Contents Introduction--1 Product Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Establishing Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Recovering from a Lost Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Rack PDU Front Panel--11 About the Command Line Interface . . . . . . . . . . . . . . . . . . .
Environment--65 Configuring Temperature and Humidity Sensors . . . . . . . . . . . . . . . . 65 Configuring Dry Contact Inputs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Logs--68 Using the Event and Data Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Administration: Security--76 Local Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Remote Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
How to Export Configuration Settings--115 Retrieving and Exporting the .ini File . . . . . . . . . . . . . . . . . . . . . . . . 115 The Upload Event and Error Messages . . . . . . . . . . . . . . . . . . . . . . 119 File Transfers--121 How to Upgrade Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Firmware File Transfer Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Verifying Upgrades and Updates . . . . . . . . . . . . . . . . . . . . . . . . . . .
Introduction Product Features The Dell® Metered Rack Power Distribution Unit (PDU) is a stand-alone, networkmanageable power distribution device that monitors the current, voltage, and power for the Rack PDU. • Access the Web interface using Hypertext Transfer Protocol or using secure HTTP (HTTPS) with Secure Sockets Layer (SSL). See Logging On to the Web Interface. • Access the command line interface through a serial connection, Telnet, or Secure SHell (SSH). See About the Command Line Interface.
• E-mail notifications for Rack PDU and system events. • SNMP traps, Syslog messages, and e-mail notifications based on the severity level or category of the Rack PDU and system events. • Security protocols for authentication and encryption. The Rack PDU does not provide power surge protection. To ensure that the device is protected from power failure or power surges, connect the Rack PDU to an uninterruptible power supply (UPS). Only one user at a time can log on to the Rack PDU.
Types of user accounts The Rack PDU has three levels of access (Administrator, Device User, and Read-Only User), which are protected by user name and password requirements. • An Administrator can use all of the menus in the Web interface and all of the commands in the command line interface. The default user name and password are both admin.
Getting Started To start using the Rack PDU: 1. Install the Rack PDU using the Rack Power Distribution Unit Installation Instructions that were shipped with your Rack PDU. 2. Apply power and connect to your network. Follow the directions in the Rack Power Distribution Unit Installation Instructions. 3. Establish network settings. (See Establishing Network Settings.) 4.
Establishing Network Settings You must configure the following TCP/IP settings before the Rack PDU can operate on a network using one of the following: • IP address of the Rack PDU • Subnet mask If a default gateway is unavailable, use the IP address of a computer that is located on the same subnet as the Rack PDU and that is usually running. The Rack PDU uses the default gateway to test the network when traffic is very light.
BOOTP and DHCP configuration The Rack PDU default TCP/IP configuration setting of BOOTP & DHCP assumes that a properly configured BOOTP or DHCP server is available to provide TCP/IP settings to Rack PDUs. The Rack PDU first attempts to discover a properly configured BOOTP server, and then a DHCP server. It repeats this pattern until it discovers a BOOTP or DHCP server. A user configuration (INI) file can function as a BOOTP or DHCP boot file. For more information, see Use an .ini File.
DHCP. You can use an RFC2131/RFC2132-compliant DHCP server to configure the TCP/IP settings for the Rack PDU. This section summarizes the Rack PDU’s communication with a DHCP server. For more detail about how a DHCP server can configure the network settings for a Rack PDU, see DHCP response options. 1.
Note: By selecting the Require vendor specific cookie to accept DHCP Address check box in the Web interface, you can require the DHCP server to provide a vendor cookie, which supplies information to the Rack PDU Administration > Network>TCP/IP>DHCP. Command Line Interface 1. Log on to the command line interface. See Logging on to the Command Line Interface. 3. Use these three commands to configure network settings. (Text in italics indicates a variable.) a. tcpip -i yourIPaddress b.
Recovering from a Lost Password You can use a local computer (a computer that connects to the Rack PDU or other device through the serial port) to access the command line interface. 1. Select a serial port at the local computer, and disable any service that uses that port. 2. Connect the provided serial cable to the selected port on the computer and to the Serial port at the Rack PDU. 4. Press ENTER, repeatedly if necessary, to display the User Name prompt.
Metered Rack PDU USER’S GUIDE 8. Type quit or exit to log off, reconnect any serial cable you disconnected, and restart any service you disabled.
pdu0516a Metered Rack PDU USER’S GUIDE Rack PDU Front Panel Item Function Dry contact inputs Connector for two dry contact devices. Phase LEDs Note: for single-phase Rack PDUs, only one LED is present. When no alarms are present, the LED display shows a phase current, and a green Phase LED indicates for which phase. The system automatically cycles through each phase, displaying the phase current for three seconds.
Metered Rack PDU USER’S GUIDE Item Function Function button • To manually display the current for each phase, repeatedly press the button. The current displays for 30 seconds or until you press the button again. (This functionality is not available for single-phase Rack PDUs.) • To display the IP address, press and hold for five seconds until IP appears; then release. On the LED display, the address will appear two digits at a time and then the cycle will repeat.
Condition Description Off The Rack PDU is connected to an unknown network. Solid Green The Rack PDU has valid TCP/IP settings. Flashing Green The Rack PDU does not have valid TCP/IP settings. Solid Orange A hardware failure has been detected in the Rack PDU. Flashing Orange The Rack PDU is making BOOTP requests. Flashing Orange and Green (alternating) The Rack PDU is making DHCP requests.
Command Line Interface About the Command Line Interface You can configure all parameters of a Rack PDU (including those for which there are not specific CLI commands) by using the CLI to transfer an INI file to the Rack PDU. The CLI uses XMODEM to perform the transfer. However, you cannot read the current INI file through XMODEM. Metered Rack PDU USER’S GUIDE You can use the command line interface to view the status of and manage the Rack PDU.
1 . From a computer on the same network as the Rack PDU, at a command prompt, type telnet and the IP address for the Rack PDU (for example, telnet 139.225.6.133, when the Rack PDU uses the default Telnet port of 23), and press ENTER. If the Rack PDU uses a non-default port number (from 5000 to 32768), you must include a colon or a space, depending on your Telnet client, between the IP address (or DNS name) and the port number. 2 .
Local access to the command line interface For local access, use a computer that connects to the Rack PDU through the serial port to access the command line interface: 1 . Select a serial port at the computer and disable any service that uses that port. 2 . Connect the supplied serial cable from the selected serial port on the computer to the serial port on the Rack PDU. 3 . Run a terminal program (e.g.
About the Main Screen The main screen that is displayed when you log on to the command line interface of a Rack PDU: cli> Metered Rack PDU USER’S GUIDE Dell Corporation Network Management Card AOS vx.x.x (c)Copyright 2009 All Rights Reserved RPDUD PPPP vx.x.
Main screen information fields: • Two fields identify the operating system (AOS) and application (APP) firmware versions. The application firmware name identifies the type of device that connects to the network. In the preceding example, the application firmware for the Rack PDU is displayed. Network Management Card AOSvx.x.x RPDUD vx.x.x • Three fields identify the system name, contact person, and location of the Rack PDU. (In the control console, use the System menu to set these values.
• A Stat field reports the Rack PDU status. Metered Rack PDU USER’S GUIDE Stat : P+ N+ A+ P+ The Dell operating system is functioning properly. N+ The network is functioning properly. N? A BOOTP request cycle is in progress. N– The Rack PDU failed to connect to the network. N! Another device is using the Rack PDU IP address. A+ The application is functioning properly. A– The application has a bad checksum. A? The application is initializing.
Using the Command Line Interface At the command line interface, use commands to configure the Rack PDU. To use a command, type the command and press ENTER. Commands and arguments are valid in lowercase, uppercase, or mixed case. Options are case-sensitive. While using the command line interface, you can also do the following: • To obtain information about the purpose and syntax of a specified command, type the command, a space, and ? or the word help.
Item Description - Options are preceded by a hyphen. <> Definitions of options are enclosed in angle brackets. For example: -dp [] If a command accepts multiple options or an option accepts mutually exclusive arguments, the values may be enclosed in brackets. | A vertical line between items enclosed in brackets or angle brackets indicates that the items are mutually exclusive. You must use one of the items.
