Dominion KX II User Guide Release 2.3 Copyright © 2010 Raritan, Inc. DKX2-v2.3.
This document contains proprietary information that is protected by copyright. All rights reserved. No part of this document may be photocopied, reproduced, or translated into another language without express prior written consent of Raritan, Inc. © Copyright 2010 Raritan, Inc. All third-party software and hardware mentioned in this document are registered trademarks or trademarks of and are the property of their respective holders.
Contents Chapter 1 Introduction 1 Dominion KX II Help....................................................................................................................... 1 Related Documentation ....................................................................................................... 1 What's New in the Help ....................................................................................................... 2 Dominion KX II Overview .....................................................
Contents Connection Properties ....................................................................................................... 57 Connection Information ..................................................................................................... 59 Keyboard Options .............................................................................................................. 59 Video Properties .................................................................................................
Contents Users .......................................................................................................................................... 117 User List........................................................................................................................... 117 Adding a New User .......................................................................................................... 118 Modifying an Existing User ............................................................
Contents Configuring IP Access Control ................................................................................................... 202 SSL Certificates ......................................................................................................................... 205 Security Banner ......................................................................................................................... 207 Chapter 10 Maintenance 209 Audit Log ...........................................
Contents IPv6 Command ................................................................................................................ 239 Chapter 13 Dominion KX II Local Console 240 Overview .................................................................................................................................... 240 Using the Dominion KX II Local Console ................................................................................... 240 Simultaneous Users .................................
Contents TCP and UDP Ports Used ......................................................................................................... 279 Network Speed Settings ............................................................................................................ 281 Appendix B Updating the LDAP Schema 283 Returning User Group Information............................................................................................. 283 From LDAP ..................................................
Contents Appendix D FAQs 304 General Questions ..................................................................................................................... 305 Remote Access .......................................................................................................................... 307 Universal Virtual Media .............................................................................................................. 309 USB Profiles................................................
Chapter 1 Introduction In This Chapter Dominion KX II Help ..................................................................................1 Dominion KX II Overview...........................................................................3 Client Applications that Can Be Used with the Dominion KX II .................5 Virtual Media ..............................................................................................6 Product Photos ..............................................................
Chapter 1: Introduction What's New in the Help The following information has been added based on enhancements and changes to the equipment and/or user documentation. You are now able to use a tiering configuration in which a base Dominion KX II device is used to access multiple other tiered devices. See Configuring and Enabling Tiering (on page 139) for more information on tiering. You are now able to configure HTTP and/or HTTPS ports used by the Dominion KX II.
Chapter 1: Introduction Dominion KX II Overview The Dominion KX II is an enterprise-class, secure, digital KVM (Keyboard, Video, Mouse) switch that provides BIOS-level (and up) access and control of servers from anywhere in the world via a web browser. Up to 64 servers can be controlled with a standard Dominion KX II. With the Dominion KX II 8-user model, up to 32 servers can be controlled with the KX2-832 and up to 64 servers can be controlled with the KX2-864.
Chapter 1: Introduction 4
Chapter 1: Introduction Diagram key Cat5 cable Remote virtual media USB drive(s) Computer Interface Module (CIM) Power strip Dominion KX II Local access Note: KX2-832 and KX2-864 also use an extended local port. Remote KVM and serial devices IP LAN/WAN Modem PSTN Remote (network) access Client Applications that Can Be Used with the Dominion KX II The following client applications can be used in the Dominion KX II: Product Works with... MPC RRC VKC RSC AKC KX II (Generation 2) KX II 2.
Chapter 1: Introduction Virtual Media All Dominion KX II models support virtual media. The benefits of virtual media - mounting of remote drives/media on the target server to support software installation and diagnostics - are now available in all of the Dominion KX II models. Each Dominion KX II comes equipped with virtual media to enable remote management tasks using the widest variety of CD, DVD, USB, internal and remote drives and images.
Chapter 1: Introduction Product Photos Dominion KX II KX2-832 7
Chapter 1: Introduction KX2-864 8
Chapter 1: Introduction Product Features Hardware Integrated KVM-over-IP remote access 1U or 2U rack-mountable (brackets included) Dual power supplies with failover; autoswitching power supply with power failure warning 8, 16, 32, or 64 (on KX2-464) server ports 32 (KX2-832) or 64 (KX2-864) server ports Support for tiering in which a base Dominion KX II device is used to access multiple other tiered devices.
Chapter 1: Introduction Software Virtual media with D2CIM-VUSB and D2CIM-DVUSB CIMs Absolute Mouse Synchronization with D2CIM-VUSB CIM and D2CIM-DVUSB CIMs Plug-and-Play Web-based access and management Intuitive graphical user interface (GUI) 128-bit encryption of complete KVM signal, including video and virtual media LDAP, Active Directory®, RADIUS, or internal authentication and authorization DHCP or fixed IP addressing Smart card/CAC authentication SNMP and Syslog
Chapter 1: Introduction Diagram Key TCP/IP IPv4 and/or IPv6 KVM (Keyboard, Video, Mouse) UTP Cable (Cat5/5e/6) Dominion KX II Local Access Console Local User - an optional user console (consisting of a keyboard, mouse, and multi-sync VGA monitor) attached directly to the Dominion KX II to control KVM target servers (directly at the rack, not through the network). A USB smart card reader can also be attached at the Local port to mount onto a target server.
Chapter 1: Introduction Package Contents Each Dominion KX II ships as a fully-configured stand-alone product in a standard 1U (2U for DKX2-864) 19" rackmount chassis.
Chapter 2 Installation and Configuration In This Chapter Overview ..................................................................................................13 Default Login Information ........................................................................13 Getting Started ........................................................................................14 Overview This section provides a brief overview of the installation process.
Chapter 2: Installation and Configuration Getting Started Step 1: Configure KVM Target Servers KVM target servers are the computers that will be accessed and controlled via the Dominion KX II. Before installing the Dominion KX II, configure all KVM target servers to ensure optimum performance. This configuration applies only to KVM target servers, not to the client workstations (remote PCs) used to access the Dominion KX II remotely. See Terminology (on page 10) for additional information.
Chapter 2: Installation and Configuration Windows 7, Windows XP, Windows 2003 and Windows 2008 Settings To configure KVM target servers running Microsoft® Windows 7®, Windows XP® operating system, Windows 2003® operating system or Windows 2008® operating systems: 1. Configure the mouse settings: a. Choose Start > Control Panel > Mouse. b. Click the Pointer Options tab. c. In the Motion group: Set the mouse motion speed setting to exactly the middle speed.
Chapter 2: Installation and Configuration Note: For KVM target servers running Windows XP, Windows 2000 or Windows 2008, you may wish to create a user name that will be used only for remote connections through the Dominion KX II. This will enable you to keep the target server's slow mouse pointer motion/acceleration settings exclusive to the Dominion KX II connection.
Chapter 2: Installation and Configuration Note: For KVM target servers running Windows XP, Windows 2000 or Windows 2008, you may wish to create a user name that will be used only for remote connections through the Dominion KX II. This will enable you to keep the target server's slow mouse pointer motion/acceleration settings exclusive to the Dominion KX II connection.
Chapter 2: Installation and Configuration Fade or slide menus into view Fade or slide ToolTips into view Fade out menu items after clicking 3. Click OK and Close the Control Panel. Linux Settings (Red Hat 9) Note: The following settings are optimized for Standard Mouse mode only. To configure KVM target servers running Linux® (graphical user interface): 1. Configure the mouse settings: a. Choose Main Menu > Preferences > Mouse. The Mouse Preferences dialog appears. b. Click the Motion tab. c.
Chapter 2: Installation and Configuration 2. Ensure that each target server running Linux is using a resolution supported by the Dominion KX II at a standard VESA resolution and refresh rate. 3. Each Linux target server should also be set so the blanking times are within +/- 40% of VESA standard values: a. Go to the Xfree86 Configuration file XF86Config. b. Using a text editor, disable all non-Dominion KX II supported resolutions. c.
Chapter 2: Installation and Configuration a. Choose Main Menu > Preferences > Mouse. The Mouse Preferences dialog appears. b. Open the Motion tab. c. Within the Speed group, set the Acceleration slider to the exact center. d. Within the Speed group, set the Sensitivity towards low. e. Within the Drag & Drop group, set the Threshold towards small. f. Close the Mouse Preferences dialog. Note: If these steps do not work, issue the xset mouse 1 1 command as described in the Linux command line instructions.
Chapter 2: Installation and Configuration 7. Click Close. To configure the video: 1. Choose Desktop Preferences > Graphics Card and Monitor. The Card and Monitor Properties dialog appears. 2. Verify that a Resolution and Refresh Rate is in use that is supported by the Dominion KX II. See Supported Video Resolutions (on page 274) for more information. Note: If you change the video resolution, you must log out of the target server and log back in for the video settings to take effect.
Chapter 2: Installation and Configuration The graphical user interface. The command line xset mouse a t where a is the acceleration and t is the threshold. 2. All KVM target servers must be configured to one of the display resolutions supported by the Dominion KX II.
Chapter 2: Installation and Configuration If you have: Use this video output adapter: Sun HD15 with composite sync output 1396C converter to convert from HD15 to 13W3 and an APSSUN II Guardian converter to support composite sync Sun HD15 with separate sync output APKMSUN Guardian converter Note: Some of the standard Sun background screens may not center precisely on certain Sun servers with dark borders. Use another background or place a light colored icon in the upper left hand corner.
Chapter 2: Installation and Configuration Video Settings (GUI) The GUI resolution can be checked and set using different commands depending on the video card in use. Run these commands from the command line. Note: 1024x768x75 is used as an example here; substitute the resolution and refresh rate you are using. Card To check resolution: To change resolution: 32-bit # /usr/sbin/pgxconfig -prconf 1. # /usr/sbin/pgxconfig -res 1024x768x75 2. Log out or restart computer.
Chapter 2: Installation and Configuration 6. Select a resolution and refresh rate supported by the Dominion KX II. See Supported Video Resolutions (on page 274) for more information. Note: If you change the video resolution, you must log out of the target server and log back in for the video settings to take effect. Make UNIX Settings Permanent Note: These steps may vary slightly depending on the type of UNIX® (for example, Solaris™, IBM® AIX™) and the specific version in use. 1.
Chapter 2: Installation and Configuration Step 3: Connect the Equipment Connect the Dominion KX II to the power supply, network, local PC, and target servers. The letters in the diagram correspond to the topics in this section that describe the connection. A. AC Power To connect the power supply: 1. Attach the included AC power cord to the Dominion KX II and plug into an AC power outlet. 2.
Chapter 2: Installation and Configuration Note: If you only attach one power cord, the power LED on the Dominion KX II front panel will be red because the system is set to automatically detect both sources. See Power Supply Setup (on page 154) for information about turning off automatic detection for the power source that is not in use. B. Modem Port (Optional) The Dominion KX II features a dedicated modem port for remote access even when the LAN/WAN is unavailable.
Chapter 2: Installation and Configuration D. Local Access Port (Local PC) For convenient access to target servers while at the rack, use the Dominion KX II Local Access port. While the Local Access port is required for installation and setup, it is optional for subsequent use. The Local Access port also provides a graphical user interface from the Dominion KX II Local Console for administration and target server access.
Chapter 2: Installation and Configuration E. Target Server Ports The Dominion KX II uses standard UTP cabling (Cat5/5e/6) to connect to each target server. To connect a target server to the Dominion KX II: 1. Use the appropriate Computer Interface Module (CIM). See Supported CIMs and Operating Systems (Target Servers) (on page 261) for more information about the CIMs to use with each operating system. 2. Attach the HD15 video connector of your CIM to the video port of your target server.
Chapter 2: Installation and Configuration 2. Once the unit has booted, the Dominion KX II Local Console is visible on the monitor attached to the Dominion KX II local port. Type the default username (admin) and password (raritan) and click Login. The Change Password screen is displayed. 3. Type your old password (raritan) in the Old Password field. 4. Type a new password in the New Password field and retype the new password in the Confirm New Password field.
Chapter 2: Installation and Configuration DHCP - Dynamic Host Configuration Protocol is used by networked computers (clients) to obtain unique IP addresses and other parameters from a DHCP server. With this option, network parameters are assigned by the DHCP server. If DHCP is used, enter the Preferred host name (DHCP only). Up to 63 characters. 4. If IPv6 is to be used, enter or select the appropriate IPv6-specific network settings in the IPv6 section: a.
Chapter 2: Installation and Configuration a. Primary DNS Server IP Address b. Secondary DNS Server IP Address 7. When finished, click OK. Your Dominion KX II device is now network accessible. See LAN Interface Settings (on page 135) for information in configuring this section of the Network Settings page. Note: In some environments, the default LAN Interface Speed & Duplex setting Autodetect (autonegotiator) does not properly set the network parameters, which results in network issues.
Chapter 2: Installation and Configuration Character Description ) Right parenthesis ] Character Description Right bracket * Asterisk ^ Caret + Plus sign _ Underscore , Comma ` Grave accent - Dash { Left brace .
Chapter 2: Installation and Configuration 2. Clear autodetection for the power supply that you are not using. For more information, see Power Supply Setup (on page 154). Note to CC-SG Users If you are using the Dominion KX II in a CC-SG configuration, perform the installation steps, and when finished, consult the CommandCenter Secure Gateway User Guide, Administrator Guide, or Deployment Guide to proceed (all found on Raritan's website, www.raritan.com, under Support).
Chapter 2: Installation and Configuration Create User Groups and Users As part of the initial configuration, you must define user groups and users in order for users to access the Dominion KX II. The Dominion KX II uses system-supplied default user groups and allows you to create groups and specify the appropriate permissions to suit your needs. User names and passwords are required to gain access to the Dominion KX II.
Chapter 3 Working with Target Servers In This Chapter Interfaces .................................................................................................36 Proxy Server Configuration for use with Dominion KX II, MPC, VKC and AKC .........................................................................................................50 Multi-Platform Client Interface .................................................................51 Virtual KVM Client .............................................
Chapter 3: Working with Target Servers Dominion KX II Local Console Interface When you are located at the server rack, the Dominion KX II provides standard KVM management and administration via the Dominion KX II Local Console. The Dominion KX II Local Console provides a direct KVM (analog) connection to your connected servers; the performance is exactly as if you were directly connected to the server's keyboard, mouse, and video ports.
Chapter 3: Working with Target Servers Dominion KX II Remote Console. Depending on your browser and security settings, you may see various security and certificate warnings. It is necessary to accept these warnings to launch the Dominion KX II Remote Console. You can reduce the number of warning messages during subsequent log ins by checking the following options on the security and certificate warning messages: In the future, do not show this warning. Always trust content from this publisher.
Chapter 3: Working with Target Servers Interface and Navigation Dominion KX II Console Layout Both the Dominion KX II Remote Console and the Dominion KX II Local Console interfaces provide an HTML (web-based) interface for configuration and administration, as well as target server list and selection. The options are organized into various tabs. After successful login, the Port Access page opens listing all ports along with their status and availability.
Chapter 3: Working with Target Servers Left Panel The left panel of the Dominion KX II interface contains the following information. Note that some information is conditional and will only be displayed if you are a certain of user, are using certain features, and so on. This conditional information is noted here. 40 Information Description When displayed? Time & Session The date and time the current session started.
