Dominion KX II ® KX2-116 KX2-132 KX2-216 KX2-232 User Guide Release 2.0 Copyright © 2007 Raritan, Inc.
This page intentionally left blank.
Copyright and Trademark Information This document contains proprietary information that is protected by copyright. All rights reserved. No part of this document may be photocopied, reproduced, or translated into another language without the express prior written consent of Raritan, Inc. © Copyright 2007 Raritan, Inc., CommandCenter®, RaritanConsole, Dominion®, and the Raritan company logo are trademarks or registered trademarks of Raritan, Inc. All rights reserved.
Safety Guidelines To avoid potentially fatal shock hazard and possible damage to Raritan equipment: • • • Do not use a 2-wire power cord in any product configuration. Test AC outlets at your computer and monitor for proper polarity and grounding. Use only with grounded outlets at both the computer and monitor. When using a backup UPS, power the computer, monitor and appliance off the supply.
CONTENTS i Contents Chapter 1: Introduction ................................................................. 1 Dominion KX II Overview ...........................................................................................................1 Virtual Media ..............................................................................................................................2 Product Photos.............................................................................................................
ii CONTENTS Discover Devices – KX Subnet ........................................................................................................37 Add New Favorite ............................................................................................................................38 Chapter 5: Accessing Target Servers ..........................................39 Port Access Page.....................................................................................................................
CONTENTS iii Setting Port Permissions .................................................................................................................71 Group-based IP ACL (Access Control List) .....................................................................................72 Modify Existing User Group .............................................................................................................74 Change Password........................................................................
iv CONTENTS Appendix A: Specifications ........................................................137 Remote Connection ...............................................................................................................138 KVM Properties ......................................................................................................................138 TCP and UDP Ports Used .....................................................................................................
FIGURES v Figures Figure 1: Dominion KX II Configuration........................................................................................................ 1 Figure 2: Dominion KX2-116........................................................................................................................ 3 Figure 3: Dominion KX2-432........................................................................................................................
vi FIGURES Figure 42: File Server Setup ...................................................................................................................... 64 Figure 43: User Management Menu .......................................................................................................... 65 Figure 44: User List.................................................................................................................................... 66 Figure 45: User Page..............................
FIGURES Figure 85: Upgrade Report ...................................................................................................................... 117 Figure 86: Reboot .................................................................................................................................... 118 Figure 87: Reboot Confirmation ............................................................................................................... 118 Figure 88: Diagnostics Menu .........................
viii FIGURES
CHAPTER 1: INTRODUCTION 1 Chapter 1: Introduction Dominion KX II Overview Dominion KX II is an enterprise-class, secure, digital KVM (Keyboard, Video, Mouse) switch that provides BIOS-level (and up) access, and control of up to 64 servers from anywhere in the world via Web browser. At the rack, Dominion KX II provides BIOS-level control of up to 64 servers and other IT devices from a single keyboard, monitor, and mouse.
2 DOMINION KX II USER GUIDE Virtual Media All Dominion KX II models support virtual media. The benefits of virtual media – mounting of remote drives/media on the target server to support software installation, and diagnostics – are now available in all of the Dominion KX II models. Each Dominion KX II comes equipped with virtual media to enable remote management tasks using the widest variety of CD, DVD, USB, internal and remote drives and images.
CHAPTER 1: INTRODUCTION 3 Product Photos Figure 2: Dominion KX2-116 Figure 3: Dominion KX2-432 Figure 4: Dominion KX II CIMs: D2CIM-VUSB (left); D2CIM-PWR (right)
4 DOMINION KX II USER GUIDE Product Features Hardware • • • • • • • • • • • • • Integrated KVM-over-IP remote access 1U or 2U (KX2-464) rack-mountable; brackets included Dual power supplies with failover; auto-switching power supply with power failure warning 16, 32, or 64 (on KX2-464) server ports Multiple user capacity (1/2/4 remote users; 1 local user) UTP (Cat5/5e/6) server cabling Dual Ethernet ports (10/100/1000 LAN) with failover Field upgradeable Local user port for in-rack access − PS/2 keyboar
CHAPTER 1: INTRODUCTION 5 Terminology This manual uses the following terminology for the components of a typical Dominion KX II configuration: Figure 5: Terminology and Topology Remote PC (client) Local Access Console (client) CIMs (Computer Interface Modules) Target Servers Power Strips Networked computers used to access and control target servers connected to the Dominion KX II. Refer to Supported Operating Systems (Clients) for a list of the Operating Systems supported by Dominion KX II remotely.
6 DOMINION KX II USER GUIDE User Guide Overview The Dominion KX II User Guide provides the information to install, set up and configure, access target servers and power strips, use virtual media, manage users and security, and maintain and diagnose the Dominion KX II. This user guide is specific to Dominion KX II (version 2.0); for information pertaining to version 1.4, refer to the Dominion KX 1.4 User Guide. Organization of Information The user guide is organized as follows: • Chapter 1, Introduction.
CHAPTER 2: GETTING STARTED 7 Chapter 2: Getting Started Login Information • • • The default Dominion KX II login user name is admin and the default password is raritan. This user has administrative privileges. Passwords are case sensitive and must be entered in the exact case combination in which they were created. For example, the default password raritan must be entered entirely in lowercase letters. The first time you start the Dominion KX II you are required to change the default password.
8 DOMINION KX II USER GUIDE Supported Operating Systems and CIMs (Target Servers) In addition to the new Dominion KX II D2CIMs, most Paragon® and Dominion KX I CIMs are supported. The following table displays the supported target server operating systems, CIMs, virtual media, and mouse modes: SUPPORTED CIMS TARGET SERVER PARAGON CIMS Windows XP Windows 2000 Windows 2000 Server Windows 2003 Server Windows Vista Red Hat Linux 9.0 Red Hat Enterprise Workstation 3.0 and 4.0 SUSE Linux Professional 9.
CHAPTER 3: INSTALLATION AND CONFIGURATION 9 Chapter 3: Installation and Configuration Overview This section provides a brief overview of the installation process. Each step is further detailed in the remaining sections of this chapter. To install and configure Dominion KX II: 1. 2. 3. 4. Configure the target servers. Configure the network firewall settings. Connect the equipment. Configure the Dominion KX II unit.
10 DOMINION KX II USER GUIDE Desktop Background For optimal bandwidth efficiency and video performance, target servers running graphical user interfaces such as Windows, Linux, X-Windows, Solaris, and KDE require configuration. The desktop background need not be completely solid; but desktop backgrounds featuring photos or complex gradients might degrade performance.
CHAPTER 3: INSTALLATION AND CONFIGURATION 11 Note: For target servers running Windows 2000 or XP, you may wish to create a user name that will be used only for remote connections through Dominion KX II. This will enable you to keep the target server’s slow mouse pointer motion/acceleration settings exclusive to the Dominion KX II connection. Windows XP and 2000 login screens revert to pre-set mouse parameters that differ from those suggested for optimal Dominion KX II performance.
12 DOMINION KX II USER GUIDE Animation options: Animate controls and elements inside windows Animate windows when minimizing and maximizing Fade options: Fade or slide menus into view Fade or slide ToolTips into view Fade out menu items after clicking f. Click OK. g. Close the Control Panel. Linux Settings Note: The following settings are for standard mouse mode only. To configure target servers running Linux (graphical user interface): 1. Configure the mouse settings: a.
CHAPTER 3: INSTALLATION AND CONFIGURATION 13 Note for Red Hat 9 Target Servers If you are running Red Hat 9 on the target server, using the D2CIM-VUSB, and are experiencing problems with the keyboard and/or mouse, there is an additional configuration setting you can try. Tip: You might have to perform these steps even after a fresh OS installation. To configure Red Hat 9 servers using the D2CIM-VUSB: 1. Locate the configuration file (usually /etc/modules.conf) in your system. 2.
14 DOMINION KX II USER GUIDE To change your Sun video card output from co mposite sync to the non-default VGA output: 1. Issue the Stop+A command to drop to bootprom mode. 2. Issue the following command to change the output resolution: setenv output-device screen:r1024x768x70 3. Issue the “boot” command to reboot the server.
