Contents Introduction--1 Product Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Access Procedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Upgrading Firmware through a Serial Connection . . . . . . . . . . . . . . 8 Front Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Watchdog Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Control Console--15 How to Log On . . . . . . .
Data Menu (Web Interface Only)--69 Log Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Configuration Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Network Menu--71 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 System Menu--96 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 Option Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
How to Export Configuration Settings--153 Retrieving and Exporting the .ini File . . . . . . . . . . . . . . . . . . . . 153 The Upload Event and Error Messages . . . . . . . . . . . . . . . . . . . 158 Using the APC Device IP Configuration Wizard . . . . . . . . . . . . . . 160 File Transfers--161 Upgrading Firmware: Methods and Tools . . . . . . . . . . . . . . . . . 162 Verifying Upgrades and Updates . . . . . . . . . . . . . . . . . . . . . . . 170 Product Information--171 Warranty and Service . . . .
Introduction Product Description The APC® Switched Rack Power Distribution Unit (PDU) is a stand-alone, network-manageable device that provides current monitoring and allows programmable control of eight, sixteen, or twenty-four power outlets (depending on the model). You can manage a Switched Rack PDU through its Web interface, its control console, the InfraStruXure® Manager, or SNMP: • The Web interface supports using HTTPS access with Secure Sockets Layer (SSL) and using HTTP access.
• Four levels of user access accounts—Administrator, Device Manager, Read Only User, and Outlet User • Event and data logging—the event log is accessible by Telnet, Secure CoPy (SCP), File Transfer Protocol (FTP), serial connection, or Web browser (using HTTPS access with SSL, or using HTTP access).
Access Procedures Overview For more information about the internal user interfaces, see Control Console and Web Interface. The SNMP interface also allows you to use an SNMP browser with the PowerNet® Management Information Base (MIB) to manage the Rack PDU. Switched Rack PDU USER’S GUIDE The Switched Rack PDU has two internal interfaces (control console and Web interface) that allow you to manage the Rack PDU.
Types of user accounts The Rack PDU has four levels of access (Administrator, Device Manager, Read-Only User, and Outlet User), all of which are protected by password and user name requirements. • A Device Manager can use only the following menus: – The Device Manager menu and its sub-menus in the control console, and all menus in the top section of the navigation panel of the Web Interface (Switched Rack PDU and Outlets). – The Log option in the Events menu in the Web interface.
Switched Rack PDU USER’S GUIDE You must use the Web interface to configure values for the Read-Only User, and you must use the control console to configure values for an Outlet User.
How to Recover From a Lost Password You can use a local computer, a computer that connects to the Rack PDU or other device through the serial port to access the control console. 2. Connect the serial cable (990-0144) to the selected port on the computer and to the configuration port at the Rack PDU: 3. Run a terminal program (such as HyperTerminal®) and configure the selected port as follows: – 9600 bps – 8 data bits – no parity Switched Rack PDU USER’S GUIDE 1.
7. From the Control Console menu, select System, then User Manager. 8. Select Administrator, and change the User Name and Password settings, both of which are now defined as apc. Switched Rack PDU USER’S GUIDE 9. Press CTRL-C, log off, reconnect any serial cable you disconnected, and restart any service you disabled.
Upgrading Firmware through a Serial Connection You can use a local computer that connects to the Rack PDU through the serial port on the front panel of the unit. 1. Select a serial port at the local computer, and disable any service which uses that port. 2. Use the supplied serial cable (940-0144) to connect the selected port to the serial port on the front panel of the Rack PDU.
9. In the terminal program, send the file using the XMODEM protocol. When the transfer finishes, the console will prompt you to restore the baud rate to normal. Do not interrupt the download. The Rack PDU will restart when the download is complete. Upgrading the firmware will not interfere with the operation of the outlets.
Front Panel Switched Rack PDU USER’S GUIDE Single-phase Three-phase Three-phase Switched Rack PDUs have one of the following two front panels: ® 10
Switched Rack PDU USER’S GUIDE Item Function Load Indicator LED Identifies overload and warning conditions for the displayed phase or bank. See Load indicator LED. Input Selector On 3-phase models, press the input selector to monitor the current of the next phase or bank. For either 1- or 3-phase units, press and hold the input selector to display the IP address of the Rack PDU or to invert the display. At five seconds, the IP address is displayed; at ten seconds the displayed numbers invert.
Function Digital Display Displays the current (amps) for the phase or bank indicated by the illuminated Load Indicator LED. On 3-phase units, the Digital Display will cycle through the phases or banks, displaying the current for each for 3 seconds. If an internal communication failure or power supply failure occurs (for either a 1- or 3-phase model), the Digital Display displays Er, which you can clear by pressing the input selector.
Status LED Condition Description Off The Rack PDU has no power. Solid Green The Rack PDU has valid TCP/IP settings. Flashing Green The Rack PDU does not have valid TCP/IP settings.† Solid Orange A hardware failure has been detected in the Rack PDU. Contact APC Worldwide Customer Support. Flashing Orange The Rack PDU is making BOOTP requests. Flashing Orange and Green (alternating) The Rack PDU is making DHCP requests.
Watchdog Features Overview Network interface watchdog mechanism The Rack PDU implements internal watchdog mechanisms to protect itself from becoming inaccessible over the network. For example, if the Rack PDU does not receive any network traffic for 9.5 minutes (either direct traffic, such as SNMP, or broadcast traffic, such as an Address Resolution Protocol [ARP] request), it assumes that there is a problem with its network interface and restarts itself.
Control Console How to Log On You can use either a local (serial) connection, or a remote (Telnet or SSH) connection to access the control console. Use case-sensitive User Name and Password entries to log on (by default, apc and apc for an Administrator, or device and apc for a Device Manager). A Read-Only User has no access to the control console. If you cannot remember your user name or password, see How to Recover From a Lost Password.
Remote access to the control console Telnet for basic access. Telnet provides the basic security of authentication by user name and password, but not the high-security benefits of encryption. To use Telnet to access the control console from any computer on the same subnet: 1. At a command prompt, type telnet and the System IP address for the Rack PDU (when the PDU uses the default Telnet port of 23), and then press ENTER. For example: telnet 139.225.6.
Local access to the control console You can use a local computer that connects to the Rack PDU through the serial port on the front panel of the unit. 2. Use the supplied serial cable (940-0144) to connect the selected port to the serial port on the front panel of the Rack PDU. 3. Run a terminal program (such as HyperTerminal) and configure the selected port for 9600 bps, 8 data bits, no parity, 1 stop bit, and no flow control. Save the changes. 4.
Main Screen Example main screen User Name : apc Password : *** American Power Conversion Network Management Card AOS v2.6.4 (c) Copyright 2002 All Rights Reserved Rack PDU APP v2.6.
Information and status fields Network Management Card AOS Rack PDU APP v2.6.4 v2.6.6 • Three fields identify the system Name, Contact, and Location values. Name : MS3 Test Unit Contact : Bill Cooper Location : Testing Lab To set the Name, Contact, and Location values, see System Menu. Switched Rack PDU USER’S GUIDE Main screen information fields. • Two fields identify the APC operating system (AOS) and application (APP) firmware versions.
Main screen status fields. • A Stat field reports the Rack PDU status. Switched Rack PDU USER’S GUIDE Stat : P+ N+ A+ P+ The APC operating system (AOS) is functioning properly. N+ The network is functioning properly. N? A BOOTP request cycle is in progress. N– The Rack PDU failed to connect to the network. N! Another device is using the IP address of the Rack PDU. A+ The application is functioning properly. A– The application has a bad checksum. A? The application is initializing.
Control Console Menus Menu structure For menus that allow you to change a setting, you must use the Accept Changes option to save the changes you made. While in a menu, you can also do the following: • Type ? and press ENTER to access brief menu option descriptions (if the menu has help available). • Press ENTER to refresh the menu. • Press ESC to go back to the menu from which you accessed the current menu. • Press CTRL-C to return to the main (control console) menu.
Main menu The main control console menu has options that provide access to the management features of the control console: 1- Device Manager 2- Network 4- Logout s When you log on as Device Manager or as an Outlet User, you will not have access to the Network or System menus. Device Manager option This option accesses the Device Manager menu. Select the components you want to manage from this menu.
