CommandCenter Secure Gateway Administrators Guide Release 5.0.5 Copyright © 2010 Raritan, Inc. CCA-0M-v5.0.
This document contains proprietary information that is protected by copyright. All rights reserved. No part of this document may be photocopied, reproduced, or translated into another language without express prior written consent of Raritan, Inc. © Copyright 2010 Raritan, Inc. All third-party software and hardware mentioned in this document are registered trademarks or trademarks of and are the property of their respective holders.
Contents What's New in the CC-SG Administrators Guide Chapter 1 Introduction xvii 1 Prerequisites .................................................................................................................................. 1 Terminology/Acronyms .................................................................................................................. 2 Client Browser Requirements ........................................................................................................
Contents Licensing - Limited Operation Before License Install .................................................................. 28 Licensing - Existing Customers ................................................................................................... 29 Licensing - Rehosting .................................................................................................................. 29 Confirming IP Address ...................................................................................
Contents Discovering Devices .................................................................................................................... 53 Adding a Device ........................................................................................................................... 54 Add a KVM or Serial Device .............................................................................................. 54 Add a PowerStrip Device ......................................................................
Contents Copying Device Configuration ..................................................................................................... 87 Restarting a Device...................................................................................................................... 88 Pinging the Device ....................................................................................................................... 88 Pausing CC-SG's Management of a Device ..............................................
Contents Adding Location and Contacts to a Node Profile ....................................................................... 110 Adding Notes to a Node Profile ................................................................................................. 110 Configuring the Virtual Infrastructure in CC-SG ........................................................................ 111 Terminology for Virtual Infrastructure ..............................................................................
Contents Limit the Number of KVM Sessions per User ............................................................................ 162 Configuring Access Auditing for User Groups ........................................................................... 162 Adding, Editing, and Deleting Users .......................................................................................... 163 Add a User .................................................................................................................
Contents Specify a Base DN........................................................................................................... 189 Specifying Modules for Authentication and Authorization ......................................................... 189 Establishing Order of External AA Servers ................................................................................ 190 AD and CC-SG Overview ..........................................................................................................
Contents Audit Trail Report ....................................................................................................................... 210 Error Log Report ........................................................................................................................ 211 Access Report ............................................................................................................................ 212 Availability Report ......................................................
Contents Add an Application ........................................................................................................... 236 Delete an Application ....................................................................................................... 237 Prerequisites for Using AKC ............................................................................................ 237 Configuring Default Applications ...................................................................................
Contents Access Control List .......................................................................................................... 271 Notification Manager .................................................................................................................. 272 Configure an External SMTP Server ............................................................................... 272 Task Manager ....................................................................................................
Contents Reset CC-SG Factory Configuration (Admin) ................................................................. 314 Diagnostic Console Password Settings ........................................................................... 316 Diagnostic Console Account Configuration ..................................................................... 318 Configure Remote System Monitoring............................................................................. 320 Display Historical Data Trending Reports .
Contents SSH Access to Nodes ..................................................................................................... 351 Remote System Monitoring Port ......................................................................................
Contents Appendix C User Group Privileges 352 Appendix D SNMP Traps 361 Appendix E CSV File Imports 363 Common CSV File Requirements .............................................................................................. 364 Audit Trail Entries for Importing ................................................................................................. 365 Troubleshoot CSV File Problems ..............................................................................................
Contents Node Information ....................................................................................................................... 384 Location Information .................................................................................................................. 385 Contact Information.................................................................................................................... 385 Service Accounts ................................................................
What's New in the CC-SG Administrators Guide The following sections have changed or information has been added to the CommandCenter Secure Gateway Administrators Guide based on enhancements and changes to the equipment and/or documentation. Licensing - Virtual Appliance with License Server (on page 17) See the Release Notes for a more detailed explanation of the changes applied to this version of the CommandCenter Secure Gateway.
Chapter 1 Introduction The CommandCenter Secure Gateway (CC-SG) Administrators Guide offers instructions for administering and maintaining your CC-SG. This guide is intended for administrators who typically have all available privileges. Users who are not administrators should see Raritan's CommandCenter Secure Gateway User Guide. In This Chapter Prerequisites ..............................................................................................1 Terminology/Acronyms ..............................
Chapter 1: Introduction Terminology/Acronyms Terms and acronyms found in this document include: Access Client - HTML-based client intended for use by normal access users who need to access a node managed by CC-SG. The Access Client does not allow the use of administration functions. Admin Client - Java-based client for CC-SG useable by both normal access users and administrators. It is the only client that permits administration.
Chapter 1: Introduction Ghosted Ports - when managing Paragon devices, a ghosted port can occur when a CIM or target server is removed from the system or powered off (manually or accidentally). See Raritan's Paragon II User Guide. Hostname - can be used if DNS server support is enabled. See About Network Setup (on page 239). The hostname and its Fully-Qualified Domain Name (FQDN = Hostname + Suffix) cannot exceed 257 characters.
Chapter 1: Introduction Node Groups - a defined group of nodes that are accessible to a user. Node groups are used when creating a policy to control access to the nodes in the group. Ports - connection points between a Raritan device and a node. Ports exist only on Raritan devices, and they identify a pathway from that device to a node. SASL (Simple Authentication and Security Layer) - method for adding authentication support to connection-based protocols.
Chapter 2 Accessing CC-SG You can access CC-SG in several ways: Browser: CC-SG supports numerous web browsers (for a complete list of supported browsers, see the Compatibility Matrix on the Raritan Support website). Thick Client: You can install a Java Web Start thick client on your client computer. The thick client functions exactly like the browser-based client. SSH: Remote devices connected via the serial port can be accessed using SSH.
Chapter 2: Accessing CC-SG JRE Incompatibility If you do not have the minimum required version of JRE installed on your client computer, you will see a warning message before you can access the CC-SG Admin Client. The JRE Incompatibility Warning window opens when CC-SG cannot find the required JRE file on your client computer.
Chapter 2: Accessing CC-SG 4. If the CC-SG is configured for secure browser connections, you must select the Secure Socket Layer (SSL) checkbox. If the CC-SG is not configured for secure browser connections, you must deselect the Secure Socket Layer (SSL) checkbox. This setting must be correct or the thick client will not be able to connect to CC-SG. To check the setting in CC-SG: Choose Administration > Security. In the Encryption tab, look at the Browser Connection Protocol option.
Chapter 2: Accessing CC-SG CC-SG Admin Client Upon valid login, the CC-SG Admin Client appears.
Chapter 2: Accessing CC-SG Nodes tab: Click the Nodes tab to display all known target nodes in a tree view. Click a node to view the Node Profile. Interfaces are grouped under their parent nodes. Click the + and - signs to expand or collapse the tree. Right-click an interface and select Connect to connect to that interface. You can sort the nodes by Node Name (alphabetically) or Node Status (Available, Busy, Unavailable).
Chapter 3 Getting Started Before you can begin configuring and working in CC-SG, you must have the proper licenses installed. Then, upon first login, you should confirm the IP address, set the CC-SG server time, and check the firmware and application versions installed. You may need to upgrade the firmware and applications. Once you have completed your initial configurations, proceed to Guided Setup. See Configuring CC-SG with Guided Setup (on page 33).
Chapter 3: Getting Started Licensing - Basic License Information Licenses are based on the number of nodes configured in CC-SG. Your purchase of a physical or virtual appliance includes a license to use a specific number of nodes. This "base license" enables CC-SG functionality and includes licensing for up to the set number of nodes. If you need more nodes, you will also purchase an Add-On license for additional nodes.
Chapter 3: Getting Started CC-SG product Description CCSG128-VA CC-SG Virtual Appliance, includes 128 Node License Information needed to create license for first time Host ID of the Windows or Linux license server Hostname or IP address of the Windows or Linux license server CC-2XE1-512 Cluster Kit: 2 CC-SG E1 Appliances, includes 512 Node License Host IDs of each CC-SG unit in the cluster CC-2XE1-1024 Cluster Kit: 2 CC-SG E1 Appliances, includes 1024 Node License Host IDs of each CC-SG unit
Chapter 3: Getting Started 3. Check the number of nodes in your database on this page. You can determine how many more nodes you can add up to your licensed limit.
Chapter 3: Getting Started Licensing - New Customers - Physical Appliance If you are a new customer who has just purchased a physical CC-SG 5.0 appliance, follow these instructions to ensure that you have the proper licenses installed and activated. Step 1 - Get your license: 1. The license administrator designated at time of purchase will receive an email from Raritan Licensing Portal from the email address licensing@raritan.com, with the subject line Thank You for Registering. 2.
Chapter 3: Getting Started 4. Click the link in the email to go to the Software License Key Login page on Raritan's website and login with the user account just created. 5. Click the Product License tab. The licenses you purchased display in a list. You may have only 1 license, or multiple licenses. See Available Licenses (on page 11). 6. To get each license, click Create next to the item in the list, then enter the CommandCenter Secure Gateway Host ID.
Chapter 3: Getting Started Step 3: Check out the licenses you want to activate: You must check out licenses to activate the features. Select a license from the list then click Check Out. Check out all the licenses you want to activate. Licensing - Clusters - New Customers A Cluster Kit license enables 2 CC-SG physical units operating as a cluster to share licenses.
Chapter 3: Getting Started Licensing - Virtual Appliance with License Server The CC-SG virtual appliance requires you to install a license server to host your license. Raritan provides the license server software and tools and a vendor daemon, which you install on a physical server. See Virtual Appliance Installation Requirements (on page 17).
Chapter 3: Getting Started Download Installation Files Download the files you need to complete the installation from the Raritan website, or from the product DVD. You must be logged in to the Raritan Licensing Portal to access the files from the website. See Get Your License (on page 19). The installation files are packaged in two .ZIP files. The vccsg_rel_50554_ovf.ZIP file contains: .OVF file used to deploy the virtual appliance The flexserver-11.8-raritan.
Chapter 3: Getting Started 9. Make sure you have the redhat-lsb package installed. To install it, run yum install redhat-lsb as root. Windows Server 1. Unpack the flexserverv11.8-win.zip file to C:\ on the Windows server. This will create a folder called flexnet-win. 2. Unpack the raritan-win32-1.0.zip to C:\flexnet-win\i86_n3\. Get Your License 1. The license administrator designated at time of purchase will receive an email from Raritan Licensing Portal from the email address licensing@raritan.
Chapter 3: Getting Started 4. Click the link in the email to go to the Software License Key Login page on Raritan's website and login with the user account just created. 5. Click the Product License tab. The licenses you purchased display in a list. You may have only 1 license, or multiple licenses. 6. To get each license, click Create next to the item in the list. If you have more than 1 license, create the base license first. 7.
Chapter 3: Getting Started Linux: su - root; dmidecode -s system-uuid Windows: Use cd to change to the /flexnet-win/i86_n3 directory, then run dmidecode -s system-uuid Enter the TCP port number that CC-SG will use to communicate with the license server. The default port is 27000. If the license server is behind a firewall, make sure the port number you enter is open 11. Click Create License. The details you entered display in a pop-up. Verify that your Host ID is correct.
Chapter 3: Getting Started 2. Enter this command to change to the directory. cd c:\flexnet-win\i86_n3\ 3. Run lmgrd to start the server. In the sample commands, "license-file.lic" is the file name of the .LIC file. If you have more than 1 license file, you must specify each file name in the command, separating the file names by a semicolon. See examples. lmgrd -z -c license-file.lic lmgrd -z -c license-file1.lic;license-file2.lic Install CommandCenter Secure Gateway on VMware ESX Server 4.0 1.
Chapter 3: Getting Started b. Type and then confirm the new password. The new password must be a strong password consisting of at least eight characters that are a combination of letters and numbers. 3. Press CTRL+X when you see the Welcome screen. 4. Choose Operation > Network Interfaces > Network Interface Config. The Administrator Console appears. 5. In the Configuration field, select DHCP or Static. If you select Static, type a static IP address.
Chapter 3: Getting Started 6. Select the CCSG128-VA base license then click Check-Out to activate it. 7. To activate Add-On licenses, select each license then click Check-Out. See the CC-SG Administrators Guide for more details about licenses. See the Flexera™ FlexNet Publisher® documentation for more details about managing your license server. You can download the FlexNet Publisher License Administration Guide for FlexNet Publisher Licensing Toolkit 11.8 from www.flexera.
Chapter 3: Getting Started Restart License Servers After an Outage If the license server goes down, and then resumes operation, or if you move, add or delete license files, you should restart the license server. Restarting the license server ensures that CC-SG is synchronized with the most current information. Note: A Windows license server will synchronize automatically after an outage.
Chapter 3: Getting Started lmdown Allows for the graceful shutdown of selected license daemons. lmdown -vendor raritan is used to shut down the Raritan vendor daemon lmhostid Allows the user to retrieve the host ID of the current platform. Includes the –uuid, and, –hostdomain or –internet arguments lminstall Allows conversion of licenses between readable text format and decimal format.
Chapter 3: Getting Started lmver Reports the version of a FLEXnet Publisher library or binary file, such as lmgrd, lmadmin, lmdown, vendor daemon. Install or Upgrade VMware Tools VMware Tools is recommended by VMware for all virtual machine deployments. Once you install VMware Tools on your CommandCenter Secure Gateway virtual appliance, you can follow this process to upgrade it when VMware makes a new release. The virtual CC-SG OVF package has a version of VMware Tools installed by default.
Chapter 3: Getting Started Licensing - Limited Operation Before License Install Until you have installed and checked out the proper licenses, CC-SG operations are limited. Only the following menu choices are enabled. Diagnostic Console: To retrieve necessary information and logs, configure network interfaces. Note: You can access both the Administrator Console and Status Console interfaces via VGA/Keyboard/Mouse Port (if applicable), serial port (if applicable) or SSH.
Chapter 3: Getting Started Licensing - Existing Customers If you are an existing CC-SG customer, with a physical CC-SG appliance, when you upgrade your CC-SG unit to 5.0 or higher, a license file is created and installed that allows you to continue using CC-SG with the number of nodes configured at the time of upgrade. All existing customers must upgrade to 5.0 before upgrading to any release higher than 5.0. Follow the steps in this topic to confirm your license files are in place after upgrade to 5.0.
Chapter 3: Getting Started Confirming IP Address 1. Choose Administration > Configuration. 2. Click the Network Setup tab. 3. Check that the network settings are correct, and make changes if needed. See About Network Setup (on page 239). Optional. 4. Click Update Configuration to submit your changes. 5. Click Restart Now to confirm your settings and restart CC-SG. Setting CC-SG Server Time CC-SG's time and date must be accurately maintained to provide credibility for its device-management capabilities.
Chapter 3: Getting Started 3. Click Update Configuration to apply the time and date changes to CC-SG. 4. Click Refresh to reload the new server time in the Current Time field. Choose System Maintenance > Restart to restart CC-SG. Checking the Compatibility Matrix The Compatibility Matrix lists the firmware versions of Raritan devices and software versions of applications that are compatible with the current version of CC-SG.
Chapter 3: Getting Started 3. Click Browse, locate and select the application upgrade file from the dialog that appears then click Open. 4. The application name appears in the New Application File field in the Application Manager screen. 5. Click Upload. A progress window indicates that the new application is being uploaded. When complete, a new window will indicate that the application has been added to the CC-SG database and is available to use. 6.
Chapter 4 Configuring CC-SG with Guided Setup Guided Setup offers a simple way to complete initial CC-SG configuration tasks once the network configuration is complete. The Guided Setup interface leads you through the process of defining Associations, discovering and adding devices to CC-SG, creating device groups and node groups, creating user groups, assigning policies and privileges to user groups, and adding users.
Chapter 4: Configuring CC-SG with Guided Setup Associations in Guided Setup Create Categories and Elements To create categories and elements in Guided Setup: 1. In the Guided Setup window, click Associations, and then click Create Categories in the left panel to open the Create Categories panel. 2. In the Category Name field, type the name of a category into which you want to organize your equipment, such as “Location.” 3.
Chapter 4: Configuring CC-SG with Guided Setup Discover and Add Devices The Discover Devices panel opens when you click Continue at the end of the Associations task. You can also click Device Setup, and then click Discover Devices in the Guided Tasks tree view in the left panel to open the Discover Devices panel. To discover and add devices in Guided Setup: 1. Type the IP address range in which you want to search for devices in the From address and To address fields. 2.
Chapter 4: Configuring CC-SG with Guided Setup 14. If you are manually adding a PowerStrip device, click the Number of ports drop-down arrow and select the number of outlets the PowerStrip contains. 15. If you are adding an IPMI Server, type an Interval, used to check for availability, and an Authentication Method, which needs to match what has been configured on the IPMI Server, in the corresponding fields. 16.
Chapter 4: Configuring CC-SG with Guided Setup 3. There are two ways to add devices to a group, Select Devices and Describe Devices. The Select Devices tab allows you to select which devices you want to assign to the group by selecting them from the list of available devices. The Describe Devices tab allows you to specify rules that describe devices, and the devices whose parameters follow those rules will be added to the group. Select Devices a.
Chapter 4: Configuring CC-SG with Guided Setup Select Nodes a. Click the Select Nodes tab in the Node Group: New panel. b. In the Available list, select the node you want to add to the group, and then click Add to move the node into the Selected list. Nodes in the Selected list will be added to the group. c. To remove a node from the group, select the node name in the Selected list and click Remove. d. You can search for a node in either the Available or Selected list.
Chapter 4: Configuring CC-SG with Guided Setup Add User Groups and Users The Add User Group panel opens when you click Continue at the end of the Create Groups task. You can also click User Management, and then click Add User Group in the Guided Tasks tree view in the left panel to open the Add User Group panel. To add user groups and users in Guided Setup: 1. In the User Group Name field, type a name for the user group you want to create. User group names can contain up to 64 characters. 2.
Chapter 4: Configuring CC-SG with Guided Setup 13. Select the Login Enabled checkbox if you want the user to be able to log in to CC-SG. 14. Select the Remote Authentication checkbox only if you want the user to be authenticated by an outside server, such as TACACS+, RADIUS, LDAP, or AD. If you are using remote authentication, a password is not required. The New Password and Retype New Password fields will be disabled when Remote Authentication is checked. 15.
Chapter 5 Associations, Categories, and Elements In This Chapter About Associations ..................................................................................41 Adding, Editing, and Deleting Categories and Elements ........................42 Adding Categories and Elements with CSV File Import ..........................43 About Associations You can set up Associations to help organize the equipment that CC-SG manages.
Chapter 5: Associations, Categories, and Elements Policies also use categories and elements to control user access to servers. For example, the category/element pair Location/America can be used to create a Policy to control user access to servers in America. See Policies for Access Control (on page 175). You can assign more than one element of a category to a node or device via CSV file import. As you add devices and nodes to CC-SG, you will link them to your predefined categories and elements.
Chapter 5: Associations, Categories, and Elements Select Integer if the value is a number. 5. In the Applicable For field, select whether this category applies to: Devices, Nodes, or Device and Nodes. 6. Click OK to create the new category. The new category name appears in the Category Name field. Delete a Category Deleting a category deletes all of the elements created within that category.
