Dominion KSX II User Guide 2.3.5 Copyright © 2011 Raritan, Inc. DKSXII-v2.3.
This document contains proprietary information that is protected by copyright. All rights reserved. No part of this document may be photocopied, reproduced, or translated into another language without express prior written consent of Raritan, Inc. © Copyright 2011 Raritan, Inc. All third-party software and hardware mentioned in this document are registered trademarks or trademarks of and are the property of their respective holders.
Contents Chapter 1 Introduction 1 KSX II Overview ............................................................................................................................. 2 KSX II Help .................................................................................................................................... 4 Related Documentation ....................................................................................................... 4 KSX II Client Applications .............................
Contents Video Properties ................................................................................................................ 63 Mouse Options................................................................................................................... 68 VKC Virtual Media ............................................................................................................. 73 Smart Cards...............................................................................................
Contents Users .......................................................................................................................................... 120 User List........................................................................................................................... 120 Adding a New User .......................................................................................................... 121 Modifying an Existing User ............................................................
Contents Configuring IP Access Control ................................................................................................... 199 SSL Certificates ......................................................................................................................... 201 Security Banner ......................................................................................................................... 203 Chapter 10 Maintenance 205 Maintenance Features (Local/Remote Console) .........
Contents Target Connections and the CLI ................................................................................................ 236 Setting Emulation on a Target ......................................................................................... 236 Port Sharing Using CLI .................................................................................................... 237 Administering the KSX II Console Server Configuration Commands ........................................
Contents Resetting the KSX II Using the Reset Button ............................................................................ 256 Chapter 14 Modem Configuration 257 Certified Modems for UNIX, Linux and MPC ............................................................................. 257 Low Bandwidth KVM Settings .................................................................................................... 258 Client Dial-Up Networking Configuration ............................................
Contents Setting the Registry to Permit Write Operations to the Schema ............................................... 296 Creating a New Attribute ............................................................................................................ 296 Adding Attributes to the Class ................................................................................................... 297 Updating the Schema Cache .........................................................................................
Contents Appendix D FAQs 316 General Questions ..................................................................................................................... 316 Serial Access ............................................................................................................................. 318 Universal Virtual Media .............................................................................................................. 323 USB Profiles.............................................
Chapter 1 Introduction In This Chapter KSX II Overview ........................................................................................2 KSX II Help ................................................................................................4 KSX II Client Applications ..........................................................................4 Virtual Media ..............................................................................................5 Product Features .........................
Chapter 1: Introduction KSX II Overview Raritan's Dominion KSX II is an enterprise-class, secure digital device that provides a single integrated solution for remote KVM (keyboard, video, mouse) server access and serial device management, as well as power control from anywhere in the world from a web browser. At the rack, the KSX II provides control of all KVM server and serial targets from a single keyboard, monitor, and mouse.
Chapter 1: Introduction Diagram key Cat5 cable Remote virtual media USB drive(s) Computer Interface Module (CIM) Rack PDU (power strip) KSX II Local access Remote KVM and serial devices IP LAN/WAN Modem access PSTN Remote (network) access 3
Chapter 1: Introduction KSX II Help The KSX II help provides information on how to install, set up, and configure the KSX II. It also includes information on accessing target servers and power strips, using virtual media, managing users and security, and maintaining and diagnosing the KSX II. A PDF version of the help can be downloaded from the Raritan Firmware and Documentation page http://www.raritan.com/support/firmware-and-documentation/ on the Raritan website.
Chapter 1: Introduction Virtual Media All KSX II models support virtual media. The benefits of virtual media mounting of remote drives/media on the target server to support software installation and diagnostics - are now available in all of the KSX II models. Virtual media sessions can be secured by using 128-bit and 256-bit AES or RC4 encryption. Each KSX II comes equipped with virtual media to enable remote management tasks using the widest variety of CD, DVD, USB, internal and remote drives, and images.
Chapter 1: Introduction Local serial port (RS232) for CLI-based administration and serial target access Integrated power control Dual dedicated power control ports LED indicators for network activity, and remote KVM user status Hardware reset button Internal modem Centralized access security Software 6 Virtual media with D2CIM-VUSB and D2CIM-DVUSB CIMs Absolute Mouse Synchronization with D2CIM-VUSB CIM and D2CIM-DVUSB CIMs Plug-and-Play Web-based access and mana
Chapter 1: Introduction External Product Overview The following diagram indicates the external components of the KSX II. Note that the KSX II 144 will have 4 KVM ports and 4 serial ports as compared to the KSX II 188 used in the diagram, which has 8 KVM ports and 8 serial ports.
Chapter 1: Introduction Item Description AC power cord plug See Power Control (on page 158) for additional information. Power on/off switch LAN 3 port Note: The LAN 3 port is reserved for future use. LAN1 and LAN2 ports See Step 3: Connect the Equipment for additional information. Admin port See Step 3: Connect the Equipment for additional information. External modem port See Modem Configuration (on page 257) for additional information.
Chapter 1: Introduction Terminology This manual uses the following terminology for the components of a typical KSX II configuration: 9
Chapter 1: Introduction Diagram key TCP/IP IPv4 and/or IPv6 KVM (Keyboard, Video, Mouse) UTP Cable (Cat5/5e/6) KSX II Local Access Console Local User - an optional user console (consisting of a keyboard, mouse, and multi-sync VGA monitor) attached directly to the KSX II to control KVM target servers and serial targets locally (directly at the rack, not through the network). A USB smart card reader can also be attached at the Local port to mount onto a target server.
Chapter 1: Introduction Diagram key serial port connected remotely via KSX II. Routers Dominion PX Rack PDU (Power Strip) Raritan rack PDUs accessed remotely via the KSX II. Package Contents Each KSX II ships as a fully-configured stand-alone product in a standard 1U 19" rackmount chassis.
Chapter 2 Installation and Configuration In This Chapter Overview ..................................................................................................12 Default Login Information ........................................................................12 Getting Started ........................................................................................13 Overview This section provides a brief overview of the installation process.
Chapter 2: Installation and Configuration Getting Started Step 1: Configure KVM Target Servers KVM target servers are the computers that will be accessed and controlled via the KSX II. Before installing the KSX II, configure all KVM target servers to ensure optimum performance. This configuration applies only to KVM target servers, not to the client workstations (remote PCs) used to access the KSX II remotely. See Terminology for additional information.
Chapter 2: Installation and Configuration Operating System Mouse and Video Settings This section provides video mode and mouse information specific to the operating system in use on the target server. Windows XP, Windows 2003 and Windows 2008 Settings To configure KVM target servers running Windows XP®, Windows 2003® and Windows 2008®: 1. Configure the mouse settings: a. Choose Start > Control Panel > Mouse. b. Click the Pointer Options tab. c.
Chapter 2: Installation and Configuration Windows Vista Settings To configure KVM target servers running Windows Vista® operating system: 1. Configure the mouse settings: a. Choose Start > Settings > Control Panel > Mouse. b. Select "Advanced system settings" from the left navigation panel. The System Properties dialog opens. c. Click the Pointer Options tab. d. In the Motion group: Set the mouse motion speed setting to exactly the middle speed. Disable the "Enhanced pointer precision" option.
Chapter 2: Installation and Configuration Set the mouse motion speed setting to exactly the middle speed. Disable the "Enhanced pointer precision" option. Click OK. 2. Disable animation and fade effects: a. Select Control Panel > System and Security. b. Select System and then select "Advanced system settings" from the left navigation panel. The System Properties dialog appears. c. Click the Advanced tab. d.
Chapter 2: Installation and Configuration Deselect the "Use the following transition effect for menus and tooltips" option. 3. Click OK and close the Control Panel. Linux Settings (Red Hat 4) Note: The following settings are optimized for Standard Mouse mode only. To configure KVM target servers running Linux® (graphical user interface): 1. Configure the mouse settings: a. Red Hat 5 users, choose Main Menu > Preferences > Mouse. Red Hat 4 users, choose System > Preferences > Mouse.
Chapter 2: Installation and Configuration SUSE Linux 10.1 Settings Note: Do not attempt to synchronize the mouse at the SUSE Linux® login prompt. You must be connected to the target server to synchronize the mouse cursors. To configure the mouse settings: 1. Choose Desktop > Control Center. The Desktop Preferences dialog appears. 2. Click Mouse. The Mouse Preferences dialog appears. 3. Open the Motion tab. 4. Within the Speed group, set the Acceleration slider to the exact center position. 5.
Chapter 2: Installation and Configuration Tip: If you do not want to be prompted upon log out, follow these procedures instead. To make your settings permanent in Linux (no prompt): 1. Choose Desktop > Control Center > System > Sessions. 2. Click the Session Options tab. 3. Deselect the "Prompt on the log off" checkbox. 4. Select the "Automatically save changes to the session" checkbox and click OK. This option automatically saves your current session when you log out.
Chapter 2: Installation and Configuration Display resolution Vertical refresh rate Aspect ratio 1280 x 1024 60,75,85 Hz 5:4 1152 x 864 75 Hz 4:3 1024 x 768 60,70,75,85 Hz 4:3 800 x 600 56,60,72,75,85 Hz 4:3 720 x 400 85 Hz 9:5 640 x 480 60,72,75,85 Hz 4:3 3. KVM target servers running the Solaris operating system must output VGA video (H-and-V sync, not composite sync). To change your Sun video card output from composite sync to the nondefault VGA output: 1.
Chapter 2: Installation and Configuration 4. Set the Threshold slider to 1.0. 5. Click OK. Accessing the Command Line 1. Right click. 2. Choose Tools > Terminal. A terminal window opens. (It is best to be at the root to issue commands.) Video Settings (POST) Sun systems have two different resolution settings: a POST resolution and a GUI resolution. Run these commands from the command line. Note: 1024x768x75 is used as an example here; substitute the resolution and refresh rate you are using.
Chapter 2: Installation and Configuration IBM AIX 5.3 Settings Follow these steps to configure KVM target servers running IBM® AIX™ 5.3. To configure the mouse: 1. Go to Launcher. 2. Choose Style Manager. 3. Click Mouse. The Style Manager - Mouse dialog appears. 4. Use the sliders to set the Mouse acceleration to 1.0 and Threshold to 1.0. 5. Click OK. To configure the video: 1. From the Launcher, select Application Manager. 2. Select System_Admin. 3.
Chapter 2: Installation and Configuration To take advantage of the KSX II: The firewall must allow inbound communication on: Web-access capabilities Port 443 - standard TCP port for HTTPS communication Automatic redirection of HTTP requests to HTTPS (so the more common “http://xxx.xxx.xxx.xxx” can be used instead of “https://xxx.xxx.xxx.xxx”) Port 80 - standard TCP port for HTTP communication See Network Settings (on page 136) for additional information about designating another discovery port.
Chapter 2: Installation and Configuration B. Network Port The KSX II provides two Ethernet ports for failover purposes (not for load-balancing). By default, only LAN1 is active and the automatic failover is disabled. When enabled, if the KSX II internal network interface or the network switch to which it is connected becomes unavailable, LAN2 will be enabled using the same IP address.
Chapter 2: Installation and Configuration You can use the Local Admin port to connect the KSX II directly to a workstation to manage your serial targets and configure the system with a terminal emulation program such as HyperTerminal. The Local Admin port requires the use of a standard null modem cable. Note: When Local Authorization and Authentication is set to None, logging in to serial admin console requires username input. D.
Chapter 2: Installation and Configuration 4. Connect the rack PDU to an AC power source. 5. Power on the KSX II device. Important: When using CC-SG, the power ports should be inactive before attaching rack PDUs that were swapped between the power ports. If this is not done, there is a possibility that the number of power outlets will not be correctly detected, especially after swapping 8 and 20 outlet rack PDU models. Diagram key KSX II PX serial port KSX II Power Ctrl. 1 Port or Power Ctrl.
Chapter 2: Installation and Configuration F. Serial Target Ports To connect a serial target to the KSX II, use a Cat5 cable with an appropriate serial adapter. The following table lists the necessary KSX II hardware (adapters and/or cables) for connecting the KSX II to common vendor/model combinations.
Chapter 2: Installation and Configuration Go to the Support page on Raritan's website (www.raritan.com) to obtain a list of commonly used cables and adapters. Step 4: Configure the KSX II The first time you power up the KSX II device, there is some initial configuration that you need to perform through the KSX II Local Console: Change the default password. Assign the IP address. Name the KVM target servers. Changing the Default Password The KSX II ships with a default password.
Chapter 2: Installation and Configuration Assigning an IP Address These procedures describe how to assign an IP address on the Network Settings page. For complete information about all of the fields and the operation of this page, see Network Settings. To assign an IP address: 1. Choose Device Settings > Network. The Network Settings page opens. 2. Specify a meaningful Device Name for your KSX II device. Up to 32 alphanumeric characters using valid special characters and no spaces. 3.
Chapter 2: Installation and Configuration e. Link-Local IP Address. This address is automatically assigned to the device. It is used for neighbor discovery or when no routers are present. Read-Only f. Zone ID. This identifies the device with which the address is associated. Read-Only g. Select the IP Auto Configuration. The following options are available: None - Use this option if you do not want an auto IP configuration and prefer to set the IP address yourself (static IP).
Chapter 2: Installation and Configuration Naming Target Servers To name the target servers: 1. Connect all of the target servers if you have not already done so. See Step 3: Connect the Equipment for a description of connecting the equipment. 2. Using the KSX II Local Console, choose Device Settings > Port Configuration. The Port Configuration page opens. 3. Click the Port Name of the target server you want to rename. The Port Page opens. 4. Assign a name to identify the server connected to that port.
Chapter 2: Installation and Configuration Configuring Direct Port Access via Telnet, IP Address or SSH The information in this topic is specific to enabling direct port access for serial targets. Use the Enable Direct Port Access via URL option on the Device Services page to enable direct port access for a KVM/serial port connect to the KSX II. See Enabling Direct Port Access via URL (on page 143). To configure direct port access: 1. Choose Device Settings > Device Services.
Chapter 2: Installation and Configuration 3. Click OK to save this information. Once you have created the direct port access, it can be connected in a client application such as PuTTY. Following is an example of how the direct port access information would appear in PuTTY. Note that PuTTY is not the only client application that can be used. It is used here for sample purposes only.
Chapter 2: Installation and Configuration Note to CC-SG Users Note to CC-SG Users If you are using the KSX II in a CC-SG configuration, perform the installation steps, and when finished, consult the CommandCenter Secure Gateway User Guide, Administrator Guide, or Deployment Guide to proceed (all found on Raritan's website, www.raritan.com, under Support). Note: The remainder of this help applies primarily to deploying the KSX II device(s) without the integration functionality of CC-SG.
Chapter 2: Installation and Configuration Create User Groups and Users As part of the initial configuration, you must define user groups and users in order for users to access the KSX II. The KSX II uses system-supplied default user groups and allows you to create groups and specify the appropriate permissions to suit your needs. User names and passwords are required to gain access to the KSX II. This information is used to authenticate users attempting to access your KSX II.
Chapter 3 Working with Target Servers In This Chapter Interfaces .................................................................................................36 Proxy Server Configuration for use with MPC, VKC and AKC ................50 Virtual KVM Client (VKC).........................................................................51 Active KVM Client (AKC) .........................................................................80 Multi-Platform Client (MPC) .........................................