Example of a command that accepts mutually exclusive arguments for an option: alarmcount -p [all | warning | critical] In this example, the option -p accepts only three arguments: all, warning, or critical. For example, to view the number of active critical alarms, type: alarmcount -p critical The command will fail if you type an argument that is not specified.
Network Management Card Command Descriptions ? Access: Administrator, Device User Description: View a list of all the CLI commands available to your account type. To view help text for a specific command, type the command followed by a question mark. alarmcount ? about Metered Rack PDU USER’S GUIDE Example: To view a list of options that are accepted by the alarmcount command, type: Access: Administrator, Device User Description: View hardware and firmware information.
alarmcount Access: Administrator, Device User Option Arguments Description -p all View the number of active alarms reported by the Rack PDU. Information about the alarms is provided in the event log. warning View the number of active warning alarms. critical View the number of active critical alarms.
boot Access: Administrator only Metered Rack PDU USER’S GUIDE Description: Define how the Rack PDU will obtain its network settings, including the IP address, subnet mask, and default gateway. Then configure the BOOTP or DHCP server settings. Option Argument Description -b dhcpBootp | dhcp | bootp | manual Define how the TCP/IP settings will be configured when the Rack PDU turns on, resets, or restarts. See TCP/IP and Communication Settings for information about each boot mode setting.
Example: To use a DHCP server to obtain network settings: 1 . Type boot -b dhcp 2 . Enable the requirement that the DHCP server provide the vendor cookie: boot -c enable 3 . Define the number of retries that will occur if the Rack PDU does not receive a valid response from the initial request: boot -s 5 cd Access: Administrator, Device User Example 1: To change to the ssh folder and confirm that an SSH security certificate was uploaded to the Rack PDU: 1 . Type cd ssh and press ENTER.
date Access: Administrator only Definition: Configure the date used by the Rack PDU. Metered Rack PDU USER’S GUIDE To configure an NTP server to define the date and time for the Rack PDU, see Set the Date and Time. Option Argument Description -d <“datestring”> Configure the current date. Use the date format specified by the date -f command. -t <00:00:00> Configure the current time, in hours, minutes, and seconds. Use the 24-hour clock format. -f mm/dd/yy | dd.mm.
delete Access: Administrator only Description: Delete the event or data log, or delete a file in the file system. Argument Description Type the name of the file to delete. Example: To delete the event log: cd logs 2 . To view the files in the logs folder, type: Metered Rack PDU USER’S GUIDE 1 . Navigate to the folder that contains the file to delete. For example, to navigate to the logs folder, type: dir The file event.txt is listed. 3 . Type delete event.txt.
eventlog Access: Administrator, Device User Metered Rack PDU USER’S GUIDE Description: View the date and time you retrieved the event log, the status of the Rack PDU, and the status of sensors connected to the Rack PDU. View the most recent device events and the date and time they occurred. Use the following keys to navigate the event log: Key Description ESC Close the event log and return to the command line interface. ENTER Update the log.
FTP Access: Administrator only Option Argument Definition -p Define the TCP/IP port that the FTP server uses to communicate with the Rack PDU (21 by default). The FTP server uses both the specified port and the port one number lower than the specified port. -S enable | disable Configure access to the FTP server. Example: To change the TCP/IP port to 5001, type: ftp -p 5001 Metered Rack PDU USER’S GUIDE Description: Enable or disable access to the FTP server.
ping Access: Administrator, Device User Description. Determine whether the device with the IP address or DNS name you specify is connected to the network. Four inquiries are sent to the address. Argument Description Type an IP address with the format xxx.xxx.xxx.xxx, or the DNS name configured by the DNS server. ping 150.250.6.10 portSpeed Metered Rack PDU USER’S GUIDE Example: To determine whether a device with an IP address of 150.250.6.
prompt Access: Administrator, Device User Option Argument Description -s long The prompt includes the account type of the currently logged-in user. short The default setting. The prompt is four characters long: cli> Example: To include the account type of the currently logged-in user in the command prompt, type: prompt -s long Metered Rack PDU USER’S GUIDE Description: Configure the command line interface prompt to include or exclude the account type of the currently logged-in user.
radius Access: Administrator only Description: View the existing RADIUS settings, enable or disable RADIUS authentication, and configure basic authentication parameters for up to two RADIUS servers. Additional authentication parameters for RADIUS servers are available at the Web interface of the Rack PDU. See RADIUS for more information. For detailed information about configuring your RADIUS server, see Appendix B: Security Handbook.
Option Argument Description -s1 -s2 The shared secret between the primary or secondary RADIUS server and the Rack PDU. -t1 -t2 The time in seconds that the Rack PDU waits for a response from the primary or secondary RADIUS server. Example 1: Example 2: To enable RADIUS and local authentication, type: radius -a radiusLocal Metered Rack PDU USER’S GUIDE To view the existing RADIUS settings for the Rack PDU, type radius and press ENTER.
resetToDef Access: Administrator only Description: Option Arguments Description -p all | keepip Reset all configuration changes, including event actions, device settings, and, optionally, TCP/IP configuration settings.
tcpip Access: Administrator only Metered Rack PDU USER’S GUIDE Description: Manually configure these network settings for the Rack PDU: Option Argument Description -i Type the IP address of the Rack PDU, using the format xxx.xxx.xxx.xxx -s Type the subnet mask for the Rack PDU. -g Type the IP address of the default gateway. Do not use the loopback address (127.0.0.1) as the default gateway. -d Type the DNS name configured by the DNS server.
user Access: Administrator only Description: Configure the user name and password for each account type, and configure the inactivity timeout. Metered Rack PDU USER’S GUIDE For information on the permissions granted to each account type (Administrator, Device User, and Read-Only User), see Types of user accounts. Option Argument Description -an -dn -rn Set the case-sensitive user name for each account type. The maximum length is 10 characters.
web Access: Administrator only Description: Enable access to the Web interface using HTTP or HTTPS. For additional security, you can change the port setting for HTTP and HTTPS to any unused port from 5000 to 32768. Users must then use a colon (:) in the address field of the browser to specify the port number. For example, for a port number of 5000 and an IP address of 152.214.12.114: Metered Rack PDU USER’S GUIDE http://152.214.12.
xferINI Access: Administrator only Description: Use XMODEM to upload an INI file while you are accessing the command line interface through a serial connection. After the upload completes: • If there are any system or network changes, the command line interface restarts and you must log in again. xferStatus Access: Administrator only Description: View the result of the last file transfer.
Device Command Descriptions devLowLoad Access: Administrator, Device User Description: Set or view the low-load threshold in Kilowatts for the device. Example 1: To view the low-load threshold, type: Example 2: To set the low-load threshold, type: Metered Rack PDU USER’S GUIDE cli> devLowLoad E000: Success 0.5 kW cli> devLowLoad 1.0 E000: Success devNearOver Access: Administrator, Device User Description: Set or view the near-overload threshold in kilowatts for the device.
devOverLoad Access: Administrator, Device User Description: Set or view the overload threshold in kilowatts for the device. Example 1: To view the overload threshold, type: Example 2: To set the overload threshold, type: cli> devOverLoad 25.5 E000: Success Metered Rack PDU USER’S GUIDE cli> devOverLoad E000: Success 25.
devReading Access: Administrator, Device User Description: View the total power in kilowatts or total energy in kilowatt-hours for the device. Argument Definition power View the total power in kilowatts energy View the total energy in kilowatt-hours cli> devReading power E000: Success 5.2 kW Metered Rack PDU USER’S GUIDE Example 1: To view the total power, type: Example 2: To view the total energy, type: cli> devReading energy E000: Success 200.
humLow Access: Administrator, Device User Description: Set or view the low humidity threshold as a percent of the relative humidity.