Chapter 3: Working with Target Servers Information Description When displayed? PowerIn2 Status of the power 2 outlet connection. Either on or off. When connected. Configured As If you are using a tiering When the Dominion KX Base or Configured configuration, this II is part of a tiered As Tiered indicates if the Dominion configuration. KX II you are accessing is the base device or a tiered device. Port States The statuses of the ports being used by the Dominion KX II.
Chapter 3: Working with Target Servers Port Access Page After successfully logging on to the Dominion KX II Remote Console, the Port Access page appears. This page lists all of the Dominion KX II ports, the connected KVM target servers, and their status and availability. The Port Access page provides access to the KVM target servers connected to the Dominion KX II. KVM target servers are servers that you want to control through the Dominion KX II device.
Chapter 3: Working with Target Servers Note: Do not use apostrophes for the Port (CIM) Name. Status - The status for standard servers is either up or down. Type - The type of server or CIM. For blade chassis, the type can be Blade Chassis, Blade, BladeChassisAdmin, and BladeChassisURL. Type also includes TierDevice and KVMSwitch. Availability - The Availability can be Idle, Connected, Busy, or Unavailable.
Chapter 3: Working with Target Servers Port Action Menu When you click a Port Name in the Port Access list, the Port Action menu appears. Choose the desired menu option for that port to execute it. Note that only currently available options, depending on the port's status and availability, will be listed in the Port Action menu: Connect - Creates a new connection to the target server. For the Dominion KX II Remote Console, a new Virtual KVM Client (on page 52) page appears.
Chapter 3: Working with Target Servers Managing Favorites A Favorites feature is provided so you can organize and quickly access the devices you use frequently.
Chapter 3: Working with Target Servers Note: Both IPv4 and IPv6 addresses are supported. Manage Favorites Page To open the Manage Favorites page: Click the Manage button in the left panel. The Manage Favorites page appears and contains the following: Use: To: Favorites List Manage your list of favorite devices. Discover Devices - Local Subnet Discover Raritan devices on the client PC's local subnet.
Chapter 3: Working with Target Servers Discovering Devices on the Local Subnet This option discovers the devices on your local subnet, which is the subnet where the Dominion KX II Remote Console is running. These devices can be accessed directly from this page or you can add them to your list of favorites. See Favorites List Page (on page 46). To discover devices on the local subnet: 1. Choose Manage > Discover Devices - Local Subnet. The Discover Devices - Local Subnet page appears. 2.
Chapter 3: Working with Target Servers Note: Both IPv4 and IPv6 addresses are supported. Discovering Devices on the Dominion KX II Subnet This option discovers devices on the device subnet, which is the subnet of the Dominion KX II device IP address itself. You can access these devices directly from this the Subnet page or add them to your list of favorites. See Favorites List Page (on page 46). This feature allows multiple Dominion KX II devices to interoperate and scale automatically.
Chapter 3: Working with Target Servers 2. Type a meaningful description. 3. Type the IP Address/Host Name for the device. 4. Change the discovery Port (if necessary). 5. Select the Product Type. 6. Click OK. The device is added to your list of favorites. To edit a favorite: 1. From the Favorites List page, select the checkbox next to the appropriate Dominion KX II device. 2. Click the Edit button. The Edit page appears. 3.
Chapter 3: Working with Target Servers 2. Click the Delete button. The favorite is removed from your list of favorites. Note: Both IPv4 and IPv6 addresses are supported. Logging Out To quit the Dominion KX II Remote Console: Click Logout in the upper right-hand corner of the page. Note: Logging out also closes any open Virtual KVM Client and serial client sessions.
Chapter 3: Working with Target Servers Note: The default port for a SOCKS proxy (1080) is different from HTTP proxy (3128). 4. If you are using standalone MPC, you must also do the following: i. Open the start.bat file in MPC directory with a text editor. j. Insert the following parameters to the command line.
Chapter 3: Working with Target Servers b. In the Add Connection window, type a device Description, specify a Connection Type, add the device IP address, and click OK. These specifications can be edited later. 3. In the Navigator panel on the left of the page, double-click the icon that corresponds to your Raritan device to connect to it. Note: Depending on your browser and browser security settings, you may see various security and certificate check and warning messages.
Chapter 3: Working with Target Servers VKC Toolbar Note: The KX II-101 VKC interface is different from the other Dominion KX products. See VKC Toolbar for the KX II-101. Button Button Name Connection Properties Description Video Settings Opens the Video Settings dialog, allowing you to manually adjust video conversion parameters. Color Calibration Adjusts color settings to reduce excess color noise.
Chapter 3: Working with Target Servers Button Button Name Scaling Description Increases or reduces the target video size so you can view the entire contents of the target server window without using the scroll bar. Switching Between KVM Target Servers With the Dominion KX II, you can access several KVM target servers. The Dominion KX II provides the ability to switch from one target server to another. Note: This feature is available in the Dominion KX II Remote Console only.
Chapter 3: Working with Target Servers To power off a target server: 1. From the Dominion KX II Remote Console, click the Port Access tab to open it. The Port Access page opens. 2. Click the port name of the appropriate target server. The Port Action menu appears. 3. Choose Power Off. A confirmation message appears. Disconnecting KVM Target Servers Note: This item is not available on the Dominion KX II Local Console.
Chapter 3: Working with Target Servers Choosing USB Profiles When you connect to a KVM target server for the first time, as described in Connecting to a KVM Target Server (on page 52), the preferred USB profile for the port is automatically used. If you have connected to the target server previously using a different profile, the USB profile from the last connection is used.
Chapter 3: Working with Target Servers Connection Properties The dynamic video compression algorithms maintain KVM console usability under varying bandwidth constraints. The devices optimize KVM output not only for LAN use, but also for WAN use. These devices can also control color depth and limit video output, offering an optimal balance between video quality and system responsiveness for any bandwidth.
Chapter 3: Working with Target Servers 10 Mb Ethernet 1.5 Mb (MAX DSL/T1) 1 Mb (Fast DSL/T1) 512 Kb (Medium DSL/T1) 384 Kb (Slow DSL/T1) 256 Kb (Cable) 128 Kb (Dual ISDN) 56 kb (ISP Modem) 33 kb (Fast Modem) 24 kb (Slow Modem) Note that these settings are an optimization for specific conditions rather than an exact speed.
Chapter 3: Working with Target Servers Connection Information To obtain information about your Virtual KVM Client connection: Choose Connection > Connection Info. The Connection Info window opens. The following information is displayed about the current connection: Device Name - The name of the device. IP Address - The IP address of the device. Port - The KVM communication TCP/IP port used to access the target device. Data In/Second - Data rate in. Data Out/Second - Data rate out.
Chapter 3: Working with Target Servers Building a Keyboard Macro To build a macro: 1. Click Keyboard > Keyboard Macros. The Keyboard Macros dialog appears. 2. Click Add. The Add Keyboard Macro dialog appears. 3. Type a name for the macro in the Keyboard Macro Name field. This name will appear in the Keyboard menu after it is created. 4. From the Hot-Key Combination field, select a keyboard combination from the drop-down list. This allows you to execute the macro with a predefined keystroke. Optional 5.
Chapter 3: Working with Target Servers 10. Click Close to close the Keyboard Macros dialog. The macro will now appear on the Keyboard menu in the application. Select the new macro on the menu to run it or use the keystrokes you assigned to the macro. Running a Keyboard Macro Once you have created a keyboard macro, execute it using the keyboard macro you assigned to it or by choosing it from the Keyboard menu. Run a Macro from the Menu Bar When you create a macro, it appears under the Keyboard menu.
Chapter 3: Working with Target Servers To remove a macro: 1. Choose Keyboard > Keyboard Macros. The Keyboard Macros dialog appears. 2. Choose the macro from among those listed. 3. Click Remove. The macro is deleted. Hot-key combinations that coincide with blade chassis switching key sequences will not be sent to blades housed in those chassis. Setting CIM Keyboard/Mouse Options To access the DCIM-USBG2 setup menu: 1.
Chapter 3: Working with Target Servers Auto-Sense Video Settings The Auto-sense Video Settings command forces a re-sensing of the video settings (resolution, refresh rate) and redraws the video screen. Note: VKC for the KX II-101 uses an icon set that differs from the icon set used in VKC for other Dominion KX products. See VKC Toolbar for the KX II-101 for additional information.
Chapter 3: Working with Target Servers The device can filter out the electrical interference of video output from graphics cards. This feature optimizes picture quality and reduces bandwidth. Higher settings transmit variant pixels only if a large color variation exists in comparison to the neighboring pixels. However, setting the threshold too high can result in the unintentional filtering of desired screen changes. Lower settings transmit most pixel changes.
Chapter 3: Working with Target Servers Best possible video mode The device will perform the full Auto Sense process when switching targets or target resolutions. Selecting this option calibrates the video for the best image quality. Quick sense video mode With this option, the device will use a quick video Auto Sense in order to show the target's video sooner. This option is especially useful for entering a target server's BIOS configuration right after a reboot. 5.
Chapter 3: Working with Target Servers Note: Some Sun background screens, such as screens with very dark borders, may not center precisely on certain Sun servers. Use a different background or place a lighter colored icon in the upper left corner of the screen. Note: VKC for the KX II-101 uses an icon set that differs from the icon set used in VKC for other Dominion KX products. See VKC Toolbar for the KX II-101 for additional information.
Chapter 3: Working with Target Servers Using Screenshot from Target You are able to take a screenshot of a target server using the Screenshot from Target server command. You can then save this screenshot to a file location of your choosing as a bitmap, JPEG or PNG file. Note: The Screenshot from Target function is not available for the KX II-101. To take a screenshot of the target server: 1. Select Video > Screenshot from Target or click the Screenshot from Target button on the toolbar. 2.
Chapter 3: Working with Target Servers Changing the Maximum Refresh Rate If the video card you are using on the target uses custom software and you are accessing the target through MPC or VKC, you may need to change the maximum refresh rate of the monitor in order for the refresh rate to take affect on the target. To adjust the monitor refresh rate: 1. In Windows®, select Display Properties > Settings > Advanced to open the Plug and Play dialog. 2. Click on the Monitor tab. 3.
Chapter 3: Working with Target Servers Mouse Pointer Synchronization When remotely viewing a target server that uses a mouse, you will see two mouse cursors: one belonging to your remote client workstation and the other belonging to the target server. When the mouse pointer lies within the Virtual KVM Client target server window, mouse movements and clicks are directly transmitted to the connected target server.
Chapter 3: Working with Target Servers Additional Notes for Intelligent Mouse Mode Be sure that there are no icons or applications in the upper left section of the screen since that is where the synchronization routine takes place. Do not use an animated mouse. Disable active desktop on KVM target servers. Synchronize Mouse In dual mouse mode, the Synchronize Mouse command forces realignment of the target server mouse pointer with Virtual KVM Client mouse pointer.
Chapter 3: Working with Target Servers Intelligent Mouse Mode In Intelligent Mouse mode, the device can detect the target mouse settings and synchronize the mouse cursors accordingly, allowing mouse acceleration on the target. In this mode, the mouse cursor does a “dance” in the top left corner of the screen and calculates the acceleration. For this mode to work properly, certain conditions must be met. To enter intelligent mouse mode: Choose Mouse > Intelligent.
Chapter 3: Working with Target Servers Please note that mouse configurations will vary on different target operating systems. Consult your OS guidelines for further details. Also note that intelligent mouse synchronization does not work with UNIX targets. Absolute Mouse Mode In this mode, absolute coordinates are used to keep the client and target cursors in sync, even when the target mouse is set to a different acceleration or speed. This mode is supported on servers with USB ports.
Chapter 3: Working with Target Servers 2. Click the Single/Double Mouse Cursor button in the toolbar. To exit single mouse mode: 1. Press Ctrl+Alt+O on your keyboard to exit single mouse mode. VKC Virtual Media See the chapter on Virtual Media for complete information about setting up and using virtual media.
Chapter 3: Working with Target Servers Smart Cards (VKC, AKC and MPC) Using the KX II 2.1.10 or later, you are able to mount a smart card reader onto a target server to support smart card authentication and related applications. For a list of supported smart cards, smart card readers, and additional system requirements, see Supported and Unsupported Smart Card Readers (on page 276).
Chapter 3: Working with Target Servers 4. A progress dialog will open. Check the 'Mount selected card reader automatically on connection to targets' checkbox to mount the smart card reader automatically the next time you connect to a target. Click OK to begin the mounting process. To update the smart card in the Select Smart Card Reader dialog: Click Refresh List if a new smart card reader has been attached to the client PC.
Chapter 3: Working with Target Servers Tool Options From the Tools menu, you can specify certain options for use with the Virtual KVM Client, including logging, setting the keyboard type, and defining hot keys for exiting Full Screen mode and Single Cursor mode. To set the tools options: 1. Choose Tools > Options. The Options dialog appears. 2. Select the Enable Logging checkbox only if directed to by Technical Support. This option creates a log file in your home directory. 3.
Chapter 3: Working with Target Servers 5. Exit Single Cursor Mode - Hotkey. When you enter single cursor mode, only the target server mouse cursor is visible. This is the hot key used to exit single cursor mode and bring back the client mouse cursor. Click OK. Client Launch Settings KX II users can also configure client launch settings that allow you to define the size of the screen for a KVM session. 6. Select the Client Launch Settings tab. a.
Chapter 3: Working with Target Servers Language Configuration method UK System Settings (Control Center) Korean System Settings (Control Center) Belgian Keyboard Indicator Norwegian Keyboard Indicator Danish Keyboard Indicator Swedish Keyboard Indicator Hungarian System Settings (Control Center) Spanish System Settings (Control Center) Italian System Settings (Control Center) Slovenian System Settings (Control Center) Portuguese System Settings (Control Center) Note: The Keyboard In
Chapter 3: Working with Target Servers View Options View Toolbar You can use the Virtual KVM client with or without the toolbar display. To toggle the display of the toolbar (on and off): Choose View > View Toolbar. Scaling Scaling your target window allows you to view the entire contents of the target server window.
Chapter 3: Working with Target Servers Help Options About Raritan Virtual KVM Client This menu command provides version information about the Virtual KVM Client, in case you require assistance from Raritan Technical Support. To obtain version information: 1. Choose Help > About Raritan Virtual KVM Client. 2. Use the Copy to Clipboard button to copy the information contained in the dialog to a clipboard file so it can be accessed later when dealing with support (if needed).
Chapter 3: Working with Target Servers AKC Supported Operating Systems and Browsers .NET Framework AKC requires Windows .NET® version 3.5, and will work with both 3.5 and 4.0 installed. Operating Systems When launched from Internet Explorer® or as a standalone application, AKC allows you to reach target servers via the KX II 2.2 (or later). AKC is compatible with the following platforms running .NET Framework 3.
Chapter 3: Working with Target Servers Prerequisites for Using AKC In order to use AKC: Ensure the cookies from the IP address of the device that is being accessed are not currently being blocked. Windows Vista, Windows 7 and Windows 2008 server users should ensure that the IP address of the device being accessed is included in their browser's Trusted Sites Zone and that Protected Mode is not on when accessing the device.
Chapter 4 Power Strip (Rack PDU) Outlet Control In This Chapter Overview ..................................................................................................83 Turning Outlets On/Off and Cycling Power .............................................84 Overview The Dominion KX II allows you to control Raritan PX and RPC series power strip outlets connected to the Dominion KX II through a D2CIM-PWR.
