line. NOTE: Any instructions below with text in is where a user would need to set a value based on the criteria at the end of that line. To create a certificate to import: 1 From the Linux command prompt, type openssl and press . The user should be at the OpenSSL prompt. OpenSSL> genrsa -out privatekey.pem <512> Generating RSA private key, 512 bit long modulus ..........++++++++++++ .....
3 From the Linux command prompt, type cat certificate.pem privatekey.pem > webserver.pem, then convert the file from UNIX linefeed to DOS carriage return/linefeed by typing unix2dos webserver.pem. To export the CA certificate: 1 Within the Windows operating system, to open the Certificate Authority management tool, click Start - All Programs - Administrative Tools Certificate Authority.
Figure 5.8: OBWI - LDAP Certificate After clicking Update, the following window displays. Figure 5.9: OBWI - Update LDAP Certificate You can browse to a certificate and open it. Once the certificate is open and its contents are displayed, the user can then send the certificate to the RCS.
Login Timeout In cases where there is a large enough directory tree to cause LDAP authentication to perform slowly, the Sessions window includes a Login Timeout function with a default timeout of 30 seconds. The login timeout is the time from which the user presses the OK button on the Login dialog box until there is no response from the RCS. The RCS will also use this value to determine the timeout on a LDAP request for authentication.
CA Certificate Information Display The RCS can only display complete CA Certificate Information in this window when the public key length is less than or equal to 2048 bits. When the key is greater than 2048 bits, the subject, issuer, and validity period data in this window will be incomplete.1 The following display is an example of the CA certificate information: 1 From the Client, download CA certificate into the RCS.
6 Select the radio button for Turn on DEP for essential Windows programs and services only 7 Click OK. 8 Click OK again on the System Properties dialog box. Configuring Group Objects Access control is applied to a specific Active Directory user account by including that user in the membership of a Group in the Group Container. The Group membership must also contain the objects representing the RCS(s) and the SIP(s) the user is allowed to access.
Operation KVM Appliance Admin KVM User Admin KVM User Preemption Allowed to preempt another KVM Appliance Admin or a KVM User Admin. Permission must be configured for each target device by including the TD in the appropriate Group object in the Directory. Allowed to preempt another User Admin. Permission must be configured for each target device by including the target device in the appropriate Group object in the Directory.
Operation KVM Appliance Admin KVM User Admin KVM User FLASH Upgrade Yes – Permission must be configured for each RCS by including the RCS in the appropriate Group object in the Directory. No No Administer user accounts Yes – Permission must be configured for each RCS by including the RCS in the appropriate Group object in the Directory. Yes – Permission must be configured for each RCS by including the RCS in the appropriate Group object in the Directory.
Operation Target Device Access KVM Appliance Admin Yes – Permission must be configured for each RCS by including the RCS in the appropriate Group object in the Directory. KVM User Admin KVM User Yes – Permission must be configured for each RCS by including the RCS in the appropriate Group object in the Directory. Yes, if configured by Administrator. Permission must be configured for each target device by including the TD in the appropriate Group object in the Directory. Table 5.
1 If you have not already, create the Organizational Unit that will contain the Group Objects related to your switch installation. 2 Within this Organizational Unit, create three group objects to represent user privilege levels. One for KVM Appliance Administrators, KVM User Administrators and KVM Users, respectively. 3 Using the MSADUC tool, open the KVM Appliance Administrator Group Object and select the Notes property.
Dell Extended Schema Active Directory Object Overview For each of the physical RCSs on the network that you want to integrate with Active Directory for Authentication and Authorization, you must create at least one RCS Device Object to represent the physical switch and one Association Object. The Association object is used to link together the users or groups with a specific set of privileges to one or more SIPs.
You can create as many or as few association objects as you want or need. However, you must create at least one Association Object, and you must have one RCS Device Object for each RCS on the network that you want to integrate with Active Directory for Authentication and Authorization. The Association Object allows for as many or as few users and/or groups as well as RCS Device Objects. However, the Association Object only has one Privilege Object per Association Object.
To set up the objects for the single domain scenario, perform the following tasks: 1 Create two Association Objects. 2 Create two RCS Device Objects, RCS1 and RCS2, to represent the two RCSs. 3 Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (Administrator) and Priv2 has login privileges. 4 Group User1 and User2 into Group1. 5 Add Group1 as Members in Association Object 1 (AO1), Priv1 as Privilege Objects in AO1, and RCS1 and RCS2 as RCS Devices in AO1.
