Dominion KX II User Guide Release 2.3.5 Copyright © 2011 Raritan, Inc. DKX2-v2.3.
This document contains proprietary information that is protected by copyright. All rights reserved. No part of this document may be photocopied, reproduced, or translated into another language without express prior written consent of Raritan, Inc. © Copyright 2011 Raritan, Inc. All third-party software and hardware mentioned in this document are registered trademarks or trademarks of and are the property of their respective holders.
Contents Chapter 1 Introduction 1 KX II Overview ............................................................................................................................... 2 KX II Help ....................................................................................................................................... 4 Related Documentation ....................................................................................................... 5 KX II Client Applications ...........................
Contents Video Properties ................................................................................................................ 63 Mouse Options................................................................................................................... 68 VKC Virtual Media ............................................................................................................. 73 Smart Cards (VKC, AKC and MPC) ...........................................................................
Contents Adding a New User .......................................................................................................... 120 Modifying an Existing User .............................................................................................. 120 Logging a User Off (Force Logoff) ................................................................................... 121 Authentication Settings .....................................................................................................
Contents Configuring IP Access Control ................................................................................................... 205 SSL Certificates ......................................................................................................................... 207 Security Banner ......................................................................................................................... 209 Chapter 10 Maintenance 211 Audit Log ...........................................
Contents Chapter 13 KX II Local Console 242 Overview .................................................................................................................................... 242 Using the KX II Local Console ................................................................................................... 242 Simultaneous Users ........................................................................................................ 242 KX II Local Console Interface ...........................
Contents Setting the Registry to Permit Write Operations to the Schema ............................................... 283 Creating a New Attribute ............................................................................................................ 283 Adding Attributes to the Class ................................................................................................... 284 Updating the Schema Cache .........................................................................................
Contents Appendix D FAQs 302 General Questions ..................................................................................................................... 303 Remote Access .......................................................................................................................... 305 Universal Virtual Media .............................................................................................................. 307 USB Profiles................................................
Chapter 1 Introduction In This Chapter KX II Overview ...........................................................................................2 KX II Help...................................................................................................4 KX II Client Applications ............................................................................5 Virtual Media ..............................................................................................6 Product Photos .......................
Chapter 1: Introduction KX II Overview Raritan's Dominion KX II is an enterprise-class, secure, digital KVM (Keyboard, Video, Mouse) switch that provides BIOS-level (and up) access and control of servers from anywhere in the world via a web browser. Up to 64 servers can be controlled with a standard KX II. With the KX II 8-user model, up to 32 servers can be controlled with the KX2-832 and up to 64 servers can be controlled with the KX2-864.
Chapter 1: Introduction 3
Chapter 1: Introduction Diagram key Cat5 cable Remote virtual media USB drive(s) Computer Interface Module (CIM) Rack PDU (power strip) KX II Local access Note: KX2-832 and KX2-864 also use an extended local port. Remote KVM and serial devices IP LAN/WAN Modem PSTN Remote (network) access KX II Help The KX II help provides information on how to install, set up, and configure the KX II.
Chapter 1: Introduction Related Documentation The KX II help is accompanied by a KX II Device Quick Setup Guide, which can be found on the Raritan Firmware and Documentation page http://www.raritan.com/support/firmware-and-documentation/ of Raritan's website. Installation requirements and instructions for client applications used with the KX II can be found in the KVM and Serial Access Clients Guide, also found on the Raritan website.
Chapter 1: Introduction Virtual Media All KX II models support virtual media. The benefits of virtual media mounting of remote drives/media on the target server to support software installation and diagnostics - are now available in all of the KX II models. Each KX II comes equipped with virtual media to enable remote management tasks using the widest variety of CD, DVD, USB, internal and remote drives and images.
Chapter 1: Introduction Product Photos KX II KX2-832 7
Chapter 1: Introduction KX2-864 8
Chapter 1: Introduction Product Features Hardware Integrated KVM-over-IP remote access 1U or 2U rack-mountable (brackets included) Dual power supplies with failover; autoswitching power supply with power failure warning 8, 16, 32, or 64 (on KX2-464) server ports 32 (KX2-832) or 64 (KX2-864) server ports Support for tiering in which a base KX II device is used to access multiple other tiered devices. See Configuring and Enabling Tiering (on page 142) for more information on tiering.
Chapter 1: Introduction Software Virtual media with D2CIM-VUSB and D2CIM-DVUSB CIMs Absolute Mouse Synchronization with D2CIM-VUSB CIM and D2CIM-DVUSB CIMs Plug-and-Play Web-based access and management Intuitive graphical user interface (GUI) 128-bit encryption of complete KVM signal, including video and virtual media LDAP, Active Directory®, RADIUS, or internal authentication and authorization DHCP or fixed IP addressing Smart card/CAC authentication SNMP and Syslog
Chapter 1: Introduction Diagram Key TCP/IP IPv4 and/or IPv6 KVM (Keyboard, Video, Mouse) UTP Cable (Cat5/5e/6) KX II Local Access Console Local User - an optional user console (consisting of a keyboard, mouse, and multi-sync VGA monitor) attached directly to the KX II to control KVM target servers (directly at the rack, not through the network). A USB smart card reader can also be attached at the Local port to mount onto a target server.
Chapter 1: Introduction Package Contents Each KX II ships as a fully-configured stand-alone product in a standard 1U (2U for DKX2-864) 19" rackmount chassis.
Chapter 2 Installation and Configuration In This Chapter Overview ..................................................................................................13 Default Login Information ........................................................................13 Getting Started ........................................................................................14 Overview This section provides a brief overview of the installation process.
Chapter 2: Installation and Configuration Getting Started Step 1: Configure KVM Target Servers KVM target servers are the computers that will be accessed and controlled via the KX II. Before installing the KX II, configure all KVM target servers to ensure optimum performance. This configuration applies only to KVM target servers, not to the client workstations (remote PCs) used to access the KX II remotely. See Terminology (on page 10) for additional information.
Chapter 2: Installation and Configuration Windows XP, Windows 2003 and Windows 2008 Settings To configure KVM target servers running Microsoft® Windows XP® operating system, Windows 2003® operating system or Windows 2008® operating systems: 1. Configure the mouse settings: a. Choose Start > Control Panel > Mouse. b. Click the Pointer Options tab. c. In the Motion group: Set the mouse motion speed setting to exactly the middle speed. Disable the "Enhance pointer precision" option.
Chapter 2: Installation and Configuration Note: For KVM target servers running Windows XP, Windows 2000 or Windows 2008, you may wish to create a user name that will be used only for remote connections through the KX II. This will enable you to keep the target server's slow mouse pointer motion/acceleration settings exclusive to the KX II connection. Windows XP, 2000, and 2008 login pages revert to preset mouse parameters that differ from those suggested for optimal KX II performance.
Chapter 2: Installation and Configuration Animate controls and elements inside windows Animate windows when minimizing and maximizing Fade options: Fade or slide menus into view Fade or slide ToolTips into view Fade out menu items after clicking 3. Click OK and Close the Control Panel. To configure KVM target servers running Windows 7® operating system: 1. Configure the mouse settings: a. Choose Start > Control Panel > Hardware and Sound > Mouse. b. Click the Pointer Options tab. c.
Chapter 2: Installation and Configuration Windows 2000 Settings To configure KVM target servers running Microsoft® Windows 2000® operating system: 1. Configure the mouse settings: a. Choose Start > Control Panel > Mouse. b. Click the Motion tab. Set the acceleration to None. Set the mouse motion speed setting to exactly the middle speed. Click OK. 2. Disable transition effects: a. Select the Display option from the Control Panel. b. Click the Effects tab.
Chapter 2: Installation and Configuration a. Choose Main Menu > Preferences > Mouse. The Mouse Preferences dialog appears. b. Click the Motion tab. c. Within the Speed group, set the Acceleration slider to the exact center. d. Within the Speed group, set the Sensitivity towards low. e. Within the Drag & Drop group, set the Threshold towards small. f. Close the Mouse Preferences dialog.
Chapter 2: Installation and Configuration Note: If you change the video resolution, you must log off of the target server and log back in for the video settings to take effect. Note for Red Hat 9 KVM Target Servers If you are running Red Hat® 9 on the target server using a USB CIM, and are experiencing problems with the keyboard and/or mouse, there is an additional configuration setting you can try. Tip: You might have to perform these steps even after a fresh OS installation.
Chapter 2: Installation and Configuration 2. Configure the screen resolution: a. Choose Main Menu > System Settings > Display. The Display Settings dialog appears. b. On the Settings tab, select a Resolution supported by the KX II. c. Click OK. Note: Once connected to the target server, in many Linux graphical environments, the <+> command will change the video resolution, scrolling through all available resolutions that remain enabled in the XF86Config or /etc/X11/xorg.
Chapter 2: Installation and Configuration Make Linux Settings Permanent Note: These steps may vary slightly depending on the specific version of Linux® in use. To make your settings permanent in Linux (prompt): 1. Choose System Menu > Preferences > Personal > Sessions. 2. Click the Session Options tab. 3. Select the "Prompt on log off" checkbox and click OK. This option prompts you to save your current session when you log out. 4. Upon logging out, select the "Save current setup" option from the dialog.
Chapter 2: Installation and Configuration 2. All KVM target servers must be configured to one of the display resolutions supported by the KX II. The most popular supported resolutions for Sun machines are: Display resolution Vertical refresh rate Aspect ratio 1600 x 1200 60 Hz 4:3 1280 x 1024 60,75,85 Hz 5:4 1152 x 864 75 Hz 4:3 1024 x 768 60,70,75,85 Hz 4:3 800 x 600 56,60,72,75,85 Hz 4:3 720 x 400 85 Hz 9:5 640 x 480 60,72,75,85 Hz 4:3 3.
Chapter 2: Installation and Configuration 2. Choose Mouse Style Manager. The Style Manager - Mouse dialog appears. 3. Set the Acceleration slider to 1.0. 4. Set the Threshold slider to 1.0. 5. Click OK. Accessing the Command Line 1. Right click. 2. Choose Tools > Terminal. A terminal window opens. (It is best to be at the root to issue commands.) Video Settings (POST) Sun systems have two different resolution settings: a POST resolution and a GUI resolution. Run these commands from the command line.
Chapter 2: Installation and Configuration Card To check resolution: To change resolution: 32-bit # /usr/sbin/pgxconfig -prconf 1. # /usr/sbin/pgxconfig -res 1024x768x75 2. Log out or restart computer. 64-bit # /usr/sbin/m64config -prconf 1. # /usr/sbin/m64config -res 1024x768x75 2. Log out or restart computer. 32-bit and 64-bit # /usr/sbin/fbconfig -prconf 1. # /usr/sbin/fbconfig -res 1024x768x75 2. Log out or restart computer. IBM AIX 5.
Chapter 2: Installation and Configuration Make UNIX Settings Permanent Note: These steps may vary slightly depending on the type of UNIX® (for example, Solaris™, IBM® AIX™) and the specific version in use. 1. Choose Style Manager > Startup. The Style Manager - Startup dialog appears. 2. On the Logout Confirmation dialog, select the On option. This option prompts you to save your current session when you log out.
Chapter 2: Installation and Configuration Step 3: Connect the Equipment Connect the KX II to the power supply, network, local PC, local video display, keyboard and mouse, and target servers. The letters in the diagram correspond to the topics in this section that describe the connection. A. AC Power To connect the power supply: 1. Attach the included AC power cord to the KX II and plug into an AC power outlet. 2.
Chapter 2: Installation and Configuration C. Network Port The KX II provides two Ethernet ports for failover purposes (not for load-balancing). By default, only LAN1 is active and the automatic failover is disabled. When enabled, if the KX II internal network interface or the network switch to which it is connected becomes unavailable, LAN2 will be enabled using the same IP address.
Chapter 2: Installation and Configuration Connection Description port. Keyboard Attach a standard USB keyboard to one of the USB Type A (female) ports. Mouse Attach a standard USB mouse to one of the USB Type A (female) ports. E. Target Server Ports The KX II uses standard UTP cabling (Cat5/5e/6) to connect to each target server. To connect a target server to the KX II: 1. Use the appropriate Computer Interface Module (CIM).
Chapter 2: Installation and Configuration Changing the Default Password The KX II ships with a default password. The first time you start the KX II you are required to change that password. To change the default password: 1. Power on the KX II using the power switch(s) at the back of the unit. Wait for the KX II unit to boot. (A beep signals that the boot is complete.) 2. Once the unit has booted, the KX II Local Console is visible on the monitor attached to the KX II local port.
Chapter 2: Installation and Configuration c. Enter the Default Gateway if None is selected from the IP Auto Configuration drop-down. d. Enter the Preferred DHCP Host Name if DHCP is selected from the IP Auto Configuration drop-down. e. Select the IP Auto Configuration. The following options are available: None (Static IP) - This option requires that you manually specify the network parameters.
Chapter 2: Installation and Configuration 5. Select Obtain DNS Server Address Automatically if DHCP is selected and Obtain DNS Server Address is enabled. When Obtain DNS Server Address Automatically, the DNS information provided by the DHCP server will be used. 6. If Use the Following DNS Server Addresses is selected, regardless of whether DHCP is selected or not, the addresses entered in this section will be used to connect to the DNS server.
Chapter 2: Installation and Configuration Valid Special Characters for Target Names Character Description Character Description ! Exclamation point ; Semi-colon " Double quote = Equal sign # Pound sign > Greater than sign $ Dollar sign ? Question mark % Percent sign @ At sign & Ampersand [ Left bracket ( Left parenthesis \ Backward slash ) Right parenthesis ] Right bracket * Asterisk ^ Caret + Plus sign _ Underscore , Comma ` Grave accent - Dash { Left brace
Chapter 2: Installation and Configuration 3. If you are plugging power input into power supply number two (right-most power supply at the back of the device), select the Powerln2 Auto Detect option. 4. Click OK. Note: If either of these checkboxes is selected and power input is not actually connected, the power LED at the front of the device turns red. To disable power supply autodetection for the power supply not in use: 1. Using the KX II Local Console, choose Device Settings > Power Supply Setup.
Chapter 2: Installation and Configuration Note on Microsoft Active Directory Microsoft® Active Directory® uses the LDAP/LDAPS protocol natively, and can function as an LDAP/LDAPS server and authentication source for the KX II. If it has the IAS (Internet Authorization Server) component, a Microsoft Active Directory server can also serve as a RADIUS authentication source.
Chapter 2: Installation and Configuration 5. Shut down the device and power on once again. The DCIM-SUSB performs a reset (power cycle). 6. Verify that the characters are correct.
Chapter 3 Working with Target Servers In This Chapter Interfaces .................................................................................................37 Proxy Server Configuration for use with MPC, VKC and AKC ................50 Virtual KVM Client (VKC).........................................................................51 Active KVM Client (AKC) .........................................................................80 Multi-Platform Client (MPC) .........................................
Chapter 3: Working with Target Servers KX II Local Console Interface When you are located at the server rack, the KX II provides standard KVM management and administration via the KX II Local Console. The KX II Local Console provides a direct KVM (analog) connection to your connected servers; the performance is exactly as if you were directly connected to the server's keyboard, mouse, and video ports. Additionally, the KX II provides terminal emulation when accessing serial targets.