Chapter 4: Power Strip (Rack PDU) Outlet Control State - On of Off status of the outlet. Control - Turn outlets on or off, or cycle their power. Association - The ports associated with the outlet. Initially, when you open the Powerstrip page, the power strips that are currently connected to the Dominion KX II are displayed in the Powerstrip drop-down. Additionally, information relating to the currently selected power strip is displayed.
Chapter 4: Power Strip (Rack PDU) Outlet Control 4. Click On. 5. Click OK to close the Power On confirmation dialog. The outlet will be turned on and its state will be displayed as 'on'. To turn an outlet off: 1. Click Off. 2. Click OK on the Power Off dialog. 3. Click OK on the Power Off confirmation dialog. The outlet will be turned off and its state will be displayed as 'off'. To cycle the power of an outlet: 1. Click the Cycle button. The Power Cycle Port dialog opens.
Chapter 4: Power Strip (Rack PDU) Outlet Control 2. Click OK. The outlet will then cycle (note that this may take a few seconds). 3. Once the cycling is complete the dialog will open. Click OK to close the dialog.
Chapter 5 Virtual Media In This Chapter Overview ..................................................................................................88 Prerequisites for Using Virtual Media ......................................................91 Using Virtual Media via VKC and AKC in a Windows Environment ........92 Using Virtual Media .................................................................................93 File Server Setup (File Server ISO Images Only) ...................................
Chapter 5: Virtual Media Overview Virtual media extends KVM capabilities by enabling KVM target servers to remotely access media from a client PC and network file servers. With this feature, media mounted on a client PC and network file servers is essentially "mounted virtually" by the target server. The target server can then read from and write to that media as if it were physically connected to the target server itself.
Chapter 5: Virtual Media 89
Chapter 5: Virtual Media Diagram key 90 Desktop PC CD/DVD drive Dominion KX II USB mass storage device CIM PC hard drive Target server Remote file server (ISO images)
Chapter 5: Virtual Media Prerequisites for Using Virtual Media With the virtual media feature, you can mount up to two drives (of different types) that are supported by the USB profile currently applied to the target. These drives are accessible for the duration of the KVM session. For example, you can mount a specific CD-ROM, use it, and then disconnect it when you are done. The CD-ROM virtual media “channel” will remain open, however, so that you can virtually mount another CD-ROM.
Chapter 5: Virtual Media Using Virtual Media via VKC and AKC in a Windows Environment Windows XP® operating system Administrator and standard user privileges vary from those of the Windows Vista® operating system and the Windows 7® operating system. When enabled in Vista or Windows 7, User Access Control (UAC) will provide the lowest level of rights and privileges a user needs for an application.
Chapter 5: Virtual Media Using Virtual Media See Prerequisites for Using Virtual Media before proceeding with using virtual media. To use virtual media: 1. If you plan to access file server ISO images, identify those file servers and images through the Remote Console File Server Setup page. See File Server Setup (File Server ISO Images Only). Note: ISO9660 format is the standard supported by Raritan. However, other CD-ROM extensions may also work. 2. Open a KVM session with the appropriate target server.
Chapter 5: Virtual Media File Server Setup (File Server ISO Images Only) Note: This feature is only required when using virtual media to access file server ISO images. ISO9660 format is the standard supported by Raritan. However, other CD-ROM extensions may also work. Use the Remote Console File Server Setup page to designate the files server(s) and image paths that you want to access using virtual media.
Chapter 5: Virtual Media Note: You cannot access a remote ISO image via virtual media using an IPv6 address due to technical limitations of third-party software used by the KX2. Note: If you are connecting to a Windows 2003 Server and attempt to load an ISO image from the server, you may receive an error stating "Virtual Media mounting on port failed. Unable to connect to the file server or incorrect File Server username and password".
Chapter 5: Virtual Media Connecting to Virtual Media Local Drives This option mounts an entire drive, which means the entire disk drive is mounted virtually onto the target server. Use this option for hard drives and external drives only. It does not include network drives, CD-ROM, or DVD-ROM drives. This is the only option for which Read/Write is available.
Chapter 5: Virtual Media WARNING: Enabling Read/Write access can be dangerous! Simultaneous access to the same drive from more than one entity can result in data corruption. If you do not require Write access, leave this option unselected. 4. Click Connect. The media will be mounted on the target server virtually. You can access the media just like any other drive. Conditions when Read/Write is Not Available Virtual media Read/Write is not available in the following situations: For all hard drives.
Chapter 5: Virtual Media 2. For internal and external CD-ROM or DVD-ROM drives: a. Choose the Local CD/DVD Drive option. b. Choose the drive from the Local CD/DVD Drive drop-down list. All available internal and external CD and DVD drive names will be populated in the drop-down list. c. Click Connect. 3. For ISO images: a. Choose the ISO Image option. Use this option when you want to access a disk image of a CD, DVD, or hard drive. ISO format is the only format supported. b. Click the Browse button. c.
Chapter 5: Virtual Media Disconnecting Virtual Media To disconnect the virtual media drives: For local drives, choose Virtual Media > Disconnect Drive. For CD-ROM, DVD-ROM, and ISO images, choose Virtual Media > Disconnect CD-ROM/ISO Image. Note: In addition to disconnecting the virtual media using the Disconnect command, simply closing the KVM connection closes the virtual media as well.
Chapter 6 USB Profiles In This Chapter Overview ................................................................................................100 CIM Compatibility ..................................................................................101 Available USB Profiles...........................................................................101 Selecting Profiles for a KVM Port ..........................................................
Chapter 6: USB Profiles CIM Compatibility In order to make use of USB profiles, you must use a D2CIM-VUSB or D2CIM-DVUSB with updated firmware. A VM-CIM that has not had its firmware upgraded will support a broad range of configurations (Keyboard, Mouse, CD-ROM, and Removable Drive) but will not be able to make use of profiles optimized for particular target configurations. Given this, existing VM-CIMs should be upgraded with latest firmware in order to access USB profiles.
Chapter 6: USB Profiles USB profile BIOS DellPowerEdge Keyboard Only Description Restrictions: USB bus speed limited to full-speed (12 MBit/s) No virtual media support Dell PowerEdge BIOS Access (Keyboard Only) Use this profile to have keyboard functionality for the Dell PowerEdge BIOS when using D2CIM-VUSB. When using the new D2CIM-DVUSB, use 'Generic' profile.
Chapter 6: USB Profiles USB profile BIOS HP® Proliant™ DL145 Description USB bus speed limited to full-speed (12 MBit/s) Absolute mouse synchronization™ not supported Virtual CD-ROM and disk drives cannot be used simultaneously HP Proliant DL145 PhoenixBIOS Use this profile for HP Proliant DL145 PhoenixBIOS during OS installation.
Chapter 6: USB Profiles USB profile Generic Description Restrictions: Absolute mouse synchronization™ not supported Virtual CD-ROM and disk drives cannot be used simultaneously The generic USB profile resembles the behavior of the original KX2 release. Use this for Windows 2000® operating system, Windows XP® operating system, Windows Vista® operating system and later.
Chapter 6: USB Profiles USB profile Description MAC OS X® (10.4.9 and later) Mac OS-X, version 10.4.9 and later This profile compensates the scaling of mouse coordinates introduced in recent versions of Mac OS-X. Select this if the remote and local mouse positions get out of sync near the desktop borders.
Chapter 6: USB Profiles USB profile Description Keyboard and Mouse (Type 1) USB bus speed limited to full-speed (12 MBit/s) Virtual CD-ROM and disk drives cannot be used simultaneously WARNING: USB enumeration will trigger whenever virtual media is connected or disconnected.
Chapter 6: USB Profiles USB profile Description full-speed (12 MBit/s) Selecting Profiles for a KVM Port The Dominion KX II comes with a set of USB profiles that you can assign to a KVM port based on the characteristics of the KVM target server it connects to. You assign USB profiles to a KVM port in the Device Settings > Port Configuration > Port page in either the Dominion KX II Remote or Local Console.
Chapter 7 User Management In This Chapter User Groups ..........................................................................................108 Users .....................................................................................................117 Authentication Settings ..........................................................................120 Changing a Password ...........................................................................
Chapter 7: User Management User Group List User groups are used with local and remote authentication (via RADIUS or LDAP/LDAPS). It is a good idea to define user groups before creating individual users since, when you add a user, you must assign that user to an existing user group. The User Group List page displays a list of all user groups, which can be sorted in ascending or descending order by clicking on the Group Name column heading.
Chapter 7: User Management The Group page is organized into the following categories: Group, Permissions, Port Permissions, and IP ACL. 2. Type a descriptive name for the new user group into the Group Name field (up to 64 characters). 3. Set the permissions for the group. Select the checkboxes before the permissions you want to assign to all of the users belonging to this group. See Setting Permissions (on page 112). 4. Set the port permissions.
Chapter 7: User Management Note: Several administrative functions are available within MPC and from the Dominion KX II Local Console. These functions are available only to members of the default Admin group. Note: Both IPv4 and IPv6 addresses are supported.
Chapter 7: User Management Setting Permissions Important: Selecting the User Management checkbox allows the members of the group to change the permissions of all users, including their own. Carefully consider granting these permissions. Permission Description Device Access While Under CC-SG Management Allows users and user groups with this permission to directly access the Dominion KX II using an IP address when Local Access is enabled for the device in CC-SG.
Chapter 7: User Management Permission Description User Management User and group management, remote. authentication (LDAP/LDAPS/RADIUS), login settings. If you are using a tiered configuration in which a base Dominion KX II device is used to access multiple other tiered devices, user, user group and remote authentication settings must be consistent across all devices. See Configuring and Enabling Tiering (on page 139) for more information on tiering.
Chapter 7: User Management Power control access Option Description Deny Deny power control to the target server Access Full permission to power control on a target server For blade chassis, the port access permission will control access to the URLs that have been configured for that blade chassis. The options are Deny or Control. In addition, each blade housed within the chassis has its own independent Port Permissions setting.
Chapter 7: User Management Use the IP ACL section of the Group page to add, insert, replace, and delete IP access control rules on a group-level basis. To add (append) rules: 1. Type the starting IP address in the Starting IP field. 2. Type the ending IP address in the Ending IP field. 3. Choose the action from the available options: Accept - IP addresses set to Accept are allowed access to the Dominion KX II device. Drop - IP addresses set to Drop are denied access to the Dominion KX II device.
Chapter 7: User Management 2. Click Delete. 3. When prompted to confirm the deletion, click OK. Important: ACL rules are evaluated in the order in which they are listed. For instance, in the example shown here, if the two ACL rules were reversed, Dominion would accept no communication at all. Tip: The rule numbers allow you to have more control over the order in which the rules are created. Note: Both IPv4 and IPv6 addresses are supported.
Chapter 7: User Management Tip: To determine the users belonging to a particular group, sort the User List by User Group. 1. Choose a group from among those listed by checking the checkbox to the left of the Group Name. 2. Click Delete. 3. When prompted to confirm the deletion, click OK. Users Users must be granted user names and passwords to gain access to the Dominion KX II. This information is used to authenticate users attempting to access your Dominion KX II.
Chapter 7: User Management Adding a New User It is a good idea to define user groups before creating Dominion KX II users because, when you add a user, you must assign that user to an existing user group. See Adding a New User Group (on page 109). From the User page, you can add new users, modify user information, and reactivate users that have been deactivated.
Chapter 7: User Management 5. To delete a user, click Delete. You are prompted to confirm the deletion. 6. Click OK. Logging a User Off (Force Logoff) If you are an administrator, you are able to log out another locally authenticated user who is logged on to the Dominion KX II. To log out a user: 1. Open the User List page by choosing User Management > User List or click the Connected User link in the left panel of the page. 2.
Chapter 7: User Management Authentication Settings Authentication is the process of verifying that a user is who he says he is. Once a user is authenticated, the user's group is used to determine his system and port permissions. The user's assigned privileges determine what type of access is allowed. This is called authorization. When the Dominion KX II is configured for remote authentication, the external authentication server is used primarily for the purposes of authentication, not authorization.
Chapter 7: User Management Implementing LDAP/LDAPS Remote Authentication Lightweight Directory Access Protocol (LDAP/LDAPS) is a networking protocol for querying and modifying directory services running over TCP/IP. A client starts an LDAP session by connecting to an LDAP/LDAPS server (the default TCP port is 389). The client then sends operation requests to the server, and the server sends responses in turn. Reminder: Microsoft Active Directory functions natively as an LDAP/LDAPS authentication server.
Chapter 7: User Management 9. Enter the Distinguished Name of the Administrative User in the DN of Administrative User field (up to 64 characters). Complete this field if your LDAP server only allows administrators to search user information using the Administrative User role. Consult your authentication server administrator for the appropriate values to type into this field. An example DN of Administrative User value might be: cn=Administrator,cn=Users,dc=testradius,dc=com. Optional 10.
Chapter 7: User Management 11. Select the Enable Secure LDAP checkbox if you would like to use SSL. This will enable the Enable LDAPS Server Certificate Validation checkbox. Secure Sockets Layer (SSL) is a cryptographic protocol that allows Dominion KX II to communicate securely with the LDAP/LDAPS server. 12. The default Port is 389. Either use the standard LDAP TCP port or specify another port. 13. The default Secure LDAP Port is 636. Either use the default port or specify another port.
Chapter 7: User Management 15. If needed, upload the Root CA Certificate File. This field is enabled when the Enable Secure LDAP option is selected. Consult your authentication server administrator to get the CA certificate file in Base64 encoded X-509 format for the LDAP/LDAPS server. Use the Browse button to navigate to the certificate file.
Chapter 7: User Management Once the test is completed, a message will be displayed that lets you know the test was successful or, if the test failed, a detailed error message will be displayed. It will display successful result or detail error message in failure case. It also can display group information retrieved from remote LDAP server for the test user in case of success.
Chapter 7: User Management Group Name is case sensitive. The Dominion KX II provides the following default groups that cannot be changed or deleted: Admin and . Verify that your Active Directory server does not use the same group names. If the group information returned from the Active Directory server does not match a Dominion KX II group configuration, the Dominion KX II automatically assigns the group of to users who authenticate successfully.
Chapter 7: User Management 9. The default number of retries is 3 Retries. This is the number of times the Dominion KX II will send an authentication request to the RADIUS server. 10. Choose the Global Authentication Type from among the options in the drop-down list: PAP - With PAP, passwords are sent as plain text. PAP is not interactive. The user name and password are sent as one data package once a connection is established, rather than the server sending a login prompt and waiting for a response.
Chapter 7: User Management Note: Both IPv4 and IPv6 addresses are supported. Returning User Group Information via RADIUS When a RADIUS authentication attempt succeeds, the Dominion KX II determines the permissions for a given user based on the permissions of the user's group. Your remote RADIUS server can provide these user group names by returning an attribute, implemented as a RADIUS FILTER-ID.
Chapter 7: User Management Attribute Data Log in Acct-Session-ID (44) Session ID for accounting. Log out Accounting-Request(4) Acct-Status (40) Stop(2) - Stops the accounting NAS-Port-Type (61) VIRTUAL (5) for network connections. NAS-Port (5) Always 0. NAS-IP-Address (4) The IP address for the Dominion KX II. User-Name (1) The user name entered at the login screen. Acct-Session-ID (44) Session ID for accounting.
