Introduction--1 AUTOMATIC TRANSFER SWITCH USER’S GUIDE Contents Product Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Internal Management Features . . . . . . . . . . . . . . . . . . . . . . . . . . 3 How to Recover from a Lost Password . . . . . . . . . . . . . . . . . . . . . 5 Front Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Watchdog Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
E-mail Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 How to Configure Individual Events . . . . . . . . . . . . . . . . . . . . . . 64 Log Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 AUTOMATIC TRANSFER SWITCH USER’S GUIDE Data Menu (Web Interface Only)--66 Configuration Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Network Menu--68 Introduction . . . . . . . . . . . . . . . . . . . . . . . . .
Use the Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 How to Export Configuration Settings--155 The Upload Event and its Error Messages . . . . . . . . . . . . . . . . . 160 AUTOMATIC TRANSFER SWITCH USER’S GUIDE Retrieving and Exporting the .ini file . . . . . . . . . . . . . . . . . . . . 155 Using the Device IP Configuration Wizard . . . . . . . . . . . . . . . . . 162 File Transfers--163 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Product Description AUTOMATIC TRANSFER SWITCH USER’S GUIDE Introduction Available interfaces The Automatic Transfer Switch (ATS) can be managed locally with internal menus accessed through a serial connection. This connection can also be used to access the Management Card. See Web Config for more information on accessing the Management Card using the serial connection.
Initial set-up • IP address of the Management Card AUTOMATIC TRANSFER SWITCH USER’S GUIDE You must define three TCP/IP settings for the Network Management Card before it can operate on the network: • Subnet mask • IP address of the default gateway See also To configure the TCP/IP settings, see the Automatic Transfer Switch Installation and Quick Start Manual, provided in printed form, and provided on the APC Automatic Transfer Switch Utility CD as a PDF file (.\doc\en\Insguide.pdf).
Internal Management Features AUTOMATIC TRANSFER SWITCH USER’S GUIDE Access priority for logging on Only one user at a time can log onto the Management Card to use its internal user interface features. The priority for access is as follows: • Serial access has the highest priority. • Telnet or SSH access to the control console from a remote computer has priority over Web access. • Web access either directly or through InfraStruXure Manager has the lowest priority.
The Management Card has three levels of access (Administrator, Device Manager, and Read-Only), all of which are protected by Password and User Name requirements. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Types of user accounts • An Administrator can use all of the management menus available in the control console and the Web interface. The Administrator’s default User Name and Password are both apc.
You can use a local computer, a computer that connects to the Management Card or other device through the serial port, to access the control console. AUTOMATIC TRANSFER SWITCH USER’S GUIDE How to Recover from a Lost Password 1. Select a serial port at the local computer, and disable any service that uses that port. 2. Connect the serial cable (APC part number 940-0024 or 940-1524) to the selected port on the computer and to the configuration port at the Management Card. 3.
7. From the Control Console menu, select System, then User Manager. AUTOMATIC TRANSFER SWITCH USER’S GUIDE 6. Press ENTER as many times as necessary to redisplay the User Name prompt, then use the default, apc, for the user name and password. (If you take longer than 30 seconds to log on after the User Name prompt is redisplayed, you must repeat step 5 and log on again.) 8. Select Administrator, and change the User Name and Password settings, both of which are now defined as apc. 9.
Front Panel The front-panel features of the Network Management Card (AP9617) include Status LEDs, a Reset button, and a 10/100Base-T connector. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Introduction m 10/100Base-T Reset Link - RX/TX 10/100 Smart Slot Status AP9617 Network Management Card EX Features Feature Description Reset button Resets the Management Card while power remains on. 10/100 Base-T connector Connects the Management Card to the Ethernet network.
Link-RX/TX (10/100) LED AUTOMATIC TRANSFER SWITCH USER’S GUIDE This LED indicates the network status. Condition Description Off One or more of the following situations exist: • The Management Card is not receiving input power. • The cable that connects the Management Card to the network is disconnected or defective. • The device that connects the Management Card to the network is turned off or not operating correctly. • The Management Card itself is not operating properly.
Status LEDs AUTOMATIC TRANSFER SWITCH USER’S GUIDE These LEDs indicate the Management Card’s status. Condition Description Off One of the following situations exists: • The Management Card is not receiving input power. • The Management Card is starting up. • The Management Card is not operating properly. It may need to be repaired or replaced. Contact APC Worldwide Customer Support. Solid Green The Management Card has valid TCP/IP settings.
Watchdog Features To detect internal problems and recover from unanticipated inputs, the Management Card uses internal, system-wide watchdog mechanisms. When it reboots itself to recover from an internal problem, a System: Warmstart event is recorded in the Event Log. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Overview Network interface watchdog mechanism The Management Card implements internal watchdog mechanisms to protect itself from becoming inaccessible over the network.
Introduction AUTOMATIC TRANSFER SWITCH USER’S GUIDE Internal Interface Purpose The Automatic Transfer Switch has a set of simple internal menus, which you can access locally through a serial connection, to perform basic management and configuration tasks. Note You can communicate with the Network Management Card through the local serial port connection. See Web Config for details.
Access the internal interface 1. Select a serial port on your computer, and disable any service that uses that port. AUTOMATIC TRANSFER SWITCH USER’S GUIDE To access the Automatic Transfer Switch internal menus, use a terminal emulation program such as HyperTerminal: 2. Connect your computer to the Automatic Transfer Switch configuration port, using the communication cable (included). 3.
How to use the menus • Enter the number corresponding to a menu selection. • To go to the previous menu, press ESC. AUTOMATIC TRANSFER SWITCH USER’S GUIDE • To refresh the current menu, press ENTER. • On data entry screens an arrow (->) next to a value indicates the current selection. • Navigation controls specific to each screen are displayed below the data or menu options, under the heading Menu Selections.
Internal Menus The main internal menu has the following options that allow you to view information, configure settings, and enter data, depending on your access level: 1 - Status 2 - Measurements 3 - Switch Configuration 4 - Alarms 5 - Event Counts 6 - Event Log 7 - Device Data 8 - Factory Data 9 - Log Out 10 - System Admin (Admin Only) 11 - Web Config (Admin Only) AUTOMATIC TRANSFER SWITCH USER’S GUIDE Main menu ® 14
Status menu AUTOMATIC TRANSFER SWITCH USER’S GUIDE Item Definition Selected Source Source currently supplying power to the load. Preferred Source Power source to use when both sources are acceptable. Switch Status Indicates whether the alternate power source is acceptable. The load will switch to this source if the selected power source fails. Front Panel Select Indicates if the front panel button can be used to change sources (LOCKED or UNLOCKED).
Measurements menu AUTOMATIC TRANSFER SWITCH USER’S GUIDE Item Definition Source A VRMS Frequency and voltage of input power source A. Source B VRMS Frequency and voltage of input power source B. Output Amps Load current reading. 24VDC PS Voltage of the 24VDC power supply. +12 VDC PS Voltage of the +12 VDC power supply. –12VDC PS Voltage of the –12VDC power supply. 5VDC PS Voltage of the 5VDC power supply.
Switch configuration menu AUTOMATIC TRANSFER SWITCH USER’S GUIDE Item Definition Line VRMS Nominal source line voltage setting for this device. Line Frequency Nominal source frequency setting for this device. Preferred Source Power source that will be used when both sources are acceptable. Sensitivity Sensitivity of the Automatic Transfer Switch to changes in voltage.
Alarms menu AUTOMATIC TRANSFER SWITCH USER’S GUIDE Item Definition Redundancy One or both sources have a voltage or frequency out of range. Source Switch The Automatic Transfer Switch is unable to switch sources. Over Current Power source input current is over the acceptable threshold. Source A Power source is out of range. Source B Power source is out of range. Power Supply The 24V, +12V, –12V, or 5V power supply is out of range. Configuration Configuration changes have been made.
Event Log AUTOMATIC TRANSFER SWITCH USER’S GUIDE The event log provides a list of the last twenty events (in the order that they occurred) since the last time the log was cleared. See Event Counts for a listing of the possible events. Device Data Item Definition Name Name of the contact for this device. Location Location of the device. Contact Info How to contact the person responsible for this device. Log Time-out Number of minutes of inactivity before you are logged off (maximum 15).
System Admin AUTOMATIC TRANSFER SWITCH USER’S GUIDE Item Definition Cold Start Enable a cold start of the Automatic Transfer Switch. Warm Start Enable a warm start of the Automatic Transfer Switch. Restore Defaults/ Restart Change settings back to defaults. Firmware Download Update the Automatic Transfer Switch firmware.
The Web Config option provides pass-through access to the Network Management Card. When you select Web Config, a screen will prompt you to change your terminal emulator settings to a baud rate of 2400 bps. When you are finished configuring the Network Management Card, it will also remind you to reset the Automatic Transfer Switch and change the baud rate back to 19200 . AUTOMATIC TRANSFER SWITCH USER’S GUIDE Web Config To access Network Management Card through the serial port: 1.
