Manuale d’uso / di manutenzione del prodotto CCA-0N-V5.1-E del fabbricante Raritan
Vai alla pagina of 420
Copyrigh t © 2011 Raritan, In c. CCA - 0N -v5.1-E February 2011 255 - 80 - 5140 - 00 - 0N CommandCenter Sec ure Gateway A dministrators Guide Release 5.
This docum ent contains proprietary inform ation that is protected b y copyright. All rights reserv ed. No part of this docum ent ma y be photocopied, reproduc ed, or translated into another language without express prior written co nsent of Raritan, I nc.
iii Contents What's New in the CC-SG Administrators Guide xvii Chapter 1 Introduction 1 Prerequisites .................................................................................................................................. 1 Term inology /Acron y ms .
Contents iv Licensing - Lim ited Operation Before Lice nse Install .................................................................. 28 Licensing - Existi ng Custom ers .................................................................................
Contents v Discovering Devices .................................................................................................................... 53 Adding a Device ................................ ...................................................
Contents vi Copying Device Conf iguration ..................................................................................................... 87 Restarting a Device ....................................................................................
Contents vii Adding Location and Co ntacts to a Node Prof ile ....................................................................... 111 Adding Notes to a Nod e Profile .................................................................................
Contents viii Limit the Num ber of KVM Sessions per User ............................................................................ 162 Configuring Access Auditing for User G roups ....................................................................
Contents ix Specify a Base DN ........................................................................................................... 189 Specifying Modules f or Authentication and Aut horization ...................................................
Contents x Audit Trail Report ....................................................................................................................... 210 Error Log Report ................................................................................
Contents xi Chapter 15 Adv a nced Administration 237 Configuring a Mess age of the Da y ............................................................................................ 237 Configuring Applications for Accessing Nodes .....................
Contents xii Refresh a Neighborho od ................................................................................................ . 2 66 Delete a Neighborhood ........................................................................................
Contents xiii Navigate Adm inistrator Console ...................................................................................... 305 Edit Diagnostic Consol e Configuration ...........................................................................
Contents xiv A ppendix B CC -SG a nd Network Configuration 349 Required Open Ports f or CC -SG Network s: Executive Summ ary ............................................. 349 CC -SG Comm unication Channels .............................................
Contents xv A ppendix C User Group Privileges 357 A ppendix D SNMP Traps 366 A ppendix E CSV File Imports 368 Comm on CSV File Requirem ents .............................................................................................. 369 Audit Trail Entries f or Importing .
Contents xvi User Inform ation ........................................................................................................................ 389 Node Inform ation .............................................................................
xvii The following sections h ave changed or inform ation has been added to the Comm andCenter Secure Gatewa y Administrators G uide based on enhancem ents and changes to the equipm ent and/or docum entation.
.
1 The Comm andCenter Secure Gatewa y (CC-SG) Adm inistrators Guide offers instructions for adm inistering and m aintaining your CC -SG. This guide is intende d for adm inistrators who typically hav e all available privileges. Users who are not adm inistrators should s ee Raritan's Command Center Secure Gatewa y User Guide .
Chapter 1 : I ntroduction 2 Terminology/Acronyms Terms and acron yms found in this docum ent include: Access Client - HT ML-based client int ended for use b y normal access users who need to acces s a node m anaged by CC- SG. The Access Client does not allo w the use of adm inistration function s.
Chapter 1 : Intro duction 3 Ghosted Ports - when managing Parag on devices, a ghosted port can occur when a CIM or tar get server is rem oved from the s y st em or powered off (m anually or accidentall y). See Rar itan's Paragon II User Guide. Hostname - c an be used if DNS ser ver support is enabled.
Chapter 1 : I ntroduction 4 Node Groups - a defined group of nodes that are acces sible to a user. Node groups are use d when creating a po licy to control acces s to the nodes in the group. Ports - connection po ints between a Rarit an device and a n ode.
5 You can access CC -SG in several ways: Browser: CC-SG s upports numerous web browsers (for a com plete list of supported bro wsers, see the Com patibility Matrix on the Raritan Support website). Thick Client: You can inst all a Java W eb Start thick client on your client computer.
Chapter 2 : A ccessing CC- SG 6 JRE Incompatibilit y If you do not have the m inimum required version of JRE installed on your client computer, you will see a warning m essage before you can access the CC -SG Adm in Client. The JRE Incom patibility W arning window opens when CC-SG c annot find the required JRE file on your client computer.
Chapter 2 : Ac cessing CC- SG 7 4. If the CC-SG is conf igured for secure bro wser connections, you m ust select the Secure Socket Layer (SSL) check box. If the CC -SG is not configured for secur e browser c onnections, you mus t deselect the Secure Sock et Layer (SSL) check box.
Chapter 2 : A ccessing CC- SG 8 CC -SG Admin Client Upon valid login, the C C-SG Adm in Client appears..
Chapter 2 : Ac cessing CC- SG 9 Nodes tab: Click the Nodes tab to displa y all known target nodes in a tree view. Click a node to view the Node Profile. Interfac es are grouped under the ir parent nodes. Click the + and - s igns to expand or collapse the tree.
10 Before you can begi n configuring and working in CC -SG, you m ust have valid licenses installed . Then, upon first login, you should confirm the IP address, set the CC- SG server tim e, and check the f irmware and application versions ins talled. You ma y need to upgrade the firm ware and applications.
Chapter 3 : Ge t ting Started 11 Licensing - Basic License Information Licenses are base d on the num ber of nodes configured in CC -SG. Your purchase of a ph ysical or virtual applianc e includes a license t o use a specific number of nodes.
Chapter 3 : Ge tt ing Star t ed 12 CC -SG product Description Information needed to create license for first time CC - V1 -256 CC -SG V1 Appliance, includes 256 Node Lice nse Host ID of the CC- SG uni.
Chapter 3 : Ge t ting Started 13 3. Check the num ber of nodes in your database on this page. You can determine how m any more nodes you can add up to your licensed limit.
Chapter 3 : Ge tt ing Star t ed 14 Licensing - New Customers - Physical Appliance If you are a new custom er who has just purc hased a physical CC - SG 5.0 appliance, follow these instructions to ensure that you have valid licenses installed and activated.
Chapter 3 : Ge t ting Started 15 4. Click the link in the em ail to go to the S oftware License Ke y Login page on Raritan's website and login with the user ac count just created. 5. Click the Product License tab. The licenses you purchased displ ay in a list.
Chapter 3 : Ge tt ing Star t ed 16 Step 3: Check out the l icenses you want to activ ate: You must check out licenses to activate the f eatures. Select a license from the list then click Check Out. Check out all the licenses you want to acti vate.
Chapter 3 : Ge t ting Started 17 Licensing - Virtual Appliance with License Server The CC-SG virtua l appliance requires you to install a license server t o host your license. Rari tan provides the license s erver sof tware and tools and a vendor daem on, which you install on a physical server.
Chapter 3 : Ge tt ing Star t ed 18 Download Inst allation Files The complete set of installation files is available at http://www.raritan.c om/support/Comm andCenter-Secu re-Gatewa y/. You must log in to the R aritan Licens ing Portal to acce ss these files at this link.
Chapter 3 : Ge t ting Started 19 7. Move the Raritan vend or daem on file using this command: cp raritan /home/flex/flexserverv11.8/i86_lsb/ 8. Enter this comm and: chmod +x raritan 9. Make sure you have the redhat-lsb package installed. To install it, run yum install redhat-lsb as root.
Chapter 3 : Ge tt ing Star t ed 20 3. Check y o ur email for anoth er message fr om Raritan Licensing Port al from the em ail address licensing@raritan.
Chapter 3 : Ge t ting Started 21 Linux: su - root; dmidecode -s system-uuid W indows: Use cd to change to the /flexnet -win/i86_n 3 directory, then run dmidecode - s system - uuid Enter the TCP port n umber that CC- SG will use to communicate with the license server.
Chapter 3 : Ge tt ing Star t ed 22 2. Enter this comm and to change to the director y. cd c:flexnet-win i86_n3 3. Run lmgrd to start the ser ver. In the sam ple comm ands, "license-file.
Chapter 3 : Ge t ting Started 23 b. T y pe and then confirm the new password. The new pa ssword must be a strong pas sword consisting of at least eight characters that are a com bination of letters and num bers. 3. Press CTRL+X when you see the W elcome screen.
Chapter 3 : Ge tt ing Star t ed 24 6. Select the CCSG12 8-VA base license t hen click Check -Out to activate it. 7. To activate Add-On licenses, select each license t hen click Check- Out. See the CC-SG Administrators Guide for more details about licenses.
Chapter 3 : Ge t ting Started 25 Restart License Servers After an Outage If the license server go es down, and then res umes operation, or if you move, add or delete l icense files, you should res tart the license server. Restarting the license ser ver ensures that CC -SG is s ynchronized wit h the most curr ent information.
Chapter 3 : Ge tt ing Star t ed 26 lmdown Allows for the gracef ul shutdown of selected license daem ons. lmdown -vendor raritan is used to shut down the Rarita n vendor daemon lmhostid Allows the user to retri eve the host ID of the current platform .
Chapter 3 : Ge t ting Started 27 lmver Reports the version of a FLEXnet Publisher librar y or binary file, such as lmgrd, lm admin, lmdown, vendor daem on. Install or Upgrade VM ware Tools VMware Tools is recom mended b y VMware for all virtual machine deployments.
Chapter 3 : Ge tt ing Star t ed 28 Licensing - Limited Operation Before License Install Until you have installed a nd check ed out the proper licenses , CC-SG operations are lim ited. Only the following m enu choices are enabl ed. Diagnostic Console: T o retrieve necess ary information and logs, configure network interfaces.
Chapter 3 : Ge t ting Started 29 Licensing - Existing Customers If you are an existing CC -SG c ustomer, with a ph ysical CC-SG appliance, when you upgrade you r CC- SG unit to 5.0 or hig her, a license file is created and insta lled that allows you to continue using CC -SG with the number of nodes configured at the tim e of upgrade .
