Avocent® Universal Management Gateway Appliance Installer/User Guide
For important safety information, visit: www.emersonnetworkpower.com/ComplianceRegulatoryInfo Emerson, Emerson Network Power and the Emerson Network Power logo are trademarks or service marks of Emerson Electric Co. Avocent, the Avocent logo, Cyclades, DSView and Trellis are trademarks or service marks of Avocent Corporation. Liebert is a trademark or registered trademark of Liebert Corp. All other marks are the property of their respective owners.
i TABLE OF CONTENTS Product Overview Features and Benefits Secure access Autosense Web user interface (UI) VGA and USB connections CLI setup port IPv4 and IPv6 support Security Data logging, notifications, alarms and data buffering Power management Auto discovery Control of virtual media and smart card-capable appliances Flexible users and groups DSView™ management software plug-in Installation Supplied with the Appliance Rack and Wall Mounting Rack mounting Rack mount safety considerations Wall mounting C
ii.....
Table of Contents.....
iv.....
Product Overview The Avocent® Universal Management Gateway appliance serves as a single point for secure local and remote access and administration of target devices. The Avocent® Universal Management Gateway appliance supports secure remote data center management and out-of-band management of IT assets from any location worldwide.
2.....Avocent® Universal Management Gateway Appliance Installer/User Guide Avocent® Universal Management Gateway 4000 and 6000 appliances have 40 autosensing ports that can be used for service processor (SP) or serial connectivity and management. Ports that support autosensing are designated on the back of the appliance with a small turquoise line next to the port number. Ports indicate which mode of operation is currently active with a green or amber connection LED.
Product Overview..... 3 IP addresses can also be assigned statically to SPs, and the appliance can scan IP ranges to discover them. When a port is in serial mode, the amber LED will be illuminated. The appliance will assign the console port class by default and auto-detect whether to apply the Avocent or Cisco® soft pinout. The speed, flow control, parity and data-size are all predefined for connectivity to standard RS-232 server consoles but can be modified on a per-port basis.
4.....Avocent® Universal Management Gateway Appliance Installer/User Guide IPv4 and IPv6 support The appliance supports dual stack IPv4 and IPv6 protocols. The administrator can use the web UI or CLI to configure support for IPv4 and/or IPv6 addresses.
Product Overview..... 5 configure site-specific probe and answer strings. Auto discovery can also be configured through the DSView™ software. Supported SPs The appliance supports rack and blade server SPs from the following vendors: Dell®, HP, IBM®, Cisco®, Fujitsu®, Oracle® Sun and additional IPMI implementations. For a complete list of SPs supported by your appliance, visit www.avocent.com/updates to see the release notes that match your appliance firmware version.
6.....
Installation Before installing your Avocent® Universal Management Gateway appliance, refer to the following list to ensure you have all items that shipped with it, as well as other items necessary for proper installation.
8.....Avocent® Universal Management Gateway Appliance Installer/User Guide Bracket Connections for Rack Mount Configuration Rack mount safety considerations • Elevated Ambient Temperature: If installed in a closed rack assembly, the operating temperature of the rack environment may be greater than room ambient. Use care not to exceed the rated maximum ambient temperature of the appliance.
Installation..... 9 should be marked. Use a 3/16-inch drill bit to drill guide holes at the marked positions. Using 1/4 inch by 1 inch hex lag screws (not included with the wall-mounting kit), secure each bracket to the plywood wall, using at least two screws for each bracket. 2. Remove the two middle truss-head screws from each side of the appliance. It is important to remove only the middle two screws allowing the cover of the appliance to stay secured.
10.....Avocent® Universal Management Gateway Appliance Installer/User Guide The following is a list of important safety considerations that should be reviewed prior to installing or maintaining your cables: • Dress the cables neatly with cable ties, using low to moderate pressure. Do not overtighten ties. • If bending the cable is necessary, make it gradual with no bend sharper than a one inch radius. Allowing the cable to be sharply bent or kinked can permanently damage the cable’s interior.
Installation..... 11 CAUTION: This appliance contains an internal battery that is used for the real-time clock. This battery is not a field replaceable item, and replacement should not be attempted by a user. If real-time clock errors occur and the battery is suspected, visit http://www.avocent.com/support or contact the Avocent Technical Support location nearest you. WARNING: For Service Personnel Only - There is a risk of explosion if the battery is replaced with an incorrect type.
12.....Avocent® Universal Management Gateway Appliance Installer/User Guide Rear of the Appliance Connectors on the Appliance Rear Number Description 1 Power supplies. 2 Power Indication LED. 3 GB2 (eth1) 10/100M/1G Ethernet port. Can be connected to a second network or used for failover. 4 Sensors Autosensing ports. On the Avocent® Universal Management Gateway 4000 and 6000 appliances, 5 all ports are autosensing.
Installation..... 13 2. Use a UTP crossover cable to connect the devices to the appliance, using an adaptor, if necessary. NOTE: To comply with EMC requirements, use shielded cables for all port connections. WARNING: Do not turn on the power on the connected devices until after the appliance is turned on. To daisy chain PDUs to the appliance: NOTE: This procedure assumes you have one PDU connected to a port on the appliance. 1.
14.....Avocent® Universal Management Gateway Appliance Installer/User Guide UMIQ Module Configuration The UMIQ-v1 module has a single RJ-45 port to connect to the appliance. The UMIQ-v2 module has two RJ-45 ports. You can connect either one to the appliance and the other to a dedicated service processor port on the server. The cable length can be up to 100 meters long. See KVM management on page 69 for more information about KVM targets.
Installation..... 15 • The LED illuminates green when the appliance is turned on and operating normally. • The LED blinks green when the appliance is booting. • The LED illuminates amber if a fault condition occurs, such as power supply failure, elevated ambient temperature or fan failure. The LED will continue to illuminate amber as long as the failure persists. • The LED blinks amber when the appliance is shutting down. Once the LED is off, it is safe to unplug the power cords.