How To Log On AUTOMATIC TRANSFER SWITCH USER’S GUIDE Control Console User Name and Password Use case-sensitive User Name and Password entries (by default, apc and apc, for an Administrator, or device and apc, for a Device Manager) to log in. If you cannot remember your User Name or Password, call APC Worldwide Customer Support for assistance.
You can access the control console through Telnet or SSH, depending on which is enabled. (An Administrator can enable these access methods through the Telnet/SSH option of the Network menu.) By default, Telnet is enabled. Enabling SSH automatically disables Telnet. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Remote access to the control console Telnet for basic access. Telnet provides the basic security of authentication by user name and password, but not the high-security benefits of encryption.
The interface, user accounts, and user access rights are the same whether you access the control console through SSH or Telnet, but to use SSH, you must first configure SSH and have an SSH client program installed on your computer. AUTOMATIC TRANSFER SWITCH USER’S GUIDE SSH for high-security access. If you use the high security of SSL for the Web interface, use SSH for access to the control console. SSH encrypts user names, passwords, and transmitted data.
Main Screen The following is an example of the screen that appears when you log on to the control console at a Network Management Card (AP917). AUTOMATIC TRANSFER SWITCH USER’S GUIDE Example main screen User Name: apc Password : *** American Power Conversion Network Management Card AOS v2.6.4 Copyright 2001 All Rights Reserved Automatic Transfer Switch APP v2.6.
Information and status fields • Two fields identifying the APC operating system (AOS) and application (APP) firmware versions. The application firmware uses a name that identifies the type of device that the Network Management Card connects to the network. In the Example main screen, the Network Management Card uses the application firmware for the Automatic Transfer Switch. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Main screen information fields.
Main screen status fields. The main screen reports status in the following fields: • A Stat field that reports the Network Management Card status. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Stat : P+ N+ A+ P+ The APC operating system (AOS) is functioning properly. N+ The network is functioning properly. N? A BOOTP request cycle is in progress. N– The Network Management Card failed to connect to the network. N! Another device is using the Network Management Card’s IP address.
Control Console Menus The main Control Console menu has options that provide access to the control console’s management features: AUTOMATIC TRANSFER SWITCH USER’S GUIDE Main menu 1234- Device Manager Network System Logout s Note When you log on as Device Manager, you can access only the Device Manager menus and the Logout menu. How to use the menus Within the menu structure: • To select a menu item, type the item number, and press ENTER.
Device Manager menu 1- Automatic Transfer Switch AUTOMATIC TRANSFER SWITCH USER’S GUIDE Use the Device Manager menu to select the device that you want to manage. For information about the menu options to manage the Automatic Transfer Switch, see Automatic Transfer Switch Menu.
Use the System Menu to perform the following tasks: • Control Administrator and Device Manager access. • Set the Date and Time used by the Network Management Card AUTOMATIC TRANSFER SWITCH USER’S GUIDE • Define the system Name, Contact, and Location values. • Through the Tools menu: – Restate the Network Management Card interface. – Reset parameters to their default values. – Delete SSH host keys and SSL certificates. • Reset control console settings to their default values.
Introduction AUTOMATIC TRANSFER SWITCH USER’S GUIDE Web Interface Overview The Web interface provides options that you use to manage the Automatic Transfer Switch. See Web/SSL for information on the menu options you use to select, enable, and disable the protocols that control access to the Web interface and to define the Web-server ports for the protocols. Supported Web browsers As your browser, you can use Microsoft® Internet Explorer (IE) 5.0 (and higher) or Netscape® 6.
• Configure the Web browser to disable the use of a proxy server for the Network Management Card. AUTOMATIC TRANSFER SWITCH USER’S GUIDE In addition, the Network Management Card cannot work with a proxy server. Therefore, before you can use a Web browser to access its Web interface, you must do one of the following: • Configure the proxy server so that it does not proxy the specific IP address of the Network Management Card.
How to Log On You can use the DNS name or System IP address of the Network Management Card for the URL address of the Web interface. Use your case-sensitive User Name and Password settings to log on. The default user name differs by account type: AUTOMATIC TRANSFER SWITCH USER’S GUIDE Overview • apc for an Administrator • device for a Device Manager • readonly for a Read-Only User The default password is apc for all three account types.
Type the DNS name or IP address of the Network Management Card in the Web browser’s URL address field and press ENTER. Except as noted below, http:// is automatically added by the browser. AUTOMATIC TRANSFER SWITCH USER’S GUIDE URL address formats Note If the error “You are not authorized to view this page” occurs (Internet Explorer only), someone is logged onto the Web interface or control console.
Summary Page The following is an example of the navigation menu (see Navigation Menu) and Summary page that appear when you log onto the Web interface at a Network Management Card.
Summary page fields • The Automatic Transfer Switch section reports the status of a connected Automatic Transfer Switch. AUTOMATIC TRANSFER SWITCH USER’S GUIDE The Summary page has two sections: – Source A selected or Source B selected indicates which source is currently supplying power to the load. – Switchover Possible or Switchover Not Possible indicates whether the load can be switched to the alternate source.
Navigation Menu When you log on to the Web interface, the navigation menu (left frame) includes the following elements: AUTOMATIC TRANSFER SWITCH USER’S GUIDE Overview • The Network Management Card’s IP address • Automatic Transfer Switch menus to manage the Automatic Transfer Switch and its components – Status menu that displays detailed status.
Automatic Transfer Switch menu AUTOMATIC TRANSFER SWITCH USER’S GUIDE To manage an Automatic Transfer Switch, see Automatic Transfer Switch Menu.
• To do the following, see System Menu. – Control Administrator, Device Manager, and Read-Only access – Define the system Name, Contact, and Location values AUTOMATIC TRANSFER SWITCH USER’S GUIDE – Define system settings for RADIUS – Set the Date and Time used by the Network Management Card – To do the following, see Tools Menu: • Restart the Network Management Card • Reset parameters to their default values • Delete SSH host keys and SSL certificates • Upload an initialization file (.
When you click Help, the Contents for the online help is automatically displayed to provide for navigation to a specific online help topic. However, from any of the Web interface pages, you can use the question mark (?) that appears in the quick status bar to link to the section of the online help that covers that page’s content.
Links menu • APC’s Web Site accesses the APC home page. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Provides three user-definable URL link options. By default, these links access the following APC Web pages: • Testdrive Demo accesses a demonstration page where you can use samples of APC web-enabled products. • APC Monitoring accesses the “APC Remote Monitoring Service” page where you can find more information about pay-for-monitoring services available from APC.
Options and Settings AUTOMATIC TRANSFER SWITCH USER’S GUIDE Automatic Transfer Switch Menu Purpose Use the Automatic Transfer Switch menu to review status, control, and configuration settings for the Automatic Transfer Switch. Status option Brief Status. For information on the summary status fields that are displayed when you log on: • For the Web interface, see Summary Page. • For the control console, see Main Screen.
Detailed status. To display detailed status: • In the control console, select, in order, Device Manager, Automatic Transfer Switch, and Detailed Status. AUTOMATIC TRANSFER SWITCH USER’S GUIDE • In the Web interface, select the Status option of the Automatic Transfer Switch menu. . Item Definition Status The state of each power source: • Selected: This source is currently providing power.
• Select the Status option of the Automatic Transfer Switch menu in the Web interface. AUTOMATIC TRANSFER SWITCH USER’S GUIDE About Automatic Transfer Switch. To obtain the model number, firmware revision, firmware date (in the Web interface only), hardware revision, manufacture date, and serial number of the Automatic Transfer Switch: • Select Device Manager, Automatic Transfer Switch, and About Automatic Transfer Switch in the control console.
Configuration option Source A Name AUTOMATIC TRANSFER SWITCH USER’S GUIDE Item Definition The user-defined name for each source, 32-characters maximum. Source B Name Preferred Source The power source to which the Automatic Transfer Switch will transfer when both input power sources are acceptable. Options are Source A, Source B, and None. Voltage Transfer Range Defines the range of acceptable voltage from a power source.
Introduction AUTOMATIC TRANSFER SWITCH USER’S GUIDE Event-Related Menus and Options Overview The Events menu provides access to the options that you use to do the following tasks: • Access the Event Log. • Define the actions to be taken when an event occurs, based on the severity level of that event. (You must use the Web interface to define which events will use which actions.
Menu options • In the Web interface and Control Console, use the Email option in the Network menu to define the SMTP server. AUTOMATIC TRANSFER SWITCH USER’S GUIDE All event-related options are accessed through the Events menu, except as follows: • In the Control Console: – Use the Email option in the Network menu to define e-mail recipients. – Use the SNMP option in the Network menu to define the SNMP trap receivers. – Use CTRL + L to access the Event Log from any menu.
Event Log The Network Management Card supports an event-logging capability for all Automatic Transfer Switch application firmware modules. This allows you to record and view Automatic Transfer Switch and Network Management Card events.