Chapter 3 : Ge tt ing Star t ed 30 A dd a Licens e You can add a license t o CC- SG if you purchase a new add-on license, or need to replace your licenses.
Chapter 3 : Ge t ting Started 31 Only the CC Super -User and users with similar privileg es can configure Time and Date. Changing the tim e zone is disab led in a cluster conf iguration. To configu re the CC-SG server time and date: 1. Choose Administrat ion > Configuration.
Chapter 3 : Ge tt ing Star t ed 32 Checking and Upgrading Application Versions Check and upgrade the CC- SG applications, including Raritan Console (RC) and Raritan Rem ote Client (RRC). To check an application version: 1. Choose Administrat ion > Applicati ons.
33 Guided Setup off ers a simple way to com plete initial CC -SG configuration task s once the network configuration is com plete. The Guided Setup interf ace leads you through the process of def inin.
Chapter 4 : Con figuring CC- S G with Guided Setup 34 A ssocia tions in Guided Setup Create Categories and Elements To create categorie s and elements in Gu ided Setup: 1. In the Guided Setup window, click Ass ociations, and then click Create Categories in the left panel to open the Cr eate Categories panel.
Chapter 4 : Con figuring CC- S G with Guided Setup 35 Discover and Add Devices The Discover Devices panel opens when you click Continue at the end of the Associations task . You can also click Device Setup, and then c lick Discover Devices in th e Guided Tasks tree view in the left panel to open the Discover Devices pa nel.
Chapter 4 : Con figuring CC- S G with Guided Setup 36 14. If you are m anually adding a PowerStr ip device, click the Number of ports drop-do wn arrow and select the n umber of outlets the PowerStrip contains.
Chapter 4 : Con figuring CC- S G with Guided Setup 37 3. There are two wa ys to add devices to a group, Select Devices and Describe Devices. T he Select Devices tab a llows you to select which devices you want to assi gn to the group b y selecting th em from the list of available devices .
Chapter 4 : Con figuring CC- S G with Guided Setup 38 Select Nodes a. Click the Select Nod es tab in the Node Gr oup: New panel. b. In the Available list, se lect the node you want t o add to the group, and then click Add to m ove the node into the Selected list.
Chapter 4 : Con figuring CC- S G with Guided Setup 39 Add User Groups and Us ers The Add User Group p anel opens when you click Continue at th e end of the Create Groups task . You can also click User Managem ent, and then click Add User Gro up in the Guided T asks tree view in the lef t panel to open the Add User Grou p panel.
Chapter 4 : Con figuring CC- S G with Guided Setup 40 13. Select the Login Enab led checkbox if you want the us er to be able to log in to CC-SG. 14. Select the Rem ote Authentication check box only if you want the us er to be authenticated b y an outside server, such as TACACS+, RADIUS, LDAP, or AD.
41 In This Chapter About Associations .................................................................................. 41 Adding, Editing, and D eleting Categories a nd Elements ........................ 42 Adding Categories an d Elem ents with CSV File Import .
Chapter 5 : A ssociation s , Categori es, and Elements 42 Policies also use cate gories and elem ents to control us er access to servers. For exam ple, the categor y/element pair Loca tion/America can be used to create a P olicy to control user access to servers in Am erica.
Chapter 5 : Associations, Categorie s , and Ele m ents 43 Select Integer if the value is a number. 5. In the Applicable For f ield, select wheth er this category applies t o: Devices, Nodes, or D evice and Nodes. 6. Click OK to create th e new categor y.
Chapter 5 : A ssociation s , Categori es, and Elements 44 Categories and Elem ents CSV File Requ irements The categories and el ements CSV f ile defines the categories, t heir associated elem ents, their type, and whether the y apply to devices, nodes or both.
Chapter 5 : Associations, Categorie s , and Ele m ents 45 Sample Categories and Elements CSV File ADD, CATEGOR Y, OS, String, Nod e ADD, CATEGOR YELEMENT, OS, UNIX ADD, CATEGOR YELEMENT, OS, W INDOW S.
Chapter 5 : A ssociation s , Categori es, and Elements 46 Export Categories and Element s The export file conta ins comm ents at the top that descr ibe each item in the file. The comm ents can be used as instructio ns for creating a file f or importing.
47 To add Raritan Po werStrip Devices that are co nnected to other Rar itan devices to CC-SG, se e Managed PowerStr ips (on pa ge 93 ). Note: To configure i LO/RILOE devices, IPMI d evices, Dell DR AC devices, IBM RSA dev ices, or other non -Raritan devic es, use the Add Node menu and add t hese items as an interfac e.
Chapter 6 : Dev ices, Device Groups, and Ports 48 Viewing Devices The Devices T ab Click the Devices tab t o display all devices und er CC- SG m anagement. Each device's configure d ports are nested under t he devices the y belong to. Devices with configure d ports appear in the list with a + s y m bol.
Chapter 6 : Dev ices, Device Groups, and Por ts 49 Icon Meaning Serial port unavailable Ghosted port (See R aritan's Paragon II User Guide for deta ils on Ghosting Mode.
Chapter 6 : Dev ices, Device Groups, and Ports 50 Note: For blade serv ers without an int egrated KVM switc h, such as HP BladeSystem servers , their parent device is th e virtual blade chassis t hat CC -SG creates, not the KX2 device.
Chapter 6 : Dev ices, Device Groups, and Por ts 51 The Device Profile inclu des tabs that contain inf ormation about the device. Associations tab The Associations tab c ontains all categories and elements assigned to the node. You can chan ge the associations b y making different selections.
Chapter 6 : Dev ices, Device Groups, and Ports 52 2. Choose Devices > Device Manager > T opology View. T he Topolog y View for the selecte d device appears.
Chapter 6 : Dev ices, Device Groups, and Por ts 53 Discovering Devices Discover Devices init iates a search for all de vices on your network. After discovering the devices, you ma y a dd them to CC -SG if the y are not already managed. To discov er devices: 1.
Chapter 6 : Dev ices, Device Groups, and Ports 54 A dding a De vice Devices m ust be added to CC -SG before you can configure ports or add interfaces that provide acc ess to the nodes c onnected to ports. T he Add Device screen is used to a dd devices whose prop erties you know and can provide to CC- SG.
Chapter 6 : Dev ices, Device Groups, and Por ts 55 6. T y pe the time (in seconds) that should elapse bef ore tim eout between the new de vice and CC- SG in the Heartbeat ti meout (sec) field.
Chapter 6 : Dev ices, Device Groups, and Ports 56 14. If the firmware versio n of the device is not com patible with CC -SG, a message appears. Click Yes to add the dev ice to CC- SG. You can upgrade the device f irmware after adding it to CC-SG. See Upgrading a Device (on page 82 ).
Chapter 6 : Dev ices, Device Groups, and Por ts 57 If you do not see the Cate gory or Elem ent values you want t o use, you can add others . See Association s, Categori es, and Elements (on pag e 41).
Chapter 6 : Dev ices, Device Groups, and Ports 58 2. T y pe the new device prope rties in the appropriate f ields on this screen. If necessar y, edit the Categories an d Elements associate d with this device. 3. Click the Outlet tab t o view all outlets of this PowerStrip.
Chapter 6 : Dev ices, Device Groups, and Por ts 59 A dding Location and Contacts to a Device Profile Enter details about t he location of the de vice and contact in form ation for the people who adm inister or use the de vice. To add location and contacts to a dev ice profile: 1.
Chapter 6 : Dev ices, Device Groups, and Ports 60 Configuring Ports If all ports of a device were not automaticall y added by selecting Configure all ports when you added the de vice , use th e Configure Ports screen to add individual ports or a set of ports on the device to CC -SG.
Chapter 6 : Dev ices, Device Groups, and Por ts 61 3. Click the Configure butto n that corresponds to the KVM port you want to configure. 4. T y pe a p ort name in the Po rt Nam e field. For ease of us e, name the port after the target th at is connected to the port.
Chapter 6 : Dev ices, Device Groups, and Ports 62 3. Click the Access Appl ication drop-d own menu and se lect the application you want to use when you connect t o this port from the list. To allow CC-SG t o autom atically select the correct app lication based on your bro wser, select Auto-Det ect.
Chapter 6 : Dev ices, Device Groups, and Por t s 63 3. Select the check box of the port you want to d elete. 4. Click OK to delete the se lected port. A m essage ap pears when the port has been deleted.
Chapter 6 : Dev ices, Device Groups, and Ports 64 Add a Blade Cha ssis Device The procedure to ad d a blade chassis d evice varies dependin g on the blade chassis t ype.
Chapter 6 : Dev ices, Device Groups, and Por ts 65 Configuring Slots on a Blade Chassis Device If the blade servers or s lots are not configur ed yet in CC -SG. you m ust configure them by following the procedure in this sec tion, or the blade servers do not app ear in the Devices and Nodes t abs.
Chapter 6 : Dev ices, Device Groups, and Por ts 66 To configure each slot individually, click the Co nfigure button next to the slot. Then type a name for the slot in the P ort Name field, and type a node n ame in the Node Nam e field.
Chapter 6 : Dev ices, Device Groups, and Por ts 67 To delete a slot using th e Delete Blade comman d: 1. In the Devices tab, c lick the + next to the KX2 d evice that is connected to the blade ch assis device. 2. Click the + next to th e blade chassis device whose slots you want to delete.
Chapter 6 : Dev ices, Device Groups, and Ports 68 Move a Blade Cha ssis Device to a Differ ent Port W hen phy s ically moving a bla de chassis device from one KX2 device or port to another KX2 d evice or port, CC -SG cannot dete ct and automatically update the configuration data of the blade chassis de vice to the new port.
Chapter 6 : Dev ices, Device Groups, and Por ts 69 Bulk Copying for Device Associations, Location and Contacts The Bulk Cop y command allows you to copy categories, elem ents, location and contact inf ormation from one device to multiple other devices.
Chapter 6 : Dev ices, Device Groups, and Ports 70 Configuring Analog KVM Switches Connected to KX2 2.3 or Higher KX2 version 2.3 enabl es you to connect a generic a nalog KVM switch t o a target port. T he generic analog KVM s witch and its ports will be available as nodes to CC -SG .