Chapter 5: Associations, Categories, and Elements Categories and Elements CSV File Requirements The categories and elements CSV file defines the categories, their associated elements, their type, and whether they apply to devices, nodes or both. All CATEGORY and CATEGORYELEMENT records are related. A CATEGORY record must have one or more CATEGORYELEMENT records. CATEGORYELEMENT records can be present without a corresponding CATEGORY record if that CATEGORY already exists in CC-SG.
Chapter 5: Associations, Categories, and Elements Sample Categories and Elements CSV File ADD, CATEGORY, OS, String, Node ADD, CATEGORYELEMENT, OS, UNIX ADD, CATEGORYELEMENT, OS, WINDOWS ADD, CATEGORYELEMENT, OS, LINUX ADD, CATEGORY, Location, String, Device ADD, CATEGORYELEMENT, Location, Aisle 1 ADD, CATEGORYELEMENT, Location, Aisle 2 ADD, CATEGORYELEMENT, Location, Aisle 3 Import Categories and Elements Once you've created the CSV file, validate it to check for errors then import it.
Chapter 5: Associations, Categories, and Elements Export Categories and Elements The export file contains comments at the top that describe each item in the file. The comments can be used as instructions for creating a file for importing. To export categories and elements: 1. Choose Administration > Export > Export Categories. 2. Click Export to File. 3. Type a name for the file and choose the location where you want to save it 4. Click Save.
Chapter 6 Devices, Device Groups, and Ports To add Raritan PowerStrip Devices that are connected to other Raritan devices to CC-SG, see Managed PowerStrips (on page 92). Note: To configure iLO/RILOE devices, IPMI devices, Dell DRAC devices, IBM RSA devices, or other non-Raritan devices, use the Add Node menu and add these items as an interface. See Nodes, Node Groups, and Interfaces (on page 100). In This Chapter Viewing Devices .............................................................................
Chapter 6: Devices, Device Groups, and Ports Viewing Devices The Devices Tab Click the Devices tab to display all devices under CC-SG management. Each device's configured ports are nested under the devices they belong to. Devices with configured ports appear in the list with a + symbol. Click the + or - to expand or collapse the list of ports. Device and Port Icons For easier identification, KVM, Serial, and Power devices and ports have different icons in the Devices tree.
Chapter 6: Devices, Device Groups, and Ports Icon Meaning Serial port unavailable Ghosted port (See Raritan's Paragon II User Guide for details on Ghosting Mode.) Device paused Device unavailable Power strip Outlet port Blade chassis available Blade chassis unavailable Blade server available Blade server unavailable Port Sorting Options Configured ports are nested under their parent devices in the Devices tab. You can change the way ports are sorted.
Chapter 6: Devices, Device Groups, and Ports Note: For blade servers without an integrated KVM switch, such as HP BladeSystem servers, their parent device is the virtual blade chassis that CC-SG creates, not the KX2 device. These servers will be sorted only within the virtual blade chassis device so they will not appear in order with the other KX2 ports unless you restore these blade servers ports to normal KX2 ports. See Restore Blade Servers Ports to Normal KX2 Ports (on page 68).
Chapter 6: Devices, Device Groups, and Ports The Device Profile includes tabs that contain information about the device. Associations tab The Associations tab contains all categories and elements assigned to the node. You can change the associations by making different selections. See Associations, Categories, and Elements (on page 41).
Chapter 6: Devices, Device Groups, and Ports 2. Choose Devices > Device Manager > Topology View. The Topology View for the selected device appears. Click + or - to expand or collapse the view. Right Click Options in the Devices Tab You can right-click a device or port in the Devices tab to display a menu of commands available for the selected device or port. Searching for Devices The Devices tab provides the ability to search for devices within the tree.
Chapter 6: Devices, Device Groups, and Ports Discovering Devices Discover Devices initiates a search for all devices on your network. After discovering the devices, you may add them to CC-SG if they are not already managed. To discover devices: 1. Choose Devices > Discover Devices. 2. Type the range of IP addresses where you expect to find the devices in the From Address and To Address fields. The To Address should be larger than the From Address. Specify a mask to apply to the range.
Chapter 6: Devices, Device Groups, and Ports Adding a Device Devices must be added to CC-SG before you can configure ports or add interfaces that provide access to the nodes connected to ports. The Add Device screen is used to add devices whose properties you know and can provide to CC-SG. To search for devices to add, use the Discover Devices option. See Discovering Devices (on page 53).
Chapter 6: Devices, Device Groups, and Ports 6. Type the time (in seconds) that should elapse before timeout between the new device and CC-SG in the Heartbeat timeout (sec) field. 7. When adding a Dominion SX or Dominion KX2 version 2.2 or later device, the Allow Direct Device Access checkbox enables access to targets directly through the device even while it is under CC-SG management. 8. Type a short description of this device in the Description field. Optional. 9.
Chapter 6: Devices, Device Groups, and Ports 14. If the firmware version of the device is not compatible with CC-SG, a message appears. Click Yes to add the device to CC-SG. You can upgrade the device firmware after adding it to CC-SG. See Upgrading a Device (on page 82). Add a PowerStrip Device The process of adding a PowerStrip Device to CC-SG varies, based on which Raritan device the powerstrip is connected to physically. See Managed PowerStrips (on page 92).
Chapter 6: Devices, Device Groups, and Ports If you do not see the Category or Element values you want to use, you can add others. See Associations, Categories, and Elements (on page 41). 8. When you are done configuring this device, click Apply to add this device and open a new blank Add Device screen that allows you to continue adding devices, or click OK to add this device without continuing to a new Add Device screen.
Chapter 6: Devices, Device Groups, and Ports 2. Type the new device properties in the appropriate fields on this screen. If necessary, edit the Categories and Elements associated with this device. 3. Click the Outlet tab to view all outlets of this PowerStrip. 4. If an outlet is associated with a node, click the Node hyperlink to open the Node Profile. 5. If an outlet is associated with a node, select the outlet, and then click Power Control to open the Power Control screen for the associated node. 6.
Chapter 6: Devices, Device Groups, and Ports Adding Location and Contacts to a Device Profile Enter details about the location of the device and contact information for the people who administer or use the device. To add location and contacts to a device profile: 1. Select a device in the Devices tab. The Device Profile page opens. 2. Click the Location & Contacts tab. 3. Enter Location information. Department: Maximum 64 characters. Site: Maximum 64 characters. Location: Maximum 128 characters.
Chapter 6: Devices, Device Groups, and Ports Configuring Ports If all ports of a device were not automatically added by selecting Configure all ports when you added the device, use the Configure Ports screen to add individual ports or a set of ports on the device to CC-SG. Once you configure ports, a node is created in CC-SG for each port, and the default interface is also created. See Nodes Created by Configuring Ports (on page 61). Configure a Serial Port To configure a serial port: 1.
Chapter 6: Devices, Device Groups, and Ports 3. Click the Configure button that corresponds to the KVM port you want to configure. 4. Type a port name in the Port Name field. For ease of use, name the port after the target that is connected to the port. See Naming Conventions (on page 384) for details on CC-SG's rules for name lengths. 5. Type a node name in the Node Name field to create a new node with an Out-of-Band interface from this port.
Chapter 6: Devices, Device Groups, and Ports 3. Click the Access Application drop-down menu and select the application you want to use when you connect to this port from the list. To allow CC-SG to automatically select the correct application based on your browser, select Auto-Detect. 4. Click OK to save your changes. To edit a KSX2 or KSX serial port's settings, such as baud rate, flow control, or parity/data bits: 1.
Chapter 6: Devices, Device Groups, and Ports 3. Select the checkbox of the port you want to delete. 4. Click OK to delete the selected port. A message appears when the port has been deleted. Configuring a Blade Chassis Device Connected to KX2 Blade Chassis Overview There are two types of blade chassis devices: one is with an integrated KVM switch, which can function as an IP-enabled KVM switch, and the other is without.
Chapter 6: Devices, Device Groups, and Ports Add a Blade Chassis Device The procedure to add a blade chassis device varies depending on the blade chassis type. A blade chassis device always show two names in the Devices tab: the name without the parentheses is retrieved from the KX2 device, and the name within the parentheses is the chassis name saved on CC-SG. To add a blade chassis device with an integrated KVM switch: 1. Configure the blade chassis in KX2 properly. See the KX II User Guide. 2.
Chapter 6: Devices, Device Groups, and Ports Configuring Slots on a Blade Chassis Device If the blade servers or slots are not configured yet in CC-SG. you must configure them by following the procedure in this section, or the blade servers do not appear in the Devices and Nodes tabs. An Out-of-Band KVM interface is automatically added to a blade server node. To configure slots from the blade chassis profile: 1.
Chapter 6: Devices, Device Groups, and Ports To configure each slot individually, click the Configure button next to the slot. Then type a name for the slot in the Port Name field, and type a node name in the Node Name field. The default Access Application is set according to the default application selected for "Blade Chassis: KVM" in the Application Manager. To change it, click the Access Application drop-down menu to select the one you prefer from the list. Click OK to configure the slot.
Chapter 6: Devices, Device Groups, and Ports To delete a slot using the Delete Blade command: 1. In the Devices tab, click the + next to the KX2 device that is connected to the blade chassis device. 2. Click the + next to the blade chassis device whose slots you want to delete. 3. Right-click the blade slot that you want to delete. 4. Select Delete Blade, and then click OK to delete the slot.
Chapter 6: Devices, Device Groups, and Ports Move a Blade Chassis Device to a Different Port When physically moving a blade chassis device from one KX2 device or port to another KX2 device or port, CC-SG cannot detect and automatically update the configuration data of the blade chassis device to the new port. You must configure the blade chassis device on CC-SG once again. To move a blade chassis device to a different KX2 device or port: 1. Delete the blade chassis device from CC-SG.
Chapter 6: Devices, Device Groups, and Ports Bulk Copying for Device Associations, Location and Contacts The Bulk Copy command allows you to copy categories, elements, location and contact information from one device to multiple other devices. Note that the selected information is the only property copied in this process. If you have the same type of information existing on any selected devices, performing the Bulk Copy command will REPLACE the existing data with newly assigned information.
Chapter 6: Devices, Device Groups, and Ports Configuring Analog KVM Switches Connected to KX2 2.3 or Higher KX2 version 2.3 enables you to connect a generic analog KVM switch to a target port. The generic analog KVM switch and its ports will be available as nodes to CC-SG. You must configure this first in the KX2 web interface, and then add the KX2 to CC-SG. Add a KVM Switch Connected to KX2 This procedure adds a KVM switch connected to KX2 via the Admin Client.
Chapter 6: Devices, Device Groups, and Ports 4. Select the checkbox for each slot you want to configure, then click OK. To configure slots from the Configure Ports screen: 1. In the Devices tab, click the + next to the KX2 device that is connected to the KVM switch device. 2. Select the KVM switch device whose ports you want to configure. 3. Choose Devices > Port Manager > Configure Ports.
Chapter 6: Devices, Device Groups, and Ports Device Groups Overview Device groups are used to organize devices into a set. The device group will become the basis for a policy either allowing or denying access to this particular set of devices. See Adding a Policy (on page 176). Devices can be grouped manually, using the Select method, or by creating a Boolean expression that describes a set of common attributes, using the Describe method.
Chapter 6: Devices, Device Groups, and Ports 2. Click the New Group icon New panel appears. in the toolbar. The Device Group: 3. In the Group Name field, type a name for a device group you want to create. See Naming Conventions (on page 384) for details on CC-SG's rules for name lengths. 4. There are two ways to add devices to a group, Select Devices and Describe Devices.
Chapter 6: Devices, Device Groups, and Ports Category - Select an attribute that will be evaluated in the rule. All categories you created in the Association Manager are available here. If any blade chassis has been configured in the system, a Blade Chassis category is available by default. Operator - Select a comparison operation to be performed between the Category and Element items.
Chapter 6: Devices, Device Groups, and Ports Example 2: If you want to describe a group of devices that belong to the engineering department or are located in Philadelphia, and specify that all of the machines must have 1 GB of memory, you must create three rules. Department = Engineering (Rule0) Location = Philadelphia (Rule1) Memory = 1GB (Rule2).These rules must be arranged in relation to each other.
Chapter 6: Devices, Device Groups, and Ports Describe Method versus Select Method Use the describe method when you want your group to be based on some attribute of the node or devices, such as the categories and elements. The advantage of the describe method is that when you add more devices or nodes with the same attributes as described, they will be pulled into the group automatically. Use the select method when you just want to create a group of specific nodes manually.
Chapter 6: Devices, Device Groups, and Ports Adding Devices with CSV File Import You can add devices to CC-SG by importing a CSV file that contains the values. You must have the Device, Port, and Node Management and CC Setup and Control privileges to import and export devices. You must be assigned a policy that gives you access to all relevant devices and nodes. A full access policy for All Nodes and All Devices is recommended. Note: You cannot add P2SC devices with CSV file import.
Chapter 6: Devices, Device Groups, and Ports Column number Tag or value Details spaces or certain special characters. Dominion PX device names cannot include periods. Upon import, periods are converted to hyphens. 5 IP Address or Hostname Required field. 6 Username Required field. 7 Password Required field. 8 Heartbeat Default is configured in the Admin Client in Administration > Configuration > Device Settings tab.
Chapter 6: Devices, Device Groups, and Ports To add a port to the CSV file: Use the DEVICE-PORT tag only if you add a device with Configure All Ports set to FALSE, and you want to specify ports individually. The ports you add must be un-configured in CC-SG when you import the CSV file. Column number Tag or value Details 1 ADD The first column for all tags is the command ADD. 2 DEVICE-PORT Enter the tag as shown. Tags are not case sensitive. 3 Device Name Required field.
Chapter 6: Devices, Device Groups, and Ports Column number Tag or value Details 6 Blade Name Optional. If left blank, the name assigned at the device level is used. If a name is entered in the CSV file, it will be copied to the device level. 7 Node Name Enter a name for the node that will be created when this blade is configured. To add a tiered KVM switch connected to a KX2: KX2 ports with tiered KVM switches connected must be imported as type "KVM".
Chapter 6: Devices, Device Groups, and Ports Column number Tag or value Details 2 DEVICE-CATEGORYELEME Enter the tag as shown. NT Tags are not case sensitive. 3 Device Name Required field. 4 Category Name Required field. 5 Element Name Required field. Sample Devices CSV File ADD, DEVICE, DOMINION KX2, Lab-Test,192.168.50.
Chapter 6: Devices, Device Groups, and Ports 6. To view more import results details, check the Audit Trail report. See Audit Trail Entries for Importing (on page 365). Export Devices The export file contains comments at the top that describe each item in the file. The comments can be used as instructions for creating a file for importing. Note: P2SC devices are not exported. To export devices: 1. Choose Administration > Export > Export Devices. 2. Click Export to File. 3.
Chapter 6: Devices, Device Groups, and Ports Backing Up a Device Configuration You can back up all user configuration and system configuration files for a selected device. If anything happens to the device, you can restore the previous configurations from CC-SG using the backup file created. The maximum number of backup files that can be stored on CC-SG is 3 per device. If you need more backups, you can save a backup file to your network then delete it from CC-SG.
Chapter 6: Devices, Device Groups, and Ports Restoring Device Configurations The following device types allow you to restore a full backup of the device configuration. KX KSX KX101 SX IP-Reach KX2, KSX2, and KX2-101 devices allow you to choose which components of a backup you want to restore to the device.
Chapter 6: Devices, Device Groups, and Ports Restore All Configuration Data Except Network Settings to a KX2, KSX2, or KX2-101 Device The Protected restore option allows you to restore all configuration data in a backup file, except network settings, to a KX2, KSX2, or KX2-101 device. You can use the Protected option to restore a backup of one device to another device of the same model (KX2, KSX2, and KX2-101 only).
Chapter 6: Devices, Device Groups, and Ports Restore All Configuration Data to a KX2, KSX2, or KX2-101 Device The Full restore option allows you to restore all configuration data in a backup file to a KX2, KSX2, or KX2-101 device. To restore all configuration data to a KX2, KSX2, or KX2-101 device: 1. Click the Devices tab and select the device you want to restore to a backup configuration. 2. Choose Devices > Device Manager > Configuration > Restore. 3.
Chapter 6: Devices, Device Groups, and Ports 3. Click Upload. Navigate to and select the device backup file. The file type is .rfp. Click Open. The device backup file uploads to CC-SG and appears in the page. Copying Device Configuration The following device types allow you to copy configurations from one device to one or more other devices. SX KX2 KSX2 KX2-101 Configuration can be copied only between the same models with the same number of ports.
Chapter 6: Devices, Device Groups, and Ports Restarting a Device Use the Restart Device function to restart a device. To restart a device 1. Click the Devices tab and select the device you want to restart. 2. Choose Devices > Device Manager > Restart Device. 3. Click OK to restart the device. 4. Click Yes to confirm that all users accessing the device will be logged off. Pinging the Device You can ping a device to determine if the device is available in your network. To ping a device: 1.
Chapter 6: Devices, Device Groups, and Ports 2. Choose Devices > Device Manager > Resume Management. The device icon in the Device Tree will indicate the device's active state. Device Power Manager Use the Device Power Manager to view the status of a PowerStrip device (including voltage, current, and temperature) and to manage all power outlets on the PowerStrip device. Device Power Manager provides a PowerStrip-centric view of its outlets.
Chapter 6: Devices, Device Groups, and Ports Disconnecting Users Administrators can terminate any user's session on a device. This includes users who are performing any kind of operation on a device, such as connecting to ports, backing up the configuration of a device, restoring a device's configuration, or upgrading the firmware of a device. Firmware upgrades and device configuration backups and restores are allowed to complete before the user's session with the device is terminated.
Chapter 6: Devices, Device Groups, and Ports IP-Reach and UST-IP Administration You can perform administrative diagnostics on IP-Reach and UST-IP devices connected to your Paragon System setup directly from the CC-SG interface. After adding the Paragon System device to CC-SG, it appears in the Devices tree. To access Remote User Station Administration: 1. Click the Devices tab, and then select the Paragon II System Controller. 2. Choose Devices > Device Manager > Launch User Station Admin.
Chapter 7 Managed Powerstrips There are three ways to configure power control using powerstrips in CC-SG. 1. All supported Raritan-brand powerstrips can be connected to another Raritan device and added to CC-SG as a Powerstrip device. Raritan-brand powerstrips include Dominion PX and RPC powerstrips. Check the Compatibility Matrix for supported versions. To configure this type of managed powerstrip in CC-SG, you must know to which Raritan device the powerstrip is physically connected.
Chapter 7: Managed Powerstrips Configuring Powerstrips that are Managed by Another Device in CC-SG In CC-SG, managed powerstrips can be connected to one of the following devices: Dominion KX Dominion KX2 Dominion KX2-101 Dominion SX 3.0 Dominion SX 3.
Chapter 7: Managed Powerstrips Configuring PowerStrips Connected to KX, KX2, KX2-101, KSX2, and P2SC CC-SG automatically detects PowerStrips connected to KX, KX2, KX2-101, KSX2, and P2SC devices. You can perform the following tasks in CC-SG to configure and manage PowerStrips connected to these devices.
