ty : r a ite ty an tionay fo ipp L rran r ar a d Tr wa W istr ne to EE om/ g nli FR e.c Re er o in a pplit ist w . g o re ce t ww w n a — ch uct od pr tri Owner’s Manual Console Server Management Switch Models: B096-016 / B096-048 & Console Server with PowerAlert Model: B092-016 Tripp Lite World Headquarters 1111 W. 35th Street, Chicago, IL 60609 USA (773) 869-1234 (USA) • 773.869.1212 (International) www.tripplite.com Copyright © 2009 Tripp Lite. All rights reserved.
INDEX 1. INTRODUCTION 9 2. INSTALLATION 14 2.1 Models 14 2.1.1 Kit components: B096-048 and B096-016 Console Server Management Switch 14 2.1.2 Kit components: B092-016 Console Server with PowerAlert 15 2.2 Power connection 15 2.2.1 Power: Console Server Management Switch 15 2.2.2 Power: Console Server with PowerAlert 16 2.3 Network connection 16 2.4 Serial Port connection 16 2.5 USB Port Connection 17 2.6 Rackmount Console / KVM Connection (B092-016 only) 17 3.
4.1.3 SDT Mode 39 4.1.4 Device (RPC, UPS, EMD) Mode 39 4.1.5 Terminal Server Mode 39 4.1.6 Serial Bridging Mode 40 4.1.7 Syslog 41 4.2 Add/Edit Users 41 4.3 Authentication 44 4.4 Network Hosts 44 4.5 Trusted Networks 46 4.6 Serial Port Cascading 47 4.6.1 Automatically generate and upload SSH keys 47 4.6.2 Manually generate and upload SSH keys 48 4.6.3 Configure the Slaves and their serial ports 50 4.6.4 Managing the Slaves 51 5.
6.2.9 Choosing an alternate SSH client (e.g. PuTTY) 70 6.3 SDT Connector to Management Console 75 6.4 SDT Connector - Telnet or SSH connect to serially attached devices 76 6.5 Using SDT Connector for out-of-band connection to the gateway 77 6.6 Importing (and exporting) preferences 79 6.7 SDT Connector Public Key Authentication 79 6.8 Setting up SDT for Remote Desktop access 80 6.8.1 Enable Remote Desktop on the target Windows computer to be accessed 80 6.8.
8.1.4 User power management 105 8.2 Uninterruptible Power Supply Control (UPS) 106 8.2.1 Managed UPS connections 106 8.2.2 Configure UPS powering the Console Server 109 8.2.3 Configuring powered computers to monitor a Managed UPS 110 8.2.4 UPS alerts 111 8.2.5 UPS status 111 8.2.6 Overview of Network UPS Tools (NUT) 111 8.3 Environmental Monitoring 113 8.3.1 Connecting the EMD 114 8.3.2 Environmental alerts 115 8.3.3 Environmental status 115 AUTHENTICATION 117 9.
10.4.2 Basic Nagios plug-ins 138 10.4.3 Additional plug-ins 138 11. SYSTEM MANAGEMENT 140 11.1 System Administration and Reset 140 11.2 Upgrade Firmware 141 11.3 Configure Date and Time 142 12. STATUS REPORTS 143 12.1 Port Access and Active Users 143 12.2 Statistics 143 12.3 Support Reports 144 12.4 Syslog 144 13. MANAGEMENT 146 13.1 Device Management 146 13.2 Port and Host Management 146 13.3 Power Management 147 13.4 Serial Port Terminal Connection 147 13.
Alert Configuration 163 SDT Host Configuration 163 SDT Host TCP Ports 163 14.8 Configuration backup and restore 165 14.9 General Linux command usage 166 15. ADVANCED CONFIGURATION 168 15.1 Advanced Portmanager 169 15.2 External Scripts and Alerts 171 15.3 Raw Access to Serial Ports 173 15.4 IP- Filtering 174 15.
16.1.4 Connect- SSH 206 16.1.5 Connect- IPMI 207 16.1.6 Connect- Remote Desktop (RDP) 208 16.1.7 Connect- Citrix ICA 209 16.1.8 Connect- PowerAlert 209 16.2 Advanced Control Panel 210 16.2.1 System: Terminal 210 16.2.2 System: Shutdown / Reboot 211 16.2.3 System: Logout 211 16.2.4 Custom 211 16.2.5 Status 211 16.2.6 Logs 211 16.
1. INTRODUCTION This Manual This User Manual is provided to help you get the most from your B096-016 / B096-048 Console Server Management Switch or B092-016 Console Server with PowerAlert product. These products are referred to generically in this manual as Console Servers.
Please take care to follow the safety precautions below when installing and operating the Console Server: Do not remove the metal covers. There are no operator-serviceable components inside. Opening or removing the cover may expose you to dangerous voltage which may cause fire or electric shock.
10. Nagios Integration Setting Nagios central management with SDT extensions and configuring the Console Server as a distributed Nagios server 11. System Management Covers access to and configuration of services to be run on the Console Server 12. Status Reports View the status and logs of serial and network connected devices (ports, hosts, power and environment) 13. Management Includes port controls and reports that can accessed by Users 14.
location, to configure the Console Server, set up Users, configure the ports and connected hosts, and set up logging and alerts. An authorized User can use the Management Console to access and control configured devices, review port logs, use the in-built java terminal to access serially attached consoles and control power to connected devices. The Console Server runs an embedded Linux operating system. Experienced Linux and UNIX users may prefer to undertake configuration at the command line.
Text presented like this highlights important issues and it is essential you read and take heed of these warnings Text presented with an arrow head indent indicates an action you should take as part of the procedure. Bold text indicates text that you type, or the name of a screen object (e.g. a menu or button) on the Management Console. Italic text is also used to indicate a text command to be entered at the command line level. Publishing history Date January 2009 Revision 0.
2. INSTALLATION Introduction This chapter describes the physical installation of the Console Server hardware and connection to controlled devices 2.1 Models There are a number of Console Server models, each with a different number of network, USB and serial ports and power supplies: B096-048 B096-016 B092-016 2.1.
If you are installing your Console Server Management Switch in a rack you will need to attach the rack mounting brackets supplied with the unit, and install the unit in the rack. Take care to head the Safety Precautions Connect your Console Server Management Switch to the network, to the serial ports of the controlled devices, and to power as outlined below 2.1.
2.2.2 Power: Console Server with PowerAlert The standard B092-016 Console Server has a built-in universal auto-switching AC power supply. This power supply accepts AC input voltage between 100 and 240 VAC with a frequency of 50 or 60 Hz and the power consumption is less than 40W. The AC power socket is located at the rear of the B092-016. This power inlet uses a conventional AC power cord. A North American power cord is provided by default.
The Console Server also has a DB9 LOCAL (Console/Modem) port. This DB-9 connector is on the rear panel of the B092-016 Console Server, and on the front panel of the B096-048/016 Console Server Management Switch. 2.5 USB Port Connection The B096-048/016 Console Server Management Switch has one USB port on the front panel. External USB devices can be plugged into this USB port.
3. INITIAL SYSTEM CONFIGURATION Introduction This chapter provides step-by-step instructions for the initial configuration of your Console Server and connecting it to your management or operational network.
o IP address: 192.168.0.100 o Subnet mask: 255.255.255.0 If you wish to retain your existing IP settings for this network connection, click Advanced and Add the above as a secondary IP connection. If it is not convenient to change your computer network address, you can use the ARP-Ping command to reset the Console Server IP address.
You will be prompted to log in. Enter the default administration username and administration password: Username: root Password: default The above screen, which lists four initial installation configuration steps, will be displayed: 1. Change the default administration password on the System/Administration page (Chapter 3) 2. Configure the local network settings on the System/IP page (Chapter 3) 3. Configure port settings and enable the Serial & Network/Serial Port page (Chapter 4) 4.
3.1.3 Initial B092-016 connection For the initial configuration of the B092-016 Console Server, you will need to connect a console (keyboard, mouse and display) or a KVM switch directly to its mouse, keyboard and VGA ports. When you initially power on the B092-016, you will be prompted on your directly connected video console to log in Enter the default administration username and password (Username: root Password: default).
Select System: Administration Enter a new System Password then re-enter it in Confirm System Password. This is the new password for root, the main administrative user account, so it is important that you choose a complex password, and keep it safe You may now wish to enter a System Name and System Description for the Console Server to give it a unique ID and make it simple to identify Click Apply. As password has been changed, you will be prompted to log in again.
If you select DHCP, the Console Server will look for configuration details from a DHCP server on your management LAN. This selection automatically disables any static address. The Console Server MAC address can be found on a label on the base plate Note In its factory default state (with no Configuration Method selected) the Console Server has its DHCP client enabled, so it automatically accepts any network IP address assigned by a DHCP server on your network.
You will then need to configure the IPv6 parameters on each interface page 3.4 System Services The Administrator has a selection of access protocols that can be used to access the Console Server. The factory default enables HTTPS and SSH access to the Console Server and disables HTTP and Telnet. The User can also use the nominated services for limited access to the Console Server itself.
Select System: Services. Then select /deselect the service to be enabled /disabled. The following access protocol options are available: HTTPS Ensures secure browser access to all the Management Console menus. It also allows appropriately configured Users secure browser access to selected Management Console Manage menus. If HTTPS is enabled, the Administrator will be able to use a secure browser connection to the Console Server’s Management Console.