Network option To do any of the following tasks, see Network Menu: • Configure the TCP/IP settings for the Rack PDU or, when the Rack PDU will obtain its TCP/IP settings from a server, configure the settings for the type of server (DHCP or BOOTP) to be used. • Define settings that affect the FTP, Telnet, Web interface and SSL, SNMP, e-mail, DNS, and Syslog features of the Rack PDU.
Web Interface How to Log On You can use the DNS name or System IP address of the Switched Rack PDU for the URL address of the Web interface. If you are using HTTPS (SSL/TSL) as your access protocol, your login credentials are compared with information in a server certificate. If the certificate was created with the APC Security Wizard, when you log on you must use the same identifier for the Rack PDU as you specified for the common name in the certificate (either the IP address or the DNS name).
See Web/SSL (Web/SSL/TLS in the control console) to select, enable, and disable the protocols that control access to the Web interface and to define the Web-server ports for the protocols. Supported Web browsers As your browser, you can use Microsoft® Internet Explorer (IE) 5.0 (and higher) or Netscape® 4.0.8 (and higher, except Netscape 6.x) to access the Rack PDU through its Web interface. Other commonly available browsers also may work but have not been fully tested by APC.
URL address formats If the error “You are not authorized to view this page” occurs (Internet Explorer only), someone is logged onto the Web interface or control console. If the error “No Response” (Netscape) or “This page cannot be displayed” (Internet Explorer) occurs, Web access may be disabled, or the Rack PDU may use a non-default Webserver port that you did not specify correctly in the address.
Summary Page When you log on to the Web interface at the Switched Rack PDU, the status view is at the right side of the screen, the quick status tab is at the upper right, and the navigation menu is at the left. The Status view has three sections: • The Device Status section reports any active alarm or warning conditions and displays the load for each phase or bank, including a graphic representation of the load thresholds.
Quick status tab The quick status tab is displayed at the upper right on every page in the Web interface. The tab shows active alarms and warnings and a link to the online help. Click the green “device operating normally” icon to return to the status screen where the current for each phase or bank is displayed. Click the warning icon to return to the status screen where active warnings are displayed. Put the mouse cursor on the icon to view details of the warning.
Navigation Menu On the Web interface, the navigation menu (left frame) has the following elements: • IP address of the Rack PDU • Menus to manage the Rack PDU and its components: – Switched Rack PDU menu with Configuration and Scheduling as options – Outlets menu with Control, Configuration, and Outlet Groups as options • Menus to manage the event log, data log, network connection, and system parameters: – Events menu Switched Rack PDU USER’S GUIDE Overview – Data menu – Network menu – System menu When
Selecting a menu to perform a task • To do the following, see Switched Rack PDU Settings: – Configure the overload and low load thresholds for each phase or bank. – Configure the Overload Outlet Restriction for each phase or bank. • To do the following, see Outlet Settings for Outlets and Outlet Groups: – Apply power to and remove power from the outlets. – Set Power On Delay, Power Off Delay, and Reboot Duration for the outlets. – Set the names and associated links for the outlets.
• To do the following, see Network Menu: – Identify the Domain Name System (DNS) Server, test its network connection, and enable or disable DNS Reverse Lookup Event Logging (which logs the domain name of the device associated with each event). – Define settings for FTP, Telnet, SSH, the Web interface, SNMP, e-mail, and SSL/TLS. – Configure the Rack PDU’s Syslog message feature. • To do the following, see System Menu: – Control Administrator and Device Manager access. – Manage Outlet User access.
In the control console, the About System option, which is a System menu option, has the Flash Type value. Provides three user-definable URL link options. By default, these links access the following APC Web pages: • APC’s Web Site accesses the APC home page. • Testdrive Demo accesses a demonstration page where you can use samples of APC Web-enabled products. • APC Monitoring accesses the “APC Remote Monitoring Service” page about pay-for-monitoring services available from APC.
Device and Outlet Management Menus How to Configure and Control Outlet Groups An outlet group consists of outlets that are logically linked together on the same Switched Rack PDU. Outlets that are in an outlet group turn on, turn off, and reboot in a synchronized manner, i.e., within a one-second interval under normal conditions: • A local outlet group consists of two or more outlets on a Switched Rack PDU. Only the outlets in that group are synchronized.
Purpose and benefits of outlet groups • Synchronized shutdown and startup of the power supplies of dualcorded servers avoids erroneous reporting of power supply failures during a planned system shutdown or reboot. • Synchronizing outlets by using outlet groups provides more precise shutdown and restart timing than relying on the delay periods of individual outlets. • A global outlet is visible to the user interfaces of the Switched Rack PDUs to which it is linked.
System requirements for outlet groups To set up and use synchronized outlet control groups: • If outlets groups are to be synchronized across multiple Switched Rack PDUs, those Switched Rack PDUs must meet the following requirements: – They must be on the same subnet. – They must use firmware that has the same version number, which must be 2.6.1 or higher for both the APC Operating System (AOS) module and the Application module.
Rules for configuring outlet groups For a system that uses outlet groups, the following rules apply: • A Switched Rack PDU can have more than one outlet group, but an outlet can belong to only one outlet group. • You can synchronize a global outlet group on one Switched Rack PDU with a global outlet group on each of three other Switched Rack PDUs.
How to enable outlet groups From the Outlets menu in the Web interface, select Outlet Groups, configure the following parameters, and click Apply. Parameter Description Device Level Outlet Group To create an outlet group, you must enable this parameter. It is disabled by default. Enable support for global outlet groups (linked groups). Switched Rack PDU USER’S GUIDE Enable creation of outlet groups.
How to create multiple global outlet groups (Web interface) To set up multiple global outlet groups that link to outlet groups on other Switched Rack PDUs: 1. From the Outlets menu in the Web interface, select Outlet Groups. See How to enable outlet groups. 3. Click Create Global Outlet Groups. 4. For each global outlet group you want to create, select an outlet by clicking on its check-box. Then click Apply.
The following configuration shows two Switched Rack PDUs, each with eight outlet groups. Each outlet group consists of a single global outlet. Each outlet group on the first Switched Rack PDU is linked to the outlet group in the same location on the second Switched Rack PDU.
These four global outlet groups synchronize a total of 19 outlets. These two global outlet groups synchronize 6 outlets, 2 in one group and 4 in the other. This local outlet group synchronizes 3 outlets on the same Switched Rack PDU. Switched Rack PDU USER’S GUIDE The following configuration shows three sets of synchronized outlets. Global outlets are shown in black. Outlet groups are enclosed in red rectangles.
Verify your setup and configuration for global outlet groups To ensure that your setup meets all system requirements for outlet group and that you have configured the outlet groups correctly, select Outlet Groups from the Outlets menu in the Web interface to view the groups and their connections: – All configured outlet groups on the current Switched Rack PDU. – The outlets in each group by outlet number. – Any outlet groups on other Switched Rack PDUs with which a global outlet group is synchronized.
Outlet Settings for Outlets and Outlet Groups How to initiate a control action • For an individual outlet (not in an outlet group), the action uses the delay periods and reboot duration configured for that outlet. • For a global outlet group, the action uses the delay periods and reboot duration configured for the global outlet. • For a local outlet group, the action uses the delay periods configured for the lowest-numbered outlet in the group. Web interface.
Control actions you can select. Switched Rack PDU USER’S GUIDE t Option Description No Action (Web interface only) Do nothing. On Immediate Apply power to the selected outlets. On Delayed Apply power to each selected outlet according to its value for Power On Delay.† Off Immediate Remove power from the selected outlets. Off Delayed Remove power from each selected outlet according to its value for Power Off Delay.† Reboot Immediate Remove power from each selected outlet.
How to configure outlet settings and outlet name Setting Description Power On Delay Set the number of seconds that the Rack PDU waits after a command is issued before applying power to an outlet. NOTE: To configure an outlet to remain off at all times, check the Never check box next to Power On Delay in the Web interface, or configure a value of –1 for Power On Delay in the control console.
Web Interface. To configure the outlet settings or outlet names, select Configuration on the Outlets menu, and click the Configure button in the Outlet Settings section or in the Outlet Name Configuration section. • Configure outlet settings in the top section of the next screen: – Enter values for Power On Delay, Power Off Delay, or Reboot Duration, and click the Apply button immediately below the list.