Chapter 3: Working with Target Servers Depending on your browser and security settings, you may see various security and certificate warnings. It is necessary to accept these warnings to launch the KX II Remote Console. You can reduce the number of warning messages during subsequent log ins by checking the following options on the security and certificate warning messages: In the future, do not show this warning. Always trust content from this publisher. To launch the KX II Remote Console: 1.
Chapter 3: Working with Target Servers Interface and Navigation KX II Console Layout Both the KX II Remote Console and the KX II Local Console interfaces provide an HTML (web-based) interface for configuration and administration, as well as target server list and selection. The options are organized into various tabs. After successful login, the Port Access page opens listing all ports along with their status and availability.
Chapter 3: Working with Target Servers Left Panel The left panel of the KX II interface contains the following information. Note that some information is conditional and will only be displayed if you are a certain of user, are using certain features, and so on. This conditional information is noted here. Information Description When displayed? Time & Session The date and time the current session started.
Chapter 3: Working with Target Servers Information Description When displayed? Configured As If you are using a tiering When the KX II is part of Base or Configured configuration, this a tiered configuration. As Tiered indicates if the KX II you are accessing is the base device or a tiered device. Port States The statuses of the ports being used by the KX II. Always Connect Users The users, identified by Always their username and IP address, who are currently connected to the KX II.
Chapter 3: Working with Target Servers Port Access Page After successfully logging on to the KX II Remote Console, the Port Access page appears. This page lists all of the KX II ports, the connected KVM target servers, and their status and availability. The Port Access page provides access to the KVM target servers connected to the KX II. KVM target servers are servers that you want to control through the KX II device. They are connected to the KX II ports at the back of the device.
Chapter 3: Working with Target Servers Note: Do not use apostrophes for the Port (CIM) Name. Status - The status for standard servers is either up or down. Type - The type of server or CIM. For blade chassis, the type can be Blade Chassis, Blade, BladeChassisAdmin, and BladeChassisURL. 2. Click View by Port, View by Group or View by Search to switch between views. 3. Click the Port Name of the target server you want to access. The Port Action Menu appears.
Chapter 3: Working with Target Servers Power On - Powers on the target server through the associated outlet. This option is visible only when there are one or more power associations to the target. Power Off - Powers off the target server through the associated outlets. This option is visible only when there are one or more power associations to the target, when the target power is on (port status is up), and when user has permission to operate this service.
Chapter 3: Working with Target Servers Managing Favorites A Favorites feature is provided so you can organize and quickly access the devices you use frequently.
Chapter 3: Working with Target Servers Note: Both IPv4 and IPv6 addresses are supported. Manage Favorites Page To open the Manage Favorites page: Click the Manage button in the left panel. The Manage Favorites page appears and contains the following: Use: To: Favorites List Manage your list of favorite devices. Discover Devices - Local Subnet Discover Raritan devices on the client PC's local subnet. Discover Devices - KX II Subnet Discover the Raritan devices on the KX II device subnet.
Chapter 3: Working with Target Servers c. Click Save. 3. Click Refresh. The list of devices on the local subnet is refreshed. To add devices to your Favorites List: 1. Select the checkbox next to the device name/IP address. 2. Click Add. Tip: Use the Select All and Deselect All buttons to quickly select all (or deselect all) devices in the remote console subnet. To access a discovered device: Click the device name or IP address for that device. A new browser opens to that device.
Chapter 3: Working with Target Servers Adding, Deleting and Editing Favorites To add a device to your favorites list: 1. Choose Manage > Add New Device to Favorites. The Add New Favorite page appears. 2. Type a meaningful description. 3. Type the IP Address/Host Name for the device. 4. Change the discovery Port (if necessary). 5. Select the Product Type. 6. Click OK. The device is added to your list of favorites. To edit a favorite: 1.
Chapter 3: Working with Target Servers Proxy Server Configuration for use with MPC, VKC and AKC When the use of a Proxy Server is required, a SOCKS proxy must also be provided and configured on the remote client PC. Note: If the installed proxy server is only capable of the HTTP proxy protocol, you cannot connect. To configure the SOCKS proxy: 1. On the client, select Control Panel > Internet Options. a. On the Connections tab, click 'LAN settings'. The Local Area Network (LAN) Settings dialog opens. b.
Chapter 3: Working with Target Servers start javaw -Xmn128M -Xmx512M -XX:MaxHeapFreeRatio=70 -XX:MinHeapFreeRatio=50 -Dsun.java2d.noddraw=true -DsocksProxyHost=192.168.99.99 -DsocksProxyPort=1080 -classpath .\sdeploy.jar;.\sFoxtrot.jar;.\jaws.jar;.\sMpc.jar com.raritan.rrc.ui.RRCApplication %1 Virtual KVM Client (VKC) Please note this client is used by various Raritan products. As such, references to other products may appear in this section of help.
Chapter 3: Working with Target Servers Button Button Name Video Settings Description Color Calibration Adjusts color settings to reduce excess color noise. Opens the Video Settings dialog, allowing you to manually adjust video conversion parameters. Same as choosing Video > Color Calibrate. Note: Not available in KX II-101-V2. Target Screenshot Click to take a screenshot of the target server and save it to a file of your choosing.
Chapter 3: Working with Target Servers Switching Between KVM Target Servers With the KX II, you can access several KVM target servers. The KX II provides the ability to switch from one target server to another. Note: This feature is available in the KX II Remote Console only. To switch between KVM target servers: 1. While already using a target server, access the KX II Port Access page. 2. Click the port name of the target you want to access. The Port Action menu appears. 3.
Chapter 3: Working with Target Servers Disconnecting KVM Target Servers Note: This item is not available on the KX II Local Console. The only way to disconnect from the switched target in the Local Console is to use the hot key. To disconnect a target server: 1. Click the port name of the target you want to disconnect. The Port Action menu appears. 2. Choose Disconnect. Tip: You can also close the Virtual KVM Client window by selecting Connection > Exit from the Virtual KVM menu.
Chapter 3: Working with Target Servers Connection Properties The dynamic video compression algorithms maintain KVM console usability under varying bandwidth constraints. The devices optimize KVM output not only for LAN use, but also for WAN use. These devices can also control color depth and limit video output, offering an optimal balance between video quality and system responsiveness for any bandwidth.
Chapter 3: Working with Target Servers 256 Kb (Cable) 128 Kb (Dual ISDN) 56 kb (ISP Modem) 33 kb (Fast Modem) 24 kb (Slow Modem) Note that these settings are an optimization for specific conditions rather than an exact speed. The client and server always attempt to deliver video as quickly as possible on the network regardless of the current network speed and encoding setting. But the system will be most responsive when the settings match the real world environment. 3.
Chapter 3: Working with Target Servers Connection Information To obtain information about your Virtual KVM Client connection: Choose Connection > Info... The Connection Info window opens. The following information is displayed about the current connection: Device Name - The name of the device. IP Address - The IP address of the device. Port - The KVM communication TCP/IP port used to access the target device. Data In/Second - Data rate in. Data Out/Second - Data rate out.
Chapter 3: Working with Target Servers Import/Export Keyboard Macros Macros exported from Active KVM Client (AKC) cannot be imported into Multi-Platform Client (MPC) or Virtual KVM Client (VKC). Macros exported from MPC or VKC cannot be imported into AKC. Note: KX II-101 does not support AKC. To import macros: 1. Choose Keyboard > Import Keyboard Macros to open the Import Macros dialog. Browse to the folder location of the macro file. 2. Click on the macro file and click Open to import the macro. a.
Chapter 3: Working with Target Servers Click Yes to replace the existing macro with the imported version. Click Yes to All to replace the currently selected and any other duplicate macros that are found. Click No to keep the original macro and proceed to the next macro Click No to All keep the original macro and proceed to the next macro. Any other duplicates that are found are skipped as well. Click Cancel to stop the import.
Chapter 3: Working with Target Servers 3. Click Ok. The Export Keyboard Macro. A dialog from which to locate and select the macro file appears. By default, the macro exists on your desktop. 4. Select the folder to save the macro file to, enter a name for the file and click Save. If the macro already exists, you receive an alert message. Select Yes to overwrite the existing macro or No to close the alert without overwriting the macro. Building a Keyboard Macro To build a macro: 1.
Chapter 3: Working with Target Servers Press Left Ctrl Release Left Ctrl Press Esc Release Esc 8. Review the Macro Sequence field to be sure the macro sequence is defined correctly. a. To remove a step in the sequence, select it and click Remove. b. To change the order of steps in the sequence, click the step and then click the up or down arrow buttons to reorder them as needed. 9. Click OK to save the macro. Click Clear to clear all field and start over.
Chapter 3: Working with Target Servers Running a Keyboard Macro Once you have created a keyboard macro, execute it using the keyboard macro you assigned to it or by choosing it from the Keyboard menu. Run a Macro from the Menu Bar When you create a macro, it appears under the Keyboard menu. Execute the keyboard macro by clicking on it in the Keyboard menu.
Chapter 3: Working with Target Servers 3. Set the language and mouse settings. 4. Exit the menu to return to normal CIM functionality. Video Properties Refreshing the Screen The Refresh Screen command forces a refresh of the video screen. Video settings can be refreshed automatically in several ways: The Refresh Screen command forces a refresh of the video screen. The Auto-sense Video Settings command automatically detects the target server's video settings.
Chapter 3: Working with Target Servers Calibrating Color Use the Calibrate Color command to optimize the color levels (hue, brightness, saturation) of the transmitted video images. The color settings are on a target server-basis. Note: The Calibrate Color command applies to the current connection only. Note: The KX II-101 does support color calibration. To calibrate the color, do the following: Choose Video > Calibrate Color or click the Calibrate Color button in the toolbar.
Chapter 3: Working with Target Servers c. Brightness: Use this setting to adjust the brightness of the target server display. d. Brightness Red - Controls the brightness of the target server display for the red signal. e. Brightness Green - Controls the brightness of the green signal. f. Brightness Blue - Controls the brightness of the blue signal. g. Contrast Red - Controls the red signal contrast. h. Contrast Green - Controls the green signal. i. Contrast Blue - Controls the blue signal.
Chapter 3: Working with Target Servers Note: Some Sun background screens, such as screens with very dark borders, may not center precisely on certain Sun servers. Use a different background or place a lighter colored icon in the upper left corner of the screen.
Chapter 3: Working with Target Servers Using Screenshot from Target You are able to take a screenshot of a target server using the Screenshot from Target server command. If needed, save this screenshot to a file location of your choosing as a bitmap, JPEG or PNG file. To take a screenshot of the target server: 1. Select Video > Screenshot from Target or click the Screenshot from Target button on the toolbar. 2.
Chapter 3: Working with Target Servers Changing the Maximum Refresh Rate If the video card you are using on the target uses custom software and you are accessing the target through MPC or VKC, you may need to change the maximum refresh rate of the monitor in order for the refresh rate to take effect on the target. To adjust the monitor refresh rate: 1. In Windows®, select Display Properties > Settings > Advanced to open the Plug and Play dialog. 2. Click on the Monitor tab. 3.
Chapter 3: Working with Target Servers Mouse Pointer Synchronization When remotely viewing a target server that uses a mouse, two mouse cursors are displayed: one belonging to your remote client workstation and the other belonging to the target server. When the mouse pointer lies within the Virtual KVM Client target server window, mouse movements and clicks are directly transmitted to the connected target server.
Chapter 3: Working with Target Servers Additional Notes for Intelligent Mouse Mode Be sure that there are no icons or applications in the upper left section of the screen since that is where the synchronization routine takes place. Do not use an animated mouse. Disable active desktop on KVM target servers. Synchronize Mouse In dual mouse mode, the Synchronize Mouse command forces realignment of the target server mouse pointer with Virtual KVM Client mouse pointer.
Chapter 3: Working with Target Servers Intelligent Mouse Mode In Intelligent Mouse mode, the device can detect the target mouse settings and synchronize the mouse cursors accordingly, allowing mouse acceleration on the target. Intelligent mouse mode is the default for non-VM targets. In this mode, the mouse cursor does a “dance” in the top left corner of the screen and calculates the acceleration. For this mode to work properly, certain conditions must be met.
Chapter 3: Working with Target Servers Please note that mouse configurations will vary on different target operating systems. Consult your OS guidelines for further details. Also note that intelligent mouse synchronization does not work with UNIX targets. Absolute Mouse Mode In this mode, absolute coordinates are used to keep the client and target cursors in sync, even when the target mouse is set to a different acceleration or speed.
Chapter 3: Working with Target Servers 2. Click the Single/Double Mouse Cursor button in the toolbar. To exit single mouse mode: 1. Press Ctrl+Alt+O on your keyboard to exit single mouse mode. VKC Virtual Media See the chapter on Virtual Media for complete information about setting up and using virtual media.
Chapter 3: Working with Target Servers Smart Cards (VKC, AKC and MPC) Using the KX II 2.1.10 or later, you are able to mount a smart card reader onto a target server to support smart card authentication and related applications. For a list of supported smart cards, smart card readers, and additional system requirements, see Supported and Unsupported Smart Card Readers (on page 275).
Chapter 3: Working with Target Servers 4. A progress dialog will open. Check the 'Mount selected card reader automatically on connection to targets' checkbox to mount the smart card reader automatically the next time you connect to a target. Click OK to begin the mounting process. To update the smart card in the Select Smart Card Reader dialog: Click Refresh List if a new smart card reader has been attached to the client PC.
Chapter 3: Working with Target Servers Tool Options From the Tools menu, you can specify certain options for use with the Virtual KVM Client, including logging, setting the keyboard type, and defining hot keys for exiting Full Screen mode and Single Cursor mode. Note: The KX II-101 and KX II-101-V2 do not support single cursor mode. To set the tools options: 1. Choose Tools > Options. The Options dialog appears. 2. Select the Enable Logging checkbox only if directed to by Technical Support.
Chapter 3: Working with Target Servers 4. Exit Full Screen Mode - Hotkey. When you enter Full Screen mode, the display of the target server becomes full screen and acquires the same resolution as the target server. This is the hot key used for exiting this mode. 5. Exit Single Cursor Mode - Hotkey. When you enter single cursor mode, only the target server mouse cursor is visible. This is the hot key used to exit single cursor mode and bring back the client mouse cursor. Click OK.
Chapter 3: Working with Target Servers Language Configuration method French Keyboard Indicator German System Settings (Control Center) Japanese System Settings (Control Center) UK System Settings (Control Center) Korean System Settings (Control Center) Belgian Keyboard Indicator Norwegian Keyboard Indicator Danish Keyboard Indicator Swedish Keyboard Indicator Hungarian System Settings (Control Center) Spanish System Settings (Control Center) Italian System Settings (Control Center)
Chapter 3: Working with Target Servers View Options View Toolbar You can use the Virtual KVM client with or without the toolbar display. To toggle the display of the toolbar (on and off): Choose View > View Toolbar. Scaling Scaling your target window allows you to view the entire contents of the target server window.
Chapter 3: Working with Target Servers Help Options About Raritan Virtual KVM Client This menu command provides version information about the Virtual KVM Client, in case you require assistance from Raritan Technical Support. To obtain version information: 1. Choose Help > About Raritan Virtual KVM Client. 2. Use the Copy to Clipboard button to copy the information contained in the dialog to a clipboard file so it can be accessed later when dealing with support (if needed).
Chapter 3: Working with Target Servers AKC Supported Operating Systems and Browsers .NET Framework AKC requires Windows .NET® version 3.5, and will work with both 3.5 and 4.0 installed. Operating Systems When launched from Internet Explorer®, AKC allows you to reach target servers via the KX II 2.2 (or later). AKC is compatible with the following platforms running .NET Framework 3.