The following figure illustrates how you can set up the Active Directory Objects in multiple domains. In this scenario, you have two RCSs (RCS1 and RCS2) and three existing Active Directory users (User1, User2, and User3). User1 is in Domain1, and User2 and User3 are in Domain2. You want to give User1 and User2 an administrator privilege to both RCSs and give User3 a login privilege to the RCS2. Figure 5.
4 Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (Administrator) and Priv2 has login privileges. 5 Group User1 and User2 into Group1. The group scope of Group1 must be Universal. 6 Add Group1 as Members in Association Object 1 (AO1), Priv1 as Privilege Objects in AO1, and RCS1, RCS2 as RCS Devices in AO1. 7 Add User3 as a Member in Association Object 2 (AO2), Priv2 as Privilege Objects in AO2, and RCS2 as RCS Devices in AO2.
The LDIF files and Dell Schema Extender can be obtained at dell.com/support. To use the LDIF files, see the instructions in the readme that is in the LDIF files directory. To use the Dell Schema Extender to extend the Active Directory Schema, perform the steps in “Using the Dell Schema Extender.” You can copy and run the Schema Extender or LDIF files from any location. Using the Dell Schema Extender NOTE: The Dell Schema Extender uses the SchemaExtenderOem.ini file.
NOTE: For more information about the Active Directory Users and Computers snap-in, see your Microsoft documentation. Opening the Active Directory Users and Computers Snap-In To open the Active Directory Users and Computers snap-in, perform the following steps: If you are on the domain controller, click Start -Admin Tools - Active Directory Users and Computers - or If you are not on the domain controller, you must have the appropriate Microsoft Administrator Pack installed on your local system.
3 Type a name for the new object. This name must match the RCS name that you will type in step 4 of "Configuring the Remote Console Switch" on page 38. 4 Select SIP Device Object. 5 Click OK. Creating a Privilege Object Privilege Objects must be created in the same domain as the Association Object to which it is associated. 1 In the Console Root (MMC) window, right-click a container. 2 Select New - Dell SIP Object to open the New Object window. 3 Type a name for the new object.
Using Dell Association Objects Syntax Using the Dell Association Objects syntax, object types default to User and Group in the Dell LDAP Schema. In the Dell Extended Schema, Dell has added unique Object IDs for four new object classes: • KVM RCS Objects • KVM SIP Objects • Privilege Objects • Association Objects Each of these new object classes is defined in terms of various combinations (hierarchies) of default Active Directory classes, together with Dell unique attribute types.
• Multiple Active Directory security groups of user accounts Similarly, for the RCSs and/or SIPs in an Association Object and because the Association Object has the ability to use security groups in the same way, it is defined as a group object itself. Creating an Association Object The Association Object is derived from a Group and must contain a Group Type. The Association Scope specifies the Security Group Type for the Association Object.
1 Right-click the Association Object and select Properties. 2 Select the Users tab and click Add. 3 Type the user or User Group name and click OK. Click the Privilege Object tab to add the privilege object to the association that defines the user’s or user group’s privileges when authenticating to a SIP device. NOTE: You can add only one privilege object to an association object. To add a privilege: 1 Select the Privileges Object tab and click Add. 2 Type the Privilege Object name and click OK.
SIP Privileges tab of the DPO provides the means for a user who cannot view the on-board web interface to launch Video Viewer sessions to a subset of SIPs through the RCS Client. This authorization is controlled by a combination of the configuration parameters set in the DPO and the SIP Objects contained in the Dell Association Object (DAO).
or \ or / (where username is an ASCII string of 1–256 bytes). No white space and no special characters (such as \, /, or @) are allowed in either the username or the domain name. NOTE: You cannot specify NetBIOS domain names, such as Americas, since those names cannot be resolved. NOTE: If a domain name is not included, the local database in the Remote Console Switch will be used to authenticate the user.
Frequently Asked Questions The following table lists frequently asked questions and answers. Can I log into the Remote Console Switch using Active Directory across multiple forests? The RCS Active Directory query algorithm only supports a single tree in a single forest. Does the login to the Remote Console Switch using Active Directory work in mixed mode (that is, the domain controllers in the forest run different operating systems, such as Microsoft Windows NT® 4.
Can these Dellextended objects (Dell Association Object, Dell Remote Console Switch Device, and Dell Privilege Object) be in different domains? The Association Object and the Privilege Object must be in the same domain. The Dell-extended Active Directory Users and Computers snap-in forces you to create these two objects in the same domain. Other objects can be in different domains. Are there any restrictions on Domain Controller SSL configuration? Yes.