humMin Access: Administrator, Device User Description: Set or view the minimum humidity threshold as a percent of the relative humidity. Example 1: To view the minimum humidity threshold, type: Example 2: To set the minimum humidity threshold, type: cli> humMin 8 E000: Success Metered Rack PDU USER’S GUIDE cli> humMin E000: Success 6 %RH humReading Access: Administrator, Device User Description: View the humidity value from the sensor.
inNormal Access: Administrator, Device User Description: View the normal state for each dry contact input. Example: To view the normal state for each dry contact input, type: inReading Access: Administrator, Device User Description: View the current state of each dry contact input.
phLowLoad Access: Administrator, Device User Description: Set or view the phase low-load threshold in kilowatts. To specify phases, choose from the following options. Type: all, a single phase, a range, or a commaseparated list of phases.
phNearOver Access: Administrator, Device User Description: Set or view the phase near-overload threshold in Kilowatts. To specify phases, choose from the following options. Type: all, a single phase, a range, or a comma-separated list of phases.
phOverLoad Access: Administrator, Device User Description: Set or view the phase overload threshold in kilowatts. To specify phases, choose from the following options. Type: all, a single phase, a range, or a commaseparated list of phases.
phReading Access: Administrator, Device User Description: View the current, voltage, or power for a phase. Set or view the phase near-overload threshold in kilowatts. To specify phases, choose from the following options. Type: all, a single phase, a range, or a comma-separated list of phases.
prodInfo Access: Administrator, Device User Description: View information about the Rack PDU. Metered Rack PDU USER’S GUIDE Example: cli> prodInfo E000: Success AOS vX.X.X.X Metered Rack PDU vX.X.X.
tempHigh Access: Administrator, Device User Description: Set or view the high-temperature threshold in either Fahrenheit or Celsius.
tempMax Access: Administrator, Device User Description: Set or view the max-temperature threshold in either Fahrenheit or Celsius.
tempReading Access: Administrator, Device User Description: View the temperature value in either Fahrenheit or Celsius from the sensor. Example: To view the temperature value in Fahrenheit, type: whoami Access: Administrator, Device User Metered Rack PDU USER’S GUIDE cli> tempReading F E000: Success 51.1 F Description: View the user name of the active user.
Web Interface Supported Web Browsers The Rack PDU cannot work with a proxy server. Before you can use a Web browser to access the Rack PDU’s Web interface, you must do one of the following: • Configure the Web browser to disable the use of a proxy server for the Rack PDU. • Configure the proxy server so that it does not proxy the specific IP address of the Rack PDU. Metered Rack PDU USER’S GUIDE You can use Microsoft® Internet Explorer® (IE) 7.
Logging On to the Web Interface Overview You can use the DNS name or IP address of the Rack PDU for the URL address of the Web interface. Use your case-sensitive user name and password to log on.
URL address formats Type the DNS name or IP address of the Rack PDU in the Web browser’s URL address field and press ENTER. When you specify a non-default Web server port in Internet Explorer, you must include http:// or https:// in the URL. Common browser error messages at log-on. Cause of the Error Browser “You are not authorized to view this page” or “Someone is currently logged in...” Someone else is logged on Internet Explorer, Firefox “This page cannot be displayed.
Web Interface Features Read the following to familiarize yourself with basic Web interface features for your Rack PDU. Tabs The following tabs are available: • Device Manager: View the load status for the Rack PDU, configure load thresholds, and view and manage the peak load measurement. For more information, see About the Device Manager Tab. Metered Rack PDU USER’S GUIDE • Home: Appears when you log on. View active alarms, the load status of the Rack PDU, and the most recent Rack PDU events.
Device status icons At the upper right corner of every tab, one or more icons and accompanying text indicate the current operating status of the Rack PDU: Critical: A critical alarm exists, which requires immediate action. No Alarms: No alarms are present and the Rack PDU is operating normally. Metered Rack PDU USER’S GUIDE Warning: An alarm condition requires attention and could jeopardize your data or equipment if not addressed. To return to the Home tab, click a device status icon from any tab.
Quick Links At the lower left of the interface, there are three configurable links. The default settings follow: • Link 1: dell.com • Link 2: dell.com/home • Link 3: dell.com/business Other Web interface features • The IP address appears in the upper left corner. • A context-sensitive Help link and Log off link are located in the upper right corner. Metered Rack PDU USER’S GUIDE To reconfigure the links, see Configure Links.
About the Home Tab Use the Home tab to view active alarms, the load status of the Rack PDU, and the most recent Rack PDU events. The Overview view The top of the Overview indicates the alarm status. If one or more alarms are present, the number and type of alarms are indicated with a link to the Alarm Status view, where you can view descriptions of each alarm. If no alarms exist, the Overview displays, “No Alarms Present.
The Alarm Status view Path: Home > Alarm Status The Alarm Status view provides a description of all alarms present. Metered Rack PDU USER’S GUIDE For details about a temperature or humidity threshold violation, click the Environment tab.
Device Management About the Device Manager Tab Path: Device Manager Use the Device Manager tab to perform the following: • View the load status for the Rack PDU • Configure load thresholds • View and manage the peak load measurement Viewing the load status and peak load Metered Rack PDU USER’S GUIDE • Configure a name and location for the Rack PDU. Path: Device Manager > Load Management options Use the Load Management menu options to view the load for the device and phases (for a 3-phase Rack PDU).
Configuring Load Thresholds Path: Device Manager > Load Management options To configure load thresholds: 1 . Click the Device Manager tab. 2 . Using the Load Management menu, set the thresholds for the device and phases (for a 3-phase Rack PDU). The configurable thresholds are Overload Alarm, Near Overload Warning, and Low Load Warning. Metered Rack PDU USER’S GUIDE 3 . Click Apply.
Configuring the Name and Location of the Rack PDU Path: Device Manager > Load Management > Device Load The name and location you enter appear on the Home tab. 1 . Click the Device Manager tab, then device load from the Load Management menu. 2 . Enter a name and location. 3 . Click Apply. Metered Rack PDU USER’S GUIDE You can set the Name and Location through either the Device Manager tab or the Administration tab. A change in one affects the other.
Environment Configuring Temperature and Humidity Sensors Path: Environment > Temperature & Humidity For temperature: • If the high temperature threshold is reached, the system generates a Warning alarm. Metered Rack PDU USER’S GUIDE Through the Temperature & Humidity page, when you have a temperature or a temperature and humidity sensor connected to the Rack PDU, you can set thresholds for Warning and Critical alarm generation (see Device status icons for details on each type of alarm).
Hysteresis. This value specifies how far past a threshold the temperature or humidity must return to clear a threshold violation. • For Maximum and High temperature threshold violations, the clearing point is the threshold minus the hysteresis. • For Minimum and Low humidity threshold violations, the clearing point is the threshold plus the hysteresis.
Configuring Dry Contact Inputs Path: Environment > Dry Contact Inputs Metered Rack PDU USER’S GUIDE Through the Dry Contact Inputs page, view the current status and state for the dry contacts, and configure the dry contacts. Parameter Description Name A name for this input contact. Maximum: 20 characters.
Logs Using the Event and Data Logs Event log Path: Logs > Events > options For lists of all configurable events and their current configuration, select the Administration tab, Notification on the top menu bar, and by event under Event Actions on the left navigation menu. See Configuring by event. Metered Rack PDU USER’S GUIDE You can view, filter, or delete the event log. By default, the log displays all events recorded during the last two days in reverse chronological order.
To filter the log (Logs > Events > log): Metered Rack PDU USER’S GUIDE • Filtering the log by date or time: To display the entire event log, or to change the number of days or weeks for which the log displays the most recent events, select Last. Select a time range from the drop-down menu, then click Apply. The filter configuration is saved until the Rack PDU restarts. To display events logged during a specific time range, select From.
To configure reverse lookup (Logs > Events > reverse lookup): Reverse lookup is disabled by default. Enable this feature unless you have no DNS server configured or have poor network performance because of heavy network traffic. With reverse lookup enabled, when a network-related event occurs, both the IP address and the domain name for the networked device associated with the event are logged in the event log. If no domain name entry exists for the device, only its IP address is logged with the event.