16.....Avocent® Universal Management Gateway Appliance Installer/User Guide The terminal settings are 9600 bits per second (bps), 8 bits, 1 stop bit, no parity and no flow control. 2. Turn on the appliance. When the appliance completes initialization, the terminal will display the login banner plus the login prompt. Configuration Example The following graphic and table illustrate a typical appliance configuration.
Installation.....
18.....
Installation..... 19 To use SSH to connect to a target through a serial port: For this procedure, you need the username configured to access the serial port, the target name (for example, 14-35-60-p-1), TCP port alias (for example, 7001), device name (for example, ttyS1), and the hostname of the appliance or IP address. To use an SSH client, enter the information in the dialog boxes of the client.
20.....
Initial Appliance Setup The Avocent® Universal Management Gateway appliance provides extensive access to attached devices. Consider the following security parameters and default values and how they align with your organizational security policies. The Avocent® Universal Management Gateway appliance ships with the following default settings: • DHCP, SSH v2 and HTTPS are enabled. • All autosensing ports are enabled. • Ethernet and CLI Setup ports are enabled.
22.....Avocent® Universal Management Gateway Appliance Installer/User Guide NOTE: For instructions on assigning an IP address using the CLI, see the Universal Management Gateway Appliance Command Reference Guide. The GB1 (eth0) port on the appliance is configured as a DHCP client. If your network is set up for DHCP, you must first find the IP address assigned to the appliance by looking at the DHCP leases on the network DHCP server.
Initial Appliance Setup..... 23 NOTE: If using DHCP, you must first find the IP address assigned to the appliance by looking at the DHCP leases on the network DHCP server. Enter https:// in your browser to connect to the appliance. To assign the IP address: 1. Log in to the appliance via its console port using admin as both the username and password. 2. Click the Administration button. 3. Click the Network Settings folder. 4.
24.....
Initial Appliance Setup..... 25 Order Service Action Use-case recommendation 12 srv-SNMP Accept Only needed if centrally monitoring the appliance using a central SNMP server. 13 srv-Externalsyslog Accept Only needed if centrally logging the appliance using a central Syslog server. 14 srv-SNMPTraps Accept Only needed if monitoring SNMP devices for the Trellis™ platform or managing NetPDUs. 15 srv-AdobeFlex Accept Needed to access the appliance web UI, set to DROP to disable the web UI.
26.....Avocent® Universal Management Gateway Appliance Installer/User Guide Order Service Action Service-8 Use-case recommendation UI. 34 srv-UMGService-8 DROP Needed only by the local host for the VGA console, Don't change this default for any reason. 35 srv-UMGService-9 DROP Needed only by the local host for the VGA console, Don't change this default for any reason. 36 srv-UMGService-10 Accept Needed for direct serial port access using Telnet, set to DROP in not using Telnet.
Web User Interface Once you have connected the Avocent® Universal Management Gateway appliance to a network, you can access the appliance with its web user interface (UI). The web UI provides direct access to the appliance and its target devices via a graphical user interface.
28.....Avocent® Universal Management Gateway Appliance Installer/User Guide Web UI Web UI Descriptions Number Description 1 Title bar - Use the title bar to access the online help, log out or change the current user's password. 2 Tab bar - Use the tab bar to display and manage targets, sensors, events, administration and alerts. 3 Sidebar - The sidebar is used to display windows that specify settings or perform operations.
Web User Interface..... 29 Example Sidebar Admin role By default, Admins have access to all the tabs of the web UI. Admins can access the Targets, Sensors, Events and Administration tabs of the UI. By default, the login and password for Admins is admin. Operator role Operators can access the Targets, Sensors and Events tabs of the UI. By default, the login and password for Operators is operator. User role Users can access the Targets and Sensor tabs of the UI.
30.....Avocent® Universal Management Gateway Appliance Installer/User Guide Targets The information shown in the Targets tab is primarily read-only and is intended to facilitate user access to target sessions or target control. For more information, see Targets on page 105. Sensors The Sensors tab is only visible on a Avocent® Universal Management Gateway 4000 or 6000 appliance.
Administration When logging in as an Administrator, you will have access to the Administration tab. From this tab, you can configure and manage the appliance and its associated targets. NOTE: The actions in this section can be performed by first clicking the Administration tab. Administration Tab Overview Appliance Settings From the sidebar, click Appliance Settings to view the appliance model, serial number, firmware version and power supply status.
32.....Avocent® Universal Management Gateway Appliance Installer/User Guide You can use the buttons at the top of the screen to reboot, shut down or launch an SSH session to the appliance. WARNING: Always execute the shutdown command through the web UI, CLI or DSView™ software under the Overview/Tools node before turning the appliance off, then on again. This will ensure the reset doesn't occur while the file system in Flash is being accessed, and it helps to avoid Flash memory corruptions.
Administration..... 33 Network Settings Click Network Settings to configure the hostname, DNS, domain name, IPv4 default gateway and IPv6 default gateway. Network modes The appliance provides agentless remote access and control. No special software or drivers are required on the attached servers or client. The appliance has three physical network interfaces (eth0, eth1, priv0). Each interface has an individual MAC address and can be configured for normal or failover modes.
34.....Avocent® Universal Management Gateway Appliance Installer/User Guide with other 10.x.x.x networks via the gateway assigned to GB2. A static route can be added to the appliance indicating that 10.1.0.1 should be used to communicate with all 10.x.x.x subnets. Failover In Failover mode, the GB1 and GB2 interfaces are both activated and each has a unique MAC address but they share a common bond0 virtual interface.
Administration..... 35 the interfaces will be lost and communication with devices accessible through the ports within the bridge group will occur via the bridge group's IP address. Appliance interfaces placed into a bridge group will not support DHCP services to prevent conflict with other DHCP services on the network. The appliance will also not support UMIQ modules connected to bridged interfaces. The appliance is not intended to be a general purpose ethernet bridge.