Chapter 3: Working with Target Servers The following sections of the user guide contain information about using specific interfaces to connect to the KSX II and manage targets: KSX II Local Console Interface: KSX II Devices (see "KSX II Local Console: KSX II Devices" on page 37) KSX II Remote Console Interface (on page 38) Virtual KVM Client (VKC) (on page 51) Active KVM Client (AKC) (on page 80) Multi-Platform Client (MPC) (on page 82) Raritan Serial Console (RSC) (on page 83) C
Chapter 3: Working with Target Servers KSX II Remote Console Interface The KSX II Remote Console is a browser-based graphical user interface that allows you to log in to KVM target servers and serial targets connected to the KSX II and to remotely administer the KSX II. The KSX II Remote Console provides a digital connection to your connected KVM target servers. When you log into a KVM target server using the KSX II Remote Console, a Virtual KVM Client window opens.
Chapter 3: Working with Target Servers Depending on your browser and security settings, you may see various security and certificate warnings. It is necessary to accept these warnings to launch the KSX II Remote Console. You can reduce the number of warning messages during subsequent log ins by checking the following options on the security and certificate warning messages: In the future, do not show this warning. Always trust content from this publisher. To launch the KSX II Remote Console: 1.
Chapter 3: Working with Target Servers Interface and Navigation KSX II Console Layout Both the KSX II Remote Console and the KSX II Local Console interfaces provide an HTML (web-based) interface for configuration and administration, as well as target server list and selection. The options are organized into various tabs. After successful login, the Port Access page opens listing all ports along with their status and availability.
Chapter 3: Working with Target Servers Left Panel The left panel of the KSX II interface contains the following information. Note that some information is conditional and will only be displayed if you are a certain of user, are using certain features, and so on. This conditional information is noted here. Information Description When displayed? Time & Session The date and time the current session started.
Chapter 3: Working with Target Servers 42 Information Description When displayed? Connected Users The users, identified by Always their username and IP address, who are currently connected to the KSX II. Online Help - User Guide Links to online help. Favorite Devices See Managing Favorites Always (on page 46). FIPS Mode FIPS Mode: EnabledSSL Certificate: FIPS Mode Compliant Always When FIPS is enabled.
Chapter 3: Working with Target Servers Port Access Page After successfully logging on to the KSX II Remote Console, the Port Access page appears. This page lists all of the KSX II ports, the connected KVM target servers, and their status and availability. The Port Access page provides access to the KVM target servers connected to the KSX II. KVM target servers are servers that you want to control through the KSX II device. They are connected to the KSX II ports at the back of the device.
Chapter 3: Working with Target Servers Availability - The Availability can be Idle, Connected, Busy, or Unavailable. Blade servers will have an availability of either shared or exclusive when a connection to that blade is in place. 3. Click View by Port, View by Group or View by Search to switch between views. 4. Click the Port Name of the target server you want to access. The Port Action Menu appears. See Port Action Menu (on page 44) for details on available menu options. 5.
Chapter 3: Working with Target Servers Power On - Powers on the target server through the associated outlet. This option is visible only when there are one or more power associations to the target. Power Off - Powers off the target server through the associated outlets. This option is visible only when there are one or more power associations to the target, when the target power is on (port status is up), and when user has permission to operate this service.
Chapter 3: Working with Target Servers Managing Favorites A Favorites feature is provided so you can organize and quickly access the devices you use frequently.
Chapter 3: Working with Target Servers Note: Both IPv4 and IPv6 addresses are supported. Manage Favorites Page To open the Manage Favorites page: Click the Manage button in the left panel. The Manage Favorites page appears and contains the following: Use: To: Favorites List Manage your list of favorite devices. Discover Devices - Local Subnet Discover Raritan devices on the client PC's local subnet. Discover Devices - KSX II Subnet Discover the Raritan devices on the KSX II device subnet.
Chapter 3: Working with Target Servers c. Click Save. 3. Click Refresh. The list of devices on the local subnet is refreshed. To add devices to your Favorites List: 1. Select the checkbox next to the device name/IP address. 2. Click Add. Tip: Use the Select All and Deselect All buttons to quickly select all (or deselect all) devices in the remote console subnet. To access a discovered device: Click the device name or IP address for that device. A new browser opens to that device.
Chapter 3: Working with Target Servers Adding, Deleting and Editing Favorites To add a device to your favorites list: 1. Choose Manage > Add New Device to Favorites. The Add New Favorite page appears. 2. Type a meaningful description. 3. Type the IP Address/Host Name for the device. 4. Change the discovery Port (if necessary). 5. Select the Product Type. 6. Click OK. The device is added to your list of favorites. To edit a favorite: 1.
Chapter 3: Working with Target Servers Proxy Server Configuration for use with MPC, VKC and AKC When the use of a Proxy Server is required, a SOCKS proxy must also be provided and configured on the remote client PC. Note: If the installed proxy server is only capable of the HTTP proxy protocol, you cannot connect. To configure the SOCKS proxy: 1. On the client, select Control Panel > Internet Options. a. On the Connections tab, click 'LAN settings'. The Local Area Network (LAN) Settings dialog opens. b.
Chapter 3: Working with Target Servers start javaw -Xmn128M -Xmx512M -XX:MaxHeapFreeRatio=70 -XX:MinHeapFreeRatio=50 -Dsun.java2d.noddraw=true -DsocksProxyHost=192.168.99.99 -DsocksProxyPort=1080 -classpath .\sdeploy.jar;.\sFoxtrot.jar;.\jaws.jar;.\sMpc.jar com.raritan.rrc.ui.RRCApplication %1 Virtual KVM Client (VKC) Please note this client is used by various Raritan products. As such, references to other products may appear in this section of help.
Chapter 3: Working with Target Servers Button Button Name Video Settings Description Color Calibration Adjusts color settings to reduce excess color noise. Opens the Video Settings dialog, allowing you to manually adjust video conversion parameters. Same as choosing Video > Color Calibrate. Note: Not available in KX II-101-V2. Target Screenshot Click to take a screenshot of the target server and save it to a file of your choosing.
Chapter 3: Working with Target Servers Switching Between KVM Target Servers With the KSX II, you can access several KVM target servers. The KSX II provides the ability to switch from one target server to another. Note: This feature is available in the KSX II Remote Console only. To switch between KVM target servers: 1. While already using a target server, access the KSX II Port Access page. 2. Click the port name of the target you want to access. The Port Action menu appears. 3.
Chapter 3: Working with Target Servers Disconnecting KVM Target Servers Note: This item is not available on the KSX II Local Console. The only way to disconnect from the switched target in the Local Console is to use the hot key. To disconnect a target server: 1. Click the port name of the target you want to disconnect. The Port Action menu appears. 2. Choose Disconnect. Tip: You can also close the Virtual KVM Client window by selecting Connection > Exit from the Virtual KVM menu.
Chapter 3: Working with Target Servers Connection Properties The dynamic video compression algorithms maintain KVM console usability under varying bandwidth constraints. The devices optimize KVM output not only for LAN use, but also for WAN use. These devices can also control color depth and limit video output, offering an optimal balance between video quality and system responsiveness for any bandwidth.
Chapter 3: Working with Target Servers 256 Kb (Cable) 128 Kb (Dual ISDN) 56 kb (ISP Modem) 33 kb (Fast Modem) 24 kb (Slow Modem) Note that these settings are an optimization for specific conditions rather than an exact speed. The client and server always attempt to deliver video as quickly as possible on the network regardless of the current network speed and encoding setting. But the system will be most responsive when the settings match the real world environment. 3.
Chapter 3: Working with Target Servers Connection Information To obtain information about your Virtual KVM Client connection: Choose Connection > Info... The Connection Info window opens. The following information is displayed about the current connection: Device Name - The name of the device. IP Address - The IP address of the device. Port - The KVM communication TCP/IP port used to access the target device. Data In/Second - Data rate in. Data Out/Second - Data rate out.
Chapter 3: Working with Target Servers Import/Export Keyboard Macros Macros exported from Active KVM Client (AKC) cannot be imported into Multi-Platform Client (MPC) or Virtual KVM Client (VKC). Macros exported from MPC or VKC cannot be imported into AKC. Note: KX II-101 does not support AKC. To import macros: 1. Choose Keyboard > Import Keyboard Macros to open the Import Macros dialog. Browse to the folder location of the macro file. 2. Click on the macro file and click Open to import the macro. a.
Chapter 3: Working with Target Servers Click Yes to replace the existing macro with the imported version. Click Yes to All to replace the currently selected and any other duplicate macros that are found. Click No to keep the original macro and proceed to the next macro Click No to All keep the original macro and proceed to the next macro. Any other duplicates that are found are skipped as well. Click Cancel to stop the import.
Chapter 3: Working with Target Servers 3. Click Ok. The Export Keyboard Macro. A dialog from which to locate and select the macro file appears. By default, the macro exists on your desktop. 4. Select the folder to save the macro file to, enter a name for the file and click Save. If the macro already exists, you receive an alert message. Select Yes to overwrite the existing macro or No to close the alert without overwriting the macro. Building a Keyboard Macro To build a macro: 1.
Chapter 3: Working with Target Servers Press Left Ctrl Release Left Ctrl Press Esc Release Esc 8. Review the Macro Sequence field to be sure the macro sequence is defined correctly. a. To remove a step in the sequence, select it and click Remove. b. To change the order of steps in the sequence, click the step and then click the up or down arrow buttons to reorder them as needed. 9. Click OK to save the macro. Click Clear to clear all field and start over.
Chapter 3: Working with Target Servers Running a Keyboard Macro Once you have created a keyboard macro, execute it using the keyboard macro you assigned to it or by choosing it from the Keyboard menu. Run a Macro from the Menu Bar When you create a macro, it appears under the Keyboard menu. Execute the keyboard macro by clicking on it in the Keyboard menu.
Chapter 3: Working with Target Servers 3. Set the language and mouse settings. 4. Exit the menu to return to normal CIM functionality. Video Properties Refreshing the Screen The Refresh Screen command forces a refresh of the video screen. Video settings can be refreshed automatically in several ways: The Refresh Screen command forces a refresh of the video screen. The Auto-sense Video Settings command automatically detects the target server's video settings.
Chapter 3: Working with Target Servers Calibrating Color Use the Calibrate Color command to optimize the color levels (hue, brightness, saturation) of the transmitted video images. The color settings are on a target server-basis. Note: The Calibrate Color command applies to the current connection only. Note: The KX II-101 does support color calibration. To calibrate the color, do the following: Choose Video > Calibrate Color or click the Calibrate Color button in the toolbar.
Chapter 3: Working with Target Servers c. Brightness: Use this setting to adjust the brightness of the target server display. d. Brightness Red - Controls the brightness of the target server display for the red signal. e. Brightness Green - Controls the brightness of the green signal. f. Brightness Blue - Controls the brightness of the blue signal. g. Contrast Red - Controls the red signal contrast. h. Contrast Green - Controls the green signal. i. Contrast Blue - Controls the blue signal.
Chapter 3: Working with Target Servers Note: Some Sun background screens, such as screens with very dark borders, may not center precisely on certain Sun servers. Use a different background or place a lighter colored icon in the upper left corner of the screen.
Chapter 3: Working with Target Servers Using Screenshot from Target You are able to take a screenshot of a target server using the Screenshot from Target server command. If needed, save this screenshot to a file location of your choosing as a bitmap, JPEG or PNG file. To take a screenshot of the target server: 1. Select Video > Screenshot from Target or click the Screenshot from Target button on the toolbar. 2.
Chapter 3: Working with Target Servers Changing the Maximum Refresh Rate If the video card you are using on the target uses custom software and you are accessing the target through MPC or VKC, you may need to change the maximum refresh rate of the monitor in order for the refresh rate to take effect on the target. To adjust the monitor refresh rate: 1. In Windows®, select Display Properties > Settings > Advanced to open the Plug and Play dialog. 2. Click on the Monitor tab. 3.
Chapter 3: Working with Target Servers Mouse Pointer Synchronization When remotely viewing a target server that uses a mouse, two mouse cursors are displayed: one belonging to your remote client workstation and the other belonging to the target server. When the mouse pointer lies within the Virtual KVM Client target server window, mouse movements and clicks are directly transmitted to the connected target server.
Chapter 3: Working with Target Servers Additional Notes for Intelligent Mouse Mode Be sure that there are no icons or applications in the upper left section of the screen since that is where the synchronization routine takes place. Do not use an animated mouse. Disable active desktop on KVM target servers. Synchronize Mouse In dual mouse mode, the Synchronize Mouse command forces realignment of the target server mouse pointer with Virtual KVM Client mouse pointer.
Chapter 3: Working with Target Servers Intelligent Mouse Mode In Intelligent Mouse mode, the device can detect the target mouse settings and synchronize the mouse cursors accordingly, allowing mouse acceleration on the target. Intelligent mouse mode is the default for non-VM targets. In this mode, the mouse cursor does a “dance” in the top left corner of the screen and calculates the acceleration. For this mode to work properly, certain conditions must be met.
Chapter 3: Working with Target Servers Please note that mouse configurations will vary on different target operating systems. Consult your OS guidelines for further details. Also note that intelligent mouse synchronization does not work with UNIX targets. Absolute Mouse Mode In this mode, absolute coordinates are used to keep the client and target cursors in sync, even when the target mouse is set to a different acceleration or speed.
Chapter 3: Working with Target Servers 2. Click the Single/Double Mouse Cursor button in the toolbar. To exit single mouse mode: 1. Press Ctrl+Alt+O on your keyboard to exit single mouse mode. VKC Virtual Media See the chapter on Virtual Media (on page 90) for complete information about setting up and using virtual media.
Chapter 3: Working with Target Servers Smart Cards For a list of supported smart cards, smart card readers, and additional system requirements, see Supported and Unsupported Smart Card Readers (on page 283). When accessing a server remotely, you will have the opportunity to select an attached smart card reader and mount it onto the server. Smart card authentication is used with the target server, it is not used to log into the device.
Chapter 3: Working with Target Servers 4. A progress dialog will open. Check the 'Mount selected card reader automatically on connection to targets' checkbox to mount the smart card reader automatically the next time you connect to a target. Click OK to begin the mounting process. To update the smart card in the Select Smart Card Reader dialog: Click Refresh List if a new smart card reader has been attached to the client PC.
Chapter 3: Working with Target Servers Tool Options From the Tools menu, you can specify certain options for use with the Virtual KVM Client, including logging, setting the keyboard type, and defining hot keys for exiting Full Screen mode and Single Cursor mode. Note: The KX II-101 and KX II-101-V2 do not support single cursor mode. To set the tools options: 1. Choose Tools > Options. The Options dialog appears. 2. Select the Enable Logging checkbox only if directed to by Technical Support.
Chapter 3: Working with Target Servers 4. Exit Full Screen Mode - Hotkey. When you enter Full Screen mode, the display of the target server becomes full screen and acquires the same resolution as the target server. This is the hot key used for exiting this mode. 5. Exit Single Cursor Mode - Hotkey. When you enter single cursor mode, only the target server mouse cursor is visible. This is the hot key used to exit single cursor mode and bring back the client mouse cursor. Click OK. 6.
Chapter 3: Working with Target Servers Language Configuration method Japanese System Settings (Control Center) UK System Settings (Control Center) Korean System Settings (Control Center) Belgian Keyboard Indicator Norwegian Keyboard Indicator Danish Keyboard Indicator Swedish Keyboard Indicator Hungarian System Settings (Control Center) Spanish System Settings (Control Center) Italian System Settings (Control Center) Slovenian System Settings (Control Center) Portuguese System Sett
Chapter 3: Working with Target Servers View Options View Toolbar You can use the Virtual KVM client with or without the toolbar display. To toggle the display of the toolbar (on and off): Choose View > View Toolbar. Scaling Scaling your target window allows you to view the entire contents of the target server window.