Data log Path: Logs > Data > options The data log records the current and power for the device and phases (for a 3-phase Rack PDU), as applicable, as well as temperature and humidity and dry contact data at the specified time interval. Each entry is listed by the date and time the data was recorded. To display the data log (Logs > Data > log): – Click a page number to open a specific page of the log.
To display data logged during a specific time range, select From. Specify the beginning and ending times (using the 24-hour clock format) and dates for which to display data, then click Apply. The filter configuration is saved until the device restarts. To delete the data log: To delete all data recorded in the log, click Clear Data Log on the Web page that displays the log. Deleted data cannot be retrieved.
Parameter Description Delay X hours between uploads. The number of hours between uploads of data to the file. Upload every X minutes The number of minutes between attempts to upload data to the file after an upload failure. Up to X times The maximum number of times the upload will be attempted after an initial failure. Until Upload Succeeds Attempt to upload the file until the transfer is completed. By default, the data log stores 400 events.
The Rack PDU uses a four-digit year for log entries. You may need to select a four-digit date format in your spreadsheet application to display all four digits. To use SCP to retrieve the files. To use SCP to retrieve the event.txt file, use the following command: scp username@hostname_or_ip_address:event.txt ./event.txt Metered Rack PDU USER’S GUIDE If you are using the encryption-based security protocols for your system, use Secure CoPy (SCP) to retrieve the log file.
To use FTP to retrieve the files. To use FTP to retrieve the event.txt or data.txt file: 1. At a command prompt, type ftp and the IP address of the Rack PDU, and press ENTER. If the Port setting for the FTP Server option (set through the Network menu of the Administration tab) has been changed from its default (21), you must use the nondefault value in the FTP command. For Windows FTP clients, use the following command, including spaces.
Administration: Security Local Users Setting user access Path: Administration > Security > Local Users > options The Device User and Read-Only User accounts are enabled by default. To disable the Device User or Read-Only User accounts, select the user account from the left navigation menu, then clear the Enable checkbox. Metered Rack PDU USER’S GUIDE The Administrator user account always has access to the Rack PDU.
Remote Users Authentication Path: Administration > Security > Remote Users > Authentication Method Use this option to select how to administer remote access to the Rack PDU. For information about local authentication (not using the centralized authentication of a RADIUS server), see the Appendix B: Security Handbook. • When a user accesses the Rack PDU or other network-enabled device that has RADIUS enabled, an authentication request is sent to the RADIUS server to determine the user’s permission level.
RADIUS Path: Administration > Security > Remote Users > RADIUS Use this option to do the following: • List the RADIUS servers (a maximum of two) available to the Rack PDU and the time-out period for each. • Click Add Server, and configure the parameters for authentication by a new RADIUS server. RADIUS Setting Definition RADIUS Server The server name or IP address of the RADIUS server. NOTE: RADIUS servers use port 1812 by default to authenticate users.
Configuring the RADIUS Server Summary of the configuration procedure You must configure your RADIUS server to work with the Rack PDU. For examples of the RADIUS users file with Vendor Specific Attributes (VSAs) and an example of an entry in the dictionary file on the RADIUS server, see Appendix B: Security Handbook. 2. Users must be configured with Service-Type attributes unless Vendor Specific Attributes (VSAs) are defined.
Configuring a RADIUS server on UNIX® with shadow passwords If UNIX shadow password files are used (/etc/passwd) with the RADIUS dictionary files, the following two methods can be used to authenticate users: • If all UNIX users have administrative privileges, add the following to the RADIUS “user” file. To allow only Device Users, change the DELL-Service-Type to Device.
Administration: Network Features TCP/IP and Communication Settings TCP/IP settings Path: Administration > Network > TCP/IP On the same page, TCP/IP Configuration provides the following options for how the TCP/IP settings will be configured when the Rack PDU turns on, resets, or restarts: Manual, BOOTP, DHCP, and DHCP & BOOTP.
Description BOOTP A BOOTP server provides the TCP/IP settings. At 32-second intervals, the Rack PDU requests network assignment from any BOOTP server: • If the Rack PDU receives a valid response, it starts the network services. • If the Rack PDU finds a BOOTP server, but a request to that server fails or times out, the Rack PDU stops requesting network settings until it is restarted.
Setting Description DHCP & BOOTP The default setting. The Rack PDU tries to obtain its TCP/IP settings from a BOOTP server first, and then, if it cannot discover a BOOTP server, from a DHCP server. If it obtains its TCP/IP settings from either server, it switches this setting to BOOTP or DHCP, depending on the type of server that supplied the TCP/IP settings to the Rack PDU. 1.
Vendor Specific Information (option 43). The Rack PDU uses this option in a DHCP response to determine whether the DHCP response is valid. This option contains up to two specific options in a TAG/LEN/DATA format: the Vendor Cookie and the Boot Mode Transition. • Vendor Cookie. Tag 1, Len 4, Data “1APC” Option 43 communicates to the Rack PDU that a DHCP server is configured to service the Dell Rack PDUs. By default, the Rack PDU does not require this cookie.
Metered Rack PDU USER’S GUIDE TCP/IP options. The Rack PDU uses the following options within a valid DHCP response to define its TCP/IP settings. All of these options except the first are described in RFC2132. • IP Address (from the yiaddr field of the DHCP response, described in RFC2131): The IP address that the DHCP server is leasing to the Rack PDU. • Subnet Mask (option 1): The Subnet Mask value that the Rack PDU needs to operate on the network. • Router, i.e.
Port Speed Path: Administration > Network > Port Speed The Port Speed setting defines the communication speed of the TCP/IP port. • For Auto-negotiation (the default), Ethernet devices negotiate to transmit at the highest possible speed, but if the supported speeds of two devices are unmatched, the slower speed is used.
• Select naming to define the host name and domain name of the Rack PDU: – Host Name: After you configure a host name here and a domain name in the Domain Name field, users can enter a host name in any field in the Rack PDU interface (except e-mail addresses) that accepts a domain name. – Domain Name: You need to configure the domain name here only.
Web Metered Rack PDU USER’S GUIDE Path: Administration > Network > Web > options Option Description access To activate changes to any of these selections, log off from the Rack PDU: • Disable: Disables access to the Web interface. (To re-enable access, log in to the command line interface, then type the command http -S enable. For HTTPS access, type https -S enable.
Description ssl certificate Add, replace, or remove a security certificate. Status: • Not installed: A certificate is not installed, or was installed by FTP or SCP to an incorrect location. Using Add or Replace Certificate File installs the certificate to the correct location, /ssl on the Rack PDU. • Generating: The Rack PDU is generating a certificate because no valid certificate was found. • Loading: A certificate is being activated on the Rack PDU.
Console Metered Rack PDU USER’S GUIDE Path: Administration > Network > Console > options Option Description access Choose one of the following for access by Telnet or Secure SHell (SSH): • Disable: Disables all access to the command line interface. • Enable Telnet (the default): Telnet transmits user names, passwords, and data without encryption.
Option Description ssh host key Status indicates the status of the host key (private key): • SSH Disabled: No host key in use: When disabled, SSH cannot use a host key. • Generating: The Rack PDU is creating a host key because no valid host key was found. • Loading: A host key is being activated on the Rack PDU.
SNMP All user names, passwords, and community names for SNMP are transferred over the network as plain text. If your network requires the high security of encryption, disable SNMP access or set the access for each community to Read. (A community with Read access can receive status information and use SNMP traps.) Metered Rack PDU USER’S GUIDE For detailed information on enhancing and managing the security of your system, see Appendix B: Security Handbook.
SNMPv1 Metered Rack PDU USER’S GUIDE Path: Administration > Network > SNMPv1 > options Option Description access Enable SNMPv1 Access: Enables SNMP version 1 as a method of communication with this device. access control You can configure up to four access control entries to specify which Network Management Systems (NMSs) have access to this device.