36.....Avocent® Universal Management Gateway Appliance Installer/User Guide To delete a bridge group configuration: 1. From the sidebar, click Network Settings. 2. Under the Bridge Group Configuration heading, check the box next to the name of the bridge group you want to delete, then click Delete. Hosts An administrator can configure a table of host names, IP addresses and host aliases for the local network. To add a host: 1. From the sidebar, select Network - Hosts. 2. Click Add to add a new host. 3.
Administration..... 37 To add static routes: 1. From the sidebar, select Network Settings - Routes. Any existing static routes are listed with their Destination IP/Mask, Gateway, Interface and Metric values shown. 2. Enter the destination IP, gateway and netmask values in the appropriate fields, then use the drop-down menu to select the device interface. 3. Click Add. To delete a static route: 1. From the sidebar, select Network Settings- Routes. 2.
38.....Avocent® Universal Management Gateway Appliance Installer/User Guide 6. To edit an existing network, check the box next to the network under the Modify an OSPF Network heading. When finished, click Apply. 7. To delete a network, check the box next to the network, then click Delete. BGP BGP is one of the key protocols used to achieve internet connection redundancy. BGP appliances use TCP protocol on port 179 to communicate with each other.
Administration..... 39 8. To edit an existing neighbor, check the box next to the neighbor under the Modify a BGP neighbor heading. When finished, click Apply. 9. To delete a neighbor, check the box next to the neighbor, then click Delete. Network Share The appliance supports the ability to upgrade multiple SPs through network share. An administrator can configure the network share by clicking Network Settings - Network Share from the Administration sidebar.
40.....Avocent® Universal Management Gateway Appliance Installer/User Guide Users group A user account must be defined for each user on the appliance or on an authentication server. Only an admin can add and configure other user accounts. Each local user account is assigned to one or more of the user groups. CAUTION: Change the default passwords before you put the appliance into operation. Password Policy The default username and password for the appliance is admin and admin.
Administration..... 41 User and User Group Preemption Preemption Level Description 6 The default level for the admin account. Only available to admins. 5 The default level for the factory operator account. Only available to operators and administrators. 4 The default level for a new local user of a KVM switch or serial console appliance. 3 The default level for the Avocent® Universal Management Gateway Appliance . 2 The default level for the user administrator user group.
42.....Avocent® Universal Management Gateway Appliance Installer/User Guide 5. Check the box to enable the session time-out and enter the number of minutes for the time-out in the field. 6. Check the box to have the password expire and then enter either the number of days before it expires or the date it expires. 7. Check the box to warn the user the password will expire and then enter the number of days before in the field. 8.
Administration..... 43 5. Enter the following information: a. The IP address of the authentication server. b. The Base Distinguished Name, which is the LDAP path to the location of the user accounts. c. Use the drop-down menu to select Off for SSL Mode. d. Enter the Bind Distinguished Name, which is the service account the appliance will use to communicate with the LDAP server. e. Enter the Bind Password, which is the password of the service account. f.
44.....Avocent® Universal Management Gateway Appliance Installer/User Guide 2. Enter the IP address for the DSView™ server for authentication. NOTE: This forwards all authentication requests to the DSView™ server. User Target Access After creating or modifying a user, click the username and then select the Target Access tab to manage targets for that user. Managed targets are displayed in the column on the left. Available targets are displayed in the column on the right.
Administration..... 45 For example, if an administrator configures the appliance to restrict user access to a target, the administrator can assign users to groups that are authorized for specific target access. The administrator can also authorize groups for power management and data buffer management. This document and the software refer to users whose accounts are configured on remote authentication servers as remote users. Remote users do not need local accounts.
46.....Avocent® Universal Management Gateway Appliance Installer/User Guide Administrators can configure ports, add users and manage power devices connected to the appliance. NOTE: The only configuration allowed for the Appliance Administrator group is adding or deleting members. To view admin Appliance Access Rights: 1. From the sidebar, click Users - Groups. The Group screen is displayed, showing the three default user groups along with any groups that have been created. 2.
Administration..... 47 Target Access is the most permissive. As long as either a user, or a user's group has access, the user will have target access. The following table shows target access depending on a user's or group's access. Group Target Access If User Has Access If Group Has Access Resulting Target Access Yes Yes Yes Yes No Yes No Yes Yes No No No To add a managed target: 1.
48.....Avocent® Universal Management Gateway Appliance Installer/User Guide 3. For serial targets, use the drop-down menu to select the session access and check the box (es) to kill a multi-session or for multiple-session notification. 4. Click Apply.
Administration.....
50.....
Administration..... 51 The appliance contains three preconfigured virtual interfaces named priv, kvm and spm. They have unique names and IP addresses but all share a common MAC address. By default, only the priv virtual interface is enabled and all ports in network mode are assigned to it. There is a single active DHCP range associated with the IP assigned to priv. An administrator can create additional virtual interfaces to further separate or group IP devices by various types.
52.....Avocent® Universal Management Gateway Appliance Installer/User Guide Serial Settings From the sidebar, click Targets - Port Configuration - Serial Settings to view or change the default serial interface communication settings. To configure serial mode settings: 1. For serial devices connected to a port, click Targets - Port Configuration - Serial Settings. 2. Select the port and click Serial Port Setting. 3.
Administration..... 53 NOTE: If DHCP is desired, the IP address of the virtual interface should correspond to a dynamic range on the DHCP settings page. Newly created interfaces will not issue DHCP addresses until the DHCP service is restarted. To edit or delete a virtual interface: 1. Click Targets - Port Configuration - Network Settings. 2. Under the Modify a Virtual Interface heading, check the box next to the private interface you want to edit. 3. Make your changes.
54.....Avocent® Universal Management Gateway Appliance Installer/User Guide The lease bindings tell you which IP addresses have been dynamically assigned to targets. It displays the range, start and end times, MAC address, hostname, port number and target device type. The lease bindings can only be cleared by deleting the dynamic range they were issued from and restarting the DHCP server. Lease times are measured in days. NOTE: Only one range may operate on a private interface.