Chapter 3: Working with Target Servers Help Options About Raritan Virtual KVM Client This menu command provides version information about the Virtual KVM Client, in case you require assistance from Raritan Technical Support. To obtain version information: 1. Choose Help > About Raritan Virtual KVM Client. 2. Use the Copy to Clipboard button to copy the information contained in the dialog to a clipboard file so it can be accessed later when dealing with support (if needed).
Chapter 3: Working with Target Servers AKC Supported .NET Framework, Operating Systems and Browsers .NET Framework AKC requires Windows .NET® version 3.5, and will work with both 3.5 and 4.0 installed. Operating Systems AKC is compatible with the following platforms running .NET Framework 3.
Chapter 3: Working with Target Servers Prerequisites for Using AKC In order to use AKC: Ensure the cookies from the IP address of the device that is being accessed are not currently being blocked. Windows Vista, Windows 7 and Windows 2008 server users should ensure that the IP address of the device being accessed is included in their browser's Trusted Sites Zone and that Protected Mode is not on when accessing the device.
Chapter 3: Working with Target Servers Note: The Alt+Tab command toggles between windows only on the local system. When MPC opens, the Raritan devices that were automatically detected and which are found on your subnet are displayed in the Navigator in tree format. 2. If your device is not listed by name in the navigator, add it manually: a. Choose Connection > New Profile. The Add Connection window opens. b.
Chapter 3: Working with Target Servers Note: A security pop-up screen appears only if you used https to connect to the RSC. 3. If you're using Dominion DSX: Click Yes. A Warning - Security pop-up screen appears. Click Yes to access the Raritan Serial Console from the Port page. Note: If you click Always, you will not receive the security page for future access. The Raritan Serial Console window appears.
Chapter 3: Working with Target Servers 5. Click OK to log on.
Chapter 4 Rack PDU (Power Strip) Outlet Control In This Chapter Overview ..................................................................................................86 Turning Outlets On/Off and Cycling Power .............................................87 Overview The KSX II allows you to control Raritan PX and RPC series rack PDU (power strip) outlets.
Chapter 4: Rack PDU (Power Strip) Outlet Control Initially, when you open the Powerstrip page, the power strips that are currently connected to the KSX II are displayed in the Powerstrip drop-down. Additionally, information relating to the currently selected power strip is displayed. If no power strips are connected to the KSX II, a message stating "No powerstrips found" will be displayed in the Powerstrip Device section of the page. Turning Outlets On/Off and Cycling Power To turn an outlet on: 1.
Chapter 4: Rack PDU (Power Strip) Outlet Control 5. Click OK to close the Power On confirmation dialog. The outlet will be turned on and its state will be displayed as 'on'. To turn an outlet off: 1. Click Off. 2. Click OK on the Power Off dialog. 3. Click OK on the Power Off confirmation dialog. The outlet will be turned off and its state will be displayed as 'off'. To cycle the power of an outlet: 1. Click the Cycle button. The Power Cycle Port dialog opens.
Chapter 4: Rack PDU (Power Strip) Outlet Control 2. Click OK. The outlet will then cycle (note that this may take a few seconds). 3. Once the cycling is complete the dialog will open. Click OK to close the dialog.
Chapter 5 Virtual Media In This Chapter Overview ..................................................................................................91 Prerequisites for Using Virtual Media ......................................................94 Using Virtual Media via VKC and AKC in a Windows Environment ........95 Using Virtual Media .................................................................................96 File Server Setup (File Server ISO Images Only) ...................................
Chapter 5: Virtual Media Overview Virtual media extends KVM capabilities by enabling KVM target servers to remotely access media from a client PC and network file servers. With this feature, media mounted on a client PC and network file servers is essentially "mounted virtually" by the target server. The target server can then read from and write to that media as if it were physically connected to the target server itself.
Chapter 5: Virtual Media 92
Chapter 5: Virtual Media Diagram key Desktop PC CD/DVD drive KSX II USB mass storage device CIM PC hard drive Target server Remote file server (ISO images) 93
Chapter 5: Virtual Media Prerequisites for Using Virtual Media With the virtual media feature, you can mount up to two drives (of different types) that are supported by the USB profile currently applied to the target. These drives are accessible for the duration of the KVM session. For example, you can mount a specific CD-ROM, use it, and then disconnect it when you are done. The CD-ROM virtual media “channel” will remain open, however, so that you can virtually mount another CD-ROM.
Chapter 5: Virtual Media Using Virtual Media via VKC and AKC in a Windows Environment Windows XP® operating system administrator and standard user privileges vary from those of the Windows Vista® operating system and the Windows 7® operating system. When enabled in Vista or Windows 7, User Access Control (UAC) provides the lowest level of rights and privileges a user needs for an application.
Chapter 5: Virtual Media Using Virtual Media With the KSX II virtual media feature, you can mount up to two drives (of different types). These drives are accessible for the duration of the KVM session. For example, you can mount a specific CD-ROM, use it, and then disconnect it when you are done. The CD-ROM virtual media “channel” will remain open, however, so that you can virtually mount another CD-ROM. These virtual media “channels” remain open until the KVM session is closed. To use virtual media: 1.
Chapter 5: Virtual Media Target Server KVM target servers must support USB connected drives. KVM target servers running the Windows 2000® operating system must have all of the recent patches installed. 1. USB 2.0 ports are both faster and preferred.. 2. If you plan to access file server ISO images, identify those file servers and images through the KSX II Remote Console File Server Setup page. See File Server Setup (File Server ISO Images Only) (on page 98).
Chapter 5: Virtual Media File Server Setup (File Server ISO Images Only) Note: This feature is only required when using virtual media to access file server ISO images. ISO9660 format is the standard supported by Raritan. However, other CD-ROM extensions may also work. Note: SMB/CIFS support is required on the file server. Use the Remote Console File Server Setup page to designate the files server(s) and image paths that you want to access using virtual media.
Chapter 5: Virtual Media Note: You cannot access a remote ISO image via virtual media using an IPv6 address due to technical limitations of third-party software used by the by the KX, KSX or KX101 G2 device. Note: If you are connecting to a Windows 2003® server and attempt to load an ISO image from the server, you may receive an error stating "Virtual Media mounting on port failed. Unable to connect to the file server or incorrect File Server username and password".
Chapter 5: Virtual Media Connecting to Virtual Media Local Drives This option mounts an entire drive, which means the entire disk drive is mounted virtually onto the target server. Use this option for hard drives and external drives only. It does not include network drives, CD-ROM, or DVD-ROM drives. This is the only option for which Read/Write is available.
Chapter 5: Virtual Media WARNING: Enabling Read/Write access can be dangerous! Simultaneous access to the same drive from more than one entity can result in data corruption. If you do not require Write access, leave this option unselected. 4. Click Connect. The media will be mounted on the target server virtually. You can access the media just like any other drive. Conditions when Read/Write is Not Available Virtual media Read/Write is not available in the following situations: For all hard drives.
Chapter 5: Virtual Media 2. For internal and external CD-ROM or DVD-ROM drives: a. Choose the Local CD/DVD Drive option. b. Choose the drive from the Local CD/DVD Drive drop-down list. All available internal and external CD and DVD drive names will be populated in the drop-down list. c. Click Connect. 3. For ISO images: a. Choose the ISO Image option. Use this option when you want to access a disk image of a CD, DVD, or hard drive. ISO format is the only format supported. b. Click the Browse button. c.
Chapter 5: Virtual Media Disconnecting Virtual Media To disconnect the virtual media drives: For local drives, choose Virtual Media > Disconnect Drive. For CD-ROM, DVD-ROM, and ISO images, choose Virtual Media > Disconnect CD-ROM/ISO Image. Note: In addition to disconnecting the virtual media using the Disconnect command, simply closing the KVM connection closes the virtual media as well.
Chapter 6 USB Profiles In This Chapter Overview ................................................................................................104 CIM Compatibility ..................................................................................105 Available USB Profiles...........................................................................105 Selecting Profiles for a KVM Port ..........................................................
Chapter 6: USB Profiles CIM Compatibility In order to make use of USB profiles, you must use a D2CIM-VUSB or D2CIM-DVUSB with updated firmware. A VM-CIM that has not had its firmware upgraded will support a broad range of configurations (Keyboard, Mouse, CD-ROM, and Removable Drive) but will not be able to make use of profiles optimized for particular target configurations. Given this, existing VM-CIMs should be upgraded with latest firmware in order to access USB profiles.
Chapter 6: USB Profiles USB profile BIOS DellPowerEdge Keyboard Only Description Restrictions: USB bus speed limited to full-speed (12 MBit/s) No virtual media support Dell PowerEdge BIOS Access (Keyboard Only) Use this profile to have keyboard functionality for the Dell PowerEdge BIOS when using D2CIM-VUSB. When using the new D2CIM-DVUSB, use 'Generic' profile.
Chapter 6: USB Profiles USB profile BIOS Generic Description BIOS Generic Use this profile when Generic OS profile does not work on the BIOS. WARNING: USB enumeration will trigger whenever virtual media is connected or disconnected.
Chapter 6: USB Profiles USB profile Module Description D2CIM-DVUSB is connected to the Advanced Management Module. Restrictions: BIOS Lenovo ThinkPad T61 & X61 Virtual CD-ROM and disk drives cannot be used simultaneously BIOS Lenovo ThinkPad T61 and X61 (boot from virtual media) Use this profile to boot the T61 and X61 series laptops from virtual media. Restrictions: BIOS Mac USB bus speed limited to full-speed (12 MBit/s) BIOS Mac Use this profile for Mac® BIOS.
Chapter 6: USB Profiles USB profile Installation) Description Use this profile for the HP Proliant DL360/DL380 G4 series server when installing Windows 2003 Server without the help of HP SmartStart CD. Restrictions: Linux® USB bus speed limited to full-speed (12 MBit/s) Generic Linux profile This is the generic Linux profile; use it for Redhat Enterprise Linux, SuSE Linux Enterprise Desktop and similar distributions. Restrictions: Absolute mouse synchronization™ not supported MAC OS X® (10.4.
Chapter 6: USB Profiles USB profile Description Restrictions: Suse 9.2 Virtual CD-ROM and disk drives cannot be used simultaneously SuSE Linux 9.2 Use this for SuSE Linux 9.2 distribution.
Chapter 6: USB Profiles USB profile Description Virtual CD-ROM and disk drives cannot be used simultaneously WARNING: USB enumeration will trigger whenever virtual media is connected or disconnected. Use Full Speed for Virtual Media CIM Use Full Speed for virtual media CIM This profile resembles the behavior of the original KX2 release with Full Speed for virtual media CIM option checked. Useful for BIOS that cannot handle High Speed USB devices.
Chapter 6: USB Profiles Mouse Modes when Using the Mac OS-X USB Profile with a DCIM-VUSB If you are using a DCIM-VUSB, using a Mac OS-X® USB profile, and running Mac OS-X 10.4.9 (or later), when you reboot you must be in Single Mouse mode to use the mouse at the Boot menu. To configure the mouse to work at the Boot menu: 1. Reboot the Mac and press the Option key during the reboot to open the Boot menu. The mouse will not respond at this point. 2.
Chapter 7 User Management In This Chapter User Groups ..........................................................................................113 Users .....................................................................................................120 Authentication Settings ..........................................................................123 Changing a Password ...........................................................................
Chapter 7: User Management User Group List User groups are used with local and remote authentication (via RADIUS or LDAP/LDAPS). It is a good idea to define user groups before creating individual users since, when you add a user, you must assign that user to an existing user group. The User Group List page displays a list of all user groups, which can be sorted in ascending or descending order by clicking on the Group Name column heading.
Chapter 7: User Management The Group page is organized into the following categories: Group, Permissions, Port Permissions, and IP ACL. 2. Type a descriptive name for the new user group into the Group Name field (up to 64 characters). 3. Set the permissions for the group. Select the checkboxes before the permissions you want to assign to all of the users belonging to this group. See Permissions (on page 116). 4. Set the port permissions.
Chapter 7: User Management 3. Select the appropriate permissions. 4. Click OK. Note: See Alternate RADIUS Authentication Settings for information on additional settings if you are using Alternate RADIUS Authentication. Permissions Important: Selecting the User Management checkbox allows the members of the group to change the permissions of all users, including their own. Carefully consider granting these permissions.
Chapter 7: User Management Permission Management Description authentication (LDAP/LDAPS/RADIUS), login settings Port Permissions For each server port, you can specify the access type the group has, as well as the type of port access to the virtual media and the power control. Please note that the default setting for all permissions is Deny.
Chapter 7: User Management Group-Based IP ACL (Access Control List) Important: Exercise caution when using group-based IP access control. It is possible to be locked out of your KSX II if your IP address is within a range that has been denied access. This feature limits access to the KSX II device by users in the selected group to specific IP addresses.
Chapter 7: User Management 4. Click Insert. If the rule number you just typed equals an existing rule number, the new rule is placed ahead of the exiting rule and all rules are moved down in the list. To replace a rule: 1. Specify the rule number you want to replace. 2. Type the Starting IP and Ending IP fields. 3. Choose the Action from the drop-down list. 4. Click Replace. Your new rule replaces the original rule with the same rule number. To delete a rule: 1. Specify the rule number you want to delete.
Chapter 7: User Management 4. Set the IP ACL (optional). This feature limits access to the KSX II device by specifying IP addresses. See Group-Based IP ACL (Access Control List). 5. Click OK. To delete a user group: Important: If you delete a group with users in it, the users are automatically assigned to the user group. Tip: To determine the users belonging to a particular group, sort the User List by User Group. 1.
Chapter 7: User Management Adding a New User It is a good idea to define user groups before creating KSX II users because, when you add a user, you must assign that user to an existing user group. Refer to Adding a New User Group (on page 114) for more information. From the User page, you can add new users, modify user information, and reactivate users that have been deactivated.
Chapter 7: User Management Modifying an Existing User To modify an existing user: 1. Open the User List page by choosing User Management > User List. 2. Locate the user from among those listed on the User List page. 3. Click the user name. The User page opens. 4. On the User page, change the appropriate fields. See Adding a New User for information about how to get access the User page. 5. To delete a user, click Delete. You are prompted to confirm the deletion. 6. Click OK.
Chapter 7: User Management Authentication Settings Authentication is the process of verifying that a user is who he says he is. Once a user is authenticated, the user's group is used to determine his system and port permissions. The user's assigned privileges determine what type of access is allowed. This is called authorization. When the KSX II is configured for remote authentication, the external authentication server is used primarily for the purposes of authentication, not authorization.
Chapter 7: User Management Implementing LDAP/LDAPS Remote Authentication Lightweight Directory Access Protocol (LDAP/LDAPS) is a networking protocol for querying and modifying directory services running over TCP/IP. A client starts an LDAP session by connecting to an LDAP/LDAPS server (through the default TCP port is 389). The client then sends operation requests to the server, and the server sends responses in turn.
Chapter 7: User Management 9. In the User Search DN field, enter the Distinguished Name of where in the LDAP database you want to begin searching for user information. Up to 64 characters can be used. An example base search value might be: cn=Users,dc=raritan,dc=com. Consult your authentication server administrator for the appropriate values to enter into these fields. 10. Enter the Distinguished Name of the Administrative User in the DN of Administrative User field (up to 64 characters).
Chapter 7: User Management 13. Select the Enable Secure LDAP checkbox if you would like to use SSL. This will enable the Enable LDAPS Server Certificate Validation checkbox. Secure Sockets Layer (SSL) is a cryptographic protocol that allows KSX II to communicate securely with the LDAP/LDAPS server. 14. The default Port is 389. Either use the standard LDAP TCP port or specify another port. 15. The default Secure LDAP Port is 636. Either use the default port or specify another port.