Chapter 7: User Management User Authentication Process Remote authentication follows the process specified in the flowchart below: 130
Chapter 7: User Management Changing a Password To change your password: 1. Choose User Management > Change Password. The Change Password page opens. 2. Type your current password in the Old Password field. 3. Type a new password in the New Password field. Retype the new password in the Confirm New Password field. Passwords can be up to 64 characters in length and can consist of English alphanumeric characters and special characters. 4. Click OK. 5.
Chapter 8 Device Management In This Chapter Network Settings ...................................................................................132 Device Services .....................................................................................137 Configuring Modem Settings .................................................................145 Configuring Date/Time Settings ............................................................146 Event Management .................................................
Chapter 8: Device Management Network Basic Settings These procedures describe how to assign an IP address on the Network Settings page. For complete information about all of the fields and the operation of this page, see Network Settings (on page 132). 1. Choose Device Settings > Network. The Network Settings page opens. 2. Specify a meaningful Device Name for your Dominion KX II device. Up to 32 alphanumeric characters using valid special characters and no spaces. 3.
Chapter 8: Device Management e. Link-Local IP Address. This address is automatically assigned to the device. It is used for neighbor discovery or when no routers are present. Read-Only f. Zone ID. This identifies the device with which the address is associated. Read-Only g. Select the IP Auto Configuration. The following options are available: None - Use this option if you do not want an auto IP configuration and prefer to set the IP address yourself (static IP).
Chapter 8: Device Management See LAN Interface Settings (on page 135) for information in configuring this section of the Network Settings page. Note: In some environments, the default LAN Interface Speed & Duplex setting Autodetect (autonegotiator) does not properly set the network parameters, which results in network issues. In these instances, setting the Dominion KX II LAN Interface Speed & Duplex field to 100 Mbps/Full Duplex (or whatever option is appropriate to your network) addresses the issue.
Chapter 8: Device Management Autodetect (default option) 10 Mbps/Half - Both LEDs blink 10 Mbps/Full - Both LEDs blink 100 Mbps/Half - Yellow LED blinks 100 Mbps/Full - Yellow LED blinks 1000 Mbps/Full (gigabit) - Green LED blinks Half-duplex provides for communication in both directions, but only one direction at a time (not simultaneously). Full-duplex allows communication in both directions simultaneously.
Chapter 8: Device Management 512 Kilobit 256 Kilobit 128 Kilobit 5. Click OK to apply the LAN settings. Device Services The Device Services page allows you to configure the following functions: Enable SSH access. Enable tiering for the base Dominion KX II. Enter the discovery port. Enable direct port access. Enable the AKC Download Server Certificate Validation feature if you are using AKC.
Chapter 8: Device Management Enabling SSH Enable SSH access to allow administrators to access the Dominion KX II via the SSH v2 application. To enable SSH access: 1. Choose Device Settings > Device Services. The Device Service Settings page appears. 2. Select Enable SSH Access. 3. Enter the SSH Port information. The standard SSH TCP port number is 22 but the port number can be changed to provide a higher level of security operations. 4. Click OK.
Chapter 8: Device Management Configuring and Enabling Tiering The tiering feature allows you to access Dominion KX II targets and PDUs through one base Dominion KX II device. This feature is available for standard Dominion KX II devices as well as KX2-832 and KX2-864 devices. Devices can be added and removed from a configuration as needed up to a maximum of two tiered levels. When setting up the devices, you will use specific CIMS for specific configurations.
Chapter 8: Device Management Enabling Tiering Connect from a target server port on the base device to the tier Dominion KX II Local Access port video/keyboard/mouse ports using a D2CIM-DVUSB. If the tier device is a KX2-832 or KX2-864, connect from a target server port on the base device directly to the tier KX2-832/KX2-864 Extended Local port. To enable tiering: 1. From the tier base, choose Device Settings > Device Services. The Device Service Settings page appears. 2. Select Enable Tiering as Base. 3.
Chapter 8: Device Management Tiering - Target Types, Supported CIMS and Tiering Configurations Blade Chassis Blade chassis that attached directly to the base are accessible. Power Control You can power on and off targets that are a part of the tiered configuration. These targets are accessed from the Port Access page. Dominion KX II PDU outlets can be accessed and controlled via a tiered configuration with either the Dominion KX II or KXII-832 and KXII-864 models.
Chapter 8: Device Management Cabling Example in Tiered Configurations The following diagram illustrates the cabling configurations between a Dominion KX II tiered device and a Dominion KX II base device. Connect from a target server port on the base device to the tier Dominion KX II Local Access port video/keyboard/mouse ports using a D2CIM-DVUSB. If the tier device is a KX2-832 or KX2-864, connect from a target server port on the base device directly to the tier KX2-832/KX2-864 Extended Local port.
Chapter 8: Device Management Enabling Direct Port Access Direct port access allows users to bypass having to use the device's Login dialog and Port Access page. This feature also provides the ability to enter a username and password directly and proceed to the target if the username and password is not contained in the URL. The following is important URL information regarding direct port access: If you are using VKC and direct port access: https://IPaddress/dpa.
Chapter 8: Device Management Enabling the AKC Download Server Certificate Validation If you are using the AKC client, you can choose to use the Enable AKC Download Server Certificate Validation feature or opt not to use this feature.
Chapter 8: Device Management Configuring Modem Settings To configure modem settings: 1. Click Device Settings > Modem Settings to open the Modem Settings page. 2. Select the Enable Modem checkbox. This will enable the Serial Line Speed and Modem Init String field. 3. The Serial Line Speed of the modem is set to 115200. Read-only 4. Enter the initial modem string in the Modem Init String field. If the modem string is left blank, the following string is sent to the modem by default: ATZ OK AT OK.
Chapter 8: Device Management 6. Click OK to commit your changes or click Reset to Defaults to return the settings to their defaults. See Certified Modems (on page 272) for information on certified modems that work with the Dominion KX II. For information on settings that will give you the best performance when connecting to the Dominion KX II via modem, see Creating, Modifying and Deleting Profiles in MPC Generation 2 Devices in the KVM and Serial Access Clients Guide.
Chapter 8: Device Management 2. Choose your time zone from the Time Zone drop-down list. 3. To adjust for daylight savings time, check the "Adjust for daylight savings time" checkbox. 4. Choose the method you would like to use to set the date and time: User Specified Time - Choose this option to input the date and time manually. For the User Specified Time option, enter the date and time. For the time, use the hh:mm format (using a 24-hour clock).
Chapter 8: Device Management Event Management The Dominion KX II Event Management feature provides a set of screens for enabling and disabling the distribution of system events to SNMP Managers, Syslog, and the audit log. These events are categorized, and for each event you can determine whether you want the event sent to one or several destinations.
Chapter 8: Device Management 2. Type the IP Address/Host Name of your Syslog server in the IP Address field. 3. Click OK. To reset to factory defaults: Click Reset To Defaults. Note: Both IPv4 and IPv6 addresses are supported. Note: IPv6 addresses cannot exceed 80 characters in length for the host name.
Chapter 8: Device Management Event Management - Destinations System events, if enabled, can generate SNMP notification events (traps), or can be logged to Syslog or Audit Log. Use the Event Management - Destinations page to select the system events to track and where to send this information. Note: SNMP traps will be generated only if the SNMP Logging Enabled option is selected. Syslog events will be generated only if the Enable Syslog Forwarding option is selected.
Chapter 8: Device Management 3. Click OK.
Chapter 8: Device Management To reset to factory defaults: Click Reset To Defaults. Warning: When using SNMP traps over UDP, it is possible for the Dominion KX II and the router that it is attached to to fall out of synchronization when the Dominion KX II is rebooted, preventing the reboot completed SNMP trap from being logged. SNMP Agent Configuration SNMP-compliant devices, called agents, store data about themselves in Management Information Bases (MIBs) and return this data to the SNMP managers.
Chapter 8: Device Management Trap Name Description ipConflictDetected An IP Address conflict was detected. ipConflictResolved An IP Address conflict was resolved. networkFailure An Ethernet interface of the product can no longer communicate over the network. networkParameterChanged A change has been made to the network parameters. passwordSettingsChanged Strong password settings have changed. portConnect A previously authenticated user has begun a KVM session.
Chapter 8: Device Management Trap Name Description userModified A user account has been modified. userPasswordChanged This event is triggered if the password of any user of the device is modified. userSessionTimeout A user with an active session has experienced a session termination due to timeout. userUploadedCertificate A user uploaded a SSL certificate. vmImageConnected User attempted to mount either a device or image on the target using Virtual Media.
Chapter 8: Device Management 2. If you are plugging power input into power supply number one (left-most power supply at the back of the unit), then select the Powerln1 Auto Detect option. 3. If you are plugging power input into power supply number two (right-most power supply at the back of the unit), then select the Powerln2 Auto Detect option. 4. Click OK. Note: If either of these checkboxes is selected and power input is not actually connected, the power LED at the front of the unit turns red.
Chapter 8: Device Management Configuring Ports The Port Configuration page displays a list of the Dominion KX II ports. Ports connected to KVM target servers (blades and standard servers) and power strips are displayed in blue and can be edited. For ports with no CIM connected or with a blank CIM name, a default port name of Dominion-KX2_Port# is assigned, where Port# is the number of the Dominion KX II physical port. To access a port configuration: 1. Choose Device Settings > Port Configuration.
Chapter 8: Device Management Port Type Port type Description DCIM Dominion CIM Not Available No CIM connected PCIM Paragon CIM PowerStrip Power CIM VM Virtual media CIM (D2CIM-VUSB and D2CIM-DVUSB) Blade Chassis Blade chassis and the blades associated with that chassis (displayed in a hierarchical order) 2. Click the Port Name for the port you want to edit. For KVM ports, the Port page is opened. From this page, you can name the ports and create power associations.
Chapter 8: Device Management 8. Click OK. Configuring KVM Switches The Dominion KX II also supports use of hot key sequences to switch between targets. In addition to using hot key sequences with standard servers, KVM switching is supported by blade chassis and in tiered configurations. To configure KVM switches: 1. Choose Device Settings > Port Configuration. The Port Configuration page opens. 2. Click the Port Name of the target server you want to rename. The Port Page opens. 3. Select KVM Switch. 4.
Chapter 8: Device Management 8. Activate the targets that the KVM switch hot key sequence will be applied to. Indicate the KVM switch ports have targets attached by selecting „Active‟ for each of the ports. 9. In the KVM Managed Links section of the page, you are able to configure the connection to a web browser interface if one is available. a. Active - To activate the link once it is configured, select the Active checkbox. Leave the checkbox deselected to keep the link inactive.
Chapter 8: Device Management Connecting a Power Strip Raritan PX series power strips are connected to the KX II using the D2CIM-PWR CIM. To connect the power strip: 1. Connect the male RJ-45 of the D2CIM-PWR to the female RJ-45 connector on the serial port of the power strip. 2. Connect the female RJ-45 connector of the D2CIM-PWR to any of the available female system port connectors on the KX II using a straight through Cat5 cable. 3.
Chapter 8: Device Management Naming the Power Strip in the KX II (Port Page for Power Strips) Note: PX power strips can be named in the PX as well as in KX II. The Port page opens when you select a port from the Port Configuration page that is connected to a Raritan remote power strip. The Type and the Name fields are prepopulated. Note: The (CIM) Type cannot be changed. The following information is displayed for each outlet in the power strip: [Outlet] Number, Name, and Port Association.
Chapter 8: Device Management 3. Click OK.
Chapter 8: Device Management Associating Outlets with Target Servers on KX II The Port page opens when you click on a port on the Port Configuration page. From this page, you can make power associations, change the port name to something more descriptive, and update target server settings if you are using the D2CIM-VUSB CIM. The (CIM) Type and the (Port) Name fields are prepopulated; note that the CIM type cannot be changed.
Chapter 8: Device Management Removing Power Associations When disconnecting target servers and/or power strips from KXII, all power associations should first be deleted. When a target has been associated with a power strip and the target is removed from the KX II, the power association remains. When this occurs, you are not able to access the Port Configuration for that disconnected target server in Device Settings so that the power association can be properly remove.
Chapter 8: Device Management Configuring Blade Chassis In addition to standard servers and power strips, the Dominion KX II offers you the ability to control blade chassis that are plugged into a Dominion KX II port. Up to eight blade chassis can be managed through the Dominion KX II at a given time. As with standard servers, blade chassis are autodetected by the Dominion KX II once they are connected.
Chapter 8: Device Management Note: In the case of IBM Blade Center Models E and H, the Dominion KX II only supports auto-discovery for AMM[1] as the acting primary management module. The Dominion KX II also supports use of hot key sequences to switch KVM access to a blade chassis. For blade chassis that allow users to select a hot key sequence, those options will be provided on the Port Configuration page.
Chapter 8: Device Management 2. Select Device Settings > Port Configuration to open the Port Configuration page. 3. On the Port Configuration page, click on the name of the blade chassis you want to configure. The Port page will open. 4. Select the Blade Chassis radio button. The page will then display the necessary fields to configure a blade chassis. 5. Select Generic from the Blade Server Chassis Model drop-down. 6. Configure the blade chassis as applicable. a.
Chapter 8: Device Management b. URL - Enter the URL to the interface. Required c. Username - Enter the username used to access the interface. Optional d. Password - Enter the password used to access the interface. Optional Note: Leave the username and password fields blank for DRAC, ILO, and RSA web applications or the connection will fail. e. The Username Field and Password Field, which are both optional, contain the labels that are expected to be associated with the username and password entries.
Chapter 8: Device Management 5. Select the Dell blade chassis model from the Blade Server Chassis Model drop-down. To configure a Dell PowerEdge M1000e: 1. If you selected Dell PowerEdge® M1000e, auto-discovery is available. Configure the blade chassis as applicable. Prior to configuring a blade chassis that can be auto-discovered, it must be configured to enable SSH connections on the designated port number (see Device Services (on page 137)).
Chapter 8: Device Management 5. In the Blade Chassis Managed Links section of the page, you are able to configure the connection to a blade chassis web browser interface if one is available. Click the Blade Chassis Managed Links icon page. to expand the section on the The first URL link is intended for use to connect to the blade chassis Administration Module GUI. Note: Access to the URL links entered in this section of the page is governed by the blade chassis port permissions. a.
Chapter 8: Device Management To configure a Dell PowerEdge 1855/1955: 1. If you selected Dell 1855/1955, auto-discovery is not available. Configure the blade chassis as applicable. a. Switch Hot Key Sequence - Select the hot key sequence that will be used to switch from KVM to the blade server. b. Maximum Number of Slots - The default maximum number of slots available on the blade chassis is automatically entered. c. Administrative Module Primary IP Address/Host Name - Not applicable. d.
Chapter 8: Device Management Note: Leave the username and password fields blank for DRAC, ILO, and RSA web applications or the connection will fail. e. The Username Field and Password Field, which are both optional, contain the labels that are expected to be associated with the username and password entries. It is in these fields you should enter the field names for the username and password fields used on the login screen for the web application.
Chapter 8: Device Management c. Administrative Module Primary IP Address/Host Name - Enter the primary IP address for the blade chassis. Required for auto-discovery mode d. Port Number - The default port number for the blade chassis is 22. Change the port number if applicable. Required for auto-discovery mode e. Username - Enter the username used to access the blade chassis. Required for auto-discovery mode f. Password - Enter the password used to access the blade chassis.
Chapter 8: Device Management c. Username - Enter the username used to access the interface. d. Password - Enter the password used to access the interface. Note: Leave the username and password fields blank for DRAC, ILO, and RSA web applications or the connection will fail. e. The Username Field and Password Field, which are both optional, contain the labels that are expected to be associated with the username and password entries.
