AlterPath™ OnSite Administrator’s and User’s Guide Software Version 1.1.0 Cyclades Corporation 3541 Gateway Boulevard Fremont, CA 94538 USA 1.888.CYCLADES (292.5233) 1.510.771.6100 1.510.771.6200 (fax) http://www.cyclades.
© 2006 Cyclades Corporation, all rights reserved Information in this document is subject to change without notice. The following are registered or registration-pending trademarks of Cyclades Corporation in the United States and other countries: Cyclades and AlterPath.
Contents Before You Begin .................................................. xliii Audience ..........................................................................................xliii Document Organization ................................................................... xliv Related Documents ........................................................................... xlv Typographic and Other Conventions ............................................... xlvi Additional Resources ......................
Prerequisites for Logging to Syslog Servers ............................... 28 OnSite System Logging Options .................................................... 29 OnSite Alarm Notifications ............................................................ 29 Tasks: Configuring Logging, Alarms, and Data Buffering ............ 31 Encryption .......................................................................................... 31 OnSite Port Permissions ........................................................
VPN on the OnSite ............................................................................. 54 Monitoring Temperatures ................................................................... 56 Administering Users of Connected Devices ...................................... 60 Planning Access to Connected Devices ......................................... 60 Tasks for Configuring Connected Devices ..................................... 61 Configuring Keyboard Shortcuts (Hot Keys) ..............................
Sharing KVM Port Connections ........................................................ 92 KVM Port Sharing Menu Options .................................................. 92 Quit this session .......................................................................... 93 Connect read only ....................................................................... 93 User Has Read-Write or Full Access Permissions ......................... 93 Connect read-write .......................................................
Connect to Server ............................................................................. 141 Connect to Server>Connect to OnSite ............................................. 143 Connect to Server>Connect to Serial Ports ...................................... 144 Connect to Server>Connect to KVM Ports ...................................... 144 KVM Ports Menu ......................................................................... 144 Show Connections Link and Dialog .................................
Access>IPDU Power Mgmt.>Software Upgrade ............................ 199 Access>IPDU Multi-Outlet Ctrl ...................................................... 201 Access>IPMI Power Mgmt. ............................................................. 204 Access>Terminal Profile Menu ....................................................... 208 Access>Temperature Sensors .......................................................... 210 Configuration ..................................................................
Configuration>Security .................................................................... 275 Configuration>Security>Authentication .......................................... 276 Configuring Authentication for OnSite Logins ............................ 277 Configuring Authentication Servers ............................................. 278 Configuration>Security>Users & Groups ....................................... 288 Adding a User ........................................................................
Firewall Configuration: ICMP Protocol Fields ............................ 335 Firewall Configuration: Input Interface, Output Interface, and Fragments ..................................................................................... 337 Firewall Configuration: LOG Target ............................................ 338 Firewall Configuration: REJECT Target ...................................... 339 Firewall Configuration Procedures ...............................................
Power Management Through the OSD ............................................ 382 IPDU Power Management (OSD) ................................................ 382 Power Management While Connected to a KVM Port (OSD) ..... 383 OSD Fan Failure Warning ............................................................... 383 OSD Main Menu Options for the Administrator ............................. 383 Power Management Menu [OSD] ....................................................
Configure>KVM Ports Screens [OSD] ............................................ 436 Configuring KVM Ports [OSD] ....................................................... 438 Configure>Serial Ports Screens [OSD] ............................................ 440 Configuring Serial Ports [OSD] ....................................................... 446 Configure>Users and Groups Screens [OSD] ................................. 450 Configuring Users and Groups [OSD] .............................................
Configuring Groups on LDAP, NTLM, RADIUS, and TACACS+ Authentication Servers .................................................. 512 Configuring Groups for TACACS+ ............................................. 512 Configuring a TACACS+ Authentication Server on the Command Line ............................................................................................... 513 Configuring Groups for RADIUS ................................................
Configuring the /etc/pcmcia/serial.opts File ................................. 555 Configuring Automatic Restart and Starting Dial-Out ................. 555 Configuring Dial-Out Through Modems Accessed as Serial Devices ......................................................................................... 557 Chapter 9: Troubleshooting.................................. 559 Connection Methods for Troubleshooting ....................................... 560 Recovering from root Authentication Failure .....
Figures Figure 1-1: Figure 1-2: Figure 1-3: Figure 1-4: Figure 2-1: Figure 2-2: Figure 2-3: Figure 3-1: Figure 3-2: Figure 3-3: Figure 3-4: Figure 4-1: Figure 4-2: Figure 4-3: Figure 4-4: Figure 4-5: Figure 4-6: Figure 4-7: Figure 4-8: KVM Port Permissions Hierarchy .............................. 35 Web Manager Login Fields With KVM Port Direct Access Enabled46 OnSite VPN Example ................................................. 54 Temperature Sensor Graph..........................................
Figure 4-9: Figure 4-10: Figure 5-1: Figure 5-2: Figure 5-3: Figure 5-4: Figure 5-5: Figure 5-6: Figure 5-7: Figure 5-8: Figure 5-9: Figure 5-10: Figure 5-11: Figure 5-12: Figure 5-13: Figure 6-1: Figure 6-2: Figure 6-3: Figure 6-4: Figure 6-5: Figure 6-6: Figure 6-7: Figure 6-8: xvi IPDU Multi-Outlet Ctrl Screen ................................ 155 Web Manager Temperature Sensor Screen ............... 158 Example Web Manager Window in Wizard Mode ... 162 Web Manager Wizard Step 1: Security Profile ......
Figure 6-9: Figure 6-10: Figure 6-11: Figure 6-12: Figure 6-13: Figure 6-14: Figure 6-15: Figure 6-16: Figure 6-17: Figure 6-18: Figure 6-19: Figure 6-20: Figure 6-21: Figure 6-22: Figure 6-23: Figure 6-24: Figure 6-25: Figure 6-26: Figure 6-27: Figure 6-28: Figure 6-29: Figures Web Manager IPDU Multi-Outlet Ctrl ..................... 202 Web Manager Access>IPMI Power Mgmt. Screen .. 204 Web Manager IPMI Power Mgmt. “Add/Edit IPMI Device” Dialog Boxes .....................................
Figure 6-30: Web Manager Serial/AUX>Physical Ports>Data Figure 6-31: Figure 6-32: Figure 6-33: Figure 6-34: Figure 6-35: Figure 6-36: Figure 6-37: Figure 6-38: Figure 6-39: Figure 6-40: Figure 6-41: Figure 6-42: Figure 6-43: Figure 6-44: xviii Buffering Fields and Menu Options.......................... 243 Web Manager Configuration>Serial/AUX> Physical Ports>Multi User Screen ............................ 245 Web Manager Configuration>Serial/AUX> Physical Ports>Power Management Screen..............
Figure 6-45: Web Manager Configuration>Inband Edit Screen.... 274 Figure 6-46: Web Manager Configuration>Security Menu Figure 6-47: Figure 6-48: Figure 6-49: Figure 6-50: Figure 6-51: Figure 6-52: Figure 6-53: Figure 6-54: Figure 6-55: Figure 6-56: Figure 6-57: Figure 6-58: Figure 6-59: Figure 6-60: Figure 6-61: Figure 6-62: Figure 6-63: Figure 6-64: Figures Options ...................................................................... 275 Web Manager Authentication Tab Options ...............
Figure 6-65: Web Manager Configuration>Network> ........................ Figure 6-66: Figure 6-67: Figure 6-68: Figure 6-69: Figure 6-70: Figure 6-71: Figure 6-72: Figure 6-73: Figure 6-74: Figure 6-75: Figure 6-76: Figure 6-77: Figure 6-78: Figure 6-79: Figure 6-80: Figure 6-81: Figure 6-82: Figure 6-83: xx Host Settings Screen ................................................. 299 Web Manager Configuration>Network>Host Settings Screen—No DHCP .....................................
Figure 6-84: “New/Mod SNMP v1 v2” Configuration Dialog Box ............................................................................ 325 Figure 6-85: “New/Mod SNMP v3” Configuration Dialog Box ... 325 Figure 6-86: Web Manager Configuration>Network> Firewall Configuration Screen .................................. 327 Figure 6-87: Firewall Configuration “Edit Chain” Dialog Box.....
Figure 6-102: Firewall Configuration “Add Rule” and “Edit Rule” Input and Output Interface Fields and Fragments Menu Options............................................................ 337 Figure 6-103: Firewall Configuration “Add Rule” and “Edit Rule” LOG Target Fields..................................................... 338 Figure 6-104: Firewall Configuration “Add Rule” and “Edit Rule” REJECT Target Menu Options .................................
Figure 6-121: Web Manager Information>Serial Port Statistics Screen........................................................................ 362 Figure 6-122: Web Manager Management Menu Options .............. 363 Figure 6-123: Web Manager Management>Backup Configuration Screen........................................................................ 364 Figure 6-124: Backup Configuration Screen—Storage Device....... 365 Figure 6-125: Web Manager Management>Firmware Upgrade Screen.............................
Figure 7-16: Selecting SNMP From the OSD Network Figure 7-17: Figure 7-18: Figure 7-19: Figure 7-20: Figure 7-21: Figure 7-22: Figure 7-23: Figure 7-24: Figure 7-25: Figure 7-26: Figure 7-27: Figure 7-28: Figure 7-29: Figure 7-30: Figure 7-31: Figure 7-32: Figure 7-33: Figure 7-34: Figure 7-35: Figure 7-36: Figure 7-37: Figure 7-38: Figure 7-39: Figure 7-40: xxiv Configuration Menu .................................................. 400 OSD Configure>Network>SNMP Screens...............
Figure 7-41: Configure>User Station: Mouse/Keyboard Reset Figure 7-45: Screen........................................................................ 484 Configure>User Station: Mouse/Keyboard Reset Screen........................................................................ 484 Configure>User Station: Switch Next Screen........... 485 Configure>User Station: Switch Previous Screen .... 486 Configure>User Station: Port Info Screen ................ 487 Figure 8-1: /etc/openssl.cnf .....................
xxvi AlterPath OnSite Administrator’s and User’s Guide
Tables Table P-1: Table P-2: Table P-3: Table 1-1: Table 1-2: Table 1-3: Table 1-4: Table 1-5: Table 1-6: Table 1-7: Table 1-8: Table 1-9: Table 1-10: Table 1-11: Table 1-12: Table 1-13: Table 1-14: Table 1-15: Table 1-16: Table 1-17: Table 1-18: Table 1-19: Document Organization ............................................ xliv Typographic Conventions ......................................... xlvi Other Terms and Conventions.................................. xlvii OnSite Connectors and Intended Uses.....
Table 1-20: Table 1-21: Table 1-22: Table 1-23: Table 1-24: Table 1-25: Table 1-26: Table 1-27: Table 1-28: Table 1-29: Table 1-30: Table 1-31: Table 1-32: Table 1-33: Table 2-1: Table 2-2: Table 2-3: Table 2-4: Table 2-5: Table 2-6: Table 2-7: Table 2-8: Table 2-9: Table 2-10: xxviii Port Numbers, Names, Device Filenames, TCP Port Numbers .............................................................. 47 Tasks for Configuring TCP Port Numbers and Port Aliases ..............................................
Table 3-1: Table 3-2: Table 3-3: Table 3-4: Table 3-5: Table 3-6: Table 4-1: Table 4-2: Table 4-3: Table 4-4: Table 5-1: Table 5-2: Table 5-3: Table 5-4: Table 6-1: Table 6-2: Table 6-3: Table 6-4: Table 6-5: Table 6-6: Table 6-7: Table 6-8: Table 6-9: Table 6-10: Tables Connecting to KVM Ports Via Web Manager When Direct Access is not Enabled...........................130 Connecting to KVM Ports Via Web Manager When Direct Access is Enabled.................................
Table 6-11: Table 6-12: Table 6-13: Table 6-14: Table 6-15: Table 6-16: Table 6-17: Table 6-18: Table 6-19: Table 6-20: Table 6-21: Table 6-22: Table 6-23: Table 6-24: Table 6-25: Table 6-26: Table 6-27: Table 6-28: Table 6-29: Table 6-30: Table 6-31: Table 6-32: xxx Tasks for Configuring Serial Ports (General)............ 231 Protocols for Devices With Console Ports Connected to Serial Ports .......................................... 232 Protocols for Dumb Terminals Connected to Serial Ports ............
Table 6-33: Table 6-34: Table 6-35: Table 7-1: Table 7-2: Table 7-3: Table 7-4: Table 7-5: Table 7-6: Table 7-7: Table 7-8: Table 7-9: Table 7-10: Table 7-11: Table 7-12: Table 7-13: Table 7-14: Table 7-15: Table 7-16: Table 7-17: Table 7-18: Table 7-19: Table 7-20: Table 7-21: Table 7-22: Table 7-23: Tables Firmware Upgrade Screen Fields and Menu Items ...367 Microcode Filename Formats, Terminology, and Component.................................................................
Table 7-24: Table 7-25: Table 7-26: Table 7-27: Table 7-28: Table 7-29: Table 7-30: Table 8-1: Table 8-2: Table 8-3: Table 8-4: Table 8-5: Table 8-6: Table 8-7: Table 8-8: Table 9-1: Table A-1: Table A-2: Table A-3: Table A-4: xxxii Unique LDAP Authentication Server Configuration Screens [OSD]........................................................... 473 Configuration Screens for the Radius or TACACS+ Authentication Servers [OSD] ..................................
Procedures Chapter 2: Accessing Connected Devices and Managing Power ...................................................... 73 T T T T T T T T T T T T T T T T T T T T T T T To Log Into a Server Connected to a KVM Port ....................................... 95 To Select a Server From the Connection Menu......................................... 96 To Return to Previous Menus or to Exit .................................................... 96 To Share a KVM Port Connection....................................
Chapter 3: Web Manager Introduction................. 125 T T T T To Log Into the Web Manager................................................................. 128 To Connect to a KVM Port Through the Web Manager Login Screen ... 133 To Switch Between Expert and Wizard Modes....................................... 135 To Try or Save Web Manager Changes................................................... 138 Chapter 4: Web Manager for Regular Users........
T T T T T T T T T T T T T T T T T T T T T T T T T T Procedures To Delete, Add, or Edit an IPMI Device to Enable or Disable IPMI Power Management [Expert].......................................................... 206 To Manage Power on an IPMI Device [Expert] ...................................... 207 To Create a Menu for a Dumb Terminal [Expert] ................................... 209 To Enable Direct Access to KVM Ports [Expert]....................................
T T T T T T T T T T T T T T T T T T T T T T T T T T T T T T T T xxxvi To Configure an AUX Port for PPP [Expert] .......................................... 266 To Configure the Internal Modem [Expert]............................................. 267 To Choose a Method for Sending Notifications for Serial Port Data Buffering Events [Expert] ...............................................................
T T T T T T T T T T T T T T T T T T T T T To Configure SNMP [Expert].................................................................. 326 To Add a Chain [Expert].......................................................................... 339 To Edit a Chain [Expert].......................................................................... 340 To Edit a Rule [Expert]............................................................................ 341 To Add a Rule [Expert].......................................
T T T T T T T T T T T T T T T T T T T T T T T T T T T T T T T T xxxviii [OSD]....................................................................................................... 395 To Configure Basic Networking [OSD] .................................................. 399 To Edit a Host [OSD] .............................................................................. 419 To Delete a Host [OSD]...........................................................................
T T T T T T T T T T T T T T T T T T T T T T T T T T T Procedures To Give a User Access to KVM Ports [OSD] ......................................... 463 To Edit a User or Group’s Access to KVM Ports [OSD] ........................ 464 To Edit Permissions for the Generic User [OSD].................................... 465 To Delete a User From the User Access List [OSD] ............................... 465 To Configure a Syslog Server’s IP Address (OSD).................................
Chapter 8: Miscellaneous Procedures................. 501 T T T T T T T T T T T T T T T T T T T T T T T T T xl To Disable Web Manager Timeouts ........................................................ 502 To Specify the Location for the OTP Databases ..................................... 507 To Enable OTP and Configure the Location for OTP Databases............ 508 To Register and Generate OTP Passwords for Users .............................. 510 To Configure Groups for TACACS+ ......................
Chapter 9: Troubleshooting.................................. 559 T T T T T T T T T Procedures To Recover from root Authentication Failure ......................................... 561 To Restart the Web Manager ................................................................... 563 To Boot from an Alternate Image Using CLI.......................................... 568 To Boot in U-Boot Monitor Mode...........................................................
xlii AlterPath OnSite Administrator’s and User’s Guide
Before You Begin This administrator’s and users guide provides background information and procedures for installing, configuring, and administering the Cyclades™ AlterPath™ OnSite and for accessing connected servers and other connected devices. Audience This manual is intended for system administrators of the OnSite and for users who may be authorized to connect to devices, to manage power through the OnSite, and to monitor the OnSite’s temperature.
Document Organization The document contains the chapters listed and described in the following table. Table P-1: Document Organization Chapter Number and Title Description 1: Introduction Provides an overview of the features of the AlterPath OnSite along with necessary prerequisite information for understanding the rest of the information in this guide.
Table P-1: Document Organization (Continued) Chapter Number and Title Description 8: Troubleshooting Provides troubleshooting procedures. A: Specifications Lists specifications and protocols for hardware, security, console management, system management, server management via KVM, upgrades, and additional protocols supported.
Typographic and Other Conventions The following table describes the typographic conventions used in Cyclades manuals. Table P-2: Typographic Conventions Typeface Meaning Example Links Hypertext links or URLs Go to: http://www.cyclades.com. Emphasis Titles, emphasized or new words or terms See the AlterPath OnSite Quick Start. Filename or Command Names of commands, files, and directories; onscreen computer output. Edit the pslave.conf file.
The following table describes other terms and conventions. Table P-3: Other Terms and Conventions Term or Convention Meaning Examples Hot keys Hot keys are key sequences that perform certain actions. When hot keys are shown, a plus (+) appears between two keys that must be pressed at the same time, and a space appears between two keys that must be pressed sequentially. • Ctrl+k p entered while the user is connected to a KVM port brings up an IPDU power management screen.
Additional Resources The following sections describe how to get technical support, training, and software upgrades. Cyclades Technical Support Cyclades offers free technical support. To find out how to contact the support center in your region, go to: http://www.cyclades.com/support/ technical_support.php. Cyclades Technical Training To learn about the Cyclades Technical Training Center and the courses offered, visit http:www.cyclades.
Chapter 1 Introduction This chapter gives an overview of the features of the AlterPath OnSite and of how to use the features to securely access and manage connected servers and a large variety of other types of devices. This chapter also provides important prerequisite information for understanding the information and procedures in the rest of this manual. The following table lists the topics in this chapter.
2 Configuring Keyboard Shortcuts (Hot Keys) Page 63 Packet Filtering on the OnSite Page 65 AlterPath OnSite Administrator’s and User’s Guide
Connectors on the AlterPath OnSite Connectors on the AlterPath OnSite The following table describes the purpose of the connectors on the OnSite. How to connect servers and other devices to the connectors is described in the AlterPath OnSite Installation Guide. Table 1-1: OnSite Connectors and Intended Uses Connector Purpose Serial ports Connecting servers and other devices that have console ports, and dumb terminals. See “Serial Ports” on page 4.
Connectors on the AlterPath OnSite Serial Ports Serial ports provide remote access to many types of devices that have console ports. Servers running Linux, FreeBSD, Solaris, HP/UX, AIX, System V, or other UNIX operating systems, or Microsoft Windows 2003 with emergency management services (EMS) enabled can be managed over their console ports (or serial ports configured as console ports).
Overview of OnSite Features When a KVM port is accessed through the Web Manager the AlterPath Viewer appears and displays the video from the connected server. The connected user can launch applications directly on the server. KVM connections give real-time access to information that is otherwise inaccessible through in-band network interfaces. For example, BIOS access, POST, and boot messages are inaccessible through inband connections but are accessible through KVM connections.
Overview of OnSite Features The following table lists the security features that administrators can configure to control access to connected devices and to enforce the site’s security policies. The table also lists where the features are documented in more detail.
OnSite Authentication Options OnSite Authentication Options Anyone accessing the OnSite must log in by entering a username and password. Controlling access by requiring users to enter names and passwords is called authentication. The usernames and passwords entered during login attempts are checked against a database that lists all the valid usernames along with their encrypted passwords. Access is denied if either the username or password is not valid.
OnSite Authentication Options Note: KVM port authentication only applies when KVM ports are configured for direct access and a user accesses the KVM port from the Web Manager login screen. • For logins over dial-in connections to the OnSite through modems or wireless phone cards.
OnSite Authentication Options The following table lists the supported authentication methods and indicates which methods are available for the OnSite and which are available for devices connected to serial or to KVM ports. An administrative user can use the Web Manager and any administrator can use the CLI utility for configuring an authentication method for the OnSite and for KVM and serial ports and for configuring authentication servers.
OnSite Authentication Options Table 1-3: Supported Authentication Types (Sheet 2 of 6) Type Description OnSite KVM Ports Serial Ports Kerberos Down/Local Uses local authentication if Kerberos server is down. X X X Kerberos/Local Uses local authentication if Kerberos authentication fails. X LDAP Uses user/password configured on the LDAP (Lightweight directory access protocol) authentication server. No logins allowed if LDAP server is down or LDAP authentication fails.
OnSite Authentication Options Table 1-3: Supported Authentication Types (Sheet 3 of 6) Type Description OnSite LDAP/Local Uses local authentication if LDAP authentication fails X Local/LDAP Uses LDAP authentication if local authentication fails X NIS Uses user/password configured on the NIS authentication server. No logins allowed if NIS server is down or NIS authentication fails. X X NIS Down/Local Uses local authentication if NIS server is down.
OnSite Authentication Options Table 1-3: Supported Authentication Types (Sheet 4 of 6) Type Description OnSite KVM Ports Serial Ports NTLM (Windows NT/ 2000/2003 Domain) Uses user/password configured on the SMB authentication server (for Microsoft Windows NT/2000/2003 Domain). No logins allowed if SMB server is down or SMB authentication fails. X X N/A NTLM Down/Local Uses local authentication if SMB server is down. X X N/A OTP Uses the one-time password (OTP) authentication method.
OnSite Authentication Options Table 1-3: Supported Authentication Types (Sheet 5 of 6) Type Description OnSite KVM Ports Serial Ports RADIUS Down/Local Uses local authentication if RADIUS server is down. X X X RADIUS/Local Uses local authentication if RADIUS authentication fails. X X Local/RADIUS Uses RADIUS authentication if local authentication fails. X X TACACS+ Uses user/password configured on the Terminal Access Controller Access Control System (TACACS+) authentication server.
OnSite Authentication Options Table 1-3: Supported Authentication Types (Sheet 6 of 6) Type Description OnSite Local/TACACS+ Uses TACACS+ authentication if local authentication fails. X KVM Ports Serial Ports X Authentication Server Requirements If configuring any authentication method other than Local, OTP, or OTP/ Local, make sure an authentication server is set up for that method. The following list is a summary of the requirements for authentication servers.
OnSite Authentication Options Tasks for Configuring Authentication Administrative users usually use the Web Manager for configuring authentication.
OnSite Authentication Options Table 1-4: Tasks for Configuring Authentication Using the Web Manager (Continued) Task Where Documented Configure the authentication method for KVM port access or accept the default authentication method of None.
OnSite Authentication Options The following table shows the options for configuring authentication using the Web Manager, OSD or CLI utility.
OnSite Authentication Options Table 1-5: Tasks for Configuring Authentication Methods (Continued) Component Web Manager OSD CLI Modem, GSM, or CDMA PCMCIA Cards (for Dial-in Access)3 “Configuration>Network >PCMCIA Management” on page 305 Configure>PCMCIA cli> config network pcmcia [specify a slot number “1” or “2”] [specify modem | cdma | gsm] otpauthreq • “Configuring a Modem PCMCIA Card” on page 307 • “Configuring a GSM PCMCIA Card” on page 311 • “Configuring a GSM PCMCIA Card” on page 311 “To C
Types of Users Types of Users The AlterPath OnSite supports three types of users: • • • Predefined administrators who can administer the OnSite and its connected devices Optionally-added users who can access connected devices through the OnSite Optionally-added users who can act as OnSite administrators Responsibilities of Different User Types As summarized in the following table, two accounts, root and admin, are configured by default and cannot be deleted.
Types of Users Table 1-6: User Types, Responsibilities, and Default Password (Continued) User Name Responsibilities Default Password administratorassigned User account optionally configured by an administrator to be able to access devices connected to the ports of the AlterPath OnSite. Regular users can access only those devices that are connected to ports which they have permission to access.
Types of Users Table 1-7: User Configuration Settings Settings Notes Password Password used for accessing the OnSite. Group Regular User Admin (for administrative users) Shell Desired shell. Comments User information (the UNIX GECOS field) The administrator can also authorize a user to access devices connected to KVM ports and to manage power outlets on a connected AlterPath PM IPDU.
OnSite Security Profiles Table 1-8: Tasks for Configuring Users Tool Where Documented Web Manager • “To Add a User [Expert]” on page 294 • “To Assign KVM Ports to a User or Group [Expert]” on page 296 • “To Configure Serial Port Access for Users [Expert]” on page 240 • “To Configure Users to Manage Power Outlets on IPDUs [Expert]” on page 196 OSD • “To Configure Users [OSD]” on page 459 • “To Add a User [OSD]” on page 460 • “To Give a User Access to KVM Ports [OSD]” on page 463 • “To Configure Who Can
OnSite Security Profiles • • • • • ICMP SSHv1 SSHv2 SNMP Telnet • Whether the following types of access are permitted to serial ports: • • • SSH • Telnet • Raw connection • Bidirectional connections Whether authentication must be configured for serial ports. Whether “Direct access to KVM ports” is available. Direct access to KVM ports is available in the Open security profile and is configurable in the Custom security profile.
OnSite Security Profiles Table 1-9: Services and Other Functions Defined in Security Profiles (Sheet 2 of 2) Option IPSec RPC SNMP (enables the administrator to configure any version of SNMP) SSH Options • Allow root login using SSH • SSH v1, SSH v2 (allow or disallow) • SSH Port (assign an alternate port to SSH; default = 22) Telnet to OnSite TFTP Access to Serial Ports • • • • • Allow SSH to serial ports Allow Telnet to serial ports Allow raw connection to serial ports Allow bidirectional connection to
OnSite Security Profiles Table 1-10: Moderate Security Profile Services/Features (Continued) Enabled Services/Features Disabled Services/Features ICMP Default port numbers are not redefined: • HTTP port number = 80 • HTTPS port number = 443 SSH v1 SSH v2 IPSec • Allow SSH to serial ports • Allow Telnet to serial ports • Allow raw connection to serial ports RPC SNMP (no version allowed) SSH root login not allowed Default port number is not redefined: SSH port default = 22 Authentication not required
OnSite Security Profiles Table 1-11: Open Security Profile Services/Features (Continued) Option IPSec RPC SNMP (any version) SSH Options • • • • Allow root login using SSH SSH v1 SSH v2 SSH Port default = 22 Telnet to OnSite TFTP Access to Serial Ports • • • • • Allow SSH to serial ports Allow Telnet to serial ports Allow raw connection to serial ports Allow bidirectional connection to serial ports Authentication not required to access serial ports Access to KVM Ports • Direct access to KVM ports can b
OnSite Security Profiles Table 1-12: Secured Security Profile Services/Features (Continued) Enabled Services/Features Disabled Services/Features ICMP SSH to serial ports is allowed Not allowed: • • • • • SSH root login SSH to serial ports Telnet to serial ports Raw connection to serial ports Bidirectional connection to serial ports Authentication is required to access serial ports IPSec Direct access to KVM ports cannot be configured RPC Not allowed: All versions of SNMP SSH v1 SSH port default = 2
Notifications, Alarms, and Data Buffering Notifications, Alarms, and Data Buffering The administrator can configure system logging (syslogging), so that messages about the OnSite, any connected IPDUs, computers, or other connected devices can be sent to a syslog server for handling. The administrator can also configure data buffering to store data from communications on serial ports for possible monitoring.
Notifications, Alarms, and Data Buffering locations. The available facility numbers are: Local 0 through Local 7. The administrator of your syslog server should assign you a facility number. For this example, the syslog system administrator sets up a server called “syslogger” to handle log messages from two OnSites. One OnSite is located in São Paulo, Brazil, and the other OnSite is in Fremont, California.
Notifications, Alarms, and Data Buffering notifications can be configured to be sent to an OnSite administrator by one of the following methods: • • • SNMP trap Pager Email syslog-ng allows administrators to set up alarm triggers to filter messages based on the messages’ facility, level, or contents. Alarm triggers must be specified in the following format: function(“one_or_more_criteria_connected_by_operators”); Supported operators are “and,” “or,” and “not.
Encryption • administrative user an configure notifications to be sent either by email, pager, or SNMP trap.” on page 268 “Configuration>Network>Syslog” on page 303 Tasks: Configuring Logging, Alarms, and Data Buffering The following table lists the procedures related to configuring logging, alarms, and data buffering.
OnSite Port Permissions See “Configuration>Security” on page 275 for the Web Manager screen and a link to the procedure. OnSite Port Permissions In the default configuration, no users except “admin” and “root” can access any ports. The OnSite administrator can configure access for regular users as desired. The following table summarizes the default port access permissions and default authentication types (Auth Type) and provides links to where the port permissions are described in more detail.
OnSite Port Permissions KVM port permissions for generic users, for all other types of users and for groups are configured by assigning the following types of permissions: • • Default permissions that apply to all KVM ports Port access permissions that apply to individual ports or groups of ports. As shipped, the generic users’ default permission is “No access.” which means that no regular users can access any KVM ports.
OnSite Port Permissions KVM Port Permissions Hierarchy An administrator can give the same access to every user by modifying the Default Permission and also by specifying permissions for individual ports or groups of ports for the Generic User. Before trying to configure more finegrained control of users’ access to ports, the administrator needs to understand how the system handles requests from a user who is trying to access a KVM port.
OnSite Port Permissions User attempts to access KVM port 1. User has specific KVM port permissions Yes No 2. User is in one or more groups that have specific KVM port permissions Yes No 3. Generic User has specific KVM port permissions Yes No 4. User has default permissions defined Yes No 5. User is in one or more groups that have default permissions defined Yes Use specified permissions: no access, read-only, read-write, or read/write/power No 6.
OnSite Port Permissions Decision 2: Check Group’s KVM Port Permissions 2. Is the user a member of a group with specific KVM port permissions for the requested port? • • • If yes, the specified permissions apply: no access, read-only, readwrite, or read/write/power management. If a user is in more than one group with specific KVM port permission, the permissions are ANDed, and the most restrictive permission is used.
OnSite Port Permissions Example for Decision 3 • If user jerry is trying to access port 4, and the Generic User has port 4 in a list of ports with full access permissions, then jerry is given read writer and power management access. • If user jill is trying to access port 4, and the Generic User has port 4 in a list of ports with no access permissions, then jill is denied access.
Support for Multiple Types of Access • If no, go to decision 6. Example for Decision 5 • If user jordan trying to access port 4 is in a group called windows_ca1 that has a Default Permission of full, then jordan is given read/write and power management access. • If user jolanda trying to access port 4 is in a group called windows_ca2 that has a Default Permission of no access, then jolanda is denied access.