CHAPTER 3: INSTALLATION AND CONFIGURATION 15 Step 2: Configure Network Firewall Settings To access Dominion KX II through a network firewall, your firewall must allow communication on TCP Port 5000 or another port that you designate. Refer to Network Settings for additional information about designating another discovery port. Firewall Settings TO TAKE ADVANTAGE OF THE DOMINION KX II: Web-access capabilities Automatic redirection of HTTP requests to HTTPS (i.e.
16 DOMINION KX II USER GUIDE Step 3: Connect the Equipment Connect the Dominion KX II to the power supply, network, local PC, and target servers. The numbers in the diagram correspond to the sections describing the connection. 4 1 2 3 Figure 7: Dominion KX II Connections 1. AC Power To connect the power supply: 1. Attach the included AC power cord to the Dominion KX II and plug into an AC power outlet. 2.
CHAPTER 3: INSTALLATION AND CONFIGURATION 17 3. Local Access Port (local PC) For convenient access to target servers while at the rack, use the Dominion KX II Local Access port. While the local port is required for installation and setup, it is optional for subsequent use. The local port provides the KX II Local Console graphical user interface for administration and target server access.
18 DOMINION KX II USER GUIDE Step 4: Dominion KX II Initial Configuration The first time you power up the Dominion KX II unit, there is some initial configuration that you need to perform through the KX II Local Console: • • • • Change the default password. Assign the IP Address. Name the target servers. Specify power supply auto-detection. Changing the Default Password The Dominion KX II ships with a default password. The first time you start the Dominion KX II you are required to change that password.
CHAPTER 3: INSTALLATION AND CONFIGURATION 19 Assigning an IP Address These procedures describe how to assign an IP Address using the Network Settings page. For complete information about all of the fields and the operation of this page, refer to Network Settings. 1. From the KX II Local Console, select Device Settings > Network Settings. The Network Settings page opens. Figure 8: Network Settings 2.
20 DOMINION KX II USER GUIDE Naming Target Servers To name the target servers: 1. Connect all of the target servers if you have not already done so (as described in Step 3: Connect the Equipment, Target Server Ports). 2. Using the KX II Local Console, select Device Settings > Port Configuration. The Port Configuration page opens: Figure 9: Port Configuration 3. Click on the Port Name of the target server you want to rename. The Port Page opens. 4.
CHAPTER 3: INSTALLATION AND CONFIGURATION 21 Note to CC-SG Users If you are using Dominion KX II in a CC-SG configuration, perform the installation steps as outlined above, and when finished, consult the CommandCenter Secure Gateway User Guide, Administrator Guide, or Deployment Guide to proceed (all found on Raritan’s Website under Support: http://www.raritan.com/support/productdocumentation).
22 DOMINION KX II USER GUIDE Remote Authentication Note to CC-SG Users When the Dominion KX II is controlled by CommandCenter Secure Gateway, CC-SG authenticates users and groups, except for local users (requiring local port access). When CC-SG is controlling the KX II, local port users will be authenticated against the local user database or the Remote Authentication server (LDAP or RADIUS) configured on the KX II; they will not be authenticated against the CC-SG user database.
CHAPTER 3: INSTALLATION AND CONFIGURATION 23 Authentication vs. Authorization Authentication is the process of verifying that a user is who he says he is. Once a user is authenticated, the user’s group is used to determine his system and port permissions. The user’s assigned privileges determine what type of access is allowed. This is called authorization.
24 DOMINION KX II USER GUIDE Users, Groups, and Access Permissions Overview The Dominion KX II stores an internal list of all user and group names to determine access authorization and permissions. This information is stored internally in an encrypted format. There are several forms of authentication and this one is known as “local authentication”.
CHAPTER 4: CONNECTING TO THE DOMINION KX II 25 Chapter 4: Connecting to the Dominion KX II User Interfaces There are several user interfaces in the Dominion KX II providing you with easy access any time, anywhere. These include the KX II Local Console, the KX II Remote Console, and the MultiPlatform Client (MPC).
26 DOMINION KX II USER GUIDE Multi-Platform Client (MPC) − KX I and KX II Devices The Raritan Multi-Platform Client (MPC) is a graphical interface that allows you to remotely access the target devices connected to Dominion units. MPC can be installed for standalone use or accessed through a Web browser. After installing the Dominion KX II, either download a standalone version of Raritan MPC and establish an initial network connection, or launch the application directly.
CHAPTER 4: CONNECTING TO THE DOMINION KX II 27 Language Support The Dominion KX II provides keyboard support for the following languages: US English, UK English, Traditional Chinese, Simplified Chinese, Japanese, Korean, French, and German. Note: You can use the keyboard for Chinese, Japanese, and Korean for display only; local language input is not supported at this time for KX II Local Console functions. For more information about non-US keyboards, please refer to Appendix C: Informational Notes.
28 DOMINION KX II USER GUIDE Launching the KX II Important: Regardless of the browser used, you must allow pop-ups from the Dominion device’s IP address to launch the KX II Remote Console. Note: Depending on your browser and security settings, you may see various security and certificate warnings. It is necessary to accept these warnings to launch the KX II Remote Console.
CHAPTER 4: CONNECTING TO THE DOMINION KX II 29 KX II Console Layout Both the KX II Remote Console and the KX II Local Console interfaces provide an HTML (Weblike) interface for configuration and administration, as well as target server list and selection. The options are organized into various tabs. Browser (Remote Console only) Tabs 1 2 3 4 5 Details Panel Detailed information for the option selected.
30 DOMINION KX II USER GUIDE The numbers in the following table correspond to the numbers in Figure 12.
CHAPTER 4: CONNECTING TO THE DOMINION KX II 31 KX II Console Menu Tree The following diagram represents all of the menu options available in both the KX II Remote and KX II Local Console interfaces. Variations between the KX II Local Console and the KX II Remote Console are identified.
32 DOMINION KX II USER GUIDE Managing Favorites A Favorites feature is provided so you can organize and quickly access the devices you use frequently.
CHAPTER 4: CONNECTING TO THE DOMINION KX II 33 Manage Favorites Menu The Manage Favorites menu provides these options: Favorites List, Discover Devices – Local Subnet, Discover Devices – KX Subnet, and Add New Device to Favorites. To open the Manage Favorites menu: Click the Manage button.
34 DOMINION KX II USER GUIDE Favorites List From the Favorites List page, you can add, edit, and delete devices from your list of Favorites. To open the Favorites List page: Select Manage > Favorites List. The Favorites List page opens: Figure 18: Favorites List To add a Favorite: Click the Add button. The Add New Favorite page opens. To delete a Favorite: Important: Please exercise caution in the removal of favorites; you are not prompted to confirm their deletion. 1.
CHAPTER 4: CONNECTING TO THE DOMINION KX II 35 To edit a Favorite: 1. From the Favorites List page, check the checkbox next to the appropriate Dominion KX II device. 2. Click the Edit button. The Edit page opens: Figure 19: Edit (Favorite Information) 3. Update the fields as necessary: • Description. Type something meaningful. • IP Address. Type the IP Address of the Dominion KX II unit. • Port. Change the discovery Port (if necessary). 4. Click OK.
36 DOMINION KX II USER GUIDE Discover Devices – Local Subnet This option discovers the devices on your local subnet (that is, the subnet where the Dominion KX II Remote Console is running); access these devices directly from this page, or add them to your list of favorites. Figure 20: Discover Devices - Local Subnet To discover devices on the local subnet: 1. Select Favorites > Discover Devices – Local Subnet. The Discover Devices – Local Subnet page opens. 2.
CHAPTER 4: CONNECTING TO THE DOMINION KX II 37 Discover Devices – KX Subnet This option discovers the devices on the KX device subnet (that is, the subnet of the Dominion KX II device IP address itself); access these devices directly from this page, or add them to your list of favorites. This feature allows multiple Dominion KX II units to interoperate and scale automatically. The Dominion KX II Remote Console automatically discovers the Dominion KX II units in the subnet of the Dominion KX II.
38 DOMINION KX II USER GUIDE Add New Favorite To add a device to your favorites list: 1. Select Manage Favorites > Add New Device to Favorites. The Add New Favorite page opens: Figure 22: Add New Favorite 2. 3. 4. 5. Type a meaningful Description. Type the IP Address for the device. Change the discovery Port (if necessary). Click OK. This device is added to your list of favorites.