Chapter 7: User Management 18. The KSX II provides you with the ability to test the LDAP configuration from the Authentication Settings page due to the complexity sometimes encountered with successfully configuring the LDAP server and KSX II for remote authentication. To test the LDAP configuration, enter the login name and password in the "Login for testing" field and the "Password for testing" field respectively.
Chapter 7: User Management 4. From the KSX II, enable and configure your AD server properly. See Implementing LDAP/LDAPS Remote Authentication. Important Notes Group Name is case sensitive. The KSX II provides the following default groups that cannot be changed or deleted: Admin and . Verify that your Active Directory server does not use the same group names.
Chapter 7: User Management The timeout is the length of time the KSX II waits for a response from the RADIUS server before sending another authentication request. 9. The default number of retries is 3 Retries. This is the number of times the KSX II will send an authentication request to the RADIUS server. 10. Choose the Global Authentication Type from among the options in the drop-down list: PAP - With PAP, passwords are sent as plain text. PAP is not interactive.
Chapter 7: User Management 130 CHAP - With CHAP, authentication can be requested by the server at any time. CHAP provides more security than PAP.
Chapter 7: User Management Cisco ACS 5.x for RADIUS Authentication If you are using a Cisco ACS 5.x server, after you have configured the KSX II for RADIUS authentication, complete the following steps on the Cisco ACS 5.x server. Note: The following steps include the Cisco menus and menu items used to access each page. Please refer to your Cisco documentation for the most up to date information on each step and more details on performing them.
Chapter 7: User Management Returning User Group Information via RADIUS When a RADIUS authentication attempt succeeds, the KSX II determines the permissions for a given user based on the permissions of the user's group. Your remote RADIUS server can provide these user group names by returning an attribute, implemented as a RADIUS FILTER-ID. The FILTER-ID should be formatted as follows: Raritan:G{GROUP_NAME} where GROUP_NAME is a string denoting the name of the group to which the user belongs.
Chapter 7: User Management Attribute Data Log out Accounting-Request(4) Acct-Status (40) Stop(2) - Stops the accounting NAS-Port-Type (61) VIRTUAL (5) for network connections. NAS-Port (5) Always 0. NAS-IP-Address (4) The IP address for the KSX II. User-Name (1) The user name entered at the login screen. Acct-Session-ID (44) Session ID for accounting.
Chapter 7: User Management User Authentication Process Remote authentication follows the process specified in the flowchart below: 134
Chapter 7: User Management Changing a Password To change your password: 1. Choose User Management > Change Password. The Change Password page opens. 2. Type your current password in the Old Password field. 3. Type a new password in the New Password field. Retype the new password in the Confirm New Password field. Passwords can be up to 64 characters in length and can consist of English alphanumeric characters and special characters. 4. Click OK. 5.
Chapter 8 Device Management In This Chapter Network Settings ...................................................................................136 Device Services .....................................................................................141 Configuring Modem Settings .................................................................147 Configuring Date/Time Settings ............................................................148 Event Management .................................................
Chapter 8: Device Management Network Basic Settings These procedures describe how to assign an IP address on the Network Settings page. For complete information about all of the fields and the operation of this page, see Network Settings. To assign an IP address: 1. Choose Device Settings > Network. The Network Settings page opens. 2. Specify a meaningful Device Name for your KSX II device. Up to 32 alphanumeric characters using valid special characters and no spaces. 3.
Chapter 8: Device Management e. Link-Local IP Address. This address is automatically assigned to the device. It is used for neighbor discovery or when no routers are present. Read-Only f. Zone ID. This identifies the device with which the address is associated. Read-Only g. Select the IP Auto Configuration. The following options are available: None - Use this option if you do not want an auto IP configuration and prefer to set the IP address yourself (static IP).
Chapter 8: Device Management See LAN Interface Settings (on page 139) for information in configuring this section of the Network Settings page. Note: In some environments, the default LAN Interface Speed & Duplex setting Autodetect (autonegotiator) does not properly set the network parameters, which results in network issues. In these instances, setting the KSX II LAN Interface Speed & Duplex field to 100 Mbps/Full Duplex (or whatever option is appropriate to your network) addresses the issue.
Chapter 8: Device Management Autodetect (default option) 10 Mbps/Half - Both LEDs blink 10 Mbps/Full - Both LEDs blink 100 Mbps/Half - Yellow LED blinks 100 Mbps/Full - Yellow LED blinks 1000 Mbps/Full (gigabit) - Green LED blinks Half-duplex provides for communication in both directions, but only one direction at a time (not simultaneously). Full-duplex allows communication in both directions simultaneously.
Chapter 8: Device Management Device Services The Device Services page allows you to configure the following functions: Enabling Telnet Enabling SSH access Configuring HTTP and HTTPs port settings Enabling Serial Console Access Configuring the discovery port access Enabling direct port access Enabling the AKC Download Server Certificate Validation feature if you are using AKC Enabling Telnet If you wish to use Telnet to access the KSX II, first access the KSX II from the CLI or a
Chapter 8: Device Management HTTP and HTTPS Port Settings You are able to configure HTTP and/or HTTPS ports used by the KSX II. For example, if you are using the default HTTP port 80 for another purpose, changing the port will ensure the device does not attempt to use it. To change the HTTP and/or HTTPS port settings: 1. Choose Device Settings > Device Services. The Device Service Settings page opens. 2. Enter the new ports in the HTTP Port and/or HTTPS Port fields. 3. Click OK.
Chapter 8: Device Management Enabling Direct Port Access via URL Direct port access allows users to bypass having to use the device's Login dialog and Port Access page. This feature also provides the ability to enter a username and password directly and proceed to the target if the username and password is not contained in the URL. The following is important URL information regarding direct port access: If you are using VKC and direct port access: https://IPaddress/dpa.
Chapter 8: Device Management Configuring Direct Port Access via Telnet, IP Address or SSH The information in this topic is specific to enabling direct port access for serial targets. Use the Enable Direct Port Access via URL option on the Device Services page to enable direct port access for a KVM/serial port connect to the KSX II. See Enabling Direct Port Access via URL (on page 143). To configure direct port access: 1. Choose Device Settings > Device Services. The Device Service Settings page opens. 2.
Chapter 8: Device Management 3. Click OK to save this information. Once you have created the direct port access, it can be connected in a client application such as PuTTY. Following is an example of how the direct port access information would appear in PuTTY. Note that PuTTY is not the only client application that can be used. It is used here for sample purposes only.
Chapter 8: Device Management Enabling the AKC Download Server Certificate Validation If you are using the AKC client, you can choose to use the Enable AKC Download Server Certificate Validation feature or opt not to use this feature.
Chapter 8: Device Management 3. Click OK. Configuring Modem Settings To configure modem settings: 1. Click Device Settings > Modem Settings to open the Modem Settings page. 2. Check Enable Modem, if needed. 3. Enter the PPP server IP address. The internet address assigned to the KSX II when a connection is established via dial-up. Required. 4. Enter the PPP client IP address. The internet address the KSX II assigns to remove the client when a connection is established via dial-up.
Chapter 8: Device Management Configuring Date/Time Settings Use the Date/Time Settings page to specify the date and time for the KSX II. There are two ways to do this: Manually set the date and time. Synchronize the date and time with a Network Time Protocol (NTP) server. To set the date and time: 1. Choose Device Settings > Date/Time. The Date/Time Settings page opens. 2. Choose your time zone from the Time Zone drop-down list. 3.
Chapter 8: Device Management 6. Click OK. Event Management The KSX II Event Management feature allows you enable and disable the distribution of system events to SNMP Managers, the Syslog and the audit log. These events are categorized, and for each event you can determine whether you want the event sent to one or several destinations.
Chapter 8: Device Management Configuring Event Management Settings SNMP Configuration Simple Network Management Protocol (SNMP) is a protocol governing network management and the monitoring of network devices and their functions. KSX II offers SNMP Agent support through Event Management. To configure SNMP (enable SNMP logging): 1. Choose Device Settings > Event Management - Settings. The Event Management - Settings page opens. 2. Choose the Enable SNMP Logging option.
Chapter 8: Device Management 4. Type the Agent Community String (the device's string). An SNMP community is the group that devices and management stations running SNMP belong to. It helps define where information is sent. The community name is used to identify the group. The SNMP device or agent may belong to more than one SNMP community. 5. Specify whether the community is Read-Only or Read-Write using the Type drop-down list. 6.
Chapter 8: Device Management Configuring Event Management - Destinations System events, if enabled, can generate SNMP notification events (traps), or can be logged to syslog or audit log. Use the Event Management - Destinations page to select which system events to track and where to send this information. Note: SNMP traps will only be generated if the SNMP Logging Enabled option is checked; Syslog events will only be generated if the Enable Syslog Forwarding option is checked.
Chapter 8: Device Management SNMP Trap Configuration SNMP provides the ability to send traps, or notifications, to advise an administrator when one or more conditions have been met. The following table lists the KSX II SNMP traps: Trap name Description cimConnected A CIM is plugged into to the KSX II port. cimDisconnected A CIM is either unplugged from the KSX II port or powered-off. cimUpdateCompleted CIM firmware update process completed. cimUpdateStarted CIM firmware update process started.
Chapter 8: Device Management 154 Trap name Description network. networkParameterChanged A change has been made to the network parameters. passwordSettingsChanged Strong password settings have changed. portConnect A previously authenticated user has begun a KVM session. portConnectionDenied A connection to the target port was denied. portDisconnect A user engaging in a KVM session closes the session properly. portStatusChange The port has become unavailable.
Chapter 8: Device Management Trap name Description userAuthenticationFailure A user attempted to log in without a correct username and/or password. userConnectionLost A user with an active session has experienced an abnormal session termination. userDeleted A user account has been deleted. userLogin A user has successfully logged into the KSX II and has been authenticated. userLogout A user has successfully logged out of the KSX II properly. userModified A user account has been modified.
Chapter 8: Device Management Port Name - The name assigned to the port. A port name displayed in black indicates that you cannot change the name and that the port cannot be edited; port names displayed in blue can be edited. Note: Do not use apostrophes for the Port (CIM) Name.
Chapter 8: Device Management For serial ports, the Port page for serial ports is opened.
Chapter 8: Device Management Power Control Power control is configured on the Port page. The Port page opens when you select a port that is connected to a target server from the Port Configuration page. From the Port page, you can make power associations and change the port name to something more descriptive. A server can have up to four (4) power associates and you can associate a different rack PDU (power strip) with each.
Chapter 8: Device Management Assigning a Name to the PX The Port page opens when you select a port on the Port Configuration page. The port appears on this page when connected to a Raritan remote rack PDU (power strip). The Type and the Name fields are prepopulated. Use this page to name the rack PDU and its outlets; all names can be up to 32 alphanumeric characters and can include special characters.
Chapter 8: Device Management To remove a rack PDU association: 1. Select the appropriate rack PDU from the Power Strip Name drop-down list. 2. For that rack PDU, select the appropriate outlet from the Outlet Name drop-down list. 3. From the Outlet Name drop-down list, select None. 4. Click OK. The rack PDU/outlet association is removed and a confirmation message is displayed. Target Settings To define target settings: 1.
Chapter 8: Device Management Configuring Blade Chassis In addition to standard servers and rack PDUs (power strips), you can control blade chassis that are plugged into a Dominion device port. Up to eight blade chassis can be managed at a given time. As with standard servers, blade chassis are autodetected once they are connected.
Chapter 8: Device Management The use of hot key sequences to switch KVM access to a blade chassis is also supported. For blade chassis that allow users to select a hot key sequence, those options will be provided on the Port Configuration page. For blade chassis that come with predefined hot key sequences, those sequences will be prepopulated on the Port Configuration page once the blade chassis is selected.
Chapter 8: Device Management 3. On the Port Configuration page, click on the name of the blade chassis you want to configure. The Port page will open. 4. Select the Blade Chassis radio button. The page will then display the necessary fields to configure a blade chassis. 5. Select Generic from the Blade Server Chassis Model drop-down. 6. Configure the blade chassis as applicable. a. Switch Hot Key Sequence - Define the hot key sequence that will be used to switch from KVM to the blade chassis.
Chapter 8: Device Management c. Username - Enter the username used to access the interface. Optional d. Password - Enter the password used to access the interface. Optional Note: Leave the username and password fields blank for DRAC, ILO, and RSA web applications or the connection will fail. e. The Username Field and Password Field, which are both optional, contain the labels that are expected to be associated with the username and password entries.
Chapter 8: Device Management To configure a Dell PowerEdge M1000e: 1. If you selected Dell PowerEdge™ M1000e, auto-discovery is available. Configure the blade chassis as applicable. Prior to configuring a blade chassis that can be auto-discovered, it must be configured to enable SSH connections on the designated port number (see Device Services). Additionally, a user account with the corresponding authentication credentials must be previously created on the blade chassis. a.
Chapter 8: Device Management The first URL link is intended for use to connect to the blade chassis Administration Module GUI. Note: Access to the URL links entered in this section of the page is governed by the blade chassis port permissions. a. Active - To activate the link once it is configured, select the Active checkbox. Leave the checkbox deselected to keep the link inactive. Entering information into the link fields and saving can still be done even if Active is not selected.
Chapter 8: Device Management b. Maximum Number of Slots - The default maximum number of slots available on the blade chassis is automatically entered. c. Administrative Module Primary IP Address/Host Name - Not applicable. d. Port Number - The default port number for the blade chassis is 22. Not applicable. e. Username - Not applicable. f. Password - Not applicable. 2. Change the blade chassis name if needed. 3.
Chapter 8: Device Management e. The Username Field and Password Field, which are both optional, contain the labels that are expected to be associated with the username and password entries. It is in these fields you should enter the field names for the username and password fields used on the login screen for the web application. You can view the HTML source of the login screen to find the field names, not the field labels.
Chapter 8: Device Management d. Port Number - The default port number for the blade chassis is 22. Change the port number if applicable. Required for auto-discovery mode e. Username - Enter the username used to access the blade chassis. Required for auto-discovery mode f. Password - Enter the password used to access the blade chassis. Required for auto-discovery mode 2.
Chapter 8: Device Management Note: Leave the username and password fields blank for DRAC, ILO, and RSA web applications or the connection will fail. e. The Username Field and Password Field, which are both optional, contain the labels that are expected to be associated with the username and password entries. It is in these fields you should enter the field names for the username and password fields used on the login screen for the web application.
Chapter 8: Device Management 4. In the Blade Chassis Managed Links section of the page, you are able to configure the connection to a blade chassis web browser interface if one is available. Click the Blade Chassis Managed Links icon page. to expand the section on the The first URL link is intended for use to connect to the blade chassis Administration Module GUI. Note: Access to the URL links entered in this section of the page is governed by the blade chassis port permissions. a.
Chapter 8: Device Management Tips for Adding a Web Browser Interface You can add a Web Browser Interface to create a connection to a device with an embedded web server. A Web Browser interface can also be used to connect to any web application, such as the web application associated with an RSA, DRAC or ILO Processor card. You must have DNS configured or URLs will not resolve. You do not need to have DNS configured for IP addresses. To add a web browser interface: 1.
Chapter 8: Device Management HP Blade Chassis Configuration (Port Group Management) The KSX II supports the aggregation of ports connected to certain types of blades into a group representing the blade chassis. Specifically, HP® BladeServer blades and Dell® PowerEdge™ 1855/1955 blades when the Dell PowerEdge 1855/1955 is connected from each individual blade to a port on the KSX II.