Chapter 7: Managed Powerstrips Delete a PowerStrip Connected to a KX, KX2, KX2-101, KSX2, or P2SC Device You cannot delete a PowerStrip connected to a KX, KX2, KX2-101, KSX2, or P2SC device from CC-SG. You must physically disconnect the PowerStrip from the device to delete the PowerStrip from CC-SG. When you physically disconnect the PowerStrip from the device, the PowerStrip and all configured outlets disappear from the Devices tab. Configuring PowerStrips Connected to SX 3.
Chapter 7: Managed Powerstrips 10. For each Category listed, click the Element drop-down menu and select the element you want to apply to the device. Select the blank item in the Element field for each Category you do not want to use. See Associations, Categories, and Elements (on page 41). Optional. 11.
Chapter 7: Managed Powerstrips Configuring Powerstrips Connected to SX 3.1 You can perform the following tasks in CC-SG to configure and manage Powerstrips connected to SX 3.1 devices. Add a Powerstrip Connected to an SX 3.1 Device (on page 97) Move an SX 3.1's Powerstrip to a Different Port (on page 98) Delete a Powerstrip Connected to an SX 3.1 Device (on page 98) Add a Powerstrip Connected to an SX 3.1 Device The procedure for adding a powerstrip connected to an SX 3.
Chapter 7: Managed Powerstrips Move an SX 3.1's Powerstrip to a Different Port When you physically move a Powerstrip from one SX 3.1 device or port to another SX 3.1 device or port, you must delete the Powerstrip from the old SX 3.1 port and add it to the new SX 3.1 port. See Delete a Powerstrip Connected to an SX 3.1 Device (on page 98) and Add a Powerstrip Connected to an SX 3.1 Device (on page 97). Delete a Powerstrip Connected to an SX 3.
Chapter 7: Managed Powerstrips To configure multiple outlets with the default names shown in the screen, select the checkbox for each outlet you want to configure, and then click OK to configure each outlet with the default name. To configure each outlet individually, click the Configure button next to the outlet, and then type a name for the outlet in the Port name field. Click OK to configure the port. To delete an outlet: 1.
Chapter 8 Nodes, Node Groups, and Interfaces This section covers how to view, configure, and edit nodes and their associated interfaces, and how to create node groups. Connecting to nodes is covered briefly. See Raritan's CommandCenter Secure Gateway User Guide for details on connecting to nodes. In This Chapter Nodes and Interfaces Overview ............................................................100 Viewing Nodes .......................................................................................
Chapter 8: Nodes, Node Groups, and Interfaces Node Names Node names must be unique. CC-SG will prompt you with options if you attempt to manually add a node with an existing node name. When CC-SG automatically adds nodes, a numbering system ensures that node names are unique. See Naming Conventions (on page 384) for details on CC-SG's rules for name lengths. About Interfaces In CC-SG, nodes are accessed through interfaces. You must add at least one interface to each new node.
Chapter 8: Nodes, Node Groups, and Interfaces Node Profile Click a Node in the Nodes tab to open the Node Profile page. The Node Profile page includes tabs that contain information about the node.
Chapter 8: Nodes, Node Groups, and Interfaces Interfaces tab The Interfaces tab contains all the node's interfaces. You can add, edit, and delete interfaces on this tab, and select the default interface. Nodes that support virtual media include an additional column that shows whether virtual media is enabled or disabled. Associations tab The Associations tab contains all categories and elements assigned to the node. You can change the associations by making different selections.
Chapter 8: Nodes, Node Groups, and Interfaces Control system server nodes, such as VMware's Virtual Center, include the Control System Data tab. The Control System Data tab contains information from the control system server that is refreshed when the tab opens. You can access a topology view of the virtual infrastructure, link to associated node profiles, or connect to the control system and open the Summary tab.
Chapter 8: Nodes, Node Groups, and Interfaces Service Accounts Service Accounts Overview Service accounts are special login credentials that you can assign to multiple interfaces. You can save time by assigning a service account to a set of interfaces that often require a password change. You can update the login credentials in the service account, and the change is reflected in every interface that uses the service account.
Chapter 8: Nodes, Node Groups, and Interfaces Add, Edit, and Delete Service Accounts To add a service account: 1. Choose Nodes > Service Accounts. The Service Accounts page opens. 2. Click the Add Row icon to add a row to the table. 3. Enter a name for this service account in the Service Account Name field. 4. Enter the username in the Username field. 5. Enter the password in the Password field. 6. Re-type the password in the Retype Password field. 7.
Chapter 8: Nodes, Node Groups, and Interfaces 2. Find the service account whose password you want to change. 3. Enter the new password in the Password field. 4. Re-type the password in the Retype Password field. 5. Click OK. Note: CC-SG updates all interfaces that use the service account to use the new login credentials when you change the username or password. Assign Service Accounts to Interfaces You can assign a service account to multiple interfaces.
Chapter 8: Nodes, Node Groups, and Interfaces Adding, Editing, and Deleting Nodes Add a Node To add a node to CC-SG: 1. Click the Nodes tab. 2. Choose Nodes > Add Node. 3. Type a name for the node in the Node Name field. All node names in CC-SG must be unique. See Naming Conventions (on page 384) for details on CC-SG's rules for name lengths. 4. Type a short description for this node in the Description field. Optional. 5. You must configure at least one interface.
Chapter 8: Nodes, Node Groups, and Interfaces Nodes Created by Configuring Ports When you configure the ports of a device, a node is created automatically for each port. An interface is also created for each node. When a node is automatically created, it is given the same name as the port to which it is associated. If this node name already exists, an extension is added to the node name. For example, Channel1(1). The extension is the number in parentheses.
Chapter 8: Nodes, Node Groups, and Interfaces Adding Location and Contacts to a Node Profile Enter details about the location of the node, and contact information for the people who administer or use the node. To add location and contacts to a node profile: 1. Select a node in the Nodes tab. The Node Profile page opens. 2. Click the Location & Contacts tab. 3. Enter Location information. Department: Maximum 64 characters. Site: Maximum 64 characters. Location: Maximum 128 characters. 4.
Chapter 8: Nodes, Node Groups, and Interfaces Configuring the Virtual Infrastructure in CC-SG Terminology for Virtual Infrastructure CC-SG uses the following terminology for virtual infrastructure components. Term Definition Example Control System The Control System is the managing server. The Control System manages one or more Virtual Hosts. VMware's Virtual Center Virtual Host The Virtual Host is the physical hardware that contains one or more Virtual Machines.
Chapter 8: Nodes, Node Groups, and Interfaces Virtual Nodes Overview You can configure your virtual infrastructure for access in CC-SG. The Virtualization page offers two wizard tools, Add Control System wizard and Add Virtual Host wizard, that help you add control systems, virtual hosts, and their virtual machines properly. Once you complete the configuration, all control systems, virtual hosts, and virtual machines are available for access as nodes in CC-SG.
Chapter 8: Nodes, Node Groups, and Interfaces 7. Enter authentication information: To use a service account for authentication, select the Use Service Account Credentials checkbox. Select the service account to use in the Service Account Name menu. or Enter a Username and Password for authentication. Maximum 64 characters each. 8. To allow users who access this control system to automatically log into the VI Client interface, select the Enable Single Sign On For VI Client checkbox. Optional. 9.
Chapter 8: Nodes, Node Groups, and Interfaces Use Ctrl+click or Shift+click to select multiple virtual machines that you want to add. In the Check/Uncheck Selected Rows section, select the Virtual Machine checkbox. To add a VNC, RDP, or SSH interface to the virtual host nodes and virtual machine nodes that will be created, select the VNC, RDP or SSH checkboxes in the Check/Uncheck Selected Rows section. Optional. Click Check. 11. Click Next.
Chapter 8: Nodes, Node Groups, and Interfaces One node for each virtual host. Each virtual host node has a VI Client interface. Virtual Host nodes are named with their IP addresses or host names. One node for the control system. The control system node has a VI Client interface. Control System nodes are named "Virtual Center" plus the IP address. For example, "Virtual Center 192.168.10.10.
Chapter 8: Nodes, Node Groups, and Interfaces 12. Add virtual machines to CC-SG. One node will be created for each virtual machine. Each associated virtual host will also be configured. Only one virtual host node will be added, even if the virtual host is associated with multiple virtual machines. To add one virtual machine: Select the Configure checkbox next to the virtual machine that you want to add.
Chapter 8: Nodes, Node Groups, and Interfaces VI Client Interfaces VMware Viewer Interfaces Virtual Power Interfaces RDP, VNC, and SSH Interfaces, if specified b. Enter login credentials, if needed. Some interface types do not require login credentials.: To use a Service Account, select the Use Service Account Credentials checkbox then select the name of the service account. or Enter a username and password for the interface type. Maximum 64 characters each. 15. Click OK.
Chapter 8: Nodes, Node Groups, and Interfaces 5. Change the information as needed. See Add a Control System with Virtual Hosts and Virtual Machines (on page 112) and Add a Virtual Host with Virtual Machines (on page 115) for complete field descriptions. 6. Click Next. 7. Delete one or multiple virtual machines from CC-SG. To delete a virtual machine, deselect the Configure checkbox. To delete multiple virtual machines, use Ctrl+click or Shift+click to select multiple virtual machines.
Chapter 8: Nodes, Node Groups, and Interfaces Delete Control Systems and Virtual Hosts You can delete control systems and virtual hosts from CC-SG. When you delete a control system, the virtual hosts and virtual machines associated with it are not deleted. When you delete a virtual host, the control systems and virtual machines associated with it are not deleted. Virtual machine nodes are not automatically deleted when their associated control systems or virtual hosts are deleted.
Chapter 8: Nodes, Node Groups, and Interfaces vSphere 4 Users Must Install New Plug-In When upgrading your virtual environment from a previous version to vSphere 4, you must remove the VMware Remote Console plug-in from the browser. After removing the plug-in, the correct plug-in for vSphere4 will be installed the next time you connect to a Virtual Machine from CCSG. To remove the old plug-in from Internet Explorer: 1. Choose Tools > Manage Add-Ons > Enable or Disable Add-Ons. 2.
Chapter 8: Nodes, Node Groups, and Interfaces Synchronize the Virtual Infrastructure You can perform a synchronization of CC-SG with your virtual infrastructure. When you select a control system for synchronization, the associated virtual hosts will also be synchronized, whether or not you select the virtual hosts. To synchronize the virtual infrastructure: 1. Choose Nodes > Virtualization. 2. In the list of nodes, select the nodes you want to synchronize. Use Ctrl+click to select multiple items. 3.
Chapter 8: Nodes, Node Groups, and Interfaces Reboot or Force Reboot a Virtual Host Node You can reboot or force reboot the virtual host server. A Reboot operation performs a normal reboot of the virtual host server when it is in maintenance mode. A Force Reboot operation forces the virtual host server to reboot, even if the server is not in maintenance mode. To access these commands, you must have the Node In-Band Access and Node Power Control privilege.
Chapter 8: Nodes, Node Groups, and Interfaces Connecting to a Node Once a node has an interface, you can connect to that node through the interface in several different ways. See Raritan's CommandCenter Secure Gateway User Guide. To connect to a node: 1. Click the Nodes tab. 2. Select the node to which you want to connect and: In the Interfaces table, click the name of the interface with which you want to connect.
Chapter 8: Nodes, Node Groups, and Interfaces Adding, Editing, and Deleting Interfaces Add an Interface Note: Interfaces for virtual nodes, such as control system, virtual hosts, and virtual machines, can only be added using the Virtualization tools under Nodes > Virtualization. See Configuring the Virtual Infrastructure in CC-SG (on page 111). To add an interface: 1. For an existing node: click the Nodes tab, and then select the node to which you want to add an interface.
Chapter 8: Nodes, Node Groups, and Interfaces See Interfaces for Out-of-Band KVM, Out-of-Band Serial Connections (on page 127). Power Control Connections: Power Control - DRAC: Select this item to create a power control connection to a Dell DRAC server. Power Control - iLO Processor: Select this item to create a power control connection to an HP iLO/RILOE server. Power Control - IPMI: Select this item to create a power control connection to a node with an IPMI connection.
Chapter 8: Nodes, Node Groups, and Interfaces Interfaces for In-Band Connections In-band connections include RDP, VNC, SSH, RSA KVM, iLO Processor KVM, DRAC KVM, and TELNET. Telnet is not a secure access method. All usernames, passwords, and traffic are transmitted in clear text. To add an interface for in-band connections: 1. Type the IP Address or Hostname for this interface in the IP Address/Hostname field. 2. Type a TCP Port for this connection in the TCP Port field. Optional. 3.
Chapter 8: Nodes, Node Groups, and Interfaces Microsoft RDP Connection Details If using a Windows XP client, you must have Terminal Server Client 6.0 or higher to connect a Microsoft RDP interface from CC-SG. Update the Terminal Server Client to 6.0 using this link: http://support.microsoft.com/kb/925876. Internet Explorer only. Targets supported include Vista, Win2008 server, and Windows 7, and all prior Windows releases, including Windows XP and Windows 2003 targets.
Chapter 8: Nodes, Node Groups, and Interfaces 2. Type a TCP Port for this connection in the TCP Port field. DRAC 5 only. TCP Port is not required for DRAC 4. 3. Enter authentication information: To use a service account for authentication, select the Use Service Account Credentials checkbox. Select the service account to use in the Service Account Name menu. or Enter a Username and Password for authentication. 4. Type a description of this interface in the Description field. Optional. 5.
Chapter 8: Nodes, Node Groups, and Interfaces RSA Interface Details When you create an In-Band RSA KVM or Power interface, CC-SG discards the username and password associated with the interface, and creates two user accounts on the RSA server. This allows you to have simultaneous KVM and power access to the RSA server. New usernames: cc_kvm_user cc_power_user These usernames replace the username you entered when you created the interfaces.
Chapter 8: Nodes, Node Groups, and Interfaces 3. Power Strip Name: select the Power Strip or PX device that provides power to the node. The power strip or PX device must be configured in CC-SG before it appears in this list. 4. Outlet Name: select the name of the outlet the node is plugged into. Optional. 5. Type a description of this interface in the Description field. 6. Click OK to save your changes.
Chapter 8: Nodes, Node Groups, and Interfaces Interfaces for Power IQ Proxy Power Control Connections Add a Power IQ Proxy power control interface when you want to use CC-SG to control power to a Power IQ IT device that you've added to CC-SG as a node. This enables you to control power to nodes connected to PDUs not managed by CC-SG. To add an interface for Power IQ Proxy power control connections: 1. Enter the IT device's External Key. The External Key must match between Power IQ and CC-SG.
Chapter 8: Nodes, Node Groups, and Interfaces Web Browser Interface You can add a Web Browser Interface to create a connection to a device with an embedded web server, such as a Dominion PX. See Example: Adding a Web Browser Interface to a PX Node (on page 134). For a blade chassis with an integrated KVM switch, if you have assigned a URL or IP address to it on the KX2 device, a Web Browser interface is automatically added.
Chapter 8: Nodes, Node Groups, and Interfaces Note: Do not enter authentication information for DRAC, ILO, and RSA web applications, or the connection will fail. 5. Type the field names for the username and password fields used in the login screen for the web application in the Username Field and Password Field. You must view the HTML source of the login screen to find the field names, not the field labels. See Tips for Adding a Web Browser Interface (on page 133). 6.
Chapter 8: Nodes, Node Groups, and Interfaces Example: Adding a Web Browser Interface to a PX Node A Dominion PX-managed powerstrip can be added to CC-SG as a node. Then you can add a Web Browser Interface that enables users to access the Dominion PX's Web-based administration application to the node. Use the following values to add a Web Browser Interface for a Dominion PX node: URL: /auth.
Chapter 8: Nodes, Node Groups, and Interfaces Delete an Interface You can delete any interface from a node except for these: A VMW Viewer interface or a VMW Power interface on a virtual machine node. A Web Browser interface on a blade chassis which has an integrated KVM switch and has a URL or IP address assigned to it on the KX2 device. To delete an interface from a node: 1. Click the Nodes tab. 2. Click the node with the interface you want to delete. 3.
Chapter 8: Nodes, Node Groups, and Interfaces 4. A default name for the bookmark appears in the Bookmark Name field. You can change the name, which will appear in your Favorites list in Internet Explorer. 5. Click OK. The Add Favorite window opens. 6. Click OK to add the bookmark to your Favorites list. To access a bookmarked interface: 1. Open a browser window. 2. Choose the bookmarked interface from the list of bookmarks in the browser. 3.
Chapter 8: Nodes, Node Groups, and Interfaces 6. In the Associations tab, select the Copy Node Associations checkbox to copy all categories and elements of the node. You may change, add or delete any data in this tab. The modified data will be copied to multiple nodes in the Selected Nodes list as well as the current node displayed in the Node Name field. Optional. 7.
Chapter 8: Nodes, Node Groups, and Interfaces Adding Nodes with CSV File Import You can add nodes and interfaces to CC-SG by importing a CSV file that contains the values. You must have the Device, Port, and Node Management and CC Setup and Control privileges to import and export nodes. You must be assigned a policy that gives you access to all relevant devices and nodes. A full access policy for All Nodes and All Devices is recommended.
Chapter 8: Nodes, Node Groups, and Interfaces Nodes CSV File Requirements The nodes CSV file defines the nodes, interfaces, and their details required to add them to CC-SG. Node names must be unique. If you enter duplicate node names, CC-SG adds a number in parentheses to the name to make it unique, and adds the node. If you are also assigning categories and elements to nodes in the CSV file, and you have duplicate node names, categories and elements may be assigned to the wrong nodes.
Chapter 8: Nodes, Node Groups, and Interfaces Column number Tag or value Details 3 Node Name Enter the same value as entered for Raritan Port Name. 4 Raritan Device Name Required field. The device must already be added to CC-SG. 5 Port Number Required field. 6 Blade Slot/KVM Switch Port If the node is associated with a blade, enter the slot number. If the node is associated with a tiered generic analog KVM Switch, enter the port number.
Chapter 8: Nodes, Node Groups, and Interfaces Column number Tag or value Details Raritan Port Name. 8 Baud Rate Valid for SX ports only. 9 Parity Valid for SX ports only. 10 Flow Control Valid for SX ports only. 11 Description Optional. To add an RDP interface to the CSV file: Column number in CSV file Tag or value Details 1 ADD The first column for all tags is the command ADD. 2 NODE-RDP-INTERFACE Enter the tag as shown. Tags are not case sensitive. 3 Node Name Required field.
Chapter 8: Nodes, Node Groups, and Interfaces Column number in CSV file Tag or value Details Default is Java. To add an SSH or TELNET interface to the CSV file: Column number Tag or value Details 1 ADD The first column for all tags is the command ADD. 2 NODE-SSH-INTERFACE for Enter the tag as shown. SSH interfaces Tags are not case sensitive. NODE-TELNET-INTERFAC E for TELNET interfaces 3 Node Name Required field. 4 Interface Name Required field. 5 IP Address or Hostname Required field.
Chapter 8: Nodes, Node Groups, and Interfaces Column number Tag or value Details 6 TCP Port Default is 5900. 7 Service Account Name Optional. Leave blank if specifying password. 8 Password Optional. Leave blank if specifying service account. 9 Description Optional.
