ACS v6000 Installation/Administration/User Guide
ACS v6000 Installation/Administration/User Guide Avocent, the Avocent logo, The Power of Being There, DSView and Cyclades are trademarks or registered trademarks of Avocent Corporation or its affiliates in the U.S. and other countries. Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation in the United States and/or other countries. Mozilla and Firefox are registered trademarks of the Mozilla Foundation. VMware, ESX, ESXi and VSphere are registered trademarks of VMware, Inc.
ii TA B LE OF C ON TE N TS Introduction Features and Benefits 1 1 Access options 1 Web Manager 2 IPv4 and IPv6 support 2 Flexible users and groups 2 Security 3 Authentication 3 VPN based on IPSec with NAT traversal 3 Packet filtering 3 SNMP 3 Data logging, notifications, alarms and data buffering 4 Auto discovery 4 Installation ACS v6000 virtual console server requirements Using Telnet or SSH Accessing a Virtual Console Server via the Web Manager Web Manager Overview for Administra
iii ACS v6000 Installation/Administration/User Guide Settings 22 Devices 22 IPv4 and IPv6 static routes 22 Hosts 23 Firewall 23 IPSec(VPN) 25 SNMP Configuration 27 Ports 28 Serial ports 28 CAS Profile 32 Authentication 35 Appliance authentication 36 Authentication servers 36 Users Accounts and User Groups 38 Local accounts 39 User groups 40 Event Notifications 46 Event List 46 Event Destinations 46 Data Buffering 47 Appliance Logging 48 Active Sessions 48 Monito
1 1 Introduction The Avocent ACS v6000 virtual advanced console server serves as a single point for access and administration of connected virtual machines. Virtual console servers support secure remote data center management and out-of-band management of IT assets from any location worldwide. Multiple administrators can be logged into the virtual console server at the same time and can use the web manager, the Command Line Interface (CLI) or DSView™ 3 management software (version 3.6.0.
2 ACS v6000 Installation/Administration/User Guide Web Manager Users and administrators can perform most tasks through the web manager (accessed with HTTP or HTTPS). The web manager runs in the Microsoft® Internet Explorer® 6.0 and 7.0 internet browser, and the Mozilla® Firefox® 2 and 3 internet browser on any supported computer that has network access to the virtual console server. An administrator can use the web manager to create user accounts, authorize groups and configure security and ports.
Chapter 1: Introduction 3 administrator can assign to custom user groups. For more information, see Users Accounts and User Groups on page 38. Security Security profiles determine which network services are enabled on the virtual console server. Administrators can either allow all users to access enabled ports or allow the configuration of group authorizations to restrict access.
4 ACS v6000 Installation/Administration/User Guide Data logging, notifications, alarms and data buffering An administrator can set up data logging, notifications and alarms to alert administrators of problems with email, SMS, SNMP trap or DSView 3 software notifications. An administrator can also store buffered data locally, remotely or with DSView 3 software. Messages about the virtual console server and connected servers or devices can also be sent to syslog servers.
5 Installation 2 ACS v6000 virtual console server requirements The virtual console server runs as a virtual machine and it requires a VMware® ESX® or ESXi® server running version 4.1 and one vCenter server. A client PC running the VMware infrastructure client software (vSphere®) is also necessary. The following are the minimum system requirements for the ACS v6000 virtual console server in the host system (VMware ESX or ESXi server).
6 ACS v6000 Installation/Administration/User Guide 7. In the Number of NICs field, type 1. Confirm the network is VM Network and the adaptor is Flexible, then click Next. 8. Confirm the Disk Size is 2 GB, then click Next. 9. Click Finish to complete the configuration of the virtual console server on the ESX or ESXi server. 10. In the Side Navigation Bar, click the name of the virtual console server. 11. Click Edit Virtual Machine Settings in the Getting Started page. 12.
Chapter 2: Installation 7 3. Click Edit Virtual Machine Settings from the Getting Started tab. 4. Click Add, click Serial Port and then click Next. 5. Click Connect Via Network in the Select Port Type field, then click Next. 6. Click Project. In the Port URI field, enter the serial port on the virtual console server the virtual machine will use to connect. The syntax of this field is ACSID://ttySxx, where xx is the serial port number on virtual console server.
