Owner's manual

ManualsBrandsRaritan Computer ManualsHardwareCC-SG

111

112

113

114

115

116

117

118

119

120

Table Of Contents

Chapter 1: Introduction
- Prerequisites
- Intended Audience
- Terminology/Acronyms
Chapter 2: Accessing CC-SG
- Browser-Based Access
- Thick Client Access
  - Install the Thick Client
  - Use the Thick Client
- CC-SG Window Components
- Check IP Address, Firmware Version, and Application Versions
- Power Down CC-SG
- Compatibility Matrix
Chapter 3: Configuring CC-SG with Guided Setup
- Prepare to Configure CC-SG with Guided Setup
- Guided Setup Overview
- Start Guided Setup:
- Associations
  - Create Categories and Elements
- Device Setup
  - Discover and Add Devices
- Create Groups
  - Add Device Groups and Node Groups
- User Management
  - Add User Groups and Users
Chapter 4: Creating Associations
- Associations
- Association Manager
Chapter 5: Adding Devices and Device Groups
- The Device Tab
- Device and Port Icons
- Search for Devices
- Add a Device
  - Adding a KVM or Serial Device
  - Adding a PowerStrip Device
- Discover Devices
- Edit Device
  - Edit PowerStrip Device
- Delete Device
- Configure Ports
- Device Management
- Viewing Devices
  - Tree View
  - Custom View
- Special Access to Paragon II System Devices
  - Paragon II System Controller (P2-SC)
  - IP-Reach and UST-IP Administration
- Device Group Manager
Chapter 6: Configuring Nodes and Interfaces
- View Nodes
- Nodes and Interfaces Overview
  - About Nodes
  - About Interfaces
- Add Node
- Add an Interface
- Connect to a Node
- Edit an Interface
- Delete an Interface
- Ping a Node
- Edit a Node
- Delete a Node
- Chat
- Node Groups
Chapter 7: Adding and Managing Users and User Groups
- The Users Tree
- Special User Groups
- Add User Groups
- Edit A User Group
- Delete User Group
- Add User
- Edit a User
- Delete User
- Assign Users To Group
- Delete Users From Group
- Other User and User Group Functions
Chapter 8: Policies
- Controlling Access Using Policies
  - Policy Summary
- Node Groups
- Device Groups
- Policy Manager
- Applying Policies To User Groups
Chapter 9: Configuring Remote Authentication
- Authentication and Authorization (AA)
  - Flow for Authentication
  - User Accounts
- Distinguished Names for LDAP and AD
  - Username
  - Base DN
- AD Configurations
- Add LDAP (Netscape) Module to CC-SG
- Add a TACACS+ Module
  - TACACS+ General Settings
- Add a RADIUS Module
  - RADIUS General Settings
- Specify Modules for Authentication and Authorization
- Establish Order of External AA Servers
Chapter 10: Generating Reports
- Audit Trail Report
- Error Log Report
- Access Report
- Availability Report
- Active Users Report
- Locked Out Users Report
- User Data Report
- Users in Groups Report
- Group Data Report
- AD User Group Report
- Asset Management Report
- Node Asset Report
- Active Nodes Report
- Node Creation Report
- Query Port Report
- Active Ports Report
- Scheduled Reports
- CC-NOC Synchronization Report
Chapter 11: System Maintenance
- Maintenance Mode
- Backup CC-SG
- Restore CC-SG
  - Saving and Deleting Backup Files
- Reset CC-SG
- Restart CC-SG
- Upgrade CC-SG
- Shut Down CC-SG
- Restarting CC-SG after Shutdown
- End CC-SG Session
  - Log Out
  - Exit CC-SG
Chapter 12: Advanced Administration
- Guided Setup
- Message of the Day Setup
- Application Manager
  - Adding, Editing and Deleting Applications
  - Default Applications
- Firmware Manager
- Cluster Configuration
- Configure Security
- Notification Manager
- Task Manager
- CommandCenter NOC
- SSH Access to CC-SG
- Diagnostic Console
Appendix A: Specifications (G1, V1, and E1)
- G1 Platform
- V1 Platform
- E1 Platform
Appendix B: CC-SG and Network Configuration
- Introduction
- Executive Summary
- CC-SG Access via NAT-enabled Firewall
- Security and Open Port Scans
Appendix C: User Group Privileges
Appendix D: SNMP Traps
Appendix E: Troubleshooting
- Client Browser Requirements
Appendix F: Two-Factor Authentication
- Supported Environments
- Setup Requirements
- Known Issues
Appendix G: FAQs
Appendix H: Keyboard Shortcuts

CHAPTER 9: CONFIGURING REMOTE AUTHENTICATION 99

Chapter 9: Configuring Remote Authentication

Authentication and Authorization (AA)

Users of CC-SG can be locally authenticated and authorized on the CC-SG or remotely

authenticated using the following supported directory servers:

• Microsoft Active Directory (AD)

• Netscape’s Lightweight Directory Access Protocol (LDAP)

• TACACS+

• RADIUS

Any number of remote RADIUS, TACACS+, and LDAP servers can be used for external

authentication. For example, you could configure three AD servers, two iPlanet (LDAP) servers,

and three RADIUS servers.

Flow for Authentication

When remote authentication is enabled, authentication and authorization follow these steps:

1. The user logs into CC-SG with the appropriate user name and password.

2. CC-SG connects to the external server and sends the user name and password.

3. User name and password are either accepted or rejected and sent back. If authentication is

rejected, this results in a failed login attempt.

4. If authentication is successful, local authorization is performed. CC-SG checks if the user

name entered matches a group that has been created in CC-SG or imported from AD, and

grants privileges per the assigned policy.

When remote authentication is disabled, both authentication and authorization are performed

locally on CC-SG.

User Accounts

User Accounts must be added to the authentication server for remote authentication. Except when

using AD for both authentication and authorization, all remote authentication servers require that

users be created on CC-SG. The user’s username on both the authentication server and on CC-SG

must be the same, although the passwords may be different. The local CC-SG password is used

only when remote authentication is disabled. Please refer to

Chapter 7: Adding and Managing

Users and User Groups for additional information on adding users who will be remotely

authenticated.

Note: If remote authentication is used, users have to contact their Administrators to change their

passwords on the remote server. Passwords cannot be changed on CC-SG for remotely

authenticated users.