CHAPTER 5: ACCESSING TARGET SERVERS 39 Chapter 5: Accessing Target Servers Port Access Page After successfully logging into the Dominion KX II Remote Console, the Port Access page opens. This page lists all of the Dominion KX II ports, the connected target servers, and their status and availability. The Port Access page provides access to the target servers connected to the Dominion KX II.
40 DOMINION KX II USER GUIDE To change the display sort order: Click the column heading you want to sort on. The list of target servers is sorted by that column. Port Action Menu 1. When you click on a Port Name in the Port Access list, the Port Action menu is displayed. Please note that only options available for the selected port are listed in the Port Action menu: • Connect. Creates a new connection to the target server. For the KX II Remote Console, a new Virtual KVM Client window is opened.
CHAPTER 5: ACCESSING TARGET SERVERS 41 Connecting to a Target Server To connect to a target server: 1. From the KX II Remote Console, click the Port Access tab to open it. The Port Access page opens. 2. Click the Port Name of the target you want to access. The Port Action Menu is displayed: Figure 24: Port Action Menu 3. Select Connect. A Virtual KVM Client window opens to the target server connected to that port.
42 DOMINION KX II USER GUIDE Power Controlling a Target Server Note: These features are available only when you have made power associations. Refer to power control for more information. Power Cycle a Target Server To power cycle a target server: 1. From the KX II Remote Console, click the Port Access tab to open it. The Port Access page opens. 2. Click the Port Name of the appropriate target server. The Port Action Menu is displayed. Figure 25: Port Action Menu (power options) 3. Select Power Cycle.
CHAPTER 6: VIRTUAL KVM CLIENT 43 Chapter 6: Virtual KVM Client Whenever you access a target server using the KX II Remote Console, a Virtual KVM Client window is opened. There is one Virtual KVM Client for each target server connected to; these windows can be accessed via the Windows Taskbar. Virtual KVM Client windows can be minimized, maximized, and moved around your computer desktop. Note: Refreshing your HTML browser will close the Virtual KVM Client connection, so please exercise caution.
44 DOMINION KX II USER GUIDE Options Menu Tree The following diagram represents all of the menu options available in the Virtual KVM Client.
CHAPTER 6: VIRTUAL KVM CLIENT 45 Mouse Pointer Synchronization When remotely viewing a target server that uses a mouse, you will see two mouse pointers: one belonging to your remote client workstation and the other belonging to the target server. When the mouse pointer lies within the Virtual KVM Client target server window, mouse movements and clicks are directly transmitted to the connected target server.
46 DOMINION KX II USER GUIDE Connection Menu Properties Dialog The Dominion KX II dynamic video compression algorithms maintain KVM console usability under varying bandwidth constraints. Dominion KX II units optimize KVM output not only for LAN use, but also for WAN and dialup use. These units can also control color depth and limit video output, offering an optimal balance between video quality and system responsiveness for any bandwidth.
CHAPTER 6: VIRTUAL KVM CLIENT 47 3. Select the Color Depth from the drop-down list. Dominion KX II can dynamically adapt the color depth transmitted to remote users in order to maximize usability in all bandwidths. 15-bit RGB Color 8-bit RGB Color 4-bit Color 4-bit Gray 3-bit Gray 2-bit Gray Black and White Important: For most administrative tasks (server monitoring, reconfiguring, etc.), the full 24-bit or 32-bit color spectrum made available by most modern video graphics cards is not necessary.
48 DOMINION KX II USER GUIDE Connection Info To obtain information about your Virtual KVM Client connection: Select Connection > Connection Info. The Connection Info window opens: Figure 30: Connection Info The following information is displayed about the current connection: • • • • • • • • • • • Device Name. The name of the Dominion KX II device. IP Address. The IP Address of the Dominion KX II device. Port. The KVM Communication TCP/IP Port used to access the target device. Data In/Second.
CHAPTER 6: VIRTUAL KVM CLIENT 49 Keyboard Menu Send Ctrl+Alt+Delete Due to its frequent use, a Ctrl+Alt+Delete macro has been pre-programmed into the Virtual KVM Client. This key sequence is sent to the target server to which you are currently connected.
50 DOMINION KX II USER GUIDE Figure 32: Add Keyboard Macro 3. Type a name in the Keyboard Macro Name field. This is the name that will display on the Virtual KVM Client menu bar after the macro is created. In this example, type Minimize All Windows. 4. In the Keys to Press drop-down list: a. Scroll through and select each key for which you would like to emulate a key press (in the order in which they are to be pressed). b. Click the Press Key button after each selection.
CHAPTER 6: VIRTUAL KVM CLIENT 51 7. Click OK from the Add Keyboard Macro window to save the macro. 8. Click Close from the Keyboard Macros window (Figure 31). The keyboard macro created is now listed as an option from Keyboard menu: Figure 34: New Macro in Keyboard Menu To cancel without saving changes: Click Cancel. To clear all fields and start over: Click the Clear button. Running a Keyboard Macro Once you have created a keyboard macro, execute it by clicking on its name in the Keyboard menu.
52 DOMINION KX II USER GUIDE Video Menu Video settings can be refreshed automatically in several ways: • The Refresh Screen option forces a refresh of the video screen • The Auto-sense Video Settings option automatically detects the target server’s video settings • The Calibrate Color option calibrates the video to enhance the colors being displayed In addition, you can manually adjust the settings using the Video Settings option.
CHAPTER 6: VIRTUAL KVM CLIENT 53 Video Settings Use the Video Settings option to manually adjust the video settings. Video Settings Opens Video Settings for manual adjustment of video parameters. To change the video settings: 1. Select Video > Video Settings. The Video Settings window opens displaying the current settings: Figure 35: Video Settings 2.
54 DOMINION KX II USER GUIDE − − Color Contrast Settings: Controls the contrast adjustment. Contrast Red. Controls the red signal. Contrast Green. Controls the green signal. Contrast Blue. Controls the blue signal. If the video image looks extremely blurry or unfocused, the settings for clock and phase can be adjusted until a better image appears on the active target server.
CHAPTER 6: VIRTUAL KVM CLIENT 55 Mouse Menu When controlling a target server, the KX II Remote Console displays two mouse cursors: one belonging to your client workstation and the other belonging to the target server. You can operate in either single mouse mode or dual mouse mode. When in dual mouse mode and properly configured, these two mouse cursors will align. If you experience difficulty with mouse synchronization, refer to Configure Target Servers.
56 DOMINION KX II USER GUIDE Standard This is the standard mouse synchronization algorithm using relative mouse positions. Standard mouse mode requires that acceleration is disabled and other mouse parameters are set correctly in order for the client and server mouse to stay synchronized. Standard mouse mode is the default.
CHAPTER 6: VIRTUAL KVM CLIENT 57 Tools Menu Options From the Tools menu, you can specify certain options for use with the Virtual KVM Client: synchronize mouse when in dual mouse mode, enable logging, keyboard type, and the exit target screen resolution mode hotkey. To set the tools options: 1. Select Tools > Options. The Options window opens: Figure 37: (Tools) Options 2. Check the Enable Logging checkbox only if directed to by Technical Support. This option creates a log file in your home directory.
58 DOMINION KX II USER GUIDE View Menu View Toolbar You can use the Virtual KVM client with or without the toolbar display. To toggle the display of the toolbar (on and off): Select View > View Toolbar. Scaling Scaling your target window allows you to view the entire contents of the target server window.
CHAPTER 7: VIRTUAL MEDIA 59 Chapter 7: Virtual Media Overview Virtual media extends KVM capabilities by enabling target servers to remotely access media from the client PC and network file servers. With this feature, media mounted on the client PC and network file servers is essentially mounted virtually by the target server. The target server can then read from and write to that media as if it were physically connected to the target server itself.
60 DOMINION KX II USER GUIDE Prerequisites for Using Virtual Media The following conditions must be met in order to use virtual media: Dominion KX II • • For users requiring access to virtual media, KX permissions must be set to allow access to the relevant ports, as well as virtual media access (VM Access port permission) for those ports. Port permissions are set at the group-level; please refer to Setting Port Permissions for more information.