8 ACS v6000 Installation/Administration/User Guide To use Telnet to connect to a device through a serial port: For this procedure, you need the username configured to access the serial port, the port name (for example, 14-35-60-p-1), device name (for example, ttyS1), TCP port alias (for example, 7001) or IP port alias (for example, 100.0.0.100) and the hostname of the virtual console server or its IP address. To use a Telnet client, enter the information in the dialog boxes of the client.
Chapter 2: Installation 9 -orssh -l username:TCP_Port_Alias [hostname | IP_address] -orssh -l username IP_Port_Alias To close an SSH session: At the beginning of a line, enter the hotkey defined for the SSH client followed by a period. The default is ~. Or, enter the text session hotkey for the CLI prompt and then enter quit.
10 ACS v6000 Installation/Administration/User Guide
11 3 Accessing a Virtual Console Server via the Web Manager Once you’ve connected your ACS v6000 virtual console server to a network, you can access the virtual console server via the web manager. The web manager provides direct access to the virtual console server via a graphical user interface instead of a command-based interface.
12 ACS v6000 Installation/Administration/User Guide Figure 3.1: Administrator Web Manager Screen Table 3.1: Web Manager Screen Areas Number Description 1 Top option bar. The name of the appliance and of the logged in user appear on the left side. Refresh, Print, Logout and Help buttons appear on the right. 2 Tab bar. Displays whether the admin is in Expert or Wizard mode. 3 Side Navigation Bar. Menu options for configuration, viewing of system information and access to devices.
Chapter 3: Accessing a Virtual Console Server via the Web Manager 13 CAS Profile and set the Security Profile, Network, Users Settings and add licenses using the Wizard. By default, the first time an administrator accesses the virtual console server through the Web Manager, the Wizard will be displayed. Subsequent log-ins will open in Expert mode, and once the virtual console server has been configured, Expert mode becomes the default mode.
14 ACS v6000 Installation/Administration/User Guide 3. If desired, uncheck the box(es) to disable Bootp Configuration Retrieval and/or Live Configuration Retrieval. 4. If you are not using DSView 3 software to manage the appliance, uncheck the Allow Appliance to be Managed by DSView box. 5. Click Next to configure the Network or click the Network, License, Ports or Users link to open the appropriate screen. To configure network parameters: 1. Select the Network link in the content area. 2.
Chapter 3: Accessing a Virtual Console Server via the Web Manager 5. 15 Click Next to configure users or click on the Network, Security, License or Users link to open the appropriate screen. To configure users and change the default user passwords: WARNING: For security reasons, it is recommended you change the default password for both root and admin users. 1. Select the Users link in the content area. 2.
16 ACS v6000 Installation/Administration/User Guide is authorized to access. 2. Select Serial Viewer from the Action column. A Java applet viewer appears. In a gray area at the top of the viewer, the Connected to message shows the IP address of the virtual console server followed by the default port number or alias. 3. Log in if prompted. The following table describes the available buttons in the Java applet. Table 3.
Chapter 3: Accessing a Virtual Console Server via the Web Manager 17 • Allow all users to access enabled ports or allow the configuration of group authorizations to restrict access • Enable or disable BootP Configuration Retrieval and/or Live Configuration Retrieval • Select a Security Profile, which defines: • Enabled services (FTP, ICMP, IPSec and Telnet) • SSH and HTTP/HTTPS access The administrator can select either a preconfigured Security Profile or create a custom profile.
18 ACS v6000 Installation/Administration/User Guide Date and Time The virtual console server provides two options for setting the date and time. It can retrieve the date and time from a network time protocol (NTP) server or you can set the date and time manually so that the virtual console server’s internal clock is used to provide time and date information. NOTE: The Current Time displayed in the Date & Time screen shows only the time when the screen was opened.
Chapter 3: Accessing a Virtual Console Server via the Web Manager 19 web server in the Online Help URL field. Click Save. Online help When the online help feature is configured for your virtual console server, clicking the Help button from any form on the web manager opens a new window and redirects its content to the configured path for the online help product documentation.
