Installation and Operations Manual Dominion SX Series C UL US LISTED 1F61 I.T.E. Copyright ©2005 Raritan Computer, Inc. DSX-0H-E September 2005 255-60-2000 Raritan Computer Inc. 400 Cottontail Lane Somerset, NJ 08873 USA Tel. 1-732-764-8886 Fax. 1-732-764-8887 E-mail: sales@raritan.com http://www.raritan.com Raritan Computer Europe, B.V. Eglantierbaan 16 2908 LV Capelle aan den IJssel The Netherlands Tel. 31-10-284-4040 Fax. 31-10-284-4049 E-mail: sales.europe@raritan.com http://www.raritan.
This page intentionally left blank.
Copyright and Trademark Information This document contains proprietary information that is protected by copyright. All rights reserved. No part of this document may be photocopied, reproduced, or translated into another language without express prior written consent of Raritan Computer, Inc. ©Copyright 2005 Raritan Computer, Inc., Dominion, RaritanConsole, SecureChat, Remote Power Control, Paragon, Powerboard and the Raritan company logo are trademarks or registered trademarks of Raritan Computer, Inc.
This page intentionally left blank.
CONTENTS i Contents Chapter 1: Introduction .................................................................. 1 Dominion SX Overview ..............................................................................................................1 Product Photos...........................................................................................................................1 Product Features.............................................................................................................
ii CONTENTS Chapter 5: Using the Command Line Interface with Secure Shell and Telnet..................................................................................... 69 Secure Shell (SSH) Access .....................................................................................................69 Interactive Session...................................................................................................................
CONTENTS iii Appendix G: Modem Configuration............................................. 131 Client Dialup Networking Configuration .................................................................................131 Windows NT Dialup Networking Configuration......................................................................131 Windows 98 Dialup Networking Configuration.......................................................................133 Windows 2000 Dialup Networking Configuration...............
iv FIGURES Figures Figure 1 Dominion SX32 Unit...........................................................................................................................1 Figure 2 Rear Panel of 32-port single power supply model .............................................................................4 Figure 3 Default Settings for Factory Reset Mode ...........................................................................................4 Figure 4 Hardware Setup for Initial Software Configuration ..
FIGURES v Figure 52 View Self-Signed Certificate Display..............................................................................................50 Figure 53 Activating Default Certificate ..........................................................................................................51 Figure 54 Generate CSR Request Display ....................................................................................................51 Figure 55 CSR Configurable Parameters ...........................
vi FIGURES Figure 106 Unit Selection Display per User .................................................................................................129 Figure 107 LDAP Configuration Screen .......................................................................................................130 Figure 108 Dial-Up Networking Display .......................................................................................................131 Figure 109 New Phone Entry Display ...............................
CHAPTER 1: INTRODUCTION 1 Chapter 1: Introduction Dominion SX Overview The Dominion SX Series of Serial over IP Console Servers offers convenient and secure, remote access and control via LAN/WAN, Internet or Dial-up modem of all networking devices. Dominion SX connects to any networking device (servers, firewalls, load balancer, etc.) via the serial port and provides the ability to remotely and securely manage the device using any Web browser.
2 DOMINION SX INSTALLATION AND OPERATIONS MANUAL − Observer: Has read-only access to the console window; cannot modify the configuration of unit (except own password). Strong Security and User-Authentication • • • • • SSHV2 Support. Encryption Security: 128-bit Secure Socket Layer (SSL) handshake protocol and RC4 encryption. User Authentication Security: Login Name and Password scheme (MD5 Hash) with global Access Control List (ACL).
CHAPTER 2: INSTALLATION 3 Chapter 2: Installation Beginning with the Dominion SX release 2.5, there are two ways of completing the initial network installation of the Dominion SX – via Ethernet (with an installation computer), and via a serial cable with a VT100/equivalent, e.g., a PC with HyperTerminal. Please refer to the Quick Setup Guide for Command Line/serial cable installation instructions. This section describes the steps necessary to configure Dominion SX for use on a local area network (LAN).
4 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Hardware Installation SelfTest and Factory Reset LED RJ45 serial ports Terminal/Factory Reset (RESERVED) Primary LAN Connection Modem Figure 2 Rear Panel of 32-port single power supply model Physical Installation of Dominion SX for Initial Configuration: 1. Obtain a computer with a network card and crossover network cable. This computer will be referred to as the ‘installation computer.’ 2. Physically mount the unit in an ergonomically sound manner.
CHAPTER 2: INSTALLATION 8. 9. 5 Example: route add 192.168.0.192 15.128.122.12 -interface On the command line interface, type: ping 192.168.0.192. a. If this command successfully produces a reply from the Dominion SX unit, please proceed to step 9. b. If this does not produce a reply, verify that the default IP address is entered correctly and there is a route to that IP address. Use the installation computer to connect to the unit, typing the factory default IP address 192.168.0.
6 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Initial Configuration 1. 2. 3. Disable Proxies in the installation computer Web browser. Use “no Proxies” or temporarily add 192.168.0.192 to the list of URLs for which no proxy is configured. Enable Java Applet Execution in the installation computer Web browser. Access the unit through your installation computer Web browser on the same subnet by typing the URL https://192.168.0.192 into the address/location field.
CHAPTER 2: INSTALLATION 7 Dominion SX Initial configuration can also be performed through CLI; please see Chapter 4: Console Features, Factory Reset for additional information. 1. Initially, you must change the administrator password. Access the unit through your Web browser on an installation computer that is on the same subnet by typing the URL: https://192.168.0.192. Figure 5 Change Password Screen 2. 3. Type the new password in the New Password field. The default password is raritan.
8 DOMINION SX INSTALLATION AND OPERATIONS MANUAL 4. Click on the [Configuration] button in the left navigation panel to view the Configuration screens, and then click on the Time tab to configure the current date and time. Features such as certificate generation depend on the correct Timestamp, used to check the validity period of the certificate. In addition, the Syslog and NFS logging features also use the system time for time-stamping log entries. Figure 7 Time and Date Configuration Screen 5. 6. 7.
CHAPTER 2: INSTALLATION 9 11. Click on the [Save] button. A confirmation window will appear; click [OK] to accept all data, or click [Cancel] to return to the Configuration screens. Figure 9 Confirm Save Window 12. If you click [OK], Dominion SX must reboot. A confirmation window will appear; click [OK] to reboot the SX, or click [Cancel] to return to the Configuration screens. Figure 10 Confirm Reboot Screen 13. Dominion SX will automatically disconnect to update the configuration.
10 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Deployment After the Initial Software Configuration phase, a Dominion SX unit is configured for operation on the LAN. Ethernet Connection Browser Dominion SX Unit Installation Computer LAN Figure 10 Deployment 1. 2. 3. 4. 5. 6. 7. Ensure that you have an Ethernet cable connected to the network for use with the unit. Physically mount the unit in an ergonomically sound manner.
CHAPTER 3: OPERATION 11 Chapter 3: Operation Overview Once the Dominion SX unit has been deployed in its final destination, you can access the console of the target device. This chapter explains the normal operational procedures. Accessing the Remote Device The remote device can be accessed in one of two ways, either browser-based or by direct port access and used either as a user-based remote device access method or used for application programs to access the target device programmatically.
12 DOMINION SX INSTALLATION AND OPERATIONS MANUAL 3. When the login screen appears, enter your Login Name and Password, and click on the [Login] button. Please note that multiple logins using the same Login Name are permitted. Figure 12 Login Display 4. When the main display page appears, click on the desired [Port#] button to launch that port’s console display.
CHAPTER 3: OPERATION 13 Security Dialog for Console Display RaritanConsole, an applet included with your Dominion SX unit, is designed to enable access to your computer’s resources, including the default code set preferences. Internet Explorer Before the RaritanConsole window appears, a Security Warning screen requests permission to access computer resources. The dialog indicates that the authenticity of the signer, Raritan, has been verified by VeriSign, Inc.