CHAPTER 7: VIRTUAL MEDIA 61 Opening a KVM Session To open a KVM session: 1. Open the Port Access page from the Dominion KX II Remote Console. Figure 39: Open KVM Session 2. Connect to the target server from the Port Access page: a. Click the Port Name for the appropriate server. b. Select the Connect option from the Port Action Menu. The target server opens in a Virtual KVM Client window.
62 DOMINION KX II USER GUIDE 2. Select the drive from the Local Drive drop-down list. 3. If you want read and write capabilities, check the Read-Write option checkbox. This option is disabled for non-removable drives. Please refer to the conditions when read-write is not available for more information. When checked, you will be able to read or write the connected USB disk.
CHAPTER 7: VIRTUAL MEDIA 63 c. Click Connect. 3. For ISO images: a. Select the ISO Image option. Use this option when you want to access a disk image of a CD, DVD, or hard drive. ISO format is the only format supported. b. Click the Browse button. c. Navigate to the path containing the disk image you want to use and click Open. The path is populated in the Image Path field. d. Click Connect. 4. For remote ISO images on a file server: a. Select the Remote Server ISO Image option. b.
64 DOMINION KX II USER GUIDE File Server Setup (File Server ISO Images Only) Note: This feature is only required when using virtual media to access file server ISO images. Use the Dominion KX II Remote Console File Server Setup page to designate the files server(s) and image paths that you want to access using Dominion KX II Virtual Media.
CHAPTER 8: USER MANAGEMENT 65 Chapter 8: User Management The User Management menu is organized as follows: User List, Add New User, User Group List, Add New User Group, Change Password, and Authentication Settings. Figure 43: User Management Menu USE: TO: User List Add New User User Group List Display an alphabetical list of all users; add, modify, or delete users. Add new users; modify user information. Display an alphabetical list of all user groups; add, modify, or delete user groups.
66 DOMINION KX II USER GUIDE User List The User List page displays a list of all users including their Username, Full Name, and User Group. The list can be sorted on any of the columns by clicking on the column name. From the User List page, you can also add, modify, or delete users. To view the list of users: Select User Management > User List. The User List page opens: Figure 44: User List To add a new user: Click the Add button. The User page opens.
CHAPTER 8: USER MANAGEMENT 67 Add New User It is a good idea to define user groups before creating Dominion KX II users, because when you add a user, you must assign that user to an existing user group. From the User page, you can add new users, modify user information, and reactivate users that have been deactivated. Note: A username can be deactivated (Active checkbox is cleared) when the number of failed login attempts has exceeded the maximum login attempts set in the Security Settings screen.
68 DOMINION KX II USER GUIDE Modify Existing User To modify an existing user: 1. From the User page (Figure 45), change the appropriate fields. (Refer to Add New User for information about how to get access the User page.) 2. Click OK.
CHAPTER 8: USER MANAGEMENT 69 User Group List User groups are used with local and remote authentication (via RADIUS or LDAP). It is a good idea to define user groups before creating individual users, because when you add a user, you must assign that user to an existing user group. The User Group List page displays a list of all user groups, which can be sorted in ascending or descending order by clicking on the Group Name column heading.
70 DOMINION KX II USER GUIDE Add New User Group To add a new user group: 1. Open the Group page using one of these methods: • Select User Management > Add New User Group, or • Click the Add button from the User Group List page Figure 47: Group Page The Group page is organized into the following categories: Group, Permissions, Port Permissions, and IP ACL. 2. Type a descriptive name for the new user group into the Group Name field. 3. Set the Permissions for the group.
CHAPTER 8: USER MANAGEMENT 71 5. Set the IP ACL (optional). This feature limits access to the Dominion KX II device by specifying IP addresses; it applies only to users belonging to a specific group, unlike the IP Access Control list feature which applies to all access attempts to the device (and takes priority). 6. Click OK. Note: Several administrative functions are available within MPC and from the Dominion KX II Local Console; these functions are available only to members of the default ADMIN group.
72 DOMINION KX II USER GUIDE Group-based IP ACL (Access Control List) Important: Please exercise caution when using group-based IP access control. It is possible to be locked out of your Dominion KX II if your IP Address is within a range that has been denied access. This feature limits access to the Dominion KX II device by users in the selected group to specific IP addresses.
CHAPTER 8: USER MANAGEMENT 73 To delete a rule: 1. Specify the Rule # you want to delete. 2. Click Delete. 3. You are prompted to confirm the deletion. Click OK. Important: ACL rules are evaluated in the order in which they are listed. For instance, in the example shown here, if the two ACL rules were reversed, Dominion would accept no communication at all. Figure 49: IP ACL Example Tip: The rule numbers allow you to have more control over the order in which the rules are created.
74 DOMINION KX II USER GUIDE Modify Existing User Group Note: All permissions are enabled (and cannot be changed) for the Admin group. To modify an existing user group: 1. From the Group page, change the appropriate fields and set the appropriate permissions. Figure 50: Modify Group 2. Set the Permissions for the group. Check the boxes before the permissions you want to assign to all of the users belonging to this group. Refer to Setting Permissions for more information. 3. Set the Port Permissions.
CHAPTER 8: USER MANAGEMENT 75 Set Permissions for Individual Group To set permissions for an individual user group: 1. Locate the user from among the groups listed. Individual groups can be identified by the @ in the Group Name. 2. Click on the Group Name. The Group page (Figure 50) opens. 3. Select the appropriate permissions. 4. Click OK.
76 DOMINION KX II USER GUIDE Change Password To change your password: 1. Select User Management > Change Password. The Change Password page opens: Figure 51: Change Password 2. Type your current password in the Old Password field. 3. Type a new password in the New Password field; retype the new password in the Confirm New Password field. Passwords can be up to 64 characters in length and can consist of English alphanumeric characters and special characters. 4. Click OK. 5.
CHAPTER 8: USER MANAGEMENT 77 Authentication Settings From the Authentication Settings page you can configure the type of authentication used for access to your Dominion KX II. Refer to Authentication vs. Authorization for more information about how authentication and authorization operate and differ. Note: Even if you select remote authentication (LDAP or RADIUS), local authentication is still used. To configure authentication: 1. Select User Management > Authentication Settings.
78 DOMINION KX II USER GUIDE 2. Select the option for the authentication protocol you want to use (Local Authentication, LDAP, or RADIUS). Selecting the LDAP option enables the remaining LDAP fields; selecting the RADIUS option enables the remaining RADIUS fields. 3. If you selected Local Authentication, proceed to step 6. 4.
CHAPTER 8: USER MANAGEMENT 79 Implementing LDAP Remote Authentication Lightweight Directory Access Protocol (LDAP) is a networking protocol for querying and modifying directory services running over TCP/IP. A client starts an LDAP session by connecting to an LDAP server (the default TCP port is 389). The client then sends operation requests to the server, and the server sends responses in turn. Reminder: Microsoft Active Directory functions natively as an LDAP authentication server.
80 DOMINION KX II USER GUIDE 8. DN of administrative User. Distinguished Name of administrative user; consult your authentication server administrator for the appropriate values to type into this field. An example DN of administrative User value might be: “cn=Administrator,cn=Users,dc=testradius,dc=com”. 9. User Search DN. This describes the name you want to bind against the LDAP, and where in the database to begin searching for the specified Base DN.
CHAPTER 8: USER MANAGEMENT 81 Implementing RADIUS Remote Authentication Remote Authentication Dial-in User Service (RADIUS) is an AAA (authentication, authorization, and accounting) protocol for network access applications. To use the RADIUS authentication protocol: Figure 54: Authentication Settings (RADIUS) 1. Type the IP Address of your primary and (optional) secondary remote authentication servers in the Primary Radius Server and Secondary Radius Server fields, respectively. 2.
82 DOMINION KX II USER GUIDE Returning User Group Information via RADIUS When a RADIUS authentication attempt succeeds, the Dominion KX II device determines the permissions for a given user based on the permissions of the user’s group. Your remote RADIUS server can provide these user group names by returning an attribute, implemented as a RADIUS FILTER-ID.
CHAPTER 9: DEVICE MANAGEMENT 83 Chapter 9: Device Management The Device Settings menu is organized as follows: Network, Date/Time, Event Management (Settings and Destinations), Power Supply Setup, Port Configuration, and Local Port Settings (Dominion KX II Local Console only).