Logged events • Any event that causes an SNMP trap, except for SNMP authentication failures. AUTOMATIC TRANSFER SWITCH USER’S GUIDE By default, the following events are logged: • The Network Management Card’s abnormal internal system events. To disable the logging of events based on their assigned severity level, use the Actions option in the Web interface’s Events menu. See Event Actions (Web Interface Only).
When logged on at the control console, press CTRL-L to displays, in reverse chronological order, all of the events, that have been recorded since the log was last deleted. Use the SPACE BAR to scroll through the recorded events. While viewing the log, type d and press ENTER to clear all events from the log. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Control console Deleted events cannot be retrieved.
If you are an Administrator or Device Manager, you can use FTP or SCP to retrieve a tab-delineated event log file (event.txt) or data log file (data.txt) that you can import into a spreadsheet application. AUTOMATIC TRANSFER SWITCH USER’S GUIDE How to use FTP or SCP to retrieve log files • The file reports all of the events or data recorded since the log was last deleted. • The file includes information that the event log or data log does not display.
To use SCP to retrieve the data.txt file, use the following command: AUTOMATIC TRANSFER SWITCH USER’S GUIDE To use SCP to retrieve the files. To use SCP to retrieve the event.txt file, use the following command: scp username@hostname_or_ip_address:event.txt ./event.txt scp username@hostname_or_ip_address:data.txt ./data.txt To use FTP to retrieve the files. To use FTP to retrieve the event.txt or data.txt file: 1.
4. You can use the del command to clear the contents of the event log or data log. ftp>del event.txt AUTOMATIC TRANSFER SWITCH USER’S GUIDE or ftp>del data.txt You will not be asked to confirm the deletion. – If you clear the data log, the event log records a deleted-log event. – If you clear the event log, a new event.txt file is created to record the deleted-log event. 5. Type quit at the ftp> prompt to exit from FTP.
Event Actions (Web Interface Only) Use the Actions option in the Events menu to do the following: AUTOMATIC TRANSFER SWITCH USER’S GUIDE Overview • Select which actions will occur for events that have a severity level. – Event Log selects which severity levels cause an event to be logged. See Event Log action. – Syslog selects which severity levels cause messages to be sent to Syslog servers to log events. • Syslog selects which severity levels cause messages to be sent to Syslog servers to log events.
AUTOMATIC TRANSFER SWITCH USER’S GUIDE • Click Details for a complete list of the Network Management Card (system), UPS, and Automatic Transfer Switch events that can occur, and then edit the actions that will occur for an individual event. Click Hide Details to return to the Actions option. See How to Configure Individual Events.
Severity levels • Informational: Indicates an event that requires no action, such as a notification of a return from an abnormal condition. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Except for some system (Network Management Card) events that do not have a severity level assigned, events are assigned a default severity level. • Warning: Indicates an event that may need to be addressed should the condition continue, but does not require immediate attention.
By default, the Syslog action is enabled for all events that have a severity level. However, before you can use this feature to send Syslog messages when events occur, you must configure it. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Syslog action See See Syslog. SNMP Traps action By default, the SNMP Traps action is enabled for all events that have a severity level assigned.
Event Recipients The Web interface and control console both have options that allow you to define up to four trap receivers and up to four e-mail addresses to be used when an event occurs that has the SNMP traps or e-mail enabled. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Overview Trap Receiver settings To define the Trap Receiver settings that allow you to define which NMSs receive traps: • In the Web interface, use the Recipients option in the Events menu.
E-mail Feature You can use the Simple Mail Transfer Protocol (SMTP) to send e-mail to a maximum of four recipients when an event occurs. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Overview To use the e-mail feature, you must define the following settings: • The IP addresses of the primary and secondary Domain Name Service (DNS) servers. See DNS servers. • The DNS name of the SMTP Server and the From Address settings for SMTP. See SMTP settings. • The e-mail addresses for a maximum of four recipients.
DNS servers AUTOMATIC TRANSFER SWITCH USER’S GUIDE The Network Management Card cannot send any e-mail unless the IP address of the primary DNS server is defined. See DNS. The Network Management Card will wait a maximum of 15 seconds for a response from the primary or (if specified) the secondary DNS servers. If the Network Management Card does not receive a response within that time, e-mail cannot be sent.
SMTP settings AUTOMATIC TRANSFER SWITCH USER’S GUIDE Use the E-mail option in the Network menu to define the following settings: Setting Description SMTP Server The IP address (or if DNS is configured, the DNS name) of the SMTP server. NOTE: This definition is required only when the SMTP Server option is set to Local. See Email Recipients. From Address The contents of the From field in the format user@domain.
AUTOMATIC TRANSFER SWITCH USER’S GUIDE Options (both interfaces). Setting Description To Address Defines the user and domain names of the recipient. To use e-mail for paging, use the e-mail address for that recipient’s pager gateway account (for example, myacct100@skytel.com). The pager gateway will generate the page. You can bypass the DNS lookup of the mail server’s IP address by using the IP address in brackets instead of the e-mail domain name. For example, use jsmith@[xxx.xxx.x.
Setting Description Format Selects the format used for e-mail messages: UPS: Communications Established AUTOMATIC TRANSFER SWITCH USER’S GUIDE Short: Identifies only the event that occurred. For example: Long: Includes information about the Network Management Card and the Automatic Transfer Switch, as well as the event. For example: Name : Switch_1 Location : TestLab Contact : Tom_Adams http://135.124.
How to Configure Individual Events The Actions option in the Events menu opens the Event Action Configuration page. Use the Details button to access a complete list of configurable events of the System (Network Management Card) and Automatic Transfer Switch events that can be reported by your Network Management Card.
Detailed Event Action Configuration page The event codes provide a link to a page that allows you to do the following: • Enable or disable whether the event uses the event log, Syslog messages, SNMP traps, or e-mail recipients AUTOMATIC TRANSFER SWITCH USER’S GUIDE • Change the selected event’s severity level • Reset the event to its default configuration ® 65
Log Option AUTOMATIC TRANSFER SWITCH USER’S GUIDE Data Menu (Web Interface Only) Use this option to access a log that stores readings taken by the temperature and humidity probes at regular intervals. The information in the data log is sampled and stored based on the log interval defined by the Data menu’s Configuration option. Each entry is listed by the date and time the data was recorded, and provides the data in a column format. See Configuration Option.
Use this option to access the Data Log Configuration page, which reports how much data can be stored in the data log. You change the Log Interval setting, which defines how often data will be sampled and recorded in the data log. The report updates based on the new setting. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Configuration Option The minimum interval is one minute. The maximum interval is 18 hours, 12 minutes, and 15 seconds.
Introduction AUTOMATIC TRANSFER SWITCH USER’S GUIDE Network Menu Overview Use the Network menu to do the following tasks: • Define TCP/IP settings, including BOOTP server settings, when a BOOTP server is used to provide the needed TCP/IP values. • Use the Ping utility. • Define settings that affect the FTP, Telnet, SSH, Web interface, SSL, TLS, SNMP, e-mail, DNS, and Syslog features of the Automatic Transfer Switch. Only an Administrator has access to the Network menu.
Unless noted, the following menu options are available in the control console and Web interface: • TCP/IP • DNS • Ping utility (control console) • FTP server • Telnet/SSH AUTOMATIC TRANSFER SWITCH USER’S GUIDE Menu options • SNMP • Email • Syslog • Web/SSL ® 69
Option Settings This option accesses the following settings: AUTOMATIC TRANSFER SWITCH USER’S GUIDE TCP/IP • A Boot mode setting selects the method used to define the three TCP/IP values that the Automatic Transfer Switch needs to operate on the network: – System IP: The IP address of the Automatic Transfer Switch – Subnet Mask: The subnet mask value – Default Gateway: The IP address of the default gateway For information about the watchdog role the default gateway plays, see Resetting the network timer.
• Manual: Three settings (System IP, Subnet Mask, and Default Gateway) are available only when Manual is used to define the needed TCP/IP settings. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Boot mode setting. This setting selects which method will be used to define the Automatic Transfer Switch’s TCP/IP settings whenever the Automatic Transfer Switch starts, resets, or reboots: • BOOTP only: A BOOTP server provides the TCP/IP settings. • DHCP only: A DHCP server provides the TCP/IP settings.
Advanced settings. The boot mode affects which settings are available. – Host Name: When an Administrator configures a host name here and a domain name in the Domain Name field, users can then enter a host name in any field in the Automatic Transfer Switch interface (except e-mail addresses) that accepts a domain name as input AUTOMATIC TRANSFER SWITCH USER’S GUIDE • Two settings are available for all Boot mode selections to define the Automatic Transfer Switch’s Host Name and Domain Name values.
• Three settings are available for all Boot mode selections, except Manual, to identify the Automatic Transfer Switch in BOOTP or DHCP communication: AUTOMATIC TRANSFER SWITCH USER’S GUIDE – Vendor Class: Uses APC, by default. – Client ID: Uses the Automatic Transfer Switch’s MAC address, by default. . Caution If Client ID is changed from the Automatic Transfer Switch’s MAC address, the new value must be unique on the LAN. Otherwise, the DHCP or BOOTP server may act incorrectly.