14 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Netscape Navigator RaritanConsole loads without displaying a Security Warning window. When actions that require user permissions are performed, a security dialog will appear. Each operation requires a unique permission. Once permissions are granted, they will not be requested again in the same session. Users can also check the [Remember this decision] checkbox to avoid being asked for permissions every new session.
CHAPTER 4: CONSOLE FEATURES 15 Chapter 4: Console Features There are six drop-down menus available in the menu bar of the console window: • • • • • • Emulator Edit Chat Tools Script Help Emulator Settings The Settings window displays the Terminal Type and Cursor Type for the console window. • • The unit supports Terminal Type VT100/ANSI, which cannot be changed. The Cursor Type can be either Line or Block, depending on your preference.
16 DOMINION SX INSTALLATION AND OPERATIONS MANUAL History The History feature allows you to view the recent history of console sessions by displaying the console messages to and from the target device. This function displays up to 64 kilobytes of recent console message history, allowing a user to see target device events over time. When the size limit is reached, the text will wrap, overwriting the oldest data with the newest.
CHAPTER 4: CONSOLE FEATURES 17 Write Access The user with Write Access can send commands to the target device. Write Access can be transferred among users working in RaritanConsole via the Get Write Access command from the Emulator drop-down menu. To Obtain Write Access: 1. Click on Emulator in the main menu. 2. Select Get Write Access from the drop-down menu. Figure 20 Get Write Access Command 3. 4.
18 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Sending a Break/Null To get access to a certain commands, Sun Solaris servers require a null character (Break) to be sent from the console to get to an OK prompt. This is the equivalent of issuing a STOP-A from the Sun keyboard. Only users with Operator and Administrator privileges can send a “break”; users who are Observers cannot send a “break.” To send an intentional “break” to a Sun Solaris server: 1. Verify that you have the Write Access.
CHAPTER 4: CONSOLE FEATURES 19 User List The User List command allows you to view a list of other users who are accessing the same port. An asterisk (*) appears before the user who has Write Access to the console. To View the User List: 1. Click on Emulator in the main menu. 2. Select User List from the drop-down menu. Figure 22 User List Command and User List Window 3. Click on the [Close] button to close the User List window.
20 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Close To Close RaritanConsole: 1. Click on Emulator in the main menu. 2. Select Close from the drop-down menu.
CHAPTER 4: CONSOLE FEATURES 21 Edit Use the Copy, Paste, and Select All Text commands to relocate and / or re-use important text. Figure 24 Edit Commands - Copy, Paste, and Select All Text To Copy and Paste All Text: 1. Click on Edit in the main menu. 2. Select Select All Text from the drop-down menu. 3. Click on Edit in the main menu. 4. Select Copy from the drop-down menu. 5. Position the cursor at the location you wish to paste the text and click once to make that location active. 6.
22 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Tools Raw console data from the target device can be logged to a file in your computer. The Logging indicator on the status bar indicates whether Logging is on or off. Start Logging 1. 2. 3. Click on Tools in the main menu. Select Start Logging from the drop-down menu. Choose an existing file or provide a new file name in the File Dialog box. When an existing file is selected for logging, data gets appended to the contents.
CHAPTER 4: CONSOLE FEATURES 23 Stop Logging 1. 2. Click on Tools in the main menu. Select Stop Logging from the drop-down menu. Logging is On until the Stop Logging command is executed.
24 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Script RaritanConsole supports TCL version 7.0, an industry standard scripting engine. Using TCL scripting capabilities, system administrators can create their own conditions for event detection, and generate customer-specific notifications and alerts. The unit features a TCL engine and a flash file system for the development and storage of TCL scripts. Please see Appendix H: TCL Programming Guide for additional information.
CHAPTER 4: CONSOLE FEATURES 25 SecureChat When using SSL (browser access), a real-time interactive chat feature called SecureChat provides you and other users who are accessing the console port of the target device to conduct an online dialog for training or collaborative diagnostic activities. The maximum length of a chat message is 80 characters. To use SecureChat: 1. Click on Chat in the main menu. 2. Select User Chat from the drop-down menu. Figure 28 SecureChat Command and User Chat Window 3. 4.
26 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Help Help Topics include on-line assistance for operating RaritanConsole and the console window, and release information about RaritanConsole. Help Topics To Access Help Topics: 1. Click on Help in the main menu. 2. Select Help Topics from the drop-down menu. Figure 29 Help Topics Command and Help File Window 3. Use the navigation bar on the right side of the window to scroll to the topic you need, or click on the links.
CHAPTER 4: CONSOLE FEATURES 27 About RaritanConsole The ‘About’ window displays version information (name and revision number) for the console terminal emulation software, and copyright information. When contacting Raritan for technical support when performing a software upgrade, etc., you may be asked for this information. To Access ‘About’ Information: 1. Click on Help in the main menu. 2. Select About RaritanConsole from the drop-down menu.
28 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Direct Port Access This approach provides a quick and direct method of connecting to the console port in order to access unit programmability or the console of the target device directly. There are two ways to access the target device console directly by giving the appropriate URL. URL with Password and Username and Port Type the following URL into the browser's location bar: https://192.168.32.20/dpa.
CHAPTER 4: CONSOLE FEATURES 29 URL with Port Number 1. Type the following URL into the browser's location bar: − − https:///dpa.htm IPAddress: This is the IP Address of the unit. This can be either the actual IP address of the unit or IPAddress assigned for a modem. “portnumber”: Port number for which a console is required. Note: https must be used for direct port access. http cannot be used. Example: https://192.168.50.81/dpa.htm?port=“1” 2. 3. 4. 5.
30 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Exit the Application Click on the [Exit] button in the left panel of the Dominion SX window to exit Dominion SX. If changes to the configuration have been made but not saved, a screen will prompt you to save changes and log out of the unit. Click on the [Yes] button to save changes and exit, or click on the [Cancel] button to return to the configuration.
CHAPTER 4: CONSOLE FEATURES 31 A confirmation screen will indicate disconnection from the unit.
32 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Dominion SX Management Some advanced features are configured through a command line interface (CLI) using SSH (and Telnet, if enabled). Aside from providing the capability to manage a remote target device, Dominion SX has a number of powerful built-in features and capabilities available to manage the unit itself.
CHAPTER 4: CONSOLE FEATURES • • 33 Configuration Tabs: Displays several screens in which the user configures different elements of the application Configuration Save Commands: Used to save or ignore changes made to configuration Configuration Lock and the Configuration Save Commands Dominion SX is designed to allow only one user to configure it at any given time.
34 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Note: When you make changes to Network settings on this screen, a warning message alerts you that the system will automatically reboot when you save your changes. Changing Modem settings does not require a system reboot. 8. 9. A success message appears. The Report screen is updated and displayed after a successful Save. To Reload Configuration Changes: 1. Click on the [Configuration] button in the left panel. 2.
CHAPTER 4: CONSOLE FEATURES 35 Configuration Report Overview The Report configuration screen displays detailed information on how the Dominion SX has been configured, which can be useful if debugging or troubleshooting. This information is accessible only by Administrators.
36 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Network Overview The Network configuration screen provides an area for Administrators to define both the network and modem (optional) settings for the unit. Figure 40 Sample of Network Configuration Display Some Dominion SX units come equipped with a 56Kbps (Kilobits per second) modem, which allows dialin access to the unit from virtually any location in the world.
CHAPTER 4: CONSOLE FEATURES 37 TCP/IP network may be set to listen to broadcasts on this address; if this is the case, it can be configured to use another port address. However, this port address MUST match the port address specified by the CC administrator; otherwise the Dominion SX unit will not be discovered by CC. This port address is relevant only for CC releases 2.3 or higher. Click on the [Update] button to load all the changes. Click on the [Save] button to make the changes permanent.