Chapter 8: Device Management 4. In the Blade Chassis Managed Links section of the page, you are able to configure the connection to a blade chassis web browser interface if one is available. Click the Blade Chassis Managed Links icon page. to expand the section on the The first URL link is intended for use to connect to the blade chassis Administration Module GUI. Note: Access to the URL links entered in this section of the page is governed by the blade chassis port permissions. a.
Chapter 8: Device Management Tips for Adding a Web Browser Interface You can add a Web Browser Interface to create a connection to a device with an embedded web server. A Web Browser interface can also be used to connect to any web application, such as the web application associated with an RSA, DRAC or ILO Processor card. You must have DNS configured or URLs will not resolve. You do not need to have DNS configured for IP addresses. To add a web browser interface: 1.
Chapter 8: Device Management HP Blade Chassis Configuration (Port Group Management) The Dominion KX II supports the aggregation of ports connected to certain types of blades into a group representing the blade chassis. Specifically, HP® BladeServer blades and Dell® PowerEdge® 1855/1955 blades when the Dell PowerEdge 1855/1955 is connected from each individual blade to a port on the Dominion KX II.
Chapter 8: Device Management 3. Enter a Port Group Name. The port group name is not case sensitive and can contain up to 32 characters. 4. Select the Blade Server Group checkbox. If you want to designate that these ports are attached to blades housed in a blade chassis (for example, HP c3000 or Dell PowerEdge 1855), select the Blade Server Group checkbox.
Chapter 8: Device Management To delete a port group: 1. Click on the Port Group Management page, select the checkbox of the port group you want to delete. 2. Click the Delete button. 3. Click OK on the warning message. Supported Blade Chassis Models This table contains the blade chassis models that are supported by the Dominion KX II and the corresponding profiles that should be selected per chassis model when configuring them in the Dominion KX II application.
Chapter 8: Device Management Supported CIMs for Blade Chassis The following CIMs are supported for blade chassis being managed through the Dominion KX II: DCIM-PS2 DCIM-USBG2 D2CIM-VUSB D2CIM-DVUSB Following is a table containing supported CIMs for each blade chassis model that the Dominion KX II supports.
Chapter 8: Device Management Blade chassis M1000e Connection method with this chassis. Recommended CIM(s) The iKVM is compatible with the following peripherals: USB keyboards, USB pointing devices VGA monitors with DDC support. Source: Dell Chassis Management Controller, Firmware Version 1.
Chapter 8: Device Management Blade chassis Connection method one Advanced Management Module. Recommended CIM(s) In contrast to the standard BladeCenter chassis, the KVM module and the Management Module in the BladeCenter T chassis are separate components. The front of the Management Module only features the LEDs for displaying status. All Ethernet and KVM connections are fed through to the rear to the LAN and KVM modules.
Chapter 8: Device Management Blade chassis Dell PowerEdge 1855/1955 IBM®/Dell Auto-Discovery Required/recommended action Slot, not by Name. iKVM may not work correctly if this is not done. Do not designate any slots for scan operations in the iKVM GUI Setup Scan menu. iKVM may not work correctly otherwise. Do not designate any slots for broadcast keyboard/mouse operations in the iKVM GUI Setup Broadcast menu. iKVM may not work correctly otherwise.
Chapter 8: Device Management Blade chassis IBM KX2 Virtual Media Required/recommended action management module. The SSH port configured on the blade chassis management module and the port number entered on the Port Configuration page must match. Raritan Dominion KX II virtual media is supported only on IBM BladeCenter® Models H and E. This requires the use of the D2CIM-DVUSB.
Chapter 8: Device Management Configuring USB Profiles (Port Page) You choose the available USB profiles for a port in the Select USB Profiles for Port section of the Port page. The USB profiles chosen in the Port page become the profiles available to the user in VKC when connecting to a KVM target server from the port. The default is the Windows 2000® operating system, Windows XP® operating system, Windows Vista® operating system profile. For information about USB profiles, see USB Profiles (on page 100).
Chapter 8: Device Management Ctrl-Click to select several discontinuous profiles. 2. Click Add. The selected profiles appear in the Selected list. These are the profiles that can be use for the KVM target server connected to the port. To specify a preferred USB profile: 1. After selecting the available profiles for a port, choose one from the Preferred Profile for Port menu. The default is Generic. The selected profile will be used when connecting to the KVM target server.
Chapter 8: Device Management 2. Click Remove. The selected profiles appear in the Available list. These profiles are no longer available for a KVM target server connected to this port. To apply a profile selection to multiple ports: 1. In the Apply Selected Profiles to Other Ports section, select the Apply checkbox for each KVM port you want to apply the current set of selected USB profiles to. To select all KVM ports, click Select All. To deselect all KVM ports, click Deselect All.
Chapter 8: Device Management Configuring Dominion KX II Local Port Settings From the Local Port Settings page, you can customize many settings for the Dominion KX II Local Console including keyboard, hot keys, video switching delay, power save mode, local user interface resolution settings, and local user authentication. Further, you can change a USB profile from the local port. For the KX2-832 and KX2-864, you are also able to configure the extended local port from the Local Port Settings page.
Chapter 8: Device Management Note: If you are using KX2-832 and KX2-864 as tiered devices, you must connect them to the base Dominion KX II via the extended local port. Note: If you connect a Paragon device to the KX2-832 and KX2-864 extended local port, you must use the remote client to change the USB profile. 4. If you are using the tiering feature, select the Enable Local Port Device Tiering checkbox and enter the tiered secret word in the Tier Secret field.
Chapter 8: Device Management Hot key: Take this action: Double Click Num Lock Press Num Lock key twice quickly Double Click Caps Lock Press Caps Lock key twice quickly Double Click Left Alt key Press the left Alt key twice quickly Double Click Left Shift key Press the left Shift key twice quickly Double Click Left Ctrl key Press the left Ctrl key twice quickly 7. Select the Local Port Connect key. Use a connect key sequence to connect to a target and switch to another target.
Chapter 8: Device Management Select the "Ignore CC managed mode on local port" checkbox if you would like local user access to the Dominion KX II even when the device is under CC-SG management. Note: If you initially choose not to ignore CC Manage mode on the local port but later want local port access, you will have to remove the device from under CC-SG management (from within CC-SG). You will then be able to check this checkbox.
Chapter 8: Device Management KX2-832 and KX2-864 Standard and Extended Local Port Settings The KX2-832 and KX2-864 provides you with two local port options: the standard local port and the extended local port. Each of these port options is enabled and disabled from the Remote Console on the Port Configuration page or from the Local Console on the Local Port Settings page. For more information, see Configuring Dominion KX II Local Port Settings (on page 188).
Chapter 9 Security Management In This Chapter Security Settings....................................................................................193 Configuring IP Access Control ..............................................................202 SSL Certificates .....................................................................................205 Security Banner .....................................................................................
Chapter 9: Security Management To reset back to defaults: Click Reset to Defaults. Login Limitations Using login limitations, you can specify restrictions for single login, password aging, and the logging out idle users. Limitation Description Enable single login limitation When selected, only one login per user name is allowed at any time. When deselected, a given user name/password combination can be connected into the device from several client workstations simultaneously.
Chapter 9: Security Management Limitation Description Enable Password Aging checkbox is selected. Enter the number of days after which a password change is required. The default is 60 days. Log out idle users, After (1-365 minutes) Select the "Log off idle users" checkbox to automatically disconnect users after the amount of time you specify in the "After (1-365 minutes)" field. If there is no activity from the keyboard or mouse, all sessions and all resources are logged out.
Chapter 9: Security Management Field case character Description character is required in the password. Enforce at least one numeric character When checked, at least one numeric character is required in the password. Enforce at least one printable special character When checked, at least one special character (printable) is required in the password. Number of restricted This field represents the password passwords based on history history depth.
Chapter 9: Security Management Option Description Timer Lockout Users are denied access to the system for the specified amount of time after exceeding the specified number of unsuccessful login attempts. When selected, the following fields are enabled: Attempts - The number of unsuccessful login attempts after which the user will be locked out. The valid range is 1 - 10 and the default is 3 attempts. Lockout Time - The amount of time for which the user will be locked out.
Chapter 9: Security Management Encryption mode Description Auto This is the recommended option. The Dominion KX II autonegotiates to the highest level of encryption possible. You must select Auto in order for the device and client to successfully negotiate the use of FIPS compliant algorithms. RC4 Secures user names, passwords and KVM data, including video transmissions using the RSA RC4 encryption method.
Chapter 9: Security Management 2. Apply Encryption Mode to KVM and Virtual Media. When selected, this option applies the selected encryption mode to both KVM and virtual media. After authentication, KVM and virtual media data is also transferred with 128-bit encryption. 3. For government and other high security environments, enable FIPS 140-2 Mode by selecting the Enable FIPS 140-2 checkbox. See Enabling FIPS 140-2 (on page 200) for information on enabling FIPS 140-2. 4. PC Share Mode.
Chapter 9: Security Management Note: When using the P2CIM-AUSBDUAL or P2CIM-APS2DUAL to attach a target to two Dominion KX IIs, if Private access to the targets is required, both KVM switches must have Private set as their PC Share Mode. See Supported Paragon CIMS and Configurations (on page 267) for additional information on using Paragon CIMs with the Dominion KX II. Checking Your Browser for AES Encryption The Dominion KX II supports AES-256.
Chapter 9: Security Management 2. Enable FIPS 140-2 Mode by selecting the Enable FIPS 140-2 checkbox in the Encryption & Share section of the Security Settings page. You will utilize FIPS 140-2 approved algorithms for external communications once in FIPS 140-2 mode. The FIPS cryptographic module is used for encryption of KVM session traffic consisting of video, keyboard, mouse, virtual media and smart card data. 3. Reboot the Dominion KX II.
Chapter 9: Security Management To enable FIPS 140-2 in Internet Explorer: 1. In Internet Explorer, select Tools > Internet Options and click on the Advanced tab. 2. Select the Use TLS 1.0 checkbox. 3. Restart the browser. Configuring IP Access Control Using IP access control, you can control access to your Dominion KX II. By setting a global Access Control List (ACL) you are ensuring that your device does not respond to packets being sent from disallowed IP addresses.
Chapter 9: Security Management 3. Click Append. The rule is added to the bottom of the rules list. To insert a rule: 1. Type a rule #. A rule # is required when using the Insert command. 2. Type the IP address and subnet mask in the IPv4/Mask or IPv6/Prefix Length field. 3. Choose the Policy from the drop-down list. 4. Click Insert. If the rule # you just typed equals an existing rule #, the new rule is placed ahead of the exiting rule and all rules are moved down in the list.
Chapter 9: Security Management 3. You are prompted to confirm the deletion. Click OK.
Chapter 9: Security Management SSL Certificates The Dominion KX II uses the Secure Socket Layer (SSL) protocol for any encrypted network traffic between itself and a connected client. When establishing a connection, the Dominion KX II has to identify itself to a client using a cryptographic certificate. It is possible to generate a Certificate Signing Request (CSR) and install a certificate signed by the Certificate Authority (CA) on the Dominion KX II.
Chapter 9: Security Management 2. Complete the following fields: a. Common name - The network name of the Dominion KX II once it is installed in the user's network (usually the fully qualified domain name). It is identical to the name that is used to access the Dominion KX II with a web browser but without the prefix “http://”. In case the name given here and the actual network name differ, the browser will pop up a security warning when the Dominion KX II is accessed using HTTPS. b.
Chapter 9: Security Management To upload a CSR: 1. Upload the certificate to the Dominion KX II by clicking the Upload button. Note: The CSR and the private key file are a matched set and should be treated accordingly. If the signed certificate is not matched with the private key used to generate the original CSR, the certificate will not be useful. This applies to uploading and downloading the CSR and private key files.
Chapter 9: Security Management 3. If you want to require users to acknowledge the banner prior to continuing the login process, select Require Acceptance of Restricted Service Banner. In order to acknowledge the banner, users will select a checkbox. If you do not enable this setting, the security banner will only be displayed after the user logs in and will not require users acknowledge it. 4. If needed, change the banner title. This information will be displayed to users as part of the banner.
Chapter 10 Maintenance In This Chapter Audit Log................................................................................................209 Device Information.................................................................................210 Backup and Restore ..............................................................................211 USB Profile Management ......................................................................214 Upgrading CIMs ...............................................
Chapter 10: Maintenance Device Information The Device Information page provides detailed information about your Dominion KX II device and the CIMs in use. This information is helpful should you need to contact Raritan Technical Support. To view information about your Dominion KX II and CIMs: Choose Maintenance > Device Information. The Device Information page opens.
Chapter 10: Maintenance Backup and Restore From the Backup/Restore page, you can backup and restore the settings and configuration for your Dominion KX II. In addition to using backup and restore for business continuity purposes, you can use this feature as a time-saving mechanism. For instance, you can quickly provide access to your team from another Dominion KX II by backing up the user configuration settings from the Dominion KX II in use and restoring those configurations to the new Dominion KX II.
Chapter 10: Maintenance If you are using Internet Explorer 6 or higher, to backup your Dominion KX II: 1. Click Backup. A File Download dialog appears that contains an Open button. Do not click Open. In IE 6 and higher, IE is used as the default application to open files, so you are prompted to open the file versus save the file. To avoid this, you must change the default application that is used to open files to Wordpad. 2. To do this: a. Save the backup file.
Chapter 10: Maintenance Full Restore - A complete restore of the entire system. Generally used for traditional backup and restore purposes. Protected Restore - Everything is restored except device-specific information such as IP address, name, and so forth. With this option, you can setup one Dominion KX II and copy the configuration to multiple Dominion KX II devices.
Chapter 10: Maintenance USB Profile Management From the USB Profile Management page, you can upload custom profiles provided by Raritan tech support. These profiles are designed to address the needs of your target server‟s configuration, in the event that the set of standard profiles does not already address them. Raritan tech support will provide the custom profile and work with you to verify the solution for your target server‟s specific needs.
Chapter 10: Maintenance As noted, you may delete a custom profile from the system while it is still designated as an active profile. Doing so will terminate any virtual media sessions that were in place. Handling Conflicts in Profile Names A naming conflict between custom and standard USB profiles may occur when a firmware upgrade is performed.
Chapter 10: Maintenance 3. Click the Upgrade button. You are prompted to confirm the upgrade. 4. Click OK to continue the upgrade. Progress bars are displayed during the upgrade. Upgrading takes approximately 2 minutes or less per CIM. Upgrading Firmware Use the Firmware Upgrade page to upgrade the firmware for your Dominion KX II and all attached CIMs. This page is available in the Dominion KX II Remote Console only.
Chapter 10: Maintenance 6. Click Upload from the Firmware Upgrade page. Information about the upgrade and version numbers is displayed for your confirmation (if you opted to review CIM information, that information is displayed as well): Note: At this point, connected users are logged out, and new login attempts are blocked. 7. Click Upgrade. Please wait for the upgrade to complete. Status information and progress bars are displayed during the upgrade.
Chapter 10: Maintenance For information about upgrading the device firmware using the Multi-Platform Client, see Upgrading Device Firmware in the KVM and Serial Access Clients Guide. Note: Firmware upgrades are not supported via modem. Note: If you are using a tiered configuration in which a base Dominion KX II device is used to access multiple other tiered devices, you may receive a low memory error during a firmware upgrade if you have a large number of user groups.