SNMPv3 Path: Administration > Network > SNMPv3 > options For SNMP GETs, SETs, and trap receivers, SNMPv3 uses a system of user profiles to identify users. An SNMPv3 user must have a user profile assigned in the MIB software program to perform GETs and SETs, browse the MIB, and receive traps. To use SNMPv3, you must have a MIB program that supports SNMPv3. Option Description access SNMPv3 Access: Enables SNMPv3 as a method of communication with this device.
Option Description user profiles By default, lists the settings of four user profiles, configured with the user names dell snmp profile1 through dell snmp profile4, and no authentication and no privacy (no encryption). To edit the following settings for a user profile, click a user name in the list.
Description access control You can configure up to four access control entries to specify which NMSs have access to this device. The opening page for access control, by default, assigns one entry to each of the four user profiles, but you can edit these settings to apply more than one entry to any user profile to grant access by several specific IP addresses, host names, or IP address masks.
FTP Server Path: Administration > Network > FTP Server You can change the Port setting to the number of any unused port from 5001 to 32768 for added security. Users must then use a colon (:) to specify the non-default port number. For example, for port 5001 and IP address 152.214.12.114, the command would be ftp 152.214.12.114:5001. FTP transfers files without encryption. For higher security, disable the FTP server, and transfer files with Secure CoPy (SCP).
Administration: Notification Event Actions Path: Administration > Notification > Event Actions > options Types of notification • Active, automatic notification. The specified users or monitoring devices are contacted directly. – E-mail notification – SNMP traps Metered Rack PDU USER’S GUIDE You can configure event actions to occur in response to an event or group of events. These actions notify users of the event in any of several ways: – Syslog notification • Indirect notification – Event log.
Configuring event actions Metered Rack PDU USER’S GUIDE Notification parameters. For events that have an associated clearing event, you can also set the following parameters as you configure events individually or by group, as described in the next two sections. To access the parameters, click the receiver or recipient name. Parameter Description Delay x time before sending If the event persists for the specified time, a notification is sent.
When viewing details of an event’s configuration, you can change the configuration, enable or disable event logging or Syslog, or disable notification for specific e-mail recipients or trap receivers, but you cannot add or remove recipients or receivers. To add or remove recipients or receivers, see the following: • Identifying Syslog servers • E-mail recipients • Trap Receivers 1. Select the Administration tab, Notification on the top menu bar, and by group under Event Actions on the left navigation menu.
Active, Automatic, Direct Notification E-mail notification Overview of setup. Use the Simple Mail Transfer Protocol (SMTP) to send e-mail to up to four recipients when an event occurs. To use the e-mail feature, you must define the following settings: • The IP addresses of the primary and, optionally, the secondary Domain Name System (DNS) servers • The IP address or DNS name for SMTP Server and From Address See SMTP. Metered Rack PDU USER’S GUIDE See DNS.
SMTP. Path: Administration > Notification > E-mail > server Setting Description Local SMTP Server The IP address or DNS name of the local SMTP server. The contents of the From field in e-mail messages sent by the Rack PDU: • In the format user@ [IP_address] (if an IP address is specified as Local SMTP Server) • In the format user@domain (if DNS is configured and the DNS name is specified as Local SMTP Server) in the e-mail messages.
Description SMTP Server Select one of the following methods for routing e-mail: • Local: Through the Rack PDU’s SMTP server. This setting (recommended) ensures that the e-mail is sent before the Rack PDU’s 20-second time-out, and, if necessary, is retried several times. Also do one of the following: • Enable forwarding at the Rack PDU’s SMTP server so that it can route e-mail to external SMTP servers. Typically, SMTP servers are not configured to forward e-mail.
SNMP traps Trap Receivers. Path: Administration > Notification > SNMP Traps > trap receivers View trap receivers by NMS IP/Host Name. You can configure up to six trap receivers. • To configure a new trap receiver, click Add Trap Receiver. • To specify the trap type for a trap receiver, select either the SNMPv1 or SNMPv3 radio button. For an NMS to receive both types of traps, you must configure two trap receivers for that NMS, one for each trap type.
Item Definition Community Name The name (public by default) used as an identifier when SNMPv1 traps are sent to this trap receiver. Authenticate Traps When this option is enabled (the default), the NMS identified by the NMS IP/Host Name setting will receive authentication traps (traps generated by invalid attempts to log on to this device). To disable that ability, unmark the checkbox. SNMPv3 option. Select the identifier of the user profile for this trap receiver.
Syslog Path: Logs > Syslog > options The Rack PDU can send messages to up to four Syslog servers when an event occurs. The Syslog servers record events that occur at network devices in a log that provides a centralized record of events. This user’s guide does not describe Syslog or its configuration values in detail. See RFC3164 for more information about Syslog. Identifying Syslog servers.
Syslog settings. Path: Logs > Syslog > settings Setting Definition Message Generation Enables (by default) or disables the Syslog feature. Facility Code Selects the facility code assigned to the Rack PDU’s Syslog messages (User, by default). Severity Mapping Metered Rack PDU USER’S GUIDE NOTE: User best defines the Syslog messages sent by the Rack PDU. Do not change this selection unless advised to do so by the Syslog network or system administrator.
Administration: General Options Identification Path: Administration > General > Identification For more information about MIB-II OIDs, see the Dell Management Information Base (MIB). Metered Rack PDU USER’S GUIDE Define the Name (the device name), Location (the physical location), and Contact (the person responsible for the device) used by the SNMP agent of the Rack PDU. These settings are the values used for the MIB-II sysName, sysContact, and sysLocation Object Identifiers (OIDs).
Set the Date and Time Method Path: Administration > General > Date & Time > mode Set the time and date used by the Rack PDU. You can change the current settings manually or through a Network Time Protocol (NTP) Server: • Manual Mode: Do one of the following: – Mark the checkbox Apply Local Computer Time to match the date and time settings of the computer you are using. • Synchronize with NTP Server: Have an NTP Server define the date and time for the Rack PDU.
Daylight saving Path: Administration > General > Date & Time > daylight saving Enable traditional United States Daylight Saving Time (DST), or enable and configure a customized daylight saving time to match how Daylight Saving Time is implemented in your local area. DST is disabled by default. When customizing Daylight Saving Time (DST): • If the local DST always starts or ends on the last occurrence of a specific weekday of a month, whether it is the fourth or the fifth occurrence, choose Fifth/Last.
Use an .ini File Path: Administration > General > User Config File Status Reports the progress of the upload. The upload succeeds even if the file contains errors, but a system event reports the errors in the event log. Upload Browse to the customized file and upload it so that the current Rack PDU can use it to set its own configuration. To retrieve and customize the file of a configured Rack PDU, see How to Export Configuration Settings.
Event Log and Temperature Units Path: Administration > General > Preferences Color-code event log text Metered Rack PDU USER’S GUIDE This option is disabled by default. Mark the Event Log Color Coding checkbox to enable color-coding of alarm text recorded in the event log. System-event entries and configuration-change entries do not change color. Text Color Alarm Severity Red Critical: A critical alarm exists, which requires immediate action.
Reset the Rack PDU Action Definition Reboot Management Interface Restarts the interface of the Rack PDU. Reset All1 Clear the Exclude TCP/IP checkbox to reset all configuration values; mark the Exclude TCP/IP checkbox to reset all values except TCP/IP Reset Only1 TCP/IP settings: Set TCP/IP Configuration to DHCP & BOOTP, its default setting, requiring that the Rack PDU receive its TCP/IP settings from a DHCP or BOOTP server. See TCP/IP and Communication Settings.
Configure Links Path: Administration > General > Quick Links Select the Administration tab, General on the top menu bar, and Quick Links on the left navigation menu to view and change the URL links displayed at the bottom left of each page of the interface. By default, these links access the following Web pages: • Link 1: dell.com • Link 3: dell.
How to Export Configuration Settings Retrieving and Exporting the .ini File Summary of the procedure An Administrator can retrieve the .ini file of a Rack PDU and export it to another Rack PDU or to multiple Rack PDUs. 1. Configure a Rack PDU to have the settings you want to export. 3. Customize the file to change at least the TCP/IP settings. 4. Use a file transfer protocol supported by the Rack PDU to transfer a copy to one or more other Rack PDUs.