Administration..... 55 manage certain classes of devices independently, the virtual interface must first be assigned an IP. The priv virtual interface is by default: 192.168.10.1/24. To assign virtual interfaces IP addresses: 1. Browse to the network settings page located at Administration - Targets - Port Configuration - Network Settings. 2. Use the drop-down menu under state to enable the interface. 3. Enter the IP address/mask and broadcast address. 4. Click Apply.
56.....Avocent® Universal Management Gateway Appliance Installer/User Guide 2. Click Add to add a new user. -orClick the username to edit the user. 3. Add or edit the username and password. 4. Add or edit the description as desired. 5. Click Apply. Logical discovery The appliance supports creation of up to 20 discovery queues that can be leveraged to discover SPs on the network. The discovery ranges define a start-stop IPv4 address that the appliance will scan looking for SPs.
Administration..... 57 4. If you want to supply a username and password for the SP, uncheck the box and type in the desired credentials. If you leave the box checked, a username and password will be found from the default users list. 5. Use the drop-down menu to select an appropriate SP profile. 6. Enter the KG in hex format (optional). 7. Use the drop-down menus to select the cipher and group name (optional). 8. Check the box if you want to enable SoL data buffering (SoL history). 9. Click Apply.
58.....Avocent® Universal Management Gateway Appliance Installer/User Guide vKVM session. If you wish to change the default vKVM option and if vKVM is supported by the SP, from the Modify SP page, select whether Java or ActiveX is the preferred viewer. You can then open a session by selecting the SP from the Targets tab, by clicking the Sessions tab and clicking Virtual KVM/Media. NOTE: Microsoft Internet Explorer is the only browser that supports ActiveX. vKVM Preference To remove an SP: 1.
Administration..... 59 NOTE: Sessions to generic SPs will proxy through the appliance in the same way as sessions to all other SPs. Discovery log The discovery log displays the results of SP add and SP discovery processes on the appliance. The log chronologically displays the status of the add/discovery steps and will automatically update as status changes occur. To view the discovery log, from the Administration tab, click Targets - Discovery, then click the Log tab.
60.....Avocent® Universal Management Gateway Appliance Installer/User Guide To perform advanced sorting and filtering, the Discovery Log can be exported to a .csv file by clicking Export. An administrator can clear selected log entries on a single page by checking the desired boxes next to log entries then clicking Clear Selected. The entire Discovery Log can be purged by clicking Clear All. SP management A service processor (SP) can be connected to any numbered target port on the back of the appliance.
Administration..... 61 You can also add multiple SPs at once by creating a custom file containing the IP address, port, username, password and SP type of the SPs you want to add. Once SPs are added, their information will be displayed within the table on the SP Management page. NOTE: Users that do not have Administrator access will only see devices to which they have access. Default Users The appliance contains a list of default usernames and passwords that will be used when adding and discovering SPs.
62.....Avocent® Universal Management Gateway Appliance Installer/User Guide 2. Click Add to add new firmware to the repository. 3. Use the drop-down menu to store the firmware locally on the appliance or remotely via the network share. 4. Use the drop-down menu to select the firmware profile and enter a firmware version or comment as desired. 5. Click Upload, then browse to where the firmware is stored and click Open to upload it. To delete SP firmware from the repository: 1.
Administration..... 63 • Serial Management - Serial Console Ports. These settings govern the handling of serial port data within the appliance. NOTE: To rename a target, see Targets on page 50. Serial console ports Any autosensing port can be used to connect a serial target to the appliance. The autosensing ports support either the Avocent® or Cisco™ soft pinout modes. To edit the CAS settings for one or more serial targets: 1. Click Targets - Serial Management. 2.
64.....Avocent® Universal Management Gateway Appliance Installer/User Guide Parameter Description interval. Default: Normal. DTR Off Interval Interval used by DTR Mode Off Interval in milliseconds. Default: 100. Line Feed Suppression Enables the suppression of the LF character after the CR character. Default: Disabled. Null After CR Suppression Enables the suppression of the NULL character after the CR character. Default: Disabled.
Administration..... 65 Data logging If you enabled Serial Session Logging under the Data Buffering tab, you will be able to download the logged data once a serial session to the enable port has been launched. To download logged data: 1. Click the Targets tab in the title bar. 2. From the sidebar, click Serial Console then click on the target on which you enabled data logging. 3. Click the Logs tab, then click Download Logs.
66.....Avocent® Universal Management Gateway Appliance Installer/User Guide CAS profile From the CAS profile page, you can configure the serial console features, including the host name, auto discovery, auto speed and auto time-out. To configure the CAS profile: 1. From the sidebar, click Targets - Serial Management. 2. Click the CAS Profile tab. 3. Under the Settings heading, enter the auto discovery timeout and probe timeout in number of seconds. 4.
Administration..... 67 Type Protocol Ports Avocent® PM PDU (PM10/20/1000/2000/3000) Serial Any autosense port Liebert® MPH/MPX/MPH2/MPX2 IP-SNMP Any appliance port or Remote via LAN infrastructure Serial PDUs connected to an autosense port will be automatically discovered. Serial PDUs connected to a port with autosense disabled must be manually given a port class of Serial PDU.
68.....Avocent® Universal Management Gateway Appliance Installer/User Guide 2. Enter the community name string, use the drop-down menu to select either RO (Read Only) or RW (Read/Write) as the ComType and enter a community description. 3. Click Apply. NOTE: A com type of RW is required to turn outlets on or off and to modify rack PDU settings. You may need to change the SNMP com type within the rack PDU's native interface and within the appliance before control actions will be supported.
Administration..... 69 Asset Location Asset tracking enables a user to determine the specific location of a device within a rack and also track the movement of devices into and out of the rack. The Avocent® Universal Management Gateway appliance can perform asset tracking using an external appliance such as the Data Cabinet Intelligence Module (DCIM) along with Remote Frequency Identification (RFID) tags. RFID tags are placed on devices before they are installed in the rack.
70.....