Chapter 10: Maintenance Upgrade History The Dominion KX II provides information about upgrades performed on the Dominion KX II and attached CIMS. To view the upgrade history: Choose Maintenance > Upgrade History. The Upgrade History page opens. Information is provided about the Dominion KX II upgrade(s) that have been run, the final status of the upgrade, the start and end times, and the previous and current firmware versions.
Chapter 10: Maintenance To reboot your Dominion KX II: 1. Choose Maintenance > Reboot. The Reboot page opens. 2. Click Reboot. You are prompted to confirm the action. Click Yes to proceed with the reboot.
Chapter 10: Maintenance Stopping CC-SG Management While the Dominion KX II is under CC-SG management, if you try to access the device directly, you are notified that it the device is under CC-SG management. If you are managing the Dominion KX II through CC-SG and connectivity between CC-SG and the Dominion KX II is lost after the specified timeout interval (typically 10 minutes), you are able to end the CC-SG management session from the Dominion KX II console.
Chapter 10: Maintenance 3. Click Yes to remove the device CC-SG management. Once CC-SG management has ended, a confirmation will be displayed.
Chapter 11 Diagnostics In This Chapter Network Interface Page .........................................................................223 Network Statistics Page.........................................................................223 Ping Host Page ......................................................................................226 Trace Route to Host Page .....................................................................226 Device Diagnostics ..................................................
Chapter 11: Diagnostics 224 Statistics - Produces a page similar to the one displayed here. Interfaces - Produces a page similar to the one displayed here.
Chapter 11: Diagnostics Route - Produces a page similar to the one displayed here. 3. Click Refresh. The relevant information is displayed in the Result field.
Chapter 11: Diagnostics Ping Host Page Ping is a network tool used to test whether a particular host or IP address is reachable across an IP network. Using the Ping Host page, you can determine if a target server or another Dominion KX II is accessible. To ping the host: 1. Choose Diagnostics > Ping Host. The Ping Host page appears. 2. Type either the hostname or IP address into the IP Address/Host Name field. Note: The host name cannot exceed 232 characters in length. 3. Click Ping.
Chapter 11: Diagnostics 2. Type either the IP address or host name into the IP Address/Host Name field. Note: The host name cannot exceed 232 characters in length. 3. Choose the maximum hops from the drop-down list (5 to 50 in increments of 5). 4. Click Trace Route. The trace route command is executed for the given hostname or IP address and the maximum hops. The output of trace route is displayed in the Result field.
Chapter 11: Diagnostics Device Diagnostics Note: This page is for use by Raritan Field Engineers or when you are directed by Raritan Technical Support. Device diagnostics downloads the diagnostics information from the Dominion KX II to the client machine. Two operations can be performed on this page: Execute a special diagnostics script provided by Raritan Technical Support during a critical error debugging session. The script is uploaded to the device and executed.
Chapter 11: Diagnostics a. Click the Save to File button. The File Download dialog opens. b. Click Save. The Save As dialog box opens. c. Navigate to the desired directory and click Save. d. Email this file as directed by Raritan Technical Support.
Chapter 12 Command Line Interface (CLI) In This Chapter Overview ................................................................................................230 Accessing the Dominion KX II Using CLI ..............................................231 SSH Connection to the Dominion KX II .................................................231 Telnet Connection to the Dominion KX II ..............................................232 Logging In ..................................................................
Chapter 12: Command Line Interface (CLI) Accessing the Dominion KX II Using CLI Access the Dominion KX II by using one of the following methods: Telnet via IP connection SSH (Secure Shell) via IP connection Local Port-via RS-232 serial interface A number of SSH/Telnet clients are available and can be obtained from the following locations: Putty - http://www.chiark.greenend.org.uk/~sgtatham/putty/ http://www.chiark.greenend.org.uk/~sgtatham/putty/ SSH Client from ssh.com - www.ssh.
Chapter 12: Command Line Interface (CLI) SSH Access from a UNIX/Linux Workstation To open an SSH session from a UNIX®/Linux® workstation and log in as the user admin, enter the following command: ssh -l admin 192.168.30.222 The Password prompt appears. See Logging In (on page 233). Note: Both IPv4 and IPv6 addresses are supported. Telnet Connection to the Dominion KX II Due to the lack of security, user name, password and all traffic is in clear-text on the wire. Telnet access is disabled by default.
Chapter 12: Command Line Interface (CLI) Logging In To log in, enter the user name admin as shown: 1. Log in as admin 2. The Password prompt appears. Enter the default password: raritan The welcome message displays. You are now logged on as an administrator. After reviewing the following Navigation of the CLI (on page 234) section, perform the Initial Configuration tasks.
Chapter 12: Command Line Interface (CLI) Navigation of the CLI Before using the CLI, it is important to understand CLI navigation and syntax. There are also some keystroke combinations that simplify CLI use. Completion of Commands The CLI supports the completion of partially-entered commands. After entering the first few characters of an entry, press the Tab key. If the characters form a unique match, the CLI will complete the entry.
Chapter 12: Command Line Interface (CLI) Common Commands for All Command Line Interface Levels Following are the commands that are available at all CLI levels. These commands also help navigate through the CLI. Commands top Description Return to the top level of the CLI hierarchy, or the “username” prompt. history Display the last 200 commands the user entered into the Dominion KX II CLI. help Display an overview of the CLI syntax. quit Places the user back one level.
Chapter 12: Command Line Interface (CLI) Setting Network Parameters Network parameters are configured using the interface command. admin > Config > Network > interface enable true if lan1 ip 192.16.151.12 mask 255.255.255 gw 192.168.51.12 When the command is accepted, the device automatically drops the connection. You must reconnect to the device using the new IP address and the user name and password you created in the resetting factory default password section.
Chapter 12: Command Line Interface (CLI) Command Description history Display the current session's command line history. listports List accessible ports. logout Logout of the current CLI session. top Return to the root menu. userlist List active user sessions. Enter admin > config > network. Command Description help Display overview of commands. history Display the current session's command line history. interface Set/get network parameters.
Chapter 12: Command Line Interface (CLI) Configuring Network The network menu commands are used to configure the Dominion KX II network adapter. Commands interface Description Configure the Dominion KX II device network interface. name Network name configuration ipv6 Set/get IPv6 network parameters. Interface Command The Interface command is used to configure the Dominion KX II network interface.
Chapter 12: Command Line Interface (CLI) Name Command The name command is used to configure the network name.
Chapter 13 Dominion KX II Local Console In This Chapter Overview ................................................................................................240 Using the Dominion KX II Local Console ..............................................240 Dominion KX II Local Console Interface................................................241 Security and Authentication ...................................................................241 Local Console Smart Card Access ....................................
Chapter 13: Dominion KX II Local Console Dominion KX II Local Console Interface When you are located at the server rack, the Dominion KX II provides standard KVM management and administration via the Dominion KX II Local Console. The Dominion KX II Local Console provides a direct KVM (analog) connection to your connected servers; the performance is exactly as if you were directly connected to the server's keyboard, mouse, and video ports.
Chapter 13: Dominion KX II Local Console Local Console Smart Card Access To use a smart card to access a server at the Local Console, plug a USB smart card reader into the Dominion KX II using one of the USB ports located on the Dominion KX II. Once a smart card reader is plugged in or unplugged from the Dominion KX II, the Dominion KX II autodetects it.
Chapter 13: Dominion KX II Local Console To update the Card Readers Detected list: Click Refresh if a new smart card has been mounted. The Card Readers Detected list will be refreshed to reflect the newly added smart card reader. Smart Card Access in KX2 8 Devices If you are using a smart card reader to access a server from the Local Console through a KX2-832 or KX2-864 device, the extended local port (Local Port Settings page) must be disabled.
Chapter 13: Dominion KX II Local Console 2. In the Select Profile To Use field, select the profile to use from among those available for the port. 3. Click OK. The USB profile will be applied to the local port and will appear in the Profile In Use field. Available Resolutions The Dominion KX II Local Console provides the following resolutions to support various monitors: 800x600 1024x768 1280x1024 Each of these resolutions supports a refresh rate of 60Hz and 75Hz.
Chapter 13: Dominion KX II Local Console Port Access Page (Local Console Server Display) After you login to the Dominion KX II Local Console, the Port Access page opens. This page lists all of the Dominion KX II ports, the connected KVM target servers, and their status and availability. Also displayed on the Port Access page are blade chassis that have been configured in the Dominion KX II.
Chapter 13: Dominion KX II Local Console To use the Port Access page: 1. Log in to the Local Console. The KVM target servers are initially sorted by Port Number. You can change the display to sort on any of the columns. Port Number - Numbered from 1 to the total number of ports available for the Dominion KX II device. Note that ports connected to power strips will not be among those listed, resulting in gaps in the Port Number sequence. Port Name - The name of the Dominion KX II port.
Chapter 13: Dominion KX II Local Console Availability - The Availability can be Idle, Connected, Busy, or Unavailable. Blade servers will have an availability of either shared or exclusive when a connection to that blade is in place. 2. Click View by Port or View by Group to switch between views. In addition to the Port Number, Port Name, Status, Type, and Availability, a Group column is also displayed on the View by Group tab. This column contains the port groups that are available. 3.
Chapter 13: Dominion KX II Local Console Standard servers Connect key action Key sequence example Double Click Scroll Lock Blade chassis Connect key action Key sequence example Access a port from the local port GUI Access port 5, slot 2: Switch between ports Switch from target port 5, slot 2 to port 5, slot 11: Disconnect from a target and return to the local port GUI Press Left ALT > Press and Release 5 > Press and Release - > Press and Release 2 > Release Left ALT Press Left ALT > Press an
Chapter 13: Dominion KX II Local Console Sun key Local port key combination Cut Ctrl + Alt + F10 Paste Ctrl + Alt + F8 Mute Ctrl + Alt + F12 Compose Ctrl+ Alt + KPAD * Vol + Ctrl + Alt + KPAD + Vol - Ctrl + Alt + KPAD - Stop No key combination Power No key combination Accessing a Target Server To access a target server: 1. Click the Port Name of the target you want to access. The Port Action Menu is displayed. 2. Choose Connect from the Port Action menu.
Chapter 13: Dominion KX II Local Console Local Port Administration The Dominion KX II can be managed by either the Dominion KX II Local Console or the Dominion KX II Remote Console. Note that the Dominion KX II Local Console also provides access to: Factory Reset Local Port Settings(available in the Remote Console, as well) Note: Only users with administrative privileges can access these functions.
Chapter 13: Dominion KX II Local Console German (Switzerland) Portuguese (Portugal) Norwegian (Norway) Swedish (Sweden) Danish (Denmark) Belgian (Belgium) Note: Keyboard use for Chinese, Japanese, and Korean is for display only. Local language input is not supported at this time for Dominion KX II Local Console functions. 3. Choose the local port hotkey.
Chapter 13: Dominion KX II Local Console 1024x768 1280x1024 8. Choose the refresh rate from the drop-down list. The browser will be restarted when this change is made. 60 Hz 75 Hz 9. Choose the type of local user authentication. Local/LDAP/RADIUS. This is the recommended option. For more information about authentication, see Remote Authentication (on page 34). None. There is no authentication for Local Console access. This option is recommended for secure environments only.
Chapter 13: Dominion KX II Local Console 10. Click OK. Configuring Dominion KX II Local Port Settings from the Local Console The standard local port and the extended local port can be configured from the Remote Console on the Port Configuration page or from the Local Console on the Local Port Settings page. See Configuring Dominion KX II Local Port Settings (on page 188) for details on configuring these ports.
Chapter 13: Dominion KX II Local Console Dominion KX II Local Console Factory Reset Note: This feature is available only on the Dominion KX II Local Console. The Dominion KX II offers several types of reset modes from the Local Console user interface. Note: It is recommended that you save the audit log prior to performing a factory reset. The audit log is deleted when a factory reset is performed and the reset event is not logged in the audit log.
Chapter 13: Dominion KX II Local Console Resetting the Dominion KX II Using the Reset Button On the back panel of the device, there is a Reset button. It is recessed to prevent accidental resets (you will need a pointed object to press this button). The actions that are performed when the Reset button is pressed are defined in the graphical user interface. See Encryption & Share. Note: It is recommended that you save the audit log prior to performing a factory reset.
Appendix A Specifications In This Chapter Physical Specifications ..........................................................................256 Environmental Requirements ................................................................258 Computer Interface Modules (CIMs) .....................................................259 Supported CIMs and Operating Systems (Target Servers) ..................261 Supported Paragon CIMS and Configurations ......................................
Appendix A: Specifications Part number Line item description UPC code Power DKX2-132 32-Port Dominion KX II with 1-user network access and local port, virtual media, dual power 785813624079 16-Port Dominion KX II with 2-user network access and local port, virtual media, dual power 785813624086 32-Port Dominion KX II with 2-user network access and local port, virtual media, dual power 785813625021 16-Port Dominion KX II with 4-user network access and local port, virtual media, dual power 7858136
Appendix A: Specifications Part number Line item description UPC code Power Weight Product dimensions (WxDxH) Shipping weight Shipping dimensions (WxDxH) DKX2-464 64-Port Dominion KX II with 4-user network access and local port, virtual media, dual power 785813625298 Dual power 11.29 100/240 V lbs 50/60 Hz 5.12 kg 1A 64 Watts 17.3” x 11.6” x 3.5” 19.8 lbs 22” x 16.5” x 6.
Appendix A: Specifications Operating Altitude N/A Vibration 5-55-5 HZ, 0.38mm, 1 minutes per cycle; 30 minutes for each axis (X, Y, Z) Shock N/A Non-Operating Temperature 0°C- 50°C (32°F - 122°F) Humidity 10% - 90% RH Altitude N/A Vibration 5-55-5 HZ, 0.
Appendix A: Specifications Part number Line item description Product weight Product dimensions (WxDxH) Shipping weight Shipping dimensions (WxDxH) UPC code Interface Module [USB and Sun USB Port] G2 CIM DCIM-SUN Dominion KX I & 0.2 lbs II Computer Interface Module [Sun Port, HD15 Video] 1.3" x 3.0" x 0.6" 0.2 lbs 7.2" x 9" x 0.6" 785813338549 D2CIM-PWR Dominion KX II 0.2 lbs Computer Interface Module for Remote Power strips 1.3" x 3.0" x 0.6" 0.2 lbs 7.2" x 9" x 0.
Appendix A: Specifications Supported CIMs and Operating Systems (Target Servers) In addition to the new Dominion KX II D2CIMs, most Paragon® and Dominion KX I CIMs are supported. The following table displays the supported target server operating systems, CIMs, virtual media, and mouse modes. Note: Only 32 BIT operating systems for Windows® and Linux® target servers are supported for Generation 1 devices.
Appendix A: Specifications Supported Paragon CIMs P2CIM-PS2 Operating system and serial devices (where applicable) Windows XP® Windows 2000® Windows 2000 Server® Windows 2003 Server® Windows Vista® Windows 7® Windows 2008® Red Hat® Enterprise Linux® 4 ES Red Hat Enterprise Linux 5 Open SUSE 10, 11 Fedora® 8 - 11 IBM® AIX™ HP UX P2CIM-AUSB Windows XP UUSBPD Windows 2000 Windows 2000 Server Windows 2003 Server Windows Vista
Appendix A: Specifications Supported Paragon CIMs UKVMPD (version 0C4) Note: Version 0C5 does not work with Dominion KX II.