38 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Modem Usage Dial-up connection support for the unit allows users to access the connected target device when normal network connectivity to Dominion SX is not available. Once the PPP connection is established between the client computer and the unit, the user can access the unit by using the browser. Note: For browser-based dial-up, access is supported with connection speeds of 28.8 Kbps or higher, with 56Kbps highly recommended.
CHAPTER 4: CONSOLE FEATURES 39 Figure 43 Port Editing Display Configure Port Parameters • • • • • • • Name: Name that associates the serial port with the connected target device; can be up to 64 characters in length and must be unique from the other port names (only 20 characters are displayed on Port access buttons) Application: Application type associated with a specific port, two are provided: default applications RaritanConsole (contact Raritan for additional applications) and PowerBoard (for use wi
40 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Users Overview The Users configuration screen provides a place to define a user list with appropriate unit access permissions. There are three classes of users, each with different rights: • • • Administrators: Can view and modify all configuration information, including the user information for all user types (Administrators, Operators, and Observers). Administrators have write-access rights to the console window.
CHAPTER 4: CONSOLE FEATURES • • • 41 Password: Authentication password; alphanumeric text, 6 – 16 characters in length (mandatory) Ports: List of ports that the user can access; by default, Administrators are given access to all ports, and can assign ports to Operators and Observers Configure Idle Session Timeout: Idle session timeout (default value 5 minutes): Set a timeout value between 0 and 999 minutes for idle sessions; system-wide parameter that applies to all users and sessions via web-browser, SS
42 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Edit Existing User Information Only Administrators can edit all User information (except Login Name). Observers and Operators cannot change any User Information, except their own Passwords, which they can change using CLI. If the user is logged in at the time the Administrator is editing that User’s information, only the Information and Password fields can be changed. Figure 46 Sample User Modification Screen To Edit Existing Information: 1.
CHAPTER 4: CONSOLE FEATURES 43 IP ACL Important: Please make absolutely certain that all IP addresses have been entered correctly before enabling IP ACL. If not, you may be locked out of the unit and be unable to access the unit in the future; the only way to restore access to the unit is to perform a factory reset, removing all user-defined values that you have programmed, forcing you to completely reconfigure the unit.
44 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Browser – Graphical User Interface (GUI) The Dominion SX GUI provides a front end to the IPTables. Figure 47 Inserting a rule into the browser-based IP ACL configuration screen. Figure 48 GUI User Interface We recommend the following link for learning more about IP tables: http://iptables-tutorial.frozentux.net/iptables-tutorial.
CHAPTER 4: CONSOLE FEATURES 45 The Dominion SX GUI command buttons assist in editing the Dominion SX configuration: Insert a new rule, e.g., rule 0 denies access from all IP Addresses in the range Insert 192.168.2.10 to 192.168.2.255, and will not log the activity. Allows administrator to append a new rule to the existing rules. Append Move a rule up or down on the list; this changes the order in which a rule (filter) is Move applied. A rule must be selected (highlighted) before it can be moved.
46 DOMINION SX INSTALLATION AND OPERATIONS MANUAL SSH/Telnet – Command Line Interface (CLI) User Interface for Configuring IP-ACLs Important: Æ Make certain that the IP address from which you are connected to the Dominion SX is not accidentally entered into the IP ACL deny list (“Allow=NO”); if the IP Address is in the deny list, the Dominion SX unit will be inaccessible.
CHAPTER 4: CONSOLE FEATURES 47 aclcfg clear Remove all the ipacl rules current in the list. aclcfg move Move the ipacl rule at to . aclcfg delete [pos2] Delete can have one or two parameters, if there is one parameter, then this command will delete the rule at . If there are two parameters, then this command will delete the entire range of rules between and inclusive of and .
48 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Certificate Overview The Certificate configuration screen provides an area for Administrators to define security parameters. Dominion SX supports certificate-based server authentication to establish an encrypted SSL session and to assure the user that they are dealing with a correct web site. The encrypted SSL session, always through HTTPS connection, ensures that personal information sent over the network is secure.
CHAPTER 4: CONSOLE FEATURES • • 49 User certificate and active default certificate. Pending CSR and active default certificate Certificate Status Indicator Figure 50 Certificate Configuration Display Default Certificate The unit ships with a 1024-bit self-signed certificate signed by Raritan. When a user powers up the unit for the first time, an SSL certificate is generated that is associated to the default IP address 192.168.0.192.
50 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Generate Default Certificate This function is used when the certificate has expired and a new one is needed. 1. Click on the [Generate Default Certificate] button. 2. When the confirmation window appears, confirm that the correct date is displayed. If not, you must change the date by modifying the information on the Time configuration screen (click on the Time tab) before you generate the Certificate, or the Certificate generated may not be valid. 3.
CHAPTER 4: CONSOLE FEATURES 51 Activate Default Certificate This button is active only when a user certificate is installed and active on the unit. When you click on the [Activate Default Certificate] button, the default certificate generated by Raritan becomes active. The unit will reboot and use this certificate upon rebooting.
52 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Figure 55 CSR Configurable Parameters The first three fields in this screen are required; the other fields are optional: • • • • • • • • • Key strength: 512, 1024, or 2048 Certificate validity period: In days, two years maximum Common name: Fully qualified host name such as www.raritan.com or 10.0.3.
CHAPTER 4: CONSOLE FEATURES 53 User Certificate (Install Server Certificate) This function allows the user to install a certificate from various Certificate Authorities (CA) such as VeriSign, Thawte, and Baltimore. If you do not want to use the Certificate generated by the unit, you can obtain one from one of these Certificate Authorities and install it in the unit yourself. To Install a User Certificate: 1. Open the certificate and the private key file in a text editor.
54 DOMINION SX INSTALLATION AND OPERATIONS MANUAL RADIUS Overview The RADIUS configuration screen allows Administrators to modify information regarding RADIUS, or the Remote Authentication Dial-In User Service, an access server authentication, authorization, and accounting protocol developed by Livingston Enterprises, Inc. RADIUS protocol defines the communication between a RADIUS client and a RADIUS server. The RADIUS Configuration screen is used to set up the unit for use with a RADIUS protocol server.
CHAPTER 4: CONSOLE FEATURES 55 RADIUS users are treated differently from local users only until authentication comes from the RADIUS server. Once the RADIUS server authenticates a particular user, this RADIUS user enjoys the same privileges as any other local user. When RADIUS, LDAP, or TACACS are enabled, local user authentication is not provided. If the servers are not reachable, then local user authentication is functional.
56 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Enabling RADIUS Every unit has to be configured for RADIUS Communication to obtain authentication from the RADIUS Server. Administrators should log on to the unit as any non-RADIUS user, and then configure the unit following these steps to obtain authentication: 1. Click on the RADIUS Tab. Figure 61 RADIUS Configuration Display 2. 3. 4. 5. 6. 7. 8. Check the Enable RADIUS check box. In the Primary Server IP field enter the address of the RADIUS server.
CHAPTER 4: CONSOLE FEATURES 57 Usage Once you are logged on to the unit as a RADIUS user, you can check your login name in the Current users list in the left panel. This list contains a list of RADIUS and as well as non-RADIUS users currently logged-in to the unit. Current Users List Figure 62 Current Users List If you have Administrator privileges, you can add new users or edit an existing user. From this stage onwards, there is no difference in behavior between a “local” user and a RADIUS user.
58 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Time Overview The Time configuration screen is important for modifying the time, date, time zone, and NTP server address in the Dominion SX unit. Some features in Dominion SX, for example, Certificate generation, depend on the correct Timestamp, which is used to check the validity period of the certificate. Figure 63 Time Configuration Display Configuration 1. 2. 3. Set the Current Date and Current Time. Click Update. Click Save.