There are also a number of related service options that can be configured at this stage: SNMP Enables netsnmp in the Console Server which will keep a remote log of all posted information. SNMP is disabled by default. To modify the default SNMP settings, the Administrator must make the edits at the command line as described in Chapter 15 – Advanced Configuration TFTP The Console Servers set up default TFTP server on the USB flash card.
Click Apply. As you apply your services selections, the screen will be updated with a confirmation message: Message Changes to configuration succeeded. 3.5 Communications Software You need to configure the access protocols that the communications software on the Administrator and User Computer will use when connecting to the Console Server (and when connecting to serial devices and network hosts which are attached to the Console Server).
To use PuTTY for an SSH terminal session from a Windows client, enter the Console Server’s IP address as the ‘Host Name (or IP address)’ To access the Console Server command line, select ‘SSH’ as the protocol and use the default IP Port 22 Click ‘Open’ and the Console Server login prompt will appear. (You may also receive a ‘Security Alert’ that the host’s key is not cached. Choose ‘yes’ to continue.) Using the Telnet protocol is similarly simple, but you need to use the default port 23 3.5.
A message may appear about the host key fingerprint. You will need to select ‘Yes’ or ‘Always’ to continue. The next step is password authentication. You will be prompted for your username and password from the remote system. You will then be logged on to the Console Server 3.
Note The second Ethernet port on the B096-048/016 can be configured as either a Management LAN gateway port or it can be configured as an OoB/Failover port - but not both. So be sure that you did not allocate Management LAN as the Failover Interface when you configured the principal Network connection on the System: IP menu The B096-048/016 Console Server Management Switches also host a DHCP server which by default is set at disabled.
To configure the DHCP server for the Management LAN: Enter the Gateway address that is to be issued to the DHCP clients. If this field is left blank, the IP address of the B096-048/016 will be used Enter the Primary DNS and Secondary DNS address to issue the DHCP clients.
Once DHCP has initially allocated hosts addresses, it is recommended to copy these into the preassigned list so the same IP address will be reallocated in the event of a reboot. 3.6.3 Configure Management Switch for Failover or Broadband OoB The Management Switch in the B096-048/016 Console Server can be configured to provide a failover option. In the event of a problem using the main LAN connection for accessing the Console Server, an alternate access path is used.
4. SERIAL PORT AND NETWORK HOST Introduction The Console Server enables access and control of serially-attached devices and network-attached devices (hosts). The Administrator must configure access privileges for each of these devices, and specify the services that can be used to control the devices. The Administrator can also set up new users and specify each user’s individual access and control privileges.
When you have configured the common settings and the mode for each port, set up any remote syslog (Chapter 4.1.7), then click Apply If the Console Server has been configured with distributed Nagios monitoring enabled then you will also be presented with Nagios Settings options to enable nominated services on the Host to be monitored (refer to Chapter 10 – Nagios Integration) 4.1.1 Common Settings There are a number of common settings available for each serial port.
4.1.
Telnet Check to enable Telnet access to the serial port. When enabled, a Telnet client on a User or Administrator’s computer can connect to a serial device attached to this serial port on the Console Server. The default port address is IP Address _ Port (2000 + serial port #) i.e. 2001 – 2048 Telnet communications are unencrypted, so this protocol is generally recommended for local connections only.
PuTTY can be downloaded at http://www.tucows.com/preview/195286.html SSH It is recommended that the User or Administrator uses SSH as the protocol for connecting to serial consoles attached to the Console Server when communicating over the Internet or any other public network. This will provide an authenticated, encrypted connection between the SSH client program on the remote user’s computer and the Console Server.
This syntax enables users to set up SSH tunnels to all serial ports with only a single IP port 22 having to be opened in their firewall/gateway. TCP RAW TCP allows connections directly to a TCP socket. Communications programs such as PuTTY also support RAW TCP, however, this protocol would usually be used by a custom application. For RAW TCP, the default port address is IP Address _ Port (4000 + serial port #) i.e. 4001 – 4048.
4.1.3 SDT Mode This setting allows port forwarding of LAN protocols such as RDP, VNC, HTPP, HTTPS, SSH and Telnet through to computers which are connected locally to the Console Server by their serial COM port. However such port forwarding requires a PPP link to be set up over this serial port. Refer to Chapter 6.6 - Using SDT Connector to Telnet or SSH connect to devices that are serially attached to the Console Server for configuration details 4.1.
The getty will then configure the port and wait for a connection to be made. An active connection on a serial device is usually indicated by the Data Carrier Detect (DCD) pin on the serial device being raised. When a connection is detected, the getty program issues a login: prompt, and then invokes the login program to handle the actual system login. Note Selecting Terminal Server mode will disable Port Manager for that serial port, so data is no longer logged for alerts etc. 4.1.
You may secure the communications over the local Ethernet by enabling SSH however you will need to generate and upload keys (refer to Chapter 14 – Advanced Configuration) 4.1.
Users can be authorized to access specified Console Server serial ports and specified network-attached hosts. These users can also be given full Administrator status (with full configuration and management and access privileges). To simplify user setup, they can be configured as members of Groups. There are two Groups set up by default (admin and user). 1. Membership of the admin group provides the user with full Administrator privileges.
Select Serial & Network: Users & Groups to display the configured Groups and Users Click Add Group to add a new Group Add a Group name and Description for each new Group, then nominate Accessible Hosts and Accessible Ports to specify the serial ports and hosts you wish any users in this new Group to be able to access Click Apply Select Serial & Network: Users to display the configured users Click Add User to add a new user 43
Add a Username and a confirmed Password for each new User. You may also include information related to the user (e.g. contact details) in the Description field Nominate Accessible Hosts and Accessible Ports to specify which serial ports and which LAN connected hosts you wish the user to have access to Specify which Group (or Groups) you wish the user to be a member of. Click Apply Your new user will now be able to access the nominated network devices and the devices attached to the nominated serial ports.
Selecting Serial & Network: Network Hosts presents all the network connected Hosts that have been enabled for access, and the related access TCP ports/services Click Add Host to enable access to a new Host (or select Edit to update the settings for existing Host) Enter the IP Address or DNS Name of the new network connected Host (and optionally enter a Description) Add or edit the Permitted Services (or TCP/UDP port numbers) that are authorized to be used in controlling this host.
4.
Network IP Address 204.15.5.0 Subnet Mask 255.255.255.255 If however you want to allow all the users operating from within a specific range of IP addresses (say any of the thirty addresses from 204.15.5.129 to 204.15.5.158) to be permitted connection to the nominated port: Host /Subnet Address 204.15.5.128 Subnet Mask 255.255.255.224 Click Apply Note The above Trusted Networks will limit access by Users and the Administrator to the console serial ports.
Now select whether to generate the keys using RSA and/or DSA (if unsure, select only RSA). Generating each set of keys will require approximately two minutes and the new keys will destroy any old keys of that type that may previously been uploaded. Also while the new generation is under way on the master, functions relying on SSH keys (e.g. cascading) may stop functioning until they are updated with the new set of keys.
Next, you must register the Public Key as an Authorized Key on the Slave. In the simple case with only one Master with multiple Slaves, you need only upload the one RSA or DSA public key for each Slave. Note The use of key pairs can be confusing because in many cases one file (Public Key) fulfills two roles – Public Key and Authorized Key. For a more detailed explanation, refer to the Authorized Keys section of Chapter 15.
4.6.
4.6.4 Managing the Slaves The Master is in control of the Slave serial ports. So, for example, if you change a User’s access privileges or edit any serial port setting on the Master, the updated configuration files will be sent out to each Slave in parallel. Each Slave will then automatically make changes to their local configurations (and only make those changes that relate to its particular serial ports).
5. FAILOVER AND OUT-OF-BAND ACCESS Introduction The Console Server has a number of failover and out-of-band access capabilities to ensure availability in the event there are difficulties in accessing the Console Server through the principal network path. This chapter covers: Out-of-band (OoB) access from a remote location using dial-up modem Out-dial failover OoB access using an alternate broadband link (B096-048/016 models only) Broadband failover 5.
Select the System: Dial menu option and the port to be configured (Serial DB9 Port or Internal Modem Port) Note The Console Server’s console/modem serial port is set by default to 115200 baud, No parity, 8 data bits and 1 stop bit, with software (Xon-Xoff) flow control enabled. You can modify the baud rate and flow control using the Management Console. You can further configure the console/modem port settings by editing /etc/mgetty.config files as described in Chapter 14.
established. Again, you can select any address for the Local IP Address but both must be in the same network range as the Remote IP Address The Default Route option enables the dialed PPP connection to become the default route for the Console Server The Custom Modem Initialization option allows a custom AT string modem initialization string to be entered (e.g. AT&C1&D3&K3) Then select the Authentication Type to be applied to the dial-in connection.
Select Connect to the Internet and click Next On the Getting Ready screen select Set Up My Connection Manually and click Next On the Internet Connection screen select Connect Using a Dial-Up Modem and click Next Enter a Connection Name (any name you choose) and the dial-up Phone Number that will connect thru to the Console Server modem Enter the PPP User Name and Password for have set up for the Console Server 5.1.
5.1.5 Set up Linux clients for dial-in The online tutorial http://www.yolinux.com/TUTORIALS/LinuxTutorialPPP.html presents a selection of methods for establishing a dial up PPP connection: - Command line PPP and manual configuration (which works with any Linux distribution) Using the Linuxconf configuration tool (for Red Hat compatible distributions).