Switched Rack PDU Settings Configure Load Thresholds Web interface. 1. Select Switched Rack PDU from the navigation menu. 3. Set Overload Alarm Threshold, Near Overload Warning Threshold, Low Load Warning Threshold, and Overload Outlet Restrictions for each phase or bank. 4. Click Apply in that section to set the selected values. Control console. 1. From the Device Manager menu, select Phase/Bank Monitor/ Configuration. Switched Rack PDU USER’S GUIDE 2. Click Configure in the Load Management section.
Switched Rack PDU USER’S GUIDE Setting Description Low Load Warning Threshold Set the low threshold, in amps, for the current drawn from this phase or bank during normal operation. A load at or below this level generates a warning. Overload Outlet Restriction Prevent users from applying power to outlets during an overload condition. You can set the following restrictions for each outlet: • None: You can apply power to outlets regardless of an Overload Alarm or Near Overload Warning.
Description Name Set the name of the Rack PDU. Location Set the location of the Rack PDU. Coldstart Delay The time that the Switched Rack PDU delays applying power to the outlets after AC power has been applied to the Rack PDU. To change the Contact field (the name of the person to contact about the Rack PDU) in addition to the Name and Location fields in the control console, see Identification.
Scheduling Outlet Actions (Web Interface Only) Actions you can schedule To configure values for Power On Delay, Power Off Delay, and Reboot Duration for each outlet, see How to configure outlet settings and outlet name. Although you must use the Web interface to schedule outlet actions, you can set these values in either the Web or control console interfaces. For an action to be applied to an outlet group, you must have outlet groups enabled at the beginning of the scheduled action.
Description Off Delayed Remove power from each selected outlet according to its value for Power Off Delay.† Reboot PDU Immediate Remove power from each selected outlet. Then apply power to each of these outlets according to its value for Reboot Duration.† Reboot PDU Delayed Remove power from each selected outlet according to its value for Power Off Delay.
How to schedule an outlet event 1. From the menus of the Web interface, select Switched Rack PDU and then Scheduling. If you select Weekly, you can choose to have the event occur once every week or once every two, four, or eight weeks. 3. On the scheduling page, in the Name of event text box, replace the default name, Outlet Event, with a name that will identify your new event. 4. Use the drop-down lists to select the type of event and when it will occur.
How to edit, disable, enable, or delete an outlet event 1. From the menus of the Web interface, select Switched Rack PDU and then Scheduling. 3. On the Scheduled Event Details page, you can do any of the following: – Change details of the event, such as the name of the event, when it is scheduled to occur, and which outlets are affected. – Under Status of event at the bottom of the page: • Disable the event, leaving all its details configured so that it can be re-enabled later.
Event-Related Menus Introduction The Events menu provides access to the options that you use to do the following tasks: • Access the event log • Define the actions to be taken when an event occurs, based on the severity level of that event: – Event logging – Syslog message notification Switched Rack PDU USER’S GUIDE Overview – SNMP trap notification – E-mail notification You can use only the Web interface to define which events will use which actions, as described in Event Log and How to Configure Indiv
In the control console, access the available events-related options as follows: • Use the Email option in the Network menu to define the SMTP server and e-mail recipients. • Use the SNMP option in the Network menu to define the SNMP trap receivers.
Event Log Overview • Web interface • Control console • FTP • SCP Switched Rack PDU USER’S GUIDE The Rack PDU supports event-logging for all embedded management card application firmware modules.
Logged events Some System (embedded management card) events do not have a severity level. Even if you disable the event log for all severity levels, events with no severity level will still be logged. To access a list of the System (embedded management card) and Switched Rack PDU (Device) events, see Event List page. Switched Rack PDU USER’S GUIDE By default, any event which causes an SNMP trap will be logged, except for SNMP authentication failures.
How to use FTP or SCP to retrieve a log file See Security for information on the available protocols and methods for setting up the type of security appropriate for your needs. If you have Administrator or Device Manager access, you can use SCP or FTP to retrieve a tab-delineated event log file (event.txt) or data log file (data.txt) that you can import into a spreadsheet application.
Secure CoPy (SCP). To use SCP to retrieve the event.txt file, use the following command: scp username@hosthame_or_ip_address:event.txt ./event.txt To use SCP to retrieve the data.txt file, use the following command: See Data Menu (Web Interface Only) for information about the data log. File Transfer Protocol (FTP). To use FTP to retrieve the event.txt or data.txt file: 1. At a command prompt, type ftp and the IP address of the Switched Rack PDU, and press ENTER.
3. Use the get command to transmit the text version of the event or data log to your local drive. ftp>get event.txt or ftp>get data.txt ftp>del event.txt or ftp>del data.txt You will not be asked to confirm the deletion. Switched Rack PDU USER’S GUIDE 4. You can use the del command to clear the contents of the event or data log. – If you clear the data log, a Deleted Log event will be recorded in the Event Log. – If you clear the event log, a new event.
Event Actions (Web Interface Only) The Actions option is available only on the Web interface’s Events menu. This option allows you to select which actions will occur for events that have a specified severity level: • Event Log selects which severity levels cause an event to be recorded in the event log. See Event log action. • Syslog selects which severity levels cause messages to be sent to Syslog servers to log events. Switched Rack PDU USER’S GUIDE Overview See Syslog action.
Modifying events on the Configure Event Action by Severity Level page overrides any changes you made to individual events on the Details page. Except for some System (embedded management card) events that do not have a severity level, events are assigned a default severity level based on their seriousness: • Informational: Indicates an event that requires no action, such as a notification of a return from an abnormal condition.
Syslog action By default, the Syslog action is enabled for all events that have a severity level. However, before you can use this feature to send Syslog messages when events occur, you must configure it. SNMP traps action By default, the SNMP Traps action is enabled for all events that have a severity level assigned. However, before you can use SNMP traps for event notifications, you must identify the NMSs (by their IP addresses or domain names) that will receive the traps.
Event Recipients Overview See Event Actions (Web Interface Only). Trap Receiver settings To access the Trap Receiver settings that allow you to define which NMSs will receive traps: Switched Rack PDU USER’S GUIDE The Web interface and control console both have options that allow you to define up to four trap receivers and up to four e-mail addresses to be used when an event occurs that has SNMP traps or e-mail enabled. • In the Web interface, use the Recipients option in the Events menu.
E-mail Feature Overview You can use the Simple Mail Transfer Protocol (SMTP) to send e-mail to up to four recipients when an event occurs. • The IP addresses of the primary and secondary Domain Name System (DNS) servers See DNS servers. • The DNS name of the SMTP server and the From Address setting for SMTP Switched Rack PDU USER’S GUIDE To use the e-mail feature, you must define the following settings: See SMTP settings. • The e-mail addresses for a maximum of four recipients. See Email Recipients.
DNS servers The Rack PDU cannot send any e-mail messages unless the IP address of the primary DNS server is defined. The Rack PDU will wait a maximum of 15 seconds for a response from the primary or (if specified) the secondary DNS server. If the Rack PDU does not receive a response within that time, e-mail cannot be sent. Therefore, use DNS servers that are on the same segment as the Rack PDU or on a nearby segment (but not across a WAN).
In the Web interface, use the Recipients option in the Events menu or the Configure the Email recipients link in the “Email Configuration” page to identify up to four e-mail recipients. Use the Email Test option to send a test message to a configured recipient. Switched Rack PDU USER’S GUIDE In the control console, use the Email option in the Network menu to access the e-mail recipient settings. Setting Description To Address Defines the user and domain names of the recipient.
Switched Rack PDU USER’S GUIDE Setting Description SMTP Server Selects one of the following methods for routing e-mail: • Through the SMTP server provided with the Rack PDU (the recommended option, Local). This option ensures that the e-mail is sent before the 20-second time-out for the Rack PDU, and, if necessary, is retried several times. Also do one of the following: • Enable forwarding at the SMTP server provided with the Rack PDU so that it can route e-mail to external SMTP servers.
How to Configure Individual Events Event List page Modifying events on the Configure Event Action by Severity Level page will override any changes you have made to individual events on the Details page. Each event is identified by its unique code, its description, and its assigned severity level. For example: Switched Rack PDU USER’S GUIDE The Actions option in the Events menu opens the “Event Action Configuration” page on the Web interface.
Data Menu (Web Interface Only) Log Option • Iout: The power being output by the Rack PDU. • Ioutmax: The maximum power output by the Rack PDU since its output power was last recorded. • Ioutmin: The minimum power output by the Rack PDU since its output power was last recorded. Use the Data menu’s Configuration option to define how frequently data is sampled and stored in the data log. Each entry is listed by the date and time the data was recorded, and provides the data in a column format.