CHAPTER 4: CONSOLE FEATURES 59 Notification Overview The Notification configuration screen allows an Administrator to set up notification schemes based on events that occur on the target device. Notification events are sent out as email messages. It is possible to convert the email service to a page so that the notification can be received in a prompt manner.
60 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Add a New Notification 1. 2. Click on the [New] button. Select the desired event from the Event Name drop-down list, for which an email is to be generated. The event list contains events predefined by Raritan. To subscribe to a user-defined event, type the user defined event name. Note: This name must match exactly with the event name that has been used when the script was generated. 3. 4. 5. Specify the Destination(s) as @.
CHAPTER 4: CONSOLE FEATURES 61 Edit a Notification Entry 1. 2. 3. 4. 5. Select the entry to be modified. Click on the [Edit] button. Make changes to the entry in the fields that appear in the lower portion of the screen. Click on the [Update] button. Click on the [Save] button. Figure 66 Edit Notification Destination Delete a Notification Entry 1. 2. 3. Select the entry to be deleted. Click on the [Remove] button. Click on the [Save] button.
62 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Dominion SX Standard Notification Events The following is a list of standard events with their descriptions. EVENT NAME event.amp event.amp.notice event.amp.notice.boot event.amp.notice.reboot event.amp.notice.upgrade event.amp.notice.backup event.amp.notice.config event.amp.notice.restore event.amp.notice.config.info event.amp.notice.config.user event.amp.notice.config.version event.amp.notice.config.system event.amp.notice.config.network event.amp.
CHAPTER 4: CONSOLE FEATURES 63 Upgrade The Upgrade feature allows an Administrator to upgrade the Dominion SX unit's firmware/application to a newer version of firmware. Firmware and application upgrades preserve user-defined settings, so the unit does not need to be re-configured after the upgrade procedure is complete.
64 DOMINION SX INSTALLATION AND OPERATIONS MANUAL To Upgrade the Application: Dominion SX has the ability to run different applications on each port; Raritan has a library of applications available for purchase, please contact us for more information. To load these applications into the unit for deployment: 1. Click on the [Upgrade] button in the left panel. 2. Enter the IP Address where the software application package is located. 3.
CHAPTER 4: CONSOLE FEATURES 65 Reset Soft Reset Only an Administrator can execute a Soft Reset by clicking on the [Reset] button in the left panel of the main window. This resets the unit, logs off all the logged-in users and exits the application. A list of logged-in users who will be logged out upon reset will be displayed. The soft reset is useful when an Administrator wishes to disconnect all users from the unit.
66 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Factory Reset You may want to perform a factory reset, or hard reset, to the Dominion SX unit to revert the configuration to known defaults. This is useful if the IP address of the unit is no longer known. Using the following procedure, the network settings of the unit will be reset to the values shown in the table below, and all ports will be reset to 9600 baud, no parity checking, and no flow control.
CHAPTER 4: CONSOLE FEATURES 67 The procedure for performing a factory reset varies depending on the model. For SX16 and SX32 units, the procedure is as outlined below. (For SX4, SX8, and other models with a RESET switch, please see the paragraph that follows): 1. Power OFF the Dominion SX unit. 2. Attach the supplied Factory Reset Connector (serial DB9 female) to the serial DB9 male port on the rear of the unit 3. Power ON the unit. 4. The unit will restore to factory default settings.
68 DOMINION SX INSTALLATION AND OPERATIONS MANUAL
CHAPTER 5: USING THE COMMAND LINE INTERFACE WITH SECURE SHELL AND TELNET 69 Chapter 5: Using the Command Line Interface with Secure Shell and Telnet Secure Shell (SSH) Access Using a Secure Shell (SSH) client, you can connect and get direct access to the remote target device’s console ports. A number of SSH clients are available and can be obtained from the following locations 1: • Putty - http://www.chiark.greenend.org.uk/~sgtatham/putty/ • SSH Client from ssh.com – www.ssh.
70 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Administrators have access to the following commands currently supported with SSH. Please note that the commands ARE case sensitive: 1. console_cmd: Connect to a serial console target. This command accepts a port number to which the user wants to connect. The serial target is connected at the given port number of Dominion SX unit. It is necessary to enter only the port number. The short form of the command is lp.
CHAPTER 5: USING THE COMMAND LINE INTERFACE WITH SECURE SHELL AND TELNET [del [pos2] ] | [add ]> 19. 20. 21. 22. backup [ip IP] [path PATH] [file FILE] restore [ip IP] [path PATH] [file FILE] logoff [user NAME] quit: exit from SSH session. Note: Use the standard SSH exit sequence “~.” to exit from SSH session at any time.
72 DOMINION SX INSTALLATION AND OPERATIONS MANUAL quit: Leave the current command context. dominion:Command>port dominion:Port> help detect: Enable/Disable the port disconnection detection. [] help: Display help for all commands or one in particular. [COMMAND] quit: Leave the current command context.
CHAPTER 5: USING THE COMMAND LINE INTERFACE WITH SECURE SHELL AND TELNET help user_list log cfglog <[local [FILE SIZE]] | [remote [SERV1] [SERV2]]> tacacs_cfg [ ] nfsportlog [ ] snmp [ [COMM_NAME]| RECIPIENT>] reset service [ ] lpa [ [BPS]] diagnostics commands modem commands port
74 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Escape character is Ctrl-\ User [admin] Is Now Master [Write Access Allowed] For This Port.
CHAPTER 5: USING THE COMMAND LINE INTERFACE WITH SECURE SHELL AND TELNET 75 Number Of Users = 2 1) test |10:28:36 2005/05/11 |127.0.0.1 Ports: 2) jennifer |10:28:50 2005/05/11 |192.168.50.191 Ports: 1 Note: To view a complete configured user list, use the Users Configuration screen in the Dominion SX interface (please see Chapter 4: Console Features, Configuration, Users for additional information).
76 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Warning: time of day goes back (-8553us), taking countermeasures. 64 bytes from 192.168.50.66: icmp_seq=1 ttl=64 time=4.79 ms 64 bytes from 192.168.50.66: icmp_seq=2 ttl=64 time=0.691 ms 64 bytes from 192.168.50.66: icmp_seq=3 ttl=64 time=0.692 ms 64 bytes from 192.168.50.66: icmp_seq=4 ttl=64 time=0.695 ms 64 bytes from 192.168.50.66: icmp_seq=5 ttl=64 time=0.912 ms --- 192.168.50.
CHAPTER 5: USING THE COMMAND LINE INTERFACE WITH SECURE SHELL AND TELNET 77 phone: Get/Set a user's dial-back phone number (in digits only). Pre-requisite modem is enabled and dialback is also enabled. login [phone number] modem: Enable/Disable Modem and PPP settings. [][server IP] [client IP] help: Display help for all commands or one in particular. [COMMAND] quit: Leave the current command context.
78 DOMINION SX INSTALLATION AND OPERATIONS MANUAL admin:Network> ? etherspeed: Force the network speed [] failover: Enable/Disable network failover [enable/disable] network: Get/Set network parameters. [name NAME] [domain NAME] [ip IP] [mask MASK] [gw GATEWAY] [port PORT] [discover PORT] help: Display help for all commands or one in particular. [COMMAND] quit: Leave the current command context.
CHAPTER 5: USING THE COMMAND LINE INTERFACE WITH SECURE SHELL AND TELNET 79 Port# PortName [1] Port1 [2] Port2-SUN [3] Port3 [4] Port4 [5] Port5 [6] Port6 Serial Port 2 Connected. Escape character is Ctrl-\ User [admin] Is Now Master [Write Access Allowed] For This Port. Note: After the serial target is connected, the escape character can be used to exit from the serial target session and come back to “Command>” prompt for an interactive session.