When configuring the principal network connection on the System: IP Network Interface menu, select Management LAN (eth1) as the Failover Interface to be used when a fault has been detected with main Network Interface (eth0) Specify the Probe Addresses of two sites (the Primary and Secondary) that the B096-048/016 is to ping to determine if Network (eth0) is still operational 57
Then configure Management LAN Interface (eth1) with the same IP setting that you used for the main Network Interface (eth0) to ensure transparent redundancy In this mode, Network 2 (eth1) is available as the transparent back-up port to Network 1 (eth0) for accessing the management network. Network 2 will automatically and transparently take over the work of Network 1 if for any reason Network 1 becomes unavailable. And when Network 1 becomes available again, it takes over the work again. 5.
6. SECURE TUNNELING AND SDT CONNECTOR Introduction Each Console Server has an embedded SSH server and uses SSH tunneling. This enables one Console Server to securely manage all the systems and network devices in the data center, using text-based console tools (such as SSH, Telnet, SoL) or graphical desktop tools (VNC, RDP, HTTPS, HTTP, X11, VMware, DRAC, iLO etc).
Using SDT Connector to Telnet or SSH connect to devices that are serially attached to the Console Server (Section 6.4) The chapter then covers more advanced SDT Connector and SDT tunneling topics: Using SDT Connector for out of band access (Section 6.5) Automatic importing and exporting of configurations (Section 6.6) Configuring Public Key Authentication (Section 6.7) Setting up a SDT Secure Tunnel for Remote Desktop (Section 6.8) Setting up a SDT Secure Tunnel for VNC (Section 6.
SDT Connector can connect to the Console Server using an alternate OoB access. It can also be configured to access the Console Server itself and to access devices connected to serial ports on the Console Server. 6.2.1 SDT Connector client installation The SDT Connector set up program (SDTConnector Setup-1.n.exe or sdtcon-1.n.tar.gz) is included on the CD supplied with your Console Server Run the set-up program: Note For Windows clients, the SDTConnectorSetup-1.n.
To operate SDT Connector, add the new gateways to the client software by entering the access details for each Console Server (refer to Section 6.2.2). Then let the client auto-configure with all host and serial port connections from each Console Server (refer Section 6.2.3). Now point-and-click to connect to the Hosts and serial devices (refer to Section 6.2.4) Alternately you can manually add network connected hosts (refer Section 6.2.
Optionally, you can enter a Descriptive Name to display instead of the IP or DNS address, and any Notes or a Description of this gateway (such as its firmware version, site location or anything special about its network configuration).
configure access to network-connected Hosts that the user is authorized to access and set up (for each of these Hosts) the services (e.g. HTTPS, IPMI2.0) and the related IP ports being redirected configure access to the Console Server itself (this is shown as a Local Services host) configure access with the enabled services for the serial port devices connected to the Console Server Note 6.2.4 The Retrieve Hosts function will auto-configure all classes of user (i.e.
Note The SDT Connector client can be configured with an unlimited number of Gateways. Each Gateway can be configured to port forward to an unlimited number of locally networked Hosts. Similarly there is no limit on the number of SDT Connector clients who can be configured to access the one Gateway. There are also no limits on the number of Host connections that an SDT Connector client can concurrently have open through the one Gateway tunnel.
6.2.6 Manually adding new services to the new hosts To extend the range of services that can be used when accessing hosts with SDT Connector: Select Edit: Preferences and click the Services tab. Click Add Enter a Service Name and click Add Under the General tab, enter the TCP Port that this service runs on (e.g. 80 for HTTP). Optionally, select the client to be used to access the local endpoint of the redirection Select which Client application is associated with the new service.
The second redirection is for the VNC service that the user may choose to launch later from the RAC web console. It automatically loads in a Java client served through the web browser, so it does not need a local client associated with it.
6.2.7 Adding a client program to be started for the new service Clients are local applications that may be launched when a related service is clicked. To add to the pool of client programs: Select Edit: Preferences and click the Client tab. Click Add Enter a Name for the client. Enter the Path to the executable file for the client (or click Browse to locate the executable) Enter a Command Line associated with launching the client application.
Also some clients are launched in a command line or terminal window. The Telnet client is an example of this: Click OK 6.2.
SDT Connector client software that is supplied with the gateway.
specified when setting up the SDT Hosts on the Console Server was accounts.myco.intranet.com, then specify the Destination as accounts.myco.intranet.com:3389 If your destination computer is serially connected to the Console Server, set the Destination as :3389. For example, if the Label you specified on the SDT enabled serial port on the Console Server is win2k3, then specify the remote host as win2k3:3389.
Select Local and click the Add button Click Open to SSH connect the Client computer to the Console Server. You will now be prompted for the Username/Password for the Console Server User you SDT enabled Note You can also secure the SDT communications from local and enterprise VPN-connected Client computers using SSH as above. This will protect against the risk of the “man in the middle” attacks to which RDP has a vulnerability http://www.securiteam.com/windowsntfocus/5EP010KG0G.
Note How secure is VNC? VNC access generally allows access to your whole computer, so security is very important. VNC uses a random challenge-response system to provide the basic authentication that allows you to connect to a VNC server. This is reasonably secure and the password is not sent over the network. However, once connected, all subsequent VNC traffic is unencrypted. So a malicious user could snoop your VNC session.
6.3 SDT Connector to Management Console SDT Connector can also be configured for browser access to the gateway’s Management Console – and for Telnet or SSH access to the gateway command line. For these connections to the gateway itself, you must configure SDT Connector to access the gateway (itself) by setting the Console Server up as a host, and then configuring the appropriate services: Launch SDT Connector on your computer.
6.4 SDT Connector - Telnet or SSH connect to serially attached devices SDT Connector can also be used to access text consoles on devices that are attached to the Console Server’s serial ports. For these connections, you must configure the SDT Connector client software with a Service that will access the target gateway serial port, and then set the gateway up as a host: Launch SDT Connector on your computer. Select Edit -> Preferences and click the Services tab.
Click Add then scroll to the bottom and click Apply Administrators by default have gateway and serial port access privileges; however for Users to access the gateway and the serial port, you will need to give those Users the required access privileges. Select Users & Groups from Serial & Network. Click Add User. Enter a Username, Description and Password/Confirm. Select 127.0.0.1 from Accessible Host(s) and select Port 2 from Accessible Port(s). Click Apply. 6.
cmd /c start "Starting Out of Band Connection" /wait /min rasdial network_connection login password The network_connection in the above is the name of the network connection as displayed in Control Panel -> Network Connections. Login is the dial-in username, and password is the dial-in password for the connection. To initiate a pre-configured dial-up connection under Linux, use the following Start Command: pon network_connection The network_connection in the above is the name of the connection.
6.6 Importing (and exporting) preferences To enable the distribution of pre-configured client config files, SDT Connector has an Export/Import facility: To save a configuration .xml file (for backup or for importing into other SDT Connector clients), select File -> Export Preferences and select the location to save the configuration file To import a configuration, select File -> Import Preferences and select the .xml configuration file to be installed 6.
SSH client that SDT Connector launches (e.g. Putty, OpenSSH) and the host's SSH server for public key authentication. Essentially, what you are using is SSH over SSH, and the two SSH connections are entirely separate. 6.8 Setting up SDT for Remote Desktop Access Microsoft’s Remote Desktop Protocol (RDP) enables the system manager securely to access and manage remote Windows computers: to reconfigure applications and user profiles, upgrade the server’s operating system, reboot the machine, etc.
To set the user(s) who can remotely access the system with RDP, click Add on the Remote Desktop Users dialog box Note If you need to set up new users for Remote Desktop access, open User Accounts in the Control Panel and proceed through the steps to nominate the new user’s name, password and account type (Administrator or Limited) Note With Windows XP Professional and Vista, you have only one Remote Desktop session and it connects directly to the Windows root console.
In Computer, enter the appropriate IP Address and Port Number: Where there is a direct local or enterprise VPN connection, enter the IP Address of the Console Server, and the Port Number of the SDT Secure Tunnel for the Console Server’s serial port (the one that is attached to the Windows computer to be controlled). For example, if the Windows computer is connected to serial Port 3 on a Console Server located at 192.168.0.50 then you would enter 192.168.0.50:7303.
Note The Remote Desktop Connection software is pre-installed on Windows XP. However, for earlier Windows computers, you will need to download the RDP client: Go to the Microsoft Download Center site http://www.microsoft.com/downloads/details.aspx?familyid=80111F21-D48D-426E-96C208AA2BD23A49&displaylang=en and click the Download button This software package will install the client portion of Remote Desktop on Windows 95, Windows 98 and 98 Second Edition, Windows Me, Windows NT 4.
Note The rdesktop client is supplied with Red Hat 9.0: rpm -ivh rdesktop-1.2.0-1.i386.rpm For Red Hat 8.0 or other distributions of Linux; download source, untar, configure, make, make then install. rdesktop currently runs on most UNIX based platforms with the X Window System and can be downloaded from http://www.rdesktop.org/ C. On a Macintosh client: Download Microsoft's free Remote Desktop Connection client for Mac OS X http://www.microsoft.com/mac/otherproducts/otherproducts.
6.9 SDT SHH Tunnel for VNC Alternately, with SDT and Virtual Network Computing (VNC), Users and Administrators can securely access and control Windows 98/NT/2000/XP/2003, Linux, Macintosh, Solaris and UNIX computers. There’s a range of popular VNC software available (UltraVNC, RealVNC, TightVNC) freely and commercially. To set up a secure VNC connection, install and configure the VNC Server software on the computer to be accessed. Then install and configure the VNC Viewer software on the Viewer computer.