DNS AUTOMATIC TRANSFER SWITCH USER’S GUIDE Use this option to define the IP addresses of the primary and secondary DNS used by the Automatic Transfer Switch e-mail feature.) See E-mail Feature and DNS servers. Send DNS query (Web interface. Use this option, available only through the DNS menu in the Web interface, to send a DNS query that tests the setup of your DNS servers.
• Use the Query Question text field to identify the value to be used for the selected Query Type: – For Host, identify the URL AUTOMATIC TRANSFER SWITCH USER’S GUIDE – For IP, identify the IP address – For FQDN, identify the fully qualified domain name, formatted as myserver.mydomain.com – For MX, identify the Mail Exchange address • Enable or disable Reverse DNS Lookup, which is disabled by default.
FTP server FTP transfers files without using encryption. For higher security, use SCP for file transfers. When you select and configure SSH, SCP is enabled automatically. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Use the Access setting to enable or disable the FTP server. The server is enabled by default. See Telnet/SSH to configure SSH.
Telnet/SSH • Enable or disable Telnet or the Secure SHell (SSH) protocol for remote control console access. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Use the Telnet/SSH option to perform the following tasks: – While SSH is enabled, you cannot use Telnet to access the control console. – Enabling SSH enables SCP automatically. When SSH is enabled and its port and encryption ciphers are configured, no further configuration is required to use SCP. (SCP uses the same configuration as SSH.
AUTOMATIC TRANSFER SWITCH USER’S GUIDE From a command line interface, such as the command prompt on Windows operating systems, you can use FTP or SCP to transfer the host key file. You must transfer the file to location /sec on the Automatic Transfer Switch. If you do not specify a host key file, the Automatic Transfer Switch generates an RSA host key of 768 bits, instead of the 1024-bit RSA host key that the Wizard creates.
Option Description Telnet/SSH Network Configuration AUTOMATIC TRANSFER SWITCH USER’S GUIDE Access Enables or disables the access method selected in Protocol Mode. NOTE: Enabling SSH automatically disables Telnet. To enable SSH, change the setting and then click Next>> in the Web interface or choose Accept Changes in the control console. You must then agree to the license agreement that is displayed.
Option Description Telnet/SSH Port Configuration AUTOMATIC TRANSFER SWITCH USER’S GUIDE Telnet Port Identifies the TCP/IP port used for communications by Telnet with the Automatic Transfer Switch. The default is 23. You can change the Port setting to the number of any unused port between 5000 and 32768 to enhance the protection provided by User Name and Password settings.
Option Description SSHv1 Encryption Algorithms AUTOMATIC TRANSFER SWITCH USER’S GUIDE SSH Server Configuration Enables or disables DES, and displays the status (always enabled) of Blowfish, two encryption algorithms (block ciphers) compatible with SSH version 1 clients. • DES: The key length is 56 bits. • Blowfish: The key length is 128 bits. You cannot disable this algorithm. NOTE: Not all SSH clients can use every algorithm. If your SSH client cannot use Blowfish, you must also enable DES.
Option Description SSH User Host Key File AUTOMATIC TRANSFER SWITCH USER’S GUIDE Status The Status field Indicates the status of the host key (private key). In the control console, display the host key status by selecting Advanced SSH Configuration. • SSH Disabled: No host key in use: No host key has been transferred to the Automatic Transfer Switch or a host key has been transferred improperly. NOTE: A host key must be installed to the /sec directory of the Automatic Transfer Switch.
Option Description AUTOMATIC TRANSFER SWITCH USER’S GUIDE SSH Host Key Fingerprint SSH v1: Displays the SSH version 1 fingerprint for the host key. The fingerprint is a unique identifier to further authenticate the host key. In the control console, choose Advanced SSH Configuration and then Host Key Information to display the fingerprint. SSH v2: Displays the SSH version 2 fingerprint for the host key. The fingerprint is a unique identifier to further authenticate the host key.
An Access option (the Settings option in the control console) enables (by default) or disables SNMP. When SNMP is enabled, the Access Control settings allow you to control how each of the four available SNMP channels is used. AUTOMATIC TRANSFER SWITCH USER’S GUIDE SNMP To define up to four NMSs to serve as trap receivers, see Trap Receiver settings. To use SNMP to manage an Automatic Transfer Switch, see the PowerNet® SNMP Management Information Base(MIB) Reference Guide (.\doc\en\mibguide.
AUTOMATIC TRANSFER SWITCH USER’S GUIDE Setting Definition Access Type Selects how the NMS defined by the NMS IP Domain Name setting can use the channel, when that NMS uses the correct Community Name. Read The NMS can use GETs at any time, but it can never use SETs. Write The NMS can use GETs at any time, and can use SETs when no one is logged on to the control console or Web interface. Disabled The NMS cannot use GETs or SETs.
By default, the Automatic Transfer Switch can send messages to up to four syslog servers whenever Automatic Transfer Switch or embedded management card events occur. The Syslog servers, which must be specifically identified by their IP addresses or domain names, record the events in a log that provides a centralized record of events that occur at network devices.
Syslog Server Settings AUTOMATIC TRANSFER SWITCH USER’S GUIDE Server IP/ Domain Name Uses specific IP addresses or domain names to identify which of up to four servers will receive Syslog messages sent by the Automatic Transfer Switch. NOTE: To use the Syslog feature, the Server IP/Domain Name setting must be defined for at least one server. Port Identifies the user datagram protocol (UDP) port that the Automatic Transfer Switch will use to send Syslog messages.
Syslog test (Web interface). This option allows you to send a test message to the Syslog servers configured in the Syslog Server section. 2. Define the test message using any text in the format described in Syslog message format. For example, ATS: Communications Established 0x0F01 meets the required message format. AUTOMATIC TRANSFER SWITCH USER’S GUIDE 1. Select the priority to assign to the test message. 3.
Web/SSL • Enable or disable the two protocols that provide access to the Web interface of the Automatic Transfer Switch: AUTOMATIC TRANSFER SWITCH USER’S GUIDE Use the Web/SSL menu to perform the following tasks. – Hypertext Transfer Protocol (HTTP) provides access by user name and password, but does not encrypt user names, passwords, and data during transmission.
– In the Web interface, browse to the certificate file and upload it to the Automatic Transfer Switch. AUTOMATIC TRANSFER SWITCH USER’S GUIDE • Identify whether a server certificate is installed on the Automatic Transfer Switch. If a certificate has been created with the APC Security Wizard but is not installed: – Alternatively, use the SCP protocol or FTP to upload it to the location \sec on the Automatic Transfer Switch.
Option Description AUTOMATIC TRANSFER SWITCH USER’S GUIDE Web/SSL Network Configuration Access Enables or disables the access method selected in Protocol Mode. Protocol Mode Choose one of the following: • HTTP: User names, passwords, and data are transmitted without encryption. • HTTPS (SSL): User names, passwords, and data are transmitted in encrypted form, and digital certificates are used for authentication.
Option Description HTTP/HTTPS Port Configuration AUTOMATIC TRANSFER SWITCH USER’S GUIDE HTTP Port Identifies the TCP/IP port used for communications by HTTP with the Automatic Transfer Switch. The default is 80. You can change the Port setting to the number of any unused port between 5000 and 32768 to enhance the protection provided by User Name and Password settings. You must then use a colon (:) in the command line to specify the nondefault port number.
Option Description SSL Server Configuration AUTOMATIC TRANSFER SWITCH USER’S GUIDE CipherSuite Enables or disables the following SSL encryption ciphers and hash algorithms. (To access these options in the control console, choose Web/ SSL, then Advanced SSL Configuration.) NOTE: All of these encryption ciphers and hash algorithms use the RSA public key algorithm. • DES (SSL_RSA_WITH_DES_CBC_SHA): a block cipher with a key length of 56 bits. The Secure Hash Algorithm (SHA) is used for authentication.
Option Description SSL Server Certificate AUTOMATIC TRANSFER SWITCH USER’S GUIDE Filename You can create a server certificate with the APC Security Wizard and then upload it to the Automatic Transfer Switch by using the Web interface. Use the Browse button for the Filename field to locate the file, then click Apply. By default, the certificate is installed to the correct location. Alternatively, you can use FTP or SCP to transfer the server certificate to the Automatic Transfer Switch.
Parameter Description Current Certificate Details AUTOMATIC TRANSFER SWITCH USER’S GUIDE Issued To Common Name (CN): The IP Address or DNS name of the Automatic Transfer Switch, except if the server certificate was generated by default by the Automatic Transfer Switch. For a default server certificate, the Common Name (CN) field displays the Automatic Transfer Switch’s serial number.
AUTOMATIC TRANSFER SWITCH USER’S GUIDE Parameter Description Fingerprint Each fingerprint is a long string of alphanumeric characters punctuated by colons. A fingerprint is a unique identifier that you can use to further authenticate the server. Record the fingerprints to compare with the fingerprints contained in the certificate, as displayed in the browser. SHA1 Fingerprint: This fingerprint is created by a Secure Hash Algorithm (SHA).