Chapter 8: Device Management 3. Enter a Port Group Name. The port group name is not case sensitive and can contain up to 32 characters. 4. Select the Blade Server Group checkbox. If you want to designate that these ports are attached to blades housed in a blade chassis (for example, HP c3000 or Dell PowerEdge 1855), select the Blade Server Group checkbox.
Chapter 8: Device Management To delete a port group: 1. Click on the Port Group Management page, select the checkbox of the port group you want to delete. 2. Click the Delete button. 3. Click OK on the warning message. Supported Blade Chassis Models This table contains the blade chassis models that are supported by the KSX II and the corresponding profiles that should be selected per chassis model when configuring them in the KSX II application.
Chapter 8: Device Management Supported CIMs for Blade Chassis The following CIMs are supported for blade chassis being managed through the KSX II: DCIM-PS2 DCIM-USBG2 D2CIM-VUSB D2CIM-DVUSB Following is a table containing supported CIMs for each blade chassis model that the KSX II supports.
Chapter 8: Device Management Blade chassis Connection method Recommended CIM(s) custom cable provided with the system). Source: Dell PowerEdge 1955 Owner's Manual Dell PowerEdge M1000e The KVM Switch Module (iKVM) is Integrated with this chassis.
Chapter 8: Device Management Blade chassis Connection method Management Module. Recommended CIM(s) Source: IBM BladeCenter Products and Technology IBM BladeCenter E The current model BladeCenter E chassis (8677-3Rx) ships standard with one Advanced Management Module. DCIM-USBG2 D2CIM-DVUSB DCIM-PS2 DCIM-USBG2 Source: IBM BladeCenter Products and Technology IBM BladeCenter T The BladeCenter T chassis ships standard with one Advanced Management Module.
Chapter 8: Device Management Required and Recommended Blade Chassis Configurations This table contains information on limitations and constraints that apply to configuring blade chassis to work with the KSX II. Raritan recommends that all of the information below is followed. Blade chassis Dell® PowerEdge™ M1000e Dell PowerEdge 1855/1955 Required/recommended action Disable the iKVM GUI screensaver. An authorize dialog will appear, preventing iKVM from working correctly, if this is not done.
Chapter 8: Device Management Blade chassis IBM®/Dell® Auto-Discovery IBM KX2 Virtual Media Required/recommended action Do not designate any slots for scan operations in the iKVM GUI Setup Scan menu or the iKVM may not work properly. To avoid having the iKVM GUI display upon connecting to the blade chassis, set the Screen Delay Time to 8 seconds. Recommend that 'Timed' and 'Displayed' be selected during iKVM GUI Flag Setup.
Chapter 8: Device Management Blade chassis ® IBM BladeCenter® E or H Sample URL format Username: root Username Field: TEXT_USER_NAME Password: calvin Password Field: TEXT_PASSWORD http://192.168.84.217/private/welcome.ssi Configuring USB Profiles (Port Page) You choose the available USB profiles for a port in the Select USB Profiles for Port section of the Port page.
Chapter 8: Device Management Shift-Click and drag to select several continuous profiles. Ctrl-Click to select several discontinuous profiles. 2. Click Add. The selected profiles appear in the Selected list. These are the profiles that can be used for the KVM target server connected to the port. To specify a preferred USB profile: 1. After selecting the available profiles for a port, choose one from the Preferred Profile for Port menu. The default is Generic.
Chapter 8: Device Management 2. Click Remove. The selected profiles appear in the Available list. These profiles are no longer available for a KVM target server connected to this port. To apply a profile selection to multiple ports: 1. In the Apply Selected Profiles to Other Ports section, select the Apply checkbox for each KVM port you want to apply the current set of selected USB profiles to. To select all KVM ports, click Select All. To deselect all KVM ports, click Deselect All.
Chapter 8: Device Management German (Germany) JIS (Japanese Industry Standard) Simplified Chinese Traditional Chinese Dubeolsik Hangul (Korean) German (Switzerland) Portuguese (Portugal) Norwegian (Norway) Swedish (Sweden) Danish (Denmark) Belgian (Belgium) Note: Keyboard use for Chinese, Japanese, and Korean is for display only. Local language input is not supported at this time for KSX II Local Console functions. 4. Choose the local port hotkey.
Chapter 8: Device Management a. Select the Power Save Mode checkbox. b. Set the amount of time (in minutes) in which Power Save Mode will be initiated. 8. Choose the resolution for the KSX II Local Console from the drop-down list. The browser will be restarted when this change is made. 800x600 1024x768 1280x1024 9. Choose the refresh rate from the drop-down list. The browser will be restarted when this change is made. 60 Hz 75 Hz 10. Choose the type of local user authentication.
Chapter 8: Device Management Port Keywords Port keywords work as a filter. If a keyword is detected, a corresponding message be logged in a local port log and a corresponding trap will be sent via SNMP (if configured). Defining keywords guarantees that only messages that contain those keywords are logged for the local port. You can create port keywords and associate them with: Syslog Audit log SNMP traps To define keywords and associate them with a port: 1.
Chapter 8: Device Management 2. Define a keyword for the first time, by clicking the Add button on the Port Keyword List page. The Add Keyword page will then open. Follow steps 3 - 5 to create new keywords. 3. Type a keyword in the Keyword field and then click the Add button. The keyword will be added to the page directly under the Keyword field and will appear on the Port Keyword List page once OK is selected. Add additional keywords by following the same steps (if needed). 4.
Chapter 8: Device Management Port Group Management This function is specific to HP blade chassis configuration. See HP Blade Chassis Configuration (Port Group Management) (on page 173).
Chapter 9 Security Management In This Chapter Security Settings....................................................................................189 Configuring IP Access Control ..............................................................199 SSL Certificates .....................................................................................201 Security Banner .....................................................................................
Chapter 9: Security Management To reset back to defaults: Click Reset to Defaults. Login Limitations Using login limitations, you can specify restrictions for single login, password aging, and the logging out idle users. Limitation Description Enable single login limitation When selected, only one login per user name is allowed at any time. When deselected, a given user name/password combination can be connected into the device from several client workstations simultaneously.
Chapter 9: Security Management Limitation Description change is required. The default is 60 days. Log out idle users, After (1-365 minutes) Select the "Log off idle users" checkbox to automatically disconnect users after the amount of time you specify in the "After (1-365 minutes)" field. If there is no activity from the keyboard or mouse, all sessions and all resources are logged out. If a virtual media session is in progress, however, the session does not timeout.
Chapter 9: Security Management Strong Passwords Strong passwords provide more secure local authentication for the system. Using strong passwords, you can specify the format of valid KSX II local passwords such as minimum and maximum length, required characters, and password history retention. Strong passwords require user-created passwords to have a minimum of 8 characters with at least one alphabetical character and one nonalphabetical character (punctuation character or number).
Chapter 9: Security Management User Blocking The User Blocking options specify the criteria by which users are blocked from accessing the system after the specified number of unsuccessful login attempts. The three options are mutually exclusive: Option Description Disabled The default option. Users are not blocked regardless of the number of times they fail authentication.
Chapter 9: Security Management Option Description Timer Lockout Users are denied access to the system for the specified amount of time after exceeding the specified number of unsuccessful login attempts. When selected, the following fields are enabled: Attempts - The number of unsuccessful login attempts after which the user will be locked out. The valid range is 1 - 10 and the default is 3 attempts. Lockout Time - The amount of time for which the user will be locked out.
Chapter 9: Security Management Encryption & Share Using the Encryption & Share settings you can specify the type of encryption used, PC and VM share modes, and the type of reset performed when the KSX II Reset button is pressed. WARNING: If you select an encryption mode that is not supported by your browser, you will not be able to access the KSX II from your browser. 1. Choose one of the options from the Encryption Mode drop-down list.
Chapter 9: Security Management Encryption mode Description a National Institute of Standards and Technology specification for the encryption of electronic data. 256 is the key length. When AES-256 is specified, be certain that your browser supports it, otherwise you will not be able to connect. See Checking Your Browser for AES Encryption (on page 197) for more information. Note: MPC will always negotiate to the highest encryption and will match the Encryption Mode setting if not set to Auto.
Chapter 9: Security Management Local device reset mode Description Enable Local Factory Returns the KSX II device to the factory Reset (default) defaults. Enable Local Admin Password Reset Resets the local administrator password only. The password is reset to raritan. Disable All Local Resets No reset action is taken.
Chapter 9: Security Management Enabling FIPS 140-2 For government and other high security environments, enabling FIPS 140-2 mode may be desirable. The KSX II uses an embedded FIPS 140-2-validated cryptographic module running on a Linux® platform per FIPS 140-2 Implementation Guidance section G.5 guidelines. Once this mode is enabled, the private key used to generate the SSL certificates must be internally generated; it cannot be downloaded or exported. To enable FIPS 140-2: 1.
Chapter 9: Security Management FIPS 140-2 should be enabled on the client computer and in Internet Explorer. To enable FIPS 140-2 on a Windows client: 1. Select Control Panel > Administrative Tools > Local Security Policy to open the Local Security Settings dialog. 2. From the navigation tree, select Select Local Policies > Security Options. 3. Enable "System Cryptography: Use FIPS compliant algorithms for encryption, hashing and signing". 4. Reboot the client computer.
Chapter 9: Security Management To add (append) rules: 1. Type the IP address and subnet mask in the IPv4/Mask or IPv6/Prefix Length field. Note: The IP address should be entered using CIDR (Classless Inter-Domain Routing notation, in which the first 24 bits are used as a network address). 2. Choose the Policy from the drop-down list. 3. Click Append. The rule is added to the bottom of the rules list. To insert a rule: 1. Type a rule #. A rule # is required when using the Insert command. 2.
Chapter 9: Security Management 3. You are prompted to confirm the deletion. Click OK. SSL Certificates The KSX II uses the Secure Socket Layer (SSL) protocol for any encrypted network traffic between itself and a connected client. When establishing a connection, the KSX II has to identify itself to a client using a cryptographic certificate. It is possible to generate a Certificate Signing Request (CSR) and install a certificate signed by the Certificate Authority (CA) on the KSX II.
Chapter 9: Security Management b. Organizational unit - This field is used for specifying to which department within an organization the KSX II belongs. c. Organization - The name of the organization to which the KSX II belongs. d. Locality/City - The city where the organization is located. e. State/Province - The state or province where the organization is located. f. Country (ISO code) - The country where the organization is located. This is the two-letter ISO code, e.g.
Chapter 9: Security Management Note: The CSR and the private key file are a matched set and should be treated accordingly. If the signed certificate is not matched with the private key used to generate the original CSR, the certificate will not be useful. This applies to uploading and downloading the CSR and private key files. After completing these three steps the KSX II has its own certificate that is used for identifying the card to its clients.
Chapter 9: Security Management 4. If needed, change the banner title. This information will be displayed to users as part of the banner. Up to 64 characters can be used. 5. Edit the information in the Restricted Services Banner Message text box. Up to 6000 characters can be entered or uploaded from a text file. To do this, do one of the following: a. Edit the text by manually typing in the text box. Click OK. b. Upload the information from .
Chapter 10 Maintenance In This Chapter Maintenance Features (Local/Remote Console) ...................................205 Audit Log................................................................................................206 Device Information.................................................................................207 Backup and Restore ..............................................................................208 USB Profile Management .....................................................
Chapter 10: Maintenance Audit Log A log is created of the KSX II system events. To view the audit log for your KSX II: 1. Choose Maintenance > Audit Log. The Audit Log page opens. The Audit Log page displays events by date and time (most recent events listed first). The Audit Log provides the following information: Date - The date and time that the event occurred based on a 24-hour clock. Event - The event name as listed in the Event Management page.
Chapter 10: Maintenance Device Information The Device Information page provides detailed information about your KSX II device and the CIMs in use. This information is helpful should you need to contact Raritan Technical Support. To view information about your Dominion KSX II and CIMs: Choose Maintenance > Device Information. The Device Information page opens.
Chapter 10: Maintenance Backup and Restore From the Backup/Restore page, you can backup and restore the settings and configuration for your KSX II. In addition to using backup and restore for business continuity purposes, you can use this feature as a time-saving mechanism. For instance, you can quickly provide access to your team from another KSX II by backing up the user configuration settings from the KSX II in use and restoring those configurations to the new KSX II.
Chapter 10: Maintenance If you are using Internet Explorer 6 or higher, to backup your KSX II: 1. Click Backup. A File Download dialog appears that contains an Open button. Do not click Open. In IE 6 and higher, IE is used as the default application to open files, so you are prompted to open the file versus save the file. To avoid this, you must change the default application that is used to open files to WordPad®. 2. To do this: a. Save the backup file.
Chapter 10: Maintenance 2. Navigate to and select the appropriate backup file and click Open. The selected file is listed in the Restore File field. 3. Click Restore. The configuration (based on the type of restore selected) is restored. USB Profile Management From the USB Profile Management page, you can upload custom profiles provided by Raritan tech support.
Chapter 10: Maintenance Note: If an error or warning is displayed during the upload process (for example. overwriting an existing custom profile), you may continue with the upload by clicking Upload or cancel it by clicking on Cancel. To delete a custom profile to your KSX II: 1. Check the box corresponding to the row of the table containing the custom profile to be deleted. 2. Click Delete. The custom profile will be deleted and removed from the Profile table.
Chapter 10: Maintenance Upgrading CIMs Use this procedure to upgrade CIMs using the firmware versions stored in the memory of your KSX II device. In general, all CIMs are upgraded when you upgrade the device firmware using the Firmware Upgrade page. In order to make use of USB profiles, you must use a D2CIM-VUSB or D2CIM-DVUSB with updated firmware.
Chapter 10: Maintenance To upgrade your KSX II: 1. Locate the appropriate Raritan firmware distribution file (*.RFP), found on the Raritan Firmware Upgrades webpage: http://www.raritan.com/support/firmwareupgrades and download the file. 2. Unzip the file. Read all instructions included in the firmware ZIP files carefully before upgrading. 3. Copy the firmware update file to a local PC before uploading. Do not load the file from a network drive. 4. Choose Maintenance > Firmware Upgrade.
Chapter 10: Maintenance 8. Click Upgrade and wait for the upgrade to complete. Status information and progress bars are displayed during the upgrade. Upon completion of the upgrade, the device reboots (1 beep sounds to signal the reboot). 9. As prompted, close the browser and wait approximately 5 minutes before logging on to the KSX II again.
Chapter 10: Maintenance Upgrade History The KSX II provides information about upgrades performed on the KSX II and attached CIMS. To view the upgrade history: Choose Maintenance > Upgrade History. The Upgrade History page opens. Information is provided about the KSX II upgrade(s) that have been run, the final status of the upgrade, the start and end times, and the previous and current firmware versions.
Chapter 10: Maintenance To reboot your KSX II: 1. Choose Maintenance > Reboot. The Reboot page opens. 2. Click Reboot. You are prompted to confirm the action. Click Yes to proceed with the reboot. CC Unmanage When a KSX II device is under CommandCenter Secure Gateway control and you attempt to access the device directly using the KSX II Remote Console, the following message appears (after entry of a valid user name and password).
Chapter 10: Maintenance Stopping CC-SG Management While the KSX II is under CC-SG management, if you try to access the device directly, you are notified that it the device is under CC-SG management. If you are managing the KSX II through CC-SG and connectivity between CC-SG and the KSX II is lost after the specified timeout interval (typically 10 minutes), you are able to end the CC-SG management session from the KSX II console.
Chapter 10: Maintenance 3. Click Yes to remove the device CC-SG management. Once CC-SG management has ended, a confirmation will be displayed.