Chapter 6 : Dev ices, Device Groups, and Por ts 71 4. Select the check box for each slot you want to configure, then cl ick OK. To configu re slots from the Configu re Ports screen: 1. In the Devices tab, c lick the + next to the KX2 d evice that is connected to the K VM switch device.
Chapter 6 : Dev ices, Device Groups, and Ports 72 Device Groups Overv iew Device groups are us ed to organize dev ices into a set. T he device group will becom e the basis for a polic y either allowing or den ying access to this particular set of de vices.
Chapter 6 : Dev ices, Device Groups, and Por ts 73 2. Click the New Group icon in the toolbar. The De vice Group: New panel appears . 3. In the Group Nam e field, type a nam e for a device group you want to create. See Naming Con ventions ( on page 389) f or details on CC - SG 's rules for nam e lengths.
Chapter 6 : Dev ices, Device Groups, and Ports 74 Category - Select a n attribute that will be e valuated in the rule. All categories you created in the Association Manager ar e available here. If an y blade chassis has been configured i n the system , a Blade Chassis categor y is available b y default.
Chapter 6 : Dev ices, Device Groups, and Por ts 75 Example 2: If you want to describe a group of devices that belong to the engineering dep artment or are locate d in Philadelphia, and specify that all of the m achines m ust have 1 GB of mem ory, you must create three rules .
Chapter 6 : Dev ices, Device Groups, and Ports 76 Describe Method versus Select Method Use the describe m ethod when you want your group to be b ased on some attribute of the node or devices, such as the categories and elements.
Chapter 6 : Dev ices, Device Groups, and Por ts 77 A dding Devices w ith CSV File Import You can add devices to CC- SG by importing a CSV fi le that contains the values. You m ust have the Device, Port, and Node Management and CC Setup and Control pri vileges to import and ex port devices.
Chapter 6 : Dev ices, Device Groups, and Ports 78 Column number Tag or value Details spaces or certain speci al characters. Dominion PX device names cannot include periods. Upon import, periods are converted t o hyphens. 5 IP Address or Hostnam e Required field.
Chapter 6 : Dev ices, Device Groups, and Por ts 79 To add a port to t he CSV file: Use the DEVICE- PORT tag onl y if you add a device with Conf igure All Ports set to FALSE, a nd you want to specif y ports individuall y. The ports you add m ust be un-configured in CC- SG when you import the CSV file.
Chapter 6 : Dev ices, Device Groups, and Ports 80 Column number Tag or value Details 6 Blade Nam e Optional. If left blank , the name assigned at the de vice level is used. If a name is entere d in the CSV file, it will be copied to the dev ice level.
Chapter 6 : Dev ices, Device Groups, and Por ts 81 Column number Tag or value Details 2 DEVICE-CATEGORYELEME NT Enter the tag as sho wn. Tags are not case se nsitive. 3 Device Name Required field. 4 Category Nam e Required field. 5 Element Nam e Required field.
Chapter 6 : Dev ices, Device Groups, and Ports 82 6. To view more im port results details, check the Audit Trail re port. See Audit Trail Entries for Imp orting (on page 370 ). Export Devices The export file conta ins comm ents at the top that descr ibe each item in the file.
Chapter 6 : Dev ices, Device Groups, and Por ts 83 Backing Up a Device Configuration You can back up all user configuration an d system conf iguration files for a selected device. If an ything happens to the device, you can restore th e previous configurat ions from CC -SG using the back up file created.
Chapter 6 : Dev ices, Device Groups, and Ports 84 Restoring Device Configurations The following device t ypes allow you to restore a f ull backup of the device configuration. KX KSX KX101 SX IP -Reach KX2, KSX2, and KX2 -101 devices allo w you to choose which components of a back up you want to restore to the device.
Chapter 6 : Dev ices, Device Groups, and Por ts 85 Restore All Configur ation Data Except Netw ork Set tings to a KX2, KSX2, or KX2-101 Device The Protected restore o ption allows you to restore all conf iguration data in a backup file, exc ept network settings, to a KX2, KSX 2, or KX2- 101 device.
Chapter 6 : Dev ices, Device Groups, and Ports 86 Restore All Configur ation Data to a KX2, KS X2, or KX2 -101 Device The Full restore optio n allows you to restore all configuratio n data in a backup file to a KX2, K SX2, or KX2 -101 device. To restore all configu ration data to a K X2, KSX2, or KX2 -101 device: 1.
Chapter 6 : Dev ices, Device Groups, and Por ts 87 3. Click Upload. Naviga te to and select the de vice backup file. The f ile type is .rfp. Click Open.
Chapter 6 : Dev ices, Device Groups, and Ports 88 Restarting a Device Use the Restart Dev ice function to restart a device. To restart a device 1. Click the Devices tab and select the device you want to restart. 2. Choose Devices > Device Manager > Rest art Device.
Chapter 6 : Dev ices, Device Groups, and Por t s 89 Resuming Management of a Device You can resum e CC-SG managem ent of a paused device to br ing it back under CC-SG contr ol. To resume CC-SG's management of a paused device: 1. Click the Devices tab and select the pause d device from the Devices tree.
Chapter 6 : Dev ices, Device Groups, and Ports 90 6. Select the devices to include in the task by selecting a device group from the Device Group drop-do wn list. Select the devic es to include in the Available list, the n use the arro w buttons to move the de vices to the Selected list.
Chapter 6 : Dev ices, Device Groups, and Por ts 91 Disconnecting Users Administrators can term inate any user's sess ion on a de vice. This includes users who are perform ing any kind of operatio.
Chapter 6 : Dev ices, Device Groups, and Por t s 92 IP -Reach and UST -IP Administration You can perform administrative diagnostics on IP-Rea ch and UST- IP devices connected to your Paragon System setup directly from the CC -SG interface. After adding the Par agon System device to CC -SG, it appears in the Devices tree.
93 There are three ways to conf igure power control using po werstrips in CC -SG. 1. All supported Raritan- brand powerstri ps can be connected to an other Raritan device and a dded to CC-SG as a Powerstrip d evice. Raritan-brand po werstrips include Dom inion PX and RPC powerstrips.
Chapter 7 : Ma naged Powerstrips 94 Configuring Powerstrips that are Managed by Anot her Device in CC - SG In CC-SG, m anaged powerstrips can be c onnected to one of the following devices: Dominion KX Dominion K X2 Dominion KX2- 101 Dominion SX 3.
Chapter 7 : Ma naged Powerstrips 95 Configuring PowerStrips Connected to KX, KX2, KX2-101, KSX2, and P2SC CC -SG autom atically detects PowerStri ps connected to KX, KX 2, KX2-101, KSX2, and P2SC devices. You ca n perform the following tasks in CC-SG to conf igure and manage PowerStrips connected to these devices.
Chapter 7 : Ma naged Powerstrips 96 Delete a PowerStrip Co nnected to a K X, KX2, KX2 -101, KSX2, or P2SC Device You cannot delete a Po werStrip connec ted to a KX, KX2, KX2 -101, KSX2, or P2SC de vice from CC-SG. You m ust physically disconnect the PowerStrip from the device to delete the Po werStrip f rom CC -SG.
Chapter 7 : Ma naged Powerstrips 97 10. For each Categor y listed, click the Elem ent drop-do wn m enu and select the elem ent you want to appl y to the device. Selec t the blank item in the Elem ent field for each Categ ory you do not want to use. See Associations, Categories, and Elements ( on page 41 ) .
Chapter 7 : Ma naged Powerstrips 98 Configuring Powerstrips Connected to SX 3.1 You can perf orm the following task s in CC-SG to conf igure and m anage Powerstrips connected t o SX 3.1 devices. Add a Powerstrip Conn ected to an SX 3.1 De vice ( on page 98 ) Move an SX 3.
Chapter 7 : Ma naged Powerstrips 99 Move an SX 3.1's Powerstrip to a Different Po rt W hen y ou ph y s ically m ove a Powerstrip from one SX 3.1 device or port to another SX 3.1 de vice or port, you must delete the Po werstrip from the old SX 3.1 port and ad d it to the new SX 3.
Chapter 7 : Ma naged Powerstrips 100 To configure m ultiple outlets with the default nam es shown in the screen, select the chec kbox for eac h outlet you want to configure, and then click OK to configure each outlet with the default name.
101 This section covers ho w to view, configure, a nd edit nodes and their associated interf aces, and how to create node gro ups. Connecting to nodes is covered brief ly. See Raritan's Co mmandCe nter Secure Gateway User Guid e for details on conn ecting to nodes.
Chapter 8 : Nod es, Node Groups, a nd I nterface s 102 Node Names Node names must be unique. CC-SG will prom pt you with options if you attempt to m anually add a node with an exist ing node nam e. W hen CC -SG autom atically adds nodes, a num bering system ensures that node names are un ique.
Chapter 8 : Nod es, Node Groups, and Interfaces 103 Node Profile Click a Node in the Nod es tab to open t he Node Profile pag e. The Node Profile page includes ta bs that contain inf ormation about the node.
Chapter 8 : Nod es, Node Groups, and Interfaces 104 Interfaces tab The Interfaces tab cont ains all the node's interf aces. You can add, ed it, and delete interf aces on this tab, and se lect the default interf ace. Nodes that support virtual m edia include an addition al column that sho ws whether virtual m edia is enabled or disable d.
Ch apter 8 : Node s, Node Gr oups, and Interfaces 105 Control system s erver nodes, such as VM ware's V irtual Center, include the Control S ystem Data tab. The Control System Data tab conta ins inform ation from the control system s erver that is refreshed when the tab opens.
Chapter 8 : Nod es, Node Groups, and Interfaces 106 Service A c counts Service A ccounts Ov erview Service accounts are sp ecial login credent ials that you can assig n to multiple interfac es. You can save time b y assigning a service account t o a set of interfaces that often require a pass word change.
Chapter 8 : Nod es, Node Groups, and Interfaces 107 Add, Edit, and Delete S ervice Acc o unts To add a service accoun t: 1. Choose Nodes > Ser vice Accounts. T he Service Accounts pa ge opens. 2. Click the Add Ro w icon to add a ro w to the table. 3.