84 DOMINION KX II USER GUIDE Network Settings Use the Network Settings page to customize the network configuration (e.g., IP Address, discovery port, and LAN interface parameters) for your Dominion KX II unit. Important: Dominion KX II must be rebooted for new network settings to take effect. Before changing the network configuration, ensure that there are no other active user connections to the device; all connections will be dropped when the KX II unit reboots.
CHAPTER 9: DEVICE MANAGEMENT 85 To cancel without saving changes: Click Cancel. To reset to factory defaults: Click Reset to Defaults. Network Basic Settings Figure 57: Network Settings (Network Basic Settings) • • Device Name. Type a unique name for the device (up to 16 characters; spaces are not allowed). Name your device so you can easily identify it. The default name for a Dominion KX II unit is: “DominionKX”. Remote users will also see this name.
86 DOMINION KX II USER GUIDE ♦ If DHCP is used, enter the Preferred host name (DHCP only). Up to 63 characters. Network Miscellaneous Settings Figure 58: Network Settings (Network Miscellaneous Settings) • • Discovery Port. Dominion KX II discovery occurs over a single, configurable TCP Port. The default is Port 5000, but you can configure it to use any TCP port except 80 and 443.
CHAPTER 9: DEVICE MANAGEMENT • 87 LAN Interface Speed & Duplex. Select from among the speed and duplex combinations available. Autodetect 10 Mbps/Half 10 Mbps/Full 100 Mbps/Half 100 Mbps/Full 1000 Mbps/Full − − Default option Gigabit Half-duplex provides for communication in both directions, but only one direction at a time (not simultaneously). Full-duplex allows communication in both directions simultaneously. Note: Occasionally there are problems running at 10 Mbps in either half or full duplex.
88 DOMINION KX II USER GUIDE Date/Time Settings Use the Date/Time Settings page to specify the date and time for the Dominion KX II. There are two ways to do this: • • Manually set the date and time, or Synchronize with a Network Time Protocol (NTP) Server. To set the date and time: 1. Select Device Settings > Date/Time. The Date/Time Settings page opens: Figure 60: Date/Time Settings 2. Select your time zone from the Time Zone drop-down list. 3.
CHAPTER 9: DEVICE MANAGEMENT 89 Event Management The Dominion KX II Event Management feature provides a set of screens for enabling and disabling the distribution of system events to SNMP Managers, Syslog, and the audit log. These events are categorized, and for each event you can determine whether you want the event sent to one or several destinations.
90 DOMINION KX II USER GUIDE 3. In the Name, Contact, and Location fields, type the SNMP Agent’s (this Dominion unit’s) name as it appears in the KX II Console interface, a contact name related to this unit, and where the Dominion unit is physically located, respectively. 4. Type the Agent Community String (the Dominion unit’s string). An SNMP community is the group that devices and management stations running SNMP belong to; it helps define where information is sent.
CHAPTER 9: DEVICE MANAGEMENT 91 Event Management – Destinations System events, if enabled, can generate SNMP notification events (traps), or can be logged to Syslog or Audit Log. Use the Event Management - Destinations page to select which system events to track and where to send this information. Note: SNMP traps will only be generated if the SNMP Logging Enabled option is checked; Syslog events will only be generated if the Enable Syslog Forwarding option is checked.
92 DOMINION KX II USER GUIDE 2. Check the checkboxes for those Event line items you want to enable or disable, and where you want to send the information. Tip: Enable or disable entire Categories by checking or clearing the Category line checkboxes, respectively. 3. Click OK. To cancel without saving changes: Click Cancel. To reset to factory defaults: Click the Reset To Defaults button.
CHAPTER 9: DEVICE MANAGEMENT 93 SNMP Trap Configuration SNMP provides the ability to send traps, or notifications, to advise an administrator when one or more conditions have been met.
94 DOMINION KX II USER GUIDE Power Supply Setup Page The Dominion KX II provides dual power supplies, and can automatically detect and provide notification regarding the status of these power supplies. Use the Power Supply Setup page to specify whether you are using one or both of the power supplies. Proper configuration ensures that the Dominion KX II sends the appropriate notifications should a power supply fail.
CHAPTER 9: DEVICE MANAGEMENT 95 Port Configuration Page The Port Configuration page displays a list of the Dominion KX II ports. Ports connected to target servers or power strips are displayed in blue and can be edited. For ports with no CIM connected or with a blank CIM name, a default port name of Dominion-KX2_Port# is assigned, where Port# is the number of the Dominion KX II physical port. To change a port configuration: 1. Select Device Settings > Port Configuration.
96 DOMINION KX II USER GUIDE Power Control The Dominion KX II provides remote power control of target servers. To utilize this feature, you must have a Raritan remote power strip and the D2CIM-PWR computer interface module (CIM). Once power assignments are made, remote power management of your target servers is possible. To use the Dominion KX II power control feature: 1. 2. 3. 4.
CHAPTER 9: DEVICE MANAGEMENT 97 Name the Power Strip (Port Page for Power Strips) This Port page opens when you select a port from the Port Configuration page that is connected to a Raritan remote power strip. The Type and the Name fields are pre-populated; please note that the (CIM) Type cannot be changed. The following information is displayed for each outlet in the power strip: outlet Number, Name, and Port Association.
98 DOMINION KX II USER GUIDE Associate Target Servers to Outlets (Port Page) This Port page opens when you select a port from the Port Configuration page that is connected to a target server. From this page, you can make power associations, change the Port Name to something more descriptive, and update target server settings if you are using the D2CIM-VUSB CIM. The (CIM) Type and the (Port) Name fields are pre-populated; please note that the CIM type cannot be changed.
CHAPTER 9: DEVICE MANAGEMENT 99 To change the port name: 1. Type something descriptive in the Name field. For example, the name of the target server would be a likely candidate. The name can be up to 32 alphanumeric characters and can include special characters. 2. Click OK. To cancel without saving changes: Click the Cancel button. To remove a power strip association: 1. 2. 3. 4. Select the appropriate power strip from the Power Strip Name drop-down list.
100 DOMINION KX II USER GUIDE Certain BIOS do not support USB high-speed capabilities and the attempt to auto-negotiate does not work. If you are experiencing BIOS problems with the target server, check the Use Full Speed for Virtual Media CIM option. Note: For SUSE 9.2 target servers, please enable (check) the Use Full Speed for Virtual Media CIM option for those target server ports. SUSE 9.2 does not work with the Virtual Media CIM when high speed is negotiated.
CHAPTER 10: SECURITY SETTINGS 101 Chapter 10: Security Settings The Security menu is organized as follows: Security Settings and IP Access Control. Figure 70: Security Menu USE: TO: Security Settings Configure security settings for login limitations, strong passwords, user blocking, and encryption & share. Control access to your Dominion KX II unit. By setting a global access control list, you are by ensuring that your device does not respond to packets being sent from disallowed IP addresses.
102 DOMINION KX II USER GUIDE Security Settings From the Security Settings page, you can specify login limitations, user blocking, password rules, and encryption and share. Raritan SSL certificates are used for public and private key exchanges, and provide an additional level of security. Raritan web server certificates are self-signed; Java applet certificates are signed by a VeriSign® certificate.
CHAPTER 10: SECURITY SETTINGS 103 Login Limitations Using Login Limitations you can specify restrictions for single login, password aging, and the logging out of idle users. • • • Enable Single Login Limitation. When checked, only one login per username is allowed at any time. When cleared, a given username/password combination can be connected into the device from several client workstations simultaneously. Enable Password Aging.
104 DOMINION KX II USER GUIDE − − − − − − − Minimum length of strong password. Passwords must be at least 8 characters long. The default is 8, but it can be up to 63. Maximum length of strong password. The default is 16, but can be up to 64 characters long. Enforce at least one lower case character. When checked, at least one lower case character is required in the password. Enforce at least one upper case character. When checked, at least one upper case character is required in the password.
CHAPTER 10: SECURITY SETTINGS 105 Encryption & Share Using the Encryption & Share settings you can specify the type of encryption used, PC and VM share modes, and the type of reset performed when the Dominion KX II reset button is pressed. Figure 74: Security Settings (Encryption & Share) • Encryption Mode. Select one of the options from the drop-down list.