Chapter 3: Working with Target Servers Prerequisites for Using AKC In order to use AKC: Ensure the cookies from the IP address of the device that is being accessed are not currently being blocked. Windows Vista, Windows 7 and Windows 2008 server users should ensure that the IP address of the device being accessed is included in their browser's Trusted Sites Zone and that Protected Mode is not on when accessing the device.
Chapter 3: Working with Target Servers Note: The Alt+Tab command toggles between windows only on the local system. When MPC opens, the Raritan devices that were automatically detected and which are found on your subnet are displayed in the Navigator in tree format. 2. If your device is not listed by name in the navigator, add it manually: a. Choose Connection > New Profile. The Add Connection window opens. b.
Chapter 4 Rack PDU (Power Strip) Outlet Control In This Chapter Overview ..................................................................................................84 Turning Outlets On/Off and Cycling Power .............................................85 Overview The KX II allows you to control Raritan PX and RPC series rack PDU (power strip) outlets connected to the KX II through a D2CIM-PWR.
Chapter 4: Rack PDU (Power Strip) Outlet Control Control - Turn outlets on or off, or cycle their power. Association - The ports associated with the outlet. Initially, when you open the Powerstrip page, the power strips that are currently connected to the KX II are displayed in the Powerstrip drop-down. Additionally, information relating to the currently selected power strip is displayed.
Chapter 4: Rack PDU (Power Strip) Outlet Control 5. Click OK to close the Power On confirmation dialog. The outlet will be turned on and its state will be displayed as 'on'. To turn an outlet off: 1. Click Off. 2. Click OK on the Power Off dialog. 3. Click OK on the Power Off confirmation dialog. The outlet will be turned off and its state will be displayed as 'off'. To cycle the power of an outlet: 1. Click the Cycle button. The Power Cycle Port dialog opens.
Chapter 4: Rack PDU (Power Strip) Outlet Control 2. Click OK. The outlet will then cycle (note that this may take a few seconds). 3. Once the cycling is complete the dialog will open. Click OK to close the dialog.
Chapter 5 Virtual Media In This Chapter Overview ..................................................................................................89 Prerequisites for Using Virtual Media ......................................................92 Using Virtual Media via VKC and AKC in a Windows Environment ........93 Using Virtual Media .................................................................................94 File Server Setup (File Server ISO Images Only) ...................................
Chapter 5: Virtual Media Overview Virtual media extends KVM capabilities by enabling KVM target servers to remotely access media from a client PC and network file servers. With this feature, media mounted on a client PC and network file servers is essentially "mounted virtually" by the target server. The target server can then read from and write to that media as if it were physically connected to the target server itself.
Chapter 5: Virtual Media 90
Chapter 5: Virtual Media Diagram key Desktop PC CD/DVD drive KX II USB mass storage device CIM PC hard drive Target server Remote file server (ISO images) 91
Chapter 5: Virtual Media Prerequisites for Using Virtual Media With the virtual media feature, you can mount up to two drives (of different types) that are supported by the USB profile currently applied to the target. These drives are accessible for the duration of the KVM session. For example, you can mount a specific CD-ROM, use it, and then disconnect it when you are done. The CD-ROM virtual media “channel” will remain open, however, so that you can virtually mount another CD-ROM.
Chapter 5: Virtual Media Using Virtual Media via VKC and AKC in a Windows Environment Windows XP® operating system administrator and standard user privileges vary from those of the Windows Vista® operating system and the Windows 7® operating system. When enabled in Vista or Windows 7, User Access Control (UAC) provides the lowest level of rights and privileges a user needs for an application.
Chapter 5: Virtual Media Using Virtual Media See Prerequisites for Using Virtual Media before proceeding with using virtual media. To use virtual media: 1. If you plan to access file server ISO images, identify those file servers and images through the Remote Console File Server Setup page. See File Server Setup (File Server ISO Images Only). Note: ISO9660 format is the standard supported by Raritan. However, other CD-ROM extensions may also work. 2. Open a KVM session with the appropriate target server.
Chapter 5: Virtual Media File Server Setup (File Server ISO Images Only) Note: This feature is only required when using virtual media to access file server ISO images. ISO9660 format is the standard supported by Raritan. However, other CD-ROM extensions may also work. Note: SMB/CIFS support is required on the file server. Use the Remote Console File Server Setup page to designate the files server(s) and image paths that you want to access using virtual media.
Chapter 5: Virtual Media Note: You cannot access a remote ISO image via virtual media using an IPv6 address due to technical limitations of third-party software used by the by the KX, KSX or KX101 G2 device. Note: If you are connecting to a Windows 2003® server and attempt to load an ISO image from the server, you may receive an error stating "Virtual Media mounting on port failed. Unable to connect to the file server or incorrect File Server username and password".
Chapter 5: Virtual Media Connecting to Virtual Media Local Drives This option mounts an entire drive, which means the entire disk drive is mounted virtually onto the target server. Use this option for hard drives and external drives only. It does not include network drives, CD-ROM, or DVD-ROM drives. This is the only option for which Read/Write is available.
Chapter 5: Virtual Media 3. If you want Read and Write capabilities, select the Read-Write checkbox. This option is disabled for nonremovable drives. See the Conditions when Read/Write is Not Available (on page 98) for more information. When checked, you will be able to read or write to the connected USB disk. WARNING: Enabling Read/Write access can be dangerous! Simultaneous access to the same drive from more than one entity can result in data corruption.
Chapter 5: Virtual Media CD-ROM/DVD-ROM/ISO Images This option mounts CD-ROM, DVD-ROM, and ISO images. Note: ISO9660 format is the standard supported by Raritan. However, other CD-ROM extensions may also work. To access a CD-ROM, DVD-ROM, or ISO image: 1. From the Virtual KVM Client, choose Virtual Media > Connect CD-ROM/ISO Image. The Map Virtual Media CD/ISO Image dialog appears. 2. For internal and external CD-ROM or DVD-ROM drives: a. Choose the Local CD/DVD Drive option. b.
Chapter 5: Virtual Media 4. For remote ISO images on a file server: a. Choose the Remote Server ISO Image option. b. Choose Hostname and Image from the drop-down list. The file servers and image paths available are those that you configured using the File Server Setup page. Only items you configured using the File Server Setup page will be in the drop-down list. c. File Server Username - User name required for access to the file server. The name can include the domain name such as mydomain/username. d.
Chapter 6 USB Profiles In This Chapter Overview ................................................................................................101 CIM Compatibility ..................................................................................102 Available USB Profiles...........................................................................102 Selecting Profiles for a KVM Port ..........................................................
Chapter 6: USB Profiles CIM Compatibility In order to make use of USB profiles, you must use a D2CIM-VUSB or D2CIM-DVUSB with updated firmware. A VM-CIM that has not had its firmware upgraded will support a broad range of configurations (Keyboard, Mouse, CD-ROM, and Removable Drive) but will not be able to make use of profiles optimized for particular target configurations. Given this, existing VM-CIMs should be upgraded with latest firmware in order to access USB profiles.
Chapter 6: USB Profiles USB profile Description USB bus speed limited to full-speed (12 MBit/s) BIOS DellPowerEdge Keyboard Only No virtual media support Dell PowerEdge BIOS Access (Keyboard Only) Use this profile to have keyboard functionality for the Dell PowerEdge BIOS when using D2CIM-VUSB. When using the new D2CIM-DVUSB, use 'Generic' profile.
Chapter 6: USB Profiles USB profile BIOS Generic Description BIOS Generic Use this profile when Generic OS profile does not work on the BIOS. WARNING: USB enumeration will trigger whenever virtual media is connected or disconnected.
Chapter 6: USB Profiles USB profile Advanced Management Module Description functionality when D2CIM-VUSB or D2CIM-DVUSB is connected to the Advanced Management Module. Restrictions: BIOS Lenovo ThinkPad T61 & X61 Virtual CD-ROM and disk drives cannot be used simultaneously BIOS Lenovo ThinkPad T61 and X61 (boot from virtual media) Use this profile to boot the T61 and X61 series laptops from virtual media.
Chapter 6: USB Profiles USB profile Installation) Description (Windows 2003 Server Installation) Use this profile for the HP Proliant DL360/DL380 G4 series server when installing Windows 2003 Server without the help of HP SmartStart CD. Restrictions: Linux® USB bus speed limited to full-speed (12 MBit/s) Generic Linux profile This is the generic Linux profile; use it for Redhat Enterprise Linux, SuSE Linux Enterprise Desktop and similar distributions.
Chapter 6: USB Profiles USB profile Description series mainboards with Phoenix AwardBIOS. Restrictions: Suse 9.2 Virtual CD-ROM and disk drives cannot be used simultaneously SuSE Linux 9.2 Use this for SuSE Linux 9.2 distribution.
Chapter 6: USB Profiles USB profile Description USB bus speed limited to full-speed (12 MBit/s) Virtual CD-ROM and disk drives cannot be used simultaneously WARNING: USB enumeration will trigger whenever virtual media is connected or disconnected. Use Full Speed for Virtual Media CIM Use Full Speed for virtual media CIM This profile resembles the behavior of the original KX2 release with Full Speed for virtual media CIM option checked. Useful for BIOS that cannot handle High Speed USB devices.
Chapter 6: USB Profiles Mouse Modes when Using the Mac OS-X USB Profile with a DCIM-VUSB If you are using a DCIM-VUSB, using a Mac OS-X® USB profile, and running Mac OS-X 10.4.9 (or later), when you reboot you must be in Single Mouse mode to use the mouse at the Boot menu. To configure the mouse to work at the Boot menu: 1. Reboot the Mac and press the Option key during the reboot to open the Boot menu. The mouse will not respond at this point. 2.
Chapter 7 User Management In This Chapter User Groups ..........................................................................................110 Users .....................................................................................................119 Authentication Settings ..........................................................................122 Changing a Password ...........................................................................
Chapter 7: User Management User Group List User groups are used with local and remote authentication (via RADIUS or LDAP/LDAPS). It is a good idea to define user groups before creating individual users since, when you add a user, you must assign that user to an existing user group. The User Group List page displays a list of all user groups, which can be sorted in ascending or descending order by clicking on the Group Name column heading.
Chapter 7: User Management The Group page is organized into the following categories: Group, Permissions, Port Permissions, and IP ACL. 2. Type a descriptive name for the new user group into the Group Name field (up to 64 characters). 3. Set the permissions for the group. Select the checkboxes before the permissions you want to assign to all of the users belonging to this group. See Setting Permissions (on page 114). 4. Set the port permissions.
Chapter 7: User Management Note: Several administrative functions are available within MPC and from the KX II Local Console. These functions are available only to members of the default Admin group. Note: Both IPv4 and IPv6 addresses are supported.
Chapter 7: User Management Setting Permissions Important: Selecting the User Management checkbox allows the members of the group to change the permissions of all users, including their own. Carefully consider granting these permissions. Permission Description Device Access While Under CC-SG Management Allows users and user groups with this permission to directly access the KX II using an IP address when Local Access is enabled for the device in CC-SG.
Chapter 7: User Management Permission Description User Management User and group management, remote. authentication (LDAP/LDAPS/RADIUS), login settings. If you are using a tiered configuration in which a base KX II device is used to access multiple other tiered devices, user, user group and remote authentication settings must be consistent across all devices. See Configuring and Enabling Tiering (on page 142) for more information on tiering.
Chapter 7: User Management Power control access Option Description Deny Deny power control to the target server Access Full permission to power control on a target server For blade chassis, the port access permission will control access to the URLs that have been configured for that blade chassis. The options are Deny or Control. In addition, each blade housed within the chassis has its own independent Port Permissions setting.
Chapter 7: User Management Use the IP ACL section of the Group page to add, insert, replace, and delete IP access control rules on a group-level basis. To add (append) rules: 1. Type the starting IP address in the Starting IP field. 2. Type the ending IP address in the Ending IP field. 3. Choose the action from the available options: Accept - IP addresses set to Accept are allowed access to the KX II device. Drop - IP addresses set to Drop are denied access to the KX II device. 4. Click Append.
Chapter 7: User Management 2. Click Delete. 3. When prompted to confirm the deletion, click OK. Important: ACL rules are evaluated in the order in which they are listed. For instance, in the example shown here, if the two ACL rules were reversed, Dominion would accept no communication at all. Tip: The rule numbers allow you to have more control over the order in which the rules are created. Note: Both IPv4 and IPv6 addresses are supported.
Chapter 7: User Management Tip: To determine the users belonging to a particular group, sort the User List by User Group. 1. Choose a group from among those listed by checking the checkbox to the left of the Group Name. 2. Click Delete. 3. When prompted to confirm the deletion, click OK. Users Users must be granted user names and passwords to gain access to the KX II. This information is used to authenticate users attempting to access your KX II. Up to 254 users can be created for each user group.
Chapter 7: User Management Adding a New User It is a good idea to define user groups before creating KX II users because, when you add a user, you must assign that user to an existing user group. See Adding a New User Group (on page 111). From the User page, you can add new users, modify user information, and reactivate users that have been deactivated. Note: A user name can be deactivated when the number of failed login attempts has exceeded the maximum login attempts set in the Security Settings page.
Chapter 7: User Management 5. To delete a user, click Delete. You are prompted to confirm the deletion. 6. Click OK. Logging a User Off (Force Logoff) If you are an administrator, you are able to log off another locally authenticated user who is logged on to the KX II. To log off a user: 1. Open the User List page by choosing User Management > User List or click the Connected User link in the left panel of the page. 2.
Chapter 7: User Management Authentication Settings Authentication is the process of verifying that a user is who he says he is. Once a user is authenticated, the user's group is used to determine his system and port permissions. The user's assigned privileges determine what type of access is allowed. This is called authorization. When the KX II is configured for remote authentication, the external authentication server is used primarily for the purposes of authentication, not authorization.
Chapter 7: User Management Implementing LDAP/LDAPS Remote Authentication Lightweight Directory Access Protocol (LDAP/LDAPS) is a networking protocol for querying and modifying directory services running over TCP/IP. A client starts an LDAP session by connecting to an LDAP/LDAPS server (the default TCP port is 389). The client then sends operation requests to the server, and the server sends responses in turn. Reminder: Microsoft Active Directory functions natively as an LDAP/LDAPS authentication server.
Chapter 7: User Management 9. In the User Search DN field, enter the Distinguished Name of where in the LDAP database you want to begin searching for user information. Up to 64 characters can be used. An example base search value might be: cn=Users,dc=raritan,dc=com. Consult your authentication server administrator for the appropriate values to enter into these fields. 10. Enter the Distinguished Name of the Administrative User in the DN of Administrative User field (up to 64 characters).
Chapter 7: User Management 11. If you entered a Distinguished Name for the Administrative User, you must enter the password that will be used to authenticate the Administrative User's DN against the remote authentication server. Enter the password in the Secret Phrase field and again in the Confirm Secret Phrase field (up to 128 characters). LDAP/LDAP Secure 12. Select the Enable Secure LDAP checkbox if you would like to use SSL. This will enable the Enable LDAPS Server Certificate Validation checkbox.
Chapter 7: User Management 15. Select the Enable LDAPS Server Certificate Validation checkbox to use the previously uploaded root CA certificate file to validate the certificate provided by the server. If you do not want to use the previously uploaded root CA certificate file, leave this checkbox deselected. Disabling this function is the equivalent of accepting a certificate that has been signed by an unknown certifying authority.