Chapter 8 : Nod es, Node Groups, and Interfaces 108 2. Find the service acc ount whose pass word you want to chang e. 3. Enter the new pass word in the Password f ield.
Chapter 8 : Nod es, Node Groups, and Interfaces 109 A dding, Editing, and Dele ting Nodes Add a Node To add a node to CC-SG: 1. Click the Nodes tab. 2. Choose Nodes > Add Node. 3. T y pe a n ame f or the node in the Node Nam e field. All node nam es in CC -SG m ust be unique.
Chapter 8 : Nod es, Node Groups, and Interfaces 110 Nodes Created by Con figuring Port s W hen y ou configure the po rts of a device, a node is created automatically for eac h port. An interfac e is also created for each node. W hen a node is automaticall y created, it is given the sam e name as the port to which it is assoc iated.
Chapter 8 : Nod es, Node Groups, and Interfaces 111 A dding Location and Contacts to a Node Profile Enter details about t he location of the nod e, and contact inform ation for the people who adm inister or use the no de. To add location and contacts to a node profile: 1.
Chapter 8 : Nod es, Node Groups, and Interfaces 112 Configuring the Virtual Infrastructure in CC- SG Terminology for Virtu al Infrastructure CC -SG uses the follo wing terminolog y for virtual infrastructure components. Term Definition Example Control System The Control S y s tem is the managing server.
Chapter 8 : Nod es, Node Groups, and I nterface s 113 Virtual Nodes Overview You can configure your virtual infrastructure f or access in CC -SG. T he Virtualization page of fers two wizard tools, Add Control System wi zard and Add Virtual Host wi zard, that help you add control s y st ems , virtual hosts, and their virtual m achines properl y.
Chapter 8 : Nod es, Node Groups, and Interfaces 114 To use a service acc ount for authentication, s elect the Use Service Account Cr edentials check box. Select the serv ice account to use in the Service Account Nam e menu. or Enter a Usernam e and Password for a uthentication.
Chapter 8 : Nod es, Node Groups, and Interfaces 115 Use Ctrl+click or Shift+c lick to select m ultiple virtual machines that you want to add. In the Check /Uncheck Selected Rows sect ion, select the Virtual Machine check box.
Chapter 8 : Nod es, Node Groups, and Interfaces 116 One node for each v irtual host. Each virtual h ost node has a VI Client interfac e. Virtual Host nodes are n amed with their IP addresses or host nam es. One node for the contro l system . The control system node has a VI Client interface.
Chapter 8 : Nod es, Node Groups, and Interfaces 117 12. Add virtual m achines to CC- SG. One node will be crea ted for each virtual machine. Each as sociated virtual h ost will also be configured. Only one virtual host node will be added, even if the virtual host is associated with m ultiple virtual machines.
Chapter 8 : Nod es, Node Groups, and Interfaces 118 VI Client Interfaces VMware Viewer Interf aces Virtual Power Interf aces RDP, VNC, and S SH Interfaces, if specif ied b. Enter login credentials, if needed. Som e interface types do not require login credentials.
Chapter 8 : Nod es, Node Groups, and Interfaces 119 5. Change the inform ation as needed. Se e Add a Con trol System with Virtual Hosts and Virtual Machines (on p age 113) and Add a Virtual Host with Virtual Machines ( on page 116) f or complete field descriptions.
Chapter 8 : Nod es, Node Groups, and Interfaces 120 Delete Control Systems and Virtual Hosts You can delete control s ystems and virtu al hosts from CC -SG. W hen y ou delete a control system, the virtual hosts a nd virtual m achines associated with it are not delete d.
Chapter 8 : Nod es, Node Groups, and In terface s 121 vSphere 4 Users M ust Install New Plug- In W hen upgrading your virtual environment f rom a previous vers ion to vSphere 4, you must remove the VM ware Remote Cons ole plug- in from the browser.
Chapter 8 : Nod es, Node Groups, and Interfaces 122 Synchronize the Virtual Infrastructure You can perform a synchronization of CC -SG with your virtual infrastructure. W hen y ou select a contro l s y st em for s ynchronization, the assoc iated virtual hosts will also be s ynchronized, whether or not you select the virtual hosts.
Chapter 8 : Nod es, Node Groups, and Interfaces 123 Reboot or Force Reboot a Virtual Host Node You can reboot or f orce reboot the virtual host ser ver. A Reboot operation perform s a normal reboot of the virtual host server when it is in maintenance m ode.
Chapter 8 : Nod es, Node Groups, an d I nterface s 124 Connecting to a Node Once a node has an i nterface, you can connect to that node through the interface in several diff erent ways. See Raritan's Comm andCenter Secure Gatewa y User Guide. To connect to a nod e: 1.
Chapter 8 : Nod es, Node Groups, and Interfaces 125 A dding, Editing, and Dele ting Interfaces Add an Interface Note: Interfaces for virtu al nodes, such as contro l system, virtual hosts, and virtual machines, c an only be ad ded using the Virt ualization tools under Nodes > Virtuali zation.
Chapter 8 : Nod es, Node Groups, and Interfaces 126 See Interfaces for O ut- of -Band KV M, Out- of -Band Serial Connections (on page 128) . Power Control Connectio ns: Power Control - DR AC: Select this item to create a p ower control connection to a Dell DR AC server.
Chapter 8 : Nod es, Node Groups, and Interfaces 127 Interfaces for In-Band Connections In -band connections inc lude RDP, VNC, SSH, RSA KVM, iLO Processor KVM, DRAC KVM, a nd TELNET . Telnet is not a secure acc ess m ethod. All usernames, passwords , and traffic are transm itted in clear text.
Chapter 8 : Nod es, Node Groups, and Interfaces 128 Microsoft RDP Connection Details If using a W indows XP client, you m ust have Term inal Server Client 6.0 or higher to connec t a Microsoft RDP interf ace from CC -SG. Update the Term inal Server Client to 6.
Chapter 8 : Nod es, Node Groups, and Interfaces 129 Interfaces for DRAC Power Control Connections To add an int erface for DRAC pow er control connections: 1. T y pe the IP Address or Ho stname f or this interface in the IP Address/Hostnam e field. 2.
Chapter 8 : Nod es, Node Groups, and Interfaces 130 RSA Interface Details W hen y ou create an In- Band RSA KVM or Power interface, CC -SG discards the usernam e and password assoc iated with the interf ace, and creates two user accounts on the RSA server.
Chapter 8 : Nod es, Node Groups, and Interfaces 131 3. Power Strip Nam e: select the Power Strip or PX device th at provides power to the node. T he power strip or PX de vice mus t be configured in CC-SG before it appears in this list. 4. Outlet Name: select th e nam e of the outlet the node is plugged i nto.
Chapter 8 : Nod es, Node Groups, and Interfaces 132 In terfaces for Power IQ Proxy Power Control Connections Add a Power IQ Prox y power control interfac e when you want to use CC -SG to control po wer to a Power IQ IT de vice that you've added to CC -SG as a node.
Chapter 8 : Nod es, Node Groups, and Interfaces 133 Web Browser Interface You can add a W eb Browser Interfac e to create a connection to a device with an em bedded web server, such as a Dominion PX . See Ex ample: Adding a Web Brows er Interface to a PX Node (on page 134).
Chapter 8 : Nod es, Node Groups, and Interfaces 134 5. T y pe the f ield nam es for the usernam e and password f ields used in the login screen for th e web application in the Usern am e Field and Password Field. You m ust view the HT ML source of the login scr een to find the field nam es, not the field labels.
Chapter 8 : Nod es, Node Groups, an d Interfaces 135 Results of Adding an Interface W hen y ou add an interf ace to a node, it appears i n the Interfaces table and the Default Interf ace drop-do wn menu of the Add Node or Node Profile screen.
Chapter 8 : Nod es, Node Groups, and Interfaces 136 Bookmarking an Interface If you frequentl y access a node via a particular int erface, you can bookmark it so that it is readily available fr om your browser. To bookmark an interf ace in any brow ser: 1.
Chapter 8 : Nod es, Node Groups, and Interfaces 137 Configuring Direct Port Access to a Node You can configure D irect Port Access to a nod e using the Bookm ark Node Interface feature.
Chapter 8 : Nod es, Node Groups, and Interfaces 138 Using Chat Chat provides a way for users connected to the sam e node to communicate with eac h other. You m ust be connected to a nod e to start a chat session for that node. Only users on the sam e node can cha t with each other.
Chapter 8 : Nod es, Node Groups, and Interfaces 139 Nodes CSV File Requ irements The nodes CSV fi le defines the nodes , interfaces, and their details required to add them to CC-SG. Node names m ust be unique. If you enter du plicate node nam es, CC -SG adds a num ber in parentheses to the name to m ake it unique, and adds the node.
Chapter 8 : Nod es, Node Groups, and Interfaces 140 Column number Tag or value Details 3 Node Nam e Enter the same value as entered for Raritan Port Nam e. 4 Raritan Device Nam e Required field. The device m ust already be added to CC -SG. 5 Port Num ber Required field.
Chapter 8 : Nod es, Node Groups, and Interfaces 141 Column number Tag or value Details Raritan Port Nam e. 8 Baud Rate Valid for SX ports on ly. 9 Parity Valid for SX ports on ly.
Chapter 8 : Nod es, Node Groups, and Interfaces 142 Column number in CSV file Tag or value Details Default is Java. To add an SSH o r TELNET interface to the CSV file : Column number Tag or value Details 1 ADD The first c olu mn f or all tags is the command ADD .
Chapter 8 : Nod es, Node Groups, and Interfaces 143 Column number Tag or value Details 6 TCP Port Default is 5900. 7 Service Account Nam e Optional. Leave blank if specif yi n g password. 8 Password Optional. Leave blank if specif yi n g service account.
Chapter 8 : Nod es, Node Groups, and Interfaces 144 Column number Tag or value Details 7 Usernam e You must enter either a ser vice account or a usern ame and password. Leave blank if specifying service account. 8 Password You must enter either a ser vice account or a usern ame and password.