Support for Multiple Types of Access • • dial-in connection to the internal modem, optional phone or wireless cards in the PCMCIA slots, or one or two optional external modems Using applications such as telnet or ssh to connect to the console of devices that are connected to the OnSite’s serial ports Using PPP or a terminal emulation program to dial into a modem (with optional callback), get console access to the OnSite, and through the CLI utility either perform administration, access connected devices,
Support for Multiple Types of Access By connecting a terminal or computer running a terminal emulation program to the console port, an OnSite administrator can log into the OnSite as root and can enter commands from the on-board Linux command line or the OnSite CLI utility in the Linux shell.
Dial-in Access Types and Options Dial-in Access Types and Options Authorized users can dial into the OnSite through any of the three following types of devices: • • • • Internal modem Optional external modem connected to an AUX port Optional modem PCMCIA card Optional GSM or CDMA phone PCMCIA card All types of modems or phone cards can be accessed through PPP when the following prerequisites are done: • • The modem has been configured for PPP on the OnSite end.
Browser Access With the Web Manager The following table lists the modem installation and configuration procedures for the three types of modems, with links to where they are documented.
Port Access Prerequisites Port Access Prerequisites Connecting to a port and accessing a server or other device requires the following. • • • The user needs the username and password for a user account defined on the server or other device. To administer a device, the user needs root or administrator access. For other uses of a connected device, the user needs a regular user account on the device or on an authentication server, if authentication is enabled for the device.
Port Access Prerequisites After configuration, AdaptiveKVM provides network-efficient inband connections as long as the server is operational. When the Windows server is fully operational, the RDP protocol is used to provide access to the server. If the server is not fully operational and is not accepting RDP connections, AdaptiveKVM uses the KVM over IP connection to provide uninterrupted access to the managed device.
Port Access Prerequisites Conditions for Serial Port Access If port sharing is not enabled, then one user at a time can access a device connected to a serial port. If port sharing is enabled, multiple users can simultaneously access a device connected to a serial port. If two users have write access, only the first of the simultaneously connected users can write to the device. The second user who connects to the port gets read only access.
Port Access Prerequisites Figure 1-2: Web Manager Login Fields With KVM Port Direct Access Enabled The OnSite administrator can also configure an authentication method that applies to all KVM ports when the following conditions are true: • • The administrator has configured the KVM ports for direct access The user accesses the KVM port from the Web Manager login screen.
Port Access Prerequisites The options for configuring direct access to KVM ports in the Web Manager and in the OSD are listed in the following table, which provides links to more information.
Port Access Prerequisites Table 1-20: Port Numbers, Names, Device Filenames, TCP Port Numbers (Continued) Port or Slot Number Port Name on Web Manager KVM 1-8 Port_n ttyKn When a user connects to a KVM port through the Web Manager (KVM over IP), the AlterPath Viewer uses port 5900 by default. If a second IP module exists, port 5901 is used for a second KVM over IP session.
Port Access Prerequisites Special circumstances may require OnSite administrators to configure TCP port numbers different from the defaults. For example, a firewall may block TCP port 5900 or 5901. The OnSite administrator can assign a descriptive alias to each port to identify the connected computer. For example, if a SunBlade server is connected to KVM Port_3, the administrator could define Port_3’s alias to be “SunBlade,” so “Port_3” is replaced in the ports list by “SunBlade.
Power Management Power Management OnSite administrators and users who are authorized for power management can power off, power on, and reboot devices through the OnSite.
Power Management IPDU Power Management IPDU power management allows authorized users to control power for devices that are plugged into an AlterPath PM intelligent power distribution unit (IPDU), when the IPDU is connected to one of the OnSite’s two AUX ports and properly configured. Multiple AlterPath PM intelligent power distribution units (IPDUs) can be daisy-chained to allow power management of up to a total of 128 outlets per AUX port.
Power Management Power Management Configuration Tasks See the following table for power management configuration tasks and where they are described.
SNMP on the OnSite Table 1-23: Example CLI commands for Power Management Configuration Task CLI Command Configure a serial port for IPDU power management config physicalports portname powermanagement enable Configure a serial port for IPMI power management config physicalports portname powermanagement enableIPMI server IPMIdevicename SNMP on the OnSite The OnSite administrator can activate Simple Network Management Protocol (SNMP) agent software that resides on the OnSite so that the SNMP agent sends
VPN on the OnSite VPN on the OnSite The OnSite administrator can set up VPN (Virtual Private Network) connections to establish encrypted communications between the OnSite and an individual host or all the hosts on a remote subnetwork. The encryption creates a security tunnel for communicating through an intermediate network that is untrustworthy. A security gateway with the IPsec service enabled must exist on the remote network.
VPN on the OnSite In summary, you can use the VPN features on the OnSite to create the two following types of connections: • Create a secure tunnel between the OnSite and a gateway at a remote location so every machine on the subnet at the remote location has a secure connection with the OnSite. • Create a secure tunnel between the OnSite and a single remote host The gateway in the former example and the individual host in the second example both need a fixed IP address.
Monitoring Temperatures Table 1-25: Field and Menu Options for Configuring a VPN Connection (Continued) Parameter Names: Web Manager/OSD Definition ID The hostname of the host. The local host is the OnSite, referred to as the “left” host. The remote host is referred to as the “right” host. IP Address/Local IP The IP address of the host. NextHop The router through which the OnSite (on the left side) or the remote host (on the right side) sends packets to the host on the other side.
Monitoring Temperatures The temperature sensors are located at the following locations within the OnSite: • • • FPGA (field programmable gate array)[ Power supply CPU The following figure shows an example graph. Figure 1-4: Temperature Sensor Graph The graph displays new readings at a specified interval. The interval between temperature readings is shown in each graph’s heading.
Monitoring Temperatures The following table shows graph features that can be saved in reusable profiles. Table 1-27: Temperature Graph Parameters Field/Menu Use Default Allowed Values yGrid Boxes Specify a different number of rows 18 1-55 xGrid Boxes Specify a different number of columns 299 1-999 Each graph cell represent the interval between readings. Temp Values Specify one of two temperature values.
Monitoring Temperatures Table 1-27: Temperature Graph Parameters (Continued) Field/Menu Use Default Allowed Values Graph Type Chose another graph type. Line Graph • Line Graph • Bar Graph Grid Line Color Choose another color for the lines. white Graph BG Color • Select the background color.
Administering Users of Connected Devices ‘ In the “File Name” field, you can enter a name for a profile. When you click OK, the profile is saved in a list of profiles that appears when you click the “Set Profile from File” button. For how the OnSite administrative and regular users can monitor temperatures, go to “To Monitor the OnSite’s Temperature” on page 158.
Administering Users of Connected Devices • • Obtain usernames and passwords for connected devices to give to the users of connected devices. Create meaningful aliases to assign to port numbers to identify the devices to be connected Tasks for Configuring Connected Devices During hardware installation of the OnSite, the installer connects the servers and devices and any IPDUs and modems to the ports.
Administering Users of Connected Devices Table 1-28: Tasks for Configuring Access to Connected Devices (Continued) Task Where documented Chooses the connection protocol for serial ports [Default=Console (telnet)] • “To Configure a Serial Port Connection Protocol for a Console Connection [Expert]” on page 236 • “To Configure a Serial Port Connection Protocol for a Dumb Terminal [Expert]” on page 237 • “To Configure a Serial Port Connection Protocol for a Dumb Terminal [Expert]” on page 237 At any time t
Configuring Keyboard Shortcuts (Hot Keys) Configuring Keyboard Shortcuts (Hot Keys) Predefined keyboard shortcuts (also called hot keys) allow users to do the following: • • Perform common actions while connected through a KVM or serial port Emulate Sun keyboard keys while connected through a KVM port to a Sun server.
Configuring Keyboard Shortcuts (Hot Keys) Configuring Sun Keyboard Equivalent Hot Keys The OnSite provides a default set of hot keys for use while connected to Sun servers through KVM port to emulate keys that are present on Sun keyboards but are not present on Windows keyboards. The hot keys are made up of an escape key followed by a function key. See “Sun Keyboard Emulation Hot Keys” on page 87 for more details. The default escape key is the Windows key, which is labeled with the Windows logo.
Packet Filtering on the OnSite Table 1-30: Tasks for Redefining Hot Keys (Continued) Part Sun keyboard emulation escape key Web Manager: Where Documented OSD: Where Documented “To Redefine the Escape Key for Sun Keyboard Emulation Hot Keys [Expert]” on page 216. “Configure>KVM Ports Screens [OSD]” on page 436 Packet Filtering on the OnSite The OnSite administrator can configure the OnSite to filter packets like a firewall. IP filtering is controlled by chains and rules.
Packet Filtering on the OnSite Rules Each chain can have one or more rules that define the following: • The packet characteristics being filtered The packet is checked for characteristics defined in the rule, for example, a specific IP header, input and output interfaces, TCP flags and protocol. • What to do when the packet characteristics match the rule When a packet is filtered, its characteristics are compared against the rules one-by-one. All defined characteristics must match.
Packet Filtering on the OnSite Table 1-31: Filter Options for Packet Filtering Rules Filter Options Description Protocol You can select a protocol for filtering from one of the following options: • ALL • “Numeric Protocol Options” on page 67 • “TCP Protocol Options” on page 68 • “UDP Protocol Options” on page 68 • “ICMP Protocol Options” on page 68 Input Interface The input interface (ethN) used by the incoming packet. Output Interface The output interface (ethN) used by the outgoing packet.
Packet Filtering on the OnSite TCP Protocol Options If you select TCP as the protocol when specifying a rule, you can define the following options. Table 1-32: TCP Protocol Packet Filtering Options Field/Menu Option Definition Source Port - OR Destination Port You can specify a source or destination port number for filtering in the “Source Port” or “Destination Port” field.
Packet Filtering on the OnSite • • • • • • • • • • • • • • • • • • • • • • • • • • destination-unreachable network-unreachable host-unreachable port-unreachable fragmentation needed source-route-failed network-unknown host-unknown network-prohibited host-prohibited TOS-network-unreachable TOS-host-unreachable communication-prohibited host-precedence violation precedence-cutoff source-quench redirect network-redirect host-redirect TOS-network-redirect echo-request router-advertisement router-solicitation t
Packet Filtering on the OnSite • • • RETURN LOG REJECT If the “LOG” and “REJECT” targets are selected, additional options are available. The following table describes the options for the “LOG” Target. Options Definition Log Level emerg alert crit err warning notice info debug Log Prefix The prefix to use in the log entry. TCP Sequence Includes the TCP sequence in the log. TCP Options Includes TCP options in the log. IP Options Includes IP options in the log.
Packet Filtering on the OnSite • • echo-reply tcp-reset Firewall Configuration Procedures The following table has links to the procedures for defining packet filtering using the Web Manager. To Add a Chain [Expert] Page 339 To Edit a Chain [Expert] Page 340 To Edit a Rule [Expert] Page 341 To Add a Rule [Expert] Page 341 For information about defining packet filtering in the OSD, see “Configure>Network>IP Filtering Screens [OSD]” on page 408.
Packet Filtering on the OnSite 72 AlterPath OnSite Administrator’s and User’s Guide
Chapter 2 Accessing Connected Devices and Managing Power This chapter gives an overview of the options for accessing servers and other devices that are connected to the ports on the OnSite and for performing power management through the OnSite. The following table lists the topics in this chapter.
To Share a KVM Port Connection Page 97 To Cycle Through All Authorized KVM Ports Page 97 To Connect to the Next Authorized KVM Port Page 98 To Connect to the Previous KVM Port from the Current KVM Port Page 98 To Adjust Brightness and Cable Length in the AlterPath Viewer Page 98 To Reset the Keyboard and Mouse in the AlterPath Viewer Page 99 To Power On, Off, or Cycle a Server While Connected to a KVM Port Page 100 To View Information About a KVM Port While Connected Page 100 To Connect Thro
Options for Accessing Connected Devices Options for Accessing Connected Devices Authorized users are users who have been authorized to access one or more ports on the OnSite. See “OnSite Port Permissions” on page 32 and “OnSite Port Permissions” on page 32 for more information. Note: Only one administrative user can be logged into the CLI, Web Manager, or OSD at a time.
Power Management Chapter 7, “OSD for All User Types” for how to access connected devices through the OSD. • Dumb terminal—for accessing the OnSite or devices connected to serial ports through the OnSite See “To Connect Through a Dumb Terminal to a Server or to the OnSite” on page 102. • Modem or PCMCIA modem or wireless phone card—for dial-in/callback access to the OnSite through PPP or a terminal emulator See “Support for Multiple Types of Access” on page 38, for the types of modems supported.
Using the AlterPath Viewer The following table lists the options for OnSite administrators and regular users for performing power management. Table 2-1: Power Management Options in the Web Manager Type Where Documented IPDU power management For administrative users: • “Access>IPDU Power Mgmt.” on page 193 • “To View Status, Lock, Unlock, Rename, or Cycle Power Outlets” on page 150 • “To View and Reset IPDU Information [Expert]” on page 153 For authorized users: • “IPDU Power Mgmt.
Using the AlterPath Viewer If no one else is logged in, a login screen or prompt from the server appears like the example in Figure 2-1. If the user exits the AlterPath Viewer without logging out of the server, the login persists until the next time a connection is made to the server, unless the server or another user has closed the session.
Ending an AlterPath Viewer Session Ending an AlterPath Viewer Session The four ways you can end an AlterPath Viewer session are listed below: • • • • Select “Exit Viewer Client” from the AlterPath Viewer Shortcuts menu. Use a hot key sequence (Ctrl+k q) to bring up the Connection menu, then select the “Exit” option. Let the session time out. Click the Esc key. Configuring the AlterPath Viewer You can configure the AlterPath Viewer settings from the top menu on the viewer.
Configuring the AlterPath Viewer The following table describes the items in the Options menu, which you can change as needed for your own requirements. Table 2-2: AlterPath Viewer Options Menu Menu Selection Description Force Screen Refresh Refreshes the viewer. Force Screen Auto Alignment Switches to Auto Alignment mode, which may change the position of the viewer. (You can manually configure Screen Alignment by going to Options>Viewer Options>Screen Alignment.
Configuring the AlterPath Viewer Setting the AlterPath Viewer Options The Viewer Options window allows you to align or position the viewer window and to fine tune the image. The configuration for these settings may vary from one system to another. The following table defines the fields and menu items. Table 2-3: AlterPath Viewer>Options>Viewer Options Menu Field or Menu Item Function Horizontal Offset The horizontal coordinate for positioning the AlterPath Viewer on the screen (default = 0).
Configuring the AlterPath Viewer Table 2-3: AlterPath Viewer>Options>Viewer Options Menu Field or Menu Item Function Contrast Move the slider to the right to increase screen contrast. AlterPath Viewer Connection Menu The following table describes the AlterPath Viewer Connection menu options.
What You See When Connected to a KVM Port Table 2-4: AlterPath Viewer Connection Menu Options (Continued) Menu Selection Function Low Color Limits color depth to use less bandwidth Gray Scale Limits bandwidth usage Low Gray Scale Limits bandwidth to the minimum What You See When Connected to a KVM Port When anyone connects to a KVM port, if no one else is logged in, a login screen or prompt from the server appears like the example in the following figure.
Shortcuts While Connected to KVM Ports Figure 2-2 shows an example login dialog for a Windows 2000 server. If a connection is made to a Linux server without a graphical display, a “Login” prompt appears. Shortcuts While Connected to KVM Ports Three types of shortcuts allow authorized users connected to a KVM port to perform common actions, and in some cases the shortcuts launch screens for performing certain tasks.
Shortcuts While Connected to KVM Ports • The Print Screen key See “Print Screen Key” on page 85. • Predefined keyboard shortcuts (also called hot keys) See “KVM Port Shortcut Hot Keys” on page 86. Print Screen Key The Print Screen key gives you access to most of the actions that can be accessed by the hot keys. (The key has different labels on different keyboards, such as “Prt Scr” and “Prt Sc.”) Figure 2-3: Print Screen Menu Table 2-6 lists and describes the options on the Print Screen Menu.
Shortcuts While Connected to KVM Ports Table 2-6: Print Screen Menu Options (Continued) Option Description Sync Mouse/Keyboard Same as KVM port hot key Ctrl+k s (see Table 2-7). Adjust Video Same as KVM port hot key Ctrl+k v (see Table 2-7). Switch to Next Same as KVM port hot key Ctrl+k . (see Table 2-7). Switch to Previous Same as KVM port hot key Ctrl+k , (see Table 2-7). KVM Port Shortcut Hot Keys The default KVM port shortcut hot keys are described in the following table.
Shortcuts While Connected to KVM Ports Table 2-7: Default KVM Port Connection Hot Keys (Continued) Key Combination Action Ctrl+k p Power management. Brings up the Power Management screen with the options to turn on, off, or cycle the power for outlets to which the current server is connected. Note:Cycling is only available for local users through the OSD. See “To Power On, Off, or Cycle a Server While Connected to a KVM Port” on page 100 for the procedure. Ctrl+k . Next port.
Sun Keyboard Emulation Hot Keys Table 2-7: Default KVM Port Connection Hot Keys (Continued) Key Combination Action Ctrl+k s Reset keyboard and mouse. Brings up a Keyboard Reset screen. Allows you to reset the keyboard and mouse if the server stops responding to input. See “To Reset the Keyboard and Mouse in the AlterPath Viewer” on page 99. The OnSite administrator may redefine the KVM port connection hot keys, as described in “Configuring Keyboard Shortcuts (Hot Keys)” on page 63.
Sun Keyboard Emulation Hot Keys For example, to use the Sun Find key, you would press the Windows key at the same time you press the F9 function key.
Connection Menu Connection Menu The Connection Menu appears in the following cases: • When an OnSite administrator selects “Connect” from the OSD Main Menu • When a regular user logs into the OSD • When anyone who is connected to a KVM port enters the quit hot key sequence (see Table 2-7 on page 86) For an administrative user, the Connection Menu lists all the KVM ports. For a regular user, the Connection Menu displays only the KVM ports the user is authorized to access.
Cycling Among KVM Ports in the OSD • Type one or more keys that uniquely identify an option if it is not visible in the screen, and then press Enter to complete the name in the text field. For example, if you type “c” in the text field, pressing Enter completes the word “Cycle” in the field. You press Enter after choosing the Cycle option to start cycling. Cycling Among KVM Ports in the OSD Cycling enables users to view a series of servers connected to KVM ports that the users are authorized to view.
Sharing KVM Port Connections Cycle Using a Hot Key Sequence Users can use hot keys to move from viewing one server to another while connected to a KVM port either through the OSD or the Web Manager. See “To Connect to the Next Authorized KVM Port” on page 98 and “To Connect to the Previous KVM Port from the Current KVM Port” on page 98. Sharing KVM Port Connections Two authorized users can connect simultaneously to a single KVM port.
Sharing KVM Port Connections Quit this session Ends the connection attempt and returns the user to the Connection Menu. Connect read only Connects the user in read-only mode and sends this notice to the current user: User Has Read-Write or Full Access Permissions If the connecting user has either read-write, or full access permissions for the KVM port, additional menu options appear, as shown in the following figure.
Common Procedures for Accessing KVM Ports Kill other session Kills the existing session and connects the new user in read-write mode. Sends the following notice to the current user and disconnects that user: See “To Share a KVM Port Connection” on page 97 for the procedure.
Common Procedures for Accessing KVM Ports Table 2-9: Common Procedures While Connected to KVM Ports To Connect to the Previous KVM Port from the Current KVM Port Page 98 To Adjust Brightness and Cable Length in the AlterPath Viewer Page 98 To Reset the Keyboard and Mouse in the AlterPath Viewer Page 99 To Power On, Off, or Cycle a Server While Connected to a KVM Port Page 100 To View Information About a KVM Port While Connected Page 100 T To Log Into a Server Connected to a KVM Port Perform this
Common Procedures for Accessing KVM Ports The procedures for navigating among KVM ports are the same whether you connected to the port through the OSD or the Web Manager. See Table 2-9, “Common Procedures While Connected to KVM Ports,” on page 94 for procedures. T To Select a Server From the Connection Menu This procedure assumes you have accessed the Connection Menu screen, either through the OSD or through entering the hot key in an AlterPath Viewer.
Common Procedures for Accessing KVM Ports T To Share a KVM Port Connection Follow this procedure after connecting to a KVM port (as described in “To Log Into a Server Connected to a KVM Port” on page 95), if you find that another user is already connected to the same KVM port. A screen appears with the notice: “This port is connected to another station” and presents two or more options. See “Sharing KVM Port Connections” on page 92 for details about the notification screens, if needed. 1.
Common Procedures for Accessing KVM Ports a. If the “Cycle” option is not visible, type the letter c in the field and press Enter to highlight the Cycle option. b. Click “Enter” to select the “Cycle” option. The Server Selection Menu appears. 3. To abort the process and close the session, enter the quit hot key again. T To Connect to the Next Authorized KVM Port While you are connected to a server through a KVM port, do the following to connect to another server you have permission to access.
Common Procedures for Accessing KVM Ports • You can adjust for varying cable lengths on the following screens: • On Automatic control screen’s “Adjustment” scale • On the Manual control screen “Cbl Len Adj” scale. Chose lower values for longer cables. For example, for a 500-foot cable, the setting might be 10 or 20. For a shorter cable of 6 or 3 feet, a value of 128 or 150 is more appropriate. The correct setting can avoid poor video quality. 1.
Common Procedures for Accessing KVM Ports T To Power On, Off, or Cycle a Server While Connected to a KVM Port This procedure assumes the prerequisites in “Power Management” on page 76 are complete. The default power management hot key sequence is: Ctrl+k p. Power management while connected is the same whether the KVM port connection was made through the OSD or the Web Manager. 1. Log into the OnSite, connect to the port, and log into the server.
Serial Port Connections See “To Log Into a Server Connected to a KVM Port” on page 95, if needed. 2. Use the information hot key (default=Ctrl+k i). The following screen appears. 3. Click “Esc” to exit the KVM Port Information screen and return to the connected server. Serial Port Connections A serial port may be connected to the following two types of devices: • A headless server or other device that has a console port. This is the most common use of a serial port.
Serial Port Connections When a Dumb Terminal is Connected to a Serial Port If the dumb terminal is configured as a dedicated terminal, a session starts up on the designated server with the administratively-defined connection protocol. For example, if the administrator has assigned the Telnet protocol when configuring the dumb terminal’s serial port, a viewer launches running a telnet session on the console of the specified server.
Serial Port Connections 1. Turn on the terminal. If the dumb terminal is configured as a dedicated terminal, a session with the administratively-defined connection protocol starts up on the server. If the dumb terminal is configured as a local terminal with access to the OnSite, either of the two following appears: • A login prompt that allows you to log into the OnSite as root on the command line and run the CLI or any other commands recognized by the Linux operating system.
Serial Port Connections The Java applet viewer shows the serial port number or administrativelydefined alias. The message at the top of the screen shows the IP address of the OnSite followed by the TCP port number. In the previous screen example, the IP address is 192.168.45.33 and the TCP port number is 7002 (the default TCP port number for serial “Port 2”). You can send a break to a server using the SendBreak button and disconnect from the device using the “Disconnect” button.
Serial Port Connections 1. To use telnet on the command line in a shell, enter the following command: telnet hostname | IP_address TCP_port_number 2. To use telnet in a terminal emulation program that provides a telnet client, enter the IP address in the destination field and the TCP port number in the port field. T To Use SSH to Connect to a Device Through a Serial Port For this procedure, you need the hostname of the OnSite or its IP address and the TCP port number for the serial port.
Serial Port Connections The ssh session is started on the connected device’s console port and the login prompt or dialog box appears, as shown in the following screen example. 3. Login using the appropriate login name for the type of work you are authorized to do on the port.
Serial Port Connections T To Log Into a Device’s Console Through a Serial Port See “Serial Port Connections” on page 101 for background information, if needed.Selecting a port number or alias and 1. Connect to the port. a. To connect to the serial port through the Web Manager, do the following steps. i. Log into the Web Manager. If needed, see “To Log Into the Web Manager” on page 128. ii. Select the serial port number or alias from the pull-down menu on the “Connect to Server” screen. iii.
Serial Port Connections See “To Log Into a Device’s Console Through a Serial Port” on page 107, if needed. The Java applet appears. 2. Enter the hot key to bring up the power management menu. Ctrl+p is the default IPDU power management hot key. Ctrl+Shift+i is the default IPMI power management hot key. If you do not have any power management permissions, the following message appears. It was impossible to start a Power Management Session. You cannot access any Power Management functionality.
Serial Port Connections IPDU a1 Outlet 8: -----------------------------------------------Cyclades Corporation - Power Management Utility -----------------------------------------------1 - Exit 4 - Off 7 - Unlock 2 - Help 3 - On 5 - Cycle 6 - Lock 8 - Status 9 - Interval 10 - Other Please choose an option: If you have permission to perform IPMI power management while connected to this serial port, the following menu appears.
Serial Port Connections The following message appears. Exit from PM session T To Use ts_menu to Connect to a Serial Port 1. Log into the OnSite in one of the following ways. a. Log in as “root” locally through the console port. b. Log in as “root” by using telnet or ssh. i. Make sure the port is configured for the connection protocol you want to use.
Serial Port Connections 2. Enter the ts_menu command at the prompt. [root@rskvm root]# ts_menu The ts_menu displays a numbered list of all the serial ports you are authorized to access showing their device names or any aliases configured for the ports, as in the following example. Serial Console Server Connection Menu for your Master Terminal Server 1 ttyS1 2 ttyS2 3 ttyS3 4 ttyS4 5 ttyS5 6 ttyS6 7 ttyS7 8 ttyS8 Type 'q' to quit, a valid option[1-8], or anything else to refresh: 3.
Dial-in Connections Dial-in Connections “Dial-in Connections” on page 112 lists the types of devices that can be used for dial-in access to the OnSite. You use either of the following methods to dial in: • PPP (when dialing into any of the supported modems) Once the connection is made, all requests to access the specified IP address are routed through the PPP connection. For example, if you enter the specified IP address in a browser, the browser connects to the OnSite through the dial-in connection.
Dial-in Connections Before configuring PPP, you need the following: • • A modem connected to your computer. The phone number of the line that is dedicated to the OnSite modem you want to access. • If authentication is required for the device into which you dial, you need a username and password for a user account on the OnSite. The following table lists the related procedures and where they are documented.
Dial-in Connections T To Configure a Reusable PPP Connection Perform this procedure on a remote computer with a modem to do the following: • Assign a name and define the parameters for a PPP connection profile that can be re-used for dialing into the OnSite. Defining a reusable “connection” with a name and the desired parameters saves users the trouble of entering the phone number, username, and password every time they want to dial into the OnSite. • Optionally configure callback.
Dial-in Connections 8. Type the phone number for the OnSite’s modem in the “Phone number” field and click “Next>.” The “Internet Account Information” screen appears. 9. Type the username for accessing the OnSite in the “User name” field. 10. Type the password for accessing the OnSite in the “Password” and “Confirm Password” field and click “Next>.” 11. Click the “Finish” button. The “Connect connection_name” dialog appears. 12. Click the “Cancel” button.
Dial-in Connections Note: The following steps work if you are on a computer running Windows XP. The steps are different on computers running other Windows versions or other operating systems, but you can use these steps as an example. 1. From the Start menu, go to My Computer>My Network Places. 2. Under “Network Tasks,” click “View network connections.” 3. Double-click the name of the connection in the list. The “Connect connection_name” dialog appears.
Dial-in Connections 5. Select a country or region from the “Country/region” pull-down menu. 6. Fill in the “Area Code” and “Phone number” fields. 7. Select the modem from the “Connect using” pull-down menu, and click OK. The new connection appears in the list of connections appearing on the “Open” menu. T To Dial Into the OnSite Using a Terminal Emulator This procedure requires a PCMCIA modem card installed on the OnSite.
Obtaining and Using One Time Passwords for Dial-ins 3. If call back is enabled, enter cbuser at the user name prompt. Obtaining and Using One Time Passwords for Dial-ins This section is for users who are authorized to dial into the OnSite through a modem or phone PCMCIA card if the one time password (OTP) authentication method is configured for dial-ins to that device. If you are not sure, ask your OnSite administrator.
Obtaining and Using One Time Passwords for Dial-ins Some sites choose to print out hard copy lists of OPIE passwords for their users and deliver them by methods such as FAX or FedEx. OR • Make sure users are equipped with an OTP generator that is not on the network to generate their own OTP passwords when challenged at login time. The OTP generator may be a copy of the opiekeys program installed on the user’s workstation, or it may be an OTP token card.
Managing IPDU Outlets With PM Commands The opiekey program generates a six word OTP password, such as GOLD ARK FISH DOVE SON ZION. 3. Copy the OTP password to the window where the login program is waiting with the “Response” prompt. Response: GOLD ARK FISH DOVE SON ZION $ The user’s sequence number is decremented in the OnSite-resident opiekeys file.
Managing IPDU Outlets With PM Commands Use a1 to specify AUX port 1 and a2 to specify AUX port 2. For example, to manage power on an IPDU connected to AUX port 1, you would enter the command as shown in the following screen example. [root@ONS root]# pm a1 - OR [root@ONS root]# pmCommand a1 The pmCommand entered alone on the Linux command line displays usage guidelines, as shown in the following screen example.
Managing IPDU Outlets With PM Commands [root@ONS root]# pmCommand a1 -----------------------------------------------------------Cyclades Corporation Power Management Command Prompt v1.
Managing IPDU Outlets With PM Commands [AuxPort1] help on|off -------------- Turn on|off outlets lock|unlock --------- Lock|unlock outlets in current state cycle --------------- Power cycle outlets interval|buzzer ----- Set/read the power up interval|buzzer syslog|alarm -------- Set/read syslog notifications|alarm status temperature|current - Set/read/reset the temperature|current currentprotection --- Set/read the over current protection name ---------------- Name an outlet status -------------- Display s
Managing IPDU Outlets With PM Commands -----------------------------------------------------------Cyclades Power Management Menu PowerPort: AuxPort1 -----------------------------------------------------------1. Exit 7. Status 13. Who Am I 19. Restore 2. On 8. Interval 14. Help 20. Save 3. Off 9. Name 15. Buzzer 21. Syslog 16. Current Protection 22. Alarm 4. Cycle 10. Current 5. Lock 11. Temperature 17. Factory Default 6. Unlock 12. Version 18. Reboot Please choose an option: 3.
Chapter 3 Web Manager Introduction This chapter describes the rules and prerequisites for accessing the Cyclades Web Manager on the OnSite, introduces the Wizard and Expert modes, and describes how to log in. This chapter also provides important prerequisite information for understanding the information and procedures in the rest of this manual. The following table lists the topics in this chapter.
Accessing the Web Manager Accessing the Web Manager Both OnSite administrative users and authorized users can access the Web Manager from a browser. OnSite administrative users who are logging into the Web Manager to perform OnSite configuration and any user logging in to monitor the OnSite’s temperature or to perform IPDU power management can use any modern browser (such as Internet Explorer 5.5 or above, Netscape 6.0 or above, Mozilla or Firefox).