Configuration Option The minimum interval is 60 seconds; the maximum interval is 18 hours, 12 minutes, 15 seconds. Switched Rack PDU USER’S GUIDE Use this option to access the “Data Log Configuration” page. which reports how much data can be stored in the data log. If you change the Log Interval setting, which defines how often data will be sampled and recorded in the data log, the report updates based on the new setting.
Network Menu Introduction Use the Network menu to do the following tasks: • Define TCP/IP settings, including DHCP or BOOTP server settings, when one of those types of servers is used to provide the required TCP/IP values • Use the Ping utility • Define and display settings that affect the Switched Rack PDU’s settings for DNS, FTP, Telnet, SSH, SNMP, E-mail, Syslog, and the Web interface (SSL/TLS) Switched Rack PDU USER’S GUIDE Overview Only an Administrator has access to the Network menu.
Menu options Unless noted, the following options are available in the control console and Web interface: • TCP/IP • DNS • Ping utility (control console only) • FTP Server • Telnet/SSH • SNMP • Email • Syslog • Web/SSL (Web/SSL/TLS in the control console) Switched Rack PDU USER’S GUIDE • Send DNS Query (Web interface) • WAP • ISX Protocol (control console only) ® 72
Option Settings TCP/IP This option accesses the following settings: – The IP address of the Rack PDU – The subnet mask value – The IP address of the default gateway For information about the watchdog role of the default gateway, see Resetting the network timer.
Boot mode setting. This setting selects which method will be used to define the Rack PDU’s TCP/IP settings whenever the Rack PDU turns on, resets, or restarts: • Manual: Three settings (System IP, Subnet Mask, and Default Gateway), which are available only when Manual is used to define the needed TCP/IP settings. • DHCP only: A DHCP server provides the TCP/IP settings.
Rack PDU will add this domain name when only a hostname is entered. To override the expansion of a specified host name by the addition of the domain name, do one of the following: • To override the behavior for a particular host name entry — for example when defining a trap receiver — include a trailing period. The Switched Rack PDU recognizes a host name with a trailing period (such as mySnmpServer.) as if it were a fully qualified domain name and therefore does not append the domain name.
– On Retry Failure: Defines what TCP/IP settings will be used by the Rack PDU when it fails to discover a BOOTP server (Use Prior Settings, by default). DNS Configure Domain Name System Settings fields. Use these fields to define the IP addresses of the primary and secondary Domain Name System (DNS) servers used by the Switched Rack PDU e-mail feature. See E-mail Feature and DNS servers.
– For Host, identify the URL – For IP, identify the IP address – For FQDN, identify the fully qualified domain name, formatted as myserver.mydomain.com. • Enable or disable Reverse DNS Lookup, which is disabled by default. Enable this feature unless you have no DNS server configured or have poor network performance because of heavy network traffic.
Use the Port setting to identify the TCP/IP port that the FTP server uses for communications with the Rack PDU. The default Port setting is 21. You can change the Port setting to any unused port from 5000 to 32768 to enhance the protection provided by User Name and Password settings. You must then use a colon (:) in the command line to specify the non-default port. For example, for a port number of 5000 and a Rack PDU IP address of 159.215.12.114, you would use this command: ftp 159.215.12.
– Do not enable both versions of SSH unless you require that both be activated at the same time. (Security protocols use extensive processing power.) • Configure the port settings for Telnet and SSH. • Select one or more data encryption algorithms for SSH version 1, SSH version 2, or both. • In the Web interface, specify a host key file previously created with the APC Security Wizard and load it to the Rack PDU.
If you are using SSH version 2, expect a noticeable delay when logging on to the control console of the Rack PDU. Although the delay is not long, it can be mistaken for a problem because there is no explanatory message. Description Telnet/SSH Network Configuration Access Enables or disables the access method selected in Protocol Mode. NOTE: Enabling SSH automatically disables Telnet.
Option Description Telnet/SSH Port Configuration Identifies the TCP/IP port used for communications by Telnet with the Rack PDU. The default is 23. You can change the Port setting to the number of any unused port between 5000 and 32768 to enhance the protection provided by User Name and Password settings. Then, according to the requirements of your Telnet client program, you must use either a colon (:) or a space in the command line to specify the non-default port number.
Option Description SSH Server Configuration Enables or disables DES, and displays the status (always enabled) of Blowfish, two encryption algorithms (block ciphers) compatible with SSH, version 1, clients. • DES: The key length is 56 bits. • Blowfish: The key length is 128 bits. You cannot disable this algorithm. NOTE: Not all SSH clients can use every algorithm. If your SSH client cannot use Blowfish, you must also enable DES.
Option Description SSH User Host Key File The Status field Indicates the status of the host key (private key). In the control console, you display host key status by selecting Advanced SSH Configuration. • SSH Disabled: No host key in use: No host key has been transferred to the Rack PDU, or a host key has been transferred improperly. NOTE: A host key must be installed to the /sec directory of the Rack PDU.
Option Description SSH v1: Displays the SSH version 1 fingerprint for the host key. The fingerprint is a unique identifier to further authenticate the host key. In the control console, choose Advanced SSH Configuration and then Host Key Information to display the fingerprint. SSH v2: Displays the SSH version 2 fingerprint for the host key. The fingerprint is a unique identifier to further authenticate the host key.
Switched Rack PDU USER’S GUIDE Setting Definition NMS IP/ Domain Name Limits access to the NMS specified by a domain name or to the NMSs specified by the format used for the IP address: • A domain name allows only the NMS at that location to have access. • 159.215.12.1 allows only the NMS with that IP address to have access. • 159.215.12.255 allows access for any NMS on the 159.215.12 segment. • 159.215.255.255 allows access for any NMS on the 159.215 segment. • 159.255.255.
An Access option (the Settings option in the control console) enables (by default) or disables SNMP. When SNMP is enabled, the Access Control settings allow you to control how each of the four available SNMP channels is used. By default, the Rack PDU can send messages to up to four Syslog servers whenever System (embedded management card) and Switched Rack PDU (Device) events occur.
Setting Definition Syslog Server Settings Server IP/ Domain Name Uses specific IP addresses or domain names to identify which of up to four servers will receive Syslog messages sent by the Rack PDU. Port Identifies the user datagram protocol (UDP) port that the Rack PDU will use to send Syslog messages. The default is 514, the number of the UDP port assigned to Syslog.
1. For Priority, select the priority to assign to the test message. 2. For Test Message, use any text that meets the format described in Syslog message format — for example, APC: Test message. 3. Click Apply to have the Rack PDU send a Syslog message that uses the defined Priority and Test Message settings. • The priority (PRI) part identifies the Syslog priority assigned to the message’s event and the facility code assigned to messages sent by the Rack PDU.
See Creating and Installing Digital Certificates to choose among the several methods for using digital certificates. • Configure the ports that each of the two protocols will use. • Identify whether a server certificate is installed on the Rack PDU. If a certificate has been created with the APC Security Wizard but is not installed: – In the Web interface, browse to the certificate file and upload it to the Rack PDU.
Option Description Access Enables or disables the access method selected in Protocol Mode. Protocol Mode Choose one of the following: • HTTP: User names, passwords, and data are transmitted without encryption. • HTTPS (SSL/TLS): User names, passwords, and data are transmitted in encrypted form, and digital certificates are used for authentication. NOTE: To enable HTTPS (SSL/TLS), change the setting and then click Next>> in the Web interface, or choose Accept Changes in the control console.
Option Description HTTP/HTTPS Port Configuration Identifies the TCP/IP port used for communications by HTTP with the Rack PDU. The default is 80. You can change the Port setting to the number of any unused port between 5000 and 32768 to enhance the protection provided by User Name and Password settings. You must then use a colon (:) in the command line to specify the nondefault port number. For example, for a port number of 5000 and a Rack PDU IP address of 159.215.12.
Option Description SSL/TSL Server Configuration Enables or disables the following SSL encryption ciphers and hash algorithms. (To access these options in the control console, choose Web/SSL, then Advanced SSL/TLS Configuration.) NOTE: All of these encryption ciphers and hash algorithms use the RSA public key algorithm. • DES (SSL_RSA_WITH_DES_CBC_SHA): a block cipher with a key length of 56 bits. The Secure Hash Algorithm (SHA) is used for authentication.