Chapter 8 : Nod es, Node Groups, and Interfaces 145 Column number Tag or value Details 10 Description Optional. To add an IPM I power control interface to the CSV file: Column number Tag or value Details 1 ADD The first c olu mn f or all tags is the command ADD .
Chapter 8 : Nod es, Node Groups, and In terface s 146 Column number Tag or value Details 5 Powerstrip Nam e Required field. 6 Outlet Required field. 7 Managing Device The nam e of the device that the power strip is connecte d to. Required field for a ll power strips except Dominion PX.
Chapter 8 : Nod es, Node Groups, and Interfaces 147 Column number Tag or value Details 12 Description Optional. To add a Pow er IQ Proxy pow er control interface to the CSV file: See Power Control of Power IQ IT Devices (on pag e 337) for deta ils about configuring this interface type.
Chapter 8 : Nod es, Node Groups, and Interfaces 148 To assign categori es and elements to a node to the CSV file: Categories and elem ents must alread y be created in CC -SG. You can assign m ultiple elem ents of the same category to a node in the CSV file.
Chapter 8 : Nod es, Node Groups, an d I nterface s 149 If the file is not valid, an error m essage appears. Click O K and look at the Problem s area of the page f or a description of the problems with the file. Click Save to Fi le to save the proble m s list.
Chapter 8 : Nod es, Node Groups, and Interfaces 150 7. Import the .csv file. Se e Import Nodes (on page 148). A dding, Editing, and Dele ting Node Groups Node Groups Overv iew Node groups are use d to organize nodes into a set. The node gro up will become the basis for a polic y either allowing or de nying access to this particular set of nodes.
Chapter 8 : Nod es, Node Groups, and Interfaces 151 Add a Node Group To add a nod e group: 1. Choose Associations > Node Group. T he Node Groups Manager window appears 2. Choose Groups > Ne w. A tem plate for a node group a ppears. 3. In the Group Nam e field, type a nam e for a node group you want to create.
Chapter 8 : Nod es, Node Groups, and Interfaces 152 To remove a node fr om the group, select the node nam e in the Selected list and click Remove. You can search for a n ode in either the Avai lable or Selected list. T y pe the se arch term s in the field belo w the list, and then click Go 4.
Chapter 8 : Nod es, Node Groups, and Interfaces 153 An example rule m ight be Departm ent = Engineering, m eaning it describes all nodes that the category “Departm ent” set to “Engineering.” T his is exact l y what happens when you configure the associations dur ing an Add Node operat ion.
Chapter 8 : Nod es, Node Groups, and Interfaces 154 Note: You should have a space before and after operators & and |. Otherwise, the Short Expre ssion field may return t o the default expression, that is, Ru le0 & Rule1 & Rule2 an d so on, when you delete any rule from the table.
Chapter 8 : Nod es, Node Groups, and Interfaces 155.
156 User accounts are crea ted so that users can be assigned a usernam e and password to acces s CC-SG. A User Group defines a set of privileges for its members. You cannot assign privileges t o users them selves, only to user groups. A ll users must belong to at leas t one user group.
Chapter 9 : U s ers and User Groups 157 The Users Tab Click the Users tab to d isplay all user groups a nd users in CC -SG. Users are nested un derneath the user gro ups to which the y belong. User groups with users assigned to them appear in the list with a + symbol next to them.
Chapter 9 : U sers and User Groups 158 Default User Groups CC -SG is configured with three defau lt user groups: C C-Super Us er, System Adm inistrators, and CC Users. CC Super-User Group The CC Super-Us er group has f ull administrative and access privileges.
Chapter 9 : U s ers and User Groups 159 A dding, Editing, and Dele ting User Groups Add a User Group Creating user groups f irst will help you organize users when the users are added. W hen a user group is created , a set of privileges is ass igned to the user group.
Chapter 9 : U sers and User Groups 160 The All Policies table l ists all the policies available on CC -SG. Eac h policy represents a rule al lowing or denying acces s to a group of nodes. See Policie s for Access Control (on page 17 5) for details on policies and ho w they are created.
Chapter 9 : U s ers and User Groups 161 7. Select the check box that corresponds to each privilege you want t o assign to the user gro up. Deselect a pri vilege to remove it from the group. 8. In the Node Acces s area, click the drop -down m enu for each kind of interface you want this group to have access through and select Control.
Chapter 9 : U sers and User Groups 162 Limit the Number of KVM Sessions per User You can lim it the number of KVM sessions allowed per user for s essions with Dominion KXII, KSXII and KX (KX 1) devices. T his prevents any single user from using all available channe ls at once.
Chapter 9 : U s ers and User Groups 163 2. Select the Require Us ers to Enter Access Information W hen Connecting to a Node ch eckbox. 3. In the Message to Users field, enter a m essage that users will see when attempting to access a node. A def ault message is prov ided.
Chapter 9 : U sers and User Groups 164 If strong passwords are enabled, the passwor d entered must conform to the establ ished rules. The i nformation bar at the top of the screen will display mes sages to assist wit h the password requirements. See Advanced Administration (on page 237) for details on strong password s.
Chapter 9 : U s ers and User Groups 165 4. In the New Pass word and Retype Ne w Password fields, t ype a new password to change this us er's password. Note: If Strong Passwords are enabled, the pass word entered mus t conform to the esta blished rules.
Chapter 9 : U sers and User Groups 166 4. Users who are not as signed to the target group appear in the Users not in group list. Select the users you want to add f rom this list, and th en click > to move them to the Users in group list. Click the >> button t o move all users not in the group to the Users in group list.
Chapter 9 : U s ers and User Groups 167 Users CSV File R equirements The im port enables you to add user grou ps, users, and AD m odules, and assign policies and perm issions a nd user groups. Policies must alread y be created in CC -SG. T he import assigns the policy to a user group.
Chapter 9 : U sers and User Groups 168 Column number Tag or value Details 2 USERGROUP-PERMISSION S Enter the tag as sho wn. Tags are not case se nsitive.
Chapter 9 : U s ers and User Groups 169 Column number Tag or value Details command ADD . 2 USERGROUP-ADMODULE Enter the tag as sho wn. Tags are not case se nsitive. 3 User Group Nam e Required field. User G roup names are case sensitive. 4 AD Module Nam e Required field.
Chapter 9 : U sers and User Groups 170 Column number Tag or value Details Periodically is set to T RUE, specif y the number of days after which password m ust be changed. Enter just the num ber, from 1 to 365 . To add a user to a user group: Column number Tag or value Details 1 ADD The first c olu mn f or all tags is the command ADD .
Chapter 9 : U s ers and User Groups 171 Import Users Once you've created the C SV file, validate it to check for errors then import it. Duplicate records are sk ipped and are not added. 1. Choose Administrat ion > Import > Im port Users. 2.
Chapter 9 : U sers and User Groups 172 Your User Profile My Profile allows all users to view details abo ut their account, cha nge some details, and custom ize usab ility settings. It is the only way for the CC Super User accou nt to change the acc ount name.
Chapter 9 : U s ers and User Groups 173 Find Matching String - Does not sup port the use of wildcards and will highlight the closes t match in the nod es, users, or devices as you type. The list will b e limited to those item s that contain the search criteria after c licking Search.
Chapter 9 : U sers and User Groups 174 To log ou t all users of a User Group: 1. In the Users tab, select the user group you want t o log out of CC -SG. To log out m ultiple user groups, hold the Shift k ey as you click additional user groups. 2. Choose Users > User G roup Manager > Log out Users.
175 Policies are rules that def ine which nodes and dev ices users c an access, when they can acces s them , and whether virtual-m edia perm issions are enabled, where applicab le.
Chapter 10 : Policies for Access Co ntrol 176 A dding a Polic y If you create a polic y that denies access (Deny) to a node group or device group, you also must create a polic y that allows access (Control) for the selected n ode group or de vice group.
Chapter 10 : P olicies for Acc es s Control 177 14. If you selected Control in the Device/Node Acc ess Perm ission field, the Virtual Media Perm ission section will becom e enabled.
Chapter 10 : Policies for Access Co ntrol 178 9. Select the check box that corresponds to each day you want this policy to cover. 10. In the Start Tim e field, type the tim e of day this policy goes into effect. The tim e must be in 24-Hour f ormat. 11.
Chapter 10 : P olicies for Acc es s Control 179 Support for Virtual Media CC -SG provides rem ote virtual media support for nodes connected to virtual media-enable d KX2, KSX2, and KX2 -101 devic es.
180 Custom Views enab le you to specif y different ways to displa y the nodes and devices in the lef t panel, using Cate gories, Node Groups, an d Device Groups. In This Chapter T y pes of Custom Views .................................................
Chapter 11 : Cu stom Views for Dev ic es and Node s 181 Using Custom Views in the Admin Client Custom Views for Node s Add a Custom View for Nodes To add a custom v iew for nodes: 1. Click the Nodes tab. 2. Choose Nodes > Chan ge View > Create C ustom View.
Chapter 11 : Cu stom Views for Dev ic es and N odes 182 2. Click the Nam e drop-down arrow an d select a custom view from the list. 3. Click Apply View. or Choose Nodes > Chan ge View. All defined c ustom views are opt ions in the pop-up m enu.
Chapter 11 : Cu stom Views for Dev ic es and Node s 183 2. Choose Nodes > Chan ge View > Create C ustom View. T he Custom View screen appears . 3. Click the Nam e drop-down arrow, an d select a custom view from the list. Details of the item s included and their ord er appear in the Custom View Deta ils panel 4.
Chapter 11 : Cu stom Views for Dev ic es and Node s 184 3. In the Custom View pa nel, click Add. The Add Custom Vie w window appears. 4. T y pe a n ame f or the new custom view in the Custom View Nam e field.
Chapter 11 : Cu st om View s for Devices and Nodes 185 2. Choose Devices > Change View > Creat e Custom View. The Custom View screen appears. 3. Click the Nam e drop-down arrow, an d select a custom view from the list. Details of the item s included and their o rder appea r in the Custom View Deta ils panel.