20 ACS v6000 Installation/Administration/User Guide 2. Use the Search Filter to find all Virtual Machines that have serial ports available for association and that also have the search string filter. Click Next. 3. In the Virtual Machine ID field, select the virtual server you want to associate. 4. In the Virtual Port field, select the virtual port you want to use in this association. 5.
Chapter 3: Accessing a Virtual Console Server via the Web Manager 21 NOTE: Without the configuration of vCenter, the configuration of associations via the virtual console server and the power action of targets via the virtual console server will not be available. The password will be encrypted and stored in the appliance. The virtual console server will be registered in the vCenter as ACS v6000 and it will not show up in any list of available virtual machines for association. 2.
22 ACS v6000 Installation/Administration/User Guide Settings Click Network - Settings to make changes to the configured network settings. Devices An administrator can select, enable and configure the IP addresses assigned to the network interfaces and view the MAC address. To configure a network device: 1. Select Network - Devices. The Devices screen appears with a list of network interfaces and their status (enabled or disabled). 2. Click the name of the network device to configure. 3.
Chapter 3: Accessing a Virtual Console Server via the Web Manager 4. Enter the IP address of the gateway in the Gateway field. 5. Enter the number of hops to the destination in the Metric field, then click Save. 23 Hosts An administrator can configure a table of host names, IP addresses and host aliases for the local network. To add a host: 1. Select Network - Hosts. 2. Click Add to add a new host. 3. Enter the IP address, hostname and alias of the host you want to add, then click Save.
24 ACS v6000 Installation/Administration/User Guide If LOG is selected from the Target pull-down menu, the administrator can configure a Log Level, a Log Prefix and whether the TCP sequence, TCP options and IP options are logged in the Log Options Section. If REJECT is selected from the Target pull-down menu, the administrator can select an option from the Reject with pull-down menu; the packet is dropped and a reply packet of the selected type is sent.
Chapter 3: Accessing a Virtual Console Server via the Web Manager 25 NOTE: Spaces are not allowed in the chain name. 6. Add one or more rules to complete the chain configuration. To change the policy for a default chain: NOTE: User-defined chains cannot be edited. To rename a user-added chain, delete it and create a new one. 1. Select Network - Firewall. 2. Select either IPv4 Filter Table or IPv6 Filter Table as needed. 3.
26 ACS v6000 Installation/Administration/User Guide Use the Add button to add a VPN connection or click on an existing connection name to edit one already in the list. Click the Delete button to delete an existing connection. If NAT settings need to be changed, click the Configure NAT button. When you click the Add button, the IPSec(VPN) - Add screen is displayed. NOTE: To run IPSec (VPN), you must enable IPSec under the custom Security Profile.
Chapter 3: Accessing a Virtual Console Server via the Web Manager 27 Field Name Definition Remote (Right) Side - and - Local (Left) Side Enter the required address or text for each of the four fields for both Remote Side and Local Side: ID: This is the hostname that a local system and a remote system use for IPSec negotiation and authentication. It can be a fully qualified domain name preceded by @. For example, hostname@xyz.comIP Address: The IP address of the host.
28 ACS v6000 Installation/Administration/User Guide 6. If the required SNMP version is v1 or v2, click the Version v1, v2 button, then enter the source (valid entry is the subnet address). -orIf the required SNMP version is v1 or v2 using an IPv6 network, click the Version v1,v2 for IPv6 network button, then enter the source (valid entry is the subnet address).
Chapter 3: Accessing a Virtual Console Server via the Web Manager 29 d. Enter the text session and power session hotkeys in the appropriate fields. e. Enter the TCP port alias in the appropriate field. f. Enter the IPv4 or IPv6 alias and its interface in the appropriate field. g. To allow a session only if DCD is on and to enable auto answer, check the appropriate boxes. h. Use the drop-down menu to select the DTR mode and enter the DTR off interval. i.
30 ACS v6000 Installation/Administration/User Guide Parameter Description Enable Auto Discovery The target name will be discovered and will be associated with this serial port. If it fails, the Port Name will be used. Default: Disabled. Protocol The protocol that will be used to access the serial port/target. SSH Authorized users can use SSH to connect to the console of a connected device. Telnet - Authorized users can use Telnet to connect to the console of a connected device.