Prerequisites for Using the Web Manager Figure 3-1: Web Manager Prompt When Another Administrative User is Logged In If the dialog in Figure 3-1 appears, the administrator clicks the “Yes” button to log in and force the other administrative user to be logged out. Any number of regular users can connect to the Web Manager at the same time. Prerequisites for Using the Web Manager The prerequisites describedin this section must be complete before anyone can access the Web Manager.
Prerequisites for Using the Web Manager If DHCP is enabled and you do not know how to find out the current IP address of the OnSite, contact the OnSite’s installer for help. • The user account must be defined on OnSite By default, the “admin” has an account on the Web Manager. An administrative user can create regular user accounts and authorize them to access connected devices using the Web Manager. T To Log Into the Web Manager 1.
Other Web Manager Login and Port Connection Options and Requirements See Chapter 5, “Web Manager Wizard Mode,” for how to perform configuration in Wizard mode. • • At all other logins by administrative users, Web Manager Expert mode is the default mode. See Chapter 6, “Web Manager for Administrators,” for how to perform configuration in Expert mode. If another administrator is already logged in as “admin,” a dialog box appears. 4.
Other Web Manager Login and Port Connection Options and Requirements KVM Port Connection Options This section describes the different ways that OnSite administrators and authorized users access servers connected to KVM ports through the Web Manager.
Other Web Manager Login and Port Connection Options and Requirements Figure 3-2: Web Manager Login Fields With KVM Port Direct Access Enabled, Only IP Address Entered If you enter the port’s alias or default portname along with the IP address you can connect directly to a KVM port without logging into the Web Manager first. The required format for specifying the port name along with the IP address is: IP_address/login.
Other Web Manager Login and Port Connection Options and Requirements Figure 3-3: Web Manager Login Fields With KVM Port Direct Access Enabled and a Port Number in the URL 132 AlterPath OnSite Administrator’s and User’s Guide
Other Web Manager Login and Port Connection Options and Requirements Table 3-2 gives the sequence for logging into servers connected to KVM ports when direct access to KVM ports is enabled. Table 3-2: Connecting to KVM Ports Via Web Manager When Direct Access is Enabled Login Sequence Where Documented 1. You enter the OnSite’s IP address in a browser. • “To Connect to a KVM Port Through the Web Manager Login Screen” on page 133. The Web Manager login screen comes up with “port name” field. 2.
Other Web Manager Login and Port Connection Options and Requirements where IP_address is the IP address of the OnSite and port_alias is the default port name or alias assigned to the KVM port. • If DHCP is not enabled, use a static IP address assigned by the network administrator to the OnSite. • If DHCP is enabled, enter the dynamically-assigned or fixed IP address. The Web Manager login screen appears with the “port name” field.
Web Manager Inactivity Timeouts Web Manager Inactivity Timeouts An inactivity timeout period is set in the Web Manager for security. An administrator who knows the root password can change the timeout value as described in Chapter 8, “Miscellaneous Procedures.” Web Manager Modes The Web Manager has the two following modes when an administrative user is logged in: • • Wizard Expert An administrative user can toggle between the modes by clicking one of the two buttons shown below.
Common Features of Administrative User’s Windows Common Features of Administrative User’s Windows The features of all Web Manager windows for OnSite administrative users are described in the following sections. Administrative User’s Control Buttons The following figure shows the control buttons that display at the bottom of the window when an administrative user is logged into the OnSite. Figure 3-4: Web Manager Administrative Users’ Buttons The following table describes the uses for each control button.
Common Features of Administrative User’s Windows Table 3-4: Administrator’s Control Buttons (Continued) Button Name Use The unsaved changes button appears on the lower right hand corner of the Web Manager and a red graphical LED blinks whenever the current user has made any changes and has not yet saved the changes. The no unsaved changes button appears and a green graphical LED appears when no changes have been made that need to be saved.
Common Features of Administrative User’s Windows Table 3-5: Options for Trying, Saving, and Restoring Configuration Changes (Continued) Option Action Result Apply changes Click the “apply changes” button If “try changes” has not been previously clicked, updates the appropriate configuration files. The first time changes are “applied,” creates a compressed copy of the configuration files in a backup directory. Subsequently overwrites the backed-up copy of the configuration files.
Chapter 4 Web Manager for Regular Users This chapter provides procedures and requirements for regular users to use the Web Manager to do the following tasks: • • • • Access computers and devices that are connected to ports on the OnSite Perform IPDU power management Change the current password Monitor the temperature of the OnSite Regular users are users who have accounts configured on the OnSite and who are not in the “admin” group.
Features of Regular Users’ Windows Features of Regular Users’ Windows The following figure shows features of the Web Manager when regular users log in. Logout button and OnSite information area Left menu The menu is on the left. The contents of the screen in the middle change according to which menu option is selected. The following table describes the logout button, the information area, and the Help button.
Connect to Server Table 4-1: Logout Button and Other Information in the Upper Right (Continued) WIndow Area Purpose Brings up the online help with information about the current screen. The following table lists the sections where the options on the user’s menu are described. Connect to Server Page 141 IPDU Power Mgmt. [User] Page 148 IPDU Power Mgmt.
Connect to Server Figure 4-1: Connect to Server Screen [User] On the latest versions of the OnSite hardware, an additional link appears at the lower right of the screen, as shown in the following screen example. Figure 4-2: Connect to Server Screen With Show Connections Link See “Connect to Server>Connect to KVM Ports” on page 144 for more details.
Connect to Server>Connect to OnSite Connect to Server>Connect to OnSite Clicking the “Connect to OnSite” radio button and clicking “Connect” brings up a Java applet running a secure SSH session and logs the user into the OnSite console, where the user has access to the OnSite’s command line. An administrative user can use the CLI utility on the Linux command line. While connected to the OnSite console through the Web Manager, the administrative user cannot switch users to root.
Connect to Server>Connect to Serial Ports Connect to Server>Connect to Serial Ports The list of serial ports displays the port names or administrator-defined aliases only for serial ports that the current user has permission to access. For administrative users all serial ports are listed. Note: If you are a regular user and the list of serial ports is empty or does not include a port you need to access, contact the OnSite administrator for help.
Connect to Server>Connect to KVM Ports Note: If you are a regular user and the menu of KVM ports is empty or does not include a port you need to access, contact the OnSite administrator for help. The following screen shows an example KVM port pull-down menu. Figure 4-4: Example KVM Port Menu After you select a port from the “KVM” menu, and click the “Connect” button, an AlterPath Viewer appears. See “Using the AlterPath Viewer” on page 77.
Connect to Server>Connect to KVM Ports Show Connections Link and Dialog On the latest versions of the OnSite hardware, the “Show Connections” link appears at the lower right of the screen, as shown in the following screen example. Figure 4-5: Connect to Server Screen With Show Connections Link Clicking the “Show Connections” link while the KVM menu radio button is selected brings up a dialog. If no connection exists, a dialog like the following appears.
Connect to Server>Connect to KVM Ports Figure 4-7: Show Connections Dialog If the Show Connections Dialog is available with the OnSite version you are using, you can use the dialog to do the following: • Go to the previous or next port on the list of ports you are authorized to access • Start cycling through all the ports you are authorized to access • View the status of the current connection • Reset the mouse and keyboard • Adjust the brightness • Adjust for the length of cable between the OnSite and th
IPDU Power Mgmt. [User] IPDU Power Mgmt. [User] When you select the “IPDU Power Mgmt.” option in the Web Manager as a regular user, if you are authorized to manage outlets on an iAlterPath PM that is connected to one of the AUX ports, two tabs appear at the top of the screen, as shown in the following figure. You can access screens from the tabs under IPDU Power Mgmt. to manage outlets, or to view IPDUs information: IPDU Power Mgmt.
IPDU Power Mgmt.>Outlets Manager [User] A screen like the one in the following figure appears if the current user is authorized to manage power on one or more outlets. The screen shows separate entries for each port configured for power management. Each port’s entry lists the number of IPDUs connected, and displays a line item for each outlet you are authorized to manage. The authorized user can do the following for any listed outlet: • Edit the power up interval.
IPDU Power Mgmt.>Outlets Manager [User] Yellow bulbs indicate an outlet is switched on. Gray indicates an outlet is switched off. An opened padlock indicates that an outlet is unlocked. A closed padlock indicates that an outlet is locked. An orange “Cycle” button is active next to each outlet that is on. In the example below, outlet 1 is locked and outlet 2 is switched off and unlocked.
IPDU Power Mgmt.>View IPDUs Info 4. To momentarily power an outlet off and then on again, click the adjacent “Cycle” button. 5. To change the outlet’s name or the power up interval, click the adjacent “Edit” button. The Edit Outlet dialog box appears. a. To change the name assigned to the outlet, enter a new name in the “Outlet Name” field. b. To change the time between when this outlet is turned on and another can be turned on, enter a new number of seconds in the “Power Up Interval field. 6. Click OK.
IPDU Power Mgmt.>View IPDUs Info A separate entry appears for each port that is configured for power management. On the “View IPDUs Info” screen under IPDU Power Management, authorized users and administrative users can view the information shown in the following table about each port under “General Information.” Table 4-2: General Port Information on the View IPDUs Info Screen Description Example Name Either a default name or administrator-configured name.
IPDU Power Mgmt.>View IPDUs Info You can view the following information about each IPDU (under Unit Information) Table 4-3: IPDU Information on the View IPDUs Info Screen Description Example Model AlterPath PM model number PM8 20A Software Version PM firmware version 1.5.0 Alarm Threshold Number of amperes that triggers an alarm or syslog message if it is reached 20.0A Current Current level on the IPDU 0.8A Maximum Detected Maximum current detected 1.
IPDU Power Mgmt.>IPDU Multi-Outlet Ctrl IPDU Power Mgmt.>IPDU Multi-Outlet Ctrl When an authorized user selects the “IPDU Multi-Outlet Ctrl” menu option, a screen appears like the one shown in the following figure. A multi-outlet device is a server or other device that has more than one power supply. On the “IPDU Multi-Outlet Ctrl.
IPDU Power Mgmt.>IPDU Multi-Outlet Ctrl Figure 4-8: IPDU Multi-Outlet Ctrl Error Screen A screen like the following appears when all the above-mentioned conditions have been met and the current user is authorized to manage power for a server that is connected to a serial port and that is plugged into multiple outlets.
IPDU Power Mgmt.>IPDU Multi-Outlet Ctrl Table 4-4: IPDU Multi-Outlet Ctrl. Form Icons Button Purpose A grey light bulb indicates that the group is off. A yellow light bulb indicates that the group is on. Clicking the light bulb icon changes the power status of all of the outlets in the group. A grey and open lock indicates that the outlets are unlocked and can be powered on or off. A full-color and closed lock indicates that the outlet is locked and cannot be turned on or off.
Security [User] Security [User] When you select the “Security” menu option as a regular user, a screen for changing your password appears as shown in the following figure. T To Change Your Password [User] 1. Select the “Security” option from the left menu in the Web Manager Regular User screen. The “Security” screen appears. 2. Enter your current password in the “Current Password” field. 3. Enter the new password in the “New Password” and the “Repeat New Password” fields. 4. Click OK.
Temperature Sensors [User] Temperature Sensors [User] When you select the “Temperature Sensors” option as a regular user, the screen shown in the following figure appears.
Temperature Sensors [User] 2. Select “FPGA,” “Power Supply,” “CPU” from the pull-down menu. 3. Click “Connect.” The “Time X Temperature” dialog box appears. 4. Choose a display format. • To view the default format, do nothing. - OR • Specify another display format. 5. Make any other desired changes. See Table 1-27, “Temperature Graph Parameters,” on page 58, if needed. 6. To apply any changes to the format, click “apply changes.” 7. To save any changes in a profile for later reuse, do the following. a.
Temperature Sensors [User] 160 AlterPath OnSite Administrator’s and User’s Guide
Chapter 5 Web Manager Wizard Mode This chapter describes the Web Manager Wizard mode on the OnSite. The following table lists the topics in this chapter.
Wizard Screen Features Wizard Screen Features The following figure shows the features of the Wizard screens. Selecting an item from the left menu brings up a corresponding screen in the middle. Left menu Expert button Figure 5-1: Example Web Manager Window in Wizard Mode Selecting or deselecting some options displays additional fields. For example, if the DHCP checkbox is unchecked in the “Network Settings” step, fields for configuring the IP address and other network parameters appear.
Step 1: Security Profile [Wizard] Step 1: Security Profile [Wizard] In Wizard Mode, when “Step 1: Security Profile” is selected, a screen appears like the one in the following figure. Figure 5-2: Web Manager Wizard Step 1: Security Profile The screen identifies the name of the security profile currently in effect.
Step 1: Security Profile [Wizard] After the OK button is clicked, a screen reappears showing the newly-selected security profile’s name. When the administrative user creates a custom profile, the red “unsaved changes” button blinks. For example, the following figure shows the screen after the security profile is changed to “CUSTOMIZED,” and the red “unsaved changes” light is lit.
Step 1: Security Profile>Secured Otherwise, a dialog appears like the one shown in the following screen example. The Web Manager restarts, and the administrative user must log in again. Step 1: Security Profile>Secured The following figure shows the screen for the “Secured” security profile.
Step 1: Security Profile>Open Note: If you select the “Secured” security profile, make sure to notify all users that they must use HTTPS when bringing up the Web Manager, because HTTP is disabled by the secured security profile. You must also make sure that X.509 certificates are included The features in the “Secured” security profile are described in Table 1-12, “Secured Security Profile Services/Features,” on page 26.
Step 1: Security Profile>Custom Step 1: Security Profile>Custom The following figure shows the features that can be enabled and disabled in the dialog for the “Custom” security profile. Figure 5-6: Custom Security Profile Dialog The options that can be configured in a custom security profile are described in Table 1-9, “Services and Other Functions Defined in Security Profiles,” on page 23. T To Select or Configure a Security Profile— Wizard 1. Log into the Web Manager as an administrative user.
Step 2: Network Settings [Wizard] 3. Click the appropriate button to select a security profile. 4. If you select the “Custom” profile, a dialog appears with checkboxes next to all the configurable services and features. 5. If you are customizing a security profile, make sure the checkboxes are checked next to the services and features you want to be enabled and make sure the checkboxes are clear next to services and features you want to be disabled. 6. Click “OK.
Step 2: Network Settings [Wizard] Figure 5-7: Web Manager Wizard Step 2: Network Settings screen— Without DHCP If the “DHCP” checkbox is checked, the screen appears as shown in the following figure. Figure 5-8: Web Manager Wizard Step 2: Network Settings Screen— DHCP During initial setup of the OnSite, the administrator configures the basic network settings that are needed to enable logins through the Web Manager.
Step 2: Network Settings [Wizard] Before making any changes to existing network settings, you may want to review “Collecting Basic Network Information” on page 57, which provides a form to record information you need to collect ahead of time. See “To Change Network Settings [Wizard]” on page 113 for the procedure. In Expert mode, under Configuration>Network, you can specify additional networking-related information and perform other advanced configuration tasks. See “Network” on page 219.
Step 3: Serial Port Profile [Wizard] Step 3: Serial Port Profile [Wizard] In Wizard mode, selecting “Step 3: Serial Port Profile” brings up a screen for changing parameters that apply to all serial ports on the OnSite. Note: The values specified here must match the values on all devices connected to the serial ports. The defaults are correct for most devices. Use this screen only if you need to change the parameters. The screen appears as shown in the following figure with the default options.
Step 3: Serial Port Profile [Wizard] Table 5-1: Serial Port Profile Parameters and Usage (Continued) Parameter Options Description Flow Control None [Default] Hardware Software Must match the flow control method of the devices connected to all serial ports. Parity None [Default] Odd Even Must match the parity used by the devices connected to all serial ports. Baud Rate (Kbps) 9600 [Default] Must match the baud rates of the devices connected to all serial ports.
Step 3: Serial Port Profile [Wizard] Note: You cannot configure KVM ports in Wizard mode. To configure KVM ports, see “Configuration>KVM” on page 212. The following table lists the tasks for configuring serial ports with links to where they are documented.
Step 3: Serial Port Profile [Wizard] Table 5-2: Tasks for Configuring Serial Ports To Configure a Trigger for SNMP Trap Notification for Serial Ports Expert] Page 272 T To Configure Serial Ports [Wizard] Perform this procedure only if the serial ports are connected to the console ports on devices. If the serial ports are connected to dumb terminals, you can configure them only in Expert mode.
Step 4: Access [Wizard] 6. To change the data size, select an option from 5 to 8 from the “Data Size” pull-down menu. The default is 8. 7. To change the stop bits, select 1 or 2 from the “Stop Bits” pull-down menu. The default is 1. 8. To change whether authentication is required, check the “Authentication Required” checkbox for Yes or leave it unchecked for No. 9. Click the “apply changes” button. 10. If desired, go to ““To Add a User [Wizard]” on page 177.
Step 4: Access [Wizard] • • Admin Generic User The Admin (the “admin” account) has access to all functions of the Web Manager and has access to all ports on the OnSite. The Generic User defines the KVM port access permissions for all users except the admin and root users. Any new regular user account automatically inherits the KVM port access permissions configured for the Generic User.
Step 4: Access [Wizard] Table 5-3: Add User Dialog: Field Names and Definitions (Continued) Field Name Definition Group The choices in the “Group” menu are “Regular User” [Default] or “Admin.” Note: To configure a user to be able to perform all OnSite administration functions, select the “Admin” group. See “Types of Users” on page 18, if needed, for more background. Shell Optional. The default shell when the user makes a ssh or telnet connection with the switch. Choices are: sh [Default] or bash.
Step 4: Access [Wizard] 3. Enter the username and password in the “User Name” and “Password” fields, and enter the password again in the “Repeat Password” field. 4. Select from the “Group” menu options. a. To create a regular user account without administrator privileges, select “Regular User” [Default] from the “Group” pull-down menu on the left. b. To create an account with administrator privileges, select “Admin” from the “Group” pull-down menu on the left. 5.
Step 5: Data Buffering [Wizard] For example, select “admin.” 3. Click “Change Password.” The “Change User Password” dialog box displays. 4. Enter the new password in both fields, and then click OK. 5. Click “apply changes.” Step 5: Data Buffering [Wizard] In Wizard mode, selecting “Step 5: Data Buffering” brings up a screen for setting up the storage of console data to a data buffer file. The values set here apply to all serial ports.
Step 5: Data Buffering [Wizard] Figure 5-12:“Step 5: Data Buffering” Screen—Remote Make sure that enough disk space is available to store the files in the location you select. Sequentially-written files can quickly grow to exceed the storage capacity of the local flash memory or remote hard drive. Data buffering should only be done if processes are in place to monitor the stored data. The following table shows the differences between remote and local data buffering.
Step 5: Data Buffering [Wizard] Table 5-4: Differences Between Remote and Local Buffering (Continued) Option Description Local files Set a file size greater than zero. Make sure the file size does not exceed the space available on the OnSite’s flash memory. If needed, you can supplement the flash memory module by installing a flash memory card (with an adapter) or other storage device in a PCMCIA slot; see “PCMCIA Card Slots” on page 13 for the supported PCMCIA cards.
Step 6: System Log [Wizard] a. In the “NFS File Path” field, enter the pathname for the mount point of the directory where data buffer file is to be stored. For example, if the mount point directory’s pathname is /var/adm/ ONSmessages, enter /var/adm/ONSmessages in the field. Note: The NFS server must already be configured with the mount point shared (exported), and the shared directory from the NFS server must be mounted on the OnSite. b.
Step 6: System Log [Wizard] Before setting up syslogging, make sure an already-configured syslog server is available on the same network as the OnSite. Obtain the following information from the syslog server’s administrator. • • The IP address of the syslog server The facility number for messages coming from the OnSite See “Notifications, Alarms, and Data Buffering” on page 40, if needed, for more background on logging and on how facility numbers are used.
Step 6: System Log [Wizard] T To Delete a Syslog Server [Wizard] 1. In Wizard mode, go to “Step 6: System Log.” The System Log screen displays. 2. From the Syslog Server list, select the syslog server that you want to delete from the current facility location, and then select Delete. 3. Click “apply changes.
Chapter 6 Web Manager for Administrators This chapter is for administrative users who use the Web Manager to configure the OnSite and who can also use the Web Manager to access connected devices.
Common Tasks Common Tasks Common OnSite administration tasks are listed in the following table.
Common Tasks Table 6-1: Common OnSite Administration Tasks (Sheet 2 of 3) Task Where Documented Configure local or remote data buffering (to save console input to a log file) and specify alarms for trigger events on serial port(s). • ““To Configure Data Buffering for Serial Ports [Expert]” on page 243 Configure logging of system messages to a syslog server.
Common Tasks Table 6-1: Common OnSite Administration Tasks (Sheet 3 of 3) Task Where Documented • Logins to devices through serial ports. • “To Configure a Serial Port Authentication Method [Expert]” on page 241 Specify encryption levels for communications between the OnSite and user computers connected to KVM ports. “To Configure IP Users (KVM Over IP) Sessions [Expert]” on page 222 Configure rules for the OnSite to filter packets like a firewall.
Expert Mode Expert Mode If you are in Wizard mode and need to perform advanced configuration, click the Expert button at the bottom of the left menu to switch to Expert mode. The Wizard button displays at the lower left when you are in Expert mode. The following figure shows a typical Web Manager window when the administrative user is logged in and is in Expert mode.
Expert Mode Note: Shortcuts are often used to indicate how to get to Web Manager screens. For example, a step telling the user to access the “IP Users” screen in the right tab in the previous figure would use this convention, “Go to Configuration>KVM>General >IP Users in Expert mode.
Overview of Menus and Screens in Expert Mode Overview of Menus and Screens in Expert Mode The following figure shows all screens in Expert mode.
Access Access Under “Access” in Expert mode, six options appear in the left menu, as shown in the following figure. Figure 6-2: Web Manager Access Menu Options The options in the Connect to Server screen are the same both for regular users and administrative users, as described under “Connect to Server” on page 141. The remaining options listed below are different for administrative users than they are for authorized users. Access>IPDU Power Mgmt.
Access>IPDU Power Mgmt. T To Connect to the OnSite Console as admin [Expert] This procedure logs the administrative user into the OnSite console as “admin” in a ssh session. 1. While logged into the OnSite as an administrative user, go to Access>Connect to Server. 2. Click the “Connect to OnSite” radio button. 3. Click the “Connect” button. A Java applet viewer appears with an admin prompt. Access>IPDU Power Mgmt.
Access>IPDU Power Mgmt. Users can manage power using the tabbed screens if the following two prerequisites are completed: • An AlterPath PM IPDU is connected to an AUX port on the AlterPath OnSite. For the procedure, see the AlterPath OnSite Installation Guide • The AUX port is configured for power management. For the procedure, see “To Configure an AUX Port for IPDU Power Management [Expert]” on page 266. Both administrative users and authorized users have access to the first two tabs.
Access>IPDU Power Mgmt.>Users Manager Table 6-3: Power Managment Configuration Tasks Performed Only by Administrative Users Configure names, alarms, logging, and over-current protection for IPDUs. • “Access>IPDU Power Mgmt.>Configuration” on page 197 • To Specify Names, Alarms, Syslogging, and Over-current Protection for IPDUs [Expert] Upgrade AlterPath PM IPDU information • “Access>IPDU Power Mgmt.>Software Upgrade” on page 199 • To Upgrade Software on an AlterPath PM [Expert] Access>IPDU Power Mgmt.
Access>IPDU Power Mgmt.>Users Manager By default, only administrative users can perform IPDU power management. Clicking “Add” brings up the following dialog box where the administrative user can specify one or more comma-separated user names and one or more outlets. Figure 6-5: IPDU Power Mgmt.>Users Manager “Add User” Dialog Box A comma can be used to separate outlet numbers, and a hyphen can be used to indicate a range of outlets (for example: 1, 3, 4, 6-8).
Access>IPDU Power Mgmt.>Configuration The “Add/Edit User x Outlets” dialog box appears. 4. To add a new user, click “Add.” The “Add/Edit User x Outlets” dialog box appears. 5. In the “Add/Edit User x Outlets” dialog box, do the following as appropriate. a. Enter the username in the “User” field. b. Enter or modify the numbers of the outlets to which the user is assigned in the “Outlets” field. 6. Click OK. The Users Information list displays the changes. 7. Click “apply changes.” Access>IPDU Power Mgmt.
Access>IPDU Power Mgmt.>Configuration varies according to the model of the connected PM. The figure shows number 20 for a 20 amp PM.
Access>IPDU Power Mgmt.>Software Upgrade c. If enabling over-current protection, a buzzer, or alarm notification, select an Alarm Threshold from the pull-down menu. 3. Click “apply changes.” Access>IPDU Power Mgmt.>Software Upgrade On the “Software Upgrade” screen under Access>IPDU Power Management in Expert mode, an administrative user can upgrade the software on AlterPath PM IPDUs.
Access>IPDU Power Mgmt.>Software Upgrade the software version it contains is more recent than the installed version, information about the new version is displayed, and an “Update” button appears on the screen. Note: An Upgrade button displays only if a copy of the most-recent firmware has been downloaded into /tmp/pmfirmware. T To Download AlterPath PM Software From Cyclades [Expert] An administrative user can use this procedure to download software from the Cyclades website.
Access>IPDU Multi-Outlet Ctrl For example, the version of AlterPath PM firmware in the previous figure is Driver Version V_1.4.0. You would download it if it is more recent than the version shown on the screen. 3. Click the “Firmware” link. 4. In the version directory, click the name of the binary you want to download. For example, pm_140.bin is the name of the version 1.4.0 software file. 5. After the download completes, copy the file to the /tmp folder with the name pmfirmware.
Access>IPDU Multi-Outlet Ctrl and manage the power on a group of outlets that provide power to a server or other device that has multiple power supplies, when the device is connected to a serial port and properly configured. Selecting the “IPDU Multi-Outlet Ctrl.” option under “Access” in Expert mode brings up the screen shown in the following figure if any of the conditions described on the page are true.
Access>IPDU Multi-Outlet Ctrl Outlets on multiple IPDUs can be managed as a group from this screen. An administrative user must do the prerequisite tasks shown in the following table before any user can manage power through this screen. Table 6-4: Tasks for Configuring Multi-Outlet Control Task Where Documented Connect the device that has multiple power supplies to an OnSite serial port and plug it into outlets on one or more AlterPath PM IPDU(s).
Access>IPMI Power Mgmt. Access>IPMI Power Mgmt. On the “IPMI Power Mgmt.” screen under “Access” in Expert mode, an administrative user can enable and perform power management of devices that have Intelligent Platform Management Interface (IPMI) management controllers. See “Power Management” on page 35 for an introduction to the options available on the OnSite for IPMI power management, if needed. As shown in the following figure, if no IPMI devices have been added previously, only the “Add” button appears.
Access>IPMI Power Mgmt. Figure 6-11: Web Manager IPMI Power Mgmt. “Add/Edit IPMI Device” Dialog Boxes After you fill out the fields or make changes and save the changes, the device is either added to the IPMI Devices list or the configuration for the device is changed. The following figure shows an entry for an IPMI server. Figure 6-12:Web Manager IPMI Power Mgmt.
Access>IPMI Power Mgmt. Power Management of IPMI devices has the following prerequisites: • • The IPMI device must be available to the OnSite over the network. The information in the following table must be obtained from the IPMI device’s administrator. Table 6-5: IPMI Information Field Name Description Device Alias Optional IP Address IP address of the device Authentication type None, Straight Password, MD5, MD2 Access Level (User/Operator/Administrator) Default is User.
Access>IPMI Power Mgmt. 2. To delete a previously-added IPMI device, select the device’s name and then click the “Delete” button. 3. To add a device, click the “Add” button, and perform the following steps. a. If desired, enter an optional alias for the device in the “Device Alias:” filed. b. Enter the IP address of the IPMI device in the “IP Address:” field. c. Choose an authentication type, if desired, from the authentication type pull-down menu. d.
Access>Terminal Profile Menu Access>Terminal Profile Menu Selecting the “Terminal Profile” option under “Access” in Expert mode brings up a screen like the one shown in the following figure. Figure 6-13:Web Manager Access>Terminal Profile Menu Screen On the screen shown in Figure 6-13, an administrative user can define a terminal command menu to appear when a user turns on a dumb terminal that is connected to one of the serial ports and that is configured as a local terminal.
Access>Terminal Profile Menu Figure 6-14:Web Manager Terminal Profile Menu “Add Option” Dialog Box For example, an administrative user can use this screen to create a menu called “SSH to Servers” with options that launch ssh connections to several servers, such as shown in the following screen example. Figure 6-15:Web Manager Terminal Profile Menu Example T To Create a Menu for a Dumb Terminal [Expert] 1. Go to Access>Terminal Profile Menu in Expert mode. The “Terminal Profile” menu displays. 2.
Access>Temperature Sensors a. Enter a title for the menu option in the “Title” field. b. Enter an action or command to be executed when the user clicks the menu option in the “Action/Command” field, and repeat for the number of options desired. c. Click OK. 5. Click “apply changes.” The terminal menu then appears when the dumb terminal is turned on. Access>Temperature Sensors OnSite administrative users and regular users can monitor three temperature sensors on the OnSite.
Configuration Default and user-added profiles are saved in: /new_web/normal/applications/appl/profiles/ See Table 1-27, “Temperature Graph Parameters,” on page 58 for descriptions of the defaults and allowed values an administrative user can specify to change the display. For details on how to monitor settings and change graph displays, go to: “To Monitor the OnSite’s Temperature” on page 158.
Configuration>KVM • • • • • “Configuration>Serial/AUX” on page 227 “Configuration>Inband” on page 273 “Configuration>Security” on page 275 “Configuration>Network” on page 298 “Configuration>System” on page 347 Configuration>KVM Selecting Configuration>KVM in Expert mode brings up three KVM options in the left menu as shown in the following figure. Figure 6-18:Web Manager Configuration>KVM Menu Options Administrative users can use the KVM menu options for custom configuration of KVM ports.
Configuration>KVM>General>General Configuration>KVM>General>General On the General screen under Configuration>KVM>General in Expert mode, an administrative user can specify the parameters shown in the following table. Table 6-6: KVM>General>General Screen Fields and Options Parameter Name Definition Where Documented Direct Access Selecting this check box enables logins to KVM ports directly from the Web Manager Login screen.
Configuration>KVM>General>General Table 6-6: KVM>General>General Screen Fields and Options (Continued) Parameter Name Definition Where Documented Port Authentication Allows you to choose whether authentication is required for direct logins to KVM ports. If needed, see the introduction to authentication on the OnSite under “OnSite Authentication Options” on page 7.
Configuration>KVM>General>General redefine the common escape sequence portion of each hot key separately from the command key. The following table summarizes the format of the hot keys, the defaults, and where they can be redefined. Table 6-7: Format for KVM Port Connection Hot Keys Format Defaults Common Escape Sequence Command Key Where Defined “Modifier”+ “letter key” “letter key” Configuration>KVM>General Ctrl+k p to bring up the “power management” screen, q to quit, and so forth.