Administration..... 71 UMIQ-v2 Module UMIQ Module Descriptions Number Description 1 Module's RJ-45 connector. The v1 module has one port used to connect to the appliance via a CAT 5 cable. The v2 module has a second port which can be connected to a dedicated SP. 2 DC power plug. 3 VGA connector for video. 4 USB connector for keyboard and mouse. The UMIQ module has an embedded Linux OS that boots when the UMIQ module has power.
72.....Avocent® Universal Management Gateway Appliance Installer/User Guide WARNING: Never connect a network (switch/hub/firewall/router) between the appliance and a UMIQ module. The appliance sends electricity that will damage anything that is not a UMIQ module. UMIQ Module LED Patterns LED Power LED Pattern Description Constant ON Power LED is on when the UMIQ module is operating with USB power, in a normal operating state.
Administration..... 73 • Management - Displays whether the module is Pre-discovered, Managed or Not Managed. During the initial connection or during a factory reset, as the module is being discovered the management status will change from Pre-discovered to Managed. • Appliance Power - Displays if the appliance is providing power to the module. • Power Mode - Displays the power status for the module. Full means the module is getting power from the appliance and the target.
74.....Avocent® Universal Management Gateway Appliance Installer/User Guide Factory reset After the module has been configured, you can return it to the factory default settings. To factory reset UMIQ modules: 1. From the sidebar, click Targets - KVM Management to open the Appliance UMIQ screen. 2. Select the checkbox next to the UMIQ module you wish to delete, and click Factory Reset. NOTE: Performing a factory reset will remove all custom settings.
Administration..... 75 General Under the General heading you have the option to delete offline modules or automatically upgrade modules. By default, both settings are disabled. For more information see Upgrading UMIQ modules on page 73. Sharing Under the Sharing heading, you can enable and select the level of sharing. Options include: Automatic, Exclusive and Stealth. • Automatic is a sharing option that will automatically allow another user to share the console session.
76.....Avocent® Universal Management Gateway Appliance Installer/User Guide Encryption level In the Encryption Level area, specify an encryption level for the keyboard/mouse, video and virtual media: • 3DES - SSL Triple DES encryption • 128-Bit SSL - 128-bit encryption which used an ARCFOUR (RC4®) SSL cipher • AES - AES encryption At least one encryption level must be specified for the keyboard and mouse.
Administration..... 77 • The virtual media access mode allows you to set the access mode for mapped drives to readonly or read-write. When the access mode is read-only, the user will not be able to write data to the mapped drive on the client server. When the access mode is read-write, the user will be able to read and write data from/to the mapped drive.
78.....Avocent® Universal Management Gateway Appliance Installer/User Guide 7. For Virtual Media: a. Check the box(es) to enable virtual media, lock to KVM session or allow reserved sessions. b. From the drop-down menu, select the Virtual Media Access Mode. 8. Select the checkbox to enable Smart Card access. 9. Click Apply. EDIDs The appliance can store monitor EDIDs (extended display identification data) on connected UMIQ modules.
Administration..... 79 2. Under the Session Settings heading, use the drop-down menu to select the desired resolution. 3. Click Apply. 4. If using a custom setting, click the Custom EDID tab. 5. Select either File or List as the desired source. a. If you have selected File, click Get File and choose the appropriate file. b. If you have selected List, update the resolution list with the desired resolution from the dropdown menus. NOTE: The default resolution will apply to all sessions and UMIQ modules. 6.
80.....Avocent® Universal Management Gateway Appliance Installer/User Guide To modify a group: 1. Click Targets - Target Groups then click on the name of the group you want to modify. 2. Select one or more targets from the Available list on the right and click the left arrow to add them to the group contents. NOTE: A filter string may be used to narrow the target list. 3. Click Apply. Startup From the sidebar, click Startup to display startup settings.
Administration..... 81 Upgrading the firmware from the web UI can take from 90 minutes to two hours. During this time, the appliance will appear to be offline. If the session times out during the upgrade, the upgrade will be canceled. For this reason, it is recommended you first disable the session time-out before upgrading the firmware. To disable the session time-out: 1. From the sidebar, click Users. 2. Click on the user performing the upgrade. 3. Uncheck the Session Times Out box. 4. Click Apply.
82.....Avocent® Universal Management Gateway Appliance Installer/User Guide USB Devices From the sidebar, click USB Devices to view the name, type, information and status of any connected USB devices. You can also enable or disable all USB ports on the appliance as well as eject any devices so that they can be shut down properly. To mount a USB Mass Storage device: 1. Click USB Devices. 2. Check the box next to the device and click Start.
Administration..... 83 Number Name Type 2 DO2 (Digital Output) Buzzer, Beacon and Door Lock 3 DI1/DI2 (Digital Input) Vibration, Smoke, Leak, Door and Motion 4 TH1/TH2 (1-Wire) Temperature, Humidity and Dry Contacts The following table displays the data that can be collected.
84.....Avocent® Universal Management Gateway Appliance Installer/User Guide Digital inputs The digital inputs collect smoke, leak and motion data. They can be connected to the DI1/DI2 ports on the back of the appliance.
Administration..... 85 RS-485 environment sensor RS-485 environment sensors collect temperature, humidity and water data. They can be connected to the SNSR/COM2 ports on the back of the appliance.
86.....Avocent® Universal Management Gateway Appliance Installer/User Guide To delete a delta calculation: 1. From the sidebar, click Sensors - PDU Temperature Sensors Delta. 2. Check the box next to the delta you want to delete then click Delete. Monitoring The appliance will monitor and generate notifications for a variety of events. You can configure the appliance to store or send the notifications to various destinations for immediate use or for analysis later.
Administration..... 87 or log files. You can set up logging of messages for the following types of events: • Events of interest from the appliance • Sensor alarms generated by sensors on SPs Messages can be sent to a user defined destination.