Chapter 3: Accessing a Virtual Console Server via the Web Manager Parameter Description DTR Off Interval Interval in seconds used by DTR Mode Off Interval in milliseconds. Default: 100. Line Feed Suppression Enables the suppression of the LF character after the CR character. Default: Disabled. Null After CR Suppression Enables the suppression of the NULL character after the CR character. Default: Disabled.
32 ACS v6000 Installation/Administration/User Guide To copy/clone the configuration of one port to other ports: 1. Select Ports - Serial Ports. 2. Click the checkbox for the serial port you want to clone. 3. Click the Clone button. 4. Enter the serial port(s) to be configured in the Copy Configuration To field and click Save. NOTE: If the selected port is configured as a CAS Profile, the following parameters will not be copied: Port Name, TCP Port Alias, IPv4 Port Alias and IPv6 Port Alias.
Chapter 3: Accessing a Virtual Console Server via the Web Manager 33 The match strings are regular expressions where “%H” is a placeholder for the target name you want to detect, such as: “ \\(.*\\)(%H)\\(.*\\)” or just “xxx%Hyyy”.
34 ACS v6000 Installation/Administration/User Guide To delete an auto input and output string, select the checkbox next to the string you want to delete. Click Delete, then click Save. Pool of CAS ports An administrator can create a pool of serial ports where each serial port in the pool shares a pool name, TCP Port Alias, IPv4 Alias and IPv6 Alias. The first available port in the pool is used as the serial port for connection.
Chapter 3: Accessing a Virtual Console Server via the Web Manager 35 Table 3.6: Pool of CAS Ports Parameters Parameter Description Pool Name The name of the pool. The pool name is mandatory and should follow hostname guidelines, not exceed 64 characters and start with a letter. TCP Port Alias The TCP Port Alias where the pool responds. This parameter is optional. Pool IPv4 Alias The IPv4 address used by the pool. This parameter is optional.
36 ACS v6000 Installation/Administration/User Guide authentication method that is configured for the virtual console server or the ports is used for authentication of any user who attempts to log in through Telnet, SSH or the web manager. Appliance authentication The virtual console server authenticates for the virtual console server and the ports, either in groups or individually.
Chapter 3: Accessing a Virtual Console Server via the Web Manager 37 4. Enter your secret word or passphrase in the Secret field (applies to both first and second authentication and accounting servers), then re-enter the secret word or passphrase in the Confirm Secret field. 5. Enter the desired number of seconds for server time-out in the Timeout field. 6. Enter the desired number of retries in the Retries field. 7.
38 ACS v6000 Installation/Administration/User Guide 6. Enter your Database Password, then re-type the database password in the Confirm Password field. 7. Enter your desired Login Attributes. 8. Click Save. To configure a Kerberos authentication server: 1. Select Authentication - Authentication Servers - Kerberos. 2. Enter the IP address (Realm) of the server. 3. Enter the Realm Domain Name (example: avocent.com). 4. Enter the Domain Name (example: avocent.com). 5. Click Save.
Chapter 3: Accessing a Virtual Console Server via the Web Manager 39 Local accounts The admin and root are equivalent users but named differently to address users familiar with either Avocent or Cyclades™ appliances. Regular users can be granted permissions by administrators at any time. The virtual console server has three user account types: • admin: Performs the initial network configuration. The factory default password for admin is avocent.
40 ACS v6000 Installation/Administration/User Guide • Warning Days: Enter the number of days that a warning is issued to the user prior to expiration. Entering 0 will cause the warning to be issued on the expiration day. A negative value or no value means that no warning will be issued. 7. Enter the desired Account Expiration date (YYYY-MM-DD). 8. Click Save. To configure password rules: 1. Click Users - Local Accounts - Password Rules. 2.
Chapter 3: Accessing a Virtual Console Server via the Web Manager 41 configure ports and add users. NOTE: The only configuration allowed for the admin group is adding or deleting members. To view admin Appliance Access Rights: 1. Click Users - Authorization - Groups. The Group Names screen is displayed, showing the three default user groups along with any groups that have been created. 2. Click on admin under the Group Name heading.