Option Description SSL/TLS Server Certificate The Status field indicates whether a server certificate is installed. (To display the status in the control console, choose Web/SSL/TLS, then Advanced SSL/TLS Configuration.) • Not installed: No certificate is installed on the Rack PDU. NOTE: If you install a certificate by using FTP or SCP, you must specify the correct location (/sec) on the Rack PDU. • Generating: The Rack PDU is generating a certificate because no valid certificate was installed.
Parameter Description Current Certificate Details Common Name (CN): The IP Address or DNS name of the Rack PDU, except if the server certificate was generated by default by the Rack PDU. For a default server certificate, the Common Name (CN) field displays the Rack PDU’s serial number.
Parameter Description Fingerprints Each fingerprint is a long string of alphanumeric characters punctuated by colons. A fingerprint is a unique identifier that you can use to further authenticate the server. Record the fingerprints to compare with the fingerprints contained in the certificate, as displayed in the browser. MD5 Fingerprint: This fingerprint is created by a Message Digest 5 (MD5) algorithm. WAP Use this option to disable (the default) or enable the Wireless Application Protocol (WAP).
System Menu Introduction Use the System menu to do the following tasks: • Configure system identification, date and time settings, and Administrator, Read-Only User, Device manager, and Outlet User access • Centrally administer remote access for each Rack PDU by using RADIUS (Remote Authentication Dial-in User Service) • Synchronize the real-time clock for the Rack PDU with a Network Time Protocol (NTP) server Switched Rack PDU USER’S GUIDE Overview • Reset the Rack PDU to default settings • Define the
Menu options Unless noted, the following menu options are available in the control console and Web interface: • User Manager • Outlet User Manager • • • • • Identification Date & Time Tools Links (Web interface) Modem (not supported) • About System Switched Rack PDU USER’S GUIDE • RADIUS The About System option is a Help menu option in the Web interface.
Option Settings User Manager Use this option to define access values shared by the control console and Web interface. Definition Values affecting all users Auto Logout The number of minutes (3, by default) before a user is automatically logged off because of inactivity.
Outlet User Manager Use the Outlet User Manager option to set up user accounts that have access only to specified outlets. Setting Definition User Name The name of this user account. NOTE: A user name in orange indicates that the user account has been disabled. Switched Rack PDU USER’S GUIDE Web interface. Choose a user name, or choose Add New User to edit accounts. Password Case-sensitive password for this user account. User Description Identification or description of the outlet user.
Control console. Select System from the Control Console menu. Then select Manage Outlet Users from the User Manager menu. Setting Definition Add Outlet User Account User Name: The user name for logging on to this user account. or Password: Case-sensitive password for this user account. Description: Identification of the outlet user. Switched Rack PDU USER’S GUIDE Edit Outlet User Account Delete Outlet User Account Enter the user name of the outlet user account to delete.
RADIUS When a user accesses the Switched Rack PDU, it sends an authentication request to the RADIUS server to determine the user’s permission level. RADIUS user names are limited to 32 characters. For more information on user permission levels, see Types of user accounts. Switched Rack PDU USER’S GUIDE RADIUS (Remote Authentication Dial-In User Service) is an authentication, authorization, and accounting service. APC supports the authentication and authorization functions of RADIUS.
RADIUS Setting Definition Access Local Only: RADIUS is disabled. Local authentication is enabled. RADIUS then Local: RADIUS is enabled, and local authentication is enabled. Authentication is requested from the RADIUS server first; local authentication is used only if RADIUS authentication fails. RADIUS Only: RADIUS is enabled. Local authentication is disabled.
Configuring the RADIUS server. You must configure your RADIUS server to work with the Rack PDU. The following example shows how to configure a RADIUS server for use with a Rack PDU. APC supports authentication and authorization of users by various RADIUS servers and does not recommend a specific RADIUS server. 2. The users must be configured with a Service-Type attribute. If no Service-Type attribute is configured, the user will have read-only access (on the Web interface only).
3. Vendor specific attributes (VSA) can also be used. This requires some dictionary entries. VSAs take precedence over standard RADIUS attributes. Example: (RADIUS, dictionary.apc) # # dictionary.
Identification See also For more information about the MIB-II OIDs, see the PowerNet® SNMP Management Information Base (MIB) Reference Guide (.\doc\en\mibguide.pdf) provided on the APC Rack Power Distribution Unit Utility CD that came with your Rack PDU. . Date & Time Use this option to set the date and time used by the Switched Rack PDU. The option displays the current settings and allows you to change those settings manually or through a Network Time Protocol (NTP) Server.
In the control console, use the NTP Client option to enable or disable the NTP Server updates. In the Web interface, use the Set Manually option. The updates are disabled by default. Switched Rack PDU USER’S GUIDE Synchronize with Network Time Protocol (NTP) Server. Use this option on the Web interface, or Network Time Protocol (NTP) on the control console, to have an NTP Server automatically update the Date and Time settings for the Switched Rack PDU.
Tools Switched Rack PDU USER’S GUIDE Use this option to perform the following actions. Action Definition No Action (Web Interface only) No change to the Rack PDU. Reboot Management Interface Restarts the user interface of the Rack PDU. Reset to Defaults Resets all configuration settings. This option will reset the TCP/ IP settings and enable DHCP and BOOTP. Reset to Defaults Except TCP/IP Resets all configuration settings except the TCP/IP settings.
Links (Web interface) Use this option to modify the links to APC Web pages. . Setting Definition Name Defines the link names that appear in the Links menu (by default, APC’s Web Site, Testdrive Demo, and Remote Monitoring). URL Defines the URL addresses used by the links. By default, the following URL addresses are used: • http://www.apc.com (APC’s Web site) • http://testdrive.apc.com (Testdrive Demo) • http://rms.apc.
This screen also displays the Name, Version, Date, and Time for the Application Module and AOS. This information is set at the factory and cannot be changed. In the Web interface, except for Flash Type, this hardware information is reported by the About System option in the Help menu. Switched Rack PDU USER’S GUIDE The control console also includes fields for system Flash Type, and Type, Sector, and CRC16 for each module.
Boot Mode Introduction In addition to using a BOOTP server or manual settings, the Switched Rack PDU can use a dynamic host configuration protocol (DHCP) server to provide the settings that it needs to operate on a TCP/IP network. The method used to provide the network settings for the Rack PDU depends on Boot mode, a TCP/IP option in the Network menu. To use a DHCP server to provide the network assignment for the Rack PDU, Boot mode must be set either to DHCP & BOOTP, its default setting, or DHCP only.
DHCP & BOOTP boot process When Boot mode is set to its default DHCP & BOOTP setting, the following occurs when the Switched Rack PDU is started or reset: 2. If the Rack PDU fails to receive a valid BOOTP response after five BOOTP requests, the Rack PDU makes up to five requests for its network assignment from any DHCP server. If a valid DHCP response is received, the Rack PDU starts the network services and sets Boot mode to DHCP Only.
DHCP Configuration Settings Switched Rack PDU settings Three settings (Ethernet Port Speed, Host Name, and Domain Name) are available regardless of the TCP/IP option’s Boot mode selection, and three settings (Vendor Class, Client ID, and User Class) are available for any Boot mode selection except Manual.
When Boot mode is set to DHCP Only, two options are available: • DHCP Cookie Is in the control console (or Require vendor specific cookie to accept DHCP Address in the Web interface): By default, this option requires that the DHCP responses include the APC cookie in order to be valid. • Retry Then Stop in the control console (or Maximum # of Retries in the Web interface): This option sets the number of times the Switched Rack PDU will repeat the DHCP request if it does not receive a valid response.
DHCP response options Each valid DHCP response contains options that provide the TCP/IP settings that the Switched Rack PDU needs to operate on a network, and other information that affects the operation of the Rack PDU. Vendor Specific Information (option 43). The Vendor Specific Information option contains up to two APC specific options encapsulated in a Tag/Len/Data format: the APC Cookie and the Boot Mode Transition. APC Cookie.
This option 43 setting enables or disables the After IP Assignment option which, by default, causes the Boot mode option to use the setting that reflects the server that provided the TCP/IP settings (DHCP Only or BOOTP Only): • For a data value of 1, the After IP Assignment option is disabled, and the Boot mode option remains in its DHCP & BOOTP setting after successful network assignment.