Introduction AUTOMATIC TRANSFER SWITCH USER’S GUIDE System Menu Overview Use the System menu to do the following tasks: • Configure system identification, date and time settings, and access parameters for the Administrator, Device Manager, and Read-Only User accounts. • Centrally administer remote access for each Network Management Card by using RADIUS (Remote Authentication Dial-in User Service).
Unless noted, the following menu options are available in the control console and Web interface: • User Manager • RADIUS AUTOMATIC TRANSFER SWITCH USER’S GUIDE Menu options • • • • Identification Date & Time Tools Preferences (Web interface) • Links (Web interface) • About system (control console) The About System option is a Help menu option in the Web interface.
Option Settings Use this option to define the access values shared by the control console and the Web interface, and the authentication used to access the Web interface. AUTOMATIC TRANSFER SWITCH USER’S GUIDE User Manager Setting Definition Auto Logout The number of minutes (3, by default) before a user is automatically logged off because of inactivity.
RADIUS (Remote Authentication Dial-In User Service) is an authentication, authorization, and accounting service. Use this option to centrally administer remote access for each Automatic Transfer Switch. AUTOMATIC TRANSFER SWITCH USER’S GUIDE RADIUS When a user accesses the Automatic Transfer Switch, an authentication request is sent to the RADIUS server to determine the user’s permission level. RADIUS user names are limited to 32 characters.
AUTOMATIC TRANSFER SWITCH USER’S GUIDE RADIUS Setting Definition Access Local Only: RADIUS is disabled. Access to the Automatic Transfer Switch is controlled by the local user manager only. RADIUS then Local: RADIUS is enabled. Contact the RADIUS server first. If the RADIUS server fails to authenticate the user, the local user manager will be used to authenticate access to the Automatic Transfer Switch. RADIUS Only: RADIUS is enabled. Only the RADIUS server will be contacted.
1. Define an APC vendor in your RADIUS server. APC’s Private Enterprise Number, 318, is assigned by the Internet Assigned Numbers Authority (IANA). AUTOMATIC TRANSFER SWITCH USER’S GUIDE Configuring the RADIUS server. You must configure your RADIUS server to work with the Automatic Transfer Switch. The following example is specific to APC’s RADIUS server. 2. Define a RADIUS vendor-specific attribute called APC-ServiceType. This is an integer with an attribute identifier of 1. 3. Configure RADIUS users.
Use this option to define the System Name, Contact, and Location values used by the SNMP agent for the Automatic Transfer Switch. The option’s settings provide the values used for the MIB-II sysName, sysContact, and sysLocation Object Identifications (OIDs). AUTOMATIC TRANSFER SWITCH USER’S GUIDE Identification . See also For more information about the MIB-II OIDs, see the PowerNet® SNMP Management Information Base (MIB) Reference Guide (.\doc\en\mibguide.
AUTOMATIC TRANSFER SWITCH USER’S GUIDE Setting Definition Primary NTP Server Identifies the IP address or domain name of the primary NTP server. Secondary NTP Server Identifies the IP address or domain name of the secondary NTP server, when a secondary server is available. GMT Offset (Time Zone) Defines the offset from Greenwich Mean Time (GMT) based on the Automatic Transfer Switch’s time zone.
Tools AUTOMATIC TRANSFER SWITCH USER’S GUIDE Use this option to initiate any of the following actions: Action Definition Reboot Management Interface Restarts the user interface of the Automatic Transfer Switch. Reset to Defaults Resets all configuration settings. This option will reset the TCP/IP settings and enable DHCP and BOOTP. Reset to Defaults Except TCP/IP Resets all configuration settings except the TCP/IP settings. Reset Only TCP/IP to Defaults Resets the TCP/IP settings only.
AUTOMATIC TRANSFER SWITCH USER’S GUIDE File Transfer (control console only). The File Transfer option of the Tools menu provides two methods for file transfer over the network and one for file transfer through a serial connection to the Automatic Transfer Switch. Option Description XMODEM Allows you to transfer either an .ini file or a firmware upgrade file to a Automatic Transfer Switch using a terminal-emulation program.
Preferences (Web interface) AUTOMATIC TRANSFER SWITCH USER’S GUIDE Use this option to define whether temperature values are displayed as Fahrenheit or Celsius in the Web interface and the control console. Links (Web interface) Use this option to modify the links to APC Web pages. . Setting Definition User Links Name Defines the link names that appear in the Links menu (by default, APC’s Web site, Testdrive Demo, and APC Monitoring). URL Defines the URL addresses used by the links.
This option identifies the following hardware information for the Automatic Transfer Switch: Model Number, Serial Number, Hardware Revision, Manufacture Date, and MAC Address. AUTOMATIC TRANSFER SWITCH USER’S GUIDE About system (control console) This screen also displays Name, Version, Date, and Time for the Application Module and AOS. The About System menu also includes fields for system Flash Type and the Type, Sector, and CRC 16 for each module.
Introduction AUTOMATIC TRANSFER SWITCH USER’S GUIDE Boot Mode Overview In addition to using a BOOTP server or manual settings, the Automatic Transfer Switch can use a dynamic host configuration protocol (DHCP) server to provide the settings that it needs to operate on a TCP/IP network. The method that is used to provide the network settings for the Automatic Transfer Switch depends on Boot mode, a TCP/IP option in the Network menu.
When Boot mode is set to its default DHCP & BOOTP setting, the following occurs when the Automatic Transfer Switch is started or reset: 1. The Automatic Transfer Switch makes up to five requests for its network assignment from any BOOTP server. If a valid BOOTP response is received, the Automatic Transfer Switch starts the network services and sets Boot mode to BOOTP Only. 2.
DHCP Configuration Settings The TCP/IP option in the Network menu of the Web interface and control console accesses the network settings for the Automatic Transfer Switch. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Automatic Transfer Switch settings Three settings (Port Speed, Host Name, and Domain Name) are available regardless of the TCP/IP option’s Boot mode selection, and three settings (Vendor Class, Client ID, and User Class) are available for any Boot mode selection except Manual.
AUTOMATIC TRANSFER SWITCH USER’S GUIDE When Boot mode is set to DHCP Only, two options are available: • DHCP Cookie Is in the control console (or Require vendor specific cookie to accept DHCP Address in the Web interface): By default, this option requires that the DHCP responses include the APC cookie in order to be valid.
Each valid DHCP response contains options that provide the TCP/IP settings that the Automatic Transfer Switch needs to operate on a network, and other information that affects the operation of the Automatic Transfer Switch. AUTOMATIC TRANSFER SWITCH USER’S GUIDE DHCP response options The Automatic Transfer Switch uses the Vendor Specific Information option (option 43) in a DHCP response to determine whether the DHCP response is valid. Vendor Specific Information (option 43).
AUTOMATIC TRANSFER SWITCH USER’S GUIDE Boot Mode Transition. Tag 2, Len 1, Data 1/2. This option 43 setting enables or disables the After IP Assignment option which, by default, causes the Boot mode option to use the setting that reflects the server that provided the TCP/IP settings (DHCP Only or BOOTP Only): • For a data value of 1, the After IP Assignment option is disabled, and the Boot mode option remains in its DHCP & BOOTP setting after successful network assignment.
AUTOMATIC TRANSFER SWITCH USER’S GUIDE TCP/IP options. The Automatic Transfer Switch uses the following options within a valid DHCP response to define its TCP/IP settings: • IP Address (from the yiaddr field of the DHCP response): The IP address that the DHCP server is leasing to the Automatic Transfer Switch. • Subnet Mask (option 1): The subnet mask value needed by the Automatic Transfer Switch to operate on the network.
Security Features AUTOMATIC TRANSFER SWITCH USER’S GUIDE Security Planning and implementing security features As a network device that passes information across the network, the Automatic Transfer Switch is subject to the same exposure as other devices on the network. Use the information in this section to plan and implement the security features appropriate for your environment. Summary of access methods Serial control console. Security Access Access is by user name and password.
AUTOMATIC TRANSFER SWITCH USER’S GUIDE SNMP. Security Access Description Available methods: • Community Name • Domain Name • NMS IP filters • Agent Enable/Disable • 4 access communities with read/write/disable capability The domain name restricts access only to the NMS as that location, and the NMS IP filters allow access only from designated IP addresses. • 162.245.12.1 allows only the NMS with that IP address to have access. • 162.245.12.255 allows access for any NMS on the 162.245.12 segment. • 162.
AUTOMATIC TRANSFER SWITCH USER’S GUIDE Web server. Security Access Description Available methods: • User name and password • Selectable server port • Server Enable/Disable • Secure Sockets Layer (SSL) and Transport Layer Security (TLS) In basic HTTP authentication mode, the user name and password are transmitted base-64 encoded (with no encryption). SSL and TLS are available on Web browsers supported for the Automatic Transfer Switch and on most Web servers.