Configuration>KVM>General>General 3. To redefine the command key portion of any AlterPath Viewer keyboard shortcuts, do one of the following steps. • To change the command key for users who access KVM ports through the OSD, go to the Local User tab. OR • To change the command key for users who access KVM ports through the Web Manager (KVM over IP) on OnSite hardware version 1.0.0 go to the IP Users tab.
Configuration>KVM>General>General • • RADIUS (either RADIUS or RADIUS/DownLocal TACACS+ (either TACACS+, and TACACS+/DownLocal) T To Configure an Authentication Method for Direct Access to KVM Ports [Expert] This procedure configures a single authentication method that applies whenever anyone attempts direct access to any KVM port through the Web Manager login screen. 1. Go to Configuration>KVM>General in Expert mode. The General screen appears. 2.
Configuration>KVM>General>Local User Configuration>KVM>General>Local User Selecting Configuration>KVM>General>Local User brings up a screen with the fields shown in the following figure.
Configuration>KVM>General>IP Users Table 6-8: Session Parameters for Local User (Continued) Field Name Definition Keyboard Type Sets the keyboard type. Choose the type of keyboard connected to the Local User port on the OnSite. The options from the dropdown list are shown in the following figure. Cycle Time Change the cycle time (in seconds), which is the duration for viewing each server while cycling.
Configuration>KVM>General>IP Users Figure 6-20:Web Manager KVM>General>IP Users Screen, Version 1.1.0 Selecting Configuration>KVM>General>IP Users brings up a screen with the fields shown in the following figure on OnSite hardware version 1.0.0. Figure 6-21:Web Manager KVM>General>IP Users Screen, Version 1.0.0 The following table lists and describes the parameters that appear on the screens for both types of users.
Configuration>KVM>General>IP Users Table 6-9: Session Parameters for Local User and IP Users (Continued) Field Name Definition TCP Viewer Ports Change the number of the TCP port used for the AlterPath Viewer. [IP User only.] The default is 5900+. You may need to change the default, for example, if your firewall is blocking port 5900. (For more details, see “Port Numbers and Aliases” on page 47.) Port numbers 1-1024 are reserved.
Configuration>KVM>General>IP Users 3. To change the screen saver timeout, enter a different number of minutes in the “Screen Saver Timeout” field. 4. To change the keyboard type, select a different keyboard from the “Keyboard type” pull-down menu. 5. To change the cycle time, enter a different number of seconds in the “Cycle Time” field. 6.
Configuration>KVM>General>IP Users KVM Ports Selecting Configuration>KVM>KVM Ports in Expert mode brings up the screen shown in the following figure. Figure 6-22:Web Manager KVM>KVM Ports Screen The device name “master” stands for the OnSite. Selecting “master” and clicking the “Ports” button brings up a list of the KVM ports on the OnSite, as shown in the following figure.
Configuration>KVM>General>IP Users When you select a port and click the “Modify” button, the dialog box shown in the following figure appears.
Configuration>KVM>General>IP Users Note: On this version of the OnSite, cascading OnSites is not supported. For that reason, the only entry in the Device pull-down list is “master.” The “Outlets at Device” field is for specifying the number(s) of the outlet(s) into which the device that is connected to the selected KVM port is plugged. Specify multiple outlet numbers separated by commas, or enter a range of numbers separated by a dash.
Configuration>KVM>General>IP Users T To Configure an Alias for a KVM Port [Expert] 1. Go to Configuration>KVM >KVM Ports in Expert mode, select the device that includes the port(s) you wish to modify. 2. Click the “Ports” button. A list of all the selected ports appears. 3. Select a single port to be modified, and then select the “Modify” button. The “Modify Port” dialog box appears. 4. To change the port’s alias, do the following steps. a. Enter a new alias in the “Alias” field. b.
Configuration>Serial/AUX Configuration>Serial/AUX Selecting Configuration>Serial/AUX in Expert mode brings up three options in the left menu, as shown in the following figure. Figure 6-25:Web Manager Configuration>Serial/AUX Menu Options Using the Serial/AUX menu options as described in the following sections, an administrative user can perform custom configuration of serial and AUX ports.
Configuration>Serial/AUX>Physical Ports See this procedure for how to select ports for modification: • “To Select One or More Serial Ports [Expert]” on page 193 See the descriptions on how to use the screens in the following sections.
Configuration>Serial/AUX>Physical Ports 3. Go to the desired procedure from the following list.
Configuration>Serial/AUX>Physical Ports> General Configuration>Serial/AUX>Physical Ports> General Selecting one or more serial ports and clicking either the “Modify Selected Ports” or “Modify all ports” button, brings up a General screen like the one shown in the following figure.
Configuration>Serial/AUX>Physical Ports> General An administrative user can use the General screen to configure the selected ports. The following table shows the tasks that can be performed using the General screen and provides links to where the tasks are documented.
Configuration>Serial/AUX>Physical Ports> General Serial/AUX>Physical Ports>General>Console Access Server Protocols When a serial port is connected to the console port on a device, a Console Access Server (CAS) profile must be defined for the serial port using values you supply in the serial port configuration screens.
Configuration>Serial/AUX>Physical Ports> General The remaining serial port connection protocol options are nonstandard, and they should only be used by expert administrators to meet special serial port configuration needs. Serial/AUX>Physical Ports>General>Terminal Server Profile Connection Protocols When a dumb terminal is connected to the console port on a device, a Terminal Server (TS) profile must be defined for the serial port using values you supply in the serial port configuration screens.
Configuration>Serial/AUX>Physical Ports> General Table 6-13: Protocols for Dumb Terminals Connected to Serial Ports (Continued) Protocol Name Result SSHv1 Dedicates a dumb terminal that is connected to the selected serial port to access a specific server using the ssh v1 protocol. When the attached dumb terminal is turned on, the OnSite opens a SSH version 1 session on the server, whose IP address you need to specify on the “Other” screen.
Configuration>Serial/AUX>Physical Ports> General Table 6-14: Tasks for Configuring a Dumb Terminal (Continued) Task Where Documented Complete the TS profile (terminal type, host IP address and TCP port number) as required by the connection protocol “To Configure Dumb Terminal Server Connection Options [Expert]” on page 255 For a dumb terminal configured with the Local Terminal protocol, configure an optional menu to display when the terminal is turned on and connected to a session on the OnSite “To Cr
Configuration>Serial/AUX>Physical Ports> General T To Configure a Serial Port Connection Protocol for a Console Connection [Expert] This procedure assumes that the selected serial port is physically connected to a console port on a device. 1. Go to Configuration>Serial/AUX>Physical Ports in Expert mode, select a port or ports to modify, click the appropriate Modify Ports button. The General screen appears. If needed, see “To Select One or More Serial Ports [Expert]” on page 228. 2.
Configuration>Serial/AUX>Physical Ports> General T To Configure a Serial Port Connection Protocol for a Dumb Terminal [Expert] This procedure assumes that the selected serial port is physically connected to a dumb terminal. See Table 6-13, “Protocols for Dumb Terminals Connected to Serial Ports,” on page 233, if needed for definitions of the dumb terminal connection protocols. 1.
Configuration>Serial/AUX>Physical Ports> General T To Configure an Alias for a Serial Port [Expert] 1. Go to Configuration>Serial/AUX>Physical Ports in Expert mode, select a port to modify, and click the Modify Ports button. If needed, see “To Select One or More Serial Ports [Expert]” on page 193. The General screen appears. The Alias field appears on the General screen only when a single port is selected for modification. 2. Enter the desired string in the Alias field. 3. Click “Done.” 4.
Configuration>Serial/AUX>Physical Ports> Access The default is None. 5. To change the data size, select an option from 5 to 8 from the Data pulldown menu. The default is 8. 6. To change the stop bits, select 1 or 2 from the stop bits pull-down menu. The default is 1. 7. To change whether the data carrier detect (DCD) state is disregarded or not, select either “Disregard” or “Regard.” 8. Click “Done.” 9. Click “apply changes.
Configuration>Serial/AUX>Physical Ports> Access On the Access screen under Configuration>Serial/AUX>Physical Ports in Expert mode, an administrative user can perform the tasks shown in the following table.
Configuration>Serial/AUX>Physical Ports> Access The Access screen appears. 3. To restrict access to one or more users or to a group of users, enter previously defined user or group names in the “Authorized Users/Groups” field, with the names separated by commas. 4. To deny access to one or more users or groups, preface the user or group names with an exclamation point (!). 5. Click “Done.” 6. Click “apply changes.
Configuration>Serial/AUX>Physical Ports>Data Buffering Configuration>Serial/AUX>Physical Ports>Data Buffering Selecting Configuration>Serial/AUX>Physical Ports in Expert Mode, selecting one or more serial ports, and then selecting the Data Buffering tab, brings up a screen like the one shown in the following figure.
Configuration>Serial/AUX>Physical Ports>Data Buffering Figure 6-30:Web Manager Serial/AUX>Physical Ports>Data Buffering Fields and Menu Options T To Configure Data Buffering for Serial Ports [Expert] To configure data buffer files to be stored remotely, make sure that a system administrator has already configured an NFS server and shared the mount point. Obtain the facility number for the OnSite from the system administrator of the syslog server. Options range from Local10 to Local17.
Configuration>Serial/AUX>Physical Ports>Data Buffering a. From the “Destination” pull-down menu, choose “Local” or “Remote” to specify whether the data buffer files are stored locally or on a file server. b. If you chose “Local” from the “Destination” pull-down menu, do the following: i. Choose “Circular” or “Linear” from the “Mode” pull-down menu. ii. Enter a size larger than 0 in the “File Size (Bytes) field. c.
Configuration>Serial/AUX>Physical Ports>Multi User 7. Click “apply changes.” To configure alarm notifications to be sent based on the type of buffered data, see “To Choose a Method for Sending Notifications for Serial Port Data Buffering Events [Expert]” on page 270.
Configuration>Serial/AUX>Physical Ports>Multi User Table 6-17: Options on the “Allow Multiple Sessions” Menu (Continued) Menu Option Description Yes (show menu) Multiple read/write sessions and multiple shared (readonly) sessions are allowed. The multiple shared session menu is presented. Read/Write (do not show menu) Read/write sessions are opened without a shared session menu being presented ReadOnly (do not show menu) Read only sessions are opened without a shared session menu being presented.
Configuration>Serial/AUX>Physical Ports>Power Management Configuration>Serial/AUX>Physical Ports>Power Management Selecting Configuration>Serial/AUX>Physical Ports in Expert Mode, selecting one or more serial ports, and then selecting the Power Management tab, brings up a screen like the one shown in the following figure.
Configuration>Serial/AUX>Physical Ports>Power Management Note: The checkbox next to “Enable IPMI on this port” cannot be checked unless an OnSite administrator has previously configured an IPMI server as described under Access>IPMI Power Mgmt. Figure 6-33:Web Manager Configuration>Serial/AUX>Physical Ports>Power Management Options If only “Enable Power Management on this port” is selected, the “IPMI key” and “IPMI Server” menu do not appear.
Configuration>Serial/AUX>Physical Ports>Power Management • IPMI power management can be configured when the device connected to this serial port is a server with an IPMI controller, and the server is listed in the “IPMI Server” list that appears on this screen when the “Enable IPMI on this port” checkbox has been checked.
Configuration>Serial/AUX>Physical Ports>Power Management port 3 is plugged into outlets 1, 4, 5, 6, 7, and 8 on an IPDU connected to AUX port 1. Figure 6-35:Web Manager Configuration>Serial/AUX>Physical Ports>Power Management—Add Outlets Example If more than one IPDU is daisy-chained to a port configured for power management, the outlet numbers are specified sequentially.
Configuration>Serial/AUX>Physical Ports>Power Management 3. To enable Power Management of a device connected to the current port and plugged into a connected IPDU, click “Enable Power Management on this port.” and perform the following steps. a. Click the “Add” button. The “Add Outlet” dialog box appears. b. Enter the outlet number(s) into which the device connected to the selected port is plugged. c. Click OK. The power management port and the specified outlet numbers display on the PowerMgmt Port list.
Configuration>Serial/AUX>Physical Ports>Power Management 6. Click “apply changes.” T To Configure a User for IPDU Power Management for a Serial Port [Expert] Perform this procedure to authorize a user to perform power management for a device that is connected to one of the OnSite’s serial ports. The device must be plugged into one or more outlets on an AlterPath PM IPDU that is connected to one of the AUX ports, and the AUX port must be configured for power management.
Configuration>Serial/AUX>Physical Ports>Other Configuration>Serial/AUX>Physical Ports>Other Selecting Configuration>Serial/AUX>Physical Ports in Expert Mode, selecting one or more serial ports, and then selecting the Other tab, brings up a screen like the one shown in the following figure.
Configuration>Serial/AUX>Physical Ports>Other When one of the dumb terminal connection options in the General screen is selected (see Table 6-13, “Protocols for Dumb Terminals Connected to Serial Ports,” on page 233), additional fields appear on this screen and some fields disappear, as shown in the following figure.
Configuration>Serial/AUX>Physical Ports>Other 2. Select the “Other” tab. The Other screen appears. 3. To change the port number for the serial port, enter another number in the “TCP Port” field. 4. To assign a name to the port’s IP address, enter an alias in the “Port IP Alias” field. For example, if the serial port is connected to a CISCO router, you could assign it a name like “cisco_router1.” 5.
Configuration>Serial/AUX>Physical Ports>Other When one of the dumb terminal connection protocols are selected three tabs are greyed out of the six Serial/AUX>Physical Ports>[Select a serial port] tabs. 2. Select the “Other” tab. The Other screen appears. 3. To change the port number used to access the serial port, enter another number in the “TCP Port” field. 4. To change the keep-alive interval, enter another number in the “TCP Keep-alive Interval” field. 5.
Configuration>Serial/AUX>Aux/Modem Port Configuration>Serial/AUX>Aux/Modem Port Selecting Configuration>Serial/AUX>Aux/Modem Port in Expert mode brings up three tabs, as shown in the following figure.
Configuration>Serial/AUX>Aux/Modem Port • AUX port 2 can be used for power management while connected only for devices connected to a serial port. The following table shows the power management options for the two AUX ports.
Configuration>Serial/AUX>Aux/Modem Port PPP and the AUX and Modem Ports When configuring PPP connections to an external modem connected to an AUX port or to the modem port, an administrative user can use the AuxPort1 or AuxPort2 or ModemPort screens to change the default settings, if desired. The settings are shown in the following screen examples and in Table 6-19, “Fields for Configuring PPP on AuxPort or ModemPort Screens,” on page 261.
Configuration>Serial/AUX>Aux/Modem Port Figure 6-41:Web Manager Configuration>Serial/AUX>Aux/ Modem>Modem Port Screen The following table defines the information you need to specify when PPP is selected from the “Profile” pull-down menu on the AuxPort screens or the ModemPort screen.
Configuration>Serial/AUX>Aux/Modem Port Table 6-19: Fields for Configuring PPP on AuxPort or ModemPort Screens (Sheet 1 of 3) Field Name Definition Baud Rate (Kbps) The baud rate of the modem. Default is 9600. Flow Control The flow control used by the modem. Default is None. Data Size The data size from 5 to 8. Parity “None,” “Odd,” or “Even.” Stop Bits The number of stop bits: “1” or “2.
Configuration>Serial/AUX>Aux/Modem Port Table 6-19: Fields for Configuring PPP on AuxPort or ModemPort Screens (Sheet 2 of 3) Field Name Definition Modem Initialization The modem initialization string is used to configure the modem when it is turned on or when the communications software calls another modem. The default is: TIMEOUT 10 "" \d\l\dATZ OK\r\n-ATZ-OK\r\n "" TIMEOUT 10 "" ATM0 OK\r\n "" TIMEOUT 3600 RING "" STATUS Incoming %p:I.HANDSHAKE "" ATA TIMEOUT 60 CONNECT@ "" STATUS Connected %p:I.
Configuration>Serial/AUX>Aux/Modem Port Table 6-19: Fields for Configuring PPP on AuxPort or ModemPort Screens (Sheet 3 of 3) Field Name Definition Authentication Required Check the checkbox to require authentication. MTU/MRU The maximum transmission unit / maximum receive units for the PPP. PPP Options The default options are: proxyarp modem asyncmap 000A0000 noipx noccp login novj require-pap refuse-chap ms-dns 0.0.0.0 plugin /usr/lib/libpsr.
Configuration>Serial/AUX>Aux/Modem Port Table 6-20: Commonly-Used Supported AT Commands (Sheet 2 of 4) Command Definition Ds Dial telephone number s, where s is the dial string modifier, which may be up to 40 characters long and include the 0–9, *, #, B, C, and D characters, and the L, P, T, V, W, S, comma (,), semicolon (;), !, @, ^, and $ dialstring modifiers. Dial string modifiers: L – Redial last number. (Must be placed immediately after ATD.) P – Pulse-dial following numbers in command.
Configuration>Serial/AUX>Aux/Modem Port Table 6-20: Commonly-Used Supported AT Commands (Sheet 3 of 4) Command Definition Hn Hook control. n = 0 or 1 Default: 0 H0 – Go on-hook (hang up). H1 – Go off-hook (make the phone line busy). Mn Monitor speaker mode. n = 0, 1, 2, or 3 Default: 1 M0 – Speaker always off. M1 – Speaker on until carrier signal detected. M2 – Speaker always on when modem is off-hook. M3 – Speaker on until carrier is detected, except while dialing. Vn Result code format.
Configuration>Serial/AUX>Aux/Modem Port Table 6-20: Commonly-Used Supported AT Commands (Sheet 4 of 4) Command Definition &Wn Store current configuration. n = 0 or 1 Stores current modem settings in non-volatile memory and causes them to be loaded at power-on or following the ATZ command instead of the factory defaults. See also the &F command. &W1 Clears user default settings from non-volatile memory and causes the factory defaults to be loaded at power-on or following the ATZ command.
Configuration>Serial/AUX>Aux/Modem Port 5. Accept or change the following values to match the modem’s values: • “Baud Rate” • “Flow Control” • “Data Size:” • “Parity” • “Stop Bits” 6. Accept or make any changes desired to the modem initialization commands in the “Modem Initialization:” text area. 7. For PPP, do the following steps. a. Enter an IP address in the “Local IP” field. b. In the “Remote IP” field, specify the IP address to assign to the other end of the PPP connection. c.
Configuration>Serial/AUX>Notifications 5. Accept or make any changes desired to the modem initialization commands in the “Modem Initialization:” text area. 6. For PPP, do the following steps. a. Enter an IP address in the “Local IP” field. b. In the “Remote IP” field, specify the IP address to assign to the other end of the PPP connection. c. Check or leave unchecked the checkbox next to “Authentication Required.” d. Accept or change the number in the “MTU/MRU” field. e.
Configuration>Serial/AUX>Notifications Caution! Alarms are not generated unless the checkbox is checked next to “Notification Alarm for Data Buffering.” Clicking the Add button or selecting a previously-specified event and clicking the Edit button brings up a “Notifications Entry” dialog box that allows you to define trigger actions and specify how to handle them. Different fields appear on the dialog boxes depending on whether Email, Pager, and SNMP trap notifications have been chosen.
Configuration>Serial/AUX>Notifications Figure 6-43:Web Manager Configuration>Serial/AUX>Notifications— Email Example See “Notifications, Alarms, and Data Buffering” on page 28 for the supported syntax for alarm triggers. T To Choose a Method for Sending Notifications for Serial Port Data Buffering Events [Expert] 1. Go to Configuration>Serial/AUX>Notifications in Expert mode. The Notifications screen appears. 2. Click the checkbox next to “Notification Alarm for Data Buffering.
Configuration>Serial/AUX>Notifications 3. Select “Email,” “Pager,” or “SNMP trap” from the pull-down menu. 4. To create a new entry for an event to trigger an alarm or notification, click the Add button. 5. To edit a previously-configured trigger, click the Edit button. 6. Go to one of the following procedures.
Configuration>Serial/AUX>Notifications T To Configure a Trigger for Pager Notification for Serial Ports [Expert] 1. Go to Configuration>Serial/AUX>Notifications in Expert mode, select Pager from the pull-down menu; optionally, configure an alarm to sound when the trigger action occurs; and choose “Pager” from the pull-down menu, and click either Add or Edit. If needed, see “To Choose a Method for Sending Notifications for Serial Port Data Buffering [Expert]” on page 217.
Configuration>Inband The choices are “Cold Start,” “Warm Start,” “Link Down,” “Link up,” “Authentication Failure,” “EGP neighbor loss,” or “Enterprise specific.” 5. Enter a community in the “Community” field. 6. Enter the IP address or name of a SNMP Server. 7. Enter a message in the “Body” text area. 8. Click “OK.” Configuration>Inband Selecting Configuration>Inband in Expert mode brings up a screen like the one shown in the following figure.
Configuration>Inband Clicking the “Add” or “Edit” buttons brings up a dialog with the fields shown in the following figure. Figure 6-45:Web Manager Configuration>Inband Edit Screen The following table describes the values to enter on the Add and Edit screens. Table 6-21: Inband Configuration Values Field Description Server Name A unique name for the server. Note: The server name cannot be modified. The only way to change a name is to delete the server’s entry and add it again.
Configuration>Security Configuration>Security Selecting Configuration>Security in Expert mode brings up three options in left menu as shown in the following figure.
Configuration>Security>Authentication Configuration>Security>Authentication Selecting Configuration>Security>Authentication in Expert mode brings up the seven tabs shown in the following figure. Figure 6-47:Web Manager Authentication Tab Options An administrative user can use the Authentication screens for the two following related tasks: • Select a method for authenticating logins to the OnSite only. See “Configuring Authentication for OnSite Logins” on page 277.
Configuration>Security>Authentication Configuring Authentication for OnSite Logins The default authentication method for the AlterPath OnSite is Local. An administrative user can either accept the default or select another authentication method from the pull-down menu on the AuthType screen. Figure 6-48:Authentication “AuthType” Options Any authentication method chosen for the OnSite is used for authentication of any users attempting to log into the OnSite through telnet, ssh, or the Web Manager.
Configuration>Security>Authentication Configuring Authentication Servers The administrator fills out the appropriate screen to set up an authentication server for every authentication method to be used by the OnSite and by any of its ports: Kerberos, LDAP, NIS, NTLM/SMB (ports only), RADIUS, TACACS+. The following table lists the procedures that apply to each authentication method.
Configuration>Security>Authentication T To Configure a Kerberos Authentication Server [Expert] Perform this procedure to configure a Kerberos authentication server when the OnSite or any of its ports is configured to use the Kerberos authentication method or any of its variations (Kerberos, Local/Kerberos, Kerberos/Local, or KerberosDownLocal).
Configuration>Security>Authentication Note: Kerberos authentication depends on time synchronization. Time and date synchronization is most easily achieved by setting both the OnSite and the Kerberos server to use the same NTP server. a. To specify an NTP server, follow the procedure under “To Configure Time and Date [Expert]” on page 350. b. To manually set the time and date on the OnSite, follow “To Configure the Time Zone [Expert]” on page 349. c.
Configuration>Security>Authentication c. Enter the number of the timezone where the OnSite is located. Enter your option: 10 d. Logout from the console session and close the terminal. 4. In the Web Manager Expert mode, go to Configuration>Authentication> Kerberos. The Kerberos screen displays as shown in the following figure. Figure 6-49:Web Manager Kerberos Authentication Server Screen 5. Fill in the screen according to your local setup of the Kerberos server. 6. Click “Done.” 7. Click “apply changes.
Configuration>Security>Authentication Before starting this procedure, find out the following information from the LDAP server’s administrator: • • • • The distinguished name of the search base The LDAP domain name Whether to use secure LDAP The authentication server’s IP address An administrative user can enter information in the following two fields, but an entry is not required: • • The LDAP password The LDAP user name Work with the LDAP server’s administrator to ensure that following types of accoun
Configuration>Security>Authentication Figure 6-50:Web Manager LDAP Authentication Server Screen 2. Supply the IP address of the LDAP server in the “LDAP Server” field. 3. If the LDAP authentication server uses a different distinguished name for the search base than the one displayed in the “LDAP” Base field, change the definition. The default distinguished name is “dc,” as in dc=value,dc=value.
Configuration>Security>Authentication Work with the NTLM server’s administrator to ensure that following types of accounts are set up on the NTLM server and that the administrators of the OnSite and connected devices know the passwords assigned to the accounts: • • • An account for “admin” One or more groups listing all the users If NTLM authentication is specified for KVM ports, accounts for users who need administrative access to the connected devices.
Configuration>Security>Authentication T To Configure a NIS Authentication Server [Expert] Perform this procedure to identify the authentication server when the OnSite or any of its ports is configured to use the NIS authentication method or any of its variations (Local/NIS, NIS/Local, or NIS/DownLocal). 1. Go to Configuration>Authentication>NIS in Expert mode. The NIS screen displays as shown in the following figure. Figure 6-52:Web Manager NIS Authentication Server Screen 2.
Configuration>Security>Authentication Figure 6-53:Web Manager Radius Authentication Server Screen 2. Fill in the screen according to your local setup of the RADIUS server or servers. 3. Click “Done.” 4. Click “apply changes.” The changes are stored in /etc/raddb/server on the OnSite.
Configuration>Security>Authentication See “Configuring Groups for TACACS+” on page 512 for how the groups are configured on the TACACS+ server. • • One or more groups listing all the users If TACACS+ authentication is specified for KVM ports, accounts for users who need administrative access to the connected devices. Make sure to configure a group or groups on the OnSite with the same names and members as the group or groups on the TACACS+ authentication server.
Configuration>Security>Users & Groups The changes are stored in /etc/tacplus.conf on the OnSite. Configuration>Security>Users & Groups Selecting Configuration>Security>Users & Groups in Expert mode brings up a screen like the one shown in the following figure.
Configuration>Security>Users & Groups KVM port access permissions differently as described under “Setting KVM Port Permissions” on page 291. For more background about the hierarchy of KVM port permissions, see “Understanding KVM Port Permissions” on page 32 and “KVM Port Permissions Hierarchy” on page 34. Adding a User If the “Add” button is clicked on the Configuration>Security>Users & Groups screen, the following dialog box appears.
Configuration>Security>Users & Groups Table 6-23: Add User Dialog: Field Names and Definitions (Continued) Field Name Definition Shell Optional. The default shell when the user makes a ssh or telnet connection with the switch. Choices are: sh [Default] or bash. Comments Optional notes about the user’s role or configuration.
Configuration>Security>Users & Groups Setting KVM Port Permissions If a user or group name is selected from the list of users and groups and the “Set KVM Permissions” button is clicked on the Configuration>Security>Users & Groups screen, a “KVM Access List” screen appears like the one in the following figure.
Configuration>Security>Users & Groups Figure 6-59:KVM Access List “Default Permissions” Menu Options For an example of how the “Default Permissions” work, if the Generic User’s default permission is “No access” and you remove the check from the checkbox next to “Default Access List” for a user named jamesi, then jamesi is no longer restricted by the permissions of the Generic User.
Configuration>Security>Users & Groups Separate lists of ports can be specified with any of the following permissions for any user or group: • • • • Ports with no permission Ports with read only permission Ports with read/write permission Ports with full permission (read, write, and power management) The permissions display next to the Device name in the Permissions column, as shown in the following figure.
Configuration>Security>Users & Groups To continue the example, because of the KVM permission settings, jamesi can connect to KVM port 2 with Read Only access, he can connect to ports 3 with Read Write access, and he can connect to port 4 with Read/Write/Power Management access. T To Add a User [Expert] 1. Go to Configuration>Security>Users & Groups in Expert mode. The Users & Groups screen displays. 2. Click “Add.” The “Add User” dialog box displays. 3. Enter the name in the “User Name” field. 4.
Configuration>Security>Users & Groups 2. Select the name of the user whose password you want to change. 3. Click “Change Password.” The Change User Password” dialog box displays. 4. Enter the new password and enter it gaining the “New Password” and “Repeat New Password” fields. 5. Click OK. 6. Click “apply changes.” T To Add a Group [Expert] 1. Go to Configuration>Security>Users & Groups in Expert mode. The Users & Groups screen displays. 2. Under the list of groups, click “Add.
Configuration>Security>Users & Groups T To Select Users and Groups for Assigning KVM Port Access [Expert] Perform this procedure to select users to access servers connected to KVM ports. 1. Go to Configuration >Security>Users & Groups in Expert mode. The Users & Groups screen displays. 2. To set KVM port access for a regular user, select the name of the user from User List. 3. To set KVM port access permissions for a group, select the name of the group from the Group List. 4.
Configuration>Security>Profiles The “Set KVM Permissions for the device” dialog box displays as shown in the following figure. (The example shows the dialog box when the “master” device is selected.) In the fields for each desired category, type either port aliases or numbers, separating them either by commas or dashes. 7. Click OK. The newly-set permissions display next to the Device name in the Permissions column. 8. Click OK. 9. Click “apply changes.
Configuration>Network Configuration>Network Selecting Configuration>Network in Expert mode brings up nine options in left menu as shown in the following figure.
Configuration>Network>Host Settings Configuration>Network>Host Settings When Configuration>Network>Host Settings is selected in Expert mode, the following screen appears. Figure 6-65:Web Manager Configuration>Network>Host Settings Screen An administrative user can use the Host Settings screen to configure a name and IP address for the OnSite and configure basic networking parameters. If the “DHCP” checkbox is not checked, then other options appear on the screen as shown in the following example.
Configuration>Network>Host Settings Figure 6-66:Web Manager Configuration>Network>Host Settings Screen— No DHCP The following table describes the fields on the Host Settings form. Table 6-24: Host Settings Form Fields (Sheet 1 of 2) Filed Name Field Definition Host Name The fully qualified DNS name identifying the OnSite on the network. Console Banner A text string designed to appear on the console upon logging into and exiting from a port as a way to verify or identify the particular port connection.
Configuration>Network>Host Settings Table 6-24: Host Settings Form Fields (Sheet 2 of 2) Filed Name Field Definition Secondary Network Mask Optional. MTU Maximum Transmission Unit used by the TCP protocol. DNS Server Address of the Domain Name Server. Secondary DNS Server Address of the backup Domain Name Server. Domain Name The name that identifies the domain, for example, domainname.com. Gateway IP The IP address to the gateway on the subnet.
Configuration>Network>Host Settings a. Enter the name assigned to the IP address of the OnSite in the “Host Name” field. b. Enter or change the console banner in the “Console Banner” field. The console banner appears on the console when the user logs into and exits from a port as a way to verify or identify the particular port connection c. Enter the IP address of the OnSite in the “Primary IP” field. d. Enter the netmask in the “Network Mask” field. e.
Configuration>Network>Syslog Configuration>Network>Syslog When Configuration>Network>Syslog is selected in Expert mode, the screen shown in the following figure appears. Figure 6-67:Web Manager Configuration>Network>Syslog Screen An administrative user can use the Syslog screen to configure how the OnSite handles syslog messages. The Syslog screen allows you to do the following: • • Specify one or more syslog servers to receive syslog messages related to ports. Specify rules for filtering messages.
Configuration>Network>Syslog The top of the screen is used to tell the OnSite where to send syslog messages: • One facility number can be specified for messages from serial ports and AUX ports and another facility number for messages from KVM ports. See “Facility Numbers for Syslog Messages” on page 28 for details. Obtain the facility numbers to use from the syslog server’s administrator. See ““To Add a Syslog Server [Wizard]” on page 183 for how a syslog server is configured for the OnSite.