80 DOMINION SX INSTALLATION AND OPERATIONS MANUAL
CHAPTER 6: AUTHENTICATION AND AUTHORIZATION 81 Chapter 6: Authentication and Authorization If you selected LDAP as your remote authentication protocol, use the steps in the following section, Implementing LDAP Remote Authentication, to complete fields in the LDAP tab. 1. Before starting the configuration of the LDAP authentication section in the Dominion SX configuration, please gather all information for the required fields from the administrator of the directory server. 2.
82 DOMINION SX INSTALLATION AND OPERATIONS MANUAL TACACS+ Server Configuration • The Dominion SX requires a new service to be added and two argument-value pairs to be returned by the server. The new service is called dominionsx. The valid authorization parameters are port-list and user-type. • port-list: Specifies the ports that the user has access to. Currently, the only valid value is a spaceseparated list of port numbers. Multiple port-list parameters are allowed.
CHAPTER 6: AUTHENTICATION AND AUTHORIZATION 83 Cisco Secure ACS: These instructions have been written for version 3.2. Please refer also to the following URL: http://cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008007cd49.html #12231 1. 2. Allow new services. a. Select Interface Configuration. b. Select TACACS+ (Cisco IOS). c. Add dominionsx service under the heading New Services.
84 DOMINION SX INSTALLATION AND OPERATIONS MANUAL
CHAPTER 7: LOGGING 85 Chapter 7: Logging NFS Per Port Logging Configuration Usage Name nfsportlog [ [ ] ] Description Set the configuration parameters for logging all Port Activity to a NFS shared directory. All user activity and user port login/logouts are logged. nfsportlog status will show the current configuration parameters. nfsportlog enable will enable nfs per-port logging. nfsportlog disable will disable nfs per-port logging.
86 DOMINION SX INSTALLATION AND OPERATIONS MANUAL NFS Server Setup The NFS server must have the exported directory with write permission for the port logging to work. Because the per-port logging application runs at a privileged level, the NFS server used must also be set up to allow root access. To allow this kind of access you can do it one of two ways. 1. Set the no_root_squash option for the directory set up to receive the port log files. Example /etc/exports entry: /nfs/domlogging 192.168.0.
CHAPTER 8: SNMP 87 Chapter 8: SNMP SNMP Trap Configuration The Raritan Enterprise MIB can be accessed via the FAQ Support section on Raritan’s Web site, www.raritan.com. Name snmp [ [COMM_NAME]| RECIPIENT>] Description Configure the SNMP feature. snmp With no parameters, the current SNMP configuration is displayed. snmp [COMM_NAME] Depending on the parameter, enable or disable SNMP traps.
88 DOMINION SX INSTALLATION AND OPERATIONS MANUAL TANAKA:Command>snmp del 10.0.0.56 78 Any SNMP configuration changes require rebooting to take effect. TANAKA:Command>snmp Enabled: N Community: public Trap Destinations: 10.0.0.125 6.6.6.6 TANAKA:Command>snmp enable Any SNMP configuration changes require rebooting to take effect. TANAKA:Command>snmp Enabled: Y Community: public Trap Destinations: 10.0.0.125 6.6.6.
CHAPTER 9: SYSTEM CONFIGURATION 89 Chapter 9: System Configuration Local Port Access Configuration Name lpa [ [BPS]] Description Configure the Local Serial Port Access feature. lpa With no parameters, the current LPA configuration is displayed. lpa Depending on the parameter, enable or disable usage of the serial port for LPA. lpa BPS Enable or disable LPA as above, but the optional port speed is set.
90 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Note: If the user issues the command lpa enable AFTER changing the default port speed, the next time the command lpa enable is used without the optional port speed parameter, the port speed last set, e.g., 38400, will be used as a default; to override it, enter the lpa enable command with the new port speed explicitly specified, e.g.
CHAPTER 9: SYSTEM CONFIGURATION Example: TANAKA:Command>service Telnet Enabled: No SSH Enabled: Yes TANAKA:Command>service telnet enable The system will need to be rebooted for changes to take effect. TANAKA:Command>service ssh disable The system will need to be rebooted for changes to take effect.
92 DOMINION SX INSTALLATION AND OPERATIONS MANUAL
APPENDIX A: SPECIFICATIONS 93 Appendix A: Specifications ITEM SX4 DSXB-4DC DSXB-4DCM DSXB-4M SX8 DSXB-8DC DSXB-8DCM DSXB-8M SX16 SX-16DC SX32 DSXA32-AC DSXA32-DC SX48 DSXA48-DC DSXA48-AC DIMENSIONS (W) X (D) X (H) 11.34” x 10.7” x 1.75” 288 x 270 x 44mm 11.34" x 10.7" x 1.75" 288 x 270 x 44mm 11.34" x 10.7" x 1.75" 288 x 270 x 44mm 11.34" x 10.7" x 1.75" 288 x 270 x 44mm 11.34” x 10.7” x 1.75” 288 x 270 x 44mm 11.34" x 10.7" x 1.75" 288 x 270 x 44mm 11.34" x 10.7" x 1.75" 288 x 270 x 44mm 11.34" x 10.
94 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Browser Requirements (Tested) PLATFORM Netscape 7.0 Netscape 7.1 Mozilla 1.6 IE 6.0 Netscape 7.0 Netscape 7.1 Mozilla 1.6 FireFox 1.0.4 Netscape 7.1 Mozilla 1.6 Netscape 7.1 Mozilla 1.6 IE 6.0, Netscape 7.0, Netscape 7.1, Mozilla 1.6 IE 6.0, Netscape 7.0, Netscape 7.1, Mozilla 1.6 BROWSER Win 2K - SUN JRE 1.4.2 Win 2K - SUN JRE 1.4.2 Win 2K - SUN JRE 1.4.2 Win XP - MS VM Win XP - SUN JRE 1.4.2 Win XP - SUN JRE 1.4.2 Win XP - SUN JRE 1.4.
APPENDIX A: SPECIFICATIONS 95 Dominion SX Serial Pinouts The RJ45 connector on the rear of the unit has the following pinout: RJ45 PIN 1 2 3 4 5 6 7 8 SIGNAL RTS DTR TxD GND Signal GND RxD DSR CTS
96 DOMINION SX INSTALLATION AND OPERATIONS MANUAL
APPENDIX B: SYSTEM DEFAULTS 97 Appendix B: System Defaults Dominion SX system defaults, as shipped from Raritan, are defined in the table below. ITEM IP Address Subnet Mask Port Address Port address for CC discovery Factory default username Factory default password DEFAULT 192.168.0.192 255.255.255.
98 DOMINION SX INSTALLATION AND OPERATIONS MANUAL
APPENDIX C: CERTIFICATES 99 Appendix C: Certificates Certificate A Certificate is an electronic document that is used to identify an individual, a server, or some other entity and to associate that identity with the public Key. Certificate Contents This section discusses certificate contents and the differences between the CA (Certificate Authority) Certificate and the Server Certificate that are present on the Dominion SX unit.
100 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Certificate Authority Certificates are issued by Certificate Authorities (CAs), such as Verisign, Thawte, Baltimore, and others. These certificate authorities validate the identity of the individual/entity before issuing the certificate. A Certificate Authority signs all certificates that it issues with its private key and the CA certificate contains the corresponding public key.
APPENDIX C: CERTIFICATES 101 Installing Dominion SX CA-Root Certificate to a Browser The CA Root Certificate generated in the Dominion SX unit must be installed in the browser in order for the browser to trust the Server Certificate. When the user connects to the Dominion SX unit by entering the IP address in the browser, the Server Certificate is downloaded. The browser then checks if the Root Certificate is present in its CA list, which indicates signed Server Certificates.
102 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Installing CA Root for IE Browsers Each time you access an SSL-enabled Dominion SX unit, you will see a New Site Certificate window. Eliminate this window’s appearance by either accepting a session certificate permanently or by installing the appropriate root certificate in your browser. These instructions apply if you use Internet Explorer. For Netscape Navigator instructions, please see the next section.