Chapter 11 : Cu stom Views for Dev ic es and Node s 186 Assign a Default Custom View for Devices To assign a default cu stom view for devices: 1. Click the Devices tab. 2. Choose Devices > Change View > Creat e Custom View. The Custom View screen appears.
187 In This Chapter Authentication and Au thorization (AA) Overvi ew .................................. 187 Distinguished Nam es for LDAP and AD ................................................ 188 Specifying Modules f or Authentication and Aut horization .
Chapter 12 : Re m ote Authenticatio n 188 2. CC -SG connects to t he external server and se nds the usernam e and password. 3. Usernam e and password are either accept ed or rejected and sen t back. If authenticatio n is rejected, this resu lts in a failed login attempt.
Chapter 12 : Re m ote Authent ic atio n 189 Specify a Distinguished N ame for LD AP Distinguished Nam es for Netscape LDA P and eDirector y LDAP should follow this structure: user id (uid), organi.
Chapter 12 : Re m ote Authenticatio n 190 Establishing Order of External AA S ervers CC -SG will quer y the configured external authori zation and authentication servers in the order that you specify. If the first check ed option is unavailable, CC -SG will tr y the second, then the third, and so on, until it is successf ul.
Chapter 12 : Re m ote Authe ntication 191 5. T y pe a n ame f or the AD server in the Module n ame field. The maxim um number of characters is 31. All printable charact ers may be used. The module nam e is optional and is specified only to distinguish this AD server m odule from an y others that you configure in CC -SG.
Chapter 12 : Re m ote Authenticatio n 192 UserNam e@raritan.com Raritan/UserNam e Note: The user spec ified must have perm ission to execute search queries in the AD dom ain. For example, the user may belong to a group within AD that has Group scope se t to Global, and Group type set to Security.
Chapter 12 : Re m ote Authe ntication 193 5. T y pe a user' s attributes in t he Filter field so the se arch query will be restricted to only those entries that m eet this criterion. The default filter is objectclass=user, which means that on ly entries of the t ype user are searched.
Chapter 12 : Re m ote Authenticatio n 194 3. T y pe a user' s attributes in t he Filter field so the se arch query for the user in the group will be restricted to onl y those entries that m eet th is criterion.
Chapter 12 : Re m ote Authe ntication 195 Editing an AD Module Once you have configure d AD modules, you can edit them at any time. To edit an AD module: 1. Choose Administrat ion > Security. 2. Click the Authenticatio n tab. All configured external Authorizat ion and Authentication Ser vers appear in a t able.
Chapter 12 : Re m ote Authenticatio n 196 2. Click the Authenticatio n tab. All configured Authorization and Authentication Ser vers appear in a tabl e. 3. Select the AD server whose AD user grou ps you want to im port. 4. Click Import AD User Gr oups to retrieve a list of user group values stored on the AD serv er.
Chapter 12 : Re m ote Authe ntication 197 Synchronizing AD with CC- SG There are several m ethods for s ynchronizing the inform ation on CC- SG with the inform ation on your AD serv er. Daily synchronization of all m odules: You can enable scheduled synchronization to a llow CC-SG to s ynchronize all AD modules dail y at the time you choose.
Chapter 12 : Re m ote Authenticatio n 198 Synchronize All User Groups w ith AD You should synchron ize all user groups if you have made a change to a user group, such as m oving a user group from one AD m odule to another.
Chapter 12 : Re m ote Authe ntication 199 Synchronize All AD Modules You should synchron ize all AD Modules when ever you change or de lete a user in AD, change user perm issions in AD, or mak e changes to a domain controller.
Chapter 12 : Re m ote Authentication 200 To disable dail y synchronization of all AD modules: 1. Choose Administrat ion > Security. 2. Click the Authenticatio n tab. All configured Authorization and Authentication Ser vers appear in a tabl e. 3. Deselect the Dail y synchronization of All Modu les checkbox.
Chapter 12 : Re m ote Authe ntication 201 Renaming and Moving AD Groups Renaming a group in AD: W hen an A D group that ha s been im ported into CC-S G changes its name in AD, CC-SG re ports a warning in t he Audit Trail when the name change is detected, either at synchronizatio n or when an aff ected AD user logs in for the f irst time after.
Chapter 12 : Re m ote Authenticatio n 202 LDAP General Settings 1. Click the General tab. 2. T y pe the IP address or hos tname of the LDAP server in the IP Address/Hostnam e field. See Te rminology/Acronym s (on page 2) for hostnam e rules. 3. T y pe the port value in the Port f ield.
Chapter 12 : Re m ote Authe ntication 203 2. Select Base 64 if you want the password to be se nt to the LDA P server with encr yption. Select Plain Tex t if you want the pass word to be sent to the LDAP serv er as plain text. 3. Default Digest: selec t the default encr yption of user passwords.
Chapter 12 : Re m ote Authent ic atio n 204 OpenLDAP (eDirecto ry) Configuration Setting s If using an OpenLD AP server for r emote authentication, use th is example: Parameter Name Open LDAP Paramete.
Chapter 12 : Re m ote Authe ntication 205 A bout T ACA CS+ and CC- SG CC -SG users who are rem otel y authenticated by a T ACACS+ ser ver must be created on the TACACS+ server a nd on CC- SG. The user nam e on the TACACS + server and on CC -SG must be the s ame, although the passwords m ay be different.
Chapter 12 : Re m ote Authenticatio n 206 A bout R ADIUS and CC- SG CC -SG users who are rem otel y authenticated by a RADIUS ser ver must be created on the R ADIUS server and o n CC-SG. The user nam e on the RADIUS server an d on CC-SG m ust be the sam e, although the passwords m ay be different.
Chapter 12 : Re m ote Authe ntication 207 Two-Factor A u thenticatio n Using R A DI US By using an RSA RADIU S Server that supp orts two-f actor authentication in conjunction with an R SA Authentication Man ager, CC -SG can m ake use of two-fac tor authentication schem es with dynam ic tokens.
208 In This Chapter Using Reports ........................................................................................ 208 Audit Trail Report ................................................................................... 210 Error Log Report .
Chapter 13 : Rep orts 209 View Report Deta ils Double-click a ro w to view details of the report. W hen a row i s highlighted, press the Enter key to view details. All details of the selecte d report displa y in a dialog that appears, not just the details you can view in the report scr een.
Chapter 13 : Re ports 210 Purge a Report's Data F rom CC - SG You can purge the data that appears in the A udit Trail and Error Lo g reports. Purging these rep orts deletes all d ata that satisf y the search criteria used.
Chapter 13 : Rep orts 211 3. You can limit the data that the report will contain by entering additional param eters in the Message T ype, Message, Usernam e, and User IP address f ields. Wildcards are acc epted in these fields except for the Mess age Type field.
Chapter 13 : Re ports 212 Click Purge to delete t he Error Log. See Purge a Repo rt's Data from CC- SG (on page 210) . A ccess Report Generate the Access report to view inf ormation about acces sed devices and nodes, when the y were accessed, and the us er who accessed them .
Chapter 13 : Rep orts 213 3. Click Apply. A ctive Users Report The Active Users report displays current users and user sess ions. You can select active users from the report and discon nect them f rom CC -SG. To generate the Active Users report: Choose Reports > Users > Active Users.
Chapter 13 : Re ports 214 The Password Expirat ion field displa y s the num ber of days that the user can use the sam e password before being forced to change it. See Add a User (on pa ge 163). The Groups field disp lays the user groups t o which the user belongs.
Chapter 13 : Rep orts 215 Device Group Data Report The Device Group Data report displa y s device grou p inform at ion. To generate the Device Group Data report: 1. Choose Reports > D evices > Device Gr oup Data. 2. Double-click a ro w to display the list of devices in the group.
Chapter 13 : Re ports 216 State Type Port State Definition been configured. 3. Select Ghosted Ports to include ports that are ghosted. A ghosted port can occur when a CI M or target server is removed f rom a Paragon s y s tem or powere d off (m anually or accidentally).
Chapter 13 : Rep orts 217 3. The URL colum n contains direct links to each node. You can use this inform ation to create a web page with link s to each node, instead of bookmark ing each node individuall y. See Bookmarki ng an Interface (on page 136).
Chapter 13 : Re ports 218 Node Group Data Report The Node Group Da ta report displays the list of nodes that belong to each group, the user grou ps that h ave access to eac h node group, and, if applicable, the rules t hat define the node grou p.
Chapter 13 : Rep orts 219 Scheduled Reports Scheduled Reports d isplays reports th at were scheduled in th e Task Manager. You can find the Upgrade De vice Firmware r eports and Restart Device reports in the Scheduled Reports screen. Schedu led reports can be viewed in HT ML format only.
Chapter 13 : Re ports 220 Upgrade Device Firmware Report The Upgrade Device F irmware report is loc ated in the Schedule d Reports list. This report is generated when an U pgrade Device Firm ware task is running. View the re port to get real- time s tatus information about the task.
221 In This Chapter Maintenance Mode ................................................................................ 221 Entering Maintenanc e Mode .................................................................. 222 Exiting Maintenance Mo de .....
Chapter 14 : Syst em Ma intenance 222 Entering Maintenance Mode 1. Choose S y st em Maintenan ce > Maintenance Mode > Enter Maintenance Mode. 2. Password: T ype your password. Only users with the CC Setup and Control privilege can en ter m aintenance mode.
Chapter 14 : S ystem Mainte nance 223 4. Select a Backup T ype: Full or Standard. See What is th e difference between Full backup and Standard backup? (on pa ge 224) 5. To save a cop y of this backup file to an ext ernal server, select t he Backup to Rem ote Location check box.
Chapter 14 : Syst em Ma intenance 224 What is the differen ce betw een Full backup and Standard bac kup? Standard backup: A standard back up includes all data in all fie lds of all CCSG pages, except .
Chapter 14 : S ystem Mainte nance 225 3. Click OK to delete the b ackup from the CC-SG s y stem . Restoring CC- SG You can restore CC -SG using a back up file that you created. Important: T he Neighborhood configuration is in cluded in the CC -SG backup file so make sure you rem ember or note do wn its setting at the backup t ime.