Chapter 7: User Management Once the test is completed, a message will be displayed that lets you know the test was successful or, if the test failed, a detailed error message will be displayed. It will display successful result or detail error message in failure case. It also can display group information retrieved from remote LDAP server for the test user in case of success.
Chapter 7: User Management Important Notes Group Name is case sensitive. The KX II provides the following default groups that cannot be changed or deleted: Admin and . Verify that your Active Directory server does not use the same group names. If the group information returned from the Active Directory server does not match a KX II group configuration, the KX II automatically assigns the group of to users who authenticate successfully.
Chapter 7: User Management 9. The default number of retries is 3 Retries. This is the number of times the KX II will send an authentication request to the RADIUS server. 10. Choose the Global Authentication Type from among the options in the drop-down list: PAP - With PAP, passwords are sent as plain text. PAP is not interactive. The user name and password are sent as one data package once a connection is established, rather than the server sending a login prompt and waiting for a response.
Chapter 7: User Management Note: Both IPv4 and IPv6 addresses are supported. Cisco ACS 5.x for RADIUS Authentication If you are using a Cisco ACS 5.x server, after you have configured the KX II for RADIUS authentication, complete the following steps on the Cisco ACS 5.x server. Note: The following steps include the Cisco menus and menu items used to access each page. Please refer to your Cisco documentation for the most up to date information on each step and more details on performing them.
Chapter 7: User Management Returning User Group Information via RADIUS When a RADIUS authentication attempt succeeds, the KX II determines the permissions for a given user based on the permissions of the user's group. Your remote RADIUS server can provide these user group names by returning an attribute, implemented as a RADIUS FILTER-ID. The FILTER-ID should be formatted as follows: Raritan:G{GROUP_NAME} where GROUP_NAME is a string denoting the name of the group to which the user belongs.
Chapter 7: User Management 132 Attribute Acct-Status (40) Data Stop(2) - Stops the accounting NAS-Port-Type (61) VIRTUAL (5) for network connections. NAS-Port (5) Always 0. NAS-IP-Address (4) The IP address for the KX II. User-Name (1) The user name entered at the login screen. Acct-Session-ID (44) Session ID for accounting.
Chapter 7: User Management User Authentication Process Remote authentication follows the process specified in the flowchart below: 133
Chapter 7: User Management Changing a Password To change your password: 1. Choose User Management > Change Password. The Change Password page opens. 2. Type your current password in the Old Password field. 3. Type a new password in the New Password field. Retype the new password in the Confirm New Password field. Passwords can be up to 64 characters in length and can consist of English alphanumeric characters and special characters. 4. Click OK. 5.
Chapter 8 Device Management In This Chapter Network Settings ...................................................................................135 Device Services .....................................................................................140 Configuring Modem Settings .................................................................148 Configuring Date/Time Settings ............................................................149 Event Management .................................................
Chapter 8: Device Management Network Basic Settings These procedures describe how to assign an IP address on the Network Settings page. For complete information about all of the fields and the operation of this page, see Network Settings. To assign an IP address: 1. Choose Device Settings > Network. The Network Settings page opens. 2. Specify a meaningful Device Name for your KX II device. Up to 32 alphanumeric characters using valid special characters and no spaces. 3.
Chapter 8: Device Management d. Enter the Gateway IP Address. e. Link-Local IP Address. This address is automatically assigned to the device. It is used for neighbor discovery or when no routers are present. Read-Only f. Zone ID. This identifies the device with which the address is associated. Read-Only g. Select the IP Auto Configuration. The following options are available: None - Use this option if you do not want an auto IP configuration and prefer to set the IP address yourself (static IP).
Chapter 8: Device Management See LAN Interface Settings (on page 138) for information in configuring this section of the Network Settings page. Note: In some environments, the default LAN Interface Speed & Duplex setting Autodetect (autonegotiator) does not properly set the network parameters, which results in network issues. In these instances, setting the KX II LAN Interface Speed & Duplex field to 100 Mbps/Full Duplex (or whatever option is appropriate to your network) addresses the issue.
Chapter 8: Device Management Autodetect (default option) 10 Mbps/Half - Both LEDs blink 10 Mbps/Full - Both LEDs blink 100 Mbps/Half - Yellow LED blinks 100 Mbps/Full - Yellow LED blinks 1000 Mbps/Full (gigabit) - Green LED blinks Half-duplex provides for communication in both directions, but only one direction at a time (not simultaneously). Full-duplex allows communication in both directions simultaneously.
Chapter 8: Device Management Device Services The Device Services page allows you to configure the following functions: Enable SSH access. Enable tiering for the base KX II. Enter the discovery port. Enable direct port access. Enable the AKC Download Server Certificate Validation feature if you are using AKC. Enabling SSH Enable SSH access to allow administrators to access the KX II via the SSH v2 application. To enable SSH access: 1. Choose Device Settings > Device Services.
Chapter 8: Device Management Entering the Discovery Port The KX II discovery occurs over a single, configurable TCP Port. The default is Port 5000, but you can configure it to use any TCP port except 80 and 443. To access the KX II from beyond a firewall, your firewall settings must enable two-way communication through the default Port 5000 or a non-default port configured here. To enable the discovery port: 1. Choose Device Settings > Device Services. The Device Service Settings page opens. 2.
Chapter 8: Device Management Configuring and Enabling Tiering The tiering feature allows you to access KX II targets and PDUs through one base KX II device. This feature is available for standard KX II devices as well as KX2-832 and KX2-864 devices. Devices can be added and removed from a configuration as needed up to a maximum of two tiered levels. When setting up the devices, you will use specific CIMS for specific configurations.
Chapter 8: Device Management Enabling Tiering Connect from a target server port on the base device to the tier KX II Local Access port video/keyboard/mouse ports using a D2CIM-DVUSB. If the tier device is a KX2-832 or KX2-864, connect from a target server port on the base device directly to the tier KX2-832/KX2-864 Extended Local port. To enable tiering: 1. From the tier base, choose Device Settings > Device Services. The Device Service Settings page appears. 2. Select Enable Tiering as Base. 3.
Chapter 8: Device Management Tiering - Target Types, Supported CIMS and Tiering Configurations Blade Chassis Blade chassis that attached directly to the base are accessible. Power Control You can power on and off targets that are a part of the tiered configuration. These targets are accessed from the Port Access page. KX II PDU outlets can be accessed and controlled via a tiered configuration with either the KX II or KXII-832 and KXII-864 models.
Chapter 8: Device Management Cabling Example in Tiered Configurations The following diagram illustrates the cabling configurations between a KX II tiered device and a KX II base device. Connect from a target server port on the base device to the tier KX II Local Access port video/keyboard/mouse ports using a D2CIM-DVUSB. If the tier device is a KX2-832 or KX2-864, connect from a target server port on the base device directly to the tier KX2-832/KX2-864 Extended Local port.
Chapter 8: Device Management Enabling Direct Port Access via URL Direct port access allows users to bypass having to use the device's Login dialog and Port Access page. This feature also provides the ability to enter a username and password directly and proceed to the target if the username and password is not contained in the URL. The following is important URL information regarding direct port access: If you are using VKC and direct port access: https://IPaddress/dpa.
Chapter 8: Device Management Enabling the AKC Download Server Certificate Validation If you are using the AKC client, you can choose to use the Enable AKC Download Server Certificate Validation feature or opt not to use this feature.
Chapter 8: Device Management Configuring Modem Settings To configure modem settings: 1. Click Device Settings > Modem Settings to open the Modem Settings page. 2. Select the Enable Modem checkbox. This will enable the Serial Line Speed and Modem Init String field. 3. The Serial Line Speed of the modem is set to 115200. Read-only 4. Enter the initial modem string in the Modem Init String field. If the modem string is left blank, the following string is sent to the modem by default: ATZ OK AT OK.
Chapter 8: Device Management 6. Click OK to commit your changes or click Reset to Defaults to return the settings to their defaults. See Certified Modems (on page 271) for information on certified modems that work with the KX II. For information on settings that will give you the best performance when connecting to the KX II via modem, see Creating, Modifying and Deleting Profiles in MPC - Generation 2 Devices in the KVM and Serial Access Clients Guide.
Chapter 8: Device Management 3. To adjust for daylight savings time, check the "Adjust for daylight savings time" checkbox. 4. Choose the method you would like to use to set the date and time: User Specified Time - Choose this option to input the date and time manually. For the User Specified Time option, enter the date and time. For the time, use the hh:mm format (using a 24-hour clock).
Chapter 8: Device Management Event Management The KX II Event Management feature allows you enable and disable the distribution of system events to SNMP Managers, the Syslog and the audit log. These events are categorized, and for each event you can determine whether you want the event sent to one or several destinations.
Chapter 8: Device Management 3. Click OK. To reset to factory defaults: Click Reset To Defaults. Note: Both IPv4 and IPv6 addresses are supported. Note: IPv6 addresses cannot exceed 80 characters in length for the host name.
Chapter 8: Device Management Event Management - Destinations System events, if enabled, can generate SNMP notification events (traps), or can be logged to Syslog or Audit Log. Use the Event Management - Destinations page to select the system events to track and where to send this information. Note: SNMP traps will be generated only if the SNMP Logging Enabled option is selected. Syslog events will be generated only if the Enable Syslog Forwarding option is selected.
Chapter 8: Device Management 3. Click OK.
Chapter 8: Device Management To reset to factory defaults: Click Reset To Defaults. WARNING: When using SNMP traps over UDP, it is possible for the KX II and the router that it is attached to to fall out of synchronization when the KX II is rebooted, preventing the reboot completed SNMP trap from being logged. SNMP Agent Configuration SNMP-compliant devices, called agents, store data about themselves in Management Information Bases (MIBs) and return this data to the SNMP managers.
Chapter 8: Device Management 156 Trap Name Description communicate over the network. networkParameterChanged A change has been made to the network parameters. passwordSettingsChanged Strong password settings have changed. portConnect A previously authenticated user has begun a KVM session. portConnectionDenied A connection to the target port was denied. portDisconnect A user engaging in a KVM session closes the session properly. portStatusChange The port has become unavailable.
Chapter 8: Device Management Trap Name Description userSessionTimeout A user with an active session has experienced a session termination due to timeout. userUploadedCertificate A user uploaded a SSL certificate. vmImageConnected User attempted to mount either a device or image on the target using Virtual Media. For every attempt on device/image mapping (mounting) this event is generated. vmImageDisconnected User attempted to unmount a device or image on the target using Virtual Media.
Chapter 8: Device Management 4. Click OK. Note: If either of these checkboxes is selected and power input is not actually connected, the power LED at the front of the unit turns red. To turn off the automatic detection: Deselect the checkbox for the appropriate power supply. To reset to factory defaults: Click the Reset To Defaults button. Note: The KX II does NOT report power supply status to CommandCenter. Dominion I (generation 1), however, does report power supply status to CommandCenter.
Chapter 8: Device Management Port type Description PowerStrip (rack PDU) Power strip connected VM Virtual media CIM (D2CIM-VUSB and D2CIM-DVUSB) Blade Chassis Blade chassis and the blades associated with that chassis (displayed in a hierarchical order) 2. Click the Port Name for the port you want to edit. For KVM ports, the Port page for KVM and blade chassis ports is opened. For rack PDUs, the Port page for rack PDUs (power strips) is opened.
Chapter 8: Device Management 8. Click OK. Configuring KVM Switches The KX II also supports use of hot key sequences to switch between targets. In addition to using hot key sequences with standard servers, KVM switching is supported by blade chassis and in tiered configurations. Important: In order for user groups to see the KVM switch that you create, you must first create the switch and then create the group.
Chapter 8: Device Management 5. Select KVM Switch Hot Key Sequence. 6. Enter the Maximum Number of Target Ports (2-32). 7. In the KVM Switch Name field, enter the name you want to use to refer to this port connection. 8. Activate the targets that the KVM switch hot key sequence will be applied to. Indicate the KVM switch ports have targets attached by selecting „Active‟ for each of the ports. 9.
Chapter 8: Device Management Configuring Rack PDU (Power Strip) Targets The KX II allows you to connect rack PDUs (power strips) to KX II ports. KX II rack PDU configuration is done from the KX II Port Configuration page. Connecting a Rack PDU Raritan PX series rack PDUs (power strips) are connected to the KX II using the D2CIM-PWR CIM. To connect the rack PDU: 1. Connect the male RJ-45 of the D2CIM-PWR to the female RJ-45 connector on the serial port of the rack PDU. 2.
Chapter 8: Device Management Naming the Rack PDU in the KX II (Port Page for Power Strips) Note: PX rack PDUs (power strips) can be named in the PX as well as in KX II. The Port page opens when you select a port from the Port Configuration page that is connected to a Raritan remote rack PDU. The Type and the Name fields are prepopulated. Note: The (CIM) Type cannot be changed. The following information is displayed for each outlet on the rack PDU: [Outlet] Number, Name, and Port Association.
Chapter 8: Device Management 3. Click OK.
Chapter 8: Device Management Associating Outlets with Target Servers on KX II The Port page opens when you click on a port on the Port Configuration page. From this page, you can make power associations, change the port name to something more descriptive, and update target server settings if you are using the D2CIM-VUSB CIM. The (CIM) Type and the (Port) Name fields are prepopulated; note that the CIM type cannot be changed.
Chapter 8: Device Management Removing Power Associations When disconnecting target servers and/or rack PDUs from KXII, all power associations should first be deleted. When a target has been associated with a rack PDU and the target is removed from the KX II, the power association remains. When this occurs, you are not able to access the Port Configuration for that disconnected target server in Device Settings so that the power association can be properly remove. To remove a rack PDU association: 1.
Chapter 8: Device Management Configuring Blade Chassis In addition to standard servers and rack PDUs (power strips), you can control blade chassis that are plugged into a Dominion device port. Up to eight blade chassis can be managed at a given time. As with standard servers, blade chassis are autodetected once they are connected.
Chapter 8: Device Management Note: In the case of IBM Blade Center Models E and H, the KX II only supports auto-discovery for AMM[1] as the acting primary management module. The use of hot key sequences to switch KVM access to a blade chassis is also supported. For blade chassis that allow users to select a hot key sequence, those options will be provided on the Port Configuration page.
Chapter 8: Device Management 2. Select Device Settings > Port Configuration to open the Port Configuration page. 3. On the Port Configuration page, click on the name of the blade chassis you want to configure. The Port page will open. 4. Select the Blade Chassis radio button. The page will then display the necessary fields to configure a blade chassis. 5. Select Generic from the Blade Server Chassis Model drop-down. 6. Configure the blade chassis as applicable. a.
Chapter 8: Device Management b. URL - Enter the URL to the interface. Required c. Username - Enter the username used to access the interface. Optional d. Password - Enter the password used to access the interface. Optional Note: Leave the username and password fields blank for DRAC, ILO, and RSA web applications or the connection will fail. e. The Username Field and Password Field, which are both optional, contain the labels that are expected to be associated with the username and password entries.
Chapter 8: Device Management 5. Select the Dell blade chassis model from the Blade Server Chassis Model drop-down. To configure a Dell PowerEdge M1000e: 1. If you selected Dell PowerEdge™ M1000e, auto-discovery is available. Configure the blade chassis as applicable. Prior to configuring a blade chassis that can be auto-discovered, it must be configured to enable SSH connections on the designated port number (see Device Services (on page 140)).