APPENDIX C: CERTIFICATES 6. 103 Open the CA_ROOT.cer file by double-clicking on it. This will open the certificate. Figure 76 View of CA_ROOT.cer 7. Click on the [Install Certificate] button to start the Certificate Manager Import wizard. Figure 77 Certificate Manager Import Wizard 8. Click on the [Next] button.
104 9. DOMINION SX INSTALLATION AND OPERATIONS MANUAL Select the Certificate store, the system area where the certificates are stored. If you do not want the Certificate Manager to select the certificate store automatically, click on the Place all certificates into the following store radio button and click on the [Browse] button to choose a file you prefer. Figure 78 Import Wizard, Select a Certificate Page 10. Click on the [Next] button. 11.
APPENDIX C: CERTIFICATES 105 Remove an Accepted Certificate Removing a certificate that you have previously accepted from the unit is the same process whether removing an Raritan default certificate or a user-installed third-party certificate. 1. Open IE and select ToolsÆInternet Options from the main menu. The Internet Options window will appear. Figure 80 Internet Options Display 2. Click on the Content tab and click on the [Certificates] button.
106 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Install CA Root for Netscape Navigator Each time you access an SSL-enabled Dominion SX unit, you will see a New Site Certificate window. Eliminate this window’s appearance by either accepting a session certificate permanently or by installing the appropriate root certificate in your browser. These instructions apply if you use Netscape Navigator.
APPENDIX C: CERTIFICATES 107 Install the Dominion SX Root Certificate Install the Raritan root certificate in Netscape Navigator to eliminate the New Site Certificate window from appearing whenever you access any SSL-secured Dominion SX unit. 1. Open Netscape Navigator and connect to the unit. Enter Username and Password when prompted and log on to the unit. 2. Click on the [Configuration] button in the left panel and click on the Certificate tab.
108 DOMINION SX INSTALLATION AND OPERATIONS MANUAL c. d. 10. 11. 12. 13. 14. MIME Type: Enter application/x-x509-ca-cer Application to use: Click on the [Browse] button and locate the Netscape Navigator executable, netscape.exe, on your hard drive. Select this executable and click on the [Open] button. The path to the Netscape executable, in quotes, will populate the Application to use field. After the end quotation mark, insert a space and type %1. e.
APPENDIX C: CERTIFICATES 109 Remove an Accepted Certificate Removing a previously accepted certificate from a Dominion SX unit uses the same process whether removing a Raritan default certificate or removing a user-installed third-party certificate. 1. Open Netscape Navigator and click on either the [Security] button or on the lock icon in the lower left of the window. The Security Info window will appear. 2. On the left side of this window, locate Certificates and click on Web Sites.
110 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Install a Third-Party Root Certificate If you have installed a third-party certificate on the unit, you can obtain its corresponding root certificate from the Certificate Authority that provided you with a certificate. These instructions can be used for any of the CAs; this example uses Thawte as an example. The CA that provided you with a certificate will have a root certificate available for download.
APPENDIX C: CERTIFICATES 5. 111 Return to the CA’s website and try to download the root certificate again. Note: If an error message appears, it indicates that the certificate deleted from the list in the Netscape security settings may not have been the correct one. Please go back to the list and double-check. 6. 7. On the CA website, click on the root certificate link and the New Certificate Authority window will appear.
112 DOMINION SX INSTALLATION AND OPERATIONS MANUAL
APPENDIX D: RADIUS SERVER 113 Appendix D: RADIUS Server Note: This section has been provided for reference only. Please consult your local system administrator for exact implementation details. Overview The details of installing and configuring the RADIUS server software will depend on the Server you are using. This Appendix covers the installation and configuration of the Windows 2000 RADIUS Server, but regardless of the implementation, there are several items you must configure: 1.
114 DOMINION SX INSTALLATION AND OPERATIONS MANUAL − If the RADIUS Server is not configured for Vendor-Specific type or it fails to follow the above specifications, the value specified for the Service-Type will determine the privileges to be given to the user. In this case, the user will be given access to all the ports.
APPENDIX D: RADIUS SERVER 115 D. Register RADIUS Client The client file installed in the RADIUS server must be modified. This flat file stores information about RADIUS clients, including IP addresses and shared secrets; the shared secrets must be protected from casual access. Every client trying to access the RADIUS server must be included in the list. The following steps must be carried out for every new client trying to access the RADIUS server.
116 DOMINION SX INSTALLATION AND OPERATIONS MANUAL c. (1) Click on the [Advanced] button and add Vendor-Specific for Raritan. Please use Vendor Code = 8267 and enter String in the following format: (a) IP Address of the Dominion SX unit separated by a ‘:’. (b) Privileges to be given to the user separated by a ‘:’ Privileges takes a value of: (i) A for Administrator (ii) O for Operator (iii) OB for Observer (c) Port numbers should follow, with a value of: (i) ‘*’ indicating access to all the ports.
APPENDIX D: RADIUS SERVER F. 1. 2. 3. 4. 117 Select Requests to be Logged Open IAS. In the Console Tree, click on Remote Access Logging. In the Details pane, right-click on Local File and select Properties. Click on the Settings tab and select one or more check boxes for recording authentication and accounting requests in the IAS log files: a. Click in the Log accounting requests check box to capture accounting requests and responses. b.
118 DOMINION SX INSTALLATION AND OPERATIONS MANUAL H. Enable the Routing and Remote Access Service If this server is a member of a Windows 2000 Active Directory domain and you are not a domain administrator, your domain administrator must add the computer account of this server to the RAS and IAS Servers security group in the domain of which this server is a member.
APPENDIX D: RADIUS SERVER K. 1. 2. 3. 4. 5. 6. 7. 8. 119 Add a User Account Open Active Directory Users and Computers. In the Console Tree, double-click on the domain node. In the Details pane, right-click on the organizational unit to which you want to add the user, point to New and select User. In the First Name field, type the user's first name. In the Initials field, type the user's initials. In the Last Name field, type the user's last name. Modify Full Name as desired.
120 DOMINION SX INSTALLATION AND OPERATIONS MANUAL g. Click on the [Add] button. h. Click on the appropriate group and click on the [OK] button. After these steps are executed, a new user can connect to the NAS device and IAS will look at the user name, find the group in which it is a member, and use the policy associated with that group.
APPENDIX E: CONFIGURING CISCO ACS RADIUS SERVER 121 Appendix E: Configuring Cisco ACS RADIUS Server Use the following procedure to configure the Cisco RADIUS server so that you can work with Dominion SX. It is assumed here that Administrators are familiar with setting up and configuring the RADIUS server. In order for Dominion SX to support RADIUS, both the unit and the user information must be added into the RADIUS configuration. Only Version 3.
122 3. DOMINION SX INSTALLATION AND OPERATIONS MANUAL Click on the [Interface Configuration] button in the left panel of the screen. Figure 93 Interface Configuration Display 4. Click on the RADIUS (IETF) link to edit properties. Under the User heading, click on the check boxes before Service-Type and Framed Protocol. Click on the [Submit] button. Figure 94 RADIUS Properties Display 5.
APPENDIX E: CONFIGURING CISCO ACS RADIUS SERVER 6. 123 To edit existing users, click on the [User Setup] button in the left panel of the screen. Click on the [List All Users] button and select a user from the list. Figure 95 New User Display 7. Once you have selected a user, on the user properties page, scroll down to the RADIUS (IETF) section. Figure 96 User Properties Display 8. Click on the Service-Type check box and select the appropriate service-type from the drop-down menu: − 9.