Detailed procedures Retrieving. To set up and retrieve an .ini file to export: 1. If possible, use the interface of a Rack PDU to configure it with the settings to export. Directly editing the .ini file risks introducing errors. 2. To use FTP to retrieve config.ini from the configured Rack PDU: a. Open a connection to the Rack PDU, using its IP address: ftp> open ip_address b. Log on using the Administrator user name and password. The file is written to the folder from which you launched FTP.
Customizing. You must customize the file before you export it. 1. Use a text editor to customize the file. • Section headings, keywords, and pre-defined values are not case-sensitive, but string values that you define are case-sensitive. • Use adjacent quotation marks to indicate no value. For example, LinkURL1="" indicates that the URL is intentionally undefined. • Enclose in quotation marks any values that contain leading or trailing spaces or are already enclosed in quotation marks.
Transferring the file to a single Rack PDU. To transfer the .ini file to another Rack PDU, do either of the following: • From the Web interface of the receiving Rack PDU, select the Administration tab, General on the top menu bar, and User Config File on the left navigation menu. Enter the full path of the file, or use Browse. • Use any file transfer protocol supported by Rack PDUs, i.e., FTP, FTP Client, SCP, or TFTP. The following example uses FTP: b. Export the copy of the customized .
The Upload Event and Error Messages The event and its error messages The following event occurs when the receiving Rack PDU completes using the .ini file to update its settings. Configuration file upload complete, with number valid values Metered Rack PDU USER’S GUIDE If a keyword, section name, or value is invalid, the upload by the receiving Rack PDU succeeds, and additional event text states the error. Event text Description Configuration file warning: Invalid keyword on line number.
Messages in config.ini A Rack PDU from which you download the config.ini file must be discovered successfully in order for its configuration to be included. If the Rack PDU is not present or is not discovered, the config.ini file contains a message under the appropriate section name, instead of keywords and values. For example: Rack PDU not discovered If you did not intend to export the configuration of the Rack PDU as part of the .ini file import, ignore these messages.
File Transfers How to Upgrade Firmware Benefits of upgrading firmware When you upgrade the firmware on the Rack PDU: • You obtain the latest bug fixes and performance improvements. Keeping the firmware versions consistent across your network ensures that all Rack PDUs support the same features in the same manner. Metered Rack PDU USER’S GUIDE • New features become available for immediate use.
Firmware files A firmware version consists of three modules: An Operating System (AOS) module, an application module, and a boot monitor (bootmon) module. Each module contains one or more Cyclical Redundancy Checks (CRCs) to protect its data from corruption during transfer. The Operating System (AOS), application, and boot monitor module files used with the Rack PDU share the same basic format: dell_hardware-version_type_firmware-version.
Firmware File Transfer Methods When you transfer individual firmware modules, you must transfer the Operating System (AOS) module to the Rack PDU before you transfer the application module. Use FTP or SCP to upgrade one Rack PDU Metered Rack PDU USER’S GUIDE To upgrade the firmware of a Rack PDU, use one of these methods: • From a networked computer on any supported operating system, use FTP or SCP to transfer the individual AOS and application firmware modules.
3. Type open and the IP address of the Rack PDU, and press ENTER. If the port setting for the FTP Server has changed from its default of 21, you must use the non-default value in the FTP command. • For Windows FTP clients, separate a non-default port number from the IP address by a space. For example: ftp> open 150.250.6.10 21000 • Some FTP clients require a colon instead before the port number. 4. Log on as Administrator; admin is the default user name and password. 5. Upgrade the AOS.
How to upgrade multiple Rack PDUs Use FTP or SCP to upgrade multiple Rack PDUs. To upgrade multiple Rack PDUs using an FTP client or using SCP, write a script which automatically performs the procedure. Use XMODEM to upgrade one Rack PDU To use XMODEM to upgrade one Rack PDU that is not on the network, you must first download the firmware files from Dell.com. Metered Rack PDU USER’S GUIDE To transfer the files: 1. Select a serial port at the local computer and disable any service that uses the port. 2.
Verifying Upgrades and Updates Verify the success or failure of the transfer To verify whether a firmware upgrade succeeded, use the xferStatus command in the command line interface to view the last transfer result, or use an SNMP GET to the mfiletransferStatusLastTransferResult OID. Last Transfer Result codes Metered Rack PDU USER’S GUIDE Code Description Successful The file transfer was successful. Result not available There are no recorded file transfers.
Troubleshooting Metered Rack PDU USER’S GUIDE Rack PDU Access Problems Problem Solution Unable to ping the Rack PDU If the Rack PDU’s Status LED is green, try to ping another node on the same network segment as the Rack PDU. If that fails, it is not a problem with the Rack PDU. If the Status LED is not green, or if the ping test succeeds, perform the following checks: • Verify all network connections. • Verify the IP addresses of the Rack PDU and the NMS.
Solution Cannot access the Web interface • Verify that HTTP or HTTPS access is enabled. • Make sure you are specifying the correct URL — one that is consistent with the security system used by the Rack PDU. SSL requires https, not http, at the beginning of the URL. • Verify that you can ping the Rack PDU. • Verify that you are using a Web browser supported for the Rack PDU. See Supported Web Browsers.
Appendix A: List of Supported Commands Metered Rack PDU USER’S GUIDE Network Management Card Command Descriptions ? about alarmcount [-p [all | warning | critical]] boot [-b ] [-a ] [-o ] [-f ] [-c [enable | disable]] [-s ] [-v ] [-i ] [-u ] cd date [-d <“datestring”>] [-t <00:00:00>] [-f [mm/dd/yy | dd.mm.
Metered Rack PDU USER’S GUIDE Device Command Descriptions devLowLoad [] devNearOver [] devOverLoad [] devReading [<“power” | “energy”>] humLow [] humMin [] humReading inNormal inReading phLowLoad [<“all” | phase#> ] phNearOver [<“all” | phase#> ] phOverLoad [<“all” | phase#> ] phReading [<“all” | phase#> <“current” | “voltage” | “power”>] prodInfo tempHigh [<“F” | “C”> ] tempMax [<“F” | “C”> ] tempReading [<“F” |
Appendix B: Security Handbook Content and Purpose of This Appendix This appendix documents security features for firmware version 5.x.x for Dell® Rack PDUs which enable Rack PDUs to function remotely over the network.
Security Features Protection of passwords and passphrases No password or passphrase is stored on the Rack PDU in plain text. • Passwords are hashed using a one-way hash algorithm. • Passphrases, which are used for authentication and encryption, are encrypted before they are stored on the Rack PDU. Summary of access methods Security Access Access is by user name and password. Metered Rack PDU USER’S GUIDE Serial access to the command line interface. Description Always enabled.
Metered Rack PDU USER’S GUIDE SNMPv1 and SNMPv3. Security Access Description Available methods (SNMPv1): • Community Name • Host Name • NMS IP filters • Agents that can be enabled or disabled • Four access communities with read/write/disable capability For both SNMPv1 and SNMPv3, the host name restricts access to the Network Management System (NMS) at that location only, and the NMS IP filters allow access only to the NMSs specified by one of the IP address formats in the following examples: • 159.215.
Web server. Security Access In basic HTTP authentication mode, the user name and password are transmitted base-64 encoded (with no encryption). SSL is available on Web browsers supported for use with the Management Card or network-enabled device and on most Web servers. The Web protocol HyperText Transfer Protocol over Secure Sockets Layer (HTTPS) encrypts and decrypts page requests to the Web server and pages returned by the Web server to the user. RADIUS.
Change default user names and passwords immediately After installation and initial configuration of the Rack PDU, immediately change the user names and passwords from their defaults to unique user names and passwords to establish basic security. If Telnet, the FTP server, SSH/SCP, or the Web server uses a non-standard port, a user must specify the port in the command line or Web address used to access the Rack PDU. A non-standard port number provides an additional level of security.