Chapter 8: Nodes, Node Groups, and Interfaces Column number Tag or value Details 7 Username You must enter either a service account or a username and password. Leave blank if specifying service account. 8 Password You must enter either a service account or a username and password. Leave blank if specifying service account. 9 Description Optional. 10* TCP Port *For NODE-DRAC-POWER-INTERFACE only, specify a TCP port. Default is 22.
Chapter 8: Nodes, Node Groups, and Interfaces Column number Tag or value Details 10 Description Optional. To add an IPMI power control interface to the CSV file: Column number Tag or value Details 1 ADD The first column for all tags is the command ADD. 2 NODE-IPMI-INTERFACE Enter the tag as shown. Tags are not case sensitive. 3 Node Name Required field. 4 Interface Name Required field. 5 IP Address or Hostname Required field.
Chapter 8: Nodes, Node Groups, and Interfaces Column number Tag or value Details 5 Powerstrip Name Required field. 6 Outlet Required field. 7 Managing Device The name of the device that the power strip is connected to. Required field for all power strips except Dominion PX. 8 Managing Port The name of the port on the device that the power strip is connected to. Required field for all power strips except Dominion PX. 9 Description Optional.
Chapter 8: Nodes, Node Groups, and Interfaces Column number Tag or value Details 12 Description Optional. To add a Power IQ Proxy power control interface to the CSV file: See Power Control of Power IQ IT Devices (on page 332) for details about configuring this interface type. Column number Tag or value Details 1 ADD The first column for all tags is the command ADD. 2 NODE-POWER-PIQ-INTERFA Enter the tag as shown. CE Tags are not case sensitive. 3 Node Name Required field.
Chapter 8: Nodes, Node Groups, and Interfaces To assign categories and elements to a node to the CSV file: Categories and elements must already be created in CC-SG. You can assign multiple elements of the same category to a node in the CSV file. Column number Tag or value Details 1 ADD The first column for all tags is the command ADD. 2 NODE-CATEGORYELEMENT Enter the tag as shown. Tags are not case sensitive. 3 Node Name Required field. 4 Category Name Required field.
Chapter 8: Nodes, Node Groups, and Interfaces If the file is not valid, an error message appears. Click OK and look at the Problems area of the page for a description of the problems with the file. Click Save to File to save the problems list. Correct your CSV file and then try to validate it again. See Troubleshoot CSV File Problems (on page 366). 4. Click Import. 5. Check the Actions area to see the import results. Items that imported successfully show in green text.
Chapter 8: Nodes, Node Groups, and Interfaces 7. Import the .csv file. See Import Nodes (on page 148). Adding, Editing, and Deleting Node Groups Node Groups Overview Node groups are used to organize nodes into a set. The node group will become the basis for a policy either allowing or denying access to this particular set of nodes. See Adding a Policy (on page 176).
Chapter 8: Nodes, Node Groups, and Interfaces Add a Node Group To add a node group: 1. Choose Associations > Node Group. The Node Groups Manager window appears 2. Choose Groups > New. A template for a node group appears. 3. In the Group Name field, type a name for a node group you want to create. See Naming Conventions (on page 384) for details on CC-SG's rules for name lengths. 4. There are two ways to add nodes to a group, Select Nodes and Describe Nodes.
Chapter 8: Nodes, Node Groups, and Interfaces To remove a node from the group, select the node name in the Selected list and click Remove. You can search for a node in either the Available or Selected list. Type the search terms in the field below the list, and then click Go 4. If you want to create a policy that allows access to the nodes in this group at any time, select the Create Full Access Policy for Group checkbox. 5.
Chapter 8: Nodes, Node Groups, and Interfaces An example rule might be Department = Engineering, meaning it describes all nodes that the category “Department” set to “Engineering.” This is exactly what happens when you configure the associations during an Add Node operation. 4. If you want to add another rule, click the Add New Row icon again, and make the necessary configurations. Configuring multiple rules will allow more precise descriptions by providing multiple criteria for evaluating nodes.
Chapter 8: Nodes, Node Groups, and Interfaces Note: You should have a space before and after operators & and |. Otherwise, the Short Expression field may return to the default expression, that is, Rule0 & Rule1 & Rule2 and so on, when you delete any rule from the table. 6. Click Validate when a description has been written in the Short Expression field. If the description is formed incorrectly, a warning appears.
Chapter 8: Nodes, Node Groups, and Interfaces 155
Chapter 9 Users and User Groups User accounts are created so that users can be assigned a username and password to access CC-SG. A User Group defines a set of privileges for its members. You cannot assign privileges to users themselves, only to user groups. All users must belong to at least one user group. CC-SG maintains a centralized user list and user group list for authentication and authorization. You can also configure CC-SG to use external authentication. See Remote Authentication (on page 187).
Chapter 9: Users and User Groups The Users Tab Click the Users tab to display all user groups and users in CC-SG. Users are nested underneath the user groups to which they belong. User groups with users assigned to them appear in the list with a + symbol next to them. Click the + to expand or collapse the list. Active users those currently logged into CC-SG - appear in bold. The Users tab provides the ability to search for users within the tree.
Chapter 9: Users and User Groups Default User Groups CC-SG is configured with three default user groups: CC-Super User, System Administrators, and CC Users. CC Super-User Group The CC Super-User group has full administrative and access privileges. Only one user can be a member of this group. The default username is admin. You can change the default username. You cannot delete the CC-Super User group.
Chapter 9: Users and User Groups Adding, Editing, and Deleting User Groups Add a User Group Creating user groups first will help you organize users when the users are added. When a user group is created, a set of privileges is assigned to the user group. Users assigned to the group will inherit those privileges. For example, if you create a group and assign it the User Management privilege, all users assigned to the group will be able to see and execute the commands on the User Manager menu.
Chapter 9: Users and User Groups The All Policies table lists all the policies available on CC-SG. Each policy represents a rule allowing or denying access to a group of nodes. See Policies for Access Control (on page 175) for details on policies and how they are created. 9. In the All Policies list, select a policy that you want to assign to the user group, and then click Add to move the policy to the Selected Policies list.
Chapter 9: Users and User Groups 7. Select the checkbox that corresponds to each privilege you want to assign to the user group. Deselect a privilege to remove it from the group. 8. In the Node Access area, click the drop-down menu for each kind of interface you want this group to have access through and select Control. 9. Click the drop-down menu for each kind of interface you do not want this group to have access through and select Deny. 10. Click the Policies tab. Two tables of policies appear. 11.
Chapter 9: Users and User Groups Limit the Number of KVM Sessions per User You can limit the number of KVM sessions allowed per user for sessions with Dominion KXII, KSXII and KX (KX1) devices. This prevents any single user from using all available channels at once. When a user attempts a connection to a node that would exceed the limit, a warning message displays with information on the current sessions. The event is logged in the Access Report with the message Connection Denied.
Chapter 9: Users and User Groups 2. Select the Require Users to Enter Access Information When Connecting to a Node checkbox. 3. In the Message to Users field, enter a message that users will see when attempting to access a node. A default message is provided. 256 character maximum. 4. Move the user groups to enable access auditing for the group into the Selected list by clicking the arrow buttons. Use Ctrl+click to select multiple items.
Chapter 9: Users and User Groups If strong passwords are enabled, the password entered must conform to the established rules. The information bar at the top of the screen will display messages to assist with the password requirements. See Advanced Administration (on page 234) for details on strong passwords. 8. Select the Force Password Change on Next Login checkbox to force the user to change the assigned password the next time they log in. 9.
Chapter 9: Users and User Groups 4. In the New Password and Retype New Password fields, type a new password to change this user's password. Note: If Strong Passwords are enabled, the password entered must conform to the established rules. The information bar at the top of the screen will assist with the password requirements. See Advanced Administration (on page 234) for details on strong passwords. 5.
Chapter 9: Users and User Groups 4. Users who are not assigned to the target group appear in the Users not in group list. Select the users you want to add from this list, and then click > to move them to the Users in group list. Click the >> button to move all users not in the group to the Users in group list. Select the users you want to remove from the Users in group list, and then click the < button to remove them. Click the << button to remove all users from the Users in group list. 5.
Chapter 9: Users and User Groups Users CSV File Requirements The import enables you to add user groups, users, and AD modules, and assign policies and permissions and user groups. Policies must already be created in CC-SG. The import assigns the policy to a user group. You cannot create new policies via import. User Group names are case sensitive. User names are not case sensitive.
Chapter 9: Users and User Groups Column number Tag or value Details 2 USERGROUP-PERMISSION Enter the tag as shown. S Tags are not case sensitive. 3 User Group Name Required field. User Group names are case sensitive.
Chapter 9: Users and User Groups Column number Tag or value Details command ADD. 2 USERGROUP-ADMODULE Enter the tag as shown. Tags are not case sensitive. 3 User Group Name Required field. User Group names are case sensitive. 4 AD Module Name Required field. To add a user to CC-SG: Column number Tag or value Details 1 ADD The first column for all tags is the command ADD. 2 USER Enter the tag as shown. Tags are not case sensitive. 3 User Group Name Required field.
Chapter 9: Users and User Groups Column number Tag or value Details Periodically is set to TRUE, specify the number of days after which password must be changed. Enter just the number, from 1 to 365. To add a user to a user group: Column number Tag or value Details 1 ADD The first column for all tags is the command ADD. 2 USERGROUP-MEMBER Enter the tag as shown. Tags are not case sensitive. 3 User Group Name Required field. User Group names are case sensitive. 4 User Name Required field.
Chapter 9: Users and User Groups Import Users Once you've created the CSV file, validate it to check for errors then import it. Duplicate records are skipped and are not added. 1. Choose Administration > Import > Import Users. 2. Click Browse and select the CSV file to import. Click Open. 3. Click Validate. The Analysis Report area shows the file contents. If the file is not valid, an error message appears.
Chapter 9: Users and User Groups Your User Profile My Profile allows all users to view details about their account, change some details, and customize usability settings. It is the only way for the CC Super User account to change the account name. To view your profile: Choose Secure Gateway > My Profile. The Change My Profile screen appears, displaying details about your account. Change your password 1. Choose Secure Gateway > My Profile. 2.
Chapter 9: Users and User Groups Find Matching String - Does not support the use of wildcards and will highlight the closest match in the nodes, users, or devices as you type. The list will be limited to those items that contain the search criteria after clicking Search. 3. Click OK to save your changes. Change the CC-SG default font size 1. Choose Secure Gateway > My Profile. 2. Click the Font Size drop-down menu to adjust the font size the standard CC-SG client uses. 3. Click OK to save your changes.
Chapter 9: Users and User Groups To log out all users of a User Group: 1. In the Users tab, select the user group you want to log out of CC-SG. To log out multiple user groups, hold the Shift key as you click additional user groups. 2. Choose Users > User Group Manager > Logout Users. The Logout Users screen appears with a list of active users from the selected groups. 3. Click OK to log the users out of CC-SG.
Chapter 10 Policies for Access Control Policies are rules that define which nodes and devices users can access, when they can access them, and whether virtual-media permissions are enabled, where applicable. The easiest way to create policies is to categorize your nodes and devices into node groups and device groups, and then create policies that allow and deny access to the nodes and devices in each group. After you create a policy, you assign it to a user group.
Chapter 10: Policies for Access Control Adding a Policy If you create a policy that denies access (Deny) to a node group or device group, you also must create a policy that allows access (Control) for the selected node group or device group. Users will not automatically receive Control rights when the Deny policy is not in effect. To add a policy: 1. Choose Associations > Policies. The Policy Manager window opens. 2. Click Add. A dialog window appears, requesting a name for the policy. 3.
Chapter 10: Policies for Access Control 14. If you selected Control in the Device/Node Access Permission field, the Virtual Media Permission section will become enabled.
Chapter 10: Policies for Access Control 9. Select the checkbox that corresponds to each day you want this policy to cover. 10. In the Start Time field, type the time of day this policy goes into effect. The time must be in 24-Hour format. 11. In the End Time field, type the time of day this policy ends. The time must be in 24-Hour format.
Chapter 10: Policies for Access Control Support for Virtual Media CC-SG provides remote virtual media support for nodes connected to virtual media-enabled KX2, KSX2, and KX2-101 devices. For detailed instructions on accessing virtual media with your device, see: Dominion KX II User Guide Dominion KSX II User Guide Dominion KXII-101 User Guide See Adding a Policy (on page 176) for details on creating policies to assign virtual media permission to user groups in CC-SG.
Chapter 11 Custom Views for Devices and Nodes Custom Views enable you to specify different ways to display the nodes and devices in the left panel, using Categories, Node Groups, and Device Groups. In This Chapter Types of Custom Views .........................................................................180 Using Custom Views in the Admin Client ..............................................
Chapter 11: Custom Views for Devices and Nodes Using Custom Views in the Admin Client Custom Views for Nodes Add a Custom View for Nodes To add a custom view for nodes: 1. Click the Nodes tab. 2. Choose Nodes > Change View > Create Custom View. The Custom View screen appears. 3. In the Custom View panel, click Add. The Add Custom View window opens. 4. Type a name for the new custom view in the Custom View Name field. 5.
Chapter 11: Custom Views for Devices and Nodes 2. Click the Name drop-down arrow and select a custom view from the list. 3. Click Apply View. or Choose Nodes > Change View. All defined custom views are options in the pop-up menu. Choose the custom view you want to apply. Change a Custom View for Nodes 1. Click the Nodes tab. 2. Choose Nodes > Change View > Create Custom View. The Custom View screen appears. 3. Click the Name drop-down arrow and select a custom view from the list.
Chapter 11: Custom Views for Devices and Nodes 2. Choose Nodes > Change View > Create Custom View. The Custom View screen appears. 3. Click the Name drop-down arrow, and select a custom view from the list. Details of the items included and their order appear in the Custom View Details panel 4. In the Custom View panel, click Delete. The Delete Custom View confirmation message appears. 5. Click Yes. Assign a Default Custom View for Nodes To assign a default custom view for nodes: 1. Click the Nodes tab. 2.
Chapter 11: Custom Views for Devices and Nodes 3. In the Custom View panel, click Add. The Add Custom View window appears. 4. Type a name for the new custom view in the Custom View Name field. 5. In the Custom View Type section: Select Filter by Device Group to create a custom view that displays only the device groups you specify. Select View by Category to create a custom view that displays devices according to the categories you specify. 6. Click OK. 7. In the Custom View Details section: a.
Chapter 11: Custom Views for Devices and Nodes 2. Choose Devices > Change View > Create Custom View. The Custom View screen appears. 3. Click the Name drop-down arrow, and select a custom view from the list. Details of the items included and their order appear in the Custom View Details panel. To change a custom view's name: 1. In the Custom View panel, click Edit. The Edit Custom View window opens. 2. Type a new name for the custom view in the Enter new name for custom view field, and then click OK.
Chapter 11: Custom Views for Devices and Nodes Assign a Default Custom View for Devices To assign a default custom view for devices: 1. Click the Devices tab. 2. Choose Devices > Change View > Create Custom View. The Custom View screen appears. 3. Click the Name drop-down arrow, and select a custom view from the list. 4. In the Custom View panel, click Set as Default. The next time you login the selected custom view will be used by default.
Chapter 12 Remote Authentication In This Chapter Authentication and Authorization (AA) Overview ..................................187 Distinguished Names for LDAP and AD ................................................188 Specifying Modules for Authentication and Authorization .....................189 Establishing Order of External AA Servers ...........................................190 AD and CC-SG Overview ......................................................................
Chapter 12: Remote Authentication 2. CC-SG connects to the external server and sends the username and password. 3. Username and password are either accepted or rejected and sent back. If authentication is rejected, this results in a failed login attempt. 4. If authentication is successful, authorization is performed. CC-SG checks if the username entered matches a group that has been created in CC-SG or imported from AD, and grants privileges according to the assigned policy.
Chapter 12: Remote Authentication Specify a Distinguished Name for LDAP Distinguished Names for Netscape LDAP and eDirectory LDAP should follow this structure: user id (uid), organizational unit (ou), organization (o) Specify a Username for AD When authenticating CC-SG users on an AD server by specifying cn=administrator,cn=users,dc=xyz,dc=com in username, if a CC-SG user is associated with an imported AD group, the user will be granted access with these credentials.
Chapter 12: Remote Authentication Establishing Order of External AA Servers CC-SG will query the configured external authorization and authentication servers in the order that you specify. If the first checked option is unavailable, CC-SG will try the second, then the third, and so on, until it is successful. To establish the order in which CC-SG uses external authentication and authorization servers: 1. Choose Administration > Security. 2. Click the Authentication tab.
Chapter 12: Remote Authentication 5. Type a name for the AD server in the Module name field. The maximum number of characters is 31. All printable characters may be used. The module name is optional and is specified only to distinguish this AD server module from any others that you configure in CC-SG. The name is not connected to the actual AD server name. 6. Click Next to proceed. The General tab opens.
Chapter 12: Remote Authentication UserName@raritan.com Raritan/UserName Note: The user specified must have permission to execute search queries in the AD domain. For example, the user may belong to a group within AD that has Group scope set to Global, and Group type set to Security. 5. Type the password for the user account you want to use to query the AD server in the Password and Confirm Password fields. Maximum length is 32 characters. 6.
Chapter 12: Remote Authentication 5. Type a user's attributes in the Filter field so the search query will be restricted to only those entries that meet this criterion. The default filter is objectclass=user, which means that only entries of the type user are searched. 6. Specify the way in which the search query will be performed for the user entry. Select the Use Bind checkbox if the user logging in from the applet has permissions to perform search queries in the AD server.
Chapter 12: Remote Authentication 3. Type a user's attributes in the Filter field so the search query for the user in the group will be restricted to only those entries that meet this criterion. For example, if you specify cn=Groups,dc=raritan,dc=com as the Base DN and (objectclass=group) as the Filter, then all entries that are in the Groups entry and are of type group will be returned. 4. Click Next to proceed. The Trusts tab opens.
Chapter 12: Remote Authentication Editing an AD Module Once you have configured AD modules, you can edit them at any time. To edit an AD module: 1. Choose Administration > Security. 2. Click the Authentication tab. All configured external Authorization and Authentication Servers appear in a table. 3. Select the AD module you want edit, and then click Edit. 4. Click each tab in the Edit Module window to view the configured settings. Make changes as needed.
Chapter 12: Remote Authentication 2. Click the Authentication tab. All configured Authorization and Authentication Servers appear in a table. 3. Select the AD server whose AD user groups you want to import. 4. Click Import AD User Groups to retrieve a list of user group values stored on the AD server. If any of the user groups are not already on the CC-SG, you can import them here and assign them an access policy. 5. Select the groups you want to import to CC-SG.
Chapter 12: Remote Authentication Synchronizing AD with CC-SG There are several methods for synchronizing the information on CC-SG with the information on your AD server. Daily synchronization of all modules: You can enable scheduled synchronization to allow CC-SG to synchronize all AD modules daily at the time you choose. See Synchronize All AD Modules (on page 199). This synchronization is necessary only when you are using AD for authorization.