Configuration>Network>PCMCIA Management 6. Click “apply changes.” Configuration>Network>PCMCIA Management When Configuration>Network>PCMCIA Management is selected in Expert mode, the following screen appears.
Configuration>Network>PCMCIA Management While configuring a PCMCIA card, you must inserted a card in one of the PCMCIA slots on the front of the OnSite. For configuring call back, you need to have the phone number of the remote modem calling in. T To Begin Configuring a PCMCIA Card [Expert] 1. Insert a PCMCIA card into one of the slots on the front of the OnSite. 2. Go to Configuration>Network>PCMCIA Management in Expert mode. The PCMCIA Management page appears. 3.
Configuration>Network>PCMCIA Management Configuring a Modem PCMCIA Card An administrative user can use the PCMCIA Management screen under Configure>Network to enable remote users to dial into the OnSite through an installed modem PCMCIA card. When the administrative user selects Modem from the pull-down menu, the dialog box shown in the following figure appears.
Configuration>Network>PCMCIA Management Figure 6-71:Modem PCMCIA Card Configuration Dialog Box—PPP and Call Back Checkboxes Checked T To Configure a Modem PCMCIA Card [Expert] 1. Install the modem card and select “Modem” from the pull-down menu on the PCMCIA Management screen. See “To Begin Configuring a PCMCIA Card [Expert]” on page 306, if needed. 2. To enable PPP, do the following steps: a. Check the PPP checkbox. b. Enter an IP address in the “Local IP” field, if desired.
Configuration>Network>PCMCIA Management By default, the IP address 10.0.0.1 is assigned. Only change the IP address if you have a specific reason to do so. 3. To enable call back, do the following: a. Check the “Call Back” check box. b. Enter a number to use to call back the modem. 4. To configure authentication using OTP passwords, check the “Authentication One Time Password Required” checkbox.
Configuration>Network>PCMCIA Management Figure 6-73: ISDN PCMCIA Card Configuration Dialog Box—Call Back T To Configure an ISDN PCMCIA Card [Expert] 1. Install the ISDN card and select “ISDN” from the pull-down menu on the PCMCIA Management screen. See “To Begin Configuring a PCMCIA Card [Expert]” on page 306, if needed. The “Local IP” and “Remote IP” fields and the “Call Back” check box appear on the Slot dialog box. 2. Enter an IP address in the “Local IP” field, if desired.
Configuration>Network>PCMCIA Management 6. Click “apply changes.” Configuring a GSM PCMCIA Card An administrative user can use the PCMCIA Management screen under Configure>Network in Expert mode to enable a remote user to call into the OnSite through an installed and configured GSM PCMCIA card. When you select GSM from the pull-down menu, the dialog box shown in the following figure appears.
Configuration>Network>PCMCIA Management Figure 6-75:GSM PCMCIA Card Configuration Dialog Box—Call Back T To Configure a GSM PCMCIA Card [Expert] 1. Install the GSM card and select “GSM” from the pull-down menu on the PCMCIA Management screen. See “To Begin Configuring a PCMCIA Card [Expert]” on page 306, if needed. The “Local IP,” “Remote IP,” and “Pin Number” fields and the “Call Back” check box appear on the Slot dialog box. 2. Enter an IP address in the “Local IP” field, if desired.
Configuration>Network>PCMCIA Management b. Enter a number for the OnSite to use to call back the GSM phone. 6. To configure authentication using OTP passwords, check the “Authentication One Time Password Required” checkbox. Note: OTP authentication works only if an OnSite administrator has performed the prerequisite configuration described in “One Time Password Authentication on the OnSite” on page 18. 7. Click OK. 8. Click “apply changes.
Configuration>Network>PCMCIA Management See “To Begin Configuring a PCMCIA Card [Expert]” on page 306, if needed. The “IP Address” and “Network Mask” fields appear on the Slot dialog box. 2. In the “IP address” field, enter the IP address to assign to the Ethernet port. 3. In the “Network Mask” field, enter the netmask to assign to the subnet. 4. Click OK. 5. Click “apply changes.
Configuration>Network>PCMCIA Management T To Configure a Compact Flash or Hard Disk PCMCIA Card [Expert] 1. Install the compact flash card or IDE card and select “Compact Flash / Hard Disk” from the pull-down menu on the PCMCIA Management screen. See “To Begin Configuring a PCMCIA Card [Expert]” on page 306, if needed. The “Enable” and the “Use for data buffering” checkboxes appear on the Slot dialog box. 2. Click the “Enable” checkbox. 3. If desired, check the “Use for data buffering” checkbox. 4.
Configuration>Network>PCMCIA Management T To Configure a Wireless LAN PCMCIA Card [Expert] 1. Install the wireless LAN card and select “Wireless LAN” from the pulldown menu on the PCMCIA Management screen. See “To Begin Configuring a PCMCIA Card [Expert]” on page 306, if needed. The “IP Address,” “Network Mask,” “MyPrivateNet (ESSID),” and Channel fields appear on the Slot dialog box. 2. In the “IP address” field, enter an IP address. 3. In the “Network Mask” field, enter the netmask for the subnet. 4.
Configuration>Network>PCMCIA Management Figure 6-79:CDMA PCMCIA Card Configuration Dialog As shown in Figure 6-79, the following appear on the CDMA configuration dialog: • • • • • • “Local IP” field “Remote IP” field “Speed” pull-down menu “Additional Initialization” field “Call Back” checkbox “Authentication One Time Password Required” checkbox When the “Call Back” checkbox is checked, the Phone Number field appears as shown in the following figure.
Configuration>Network>PCMCIA Management Figure 6-80:CDMA PCMCIA Card Configuration Dialog Box—Call Back T To Configure a CDMA PCMCIA Card [Expert] 1. Install the CDMA card and select “CDMA” from the pull-down menu on the PCMCIA Management screen. See “To Begin Configuring a PCMCIA Card [Expert]” on page 306, if needed. 2. Enter an IP address in the “Local IP” field, if desired. By default, the IP address of the OnSite is used. Only change the IP address if you have a specific reason to do so. 3.
Configuration>Network>PCMCIA Management 6. To configure authentication using OTP passwords, check the “Authentication One Time Password Required” checkbox. Note: OTP authentication works only if an OnSite administrator has performed the perquisites configuration described in “One Time Password Authentication on the OnSite” on page 18. 7. Click OK. 8. Click “apply changes.” Ejecting a PCMCIA Card Use the “Eject” button on the PCMCIA management screen to eject any PCMCIA card before physically ejecting it.
Configuration>Network>VPN Connections Configuration>Network>VPN Connections When Configuration>Network>VPN Connections is selected in Expert mode, a screen like the one shown in the following figure appears. Figure 6-81:Web Manager Configuration>Network>VPN Connections Screen An administrative user can use the screen to add a VPN connection or edit one that is already in the list. See “VPN on the OnSite” on page 54 for related background information.
Configuration>Network>VPN Connections Figure 6-82:VPN “New/Modify Connection” Dialog Box The OnSite is referred to as the Local or “Left” host, and the remote gateway is referred to as the Remote or “Right” host. If left and right are not directly connected, then you must also specify a NextHop IP address. The next hop for the left host is the IP address of the router to which the OnSite sends packets to get them delivered to the right host.
Configuration>Network>VPN Connections T To Configure VPN [Expert] To enable VPN, make sure that IPsec is also enabled. For details about the information you need to complete this screen, see Table 1-25, “Field and Menu Options for Configuring a VPN Connection,” on page 55, if needed. 1. Go to Configuration>Network>VPN Connections in Expert mode. The VPN Connections screen appears. 2. To edit a VPN connection, select the name, and click “Edit.” 3. To add a VPN Connection, click “Add.
Configuration>Network>SNMP 9. Click “apply changes.” Configuration>Network>SNMP Selecting Configuration>Network>SNMP in Expert mode brings up the screen shown in the following figure. Figure 6-83:Web Manager Configuration>Network>SNMP Screen An administrative user can use this screen to enable notifications about significant events or traps to be sent from the OnSite to an SNMP management application, such as HP Openview, Novell NMS, IBM NetView, or Sun Net Manager.
Configuration>Network>SNMP The values you need to complete the screen and associated dialog boxes are explained in the following table. Table 6-25: Fields and Menu Options for SNMP Configuration Field or Menu Option Description SysContact The email address of the OnSite’s administrator, for example, onsite_admin@cyclades.com. SysLocation The physical location of the OnSite. Community SNMP v1 and v2 only.
Configuration>Network>SNMP Clicking the “Add” or “Edit” buttons under “SNMPv1/SNMPv2 Configuration” brings up the New/Modify SNMP v1 v2 Configuration” dialog box, as shown in the following figure. Figure 6-84:“New/Mod SNMP v1 v2” Configuration Dialog Box Clicking the “Add” or “Edit” buttons under “SNMPv3 Configuration” brings up the New/Modify SNMP v3 Configuration” dialog box, as shown in the following figure.
Configuration>Network>SNMP The related tasks are listed in the following table. Table 6-26: Tasks for Configuring SNMP Task Where Documented Enable SNMP. “To Configure SNMP [Expert]” on page 326 Configure one or more serial ports to send SNMP traps. “To Configure a Trigger for SNMP Trap Notification for Serial Ports Expert]” on page 272 T To Configure SNMP [Expert] 1. Go to Configuration>Networks>SNMP in Expert mode. The SNMP screen appears. 2.
Configuration>Network>Firewall Configuration a. Enter the user name in the “User name” field. b. Enter the password in the “Password” field. 6. For any version of SNMP, do the following steps. a. Enter the unique object identifier for the object in the “OID” field. b. Choose “Read Only” or “Read/Write” from the “Permission” field. 7. Click OK. 8. Click “apply changes.
Configuration>Network>Firewall Configuration The list by default has three built-in chains, as shown in the previous figure. The chains accept all INPUT, FORWARD, and OUTPUT packets.
Configuration>Network>Firewall Configuration Figure 6-88:Firewall Configuration “Edit Chain” Policy Options User-defined chains cannot be edited. If a user-defined chain is selected for editing, the message shown in the following figure appears.
Configuration>Network>Firewall Configuration Figure 6-91:Firewall Configuration “Add Chain” Dialog Box Adding a chain only creates an named entry for the chain. Rules must also be configured for the chain after it is added to the list of chains. Firewall Configuration: Editing Rules If the “Edit Rules” button is pressed under Configuration>Network>Firewall Configuration in Expert mode, a screen appears with a list of headings like the one shown in the following figure.
Configuration>Network>Firewall Configuration Firewall Configuration: Options on the “Add Rule” and “Edit Rule” Dialog Boxes The “Add Rule” and “Edit Rule” dialog boxes under Configuration> Network>Firewall Configuration in Expert mode have the fields and options shown in the following figure.
Configuration>Network>Firewall Configuration Figure 6-95:Firewall Configuration “Add Rule” and “Edit Rule” Target Menu Options If the “LOG” and “REJECT” targets are selected, additional fields appear as described under “LOG Target” on page 242 and “REJECT Target” on page 243.
Configuration>Network>Firewall Configuration Figure 6-97:Firewall Configuration “Add Rule” and “Edit Rule” Protocol Menu Options The additional fields that appear for each protocol are explained in the following sections.
Configuration>Network>Firewall Configuration Figure 6-99:Firewall Configuration “Add Rule” and “Edit Rule” TCP Protocol Fields and Menu Options The following table defines the fields and menu options in the “TCP Options Section.” Table 6-27: TCP Options Fields and Menu Options on the Firewall Configuration Screen Field/Menu Option Definition Source Port - OR Destination Port -ANDto A source or destination port number for filtering in the “Source Port” or “Destination Port” field.
Configuration>Network>Firewall Configuration Table 6-28: UDP Options Fields in the Firewall Configuration Screen Source Port - OR Destination Port -ANDto A source or destination port number for filtering in the “Source Port” or “Destination Port” field. A source or destination port number for filtering in the “Source Port” field. If a second number is entered the “to” field, TCP packets are filtered for any port number within the range that starts with the first port number and that ends with the second.
Configuration>Network>Firewall Configuration Figure 6-101:Firewall Configuration “Add Rule” and “Edit Rule” ICMP Type Menu Options 336 AlterPath OnSite Administrator’s and User’s Guide
Configuration>Network>Firewall Configuration Firewall Configuration: Input Interface, Output Interface, and Fragments If an interface (such as eth0 or eth1) is entered in the “Input Interface” field, incoming packets are filtered for the specified interface. If an interface is entered in the “Output Interface” field, outgoing packets are filtered for the specified interface. The input and output interface fields are shown in the following figure along with the options on the “Fragments” pull-down menu.
Configuration>Network>Firewall Configuration Firewall Configuration: LOG Target Note: If you select “LOG” from the “Target” field, the fields and menus shown in the following figure appear in the “LOG Options Section” at the bottom of the screen. Figure 6-103:Firewall Configuration “Add Rule” and “Edit Rule” LOG Target Fields The following table defines the menu options, field, and checkboxes in the “LOG Options Section.
Configuration>Network>Firewall Configuration Firewall Configuration: REJECT Target If REJECT is selected from the Target pull-down menu, the following pulldown menu appears Figure 6-104:Firewall Configuration “Add Rule” and “Edit Rule” REJECT Target Menu Options Any “Reject with” option causes the input packet to be dropped and a reply packet of the specified type to be sent.
Configuration>Network>Firewall Configuration Note: Spaces are not allowed in the chain name. The name of the new chain appears in the list. 4. Finish defining the chain by adding one or more rules, as described in to “To Add a Rule” on page 245. T To Edit a Chain [Expert] Perform this procedure if you want to change the policy for a default chain. Note: User-defined chains cannot be edited. If you want to rename a chain you added, delete it and create a new one. 1.
Configuration>Network>Firewall Configuration T To Edit a Rule [Expert] 1. Go to Configuration>Network >Firewall Configuration in Expert Mode. 2. Select the chain whose rule you want to edit from Chain list, and then click the “Edit Rules” button. The “Edit Rules” screen appears. 3. Select the rule to be edited from the Rules list, and then click the “Edit” button. The “Edit Rule for chain_name” dialog box appears. 4. Modify the rule as desired.
Configuration>Network>Host Tables Configuration>Network>Host Tables Selecting Configuration>Network>Host Tables in Expert mode brings up the screen shown in the following figure. Figure 6-105:Web Manager Configuration>Host Tables Screen An administrative user can use the screen to add, and edit or delete hosts. T To Define the OnSite’s IP Address and Hostname [Expert] 1. Go to Configuration>Network>Host Table in Expert mode. The Host Table screen appears. 2.
Configuration>Network>Static Routes Configuration>Network>Static Routes Selecting Configuration>Network>Static Routes in Expert mode brings up the screen shown in the following figure. Figure 6-106:Web Manager Configuration>Network Static Routes Screen An administrative user can use the screen to manually add static routes or edit or delete existing routes. Clicking the “Edit” or “Add” buttons brings up a screen like the one shown in the following figure.
Configuration>Network>Static Routes Figure 6-107:Static Routes “Add” and “Edit” Fields and Menu Options— Default Route The following figure shows the fields and menus that appear when the “Network” route type is selected in the “Route” pull-down menu. Figure 6-108:Static Routes “Add” and “Edit” Fields and Menu Options— Network Route The following figure shows the fields and menus that appear when the “Host” route type is selected in the “Route” pull-down menu.
Configuration>Network>Static Routes Figure 6-109:Static Routes “Add” and “Edit” Fields and Menu Options— Host Route The following table describes the fields that appear when you select the “Edit” or “Add” buttons. Table 6-30: Fields and Menus for Configuring Static Routes Field or Menu Name Definition Route Choices are “Default,” “Network,” or “Host.” Network IP This field appears only when “Network” is selected. Type the address of the destination network.
Configuration>Network>Static Routes T To Configure Static Routes [Expert] See Table 6-30, “Fields and Menus for Configuring Static Routes,” on page 345 if needed. 1. Go to Configuration>Network>Static Routes in Expert Mode. The Static Routes screen appears. • To edit a static route, select a route from the “Static Routes” list, and then select the “Edit” button. • To add a static route, select the “Add” button from the screen. The system invokes the New/Modify Route dialog box. 2.
Configuration>System Configuration>System Selecting Configuration>System in Expert mode brings up three options in the left menu as shown in the following figure.
Configuration>System>Time/Date If “Disable” is selected from the Network Time Protocol menu, manual configuration includes configuring the timezone and manually entering the date and time. Configuring the timezone is done in either one of the two ways listed in the following list. • Click the “Edit Custom” button See “Custom Editing the Time Zone” on page 348. • Select from the “Timezone” menu See “Selecting From the Timezone Menu” on page 349.
Configuration>System>Time/Date Selecting From the Timezone Menu The “Timezone” menu is shown in the following figure. Figure 6-113:Web Manager>Configuration>System>Time/Date Menu T To Configure the Time Zone [Expert] 1. Go to Configuration>System>Time/Date in Expert mode. The Time/Date screen appears. 2. Do one of the following to configure the timezone. a. Select a timezone from the “Enable Timezone:” pull-down menu. b.
Configuration>System>Time/Date ii. Enter an acronym in the “Standard Time Acronym” field. iii. Enter the number of hours and minutes off Greenwich Mean Time in the “GMT off” field. iv. If desired, check the “Enable daylight saving time” checkbox. v. Click OK. 3. Go to one of the procedures listed below to configure the time. • “To Configure Time and Date [Expert]” on page 350.
Configuration>System>Boot Configuration 3. To configure time and date manually, do the following steps. a. Select “Disable” from the Network Time Protocol menu. The “Date” and “Time” fields appear. b. Enter the month, day, and year under the “Date” header. c. Enter the hour, minute, and second under the “Time” header. 4. Click “apply changes.
Configuration>System>Boot Configuration Local Boot Options To understand the “Unit boot from” options, the administrative user need to understand how the OnSite handles software upgrades: • • The OnSite initially boots from a software image referred to as “image1.” The first time you download and install a new software version from Cyclades, the new image is stored as “image2” in the Flash memory and the configuration is changed to boot the OnSite from “image 2.
Configuration>System>Boot Configuration Backup Configuration Information” for where these advanced configuration options are described. To boot from a boot server, the administrative user can select “Network” and configure a boot server. For network boot to work, make sure the following prerequisites are done. • • A TFTP server must be available to the OnSite on the network. An upgraded OnSite boot image file must be downloaded from Cyclades and available on the boot server.
Configuration>System>Boot Configuration Table 6-31: Boot Configuration Fields and Options Field or Value Name Description Fast Ethernet The speed of the Ethernet connection: Auto Negotiation, 100 BaseT Half-Duplex, 100 BaseT Full-Duplex, 10 BaseT Half-Duplex, 10 BaseT Full Duplex. Fast Ethernet Max Interrupt Events An alternate number of maximum interrupt events to improve performance (0 is the default).
Configuration>System>Online Help Configuration>System>Online Help Selecting Configuration>System>Online Help in Expert mode brings up a screen like the one shown in the following figure. Figure 6-116:Web Manager Configuration>System>Online Screen The Help button on the Web Manager locates the help files in the location that is configured here. By default, the OnSite help is located at the Cyclades web site at http://www.cyclades.com/online-help/onsite/ v_1.1.0.
Configuration>System>Online Help T To Configure a New Location for OnSite Help Files 1. Download the compressed help file from ftp.cyclades.com. The pathname of the file is ftp://ftp.cyclades.com/pub/ cyclades/alterpath/onsite/doc/ OnSite_online_hlp.zip. 2. Extract the help files and put them into the desired directory under the web server’s root directory on a web server that is accessible to the OnSite.
Information 5. Click “apply changes.” Information Under “Information” in Expert mode, four options appear in the left menu, as shown in the following figure. Figure 6-117:Web Manager Information Menu Options An administrative user can use the Information menu options view various types of information, as described in the following sections.
Information>General Information>General Selecting Information>General in Expert mode brings up an information screen like the one in the following figure.
Information>General Administrative users can view information in the following categories on the screen shown in Figure 6-118: • • • • • • System (kernel version, date, uptime, power supply state, system MAC address) CPU (number, clock speed, revision, bogomips) Memory (total, free, shared, buffers, cached, swapcached, active, inactive, high total, high free, low total, low free, swap total, swap free) PCMCIA (for each slot, the following about each inserted card: identity and configuration status) Fan St
Information>KVM User Status Information>KVM User Status Selecting Information>KVM User Status in Expert mode brings up the screen shown in the following figure. Figure 6-119:Web Manager Information>KVM User Status Screen Administrative users can use this screen to view the status of the one or two users who may be connected to KVM ports. See “Understanding KVM Port Permissions” on page 32 for details about how many KVM users can be connected at the same time, either locally or remotely.
Information>Serial Ports Status Information>Serial Ports Status Selecting Information>Serial Port Status in Expert mode brings up the screen shown in the following figure. Figure 6-120:Web Manager Information>Serial Port Status Screen The screen displays status information about serial port connections in the following categories: • • • • Port Number Alias RS232 Signal Status Current User(s) T To View Serial Port Status [Expert] 1. Go to Information>Serial Port in Expert mode. 2.
Information>Serial Ports Statistics Information>Serial Ports Statistics Selecting Information>Serial Port Statistics in Expert mode brings up the screen shown in the following figure. Figure 6-121:Web Manager Information>Serial Port Statistics Screen An administrative user can use this screen to view serial ports statistics: including baud rate, transfer and response bytes T To View Serial Port Statistics [Expert] 1. Go to Information>Serial Port Statistics Expert mode. 2.
Management Management Under “Management” in Expert mode, six options appear in the left menu, as shown in the following figure. Figure 6-122:Web Manager Management Menu Options An administrative user can use the Information menu options view various types of information, as described in the following sections.
Management>Backup Configuration • • • • OnSite firmware (for upgrading the operating system kernel, configuration files, and applications like the Web Manager) AlterPath PM IPDU firmware KVM Terminator firmware Microcode for IP module(s)’ microcontroller(s) Note: Each OnSite has two or three PS2 translation microcontrollers. One microcontroller is for the Local User port. In addition, depending on the number of IP modules, the OnSite has either one or two microcontrollers for KVM over IP users.
Management>Backup Configuration The “Save” and “Load” buttons appear when either the “FTP” and the “Storage Device” menu options are selected. The “Save” button saves the configuration, and the “Load” restores a previously-saved copy of the configuration files from the selected device. The previous figure shows the fields that appear when “FTP” is selected from the “Type” pull-down menu. The following table describes the information to enter when FTP is selected.
Management>Firmware Upgrade T To Back Up or Download the OnSite Configuration Files [Expert] 1. Go to Management>Backup Configuration in Expert mode. The Backup Configuration screen appears. 2. Select either “FTP” or “Storage Device” from the “Type” pull-down menu. 3. If you selected “FTP,” do the following steps. a. Enter the IP address of the FTP server in the “Server IP” field. b. Enter the path of a directory on the FTP server where you have write permissions in the “Path and Filename” field. c.
Management>Firmware Upgrade An administrative user can use the screen to upgrade the OnSite’s operating system kernel, applications, and configuration files, which are collectively referred to as “firmware” in Cyclades management interfaces. The screen collects information used to automatically download software from an FTP server and to install the software on the OnSite. The following table defines the information you need to supply on the screen.
Management>Firmware Upgrade T To Find the Cyclades Pathname for Software or Microcode Upgrades [Expert] Perform this procedure to do the following: • • Find the correct filename for the latest release of the OnSite’s operating system kernel, applications, and configuration files, which are collectively referred to as “firmware” in the Cyclades management interfaces.
Management>Firmware Upgrade 5. If upgrading the microcode on microcontrollers that translate PS2 signals, take a note of the filename that starts with KVMswitch and has the .bin suffix and go to “To Download Microcode From an FTP Server [Expert]” on page 372. 6. If upgrading the microcode for IP modules take a note of the filename that starts with a series of numbers separated by dots, for example, 1.0.6.0-05.09.01.6bin, and go to “To Download Microcode From an FTP Server [Expert]” on page 372.
Management>Microcode Upgrade 8. Click “cancel changes” (to restore the backed up configuration files). Management>Microcode Upgrade Selecting Management>Microcode Upgrade in Expert mode brings up the screen shown in the following figure. Figure 6-126:Web Manager Management>Microcode Upgrade Screen As shown in Figure 6-126, if the KVM Terminator radio button is selected, a list of KVM ports appears.
Management>Microcode Upgrade Table 6-34: Microcode Filename Formats, Terminology, and Component (Continued) Target Name on Screen Filename Format Component KVM Switch (internal) KVMswitch_vNNN.bin PS2 translation controller for the KVM over IP module (also called the IP module) and for Local User connections KVM Video Compression Modules N.N.N.N-YY.MM.DD.N.bin IP module The actual pathname components must be entered in the “Directory” and “File Name” fields.
Management>Microcode Upgrade Table 6-35: Microcode Upgrade Field Names and Definitions (Continued) Field Name Definition File Name The file name of the microcode for the “Target,” as described in Table 6-34 on page 370. T To Download Microcode From an FTP Server [Expert] 1. Go to Management>Microcode Upgrade in Expert mode. The Microcode screen displays. 2. Click the radio button next to the “Target” whose microcode you want to update. 3.
Management>Microcode Reset Management>Microcode Reset Selecting Management>Microcode Reset in Expert mode brings up the screen shown in the following figure. Figure 6-127:Web Manager Management>Microcode Reset Screen As shown in Figure 6-127, if the KVM Terminator radio button is selected, a list of KVM ports appears. An administrative user must use this screen to reset the microcode after an upgrade.
Management>Reboot 4. To reset the microcode on an IP module, select the radio button next to “KVM Video Compression Modules.” 5. Click the “Reset Now” button. Management>Reboot Selecting Management>Reboot in Expert mode brings up the Reboot screen shown in the following figure. Figure 6-128:Web Manager Management>Reboot Screen Clicking the “Reboot” button reboots the OnSite. T To Reboot the OnSite [Expert] 1. Go to Management>Reboot in Expert mode. 2. Click the Reboot button.
Chapter 7 OSD for All User Types This chapter describes how to access, navigate, and use the onscreen display (OSD) application. This chapter covers the topics shown in the following table.
Configuring Users and Groups [OSD] Page 458 Configure>Users and Groups Screens [OSD] Page 450 Configuring Users and Groups [OSD] Page 458 Configure>Syslog Screens [OSD] Page 466 Configure>PCMCIA Screens [OSD] Page 466 Configure>Authentication Screens [OSD] Page 470 Configuration>Save/Load Configuration Screens [OSD] Page 477 Configure>Date/Time [OSD] Page 480 Configuring PCMCIA Cards [OSD] Page 487 Configuring the Saving and Restoring of Configuration Files [OSD] Page 488 Configuring Aut
Accessing the OSD Accessing the OSD Local OnSite administrators and authorized users can access the OSD through the Local User station, which is a keyboard, monitor, and mouse directly connected to the OnSite. The following figure illustrates a Local User station connected to the keyboard, video and mouse connectors on the back. Local user The following bulleted items describe rules and restrictions for OSD access. • • • • • • • OnSite administrative users can access all OSD functions.
Accessing the OSD The following table lists tasks performed using the OSD and provides links to where they are documented.
Logging Into the OSD Logging Into the OSD The OSD login screen appears when the connected monitor is on. Figure 7-1: OSD Login Screen When an OnSite administrator logs in, the Main Menu appears, as shown in the following screen example. (Some of the menu options are not visible.) Figure 7-2: OSD Main Menu See “OSD Main Menu Options for the Administrator” on page 383 for a list of all the Main Menu options and links to where they are documented. Regular users can access KVM ports through the OnSite.
Logging Into the OSD Figure 7-3: OSD Connection Menu The Connection Menu includes the Exit option, and it also includes the Cycle option if the logged in user has permission to access two or more ports, as shown in the following screen example. Figure 7-4: OSD Connection Menu With Cycle and Exit Options See “Connection Menu” on page 89 for more details. T To Log Into the OSD 1. Turn on the monitor that is connected to the Local User port on the OnSite. 2. Enter the Login name. 3. Enter the Password.
Navigating the OSD Navigating the OSD Users can use navigation keys to move between the OSD screens and to make menu selections as described in the following sections: • • “Basic OSD Navigation Keys” on page 381 “Common OSD Navigation Actions” on page 382 Note: The escape (Esc) key can be used at any point to exit from the current screen.
Power Management Through the OSD Common OSD Navigation Actions The “Action” column in Table 7-3 shows wording used to refer to common actions performed while working in the OSD. The “OSD Equivalent” column describes the keys to use in the OSD screens to perform the actions. Table 7-3: Performing Common OSD Navigation Actions Action OSD Equivalent Select button_name Tab or use one of the arrow keys to get to the button and press “Enter.
OSD Fan Failure Warning Power Management While Connected to a KVM Port (OSD) Both administrative users and authorized users can perform power management while connected to a KVM port. Power management while connected is the same whether the KVM port connection was made through the OSD or the Web Manager. See “Power Management” on page 76 for the prerequisites that must be complete before anyone can perform power management while connected and for the procedures.
Power Management Menu [OSD] Table 7-4: OSD Main Menu Options Menu Selection Purpose Where Documented Reboot Reboot the OnSite. “Reboot [OSD]” on page 499 Power Management Menu [OSD] Choosing “Power Management” from the OSD Main menu brings up the Power Management screen as shown in the following figure. Figure 7-5: OSD Power Management Screen The screen displays a list of all outlets on all AlterPath PM IPDUs connected to the OnSite.
Power Management Menu [OSD] Figure 7-6: Outlet Status Screen—Outlet Unlocked When an outlet is off and unlocked, the “On,” “Lock,” and “Cycle” options appear, as in the following figure. Figure 7-7: Outlet Status Screen—Outlet Off and Unlocked When an outlet is on and locked, only the “Unlock” option appears, as shown in the following figure. To Power On, Power Off, Lock, Unlock, or Cycle Power Outlets [OSD] Follow this procedure to manage power outlets on connected and configured IPDUs.
Configure Menu Overview [OSD] 4. Select On, Off, Lock, Unlock, or Cycle as appropriate. 5. To change the status of other outlets, repeat steps 2 and 3. 6. Hit Esc until you get to the next menu you want to access. Configure Menu Overview [OSD] An administrative user can select “Configure” from the OSD Main Menu brings up the Configuration Menu. The Configuration Menu provides a number of options, as shown in the following screen.
Configure Menu Overview [OSD] Table 7-5: OSD Configuration Menu Options (Sheet 2 of 3) Menu Selection Purpose Where Documented Date/Time Enable/disable NTP or manually configure the system date and time. “Configure>Network> Date/time Screens [OSD]” on page 426 User station Configure the Local User station’s idle timeout, screen saver time, cycle time, keyboard type, and the various escape sequences for the current workstation.
Understanding OSD Configure Screen Series Table 7-5: OSD Configuration Menu Options (Sheet 3 of 3) Menu Selection Purpose Where Documented Save/Load Config Permanently save configuration changes, load stored a configuration or restore the configuration to factory default values. “Configure>Date/Time [OSD]” on page 480 Exit Exit from the menu.