Appendix A: Specifications Supported Dominion KX I DCIMs DCIM-PS2 264 DCIM-USB Target server Windows XP Windows 2000 Windows 2000 Server Windows 2003 Server Windows Vista Windows 7 Windows 2008 Red Hat Enterprise Linux 4 ES Red Hat Enterprise Linux 5 Open SUSE 10, 11 Fedora Core 3 and above IBM AIX HP UX Windows XP Windows 2000 Windows 2000 Server Windows 2003 Server Windows Vista Windows 7 Windows 2008 Red Hat Ente
Appendix A: Specifications Supported Dominion KX I DCIMs DCIM-USBG2 Target server Windows XP Windows 2000 Windows 2000 Server Windows 2003 Server Windows Vista Windows 7 Windows 2008 Red Hat Enterprise Linux 4 ES Red Hat Enterprise Linux 5 Open SUSE 10, 11 Fedora 8 - 11 Mac OS All Solaris OSs supported in Dominion KX I IBM AIX HP UX Virtual media Absolute Intelligent Standard Mouse mode Mouse mode Mouse mode Note: The DCIM-USBG2 and P2CIM-AU
Appendix A: Specifications Supported Dominion KX II D2CIMs D2CIM-VUSB Target server and remote power strips (where applicable) Windows XP Windows 2000 Windows 2000 Server Windows 2003 Server Windows Vista Windows 7 Windows 2008 Open SUSE 10, 11 Fedora Core 3 and above Red Hat Enterprise Linux 4 ES Red Hat Enterprise Linux 5 Mac OS Virtual media Absolute Mouse mode Note: D2CIM-VUSB is not supported on Sun™ (Solaris) targets.
Appendix A: Specifications Supported Paragon CIMS and Configurations The Dominion KX II supports the P2CIM-APS2DUAL and P2CIM-AUSBDUAL CIMs, which provide two RJ45 connections to different KVM switches. Support of these CIMs provides a second path to access the target in the event that one of the KVM switches is blocked or fails.
Appendix A: Specifications Dominion KX II to Dominion KX II Guidelines The following system configuration guidelines should be followed when you are using Paragon CIMs in a Dominion KX II to Dominion KX II configuration: Concurrent Access Concurrent access guarantees that concurrent access to targets is prohibited for all targets by all user groups. Both Dominion KX II KVM switches should be configured with the same policy for concurrent access to targets.
Appendix A: Specifications If a connection to the target is in place from the other Dominion KX II, the availability is checked when a connection is attempted. Access is denied or allowed consistent with the PC-Share policy in place for the Dominion KX II. Until that time, the availability is not be updated on the other Dominion KX II. If access is denied because the target is busy, a notification is displayed.
Appendix A: Specifications Paragon II operation mode Mode description Supported? indicate „available‟. PC Share A server or other device on a specific channel port can be selected and controlled by more than one user, but only one user has keyboard and mouse control at any one time. Supported. However, PC Share Idle Timeout, which is configured on the Paragon II, is not supported. Both users will have concurrent keyboard and mouse control. The Paragon II uses Green to indicate „available‟.
Appendix A: Specifications Supported Operating Systems (Clients) The following operating systems are supported on the Virtual KVM Client and Multi-Platform Client (MPC): Client operating system Windows 7 Virtual media (VM) support on client ® Yes ® Windows XP Yes Windows 2008® Yes ® Yes Windows Vista Windows 2000 SP4® Server Yes ® Windows 2003 Server Yes Windows 2008® Server Yes Red Hat® Desktop 5.0 Yes. Locally held ISO image, Remote File Server mounting directly from Dominion KX II.
Appendix A: Specifications Mode Operating system Windows Server 2003 Windows Vista ® Windows 7® Windows XP Windows x64 64-bit mode Windows XP Professional® Windows XP Tablet® Windows Vista Windows Server 2003 Windows Server 2008 Windows 7 ® Browser Internet Explorer 6.0 SP1++, IE 7, IE 8 Mozilla 1.4.X or 1.7+ Netscape 7.X Firefox 1.06 - 3 Internet Explorer 7.0 or 8.0 Internet Explorer 7.0 or 8.0 Firefox 1.06 - 3 64bit OS, 32bit browsers: Internet Explorer 6.0 SP1+, 7.
Appendix A: Specifications Devices Supported by the KX2-832 and KX2-864 Extended Local Port The extended local port supports attachment from the following devices: KX2-832 and KX2-864. Paragon II User Station (P2-UST) connected directly to extended local port. Paragon II Enhanced User Station (P2-EUST) connected directly to extended local port. Cat5Reach URKVMG Receiver connected directly to extended local port.
Appendix A: Specifications EUST Paragon EUST 500 400 URKVM 650 250 Paragon UST 500 200 Remote Connection Remote connection Details Network 10BASE-T, 100BASE-T, and 1000BASE-T (Gigabit) Ethernet Protocols TCP/IP, UDP, SNTP, HTTP, HTTPS, RADIUS, LDAP/LDAPS Supported Video Resolutions Ensure that each target server's video resolution and refresh rate are supported by the Dominion KX II and that the signal is noninterlaced.
Appendix A: Specifications Resolutions 720x400 @84Hz 1280x960 @60Hz 720x400 @85Hz 1280x960 @85Hz 800x600 @56Hz 1280x1024 @60Hz 800x600 @60Hz 1280x1024 @75Hz 800x600 @70Hz 1280x1024 @85Hz 800x600 @72Hz 1360x768@60Hz 800x600 @75Hz 1366x768@60Hz 800x600 @85Hz 1368x768@60Hz 800x600 @90Hz 1400x1050@60Hz 800x600 @100Hz 1440x900@60Hz 832x624 @75.1Hz 1600x1200 @60Hz 1024x768 @60Hz 1680x1050@60Hz Note: Composite Sync and Sync-on-Green video require an additional adapter.
Appendix A: Specifications Language Regions Keyboard layout US English International United States of America and most of English-speaking countries: for example, Netherlands US Keyboard layout UK English United Kingdom UK layout keyboard Chinese Traditional Hong Kong S. A. R.
Appendix A: Specifications Type Vendor Model Verified USB SCM Microsystems SCR331 Verified on local and remote USB ActivIdentity® ActivIdentity USB Reader v2.0 Verified on local and remote USB ActivIdentity ActivIdentity USB Reader v3.
Appendix A: Specifications Type Vendor Model PRO™ Notes implementation Minimum System Requirements Local Port Requirements The basic interoperability requirement for local port attachment to the Dominion KX II is: All devices (smart card reader or token) that are locally attached must be USB CCID-compliant.
Appendix A: Specifications Operating system CCID requirements RHEL 5 ccid-1.3.8-1.el5 SuSE 11 pcsc-ccid-1.3.8-3.12 Fedora® Core 10 ccid-1.3.8-1.fc10.i386 Remote Client Requirements The basic requirements for interoperability at the remote client are: The IFD (smart card reader) Handler must be a PC/SC compliant device driver. The ICC (smart card) Resource Manager must be available and be PC/SC compliant. The JRE™ 1.6.
Appendix A: Specifications Port Description HTTP, Port 80 This port can be configured as needed. See HTTP and HTTPS Port Settings (on page 138). By default, all requests received by the Dominion KX II via HTTP (port 80) are automatically forwarded to HTTPS for complete security. The Dominion KX II responds to Port 80 for user convenience, relieving users from having to explicitly type in the URL field to access the Dominion KX II, while still preserving complete security.
Appendix A: Specifications Network Speed Settings Dominion KX II network speed setting Network switch port setting Auto Auto Highest Available Speed 1000/Full 1000/Full 100/Full Dominion KX II: 100/Full 100/Half 100/Half Switch: 100/Half 1000/Full 100/Full 100/Half 10/Full Dominion KX II: 10/Full 10/Half 10/Half Switch: 10/Half 1000/Full 1000/Full No No No No Communica Communicat Communica Communicat tion ion tion ion Dominion KX II: 100/Half Dominion KX II: 100/Half 100/Full Switch: 100/F
Appendix A: Specifications Functions; not recommended NOT supported by Ethernet specification; product will communicate, but collisions will occur Per Ethernet specification, these should be “no communication,” however, note that the Dominion KX II behavior deviates from expected behavior Note: For reliable network communication, configure the Dominion KX II and the LAN switch to the same LAN Interface Speed and Duplex.
Appendix B Updating the LDAP Schema Note: The procedures in this chapter should be attempted only by experienced users. In This Chapter Returning User Group Information ........................................................283 Setting the Registry to Permit Write Operations to the Schema ...........284 Creating a New Attribute .......................................................................284 Adding Attributes to the Class ...............................................................
Appendix B: Updating the LDAP Schema Setting the Registry to Permit Write Operations to the Schema To allow a domain controller to write to the schema, you must set a registry entry that permits schema updates. To permit write operations to the schema: 1. Right-click the Active Directory® Schema root node in the left pane of the window and then click Operations Master. The Change Schema Master dialog appears. 2. Select the "Schema can be modified on this Domain Controller" checkbox. Optional 3. Click OK.
Appendix B: Updating the LDAP Schema 3. Click New and then choose Attribute. When the warning message appears, click Continue and the Create New Attribute dialog appears. 4. Type rciusergroup in the Common Name field. 5. Type rciusergroup in the LDAP Display Name field. 6. Type 1.3.6.1.4.1.13742.50 in the Unique x5000 Object ID field. 7. Type a meaningful description in the Description field. 8. Click the Syntax drop-down arrow and choose Case Insensitive String from the list. 9.
Appendix B: Updating the LDAP Schema 2. Scroll to the user class in the right pane and right-click it. 3. Choose Properties from the menu. The user Properties dialog appears. 4. Click the Attributes tab to open it. 5. Click Add.
Appendix B: Updating the LDAP Schema 6. Choose rciusergroup from the Select Schema Object list. 7. Click OK in the Select Schema Object dialog. 8. Click OK in the User Properties dialog. Updating the Schema Cache To update the schema cache: 1. Right-click Active Directory® Schema in the left pane of the window and select Reload the Schema. 2. Minimize the Active Directory Schema MMC (Microsoft® Management Console) console.
Appendix B: Updating the LDAP Schema 3. Go to the directory where the support tools were installed. Run adsiedit.msc. The ADSI Edit window opens. 4. Open the Domain.
Appendix B: Updating the LDAP Schema 5. In the left pane of the window, select the CN=Users folder. 6. Locate the user name whose properties you want to adjust in the right pane. Right-click the user name and select Properties.
Appendix B: Updating the LDAP Schema 7. Click the Attribute Editor tab if it is not already open. Choose rciusergroup from the Attributes list. 8. Click Edit. The String Attribute Editor dialog appears. 9. Type the user group (created in the Dominion KX II) in the Edit Attribute field. Click OK.
Appendix C Informational Notes In This Chapter Overview ................................................................................................291 Java Runtime Environment (JRE) .........................................................291 IPv6 Support Notes ...............................................................................292 Keyboards .............................................................................................293 Mouse Pointer Synchronization (Fedora) ...............
Appendix C: Informational Notes IPv6 Support Notes Java Java™ 1.6 supports IPv6 for the following: Solaris™ 8 and higher Linux® kernel 2.1.2 and higher (RedHat 6.1 and higher) Java 5.0 and above supports the IPv6 for the following: Solaris 8 and higher Linux kernel 2.1.2 and higher (kernel 2.4.0 and higher recommended for better IPv6 support) Windows XP® SP1 and Windows 2003®, Windows Vista® operating systems The following IPv6 configurations are not supported by Java: J2SE 1.
Appendix C: Informational Notes Keyboards Non-US Keyboards French Keyboard Caret Symbol (Linux® Clients Only) The Virtual KVM Client and the Multi-Platform Client (MPC) do not process the key combination of Alt Gr + 9 as the caret symbol (^) when using French keyboards with Linux clients. To obtain the caret symbol: From a French keyboard, press the ^ key (to the right of the P key), then immediately press the space bar. Alternatively, create a macro consisting of the following commands: 1.
Appendix C: Informational Notes Tilde Symbol From the Virtual KVM Client and the Multi-Platform Client, the key combination of Alt Gr + 2 does not produce the tilde (~) symbol when using a French keyboard. To obtain the tilde symbol: Create a macro consisting of the following commands: Press right Alt. Press 2. Release 2. Release right Alt.
Appendix C: Informational Notes Note: The Keyboard Indicator should be used on Linux systems using Gnome as a desktop environment. When using a Hungarian keyboard from a Linux client, the Latin letter U with Double Acute and the Latin letter O with Double Acute work only with JRE 1.6. There are several methods that can be used to set the keyboard language preference on Fedora® Linux clients.
Appendix C: Informational Notes Mouse Pointer Synchronization (Fedora) When connected in dual mouse mode to a target server running Fedora® 7, the target and local mouse pointers may lose synchronization after some time. To resynchronize the mouse cursors: Use the Synchronize Mouse option from the Virtual KVM Client.
Appendix C: Informational Notes Fedora Resolving Fedora Core Focus Using the Multi-Platform Client (MPC), occasionally there is an inability to log in to a Dominion KX II device or to access KVM target servers (Windows®, SUSE, and so forth). In addition, the Ctrl+Alt+M key combination may not bring up the Keyboard Shortcut menu. This situation occurs with the following client configuration: Fedora® Core 6 and Firefox® 1.5 or 2.0.
Appendix C: Informational Notes 2. Either comment out this line (using #) or delete it completely. 3. Restart the X server. With this change, the internal video mode timing from the X server will be used and will correspond exactly with the VESA video mode timing, resulting in the proper video display on the Dominion KX II.
Appendix C: Informational Notes USB profile help appears in the USB Profile Help window. For detailed information about specific USB profiles, see Available USB Profiles (on page 101). Raritan provides a standard selection of USB configuration profiles for a wide range of operating system and BIOS level server implementations. These are intended to provide an optimal match between remote USB device and target server configurations.
Appendix C: Informational Notes Changing a USB Profile when Using a Smart Card Reader There may be certain circumstances under which you will need to change the USB profile for a target server. For example, you may need to change the connection speed to "Use Full Speed for Virtual Media CIM" when the target has problems with the "High Speed USB" connection speed.
Appendix C: Informational Notes Windows 2000 Composite USB Device Behavior for Virtual Media The Windows 2000® operating system does not support USB composite devices, like Raritan‟s D2CIM-VUSB, in the same manner as non-composite USB devices. As a result, the “Safely Remove Hardware” system tray icon does not appear for drives mapped by the D2CIM-VUSB and a warning message may appear when disconnecting the device. Raritan has not observed any problems or issues from this message, however.
Appendix C: Informational Notes Accessing Virtual Media on a Windows 2000 Server Using a D2CIM-VUSB A virtual media local drive cannot be accessed on a Windows 2000® server using a D2CIM-VUSB. Target BIOS Boot Time with Virtual Media The BIOS for certain targets may take longer to boot if media is mounted virtually at the target. To shorten the boot time: 1. Close the Virtual KVM Client to completely release the virtual media drives. 2. Restart the target.
Appendix C: Informational Notes Proxy Mode and MPC If you are using Dominion KX II in a CC-SG configuration, do not use the CC-SG proxy mode if you are planning to use the Multi-Platform Client (MPC). Moving Between Ports of the Dominion KX II If you move a between ports of the same Dominion KX II and resume management within one minute, CC-SG may display an error message. If you resume management, the display will be updated.