To set up a persistent VNC server on Red Hat Enterprise Linux 4: o o o o o Set a password using vncpasswd Edit /etc/sysconfig/vncservers Enable the service with chkconfig vncserver on Start the service with service vncserver start Edit /home/username/.vnc/xstartup if you want a more advanced session than just twm and an xterm C. For Macintosh servers (and clients): OSXvnc http://www.redstonesoftware.com/vnc.
A. When the Viewer computer is connected to the Console Server through an SSH tunnel (over the public Internet, or a dial-in connection, or private network connection), enter localhost (or 127.0.0.1) as the IP VNC Server IP address and the source port you entered when setting SSH tunneling/port forwarding (in Section 6.2.6) e.g. :1234 B.
Note For general background reading on Remote Desktop and VNC access, we recommend the following: The Microsoft Remote Desktop How-To http://www.microsoft.com/windowsxp/using/mobility/getstarted/remoteintro.mspx The Illustrated Network Remote Desktop help page http://theillustratednetwork.mvps.org/RemoteDesktop/RemoteDesktopSetupandTroubleshooting.ht ml What is Remote Desktop in Windows XP and Windows Server 2003? by Daniel Petri http://www.petri.co.il/what's_remote_desktop.
Windows 2003 and Windows XP Professional allow you to create a simple dial-in service which can be used for the Remote Desktop/VNC/HTTP/X connection to the Console Server: Open Network Connections in Control Panel and click the New Connection Wizard Select Set up an advanced connection and click Next On the Advanced Connection Options screen, select Accept Incoming Connections and click Next Select the Connection Device (i.e.
Specify which Users will be allowed to use this connection. This should be the same Users who were given Remote Desktop access privileges in the earlier step. Click Next On the Network Connection screen, select TCP/IP and click Properties Select Specify TCP/IP addresses on the Incoming TCP/IP Properties screen. Nominate a From: and a To: TCP/IP address and click Next Note You can choose any TCP/IP addresses as long as they are addresses which are not used anywhere else on your network.
Note The above notes describe setting up an incoming connection for Windows XP. The steps are the same for Windows 2003, except that the setup screens present slightly differently: Put a check in the box for Always allow directly connected devices such as palmtop….. Also, the option to Set up an advanced connection is not available in Windows 2003 if RRAS is configured. If RRAS has been configured, it is a simple task to enable the null modem connection for the dial-in configuration. C.
On the SDT Settings menu, select SDT Mode (which will enable port forwarding and SSH tunneling) and enter a Username and User Password. Note When you enable SDT, this will override all other Configuration protocols on that port Note If you leave the Username and User Password fields blank, they default to portXX and portXX where XX is the serial port number.
7. ALERTS AND LOGGING Introduction This chapter describes the alert generation and logging features of the Console Server. The alert facility monitors the serial ports, all logins, the power status and environmental monitors and probes. It sends emails, SMS, Nagios or SNMP alerts when specified trigger events occurs. First, enable and configure the service that will be used to carry the alert (Section 7.
In the SMTP Server field, enter the IP address of the outgoing mail Server You may enter a Sender email address which will appear as the “from” address in all email notifications sent from this Console Server. Many SMTP servers check the sender’s email address with the host domain name to verify the address as authentic. So it may be useful to assign an email address for the Console Server such as consoleserver2@mydomian.
In the SMTP SMS Server field in the Alerts & Logging: SMTP &SMS menu, enter the IP address of the outgoing mail Server You may enter a Sender email address which will appear as the “from” address in all email notifications sent from this Console Server. Some SMS gateway service providers only forward email to SMS when the email has been received from authorized senders.
Note The Console Servers have an snmptrap daemon to send traps/notifications to remote SNMP servers on defined trigger events, as detailed above. The Console Servers also embed the netsnmpd daemon which accept SNMP requests from remote SNMP management servers and provides information on network interface, running processes, disk usage, etc. (refer to Chapter 15.5 Modifying SNMP Configuration for more details) 7.1.
Select Alerts & Logging: Alerts which will display all the alerts currently configured. Click Add Alert 7.2.1 Add a new alert The first step is to specify the alert service that will be used to send notification for this event, who to notify, and what port/host/device is to be monitored: At Add a New Alert.
Activate Nagios notification if it is to be used for this event. In an SDT Nagios centrally managed environment, you can check the Nagios alert option. On the trigger condition (for matched patterns, logins, power events and signal changes), an NSCA check "warning" result will be sent to the central Nagios server. This condition is displayed on the Nagios status screen and triggers a notification. This can cause the Nagios central server itself to send out an email or an SMS, page, etc.
Serial Port Pattern Match Alert – This alert will be triggered if a regular expression is found in the serial ports character stream that matches the regular expression you enter in the Pattern field. This alert type will only be applied serial ports UPS Power Status Alert - This alert will be triggered when the UPS power status changes between On Line, On Battery, and Low Battery. This alert type will only be applied to UPS’s.
If you have selected Applicable Alarm Sensor(s) that are to be monitored for this alert event, then you can also set time windows when these sensors will not be monitored (e.g. for a door-open sensor, you may not wish to activate the sensor alert monitoring during the working day) Click Apply 7.
7.4 Serial Port Logging In Console Server mode, activity logs of all serial port activity can be maintained. These records are stored on an off-server, or in the Console Server flash memory.
7.5 Network TCP or UDP Port Logging The Console Servers can also log any access to and communications with network attached Hosts.
POWER & ENVIRONMENTAL MANAGEMENT Introduction The B092-016 Console Server and B096-048/016 Console Server Management Switch products embed software that can be used to manage connected Power Distribution Systems (PDU’s), IPMI devices and Uninterruptible Power Supplies (UPS’s) supplied by a number of vendors, and some the environmental monitoring devices. B092-016 Console Server with PowerAlert also embeds Tripp Lite’s PowerAlert software. 8.
Click Add RPC Enter a RPC Name and Description for the RPC In Connected Via, select the pre-configured serial port or the network host address that connects to the RPC Select any specific labels you wish to apply to specific RPC Outlets (e.g. the PDU may have 20 outlets connected to 20 powered devices you may wish to identify by name) Enter the Username and Password used to login into the RPC.
system is unresponsive. To set up IPMI power control, the Administrator first enters the IP address/domain name of the BMC or service processor (e.g. a Dell DRAC) in Serial & Network: Network Hosts. Then in Serial & Network: RPC Connections, the Administrator specifies the RPC Type to be IPMI1.5 or 2.0 8.1.2 RPC alerts You can now set PDU and IPMI alerts using Alerts & Logging: Alerts (refer to Chapter 7) 8.1.
The outlet status is displayed. You can initiate the desired Action to be taken by selecting the appropriate icon: Power ON Power OFF Power Cycle Power Status You will only be presented with icons for those operations that are supported by the Target you have selected 8.2 Uninterruptible Power Supply Control (UPS) The Console Servers manage UPS hardware using Network UPS Tools (refer Section 8.2.6 for an overview of embedded open source Network UPS Tools - NUT software) 8.2.
Select UPS as the Device Type in the Serial & Network: Serial Port menu for each port which has Master control over a UPS and in the Serial & Network: Network Hosts menu for each network connected UPS (refer to Chapter 4) No such configuration is required for USB-connected UPS hardware. Select the Serial & Network: UPS Connections menu. The Managed UPSes section will display all the UPS connections that have already been configured.
Enter a UPS Name and Description (optional) and identify if the UPS will be Connected Via USB or over pre-configured serial port or via HTTP/HTTPS over the preconfigured network Host connection Enter the UPS login details. This Username and Password is used by Slaves of this UPS (i.e. other computers that are drawing power through this UPS) to connect to the Console Server for monitoring of the UPS status and shutdown when battery power is low.
Check Log Status and specify the Log Rate (i.e. minutes between samples) if you wish the status from this UPS to be logged. These logs can be views from the Status: UPS Status screen Check Enable Nagios to enable this UPS to be monitored using Nagios central management Click Apply You can also customize the upsmon, upsd and upsc settings for this UPS hardware directly from the command line 8.2.
8.2.3 Configuring powered computers to monitor a Managed UPS Once you have added a Managed UPS, each server that is drawing power through the UPS should be setup to monitor the UPS status as a Slave. This is done by installing the NUT package on each server, and setting up upsmon to connect to the Console Server. Refer to the NUT documentation for details on how this is done, specifically sections 13.5 to 13.10. http://eu1.networkupstools.org/doc/2.2.0/INSTALL.html An example upsmon.
- password is the Password of the Manager UPS 8.2.4 UPS alerts You can now set UPS alerts using Alerts & Logging: Alerts (refer to Chapter 7) 8.2.
NUT can be configured using the Management Console as described above, or you can configure the tools and manage the UPS’s directly from the command line. This section provides an overview of NUT. You can find full documentation at http://www.networkupstools.org/doc. NUT is built on a networked model with a layered scheme of drivers, server and clients. 1. The driver programs talk directly to the UPS equipment and run on the same host as the NUT network server upsd.
So NUT supports the more complex power architectures found in data centers, computer rooms and NOCs where many UPS’s from many vendors power many systems with many clients and each of the larger UPS’s power multiple devices and many of these devices are themselves dual powered. 8.3 Environmental Monitoring The Environmental Monitoring Device (EMD), model B090-EMD, can be connected to any Console Server serial port and each Console Server can support multiple EMD’s.
8.3.1 Connecting the EMD The Environmental Monitoring Sensor (EMD) connects to any serial port on the Console Server via a special EMD Adapter and standard CAT5 cable. The EMD is powered over this serial connection and communicates using a custom handshake protocol. It is not an RS232 device and should not be connected without the adapter: Plug the RJ plug on the EMD Adapter (model B090-EMDADP) into RJ45 Port on the EMD (model B090-EMD).