Chapter 14 : Syst em Mainten ance 226 Restore Data - CC - SG configuration, Dev ice and Node configuration, and User Dat a. Selecting Data res tores the Standard back up portion of a Full back up file.
Chapter 14 : S ystem Mainte nance 227 Option Description Full Database This option rem oves the existing CC -SG database a nd builds a new version with the f actory default values. Network settings, SNMP agents, firm ware, and Diagnostic Co nsole settings are no t part of the CC-SG d atabase.
Chapter 14 : Syst em Ma intenance 228 Option Description Read-write C omm unity: private System Contact, Name, Loc ation: none SNMP T rap Configuration SNMP T rap Destinations Default Firm ware This option resets a ll device firmware files to factory def aults.
Chapter 14 : S ystem Mainte nance 229 Restarting CC- SG The restart com mand is used to restart the CC -SG sof tware. Restarting CC -SG will log all acti ve users out of CC -SG. Restarting will not c ycle power to the CC- SG. To perf orm a full reboot, you must acc ess Diagnostic Console or the p ower switch on the CC - SG unit.
Chapter 14 : Syst em Ma intenan ce 230 CC -SG will reboot as p art of the upg rade process. DO NO T stop the process, reboot the un it manually, pow er off, or power cycle the unit during the upgrade To upg rade CC-SG: 1. Download the firm ware file to your client PC .
Chapter 14 : S ystem Mainte nance 231 10. Clear the Java cache. See Clear the Java Cache (on page 23 1). 11. Launch a new web bro wser window. 12. Log into the CC-SG Admin Client using an account that has th e CC Setup and Control pri vilege. 13. Choose Help > About Raritan Secure Gat eway.
Chapter 14 : Syst em Ma intenance 232 Upgrading a Cluster To upgrade a CC- SG cluster, f ollow this recomm ended upgrade procedure. Onl y physical CC-SG un its can be in a clus ter. A CC-SG cluster license is a special k ind of license file that the 2 CC -SG units in the cluster share.
Chapter 14 : S ystem Mainte nance 233 Primary Node Upgr ade Failure If the upgrade of your primary node fails while f ollowing the Upgrading a Cluster (on page 232 ) procedure, fol low these steps to c omplete the cluster upgrade. 1. If the primar y node upgrade f ails, shutdown the CC -S G application by choosing System Maintenance > Shutdo wn.
Chapter 14 : Syst em Ma intenance 234 Note: The CC-SG th at you are migrating to must have its own val id licenses to be fully operat ional. A valid license is not required to complete the Full Restore . 5. Resume m anagement of all devices. You ca n schedule a task to resum e all devices, if you are using CC -SG firm ware version 5.
Chapter 14 : S ystem Mainte nance 235 Restarting CC-SG after Shutdown After shutting down CC -SG, use one of these two m ethods to restart the unit: Use the Diagnostic Conso le. See R estart CC-SG wit h Diagnostic Console (on page 3 15). Recycle the power to your CC- SG unit.
Chapter 14 : Syst em Ma intenance 236 2. Click Yes to log out of CC-SG. Once you log out, the CC -SG login window opens. Exit CC- SG 1. Choose Secure Gate way > Exit.
237 In This Chapter Configuring a Mess age of the Da y ........................................................ 237 Configuring Applications for Accessing Nodes ................................ ...... 238 Configuring Default Ap plications ............
Chapter 15 : Advanced Administrat ion 238 c. Click the Font Si ze drop-down m enu and select a font size for the message text. If you select Message of the Day File: a. Click Browse to bro wse for the m essage file. b. Select the file in the di alog window that ope ns then click Open.
Chapter 15 : A dvanced A dministrat ion 239 2. Click the Application nam e drop-do wn arrow and selec t the application that m ust be upgraded fr om the list. If you do not see the application, you m ust add it first. See Add an Applicat ion ( on page 239 ).
Chapter 15 : Advanced Administrat ion 240 5. Click OK. An Open di alog appears. 6. Navigate to and selec t the application f ile (usually a .jar or .cab f ile), and then click O pen. 7. The selected applicatio n loads onto CC -SG. Delete an Application To delete an applic ation: 1.
Chapter 15 : A dvanced A dministra tion 241 View the Default Application Assignments To view the default application assignment s: 1. Choose Administrat ion > Applications. 2. Click the Default App lications tab to view and e dit the current defau lt applications for vario us Interfaces and Port T ypes.
Chapter 15 : Advanced Administrat ion 242 2. Click Add to add a ne w firmware file. A searc h window opens. 3. Navigate to and selec t the firm ware file you want to upload to CC -SG, and then c lick Open. W hen the upload completes, the ne w firmware appears in th e Firm ware Name field.
Chapter 15 : A dvanced A dministra tion 243 Model Primary L AN Name Primary L AN Location Secondary L A N Name Secondary L A N Location V1 -0 or V1 -1 LAN1 Left LAN port LAN2 Right LAN port E1 LAN Por.
Chapter 15 : Advanced Administrat ion 244 If the Primar y LAN is connected and receiv ing a Link Integrit y signal, CC -SG uses this LAN p ort for all comm unications. If the Prim ary LAN loses Link Integrit y, and Secondary LAN is co nnected, CC -SG will failover its assigned I P address to the Seco ndary LAN.
Chapter 15 : A dvanced A dministra tion 245 6. Click the Adapter Spee d drop-do wn arrow and select a line sp eed from the list. Mak e sure your selection agrees with your switch's adapter port setting. If your switch uses 1 G ig line speed, sel ect Auto.
Chapter 15 : Advanced Administrat ion 246 What is IP Isolation mod e? IP Isolation mode all ows you to isolate cl ients from devices b y placing them on separate s ub-networks and forcing clients to ac cess the devices through CC-SG. In t his mode, CC- SG manages traf fic between the t wo separate IP dom ains.
Chapter 15 : A dvanced A dministra tion 247 Specify at most one D efault Gateway in the N etwork Setup pan el in CC -SG. Use Diagnost ic Console to add m ore static routes if ne eded. See Edit Static Route s (on pa ge 310). To configu re IP Isolation mode in CC -SG: 1.
Chapter 15 : Advanced Administrat ion 248 Re commended DHC P Configurations fo r CC- SG Review the following rec omm ended DHCP configurations. Mak e sure that your DHCP server is set up properl y before you configure CC -SG to use DHCP. Configure the DHC P to statically allocate CC -SG's I P address.
Chapter 15 : A dvanced A dministra tion 249 Purge CC-SG's Inte rnal Log You can purge the C C-SG's internal log. This operation do es not delete any events recorded on your external log ser vers. Note: The Audit Tra il and Error Log reports are based on CC -SG's internal log.
Chapter 15 : Advanced Administrat ion 250 Note: Network Time Protocol (NTP) is the prot ocol used to synchronize the attached computer's date an d time data with a referenced NTP server.
Chapter 15 : A dvanced A dministra tion 251 Configure Direct M ode for All Client Connectio ns To configu re direct mode for all client connectio ns: 1. Choose Administrat ion > Configuration. 2. Click the Connection Mode tab. 3. Select Direct m ode.
Chapter 15 : Advanced Administrat ion 252 3. Select a Device T ype in the table and double -click the Default Port value. 4. T y pe the new Default Port value. 5. Click Update Config uration to save your changes. To configu re timeout duration for devices: 1.
Chapter 15 : A dvanced Ad m inistrat ion 253 Enabling the A K C Down load Server Certificate V alidation If you are using the AKC client, you can choos e to use the Enable A KC Download Server Certif icate Validation f eature or opt not to use this feature.
Chapter 15 : Advanced Administrat ion 254 3. Click OK. Configuring Custom JRE Settings CC -SG will displa y a warning m essage to users who attem pt to access CC -SG without the m inimum JRE versio n that you spec ify. Check the Compatibilit y Matrix for the m inimum supported JRE vers ion.
Chapter 15 : A dvanced A dministra tion 255 3. Click Restore Def ault. 4. Click Update. To clear the default m essage and minimum JR E version: 1. Choose Administrat ion > Configuration.
Chapter 15 : Advanced Administrat ion 256 9. Select the check boxes before the traps you want CC- SG to push to your SNMP hosts: Un der Trap Sources, a list of SNMP traps grouped into t wo different c.
Chapter 15 : A dvanced A dministra tion 257 Requirements for CC- SG Clusters The Primar y and Secondary nodes in a cluster m ust be running the same firm ware version on the sam e hardware version ( V1 or E1). Your CC-SG net work must be in IP Fa ilover mode to be us ed for clustering.
Chapter 15 : Advanced Administrat ion 258 5. T y pe a valid user name an d password for the B ackup node in the Usernam e for Backup Secure G ateway and Password f or Backup Secure Gatewa y fields. 6. Select the Redirect b y Hostnam e checkbox to specify that secondar y to primar y redirection access should be via DN S.
Chapter 15 : A dvanced A dministra tion 259 Switch the Primar y and Secondary Node Statu s You can exchange the r oles of Prim ary and Secondary nodes when the Secondary, or Back up, node is in the "Joined " state. When the Secondary node is in the "W aiting" state, switching is disabled.
Chapter 15 : Advanced Administration 260 Note: If the clustered CC -SG units do not share the sa me time zone, when the Primary no de failure oc curs, and the Second ary node becomes the new Pri mary node, the time spec ified for Automatic Rebuild still follows t he time zone of the old Primary node.
Chapter 15 : A dvanced A dministra tion 261 Cluster Licenses You can operate a C C-SG cluster usin g separate stan dalone licenses with the same nod e capacity, or a cluster k it license. Cluster licenses diff er from standalone licens es in that the y contain the host IDs of both CC- SG units in the cl uster.
Chapter 15 : Advanced Administrat ion 262 Configuring a Neighborhood What is a Neighborhoo d? A Neighborhood is a co llection of up to 10 CC -SG units . After setting up the Neighborhood in the Adm in Client, users can access multiple CC -SG units in the sam e Neighborhood with single s ign-on us ing the Access Client.
Chapter 15 : A dvanced A dministra tion 263 If one or more CC -SG units cannot be found, a m essage appears and these CC-SG u nits will be h ighlighted in yellow in the table. Remove these units or m odif y their IP addresses or hostnam es, and click Next again.