If a Telnet, FTP, SSH/SCP, or Web/SSL/TLS server uses a non-standard port, a user must specify the port when using the client interface, such as a Web browser. The non-standard port address becomes an extra “password,” hiding the server to provide an additional level of security. The TCP ports for which these servers listen are initially set at the standard “well known ports” for the protocols. To hide the interfaces, use any port numbers from 5000 to 32768.
You can select to use security features for the Automatic Transfer Switch that control access by providing basic authentication through user names, passwords, and IP addresses, without using encryption. These basic security features are sufficient for most environments in which sensitive data is not being transferred.
Encryption The Secure SHell (SSH) protocol provides a secure mechanism to access computer consoles or shells remotely. The protocol authenticates the server (in this case, the Automatic Transfer Switch) and encrypts all transmissions between the SSH client and the server. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Secure SHell (SSH) and Secure CoPy (SCP) • SSH is an alternative to Telnet, which does not provide encryption.
• When you enable and configure SSH, you automatically enable and configure SCP. No further configuration of SCP is needed. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Secure CoPy (SCP) is a secure file transfer application that you can use instead of FTP. SCP uses the SSH protocol as the underlying transport protocol for encryption of user names, passwords, and files. • You must explicitly disable FTP. It is not disabled by enabling SSH.
For secure Web communication, you enable Secure Sockets Layer (SSL) by selecting HTTPS (SSL/TLS) as the protocol mode to use for access to the Web interface of the Automatic Transfer Switch. Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS) is a Web protocol that encrypts and decrypts page requests from the user and pages that are returned by the Web server to the user. Originally developed by Netscape, it has become an internet standard supported by most Web browsers.
AUTOMATIC TRANSFER SWITCH USER’S GUIDE You can use the APC Security Wizard, provided on the APC Automatic Transfer Switch Utility CD, to create a certificate signing request to an external Certificate Authority, or if you do not want to use an existing Certificate Authority, you can create an APC root certificate to upload to a browser’s certificate store (cache). You can also use the Wizard to create a server certificate to upload to the Automatic Transfer Switch.
Creating and Installing Digital Certificates For network communication that requires a higher level of security than password encryption, the Web interface of the Automatic Transfer Switch supports the use of digital certificates with the Secure Sockets Layer (SSL) protocol. Digital certificates can authenticate the Automatic Transfer Switch (the server) to the Web browser (the SSL client). AUTOMATIC TRANSFER SWITCH USER’S GUIDE Purpose .
Choosing a method for your system Method 1: Use the auto-generated default certificate. When you enable SSL, you must reboot the Automatic Transfer Switch. During rebooting, if no server certificate exists on the Automatic Transfer Switch, the Automatic Transfer Switch generates a default server certificate that is self-signed but that you cannot configure.
AUTOMATIC TRANSFER SWITCH USER’S GUIDE – The default server certificate on the Automatic Transfer Switch has the Automatic Transfer Switch’s serial number in place of a valid common name (the DNS name or the IP address of the Automatic Transfer Switch). Therefore, although the Automatic Transfer Switch can control access to its Web interface by user name, password, and account type (e.g.
• A CA root certificate (Certificate Authority root certificate) that the APC Security Wizard uses to sign all server certificates and which you then install into the certificate store (cache) of the browser of each user who needs access to the Automatic Transfer Switch. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Method 2: Use the APC Security Wizard to create a CA certificate and a server certificate.
This method has the following advantages and disadvantages. – Before they are transmitted, the user name and password for Automatic Transfer Switch access and all data to and from the Automatic Transfer Switch are encrypted. AUTOMATIC TRANSFER SWITCH USER’S GUIDE • Advantages: – The length of the public key (RSA key) that is used for encryption when setting up an SSL session is 1024 bits, providing more complex encryption and consequently a higher level of security than the public key used in Method 1.
AUTOMATIC TRANSFER SWITCH USER’S GUIDE Method 3: Use the APC Security Wizard to create a certificate-signing request to be signed by the root certificate of an external Certificate Authority and to create a server certificate. You use the APC Security Wizard to create a request (a .csr file) to send to a Certificate Authority. The Certificate Authority returns a signed certificate (a .crt file) based on information you submitted in your request.
– The server certificate that you upload to the Automatic Transfer Switch enables SSL to authenticate that data are being received from and sent to the correct Automatic Transfer Switch. This provides an extra level of security beyond the encryption of the user name, password, and transmitted data.
Although some methods of authentication provide a higher level of security than others, complete protection from security breaches is almost impossible to achieve. Well-configured firewalls are an essential element in an overall security scheme.
Overview AUTOMATIC TRANSFER SWITCH USER’S GUIDE Using the APC Security Wizard Authentication Authentication verifies the identity of a user or a network device (such as an APC Automatic Transfer Switch). Passwords typically identify computer users. However, for transactions or communications requiring more stringent security methods on the Internet, the Automatic Transfer Switch supports more secure methods of authentication.
Authentication of the server (in this case, the Automatic Transfer Switch) occurs each time a connection is made from the browser to the server. The browser checks to be sure that the server’s certificate is signed by a Certificate Authority known to the browser. For this authentication to occur: AUTOMATIC TRANSFER SWITCH USER’S GUIDE How certificates are used.
Files you create for SSL and SSH security • The server certificate for the Automatic Transfer Switch, if you want the benefits of authentication that such a certificate provides.You can create either of the following types of server certificate: AUTOMATIC TRANSFER SWITCH USER’S GUIDE Use the APC Security Wizard to create the following components of an SSL and SSH security system: – A server certificate signed by a custom CA root certificate also created with the APC Security Wizard.
Create a Root Certificate & Server Certificates Use this procedure if your company or agency does not have its own Certificate Authority and you do not want to use a commercial Certificate Authority to sign your server certificates. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Summary The public RSA key that is part of a certificate generated by the APC Security Wizard is 1024 bits. (The default key generated by the Automatic Transfer Switch, if you do not use the Wizard, is 768 bits.
The procedure 1. If the APC Security Wizard is not already installed on your computer, install it by running the installation program APC Security Wizard.exe from the APC Automatic Transfer Switch Utility CD. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Create the CA root certificate. Perform these steps. (Click Next to move from screen to screen.) 2. On the Windows Start menu, select Programs, then APC Security Wizard, to start the Wizard program. 3.
AUTOMATIC TRANSFER SWITCH USER’S GUIDE 6. On the next screen, review the summary of the certificate. Scroll downward to view the certificate’s unique serial number and fingerprints. To make any changes to the information you provided, click Back, and revise the information. The certificate’s subject information and the certificate’s issuer information should be identical. 7. The last screen verifies that the certificate has been created and instructs you on the next tasks.
Create an SSL Server User Certificate. Perform these steps. (Click Next to move from screen to screen.) AUTOMATIC TRANSFER SWITCH USER’S GUIDE 1. On the Windows Start menu, select Programs, then APC Security Wizard, to start the Wizard program. 2. On the screen labeled Step 1, select SSL Server Certificate as the type of file to create. 3. Enter a name for the file that will contain the server certificate and the private key. The file name must have a .p15 extension.
AUTOMATIC TRANSFER SWITCH USER’S GUIDE 6. On the next screen, review the summary of the certificate. Scroll downward to view the certificate’s unique serial number and fingerprints. To make any changes to the information you provided, click Back, and revise the information. The information for every certificate must be unique. The configuration of a server certificate cannot be the same as the configuration of the CA root certificate.
Load the server certificate to the Automatic Transfer Switch. 1. On the Network menu of the Web interface of the Automatic Transfer Switch, select the Web/SSL option. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Perform these steps: 2. In the SSL/TLS Server Certificate section of the page, browse to the server certificate, the .p15 file you created in the procedure Create a Root Certificate & Server Certificates. (The default is C:\Program Files\American Power Conversion\APC Security Wizard.
Create a Server Certificate and Signing Request Use this procedure if your company or agency has its own Certificate Authority or if you plan to use a commercial Certificate Authority to sign your server certificates. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Summary • Create a Certificate Signing Request (CSR).The CSR contains all the information for a server certificate except the digital signature. This process creates two output files: – The file with the .
The procedure 1. If the APC Security Wizard is not already installed on your computer, install it by running the installation program APC Security Wizard.exe from the APC Automatic Transfer Switch Utility CD. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Create the Certificate Signing Request (CSR). Perform these steps. (Click Next to move from screen to screen.) 2. On the Windows Start menu, select Programs, then APC Security Wizard, to start the Wizard program. 3.
AUTOMATIC TRANSFER SWITCH USER’S GUIDE 6. On the next screen, review the summary of the certificate. Scroll downward to view the certificate’s unique serial number and fingerprints. To make any changes to the information you provided, click Back, and revise the information. The certificate’s subject information and the certificate’s issuer information should be identical. 7.
AUTOMATIC TRANSFER SWITCH USER’S GUIDE Import the signed certificate. When the external Certificate Authority returns the signed certificate, perform these steps to import the certificate. This procedure combines the signed certificate and the private key into an SSL server certificate that you then upload to the Automatic Transfer Switch. (Click Next to move from screen to screen.) 1. On the Windows Start menu, select Programs, then APC Security Wizard, to start the Wizard program. 2.