Click Add Enter a Name and Description for the EMD and select pre-configured serial port that the EMD will be Connected Via Provide Labels for each of the two alarms Check Log Status and specify the Log Rate (minutes between samples) if you wish the status from this EMD to be logged. These logs can be views from the Status: Environmental Status screen Click Apply 8.3.
Select the Status: Environmental Status menu and a table with the summary status of all connected EMD hardware will be displayed Click on View Log or select the Environmental Logs menu and you will be presented with a table and graphical plot of the log history of the select EMD 116
AUTHENTICATION Introduction The Tripp Lite Console Server is a dedicated Linux computer, and it embodies popular and proven Linux software modules for secure network access (OpenSSH) and communications (OpenSSL) and sophisticated user authentication (PAM, RADIUS, TACACS+ and LDAP).
Local TACACS /RADIUS/LDAP: Tries local authentication first, falling back to remote if local fails TACACS /RADIUS/LDAP Local: Tries remote authentication first, falling back to local if remote fails TACACS /RADIUS/LDAP Down Local: Tries remote authentication first, falling back to local if the remote authentication returns an error condition (e.g. the remote authentication server is down or inaccessible) 9.1.1 Local authentication Select Serial and Network: Authentication and check Local Click Apply 9.1.
administrative control over the authentication and authorization processes. TACACS+ allows for a single access control server (the TACACS+ daemon) to provide authentication, authorization, and accounting services independently. Each service can be tied into its own database to take advantage of other services available on that server or on the network, depending on the capabilities of the daemon. There is a draft RFC detailing this protocol.
login, and other authentication mechanisms. Further information on configuring remote RADIUS servers can be found at the following sites: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/d4fe8248-eecd49e4-88f6-9e304f97fefc.mspx http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800945cc.shtml http://www.freeradius.org/ 9.1.
LDAP The Lightweight Directory Access Protocol (LDAP) is based on the X.500 standard, but is significantly simpler and more readily adapted to meet custom needs. The core LDAP specifications are all defined in RFCs. LDAP is a protocol used to access information stored in an LDAP server. Further information on configuring remote RADIUS servers can be found at the following sites: http://www.ldapman.org/articles/intro_to_ldap.html http://www.ldapman.org/servers.html http://www.linuxplanet.
9.2 PAM (Pluggable Authentication Modules) The Console Server supports RADIUS, TACACS+ and LDAP for two-factor authentication via PAM (Pluggable Authentication Modules). PAM is a flexible mechanism for authenticating Users. Nowadays, a number of new ways of authenticating users have become popular. The challenge is that each time a new authentication scheme is developed, it requires all the necessary programs (login, ftpd, etc.) to be rewritten to support it.
port2 = 192.168.254.145/port05 } global = cleartext mit } RADIUS Example: paul Cleartext-Password := "luap" Service-Type = Framed-User, Fall-Through = No, Framed-Filter-Id=":group_name=admin" The list of groups may include any number of entries separated by a comma. If the admin group is included, the user will be made an Administrator. If there is already a Framed-Filter-Id, simply add the list of group_names after the existing entries, including the separating colon ":". 9.
When you first enable and connect via HTTPS, it is normal that you may receive a certificate warning. The default SSL certificate in your Console Server is embedded during testing and is not signed by a recognized third party certificate authority. Rather, it is signed by our own signing authority. These warnings do not affect the encryption protection you have against eavesdroppers.
NAGIOS INTEGRATION Introduction Nagios is a powerful, highly extensible open source tool for monitoring network hosts and services. The core Nagios software package will typically be installed on a server or virtual server, the central Nagios server. Tripp Lite Console Servers can operate in conjunction with a central/upstream Nagios server to provide distributing monitoring of attached network hosts and serial devices.
10.2 Central management The Nagios solution has three parts: the Central Nagios server, Distributed Console Servers and the SDT for Nagios software. Central Nagios server A vanilla Nagios 2.x or 3.x installation (typically on a Linux server) Generally running on a blade, PC, virtual machine, etc.
You will also require a web server such as Apache to display the Nagios web UI (and this may be installed automatically as a dependency of the Nagios packages). Alternatively, you may wish to download the Nagios source code directly from the Nagios website, and build and install the software from scratch. The Nagios website (http://www.nagios.org) has several Quick Start Guides that walk through this process.
Check NSCA Enabled, choose an NSCA Encryption Method and enter and confirm an NSCA Secret. Remember these details as you will need them later on. For NSCA Interval, enter 5 Click Apply. Next, configure the attached Window network host and specify the services you will be checking with Nagios (HTTP and HTTPS): Select Network Hosts from the Serial & Network menu and click Add Host. Enter the IP Address/DNS Name of the network server, (e.g.: 192.168.1.10) and enter a Description, (e.g.
Click Apply Now set the Console Server to send alerts to the Nagios server Select Alerts from the Alerts & Logging menu and click Add Alert In Description enter: Administrator connection Check Nagios (NSCA) In Applicable Ports check the serial port that has the router console port attached.
Enter the Nagios Host Name that the Console Server will be referred to in the Nagios central server – this will be generated from local System Name (entered in System: Administration) if unspecified In Nagios Host Address, enter the IP address or DNS name that the upstream Nagios server will use to reach the Console Server – if unspecified this will default to the first network port’s IP as entered in System: IP) In Nagios Server Address, enter the IP address or DNS name that the Console Server will use to
10.3.2 Enable NRPE monitoring Enabling NRPE allows you to execute plug-ins (such as check_tcp and check_ping) on the remote Console Server to monitor serial or network attached remote servers. This will offload CPU load from the upstream Nagios monitoring machine which is especially valuable if you are monitoring hundreds or thousands of hosts. To enable NRPE: Select System: Nagios and check NRPE Enabled Enter the details for the user connection to the upstream Nagios monitoring server.
10.3.3 Enable NSCA monitoring NSCA is the mechanism that allows you to send passive check results from the remote Console Server to the Nagios daemon running on the monitoring server. To enable NSCA: Select System: Nagios and check NSCA Enabled Select the Encryption to be used from the drop-down menu, then enter a Secret password and specify a check Interval Refer the sample Nagios configuration section below for some examples of configuring specific NSCA checks 10.3.
Select Enable Nagios, specify the name of the device on the upstream server and determine the check to be run on this port. Serial Status monitors the handshaking lines on the serial port and Check Port monitors the data logged for the serial port 10.3.
The Nagios Check nominated as the check-host-alive check is used to determine whether the network host itself is up or down Typically this will be Check Ping – although in some cases the host will be configured not to respond to pings If no check-host-alive check is selected, the host will always be assumed to be up You may deselect check-host-alive by clicking Clear check-host-alive If required, customize the selected Nagios Checks to use custom arguments Click Apply 10.3.
10.4 Advanced Distributed Monitoring Configuration 10.4.1 Sample Nagios configuration An example configuration for Nagios is listed below. It shows how to set up a remote Console Server to monitor a single host, with both network and serial connections. Each check has two configurations, one for NRPE and one for NSCA. In practice, these would be combined into a single check which uses NSCA as a primary method and falling back to NRPE if a check were late.
service_description host_name use check_command } Serial Status server generic-service check_serial_status define service { service_description serial-signals-server host_name server use generic-service check_command check_serial_status active_checks_enabled 0 passive_checks_enabled 1 } define servicedependency{ name host_name dependent_host_name dependent_service_description service_description execution_failure_criteria } tripplite_nrpe_daemon_dep tripplite server Serial Status NRPE Daemon w,u,c ; Por
host_name dependent_host_name dependent_service_description service_description execution_failure_criteria } tripplite server Port Log NRPE Daemon w,u,c ; Ping define command{ command_name check_ping_via_tripplite command_line $USER1$/check_nrpe -H 192.168.254.
use check_command } generic-service check_conn_via_tripplite!tcp!22 define service { service_description host-port-tcp-22-server ; host-port--- host_name server use generic-service check_command check_conn_via_tripplite!tcp!22 active_checks_enabled 0 passive_checks_enabled 1 } define servicedependency{ name host_name dependent_host_name dependent_service_description service_description execution_failure_criteria } tripplite_nrpe_daemon_dep tripplite server SSH Port NRPE Daemon w,u
check_apt check_by_ssh check_clamd check_dig check_dns check_dummy check_fping check_ftp check_game check_hpjd check_http check_imap check_jabber check_ldap check_load check_mrtg check_mrtgtraf check_nagios check_nntp check_nntps check_nt check_ntp check_nwstat check_overcr check_ping check_pop check_procs check_real check_simap check_smtp check_snmp check_spop check_ssh check_ssmtp check_swap check_tcp check_time check_udp check_ups check_users There also are bash scripts which can be downloaded and ru
11. SYSTEM MANAGEMENT Introduction This chapter describes how the Administrator can perform a range of general system administration and configuration tasks on the Console Server, such as: Applying Soft and Hard Resets to the gateway Re-flashing the firmware Configuring the Date, Time and NTP System administration and configuration tasks covered elsewhere include: Resetting the System Password and entering a new System Name and Description for the Console Server (Chapter 3.
This will reset the Console Server back to its factory default settings and clear the Console Server’s stored configuration information. The hard erase will clear all custom settings and return the unit back to factory default settings (i.e. the IP address will be reset to 192.168.0.1). You will be prompted to log in and must enter the default administration username and administration password: Username: root Password: default 11.