106 • • • DOMINION KX II USER GUIDE PC Share Mode. Determines global concurrent remote KVM access, enabling up to eight remote users to simultaneously log on to one Dominion KX II and concurrently view and control the same target server through the device. Click on the drop-down list to select one of the following options: − Private: No PC share; this is the default mode. Each target server can be accessed exclusively by only one user at a time.
CHAPTER 10: SECURITY SETTINGS 107 IP Access Control Using IP Access Control, you can control access to your Dominion KX II unit. By setting a global Access Control List (ACL) you are by ensuring that your device does not respond to packets being sent from disallowed IP addresses. The IP Access Control is global, affecting the KX unit as a whole, but you can also control access to your unit at the group level. Refer to group-based IP Access Control for more information about group-level control.
108 DOMINION KX II USER GUIDE To add (append) rules: 1. 2. 3. 4. Type the IP Address and subnet mask in the IP/Mask field. Select the Policy from the drop-down list. Click Append. The rule is added to the bottom of the rules list. Repeat steps 1 through 3 for each rule you want to enter. To insert a rule: 1. 2. 3. 4. Type a Rule #. A Rule # is required when using the Insert command. Type the IP Address and subnet mask in the IP/Mask field. Select the Policy from the drop-down list. Click Insert.
CHAPTER 11: MAINTENANCE 109 Chapter 11: Maintenance The Maintenance menu includes these options: Audit Log, Device Information, Backup/Restore, CIM Firmware Upgrade, Firmware Upgrade, Factory Reset (Dominion KX II Local Console only), Upgrade Report, and Reboot. Figure 77: Maintenance Menu USE: Audit Log Device Information Backup/Restore CIM Firmware Upgrade Firmware Upgrade Factory Reset Upgrade Report Reboot TO: View Dominion KX II events sorted by date and time.
110 DOMINION KX II USER GUIDE Audit Log A log is created of Dominion KX II system events. To view the audit log for your Dominion KX II unit: Select Maintenance > Audit Log. The Audit Log page opens: Figure 78: Audit Log The Audit Log page displays events by date and time (most recent events listed first). The Audit Log provides the following information: • • • Date. The date and time that the event occurred; 24-hour clock. Event. The event name as listed in the Event Management page. Description.
CHAPTER 11: MAINTENANCE 111 Device Information The Device Information page provides detailed information about your Dominion KX II device and the CIMs in use. This information is helpful should you need to contact Raritan Technical Support. To view information about your Dominion KX II and CIMs: Select Maintenance > Device Information.
112 DOMINION KX II USER GUIDE Backup and Restore From the Backup/Restore page, you can backup and restore the settings and configuration for your Dominion KX II. In addition to using backup and restore for business continuity purposes, you can use this feature as a time-saving mechanism. For instance, you can quickly provide access to your team from another Dominion KX II, by backing up the user configuration settings from the KX II in use and restoring those configurations to the new KX II.
CHAPTER 11: MAINTENANCE 113 To restore your Dominion KX II: WARNING: Please exercise caution when restoring your Dominion KX II to an earlier version. Usernames and password in place at the time of the backup will be restored. If you do not remember the old administrative usernames and passwords, you will be locked out of the KX II. In addition, if you used a different IP Address at the time of the backup, that IP Address will be restored as well.
114 DOMINION KX II USER GUIDE CIM Upgrade Use this procedure to upgrade CIMs using the firmware versions stored in the memory of your Dominion KX II unit. In general, all CIMs are upgraded when you upgrade the device firmware using the Firmware Upgrade page. Use the CIM Upgrade page to upgrade new CIMs. Note: Only D2CIM-VUSB and D2CIM-PWR can be upgraded from this page. To upgrade CIMs using the Dominion KX II memory : 1. Select Maintenance > CIM Firmware Upgrade.
CHAPTER 11: MAINTENANCE 115 Firmware Upgrade Use the Firmware Upgrade page to upgrade the firmware for your Dominion KX II unit and all attached CIMs. This page is available in the KX II Remote Console only. Important: Do not turn off your Dominion KX II unit or disconnect CIMs while the upgrade is in progress – doing so will likely result in damage to the unit or CIMs. To upgrade your Dominion KX II unit: 1. Locate the appropriate Raritan firmware distribution file (*.
116 DOMINION KX II USER GUIDE Figure 83: Firmware Upgrade Review Note: At this point, connected users are logged out, and new login attempts are blocked. 7. Click Upgrade. Please wait for the upgrade to complete. Status information and progress bars are displayed during the upgrade. Upon completion of the upgrade, the unit reboots (1 beep sounds to signal the reboot). Figure 84: Firmware Upgrade Successful 8.
CHAPTER 11: MAINTENANCE 117 Upgrade Report Dominion KX II provides information about upgrades performed on the KX II unit and attached CIMS. To view the upgrade report: Select Maintenance > Upgrade Report. The Upgrade Report page opens: Figure 85: Upgrade Report Information is provided about the last Dominion KX II upgrade that was run, the final status of that upgrade, and the firmware version. Information is also provided about the CIMs: • • • • Port. The port where the CIM is connected. Type.
118 DOMINION KX II USER GUIDE Reboot The Reboot page provides a safe and controlled way to reboot your Dominion KX II unit; this is the recommended method for rebooting. Important: All KVM connections will be closed and all users will be logged off. To reboot your Dominion KX II: 1. Select Maintenance > Reboot. The Reboot page opens: Figure 86: Reboot 2. Click the Reboot button. You are prompted to confirm the action: Figure 87: Reboot Confirmation 3. Click Yes to proceed with the reboot.
CHAPTER 12: DIAGNOSTICS 119 Chapter 12: Diagnostics Diagnostics Menu The Diagnostics pages are used for troubleshooting and are intended primarily for the administrator of the KX II device. All of the Diagnostics pages (except KX Diagnostics) run standard networking commands; the information displayed is the output of those commands.
120 DOMINION KX II USER GUIDE Network Interface Page The Dominion KX II provides information about the status of your network interface. To view information about your network interface: Select Diagnostics > Network Interface. The Network Interface page opens: Figure 89: Network Interface The following information is displayed: • • • Whether the Ethernet interface is up or down. Whether the gateway is ping-able or not. The LAN port that is currently active.
CHAPTER 12: DIAGNOSTICS 121 Network Statistics Page The Dominion KX II provides statistics about your network interface. To view statistics about your network interface: 1. Select Diagnostics > Network Statistics. The Network Statistics page opens. 2. Select the appropriate option from the Options drop-down list: • Statistics. Produces a page similar to the one displayed here: Figure 90: Network Statistics (statistics) • Interfaces.
122 DOMINION KX II USER GUIDE Figure 92: Network Statistics (route) 3. Click the Refresh button. The relevant information is displayed in the Result field.
CHAPTER 12: DIAGNOSTICS 123 Ping Host Page Ping is a network tool used to test whether a particular host or IP Address is reachable across an IP network. Using the Ping Host page, you can determine if a target server or another Dominion KX II unit is accessible. To ping the host: 1. Select Diagnostics > Ping Host. The Ping Host page opens: Figure 93: Ping Host 2. Type either the hostname or IP Address into the Hostname or IP Address field. 3. Click Ping.
124 DOMINION KX II USER GUIDE Trace Route to Host Page Trace route is a network tool used to determine the route taken all the way to the provided hostname or IP Address. To trace the route to the host: 1. Select Diagnostics > Trace Route to Host. The Trace Route to Host page opens: Figure 94: Trace Route to Host 2. Type either the Hostname or IP Address into the Hostname or IP Address field. 3. Select the Maximum Hops from the drop-down list (5 or 10). 4. Click the Trace Route button.
CHAPTER 12: DIAGNOSTICS 125 KX Diagnostics Note: This page is for use by Raritan Field Engineers or when you are directed by Raritan Technical Support. KX Diagnostics downloads the diagnostics information from Dominion KX II to the client machine. Three operations can be performed on this page: • • • Command Line Interface. Enable or disable the Command Line Interface functionality.
126 DOMINION KX II USER GUIDE c. UDP port 21 must be opened and made available to Raritan Technical Support. d. Raritan Technical Support will also need to know the administrative password for the KX II. e. Once Raritan Technical Support has completed their testing, return UDP port 21 to its original state. 3. To execute a diagnostics script file emailed to you from Raritan Technical Support: a. Retrieve the diagnostics file supplied by Raritan and unzip as necessary. b. Use the Browse button.