Chapter 8: Device Management 5. In the Blade Chassis Managed Links section of the page, you are able to configure the connection to a blade chassis web browser interface if one is available. Click the Blade Chassis Managed Links icon page. to expand the section on the The first URL link is intended for use to connect to the blade chassis Administration Module GUI. Note: Access to the URL links entered in this section of the page is governed by the blade chassis port permissions. a.
Chapter 8: Device Management To configure a Dell PowerEdge 1855/1955: 1. If you selected Dell 1855/1955, auto-discovery is not available. Configure the blade chassis as applicable. a. Switch Hot Key Sequence - Select the hot key sequence that will be used to switch from KVM to the blade server. b. Maximum Number of Slots - The default maximum number of slots available on the blade chassis is automatically entered. c. Administrative Module Primary IP Address/Host Name - Not applicable. d.
Chapter 8: Device Management Note: Leave the username and password fields blank for DRAC, ILO, and RSA web applications or the connection will fail. e. The Username Field and Password Field, which are both optional, contain the labels that are expected to be associated with the username and password entries. It is in these fields you should enter the field names for the username and password fields used on the login screen for the web application.
Chapter 8: Device Management c. Administrative Module Primary IP Address/Host Name - Enter the primary IP address for the blade chassis. Required for auto-discovery mode d. Port Number - The default port number for the blade chassis is 22. Change the port number if applicable. Required for auto-discovery mode e. Username - Enter the username used to access the blade chassis. Required for auto-discovery mode f. Password - Enter the password used to access the blade chassis.
Chapter 8: Device Management c. Username - Enter the username used to access the interface. d. Password - Enter the password used to access the interface. Note: Leave the username and password fields blank for DRAC, ILO, and RSA web applications or the connection will fail. e. The Username Field and Password Field, which are both optional, contain the labels that are expected to be associated with the username and password entries.
Chapter 8: Device Management 4. In the Blade Chassis Managed Links section of the page, you are able to configure the connection to a blade chassis web browser interface if one is available. Click the Blade Chassis Managed Links icon page. to expand the section on the The first URL link is intended for use to connect to the blade chassis Administration Module GUI. Note: Access to the URL links entered in this section of the page is governed by the blade chassis port permissions. a.
Chapter 8: Device Management Tips for Adding a Web Browser Interface You can add a Web Browser Interface to create a connection to a device with an embedded web server. A Web Browser interface can also be used to connect to any web application, such as the web application associated with an RSA, DRAC or ILO Processor card. You must have DNS configured or URLs will not resolve. You do not need to have DNS configured for IP addresses. To add a web browser interface: 1.
Chapter 8: Device Management HP Blade Chassis Configuration (Port Group Management) The KX II supports the aggregation of ports connected to certain types of blades into a group representing the blade chassis. Specifically, HP® BladeServer blades and Dell® PowerEdge™ 1855/1955 blades when the Dell PowerEdge 1855/1955 is connected from each individual blade to a port on the KX II.
Chapter 8: Device Management 3. Enter a Port Group Name. The port group name is not case sensitive and can contain up to 32 characters. 4. Select the Blade Server Group checkbox. If you want to designate that these ports are attached to blades housed in a blade chassis (for example, HP c3000 or Dell PowerEdge 1855), select the Blade Server Group checkbox.
Chapter 8: Device Management To delete a port group: 1. Click on the Port Group Management page, select the checkbox of the port group you want to delete. 2. Click the Delete button. 3. Click OK on the warning message. Supported Blade Chassis Models This table contains the blade chassis models that are supported by the KX II and the corresponding profiles that should be selected per chassis model when configuring them in the KX II application.
Chapter 8: Device Management Supported CIMs for Blade Chassis The following CIMs are supported for blade chassis being managed through the KX II: DCIM-PS2 DCIM-USBG2 D2CIM-VUSB D2CIM-DVUSB Following is a table containing supported CIMs for each blade chassis model that the KX II supports.
Chapter 8: Device Management Blade chassis M1000e Connection method with this chassis. Recommended CIM(s) The iKVM is compatible with the following peripherals: USB keyboards, USB pointing devices VGA monitors with DDC support. Source: Dell Chassis Management Controller, Firmware Version 1.
Chapter 8: Device Management Blade chassis Connection method one Advanced Management Module. Recommended CIM(s) In contrast to the standard BladeCenter chassis, the KVM module and the Management Module in the BladeCenter T chassis are separate components. The front of the Management Module only features the LEDs for displaying status. All Ethernet and KVM connections are fed through to the rear to the LAN and KVM modules.
Chapter 8: Device Management Blade chassis Dell PowerEdge 1855/1955 IBM®/Dell® Auto-Discovery Required/recommended action Slot, not by Name. iKVM may not work correctly if this is not done. Do not designate any slots for scan operations in the iKVM GUI Setup Scan menu. iKVM may not work correctly otherwise. Do not designate any slots for broadcast keyboard/mouse operations in the iKVM GUI Setup Broadcast menu. iKVM may not work correctly otherwise.
Chapter 8: Device Management Blade chassis IBM KX2 Virtual Media Required/recommended action management module. The SSH port configured on the blade chassis management module and the port number entered on the Port Configuration page must match. Raritan KX II virtual media is supported only on IBM BladeCenter® Models H and E. This requires the use of the D2CIM-DVUSB. The black D2CIM-DVUSB Low-Speed USB connector is attached to the Administrative Management Module (AMM) at the rear of the unit.
Chapter 8: Device Management Configuring USB Profiles (Port Page) You choose the available USB profiles for a port in the Select USB Profiles for Port section of the Port page. The USB profiles chosen in the Port page become the profiles available to the user in VKC when connecting to a KVM target server from the port. The default is the Windows 2000® operating system, Windows XP® operating system, Windows Vista® operating system profile. For information about USB profiles, see USB Profiles (on page 101).
Chapter 8: Device Management Ctrl-Click to select several discontinuous profiles. 2. Click Add. The selected profiles appear in the Selected list. These are the profiles that can be used for the KVM target server connected to the port. To specify a preferred USB profile: 1. After selecting the available profiles for a port, choose one from the Preferred Profile for Port menu. The default is Generic. The selected profile will be used when connecting to the KVM target server.
Chapter 8: Device Management 2. Click Remove. The selected profiles appear in the Available list. These profiles are no longer available for a KVM target server connected to this port. To apply a profile selection to multiple ports: 1. In the Apply Selected Profiles to Other Ports section, select the Apply checkbox for each KVM port you want to apply the current set of selected USB profiles to. To select all KVM ports, click Select All. To deselect all KVM ports, click Deselect All.
Chapter 8: Device Management Configuring KX II Local Port Settings From the Local Port Settings page, you can customize many settings for the KX II Local Console including keyboard, hot keys, video switching delay, power save mode, local user interface resolution settings, and local user authentication. Further, you can change a USB profile from the local port. For the KX2-832 and KX2-864, you are also able to configure the extended local port from the Local Port Settings page.
Chapter 8: Device Management Note: If you are using KX2-832 and KX2-864 as tiered devices, you must connect them to the base KX II via the extended local port. Note: If you connect a Paragon device to the KX2-832 and KX2-864 extended local port, you must use the remote client to change the USB profile. 4. If you are using the tiering feature, select the Enable Local Port Device Tiering checkbox and enter the tiered secret word in the Tier Secret field.
Chapter 8: Device Management Hot key: Take this action: Double Click Num Lock Press Num Lock key twice quickly Double Click Caps Lock Press Caps Lock key twice quickly Double Click Left Alt key Press the left Alt key twice quickly Double Click Left Shift key Press the left Shift key twice quickly Double Click Left Ctrl key Press the left Ctrl key twice quickly 7. Select the Local Port Connect key. Use a connect key sequence to connect to a target and switch to another target.
Chapter 8: Device Management Select the "Ignore CC managed mode on local port" checkbox if you would like local user access to the KX II even when the device is under CC-SG management. Note: If you initially choose not to ignore CC Manage mode on the local port but later want local port access, you will have to remove the device from under CC-SG management (from within CC-SG). You will then be able to check this checkbox.
Chapter 8: Device Management KX2-832 and KX2-864 Standard and Extended Local Port Settings The KX2-832 and KX2-864 provides you with two local port options: the standard local port and the extended local port. Each of these port options is enabled and disabled from the Remote Console on the Port Configuration page or from the Local Console on the Local Port Settings page. For more information, see Configuring KX II Local Port Settings (on page 190).
Chapter 9 Security Management In This Chapter Security Settings....................................................................................195 Configuring IP Access Control ..............................................................205 SSL Certificates .....................................................................................207 Security Banner .....................................................................................
Chapter 9: Security Management To reset back to defaults: Click Reset to Defaults. Login Limitations Using login limitations, you can specify restrictions for single login, password aging, and the logging out idle users. Limitation Description Enable single login limitation When selected, only one login per user name is allowed at any time. When deselected, a given user name/password combination can be connected into the device from several client workstations simultaneously.
Chapter 9: Security Management Limitation Description Enter the number of days after which a password change is required. The default is 60 days. Log out idle users, After (1-365 minutes) Select the "Log off idle users" checkbox to automatically disconnect users after the amount of time you specify in the "After (1-365 minutes)" field. If there is no activity from the keyboard or mouse, all sessions and all resources are logged out.
Chapter 9: Security Management Strong Passwords Strong passwords provide more secure local authentication for the system. Using strong passwords, you can specify the format of valid KX II local passwords such as minimum and maximum length, required characters, and password history retention. Strong passwords require user-created passwords to have a minimum of 8 characters with at least one alphabetical character and one nonalphabetical character (punctuation character or number).
Chapter 9: Security Management User Blocking The User Blocking options specify the criteria by which users are blocked from accessing the system after the specified number of unsuccessful login attempts. The three options are mutually exclusive: Option Description Disabled The default option. Users are not blocked regardless of the number of times they fail authentication.
Chapter 9: Security Management Option Description Timer Lockout Users are denied access to the system for the specified amount of time after exceeding the specified number of unsuccessful login attempts. When selected, the following fields are enabled: Attempts - The number of unsuccessful login attempts after which the user will be locked out. The valid range is 1 - 10 and the default is 3 attempts. Lockout Time - The amount of time for which the user will be locked out.
Chapter 9: Security Management Encryption & Share Using the Encryption & Share settings you can specify the type of encryption used, PC and VM share modes, and the type of reset performed when the KX II Reset button is pressed. WARNING: If you select an encryption mode that is not supported by your browser, you will not be able to access the KX II from your browser. 1. Choose one of the options from the Encryption Mode drop-down list.
Chapter 9: Security Management Encryption mode Description a National Institute of Standards and Technology specification for the encryption of electronic data. 256 is the key length. When AES-256 is specified, be certain that your browser supports it, otherwise you will not be able to connect. See Checking Your Browser for AES Encryption (on page 203) for more information. Note: MPC will always negotiate to the highest encryption and will match the Encryption Mode setting if not set to Auto.
Chapter 9: Security Management Local device reset mode Description Enable Local Factory Returns the KX II device to the factory defaults. Reset (default) Enable Local Admin Password Reset Resets the local administrator password only. The password is reset to raritan. Disable All Local Resets No reset action is taken.
Chapter 9: Security Management Enabling FIPS 140-2 For government and other high security environments, enabling FIPS 140-2 mode may be desirable. The KX II uses an embedded FIPS 140-2-validated cryptographic module running on a Linux® platform per FIPS 140-2 Implementation Guidance section G.5 guidelines. Once this mode is enabled, the private key used to generate the SSL certificates must be internally generated; it cannot be downloaded or exported. To enable FIPS 140-2: 1.
Chapter 9: Security Management FIPS 140-2 should be enabled on the client computer and in Internet Explorer. To enable FIPS 140-2 on a Windows client: 1. Select Control Panel > Administrative Tools > Local Security Policy to open the Local Security Settings dialog. 2. From the navigation tree, select Select Local Policies > Security Options. 3. Enable "System Cryptography: Use FIPS compliant algorithms for encryption, hashing and signing". 4. Reboot the client computer.
Chapter 9: Security Management To add (append) rules: 1. Type the IP address and subnet mask in the IPv4/Mask or IPv6/Prefix Length field. Note: The IP address should be entered using CIDR (Classless Inter-Domain Routing notation, in which the first 24 bits are used as a network address). 2. Choose the Policy from the drop-down list. 3. Click Append. The rule is added to the bottom of the rules list. To insert a rule: 1. Type a rule #. A rule # is required when using the Insert command. 2.
Chapter 9: Security Management 3. You are prompted to confirm the deletion. Click OK. SSL Certificates The KX II uses the Secure Socket Layer (SSL) protocol for any encrypted network traffic between itself and a connected client. When establishing a connection, the KX II has to identify itself to a client using a cryptographic certificate. It is possible to generate a Certificate Signing Request (CSR) and install a certificate signed by the Certificate Authority (CA) on the KX II.
Chapter 9: Security Management b. Organizational unit - This field is used for specifying to which department within an organization the KX II belongs. c. Organization - The name of the organization to which the KX II belongs. d. Locality/City - The city where the organization is located. e. State/Province - The state or province where the organization is located. f. Country (ISO code) - The country where the organization is located. This is the two-letter ISO code, e.g. DE for Germany, or US for the U.
Chapter 9: Security Management Note: The CSR and the private key file are a matched set and should be treated accordingly. If the signed certificate is not matched with the private key used to generate the original CSR, the certificate will not be useful. This applies to uploading and downloading the CSR and private key files. After completing these three steps the KX II has its own certificate that is used for identifying the card to its clients.
Chapter 9: Security Management 4. If needed, change the banner title. This information will be displayed to users as part of the banner. Up to 64 characters can be used. 5. Edit the information in the Restricted Services Banner Message text box. Up to 6000 characters can be entered or uploaded from a text file. To do this, do one of the following: a. Edit the text by manually typing in the text box. Click OK. b. Upload the information from .
Chapter 10 Maintenance In This Chapter Audit Log................................................................................................211 Device Information.................................................................................212 Backup and Restore ..............................................................................213 USB Profile Management ......................................................................216 Upgrading CIMs ...............................................
Chapter 10: Maintenance Device Information The Device Information page provides detailed information about your KX II device and the CIMs in use. This information is helpful should you need to contact Raritan Technical Support. To view information about your KX II and CIMs: Choose Maintenance > Device Information. The Device Information page opens.
Chapter 10: Maintenance Backup and Restore From the Backup/Restore page, you can backup and restore the settings and configuration for your KX II. In addition to using backup and restore for business continuity purposes, you can use this feature as a time-saving mechanism. For instance, you can quickly provide access to your team from another KX II by backing up the user configuration settings from the KX II in use and restoring those configurations to the new KX II.
Chapter 10: Maintenance If you are using Internet Explorer 6 or higher, to backup your KX II: 1. Click Backup. A File Download dialog appears that contains an Open button. Do not click Open. In IE 6 and higher, IE is used as the default application to open files, so you are prompted to open the file versus save the file. To avoid this, you must change the default application that is used to open files to WordPad®. 2. To do this: a. Save the backup file.
Chapter 10: Maintenance Full Restore - A complete restore of the entire system. Generally used for traditional backup and restore purposes. Protected Restore - Everything is restored except device-specific information such as IP address, name, and so forth. With this option, you can setup one KX II and copy the configuration to multiple KX II devices.