Specify the address and name of the downloaded Firmware Upgrade File, or Browse the local subnet and locate the downloaded file Click Apply and the Console Server appliance will undertake a soft reboot and commence upgrading the firmware. This process will take several minutes After the firmware upgrade has completed, click here to return to the Management Console. Your Console Server will have retained all its pre-upgrade configuration information 11.
12. STATUS REPORTS Introduction This chapter describes the selection of status reports that are available for review: Port Access and Active Users Statistics Support Reports Syslog UPS Status 12.1 Port Access and Active Users The Administrator can see which Users have access privileges to each serial port: Select the Status: Port Access The Administrator can also see the current status to identify which Users have an active session on each port: Select the Status: Active Users 12.
12.3 Support Reports The Support Report provides useful status information that will assist the Tripp Lite technical support team to resolve any issues you may experience with your Console Server. If you do experience an issue and have to contact Support, ensure you include the Support Report with your email support request. The Support Report should be generated when the issue is occurring, and attached in plain text format.
Remote System Logging The syslog record can be redirected to a remote Syslog Server: Enter the remote Syslog Server address and port details and then click Apply Local System Logging To view the local Syslog file: Select Alerts & Logging: Syslog To make it easier to find information in the local Syslog file, a pattern matching filter tool is provided. Specify the Match Pattern that is to be searched for (e.g. the search for Mount is shown below) and click Apply.
13. MANAGEMENT Introduction The Console Server Management Console has a number of reports and tools that can be accessed by both Administrators and Users: Access and control configured devices View serial port logs and host logs Use SDT Connector or the java terminal to access serially attached consoles Power control 13.1 Device Management To display all the connected Serial devices, Network Hosts and Power devices: Select Manage: Devices.
To display Host logs select Manage: Host Logs and the Host to be displayed 13.3 Power Management Administrator and Users can access and manage the connected power devices. Select Manage: Power 13.
Click Connect to SDT Connector to access the Console Server command line shell or the serial ports via SDT Connector.
To access the Console Server command line, enter the gateway’s TCP address (e.g. 192.168.254.198) as hostname and the Username (e.g. root@192.168.254.198). Then enter the Password To access the Console Server's serial ports, append :serial to the username. For example, with the gateway’s TCP address of 192.168.254.198, and the Username of root, enter root:serial@192.168.254.198. Then enter Password and select the TCP Port address for the serial port to be accessed. By default 3001 is selected (i.e. Port 1).
_____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 150
14. BASIC CONFIGURATION - LINUX COMMANDS Introduction For those who prefer to configure their Console Server at the Linux command line level (rather than use a browser and the Management Console), this chapter describes how to get command line access and use the config tool to manage the system and configure the ports, etc.
14.1 The Linux Command line Power up the Console Server and connect the “terminal” device: o If you are connecting using the serial line, plug a serial cable between the Console Server local DB-9 port and terminal device. Configure the serial connection of the “terminal” device/program you are using to 115200bps, 8 data bits, no parity and one stop bit.
Options -a –run-all Run all registered configurators. This performs every configuration synchronization action pushing all changes to the live system -h –help Display a brief usage message. -v –verbose Log extra debug information -d –del=id Remove the given configuration element specified by a '.' separated identifier. -g –get=id Display the value of a configuration element. -p –path=file Specify an alternate configuration file to use. The default file is located at /etc/config/config.
14.2 Administration Configuration System Settings To change system settings to the following values: System Name og.mydomain.com System Password (root account) secret System SMTP Server 192.168.0.124 System SMTP Sender og@mydomain.com The following commands must be issued: # /bin/config –-set=config.system.name=og.mydomain.com # /bin/config –-set=config.system.password= #secret # /bin/config –-set=config.system.smtp.server=192.168.0.124 # /bin/config –-set=config.system.smtp.sender=og@mydomain.
# /bin/config –-set=config.auth.server=192.168.0.32 # /bin/config –-set=config.auth.password=Secret # /bin/config –-set=”config.auth.ldap.basenode=some base node” The following command will synchronize the live system with the new configuration. # /bin/config –-run=auth 14.3 Date and Time Configuration Manually Change Clock Settings To change the running system time, you need to issue the following commands: # date 092216452005.05 Format is MMDDhhmm[[CC]YY][.
Time Zone To change the system time zone USA to Eastern Standard Time, you need to issue the following commands: # /bin/config –-set=config.system.timezone=US/Eastern The following command will synchronize the live system with the new configuration. # /bin/config –-run=time 14.
IP Address: 192.168.1.100 Primary DNS: 192.168.1.254 Secondary DNS: 10.1.0.254 You would need to issue the following commands from the command line: # /bin/config --set=config.interfaces.wan.mode=static # /bin/config --set=config.interfaces.wan.address=192.168.1.100 # /bin/config --set=config.interfaces.wan.netmask=255.255.255.0 # /bin/config --set=config.interfaces.wan.gateway=192.168.1.1 # /bin/config --set=config.interfaces.wan.dns1=192.168.1.254 # /bin/config --set=config.interfaces.wan.dns2=10.1.
# /bin/config –-set=config.console.flow=Hardware # /bin/config –-set=config.console.initstring=ATQ0V1H0 The following command will synchronize the live system with the new configuration. # /bin/config –-run=dialin Please note that supported authentication types are 'None', 'PAP', 'CHAP' and 'MSCHAPv2'. Supported serial port baud-rates are '9600', '19200', '38400', '57600', '115200', and '230400'. Supported parity values are 'None', 'Odd', 'Even', 'Mark' and 'Space'.
# /bin/config –-del=config.services.pingreply.enabled The following command will synchronize the live system with the new configuration. # /bin/config –-run=services Note: “/bin/config” commands can be combined into one command for convenience. 14.
Supported flow-control values are 'Hardware', 'Software' and 'None'. Supported Protocol Configuration To ensure remote access to serial port 5 is configured as follows: Telnet Access LAN Disabled SSH Access LAN Enabled Raw TCP via LAN Disabled You would need to issue the following commands from the command line to set system configuration: # /bin/config –-set=config.ports.port5.ssh=on # /bin/config –-del=config.ports.port5.Telnet # /bin/config –-del=config.ports.port5.
So your new User will be the existing total plus 1, so if the previous command gave you 0, then you start with user number 1. If you already have 1 user, your new user will be number 2, etc. If you want a user named “user1” with a password of “secret” who will have access to serial port 5 from the network, you need to issue the these commands (assuming you have a previous user in place): # /bin/config –-set=config.users.user2.username=user1 # /bin/config –-set=config.users.user2.
# /bin/config –-set=config.portaccess.rule2.netmask=255.255.255.0 # /bin/config –-set=”config.portaccess.rule2.description=foo bar.” # /bin/config –-set=config.portaccess.rule2.port5=on # /bin/config –-set=config.portaccess.total=2 Please note that this rule becomes live straight away. 14.6 Event Logging Configuration Remote Serial Port Log Storage To setup remote storage of serial port 5 log to a remote Windows share with the following properties: IP Address 192.168.0.
Alert Configuration You can add an email alert to the system from the command line by following these instructions: Determine the total number of existing alerts (if you have no existing alerts) you can assume this is 0. # /bin/config –-get=config.alerts.total This command should display output similar to: config.alerts.total 1 Note that if you see: config.alerts.total This means you have 0 alerts configured. Your new alert will be the existing total plus 1.
# config -s config.sdt.hosts.host3.tcpports.tcport3 = 3389 The above assumes the config below: # vi /etc/config/config.xml ~ 3 accounts.intranet.myco.com Accounts server 1 John 192.168.254.
14.8 Configuration backup and restore Before backing up the configuration, you need to arrange a way to transfer the backup off-box. This could be via an NFS share, a Samba (Windows) share to USB storage, or copied off-box via the network. If backing up directly to off-box storage, make sure it is mounted. /tmp is not a good location for the backup except as a temporary location before transferring it off-box. The /tmp directory will not survive a reboot.
As SSH uses these keys to avoid man-in-the-middle attacks, logging in may be disrupted. 14.9 General Linux command usage The Console Server platform is a dedicated Linux computer, optimized to provide access to serial consoles of critical server systems and control network connected hosts.
route openntpd ping portmap pppd routed setserial smtpclient stty stunel tcpdump tftp tip traceroute More details on the above Linux commands can found online at: http://en.tldp.org/HOWTO/HOWTO-INDEX/howtos.html http://www.faqs.org/docs/Linux-HOWTO/Remote-Serial-Console-HOWTO.html http://www.stokely.com/unix.serial.port.resources/serial.switch.
15.
15.1 Advanced Portmanager pmshell The pmshell command acts similarly to the standard tip or cu commands, but all serial port access is directed via the portmanager. Example: To connect to port 8 via the portmanager: # pmshell -l port08 pmshell Commands: Once connected, the pmshell command supports a subset of the '~' escape commands that tip/cu support. For SSH, you must prefix the escape with an additional ‘~’ command (i.e.
pmchat The pmchat command acts similarly to the standard chat command, but all serial port access is directed via the portmanager. Example: To run a chat script via the portmanager: # pmchat -v -f /etc/config/scripts/port08.chat < /dev/port08 For more information on using chat (and pmchat), you should consult the UNIX man pages: http://techpubs.sgi.com/library/tpl/cgibin/getdoc.cgi?coll=linux&db=man&fname=/usr/share/catman/man8/chat.8.