Chapter 11 Diagnostics The Diagnostics pages are used for troubleshooting and are intended primarily for the administrator of the KSX II device. All of the Diagnostics pages (except Device Diagnostics) run standard networking commands and the information that is displayed is the output of those commands. The Diagnostics menu options help you debug and configure the network settings. The Device Diagnostics option is intended for use in conjunction with Raritan Technical Support.
Chapter 11: Diagnostics Network Interface Page The KSX II provides information about the status of your network interface. To view information about your network interface: Choose Diagnostics > Network Interface. The Network Interface page opens. The following information is displayed: Whether the Ethernet interface is up or down. Whether the gateway is pingable or not. The LAN port that is currently active. To refresh this information: Click the Refresh button.
Chapter 11: Diagnostics Statistics - Produces a page similar to the one displayed here. Interfaces - Produces a page similar to the one displayed here.
Chapter 11: Diagnostics Route - Produces a page similar to the one displayed here. 3. Click Refresh. The relevant information is displayed in the Result field. Ping Host Page Ping is a network tool used to test whether a particular host or IP address is reachable across an IP network. Using the Ping Host page, you can determine if a target server or another KSX II is accessible. To ping the host: 1. Choose Diagnostics > Ping Host. The Ping Host page opens.
Chapter 11: Diagnostics 2. Type either the hostname or IP address into the Hostname or IP Address field. 3. Click Ping. The results of the ping are displayed in the Result field. Trace Route to Host Page Trace route is a network tool used to determine the route taken to the provided hostname or IP address. To trace the route to the host: 1. Choose Diagnostics > Trace Route to Host. The Trace Route to Host page opens. 2. Type either the IP address or host name into the IP Address/Host Name field.
Chapter 11: Diagnostics Device Diagnostics Note: This page is for use by Raritan field engineers or when you are directed by Raritan Technical Support. Device Diagnostics downloads the diagnostics information from KSX II to the client machine. Two operations can be performed on this page: Operation Description Diagnostics Scripts Execute a special script provided by Raritan Technical Support during a critical error debugging session. The script is uploaded to the device and executed.
Chapter 11: Diagnostics f. Send this file to Raritan Technical Support using step 4. 3. To create a diagnostics file to send to Raritan Technical Support: a. Click the Save to File button. The File Download dialog appears. b. Click Save. The Save As dialog appears. c. Navigate to the desired directory and click Save. 4. Email this file as directed by Raritan Technical Support.
Chapter 12 Command Line Interface (CLI) In This Chapter Overview ................................................................................................227 Accessing the KSX II Using CLI ............................................................228 SSH Connection to the KSX II ...............................................................228 Telnet Connection to the KSX II ............................................................229 Local Serial Port Connection to the KSX II.................
Chapter 12: Command Line Interface (CLI) Overview The KSX II Serial Console supports all serial devices such as: Servers, including Windows Server 2003® when using the Emergency Management Console (EMS-) Special Administration Console, or SAC with BIOS redirection in the server BIOS. Routers Layer 2 switches Firewalls Rack PDUs (power strips) Other user equipment The KSX II allows an administrator or user to access, control, and manage multiple serial devices.
Chapter 12: Command Line Interface (CLI) Accessing the KSX II Using CLI Access the KSX II by using one of the following methods: Telnet via IP connection SSH (Secure Shell) via IP connection Local Port-via RS-232 serial interface A number of SSH/Telnet clients are available and can be obtained from the following locations: Putty - http://www.chiark.greenend.org.uk/~sgtatham/putty/ http://www.chiark.greenend.org.uk/~sgtatham/putty/ SSH Client from ssh.com - www.ssh.com http://www.ssh.
Chapter 12: Command Line Interface (CLI) Telnet Connection to the KSX II Due to the lack of security, user name, password and all traffic is in clear-text on the wire. Telnet access is disabled by default. Enabling Telnet If you wish to use Telnet to access the KSX II, first access the KSX II from the CLI or a browser. To enable Telnet: 1. Select Device Settings > Device Services and then select the Enable TELNET Access checkbox. 2. Enter the Telnet port. 3. Click OK.
Chapter 12: Command Line Interface (CLI) Port Settings Ensure that the port settings (serial communication parameters) are configured as follows: Data bits = 8 Parity = None Stop bits =1 Flow Control = None Bits per second = 9600 Logging On To log in, enter the user name admin as shown: 1. Log in as admin 2. The Password prompt appears. Enter the default password: raritan The welcome message displays. You are now logged on as an administrator.
Chapter 12: Command Line Interface (CLI) After reviewing the following Navigation of the CLI (on page 232) section, perform the Initial Configuration tasks. Welcome! 192.168.59.202 login: admin Passwd: ------------------------------------------------------------------------------Device Type: Dominion KSX2 Device Name: YongKSX2 SN: AE17950009 Model: DKSX2_188 FW Version: 1.0.0.5.6321 IP Address: 192.168.59.202 Idle Timeout: 0min IP Address: 192.168.59.202 Idle Timeout: 0min Port Port Port Port No.
Chapter 12: Command Line Interface (CLI) login as: Janet Password: Authentication successful. --------------------------------------------------------------Welcome to the KSX II [Model: KSX2] UnitName:KSX II Serial:WACEA00008 FirmwareVersion:3.0.0.5.1 IP Address:192.168.51.194 UserIdletimeout:99min ---------------------------------------------------------------Port Port Port Port No. Name No.
Chapter 12: Command Line Interface (CLI) CLI Syntax -Tips and Shortcuts Tips Commands are listed in alphabetical order. Commands are not case sensitive. Parameter names are single word without underscore. Commands without arguments default to show current settings for the command. Typing a question mark ( ? ) after a command produces help for that command. A pipe symbol ( | ) indicates a choice within an optional or required set of keywords or arguments.
Chapter 12: Command Line Interface (CLI) Initial Configuration Using CLI Note: These steps, which use the CLI, are optional since the same configuration can be done via KVM. See Getting Started for more information. KSX II devices come from the factory with default factory settings. When you first power up and connect to the device, you must set the following basic parameters so the device can be accessed securely from the network: 1. Reset the administrator password.
Chapter 12: Command Line Interface (CLI) The KSX II now has the basic configuration and can be accessed remotely via SSH, GUI, or locally using the local serial port. The administrator needs to configure the users and groups, services, security, and serial ports to which the serial targets are attached to the KSX II. CLI Prompts The Command Line Interface prompt indicates the current command level. The root portion of the prompt is the login name.
Chapter 12: Command Line Interface (CLI) Security Issues Elements to consider when addressing security for console servers: Encrypting the data traffic sent between the operator console and the KSX II device. Providing authentication and authorization for users. Security profile. The KSX II supports each of these elements; however, they must be configured prior to general use.
Chapter 12: Command Line Interface (CLI) Port Sharing Using CLI It is possible for access client users to share ports with other authenticated and authorized users, regardless of whether they are access client users (RSC) or SSH/Telnet users. Port sharing is used for training or for troubleshooting applications. Users are notified in real time if they have Write access or Read-Only access at any point during the port-sharing session.
Chapter 12: Command Line Interface (CLI) Interface Command The Interface command is used to configure the KSX II network interface.
Chapter 12: Command Line Interface (CLI) Connect Commands The connect commands provide a means to access ports and their history. Command connect Description Connect to a port. The port sub-menu, reached using escape key sequence. clearhistory Clear history buffer for this port. Only available to users who have Write access. clientlist Display all users on the port. close Close this target connection. gethistory Display the history buffer for this port.
Chapter 12: Command Line Interface (CLI) IPv6 Command Use the IPv6_command to set IPv6 network parameters and retrieve existing IPv6 parameters.
Chapter 13 KSX II Local Console In This Chapter Overview ................................................................................................241 Using the KSX II Local Console ............................................................241 KSX II Local Console Interface .............................................................242 Security and Authentication ...................................................................242 Local Console Smart Card Access ................................
Chapter 13: KSX II Local Console KSX II Local Console Interface When you are located at the server rack, the KSX II provides standard KVM management and administration via the KSX II Local Console. The KSX II Local Console provides a direct KVM (analog) connection to your connected servers; the performance is exactly as if you were directly connected to the server's keyboard, mouse, and video ports. Additionally, the KSX II provides terminal emulation when accessing serial targets.
Chapter 13: KSX II Local Console Local Console Smart Card Access To use a smart card to access a server at the Local Console, plug a USB smart card reader into the KSX II using one of the USB ports located on the KSX II. Once a smart card reader is plugged in or unplugged from the KSX II, the KSX II autodetects it. For a list of supported smart cards and additional system requirements, see Supported and Unsupported Smart Card Readers (on page 283) and Minimum System Requirements (on page 284).
Chapter 13: KSX II Local Console To update the Card Readers Detected list: Click Refresh if a new smart card has been mounted. The Card Readers Detected list will be refreshed to reflect the newly added smart card reader. Local Console USB Profile Options From the USB Profile Options section of the Tools page, you can choose from the available USB profiles for a local port.
Chapter 13: KSX II Local Console 3. Click OK. The USB profile will be applied to the local port and will appear in the Profile In Use field. Available Resolutions The KSX II Local Console provides the following resolutions to support various monitors: 800x600 1024x768 1280x1024 Each of these resolutions supports a refresh rate of 60Hz and 75Hz.
Chapter 13: KSX II Local Console Port Access Page (Local Console Server Display) After you login to the KSX II Local Console, the Port Access page opens. This page lists all of the KSX II ports, the connected KVM target servers, and their status and availability. Also displayed on the Port Access page are blade chassis that have been configured in the KSX II.
Chapter 13: KSX II Local Console In addition to the Port Number, Port Name, Status, Type, and Availability, a Group column is also displayed on the View by Group tab. This column contains the port groups that are available. 3. Click the Port Name of the target server you want to access. The Port Action Menu appears. See Port Action Menu (on page 44) for details on available menu options. 4. Choose the desired menu command from the Port Action Menu.
Chapter 13: KSX II Local Console The KVM and serial target servers are initially sorted by Port Number; you can change the display to sort on any of the columns. Port Number - Numbered from 1 to the total number of ports available for the KSX II. Port Name - The name of the KSX II port. Initially this is set to Dominion-KSX II-Port#, but you can change the name to something more descriptive. When you click the Port Name link, an Action Menu is opened.
Chapter 13: KSX II Local Console Standard servers Connect key action Key sequence example the local port GUI connected to target): Double Click Scroll Lock Blade chassis Connect key action Key sequence example Access a port from the local port GUI Access port 5, slot 2: Switch between ports Switch from target port 5, slot 2 to port 5, slot 11: Disconnect from a target and return to the local port GUI Press Left ALT > Press and Release 5 > Press and Release - > Press and Release 2 > Release L
Chapter 13: KSX II Local Console Language Regions Keyboard layout US English International United States of America and most of English-speaking countries: for example, Netherlands US Keyboard layout UK English United Kingdom UK layout keyboard Chinese Traditional Hong Kong S. A. R.
Chapter 13: KSX II Local Console Sun key Local port key combination Undo Ctrl + Alt +F4 Stop A Break a Front Ctrl + Alt + F5 Copy Ctrl + Alt + F6 Open Ctrl + Alt + F7 Find Ctrl + Alt + F9 Cut Ctrl + Alt + F10 Paste Ctrl + Alt + F8 Mute Ctrl + Alt + F12 Compose Ctrl+ Alt + KPAD * Vol + Ctrl + Alt + KPAD + Vol - Ctrl + Alt + KPAD - Stop No key combination Power No key combination Accessing a Target Server To access a target server: 1.
Chapter 13: KSX II Local Console Local Port Administration The KSX II can be managed by either the KSX II Local Console or the KSX II Remote Console. Note that the KSX II Local Console also provides access to: Factory Reset Local Port Settings Note: Only users with administrative privileges can access these functions.
Chapter 13: KSX II Local Console Note: Keyboard use for Chinese, Japanese, and Korean is for display only. Local language input is not supported at this time for KSX II Local Console functions. 3. Choose the local port hotkey. The local port hotkey is used to return to the KSX II Local Console interface when a target server interface is being viewed.
Chapter 13: KSX II Local Console Note: If you initially choose not to ignore CC Manage mode on the local port but later want local port access, you will have to remove the device from under CC-SG management (from within CC-SG). You will then be able to check this checkbox. 10. Click OK. To reset back to defaults: 254 Click Reset to Defaults.
Chapter 13: KSX II Local Console KSX II Local Console Factory Reset Note: This feature is available only on the KSX II Local Console. The KSX II offers several types of reset modes from the Local Console user interface. Note: It is recommended that you save the audit log prior to performing a factory reset. The audit log is deleted when a factory reset is performed and the reset event is not logged in the audit log. For more information about saving the audit log, see Audit Log (on page 206).
Chapter 13: KSX II Local Console Resetting the KSX II Using the Reset Button On the back panel of the device, there is a Reset button. It is recessed to prevent accidental resets (you will need a pointed object to press this button). The actions that are performed when the Reset button is pressed are defined in the graphical user interface. See Encryption & Share. Note: It is recommended that you save the audit log prior to performing a factory reset.
Chapter 14 Modem Configuration In This Chapter Certified Modems for UNIX, Linux and MPC .........................................257 Low Bandwidth KVM Settings ...............................................................258 Client Dial-Up Networking Configuration ...............................................259 Windows 2000 Dial-Up Networking Configuration ................................259 Windows Vista Dial-Up Networking Configuration ................................
Chapter 14: Modem Configuration Low Bandwidth KVM Settings Following are the settings that Raritan recommends in order to achieve optimum performance when using KVM over low bandwidth speeds typical of DSL connections. This information applies to both virtual KVM and MPC. Setting To achieve optimum performance: Connection speed Select Connections > Properties. Set the Connection Speed to a value that best matches the client-to-server connection. This ranges from 384 Kb (for lower DSL speeds) to >1MB.
Chapter 14: Modem Configuration Setting To achieve optimum performance: Select the "Quick sense video mode" radio to enable this option. Client Dial-Up Networking Configuration Configuring Microsoft Windows® Dial-Up Networking for use with KSX II allows configuration of a PC to reside on the same PPP network as the KSX II. After the dial-up connection is established, connecting to a KSX II is achieved by pointing the web browser to the PPP Server IP.
Chapter 14: Modem Configuration 2. Double-click the Make New Connection icon when the Network and Dial-Up Connections window appears. 3. Click Next and follow the steps in the Network Connection Wizard dialog to create custom dial-up network profiles.
Chapter 14: Modem Configuration 4. Click the Dial-up to private network radio button and click Next. 5. Select the checkbox before the modem that you want to use to connect to the KSX II and then click Next. 6. Type the area code and phone number you wish to dial in the appropriate fields.
Chapter 14: Modem Configuration 7. Click the Country/region code drop-down arrow and select the country or region from the list. 8. Click Next. The Connection Availability dialog appears. 9. Click the Only for myself radio button in the Connection Availability dialog.
Chapter 14: Modem Configuration 10. Click Next. The Network Connection has been created. 11. Type the name of the Dial-up connection. 12. Click Finish. 13. Click Dial to connect to the remote machine when the Dial dialog appears. A dialog indicating that a successful connection has been established will appear. Consult the Windows 2000® Dial-up Networking Help if you receive any error messages. Windows Vista Dial-Up Networking Configuration 1. Click Start and then click Network. The Network window opens.
Chapter 14: Modem Configuration Windows XP Dial-Up Networking Configuration 1. Choose Start > Programs > Accessories > Communications > New Connection Wizard. 2. Click Next and follow the steps in the New Connection Wizard to create custom dial-up network profiles. 3. Click the Connect to the Internet radio button and click Next.
Chapter 14: Modem Configuration 4. Click the "Set up my connection manually" radio button and click Next.