Chapter 12: Remote Authentication Synchronize All User Groups with AD You should synchronize all user groups if you have made a change to a user group, such as moving a user group from one AD module to another. You can also change the AD association of a user group manually, in the User Group Profile's Active Directory Associations tab. If you have made changes to users or domain controllers, you should synchronize all AD modules. See Synchronize All AD Modules (on page 199).
Chapter 12: Remote Authentication Synchronize All AD Modules You should synchronize all AD Modules whenever you change or delete a user in AD, change user permissions in AD, or make changes to a domain controller. When you synchronize all AD modules, CC-SG retrieves the user groups for all configured AD modules, compares their names with the user groups that have been imported into CC-SG or associated with the AD module within CC-SG, and refreshes the CC-SG local cache.
Chapter 12: Remote Authentication To disable daily synchronization of all AD modules: 1. Choose Administration > Security. 2. Click the Authentication tab. All configured Authorization and Authentication Servers appear in a table. 3. Deselect the Daily synchronization of All Modules checkbox. 4. Click Update to save your changes. Change the Daily AD Synchronization Time When daily synchronization is enabled, you can specify the time at which automatic synchronization occurs.
Chapter 12: Remote Authentication Renaming and Moving AD Groups Renaming a group in AD: When an AD group that has been imported into CC-SG changes its name in AD, CC-SG reports a warning in the Audit Trail when the name change is detected, either at synchronization or when an affected AD user logs in for the first time after. "User group has been renamed to in AD module .
Chapter 12: Remote Authentication LDAP General Settings 1. Click the General tab. 2. Type the IP address or hostname of the LDAP server in the IP Address/Hostname field. See Terminology/Acronyms (on page 2) for hostname rules. 3. Type the port value in the Port field. The default port is 389. 4. Select "LDAP over SSL" if using a secure LDAP server. 5. Select Anonymous Bind if your LDAP server allows anonymous queries. You do not need to enter a user name and password with anonymous binding.
Chapter 12: Remote Authentication 2. Select Base 64 if you want the password to be sent to the LDAP server with encryption. Select Plain Text if you want the password to be sent to the LDAP server as plain text. 3. Default Digest: select the default encryption of user passwords. 4. Type the user attribute and group membership attribute parameters in the User Attribute and Group Membership Attribute fields. These values should be obtained from your LDAP directory schema. 5.
Chapter 12: Remote Authentication OpenLDAP (eDirectory) Configuration Settings If using an OpenLDAP server for remote authentication, use this example: Parameter Name Open LDAP Parameters IP Address/Hostname User Name CN=, O= Password User Base O=accounts, O= User Filter (objectclass=person) Passwords (Advanced screen) Base64 Password Default Digest (Advanced) Crypt Use Bind Unchecked Use Bind After Search
Chapter 12: Remote Authentication About TACACS+ and CC-SG CC-SG users who are remotely authenticated by a TACACS+ server must be created on the TACACS+ server and on CC-SG. The user name on the TACACS+ server and on CC-SG must be the same, although the passwords may be different. See Users and User Groups (on page 156). Add a TACACS+ Module To add a TACACS+ module: 1. Choose Administration > Security. 2. Click the Authentication tab. 3. Click Add to open the Add Module window. 4.
Chapter 12: Remote Authentication About RADIUS and CC-SG CC-SG users who are remotely authenticated by a RADIUS server must be created on the RADIUS server and on CC-SG. The user name on the RADIUS server and on CC-SG must be the same, although the passwords may be different. See Users and User Groups (on page 156). Add a RADIUS Module To add a RADIUS module: 1. Choose Administration > Security. 2. Click the Authentication tab. 3. Click Add to open the Add Module window. 4.
Chapter 12: Remote Authentication Two-Factor Authentication Using RADIUS By using an RSA RADIUS Server that supports two-factor authentication in conjunction with an RSA Authentication Manager, CC-SG can make use of two-factor authentication schemes with dynamic tokens. In such an environment, users logs into CC-SG by first typing their usernames in the Username field, then typing their fixed passwords, and then the dynamic token value in the Password field.
Chapter 13 Reports In This Chapter Using Reports ........................................................................................208 Audit Trail Report ...................................................................................210 Error Log Report ....................................................................................211 Access Report .......................................................................................212 Availability Report ..................................
Chapter 13: Reports View Report Details Double-click a row to view details of the report. When a row is highlighted, press the Enter key to view details. All details of the selected report display in a dialog that appears, not just the details you can view in the report screen. For example, the Access Report screen for nodes does not display the Interface Type and Message, but these are available in the Node Access Details dialog.
Chapter 13: Reports Purge a Report's Data From CC-SG You can purge the data that appears in the Audit Trail and Error Log reports. Purging these reports deletes all data that satisfy the search criteria used. For example, if you search for all Audit Trail entries from March 26, 2008 through March 27, 2008, only those records will be purged. Entries earlier than March 26 or later than March 27 will remain in the Audit Trail. Purged data is removed from CC-SG permanently.
Chapter 13: Reports 3. You can limit the data that the report will contain by entering additional parameters in the Message Type, Message, Username, and User IP address fields. Wildcards are accepted in these fields except for the Message Type field. To limit the report to a type of message, select a type in the Message Type field. To limit the report by the message text associated with an activity, type the text in the Message field.
Chapter 13: Reports Click Purge to delete the Error Log. See Purge a Report's Data from CC-SG (on page 210). Access Report Generate the Access report to view information about accessed devices and nodes, when they were accessed, and the user who accessed them. To generate the Access Report: 1. Choose Reports > Access Report. 2. Select Devices or Nodes. 3. Set the date and time range for the report in the Start Date and Time and End Date and Time fields.
Chapter 13: Reports 3. Click Apply. Active Users Report The Active Users report displays current users and user sessions. You can select active users from the report and disconnect them from CC-SG. To generate the Active Users report: Choose Reports > Users > Active Users. To disconnect a user from an active session in CC-SG: 1. In the Active Users report, select the user name you want to disconnect. 2. Click Logout.
Chapter 13: Reports The Password Expiration field displays the number of days that the user can use the same password before being forced to change it. See Add a User (on page 163). The Groups field displays the user groups to which the user belongs. The Privileges field displays the CC-SG privileges assigned to the user. See User Group Privileges (on page 352). The Email field displays the email address for the user, as specified in the User Profile.
Chapter 13: Reports Device Group Data Report The Device Group Data report displays device group information. To generate the Device Group Data report: 1. Choose Reports > Devices > Device Group Data. 2. Double-click a row to display the list of devices in the group. Query Port Report The Query Port Report displays all ports according to port status. To generate the Query Port report: 1. Choose Reports > Ports > Query Port. 2.
Chapter 13: Reports State Type Port State Definition been configured. 3. Select Ghosted Ports to include ports that are ghosted. A ghosted port can occur when a CIM or target server is removed from a Paragon system or powered off (manually or accidentally). See Raritan's Paragon II User Guide. Optional. 4. Select Paused Ports or Locked Ports to include ports that are paused or locked. Paused ports occur when a CC-SG management of a device is paused. Locked ports occur when a device is being upgraded.
Chapter 13: Reports 3. The URL column contains direct links to each node. You can use this information to create a web page with links to each node, instead of bookmarking each node individually. See Bookmarking an Interface (on page 135). Active Nodes Report The Active Nodes report includes the name and type of each active interface, the connection mode, the associated device, a timestamp, the current user, and the user IP address for each node with an active connection.
Chapter 13: Reports Node Group Data Report The Node Group Data report displays the list of nodes that belong to each group, the user groups that have access to each node group, and, if applicable, the rules that define the node group. The list of nodes is in the report details, which you can view by double-clicking a row in the report page, or save to a CSV file. See Save a Report to a File (on page 209). The Node Asset report displays the list of groups each node is a member of.
Chapter 13: Reports Scheduled Reports Scheduled Reports displays reports that were scheduled in the Task Manager. You can find the Upgrade Device Firmware reports and Restart Device reports in the Scheduled Reports screen. Scheduled reports can be viewed in HTML format only. See Task Manager (on page 273). To access scheduled reports: 1. Choose Reports > Scheduled Reports. 2. Select a Report Type. 3. Select a Report Owner. 4. Enter a Report Name to filter on the name.
Chapter 13: Reports Upgrade Device Firmware Report The Upgrade Device Firmware report is located in the Scheduled Reports list. This report is generated when an Upgrade Device Firmware task is running. View the report to get real-time status information about the task. Once the task has completed, the report information is static. See Scheduled Reports (on page 219) for details on viewing the report.
Chapter 14 System Maintenance In This Chapter Maintenance Mode ................................................................................221 Entering Maintenance Mode..................................................................221 Exiting Maintenance Mode ....................................................................222 Backing Up CC-SG ................................................................................222 Saving and Deleting Backup Files ......................................
Chapter 14: System Maintenance 2. Password: Type your password. Only users with the CC Setup and Control privilege can enter maintenance mode. 3. Broadcast message: Type the message that will display to users who will be logged out of CC-SG. 4. Enter maintenance mode after (min): Enter the number of minutes (from 0-720) that should elapse before CC-SG enters maintenance mode. Entering zero minutes causes Maintenance Mode to begin immediately.
Chapter 14: System Maintenance b. Type the IP address or hostname of the server in the IP Address/Hostname field. c. If you are not using the default port for the selected protocol (FTP: 21, SFTP: 22), type the communications port used in the Port Number field. d. Type a username for the remote server in the Username field. e. Type a password for the remote server in the Password field. f. In the Directory (Relative Path) field, specify the location to save the backup file on the FTP server.
Chapter 14: System Maintenance What is the difference between Full backup and Standard backup? Standard backup: A standard backup includes all data in all fields of all CCSG pages, except for data in the following pages: Administration > Configuration Manager > Network tab Administration > Cluster Configuration CCSG backup files stored on CCSG are also not backed up. You can view the list of backup files stored on CCSG in the System Maintenance > Restore page.
Chapter 14: System Maintenance 3. Click OK to delete the backup from the CC-SG system. Restoring CC-SG You can restore CC-SG using a backup file that you created. Important: The Neighborhood configuration is included in the CC-SG backup file so make sure you remember or note down its setting at the backup time. This is helpful for determining whether the backup file is appropriate for the CC-SG unit you restore. To restore CC-SG: 1. Choose System Maintenance > Restore.
Chapter 14: System Maintenance Restore Data - CC-SG configuration, Device and Node configuration, and User Data. Selecting Data restores the Standard backup portion of a Full backup file. See What is the difference between Full backup and Standard backup? (on page 224) Restore Logs - Error logs and event reports stored on CC-SG Restore CC Firmware - Stored firmware files used for updating the CC-SG server itself.
Chapter 14: System Maintenance Option Description Full Database This option removes the existing CC-SG database and builds a new version with the factory default values. Network settings, SNMP agents, firmware, and Diagnostic Console settings are not part of the CC-SG database. The SNMP configuration and traps are reset. The SNMP agent is not reset. IP-ACL settings are reset with a Full Database reset whether you select the IP ACL Tables option or not.
Chapter 14: System Maintenance Option Description Read-write Community: private System Contact, Name, Location: none SNMP Trap Configuration SNMP Trap Destinations Default Firmware This option resets all device firmware files to factory defaults. This option does not change the CC-SG database. Upload Firmware to Database After Reset This option loads the firmware files for the current CC-SG version into the CC-SG database.
Chapter 14: System Maintenance Restarting CC-SG The restart command is used to restart the CC-SG software. Restarting CC-SG will log all active users out of CC-SG. Restarting will not cycle power to the CC-SG. To perform a full reboot, you must access Diagnostic Console or the power switch on the CC-SG unit. 1. Choose System Maintenance > Restart. 2. Type your password in the Password field. 3. Broadcast message: Type the message that will display to users who will be logged off CC-SG. 4.
Chapter 14: System Maintenance process, reboot the unit manually, power off, or power cycle the unit during the upgrade To upgrade CC-SG: 1. Download the firmware file to your client PC. 2. Log into the CC-SG Admin Client using an account that has the CC Setup and Control privilege. 3. Enter Maintenance Mode. See Entering Maintenance Mode (on page 221). 4. Once CC-SG is in maintenance mode, choose System Maintenance > Upgrade. 5. Click Browse. Navigate to and select the CC-SG firmware file (.
Chapter 14: System Maintenance 11. Launch a new web browser window. 12. Log into the CC-SG Admin Client using an account that has the CC Setup and Control privilege. 13. Choose Help > About Raritan Secure Gateway. Check the version number to verify that the upgrade was successful. If the version has not upgraded, repeat the previous steps. If upgrade was successful, proceed to the next step. 14. Exit Maintenance Mode. See Exiting Maintenance Mode (on page 222). 15. Back up the CC-SG.
Chapter 14: System Maintenance CC-SG Shutdown Shutting down CC-SG shuts down the CC-SG software, but it does not power off the CC-SG unit. After CC-SG shuts down, all users are logged out. Users cannot log back in until you restart CC-SG, either via the Diagnostic Console or by recycling the CC-SG power. To shutdown CC-SG: 1. Choose System Maintenance > Shutdown CommandCenter. 2. Type your password in the Password field. 3.
Chapter 14: System Maintenance To power down the CC-SG: 1. Remove the bezel and firmly tap the POWER button. 2. Wait approximately one minute while CC-SG gracefully powers down. Note: Users logged into CC-SG via Diagnostic Console will receive a short broadcast message when the CC-SG unit is powered down. Users logged into CC-SG via a web browser or SSH will not receive a message when the CC-SG unit is powered down. 3.
Chapter 15 Advanced Administration In This Chapter Configuring a Message of the Day ........................................................234 Configuring Applications for Accessing Nodes......................................235 Configuring Default Applications ...........................................................237 Managing Device Firmware ...................................................................238 Configuring the CC-SG Network ...........................................................
Chapter 15: Advanced Administration c. Click the Font Size drop-down menu and select a font size for the message text. If you select Message of the Day File: a. Click Browse to browse for the message file. b. Select the file in the dialog window that opens then click Open. c. Click Preview to review the contents of the file. 4. Click OK to save your changes.
Chapter 15: Advanced Administration 2. Click the Application name drop-down arrow and select the application that must be upgraded from the list. If you do not see the application, you must add it first. See Add an Application (on page 236). 3. Click Browse, locate and select the application upgrade file from the dialog that appears then click Open. 4. The application name appears in the New Application File field in the Application Manager screen. 5. Click Upload.
Chapter 15: Advanced Administration 5. Click OK. An Open dialog appears. 6. Navigate to and select the application file (usually a .jar or .cab file), and then click Open. 7. The selected application loads onto CC-SG. Delete an Application To delete an application: 1. Choose Administration > Applications. 2. Select an application from the Application Name drop-down menu. 3. Click Delete. A confirmation dialog appears. 4. Click Yes to delete the application.
Chapter 15: Advanced Administration View the Default Application Assignments To view the default application assignments: 1. Choose Administration > Applications. 2. Click the Default Applications tab to view and edit the current default applications for various Interfaces and Port Types. Applications listed here will become the default choice when configuring a node to allow access through a selected interface.
Chapter 15: Advanced Administration 2. Click Add to add a new firmware file. A search window opens. 3. Navigate to and select the firmware file you want to upload to CC-SG, and then click Open. When the upload completes, the new firmware appears in the Firmware Name field. Delete Firmware To delete firmware: 1. Choose Administration > Firmware. 2. Click the Firmware Name drop-down arrow and select the firmware you want to delete. 3. Click Delete. A confirmation message appears. 4.
Chapter 15: Advanced Administration Model Primary LAN Name Primary LAN Location Secondary LAN Name Secondary LAN Location V1-0 or V1-1 LAN1 Left LAN port LAN2 Right LAN port E1 LAN Ports: Model Primary LAN Name Primary LAN Location Secondary LAN Name Secondary LAN Location E1-0 Not labeled Top LAN port in set of 2 Not labeled ports in center of unit back panel Bottom LAN port in set of 2 ports in center of unit back panel E1-1 LAN1 Left LAN port Right LAN port LAN2 What is IP Failover
Chapter 15: Advanced Administration If the Primary LAN is connected and receiving a Link Integrity signal, CC-SG uses this LAN port for all communications. If the Primary LAN loses Link Integrity, and Secondary LAN is connected, CC-SG will failover its assigned IP address to the Secondary LAN. The Secondary LAN will be used until the Primary LAN returns to service. When the Primary LAN is back in service, CC-SG automatically reverts to using the Primary LAN.
Chapter 15: Advanced Administration 6. Click the Adapter Speed drop-down arrow and select a line speed from the list. Make sure your selection agrees with your switch's adapter port setting. If your switch uses 1 Gig line speed, select Auto. 7. If you selected Auto in the Adapter Speed field, the Adapter Mode field is disabled, with Full Duplex selected automatically. If you specified an Adapter Speed other than Auto, click the Adapter Mode drop-down arrow and select a duplex mode from the list. 8.
Chapter 15: Advanced Administration What is IP Isolation mode? IP Isolation mode allows you to isolate clients from devices by placing them on separate sub-networks and forcing clients to access the devices through CC-SG. In this mode, CC-SG manages traffic between the two separate IP domains. IP Isolation mode does not offer failover. If either LAN connection fails, users will not have access.
Chapter 15: Advanced Administration Specify at most one Default Gateway in the Network Setup panel in CC-SG. Use Diagnostic Console to add more static routes if needed. See Edit Static Routes (on page 305). To configure IP Isolation mode in CC-SG: 1. Choose Administration > Configuration. 2. Click the Network Setup tab. 3. Select IP Isolation mode. 4. Type the CC-SG hostname in the Host name field. See Terminology/Acronyms (on page 2) for hostname rules.
Chapter 15: Advanced Administration Recommended DHCP Configurations for CC-SG Review the following recommended DHCP configurations. Make sure that your DHCP server is set up properly before you configure CC-SG to use DHCP. Configure the DHCP to statically allocate CC-SG's IP address. Configure the DHCP and DNS servers to automatically register the CC-SG with the DNS when the DHCP allocates an IP address to CC-SG.
Chapter 15: Advanced Administration 2. Click the Logs tab. 3. Click Purge. 4. Click Yes. Configuring the CC-SG Server Time and Date CC-SG's time and date must be accurately maintained to provide credibility for its device-management capabilities. Important: The Time/Date configuration is used when scheduling tasks in Task Manager. See Task Manager (on page 273). The time set on your client PC may be different than the time set on CC-SG.
Chapter 15: Advanced Administration Connection Modes: Direct and Proxy About Connection Modes CC-SG offers three connection modes for in-band and out-of-band connections: Direct, Proxy, and Both. Direct mode allows you to connect to a node or port directly, without passing data through CC-SG. Direct mode generally provides faster connections. Proxy mode allows you to connect to a node or port by passing all data through CC-SG.
Chapter 15: Advanced Administration 3. Select Proxy mode. 4. Click Update Configuration. Configure a Combination of Direct Mode and Proxy Mode When you configure CC-SG to use a combination of Direct mode and Proxy mode, Proxy mode will be the default connection mode, and Direct mode will be used for the client IP addresses you specify. To configure a combination of direct mode and proxy mode: 1. Choose Administration > Configuration. 2. Click the Connection Mode tab. 3. Select Both. 4.