Portmanager Daemon Command line options There is normally no need to stop and restart the daemon. To restart the daemon, just run the command: # portmanager Supported command line options are: Force portmanager to run in the foreground: --nodaemon Set the level of debug logging: --loglevel={debug,info,warn,error,alert} Change which configuration file it uses: -c /etc/config/portmanager.conf Signals Sending a SIGHUP signal to the portmanager will cause it to reread its configuration file 15.
When an alert occurs on a port, the portmanager will attempt to execute /etc/config/scripts/portXX.alert (where XX is the port number, e.g. 08) The script is run with STDIN containing the data which triggered the alert, and STDOUT redirected to /dev/null, NOT to the serial port. If you wish to communicate with the port, use pmshell or pmchat from within the script. If the script cannot be executed, then the alert will be mailed to the address configured in the system administration section. III.
fi if [ -z "$LABEL" ]; then echo "Welcome $USER, you are connected to Port $PORT" else echo "Welcome $USER, you are connected to Port $PORT ($LABEL)" fi 15.3 Raw Access to Serial Ports Access to Serial Ports You can tip and stty to completely bypass the portmanager and have raw access to the serial ports. When you run tip on a portmanager controlled port, portmanager closes that port, and stops monitoring it until tip releases control of it.
To override the standard modem initialization string, either use the Management Console (refer to Chapter 5) or the command line config tool (refer to Dial-In Configuration Chapter 14). Enabling Boot Messages on the Console If you are not using a modem on the DB9 console port and instead wish to connect to it directly via a Null Modem cable, you may want to enable verbose mode, allowing you to see the standard linux start-up messages.
Customizing the IP-Filter: /etc/config/filter-custom If the standard system firewall configuration is not adequate for your needs, it can be bypassed safely by creating a file at /etc/config/filter, custom- containing commands to build a specialized firewall. This firewall script will be run whenever the LAN interface is brought up (including initially) and will override any automated system firewall settings. Below is a simple example of a custom script which creates a firewall using the iptables command.
Resources There are many high-quality tutorials and HOWTOs available via the netfilter website; in particular, peruse the tutorials listed on the netfilter HOWTO page. A list of useful web locations has been compiled for your convenience below: Netfilter Homepage http://netfilter.org Netfilter/iptables Tutorials http://netfilter.org/documentation/index.html#documentationtutorials 15.5 Modifying SNMP Configuration /etc/config/snmpd.
The snmpd.conf is extremely powerful and too flexible to cover completely here. The configuration file itself is commented extensively and good documentation is available at the net-snmp website http://www.net-snmp.org, specifically: Man Page: http://www.net-snmp.org/docs/man/snmpd.conf.html FAQ: http://www.net-snmp.org/docs/FAQ.html Net-SNMPD Tutorial: http://www.net-snmp.org/tutorial/tutorial-5/demon/snmpd.
To set the Engine ID field (SNMP version 3 only) config --set config.system.snmp.engineid2=800000020109840301 .. replacing 800000020109840301 with the engine ID To set the Username field (SNMP version 3 only) config --set config.system.snmp.username2=yourusername .. replacing yourusername with the username config.system.snmp.username2 (3 only) To set the Engine ID field (SNMP version 3 only) config --set config.system.snmp.password2=yourpassword ..
OpenSSH, the de facto open source SSH application, encrypts all traffic (including passwords) to effectively eliminate these risks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods. OpenSSH is the port of OpenBSD's excellent OpenSSH[0] to Linux and other versions of Unix.
Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): /home/user/keys/control_room Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/keys/control_room Your public key has been saved in /home/user/keys/control_room.pub. The key fingerprint is: 28:aa:29:38:ba:40:f4:11:5e:3f:d4:fa:e5:36:14:d6 user@server $ You must ensure there is no password associated with the keys.
Assuming the user on the Management Console is called "fred"; the IP address of the Console Server is 192.168.0.1 (default); and the public key is on the linux/unix computer in ~/.ssh/id_dsa.pub. Execute the following command on the linux/unix computer: scp ~/.ssh/id_dsa.pub \ root@192.168.0.1:/etc/config/users/fred/.ssh/authorized_keys The authorized_keys file on the Console Server needs to be owned by "fred", so login to the Management Console as root and type: chown fred /etc/config/users/fred/.
More documentation on OpenSSH can be found at: http://openssh.org/portable.html http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1 http://www.openbsd.org/cgi-bin/man.cgi?query=sshd Generating public/private keys for SSH (Windows) This section describes how to generate and configure SSH keys using Windows. First create a new user from the Management Console on the Console Server (the following example users a user called "testuser") making sure it is a member of the "users" group.
OpenSSH: http://www.openssh.org/ OpenSSH (Windows): http://sshwindows.sourceforge.net/download/ For example, using PuTTYgen, make sure you have a recent version of the puttygen.exe (available from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html). Make sure you have a recent version of WinSCP (available from http://winscp.net/eng/download.php) To generate a SSH key using PuTTY http://sourceforge.net/docs/F02/#clients: Execute the PUTTYGEN.
Create a new file " authorized_keys " (with notepad) and copy your public key data from the "Public key for pasting into OpenSSH authorized_keys file" section of the PuTTY Key Generator, and paste the key data to the "authorized_keys" file. Make sure there is only one line of text in this file. Use WinSCP to copy this "authorized_keys" file into the users home directory: eg. /etc/config/users/testuser/.ssh/authorized_keys of the Console Server which will be the SSH server.
The authenticity of host 'remhost (192.168.0.1)' can't be established. RSA key fingerprint is 8d:11:e0:7e:8a:6f:ad:f1:94:0f:93:fc:7c:e6:ef:56. Are you sure you want to continue connecting (yes/no)? At this stage, answer yes to accept the key. You should get the following message: Warning: Permanently added 'remhost,192.168.0.1' (RSA) to the list of known hosts. You may be prompted for a password, but there is no need to log in: you have received the fingerprint and can Ctrl-C to cancel the connection.
As detailed in Chapter 4, the Server gateway is set up in Console Server mode with either RAW or RFC2217 enabled and the Client gateway is set up in Serial Bridging Mode with the Server Address, and Server TCP Port (4000 + port for RAW or 5000 + port # for RFC2217) specified: Select SSH Tunnel when configuring the Serial Bridging Setting Next you will need to set up SSH keys for each end of the tunnel and upload these keys to the Server and Client gateways.
Generated keys may be one of two types - RSA or DSA (and it is beyond the scope of this document to recommend one over the other). RSA keys will go into the files id_rsa and id_rsa.pub. DSA keys will be stored in the files id_dsa and id_dsa.pub. For simplicity going forward, the term private key will be used to refer to either id_rsa or id_dsa and public key to refer to either id_rsa.pub or id_dsa.pub.
Your identification has been saved in /home/user/keys/control_room Your public key has been saved in /home/user/keys/control_room.pub. The key fingerprint is: 28:aa:29:38:ba:40:f4:11:5e:3f:d4:fa:e5:36:14:d6 user@server $ You should ensure there is no password associated with the keys. If there is a password, then the Console Server devices will have no way to supply it as runtime.
To use public key authentication with SDT Connector, first you must first create an RSA or DSA key pair (using ssh-keygen, PuTTYgen or a similar tool) and add the public part of your SSH key pair to the Console Server – as described in the earlier section. Next, add the private part of your SSH key pair (this file is typically named id_rsa or id_dsa) to SDT Connector client. Click Edit -> Preferences -> Private Keys -> Add, locate the private key file and click OK.
http://www.openssl.org/docs/apps/openssl.html http://www.openssl.org/docs/HOWTO/certificates.txt 15.8 HTTPS The Management Console can be served using HTTPS by running the webserver via sslwrap. The server can be launched on request using inetd. The HTTP server provided is a slightly modified version of the fnord-httpd from http://www.fefe.de/fnord/ The SSL implementation is provided by the sslwrap application compiled with OpenSSL support. More detailed documentation can be found at http://www.rickk.
You will be prompted to enter a lot of information. Most of it doesn't matter, but the "Common Name" should be the domain name of your computer (e.g. test.tripplite.com). When you have entered everything, the certificate will be created in a file called ssl_cert.pem. 3. Installing the key and certificate The recommended method for copying files securely to the Console Server unit is with an SCP (Secure Copying Protocol) client.
443 stream tcp nowait root sslwrap -cert /etc/config/ssl_cert.pem -key /etc/config/ssl_key.pem -exec /bin/httpd /home/httpd" Save the file and signal inetd of the configuration change. kill -HUP `cat /var/run/inetd.pid` The HTTPS server should be accessible from a web client at a URL similar to this: https:// More detailed documentation about the openssl utility can be found at the website: http://www.openssl.org/ 15.
Targets connected to RPC's that could not be contacted (e.g. due to network failure) are reported as status "unknown". If possible, output will be compressed into host ranges. -n, --node Query node power status of targets (if implemented by RPC). If no targets are specified, query all targets. In this context, a node in the OFF state could be ON at the plug but operating in standby power mode. -b, --beacon Query beacon status (if implemented by RPC). If no targets are specified, query all targets.
Power on foo0,foo4,foo5: powerman --on foo[0,4-5] As a reminder to the reader, some shells will interpret brackets ([ and ]) for pattern matching. Depending on your shell, it may be necessary to enclose ranged lists within quotes. For example, in tcsh, the last example above should be executed as: powerman --on "foo[0,4-5]" pmpower The pmpower command is a high-level tool for manipulating remote, preconfigured power devices connected to the Console Servers either via a serial or network connection.