Chapter 14: Modem Configuration 5. Click the "Connect using a dial-up modem" radio button and click Next.
Chapter 14: Modem Configuration 6. Type a name to identify this particular connection in the ISP Name field and click Next.
Chapter 14: Modem Configuration 7. Type the phone number for the connection in the Phone number field and click Next. 8. Type your ISP information. Type the user name and password in the appropriate fields, and retype the password to confirm it.
Chapter 14: Modem Configuration 9. Select the checkbox before the appropriate option below the fields and click Next. 10. Click Finish. 11. Click Dial to connect to the remote machine when the Dial dialog appears. A dialog indicating that you connected successfully appears. If you get any errors, consult Windows XP® Dial-up Networking Help. Note: The maximum modem speed connecting to the KSX II is 33,600 bps, as it is a Linux® default limitation.
Appendix A Specifications In This Chapter Physical Specifications ..........................................................................270 Supported Operating Systems (Clients) ................................................271 Supported Operating Systems and CIMs (KVM Target Servers)..........272 Supported Browsers ..............................................................................275 Computer Interface Modules (CIMs) .....................................................
Appendix A: Specifications Supported Operating Systems (Clients) The following operating systems are supported on the Virtual KVM Client and Multi-Platform Client (MPC): Client operating system Windows 7 Virtual media (VM) support on client ® Yes Windows XP® Yes ® Yes Windows Vista® Yes ® Windows 2000 SP4 Server Yes Windows 2003® Server Yes Windows 2008® Server Yes Windows 2008 ® Red Hat Desktop 5.0 Yes. Locally held ISO image, Remote File Server mounting directly from KSX II.
Appendix A: Specifications Mode Operating system Windows Server 2003 Windows Vista ® Windows 7® Windows x64 64-bit mode Windows XP Windows XP Professional® Windows XP Tablet® Windows Vista Windows Server 2003 ® Browser Internet Explorer 6.0 SP1++, IE 7, IE 8 Firefox 1.06 - 3 Internet Explorer 7.0 or 8.0 Internet Explorer 7.0 or 8.0 Firefox 1.06 - 3 64bit OS, 32bit browsers: Internet Explorer 6.0 SP1+, 7.0 or 8.0 Firefox 1.
Appendix A: Specifications Supported Dominion CIMs & D2CIMs DCIM-PS2 DCIM-PS2 DCIM-USB DCIM-USB G2 D2CIM-VUSB Operating system and serial devices (where applicable) Windows XP® operating system Windows 2000® operating system Windows 2000 Server® Windows 2003 Server® Windows Vista® operating system Windows XP® operating system Windows 2000® operating system Windows 2000 Server® Windows 2003 Server® Windows Vista® operating system Virtual media Support
Appendix A: Specifications Target server 4.0 and 5.0 Supported CIMs DCIM-USB G2 SUSE Linux Professional 9.2 and 10 DCIM-PS2 DCIM-USB Mouse modes Workstation 3.
Appendix A: Specifications Supported Browsers KSX II supports the following browsers: Internet Explorer® 6, 7 and 8 Firefox® 1.5, 2.0, and 3.0 (up to build 3.0.10) Safari® Computer Interface Modules (CIMs) Part number Line item description UPC code Weight Product dimensions (WxDxH) Shipping weight Shipping dimensions (WxDxH) D2CIM-VUS KSX II B Computer Interface Module [USB port with virtual media] 78581333200 4 0.2 lbs 1.3" x 3.0" x 0.6" 0.2 lbs 7.2" x 9" x 0.
Appendix A: Specifications Supported Paragon CIMS and Configurations The KSX II supports the P2CIM-APS2DUAL and P2CIM-AUSBDUAL CIMs, which provide two RJ45 connections to different KVM switches. Support of these CIMs provides a second path to access the target in the event that one of the KVM switches is blocked or fails.
Appendix A: Specifications KSX II to KSX II Guidelines The following system configuration guidelines should be followed when you are using Paragon CIMs in a KSX II to KSX II configuration: Concurrent Access Both KSX II KVM switches should be configured with the same policy for concurrent access to targets, either both PC-Share or both Private.
Appendix A: Specifications If a connection to the target is in place from the other KSX II, the availability is checked when a connection is attempted. Access is denied or allowed consistent with the PC-Share policy in place for the KSX II. Until that time, the availability is not be updated on the other KSX II. If access is denied because the target is busy, a notification is displayed.
Appendix A: Specifications Paragon II operation mode Mode description Supported? indicate „available‟. PC Share A server or other device on a specific channel port can be selected and controlled by more than one user, but only one user has keyboard and mouse control at any one time. Supported. However, PC Share Idle Timeout, which is configured on the Paragon II, is not supported. Both users will have concurrent keyboard and mouse control. The Paragon II uses Green to indicate „available‟.
Appendix A: Specifications Supported Video Resolutions Ensure that each target server's video resolution and refresh rate are supported by the KSX II and that the signal is noninterlaced. Video resolution and cable length are important factors in the ability to obtain mouse synchronization. See Target Server Connection Distance and Video Resolution (on page 289).
Appendix A: Specifications Resolutions 1024x768@70 1680x1050@60Hz 1024x768@72 1920x1080@60Hz Note: Composite Sync and Sync-on-Green video require an additional adapter. Note: Some resolutions may not be available by default. If you do not see a resolution, plug in the monitor first, remove the monitor and then plug in the CIM. Note: If the 1440x900 and 1680x1050 resolutions are not displayed but are supported by the target server's graphics adapter card, a DDC-1440 or DDC-1680 adapter may be required.
Appendix A: Specifications Port Description HTTP, Port 80 This port can be configured as needed. See HTTP and HTTPS Port Settings (on page 142). By default, all requests received by the KSX II via HTTP (port 80) are automatically forwarded to HTTPS for complete security. The KSX II responds to Port 80 for user convenience, relieving users from having to explicitly type in the URL field to access the KSX II, while still preserving complete security.
Appendix A: Specifications Smart Card Readers Supported and Unsupported Smart Card Readers External, USB smart card readers are supported. Supported Smart Card Readers Type Vendor Model Verified USB SCM Microsystems SCR331 Verified on local and remote USB ActivIdentity® ActivIdentity USB Reader v2.0 Verified on local and remote USB ActivIdentity ActivIdentity USB Reader v3.
Appendix A: Specifications This table contains a list of readers that Raritan has tested and found not to work with the Raritan device, therefore they are unsupported. If a smart card reader does not appear in the supported smart card readers table or in the unsupported smart card readers table, Raritan cannot guarantee it will function with the device.
Appendix A: Specifications Windows XP® operating system targets must be running Windows XP SP3 in order to use smart cards with the KSX II. If you are working with .NET 3.5 in a Windows XP environment on the target server, you must be using SP1. Linux Targets If you are using a Linux® target, the following requirements must be met to use smart card readers with the KSX II.
Appendix A: Specifications Fedora® Core 10 pcsc-lite-1.4.102.3.fc10.i386 ™ Create a Java Library Link A soft link must be created to the libpcsclite.so after upgrading RHEL 4, RHEL 5 and FC 10. For example, ln –s /usr/lib/libpcsclite.so.1 /usr/lib/libpcsclite.so, assuming installing the package places the libraries in /usr/lib or /user/local/lib. PC/SC Daemon When the pcsc daemon (resource manager in framework) is restarted, restart the browser and MPC, too.
Appendix A: Specifications See Connectivity (on page 291) for a list of necessary KSX II hardware (adapters and/or cables) for connecting the KSX II to common Vendor/Model combinations. Electrical Specifications Parameter Input Value Nominal Frequencies 50/60 Hz Nominal Voltage Range 100/240 VAC Maximum Current AC RMS 0.6A max.
Appendix A: Specifications Port Description HTTPS, Port 443 This port is used for the actual KVM-over-IP communication from the KSX II device to the KVM client on the user's desktop. It cannot be changed. KSX II (Raritan KVM-over-IP) Protocol, Configurable Port 5000 This port is used to discover other KX devices and for communication between Raritan devices and systems, including CC-SG and MPC.
Appendix A: Specifications Port Description Telnet Telnet port can be configured but is not recommended. The default port is 23. Target Server Connection Distance and Video Resolution The maximum supported distance is a function of many factors including the type/quality of Cat5 cable, server type and manufacturer, video driver and monitor, environmental conditions, and user expectations.
Appendix A: Specifications Network Speed Settings KSX II network speed setting Network switch port setting Auto 1000/Full 100/Full 100/Half Auto 1000/Full 100/Full 100/Half 10/Full 10/Half Highest Available Speed 1000/Full KSX II: 100/Full 100/Half KSX II: 10/Full 10/Half 1000/Full 1000/Full No No No No Communica Communicat Communica Communicat tion ion tion ion KSX II: 100/Half KSX II: 100/Half 100/Full Switch: 100/Full Switch: 100/Full 100/Half 100/Half Switch: 100/Half KSX II:
Appendix A: Specifications communicate, but collisions will occur Per Ethernet specification, these should be “no communication,” however, note that the KSX II behavior deviates from expected behavior Note: For reliable network communication, configure the KSX II and the LAN switch to the same LAN Interface Speed and Duplex. For example, configure both the KSX II and LAN Switch to Autodetect (recommended) or set both to a fixed speed/duplex such as 100MB/s/Full.
Appendix A: Specifications Vendor Device Console connector Serial connection CAT 5 cable Sun Netra T1 RJ-45 CRLVR-15 cable; or CRLVR-1 adapter and a CAT5 cable Sun Cobalt DB9M Various Windows NT® ASCSDB9F adapter and a CAT 5 cable Go to the Support page on Raritan's website (www.raritan.com) to obtain a list of commonly used cables and adapters.
Appendix A: Specifications RJ-45 (female) 3 DB9 (female) 2 4 SHELL 5 5 6 3 7 4 8 7 DB9M Nulling Serial Adapter Pinouts RJ-45 (female) 1 DB9 (male) 8 2 1, 6 3 2 4 SHELL 5 5 6 3 7 4 8 7 DB25F Nulling Serial Adapter Pinouts RJ-45 (female) 1 DB25 (female) 5 2 6, 8 3 3 4 1 5 7 6 2 7 20 8 4 293
Appendix A: Specifications DB25M Nulling Serial Adapter Pinouts 294 RJ-45 (female) 1 DB25 (male) 5 2 6, 8 3 3 4 1 5 7 6 2 7 20 8 4
Appendix B Updating the LDAP/LDAPS Schema IMPORTANT: The procedures in this chapter should be attempted only by experienced users. In This Chapter Returning User Group Information ........................................................295 Setting the Registry to Permit Write Operations to the Schema ...........296 Creating a New Attribute .......................................................................296 Adding Attributes to the Class ...............................................................
Appendix B: Updating the LDAP/LDAPS Schema Setting the Registry to Permit Write Operations to the Schema To allow a domain controller to write to the schema, you must set a registry entry that permits schema updates. To permit write operations to the schema: 1. Right-click the Active Directory® Schema root node in the left pane of the window and then click Operations Master. The Change Schema Master dialog appears. 2. Select the "Schema can be modified on this Domain Controller" checkbox. Optional 3.
Appendix B: Updating the LDAP/LDAPS Schema 3. Click New and then choose Attribute. When the warning message appears, click Continue and the Create New Attribute dialog appears. 4. Type rciusergroup in the Common Name field. 5. Type rciusergroup in the LDAP Display Name field. 6. Type 1.3.6.1.4.1.13742.50 in the Unique x5000 Object ID field. 7. Type a meaningful description in the Description field. 8. Click the Syntax drop-down arrow and choose Case Insensitive String from the list. 9.
Appendix B: Updating the LDAP/LDAPS Schema 2. Scroll to the user class in the right pane and right-click it. 3. Choose Properties from the menu. The user Properties dialog appears. 4. Click the Attributes tab to open it. 5. Click Add.
Appendix B: Updating the LDAP/LDAPS Schema 6. Choose rciusergroup from the Select Schema Object list. 7. Click OK in the Select Schema Object dialog. 8. Click OK in the User Properties dialog. Updating the Schema Cache To update the schema cache: 1. Right-click Active Directory® Schema in the left pane of the window and select Reload the Schema. 2. Minimize the Active Directory Schema MMC (Microsoft® Management Console) console.
Appendix B: Updating the LDAP/LDAPS Schema 3. Go to the directory where the support tools were installed. Run adsiedit.msc. The ADSI Edit window opens. 4. Open the Domain.
Appendix B: Updating the LDAP/LDAPS Schema 5. In the left pane of the window, select the CN=Users folder. 6. Locate the user name whose properties you want to adjust in the right pane. Right-click the user name and select Properties.
Appendix B: Updating the LDAP/LDAPS Schema 7. Click the Attribute Editor tab if it is not already open. Choose rciusergroup from the Attributes list. 8. Click Edit. The String Attribute Editor dialog appears. 9. Type the user group (created in the KSX II) in the Edit Attribute field. Click OK.
Appendix C Informational Notes In This Chapter Overview ................................................................................................303 Java .......................................................................................................303 IPv6 Support Notes ...............................................................................305 Keyboards .............................................................................................
Appendix C: Informational Notes Applications Prerequisites MPC Applet Requires installation of Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files + HTML access client Requires installation of Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files + Supported Browser ® Supported Firefox 2.0.0.7 Yes Firefox 3.0.x Yes Internet Explorer® 6* No Internet Explorer 7 Yes Internet Explorer 8 Yes Browser Supported Firefox 2.0.0.
Appendix C: Informational Notes The KSX II Remote Console and MPC require JRE™ to function. Java Runtime Environment™ (JRE) version 1.6.x or higher are supported. The KSX II Remote Console checks the Java version. If the version is incorrect or outdated, you will be prompted to download a compatible version. Note: In order for multi-language keyboards to work in the KSX II Remote Console (Virtual KVM Client), install the multi-language version of Java Runtime Environment (JRE).
Appendix C: Informational Notes Keyboards Non-US Keyboards French Keyboard Caret Symbol (Linux® Clients Only) The Virtual KVM Client and the Multi-Platform Client (MPC) do not process the key combination of Alt Gr + 9 as the caret symbol (^) when using French keyboards with Linux clients. To obtain the caret symbol: From a French keyboard, press the ^ key (to the right of the P key), then immediately press the space bar. Alternatively, create a macro consisting of the following commands: 1.
Appendix C: Informational Notes Tilde Symbol From the Virtual KVM Client and the Multi-Platform Client, the key combination of Alt Gr + 2 does not produce the tilde (~) symbol when using a French keyboard. To obtain the tilde symbol: Create a macro consisting of the following commands: Press right Alt. Press 2. Release 2. Release right Alt.
Appendix C: Informational Notes Note: The Keyboard Indicator should be used on Linux systems using Gnome as a desktop environment. When using a Hungarian keyboard from a Linux client, the Latin letter U with Double Acute and the Latin letter O with Double Acute work only with JRE 1.6. There are several methods that can be used to set the keyboard language preference on Fedora® Linux clients.
Appendix C: Informational Notes Macintosh Keyboard When a Macintosh® is used as the client, the following keys on the Mac® keyboard are not captured by the Java™ Runtime Environment (JRE™): F9 F10 F11 F14 F15 Volume Up Volume Down Mute Eject As a result, the Virtual KVM Client and the Multi-Platform Client (MPC) are unable to process these keys from a Mac client's keyboard.
Appendix C: Informational Notes Fedora Resolving Fedora Core Focus Using the Multi-Platform Client (MPC), occasionally there is an inability to log in to a KSX II device or to access KVM target servers (Windows®, SUSE, and so forth). In addition, the Ctrl+Alt+M key combination may not bring up the Keyboard Shortcut menu. This situation occurs with the following client configuration: Fedora® Core 6 and Firefox® 1.5 or 2.0.