CHAPTER 13: KX II LOCAL CONSOLE 127 Chapter 13: KX II Local Console KX II Local Console Dominion KX II provides at-the-rack access and administration via its local port, which features a browser-based graphical user interface for quick, convenient switching between servers. The Dominion KX II Local Console provides a direct analog connection to your connected servers; the performance is as if you were directly connected to the server’s keyboard, mouse, and video ports.
128 DOMINION KX II USER GUIDE Mouse: Attach either a standard PS/2 mouse to the Mini-DIN6 (female) mouse port or a standard USB mouse to one of the USB Type A (female) ports. Reset Button At the back of the Dominion KX II unit, there is a Reset button. It is recessed to prevent accidental presses (you will need a pointed object to use this button).
CHAPTER 13: KX II LOCAL CONSOLE 129 Starting the KX II Local Console Simultaneous Users The Dominion KX II Local Console provides an independent access path to the connected target servers. Using the Local Console does not prevent other users from simultaneously connecting over the network. And even when remote users are connected to Dominion KX II, you can still simultaneously access your servers from the rack via the Local Console.
130 DOMINION KX II USER GUIDE Accessing Target Servers Server Display After you login to the KX II Local Console, the Port Access page opens. This page lists all of the Dominion KX II ports, the connected target servers, and their status and availability. Figure 101: Local Console Port Access The target servers are initially sorted by Port Number; you can change the display to sort on any of the columns. • • • • Port Number.
CHAPTER 13: KX II LOCAL CONSOLE 131 Hotkeys Because the Dominion KX II Local Console interface is completely replaced by the interface for the target server you are accessing, a hotkey is utilized so you can switch between these interfaces. The Local Port hotkey allows you to rapidly access the KX II Local Console user interface when a target server is currently being viewed.
132 DOMINION KX II USER GUIDE Local Port Administration The Dominion KX II can be managed by either the KX II Local Console or the KX II Remote Console. Please note that the KX II Local Console also provides access to these administrative functions: • • Local Port Settings Factory Reset Note: Only users with administrative privileges can access these functions.
CHAPTER 13: KX II LOCAL CONSOLE 133 3. Select the Local Port Hotkey. The Local Port Hotkey is used to return to the KX II Local Console interface when a target server interface is being viewed.
134 DOMINION KX II USER GUIDE Factory Reset (KX II Local Console Only) Note: This feature is available only on the Dominion KX II Local Console. The Dominion KX II offers several types of reset modes from the Local Console user interface. Note: It is recommended that you save the audit log prior to performing a factory reset. The audit log is deleted when a factory reset is performed and the reset event is not logged in the audit log.
CHAPTER 14: CC UNMANAGE 135 Chapter 14: CC Unmanage Overview When a Dominion KX II device is under CommandCenter Secure Gateway control and you attempt to access the device directly using the Dominion KX II Remote Console, the following message is displayed (after entry of a valid username and password): Figure 104: Device Managed by CC-SG Message Removing Dominion KX II from CC-SG Management Unless the Dominion KX II is released from CC-SG control, you cannot access the device directly.
136 DOMINION KX II USER GUIDE To remove the device from CC-SG management (to use CC Unmanage): 1. Click the Yes button. You are prompted to confirm the action: Figure 106: Confirm CC Unmanage 2. Click the Really Unmanage button. A message is displayed confirming that the device is no longer under CC management: Figure 107: Device Removed from CC Management 3. Click OK. The Dominion KX II login page opens.
APPENDIX A: SPECIFICATIONS 137 Appendix A: Specifications Environmental Requirements OPERATING Temperature Humidity Altitude Vibration 0℃- 40℃ (32℉- 104℉) 20% - 85% RH N/A 5-55-5 HZ, 0.38mm, 1 minutes per cycle; 30 minutes for each axis (X, Y, Z) N/A Shock NON-OPERATING Temperature Humidity Altitude Vibration 0℃- 50℃ (32℉-122℉) 10% - 90% RH N/A 5-55-5 HZ, 0.
138 DOMINION KX II USER GUIDE Electrical Specifications PARAMETER VALUE Input Nominal Frequencies Nominal Voltage Range Maximum Current AC RMS AC Operating Range 50/60 Hz 100/240 VAC 0.6A max.
APPENDIX A: SPECIFICATIONS 139 TCP and UDP Ports Used • • • • • • • • • • HTTP, Port 80 – All requests received by Dominion KX II via HTTP (port 80) are automatically forwarded to HTTPS for complete security. Dominion KX II responds to Port 80 for user convenience, relieving users from having to explicitly type “https://” in the URL field to access Dominion KX II, but while still preserving complete security.
140 DOMINION KX II USER GUIDE Target Server Connection Distance and Video Resolution The maximum supported distance is a function of many factors including the type/quality of Cat 5 cable, server type and manufacturer, video driver and monitor, environmental conditions, and user expectations.
APPENDIX B: UPDATING THE LDAP SCHEMA 141 Appendix B: Updating the LDAP Schema Note: The procedures in this chapter should be attempted only by experienced users. Returning User Group Information Use the information in this chapter to return User Group information (and assist with authorization) once authentication is successful. From LDAP When an LDAP authentication is successful, Dominion KX II determines the permissions for a given user based on the permissions of the user’s group.
142 DOMINION KX II USER GUIDE Figure 108: Create New Attribute 4. 5. 6. 7. 8. 9. 10. Type rciusergroup in the Common Name field. Type rciusergroup in the LDAP Display Name field. Type 1.3.6.1.4.1.13742.50 in the Unique x5000 Object ID field. Click on the Syntax drop-down arrow and select Case Insensitive String from the list. Type 1 in the Minimum field. Type 24 in the Maximum field. Click OK to create the new attribute. Adding Attributes to the Class 1. 2. 3. 4. 5. 6.
APPENDIX B: UPDATING THE LDAP SCHEMA 143 Updating the Schema Cache 1. Right-click Active Directory Schema in the left pane of the window and select Reload the Schema from the shortcut menu. 2. Minimize the Active Directory Schema MMC console. Editing RCI User Group Attributes for User Members To run Active Directory script on Windows 2003 server, please use the script provided by Microsoft. These scripts are loaded onto your system with a Microsoft Windows 2003 installation.
144 DOMINION KX II USER GUIDE 6. Click on the Select a property to view drop-down arrow and select rciusergroup from the list. Figure 111: User Properties 7. In the Attribute Values panel of the window, type the user name you would like returned to RRC in the Edit Attribute field. Figure 112: Edit Attribute (adding user to KX II group) 8. Click Set. 9. Click OK.
APPENDIX C: INFORMATIONAL NOTES 145 Appendix C: Informational Notes Overview This chapter includes important notes on Dominion KX II usage. Future updates will be documented and available online through the Help – User Guide link in the KX II Remote Console interface.
146 DOMINION KX II USER GUIDE Tilde Symbol From the Virtual KVM Client and the Multi-Platform Client, the key combination of Alt Gr + 2 does not produce the tilde (~) symbol when using a French keyboard. To obtain the tilde symbol: Create a macro consisting of the following commands: 1. 2. 3. 4.
APPENDIX C: INFORMATIONAL NOTES 147 As a result, the Virtual KVM Client and the Multi-Platform Client (MPC) are unable to process these keys from a Mac client’s keyboard. Mouse Pointer Synchronization (Fedora) When connected in dual mouse mode to a target server running Fedora, the target and local mouse pointers may lose synchronization after some time. To re-synchronize the mouse cursors: Use the Synchronize Mouse option from the Virtual KVM Client.
148 DOMINION KX II USER GUIDE CIMs Windows 3-Button Mouse on Linux Targets When using a 3-button mouse on a Windows client connecting to a Linux target, the left mouse button may get mapped to the center button of the Windows client 3-button mouse.
APPENDIX D: FAQS 149 Appendix D: FAQs General Questions QUESTION What is Dominion KX II? ANSWER Dominion KX II is a second generation digital KVM (Keyboard, Video Mouse) switch that enables IT administrators to access and control 16, 32, or 64* servers over the network with BIOS-level functionality. Dominion KX II is completely hardware and OS-independent; users can troubleshoot and reconfigure servers even when servers are down.