Switched Rack PDU USER’S GUIDE TCP/IP options. The Switched Rack PDU uses the following options within a valid DHCP response to define its TCP/IP settings: • IP Address (from the yiaddr field of the DHCP response): Provides the IP address that the DHCP server is leasing to the Rack PDU. • Subnet Mask (option 1): Provides the subnet mask value needed by the Rack PDU to operate on the network.
Security Security Features As a network device that passes information across the network, the Switched Rack PDU is subject to the same exposure as other devices on the network. Use the information in this section to plan and implement the security features appropriate for your environment. Summary of access methods Switched Rack PDU USER’S GUIDE Planning and implementing security features Serial control console. Security Access Access is by user name and password. Description Always enabled.
Switched Rack PDU USER’S GUIDE SNMP. Security Access Description Available methods: • Community Name • Domain Name • NMS IP filters • Agent Enable/Disable • 4 access communities with read/write/disable capability The domain name restricts access only to the NMS as that location, and the NMS IP filters allow access only from designated IP addresses. • 162.245.12.1 allows only the NMS with that IP address to have access. • 162.245.12.255 allows access for any NMS on the 162.245.12 segment. • 162.245.255.
Security Access Description Available methods: • User name and password • Selectable server port • Server Enable/Disable • Secure Sockets Layer (SSL) and Transport Layer Security (TLS) In basic HTTP authentication mode, the user name and password are transmitted base-64 encoded (with no encryption). SSL and TLS are available on Web browsers supported for the Switched Rack PDU and on most Web servers.
If a Telnet, FTP, SSH/SCP, or Web/SSL/TLS server uses a non-standard port, a user must specify the port when using the client interface, such as a Web browser. The non-standard port address becomes an extra “password,” hiding the server to provide an additional level of security. The TCP ports for which these servers listen are initially set at the standard “well known ports” for the protocols. To hide the interfaces, use any port numbers from 5000 to 32768.
To ensure that data and communication between the Switched Rack PDU and the client interfaces, such as the control console and the Web interface, cannot be intercepted, you can provide a greater level of security by using one or more of the following encryption-based methods: • To encrypt user names and passwords for control console access, use the Secure SHell (SSH) protocol. • To encrypt user names, passwords, and data for the secure transfer of files, use the Secure CoPy (SCP) protocol.
Encryption Secure SHell (SSH) and Secure CoPy (SCP) • SSH is an alternative to Telnet, which does not provide encryption. • SSH protects the username and password, the credentials for authentication, from being used by anyone intercepting network traffic. • To authenticate the SSH server (the Switched Rack PDU) to the SSH client, SSH uses a host key that is unique to the SSH server and that provides an identification that cannot be falsified.
Secure CoPy (SCP) is a secure file transfer application that you can use instead of FTP. SCP uses the SSH protocol as the underlying transport protocol for encryption of user names, passwords, and files. • When you enable and configure SSH, you automatically enable and configure SCP. No further configuration of SCP is needed. Switched Rack PDU USER’S GUIDE • You must explicitly disable FTP. It is not disabled by enabling SSH.
For secure Web communication, you enable Secure Sockets Layer (SSL) and Transport Layer Security (TLS) by selecting HTTPS (SSL/TLS) as the protocol mode to use for access to the Web interface of the Switched Rack PDU. Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS) is a Web protocol that encrypts and decrypts page requests from the user and pages that are returned by the web server to the user. Originally developed by Netscape, it has become an internet standard supported by most Web browsers.
See Creating and Installing Digital Certificates for a summary of how these certificates are used. See also To create certificates and certificate requests, see Create a Root Certificate & Server Certificates and Create a Server Certificate and Signing Request. SSL also uses various algorithms and encryption ciphers to authenticate the server, encrypt data, and ensure the integrity of the data (i.e,. that it has not been intercepted and sent by another server).
Creating and Installing Digital Certificates For network communication that requires a higher level of security than password encryption, the Web interface of the Switched Rack PDU supports the use of digital certificates with the Secure Sockets Layer (SSL) protocol. Digital certificates can authenticate the Switched Rack PDU (the server) to the Web browser (the SSL client). The sections that follow summarize the three methods of creating, implementing, and using digital certificates.
Choosing a method for your system Method 1: Use the auto-generated default certificate. When you enable SSL, you must reboot the Rack PDU. During rebooting, if no server certificate exists on the Rack PDU, the Rack PDU generates a default server certificate that is self-signed but that you cannot configure.
– The length of the public key (RSA key) that is used for encryption when setting up an SSL session is only 768 bits. (The public key used in Methods 2 and 3 is 1024 bits, providing more complex encryption and consequently a higher level of security.) Switched Rack PDU USER’S GUIDE PDU can control access to its Web interface by user name, password, and account type (e.g., Administrator, Device Manager, or Read Only User), the browser cannot authenticate what Rack PDU is sending or receiving data.
Method 2: Use the APC Security Wizard to create a CA certificate and a server certificate. You use the APC Security Wizard to create two digital certificates: • A server certificate that you upload to the Rack PDU. When the APC Security Wizard creates a server certificate, it uses the CA root certificate to sign the server certificate.
– The server certificate that you upload to the Rack PDU enables SSL to authenticate that data are being received from and sent to the correct Rack PDU. This provides an extra level of security beyond the encryption of the user name, password, and transmitted data. • Disadvantage: Because the certificates do not have the digital signature of a commercial Certificate Authority, you must load a root certificate individually into the certificate store (cache) of each user’s browser.
You can also use Method 3 if your company or agency operates its own Certificate Authority, Use the APC Security Wizard in the same way, but use your own Certificate Authority in place of a commercial Certificate Authority. This method has the following advantages and disadvantages. Switched Rack PDU USER’S GUIDE Method 3: Use the APC Security Wizard to create a certificate-signing request to be signed by the root certificate of an external Certificate Authority and to create a server certificate.
– The browser matches the digital signature on the server certificate that you uploaded to the Rack PDU with the signature on the CA root certificate that is already in the browser’s certificate cache to provide additional protection from unauthorized access. • Disadvantages: – Setup requires the extra step of requesting a signed root certificate from a Certificate Authority. – An external Certificate Authority may charge a fee for providing signed certificates.
Firewalls Switched Rack PDU USER’S GUIDE Although some methods of authentication provide a higher level of security than others, complete protection from security breaches is almost impossible to achieve. Well-configured firewalls are an essential element in an overall security scheme.
Using the APC Security Wizard Overview Authentication verifies the identity of a user or a network device (such as an APC Switched Rack PDU). Passwords typically identify computer users. However, for transactions or communications requiring more stringent security methods on the Internet, the Switched Rack PDU supports more secure methods of authentication. • Secure Sockets Layer (SSL), used for secure Web access, uses digital certificates for authentication.
Authentication of the server (in this case, the Rack PDU) occurs each time a connection is made from the browser to the server. The browser checks to be sure that the server’s certificate is signed by a Certificate Authority known to the browser. For this authentication to occur: • Any browser that is used to access the Rack PDU’s Web interface must contain the CA root certificate that signed the server certificate.
– A server certificate signed by an external Certificate Authority. This Certificate Authority can be one that is managed by your own company or agency or can be one of the commercial Certificate Authorities whose CA root certificates are distributed as part of a browser’s software. • A certificate signing request containing all the information required for a server certificate except the digital signature. You need this request if you are using an external Certificate Authority. • A CA root certificate.
Create a Root Certificate & Server Certificates Summary The public RSA key that is part of a certificate generated by the APC Security Wizard is 1024 bits. (The default key generated by the Rack PDU, if you do not use the Wizard, is 768 bits.) • Create a CA root certificate that will be used to sign all server certificates to be used with Switched Rack PDUs. During this task, two files are created. – The file with the .
The procedure Create the CA root certificate. Perform these steps. (Click Next to move from screen to screen.) 2. On the Windows Start menu, select Programs, then APC Security Wizard, to start the Wizard program. 3. On the screen labeled “Step 1,” select CA Root Certificate as the type of file to create. 4. Enter a name for the file that will contain the Certificate Authority’s public root certificate and private key. The file name must have a .p15 extension.
The certificate’s subject information and the certificate’s issuer information should be identical. – This screen displays the location and name of the .p15 file that you will use to sign the server certificates. – This screen also displays the location and name of the .crt file, which is the CA root certificate that you will load into the browser of each user who needs to access the Rack PDU. Load the CA root certificate to your browser. Load the .