88.....Avocent® Universal Management Gateway Appliance Installer/User Guide To configure Digital Output notifications: 1. From the sidebar, go to Monitoring. Under the Notification Rules heading, check the boxes for the events for which you want to trigger a digital output relay. 2. Click Apply. NOTE: Digital Output (DO) relays are for events on the back of the appliance only. 3.
Administration..... 89 5. Use the drop-down menu to select the Log Detail Level. 6. Click Apply. To download the log file: 1. Click Support. 2. Click Download Log. 3. Browse to the save location and click Save. Security From the sidebar, click Security to enable or disable the following network services: • Telnet • ICMP • SSH • HTTPS • HTTP redirect Certificate The appliance, by default, has a certificate installed that controls the web services and allows access through HTTPS.
90.....Avocent® Universal Management Gateway Appliance Installer/User Guide Third-party Certificate Firewall and NAT The firewall and NAT feature enables an administrator to configure the rules governing traffic filtering, IP forwarding and address translation within the appliance. NOTE: The appliance is specially designed for managing and providing access to device management consoles. It is not supported as a general purpose router, switch or packet filter.
Administration..... 91 New virtual interfaces can be made for use with private ports by clicking Administration - Targets - Port Configuration - Network Settings. For more information on creating an interface, see Port configuration on page 50. Interfaces Tab From the Interfaces tab you designate interfaces as either inside or outside, with respect to how they will be used within NAT and firewall rules. Interfaces designated as Inside are private and interfaces designated as Outside are public.
92.....Avocent® Universal Management Gateway Appliance Installer/User Guide 3. Click the Left Arrow to move the interface back to the Available field, if desired. 4. Repeat as desired for each interface under either the Outside or Inside headings. 5. Click Apply. To create IP aliases for 1-to-1 NAT: 1. From the appliance's Linux shell, type cd, then type /usr/bin/fwnatdirectory. 2. The fwnat-alias.sh script can be used to create IP aliases on the eth0/eth1/bond0/ interfaces.
Administration..... 93 represents all possible hosts within the subnet. The best way to designate an IP range of 192.168.0.1-254 within a network definition on the appliance would be using the CIDR formatted address of 192.168.0.0/24. This process effectively assigns a name to a range of IPs or an entire network. The NAT and firewall rules rely on definition names exclusively. Networks Tab To add a network definition: 1. From the sidebar, click Firewall and NAT, then click the Networks tab. 2.
94.....Avocent® Universal Management Gateway Appliance Installer/User Guide To modify or delete a defined network: 1. From the sidebar, click Firewall and NAT, then click the Networks tab. 2. Under the Defined Networks heading, check the box next to the network you wish to modify or delete. 3. Make your changes and click Apply. -orClick Delete to delete the defined network.
Administration..... 95 Hosts Tab To add a host: 1. From the sidebar, select Network - Hosts. 2. Click Add to add a new host. 3. Enter a name to represent the host, an IPv4 Address and the physical or virtual interface which can communicate with this host. Then click Apply. The new host definition will appear in the User Defined Hosts table. NOTE: The network interface must be one listed on the Interfaces tab. To delete a host: 1. From the sidebar, select Firewall and NAT - Hosts. 2.
96.....Avocent® Universal Management Gateway Appliance Installer/User Guide Services Service definitions represent programs and network traffic by their TCP/UDP port number or port range. Service definitions are essential for network address translation of ports (PAT) where a single outside IP and unique ports are used to represent unique inside IP/ports.
Administration..... 97 Services Tab To create a service definition: 1. From the sidebar, click Firewall and NAT, then click the Services tab. 2. In the Service Name field, enter a name to be used for the service. NOTE: A service name can be between 3-40 alphanumeric characters. 3. In the Service Address field, enter a valid subnet ID for the service in CIDR format. For example, 192.168.10.0/24. 4. Enter the starting and ending ports for the IP protocol. NOTE: Valid entries are from 0-65,535. 5.
98.....Avocent® Universal Management Gateway Appliance Installer/User Guide 2. In the User Defined Services table, check the box next to the service you want to modify or delete. 3. Make your changes and click Apply. -orClick Delete to delete the service definition. Policy An administrator can control the flow of IP traffic in, out and through the appliance with a NAT and/or firewall policy.
Administration..... 99 NOTE: In this context, the nearest IP is the one belonging to the same network or the closest routable IP on a different network. Network configuration changes made to eth0, eth1, bond0, br0, priv, kvm, spm, and any other bridge groups and virtual private interfaces could affect the applicability of NAT and firewall rules.
100.....Avocent® Universal Management Gateway Appliance Installer/User Guide Number Description 5 Outgoing NAT on an inside interface. 6 Outgoing NAT on an outside interface. Firewall flow Traffic entering the appliance (input) is subject to filter rules after it has passed through NAT rules and routing decisions. Traffic exiting the appliance (output) is subject to filter rules before routing decisions are made and NAT rules perform any translation.
Administration..... 101 happens before filtering when traffic is entering the appliance and filtering happens before translation when traffic is exiting the appliance. For example, if input traffic passes through an incoming NAT rule, which has translated the destination address, then the only way for the filter rule to match a destination address is to have the filter rule match the pattern of the translated destination address and not the original destination address of the traffic.
102.....Avocent® Universal Management Gateway Appliance Installer/User Guide Number Description 7 Incoming NAT on an inside interface before input filter on the same inside interface. 8 Incoming NAT on an outside interface before input filter on the same outside interface. NAT setup An administrator can add and configure NAT policies to perform address translations.
Administration..... 103 To modify or delete a NAT Policy: 1. From the sidebar, click Firewall and NAT, then click the Policy tab. 2. Under the Defined NAT Policies heading, check the box next to the policy you want to edit or delete. 3. Make inline changes to the row you want to edit and click Apply. -orClick Delete to delete the policy. Firewall setup By default, the appliance is pre-populated with system-defined firewall policy rules that support appliance features.