The first is to have scripts to support the particular RPC included in the open source PowerMan project (http://sourceforge.net/projects/powerman). The PowerMan device specifications are unusual and it is suggested that you leave the actual writing of these scripts to the PowerMan authors. However documentation on how they work can be found at http://linux.die.net/man/5/powerman.dev.
This value will be passed to the scripts in the environment variable outlet, allowing the script to address the correct outlet. There are four possible scripts: on, off, cycle and status When a script is run, its standard input and output is redirected to the appropriate serial port. The script receives the outlet and port in the outlet and port environment variables respectively. The script can be anything that can be executed within the shell. All of the existing scripts in /etc/powerstrips.
[-U ] [-A ] [-L ] [-a|-E|-P|-f ] [-o ] ipmitool [-c|-h|-v|-V] -I lanplus -H [-p ] [-U ] [-L ] [-a|-E|-P|-f ] [-o ] [-C ] DESCRIPTION This program lets you manage Intelligent Platform Management Interface (IPMI) functions of either the local system, via a kernel device driver, or a remote system, using IPMI V1.5 and IPMI v2.0.
-f Specifies a file containing the remote server password. If this option is absent, or if password_file is empty, the password will default to NULL. -h Get basic usage help from the command line. -H Remote server address can be an IP address or hostname. This option is required for lan and lanplus interfaces. -I Selects IPMI interface to use. Supported interfaces that are compiled in and visible in the usage help output. -L Force session privilege level.
environments where system security is not an issue or where there is a dedicated secure 'management network' or access has been provided through an Console Server. Further, it is strongly advised that you should not enable IPMI for remote access without setting a password, and that the password should not be the same as any other password on that system. When an IPMI password is changed on a remote machine with the IPMIv1.5 lan interface, the new password is sent across the network as clear text.
ipmitool chassis help Chassis Commands: status, power, identify, policy, restart_cause, poh, bootdev ipmitool chassis power help chassis power Commands: status, on, off, cycle, reset, diag, soft You will find more details on ipmitools at http://ipmitool.sourceforge.net/manpage.html 15.
- Select Status: Support Report - Scroll down to Processes - Look for: /bin/ssh -MN -o ControlPath=/var/run/cascade/%h Slavename - These are the Slaves that are connected - Note: The end of the Slaves' names will be truncated, so the first 5 characters must be unique Alternatively, you can write a custom CGI script as described above. The currently connected Slaves can be determined by running: ls /var/run/cascade and the configured Slaves can be displayed by running: config -g config.cascade.
16. THIN CLIENT (B092-016) Introduction The B092-016 has a selection of management clients (Firefox browser, SSH, Telnet, VNC viewer, ICA, RDP) embedded as well as the Tripp Lite PowerAlert software. With these, the B092-016 provides rackside control of computers, networking, telecom, power and other managed devices via serial, USB or IP over the LAN. This chapter provides instructions on configuring the thin clients and using them locally and remotely.
For each new Host you add, you will be asked to enter a Label (enter a descriptive name) and a Hostname (enter the IP Address or DNS Name of the new network connected Host) and possibly a Username (enter the name you will use to log in to the Host) Once a Host has been added, you can select Edit and update the commands that will be executed in connecting the service to the existing Host The sixteen serial ports are pre-configured by default in Console Server mode for the B096-016 / B096-048 Console Server
16.1.1 Connect- serial terminal Select Connect: Serial on the control panel and click on the desired serial port. A window will be created with a connection to the device on the selected serial port: The embedded terminal emulator uses rxvt (a color vt102 terminal emulator). You can find more details on configuration options in http://www.rxvt.org/manual.html 16.1.
The B092-016 provides a powerful Mozilla Firefox browser with a licensed Sun Java JRE Java and all Java based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries 16.1.
If the HostName was left blank when the VNC server connection was configured, then the VNC Viewer will start with a request for the VNC server. Selecting Options at this stage enables you to configure the VNC Viewer Alternately, you can select Options by right-clicking on the VNC Viewer task Bar icon You can find more details on configuration options in http://www.realvnc.com/products/free/4.1/man/vncviewer.html 16.1.4 Connect- SSH SSH is typically used to log into a remote machine and execute commands.
The B092-016 SSH connection uses OpenSSH (http://www.openssh.com/) and the terminal connection is presented using rxvt (ouR XVT). You can find more details on configuration options in http://www.rxvt.org/manual.html 16.1.5 Connect- IPMI The B092-016 control panel provides a number of IPMI tools for managing service processors or Baseboard Management Controllers (BMCs). These IPMI controls are built on the ipmitools program. Find more details on configuration options in http://ipmitool.sourceforge.
The resulting serial character connection is presented in an rxvt (ouR XVT) window. Also the Serial-OverLAN feature is only applicable to IPMI2.0 devices. Select Logs: IPMI on the control panel and select the IPMI Event Log to be viewed This will retrieve the selected IPMI event log by running: # ipmitool -I lanplus -H hostname -U username -P password sel info 16.1.
You can use Add/Delete/Edit to customize the rdesktop client (e.g. to include login username passwords). The command line protocol is: rdesktop -u windows-user-id -p windows-password -g 1200x950 ms-windows-terminal-serverhost-name option Description -a Color depth: 8, 16, 24 -r Device redirection. i.e. Redirect sound on remote machine to local device i.e. -0 -r sound (MS/Windows 2003) -g Geometry: widthxheight or 70% screen percentage. -p Use -p - to receive password prompt.
16.1.8 Connect- PowerAlert Select Connect: PowerAlert on the control panel. The PowerAlert software will be launched. 16.2 Advanced Control Panel 16.2.1 System: Terminal Selecting System: Terminal on the control panel logs you in at the command line to the B092-016 Linux kernel. As detailed in Chapters 14 and 15, this enables you to configure and customize your B092-016 using the config and portmanager commands or general Linux commands.
16.2.2 System: Shutdown / Reboot Clicking System: Shutdown on the control panel will shut down the B092-016 system. You will need to cycle the power to reactivate the B092-016 with a soft reset. Similarly, by clicking System: Reboot, you will initiate a soft reset. With a soft reset, the B092-016 reboots with all settings such as the assigned network IP address, preserved. However a soft reset disconnects all Users and ends any SSH sessions that had been established.
16.3 Remote control You can access the B092-016 locally via a directly connected keyboard, monitor and mouse (or KVM switch). If the B092-016 is connected to a KVMoIP infrastructure, then this may also provide you with some remote access to the B092-016 local consoles (RDP, Telnet, VNC, ICA, JRE etc). The B092-016 also hosts an embedded VNC server that enables you to remotely monitor and control the thin client software (RDP, Telnet, VNC, ICA etc) that is running in the B092-016 itself.
Appendix A Hardware Specification FEATURE Dimensions VALUE B096-016 / B096-048: 17 x 12 x 1.75 in (43.2 x 31.3. x 4.5 cm) B092-016: 17 x 6.7 x 1.75 in (44 x 17 x 4.5 cm) Weight B096-016 / B096-048: 11.8 lbs (5.4 kg) B092-016: 8.5 lb (3.
Appendix B Serial Port Connectivity Pinout standards exist for both DB9 and DB25 connectors, however, there are not pinout standards for serial connectivity using RJ45 connectors. Many Console Servers and serially managed servers/ router/ switches/ PSUs have adopted their own unique pinout; so custom connectors and cables may be required to interconnect your Console Server.
Connectors included in Console Server The B092-016 Console Server with PowerAlert, and the B096-048/016 Console Server Management Switch ship with a “cross-over” and a “straight” RJ45-DB9 connector for connecting to other vendor’s products: O E DB9F-RJ45S straight connector DB9F-RJ45S cross-over connector _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 215
Appendix C End User License Agreement READ BEFORE USING THE ACCOMPANYING SOFTWARE YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE USING THE ACCOMPANYING SOFTWARE, THE USE OF WHICH IS LICENSED FOR USE ONLY AS SET FORTH BELOW. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT, DO NOT USE THE SOFTWARE. IF YOU USE ANY PART OF THE SOFTWARE, SUCH USE WILL INDICATE THAT YOU ACCEPT THESE TERMS.
EXPORT RESTRICTIONS. You agree that you will not export or re-export the Software, any part thereof, or any process or service that is the direct product of the Software in violation of any applicable laws or regulations of the United States or the country in which you obtained them. U.S. GOVERNMENT RESTRICTED RIGHTS. The Software and related documentation are provided with Restricted Rights.
REGARDING THE DEVICE OR THE SOFTWARE, THOSE WARRANTIES DO NOT ORIGINATE FROM, AND ARE NOT BINDING ON, TRIPP LITE. NO LIABILITY FOR CERTAIN DAMAGES.
Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License.
a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on
distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.
3. Source Code. Software may contain source code that, unless expressly licensed for other purposes, is provided solely for reference purposes pursuant to the terms of your license. Source code may not be redistributed unless expressly provided for in the terms of your license. 4. Third Party Code. Additional copyright notices and license terms applicable to portions of the Software are set forth in the THIRDPARTYLICENSEREADME.txt file.
Appendix D Service and Warranty Limited Warranty Seller warrants this product, if used in accordance with all applicable instructions, to be free from original defects in material and workmanship for a period of 2 years (except U.S., Canada and Mexico: 1 year) from the date of initial purchase. If the product should prove defective in material or workmanship within that period, Seller will repair or replace the product, in its sole discretion.
Tripp Lite World Headquarters 1111 W. 35th Street, Chicago, IL 60609 USA (773) 869-1234 (USA) • 773.869.1212 (International) www.tripplite.