Create an SSL Server User Certificate. Perform these steps. (Click Next to move from screen to screen.) 1. On the Windows Start menu, select Programs, then APC Security Wizard, to start the Wizard program. 3. Enter a name for the file that will contain the server certificate and the private key. The file name must have a .p15 extension. By default, the file will be created in the installation folder C:\Program Files\American Power Conversion\APC Security Wizard. 4.
7. The last screen verifies that the certificate has been created and instructs you on the next task, to load the server certificate to the Switched Rack PDU. It displays the location and name of the Server Certificate, which has a .p15 file extension and contains the Rack PDU private key and public root certificate. Load the server certificate to the Rack PDU. Perform these steps: 1. On the Network menu of the Web interface of the Switched Rack PDU, select the Web/SSL option.
Create a Server Certificate and Signing Request Summary • Create a Certificate Signing Request (CSR).The CSR contains all the information for a server certificate except the digital signature. This process creates two output files: – The file with the .p15 extension contains the Switched Rack PDU’s private key. – The file with the .csr extension contains the certificate signing request, which you send to an external Certificate Authority.
2. On the Windows Start menu, select Programs, then APC Security Wizard, to start the Wizard program. 4. Enter a name for the file that will contain the Switched Rack PDU’s private key. The file name must have a .p15 extension. By default, the file will be created in the installation folder C:\Program Files\American Power Conversion\APC Security Wizard. 5.
8. Send the certificate signing request to an external Certificate Authority, either a commercial Certificate Authority or, if applicable, a Certificate Authority managed by your own company or agency. See the instructions provided by the Certificate Authority regarding the signing and issuing of server certificates. Import the signed certificate. When the external Certificate Authority returns the signed certificate, perform these steps to import the certificate.
7. The last screen verifies that the certificate has been created and instructs you on the next task, to load the server certificate to the Switched Rack PDU. It displays the location and name of the server certificate, which has a .p15 file extension and contains the Rack PDU’s private key and the public key obtained from the .cer or .crt file. 1. On the Network menu of the Web interface of the Switched Rack PDU, select the Web/SSL option. 2.
Create an SSH Host Key Summary • Use the APC Security Wizard to create a host key, which is encrypted and stored in a file with .p15 extension. • Load the host key onto the Rack PDU. The procedure Create the host key. Perform these steps. (Click Next to move from screen to screen.) Switched Rack PDU USER’S GUIDE This procedure is optional. If you select SSH encryption, but do not create a host key, the Switched Rack PDU generates a 768-bit RSA key when it reboots.
the correct host key was uploaded by verifying that the fingerprints displayed here match the SSH fingerprints on the Rack PDU, as displayed by your SSH client program. Load the host key to the Rack PDU. Perform these steps: 1. On the Network menu of the Web interface of the Switched Rack PDU, select the Telnet/SSH option. 2. In the SSH User Host Key File section of the page, browse to the host key, the .p15 file you created in the procedure Create the host key.
APC Device IP Configuration Wizard Purpose and Requirements You can use the APC Device IP Configuration Wizard to configure the basic TCP/IP settings (IP address, subnet mask, and default gateway) of the following: • Network Management Cards • Devices that contain embedded Network Management Cards Using the Wizard, you can configure the basic TCP/IP settings of installed or embedded Network Management Cards in either of the following ways: Switched Rack PDU USER’S GUIDE Purpose: configure basic TCP/IP se
Install the Wizard Automated installation If autorun is enabled on your CD-ROM drive, the installation program starts automatically when you insert the CD. If autorun is not enabled on your CD-ROM drive, run setup.exe in the Wizard directory on the CD, and follow the on-screen instructions. You can also download the latest version of the APC Device IP Configuration Wizard from the APC Web site, www.apc.com and run setup.exe from the folder to which you downloaded it.
Use the Wizard Launch the Wizard Configure the basic TCP/IP settings remotely Prepare to configure the settings. Before you run the Wizard, be sure that you have the information you will need during the configuration procedure: 1. Contact your network administrator to obtain valid TCP/IP settings to use. 2. If you are configuring multiple unconfigured Network Management Cards, obtain the MAC address of each one so that you can identify each Network Management Card that the Wizard discovers.
Run the Wizard to perform the configuration. To discover and configure, over the network, installed or embedded Network Management Cards that are not configured: 1. From the Start menu, launch the Wizard. The Wizard automatically detects the first Network Management Card that is not configured. 3. Enter the TCP/IP settings (System IP, Subnet Mask, and Default Gateway) for the unconfigured Network Management Card identified by the MAC address at the top of the screen. Then click Next >. 4.
Configure or reconfigure the TCP/IP settings locally To configure a single Network Management Card through a serial connection: 2. Connect the serial configuration cable that came with the Network Management Card or with the device that contains an embedded Network Management Card. a. Connect one end to an available communications port on your computer. Make sure no other application is using the port. b. Connect the other end to the serial port of the card or device. 3.
How to Export Configuration Settings Retrieving and Exporting the .ini File As an Administrator, you can retrieve a dynamically generated .ini file of a Switched Rack PDU’s current configuration and export that file to another Switched Rack PDU or to multiple Switched Rack PDUs. 1. Configure a Switched Rack PDU to have the settings you want to export. 2. Retrieve the .ini file from that Rack PDU. 3. Customize the .ini file (to change at least the TCP/IP settings) and make a copy to export.
Contents of the .ini file The config.ini file that you retrieve from a Switched Rack PDU contains the following: Only section headings and keywords supported for the specific device associated with the Rack PDU from which you retrieve the file are included. • Each keyword is followed by an equals sign and the current value for that parameter’s setting, either the default value (if the value has not been specifically configured) or the configured value.
Detailed procedures Use the following procedures to retrieve the settings of one Switched Rack PDU and export them to one or more other Switched Rack PDUs. Retrieving. To set up and retrieve an .ini file to export: To avoid errors, configure the Rack PDU by using its Web interface or control console whenever possible. Directly editing the .ini file risks introducing errors. 2. Use FTP to retrieve the file config.ini from the Rack PDU you configured: a.
Customizing. You must customize the file to change at least the TCP/IP settings before you export it. 1. Use a text editor to customize the file. – Section headings, keywords, and pre-defined values are not casesensitive, but string values that you define are case-sensitive. – To define values, opening and closing quotation marks are optional, except to enclose values that contain leading or trailing spaces or values which are already enclosed in quotation marks.
Exporting the file to a single Rack PDU. To export the .ini file to another Switched Rack PDU, use any of the file transfer protocols supported by Switched Rack PDUs (including FTP, FTP Client, SCP, and TFTP). The following example uses FTP: ftp> open 158.165.4.135 2. Export the copy of the customized .ini file. The receiving Rack PDU accepts any file name that has the .ini suffix, is no more than 64 characters in length, and is exported to its root directory. ftp> put filename.
The Upload Event and Error Messages The event and its error messages The following system event occurs when the receiving Switched Rack PDU completes using the .ini file to update its settings. This event has no default severity level. If a keyword, section name, or value is invalid, the event text is extended to include notification of the following errors. The export to and the subsequent upload by the receiving Rack PDU succeeds even if there are errors.
A feature might not be supported for the device from which you retrieve the configuration settings or might not be supported for the device to which you export the configuration settings. In this case, the user configuration file contains, under the section name for that feature, a message stating that the feature is not supported. No keywords and values are listed, and that feature will not be configured on any device to which you export the user configuration file.
Using the APC Device IP Configuration Wizard See APC Device IP Configuration Wizard for a detailed description of how to discover and configure unconfigured Switched Rack PDUs remotely over your TCP/IP network or configure or reconfigure a Switched Rack PDU through a direct connection from the serial port of your computer to the Switched Rack PDU. Switched Rack PDU USER’S GUIDE On Windows operating systems, instead of using the preceding procedure for exporting .
File Transfers Introduction The Switched Rack PDU automatically recognizes binary firmware files. Each of these files contains a header and one or more Cyclical Redundancy Checks (CRCs) to ensure that the data contained in the file is not corrupted before or during the transfer operation. When new firmware is transmitted to the Rack PDU, the program code is updated and new features become available. This chapter describes how to transfer firmware files to Switched Rack PDUs.
Upgrading Firmware: Methods and Tools Benefits of upgrading firmware Upgrading the firmware on the Switched Rack PDU has the following benefits: • New features become available for immediate use. • Keeping the firmware versions consistent across your network ensures that all Switched Rack PDUs support the same features in the same manner. Firmware files (Switched Rack PDU) A firmware version consists of two modules: An APC Operating System (AOS) module and an application module.