Chapter 15: Advanced Administration To enable or disable a warning message for all power operations: Select the Display Warning Message For All Power Operations checkbox to enable a warning message that alerts a user before a requested power operation occurs. Only the user who initiated the power operation sees the message. The user can cancel the power operation or confirm it by clicking Yes or No in the message. 1. Choose Administration > Configuration. 2. Click the Device Settings tab. 3.
Chapter 15: Advanced Administration 2. Launch Internet Explorer® using the CommandCenter Secure Gateway IP address as the URL. A Certificate Error message will be displayed. 3. Select View Certificates. 4. On the General tab, click Install Certificate. The certificate is then installed in the Trusted Root Certification Authorities store. 5. After the certificate is installed, the CommandCenter Secure Gateway IP address can be removed from the Trusted Site zone.
Chapter 15: Advanced Administration 6. Click Update. To customize the message in the JRE Incompatibility Warning window: 1. Choose Administration > Configuration. 2. Click the Custom JRE tab. 3. Using HTML code, enter the message that appears in the JRE Incompatibility Warning window. 4. Click Update. To restore the default message and minimum JRE version: 1. Choose Administration > Configuration. 2. Click the Custom JRE tab. 3. Click Restore Default. 4. Click Update.
Chapter 15: Advanced Administration 4. To identify the SNMP agent running on CC-SG to a third-party enterprise Management Solutions, provide agent information under Agent Configuration. Type a Port for the agent (default is 161). Type a Read-Only Community string (default is public) and Read-Write Community string (default is private). Multiple community strings are allowed; separate them with a comma.
Chapter 15: Advanced Administration Configuring CC-SG Clusters A CC-SG cluster uses two CC-SG nodes, one Primary node and one Secondary node, for backup security in case of Primary node failure. Both nodes share common data for active users and active connections, and all status data is replicated between the two nodes. Devices in a CC-SG cluster must be aware of the IP of the Primary CC-SG node in order to be able to notify the Primary node of status change events.
Chapter 15: Advanced Administration 3. Specify a Secondary, or Backup, Node in the Backup Secure Gateway IP Address/Hotsname field. Make sure the specified CC-SG has the same firmware version and hardware type as the Primary Node. Use one of these methods to specify it: Click Discover Secure Gateways to scan and display all CC-SG units on the same subnet as the one you are currently accessing. Then click a CC-SG unit in the Standalone state from the table of discovered CC-SG units to select it.
Chapter 15: Advanced Administration For Time Interval, enter how often CC-SG should check its connection with the other nodes. Valid range is 5-20 seconds. Note: Setting a low Time Interval will increase the network traffic generated by heartbeat checks. You may want to set higher intervals for clusters with nodes located far apart from each other. For Failure Threshold, enter the number of consecutive heartbeats that must pass without a response before a CC-SG node is considered failed.
Chapter 15: Advanced Administration 2. Click the Recovery tab, and you can either have the cluster automatically rebuilt at the specified time or rebuild the cluster immediately. Click Rebuild Now to immediately recover the cluster. Select the Enable Automatic Rebuild checkbox, and specify the time to rebuild the cluster in the From Time and To Time fields. Click Update to save the changes.
Chapter 15: Advanced Administration Create a Neighborhood You can log into a CC-SG unit where you want to create a Neighborhood and which is not a member of any Neighborhood yet. After a Neighborhood is created, all members in the Neighborhood share the same Neighborhood information. If any member is the Primary Node of clustered CC-SG units, the IP address or hostname of the Secondary, or Backup, Node also displays in the Neighborhood configuration. To create a Neighborhood 1.
Chapter 15: Advanced Administration To deactivate any CC-SG unit, deselect the Activate checkbox next to that unit. Deactivated CC-SG units operate as standalone units and do not show up as one of the Neighborhood members to Access Client users. Click the column header to sort the table by that attribute in ascending order. Click the header again to sort the table in descending order. 9. To return to previous screen, click Back and repeat prior steps. Optional. 10. Click Finish.
Chapter 15: Advanced Administration 4. If new CC-SG units meet the Neighborhood criteria and are found, they display in the Neighborhood Configuration table. Otherwise, a message appears and return you to the Add Member dialog. Then make changes in the dialog as needed. 5. Select the Active checkbox next to each new CC-SG unit. 6. To change any CC-SG's Secure Gateway Name, click the name, type a new one and press Enter. The default is a short CC-SG hostname. Optional. 7.
Chapter 15: Advanced Administration Delete a Neighborhood Member When a CC-SG unit in a Neighborhood becomes inappropriate, you may either remove or deactivate it in the Neighborhood configuration. Otherwise, Access Client users may find these units inaccessible when trying to switch to them.
Chapter 15: Advanced Administration 2. Choose Administration > Neighborhood. 3. Click Delete Neighborhood. 4. Click Yes to confirm the deletion. Security Manager The Security Manager is used to manage how CC-SG provides access to users. Within Security Manager you can configure authentication methods, SSL access, AES Encryption, strong password rules, lockout rules, the login portal, certificates, and access control lists.
Chapter 15: Advanced Administration Check Your Browser for AES Encryption CC-SG supports AES-128 and AES-256. If you do not know if your browser uses AES, check with the browser manufacturer. You may also want to try navigating to the following web site using the browser whose encryption method you want to check: https://www.fortify.net/sslcheck.html https://www.fortify.net/sslcheck.html. This web site will detect your browser's encryption method and display a report.
Chapter 15: Advanced Administration Click the Key Length drop-down arrow to select the encryption level - 128 or 256. The CC-SG Port field displays 80. The Browser Connection Protocol field displays HTTPS/SSL selected. 5. Click Update to save your changes. Configure Browser Connection Protocol: HTTP or HTTPS/SSL In Security Manager, you can configure CC-SG to either use regular HTTP connections from clients or require HTTPS/SSL connections.
Chapter 15: Advanced Administration Require strong passwords for all users 1. Choose Administration > Security. 2. Click the Login Settings tab. 3. Select the Strong Passwords Required for All Users checkbox. 4. Select a Maximum Password Length. Passwords must contain fewer than the maximum number of characters. 5. Select a Password History Depth. The number specifies how many previous passwords are kept in the history and cannot be reused.
Chapter 15: Advanced Administration Lockout settings Administrators can lock out CC-SG users and SSH users after a specified number of failed login attempts. You can enable this feature for locally authenticated users, for remotely authenticated users, or for all users. Note: By default, the admin account is locked out for five minutes after three failed login attempts. For admin, the number of failed login attempts before lockout and after lockout is not configurable. To enable lockout: 1.
Chapter 15: Advanced Administration 2. Open the Login Settings tab. 3. Deselect the Lockout Enabled for Local Users checkbox to disable lockout for locally authenticated users. Deselect the Lockout Enabled for Remote Users checkbox to disable lockout for remotely authenticated users. 4. Click Update to save your changes. Allow concurrent logins per username You can permit more than one concurrent CC-SG session with the same username. 1. Choose Administration > Security. 2. Click the Login Settings tab.
Chapter 15: Advanced Administration 2. Open the Portal tab. Logo A small graphic file can be uploaded to CC-SG to act as a banner on the login page. The maximum size of the logo is 998 by 170 pixels. To upload a logo: 1. Click Browse in the Logo area of the Portal tab. An Open dialog appears. 2. Select the graphic file you want to use as your logo in the dialog, and then click Open. 3. Click Preview to preview the logo. The selected graphic file appears to the right. 4. Click Update to save your changes.
Chapter 15: Advanced Administration Click Browse. A dialog window opens. In the dialog window, select the text file with the message you want to use, and then click Open. The maximum length of the text message is 10,000 characters. Click Preview to preview the text contained in the file. The preview appears in the banner message field above. 3. Click Update to save your changes. The updates will appear on the login screen the next time a user accesses CC-SG.
Chapter 15: Advanced Administration a. Encryption Mode: If Require AES Encryption between Client and Server is selected in the Administration > Security > Encryption screen, AES-128 is the default. If AES is not required, DES 3 is the default. b. Private Key Length: 1024 is the default. c. Validity Period (days): Maximum 4 numeric characters. d. Country Code: CSR tag is Country Name. e. State or Province: Maximum 64 characters. Type in the whole state or province name. Do not abbreviate. f.
Chapter 15: Advanced Administration 14. Type raritan in the Password field if the CSR was generated by CC-SG. If a different application generated the CSR, use the password for that application. Note: If the imported certificate is signed by a root and subroot CA (certificate authority), using only a root or subroot certificate will fail. To resolve this, copy and paste both root and subroot certificate into one file, and then import it. To generate self signed certificate request: 1.
Chapter 15: Advanced Administration Access Control List An IP Access Control List specifies ranges of client IP addresses for which you want to deny or allow access to CC-SG. Each entry in the Access Control List becomes a rule that determines whether a user in a certain group, with a certain IP address, can access CC-SG. You can also set rules that apply to the whole CC-SG system (select System instead of a user group) at an operating system level.
Chapter 15: Advanced Administration 6. Click the Action drop-down arrow and select Allow or Deny to specify whether the specified users in the IP range can access CC-SG. 7. Click Update to save your changes. To change the order in which CC-SG applies rules: 1. Choose Administration > Security. 2. Click the Access Control List tab. 3. Select a rule you want to move up or down in the list. 4. Click the up or down arrow until the rule is in position. 5. Click Update to save your changes.
Chapter 15: Advanced Administration 6. Type the account name's password in the Password and Re-enter Password fields. Optional. Check with your email server administrator if this account information is required. 7. Type a valid email address that will identify messages from CC-SG in the From field. 8. Type the number of times emails should be re-sent should the send process fail in the Sending retries field. 9.
Chapter 15: Advanced Administration Schedule Sequential Tasks You may want to schedule tasks sequentially to confirm that expected behavior occurred. For example, you may want to schedule an Upgrade Device Firmware task for a given device group, and then schedule an Asset Management Report task immediately after it to confirm that the correct versions of firmware were upgraded. Email Notifications for Tasks Upon completion of a task, an email message can be sent to a specified recipient.
Chapter 15: Advanced Administration To view a task's details: Double-click a task to open a dialog containing the task details. Schedule a Task This section covers most tasks that can be scheduled. See Schedule a Device Firmware Upgrade (on page 277) for details on scheduling device firmware upgrades. To schedule a task: 1. Choose Administration > Tasks. 2. Click New. 3. In the Main tab, type a name and description for the task. Names can have 1-32 alphanumeric characters or underscores, no spaces. 4.
Chapter 15: Advanced Administration 7. In the Period field, click the radio button that corresponds to the period of time when the scheduled task will recur. a. Once: Use the up and down arrows to select the Start time at which the task should begin. b. Periodic: Use the up and down arrows to select the Start time at which the task should begin. Type the number of times the task should be executed in the Repeat Count field. Type the time that should elapse between repetitions in the Repeat Interval field.
Chapter 15: Advanced Administration 11. Click the Notification tab. 12. Specify email addresses to which a notification should be sent upon task success or failure. By default, the email address of the user currently logged in is available. User email addresses configured in the User Profile. To add another email address, click Add, type the email address in the window that opens, and then click OK. By default, email is sent if the task is successful.
Chapter 15: Advanced Administration a. Start Date/Time: Select the date and time at which the task begins. The start date/time must be later than the current date/time. b. Restrict Upgrade Window and Latest Upgrade Start Date/Time: If you must finish all upgrades within a specific window of time, use these fields to specify the date and time after which no new upgrades can begin. Select Restrict Upgrade Window to enable the Latest Upgrade Start Date/Time field. 7.
Chapter 15: Advanced Administration Change a Scheduled Task You can change a scheduled task before it runs. To change a scheduled task: 1. Select the task you want to change. 2. Click Edit. 3. Change the task specifications as needed. See Schedule a Task (on page 275) and Schedule a Device Firmware Upgrade (on page 277) for tab descriptions. 4. Click Update to save your changes. Reschedule a Task The Save As function in Task Manager enables you to reschedule a completed task that you want to run again.
Chapter 15: Advanced Administration Delete a Task You can delete a task to remove it from the Task Manager. You cannot delete a task that is currently running. To delete a task: Select the task, then click Delete. SSH Access to CC-SG Use Secure Shell (SSH) clients, such as Putty or OpenSHH Client, to access a command line interface to SSH (v2) server on CC-SG. Only a subset of CC-SG commands is provided via SSH to administer devices and CC-SG itself.
Chapter 15: Advanced Administration To display all SSH commands: At the shell prompt, type ls to display all commands available. Get Help for SSH Commands You can get limited help for all commands at once. You can also get in-depth help on a single command at a time. To get help for a single SSH command: 1. At the shell prompt, type the command you want help for, followed by a space and -h. For example: connect -h 2. Information on the command, parameters, and usage appear in the screen.
Chapter 15: Advanced Administration SSH Commands and Parameters The following table lists all commands available in SSH. You must be assigned the appropriate privileges in CC-SG to access each command. Some commands have additional parameters that you must type to execute the command. For more information about how to type commands, see Command Tips (on page 284).
Chapter 15: Advanced Administration To search for text from piped output stream: grep search_term To view the help screen for all commands: help To list available device configuration backups: listbackups <[-id ] | [host]> To list available devices: listdevices To list firmware versions available for upgrade: listfirmwares [[-id ] | [host]] To list all interfaces: listinterfaces [-id ] To list all nodes: listnodes To list all ports: listports [[-id ] | [host]] To
Chapter 15: Advanced Administration To restart a device: restartdevice <[-id ] | [host]> To restore a device configuration: restoredevice <[-host ] | [-id ]> [backup_id] To shutdown CC-SG: shutdowncc minutes [message] To open an SSH connection to an SX device: ssh [-e ] <[-id ] | [host]> To change a user: su [-u ] To upgrade a device's firmware: upgradedevice <[-id ] | [host]> To list all current users: userlist To exit the SSH ses
Chapter 15: Advanced Administration Command syntax Device ID value You should type ssh -id 100 ssh -id 100 The default escape character is a tilde followed by a period. For example: ~. See End SSH Connections (on page 287) for details on using the escape character and the exit command. You may have problems using the escape character in the Linux terminal or client. Raritan recommends that you define a new escape character when establishing a port connection.
Chapter 15: Advanced Administration 2. Connect to the device by typing ssh -id . Using the figure above as an example, you can connect to SX-229 by typing ssh -id 1370. Use SSH to Connect to a Node via a Serial Out-of-Band Interface You can use SSH to connect to a node through its associated serial out-of-band interface. The SSH connection is in proxy mode. 1. Type listinterfaces to view the node ids and associated interfaces. 2.
Chapter 15: Advanced Administration Command Alias Description prompt. get_write gw Gets Write Access. Allows SSH user to execute commands at target server while browser user can only observe proceedings. get_history gh Gets History. Displays the last few commands and results at target server. send_break sb Sends Break. Breaks the loop in target server initiated by browser user. help ?,h Prints help screen.
Chapter 15: Advanced Administration Serial Admin Port The serial admin port on CC-SG can be connected directly to a Raritan serial device, such as Dominion SX or KSX. You can connect to the SX or KSX via the IP address using a terminal emulation program, such as HyperTerminal or PuTTY. Set the baud rate in the terminal emulation program to match the SX or KSX baud rate. SX requirements: Use an ASCSDB9F adapter to connect the CC-SG unit to the SX.
Chapter 15: Advanced Administration Finding Your CC-SG Serial Number To find your CC-SG serial number: 1. Log into the Admin Client. 2. Choose Help > About Raritan Secure Gateway. 3. A new window opens with your CC-SG serial number. Web Services API You must accept the End User Agreement before adding a Web Services API client to CC-SG. You can add up to five WS-API clients. See the CC-SG Web Services API Guide for details on using the API. To add a Web Services API: 1.
Chapter 15: Advanced Administration e. State or Province: Maximum 64 characters. Type in the whole state or province name. Do not abbreviate. f. City/Locality: CSR tag is Locality Name. Maximum 64 characters. g. Registered Company Name: CSR tag is Organization Name. Maximum 64 characters. h. Division/Department Name: CSR tag is Organization Unit Name. Maximum 64 characters. i. Fully Qualified Domain Name: CSR tag is Common Name. j.
Chapter 16 Diagnostic Console The Diagnostic Console is a non-graphical, menu-based interface that provides local access to CC-SG. You can access Diagnostic Console from a serial or KVM port. See Access Diagnostic Console via VGA/Keyboard/Mouse Port (on page 291). Or, you can access Diagnostic Console from a Secure Shell (SSH) client, such as PuTTY or OpenSSH Client. See Access Diagnostic Console via SSH (on page 291). Diagnostic Console includes two interfaces: 1.
Chapter 16: Diagnostic Console Status Console About Status Console You can use the Status Console to check the health of CC-SG, the various services CC-SG uses, and the attached network. By default, Status Console does not require a password. You can configure CC-SG to provide the Status Console information over a Web interface. You must enable the Web Status Console-related options. See Access Status Console via Web Browser (on page 292).
Chapter 16: Diagnostic Console 2: Access the Status Console via web browser: 1. Using a supported Internet browser, type this URL: http(s):///status/ where is the IP address of the CC-SG. Note the forward slash (/) following /status is mandatory. For example, https://10.20.3.30/status/. 2. A status page opens. This page contains the same information as the Status Console.
Chapter 16: Diagnostic Console CC-SG Title, Date and Time The CC-SG title is constant so users know that they are connected to a CC-SG unit. The date and time at the top of the screen is the last time when the CC-SG data was polled. The date and time reflect the timing values saved on the CC-SG server. Message of the Day The Message of the Day (MOTD) box displays the first 5 lines of the MOTD which are entered in the CC-SG Admin Client.
Chapter 16: Diagnostic Console Information Description suspended. Down Web Status RAID Status Database server has not started yet. Most of the access to the CC-SG server is through the Web. This field shows the state of the Web server and available statuses include: Responding/Unsecured The Web server is up and answering http (unsecured) requests. Responding/Secured The Web server is up and answering https (secured) requests.
Chapter 16: Diagnostic Console Information Description Half-duplex. IPAddr The current Ipv4 Address of this interface. RX -Pkts The number of IP packets received on this interface since CC-SG was booted. TX -Pkts The number of IP packets transmitted on this interface since CC-SG was booted. Navigation Keys Reminder The bottom line on the screen displays the keyboard combination keys for invoking Help and exiting Status Console.
Chapter 16: Diagnostic Console Status Console via Web Browser After connecting to the Status Console via the web browser, the read-only Status Console web page appears. The web page displays the same information as the Status Console, and also updates the information approximately every 5 seconds. For information on the links for CC-SG Monitors at the bottom of the web page, see Display Historical Data Trending Reports (on page 321) and CC-SG Disk Monitoring (on page 371).
Chapter 16: Diagnostic Console Administrator Console About Administrator Console The Administrator Console allows you to set some initial parameters, provide initial networking configuration, debug log files, and perform some limited diagnostics and restarting CC-SG.