104.....Avocent® Universal Management Gateway Appliance Installer/User Guide NOTE: Valid names must be between 3 and 40 alphanumeric characters. 4. Use the drop-down menus to select the Action, Connection Status and Rule State. 5. Click Apply. For each rule, an action (either ACCEPT, DROP, REJECT or LOG ) must be selected from the Policy drop-down menu. The selected action is performed on an IP packet that matches all the criteria specified in the rule.
Targets When logging into the appliance, the Targets tab is the default view. The Targets tab view consists of a sidebar and the Targets table. NOTE: The actions in this section can be performed by first clicking Targets in the tab bar. Targets Tab Targets Tab Descriptions Number Description 1 Sidebar 2 Targets Table From the sidebar, you can access an appliance and its associated targets. From the Targets table, you can view information about the target and open a session to it.
106.....
Targets..... 107 To view and control the SP's indicator LED: 1. Click an SP name. 2. Click the System tab. The system information window appears and the current chassis LED status of the target device is displayed under the Enclosure heading. 3.
108.....Avocent® Universal Management Gateway Appliance Installer/User Guide SP Access Session Types Destination Type Session Button Server OS Graphical KVM Virtual KVM/Media Server OS Command Line Interface Serial over LAN (SOL), SOL History Service Processor Browser Browser-AutoLogin, Browser (manual login) Service Processor Command Line Interface SSH-AutoLogin, SSH (manual login), Telnet (manual login).
Targets..... 109 Sessions Page Access 2 To close an SP Access session: 1. From the Sessions page, click the box next to the session you want to close. 2. Click Delete. Power Click the Power tab to view the power consumption information for the target device. Click Refresh to refresh the power consumption information. NOTE: Check the appliance firmware release notes to determine if your SP type supports this feature.
110.....Avocent® Universal Management Gateway Appliance Installer/User Guide The correction time is the number of milliseconds the SP/server will wait before applying a corrective "P" state or clock rate to reduce power consumption below the threshold. The sampling period is how often in seconds the SP/server will query for current power consumption. The exception action is the action the SP/server will take when a threshold is exceeded, and the options will vary from server to server.
Targets..... 111 To improve session performance: 1. In the KVM viewer, click Tools-Automatic Video Adjustment to calibrate the A/D converter to the video signal coming from the server video card. 2. To identify a KVM session that is slow due to unclean video signals, click Tools-Manual Video Adjustment. A clean video signal will create 0 Pkts/Sec. on the performance monitor when there is not any activity on the target server.
112.....Avocent® Universal Management Gateway Appliance Installer/User Guide • Rapidly opening and closing full-screen windows = 30-70 pkts/sec (avg. 2.5mbps download | 230kbps upload) KVM window resolution 1024x768 @60hz (Ubuntu Desktop) • Zero screen movement = 0 pkts/sec (avg. 1.3kbps download | 1.0kbps upload) • Continuous mouse circles movement on screen = 30 pkts/sec (avg. 470kbps download | 245kbps upload) • Rapidly opening and closing full-screen windows = 40-50 pkts/sec (avg.
Targets..... 113 2. Click the Upgrade, Reboot, Reset HW Overcurrent Protection, Restore Factory Defaults and Browser buttons as desired. NOTE: The power controls (On, Off and Cycle) will be applied to all outlets of the PDU. Outlets By selecting the Outlets tab, you can view status, number and name of outlets. You can turn on, turn off, cycle, lock or unlock selected outlet(s). To manage outlets: 1. From the sidebar, click on the PDU to manage its outlets. 2. Click the Outlets tab. 3.
114.....Avocent® Universal Management Gateway Appliance Installer/User Guide 4. Select the outlets you want to configure and click Edit. You can change the Post On Delay and Post Off Delay as well as the High Critical, High Warning, Current Low Warning and Low Critical thresholds. 5. Click Apply when finished. To configure PDU settings: 1. Select a PDU to manage. 2. Click on the Settings tab. 3. Click PDU. 4. Select the PDUs you want to configure and click Edit.
Targets..... 115 4. Select the sensors you want to configure and click Edit. You can configure a sensor’s Name and Unit as well as its High Critical, High Warning, Low Warning and Low Critical thresholds. 5. Click Apply when finished. Power Outlet Available outlet targets can be viewed under the Targets tab. To view available serial targets: 1. From the sidebar, click Power Outlet and then click on a target to view properties, overview and settings.
116.....
Sensors and Events Sensors From the sensors tab, you can view the name, value, time and location for an external sensor connected to the appliance. In addition, you can also view the type and alert for the digital inputs. Events The appliance will generate notifications and alerts for a variety of events. When an event occurs on the appliance, it is saved in the event log.
118.....Avocent® Universal Management Gateway Appliance Installer/User Guide CPU and disk usage CPU and disk usage are system alerts.
Appendices Appendix A: Technical Specifications Technical Specifications Category Value Autosensing Ports Number 8 or 40 Connectors RJ-45 Dimensions Form Factor 1 U-rack, mountable Length x Depth x Height 20 inches x 17.09 inches x 1.7 inches Weight (without cables) 14.2 pounds SETUP Port Number 1 Type Serial Connector RJ-45 Local Port Number/Type 1/DB15 Network Connection Number 2 Type 10/100/1000 Ethernet Connector RJ-45 USB Device Port Number 4 Type USB 2.
120.....Avocent® Universal Management Gateway Appliance Installer/User Guide Category Value Rating Ambient Atmospheric Condition Ratings Temperature 0-50° Celsius Humidity 20-85 percent non-condensing Safety and EMC Standards, Approvals and Markings Safety certifications and EMC certifications for this product are obtained under one or more of the following designations: CMN (Certification Model Number), MPN (Manufacturer’s Part Number) or Sales Level Model designation.
Appendices..... 121 Appendix B: Installation Checklist You can print and refer to the following checklist to assist you with installing the appliance and managed targets. Appliance Connections Checklist Number Installation Step 1 Rack mount or wall mount the appliance. See Rack and Wall Mounting on page 7 2 Connect the redundant power cables to P1 and P2 (100-240 volts).See Connecting the Hardware on page 11 3 Connect at least GB1 to the management network.