Obtain the latest firmware version • The version of the tool on the APC Rack PDU Utility CD that came with your Rack PDU will upgrade your device to the latest AOS and application modules available when the CD was released. • If a later firmware upgrade is available, you can obtain an updated version of the tool at no cost from the support section of the APC web site www.apc.com/tools/download.
If you have a networked computer running a supported Microsoft Windows operating system on your network, you can use the tool described in Automated upgrade tool for Microsoft Windows systems to upgrade the firmware of a Switched Rack PDU automatically over the network. This tool automates the entire upgrade process, even if your current firmware is a 1.x.x version.
Firmware file transfer methods To upgrade the firmware of a Switched Rack PDU: • From a networked computer on any supported operating system, you can use FTP or SCP to transfer the individual AOS and application firmware modules. • For a Switched Rack PDU that is not on your network, you can use XMODEM through a serial connection to transfer the individual AOS and application firmware modules from your computer to the Switched Rack PDU.
Use FTP or SCP to upgrade one Rack PDU Instructions for using FTP. For you to be able to use FTP to upgrade a single Switched Rack PDU over the network: • The Switched Rack PDU must be connected to the network. • The Switched Rack PDU must have its TCP/IP settings (System IP, Subnet Mask, and Default Gateway addresses) configured. To use FTP to upgrade the Rack PDU: 1. Open an MS-DOS command prompt window on a computer that is connected to the network.
21000, you would use the following command for a Windows FTP client transferring a file to a Rack PDU with an IP address of 150.250.6.10. ftp> open 150.250.6.10 21000 4. Log on using the Administrator user name and password. (apc is the default for both.) ftp> bin ftp> put apc_hw02_aos_264.bin 6. When FTP confirms the transfer, type Quit to close the session. 7. Wait 20 seconds, and then repeat step 2 through step 6, but in step 5, use the application module file name instead of the AOS module.
Use FTP or SCP to upgrade multiple Rack PDUs. To upgrade multiple Switched Rack PDUs using an FTP client or using SCP, write a script which automatically performs the procedure. For FTP, use the steps in Use FTP or SCP to upgrade one Rack PDU. Use XMODEM to upgrade one Rack PDU You cannot upgrade the AOS firmware module of any APC device directly from firmware version 1.x.x to 2.1.0 or later. The upgrade attempt will fail.
2. Select a serial port at the local computer and disable any service which uses that port. 3. Connect the smart-signaling cable that came with the Rack PDU to the selected port and to the serial port at the Rack PDU. 5. Press ENTER to display the User Name prompt. 6. Enter your Administrator user name and password. The default for both is apc. 7. Start an XMODEM transfer: a. Select option 3—System b. Select option 4—File Transfer Switched Rack PDU USER’S GUIDE 4.
Verifying Upgrades and Updates To verify that the firmware upgrade was successful, see the Last Transfer Result message, available through the FTP Server option of the Network menu (in the control console only), or use an SNMP GET to the mfiletransferStatusLastTransferResult OID. Last Transfer Result codes Code Switched Rack PDU USER’S GUIDE Overview Description Successful The file transfer was successful. Result not available There are no recorded file transfers.
Product Information Warranty and Service APC warrants the Switched Rack PDU to be free from defects in materials and workmanship for a period of two years from the date of purchase. Its obligation under this warranty is limited to repairing or replacing, at its own sole option, any such defective products. This warranty does not apply to equipment that has been damaged by accident, negligence, or misapplication or has been altered or modified in any way. This warranty applies only to the original purchaser.
Obtaining service To obtain support for problems with your Switched Rack PDU: 0 2. Contact Customer Support at a phone number located at the end of this manual. A technician will try to help you solve the problem by phone. 3. If you must return the product, the technician will give you a return material authorization (RMA) number. If the warranty expired, you will be charged for repair or replacement. 4. Pack the unit carefully. The warranty does not cover damage sustained in transit.
Life-Support Policy General policy • In life-support applications where failure or malfunction of the APC product can be reasonably expected to cause failure of the life-support device or to affect significantly its safety or effectiveness. • In direct patient care.
Index BOOTP A After IP Assignment setting 112 Boot mode settings 74 BOOTP Only boot mode setting 74 communication settings 75 DHCP & BOOTP boot process 111 Remain in DHCP & BOOTP mode setting 112 Status LED indicating BOOTP requests limiting NMS SNMP access by IP address 85 security options for each interface 117 Access setting for RADIUS 102 Access Type setting 85 Actions 60 Advanced settings Client ID 75, 112 Domain Name 74, 112 Ethernet Port Speed 112 Host Name 74, 112 On Retry Failure 76 Port Speed
navigating menus 21 refreshing menus 21 Cookie APC 114 D sending authentication traps to an NMS Data log Syslog 86 63 Domain Name setting 74, 112 Domain names for trap receivers 63 configuration 70 Log Interval setting 70 using FTP to retrieve 57 data.
with SSL 88 Follower outlet groups 33 From Address 65 FTP 77 Error messages for firmware file transfer 170 from overridden values during .ini file transfer 159 disabling when SCP is used 78 to retrieve text version of Event or Data log 57 G errors from overridden values during .ini file transfer 159 using FTP del command 59 using FTP to retrieve 57 Generation (e-mail recipients) 67 Global outlet groups 33 creating 38 verifying setup and configuration 41 event.
ini files, See User configuration files Initiator outlet groups 33 IP addresses of DNS server for e-mail 64 of trap receivers 63 to limit access to specified NMSs 85 Manual boot mode setting 74 Menus Control Console 22 Data 30, 69 event-related 30 Events 30 Help 31 Links 108 Network 31 System 31 Web interface 29 keywords user configuration file 154 L N Life support policy 173 Link (as an outlet setting) 44 Links Network menu DNS 76 Email 85 FTP Server 77 ISX Protocol 95 Ping utility 77 SNMP 84 Syslo
for HTTPS 91 for SSH 81 for Telnet 81 Power Off Delay 44 Power On Delay 44 Primary NTP Server 106 Primary Server Secret setting for RADIUS 102 Primary Server setting for RADIUS 102 Protocol Mode selecting for control console access 80 selecting for Web access 90 34 36 35 39 Outlet Name 44 Outlet settings configuring 44 controlling outlets 42 Outlets R Override keyword, in user configuration file 154 RADIUS settings 101 P Read access by an NMS 85 Reboot 107 outlets 43 global 33 Switched Rack PDU
Send DNS Query 76 Server certificates creating to use with a Certificate Authority 142 creating without a Certificate Authority 137 Severity levels of events 61 events with no severity level 61 mapping event severity to Syslog priorities. 87 Signing requests creating 142 SMTP authentication authentication vs.
authentication through digital certificates 124 certificate signing requests 125 encryption ciphers and hash algorithms 92 Status in Web interface 27 on control console main screen 20 Telnet/SSH defining Server IP addresses/domain names 87 enabling and disabling 86 Facility setting 86 message format 88 sending a test message 87 setting the UDP port 87 Syslog setting 86 Access option 80 host key fingerprints displaying System information, obtaining 31 System menu Switched Rack PDU USER’S GUIDE Sysl
logging on 24 Modifying the Port setting U for FTP 78 for HTTP 91 for HTTPS 91 for SSH 81 for Telnet 81 Up Time control console main screen 19 Web interface 27 Update Interval 106 Upgrading firmware Upload a user configuration file 107 URL address formats 26 User access identification, control console interface 19 User Class setting 75, 112 User configuration files contents 154 customizing 156 exporting system time separately 156 overriding device-specific values 154 retrieving and exporting 153 syste
Customer support for this or any other APC product is available at no charge in any of the following ways: • Visit the APC Web site to access documents in the APC Knowledge Base and to submit customer support requests. – www.apc.com (Corporate Headquarters) Connect to localized APC Web sites for specific countries, each of which provides customer support information. – www.apc.com/support/ Global support searching APC Knowledge Base and using e-support.
Entire contents © 2005 American Power Conversion. All rights reserved. Reproduction in whole or in part without permission is prohibited. APC, the APC logo, InfraStruXure, and PowerNet are trademarks of American Power Conversion Corporation and may be registered in some jurisdictions. All other trademarks, product names, and corporate names are the property of their respective owners and are used for informational purposes only.