Chapter 16: Diagnostic Console The main Administrator Console screen appears. Administrator Console Screen Administrator Console screen consists of 4 main areas. Menu bar: You can perform Administrator Console functions by activating the menu bar. Press Ctrl+X to activate the menu bar or click a menu item using the mouse if you access Administrator Console via the SSH client. The File menu provides an alternative option to exit the Diagnostic Console.
Chapter 16: Diagnostic Console Status bar: Status bar is just above the navigation keys bar. It displays some important system information, including CC-SG's serial number, firmware version, and the time when the information shown in the main display area was loaded or updated. Screenshots containing this information may be useful when reporting your problems to Raritan Technical Support. Navigation keys bar: See Navigate Administrator Console (on page 300).
Chapter 16: Diagnostic Console Edit Diagnostic Console Configuration The Diagnostic Console can be accessed via the serial port (COM1), VGA/Keyboard/Mouse (KVM) port, or from SSH clients. If you want to access Status Console, one more access mechanism, Web access, is also available. For each port type, you can configure whether or not status or admin logins are allowed, and whether field support can access Diagnostic Console from the port.
Chapter 16: Diagnostic Console 4. Click Save. Edit Network Interfaces Configuration (Network Interfaces) In Network Interface Configuration, you can perform initial setup tasks, such as setting the hostname and IP address of the CC-SG. 1. Choose Operation > Network Interfaces > Network Interface Config. 2. If the network interfaces have already been configured, you will see a Warning message stating that you should use the CC-SG Admin Client to configure the interfaces. If you want to continue, click YES.
Chapter 16: Diagnostic Console Even if DHCP is being used to determine the IP configuration for an interface, you must provide a properly formatted IP address and Netmask. 6. In the Adapter Speed, select a line speed. The other values of 10, 100, and 1000 Mbps are on a scrollable list (where only one value is visible at any given time) and the arrow keys are used to navigate to them. Press the Space bar to select the option displayed. For 1 GB line speeds, select AUTO. 7.
Chapter 16: Diagnostic Console Option Description option, which will store the route of the packet inside the IP header. Use Broadcast Address Allows pinging a broadcast message. Adaptive Timing Adaptive ping. Interpacket interval adapts to round-trip time, so that effectively not more than one unanswered probes present in the network. Minimal interval is 200 msec. 4. Type values for how many seconds the ping command will execute, how many ping requests are sent, and the size for the ping packets.
Chapter 16: Diagnostic Console Option Description No DNS Resolution Does not resolve addresses to host names. Use ICMP (vs. normal UDP) Use ICMP ECHO instead of UDP datagrams. 4. Type values for how many hops the traceroute command will use in outgoing probe packets (default is 30), the UDP destination port to use in probes (default is 33434), and the size for the traceroute packets. If left blank, defaults will be used. Optional. 5. Click Traceroute in the bottom right-hand corner of the window. 6.
Chapter 16: Diagnostic Console Although you can delete all other routes, including the Default Gateway, doing this will greatly impact the communication with CC-SG.
Chapter 16: Diagnostic Console View Log Files in Diagnostic Console You can view one or more log files simultaneously via LogViewer, which allows browsing through several files at once to examine system activity. The Logfile list is updated only when the associated list becomes active, as when a user enters the logfile list area, or when a new sorting option is selected. File names are preceded by a timestamp indicating either how recently the logfile has received new data or the file size of the logfile.
Chapter 16: Diagnostic Console 3. Click with the mouse or use the arrow keys to navigate and press the Space bar to select a log file, marking it with an X. You can view more than one log file at a time. To sort the Logfiles to View list: The Sort Logfile list by options control the order in which logfiles are displayed in the Logfile to View list. Option Description Individual Windows Display the selected logs in separate sub-windows. Merged Windows Merge the selected logs into one display window.
Chapter 16: Diagnostic Console Option Description and forwarded to Raritan Technical Support. Access to the contents of this package is not available to customer. Exported logfiles will be available for up to 10 days, and then the system will automatically delete them. View View the selected log(s). When View is selected with Individual Windows, the LogViewer displays: While viewing log files, press Q, Ctrl+Q, or Ctrl+C to return to the previous screen.
Chapter 16: Diagnostic Console Note: System load is static as of the start of this Admin Console session - use the TOP utility to dynamically monitor system resources. To filter a log file with a regular expression: 1. Type e to add or edit a regular expression and select a log from the list if you have chosen to view several. 2. Type A to add a regular expression. For example, to display information on the WARN messages in sg/jboss/console.log log file, enter WARN and select match.
Chapter 16: Diagnostic Console Diagnostic Console. See Restarting CC-SG (on page 229). Restarting CC-SG in Diagnostic Console will NOT notify users that it is being restarted. To restart CC-SG with Diagnostic Console: 1. Choose Operation > Admin > CC-SG Restart. 2. Either click Restart CC-SG Application or press Enter. Confirm the restart in the next screen to proceed. Reboot CC-SG with Diagnostic Console This option will reboot the entire CC-SG, which simulates a power cycle.
Chapter 16: Diagnostic Console 2. Either click REBOOT System or press Enter to reboot CC-SG. Confirm the reboot in the next screen to proceed. Power Off CC-SG System from Diagnostic Console This option will power off the CC-SG unit. Logged-in users will not receive a notification. CC-SG, SSH, and Diagnostic Console users (including this session) will be logged off. Any connections to remote target servers will be terminated.
Chapter 16: Diagnostic Console 2. Either click Power OFF the CC-SG or press Enter to remove AC power from the CC-SG. Confirm the power off operation in the next screen to proceed. Reset CC Super-User Password with Diagnostic Console This option will reset the password for the CC Super User account to the factory default value. Factory default password: raritan Note: This is not the password for the Diagnostic Console admin user. See Diagnostic Console Password Settings (on page 316).
Chapter 16: Diagnostic Console 2. Either click Reset CC-SG GUI Admin Password or press Enter to change the admin password back to factory default. Confirm the password reset in the next screen to proceed. Reset CC-SG Factory Configuration (Admin) This option will reset all or parts of the CC-SG system back to their factory default values. All active CC-SG users will be logged out without notification and SNMP processing will stop. It is recommended to use the default options selected.
Chapter 16: Diagnostic Console Option Description Full CC-SG Database Reset This option removes the existing CC-SG database and builds a new version with the factory default values. Network settings, SNMP settings, firmware, and diagnostic console settings are not part of the CC-SG database. IP-ACL settings are reset with a Full Database reset whether you select the IP ACL Tables option or not.
Chapter 16: Diagnostic Console Option Description Diagnostic Console Reset This option restores Diagnostic Console settings back to factory defaults. IP Access Control Lists Reset This option removes all entries from the IP-ACL table. IP-ACL settings are reset with a Full Database reset whether you select the IP Access Control Lists reset option or not. See Access Control List (on page 271). To reset CC-SG to the factory configuration: 1. Choose Operation > Admin > Factory Reset. 2.
Chapter 16: Diagnostic Console 2. In the Password History Depth field, type the number of passwords that will be remembered. The default setting is five. 3. Select either Regular, Random, or Strong for the admin and status (if enabled) passwords. Password setting Description Regular These are standard. Passwords must be longer than four characters with few restrictions. This is the system default password configuration. Random Provides randomly generated passwords.
Chapter 16: Diagnostic Console Diagnostic Console Account Configuration By default, the status account does not require a password, but you can configure it to require one. Other aspects of the admin password can be configured and the Field Support accounts can be enabled or disabled. To configure accounts: 1. Choose Operation > Admin > DiagCon Passwords > Account Configuration. 2. In the screen that appears, you can view the settings for each account: Status, Admin, FS1, and FS2.
Chapter 16: Diagnostic Console Setting Description User \ User Name (Read-only). This is the current user name or ID for this account. Last Changed (Read-only). This is the date of the last password change for this account. Expire (Read-only). This is the day that this account must change its password. Mode A configurable option if the account is disabled (no login allowed), or enabled (authentication token required), or access is allowed and no password is required.
Chapter 16: Diagnostic Console Configure Remote System Monitoring You can enable the remote system monitoring feature to use the GKrellM tool. The GKrellM tool provides a graphical view of resource utilization on the CC-SG unit. This tool is similar to the Windows Task Manager's Performance tab. 1: Enable remote system monitoring for the CC-SG unit: 1. Choose Operation > Utilities > Remote System Monitoring. 2. Select Enabled in the Remote Monitoring Service field. 3.
Chapter 16: Diagnostic Console 3: Configure the remote system monitoring client to work with CC-SG: Follow the instructions in the Read Me file to set the CC-SG unit as the target to monitor. Windows users must use the command line to locate the Gkrellm installation directory and then run the commands specified in the Read. Display Historical Data Trending Reports Historical data trending gathers information about CPU utilization, memory utilization, Java Heap space, and network traffic.
Chapter 16: Diagnostic Console Display RAID Status and Disk Utilization This option displays the status of CC-SG disks, including disk size, active and up status, state of the RAID-1, and amount of space currently used by various file systems. To display disk status of the CC-SG: 1. Choose Operation > Utilities > Disk / RAID Utilities > RAID Status + Disk Utilization. 2. Either click Refresh or press Enter to refresh the display.
Chapter 16: Diagnostic Console Perform Disk or RAID Tests You can manually perform SMART disk drive tests or RAID check and repair operations. To perform a disk drive test or a RAID check and repair operation: 1. Choose Operation > Utilities > Disk/RAID Utilities > Manual Disk/RAID Tests. 2. To perform a SMART disk drive test: a. In the Disk Test section, select the type of test, and the disk drive that you want to test. b. Select Submit. c. The test is scheduled and a SMART information screen displays.
Chapter 16: Diagnostic Console d. After the test is complete, you can view the results in the Repair/Rebuild RAID screen. See Repair or Rebuild RAID Disks (on page 326). If a non-zero value displays in the Mis-Match column for the given Array, indicating that there may be a problem, you should contact Raritan Technical Support for assistance.
Chapter 16: Diagnostic Console Schedule Disk Tests You can schedule SMART-based tests of the disk drives to be periodically performed. Firmware on the disk drive will perform these tests, and you can view the test results in the Repair/Rebuild screen. See Repair or Rebuild RAID Disks (on page 326). SMART tests can be performed while CC-SG is operational and in use. They have a marginal impact on the CC-SG performance, but CC-SG activities may significantly delay the completion of the SMART tests.
Chapter 16: Diagnostic Console 2. Click with the mouse or use the arrow keys to navigate and press the Space bar to select a test type, marking it with an X. Different types of tests take a different period of time. A Short test takes about 2 minutes to complete when the system is lightly loaded. A Conveyance test takes about 5 minutes. A Long test takes about 50 minutes. An OffLine test takes up to 50 minutes. 3. Specify the date and time for running this test.
Chapter 16: Diagnostic Console 2. If any item does not show "No" under the "Replace??" or "Rebuild??" column, contact Raritan Technical Support for assistance. A good system: A contrived system showing multiple problems: The system will update displayed information when you move between Disk Drive Status, RAID Array Status, and Potential Operations box using the Tab key or mouse clicks. 3.
Chapter 16: Diagnostic Console 4. Selecting either Replace Disk Drive or Rebuild RAID Array, and follow onscreen instructions until you finish the operation. View Top Display with Diagnostic Console Top Display allows you to view the list of currently-running processes and their attributes, as well as overall system health. To display the processes running on CC-SG: 1. Choose Operation > Utilities > Top Display. 2. View the total running, sleeping, total number, and processes that have stopped. 3.
Chapter 16: Diagnostic Console NTP is not enabled or not configured properly: NTP is properly configured and running: 329
Chapter 16: Diagnostic Console Take a System Snapshot When CC-SG does not function properly, it is extremely helpful if you can capture the information stored in CC-SG, such as the system logs, configurations or database, and provide it to Raritan Technical Support for analysis and troubleshooting. 1: Take a snapshot of CC-SG: 1. Choose Operation > Utilities > System Snapshot. 2. Click or select Yes. The System Snapshot menu opens. 3.
Chapter 16: Diagnostic Console 2: Retrieve the CC-SG snapshot file: 1. Using a supported Internet browser, type this URL: http(s):///upload/ where is the IP address of the CC-SG. Note the forward slash (/) following /upload is mandatory. For example, https://10.20.3.30/upload/. 2. The Enter Network Password dialog appears. Type the User Name and Password of the Diagnostic Console admin account, and click OK to log in. 3.
Chapter 17 Power IQ Integration If you have a CC-SG and Power IQ, there are severals ways to use them together. 1. Control power to Power IQ IT devices via CC-SG. For example, if you want to control power to a Power IQ IT device which is also a CC-SG node, you can use a Power IQ Proxy interface to give power control commands in CC-SG. 2. Use CSV file imports and exports to share data between these two systems.
Chapter 17: Power IQ Integration Configuring Power IQ Services You must configure the Power IQ Service before you can add Power IQ proxy interfaces to nodes, or synchronize Power IQ with CC-SG to add IT Devices to CC-SG as nodes. This is done via the CC-SG Access menu. You must have the CC Setup and Control permission to configure Power IQ services. To configure Power IQ services: 1. Make sure the Web API is enabled in Power IQ. In the Settings tab, click Web API in the Security and Encryption section.
Chapter 17: Power IQ Integration Troubleshoot Connections to Power IQ Check these possible error messages and solutions to troubleshoot your connection to a Power IQ. Determine the cause, then edit the configuration to correct it. See Configuring Power IQ Services (on page 333). Message Resolution Unable to communicate with managing device at . This error could indicate several conditions. The connection was refused remotely. No process is listening on the remote address or port.
Chapter 17: Power IQ Integration Configuring Synchronization of Power IQ and CC-SG CC-SG will synchronize with Power IQ to add the IT Devices configured in Power IQ to CC-SG as nodes. When synchronizing, CC-SG will create a node with a PowerIQ Proxy interface for each new IT Device identified. When CC-SG detects a duplicated node, the synchronization policy you choose determines whether the nodes are consolidated, renamed, or rejected.
Chapter 17: Power IQ Integration Step 3 - Create a synchronization policy: Note: The synchronization policy applies to ALL Power IQ instances configured in CC-SG. See Power IQ Synchronization Policies (on page 337) for details of each policy and other synchronization results. 1. In the Synchronization section, select the radio button for the synchronization policy: Consolidate Nodes Rename Duplicate Nodes Reject Duplicate Nodes 2. Click OK to save.
Chapter 17: Power IQ Integration Power IQ Synchronization Policies When CC-SG detects a duplicated node, the synchronization policy you choose determines whether the nodes are consolidated, renamed, or rejected. See Configuring Synchronization of Power IQ and CC-SG (on page 335) to set the synchronization policy.
Chapter 17: Power IQ Integration Import Power Strips from Power IQ You can import Dominion PX devices and their outlet names from Power IQ. If the Dominion PX devices are already managed by CC-SG, you must delete them first. The import adds the Dominion PX devices, and configures and names the outlets specified in the CSV file. Non-Dominion PX devices and outlets in the CSV file are ignored during import.
Chapter 17: Power IQ Integration Column number Tag or value Details 6 Configure All Outlets TRUE or FALSE Default is FALSE. 7 Description Optional. Step 3: Import the edited CSV file into CC-SG 1. In the CC-SG Admin Client, choose Administration > Import > Import Powerstrips. 2. Click Browse and select the CSV file to import. Click Open. 3. Click Validate. The Analysis Report area shows the file contents. If the file is not valid, an error message appears.
Chapter 17: Power IQ Integration 3. Type a name for the file and choose the location where you want to save it 4. Click Save. Step 2: Edit the CSV file and import into Power IQ: The export file contains three sections. Read the comments in the CSV file for instructions on how to use each section as part of a Power IQ multi-tabbed CSV import file. See the Power IQ User Guide and CSV Import Template in the Support section of Raritan.com, on the Firmware and Documentation page.
Appendix A Specifications for V1 and E1 In This Chapter V1 Model................................................................................................341 E1 Model................................................................................................342 V1 Model V1 General Specifications Form Factor 1U Dimensions (DxWxH) 24.21”x 19.09” x 1.75” 615 mm x 485 mm x 44 mm Weight 23.80lb (10.
Appendix A: Specifications for V1 and E1 Operating Humidity 5% - 95% RH Altitude Operate properly at any altitude between 0 to 10,000 feet, storage 40,000 feet (Estimated) Vibration 5-55-5 HZ, 0.38mm,1 minutes per cycle; 30 minutes for each axis (X,Y,Z) Shock N/A E1 Model E1 General Specifications Form Factor 2U Dimensions (DxWxH) 27.05”x 18.7” x 3.46”-687 mm x 475 mm x 88 mm Weight 44.
Appendix A: Specifications for V1 and E1 Operating perpendicular axes X, Y, and Z Non-Operating Temperature -40°-70° C Humidity 5-90%, non-condensing Altitude Sea level to 40,000 feet Vibration 10 Hz to 300 Hz sweep at 2 g constant acceleration for one hour on each of the perpendicular axes X, Y, and Z Shock 30 g for 11 ms with a ½ sine wave for each of the perpendicular axes X, Y, and Z 343
Appendix B CC-SG and Network Configuration This appendix contains network requirements, including addresses, protocols, and ports, of a typical CC-SG deployment. It includes information about how to configure your network for both external access and internal security and routing policy enforcement. Details are provided for the benefit of a TCP/IP network administrator. The TCP/IP administrator's role and responsibilities may extend beyond that of a CC-SG administrator.
Appendix B: CC-SG and Network Configuration Port Number Protocol Purpose Details Raritan device that will be externally accessed. The other ports in the table must be opened only for accessing CC-SG. AES-128/AES-256 encrypted if configured. 80 and 443 for Control System nodes TCP Virtual Node Access N/A TCP SX Target Access (Direct Mode) AES-128/AES-256 encrypted if configured.
Appendix B: CC-SG and Network Configuration CC-SG and Raritan Devices A main role of CC-SG is to manage and control Raritan devices, such as Dominion KX II.
Appendix B: CC-SG and Network Configuration Communication Direction Port Number Protocol Configurable? Details CC-SG to Remote LAN IP 10000 UDP no heartbeat CC-SG to CC-SG 5432 TCP no From HA-JDBC on Primary to Backup PostgreSQL DB server. Not encrypted. CC-SG to CC-SG 8732 TCP no Primary-Backup server sync clustering control data exchange. MD5 encrypted. CC-SG to CC-SG 3232 TCP no Primary-Backup SNMP sync configuration changes forwarding. Not encrypted.
Appendix B: CC-SG and Network Configuration Communication Direction Port Number Protocol Configurable? Details PC Client to CC-SG 443 TCP no Client-server communication. SSL/AES-128/AES-256 encrypted if configured. PC Client to CC-SG 80 TCP no Client-server communication. Not encrypted. If SSL is enabled, Port 80 is redirected to 443. PC Client to CC-SG 8080 TCP no Client-server communication. SSL/AES-128/AES-256 encrypted if configured. Port 8080 is open on CC-SG, not on the PC client.