122.....Avocent® Universal Management Gateway Appliance Installer/User Guide Number Installation Step 9 Physically connect KVM, serial or PDU targets to the appliance. See Connecting targets on page 12 10 To connect SPs to the appliance, First, consult the appliance release notes for a list of supported SP types and firmware versions.
Appendices..... 123 Appendix C: Forgotten Password If locked out of all administrator accounts, contact technical support with the appliance serial number. Technical support will supply a key that will reset the appliance to the factory default with default accounts.
124.....Avocent® Universal Management Gateway Appliance Installer/User Guide Appendix D: Booting from the Network If you're experiencing issues with your appliance, you can perform a Netboot Recovery and load new factory default appliance firmware or restore a previously saved backup image file to the appliance. The Netboot Recovery file can be obtained from Avocent Technical Support and it must be placed onto an FTP server in order for the Netboot Recovery process to function.
Appendices..... 125 Appendix E: Creating an SP File In order to have the appliance import a list of service processors, you must create a file containing the SPs. Each line of the file must be in the following format: IP:Port:Username:Password:Profile. Repeat this format for each SP to be added to the list. See SP File Format on page 125 for the syntax descriptions. Colons must be used to separate the parameters.
126.....Avocent® Universal Management Gateway Appliance Installer/User Guide Appendix F: Troubleshooting SPs If you cannot discover or manually add an SP, try the following: • • Verify the SP is enabled in the BIOS of the server. • Some SP settings are stored in the main BIOS or . • Some SP settings are in an alternate BIOS . • Some SP settings are in both the main and alternate BIOS.
Appendices..... 127 Appendix G: Appliance Troubleshooting LAN performance If you're experiencing issues between the appliance and the network, issue the ethtool eth0 or ethtool eth1 command to determine if the appliance is communicating with the network switch at half duplex. This can happen if the network switch is not set to auto-negotiate speed and duplex (the appliance only supports auto).
128.....Avocent® Universal Management Gateway Appliance Installer/User Guide Bridge groups When creating a bridge group inside of the appliance, there is a default setting to "Enable STP." STP (Spanning Tree Protocol) is a network switch methodology for eliminating switching loops caused by redundant network connections. STP requires network switches to send out a BPDU (bridging protocol data unit) which is essentially an ID that identifies the sending switch.
Appendices..... 129 Appendix H: Troubleshooting From the Appliance Shell The appliance shell is a powerful tool for advanced troubleshooting and debugging. The following commands are examples of various ways to troubleshoot for performance and potential networkrelated issues. Network related Example 1: Network related issues can sometimes be difficult to diagnose and troubleshoot.
130.....Avocent® Universal Management Gateway Appliance Installer/User Guide if [ $# != 3 ] then echo "Usage monitorNETSTAT.sh sleep topN sortQ" echo "Where sleep - seconds to sleep between samples" echo " topN - top number of rows to return" echo " sortQ - [r|s] to sort on (r)ecv-q or (s)end-q" exit 1 fi SLEEP=$1 TOPN=$2 if [ "${3}" = "r" ] then SORTQ=2 else SORTQ=3 fi while [ 1 ] do netstat -t -p | grep Recv-Q > netstatHEAD.lst netstat -t -p | grep tcp | sort -k ${SORTQ} -g -r > netstatDETAIL.
Appendices..... 131 Appendix I: IP Masquerading for 1-to-1 NAT To set up a 1-to-1 NAT, you will first need to create a virtual public interface. The virtual public interface will appear within the Firewall and NAT screens of the appliance: Input /usr/bin/fwnat/ fwnat-alias.sh Usage: . /fwnat -alias [-h] -c -i -n -a -b Virtual Public Interface Syntax and Options Syntax Option -h Displays the command syntax.
132.....Avocent® Universal Management Gateway Appliance Installer/User Guide Appendix J: Firewall and NAT Configuration Scenarios Firewall and NAT scenario 1: Forwarding SNMP traps from an SP to an external receiver. Scenario 1 Diagram Scenario 1 Diagram Descriptions Number Description 1 External trap receiver server/console 2 Appliance 3 Appliance firewall 4 Service processor To forward an SNMP trap: 1. Add the SP to the appliance. 2.
Appendices..... 133 NOTE: Use eth0 for outside and priv for inside. Setting Up Firewall Interfaces 4. Click Networks to add a network definition that will encompass the IP of the SP that was added. Enter a definition name, associated interface name and network address. Click Apply when done.
134.....Avocent® Universal Management Gateway Appliance Installer/User Guide Adding a Network Definition 5. Click Policy to add an outbound NAT Policy by entering the following information. Click Apply when done. NAT Policy Parameters Column Parameter Direction Outgoing Order Lowest unused number. Example: 1 Interface eth0 Source Name of network definition. Example: PrivNet Destination any Service Name of the service definition.
Appendices..... 135 Appendix K: SNMP Configuration An administrator can access the snmpd daemon on the appliance to add the appliance to an environment as a monitored device. To configure the appliance as a monitored device: 1. Connect to the console interface of the appliance using Putty. 2. Log in as admin. 3. From the presented menu, select shell. 4. Edit the snmpd.conf file which is located in the /etc/snmp folder. 5. Restart the snmpd deamon by typing /usr/bin/restartsnmpsvr. 6.
136.....Avocent® Universal Management Gateway Appliance Installer/User Guide Appendix L: Video Resolution The following table lists the video resolutions supported in the UMIQ module's EDID.
Appendices.....
138.....
Technical Support Site If you encounter any installation or operational issues with your product, check the pertinent section of this manual to see if the issue can be resolved by following outlined procedures. For additional assistance, visit www.avocent.com/support. Avocent Community Support Site To search product knowledge content, visit community.emerson.com/networkpower/support/avocent.
About Emerson Network Power Emerson Network Power, a business of Emerson (NYSE:EMR), delivers software, hardware and services that maximize availability, capacity and efficiency for data centers, healthcare and industrial facilities.