Chapter 10: Maintenance USB Profile Management From the USB Profile Management page, you can upload custom profiles provided by Raritan tech support. These profiles are designed to address the needs of your target server‟s configuration, in the event that the set of standard profiles does not already address them. Raritan tech support will provide the custom profile and work with you to verify the solution for your target server‟s specific needs.
Chapter 10: Maintenance As noted, you may delete a custom profile from the system while it is still designated as an active profile. Doing so will terminate any virtual media sessions that were in place. Handling Conflicts in Profile Names A naming conflict between custom and standard USB profiles may occur when a firmware upgrade is performed.
Chapter 10: Maintenance 3. Click the Upgrade button. You are prompted to confirm the upgrade. 4. Click OK to continue the upgrade. Progress bars are displayed during the upgrade. Upgrading takes approximately 2 minutes or less per CIM. Upgrading Firmware Use the Firmware Upgrade page to upgrade the firmware for your KX II and all attached CIMs. This page is available in the KX II Remote Console only.
Chapter 10: Maintenance 6. Click Upload from the Firmware Upgrade page. Information about the upgrade and version numbers is displayed for your confirmation (if you opted to review CIM information, that information is displayed as well): Note: At this point, connected users are logged out, and new login attempts are blocked. 7. Click Upgrade. Please wait for the upgrade to complete. Status information and progress bars are displayed during the upgrade.
Chapter 10: Maintenance For information about upgrading the device firmware using the Multi-Platform Client, see Upgrading Device Firmware in the KVM and Serial Access Clients Guide. Note: Firmware upgrades are not supported via modem. Note: If you are using a tiered configuration in which a base KX II device is used to access multiple other tiered devices, you may receive a low memory error during a firmware upgrade if you have a large number of user groups.
Chapter 10: Maintenance Upgrade History The KX II provides information about upgrades performed on the KX II and attached CIMS. To view the upgrade history: Choose Maintenance > Upgrade History. The Upgrade History page opens. Information is provided about the KX II upgrade(s) that have been run, the final status of the upgrade, the start and end times, and the previous and current firmware versions.
Chapter 10: Maintenance To reboot your KX II: 1. Choose Maintenance > Reboot. The Reboot page opens. 2. Click Reboot. You are prompted to confirm the action. Click Yes to proceed with the reboot.
Chapter 10: Maintenance Stopping CC-SG Management While the KX II is under CC-SG management, if you try to access the device directly, you are notified that it the device is under CC-SG management. If you are managing the KX II through CC-SG and connectivity between CC-SG and the KX II is lost after the specified timeout interval (typically 10 minutes), you are able to end the CC-SG management session from the KX II console.
Chapter 10: Maintenance 3. Click Yes to remove the device CC-SG management. Once CC-SG management has ended, a confirmation will be displayed.
Chapter 11 Diagnostics In This Chapter Network Interface Page .........................................................................225 Network Statistics Page.........................................................................226 Ping Host Page ......................................................................................228 Trace Route to Host Page .....................................................................228 Device Diagnostics ..................................................
Chapter 11: Diagnostics Network Statistics Page The KX II provides statistics about your network interface. To view statistics about your network interface: 1. Choose Diagnostics > Network Statistics. The Network Statistics page opens. 2. Choose the appropriate option from the Options drop-down list: 226 Statistics - Produces a page similar to the one displayed here.
Chapter 11: Diagnostics Interfaces - Produces a page similar to the one displayed here. Route - Produces a page similar to the one displayed here. 3. Click Refresh. The relevant information is displayed in the Result field.
Chapter 11: Diagnostics Ping Host Page Ping is a network tool used to test whether a particular host or IP address is reachable across an IP network. Using the Ping Host page, you can determine if a target server or another KX II is accessible. To ping the host: 1. Choose Diagnostics > Ping Host. The Ping Host page appears. 2. Type either the hostname or IP address into the IP Address/Host Name field. Note: The host name cannot exceed 232 characters in length. 3. Click Ping.
Chapter 11: Diagnostics Note: The host name cannot exceed 232 characters in length. 3. Choose the maximum hops from the drop-down list (5 to 50 in increments of 5). 4. Click Trace Route. The trace route command is executed for the given hostname or IP address and the maximum hops. The output of trace route is displayed in the Result field.
Chapter 11: Diagnostics Device Diagnostics Note: This page is for use by Raritan Field Engineers or when you are directed by Raritan Technical Support. Device diagnostics downloads the diagnostics information from the KX II to the client machine. Two operations can be performed on this page: Execute a special diagnostics script provided by Raritan Technical Support during a critical error debugging session. The script is uploaded to the device and executed.
Chapter 11: Diagnostics a. Click the Save to File button. The File Download dialog opens. b. Click Save. The Save As dialog box opens. c. Navigate to the desired directory and click Save. d. Email this file as directed by Raritan Technical Support.
Chapter 12 Command Line Interface (CLI) In This Chapter Overview ................................................................................................232 Accessing the KX II Using CLI ..............................................................233 SSH Connection to the KX II .................................................................233 Logging In ..............................................................................................234 Navigation of the CLI ......................
Chapter 12: Command Line Interface (CLI) Accessing the KX II Using CLI Access the KX II by using one of the following methods: SSH (Secure Shell) via IP connection A number of SSH clients are available and can be obtained from the following locations: Putty - http://www.chiark.greenend.org.uk/~sgtatham/putty/ http://www.chiark.greenend.org.uk/~sgtatham/putty/ SSH Client from ssh.com - www.ssh.com http://www.ssh.com Applet SSH Client - www.netspace.org/ssh http://www.netspace.
Chapter 12: Command Line Interface (CLI) SSH Access from a UNIX/Linux Workstation To open an SSH session from a UNIX®/Linux® workstation and log in as the user admin, enter the following command: ssh -l admin 192.168.30.222 The Password prompt appears. See Logging In (on page 234). Note: Both IPv4 and IPv6 addresses are supported. Logging In To log in, enter the user name admin as shown: 1. Log in as admin 2. The Password prompt appears. Enter the default password: raritan The welcome message displays.
Chapter 12: Command Line Interface (CLI) After reviewing the following Navigation of the CLI (on page 235) section, perform the Initial Configuration tasks. Navigation of the CLI Before using the CLI, it is important to understand CLI navigation and syntax. There are also some keystroke combinations that simplify CLI use.
Chapter 12: Command Line Interface (CLI) Completion of Commands The CLI supports the completion of partially-entered commands. After entering the first few characters of an entry, press the Tab key. If the characters form a unique match, the CLI will complete the entry. If no match is found, the CLI displays the valid entries for that level. If multiple matches are found, the CLI displays all valid entries. Enter additional text to make the entry unique and press the Tab key to complete the entry.
Chapter 12: Command Line Interface (CLI) Commands help Description Display an overview of the CLI syntax. quit Places the user back one level. logout Logs out the user session. Initial Configuration Using CLI Note: These steps, which use the CLI, are optional since the same configuration can be done via KVM. See Getting Started (on page 14) for more information. KX II devices come from the factory with default factory settings.
Chapter 12: Command Line Interface (CLI) Setting Network Parameters Network parameters are configured using the interface command. admin > Config > Network > interface ipauto none ip 192.168.151.12 mask 255.255.255.0 gw 192.168.151.1 mode auto When the command is accepted, the device automatically drops the connection. You must reconnect to the device using the new IP address and the user name and password you created in the resetting factory default password section.
Chapter 12: Command Line Interface (CLI) Command Description history Display the current session's command line history. listports List accessible ports. logout Logout of the current CLI session. top Return to the root menu. userlist List active user sessions. Enter admin > config > network. Command Description help Display overview of commands. history Display the current session's command line history. interface Set/get network parameters.
Chapter 12: Command Line Interface (CLI) Configuring Network The network menu commands are used to configure the KX II network adapter. Commands interface Description Configure the KX II device network interface. name Network name configuration ipv6 Set/get IPv6 network parameters. Interface Command The Interface command is used to configure the KX II network interface.
Chapter 12: Command Line Interface (CLI) Name Command The name command is used to configure the network name.
Chapter 13 KX II Local Console In This Chapter Overview ................................................................................................242 Using the KX II Local Console ...............................................................242 KX II Local Console Interface ................................................................243 Security and Authentication ...................................................................243 Local Console Smart Card Access .............................
Chapter 13: KX II Local Console KX II Local Console Interface When you are located at the server rack, the KX II provides standard KVM management and administration via the KX II Local Console. The KX II Local Console provides a direct KVM (analog) connection to your connected servers; the performance is exactly as if you were directly connected to the server's keyboard, mouse, and video ports. Additionally, the KX II provides terminal emulation when accessing serial targets.
Chapter 13: KX II Local Console Local Console Smart Card Access To use a smart card to access a server at the Local Console, plug a USB smart card reader into the KX II using one of the USB ports located on the KX II. Once a smart card reader is plugged in or unplugged from the KX II, the KX II autodetects it. For a list of supported smart cards and additional system requirements, see Supported and Unsupported Smart Card Readers (on page 275) and Minimum System Requirements (on page 276).
Chapter 13: KX II Local Console To update the Card Readers Detected list: Click Refresh if a new smart card has been mounted. The Card Readers Detected list will be refreshed to reflect the newly added smart card reader. Smart Card Access in KX2 8 Devices If you are using a smart card reader to access a server from the Local Console through a KX2-832 or KX2-864 device, the extended local port (Local Port Settings page) must be disabled.
Chapter 13: KX II Local Console 2. In the Select Profile To Use field, select the profile to use from among those available for the port. 3. Click OK. The USB profile will be applied to the local port and will appear in the Profile In Use field. Available Resolutions The KX II Local Console provides the following resolutions to support various monitors: 800x600 1024x768 1280x1024 Each of these resolutions supports a refresh rate of 60Hz and 75Hz.
Chapter 13: KX II Local Console Port Access Page (Local Console Server Display) After you login to the KX II Local Console, the Port Access page opens. This page lists all of the KX II ports, the connected KVM target servers, and their status and availability. Also displayed on the Port Access page are blade chassis that have been configured in the KX II.
Chapter 13: KX II Local Console To use the Port Access page: 1. Log in to the Local Console. The KVM target servers are initially sorted by Port Number. You can change the display to sort on any of the columns. Port Number - Numbered from 1 to the total number of ports available for the KX II device. Note that ports connected to power strips will not be among those listed, resulting in gaps in the Port Number sequence. Port Name - The name of the KX II port.
Chapter 13: KX II Local Console 2. Click View by Port or View by Group to switch between views. In addition to the Port Number, Port Name, Status, Type, and Availability, a Group column is also displayed on the View by Group tab. This column contains the port groups that are available. 3. Click the Port Name of the target server you want to access. The Port Action Menu appears. See Port Action Menu (on page 44) for details on available menu options. 4.
Chapter 13: KX II Local Console Blade chassis Connect key action Key sequence example Access a port from the local port GUI Access port 5, slot 2: Switch between ports Switch from target port 5, slot 2 to port 5, slot 11: Disconnect from a target and return to the local port GUI Press Left ALT > Press and Release 5 > Press and Release - > Press and Release 2 > Release Left ALT Press Left ALT > Press and Release 5 > Press and Release - > Press and Release 1 > Press and Release 1 > Release Left A
Chapter 13: KX II Local Console Sun key Local port key combination Compose Ctrl+ Alt + KPAD * Vol + Ctrl + Alt + KPAD + Vol - Ctrl + Alt + KPAD - Stop No key combination Power No key combination Accessing a Target Server To access a target server: 1. Click the Port Name of the target you want to access. The Port Action Menu is displayed. 2. Choose Connect from the Port Action menu. The video display switches to the target server interface.
Chapter 13: KX II Local Console Configuring KX II Local Console Local Port Settings From the Local Port Settings page, you can customize many settings for the KX II Local Console including keyboard, hot keys, video switching delay, power save mode, local user interface resolution settings, and local user authentication. Note: Only users with administrative privileges can access these functions.
Chapter 13: KX II Local Console 3. Choose the local port hotkey. The local port hotkey is used to return to the KX II Local Console interface when a target server interface is being viewed.
Chapter 13: KX II Local Console None. There is no authentication for Local Console access. This option is recommended for secure environments only. Select the "Ignore CC managed mode on local port" checkbox if you would like local user access to the KX II even when the device is under CC-SG management. Note: If you initially choose not to ignore CC Manage mode on the local port but later want local port access, you will have to remove the device from under CC-SG management (from within CC-SG).
Chapter 13: KX II Local Console Configuring KX II Local Port Settings from the Local Console The standard local port and the extended local port can be configured from the Remote Console on the Port Configuration page or from the Local Console on the Local Port Settings page. See Configuring KX II Local Port Settings (on page 190) for details on configuring these ports. KX II Local Console Factory Reset Note: This feature is available only on the KX II Local Console.
Chapter 13: KX II Local Console Timeout (seconds) 1. Click Reset to continue. You will be prompted to confirm the factory reset because all network settings will be permanently lost. 2. Click OK button proceed. Upon completion, the KX II device is automatically restarted. Resetting the KX II Using the Reset Button On the back panel of the device, there is a Reset button. It is recessed to prevent accidental resets (you will need a pointed object to press this button).
Appendix A Specifications In This Chapter Physical Specifications ..........................................................................257 Environmental Requirements ................................................................259 Supported Operating Systems (Clients) ................................................260 Supported CIMs and Operating Systems (Target Servers) ..................261 Supported Operating Systems and CIMs (KVM Target Servers)..........267 Computer Interface Modules (CIMs) .
Appendix A: Specifications Part number Line item description UPC code Power DKX2-132 32-Port KX II with 1-user network access and local port, virtual media, dual power 785813624079 16-Port KX II with 2-user network access and local port, virtual media, dual power 785813624086 32-Port KX II with 2-user network access and local port, virtual media, dual power 785813625021 16-Port KX II with 4-user network access and local port, virtual media, dual power 785813625359 32-Port KX II with 4-user net
Appendix A: Specifications KX2-8 Specifications Part number Line item description UPC code Power Weight Product dimensions (WxDxH) DKX2-83 32-Port KX II 0785813620019 2 with 8-user network access, standard local port, extended local port, virtual media, dual power Dual power 10.57 100/240 V lbs 50/60 Hz DKX2-86 64-Port KX II 0785813620026 4 with 8-user network access, standard local port, extended local port, virtual media, dual power Dual power 13.22 100/240 V lbs 50/60 Hz 1.2A 6.
Appendix A: Specifications Operating Shock N/A Supported Operating Systems (Clients) The following operating systems are supported on the Virtual KVM Client and Multi-Platform Client (MPC): Client operating system Windows 7 Virtual media (VM) support on client ® Yes Windows XP® Yes ® Yes Windows Vista® Yes Windows 2000® SP4 Server Yes Windows 2008 ® Windows 2003 Server Yes Windows 2008® Server Yes ® Red Hat Desktop 5.0 Yes.
Appendix A: Specifications Mode Operating system Windows Server 2003® Windows x64 64-bit mode Browser Internet Explorer 6.0 SP1++, IE 7, IE 8 Firefox 1.06 - 3 Windows Vista® Internet Explorer 7.0 or 8.0 Windows 7® Internet Explorer 7.0 or 8.0 Firefox 1.06 - 3 Windows XP Windows XP Professional® Windows XP Tablet® Windows Vista Windows Server 2003 64bit OS, 32bit browsers: Internet Explorer 6.0 SP1+, 7.0 or 8.0 Firefox 1.