Appendix B: CC-SG and Network Configuration Communication Direction Port Number Protocol Configurable? Details Client to Raritan Device 5000 to Out-of-Band KVM (on Raritan Node Device) (Direct Mode) TCP yes Client-server communication. Client to Raritan 51000 Dominion SX Device to (on Raritan Out-of-Band Serial Device) Node TCP SSL/AES-128/AES-256 encrypted if configured. yes Client-server communication. SSL/AES-128/AES-256 encrypted if configured.
Appendix B: CC-SG and Network Configuration Communication Direction Port Number Protocol Configurable? Details CC-SG to SNMP Manager 162 UDP yes SNMP standard CC-SG Internal Ports CC-SG uses several ports for internal functions, and its local firewall function blocks access to these ports. However, some external scanners may detect these as “blocked” or “filtered.” External access to these ports is not required and can be further blocked.
Appendix B: CC-SG and Network Configuration RDP Access to Nodes Port 3389 must be open for RDP access to nodes. VNC Access to Nodes Port 5800 or 5900 must be open for VNC access to nodes. SSH Access to Nodes Port 22 must be open for SSH access to nodes. Remote System Monitoring Port When the Remote System Monitoring feature is enabled, port 19150 is opened by default. See Configure Remote System Monitoring (on page 320).
Appendix C User Group Privileges This table shows which privilege must be assigned for a user to have access to a CC-SG menu item. *None means that no particular privilege is required. Any user who has access to CC-SG will be able to view and access these menus and commands. Menu > Sub-menu Menu Item Required Privilege Description Secure Gateway This menu is available for all users.
Appendix C: User Group Privileges Menu > Sub-menu Devices Menu Item Required Privilege Node Auditing User Management Description This menu and the Devices tree is available only for users with any one of the following privileges: Device, Port, and Node Management Device Configuration and Upgrade Management Discover Devices Device, Port, and Node Management > Device Manager >> Configuration > Add Device Device, Port, and Node Management (Editing devices) Device, Port, and Node Management > Dele
Appendix C: User Group Privileges Menu > Sub-menu > Change View > Port Manager Menu Item Required Privilege > Launch Admin Device, Port, and Node Management or Device Configuration and Upgrade Management > Launch User Station Admin Device, Port, and Node Management > Disconnect Users Device, Port, and Node Management or Device Configuration and Upgrade Management > Topology View Device, Port, and Node Management > Create Custom View Device, Port, and Node Management or Device Configuration an
Appendix C: User Group Privileges Menu > Sub-menu Menu Item Required Privilege Description Configuration and Upgrade Management > By Port Number Device, Port, and Node Management or Device Configuration and Upgrade Management Nodes This menu and the Nodes tree is available only for users with any one of the following privileges: Device, Port, and Node Management Node In-Band Access Node Out-of-Band Access Node Power Control Add Node Device, Port, and Node Management (Editing Nodes) Device, Port, an
Appendix C: User Group Privileges Menu > Sub-menu Menu Item Required Privilege Group Power Control Power Control Configure Blades Device, Port, and Node Management > Node Sorting Options Ping Node Device, Port, and Node Management Bookmark Node Interface Node In-band Access or Node Out-of-band Access > By Node Name Any of the following: Device, Port, and Node Management or Node In-band Access or Node Out-of-band Access or Power Control > By Node Status Any of the following: Device, Port, and Nod
Appendix C: User Group Privileges Menu > Sub-menu Menu Item Required Privilege Description Node Out-of-Band Access or Node Power Control > Tree View Any of the following: Device, Port, and Node Management or Node In-band Access or Node Out-of-band Access or Node Power Control Associations Reports > Users This menu is available only for users with the User Security Management privilege > Association User Security Management Includes ability to add, modify, and delete.
Appendix C: User Group Privileges Menu > Sub-menu Menu Item Required Privilege Description Data > Devices > Nodes > Active Directory > Device Asset Report Device, Port, and Node Management or Device Configuration and Upgrade Management > Device Group Data Device, Port, and Node Management > Query Port Device, Port, and Node Management > Node Asset Report Device, Port, and Node Management > Active Nodes Device, Port, and Node Management > Node Creation Device, Port, and Node Management >
Appendix C: User Group Privileges Menu > Sub-menu Menu Item Required Privilege Firmware CC Setup and Control or Description Device Configuration and Upgrade Management > Import Configuration CC Setup and Control Cluster Configuration CC Setup and Control Neighborhood CC Setup and Control Security CC Setup and Control Notifications CC Setup and Control Tasks CC Setup and Control Compatibility Matrix Device, Port, and Node Management or Device Configuration and Upgrade Management Import
Appendix C: User Group Privileges Menu > Sub-menu Menu Item Required Privilege Export Nodes CC Setup and Control and Device, Port, and Node Management Export Devices CC Setup and Control and Device, Port, and Node Management Export Power IQ Data CC Setup and Control and Backup CC Setup and Control Restore CC Setup and Control Reset CC Setup and Control Restart CC Setup and Control Upgrade CC Setup and Control Shutdown CC Setup and Control > Enter Maintenance Mode CC Setup and Control
Appendix D SNMP Traps CC-SG provides the following SNMP traps: SNMP Trap Description ccUnavailable CC-SG application is unavailable. ccAvailable CC-SG application is available. ccUserLogin CC-SG user logged in. ccUserLogout CC-SG user logged out. ccPortConnectionStarted CC-SG session started. ccPortConnectionStopped CC-SG session stopped. ccPortConnectionTerminated CC-SG session terminated. ccImageUpgradeStarted CC-SG image upgrade started.
Appendix D: SNMP Traps SNMP Trap Description ccDiagnosticConsoleLogout User has logged out of the CC-SG Diagnostic Console. ccUserGroupAdded A new user group has been added to CC-SG. ccUserGroupDeleted CC-SG user group has been deleted. ccUserGroupModified CC-SG user group has been modified. ccSuperuserNameChanged CC-SG Superuser username has changed. ccSuperuserPasswordChanged CC-SG Superuser password has changed. ccLoginBannerChanged CC-SG login banner has changed.
Appendix E CSV File Imports This section contains more information about CSV file imports. In This Chapter Common CSV File Requirements .........................................................364 Audit Trail Entries for Importing .............................................................365 Troubleshoot CSV File Problems ..........................................................
Appendix E: CSV File Imports Common CSV File Requirements The best way to create the CSV file is to export a file from CC-SG, and then use the exported CSV file as an example for creating your own. The export file contains comments at the top that describe each item in the file. The comments can be used as instructions for creating a file for importing. It is recommended to create the import file in a spreadsheet program like Microsoft Excel. Enter each item in its own cell.
Appendix E: CSV File Imports Audit Trail Entries for Importing Each item imported into CC-SG is logged in the Audit Trail. Skipped duplicates are not logged in the Audit Trail. The Audit Trail includes an entry for the following actions, under the Message Type "Configuration." Import of CSV file started Import of CSV file completed, including number of records successfully added, number of records failed, and number of duplicate records ignored.
Appendix E: CSV File Imports Troubleshoot CSV File Problems To troubleshoot CSV file validation: Error messages appear in the Problems area of the Import page. The error messages identify problems that are found in the CSV file during validation. You can save the list of errors to a CSV file. Each error includes the line number where the error occurs in the CSV file. See the comments at the top of an export file to help you correct errors. When the file has been corrected, validate the file again.
Appendix F Troubleshooting Launching CC-SG from your web browser requires a Java plug-in. If your machine has an incorrect version, CC-SG will guide you through the installation steps. If your machine does not have a Java plug-in, CC-SG cannot automatically launch. In this case, you must uninstall or disable your old Java version and provide serial port connectivity to CC-SG to ensure proper operation. If CC-SG does not load, check your web browser settings.
Appendix F: Troubleshooting If you access more than one CC-SG unit using the same client and Firefox, you may see a "Secure Connection Failed" message that says you have an invalid certificate. You can resume access by clearing the invalid certificate from your browser. a. In Firefox, choose Tools > Options. b. Click Advanced. c. Click the Encryption tab. d. Click View Certificates and find "Raritan" in the list. e. Select the CommandCenter item and click Delete. Click OK to confirm.
Appendix G Diagnostic Utilities CC-SG comes with a few diagnostic utilities which may be extremely helpful for you or Raritan Technical Support to analyse and debug the cause of CC-SG problems. In This Chapter Memory Diagnostic ................................................................................369 Debug Mode ..........................................................................................370 CC-SG Disk Monitoring ........................................................................
Appendix G: Diagnostic Utilities Capture the Memtest86+ screen containing the memory errors and contact Raritan Technical Support for assistance. Shut down CC-SG and re-install the memory DIMM modules to ensure the contact is good. Then perform the Memtest86+ diagnostic to verify if the memory issue is resolved. 2: Terminate the Memtest86+ diagnostic program: 1. Press Esc. 2. CC-SG will reset and reboot.
Appendix G: Diagnostic Utilities CC-SG Disk Monitoring If CC-SG disk space exhaustion in one or more file systems occurs, it may negatively impact your operation and even results in the loss of some engineering data. Therefore, you should monitor the CC-SG disk usage and take corrective actions to prevent or resolve potential issues. You may perform the disk monitoring either via the Diagnostic Console or via the Web browser. If you are a sophisticated user, you may use the gkrellm remote monitoring.
Appendix G: Diagnostic Utilities File system Data Corrective action /opt CC-SG backups and snapshots 1. Save any new snapshot files on a remote client PC. See Take a System Snapshot (on page 330) for the retrieval procedure. 2. Enter the System Snapshot menu. See Take a System Snapshot (on page 330). 3. Select Pre-Clean-up SNAP area. 4. Select Pre-Clean-up UPLOAD area. 5. Deselect SNAP. 6. Deselect Package & Export. 7. Click or select Submit. 8.
Appendix G: Diagnostic Utilities Note: For file system problems that are not mentioned in this section, or when the corrective actions you take cannot resolve the problems, contact Raritan Technical Support for assistance.
Appendix H Two-Factor Authentication CC-SG can be configured to point to an RSA RADIUS Server that supports two-factor authentication via an associated RSA Authentication Manager. CC-SG acts as a RADIUS client and sends user authentication requests to RSA RADIUS Server. The authentication request includes user id, a fixed password, and a dynamic token code. In This Chapter Supported Environments for Two-Factor Authentication ......................374 Two-Factor Authentication Setup Requirements ...........
Appendix I FAQs In This Chapter General FAQs ........................................................................................375 Authentication FAQs ..............................................................................377 Security FAQs .......................................................................................378 Accounting FAQs ...................................................................................379 Performance FAQs ...............................................
Appendix I: FAQs Question Answer Can I upgrade to newer versions of CC-SG software as they become available? Yes. Contact your authorized Raritan sales representative or Raritan, Inc. directly.
Appendix I: FAQs Question Answer a single location. It also supports the network model with IP-Reach and the IP User Station (UST-IP). The network model scales through use of the TCP/IP network and aggregates access through CC-SG, so users don't have to know IP addresses or the topology of access devices. It also provides the convenience of single sign-on.
Appendix I: FAQs Question Answer security tools such as LDAP, TACACS+, RADIUS, and LDAP. AD, RADIUS, and so on? Why does the error message "Incorrect username and/or password" appear after I correctly enter a valid username and password to log into CC-SG? Check the user account in AD. If AD is set to "Logon To" specific computers on the domain, it disallows you to log into CC-SG. In this case, remove the "Logon To" restriction in AD.
Appendix I: FAQs Question WAN, but LAN, too)? Answer Does CC-SG support CRL List, that is, LDAP list of invalid certificates? No. Does CC-SG support Client Certificate Request? No. Accounting FAQs Question Answer Accounting The event times in the Audit Trail report seem incorrect. Why? Log event times are logged according to the time settings of the client computer. You can adjust the computer's time and date settings.
Appendix I: FAQs Grouping FAQs Question Answer Grouping Is it possible to put a given server in more than one group? Yes. Just as one user can belong to multiple groups, one device can belong to multiple groups. What impact to other usage would be blocked through the active usage of the console port, for example, some UNIX variants not allowing admin over network interfaces? A console is generally considered a secure and reliable access path of last resort.
Appendix I: FAQs Interoperability FAQs Question Answer Interoperability How does CC-SG integrate with Blade Chassis products? CC-SG can support any device with a KVM or serial interface as a transparent pass-through.
Appendix I: FAQs 382
Appendix J Keyboard Shortcuts The following keyboard shortcuts can be used in the Java-based Admin Client.
Appendix K Naming Conventions This appendix includes information about the naming conventions used in CC-SG. Comply with the maximum character lengths when naming all the parts of your CC-SG configuration. In This Chapter User Information ....................................................................................384 Node Information ...................................................................................384 Location Information ...........................................................
Appendix K: Naming Conventions Field in CC-SG Number of characters CC-SG allows Audit Information 256 Location Information Field in CC-SG Number of characters CC-SG allows Department 64 Site 64 Location 128 Contact Information Field in CC-SG Number of characters CC-SG allows Primary Contact Name 64 Telephone Number 32 Cell Phone 32 Secondary Contact Name 64 Telephone Number 32 Cell Phone 32 Field in CC-SG Number of characters CC-SG allows Service Account Name 64 User Name 64
Appendix K: Naming Conventions Field in CC-SG Number of characters CC-SG allows Device Description 160 Device IP/Hostname 64 Username 64 Password 64 Notes 256 Field in CC-SG Number of characters CC-SG allows Port Name 32 Field in CC-SG Number of characters CC-SG allows Category Name 32 Element Name 32 Device Group Name 40 Node Group Name 40 Field in CC-SG Number of characters CC-SG allows Cluster Name 64 Neighborhood Name 64 Authentication Module Name 31 Backup Name 64 B
Appendix L Diagnostic Console Bootup Messages Prior to version 4.0, CC-SG Diagnostic Console displays a number of messages on the screen each time when it boots up. These messages are standard Linux diagnostic and warning messages and usually do not imply any system problems. The table offers a short introduction to a few frequent messages. Message Description hda: The message indicates that something on the system is trying to communicate with the DVD-ROM drive.
Index A About Administrator Console • 291, 298 About Applications for Accessing Nodes • 235 About Associations • 41 About CC-SG LAN Ports • 239, 240, 243 About CC-SG passwords • 264 About Connection Modes • 101, 247 About Default Applications • 237 About Interfaces • 101, 247 About LDAP and CC-SG • 201 About Network Setup • 3, 30, 239, 253, 302 About Nodes • 100 About RADIUS and CC-SG • 206 About Status Console • 291, 292 About TACACS+ and CC-SG • 205 About Terminal Emulation Programs • 288 Access a CC-SG C
Index Adding, Editing, and Deleting Node Groups • 150 Adding, Editing, and Deleting Nodes • 108 Adding, Editing, and Deleting User Groups • 107, 159 Adding, Editing, and Deleting Users • 163 Administration • 386 Administrator Console • 298 Administrator Console Screen • 299 Advanced Administration • 164, 165, 191, 195, 234 AES Encryption • 261 All Users Data Report • 213 Allow concurrent logins per username • 266 Apply a Custom View for Devices • 184 Apply a Custom View for Nodes • 181 Assign a Default Cus
Index Change your email address • 173 Change your name • 172 Change your password • 172 Changing the Blade Server Status • 66 Check Your Browser for AES Encryption • 262 Checking and Upgrading Application Versions • 31, 235 Checking the Compatibility Matrix • 31 Clear the Browser's Cache • 230, 231, 367 Clear the Java Cache • 230, 231, 236, 367 Client Browser Requirements • 4 Command Line Utilities for Managing License Server • 25 Command Tips • 282, 284 Common CSV File Requirements • 44, 77, 139, 167, 364
Index Delete a Blade Chassis Device • 67, 68 Delete a Category • 43 Delete a Cluster • 256 Delete a Custom View for Devices • 185 Delete a Custom View for Nodes • 182 Delete a Device Group • 76 Delete a Neighborhood • 260 Delete a Neighborhood Member • 260 Delete a Node • 109, 119 Delete a Node Group • 154 Delete a PowerStrip Connected to a KX, KX2, KX2-101, KSX2, or P2SC Device • 94, 95 Delete a PowerStrip Connected to an SX 3.0 or KSX Device • 95, 96 Delete a Powerstrip Connected to an SX 3.
Index Entering Maintenance Mode • 31, 221, 230, 235 Error Log Report • 211 Establishing Order of External AA Servers • 190 Example Adding a Web Browser Interface to a PX Node • 132, 134 Exit CC-SG • 233 Exiting Maintenance Mode • 222, 231 Export Categories and Elements • 44, 46 Export Devices • 77, 82 Export Dominion PX Data to Use in Power IQ • 332, 339 Export Nodes • 131, 139, 147, 149 Export Users • 167, 171 F FAQs • 375 Filter by Device Group • 180 Filter by Node Group • 180 Find and View Tasks • 274
Index Limit the Number of KVM Sessions per User • 39, 159, 160, 162 Linux Server • 18, 21 Location Information • 385 Locked Out Users Report • 213 Lockout settings • 213, 265 Log in to CC-SG • 23 Log in to Diagnostic Console to Set CC-SG IP Address • 22 Log Out of CC-SG • 233 Logging Users Out • 173 Login Settings • 263 M Maintenance Mode • 177, 221 Manage the Neighborhood Configuration • 259 Managed Powerstrips • 47, 54, 56, 92, 93 Managing Device Firmware • 238 Memory Diagnostic • 369 Message of the Day
Index Recover a Cluster • 255 Refresh a Neighborhood • 260 Remote Authentication • 156, 187, 261 Remote System Monitoring Port • 351 Renaming and Moving AD Groups • 201 Repair or Rebuild RAID Disks • 323, 324, 325, 326 Reports • 208, 275 Require AES Encryption between Client and CC-SG • 262 Require strong passwords for all users • 264 Required Open Ports for CC-SG Networks Executive Summary • 344 Requirements for CC-SG Clusters • 253 Reschedule a Task • 279 Reset CC Super-User Password with Diagnostic Cons
Index Supported Environments for Two-Factor Authentication • 374 Switch the Primary and Secondary Node Status • 255 Synchronize All AD Modules • 195, 197, 198, 199, 275 Synchronize All User Groups with AD • 195, 197, 198 Synchronize Power IQ and CC-SG • 275, 336 Synchronize the Virtual Infrastructure • 121 Synchronizing AD with CC-SG • 197 Synchronizing the Virtual Infrastructure with CC-SG • 120 System Administrators Group • 158 System Maintenance • 221 System, Server and Network Status • 294 T TACACS+ G
Index What's New in the CC-SG Administrators Guide • xvii Wildcard Examples • 52 Wildcards for Search • 52 Windows Server • 19, 21 Y Your User Profile • 172 397
U.S./Canada/Latin America Monday - Friday 8 a.m. - 6 p.m. ET Phone: 800-724-8090 or 732-764-8886 For CommandCenter NOC: Press 6, then Press 1 For CommandCenter Secure Gateway: Press 6, then Press 2 Fax: 732-764-8887 Email for CommandCenter NOC: tech-ccnoc@raritan.com Email for all other products: tech@raritan.com China Europe Europe Monday - Friday 8:30 a.m. - 5 p.m. GMT+1 CET Phone: +31-10-2844040 Email: tech.europe@raritan.com United Kingdom Monday - Friday 8:30 a.m. to 5 p.m.