Load the server certificate to the Automatic Transfer Switch. 1. On the Network menu of the Web interface of the Automatic Transfer Switch, select the Web/SSL option. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Perform these steps: 2. In the SSL/TLS Server Certificate section of the page, browse to the server certificate, the .p15 file you created in the procedure Import the signed certificate. (The default location is C:\Program Files\American Power Conversion\APC Security Wizard.
Create an SSH Host Key This procedure is optional. If you select SSH encryption, but do not create a host key, the Automatic Transfer Switch generates a 768-bit RSA key when it reboots. Host keys for SSH that are created with the APC Security Wizard are 1024-bit RSA keys. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Summary • Use the APC Security Wizard to create a host key, which is encrypted and stored in a file with .p15 extension. • Load the host key on to the Automatic Transfer Switch.
AUTOMATIC TRANSFER SWITCH USER’S GUIDE 6. The summary screen displays the SSH version 1 and version 2 fingerprints, which are unique for each host key and identify the host key. After you load the host key onto the Automatic Transfer Switch, you can verify that the correct host key was uploaded by verifying that the fingerprints displayed here match the SSH fingerprints on the Automatic Transfer Switch, as displayed by your SSH client program. 7.
Load the host key to the Automatic Transfer Switch. Perform these steps: AUTOMATIC TRANSFER SWITCH USER’S GUIDE 1. On the Network menu of the Web interface of the Automatic Transfer Switch, select the Telnet/SSH option. 2. In the SSH User Host Key File section of the page, browse to the host key, the .p15 file you created in the procedure Create an SSH Host Key. (The default location is C:\Program Files\American Power Conversion\APC Security Wizard.) 3.
Purpose and Requirements AUTOMATIC TRANSFER SWITCH USER’S GUIDE APC Device IP Configuration Wizard Purpose: configure basic TCP/IP settings You can use the APC Device IP Configuration Wizard to configure the basic TCP/IP settings (IP address, subnet mask, and default gateway) of the following: • Network Management Cards • Devices that contain embedded Network Management Cards Using the Wizard, you can configure the basic TCP/IP settings of installed or embedded Network Management Cards in either of the f
Install the Wizard If autorun is enabled on your CD-ROM drive, the installation program starts automatically when you insert the CD. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Automated installation Manual installation If autorun is not enabled on your CD-ROM drive, run setup.exe in the Wizard directory on the CD, and follow the on-screen instructions You can download the latest version of the APC Device IP Configuration Wizard from the APC Web site, www.apc.com and run setup.
Use the Wizard The installation creates a shortcut link in the Start menu that you can use to launch the Wizard. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Launch the Wizard Configure the basic TCP/IP settings remotely Prepare to configure the settings. Before you run the Wizard, be sure that you have the information you will need during the configuration procedure: 1. Contact your network administrator to obtain valid TCP/IP settings to use. 2.
1. From the Start menu, launch the Wizard. The Wizard automatically detects the first Network Management Card that is not configured. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Run the Wizard to perform the configuration. To discover and configure, over the network, installed or embedded Network Management Cards that are not configured: 2. Select Remotely (over the network), and click Next >. 3.
Configure or reconfigure the TCP/IP settings locally 1. Contact your network administrator to obtain valid TCP/IP settings. AUTOMATIC TRANSFER SWITCH USER’S GUIDE To configure a single Network Management Card through a serial connection: 2. Connect the serial configuration cable that came with the Network Management Card or with the device that contains an embedded Network Management Card. a. Connect one end to an available communications port on your computer.
Retrieving and Exporting the .ini file AUTOMATIC TRANSFER SWITCH USER’S GUIDE How to Export Configuration Settings Summary of the procedure As an Administrator, you can retrieve a dynamically generated .ini file of an Automatic Transfer Switch’s current configuration and export that file to another Automatic Transfer Switch or to multiple Automatic Transfer Switchs. 1. Configure an Automatic Transfer Switch to have the settings you want to export. 2. Retrieve the .
Contents of the .ini file • section headings, which are category names enclosed in brackets ([ ]), and under each section heading, keywords, which are labels describing specific Automatic Transfer Switch settings. AUTOMATIC TRANSFER SWITCH USER’S GUIDE The config.
Use the following procedures to retrieve the settings of one Automatic Transfer Switch and export them to one or more other Automatic Transfer Switches. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Detailed procedures Retrieving. To set up and retrieve an .ini file to export: 1. Configure an Automatic Transfer Switch with the settings you want to export. To avoid errors, configure the Automatic Transfer Switch by using its Web interface or control console whenever possible. Directly editing the .
Customizing. You must customize the file to change at least the TCP/IP settings before you export it. – Section headings, keywords, and pre-defined values are not casesensitive, but string values that you define are case-sensitive. AUTOMATIC TRANSFER SWITCH USER’S GUIDE 1. Use a text editor to customize the file. – Use adjacent quotation marks to indicate no value. For example, LinkURL1="" indicates that the URL is intentionally undefined.
2. Copy the customized file to another file name in the same folder: AUTOMATIC TRANSFER SWITCH USER’S GUIDE – The copy, which you will export to other Automatic Transfer Switches, can have any file name up to 64 characters and must have the .ini file suffix. – Retain the original customized file for future use. The file that you retain is the only record of your comments. They are removed automatically from the file that you export. Exporting the file to a single Automatic Transfer Switch.
The Upload Event and its Error Messages The following system event occurs when the receiving Automatic Transfer Switch completes using the .ini file to update its settings. AUTOMATIC TRANSFER SWITCH USER’S GUIDE The event and its error messages Configuration file upload complete, with number valid values This event has no default severity level. If a keyword, section name, or value is invalid, the event text is extended to include notification of the following errors.
A feature might not be supported for the device from which you retrieve the configuration settings or might not be supported for the device to which you export the configuration settings. In this case, the user configuration file contains, under the section name for that feature, a message stating that the feature is not supported. No keywords and values are listed, and that feature will not be configured on any device to which you export the user configuration file.
On Windows operating systems, instead of using the preceding procedure for exporting .ini files, you can choose to update Automatic Transfer Switch settings by using the Device IP Configuration Wizard. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Using the Device IP Configuration Wizard For a detailed description of how to update the configuration settings of one or more Automatic Transfer Switches using the Device IP Configuration Wizard, see APC Device IP Configuration Wizard.
Introduction AUTOMATIC TRANSFER SWITCH USER’S GUIDE File Transfers Overview The Automatic Transfer Switch automatically recognizes binary firmware files. Each of these files contains a header and one or more Cyclical Redundancy Checks (CRCs) to ensure that the data contained in the file is not corrupted before or during the transfer operation. When new firmware is transmitted to the Automatic Transfer Switch, the program code is updated and new features become available.
Upgrading Firmware Upgrading the firmware on the Automatic Transfer Switch has the following benefits: AUTOMATIC TRANSFER SWITCH USER’S GUIDE Benefits of upgrading firmware • New firmware has the latest bug fixes and performance improvements. • New features become available for immediate use. • Keeping the firmware versions consistent across your network ensures that all Automatic Transfer Switches support the same features in the same manner.
Automated upgrade tool for Microsoft Windows systems. An automated self-extracting executable tool combines the firmware modules that you need to automate your upgrades on any supported Windows operating system AUTOMATIC TRANSFER SWITCH USER’S GUIDE Obtain the latest firmware version • The version of the tool on the APC Automatic Transfer Switch Utility CD will upgrade your device to the latest AOS and application modules available when the CD was released.
If you have a networked computer running a supported Microsoft Windows operating system on your network, you can use the tool described in Automated upgrade tool for Microsoft Windows systems to upgrade the firmware of a Automatic Transfer Switch automatically over the network. This tool automates the entire upgrade process, even if your current firmware is a 1.x.x version. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Manual upgrades, primarily for Linux systems.
Firmware file transfer methods • From a networked computer running a Microsoft Windows operating system, you can use the automated firmware upgrade tool on your CD or downloaded from the APC Web site. AUTOMATIC TRANSFER SWITCH USER’S GUIDE To upgrade the firmware of a Automatic Transfer Switch: • From a networked computer on any supported operating system, you can use FTP or SCP to transfer the individual AOS and application firmware modules.
Use FTP or SCP to upgrade one Automatic Transfer Switch • The Automatic Transfer Switch must be connected to the network. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Instructions for using FTP. For you to be able to use FTP to upgrade a single Automatic Transfer Switch over the network: • The FTP server must be enabled at the Automatic Transfer Switch. • The Automatic Transfer Switch must have its TCP/IP settings (System IP, Subnet Mask, and Default Gateway addresses) configured.
a. For some FTP clients, use a colon to add the port number to the end of the IP address. AUTOMATIC TRANSFER SWITCH USER’S GUIDE 3. Type open and the Automatic Transfer Switch’s IP address, and press ENTER. If the Port setting for FTP Server in the Network menu has changed from its default of 21, you must use the non-default value in the FTP command. b. For Windows FTP clients, separate the port number from the IP address by a space.