Appendix C: Informational Notes USB Ports and Profiles VM-CIMs and DL360 USB Ports HP® DL360 servers have one USB port on the back of the device and another on the front of the device. With the DL360, both ports cannot be used at the same time. Therefore, a dual VM-CIM cannot be used on DL360 servers. However, as a workaround, a USB2 hub can be attached to the USB port on the back of the device and a dual VM-CIM can be attached to the hub.
Appendix C: Informational Notes USB profile help appears in the USB Profile Help window. For detailed information about specific USB profiles, see Available USB Profiles (on page 105). Raritan provides a standard selection of USB configuration profiles for a wide range of operating system and BIOS level server implementations. These are intended to provide an optimal match between remote USB device and target server configurations.
Appendix C: Informational Notes Changing a USB Profile when Using a Smart Card Reader There may be certain circumstances under which you will need to change the USB profile for a target server. For example, you may need to change the connection speed to "Use Full Speed for Virtual Media CIM" when the target has problems with the "High Speed USB" connection speed.
Appendix C: Informational Notes Virtual Media Dell OptiPlex and Dimension Computers From certain Dell OptiPlex ™ and Dimension computers, it may not be possible to boot a target server from a redirected drive/ISO image, or to access the target server BIOS when a virtual media session is active (unless the Use Full Speed for Virtual Media CIM option is enabled from the Port page). Note: ISO9660 format is the standard supported by Raritan. However, other CD-ROM extensions may also work.
Appendix C: Informational Notes CC-SG Virtual KVM Client Version Not Known from CC-SG Proxy Mode When the Virtual KVM Client is launched from CommandCenter Secure Gateway (CC-SG) in proxy mode, the Virtual KVM Client version is unknown. In the About Raritan Virtual KVM Client dialog, the version is displayed as “Version Unknown”.
Appendix D FAQs In This Chapter General Questions.................................................................................316 Serial Access .........................................................................................318 Universal Virtual Media..........................................................................323 USB Profiles ..........................................................................................324 IPv6 Networking ..............................................
Appendix D: FAQs OS- and hardware-independent - The KSX II can be used to manage servers running many popular operating systems, including Intel®, Sun™, PowerPC running Windows®, Linux®, Solaris™, etc. State-Independent/Agentless - The KSX II does not require the managed server's operating system to be up and running, nor does it require any special software to be installed on the managed server.
Appendix D: FAQs Serial Access My Dominion KSX II has just been configured with a network address and I can successfully ping the IP, but when I try to access it using a web browser, the message reads "Page cannot be found or server error, contact System Administrator." Check your web browser settings and confirm that a proxy server is being used. If so, click the "Bypass local addresses or configure KSX IP in the exception list" checkbox. Next, make sure the web browser has 128-bit cipher strength.
Appendix D: FAQs You will need to purchase a 3rd party RS232 to RS422/485 converter for each end (two units total) - one at the Dominion end and one connected to the device. Can I open multiple windows and "tile" to monitor multiple servers and other IT equipment? Yes, you may monitor and "tile" as many windows as there are serial ports on the Dominion KSX II. I manage many servers. How do I select a server to connect to? From a browser, a simple menu provides the user-assigned name of each server.
Appendix D: FAQs All Dominion KSX II units are SUN "break-safe" for use with SUN Solaris. I have lost my Admin password to the Dominion KSX II. Is there a back door or secret password? There is no back-door password. The only option is to restore the unit to its factory default settings and create the administrator user name and password again. A hardware reset function to restore the unit to factory default facility is provided.
Appendix D: FAQs No. Dominion KSX II is truly "Plug-and-Play" making installation quick and set-up easy. It is not necessary to buy any additional client software or hardware. In addition, no special networking equipment or design is necessary. What is the name of the terminal emulation package included with Dominion KSX II? Raritan Serial Console. What Authentication mechanisms does the Dominion KSX II support? Local database, RADIUS, LDAP/S, Active Directory. Does Dominion KSX II support SNMP? Yes.
Appendix D: FAQs Can I get the buffered off-line data from a serial port when using Telnet? Yes. Can I use KSX II over a VPN connection? Yes, KSX II fits into most any network configuration utilizing TCP/IP. KSX II uses standard Internet Protocol (IP) technologies from Layer 1 through Layer 4. Set up the VPN (typically IPSec) connection then start the web-browser and enter the URL for the Dominion device. The session to the Dominion runs transparently over the VPN tunnel.
Appendix D: FAQs Go to the Raritan website (www.raritan.com) Support page to find the latest information about the KSX II serial pinouts (RJ-45). The Dominion KSX II uses the web browser to access serial devices. What are the advantages of Java-enabled web browser access? For many Solaris/Unix/Linux system administrators, the de facto standard for accessing serial hosts is SSH. However, the SSH clients available for Unix/Linux do not support Apple Macintosh.
Appendix D: FAQs USB Profiles What is a USB profile? Certain servers require a specifically configured USB interface for USB based services such as virtual media. The USB Profile tailors the KSX II‟s USB interface to the server to accommodate these server specific characteristics. Why would I use a USB profile? USB Profiles are most often required at the BIOS level where there may not be full support for the USB specification when accessing virtual media drives.
Appendix D: FAQs Do I need a special CIM to use USB profiles? You must use a D2CIM-VUSB or D2CIM-DVUSB with updated firmware. Will Raritan provide USB profiles for other target server configurations? Raritan will provide new USB profiles to suit customer needs. As these profiles become available, they will be included in firmware upgrades.
Appendix D: FAQs IPv6 Networking What is IPv6? IPv6 is the acronym for “Internet Protocol Version 6”. IPv6 is the “next generation” IP protocol which will replace the current IP Version 4 (IPv4) protocol. IPv6 addresses a number of problems in IPv4, such as the limited number of IPv4 addresses. It also improves IPv4 in areas such as routing and network auto-configuration. IPv6 is expected to gradually replace IPv4, with the two coexisting for a number of years.
Appendix D: FAQs Where can I get more information on IPv6? See www.ipv6.org for general information on IPv6. The KSX II User Guide describes the KSX II‟s support for IPv6. Remote Access How many users can remotely access servers on each KSX II? Up to 8 KVM users can share one KVM channel and up to 8 serial users can share 8 serial channels. Can two people look at the same server at the same time? Yes, up to eight people can access and control any single server at the same time.
Appendix D: FAQs Speed 60Mbps Description Time Likely practical 100Mbit network speed 0.08 seconds 10Mbps Theoretical 10Mbit network speed .4 seconds 6Mbps Likely practical 10Mbit network speed .8 seconds 512Kbps Cable modem download speed (typical) 8 seconds How do I access servers connected to the KSX II if the network ever becomes unavailable? The KSX II offers an internal modem port. With this modem servers can still be remotely accessed in the event of a network emergency.
Appendix D: FAQs Ethernet and IP Networking Does the KSX II offer dual gigabit Ethernet ports to provide redundant fail-over, or load balancing? Yes. The KSX II features dual gigabit Ethernet ports to provide redundant failover capabilities. Should the primary Ethernet port (or the switch/router to which it is connected) fail, the KSX II will failover to the secondary network port with the same IP address, ensuring that server operations are not disrupted.
Appendix D: FAQs 330 Use case Required bandwidth Idle Windows Desktop 0 Mbps Navigate Start Menu 0.49Mbps Scroll an Entire Page of Text 1.23Mbps Run 3D Maze Screensaver 1.
Appendix D: FAQs What is the slowest connection (lowest bandwidth) over which the KSX II can operate? (Shared) 33Kbps or above is recommended for acceptable KSX II performance over a modem connection. What is the speed of the KSX II's Ethernet interfaces? The KSX II supports two 10/100/1000 speed Ethernet interfaces, with configurable speed and duplex settings (either auto-detected or manually set). Can I access the KSX II over a wireless connection? Yes.
Appendix D: FAQs If an external authentication server (such as LDAP/LDAPS, Active Directory, RADIUS, and so forth) is used, the KSX II allows this as well, and will even failover to its own internal authentication should the external authentication server become unavailable. In this way, the KSX II's design philosophy is optimized to provide ease of installation, complete independence from any external server, and maximum flexibility.
Appendix D: FAQs Servers Does the KSX II depend on a Windows® server to operate? No. The KSX II is completely independent. Even if a user chooses to configure the KSX II to authenticate against an Active Directory server - if that Active Directory server becomes unavailable, the KSX II's own authentication will be activated and fully functional. Do I need to install a web server such as Microsoft® Internet Information Services (IIS) in order to use the KSX II's web browser capability? No.
Appendix D: FAQs Blade Servers Can I connect blade servers to the KSX II? Yes. The KSX II supports popular blade server models from the leading blade server manufacturers: HP®, IBM® and Dell®. Which blade servers are supported? The following models are supported: Dell® PowerEdge® 1855, 1955 and M1000e HP BladeSystem c3000 and c7000 IBM® BladeCenter® H and E Note: IBM BladeCenter Model S, T, and HT are handled using the IBM (Other) selection.
Appendix D: FAQs For KX II's, Raritan recommends connecting up to two times the number of remote connections supported by the device. For example, with a KX2-216 with two remote channels, we recommend connecting up to 4 blade server chassis. You can of course connect individual servers to the remaining server ports. I'm an SMB customer with a few KSX II's. Must I use your CC-SG management station? No, you don't have to. SMB customers are not required to use CC-SG to use the new blade features.
Appendix D: FAQs Installation Besides the device itself, what do I need to order from Raritan to install the KSX II? Each server that connects to the KSX II requires a Dominion Computer Interface Module (CIM), a serial cable adapter, and an adapter that connects directly to the keyboard, video, and mouse ports of the server.
Appendix D: FAQs The KSX II models range from 4 to 8 server ports in a 1U chassis. This is the industry's highest digital KVM switch port density. What happens if I disconnect a server from the KSX II and reconnect it to another KSX II device, or connect it to a different port on the same KSX II device? The KSX II will automatically update the server port names when servers are moved from port to port.
Appendix D: FAQs Local Port Can I access my servers directly from the rack? Yes. At the rack, the KSX II functions just like a traditional KVM switch allowing control of up to 16 servers using a single keyboard, monitor, and mouse. When I am using the local port, do I prevent other users from accessing servers remotely? No. The local port has a completely independent access path to the servers.
Appendix D: FAQs Yes. The local port presentation is identical and completely in sync with remote access clients, as well as Raritan's optional CommandCenter Secure Gateway management device. To be clear, if the name of a server via the onscreen display is changed, this updates all remote clients and external management servers in real-time. If I use the KSX II's remote administration tools to change the name of a connected server, does that change propagate to the local port as well? Yes.
Appendix D: FAQs Power Control Does the power supply used by the KSX II automatically detect voltage settings? Yes. The KSX II's power supply can be used in AC voltage ranges from 100-240 volts, at 50-60 Hz. What type of power control capabilities does the KSX II offer? Raritan's Remote Power Control power strips can be connected to the KSX II to provide power control of the KVM target servers.
Appendix D: FAQs Scalability How do I connect multiple KSX II devices together into one solution? Multiple KSX II devices do not need to be physically connected together. Instead, each KSX II device connects to the network. They automatically work together as a single solution if deployed with Raritan's optional CommandCenter Secure Gateway (CC-SG) management unit. CC-SG acts as a single access point for remote access and management.
Appendix D: FAQs Security Is the KSX II FIPS 140-2 Certified? The KX II 2.2.0 and later, and the KSX II 2.3.0 and later, provides users with the option to use an embedded FIPS 140-2-validated cryptographic module running on a Linux platform per FIPS 140-2 implementation guidelines. This cryptographic module is used for encryption of KVM session traffic consisting of video, keyboard, mouse, virtual media and smart card data.
Appendix D: FAQs Yes, the KSX II has administrator-configurable, strong password checking to ensure that user-created passwords meet corporate and/or government standards and are resistant to brute force hacking. If the KSX II Encryption Mode is set to Auto, what level of encryption is achieved? The KSX II has the ability to support AES-256. For this to happen, Java unlimited strength policy files have to be loaded on the client machine.
Appendix D: FAQs Smart Cards and CAC Authentication Does the KSX II support smart card and CAC authentication? Yes, smart cards and DoD Common Access Card (CAC) authentication to target servers is supported in release KX II 2.1.10 and later, and KSX II 2.3.0 and later. What KSX II models support smart cards/CAC? All KSX II models are supported. The Dominion KX II-101 does not currently support smart cards and CAC. Do enterprise and SMB customers use smart cards, too? Yes.
Appendix D: FAQs Managability Can the KSX II be remotely managed and configured via web browser? Yes, the KSX II can be completely configured remotely via web browser. Note that this does require that the workstation have an appropriate Java Runtime Environment (JRE) version installed. Besides the initial setting of the KSX II's IP address, everything about the solution can be completely set up over the network.
Appendix D: FAQs Miscellaneous What is the KSX II's default IP address? 192.168.0.192 What is the KSX II's default user name and password? The KSX II's default user name is admin and the default password is raritan [all lower case]. However, for the highest level of security, the KSX II forces the administrator to change the KSX II default administrative user name and password when the unit is first booted up.
Index A A.
Index Connectivity • 287, 291 Create User Groups and Users • 35 Creating a New Attribute • 296 D D.
Index J M Java • 303 Java Runtime Environment (JRE) • 304 Macintosh Keyboard • 309 Maintenance • 205 Maintenance Features (Local/Remote Console) • 205 Make Linux Settings Permanent • 18 Make UNIX Settings Permanent • 19 Managability • 345 Manage Favorites Page • 47 Managing Favorites • 42, 46 Minimum System Requirements • 243, 284 Miscellaneous • 346 Modem Configuration • 8, 257 Modifying an Existing User • 122 Modifying an Existing User Group • 119 Modifying and Removing Keyboard Macros • 62 Mouse Mode
Index Ping Host Page • 222 Port Access Page • 43 Port Access Page (Local Console Server Display) • 246 Port Action Menu • 44, 247 Port Group Management • 188 Port Keywords • 186 Port Permissions • 115, 117 Port Settings • 230 Port Sharing Using CLI • 237 Ports Used • 287 Power Control • 8, 158, 340 Power Controlling a Target Server • 53 Prerequisites for Using AKC • 82 Prerequisites for Using Virtual Media • 94, 96 Product Features • 5 Proxy Server Configuration for use with MPC, VKC and AKC • 50 R Rack P
Index Supported Blade Chassis Models • 162, 164, 168, 175 Supported Browsers • 275 Supported CIMs for Blade Chassis • 176 Supported Keyboard Languages • 249 Supported Operating Systems (Clients) • 271 Supported Operating Systems and CIMs (KVM Target Servers) • 25, 272, 317 Supported Paragon CIMS and Configurations • 197, 276 Supported Protocols • 34 Supported Video Resolutions • 18, 22, 280, 289 SUSE Linux 10.
U.S./Canada/Latin America Monday - Friday 8 a.m. - 6 p.m. ET Phone: 800-724-8090 or 732-764-8886 For CommandCenter NOC: Press 6, then Press 1 For CommandCenter Secure Gateway: Press 6, then Press 2 Fax: 732-764-8887 Email for CommandCenter NOC: tech-ccnoc@raritan.com Email for all other products: tech@raritan.com China Europe Europe Monday - Friday 8:30 a.m. - 5 p.m. GMT+1 CET Phone: +31-10-2844040 Email: tech.europe@raritan.com United Kingdom Monday - Friday 8:30 a.m. to 5 p.m.