Appendix A: Specifications Supported Paragon CIMs P2CIM-PS2 Operating system and serial devices (where applicable) Windows XP® Windows 2000® Windows 2000 Server® Windows 2003 Server® Windows Vista® Windows 7® Windows 2008® Red Hat® Enterprise Linux® 4 ES Red Hat Enterprise Linux 5 Open SUSE 10, 11 Fedora® 8 - 11 IBM® AIX™ HP UX P2CIM-AUSB Windows XP UUSBPD Windows 2000 Windows 2000 Server Windows 2003 Server Windows Vista
Appendix A: Specifications Supported Paragon CIMs UKVMPD (version 0C4) Note: Version 0C5 does not work with KX II.
Appendix A: Specifications Supported Dominion KX I DCIMs DCIM-PS2 264 DCIM-USB Target server Windows XP Windows 2000 Windows 2000 Server Windows 2003 Server Windows Vista Windows 7 Windows 2008 Red Hat Enterprise Linux 4 ES Red Hat Enterprise Linux 5 Open SUSE 10, 11 Fedora Core 3 and above IBM AIX HP UX Windows XP Windows 2000 Windows 2000 Server Windows 2003 Server Windows Vista Windows 7 Windows 2008 Red Hat Ente
Appendix A: Specifications Supported Dominion KX I DCIMs DCIM-USBG2 Target server Windows XP Windows 2000 Windows 2000 Server Windows 2003 Server Windows Vista Windows 7 Windows 2008 Red Hat Enterprise Linux 4 ES Red Hat Enterprise Linux 5 Open SUSE 10, 11 Fedora 8 - 11 Mac OS All Solaris OSs supported in Dominion KX I IBM AIX HP UX Virtual media Absolute Intelligent Standard Mouse mode Mouse mode Mouse mode Note: The DCIM-USBG2 and P2CIM-AU
Appendix A: Specifications Supported KX II D2CIMs D2CIM-VUSB Target server and remote rack PDUs (where applicable) Windows XP Windows 2000 Windows 2000 Server Windows 2003 Server Windows Vista Windows 7 Windows 2008 Open SUSE 10, 11 Fedora Core 3 and above Red Hat Enterprise Linux 4 ES Red Hat Enterprise Linux 5 Mac OS Virtual media Absolute Mouse mode Note: D2CIM-VUSB is not supported on Sun™ (Solaris) targets.
Appendix A: Specifications Supported Operating Systems and CIMs (KVM Target Servers) In addition to the new D2CIMs, most Dominion CIMs are supported. The following table displays the supported target server operating systems, CIMs, virtual media, and mouse modes: Note: D2CIM-VUSB is not supported on Sun™ (Solaris™) targets.
Appendix A: Specifications Target server Windows 2003 Server® Supported CIMs Mouse modes Windows Vista operating system Red Hat® Enterprise Workstation 3.0, 4.0 and 5.0 SUSE Linux Professional 9.2 and 10 DCIM-PS2 DCIM-USB DCIM-USB G2 D2CIM-VUSB (excluding Red Hat Enterprise Workstation 3.
Appendix A: Specifications Legend: VM - Virtual Media (D2CIM-VUSB only) AM: Absolute Mouse Synchronization (D2CIM-VUSB only) IM: Intelligent Mouse Mode SM: Standard Mouse Mode : Supported The DCIM-USB G2 provides a small slide switch on the back of the CIM. Move the switch to P for PC-based USB KVM target servers; move the switch to S for Sun USB KVM target servers. A new switch position takes effect only after the CIM is power-cycled.
Appendix A: Specifications Part number Line item description Product weight Product dimensions (WxDxH) Shipping weight Shipping dimensions (WxDxH) 0.6" D2CIM-VUSB- Bulk pack of 32 32PAC D2CIM-VUSB 6.4 lb (1.3" x 3.0" x 0.6")*32 8.01 lb 21.65"x12.20 785813332028 "x4.33" D2CIM-VUSB -64PAC 12.8 lb (1.3" x 3.0" x 0.6")*64 18.13 lb 22.64"x9.45" x12.99" 785813332035 D2CIM-DVUS Dominion KX II 0.23 lbs, B Computer 105 g Interface Module [Dual USB Port with Virtual Media] 3.53”x1.68”x.76” .
Appendix A: Specifications Certified Modems USRobotics® 56K 5686E ZOOM® v90 ZOOM v92 USRobotics Sportster® 56K USRobotics Courier™ 56K Devices Supported by the KX2-832 and KX2-864 Extended Local Port The extended local port supports attachment from the following devices: KX2-832 and KX2-864. Paragon II User Station (P2-UST) connected directly to extended local port. Paragon II Enhanced User Station (P2-EUST) connected directly to extended local port.
Appendix A: Specifications Note: Due to the multiplicity of server manufacturers and types, OS versions, video drivers, and so forth and the subjective nature of video quality, Raritan cannot guarantee performance across all distances in all environments. See the Supported Video Resolutions (on page 272) for the video resolutions supported by the KX II.
Appendix A: Specifications Resolutions 640x350 @85Hz 1024x768 @75Hz 640x400 @56Hz 1024x768 @90Hz 640x400 @84Hz 1024x768 @100Hz 640x400 @85Hz 1152x864 @60Hz 640x480 @60Hz 1152x864 @70Hz 640x480 @66.6Hz 1152x864 @75Hz 640x480 @72Hz 1152x864 @85Hz 640x480 @75Hz 1152x870 @75.
Appendix A: Specifications Supported Keyboard Languages The KX II provides keyboard support for the languages listed in the following table. Note: You can use the keyboard for Chinese, Japanese, and Korean for display only; local language input is not supported at this time for the KX II Local Console functions. For more information about non-US keyboards, see Informational Notes (on page 289).
Appendix A: Specifications Language Regions Keyboard layout Spanish Spain and most Spanish speaking countries Spanish Portuguese Portugal Portuguese Smart Card Readers Supported and Unsupported Smart Card Readers External, USB smart card readers are supported. Supported Smart Card Readers Type Vendor Model Verified USB SCM Microsystems SCR331 Verified on local and remote USB ActivIdentity® ActivIdentity USB Reader v2.
Appendix A: Specifications This table contains a list of readers that Raritan has tested and found not to work with the Raritan device, therefore they are unsupported. If a smart card reader does not appear in the supported smart card readers table or in the unsupported smart card readers table, Raritan cannot guarantee it will function with the device.
Appendix A: Specifications Windows XP® operating system targets must be running Windows XP SP3 in order to use smart cards with the KX II. If you are working with .NET 3.5 in a Windows XP environment on the target server, you must be using SP1. Linux Targets If you are using a Linux® target, the following requirements must be met to use smart card readers with the KX II.
Appendix A: Specifications Fedora® Core 10 pcsc-lite-1.4.102.3.fc10.i386 ™ Create a Java Library Link A soft link must be created to the libpcsclite.so after upgrading RHEL 4, RHEL 5 and FC 10. For example, ln –s /usr/lib/libpcsclite.so.1 /usr/lib/libpcsclite.so, assuming installing the package places the libraries in /usr/lib or /user/local/lib. PC/SC Daemon When the pcsc daemon (resource manager in framework) is restarted, restart the browser and MPC, too.
Appendix A: Specifications Port Description HTTP, Port 80 This port can be configured as needed. See HTTP and HTTPS Port Settings (on page 140). By default, all requests received by the KX II via HTTP (port 80) are automatically forwarded to HTTPS for complete security. The KX II responds to Port 80 for user convenience, relieving users from having to explicitly type in the URL field to access the KX II, while still preserving complete security. HTTPS, Port 443 This port can be configured as needed.
Appendix A: Specifications Network Speed Settings KX II network speed setting Network switch port setting Auto 1000/Full 100/Full 100/Half Auto 1000/Full 100/Full 100/Half 10/Full 10/Half Highest Available Speed 1000/Full KX II: 100/Full 100/Half KX II: 10/Full 10/Half 1000/Full 1000/Full No No No No Communica Communicat Communica Communicat tion ion tion ion KX II: 100/Half KX II: 100/Half 100/Full Switch: 100/Full Switch: 100/Full 100/Half 100/Half Switch: 100/Half KX II: 10/Ha
Appendix A: Specifications communicate, but collisions will occur Per Ethernet specification, these should be “no communication,” however, note that the KX II behavior deviates from expected behavior Note: For reliable network communication, configure the KX II and the LAN switch to the same LAN Interface Speed and Duplex. For example, configure both the KX II and LAN Switch to Autodetect (recommended) or set both to a fixed speed/duplex such as 100MB/s/Full.
Appendix B Updating the LDAP Schema Note: The procedures in this chapter should be attempted only by experienced users. In This Chapter Returning User Group Information ........................................................282 Setting the Registry to Permit Write Operations to the Schema ...........283 Creating a New Attribute .......................................................................283 Adding Attributes to the Class ...............................................................
Appendix B: Updating the LDAP Schema Setting the Registry to Permit Write Operations to the Schema To allow a domain controller to write to the schema, you must set a registry entry that permits schema updates. To permit write operations to the schema: 1. Right-click the Active Directory® Schema root node in the left pane of the window and then click Operations Master. The Change Schema Master dialog appears. 2. Select the "Schema can be modified on this Domain Controller" checkbox. Optional 3. Click OK.
Appendix B: Updating the LDAP Schema 3. Click New and then choose Attribute. When the warning message appears, click Continue and the Create New Attribute dialog appears. 4. Type rciusergroup in the Common Name field. 5. Type rciusergroup in the LDAP Display Name field. 6. Type 1.3.6.1.4.1.13742.50 in the Unique x5000 Object ID field. 7. Type a meaningful description in the Description field. 8. Click the Syntax drop-down arrow and choose Case Insensitive String from the list. 9.
Appendix B: Updating the LDAP Schema 2. Scroll to the user class in the right pane and right-click it. 3. Choose Properties from the menu. The user Properties dialog appears. 4. Click the Attributes tab to open it. 5. Click Add.
Appendix B: Updating the LDAP Schema 6. Choose rciusergroup from the Select Schema Object list. 7. Click OK in the Select Schema Object dialog. 8. Click OK in the User Properties dialog. Updating the Schema Cache To update the schema cache: 1. Right-click Active Directory® Schema in the left pane of the window and select Reload the Schema. 2. Minimize the Active Directory Schema MMC (Microsoft® Management Console) console.
Appendix B: Updating the LDAP Schema 3. Go to the directory where the support tools were installed. Run adsiedit.msc. The ADSI Edit window opens. 4. Open the Domain. 5. In the left pane of the window, select the CN=Users folder.
Appendix B: Updating the LDAP Schema 6. Locate the user name whose properties you want to adjust in the right pane. Right-click the user name and select Properties. 7. Click the Attribute Editor tab if it is not already open. Choose rciusergroup from the Attributes list. 8. Click Edit. The String Attribute Editor dialog appears. 9. Type the user group (created in the KX II) in the Edit Attribute field. Click OK.
Appendix C Informational Notes In This Chapter Overview ................................................................................................289 Java Runtime Environment (JRE) .........................................................289 IPv6 Support Notes ...............................................................................290 Keyboards .............................................................................................291 Dell Chassis Cable Lengths and Video Resolutions .....
Appendix C: Informational Notes IPv6 Support Notes Java Java™ 1.6 supports IPv6 for the following: Solaris™ 8 and higher Linux® kernel 2.1.2 and higher (RedHat 6.1 and higher) Java 5.0 and above supports the IPv6 for the following: Solaris 8 and higher Linux kernel 2.1.2 and higher (kernel 2.4.0 and higher recommended for better IPv6 support) Windows XP® SP1 and Windows 2003®, Windows Vista® operating systems The following IPv6 configurations are not supported by Java: J2SE 1.
Appendix C: Informational Notes Keyboards Non-US Keyboards French Keyboard Caret Symbol (Linux® Clients Only) The Virtual KVM Client and the Multi-Platform Client (MPC) do not process the key combination of Alt Gr + 9 as the caret symbol (^) when using French keyboards with Linux clients. To obtain the caret symbol: From a French keyboard, press the ^ key (to the right of the P key), then immediately press the space bar. Alternatively, create a macro consisting of the following commands: 1.
Appendix C: Informational Notes Tilde Symbol From the Virtual KVM Client and the Multi-Platform Client, the key combination of Alt Gr + 2 does not produce the tilde (~) symbol when using a French keyboard. To obtain the tilde symbol: Create a macro consisting of the following commands: Press right Alt. Press 2. Release 2. Release right Alt.
Appendix C: Informational Notes Note: The Keyboard Indicator should be used on Linux systems using Gnome as a desktop environment. When using a Hungarian keyboard from a Linux client, the Latin letter U with Double Acute and the Latin letter O with Double Acute work only with JRE 1.6. There are several methods that can be used to set the keyboard language preference on Fedora® Linux clients.
Appendix C: Informational Notes Dell Chassis Cable Lengths and Video Resolutions In order to maintain video quality, Raritan recommends using the following cable lengths and video resolutions when you are connecting to Dell® blade chassis from the KX II: Cable length Video resolution 50 ft. 1024x768x60 50 ft. 1280x1024x60 30 ft.
Appendix C: Informational Notes Resolving Issues with Firefox Freezing when Using Fedora If you are accessing Firefox® and are using a Fedora® server, Firefox may freeze when it is opening. To resolve this issue, install the libnpjp2.so Java™ plug-in on the server. Video Modes and Resolutions SUSE/VESA Video Modes The SuSE X.org configuration tool SaX2 generates video modes using modeline entries in the X.org configuration file.
Appendix C: Informational Notes USB Ports and Profiles VM-CIMs and DL360 USB Ports HP® DL360 servers have one USB port on the back of the device and another on the front of the device. With the DL360, both ports cannot be used at the same time. Therefore, a dual VM-CIM cannot be used on DL360 servers. However, as a workaround, a USB2 hub can be attached to the USB port on the back of the device and a dual VM-CIM can be attached to the hub.
Appendix C: Informational Notes USB profile help appears in the USB Profile Help window. For detailed information about specific USB profiles, see Available USB Profiles (on page 102). Raritan provides a standard selection of USB configuration profiles for a wide range of operating system and BIOS level server implementations. These are intended to provide an optimal match between remote USB device and target server configurations.
Appendix C: Informational Notes Changing a USB Profile when Using a Smart Card Reader There may be certain circumstances under which you will need to change the USB profile for a target server. For example, you may need to change the connection speed to "Use Full Speed for Virtual Media CIM" when the target has problems with the "High Speed USB" connection speed.
Appendix C: Informational Notes Windows 2000 Composite USB Device Behavior for Virtual Media The Windows 2000® operating system does not support USB composite devices, like Raritan‟s D2CIM-VUSB, in the same manner as non-composite USB devices. As a result, the “Safely Remove Hardware” system tray icon does not appear for drives mapped by the D2CIM-VUSB and a warning message may appear when disconnecting the device. Raritan has not observed any problems or issues from this message, however.
Appendix C: Informational Notes Accessing Virtual Media on a Windows 2000 Server Using a D2CIM-VUSB A virtual media local drive cannot be accessed on a Windows 2000® server using a D2CIM-VUSB. Target BIOS Boot Time with Virtual Media The BIOS for certain targets may take longer to boot if media is mounted virtually at the target. To shorten the boot time: 1. Close the Virtual KVM Client to completely release the virtual media drives. 2. Restart the target.