Configure>General Screens [OSD] Note: The Save button on every screen saves configuration changes into the configuration files. To permanently back up all configuration changes so they can be restored after an upgrade, you must also select “Save/Load Conf.” from the Configuration Menu. See “How Configuration Files Changes Are Managed” on page 574 for more details. See “Navigating the OSD” on page 381, if needed, for how to use the Tab key and other keys to move around the screens in the OSD.
Configure>General Screens [OSD] Table 7-6 gives a brief description of the sequence of General configuration screens. Table 7-6: Configure>General Screens [OSD] (Sheet 1 of 2) Screen Description Authentication Type The authentication type that applies to direct KVM port logins from the Web Manager login screen: None, Local, Radius, TacacsPlus, Kerberos, LDAP, RadiusDownLocal, TacplusDownLocal, KerberosDownLocal, LdapDownLocal, NTLM(Win NT/2k/2k3), and NTLMDownLocal.
Configure>General: Authentication Type Screen Table 7-6: Configure>General Screens [OSD] (Sheet 2 of 2) Screen Description IP Security Level The level of encryption: “None,” “Kbd/Mouse”—encrypt keyboard and mouse data,” or “Video/Kbd/Mouse”—encrypt data from the keyboard, video, and mouse. DES Selecting “Yes” enables and “No” disables 3DES encryption. Direct Access Selecting “Yes” enables and “No” disables direct access to KVM ports from the Web Manager login screen.
Configure>General: Syslog Facility Screen configured for the selected type of method. See “OnSite Authentication Options” on page 7 for an overview of authentication on the OnSite, if needed. T To Configure an Authentication Type for Direct KVM Port Access 1. Go to: Configure>General>Authentication Type. The Authentication type screen appears. 2. On the Authentication Type screen, select an authentication type.
Configure>General: Sun Keyboard Screen can change the first portion of the hot keys. See “Configuring Keyboard Shortcuts (Hot Keys)” on page 63 for more details. T To Define the Escape Sequence for AlterPath Viewer Hot Keys [OSD] 1. Go to: Configure>General>Authentication Type>Syslog Facility>Escape Sequence. The “Escape sequence” screen appears. 2. Enter the key sequence to be used as the first portion of all AlterPath Viewer hot keys.
Configure>General: 3DES Screen 2. On the IP Security screen, select the IP security level (None, Keyboard/ Mouse, or Keyboard/Video/Mouse). 3. Save the changes. Configure>General: 3DES Screen You can use the 3DES OSD screen to configure 3DES encryption for communications between the OnSite and the remote user connected to a KVM port. The default is RC4. T To Enable or Disable 3DES Encryption [OSD] 1.
Configure>Network Menu Options [OSD] Note: Do not use reserved port numbers 1 through 1024. T To Assign Alternate TCP Port Numbers for the AlterPath Viewer [OSD] 1. Go to: Configure>General>Authentication Type>Syslog Facility> Escape Sequence>Sun Keyboard>IP Security Level >3DES>Direct Access>TCP Viewer Port. The “TCP Port” screen appears. 2.
Configure>Network Menu Options [OSD] Selecting Network brings up the Network Configuration Menu. The Network Configuration Menu provides a number of options, as shown in the following screen. Figure 7-12:OSD Networking Configuration Menu Not all the options are visible. The following diagram lists the names of all the configuration options accessed from the Configure>Network menu.
Configure>Network>Network Screens [OSD] Configure>Network>Network Screens [OSD] An administrative user can select the Network option from the Network Configuration menu to configure DHCP or configure a fixed IP address and other basic network parameters. Figure 7-14:Selecting Network From the OSD Network Configuration Menu The following diagram lists the names of the series of configuration screens accessed under Configure>Network>Network.
Configure>Network>Network Screens [OSD] Table 7-7 gives a description of all the related configuration screens. Table 7-7: Network Configuration Screens [OSD] (Sheet 1 of 2) Screen Description DHCP Enable or disable DHCP. When you select “enabled,” the screen shown in the following figure appears. “active” saves the changes to the configuration files. “active and save” overwrites the backup configuration files and makes the changes permanent.
Configure>Network>Network Screens [OSD] Table 7-7: Network Configuration Screens [OSD] (Sheet 2 of 2) Screen Description DNS Server The IP address for the DNS server. Domain The domain name. Hostname The hostname for the OnSite. T To Configure Basic Networking [OSD] 1. From the OSD Main Menu, go to Configure>Network. The Network Menu appears. 2. From the Network Menu, select Network again. The DHCP screen appears. 3. To enable DHCP, do the following steps. a. Select the “enabled” option. b.
Configure>Network>SNMP Screens [OSD] b. Press Enter. The IP address screen appears. c. Enter the IP address for the OnSite and go to the next screen. The Netmask screen appears. d. Enter the netmask (in the form 255.255.255.0) and go to the next screen. The Gateway screen appears. e. Enter the IP address for the gateway and go to the next screen. The DNS Server screen appears. f. Enter the IP address for the DNS server and go to the next screen. The Domain screen appears. g.
Configure>Network>SNMP Screens [OSD] Configure — Network — SNMP — SysContact — SysLocation — Access Control — SNMPv1/2 — Add | Edit — Community — Source — OID — Permission — Read-Only — Read-Write — Delete — Exit — SNMPv3 — Add | Edit — Username — Password — OID — Permission — Read-Only — Read-Write — Delete — Exit — Exit — Exit Figure 7-17:OSD Configure>Network>SNMP Screens See “SNMP on the OnSite” on page 53 for details. Table 7-8 gives a brief description of all the SNMP configuration screens.
Configure>Network>SNMP Screens [OSD] Table 7-8: SNMP Configuration Screens [OSD] (Sheet 2 of 3) Screen Description SysLocation The physical location of the OnSite. Access Control Choices are SNMP v1/2 or SNMP v3. SNMP Configuration Appears when either SNMP v1/2 or SNMP v3 is selected. Choices are “Add,” “Edit/Delete,” or “Exit.
Configure>Network>VPN Screens [OSD] Table 7-8: SNMP Configuration Screens [OSD] (Sheet 3 of 3) Screen Description SNMPv1/v2 or v3 OID Object Identifier. Each managed object has a unique identifier. SNMPv1/v2 or v3 Permission Choices are “Read-Only” and “Read-Write.” Read Only - Read-only access to the entire MIB (Management Information Base) except for SNMP configuration objects. Read/Write - Read-write access to the entire MIB except for SNMP configuration objects. SNMPv3 Username User name.
Configure>Network>VPN Screens [OSD] configured VPN connection. See “VPN on the OnSite” on page 54 for additional details. Figure 7-18:Selecting VPN from the Network Configuration Menu Selecting VPN under Configuration>Network brings up the VPN Configuration Menu. The VPN Configuration Menu provides the options shown in the following screen.
Configure>Network>VPN Screens [OSD] Configure — Network — VPN — Add | Edit — Connection Name — Protocol — ESP — AH — Local ID — Local IP — Local Nexthop — Local Subnet — Remote ID — Remote IP — Remote Nexthop — Boot Action — Ignore — Add — Start — Shared Key — Delete — Exit Figure 7-20:OSD Configure>Network>VPN Options and Screens Table 7-9 gives a brief description of the VPN configuration screens series under Add and Edit.
Configure>Network>VPN Screens [OSD] Table 7-9: VPN Configuration Screens [OSD] (Sheet 2 of 3) Screen Description Local ID The hostname of the OnSite, referred to as the “local” host. Local IP The IP address of the OnSite. Local NextHop The router through which the OnSite sends packets to the host on the other side. Local Subnet The netmask of the subnetwork where the OnSite resides, if applicable.
Configure>Network>VPN Screens [OSD] Table 7-9: VPN Configuration Screens [OSD] (Sheet 3 of 3) Screen Description Remote IP The IP address of the remote host or security gateway. Remote Nexthop The IP address of the router through which the host on the other side sends packets to the OnSite. Remote Subnet The netmask of the subnetwork where the remote host or security gateway resides, if applicable. Boot Action Choices are “Ignore,” “Add,” and “Start.” “Ignore” means that VPN connection is ignored.
Configure>Network>IP Filtering Screens [OSD] Configure>Network>IP Filtering Screens [OSD] An administrative user can select the IP Filtering option from the Network Configuration menu to configure the OnSite to filter packets like a firewall. See “Packet Filtering on the OnSite” on page 65 for details. Selecting IP Filtering under Configure>Network brings up the “Filter Table.
Configure>Network>IP Filtering Screens [OSD] Figure 7-21:OSD Configure>Network>IP Filtering Screens OSD for All User Types 409
Configure>Network>IP Filtering Screens [OSD] The following table shows the IP filtering screens. Table 7-10: IP Filtering Configuration Screens [OSD] (Sheet 1 of 6) Screen Description Filter Table Lists the default chains along with any administrativelyconfigured chains, the “Add Chain,” and the “Exit” options. Chain Name Only appears when “Add Chain” is selected.
Configure>Network>IP Filtering Screens [OSD] Table 7-10: IP Filtering Configuration Screens [OSD] (Sheet 2 of 6) Screen Description Chain CHAIN_NAME Edit options Appears when a default chain is selected and the “Edit Chain” option is chosen from the Chain - Chain_name menu. Defines the default action to take on packets of this type. Choices are “Accept” or “Drop.
Configure>Network>IP Filtering Screens [OSD] Table 7-10: IP Filtering Configuration Screens [OSD] (Sheet 3 of 6) Screen Description User Chain Appears when “User Defined Chain” is selected from the “Target” menu. Choices are: “INPUT,” and “FORWARD.” Source IP The IP address of the source of an input packet. Source Mask The netmask of the subnetwork where an input packet originates. Destination IP The IP address of an output packet’s destination.
Configure>Network>IP Filtering Screens [OSD] Table 7-10: IP Filtering Configuration Screens [OSD] (Sheet 4 of 6) Screen Description Protocol Choices are “All,” “Numeric,” “TCP,” “UDP,” “ICMP.” Protocol Number Appears only if “Numeric” is selected from the “Protocol” menu. Source Port Appears only if “TCP” or “UDP are selected from the “Protocol” menu. The source port number. Destination Port Appears only if “TCP” or “UDP are selected from the “Protocol” menu. The destination port number.
Configure>Network>IP Filtering Screens [OSD] Table 7-10: IP Filtering Configuration Screens [OSD] (Sheet 5 of 6) Screen Description ACK Flag “ACK” (acknowledge), appears only if “TCP” is selected from the “Protocol” menu. Options are “Any,” “Set,” “Unset.” URG Flag “URG” (urgent), appears only if “TCP” is selected from the “Protocol” menu. Options are “Any,” “Set,” “Unset.” FIN Flag “FIN” (finish), appears only if “TCP” is selected from the “Protocol” menu. Options are “Any,” “Set,” “Unset.
Configure>Network>IP Filtering Screens [OSD] Table 7-10: IP Filtering Configuration Screens [OSD] (Sheet 6 of 6) Screen Description Output Interface Appears only if “All,” “Numeric,” “TCP,” “UDP,” or “ICMP are selected from the “Protocol” menu. Fragments Appears only if “All,” “Numeric,” “TCP,” “UDP,” or “ICMP are selected from the “Protocol” menu. ICMP Type Appears only if ICMP is selected from the “Protocol” menu. Choices are listed in Table 7-11 on page 416.
Configure>Network>IP Filtering Screens [OSD] ICMP Type Options are listed in the following table.
Configure>Network>Hosts Screens [OSD] Configure>Network>Hosts Screens [OSD] An administrative user can select the Hosts option from the Network Configuration menu to configure hosts. Selecting Hosts under Configure>Network brings up the “Hosts List” action menu, as shown in the following figure. An administrative user can select the options on this menu to add, edit, or delete host entries. Selecting “Edit” or “Delete Entry” brings up the “Select a host” screen shown in the following figure.
Configure>Network>Hosts Screens [OSD] Configure — Network — Hosts — Add | Edit — Select a host [Edit only] — IP — Name — Alias — Delete — Select a host Figure 7-22:OSD Configure>Network>Hosts Screens See “Configure>Network>Hosts Screens [OSD]” on page 417 for more information. The following table shows the screens for the Add and Edit options.
Configuring Hosts [OSD] Configuring Hosts [OSD] An administrative user can use the Configure>Network>Hosts screen to configure hosts. T To Edit a Host [OSD] 1. Go to: Configure>Network>Hosts. The “Hosts List” screen appears. 2. Select “Edit Entry.” The Select a Hosts screen appears. 3. Select a hostname from the list. The IP screen appears. 4. If desired, change the IP address of the selected host. The Name screen appears. 5. If desired, change the hostname. The Alias screen appears. 6.
Configure>Network>Static Routes Screens [OSD] Configure>Network>Static Routes Screens [OSD] An administrative user can select the Static Routes option from the Network Configuration menu to configure static routes. If judiciously used, static routes can sometimes reduce routing problems and routing traffic overhead.
Configure>Network>Static Routes Screens [OSD] Configure — Network — Static Routes — Add | Edit Entry — Select a route [Edit option only] — Host or Net Route [Select host | net | default] — Target [host and net options only] — Netmask [net option only] — Gateway or Device — Gateway (gw) — Gateway — Metric — Network Device (dev) — Device — Metric — Delete Entry — Select a route Figure 7-23:OSD Configure>Network>Static Routes Screens The following table shows the static routes screens that appear when one of
Configuring Static Routes [OSD] Table 7-13: Static Routes Screens [OSD] (Sheet 2 of 2) Screen Description Netmask Appears only when “net” is selected from the “Host or Net Route” screen. Netmask for the destination. Gateway or Device Two options are: “Gateway (gw)” or “Network Device (dev).” Gateway Appears only when “Gateway (gw)” is selected from the “Gateway or Device” menu. Gateway IP address. Device Appears only when “Network Device” is selected from the “Gateway or Device” menu.
Configuring Static Routes [OSD] T To Add a Static Route [OSD] 1. Go to Configure>Static Routes. The Static Routes Action screen appears. 2. Select Add. The Host or Net Route screen appears 3. To add a host route, do the following: a. Select “host” and press Enter. The “Target” screen appears. b. On the “Target” screen, enter the IP address for the host. The “Gateway or Device” screen appears c. If you select “Gateway,” go to Step 6 d. If you select “Network Device,” go to Step 7 4.
Configuring Static Routes [OSD] 6. To add a static route to a gateway, do the following: a. Select “Gateway,” and press Enter. The “Gateway,” screen appears. b. Enter the gateway IP address. The “Metric” screen appears. c. Skip to Step c. 7. To add a static route to an interface, do the following: a. Select “Network Device” and press Enter. The “Device” screen appears. b. On the “Device” screen, enter the name of the interface and press Enter. The Metric screen appears c.
Configuring Static Routes [OSD] c. If you select “Gateway,” go to Step 6 d. If you select “Network Device,” go to Step 7 5. To add a network route, on the “Host or Net Route” screen do the following: a. Select “net” and press Enter. The “Target” screen appears. b. On the “Target” screen, enter the IP address. The “Netmask” screen appears. c. Enter the netmask. The “Gateway or Device” screen appears d. If you select “Gateway,” go to Step 6 e. If you select “Network Device,” go to Step 7 6.
Configure>Network>Date/time Screens [OSD] The “Metric” screen appears. 9. On the “Metric” screen, enter a metric. T To Delete a Static Route [OSD] 1. Go to: Configure>Static Routes. The “Static Routes Action” screen appears. 2. Select “Delete Entry.” The “Select a Route” screen appears. 3. Select a route to delete and press Enter to save changes.
Configure>User Station Screens [OSD] Configure — Date/time — NTP — enabled — NTP server — disabled — Date/time conf. — Date — Time Figure 7-24:OSD Configure>Date/time Screens If NTP is enabled, the following screen appears for entering the IP address of the NTP server. If NTP is disabled, the following series of two screens appears to allow you to enter the date and time manually.
Configure>User Station Screens [OSD] The following diagram lists the configuration screens accessed through the Configure>User station option. All the screens that appear after the “Keyboard type” screen are for optionally redefining the command key portion of AlterPath Viewer hot keys: “Quit,” “Power Management,” “Mouse/ Keyboard Reset,” “Video Configuration,” “Switch Next,” “Switch Previous,” and “Port Info.” See “Configuring Keyboard Shortcuts (Hot Keys)” on page 63 for details, if needed.
Configure>User Station Screens [OSD] Table 7-14: User Station Configuration Screens [OSD] (Sheet 2 of 3) Screen Description Scr. saver timeout The period of inactivity before the screen saver starts. Default = 10 minutes. Cycle time (sec) The number of seconds each server is viewed while the user is cycling from one port to another. Default = 5 seconds. See “To Cycle Through All Authorized KVM Ports” on page 96 for instructions on how to cycle through the servers.
Configure>User Station Screens [OSD] Table 7-14: User Station Configuration Screens [OSD] (Sheet 3 of 3) Screen Description Mouse/Keyboard Redefine the command key portion of the KVM connection mouse/keyboard reset hot key. Video Redefine the command key portion of the KVM connection video brightness and contrast hot key. Switch Next Redefine the command key portion of the AlterPath Viewer switch next hot key.
Configuring User Station Screens [OSD] Configuring User Station Screens [OSD] An administrative user can use the screens under Configure>User station to configure session parameters for the local user connection. Figure 7-26:Selecting OSD Configure>Date/time The following table lists the task available in the User Station screens and where to find more information. Task Where Documented Specify the period of inactivity before the session is ended. The default is three minutes.
Configuring User Station Screens [OSD] Task Where Documented Specify the type of keyboard connected to the Local User management port of the OnSite. “To Specify the Users Station Keyboard Type [OSD]” on page 435 • • • • • • • • US BR-ABNT BR-ABNT2 Japanese German Italian French Spanish Redefine the command key for the quit keyboard shortcut. “To Specify the User Station Quit Command Key [OSD]” on page 436 Redefine the command key for the power management keyboard shortcut.
Configure>User Station: Idle Timeout [OSD] Configure>User Station: Idle Timeout [OSD] The system logs out users after a defined period of inactivity. The default is three minutes. An administrative user can use the User Station>Idle Timeout screen to redefine the idle timeout minutes. Figure 7-27:Configure>User Station>Idle Timeout T To Specify the User Station Idle Timeout 1. Go to: Configure>User station The Idle Timeout screen appears. 2.
Configure>Users Station>Cycle Time [OSD] Figure 7-28:Configure>User Station: Scr. Saver Timeout T To Specify the User Station Screen Saver Idle Timeout Period 1. Go to: Configure>Users station>Idle Timeout>Scr. Saver Time. 2. Use the forward or back arrows at the end of the scale to adjust the time in minutes. 3. Select the next arrow button to go to the Cycle Time screen.
Configure>Users Station: Keyboard Type [OSD] 2. Use the forward or back button to adjust the time in minutes. 3. Select the next arrow button to go to the Keyboard Type screen. Configure>Users Station: Keyboard Type [OSD] An administrative user can use the keyboard type screen to configure the type of keyboard connected to the Local User management port of the OnSite. Figure 7-30:Configure>User Station: Keyboard Type Screen T To Specify the Users Station Keyboard Type [OSD] 1.
Configure>KVM Ports Screens [OSD] Figure 7-31:Configure>User Station: Quit Screen T To Specify the User Station Quit Command Key [OSD] 1. Go to: Configure>User Station>Idle Timeout>Screen Saver Time>Cycle Time>Keyboard Type>Quit. The Quit screen appears. 2. Type the letter to be used for the command key in the quit hot key. 3. Select the next arrow button to go to the Power Management screen.
Configure>KVM Ports Screens [OSD] The following table shows the KVM port configuration screens. Table 7-15: KVM Port Configuration Screens [OSD] (Sheet 1 of 2) Screen Description KVM ports Lists all KVM ports by their default names or administrativelydefined aliases. Active Choices are “Yes” and “No” to activate or deactivate the selected KVM port. Server name Allows you to assign a descriptive alias, such as the name of the server to which the selected KVM port is connected.
Configuring KVM Ports [OSD] Table 7-15: KVM Port Configuration Screens [OSD] (Sheet 2 of 2) Screen Description Power Outlet Allows you to enter one or more numbers that identify power outlet or outlets into which the server that is connected to this KVM port is plugged. When IPDUs are daisy-chained, the outlets on the second and subsequent IPDUs are numbered sequentially.
Configuring KVM Ports [OSD] • Type the first letters of the port name until the desired port is highlighted in the port list box. This field is case-sensitive. - OR • Select the desired port using the port list box. 3. Press Enter to go to the KVM Ports Active screen. T To Activate a KVM Port [OSD] 1. Go to: Configure>KVM Ports>Active. The KVM Ports Active screen appears. 2. Select Yes or No to activate or disable the currently selected port. 3.
Configure>Serial Ports Screens [OSD] a. To verify the new server name, select Save. The KVM Ports selection screen appears with new port alias listed. - OR b. Select the right arrow button to go to the Power Outlet screen. T To Enable Power Management Through a KVM Port [OSD] See “IPDU Power Management (OSD)” on page 382 for background information, if needed.
Configure>Serial Ports Screens [OSD] Note: The OSD does not support connecting to serial ports. However, authorized users can use the Web Manager to connect to a serial port once the serial port access permissions have been configured either using this screen or through the Web Manager. The following diagram lists the configuration screens accessed through the Configure>Serial ports option.
Configure>Serial Ports Screens [OSD] The following table shows the serial port configuration screens. Table 7-16: Serial Port Configuration Screens [OSD] (Sheet 1 of 4) Screen Description Serial ports Select a serial port. Type the first letters of the port name until the desired port is highlighted in the list, type capital A to highlight “All ports” (the port name field is case-sensitive), or select the desired port name or “All ports” from the list.
Configure>Serial Ports Screens [OSD] Table 7-16: Serial Port Configuration Screens [OSD] (Sheet 2 of 4) Screen Description Server alias Appears only when a single port is selected. Lets you assign a descriptive alias to the selected serial port, such as the name of the device to which the selected port is connected. The name must consist only of alpha-numeric characters, hyphens (-), and underscores (_).
Configure>Serial Ports Screens [OSD] Table 7-16: Serial Port Configuration Screens [OSD] (Sheet 3 of 4) Screen Description Config power outlet Appears only when a single port is selected. Allows you to enter one or more numbers that identify a power outlet or outlets where the device that is connected to this serial port is plugged. The power outlets must be on an IPDU that is physically connected to AUX ports 1 or 2 or to any serial port, and the ports must be configured for power management.
Configure>Serial Ports Screens [OSD] Table 7-16: Serial Port Configuration Screens [OSD] (Sheet 4 of 4) Screen Description Port permissions Choices are: “Port access list” or “Grant/Deny access.” By default, no regular users are authorized to access serial ports. To authorize regular users to access serial ports, the OnSite administrator must use this screen or the Web Manager. Selecting “Port access list” brings up the following Select user/group and Allow user/group screens.
Configuring Serial Ports [OSD] Configuring Serial Ports [OSD] An administrative user can use the “Serial Ports” screen to configure serial ports as follows: • • • • • • • Choose a connection protocol: telnet, ssh, raw, or power management Enable or disable one or all serial ports Assign an alias to one serial port at a time Enable power management on a serial port by an administrator who is connected to the serial port Set the baud rate for one or all serial ports Set user and group access permissions for
Configuring Serial Ports [OSD] The “Serial ports” menu appears with the name of the selected port displayed on the first line of the screen. 4. Go to “To Configure a Connection Protocol for a Serial Port [OSD]” on page 447 T To Configure a Connection Protocol for a Serial Port [OSD] 1. Select a serial port or all ports. See “To Select a Serial Port or Ports to be Configured [OSD]” on page 446, if needed. 2. Select “Connection Protocol” from the list of options.
Configuring Serial Ports [OSD] T To Enable Power Management Through a Serial Port [OSD] This procedure assumes the following: • • • • The device that is connected to the serial port currently being configured is plugged into one or more outlets on an IPDU The IPDU is physically connected to an AUX port or serial port on the OnSite The AUX port or serial port where the IPDU is connected has been configured for power management You know the number of the port where the IPDU is connected and the number(s) o
Configuring Serial Ports [OSD] T To Configure Who Can Access Serial Ports [OSD] After selecting a serial port, an administrative user can use the options on the “Port permissions” screen to grant or deny access by users or groups to a selected serial port or to all serial ports. By default, all users can access all serial ports. Adding a user or group to the port access list has the following effects: • • The user or group is granted access to the port unless the additional step is taken to deny access.
Configure>Users and Groups Screens [OSD] 9. Select “grant” or “deny” as desired. 10. Select “Apply” to save the changes. The “Port permissions” screen appears. 11. Select “Exit.” T To Specify an Authentication Method for Serial Ports [OSD] This procedure assumes you have already configured a server for the authentication method you assign in this screen. See “To Configure an Authentication Type for Direct KVM Port Access” on page 392 1. Select a serial port or all serial ports.
Configure>Users and Groups Screens [OSD] When “Users and Groups” is selected, the “Choose an option” screen appears, as shown in the following screen example. The “Local Users” option is for configuring users; the “Local Groups’ option is for configuring groups, and the “User Access Lists” option is for configuring users’ and groups’ access to KVM ports.
Configure>Users and Groups Screens [OSD] Configure — Users and groups — Local Users — Choose an option — Add User — Enter the username.
Configure>Users and Groups Screens [OSD] The following table shows the configuration screens that appear when the “Local Users” option is selected from the Users and Groups menu under Configure in the OSD. Table 7-17: Local Users Configuration Screens [OSD] (Sheet 1 of 2) Screen Description Choose an option Options are: “Add User,” “Change Password,” “Delete User,” or “Exit.” User Database Enter the username Appears only when “Add User” is selected.
Configure>Users and Groups Screens [OSD] Table 7-17: Local Users Configuration Screens [OSD] (Sheet 2 of 2) Screen Description Select the user Appears only when “Change Password” or “Delete User” are selected. When “Delete User” and then a username are selected, a confirmation screen like the following appears: The following table shows the configuration screens that appear when the “Local Groups” option is selected from the Users and Groups menu under Configure in the OSD.
Configure>Users and Groups Screens [OSD] Table 7-18: Local Groups Configuration Screens [OSD] (Sheet 2 of 2) Screen Description Enter the username When “Add user” or “Add user to group” are selected. To add multiple users, use a comma to separate each username. When the user is successfully added, the following confirmation screen appears. Delete user from group select group When “Del user from group” is selected.
Configure>Users and Groups Screens [OSD] administratively-configured users and groups. See “Understanding KVM Port Permissions” on page 32 for details. The following table shows the configuration screens related to setting KVM port access permissions when the “User Access List” option is selected from the Users and Groups menu under Configure in the OSD.
Configure>Users and Groups Screens [OSD] Table 7-19: User Access List KVM Port Permissions Configuration Screens [OSD] (Sheet 2 of 3) Screen Description Access list for username - select the server The access list includes the “Reset all,” “Default,” “Multiple servers,” and “Exit” options along with individual KVM ports. The “Default” option defines access permissions for all KVM ports, which apply unless the user has specific access permissions for any KVM ports.
Configuring Users and Groups [OSD] Table 7-19: User Access List KVM Port Permissions Configuration Screens [OSD] (Sheet 3 of 3) Screen Description Permissions for username: port_number or for username: followed by another Access list option, such as “Default” or “Multiple Servers” The permissions from this menu can be configured to be “Default” permissions for all ports, applied to Multiple Servers, or applied to a selected port.
Configuring Users and Groups [OSD] Task Where Documented Delete a group. “To Delete a Group [OSD]” on page 462 Add a user to the User Access List. “To Give a User Access to KVM Ports [OSD]” on page 463 Edit user or group permissions. “To Edit a User or Group’s Access to KVM Ports [OSD]” on page 464 Apply permissions to the Generic user group. “To Edit Permissions for the Generic User [OSD]” on page 465 Delete a user from the User Access List.
Configuring Users and Groups [OSD] T To Add a User [OSD] 1. Go to Configure>Users and Groups>Local Users>Add User. The Enter the Username screen appears. 2. Type in the username in the input box and press . Note: Usernames are case sensitive. The Enter the Password screen appears. 3. Enter the user’s password. Note: Passwords are case sensitive. The Confirm the Password screen appears. 4. Re-enter the password. 5. Click OK to return to the previous menu. T To Change a Password [OSD] 1.
Configuring Users and Groups [OSD] The system displays a message to confirm your deletion. 3. Click OK to return to the main menu. T To Configure Groups [OSD] 1. Go to: Configure>Users and Groups>Local Groups The Local Groups – Choose Option screen appears 2. Go to one of the group configuration tasks listed in the following table.
Configuring Users and Groups [OSD] 3. Enter the username of the user to add to the group and press “Enter.” To add multiple users, use a comma to separate each username. A confirmation message appears. 4. Click OK to return to the main menu. T To Delete a User from a Group [OSD] 1. Go to Configure>Users and Groups>Local Groups>Delete User from Group. The “Delete User from Group - Select Group” screen appears. 2. Select from the list the group that you wish to delete and press .
Configuring Users and Groups [OSD] 2. Choose from the following tasks: Task Where Documented/Notes Specify KVM port access permissions for a user “To Give a User Access to KVM Ports [OSD]” on page 463 Edit user or group permissions “To Edit a User or Group’s Access to KVM Ports [OSD]” on page 464 Apply permissions to the Generic user group. “To Edit Permissions for the Generic User [OSD]” on page 465 Delete a user from the User Access List.
Configuring Users and Groups [OSD] T To Edit a User or Group’s Access to KVM Ports [OSD] 1. Go to Configure>Users and Groups>User Access List. 2. On the “User Access List - Select the User” screen, select the user or group and press “Enter.” The “Access List for User - Select the Server” screen appears. 3. To choose default permissions for the selected user or group, choose “Default” from the list. 4.
Configuring Users and Groups [OSD] • w – Write • p – Power. 8. To reapply the default permissions to a particular user or group, select “Reset All.” The following screen appears. The system default gives Read and Write permission on all KVM ports. 9. Select “YES” to reset default permissions. T To Edit Permissions for the Generic User [OSD] 1. From the User Access List - Select the User screen, select (Generic Users) and press . 2.
Configure>Syslog Screens [OSD] Configure>Syslog Screens [OSD] An administrative user can select the Syslog option on the OSD Configuration Menu to specify the IP address for a syslog server. Selecting the Configure>Syslog option brings up a Server screen for entering the IP address of a syslog server. To complete the configuration of system logging, you must specify a facility number as shown in “Syslog Facility” on page 390. See “Configure>Syslog Screens [OSD]” on page 466 for more information.
Configure>PCMCIA Screens [OSD] The following diagram lists the screens for configuring PCMCIA modem cards.
Configure>PCMCIA Screens [OSD] When configuring a new card, the administrative user selects the “Insert” option, then select the slot where the new card is inserted. A prompt asks if the card is inserted. The PCMCIA Slot screen and the card insertion query screen are shown in the following figure. Selecting “Continue,” returns the user to the PCMCIA menu. The OnSite automatically detects the type of card and presents the appropriate series of configuration screens.
Configure>PCMCIA Screens [OSD] Table 7-21: Configuration Screens for a PCMCIA Modem Card [OSD] (Sheet 2 of 3) Screen Description PCMCIA Modem Appears only when PPP is enabled. Choices are: “PPP” for disabling and enabling PPP, “IP Local,” “IP Remote,” “Callback,” and Exit. Note: By default, if no local IP is specified, the IP address of the OnSite is used. If no remote IP is specified, the IP address 10.0.0.1 is used. Use the default IP address unless you have a specific reason to use another.