150 DOMINION KX II USER GUIDE QUESTION ANSWER Can the Dominion KX II be rack mounted? Yes. The Dominion KX II ships standard with 19" rack mount brackets. It can also be reverse rack mounted so the server ports face forward. How large is the Dominion KX II? Dominion KX II is only 1U high (except KX2-464*, which is 2U), fits in a standard 19" rack mount, and is only 11.4" (29 cm) deep.
APPENDIX D: FAQS 151 Remote Access QUESTION ANSWER How many users can remotely access servers on each Dominion KX II? Dominion KX II models offer remote connections for up to eight users per channel for simultaneous access and control of a unique target server. For one-channel devices like the DKX2-116, up to eight remote users can access and control a single target server.
152 DOMINION KX II USER GUIDE QUESTION Do you have a nonWindows client? My modem connection dropped and I got the error message “There was an unexpected communications error – connection terminated.” What should I do? Sometimes during a Virtual KVM Client session, the Alt key appears to get stuck. What should I do? ANSWER Yes. Both the Virtual KVM Client and the Multi-Platform Client (MPC), allow non-Windows users to connect to target servers through the Dominion KX I and KX II switches.
APPENDIX D: FAQS 153 Universal Virtual Media QUESTION ANSWER What Dominion KX II models support virtual media? All Dominion KX II models support virtual media. It is available standalone and through CommandCenter Secure Gateway, a centralized management appliance. What types of virtual media does the Dominion KX II support? Dominion KX II supports the following types of media: internal and USB-connected CD/DVD drives, USB mass storage devices, PC hard drives, and remote drives.
154 DOMINION KX II USER GUIDE Ethernet and IP Networking QUESTION ANSWER Does the Dominion KX II offer dual gigabit Ethernet ports to provide redundant fail-over, or load balancing? Yes. Dominion KX II features dual gigabit Ethernet ports to provide redundant failover capabilities. Should the primary Ethernet port (or the switch/router to which it is connected) fail, Dominion KX II will failover to the secondary network port with the same IP address – ensuring that server operations are not disrupted.
APPENDIX D: FAQS QUESTION 155 ANSWER Can I access Dominion KX II over a wireless connection? Yes. Dominion KX II not only uses standard Ethernet, but also very conservative bandwidth with very high quality video. Thus, if a wireless client has network connectivity to a Dominion KX II, servers can be configured and managed at BIOS-level wirelessly.
156 DOMINION KX II USER GUIDE QUESTION I’m having problems connecting to the Dominion KX II over my IP network. What could be the problem? ANSWER The Dominion KX II relies on your LAN/WAN network. Some possible problems include: • Ethernet auto negotiation. On some networks, 10/100 auto negotiation does not work properly and the KX II unit must be set to 100MB/full duplex or the appropriate choice for its network. • Duplicate IP Address.
APPENDIX D: FAQS 157 Servers QUESTION Does Dominion KX II depend on a Windows server to operate? ANSWER Absolutely not. Because users depend on the KVM infrastructure to always be available in any scenario whatsoever (as they will likely need to use the KVM infrastructure to fix problems), Dominion KX II is designed to be completely independent from any external server.
158 DOMINION KX II USER GUIDE Installation QUESTION ANSWER Besides the unit itself, what do I need to order from Raritan to install Dominion KX II? Each server that connects to Dominion KX II requires a Dominion or Paragon Computer Interface Module (CIM), an adapter that connects directly to the keyboard, video, and mouse ports of the server.
APPENDIX D: FAQS 159 QUESTION ANSWER How do I connect a serially controlled (RS232) device to Dominion KX II, such as a Cisco router/switch or a headless Sun server? If there are only a few serially-controlled devices, they may be connected to a Dominion KX II using Raritan’s new P2CIM-SER serial converter. However, if there are four or more serially-controlled devices, we recommend the use of Raritan’s Dominion SX line of secure console servers.
160 DOMINION KX II USER GUIDE Local Port QUESTION ANSWER Can I access my servers directly from the rack? Yes. At the rack, Dominion KX II functions just like a traditional KVM switch – allowing control of up to 64 servers using a single keyboard, monitor, and mouse. When I am using the local port, do I prevent other users from accessing servers remotely? No. The Dominion KX II local port has a completely independent access path to the servers.
APPENDIX D: FAQS 161 QUESTION ANSWER If I use Dominion KX II’s remote administration tools to change the name of a connected server, does that change propagate to the local port OSD as well? Yes. If the name of a server is changed remotely, or via Raritan’s optional CommandCenter Secure Gateway management appliance, this update immediately affects Dominion KX II’s on-screen display. Sometimes I see “shadows” on the local port user interface.
162 DOMINION KX II USER GUIDE Power Control QUESTION ANSWER Does Dominion KX II have a dual power option? All Dominion KX II models come equipped with dual AC inputs and power supplies with automatic fail-over. Should one of the power inputs or power supplies fail, then the KX II will automatically switch to the other. Does the power supply used by Dominion KX II automatically detect voltage settings? Yes. Dominion KX II’s power supply can be used in AC voltage ranges from 100-240 volts, at 50-60 Hz.
APPENDIX D: FAQS 163 Scalability QUESTION How do I connect multiple Dominion KX II devices together into one solution? ANSWER Multiple Dominion KX II units do not need to be physically connected together. Instead, each Dominion KX II unit connects to the network, and they automatically work together as a single solution if deployed with Raritan’s optional CommandCenter Secure Gateway (CC-SG) management appliance. CC-SG acts as a single access point for remote access and management.
164 DOMINION KX II USER GUIDE Computer Interface Modules (CIMs) QUESTION ANSWER Can I use Computer Interface Modules (CIMs) from Raritan’s analog matrix KVM switch, Paragon, with Dominion KX II? Yes. Certain Paragon computer interface modules (CIMs) may work with Dominion KX II (please check the Raritan Dominion KX II release notes on the web site for the latest list of certified CIMs). Can I use Dominion KX II Computer Interface Modules (CIMs) with Raritan’s analog matrix KVM switch, Paragon? No.
APPENDIX D: FAQS 165 Security QUESTION ANSWER What kind of encryption does Dominion KX II use? Dominion KX II uses industry-standard (and extremely secure) 128-bit RC4 or AES encryption, both in its SSL communications as well as its own data stream. Literally no data is transmitted between remote clients and Dominion KX II that is not completely secured by encryption.
166 DOMINION KX II USER GUIDE Manageability QUESTION ANSWER Can Dominion KX II be remotely managed and configured via Web browser? Yes. Dominion KX II can be completely configured remotely via Web browser. Note that this does require that the workstation have an appropriate Java Runtime Environment (JRE) version installed. Can I backup and restore Dominion KX II’s configuration? Yes.
APPENDIX D: FAQS 167 Miscellaneous QUESTION ANSWER What is Dominion KX II’s default IP address? 192.168.0.192 What is Dominion KX II’s default username and password? The KX II’s default username and password are admin/raritan [all lower case]. However, for the highest level of security, the KX II forces the administrator to change the Dominion KX II default administrative username and password when the unit is first booted up.
168 DOMINION KX II USER GUIDE Troubleshooting QUESTION ANSWER I am logged into the Dominion KX II using Firefox, and I opened another Firefox browser. I am automatically logged into the same Dominion KX II with the second Firefox browser. Is this right? Yes, this is correct behavior and is the direct result of how browsers and cookies function. I am logged into the Dominion KX II using Firefox and I attempt to log into another Dominion KX II using another Firefox browser session from the same client.
APPENDIX D: FAQS 255-62-4023-00 169
World Headquarters Raritan Japan European Headquarters Raritan, Inc. 400 Cottontail Lane Somerset, NJ 08873 USA Tel. (732) 764-8886 Fax. (732) 764-8887 Email: sales@raritan.com Web: www.raritan.com 4th Floor, Shinkawa NS Building 1-26-2 Shinkawa, Chuo-ku, Tokyo 1040033 Tel. (81) 03-3523-5991 Fax. (81) 03-3523-5992 Email: sales@raritan.co.jp Web: raritan.co.jp Raritan Europe, B.V. Eglantierbaan 16 2908 LV Capelle aan den IJssel The Netherlands Tel. (31) 10-284-4040 Fax. (31) 10-284-4049 Email: sales.