Authentication You can choose security features for the Rack PDU that control access by providing basic authentication through user names, passwords, and IP addresses, without using encryption. These basic security features are sufficient for most environments in which sensitive data are not being transferred. For enhanced authentication when you use SNMP to monitor or configure the Rack PDU, choose SNMPv3.
Encryption SNMP GETS, SETS, and Traps For encrypted communication when you use SNMP to monitor or configure the Rack PDU, choose SNMPv3. The privacy passphrase used with SNMPv3 user profiles ensures the privacy of the data (by means of encryption, using the AES or DES encryption algorithm) that an NMS sends to or receives from the Rack PDU. The Secure SHell protocol. SSH provides a secure mechanism to access computer consoles, or shells, remotely.
Secure CoPy. SCP is a secure file transfer application that you can use instead of FTP. SCP uses the SSH protocol as the underlying transport protocol for encryption of user names, passwords, and files. • When you enable and configure SSH, you automatically enable and configure SCP. No further configuration of SCP is needed. • You must explicitly disable FTP. It is not disabled by enabling SSH.
You can use the Rack PDU Security Wizard to create a certificate signing request to an external Certificate Authority, or if you do not want to use an existing Certificate Authority, you can create a Dell root certificate to upload to the certificate store (cache) of the browser. You can also use the Wizard to create a server certificate to upload to the Rack PDU. Metered Rack PDU USER’S GUIDE See Creating and Installing Digital Certificates for a summary of how these certificates are used.
Creating and Installing Digital Certificates Purpose For network communication that requires a higher level of security than password encryption, the Web interface of the Rack PDU supports the use of digital certificates with the Secure Sockets Layer (SSL) protocol. Digital certificates can authenticate the Rack PDU (the server) to the Web browser (the SSL client).
Method 1: Use the default certificate auto-generated by the Rack PDU. When you enable SSL, you must reboot the Rack PDU. During rebooting, if no server certificate exists, the Rack PDU generates a default server certificate that is self-signed but that you cannot configure. Method 1 has the following advantages and disadvantages.
– The length of the public key (RSA key) that is used for encryption when setting up an SSL session is 2048 bits, by default. Method 2: Use the Rack PDU Security Wizard to create a CA certificate and a server certificate. Use the Rack PDU Security Wizard to create two digital certificates: • A server certificate that you upload to the Rack PDU. When the Rack PDU Security Wizard creates a server certificate, it uses the CA root certificate to sign the server certificate.
This provides an extra level of security beyond the encryption of the user name, password, and transmitted data. – The root certificate that you install to the browser enables the browser to authenticate the server certificate of the Rack PDU to provide additional protection from unauthorized access.
and a Certificate Authority of your own company or agency has probably already loaded its CA certificate to the browser store of each user’s browser.) Therefore, you do not have to upload a root certificate to the browser of each user who needs access to the Rack PDU. – You choose the length of the public key (RSA key) that is used for setting up an SSL session (use 1024 bits, which is the default setting, or use 2048 bits to provide complex encryption and a high level of security).
Using the Rack PDU Security Wizard The Rack PDU Security Wizard creates components needed for high security for a Rack PDU on the network when you are using Secure Sockets Layer (SSL) and related protocols and encryption routines. Authentication by certificates and host keys • Secure Sockets Layer (SSL), used for secure Web access, uses digital certificates for authentication.
How certificates are used. Most Web browsers, including all browsers supported by Rack PDUs, contain a set of CA root certificates from all of the commercial Certificate Authorities. For authentication to occur: • Each server (Rack PDU) with SSL enabled must have a server certificate on the server itself. • Any browser that is used to access the Web interface of the Rack PDU must contain the CA root certificate that signed the server certificate.
Metered Rack PDU USER’S GUIDE Files you create for SSL and SSH security Use the Rack PDU Security Wizard to create these components of an SSL and SSH security system: • The server certificate for the Rack PDU, if you want the benefits of authentication that such a certificate provides. You can create either of the following types of server certificate: – A server certificate signed by a custom CA root certificate also created with the Rack PDU Security Wizard.
Create a Root Certificate and Server Certificates Use this procedure if your company or agency does not have its own Certificate Authority and you do not want to use a commercial Certificate Authority to sign your server certificates. Define the size of the public RSA key that is part of the certificate generated by the Rack PDU Security Wizard.You can generate a 1024-bit key, or you can generate a 2048-bit key, which provides complex encryption and a higher level of security.
The procedure Create the CA root certificate. 1. If the Rack PDU Security Wizard is not already installed on your computer, obtain and run the installation program (Rack PDU Security Wizard.exe). 2. On the Windows Start menu, select Programs, then Rack PDU Security Wizard. 4. Enter a name for this file, which will contain the Certificate Authority’s public root certificate and private key. The file must have a .
7. The last screen verifies that the certificate was created and displays information you need for the next tasks: • The location and name of the .p15 file that you will use to sign the server certificates. • The location and name of the .crt file, which is the CA root certificate to load into the browser of each user who needs to access the Rack PDU. See the help system of the browser for information on how to load the .crt file into the browser’s certificate store (cache).
6. On the next screen, review the summary of the certificate. Scroll downward to view the certificate’s unique serial number and fingerprints. To make any changes to the information you provided, click Back. Revise the information. Metered Rack PDU USER’S GUIDE 5. On the screen labeled Step 2, provide the information to configure the server certificate. Country and Common Name are the only required fields. For the Common Name field, enter the IP address or DNS name of the server (the Rack PDU).
Create a Server Certificate and Signing Request Summary Use this procedure if your company or agency has its own Certificate Authority or if you plan to use a commercial Certificate Authority to sign your server certificates. • Create a Certificate Signing Request (CSR). The CSR contains all the information for a server certificate except the digital signature. This process creates two output files: – The file with the .
4. Enter a name for this file, which will contain the private key of the Rack PDU. The file must have a .p15 suffix and, by default, will be created in the installation folder C:\Program Files\Dell\Rack PDU Security Wizard. By default, a server certificate is valid for 10 years from the current date and time, but you can edit the Validity Period Start and Validity Period End fields. 6. On the next screen, review the summary of the certificate.
Import the signed certificate. When the external Certificate Authority returns the signed certificate, import the certificate. This procedure combines the signed certificate and the private key into an SSL server certificate that you then upload to the Rack PDU. 1. On the Windows Start menu, select Programs, then Rack PDU Security Wizard. 2. On the screen labeled Step 1, select Import Signed Certificate. 4.
Load the server certificate to the Rack PDU. 1. On the Administration tab, select Network on the top menu bar and ssl certificate under the Web heading on the left navigation menu. Alternatively, you can use FTP or Secure CoPy (SCP) to transfer the server certificate to the Rack PDU. For SCP, the command to transfer a certificate named cert.p15 to a Rack PDU with an IP address of 156.205.6.185 would be: scp cert.p15 dell@156.205.6.185 Create an SSH Host Key Metered Rack PDU USER’S GUIDE 2.
The procedure Create the host key. 1. If the Rack PDU Security Wizard is not already installed on your computer, obtain and run the installation program (Rack PDU Security Wizard.exe). 2. On the Windows Start menu, select Programs, then Rack PDU Security Wizard. 4. Enter a name for this file, which will contain the host key. The file must have a .p15 suffix. By default, the file will be created in the installation folder C:\Program Files\Dell\Rack PDU Security Wizard. 5.
Load the host key to the Rack PDU. 1. On the Administration tab, select Network on the top menu bar, and ssh host key under the Console heading on the left navigation menu. 3. At the bottom of the User Host Key page, note the SSH fingerprint. Log on to the Rack PDU through your SSH client program, and verify that the correct host key was uploaded by verifying that these fingerprints match the fingerprints that the client program displays.