Appendix D FAQs In This Chapter General Questions.................................................................................305 Remote Access .....................................................................................307 Universal Virtual Media..........................................................................309 USB Profiles ..........................................................................................310 Bandwidth and KVM-over-IP Performance ............................
Appendix D: FAQs General Questions What is the Dominion KX II? The Dominion KX II is a second generation digital KVM (keyboard/video/ mouse) switch that enables one, two, four or eight IT administrators to access and control 8, 16, 32 or 64 servers over the network with BIOS-level functionality. The Dominion KX II is completely hardware and operating system independent. Users can troubleshoot and reconfigure servers even when servers are down.
Appendix D: FAQs In general, customers can continue to use their existing switches for many years. As their data centers expand, customers can purchase and use the new Dominion KX II models. Raritan's centralized management unit, CommandCenter Secure Gateway, and the Multi-Platform Client (MPC) both support KX I and Dominion KX II switches seamlessly. Will my existing KX I CIMs work with the Dominion KX II switches? Yes, existing KX I CIMs will work with the Dominion KX II switch.
Appendix D: FAQs Remote Access How many users can remotely access servers on each Dominion KX II? The Dominion KX II models offer remote connections for up to eight users per user channel to simultaneously access and control a unique target server. For one-channel devices like the DKX2-116, up to eight remote users can access and control a single target server.
Appendix D: FAQs Speed 100Mbps Description Theoretical 100Mbit network speed Time 0.05 seconds 60Mbps Likely practical 100Mbit network speed 0.08 seconds 10Mbps Theoretical 10Mbit network speed .4 seconds 6Mbps Likely practical 10Mbit network speed .8 seconds 512Kbps Cable modem download speed (typical) 8 seconds How do I access servers connected to the Dominion KX II if the network ever becomes unavailable? You can access servers at-the-rack or via modem.
Appendix D: FAQs Universal Virtual Media What Dominion KX II models support virtual media? All of the Dominion KX II models support virtual media. It is available standalone and through Raritan's CommandCenter Secure Gateway, Raritan's centralized management unit. What types of virtual media does the Dominion KX II support? The Dominion KX II supports the following types of media: internal and USB-connected CD/DVD drives, USB mass storage devices, PC hard drives, and ISO images.
Appendix D: FAQs USB Profiles What is a USB profile? Certain servers require a specifically configured USB interface for USB based services such as virtual media. The USB Profile tailors the Dominion KX II‟s USB interface to the server to accommodate these server specific characteristics. Why would I use a USB profile? USB Profiles are most often required at the BIOS level where there may not be full support for the USB specification when accessing virtual media drives.
Appendix D: FAQs A BIOS profile has been tailored to match the requirements of a particular server‟s BIOS that does not implement the full USB specification. The profile enables use of keyboard, mouse, and virtual media at the BIOS level, overcoming the restrictions or limitations of the BIOS. Do I need a special CIM to use USB profiles? You must use a D2CIM-VUSB or D2CIM-DVUSB with updated firmware.
Appendix D: FAQs Bandwidth and KVM-over-IP Performance How is bandwidth used in KVM-over-IP systems? The Dominion KX II offers next generation KVM-over-IP technology – the very best video compression available. Raritan has received numerous technical awards confirming its high video quality transmissions and the low bandwidth utilization.
Appendix D: FAQs Unlike KX I, the Noise Filter parameter does not generally have a large role in reducing bandwidth or improving performance. How much bandwidth does KX II use for common tasks? Bandwidth primarily depends on the user's task and actions. The more the server's video screen changes, the more bandwidth is utilized.
Appendix D: FAQs 314 User task Default 1Mbit speed & 8 bit color 700 - 2500 KB/s 1Mbit speed & 15 bit color 400 - 500 KB/s QuickTime video #1 QuickTime video #2 1500 - 2500 KB/s 400 - 550 KB/s 200 - 350 KB/s 150 - 350 KB/s
Appendix D: FAQs With the reduced bandwidth settings, bandwidth is reduced significantly for virtually all tasks. With the 15 bit color setting, perceived performance is similar to the default parameters. Further, bandwidth reductions are possible with additional changes in the settings. Please note that these bandwidth figures are only examples and may vary from those seen in your environment due to many factors.
Appendix D: FAQs The connection speed and color depth settings can be tweaked to optimize performance for slower bandwidth links. For example, in the Multi-Platform Client or the Virtual KVM Client, set the connection speed to 1.5Mb or 1Mb and the color depth to 8 bit. Even lower connection speeds and color depths can be used for very low bandwidth situations. I want to connect over the Internet.
Appendix D: FAQs Ethernet and IP Networking Does the Dominion KX II offer dual gigabit Ethernet ports to provide redundant fail-over? Yes. The Dominion KX II features dual gigabit Ethernet ports to provide redundant failover capabilities. Should the primary Ethernet port (or the switch/router to which it is connected) fail, the Dominion KX II will failover to the secondary network port with the same IP address, ensuring that server operations are not disrupted.
Appendix D: FAQs How many TCP ports must be open on my firewall in order to enable network access to the Dominion KX II? Are these ports configurable? Only one. The Dominion KX II protects network security by only requiring access to a single TCP port to operate. This port is completely configurable for additional security. Note that, of course, to use the Dominion KX II's optional web browser capability, the standard HTTPS port 443 must also be open.
Appendix D: FAQs Port 5000 conflicts - If another device is using port 5000, the Dominion KX II default port must be changed (or the other device must be changed). When changing the IP address of the Dominion KX II or swapping in a new Dominion KX II, sufficient time must be allowed for its IP and MAC addresses to be known throughout the Layer 2 and Layer 3 networks.
Appendix D: FAQs IPv6 Networking What is IPv6? IPv6 is the acronym for “Internet Protocol Version 6”. IPv6 is the “next generation” IP protocol which will replace the current IP Version 4 (IPv4) protocol. IPv6 addresses a number of problems in IPv4, such as the limited number of IPv4 addresses. It also improves IPv4 in areas such as routing and network auto-configuration. IPv6 is expected to gradually replace IPv4, with the two coexisting for a number of years.
Appendix D: FAQs The Dominion KX II‟s default networking is set at the factory for IPv4 only. When you are ready to use IPv6, then follow the above instructions to enable IPv6/IPv4 dual stack operation. Where can I get more information on IPv6? See www.ipv6.org for general information on IPv6. The Dominion KX II User Guide describes the Dominion KX II‟s support for IPv6.
Appendix D: FAQs Servers Does the Dominion KX II depend on a Windows server to operate? Absolutely not. Because users depend on the KVM infrastructure to always be available in any scenario whatsoever (as they will likely need to use the KVM infrastructure to fix problems), the Dominion KX II is designed to be completely independent from any external server.
Appendix D: FAQs For many KVM-over-IP users, mouse synchronization is a frustrating experience. The Dominion KX II‟s Absolute Mouse Synchronization provides for a tightly synchronized mouse without requiring server mouse setting changes on Windows and Apple® Mac® servers. For other servers, the Intelligent Mouse mode or the speedy, single mouse mode can be used to avoid changing the server mouse settings. Blade Servers Can I connect blade servers to the Dominion KX II? Yes you can.
Appendix D: FAQs Are the Paragon Blade CIMs used? No, the Paragon II Blade CIM will not work with the Dominion KX II. Which CIM should I use? It depends on the type of KVM ports on the specific make and model of the blade server you are using. The following CIMs are supported: DCIM-PS2, DCIM-USBG2, D2CIM-VUSB and D2CIM-DVUSB.
Appendix D: FAQs I'm running VMWare on some of my blade servers. Is this supported? Yes, with CC-SG you can display and access virtual machines running on blade servers. Is virtual media supported? We support VM on IBM BladeCenter® Model H and E with the D2CIM DVUSB. Is Absolute Mouse Synchronization supported? Servers with internal KVM switches inside the blade chassis typically do not support absolute mouse technology.
Appendix D: FAQs Installation Besides the device itself, what do I need to order from Raritan to install the Dominion KX II? Each server that connects to the Dominion KX II requires a Dominion or Paragon Computer Interface Module (CIM), an adapter that connects directly to the keyboard, video, and mouse ports of the server. What kind of Cat5 cabling should be used in my installation? The Dominion KX II can use any standard UTP (unshielded twisted pair) cabling, whether Cat5, Cat5e, or Cat6.
Appendix D: FAQs Servers connected to the Dominion KX II do not require any software agents to be installed, because the Dominion KX II connects directly via hardware to servers' keyboard, video, and mouse ports. How many servers can be connected to each the Dominion KX II device? The Dominion KX II models range from 8, 16, or 32 server ports in a 1U chassis to 64 server ports in a 2U chassis. This is the industry's highest digital KVM switch port density.
Appendix D: FAQs Local Port How do I physically connect multiple Dominion KX II devices together into one solution? Can I access my servers directly from the rack? Yes. At the rack, the Dominion KX II functions just like a traditional KVM switch, allowing control of up to 64 servers using a single keyboard, monitor, and mouse. Can I consolidate the local ports of multiple Dominion KX II’s? Yes.
Appendix D: FAQs If the Dominion KX II is configured to interact with an external RADIUS, LDAP, or Active Directory server, users attempting to access the local port will authenticate against the same server. If the external authentication servers are unavailable, the Dominion KX II fails-over to its own internal authentication database. The Dominion KX II has its own standalone authentication, enabling instant, out-of-the-box installation.
Appendix D: FAQs Extended Local Port (Dominion KX2-832 and KX2-864 Models Only) What is the extended local port? The Dominion KX2-832 and KX2-864 feature an extended local port. The Dominion KX II eight user models have a standard local port, plus a new extended local port that extends the local port, via Cat5 cable, beyond the rack to a control room, another point in the data center or to a Paragon II switch.
Appendix D: FAQs Power Control Does the Dominion KX II have a dual power option? All of the Dominion KX II models come equipped with dual AC inputs and power supplies with automatic fail-over. Should one of the power inputs or power supplies fail, then the Dominion KX II will automatically switch to the other. Does the power supply used by the Dominion KX II automatically detect voltage settings? Yes. The Dominion KX II's power supply can be used in AC voltage ranges from 100-240 volts, at 50-60 Hz.
Appendix D: FAQs Yes. PDU-level power statistics, including power, current and voltage, are retrieved from the PDU and displayed to the user. Does remote power control require any special server configuration? Some servers ship with default BIOS settings such that the server does not automatically restart after losing and regaining power. For these servers, see the server‟s documentation to change this setting.
Appendix D: FAQs Scalability How do I physically connect multiple Dominion KX II devices together into one solution? To physically connect multiple Dominion KX II devices together for consolidated local access, you can connect the local ports of multiple “tiered” (or “cascaded”) Dominion KX II switches to a “base” Dominion KX II using the “tiering” feature of the Dominion KX II.
Appendix D: FAQs For customers wanting stand-alone usage (without a central management system), multiple Dominion KX II units still interoperate and scale together via the IP network. Multiple Dominion KX II switches can be accessed from the Dominion KX II web-based user interface and from the Multiplatform Client (MPC). Can I connect an existing analog KVM switch to the Dominion KX II? Yes. Analog KVM switches can be connected to one of the Dominion KX II's server ports.
Appendix D: FAQs Computer Interface Modules (CIMs) Can I use Computer Interface Modules (CIMs) from Raritan's analog matrix KVM switch, Paragon, with the Dominion KX II? Yes. Certain Paragon computer interface modules (CIMs) may work with the Dominion KX II (check the Raritan Dominion KX II release notes on the website for the latest list of certified CIMs).
Appendix D: FAQs Security Is the Dominion KX II FIPS 140-2 Certified? The Dominion KX II, as of Release 2.2.0, provides users with the option to use an embedded FIPS 140-2-validated cryptographic module running on a Linux platform per FIPS 140-2 implementation guidelines. This cryptographic module is used for encryption of KVM session traffic consisting of video, keyboard, mouse, virtual media and smart card data.
Appendix D: FAQs Yes, the Dominion KX II has administrator-configurable, strong password checking to ensure that user-created passwords meet corporate and/or government standards and are resistant to brute force hacking. If the Dominion KX II encryption mode is set to Auto, what level of encryption is achieved? The encryption level that is autonegotiated is dependent on the browser in use. Can I upload my own digital certificate to the Dominion KX II? Yes.
Appendix D: FAQs Smart Cards and CAC Authentication Does the Dominion KX II support smart card and CAC authentication? Yes, smart cards and DoD Common Access Card (CAC) authentication to target servers is supported in release 2.1.10 and later. What Dominion KX II models support smart cards/CAC? All Dominion KX II models are supported. The Dominion KSX2 and KX2-101 do not currently support smart cards and CAC. Do enterprise and SMB customers use smart cards, too? Yes.
Appendix D: FAQs Manageability Can the Dominion KX II be remotely managed and configured via web browser? Yes, the Dominion KX II can be completely configured remotely via web browser. Note that this does require that the workstation have an appropriate Java Runtime Environment (JRE) version installed. Besides the initial setting of the Dominion KX II's IP address, everything about the solution can be completely set up over the network.
Appendix D: FAQs Miscellaneous What is the Dominion KX II's default IP address? 192.168.0.192 What is the Dominion KX II's default user name and password? The Dominion KX II's default user name is admin and the default password is raritan [all lower case]. However, for the highest level of security, the Dominion KX II forces the administrator to change the Dominion KX II default administrative user name and password when the unit is first booted up.
Index A A.
Index Connecting to Virtual Media • 96 Connection Information • 59 Connection Properties • 57 Create User Groups and Users • 35 Creating a New Attribute • 284 D D.
Index Interface Command • 238 Interfaces • 36 Introduction • 1 IPv6 Command • 239 IPv6 Networking • 320 IPv6 Support Notes • 292 J Java Runtime Environment (JRE) • 291 K Keyboard Language Preference (Fedora Linux Clients) • 294 Keyboard Macros • 59 Keyboard Options • 59 Keyboards • 293 KX2-832 and KX2-864 Extended Local Port Recommended Maximum Distances • 273 KX2-832 and KX2-864 Standard and Extended Local Port Settings • 188, 192 L LAN Interface Settings • 32, 135 Launching MPC from a Web Browser • 51
Index R RADIUS Communication Exchange Specifications • 128 Rebooting • 219 Refresh Screen • 62 Related Documentation • 1 Relationship Between Users and Groups • 109 Remote Access • 307 Remote Authentication • 34, 190, 252 Remote Client Requirements • 279 Remote Connection • 274 Required and Recommended Blade Chassis Configurations • 166, 168, 172, 182 Resetting the Dominion KX II Using the Reset Button • 255 Resolving Fedora Core Focus • 297 Resolving Issues with Firefox Freezing when Using Fedora • 297 Re
Index SUSE Linux 10.
U.S./Canada/Latin America Monday - Friday 8 a.m. - 6 p.m. ET Phone: 800-724-8090 or 732-764-8886 For CommandCenter NOC: Press 6, then Press 1 For CommandCenter Secure Gateway: Press 6, then Press 2 Fax: 732-764-8887 Email for CommandCenter NOC: tech-ccnoc@raritan.com Email for all other products: tech@raritan.com China Europe Europe Monday - Friday 8:30 a.m. - 5 p.m. GMT+1 CET Phone: +31-10-2844040 Email: tech.europe@raritan.com United Kingdom Monday - Friday 8:30 a.m. to 5 p.m.