Appendix C: Informational Notes Proxy Mode and MPC If you are using KX II in a CC-SG configuration, do not use the CC-SG proxy mode if you are planning to use the Multi-Platform Client (MPC). Moving Between Ports of the KX II If you move a between ports of the same KX II and resume management within one minute, CC-SG may display an error message. If you resume management, the display will be updated.
Appendix D FAQs In This Chapter General Questions.................................................................................303 Remote Access .....................................................................................305 Universal Virtual Media..........................................................................307 USB Profiles ..........................................................................................308 Bandwidth and KVM-over-IP Performance ............................
Appendix D: FAQs General Questions What is the KX II? The KX II is a second generation digital KVM (keyboard/video/ mouse) switch that enables one, two, four or eight IT administrators to access and control 8, 16, 32 or 64 servers over the network with BIOS-level functionality. The KX II is completely hardware and operating system independent. Users can troubleshoot and reconfigure servers even when servers are down.
Appendix D: FAQs Will my existing KX I CIMs work with the KX II switches? Yes, existing KX I CIMs will work with the KX II switch. In addition, select Paragon CIMs will work with the KX II. This provides an easy migration to the KX II from Paragon I customers who wish to switch to KVM-over-IP. However, you may want to consider the D2CIM-VUSB and D2CIM-DVUSB CIMs which support Virtual Media and Absolute Mouse Synchronization. Can the KX II be rack mounted? Yes.
Appendix D: FAQs Remote Access How many users can remotely access servers on each KX II? The KX II models offer remote connections for up to eight users per user channel to simultaneously access and control a unique target server. For one-channel devices like the DKX2-116, up to eight remote users can access and control a single target server. For two-channel devices, like the DKX2-216, up to eight users can access and control the server on channel one and up to another eight users on channel two.
Appendix D: FAQs 100Mbps Theoretical 100Mbit network speed 0.05 seconds 60Mbps Likely practical 100Mbit network speed 0.08 seconds 10Mbps Theoretical 10Mbit network speed .4 seconds 6Mbps Likely practical 10Mbit network speed .8 seconds 512Kbps Cable modem download speed (typical) 8 seconds How do I access servers connected to the KX II if the network ever becomes unavailable? You can access servers at-the-rack or via modem.
Appendix D: FAQs Universal Virtual Media What KX II models support virtual media? All of the KX II models support virtual media. It is available standalone and through Raritan's CommandCenter Secure Gateway, Raritan's centralized management unit. What types of virtual media does the KX II support? The KX II supports the following types of media: internal and USB-connected CD/DVD drives, USB mass storage devices, PC hard drives, and ISO images.
Appendix D: FAQs USB Profiles What is a USB profile? Certain servers require a specifically configured USB interface for USB based services such as virtual media. The USB Profile tailors the KX II‟s USB interface to the server to accommodate these server specific characteristics. Why would I use a USB profile? USB Profiles are most often required at the BIOS level where there may not be full support for the USB specification when accessing virtual media drives.
Appendix D: FAQs Do I need a special CIM to use USB profiles? You must use a D2CIM-VUSB or D2CIM-DVUSB with updated firmware. Will Raritan provide USB profiles for other target server configurations? Raritan will provide new USB profiles to suit customer needs. As these profiles become available, they will be included in firmware upgrades.
Appendix D: FAQs Bandwidth and KVM-over-IP Performance How is bandwidth used in KVM-over-IP systems? The KX II offers next generation KVM-over-IP technology – the very best video compression available. Raritan has received numerous technical awards confirming its high video quality transmissions and the low bandwidth utilization.
Appendix D: FAQs Unlike KX I, the Noise Filter parameter does not generally have a large role in reducing bandwidth or improving performance. How much bandwidth does KX II use for common tasks? Bandwidth primarily depends on the user's task and actions. The more the server's video screen changes, the more bandwidth is utilized.
Appendix D: FAQs QuickTime video #2 1500 - 2500 KB/s 400 - 550 KB/s 200 - 350 KB/s With the reduced bandwidth settings, bandwidth is reduced significantly for virtually all tasks. With the 15 bit color setting, perceived performance is similar to the default parameters. Further, bandwidth reductions are possible with additional changes in the settings.
Appendix D: FAQs Please note that these bandwidth figures are only examples and may vary from those seen in your environment due to many factors. How can I reduce bandwidth? The KX II provides a variety of settings in our remote clients to optimize bandwidth and performance. The default settings will provide an at-the-rack level of performance in standard LAN/WAN environments with economical use of bandwidth. Bandwidth management settings include the Connection Speed and Color Depth.
Appendix D: FAQs It depends on the bandwidth and latency of the Internet connection between your remote client and the KX II. With a cable modem or high speed DSL connection, your performance can be very similar to a LAN/WAN connection. For lower speed links, use the suggestions above to improve performance. I have a high bandwidth environment. How can I optimize performance? The default settings will provide strong performance in a high bandwidth environment.
Appendix D: FAQs Ethernet and IP Networking Does the KX II offer dual gigabit Ethernet ports to provide redundant fail-over? Yes. The KX II features dual gigabit Ethernet ports to provide redundant failover capabilities. Should the primary Ethernet port (or the switch/router to which it is connected) fail, the KX II will failover to the secondary network port with the same IP address, ensuring that server operations are not disrupted. Note that automatic failover must be enabled by the administrator.
Appendix D: FAQs How many TCP ports must be open on my firewall in order to enable network access to the KX II? Are these ports configurable? Only one. The KX II protects network security by only requiring access to a single TCP port to operate. This port is completely configurable for additional security. Note that, of course, to use the KX II's optional web browser capability, the standard HTTPS port 443 must also be open. Does the KX II require an external authentication server to operate? No.
Appendix D: FAQs IPv6 Networking What is IPv6? IPv6 is the acronym for “Internet Protocol Version 6”. IPv6 is the “next generation” IP protocol which will replace the current IP Version 4 (IPv4) protocol. IPv6 addresses a number of problems in IPv4, such as the limited number of IPv4 addresses. It also improves IPv4 in areas such as routing and network auto-configuration. IPv6 is expected to gradually replace IPv4, with the two coexisting for a number of years.
Appendix D: FAQs Where can I get more information on IPv6? See www.ipv6.org for general information on IPv6. The KX II User Guide describes the KX II‟s support for IPv6.
Appendix D: FAQs Servers Does the KX II depend on a Windows server to operate? Absolutely not. Because users depend on the KVM infrastructure to always be available in any scenario whatsoever (as they will likely need to use the KVM infrastructure to fix problems), the KX II is designed to be completely independent from any external server. For example, should the data center come under attack from a malicious Windows worm or virus, administrators will need to use the KVM solution to resolve the situation.
Appendix D: FAQs Blade Servers Can I connect blade servers to the KX II? Yes. The KX II supports popular blade server models from the leading blade server manufacturers: HP®, IBM® and Dell®. Which blade servers are supported? The following models are supported: Dell® PowerEdge® 1855, 1955 and M1000e HP BladeSystem c3000 and c7000 IBM® BladeCenter® H and E Note: IBM BladeCenter Model S, T, and HT are handled using the IBM (Other) selection.
Appendix D: FAQs For KX II's, Raritan recommends connecting up to two times the number of remote connections supported by the device. For example, with a KX2-216 with two remote channels, we recommend connecting up to 4 blade server chassis. You can of course connect individual servers to the remaining server ports. I'm an SMB customer with a few KX II's. Must I use your CC-SG management station? No, you don't have to. SMB customers are not required to use CC-SG to use the new blade features.
Appendix D: FAQs Installation Besides the device itself, what do I need to order from Raritan to install the KX II? Each server that connects to the KX II requires a Dominion or Paragon Computer Interface Module (CIM), an adapter that connects directly to the keyboard, video, and mouse ports of the server. What kind of Cat5 cabling should be used in my installation? The KX II can use any standard UTP (unshielded twisted pair) cabling, whether Cat5, Cat5e, or Cat6.
Appendix D: FAQs Servers connected to the KX II do not require any software agents to be installed, because the KX II connects directly via hardware to servers' keyboard, video, and mouse ports. How many servers can be connected to each the KX II device? The KX II models range from 8, 16, or 32 server ports in a 1U chassis to 64 server ports in a 2U chassis. This is the industry's highest digital KVM switch port density.
Appendix D: FAQs Local Port Can I access my servers directly from the rack? Yes. At the rack, the KX II functions just like a traditional KVM switch, allowing control of up to 64 servers using a single keyboard, monitor, and mouse. Can I consolidate the local ports of multiple KX II’s? Yes. You can connect the local ports of multiple KX II switches to another KX II using the "tiering" feature of the KX II.
Appendix D: FAQs If the external authentication servers are unavailable, the KX II fails-over to its own internal authentication database. The KX II has its own standalone authentication, enabling instant, out-of-the-box installation. If I use the local port to change the name of a connected server, does this change propagate to remote access clients as well? Does it propagate to the optional CommandCenter unit? Yes.
Appendix D: FAQs Extended Local Port (Dominion KX2-832 and KX2-864 Models Only) What is the extended local port? The Dominion KX2-832 and KX2-864 feature an extended local port. The KX II eight user models have a standard local port, plus a new extended local port that extends the local port, via Cat5 cable, beyond the rack to a control room, another point in the data center or to a Paragon II switch.
Appendix D: FAQs Power Control Does the KX II have a dual power option? All of the KX II models come equipped with dual AC inputs and power supplies with automatic fail-over. Should one of the power inputs or power supplies fail, then the KX II will automatically switch to the other. Does the power supply used by the KX II automatically detect voltage settings? Yes. The KX II's power supply can be used in AC voltage ranges from 100-240 volts, at 50-60 Hz.
Appendix D: FAQs Does remote power control require any special server configuration? Some servers ship with default BIOS settings such that the server does not automatically restart after losing and regaining power. For these servers, see the server‟s documentation to change this setting. What happens when I recycle power to a server? This is the physical equivalent of unplugging the server from the AC power line, and reinserting the plug.
Appendix D: FAQs Scalability How do I physically connect multiple KX II devices together into one solution? To physically connect multiple KX II devices together for consolidated local access, you can connect the local ports of multiple "tiered" (or "cascaded") KX II switches to a "base" KX II using the "tiering" feature of the KX II. You can then access the servers connected to your KX II devices from a single point in the data center via a consolidated port list.
Appendix D: FAQs For customers wanting stand-alone usage (without a central management system), multiple KX II units still interoperate and scale together via the IP network. Multiple KX II switches can be accessed from the KX II web-based user interface and from the Multiplatform Client (MPC). Can I connect an existing analog KVM switch to the KX II? Yes. Analog KVM switches can be connected to one of the KX II's server ports.
Appendix D: FAQs Computer Interface Modules (CIMs) Can I use Computer Interface Modules (CIMs) from Raritan's analog matrix KVM switch, Paragon, with the KX II? Yes. Certain Paragon computer interface modules (CIMs) may work with the KX II (check the Raritan KX II release notes on the website for the latest list of certified CIMs).
Appendix D: FAQs Security Is the Dominion KX II FIPS 140-2 Certified? The KX II 2.2.0 and later, and the KSX II 2.3.0 and later, provides users with the option to use an embedded FIPS 140-2-validated cryptographic module running on a Linux platform per FIPS 140-2 implementation guidelines. This cryptographic module is used for encryption of KVM session traffic consisting of video, keyboard, mouse, virtual media and smart card data.
Appendix D: FAQs Yes, the KX II has administrator-configurable, strong password checking to ensure that user-created passwords meet corporate and/or government standards and are resistant to brute force hacking. If the KX II encryption mode is set to Auto, what level of encryption is achieved? The encryption level that is autonegotiated is dependent on the browser in use. Can I upload my own digital certificate to the KX II? Yes.
Appendix D: FAQs Smart Cards and CAC Authentication Does the KX II support smart card and CAC authentication? Yes, smart cards and DoD Common Access Card (CAC) authentication to target servers is supported in release KX II 2.1.10 and later, and KSX II 2.3.0 and later. What KX II models support smart cards/CAC? All KX II models are supported. The Dominion KX II-101 does not currently support smart cards and CAC. Do enterprise and SMB customers use smart cards, too? Yes.
Appendix D: FAQs Manageability Can the KX II be remotely managed and configured via web browser? Yes, the KX II can be completely configured remotely via web browser. Note that this does require that the workstation have an appropriate Java Runtime Environment (JRE) version installed. Besides the initial setting of the KX II's IP address, everything about the solution can be completely set up over the network.
Appendix D: FAQs Miscellaneous What is the KX II's default IP address? 192.168.0.192 What is the KX II's default user name and password? The KX II's default user name is admin and the default password is raritan [all lower case]. However, for the highest level of security, the KX II forces the administrator to change the KX II default administrative user name and password when the unit is first booted up.
Index A A.
Index Connecting to Virtual Media • 97 Connection Information • 57 Connection Properties • 55 Create User Groups and Users • 35 Creating a New Attribute • 283 D D.
Index K Keyboard Language Preference (Fedora Linux Clients) • 292 Keyboard Macros • 57 Keyboard Options • 57 Keyboards • 291 KX II Client Applications • 5 KX II Console Layout • 40 KX II Console Navigation • 42 KX II Help • 4 KX II Local Console • 242 KX II Local Console Factory Reset • 255 KX II Local Console Interface • 38, 243 KX II Overview • 2 KX II Remote Console Interface • 38 KX2-832 and KX2-864 Extended Local Port Recommended Maximum Distances • 272 KX2-832 and KX2-864 Standard and Extended Local
Index R Rack PDU (Power Strip) Outlet Control • 84 RADIUS Communication Exchange Specifications • 131 Rebooting • 221 Refreshing the Screen • 63 Related Documentation • 5 Relationship Between Users and Groups • 111 Remote Access • 305 Remote Authentication • 34, 192, 253 Remote Client Requirements • 277 Remote Connection • 272 Required and Recommended Blade Chassis Configurations • 168, 170, 174, 184 Resetting the KX II Using the Reset Button • 256 Resolving Fedora Core Focus • 294 Resolving Issues with Fi
Index SUSE/VESA Video Modes • 295 Switching Between KVM Target Servers • 53 T Target BIOS Boot Time with Virtual Media • 300 Target Server Connection Distance and Video Resolution • 271, 272 Target Server Requirements • 276 TCP and UDP Ports Used • 278 Terminology • 10, 14 Tiering - Target Types, Supported CIMS and Tiering Configurations • 142, 144 Tips for Adding a Web Browser Interface • 170, 172, 174, 176, 177, 178 Tool Options • 76 Toolbar • 51 Trace Route to Host Page • 228 Turning Outlets On/Off and
U.S./Canada/Latin America Monday - Friday 8 a.m. - 6 p.m. ET Phone: 800-724-8090 or 732-764-8886 For CommandCenter NOC: Press 6, then Press 1 For CommandCenter Secure Gateway: Press 6, then Press 2 Fax: 732-764-8887 Email for CommandCenter NOC: tech-ccnoc@raritan.com Email for all other products: tech@raritan.com China Europe Europe Monday - Friday 8:30 a.m. - 5 p.m. GMT+1 CET Phone: +31-10-2844040 Email: tech.europe@raritan.com United Kingdom Monday - Friday 8:30 a.m. to 5 p.m.