Command Line Interface Access and Security Users with Administrator or Device User accounts can access the command line interface through Telnet or Secure SHell (SSH), depending on which is enabled. (An Administrator can enable these access methods by selecting the Administration tab, then Network on the top menu bar and access under the Console heading on the left navigation menu.) By default, Telnet is enabled. Enabling SSH automatically disables Telnet. SSH for high-security access.
menu bar, and select access under the Console heading on the left navigation menu. 2. Configure the port settings for Telnet and SSH. For information on the extra security a non-standard port provides, see Port assignments. If you do not specify a host key file here, if you install an invalid host key, or if you enable SSH with no host key installed, the Rack PDU generates an RSA host key of 2048 bits. For the Rack PDU to create a host key, it must reboot.
See Creating and Installing Digital Certificates to choose among the several methods for using digital certificates. To configure HTTP and HTTPS: 1. On the Administration tab, select Network on the top menu bar and access under Web on the left navigation menu. 2. Enable either HTTP or HTTPS and configure the ports that each of the two protocols will use. Changes take effect the next time you log on. When SSL is activated, your browser displays a small lock icon. 3.
Valid Certificate. Click the link to display the parameters of the certificate. Parameter Issued To: Description Common Name (CN): The IP Address or DNS name of the Rack PDU. This field controls how you must log on to the Web interface. • If an IP address was specified for this field when the certificate was created, use an IP address to log on. • If the DNS name was specified for this field when the certificate was created, use the DNS name to log on.
Parameter Fingerprints Description Each of the two fingerprints is a long string of alphanumeric characters, punctuated by colons. A fingerprint is a unique identifier to further authenticate the server. Record the fingerprints to compare them with the fingerprints contained in the certificate, as displayed in the browser. SHA1 Fingerprint: A fingerprint created by a Secure Hash Algorithm (SHA-1). Metered Rack PDU USER’S GUIDE MD5 Fingerprint: A fingerprint created by a Message Digest 5 (MD5) algorithm.
Supported RADIUS Functions and Servers Supported functions Supported authentication and authorization functions: Remote Authentication Dial-In User Service (RADIUS). Use RADIUS to administer remote access for each Rack PDU centrally. When a user accesses the Rack PDU, an authentication request is sent to the RADIUS server to determine the permission level of the user. Supported RADIUS servers Supported RADIUS servers: FreeRADIUS and Microsoft IAS 2003.
Configure the Rack PDU Authentication RADIUS user names used with Rack PDU are limited to 32 characters. • Local Authentication Only: RADIUS is disabled. Local authentication is enabled. • RADIUS, then Local Authentication: Both RADIUS and local authentication are enabled. Authentication is requested from the RADIUS server first; local authentication is used only if the RADIUS server fails to respond. Metered Rack PDU USER’S GUIDE On the Administration tab, select Security on the top menu bar.
RADIUS Metered Rack PDU USER’S GUIDE To configure RADIUS, on the Administration tab, select Security on the top menu bar. Then, under Remote Users on the left navigation menu, select RADIUS. Setting Definition RADIUS Server The server name or IP address of the RADIUS server. NOTE: RADIUS servers use port 1812 by default to authenticate users. To use a different port, add a colon followed by the new port number to the end of the RADIUS server name or IP address.
Configure the RADIUS Server You must configure your RADIUS server to work with the Rack PDU. The examples in this section may differ somewhat from the required content or format of your specific RADIUS server. In the examples, any reference to outlets applies only to Rack PDU devices that support outlet users. 2. Users must be configured with Service-Type attributes unless Vendor Specific Attributes (VSAs) are defined instead.
Examples using Vendor Specific Attributes Metered Rack PDU USER’S GUIDE Vendor Specific Attributes (VSAs) can be used instead of the Service-Type attributes provided by your RADIUS server. This method requires a dictionary entry and a RADIUS users file. In the dictionary file, you can define the names for the ATTRIBUTE and VALUE keywords, but not the numeric values. If you change the numeric values, RADIUS authentication and authorization will not work correctly.
RADIUS Users file with VSAs. Following is an example of a RADIUS users file with VSAs: VSAAdmin Auth-Type = Local, Password = "admin" DELL-Service-Type = Admin VSADevice Auth-Type = Local, Password = "device" DELL-Service-Type = Device # Give user access to device outlets 1, 2 and 3.
Example with UNIX shadow passwords. If UNIX shadow password files are used (/etc/passwd) with the RADIUS dictionary files, the following two methods can be used to authenticate users: • If all UNIX users have administrative privileges, add the following to the RADIUS “user” file. To allow only Device Users, change the Dell-Service-Type to Device. DEFAULT Auth-Type = System DELL-Service-Type = Admin • Add user names and attributes to the RADIUS "user" file, and verify the password against /etc/passwd.
Index Numerics 10/100 base-T connector, front panel 12 10/100 LED, front panel 12, 13 Rack PDU and BOOTP server communication 6 Status LED indicating BOOTP requests 13 Browsers CA certificates in browser’s store (cache) 138 danger of leaving browser open 139 error messages 56 lock icon when SSL is installed 138 types and versions supported 54 A About options for information about the Rack PDU 114 enabling or disabling methods of access to the command line interface to the Web interface 88 90 remotely
METERED RACK PDU USER’S GUIDE dir 28 eventlog 29 exit 29 format 29 FTP 30 help 30 humLow 43 humMin 44 humReading 44 inNormal 45 inReading 45 phLowLoad 46 phNearOver 47 phOverLoad 48 phReading 49 ping 31 portSpeed 31 prodInfo 50 prompt 32 quit 32 radius 33 reboot 34 resetToDef 35 system 35 tcpip 36 tempHigh 51 tempMax 52 tempReading 53 user 37 web 38 whoami 53 xferINI 39 xferStatus 39 SSH 158 SSL 160 Contact identification (whom to contact) 108 D Data log importing into spreadsheet 73 Log Interval setti
Firmware versions displayed on main screen 18 From Address (SMTP setting) 102 FTP Enable e-mail forwarding to external SMTP servers 103 e-mail to a recipient 103 reverse lookup 70 Telnet 90 versions of SSH 90 disabling FTP if you use SSH and SCP 138 for transferring host keys 159 for transferring server certificates 151, 160 server settings 97 transferring firmware files 123 using a non-standard port for extra security 135 using to retrieve event or data log 73 Encryption Environment tab 65 Error messag
Security 76 K Message Generation (Syslog setting) 107 Keywords in user configuration file 115 N METERED RACK PDU USER’S GUIDE L Last Transfer Result codes 126 Launch Log in New Window, JavaScript requirement.
S Ports, assigning 135 Primary NTP Server 109 Proxy servers SCP enabled and configured with SSH 138, 158 for encrypted file transfer 137 for high-security file transfer 97 for transferring host keys 157 for transferring server certificates 151, 155 transferring firmware files 123 using non-standard port 135 using to retrieve event or data log 73 configuring not to proxy the PDU 55 disabling use of 55 Q Quick Links, configuration 114 R METERED RACK PDU USER’S GUIDE Rack PDU configuring name and locat
SSL Security Wizard creating certificates to use with a Certificate Authority 152 without a Certificate Authority authentication through digital certificates 138 certificate signing requests 139 how to create, view, or remove certificates 89 148 creating signing requests 152 creating SSH host keys 155 Status Server certificates METERED RACK PDU USER’S GUIDE creating to use with a Certificate Authority 152 creating without a Certificate Authority 148 Severity Mapping (Syslog setting) 107 Signing re
Troubleshooting management card access problems 127 RADIUS only setting when RADIUS is unavailable 77 verification checklist 127 W Web interface 57 configuring access 88 logging on 55 troubleshooting access problems 128 URL address formats 56 U X Unit Preference 112 Up Time XMODEM to transfer firmware files 125 METERED RACK PDU USER’S GUIDE control console main screen 18 in Web interface 114 Update Interval, Date & Time setting 109 Update Using NTP Now, Date & Time setting 109 Upgrade firmware 121 U
Metered Rack PDU USER’S GUIDE Information in this document is subject to change without notice. © 2010 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden. Trademarks used in this text: Dell, and the DELL logo, are trademarks of Dell Inc. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell Inc.