42 ACS v6000 Installation/Administration/User Guide appliance-admin group Members of the appliance-admin group have access restricted to tasks for managing only the appliance. Appliance-admin user group members have no access to the serial ports, and share all of the appliance access rights as admin except for Configure User Accounts and Shell Access, which are permanently disabled for this group.
Chapter 3: Accessing a Virtual Console Server via the Web Manager 43 4. Move users from the Available Users box on the left to the box on the right by doubleclicking on the username, or by selecting the name and clicking the Add button. You can remove any names from the box on the right by double-clicking on the name or by selecting the name and clicking the Remove button. 5.
44 ACS v6000 Installation/Administration/User Guide Command Description -i6 Displays local IPv6 assigned to the serial port -u Username to be used in the target session -e <[^]char> Escape character used to close the target session. Default value: Ctrl-X -l Sorted lists ports and exit -ro Read-Only mode Connect directly to a serial port -t Idle time-out in seconds to choose the target To add access to serial ports for a user group: 1.
Chapter 3: Accessing a Virtual Console Server via the Web Manager 45 To configure a group in a TACACS+ authentication server: 1. On the server, add raccess service to the user configuration. 2. Define which group(s) the user belongs to in the raccess service following this syntax: group_name = [,]; For example: In the virtual console server, configure a new authorization group TACACS_1 , and configure the access rights for this group.
46 ACS v6000 Installation/Administration/User Guide During the authentication phase, the console server will receive the attribute FramedFIlterID from the RADIUS server. The user regina belongs to authorization group RADIUS_1 and RADIUS_2. and the user special belongs to authorization group admin. To configure group an LDAP authentication server: On the LDAP server, edit the info attribute for the user and add the following syntax. info: group_name=[,,...
Chapter 3: Accessing a Virtual Console Server via the Web Manager 3. 47 Select Remote Server - IPv4 to enable syslog messages to be sent to one or more remote IPv4 syslog servers, and enter the IPv4 Address or Hostname. Separate multiple server addresses by commas. -orSelect Remote Server - IPv6 to enable syslog messages to be sent to one or more remote IPv6 syslog servers, and enter the IPv6 Address or Hostname. Separate multiple server address by commas. 4.
48 ACS v6000 Installation/Administration/User Guide 4. To configure data buffer storage on a syslog server in the Syslog Data Buffering Settings section; select a facility number from the drop-down menu: Log Local 0, Log Local 1, Log Local 2, Log Local 3, Log Local 4 or Log Local 5. 5. Click Save. Appliance Logging To configure Appliance Logging: 1. Click Enable appliance session data logging. a. Select the destination for appliance session data logs from the pull-down menu.
Chapter 3: Accessing a Virtual Console Server via the Web Manager 49 Table 3.8: Monitoring Screens Screen Name Definition Network - Devices Shows Ethernet ports and PC card Device Name, Status (enabled/disabled), IPv4 Address, IPv4 Mask and IPv6 Address. Network - IPv4 Routing Table Shows Destination, Gateway, Genmask, Flags, Metric, Ref, Use and lface. Network - IPv6 Routing Table Shows Destination, NextHop, Flags, Metric, Ref, Use and lface.
50 ACS v6000 Installation/Administration/User Guide Figure 3.3: Web Manager Regular User Screen Table 3.9: Web Manager Regular Users Screen Functional Areas Number Description 1 Top option bar. The name of the virtual console server and the name of the logged in user appears on the left side and Refresh, Print, Logout and Help buttons appear on the right. 2 Side navigation bar. Access and Change Password are available for regular users. 3 Content area.
51 APPENDICES Appendix A: BootP Configuration Retrieval The BootP Configuration Retrieval option allows the entire unit configuration to be retrieved over BootP/TFTP during boot and during DHCP renewal. There are two ways to push a configuration during a DHCP request/renewal. The configuration can be sent as file created by the Save Configuration appliance system tool, or it can be sent as a CLI script to be executed under the command line scripting interface.
Appendices 52 Appendix B: Technical Support Our Technical Support staff is ready to assist you with any installation or operational issues you encounter with your Avocent product. If an issue should develop, follow the steps below for the fastest possible service. To resolve an issue: 1. Check the pertinent section of this manual to see if the issue can be resolved by following the procedures outlined. 2. Visit www.avocent.
For Technical Support: www.avocent.