Troubleshoot as follows: • If no domain name is specified, the local database is used. To login when AD authentication isn't working, use the default local admin account. • Ensure that you have checked the Enable Active Directory checkbox (RCS Software) or the Use LDAP Authentication checkbox (on-board web interface) on the RCS Active Directory configuration page.
A Appendix A: Terminal Operations Each RCS may be configured at the switch level through the Console menu interface accessed through the SETUP port. All terminal commands are accessed through a terminal or PC running terminal emulation software. NOTE: The preferred method is to make all configuration settings in the local UI.
• Full-Factory Reset Console Main Menu Options Once turned on, the main menu displays the product name and version. From this menu, you can choose one of four options. • Network configuration: This menu option allows you to configure the network setting of the RCS. • Debug messages: This menu option turns on console status messages. Because this can significantly reduce performance, you should only enable debug messages when instructed to do so by Dell Technical Support.
B Appendix B: Using SIPs An administrator can choose between the Avocent ACS console server and Cisco pinouts for each serial SIP port via the local user interface or the remote OBWI. ACS is the default. To change the pinout to Cisco mode: 1 Select Unit View - RCS - RCS Settings - Ports - SIPs. 2 Click on the desired SIP. 3 Select Settings - Pinout. NOTE: If the DB-9 adaptor is used, select the ACS console server pinouts.
Pin No. Signal Name Input/Output 6 RXD - Receive Data IN 7 DCD/DSR - Data Set Ready IN 8 N/C - Not Connected N/A Cisco Port Pinouts The following table lists the Cisco serial port pinouts for the SIPs. Table B.2: Cisco Serial Port Pinouts Pin No.
C Appendix C: MIB and SNMP Traps The Dell RCS has the ability to send audit events to an SNMP Manager. The SNMP traps are defined in an SNMP Trap MIB. The Trap MIB file may be uploaded from the RCS using the Save Trap MIB function. The uploaded Trap MIB file may then be loaded into an SNMP Trap Receiver application. Audit events may also be directed to “syslog” destinations. The format of each syslog message is given in the corresponding “--#SUMMARY” comment of each trap defined in the Trap MIB file.
• RFC-1212 Describes the format for producing concise and descriptive MIB modules. • RFC-1213-MIB Describes the Internet standard MIB-II for use with network management protocols in TCP/IP-based inter-networks. • RFC-1215 Describes the SNMP standardized traps and provides a means for defining enterprise-specific traps. The specific objects reported by each trap are defined in the Trap MIB file which is uploaded from the RCS. The following table is a list of the generated trap events. Table C.
Trap Event Trap Number User Deleted 13 User Modified 14 User Locked 15 User Unlocked 16 User Authentication Failure 17 SIP Added 18 SIP Removed 19 SIP Moved 20 Target Device Name Changed 21 Tiered Switch Added 22 Tiered Switch Removed 23 Tiered Switch Name Changed 24 Configuration File Loaded 25 User Database File Loaded 26 Ca Certificate Loaded 27 SIP Image Upgrade Started 28 SIP Image Upgrade Result 29 SIP Restarted 30 Virtual Media Session Started 31 Appendix C: MI
Trap Event Trap Number Virtual Media Session Stopped 32 Virtual Media Session Terminated 33 Virtual Media Session Reserved 34 Virtual Media Session Unreserved 35 Virtual Media Drive Mapped 36 Virtual Media Drive Unmapped 37 traps 38 through 44 are deprecated 38-44 Screen Resolution Changed 45 Aggregated Target Device Status Changed 46 Factory Defaults Set 47 Power Supply Failure 48 Power Supply Restored 49 Pdu Device Online 50 Pdu Device Offline 51 Pdu Socket On Command 52 Pd
Trap Event Trap Number Pdu Status Socket On 57 Pdu Status Socket Off 58 Pdu Port Name Changed 59 Pdu Socket Name Changed 60 Pdu Input Feed Total Load High 61 Pdu Input Feed Total Load Low 62 Pdu Device Name Changed 63 Pdu Input Feed Name Changed 64 Pdu Socket Lock Command 65 Pdu Socket Unlock Command 66 Pdu Status Socket Lock 67 Pdu Status Socket Unlock 68 Pdu Image File Upgrade Started 69 Pdu Image File Upgrade Result 70 Pdu Circuit Name Changed 71 Pdu Device Total Load High
Trap Event Trap Number Temperature Range 76 Smart Card Inserted 77 Smart Card Removed 78 Appendix C: MIB and SNMP Trapsxxx | xxx164
D Appendix D: Cable Pinouts Information NOTE: All switches have the 8-pin modular jack for the modem and console/setup ports. Modem Pinouts The modem port pinouts and descriptions are provided in the following figure and table. Figure D.1: Modem Pinouts Table D.