124 DOMINION SX INSTALLATION AND OPERATIONS MANUAL
APPENDIX F: RSA ACE/SERVER CONFIGURATION 125 Appendix F: RSA ACE/Server Configuration This section provides guidelines for configuring the RSA ACE/Server 5.0 so that SecureID can be used as the authentication mechanism. Users in an ACE server native database can log on to Dominion SX units installed in the network using SecureID token authentication. It is assumed that RSA ACE/Server is running RADIUS services and able to authenticate users from its native database.
126 3. DOMINION SX INSTALLATION AND OPERATIONS MANUAL Define and configure all Dominion SX units. Figure 99 Add Agent Host Display a. b. c. d. e. f. g. Name: Name of the Agent Host; must be a primary name or alias listed in the local host file or DNS server. If an alias is entered, the primary name of the Agent Host appears upon clicking on the [OK] button. If the name entered is not listed in the local host file or DNS server, and error message will appear.
APPENDIX F: RSA ACE/SERVER CONFIGURATION 4. 127 Select Profile → Add Profile in the main menu. Figure 101 Add Profile Selection 5. In the Add Profile window, assign an appropriate name to identify the desired profile, such as RaritanAdministrator. Figure 102 Add Profile Display 6. Scroll through the list in the Available Attributes frame and select Service-Type. Click on the [Add Attribute] button.
128 7. DOMINION SX INSTALLATION AND OPERATIONS MANUAL Click on the [OK] button to save the changes, then click on the [OK] button in the Add Profile window to return to the main menu. Figure 103 Add Attribute Display Note: Only the user’s Role can be controlled on the Dominion SX units using specific Service-Type profiles. Access restriction to specific ports on cannot be controlled. 8. Select User → Add User/Edit User in the main menu to add a user and assign the appropriate profile.
APPENDIX F: RSA ACE/SERVER CONFIGURATION 9. 129 Click on the [Assign Profile] button and select the appropriate profile from the Select Profile window. Only one profile can be assigned to each user. Click on the [OK] button. Figure 105 Profile Selection Display 10. To control access to specific units, click on the [Agent Host Activations] button. Select the appropriate units from the Available Agent Host Activation list and click on the [Activate On Agent Hosts] button.
130 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Lightweight Directory Access Protocol (LDAP) Using Dominion SX software revision 2.1 or higher, your Dominion SX unit can authenticate users via LDAP/S (LDAP Secure). If your Dominion SX unit does not have revision 2.1, upgrade via the upgrade feature and download the appropriate software from http://www.raritan.com/support to gain access to the LDAP feature. Figure 107 LDAP Configuration Screen 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13.
APPENDIX G: MODEM CONFIGURATION 131 Appendix G: Modem Configuration Client Dialup Networking Configuration Configuring Microsoft Windows Dialup Networking for use with Dominion SX allows configuration of a PC to reside on the same PPP network as the Dominion SX. After the dial-up connection is established, connecting to a Dominion SX is achieved by pointing the web browser to the PPP Server IP.
132 3. DOMINION SX INSTALLATION AND OPERATIONS MANUAL The New Phonebook Entry window allows you to configure the details of this connection. Click on the Basic tab and complete the following fields: a. Entry name: Name of the Dominion SX connection b. Phone number: Phone number of the line attached to the Dominion SX unit c. Dial using: Modem being used to connect to Dominion SX; if there is no entry here, there is no modem installed in your workstation Figure 109 New Phone Entry Display 4.
APPENDIX G: MODEM CONFIGURATION 133 Windows 98 Dialup Networking Configuration 1. 2. Select Start → Programs → Accessories → Communications → Dialup Networking. Double-click on the Make New Connection icon in the Dialup Networking window to launch it. Figure 111 Configuring Windows 98 Dialup Networking Figure 112 Make New Connection – Connection Name 3. In the Make New Connection window, enter: a. Name: Name for the Dominion SX unit you are dialing. b.
134 DOMINION SX INSTALLATION AND OPERATIONS MANUAL f. The next window will inform you that you have successfully created the Dialup Networking Connection. Figure 113 Make New Connection – Complete 4. g. Click on the [Finish] button and an icon will appear in the Dialup Networking window. Double-click on the new icon, and in the Connect To window that appears, click on the [Connect] button to establish the connection with the Dominion SX unit.
APPENDIX G: MODEM CONFIGURATION 135 Windows 2000 Dialup Networking Configuration 1. 2. Select Start → Programs → Accessories → Communications → Network and Dial-Up Connections. When the Network and Dial-Up Connections window appears, double-click on the Make New Connection icon. Figure 115 Windows 2000 Network and Dialup Connections 3. Follow the steps in the Network Connection Wizard window to create custom dialup network profiles. Click on the [Next] button.
136 4. DOMINION SX INSTALLATION AND OPERATIONS MANUAL Click on the Dial-up to private network radio button and click on the [Next] button. Figure 117 Network Connection Type 5. Click on the check box before the modem that you want to use to connect to the Dominion SX unit and then click on the [Next] button.
APPENDIX G: MODEM CONFIGURATION 6. 137 Click in the Use dialing rules check box and enter the Area code and Phone number you wish to dial in the fields. Click on the [Next] button. Figure 119 Phone Number to Dial 7. In the Connection Availability screen, click on the Only for myself radio button. Click on the [Next] button.
138 8. DOMINION SX INSTALLATION AND OPERATIONS MANUAL The Network Connection has been created, and you can complete set-up of the dial-up connection by entering the name of the Dial-up connection. Figure 121 Network Connection Wizard Completion 9. Click on the [Finish] button. 10. To connect to the remote machine, when the Dial Window appears, click on the [Dial] button. A window indicating that a successful connection has been established will appear.
APPENDIX H: TCL PROGRAMMING GUIDE 139 Appendix H: TCL Programming Guide Disclaimer: The information contained in this section is subject to change without notice. Raritan shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material. Raritan assumes no responsibility for the use or reliability of its software on equipment that is not furnished by Raritan. Overview Dominion SX supports TCL (version 7.
140 DOMINION SX INSTALLATION AND OPERATIONS MANUAL − − − Internal buffers are circular buffers; 64Kbytes. The buffer uses the FIFO storage method. A data stream methodology for data retrieval is used and there is no random access capability. Extensions have been made to the TCL framework to enable retrieving data from the TCL internal buffer and to send commands to the target systems. A single script can include instructions to access any RS-232 port.
APPENDIX H: TCL PROGRAMMING GUIDE 141 amppermission, amplisten and ampresponse are commands to enable a TCL script to interact with other TCL users. • • • amppermission − On will enforce permission checking. − Off will allow observers and operators to access TCL. amplisten − Remember who sent the command and respond to the sender instead of the executer of the script. − If no command is present, amplisten returns a null. ampresponse.
142 DOMINION SX INSTALLATION AND OPERATIONS MANUAL cd Change the current directory to the new directory specified. This command will take a relative path or an absolute path. /ata and system related directories are not accessible. del Delete specified file name TCL Commands The TCL interpreter incorporated supports TCL 7.0. All built-in TCL commands for TCL 7.0 are supported except exec, interp, library, and TCLvars.
APPENDIX H: TCL PROGRAMMING GUIDE 143 Accessing TCL Window The TCL Interpreter can be accessed through RaritanConsole using the Script menu selection, as described in Chapter 4: Console Features. The TCL prompt is “%”. The command(s) to be executed must be entered AFTER the prompt. The result will be echoed on the next new line. The user may execute multiple-line commands using the Copy and Paste features from the Windows/Unix operating system.
144 DOMINION SX INSTALLATION AND OPERATIONS MANUAL The prompt does not return if the script contains forever-loops, but the shell is active (listening) and will take input if the script is designed to accept them. Automatic Execution of a TCL Script upon Power Up For a TCL script to be executed automatically upon each reboot or power cycle of the unit, the script needs to be named boot.scr and placed in the /ata/usr directory.