Configure>Authentication Screens [OSD] Table 7-21: Configuration Screens for a PCMCIA Modem Card [OSD] (Sheet 3 of 3) Screen Description callback phone Appears only when PPP and callback are enabled and “Callback Phone” is selected from the PCMCIA Modem menu. Caution! Before physically ejecting a card, always select the “Eject” option. Ejecting the card without using the Eject option can cause a system panic. See “Configuring PCMCIA Cards [OSD]” on page 487 for more information.
Configure>Authentication Screens [OSD] The following diagram lists the Authentication screens.
Configure>Authentication Screens [OSD] The following tables show the screens that appear when the “Authentication” option is selected from the Configure menu in the OSD. The first table shows the screen for choosing an OnSite login authentication method.
Configure>Authentication Screens [OSD] Table 7-23: Common Configuration Screens for Kerberos and LDAP Authentication Server [OSD] (Sheet 2 of 2) Screen Description Server IP IP address of the Kerberos or LDAP server. Domain Name Domain name. The following table shows the unique screens for configuring an LDAP server, which appear in addition to the screens shown in Table 7-23, “Common Configuration Screens for Kerberos and LDAP Authentication Server [OSD],” on page 472.
Configure>Authentication Screens [OSD] Table 7-24: Unique LDAP Authentication Server Configuration Screens [OSD] (Sheet 2 of 2) Screen Description Login Attribute The login attribute. Secure (on/off) Choices are “Yes” or “No.” The following table shows the configuration screens for the Radius and TACACS+ authentication servers. Table 7-25: Configuration Screens for the Radius or TACACS+ Authentication Servers [OSD] (Sheet 1 of 2) Screen Radius Auth. Server1 474 Description TacacsPlus Auth.
Configure>Authentication Screens [OSD] Table 7-25: Configuration Screens for the Radius or TACACS+ Authentication Servers [OSD] (Sheet 2 of 2) Screen Description Acct. Server1 and Acct. Server2 IP addresses of one or two optional accounting servers. Secret Shared secret. Timeout Appears only when Radius is selected. Timeout in seconds. Default = 3. Retries Appears only when Radius is selected. Number of retries. Default = 5.
Configure>Authentication Screens [OSD] The following table shows the screens for configuring a Smb (NTLM) authentication server. Table 7-26: Smb (NTLM) Configuration Screens [OSD] Screen Description Smb(NTLM) Choose Smb(NTLM) to configure an SMB (NTLM) authentication server. Domain Name The domain name. Auth. Server1 and Auth. Server2 IP addresses for one or two SMB (NTLM) authentication servers. The second server IP is optional.
Configuration>Save/Load Configuration Screens [OSD] Table 7-27: NIS Configuration Screens [OSD] Screen Description Domain Name Enter the Domain Name. Server IP IP address of the NIS server. See “Configuring Authentication [OSD]” on page 491 for more information.
Configuration>Save/Load Configuration Screens [OSD] The following diagram lists the Save/Load Configuration screens. Configure — Save/Load Config. — Save Configuration — Saving configuration . . . — Configuration was . . . saved. — Load Configuration — Restoring configuration . . . — Configuration was loaded . . . — Save to FTP — Save to FTP Server—Filename — Server — Username — Password — Saving configuration . . . — Configuration was . . .
Configuration>Save/Load Configuration Screens [OSD] The following table shows the screens that appear when the “Save/Load Configuration” option is selected from the Configure menu in the OSD. Table 7-28: Save/Load Configuration Screens [OSD] (Sheet 1 of 2) Screen Description Save Configuration When “Save Configuration” is selected, the following two screens appear. Load Configuration When “Load Configuration” is selected, the following two screens appear.
Configure>Date/Time [OSD] Table 7-28: Save/Load Configuration Screens [OSD] (Sheet 2 of 2) Screen Description Load from FTP When “Load from FTP” is selected, the following four screens appear for you to enter the “Filename,” FTP “Server” name, FTP Login “Username” and “Password.” See “Configuring the Saving and Restoring of Configuration Files [OSD]” on page 488 for more information.
Configure>Date/Time [OSD] T To Enable the NTP Server to Set the Time and Date [OSD] 1. From the Main menu of the OSD, go to Configure. The Configuration menu appears. 2. Select Date/time. The Date/time conf. NTP screen appears. 3. On the NTP screen, select “enabled.” The NTP Server screen appears. 4. Enter the IP address of the NTP server. 5. Save the changes. T To Enter the Date and Time Manually [OSD] 1. Go to: Configure>Date/Time>NTP from the OSD Main Menu. The NTP screen appears.
Configure>Date/Time [OSD] 2. On the NTP screen, select “disabled.” The Date entry screen appears. 3. Enter the date in YYYY/MM/DD format. The Time entry screen appears. 4. Enter the time in hh:mm:ss format. 5. Save the changes. 6. Go to the appropriate menu option for your next task.
Configure>User Station: Power Management Command Key [OSD] Configure>User Station: Power Management Command Key [OSD] An administrative user can use the Power Management screen under Station Configuration to redefine the command key portion of the KVM power management hot key. Figure 7-40:Configure>User Station: Power Management Screen T To Configure the User Station Power Management Command Key [OSD] 1.
Configure>User Station: Video Configuration Command Key [OSD] Figure 7-41:Configure>User Station: Mouse/Keyboard Reset Screen T To Specify the User Station Mouse/Keyboard Reset Command Key [OSD] 1. Go to: Configure>User Station>Idle Timeout>Screen Saver Time>Cycle Time>Keyboard Type>Quit>Power Management>Mouse/Keyboard Sync. The Mouse/Keyboard Sync screen appears. 2. Type the letter to be used for the command key in the mouse/keyboard sync hot key. 3.
Configure>User Station: Switch Next Command Key [OSD] T To Specify the User Station Video Configuration Command Key [OSD] 1. Go to: Configure>User Station>Idle Timeout>Screen Saver Time>Cycle Time>Keyboard Type>Quit>Power Management>Mouse/Keyboard Sync>Video Configuration. The Video Configuration screen appears. 2. Type the last letter of the mouse/keyboard sync keyboard shortcut. 3. Select the next arrow button to go to the Switch Next screen.
Configure>User Station: Switch Previous Command Key [OSD] Configure>User Station: Switch Previous Command Key [OSD] An administrative user can use the Switch Previous screen to define Command Key portion of the switch previous keyboard shortcut. Figure 7-44:Configure>User Station: Switch Previous Screen T To Specify the User Station Switch Previous Command Key [OSD] 1.
Configuring PCMCIA Cards [OSD] Figure 7-45:Configure>User Station: Port Info Screen T To Specify the Keys Used in the Command Key Portion of the Port Info Keyboard Shortcut [OSD] 1. Go to: Configure>User Station>Idle Timeout>Screen Saver Time>Cycle Time>Keyboard Type>Quit>Power Management>Mouse/Keyboard Sync>Video Configuration>Switch Next>Switch Previous>Port Info. The Port Info screen appears. 2. Type the last letter of the port info keyboard shortcut. 3. Select Save to save your configuration.
Configuring the Saving and Restoring of Configuration Files [OSD] • To disable PPP, select the “disabled” option and go to Step 6 The “callback” screen appears. 4. On the “IP local” screen, specify the local IP address. The “IP remote” screen appears. 5. On the “IP remote” screen, specify the remote IP address. The “Callback” screen appears. 6. On the “Callback” screen, do one of the following: • To disable callback, select the “disabled” option. If callback is disabled, this is the last step.
Configuring the Saving and Restoring of Configuration Files [OSD] 3. Select OK to complete the procedure. T To Load The Configuration File from Flash [OSD] 1. Go to: Configure>Save/Load Config. The Save/Load Config screen appears. 2. Select “Load Configuration.” The following message appears. 3. Select OK to complete the procedure.
Configuring the Saving and Restoring of Configuration Files [OSD] T To Save Configuration Files to an FTP Server [OSD] 1. Go to Configure>Save/Load Config. The “Save/Load Config” screen appears. 2. Select “Save to FTP.” The “Save to FTP Server – Filename” screen appears. 3. Enter the name of the configuration file. The “Server” screen appears. 4. Enter the name of the FTP server. The “Username” screen appears. 5. Enter the username used to access the FTP Server. The “Password” screen appears. 6.
Configuring Authentication [OSD] 6. Type the password used to access the FTP server. 7. Select Save to restore the configuration. Configuring Authentication [OSD] An administrative user can use the “Authentication” option under Configuration in the OSD to specify an authentication method for the OnSite (under “Unit Authetication) and to configure authentication servers.
Configuring Authentication [OSD] See Table 7-29 for a list of tasks for configuring authentication servers and where to find the tasks are documented.
Configuring Authentication [OSD] Work with the Kerberos server’s administrator to ensure that following types of accounts are set up on the Kerberos server and that the administrators of the OnSite and connected devices know the passwords assigned to the accounts: • • An account for “admin” If Kerberos authentication is specified for the OnSite, accounts for all users who need to log into the OnSite to administer connected devices. 1.
Configuring Authentication [OSD] b. Enter set_timezone. A list of timezones appears followed by a prompt asking you to enter a number of a timezone. [root@kvmnet root]# set_timezone Please choose the time zone where this machine is located. 1) Africa 18) Eire 35) Jamaica 52) ROC ... 17) Egypt 34) Israel 51) Portugal 68) zone.tab Enter the number corresponding to your choice: c. Enter the number of the timezone where the OnSite is located. Enter the number corresponding to your choice: EDT d.
Configuring Authentication [OSD] An administrative user can enter information in the following two fields, but an entry is not required: • • The LDAP password The LDAP user name Work with the LDAP server’s administrator to ensure that the following types of accounts are set up on the LDAP server and that the administrators of the OnSite and connected devices know the passwords assigned to the accounts: • • • An account for “admin” If LDAP authentication is specified for the OnSite, accounts for all user
Configuring Authentication [OSD] The changes are stored in /etc/ldap.conf on the OnSite. T To Configure a RADIUS Authentication Server [OSD] Perform the following when the OnSite or any of its ports is configured to use either the RADIUS, Local/RADIUS, RADIUS/Local, or RADIUSDownLocal authentication methods. 1. Go to Configure>Authentication. 2. Select RADIUS. The first RADIUS screen appears. 3. Fill in each screen according to your local setup of the RADIUS server or servers. 4. Select Save.
System Info Menu [OSD] T To Configure an SMB Authentication Server [OSD] Perform the following to identify the authentication server if any of the ports is configured to use the SMB authentication method. 1. In the OSD, go to Configure>Authentication. 2. Select SMB. The first SMB screen appears. 3. Fill in the screens according to your local setup of the SMB server. 4. Click Save once you are done with the last screen.
System Info Menu [OSD] The following table shows the type of information displayed on the System Info screen. Table 7-30: System Information Example [OSD] Information Type Example BOARD OnSite Serial ports: 8 KVM ports: 8 User stations: 2 ID: 8cfb990b0000 Version (Software) Firmware: 1.1.0 SYS FPGA: 0xb3/2 MEMORY RAM: 124 Mbytes RAM usage: 22% Flash: 248 MB CPU Clock: 130 MHz DAT/TIME Sat 06 May 2006 17:05:10 GMT up 1 day, 2:41 USER1 CONNECTION Int. uC, V1.1.
Reboot [OSD] Reboot [OSD] An administrative user can choose the Reboot option on the OSD Main Menu to reboot the OnSite. T To Reboot the OnSite 1. Select Reboot from the Main Menu. The configuration dialog appears. 2. Select Yes to reboot the OnSite.
Reboot [OSD] 500 AlterPath OnSite Administrator’s and User’s Guide
Chapter 8 Miscellaneous Procedures This chapter describes how to perform configuration procedures that cannot be performed using the Web Manager.
Disabling or Modifying Inactivity Timeouts Disabling or Modifying Inactivity Timeouts An inactivity timeout period is set in the Web Manager for security. An administrator who knows the root password and can log into the OnSite console can change the timeout value, if desired, by editing a line in the webui.conf file, as described in the following procedure.
OTP Configuration OTP Configuration As introduced in “One Time Password Authentication on the OnSite” on page 18, OPIE (one-time passwords in everything) software on the OnSite supports the one-time password (OTP) authentication method for some types of access. As shown in Table 1-3 on page 9, the OTP authentication method and the OTP/Local fallback option are supported for serial ports, and the OTP authentication method is supported for dial-ins through modem, GSM, and CDMA PCMCIA cards.
OTP Configuration The following table lists the OTP authentication configuration tasks and where they are documented. Table 8-1: Tasks for Configuring OTP Authentication Task Where Documented Edit the /etc/otp.conf file to configure the location used for storage of OPIE databases. “Editing the otp.conf File” on page 506 Run the /bin/do_create_otpdb script to initialize OTP and mount the directory to be used for OPIE database storage.
OTP Configuration Table 8-1: Tasks for Configuring OTP Authentication (Continued) Task Where Documented Make sure each user who needs to use OTP has a local user account, is registered with the OTP system, and is able to obtain the OTP username, OTP secret pass phrase, and OTP passwords needed for logins.
OTP Configuration Editing the otp.conf File OTP expects its user databases to reside in /mnt/opie/etc. The OnSite administrator must edit the /etc/otp.conf file to configure a location for the OTP databases by configuring where /mnt/opie is to be mounted. The following table lists the devices that may be used for mounting /mnt/ opie and the keywords and values used to identify each type of device in the otp.conf file, and it provides additional information in the “Notes” column.
OTP Configuration T To Specify the Location for the OTP Databases 1. Log in to the OnSite’s console as root. 2. Change to the /etc directory and use a text editor to open the otp.conf file for editing. [root@OnSite /]# cd /etc [root@OnSite /]# vi otp.conf # # ENABLE can be 'YES' or 'NO' # ENABLE=NO # # Where to mount the otp database # MOUNT_POINT=/mnt/opie # # Device specify where otp database will be.
OTP Configuration exodus.cyclades.com and the path to a /home/opie directory on the NFS server. DEVICE=exodus.cyclades.com:/home/opie 5. Save and quit the file. :wq 6. Do the procedure under“To Enable OTP and Configure the Location for OTP Databases” on page 508. Running the /bin/do_create_otpdb Script After editing the /etc/otp.conf file, the root user needs to log in locally through the OnSite’s console port and run the /bin/do_create_otpdb script on the command line.
OTP Configuration 3. Perform the procedure under“To Register and Generate OTP Passwords for Users” on page 510. How Users are Registered with OTP and Obtain OTP Passwords All users who need to use OTP authentication must have a local account on the OnSite, must be registered with the OTP system, and must be able to obtain OTP passwords. The OPIE commands in the following bulleted list must be executed with the -c option while a user is logged in locally through the OnSite’s console port.
OTP Configuration T To Register and Generate OTP Passwords for Users Do this procedure for each user who needs to use OTP authentication after “To Enable OTP and Configure the Location for OTP Databases” on page 508. 1. Log in locally through the OnSite’s Console port as root or use ssh to log into the OnSite’s console. 2. Make sure each user authorized for dial-ins has a local account on the OnSite. Note: You can separately use the Web Manager to add users instead of doing this step.
OTP Configuration In the example, the opiepasswd command generates a default OPIE sequence number of 499 and a creates a key from the first two letters of the hostname and a pseudo random number, in the example ON93564. [root@OnSite /]# opiepasswd -c joe Adding joe Reminder - Only use this method from the console; NEVER from remote. If you are using telnet, xterm, or a dial-in, type ^C now or exit with no password. Then run opiepasswd without the -c parameter. Using MD5 to compute responses.
Configuring Groups on LDAP, NTLM, RADIUS, and TACACS+ Authentication Servers Configuring Groups on LDAP, NTLM, RADIUS, and TACACS+ Authentication Servers This section describes how to configure groups on LDAP, NTLM, RADIUS, and TACACS+ authentication servers and perform the required configuration on the OnSite to support group authorizations for these authentication methods. On the OnSite, the users and groups must be defined with the same names used in the authentication servers.
Configuring Groups on LDAP, NTLM, RADIUS, and TACACS+ Authentication Servers • Add the raccess service to each user’s configuration and define the group_name to which each user belongs.To give a user administrative access, make the group_name = admin.
Configuring Groups on LDAP, NTLM, RADIUS, and TACACS+ Authentication Servers • • timeout: The timeout (in seconds) for a TACACS+ authentication query to be answered. retries: Defines the number of times a TACACS+ server is tried before another is contacted. The first server authhost1 is tried for the specified number of times, before the second authhost2, if configured, is contacted and tried for the specified number of times.
Configuring Groups on LDAP, NTLM, RADIUS, and TACACS+ Authentication Servers where: • • • • • • • auth1: The first RADIUS authentication server. acct1: The first RADIUS accounting server. server: The RADIUS server address. port: Optional. The default port name is “radius” and is looked up through /etc/services. secret: The shared password required for communication between the OnSite and the RADIUS server. retries: The number of times each RADIUS server is tried before another is contacted.
Configuring Groups on LDAP, NTLM, RADIUS, and TACACS+ Authentication Servers Configuring a RADIUS Authentication Server on the Command Line The following list defines the values that to define when configuring a RADIUS authentication server on the OnSite. • • auth1 server[:port] secret [timeout] [retries] acct1 server[:port] secret [timeout] [retries] where: • • • • • • • auth1: The first RADIUS authentication server. acct1: The first RADIUS accounting server. server: The RADIUS server IP address.
Configuring Groups on LDAP, NTLM, RADIUS, and TACACS+ Authentication Servers The following screen example shows entries that define the RADIUS authentication server and the accounting server to be the same server with the same IP address, sets the secret to cyclades, the timeout to 5 seconds, and the number of retries to 5. auth1 172.20.0.2 cyclades 5 5 acct1 172.20.0.2 cyclades 5 5 Note: Always configure both parameters auth1 and acct1. 3. Save and quit the file.
Configuring Groups on LDAP, NTLM, RADIUS, and TACACS+ Authentication Servers a. Log into the OnSite console and bring up the CLI utility. b. Enter the parameters shown in the following screen example, followed by a comma-separated list of usernames or groupnames. cli > config physicalports serial_port_number access users/groups comma-separated_list_of_usernames_or_groupnames 3. Save and quit the file.
Configuring Groups on LDAP, NTLM, RADIUS, and TACACS+ Authentication Servers T To Configure Active Directory Schema 1. In the console window, double click “Active Directory Schema.” The paths “Classes” and “Attributes” appear. 2. Double click “Attributes” and confirm that the “info” attribute is present. 3. Double click “Classes,” locate the class “Users,” and right click to select “Properties.” 4. Select the “Attributes” tab and click [Add]. 5.
Administering Security Certificates for HTTPS and SSH on the OnSite Administering Security Certificates for HTTPS and SSH on the OnSite Configuration of security certificates is required to support the security features in the following list: • HTTPS (secure HTTP based on SSL) Because HTTPS requires an SSL certificate to be installed in the web server, the OnSite automatically generates and installs its own self-signed certificate.
Administering Security Certificates for HTTPS and SSH on the OnSite Table 8-3: Tasks for Administering Security Certificates (Continued) Task Where Documented Request, install, and configure a certificate from a CA (certificate authority) “Enabling SSH to Use X.
Administering Security Certificates for HTTPS and SSH on the OnSite ################################################################# # openssl example configuration file. # Mostly used for generation of certificate requests. ################################################################# [ ca ] default_ca = exampleca # The default ca section dir = . # Where everything is kept certificate = $dir/cacert.pem # The CA certificate database = $dir/index.txt # database index file.
Administering Security Certificates for HTTPS and SSH on the OnSite default_keyfile = ./private/cakey.
Administering Security Certificates for HTTPS and SSH on the OnSite T To Configure an SSL Certificate With Your Organization’s Data This procedure generates a new self-signed certificate, replacing the default Cyclades information with information specific to your organization. Note: Like the default automatically-generated certificate, the certificate generated by this procedure is not CA-generated.
Administering Security Certificates for HTTPS and SSH on the OnSite 3. Replace the default Cyclades data with your organization-specific data. [ req ] default_bits distinguished_name prompt x509_extensions [ cyclades ] C ST L O OU CN emailAddress = = = = = = = = = = = 1024 cyclades no x509v3 US CA Fremont Cyclades Corporation R&D www.cyclades.com support@cyclades.
Administering Security Certificates for HTTPS and SSH on the OnSite T To Obtain an Signed Certificate From a Certificate Authority Before performing this procedure, generate a private key Also see http:// pki-page.org for a list of official CAs, if needed. Make sure that the /etc/openssl.cnf file exists and has been configured properly. You can do one of the following: • • Download the file from the Internet. Copy the contents of the file in Figure 8-1.
Administering Security Certificates for HTTPS and SSH on the OnSite Prompt What You Enter State or Province Name (full name) [Some Country]: The full name (not the postal abbreviation) of your country Locality Name (e.g., city) [Some-City or County ]: The name of your city. Organization Name (e.g., company) [Internet Widgits Ltd]: The organization for which you want to obtain the certificate Organizational Unit Name (e.g.
Administering Security Certificates for HTTPS and SSH on the OnSite The following screen example uses cert.crt as the name of the certificate file and private_key.pem as the name of the private key file. [root@OnSite /root]# cat cert.crt private_key.pem > \ /etc/CA/server.pem 3. Copy the CA-signed certificate again, this time into the file named /etc/CA/server.crt. The following screen example uses cert.crt as the name of the certificate file. Substitute the correct name for the certificate file.
Administering Security Certificates for HTTPS and SSH on the OnSite Prerequisites for Enabling and Using X.509 Certificates for SSH Authentication To enable the exchange of certificates with a client, the administrator needs to make sure that the prerequisites listed below are complete: • The client must have installed and enabled an OpenSSH client with the X.509 patch (which is available at http://www.roumenpterov.info/ openssh). • The client must have an SSL certificate issued by a CA and a hostkey.
Administering Security Certificates for HTTPS and SSH on the OnSite The following screen example shows the command used to obtain the client information and the resulting output from a signed certificate that was generated from a local CA at Cyclades. # openssl x509 -noout -subject -in \ /etc/ssh/ca/ca-bundle.crt subject= /C=US/ST=CA/L=Fremont/O=Cyclades Corporation/OU=R&D/ CN=www.cyclades.com 2. On the OnSite, the administrator must make the following change to the output of the Step 1. a.
Administering Security Certificates for HTTPS and SSH on the OnSite b. Uncomment the lines shown in the following screen example and make the appropriate changes. AllowedCertPurpose sslclient CACertificateFile /etc/ssh/ca/ca-bundle.crt HostKey /etc/ssh/ssh_host_key ChallengeResponseAuthentication no <-HostbasedAuthentication no StrictModes no <-PasswordAuthentication no <-PubkeyAuthentication yes RhostsRSAAuthentication no RSAAuthentication no UsePrivilegeSeparation yes c. Save and quit the file. d.
Using the CLI Utility Note: All the file and pathnames edited in this procedure are listed in the /etc/config_files file for restoration after upgrade. Using the CLI Utility This section describes the CLI utility that is available for administrators to use on the OnSite’s command line.
Using the CLI Utility • • By remote logins through SSH, an IPSec VPN tunnel, dial-ins through PPP or a terminal emulation program. By accessing the “OnSite console after logging into the Web Manager. After logging into the Web Manager as an administrative user, remote users can access the command line by clicking the “OnSite” menu option. CLI Utility Features An administrator (root or admin) can configure the OnSite using the CLI utility.
Using the CLI Utility The following screen example shows CLI entered like any other command on the Linux command line on the OnSite. [root@OnSite root]# CLI - Thanks for using the CLI - This interface allows you to easily modify configurations to customize and define the functionality of your unit. Some basic and useful keys are: up/down arrow - navigates up/down in the command history tab (once/twice) - shows the next possible option(s) Other hints: Put quotes around strings that contain spaces.
Using the CLI Utility As shown in the previous example, usage information appears before the cli> prompt appears. As shown in the previous screen example, the Cyclades CLI can be entered at the root prompt. CLI can also be entered at the admin prompt that appears when an admin user connects to the OnSite from the Web Manager under Access> Connect to Server. In both cases, CLI is being run in interactive mode. See the following sections for definitions of the interactive mode and other execution modes.
Using the CLI Utility The following screen example shows entering the CLI command with the -s option on the command line in command mode. When the command completes, the shell prompt returns. [admin@OnSite /]# CLI -s config security adduser username \ username Checking the configuration file list... Compressing configuration files into /tmp/ saving_config.tar.gz ... done. Saving configuration files to flash ...
Using the CLI Utility • Any type of shell can be used to run CLI commands along with other commands. For a very simple example, you could create a script that calls /bin/CLI to run in batch mode to configure a hostname for the OnSite as shown in the following screen example. #!/bin/CLI config network hostsettings hostname FremontCAOnSite config savetoflash :wq To run a CLI command from the same script that is running other Linux commands, you could put the command in another type of shell script.
Using the CLI Utility You could then make the script executable and execute it on the command line, as shown in the following screen example. [root@OnSite root]# chmod 777 scriptname2 [root@OnSite root]# ./scriptname2 Alternately, you can put one or more commands in a plain text file without invoking any shell as shown in the following screen example.
Using the CLI Utility Example: cli> i info cli> a administration applications cli> sh shell show Pressing the Tab key after a parameter shows the parameters at the next level down in the parameter tree.
Using the CLI Utility Saving CLI Changes Configuration changes made in any of the CLI modes are only temporarily changed in RAM memory. Changes are not saved into the configuration files unless you run the config, runconfig or config savetoflash configuration commands, which are described in the following table. Table 8-5: CLI Commands for Saving Configuration Changes Command Action config runconfig Saves configuration changes in the appropriate configuration files.
Using the CLI Utility The following table shows CLI hot keys that are supported in interactive mode.: Key Action Ctrl a Move to the start of the current line. Ctrl e Move to the end of the line. Ctrl b Move back a character (same as the left arrow key). Ctrl f Move forward a character (same as the right arrow key). Esc b Move back to the start of the current or previous word. Words are composed of letters and digits. Esc f Move forward to the end of the next word.
Using the CLI Utility The CLI command history buffer stores last 500 commands. The history is cumulative, so terminating the CLI session does not clear the buffer. So, for example, a user can invoked the CLI and go back over the commands entered in a previous session. The following screen example shows how to display the current value for the domain. cli> config network hostsettings hostsettings> domain hostsettings> domain cyclades.
Using the CLI Utility The following screen example illustrates the use of the info command. Entering info administration at the cli> prompt displays the same help as entering info at the administration> prompt. cli > info administration - Administration Mode - In this mode, you can save or retrieve the unit's configurations, list or kill sessions, and/or upgrade the unit's firmware.
Using the CLI Utility Show The following screen example shows the use of the show command. After entering config physicalports 1, entering show general at the Ports[1} prompt displays the configuration parameters set for the selected serial port. cli> config physicalports 1 Ports[1]> show general general: alias: protocol: consoletelnet speed: 9600 flow: none parity: none datasize: 8 stopbits: 1 CLI Options The following table shows options that can be entered when invoking the CLI.
Using the CLI Utility T To Add a User With CLI 1. Log into the OnSite console and bring up the CLI utility. 2. Add the user by entering the parameters shown in the following screen example. cli> config security adduser username username 3. Configure the user’s password by entering the parameters shown in the following screen example. cli> config security passwd username username newpassword password 4. Configure the user’s shell by entering the parameters shown in the following screen example.
Configuring Dial-Out Configuring Dial-Out Dial-out through the OnSite is required by certain applications used in computer management that poll devices for status or other information. The OnSite supports dial-out through GPRS (GSM) and 1xRTT (CDMA) wireless PCMCI cards. For PCMCIA card slot 1, the device name is ttyM1; for slot 2, the device name is ttyM2.
Configuring Dial-Out Table 8-8: Tasks for Configuring Dial-out Task Where Documented Edit /etc/pcmcia/serial.opts file as follows: “Configuring the /etc/pcmcia/serial.opts File” on page 555 • If the GSM card SIM requires a PIN, specify the PIN • Inactivate mgetty on the port to allow the port to be controlled by the pppd application. Create a static route on the OnSite to the network where the device resides or to the device itself.
Configuring Dial-Out Parameter Description inPort.device /dev/ttyXX The device name for the port to be controlled by the generic_dial protocol. For dial-out through a wireless modem device, either ttyM1 or ttyM2. inPort.speed speed Connection speed. Default = 9600. inPort.datasize number The number of data bits. Default = 8. inPort.parity [none | even | odd] None, even, or odd. inPort.stopbits number The number of stop bits. Default = 1. inPort.
Configuring Dial-Out Parameter Description outPort.connection [permanent | on_demand] One of the following options for maintaining the connection: • permanent – always connected. • on_demand – connects only when data enters through the serial port. outPort.timeout timeout The inactivity time in seconds after which the connection is dropped. Any value other than zero enables the timeout. Default = 0. appl.
Configuring Dial-Out number is defined as 7001. An appl.retry definition is added that changes the number of retries from the default of 5 to 7. begin dial-out Example inPort.name inPort.device InPort /dev/ttyM1 outPort.name outPort.pppcall outPort.remote_ip outPort.remote_port OutPort wireless 200.246.93.87 7001 appl.retry 7 end dial-out T To Configure the /etc/generic-dial.conf File Perform this procedure as the first step to configure dial-out. It edits the /etc/ generic-dial.
Configuring Dial-Out 2. Remove the pound signs from the sample dial-out instance. begin dial-out testApp inPort.name inPort.device InPort /dev/ttyS1 outPort.name outPort.pppcall outPort.remote_ip outPort.remote_port outPort.connection OutPort wireless 192.168.160.10 7002 on_demand end dial-out 3. Change the instance name, inPort.name, and outPort.name if desired. 4. Make sure the device name defined for inPort.device is correct for the port where the modem is installed.
Configuring Dial-Out Configuring the /etc/ppp/peers File The default file in /etc/ppp/peers is called wireless. The wireless file reads a chat script from the /etc/chatscripts/ wireless file. The following figure shows an example /etc/ppp/peers/wireless file.
Configuring Dial-Out If the administrator chooses to create another chat file in /etc/ chatscripts, the administrator must change the filename specified after the -f option to the new filename and specify the new filename in the outPort.pppcall definition in the /etc/genericdial.conf file. T To Configure the /etc/ppp/peers/wireless File This procedure configures the device name for the port, the user name, and other optional values in the peers file in /etc/ppp/peers using the default filename wireless.
Configuring Dial-Out Configuring the /etc/chatscripts/wireless File By default, the /etc/ppp/peers/wireless initiates a dial-in connection by reading the chat script configured in the /etc/chatscripts/ wireless file. ABORT ABORT ABORT ABORT BUSY VOICE "NO CARRIER" "NO DIALTONE" "" "" AT ATZ #### OK OK #### #OK #OK Telco X AT+CGDCONT=1,"IP","claro.com.