Pin Number Description Pin Number Description 3 Data Carrier Detect (DCD) 7 Data Terminal Ready (DTR) 4 Receive Data (RXD 8 Clear to Send (CTS Console/Setup Pinouts The console/setup port pinouts and descriptions are provided in the following figure and table. Figure D.2: Console/Setup Pinouts Table D.
E Appendix E: UTP Cabling This appendix discusses various aspects of connection media. The RCS system utilizes UTP cabling. The performance of an switch system depends on high quality connections. Poor quality or poorly installed or maintained cabling can diminish switch system performance. NOTE: This appendix is for information purposes only. Please consult with your local code officials and/or cabling consultants prior to any installation.
installations utilizing UTP cable specifications. The RCS system supports either of these wiring standards. The following table describes the standards for each pin. Table E.
• If bending the cable is necessary, make it gradual with no bend sharper than a one inch radius. Allowing the cable to be sharply bent or kinked can permanently damage the cable’s interior. • Dress the cables neatly with cable ties, using low to moderate pressure. Do not over tighten the ties. • Cross-connect cables where necessary, using rated punch blocks, patch panels, and components. Do not splice or bridge the cable at any point.
Appendix E: UTP Cablingxxx | xxx170
F Appendix F: Sun Advanced Key Emulation Certain keys on a standard Type 5 (US) Sun keyboard can be emulated by key press sequences on the local port USB keyboard. To enable Sun Advanced Key Emulation mode and use these keys, press and hold and then press the key. The Scroll Lock LED blinks. Use the indicated keys in the following table as you would use the advanced keys on a Sun keyboard.
Help Num Lock Props F3 Front F5 Stop F1 Again F2 Undo F4 Cut F10 Copy F6 Paste F8 Find F9 Mute keypad / Vol.+ keypad + Vol.- keypad - Command (left)2 F12 Command (left)2 Win (GUI) left1 Command (right)2 Win (GUI) right 1 ENDNOTES: (1) Windows 95 104-key keyboard. (2) The Command key is the Sun Meta (diamond) key.
G Appendix G: Technical Specifications Table G.1: RCS Technical Specifications 1082DS: 8 Number of ports 2162DS: 16 4322DS: 32 Type Dell PS/2, USB, USB2, USB2+CAC, and Serial SIPs. Avocent PS/2, PS2M, USB, Sun, USB2, VMC, and Serial modules.
Input video resolution Standard 640 x 480 @ 60 Hz 800 x 600 @ 75 Hz 960 x 700 @ 75 Hz 1024 x 768 @ 75 Hz 1280 x 1024 @ 75 Hz 1600 x 1200 @ 60 Hz Widescreen 800 x 500 @ 60 Hz 1024 x 640 @ 60 Hz 1280 x 800 @ 60 Hz 1440 x 900 @ 60 Hz 1680 x 1050 @ 60 Hz Supported cabling 4-pair UTP, 45 meters maximum length Dimensions Form factor 1U or 0U rack mount Dimensions 1.72 x 17.00 x 9.20 (Height x Width x Depth) 1082DS: 6.6 lb (3.0 kg) Weight (without cables) 2162DS: 7.0 lb (3.2 kg) 4322DS: 7.6 lb (3.
Number/Type 1 VGA/4 USB Network connection Number 2 Protocol 10/100/1000 Ethernet Connector 8-pin modular (RJ-45) USB device port Number 4 Protocol USB 2.
Power 18W Heat dissipation 47 BTU/hr AC input range 100 - 240 VAC AC frequency 50/60 Hz auto-sensing AC input current rating 1.25 A AC input power (maximum) 40 W Ambient atmospheric condition ratings Temperature 32 to 122 degrees Fahrenheit (0 to 50 degrees Celsius) operating; -4 to 158 degrees Fahrenheit (-20 to 70 degrees Celsius) non-operating Humidity Operating: 20% to 80 % relative humidity (noncondensing Non-operating: 5% to 95% relative humidity, 38.
H Appendix H: Technical Support Our Technical Support staff is ready to assist you with any installation or operating issues you encounter with your Dell product. If an issue should develop, follow the steps below for the fastest possible service. To resolve an issue: 1 Check the pertinent section of this manual to see if the issue can be resolved by following the procedures outlined. 2 Check our web site at dell.com/support to search the knowledge base or use the on-line service request.
Appendix H: Technical Supportxxx | xxx178