APPENDIX H: TCL PROGRAMMING GUIDE 145 Generating a User Event TCL scripts are a powerful tool for performing true device management, in the form of customer-defined monitoring and notification of events. A sample script is shown below: #This script performs the monitoring of HTTP servers.
146 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Extensions to TCL Various extensions have been incorporated into TCL to support functions to interact with the RaritanConsole unit. The command info comm amp (executed in a Script Shell Window) lists all the commands that are supported. ampsetconfiguration, ampaddsubscription, amprmsubscription, ampsetipacl, amprmipacl, ampadduser, amprmuser are commands that make configuration changes to the Raritan unit.
APPENDIX H: TCL PROGRAMMING GUIDE 147 Possible error condition: % ampsetconfiguration network portaddress 2398 TCL cannot write to the configuration: locked by John Smith This denotes that there is a user that is viewing/modifying the configuration of the unit and the command cannot modify the configuration parameters. ampgetuser Returns a string listing all the currently configured users and their user account parameters.
148 DOMINION SX INSTALLATION AND OPERATIONS MANUAL ampadduser Creates a new user account or edit an existing user account. The last argument is optional.
APPENDIX H: TCL PROGRAMMING GUIDE 149 ampreset Reboots the unit. All users are disconnected. Usage: ampreset ampupgrade Upgrades the unit. ip_address specifies the server to obtain the file specified by file_path. If the login and password are specified they are used by FTP. If they are not specified, anonymous FTP is used.
150 DOMINION SX INSTALLATION AND OPERATIONS MANUAL ampsetipacl add Adds an IP address to the IP ACL list. Usage: ampsetipacl add • • Ip_address: ip address to be added to the list Subnet_mask: subnet mask % ampsetipacl add 10.0.1.120 255.255.0.0 set IP acl successful ampsave command required for changes to take effect. % ampsave save complete % ampgetipacl IP acl: disabled acl entries:1 10.0.1.120 255.255.0.
APPENDIX H: TCL PROGRAMMING GUIDE 151 ampgetsubscription Returns a string listing all user-defined subscriptions. ampaddsubscription Creates a subscription for the URL to the event specified. The URL encapsulates the service to be used for notification, and any parameters required by that service. % ampgetsubscription Has returned NULL because there are no user-defined subscriptions % ampaddsubscription event.user.statusupdate mailto://jsmith@Raritan.
152 DOMINION SX INSTALLATION AND OPERATIONS MANUAL ampdelay Pauses the TCL script a number of seconds equal to the integer argument. amptriggerevent Generates an event with the appropriate associated message. The event may not begin with the amp prefix. Events that begin with the amp prefix may only be generated by the AMP and not by a user created script or interactively. amplock Gets write access to the console and locks it.
APPENDIX H: TCL PROGRAMMING GUIDE 153 ampopensocket [ip_address port_number] Opens a socket to a specific port on a device with a given IP address. The command returns a unique socket ID. If the command fails or the arguments are improperly formatted, the command will return an error message. The IP address must be specified in “dot notation.” (i.e., 207.25.71.
154 DOMINION SX INSTALLATION AND OPERATIONS MANUAL ampreadsocket [socket_id length timeout] A non-blocking call: reads from the socket represented by the socket ID until either the length or timeout is reached. Timeout is specified in microseconds; a timeout of zero indicates the socket will be polled and the results returned immediately. The command returns a buffer with the data read, and if the data available to read is less than the length requested, the command returns a buffer with the data read.
APPENDIX H: TCL PROGRAMMING GUIDE 155 Basic TCL Server Example while (1) { amppermission off set s "" set s [amplisten] if {[string length $s] !=0} { puts $s ampresponse } if {[string length $s] == 5} { amppermision on break } } Script Function Description: This TCL Server will echo back any strings from any client who connects to the TCL interpreter through the TCL Scripting Window. Key programming points: amplisten checks to see if there is a new command from any client.
156 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Basic CPU Utilization Monitoring Example #Description: This TCL script checks the CPU utilization for each port connected # to a HP-UX server. It alerts the subscribed user that the threshold # limit has reached through e-mail notification. This TCL script uses # vmstat to find out the CPU usage of the user process and checks with # given threshold limit.
APPENDIX H: TCL PROGRAMMING GUIDE 157 #clear any previous data in the read buffer ampclear $port #write to the console ampwrite "vmstat -n\n" $port #ignore the first 8 lines to read the cpu usage params. for {set i 0 } {$i < 9} {incr i +1} { set cpu [ampread 1 "\n" $port] } #unlock the console ampunlock $port #set the user's cpu usage scan $cpu "%d %d %d" us sy id #Trigger event if user process utilization has gone beyond threshold if { $us > $thr } { amptriggerevent event.alarm.
158 DOMINION SX INSTALLATION AND OPERATIONS MANUAL initEvents #Main loop starts here... while { 1>0 } { cpuUtil $ports ampdelay $intr set rval [ListenCmds] if { $rval == 1} { delEvents unset $ports unset $noOfPorts unset $thr unset $intr unset $mailid break } incr ports 1 if { $ports > $noOfPorts } { set ports 1 } } Script Function Description: It is required to monitor CPU usage of user process running on several HP-UX machines through RS232 console connections.
APPENDIX H: TCL PROGRAMMING GUIDE 159 TCL Server designed to interact with a TCL user Allow observers and operators to issue commands to this TCL Service Lock the console for this TCL service to use. Read in user command. If the reader requests the TCL service to reacquire one of the three values, the TCL service will issue the command to the target and read in the value.
160 DOMINION SX INSTALLATION AND OPERATIONS MANUAL puts “A TCL script is running.\rInputs accepted are DATA/READ1/READ2/READ3/CONSOLE/QUIT" ampresponse } } Input received is not as per expectation. Remind user what } the expected inputs are.
APPENDIX I: TROUBLESHOOTING 161 Appendix I: Troubleshooting Problems and Suggested Solutions Page Access PROBLEM Cannot login – what are factory defaults? (only for Dominion SX units running firmware version 2.5 or higher) Server Unreachable SOLUTION username: admin (all lower case) password: raritan (all lower case) If a unit appears to be unreachable by a given browser, please run through the following troubleshooting list: Verify that the unit is powered on.
162 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Firewall PROBLEM Unable to Access the Web Page SOLUTION Firewalls must allow access on port 80 and 443 in order for the unit to operate through a firewall. Contact your system administrator and request port 80 and 443 access. Login Failure Firewalls must be configured to allow connections using the Dominion SX configurable port network parameter (Default 51000).
APPENDIX I: TROUBLESHOOTING 163 Port Access PROBLEM Port Access Refresh SOLUTION The unit does not automatically refresh the Port Access List. It is refreshed only when the user clicks on the [Port Access] button, therefore, it is possible that a user will have permissions revoked and these changes will not be visible on the port access screen until the [Port Access] button is activated. A window will appear indicating that permission is no longer allowed to this port.
164 DOMINION SX INSTALLATION AND OPERATIONS MANUAL
APPENDIX J: TECHNICAL FAQS 165 Appendix J: Technical FAQs QUESTION What are the browsers (and versions) supported? ANSWER Netscape 7.0 or greater (but not 6.0), Mozilla Firefox 1.0 or higher, or Internet Explorer 6.0 with Java Microsoft VM or SUN JRE 1.4.2 or higher. Is the status of the unit limited by the status of the device or equipment to which it is attached (i.e.
166 DOMINION SX INSTALLATION AND OPERATIONS MANUAL QUESTION Once I have assigned the unit a unique IP address, how do I access the unit in the future? Can I assign specific port access to a specific user? Sometimes when I try to log on, I see a message that states my “login is incorrect” even though I am sure I am entering the correct User Name and Password.
APPENDIX J: TECHNICAL FAQS 167
168 255-60-2000 DOMINION SX INSTALLATION AND OPERATIONS MANUAL