Configuring Dial-Out Configuring the /etc/pcmcia/serial.opts File Perform the following procedure to do the following: • • Set a PIN, when required by a GSM wireless phone card Deactivate mgetty on the port to allow the port to be directly controlled by the pppd application T To Set a GSM Pin and Deactivate mgetty in the /etc/pcmcia/serial.opts File 1. Open the /etc/pcmcia/serial.opts file for editing. 2.
Configuring Dial-Out T To Configure Automatic Restart of Dial-Out in the /etc/daemon.d/gendial.sh File 1. Open the /etc/daemon.d/gendial.sh file for editing. 2. Set the ENABLE = YES. ENABLE = YES 3. Save and quit the file. T To Restart the GDF Daemon to Activate Dial- Out 1. Enter the daemon.sh restart GDF command to restart the GDF daemon. [root@OnSite root]# daemon.sh restart GDF A message similar to the following displays, confirming that the GDF daemon restarted.
Configuring Dial-Out 3. Save and quit the file. 4. Check the route(s) by issuing the following command.
Configuring Dial-Out The following screen example shows the format. s.protocol generic_dial where is the serial port number. 3. Perform the configuration steps, specifying the correct port number, as described in Table 8-8, “Tasks for Configuring Dial-out,” on page 546.
Chapter 9 Troubleshooting This chapter provides information related to troubleshooting the OnSite. The following table lists the sections in this chapter. Connection Methods for Troubleshooting Page 560 Recovering from root Authentication Failure Page 561 Restarting the Web Manager Page 563 Replacing a Boot Image for Troubleshooting Page 564 This chapter also provides the troubleshooting procedures shown in the following sections.
Connection Methods for Troubleshooting Connection Methods for Troubleshooting This section summarizes how to connect to the OnSite for troubleshooting in the event of an IP network failure.
Recovering from root Authentication Failure Table 9-1: Tasks for Configuring Troubleshooting Connection Methods [OSD] Connection Method Where Configuration is Documented Internal modem • “Configuration>Serial/AUX>Aux/Modem Port” on page 257 • “To Configure the Internal Modem [Expert]” on page 267 External modem • “To Configure an AUX Port for PPP [Expert]” on page 266 Local User station • “To Configure Local User Sessions [Expert]” on page 221 Recovering from root Authentication Failure Use the fol
Recovering from root Authentication Failure For example, in the portion of the nsswitch.conf file in the following screen example, no pound (#) signs appear before the entries for the passwd, shadow, and group databases under NISLocal. # NISLocal passwd: nis files shadow: nis files group: nis files 4. Change the search order to files only for the uncommented passwd, shadow, and group databases. # NISLocal passwd: files shadow: files group: files 5. Save and quit the file. 6.
Restarting the Web Manager Restarting the Web Manager If the Web Manager stops responding the web server may be either inactive or stopped. Perform this procedure to stop and restart it. T To Restart the Web Manager 1. Enter the ps command with the -ef option and look for a line with /bin/AcsWeb, as shown in the following screen example. [root@ONS root]# ps -fe | grep Acs 13495 ttyS0 root 8540 S /bin/AcsWeb • • If a line like the one shown in the screen example appears, go to Step 2.
Replacing a Boot Image for Troubleshooting Replacing a Boot Image for Troubleshooting Information in “Boot File Location Information” on page 566 in Appendix A, “Advanced Boot and Backup Configuration Information” gives an OnSite administrator who has the root password enough background to be able to boot from an alternate image if the need arises and if the Web Manager is not available. Network boots are recommended for troubleshooting.
A Advanced Boot and Backup Configuration Information This appendix provides information related to configuring boot file locations and managing configuration file changes on the AlterPath OnSite. The following table lists the sections in this appendix.
Boot File Location Information Boot File Location Information The information in this section is needed to understand how to configure booting through the Web Manager, as described in “Configuration>System>Boot Configuration” on page 351. This information is also needed for troubleshooting, to give an administrator who has the root password enough background to be able to boot from an alternate image if the need arises and if the Web Manager is not available.
Downloading a New Software Version (which is mounted read only), and the third partition (which is mounted read write) contains the configuration files. /dev/hda1 Image1 /dev/hda5 /dev/hda7 Image2 kernel root filesystem configuration files /dev/hda2 kernel /dev/hda6 root filesystem /dev/hda8 /dev/hda3 configuration files configuration files backup Figure A-1: Boot Partitions The previous figure also shows a configuration backup partition (/dev/ hda3 in removable flash).
Changing the Boot Image currentimage is changed so that the system boots from the new image. • Do a network boot from the image and then save it onto the removable flash The U-Boot monitor command net_boot boots the image from the TFTP server specified in the environment variables. After the image is downloaded by network boot, the root filesystem is in the RAMDISK, and the image can run even if no removable flash card is inserted.
Changing the Boot Image The cli> prompt appears. cli> 3. Enter config administration bootconfig. cli> config administration bootconfig The bootconfig> prompt appears. bootconfig> 4. Enter the bootunit keyword followed by the Tab key to see the list of possible boot values bootconfig>bootunit image1:zvmppcons.v100 image2:zvmppcons.v101 network bootconfig> 5. Enter the name of the boot image you want to use.
Changing the Boot Image Changing the Boot Image in U-Boot Monitor Mode You can access U-Boot monitor mode in one of the following two ways: • During boot, when the “Hit any key to stop autoboot” prompt appears, pressing any key before the timer expires brings the OnSite to U-Boot monitor mode. • If boot fails, the OnSite automatically enters U-Boot monitor mode. The U-Boot hw_boot command boots from either the first or second image according to the value of the currentimage environment variable.
Changing the Boot Image T To Boot from an Alternate Image in U-Boot Monitor Mode 1. Go to U-Boot monitor mode. See "To Boot in U-Boot Monitor Mode" if needed. 2. Set the current image environment variable to the number of the image you want to boot. => setenv currentimage N For example, to boot from image2 enter the number 2, as shown in the following screen example. => setenv currentimage 2 3. Enter the boot command. => hw_boot T To Boot in Single User Mode from U-Boot Monitor Mode 1.
Network Boot Options and Caveats Network Boot Options and Caveats When a network boot is performed with the U-boot net_boot command, the OnSite boots from the specified image on the specified TFTP server. The image uses the RAMDISK as the root file system. Network boots are useful for troubleshooting because the net-booted image can run even if the OnSite’s flash memory is not usable. Network boots are recommended only for troubleshooting and must not be used for normal operation of the OnSite.
Network Boot Options and Caveats 2. Set the “bootfile,” “serverip,” and “ipaddr” environment variables using the boot filename, the TFTP boot server’s IP address, and the IP address of the OnSite to use for network booting. => setenv ipaddr OnSite’s_IP_address => setenv serverip boot_server’s_IP_address => setenv bootfile boot_file’s_name The format of the boot filename is: zmppcons.vversion_number, for example: zmppcons.v110. See the following screen example. =>setenv ipaddr 193.168.45.
How Configuration Files Changes Are Managed Note: Be aware that the --doformat option erases the flash memory and installs the boot image into the image1 area. See “Options for the create_cf Command” on page 577 for other options. 7. The following text appears when the operation completes. Creation of image N completed. ... 8. Configure the OnSite to boot from flash. See “To Boot from an Alternate Image in U-Boot Monitor Mode” on page 571, if needed. 9. Enter the reboot command.
How Configuration Files Changes Are Managed Changes to configuration files can be both made and backed up in different environments on the OnSite by performing the actions shown in the following table. Table A-2: Options for Saving and Backing Up Configuration File Changes Environment Action Web Manager Click the “apply changes” button. OSD Go to Save/Load Config. and select the “Save Configuration” option.
How Configuration Files Changes Are Managed Table A-3: Options for Saving Configuration File Changes Environment Action OnSite Linux command line Enter the restoreconf command OnSite CLI utility Enter the CLI config restorefromflash command How Factory Defaults Are Saved A compressed copy of the factory default configuration files is stored in the factory_default_files.gz compressed file for possible restoration in the / mnt/hdCnf/backup directory. The following screen example shows the file.
Options for the create_cf Command 2. If you are logged into the OnSite console as root through the console port, via telnet or ssh, enter the restoreconf command. [root@ONS /]# restoreconf T To Restore the OnSite Configuration Files to the Factory Defaults Use one of the commands shown below while logged in as root through the console, via telnet, or via any ssh session to restore the configuration files to the state they were in when the OnSite shipped.
Options for the create_cf Command The following table provides more information about the create_cf command options, which you can view from the Linux command line by entering the name of the command. Table A-4: Options for the create_cf command Option Description none Not recommended. Checks if a boot image is already on the device.
Options for the create_cf Command Table A-4: Options for the create_cf command (Continued) Option Description --imageN Creates/replaces imageN, when n=1 | 2. Use this option to replace only the specified image without erasing both images. Changes the currentimage environment variable to boot from the image. Examples for create_cf Command Usage All the examples assume you have done a network boot and you want to save the image from RAM.
Options for the restoreconf Command Options for the restoreconf Command As described in other sections of this chapter, you may need to use the restoreconf command while troubleshooting. All the restoreconf subcommands are shown in the following screen example.
Glossary 1U One rack unit (also referred to as 1RU). A standard measurement equal to 1.75” (4.45 cm) of vertical space on a rack or cabinet that is used for mounting computer equipment. 3DES Triple Data Encryption Standard, an encrypting algorithm (cipher) that encrypts data three times, using a unique key each time, to prevent unauthorized viewers from viewing or changing the data.
alias An easy-to-remember, usually-short, usually-descriptive name used instead of a full name or IP address. For example, on some Cyclades products, port names contain numbers by default (as in Port_1) but the administrator can assign an alias (such as SunBladeFremont that describes which server is connected to the ports. Aliases make it easier for users to understand which devices are connected.
is one of the security features provided on Cyclades products to enable customers to enforce their data center security policies. A user who is authorized to access a device or software function is referred to as an authorized user. See also authentication and encryption. authorized user One who is given permission to access a controlled resource, which must be granted by administrative action.
BIOS (basic input/output system Pronounced “bye-ose.” Instructions in the onboard flash memory that start up (boot) a computer without the need to access programs from a disk. Sometimes used for the name of the memory chip where the start-up instructions reside. BIOS access is available even during disk failures. Administrators often need to access the BIOS while troubleshooting, for example, to temporarily change the location from which the system boots in case of a corrupted operating system kernel.
CDMA (code division multiple access) A mobile data service available to users of CDMA mobile phones. CHAP (challenge handshake authentication protocol) An authentication protocol used for PPP authentication. See MS-CHAP. checksum Software posted at the Cyclades download site is accompanied by a checksum (*.md5) file generated using the MD5 algorithm. The checksum of a downloaded file must be the same as the checksum in the file.
CLI parameter tree Each version of the Cyclades CLI utility has a set of commands and parameters nested in the form of a tree. The CLI for the AlterPath OnBoard and other products use the Cyclades Application Configuration Protocol (CACP) daemon (cacpd). The cacpd uses the param.conf file, which defines a different CLI parameter tree for each product.
Cyclades A corporation founded in 1989 to provide unique networking solutions. Named after the ground-breaking French packet-switching network created in 1970, which was named after the Greek province of Cyclades. Cyclades in Greece is made up of many islands that when viewed on a map resemble a diagram of nodes in a computer network. decryption Decoding of data that has been encrypted using an encryption method.
DNS (domain name service or system) A service that translates domain names (such as cyclades.com) to network IP addresses (192.168.00.0) and that translates host names (such as “onboard”) to host IP addresses (192.168.44.11). To enable the use of this service, administrators need to configure one or more DNS servers when configuring AlterPath devices.
encryption Translation of data into a secret format using a series of mathematical functions so that only the recipient can decode it. Designed to protect unauthorized viewing or modification of data, even when the encrypted data is travelling over unsecure media (such as the Internet). See 3DES and SSH. As an example, a remote terminal session using secure shell SSH usually encrypts data using 3DES or better algorithms.
Expect script A script written using expect, a scripting language based on Tcl, the Tool Command Language. Can be written to perform automation and testing operations that are not possible with other scripting languages. Cyclades uses expect scripts in some of its AlterPath products, and users can customize some of the default expect scripts. For example administrators of the AlterPath OnBoard can customize the Expect scripts that handle conversations with service processors and other supported devices.
HTTP (hypertext transfer protocol) Protocol defining the rules for communication between Web servers and browser across the Internet. HTTPS (secure HTTP over SSL) Protocol enabling the secure transmission of Web pages by encrypting data using SSL encryption. URLs that require an SSL connection start with https. IETF (Internet Engineering Task Force) Main standards organization for the Internet. Working groups create Internet Drafts that may become RFCs.
IPDUs that can be remotely managed when they are connected to AlterPath devices, such as the AlterPath KVM/net or AlterPath OnBoard. IPMI (Intelligent Platform Management Interface) An open standards vendor-independent service processor currently adopted by many major server platform vendors. Its main benefit over other service processor types is that it is installed on servers from many vendors, providing one interface and protocol for all servers.
end. Has two modes, transport and tunnel mode. Tunnel mode encrypts the entire packet. Transport mode encrypts application headers, TCP or UDP headers, and packet data, but not the IP header. The method that encrypts the entire packet cannot be used where NAT is required Kerberos Network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography.
LDAP (lightweight directory access protocol) A directory service protocol used for authentication. One of many standard authentication protocols supported on Cyclades devices. MAC address Also called the Ethernet address. A number that uniquely identifies a computer that has an Ethernet interface. Cyclades equipment displays MAC addresses on a label on the bottom.
MIIMON A value set when configuring Ethernet failure to specify how often the active interface is inspected for link failures. A value of zero (0) disables MII link monitoring. A value of 100 is a good starting point, according to SourceForce bonding documentation. MS-CHAP (Microsoft challenge handshake authentication protocol) The Microsoft version of CHAP, which does not require the storage of a clear or reversibly-encrypted password.
features supported by the service processor, the user must be a trusted user who is specifically authorized to use the option. A VPN connection must be made before the user is allow to access the native IP option. When the OnSite user activates Native IP for a service processor, the OnSite routes packets between that user’s IP address and the service processor through a secure tunnel. The VPN connection must remain active for the duration of the Native IP session.
network time protocol (See NTP) netmask The dotted-decimal expression that determines which portion of an IP address represents the network IP address and which is used for host IP addresses, for example, 255.0.0.0. NIS (Network Information Service) A directory service protocol used for authentication in UNIX systems. One of many standard authentication protocols supported on Cyclades devices. NTLM (NT LAN manager) An authentication protocol used by Microsoft SMB.
OOBI (Out-of-band Infrastructure) An integrated systems approach to remote administration. Consists of components that provide secure, out of band access to connect to and manage an organization’s production network. Components can include console servers, KVM and KVM over IP switches, power control appliances, centralized management devices (to control the entire out-of-band infrastructure), and service-processor managers to manage access to multiple vendor's service processors.
point to point protocol (See PPP) point to point tunneling protocol (See PPTP) PPP (point to point protocol) A method that creates a connection between a remote computer and a Cyclades device and enables a remote user access using the Web Manager or the command line. Supports the use of the PAP, SPAP, CHAP, MS-CHAP, and EAP authentication methods.
remote supervisor adapter II (See RSA II) remote system control (See RSC) rmenush The default login shell for users (/usr/bin/rmenush), which allows users only a limited set of menu options, including: access to management actions on devices for which they are authorized; the ability to change the user’s password; and the ability to logout. The OnSite administrator may modify the menu options and commands.
center security policies while providing out-of-band access to managed systems.Also provided in most Cyclades products are security profiles. security profiles Most Cyclades products require the administrator to select a security profile during initial configuration, which helps enforce the security policies of the organization where the unit is being used.
shell A command interpreter on UNIX-based operating systems (like the Linux operating system that controls most Cyclades products). A shell typically is accessed in a terminal window where the shell presents a prompt. For example: [admin@OnSite admin]# is the prompt that appears when a user logs into an OnSite as admin and is in the /home/admin directory. Users tell the operating system to perform actions by typing commands in the shell, which interprets the commands and performs the specified actions.
SNMP manager Any computer running SNMP manager software. Also called a network management station or SNMP server. SNMP manager software Displays data about managed devices on the console or saves the data in a specified file or database. Some network management programs such as HP OpenView graphically show information about managed devices.
consolidation, SRM substantially lowers the cost and complexity of deploying service processors. SRM also lowers the security risks of using service processors by providing centralized authentication and user access control, isolating vulnerable service processor protocols from the production network and communicating with authenticated and authorized users over the public network using higher-end secure protocols (such as SSH, SSL, and HTTPS).
some administrators as a more-reliable protocol than the UDP protocol used by RADIUS. One of many standard authentication protocols supported on Cyclades devices. trap An operation started by an SNMP agent in response to an event of interest on a managed-object in a device, which sends an alert to the SNMP manager. The administrator of certain Cyclades device can configure which types of events generate trap messages and trap destinations. Also known as SNMP messages or as “PDUs”—protocol data units.
606 AlterPath OnSite Administrator’s and User’s Guide
Index Numerics 10.0.0.
aliases for IPDUs, configuring with Web Manager 198 for IPMI devices, configuring with Web Manager 207 for KVM ports configuring with OSD 439 configuring with Web Manager 226 for ports, tasks for configuring 49, 61 for serial ports configuring with OSD 447 configuring with Web Manager 238 AlterPath KVM Terminators upgrading microcode 370 AlterPath Manager E2000 Manual xlv AlterPath PM IPDUs introduction 61 configuring aliases, alarms, syslogging, and over-current protection with Web Manager 198 connecting t
authentication servers, configuring (continued) LDAP with OSD 494 with Web Manager 281 list of tasks 15 NIS with OSD 497 NTLM with OSD 497 with Web Manager 283 RADIUS with OSD 496 with Web Manager 285 SMB with OSD 497 with Web Manager 283 TACACS+ with OSD 496 with Web Manager 286 tasks with OSD 492 with Web Manager 278 with OSD 491 authentication types, See authentication methods authorizations as a security feature 6 authorized users accessing KVM ports through OSD 377 accessing Web Manager 42, 126 tasks f
BIOS access 4, 5 bonding 301 boot configuration fields and options, Web Manager 353 Web Manager screen 351 with Web Manager 356 boot image configuring with create_cf command 578 file locations 566 problems, troubleshooting 564, 577 replacing 564 saving in compact flash 578 saving to a flash memory card 579 boot messages 4, 5 browsers 127 supported for Web Manager access 42 Buffer to Syslog 242 buffering data, configuring to syslog servers 242 with Web Manager 270 with Wizard 179 button Clear Max Detected T
chains, packet filtering 65, 340 configuring with Web Manager 339 channel number, for PCMCIA wireless card configuration 316 clear max detected current button 153 clear max detected temperature button 153 CLI utility access from the OnSite console 143 accessing 532 administrative users access to 39, 143 autocompletion 538 batch mode 536 command line mode 535 configuring authentication 9 execution modes 535 features 533 global commands 542 hot keys 540 interactive mode 536 options 544 power management exampl
configuration (continued) KVM Web Manager options 212, 223– 226, 227 local groups, with OSD 461 local users, with OSD 459 menu with OSD 474 network 397, 398 network settings 480 Network Web Manager options 273, 275, 297, 298 OSD screen series 389 power management tasks 52 restoring 576 selecting a KVM port for, with OSD 438 selecting serial port(s) for, with OSD 446 SMB authentication server, with OSD 497 SNMP 401 static routes 420 System Web Manager options 347 Users and Groups Web Manager screen 288 W
configuring (continued) users passwords with Wizard 175 power managemen authorizations with Web Manager 196 with Wizard 175 VPN connections field and menu options for 55 with OSD 404, 405 with Web Manager 320 with OSD 494, 497 configuring users, with Web Manager 195 connected devices configuring authentication servers for 278 planning access to 60 power management 51 tasks for configuring 61 connecting to KVM ports 144 to the OnSite 193 through a terminal emulator 113 using PPP 113 connection protocols con
D daemon.
DHCP (continued) OSD configuration screen 398 diagnostic information, accessing 4 dial-ins introduction 41–42 accessing Web Manager through 126 configuring authentication for 18 connection methods 112 initializing 115 means for using 41 preferences 115 remote access option 39 through a terminal emulator 113 through PPP 113 using OTP authentication for 118 dial-out 546–558 direct access to KVM ports introduction 45 authentication for 18 configuring with OSD 391, 394 with Web Manager 214 OSD configuration scr
/etc /opie.conf 507 /etc /opie.conf file additional configuration 508 /etc/opie.conf file 507 /etc/pcmcia/serial.
factory defaults configuration 577, 578, 579 to restore 576, 577 configuration files 388, 576 to restore the configuration 577 failover 301 fan, viewing information about 359 files /etc /opie.conf 508 /etc/daemon.d/webui.
Generic User configuring KVM port permissions with OSD 465 default permissions 38 using to assign the same permissions to all users 34 groups adding a user to with OSD 461 with Web Manager 290 configuring with OSD 461 with Web Manager 290, 295 configuring KVM port access for with OSD 464 with Web Manager 296 deleting with OSD 462 with Web Manager 294 deleting a user from with OSD 462 tasks for configuring with OSD 290, 295, 461 GSM PCMCIA cards configuring authentication for dial-ins 18 configuring with We
hot keys (continued) previous port 87 quit 86 reset keyboard and mouse 88, 99 configuring with OSD 483 switch next, configuring with OSD 485 switch previous, configuring with OSD 486 video configuration 87 configuring with OSD 484 for serial port connections introduction 63 IPDU and IPMI power management 104 for Sun keyboard emulation 88 configuring with OSD 216 HP Openview operating system 53 HP/UX operating system 4 HTTP, HTTPS 166 hubs 4 HyperTerminal 112 I 135, 502 for KVM port sessions, configuring
inverted options for packet filtering introduction 67 configuring with Web Manager 331 IP addresses collecting for network configuration 170 gateway, configuring with Web Manager IPMI device, configuring with Web Manager 207 OnSite configuring with Web Manager 342 displayed 138 entering in a browser 127 primary 300 remote host, for dumb terminal profile users for, with Web Manager 196 with Web Manager 197 hot key 63 hot key, for serial port connections 104 managing multiple (grouped) outlets 154 managing p
IPMI power management (continued) serial port hot key 104 serial port menu 109 with Web Manager 204, 208 ipmitool command 51 IPSec introduction 54 authentication methods 8 enabling the service as a prerequisite for VPN tunnels 322 ISDN PCMCIA card configuration 305 J Java applet 48, 103 viewer 104 K Kerberos authentication method configuring 279 example 14 support table 9 Kerberos authentication servers 492 Kermit terminal emulator 112 keyboard emulate Sun 393 reset 99 type configuring with OSD 435 with W
KVM ports, configuring (continued) authentication for direct access with Web Manager 46 direct access with OSD 391 group acces with Web Manager 291 group access with OSD 464 with Web Manager 296 hot keys, with Web Manager 215 Local User, with OSD 221 session parameters, with Web Manager 222 user acces with Web Manager 291 user access with OSD 462, 464, 465 with Web Manager 296 with OSD 436 with Web Manager 226 connecting to with OSD 377 with Web Manager 100, 144 connection hot keys 79 cycling among with OSD
Linux commands 578 kernel 566 Linux operating system 4, 112 commands, using on a dumb terminal 234 on connected devices 4 on the OnSite 40 local access 38 administrators, troubleshooting 560 authentication 9 fallback options 8 connection options 39 groups configuration with OSD 461 groups configuration, with OSD 461 Local IP addresses for configuring a GSM card 312, 318 for configuring a modem card 262 for configuring an external modem 267, 268 local terminal 234 Local Users configuring KVM session parame
logins (continued) to the OnSite 7 default authentication 7 Web Manager options 76 with OSD 379 logout button 138, 140 M Main Menu, OSD 379 memory, flash, See flash memory menus configuring for a dumb terminal 209 IP filtering options,Target pull-down 69, 331 OSD Configure 386 Connection 379 Main 379 system info 497 messages filtering, configuring with Web Manager 304 syslog facility numbers for 28 metric, configuring for static routes with OSD 424 microcode downloading from Cyclades or a local ftp serve
modems (continued) PCMCIA cards 41 configuring authentication for dial-ins 18 with Web Manager 305 configuring with OSD 487 used for troubleshooting 560 Remote IP Address for 113 used for troubleshooting 560 moderate security profile 24, 25 modes administrative 135 switching between expert and wizard 135 monitor connecting to PS2 port on OnSite 3 mode 4 monitoring temperatures 56 mouse/keyboard reset command key, configuring with OSD 483 resetting when a server stops responding 99 MTU 301, 302 MTU, MTU/MR
Notes (continued) about configuring dial in on Windows servers 116, 117 multiple serial ports 446 NFS servers 182 only serial ports with Wizard 171, 173 PPP on Windows 114 about cycling through power outlets 87 about devicename of internal modem 47 about DHCP configuration 170 about exiting OSD screens 381, 384 about Generic User permissions 38 about how alarm triggers get listed 269 about IPDU power management.
OnSite (continued) configuring authentication for 17 features overview 1–71 host name displayed 138 IP address displayed 138 model displayed 138 models 43 reboot procedure 374 SNMP on 53 unique security features 6 upgrading software 366 openssl utility 526 opiekey command, generating passwords for users 509, 511 opiepasswd command, registering users 509, 510 organization, document xliv OSD introduction 40 access rules and restrictions 377 background information and procedures 378 common navigation termino
P packet filtering introduction 65–71 rules 66 editing 341 options 331 pagers notifications, configuring with Web Manager 268 useing for serial port event notifications 4 parameter-problem ICMP type 416 parity modem options 261 serial ports connection options 172 partitions 577, 578 rebuilding 578 partitions, rebuilding 578 passwords changing one’s own 42 database 7 users, configuring with OSD 460 with Web Manager 157, 294 with Wizard 175, 178 using for authentication 7 PBXs 4 PCMCIA card slots, port number
ports 5900 48 See also AUX ports, KVM ports, serial ports, port sharing, port numbers access permissions, introduction 32–38 aliases 47 conventions for numbering 47 options for accessing 75 tasks for connecting and configuring devices 61 port-unreachable ICMP option 69, 416 POS systems 4 POST 5 power cycling 42 power management introduction 50, 76 AUX ports 257 configuration tasks 52 from the command line 51 hot key 483 IPDU 199, 201, 204, 208 defined 51 by administrative users 193 configuring AUX ports, wi
protocols (continued) configuring 68, 335 options 68 IP filtering 332 serial port, configuring for a dumb terminal 237 ps command 563 PSH (push) 68 PU interval 156 Q quit command, configuring in the OSD 435 R RADIUS authentication method 12 RADIUS authentication servers configuring with OSD 496 with Web Manager 285 RAM 577 RAMDISK 568 boot image in after network boot 568, 268 572 viewing information about 359 raw socket configuring a console session for a serial port 171 connections to serial ports 101
RETURN target action 70 Right host 54 RJ-45 ports 3 root user accessing the OSD 377 cannot log in 561 managing IPDUs on the command line 120 running commands that require root 39 router-advertisement ICMP option 69 routers 4, 55 router-solicitation ICMP option 69 routes static 343 configuring with OSD 422, 423, 424 with Web Manager 346 metric 424 RPC 25 RS-232 cable with a DB-9 connector 4 RSA Public Keys VPN authentication method 55 RSA Public Keys, configuring with Web Manager 320 RST (reset) flag 68 rt-
serial ports 4 authentication defaults 7 footnote 18 configuring access with Web Manager 240 alarms with Web Manager 270 aliases with OSD 447 with Web Manager 238 authentication tasks for configuring 17 with Web Manager 241 with Wizard 172 baud rate with OSD 448 with Wizard 172 connection protocol, with Web Manager 236 connection protocols with OSD 237, 447 with Web Manager 232 with Wizard 171 data buffering, with Web Manager 243 data size, with Wizard 172 flow control, with Wizard 172 IPMI or IPDU power m
serial ports (continued) using ssh to connect to 105 viewer hot keys 63 viewing status information, with Web Manager 361, 362 Serial Ports Configuration OSD screens 440 servers accessing through the Web Manager 141 authentication configuration tasks 492 configuring with OSD 491 with Web Manager 278 LDAP, configuring with OSD 494 with Web Manager 281 NIS, configuring with OSD 497 with Web Manager 285 RADIUS, configuring with OSD 496 with Web Manager 285 SMB(NTLM), configuring with OSD 497 with Web Manager 28
SNMP (continued) enbabling versions with Web Manager 326 trap notifications configuring, with Web Manager 268–273 triggers, configuring with Web Manager 272 traps, introduction 4 v1, v2, v3 version supported 53 software AlterPath PM IPDU, upgrading 201 OnSite, upgrading 366 software image 578 software upgrade AlterPath PM IPDU 199 finding the pathname for 368 Solaris operating system 4, 112 source-quench ICMP option 69, 416 source-route-failed ICMP option 69, 416 SSH dumb terminal connection protocol 233,
syslog configuring with OSD 390, 392 with Web Manager 303–305 with Wizard 182 data buffering 242 facility numbers introduction 28 configuring with OSD 390, 392 with Web Manager 244 IPDU, configuring with Web Manager 198 OSD configuration menu option OSD screens 466 prerequisites 28 servers introduction 28 configuring with OSD 466 with Web Manager 304 with Wizard 183–184 data buffering to 242 prerequisities for logging to 28 Syslog Configuration OSD screens 466 syslogging, See syslog system configuration scr
TCP port numbers (continued) for raw socket sessions configuring with Web Manager 234 for the Java applet serial port viewer 104 for TS profile configuring with Web Manager 233 range, configuring for packet filtering rules 68 reserved 48, 221 TCP protocol fields for packet filtering 333 menu options 333 packet filtering option 68 TCP sequence 70 tcp-reset 71 telnet command 40, 48, 110 configuring authentication for OnSite access using 7 dumb terminal access to devices through serial ports 233 for access to
time and date configuring with OSD 426 setting manually with OSD 481 with Web Manager 349 setting with an NTP server with OSD 481 with Web Manager 350 time-exceeded ICMP option 69 time-exceeded ICMP type 416 timeouts idle and screen saver 218, 220 idle, to configure 221 inactivity, disabling 135, 502 screen saver 218 configuring for Local User sessions with OSD 433, 434, 435 with Web Manager 222 timestamp-req ICMP type 416 TOS-host-redirect ICMP type 416 TOS-host-unreachable ICMP option 69 TOS-network-redir
users (continued) configuring IPDU power management user authorizations with Web Manager 196, 197, 252 with OSD 450–465 with Web Manager 218, 289, 294 with Wizard 175–178 default access to ports 32 Generic Users configuring KVM port access with OSD 465 permissions 34 IP users, configuring KVM session parameters, with Web Manager 218, 220 KVM port access status 360 local, configuring KVM port session parameters 218, 220 logging into the Web Manager 128 optionally-added 32 options for accessing ports 75 passw
Web Manager (continued) for administrative users 185–374 for regular users 139–159 logging in for administrative users 128 login screen 133 options 76 modes 135 options for connecting to ports 75 rules for logging into OnSite 162 switching between modes 135 tasks for configuring authentication 15 using to remotely administer the OnSite X xGrid boxes, in termperature graphs 58 Y yGrid boxes, in temperature graphs 58 39 who can access 42, 126 Wizard mode 162 webui.
640 AlterPath OnSite Administrator’s and User’s Guide