Instructions for using SCP. To use SCP to upgrade the firmware for one Automatic Transfer Switch: AUTOMATIC TRANSFER SWITCH USER’S GUIDE 1. Identify and locate the firmware modules described in the preceding instructions for FTP. 2. Use an SCP command line to transfer the AOS firmware module to the Automatic Transfer Switch. The following example assumes a Automatic Transfer Switch IP address of 158.205.6.185, and an AOS module of apc_hw02_aos_264.bin.) scp apc_hw02_aos_264.bin apc@158.205.6.
Export configuration settings. You can create batch files and use an APC utility to retrieve configuration settings from multiple Automatic Transfer Switchs and export them to other Automatic Transfer Switches. AUTOMATIC TRANSFER SWITCH USER’S GUIDE How to upgrade multiple Automatic Transfer Switches See also See Release Notes: ini File Utility, version 1.0 (.\doc\en\ininotes.pdf) on the APC Automatic Transfer Switch Utility CD. Use FTP or SCP to upgrade multiple Automatic Transfer Switches.
You cannot upgrade the AOS firmware module of any APC device directly from firmware version 1.x.x to 2.1.0 or later. The upgrade attempt will fail. AUTOMATIC TRANSFER SWITCH USER’S GUIDE Use XMODEM to upgrade one Automatic Transfer Switch To upgrade the AOS firmware module of an APC device from version 1.x.x to 2.1.0 or later, first upgrade the module to the latest available version 2.0.x AOS firmware module. Then upgrade it again, this time from version 2.0.x to the 2.x.x version you want.
a. Select option 3—System b. Select option 4—File Transfer d. Type Yes at the prompt to continue with the transfer. AUTOMATIC TRANSFER SWITCH USER’S GUIDE c. Select option 2— XMODEM 7. Select the appropriate baud rate. A higher baud rate causes faster firmware upgrades. Also, change the terminal program’s baud rate to match the one you selected, and press ENTER. 8. From the terminal program’s menu, select the binary AOS file to transfer via XMODEM-CRC.
Verifying Upgrades and Updates AUTOMATIC TRANSFER SWITCH USER’S GUIDE Overview To verify that the firmware upgrade was successful, see the Last Transfer Result message, available through the FTP Server option of the Network menu (in the control console only), or use an SNMP GET to the mfiletransferStatusLastTransferResult OID. Last transfer result codes Code Description Successful The file transfer was successful. Result not available There are no recorded file transfers.
Management Card AUTOMATIC TRANSFER SWITCH USER’S GUIDE Troubleshooting Management Card access problems For problems that are not described in the following table, see SNMP problems. If you still cannot resolve the problem, see Obtaining service. Problem Solution Unable to ping the Management Card If the Management Card’s Status LED is green, try to ping another node on the same network segment as the Management Card. If that fails, it is not a Management Card problem.
AUTOMATIC TRANSFER SWITCH USER’S GUIDE Problem Solution Cannot access the control console through a serial connection Make sure that you did not change the baud rate. Try 2400, 9600, 19200, or 38400. Cannot access the control console remotely • Make sure you are using the correct access method (Telnet or SSH). An Administrator can enable these access methods through the Telnet/SSH option of the Network menu. By default, Telnet is enabled. Enabling SSH automatically disables Telnet.
AUTOMATIC TRANSFER SWITCH USER’S GUIDE SNMP problems Problem Solution Unable to perform a GET • Verify the read (GET) community name. • Use the control console or Web interface to ensure that the NMS has access. See SNMP. Unable to perform a SET • Verify the read/write (SET) community name. • Use the control console or Web interface to ensure that the NMS has write (SET) access. See SNMP.
Warranty and Service AUTOMATIC TRANSFER SWITCH USER’S GUIDE Product Information Limited warranty APC warrants the Automatic Transfer Switch and Network Management Card to be free from defects in materials and workmanship for a period of two years from the date of purchase. Its obligation under this warranty is limited to repairing or replacing, at its own sole option, any such defective products.
Obtaining service To obtain support for problems with your Automatic Transfer Switch and Network Management Card : AUTOMATIC TRANSFER SWITCH USER’S GUIDE 0 1. Note the serial number and date of purchase. In the Web interface, see the Status option of the Automatic Transfer Switch menu and the About System option of the Help menu for serial numbers. 2. Contact Customer Support at a phone number located at the end of this manual. A technician will try to help you solve the problem by phone. 3.
Index Status LED indicating BOOTP requests 9 About Automatic Transfer Switch 44 About System option 40 Access Access Type setting for SNMP 85 FTP Server 76 AUTOMATIC TRANSFER SWITCH USER’S GUIDE A Browsers CA certificates in browser’s store (cache) 123 limiting NMS SNMP access by IP address 84 troubleshooting 176 C Certificates creating and installing for SSL 125 methods Access priority 3 Access setting for RADIUS 101 Actions option, Events menu 54 Advanced settings (DHCP) 111 APC cookie 113 APC OS
to an NMS 58 DNS 74 Domain Name setting (DHCP) 111 Domain names configuring 72 of trap receivers 58 D AUTOMATIC TRANSFER SWITCH USER’S GUIDE Current Limit 45 Current Settings fields (TCP/IP) 70 Customizing user configuration files 158 overriding expansion of host name to domain name 72 Data log configuration 67 importing into spreadsheet 51 log interval 67 using FTP or SCP to retrieve 51 E Email configuring 59 Email Recipients Data Menu 66 Detailed Event Action Configuration page 65 Device IP con
FTP deleting by typing d in control console 50 disabling 56 displaying the log in control console 50 AUTOMATIC TRANSFER SWITCH USER’S GUIDE Event Log 56 accessing 28 Event log disabling when SCP is used 76 using to retrieve text version of event or data log 51 G Generation setting, Email Recipients 62 GET commands, troubleshooting 177 GMT offset (time zone) 104 errors from overridden values during .ini file transfer 161 using FTP del command 53 using FTP or SCP to retrieve 51 event.
I M Identification Main screen ini files, See User configuration files Initial set-up 2 Input Frequency, Automatic Transfer Switch menu 43 Input Voltage, Automatic Transfer Switch menu 43 Interfaces 1 Internal menus 11 IP addresses of DNS server for email 59 of trap receivers 58 to limit access to specified NMSs 84 AUTOMATIC TRANSFER SWITCH USER’S GUIDE fields on main screen 26 displaying identification 26 firmware values displayed 26 login date and time 26 status 27 Up Time 26 User access identific
selecting for control console access 79 selecting for Web access 91 AUTOMATIC TRANSFER SWITCH USER’S GUIDE Override keyword, in user configuration file 156 P R Paging RADIUS settings 100 RADIUS, settings 101 Read access by an NMS 85 Reboot by using e-mail 62 Passwords default for Administrator account 33 default for Device Manager account 33 for NMS that is a trap receiver 58 recovering from lost password 5 to access internal menus 12 user manager access 99 using non-standards ports as extra passw
Severity levels (of Events) Informational 56 None 56 Severe 56 Warning 56 Signing requests creating 142 SMTP Server setting 61 SNMP Access Type setting 85 Authentication Traps 58 Secure hash algorithm (SHA) 93 Secure SHell. See SSH. Security 10 access methods 116 120 authentication vs.
Status option, Automatic Transfer Switch menu 42, 43 Synchronize with NTP server, (date & time) 103 Syslog facility setting 86 System information, obtaining 40 System (Management Card) events 65 System menu AUTOMATIC TRANSFER SWITCH USER’S GUIDE on control console main screen 27 summary 35 Testing the network connection to the DNS server 74 Timeout setting for RADIUS 101 To Address, Email Recipients 62 Tools menu 105 File Transfer 106 Trap Generation 58 Traps troubleshooting inability to receive traps 1
for HTTPS 92 for SSH 80 for Telnet 80 exporting system time separately 158 overriding device-specific values 156 retrieving and exporting 155 system event and error messages 160 using the APC utility to retrieve and transfer the files 157, 171 AUTOMATIC TRANSFER SWITCH USER’S GUIDE sole interface 26 User Class setting (DHCP) 111 User configuration files contents 156 customizing 158 User manager 99 auto logout 99 password 99 user name 99 User Name Status 36 Summary page 35 troubleshooting access proble
Customer support for this or any other APC product is available at no charge in any of the following ways: • Visit the APC Web site to access documents in the APC Knowledge Base and to submit customer support requests. – www.apc.com (Corporate Headquarters) AUTOMATIC TRANSFER SWITCH USER’S GUIDE APC Worldwide Customer Support Connect to localized APC Web sites for specific countries, each of which provides customer support information. – www.apc.
Entire contents © 2004 American Power Conversion. All rights reserved. Reproduction in whole or in part without permission is prohibited. APC, the APC logo, PowerNet, and InfraStruXure are trademarks of American Power Conversion Corporation and may be registered in some jurisdictions. All other trademarks, product names, and corporate names are the property of their respective owners and are used for informational purposes only.