Chapter 15 : Advanced Administrat ion 264 Add a Neighborhood Member To add a new CC-SG unit into the Neighborhood 1. Choose Administrat ion > Neighborhood. 2. Click Add Mem ber. The Add Mem ber dialog appears. 3. Add CC-SG units. T he number of CC -SG units that can be added varies depending on the num ber of existing Neighborhood m embers.
Chapter 15 : A dvanced A dministra tion 265 To deactivate a CC- SG unit, deselect th e Active check box next to the unit. To change a Secure Gateway Nam e, click the nam e, type a new one and press Enter. T he nam e must be unique. To retrieve all CC- SG units' lates t data, click Ref resh Member Data.
Chapter 15 : Advanced Administrat ion 266 Refresh a Neighborhoo d You can retrieve the latest status of all Nei ghborhood m embers immediatel y in the Neighborhood Configur ation panel. 1. Choose Administrat ion > Neighborhood. 2. Click Refres h Member Data.
Chapter 15 : A dvanced A dministra tion 2 67 Check Your Browser for AES Encryption CC -SG supports A ES-128 and AES- 256. If you do not know if your browser uses AES, c heck with the browser m anufacturer. You may also want to tr y navigating to the fol lowing web site usi ng the browser whose encr yption m ethod you want to check: https://www.
Chapter 15 : Advanced Administrat ion 268 Click the Key Length drop -do wn arrow to select the en cryption level - 128 or 256. The CC-SG Port fie ld displays 80. The Browser Connecti on Protocol field disp lays HTTPS/SSL selected. 5. Click Update to save your changes.
Chapter 15 : A dvanced A dministra tion 269 Require strong passwords for all users 1. Choose Administrat ion > Security. 2. Click the Login Settings ta b. 3. Select the Strong Pass words Required for A ll Users check box. 4. Select a Maxim um Password Length.
Chapter 15 : Advanced Administrat ion 270 Lockout settings Administrators can lock out CC-SG users and SSH users after a specified num ber of failed login attem pts. You can enable this f eature for locally authenticated users, for rem otely authenticated users , or for all users.
Chapter 15 : A dvanced A dministra tion 271 2. Open the Login Settings t ab. 3. Deselect the Lock out Enabled for Local Users checkbox to disabl e lockout for locall y authenticated users. Deselec t the Lockout Enabled for Remote Users checkbox to disable lock out for remotel y authenticated users.
Chapter 15 : Advanced Administrat ion 272 Logo A small graphic file ca n be uploaded to CC -SG to act as a banner on the login page. The m aximum size of the logo is 9 98 by 170 pixels. To upload a log o: 1. Click Browse in the Lo go area of the Portal tab.
Chapter 15 : A dvanced A dministra tion 273 Click Browse. A dialog window opens. In the dialog windo w, select the text file with the m essage you want to use, and then click Open. T he maximum length of the text mes sage is 10,000 characters.
Chapter 15 : Advanced Administrat ion 274 a. Encryption Mode: If Require AES Encr yption between Client and Server is selected in the Adm inistration > Security > Encr y p tion screen, AES-128 is the default. If AES is not r equired, DES 3 is the default.
Chapter 15 : A dvanced A dministra tion 275 14. T y pe r aritan in the Passwor d field if the CSR was ge nerated by CC -SG. If a diff erent application generated t he CSR, us e the password for that app lication.
Chapter 15 : Advanced Administrat ion 276 Access Control List An IP Access Control List s pecifies ranges of client IP addresses f or which you want to de ny or allow access to C C- SG. Each entr y in the Access Control List becom es a rule that determ ines whether a user in a certain group, with a c ertain IP address, c an access CC -SG.
Chapter 15 : A dvanced A dministra tion 277 6. Click the Action drop- down arrow and sel ect Allow or Den y to specif y whether the specified us ers in the IP range can ac cess CC -SG. 7. Click Update to save your changes. To change th e order in which CC-SG applies rules: 1.
Chapter 15 : Adv anced Administration 278 7. T y pe a valid email address that will identify m essages from CC -SG in the From f ield. 8. T y pe the number of tim es emails should be re- sent should the se nd process fail in the Send ing retries field.
Chapter 15 : A dvanced A dministra tion 279 Schedule Sequential T asks You may want to sc hedule task s sequentially to confirm that expected behavior occurred.
Chapter 15 : Advanced Administrat ion 280 Schedule a Task This section covers m ost task s that can be scheduled. See Sch edule a Device Firmware Up grade (on page 282) for details on scheduling device firm ware upgrades. To schedule a task: 1. Choose Administrat ion > Tasks.
Chapter 15 : A dvanced A dministra tion 281 Upgrade Device Fi rmware (indiv idual device or dev ice group): See Schedule a D evice Firmware Upgrade (on page 282 ) . Generate all reports: See Repo rts (on page 208) . 6. Click the Recurrence tab.
Chapter 15 : Advanced Administrat ion 282 10. If a task fails, CC-SG c an retry the task at a later time as specif ied in the Retry tab. T ype the num ber of times CC -SG should retr y to execute the task in the Retry count field. T ype the time that should elapse between retries in the Retr y Interval field.
Chapter 15 : A dvanced A dministra tion 283 d. Concurrent Upgrades: Specif y t he number of devices that should begin the file transfer porti on of the upgra de simultaneousl y. Maximum is 10. As e ach file transfer com pletes, a new file transfer will begin, ensur ing that only the m aximum num ber of concurrent transfers occurs at once.
Chapter 15 : Advanced Administrat ion 284 W hen the t ask starts running, you can open the Upgra de Device Firmware report an y time dur ing the scheduled tim e period to view the status of the upgra des. See Up grade Device Firm ware Report (on page 220).
Chapter 15 : A dvanced Ad m inistrat ion 285 Delete a Task You can delete a task to remove it from the Task Manager. You cannot delete a task that is curr ently running.
Chapter 15 : Advanced Administrat ion 286 To display all SSH comm ands: At the shell prom pt, type ls to display all com mands available. Get Help for SSH Comm ands You can get lim ited help for all comm ands at once. You can a lso get in -depth help o n a single com mand at a time.
Chapter 15 : A dvanced A dministra tion 287 SSH Commands and Parameters The following table lists all commands availabl e in SSH. You m ust be assigned the appropri ate privileges in CC- SG to acces s each comm and. Some comm ands have additional param eters that you m ust type to execute the comm and.
Chapter 15 : Advanced Administrat ion 288 To search for text f rom piped output stream: grep search_term To view the help screen for all commands: help To list available dev ice configuratio n backups.
Chapter 15 : A dvanced A dministra tion 289 To restart a device: restartdevice <[-id <device_id>] | [host]> To restore a device conf iguration: restoredevice <[-host <host>] | [-i.
Chapter 15 : Advanced Administrat ion 290 Command syntax Device ID value You should type ssh -id <device_id> 100 ssh -id 100 The default escape charact er is a tilde followed b y a period. For example: ~. See End SSH Connection s (on p age 292) for deta ils on using the escape character and the exit comm and.
Chapter 15 : A dvanced A dministra tion 291 2. Connect to the de vice by typing ssh -id <device_ id> . Using the figure above as an example, you ca n connect to SX - 229 by typing ssh -id 1370 .
Chapter 15 : Advanced Administration 292 Command Alias Description get_write gw Gets Wr ite Access. Allows SSH user to execute comm ands at target server while browser user can onl y observe proceedings. get_history gh Gets History. Displa ys the last few commands and results at target server.
Chapter 15 : A dvanced A dministra tion 293 Serial Admin Port The serial adm in port on CC- SG can be connected dir ectly to a Raritan serial device, such as Dom inion SX or KSX. You can connect to the SX or KSX via the I P address using a term inal emulation program , such as H yperTerminal or PuTT Y.
Chapter 15 : Advanced Administrat ion 294 Finding Your CC -SG Serial Number To find your CC-SG serial number: 1. Log into the Adm in Client. 2. Choose Help > About Raritan Secure Gat eway.
Chapter 15 : A dvanced A dministra tion 295 e. State or Province: Maxim um 64 characters. Type in the whole state or province nam e. Do not abbreviate. f. City/Locality: CSR tag is Localit y Name. Maximum 64 characters. g. Registered Com pany Name: CSR ta g is Organization Nam e.
296 The Diagnostic Co nsole is a non- graphical, m enu-based interface that provides local access to CC-SG. You can access Diagnostic C onsole from a serial or KVM port.
Chapter 16 : Diagn ostic Console 297 Status Console About Status Console You can use the Status Co nsole to check the health of CC -SG, the various services CC -SG uses, and the att ached net work. By default, Status Conso le does not require a pas sword.
Chapter 16 : Diag nostic Console 298 2: Access the Status Con sole via web b rowser: 1. Using a supported Inter net browser, t ype this URL: http(s)://<IP_address>/status/ where <IP_add ress> is the IP address of the C C-SG. Note the forward slash (/ ) following /status is mandator y.
Chapter 16 : Diagn ostic Console 299 CC -SG Title, Date and Time The CC-SG title is c onstant so users know that the y are connected to a CC -SG unit. The date and tim e at the top of the screen is the last tim e when the CC -SG data was po lled. The date and tim e reflect the tim ing values saved on the CC- SG server.
Chapter 16 : Diag nostic Console 300 Information Description suspended. Down Database server has n ot started yet. W eb Status Most of the access to the CC- SG server is through the W eb.
Chapter 16 : Diagn ostic Console 301 Information Description Duplex Indicate whether the in terface is Full- or Half-duplex. IPAddr The current Ipv4 Address of this interf ace. RX -Pkts The num ber of IP packets received on this interface since CC -SG was booted.
Chapter 16 : Diag nostic Console 302 Status Console via Web Browser After connecting to t he Status Console via th e web browser, the read-only Status Cons ole web page appears . The web page disp lays the same inform ation as the Status Console, an d also updates the inf ormation approxim ately every 5 sec onds.
Chapter 16 : Diagn ostic Console 303 A dministrator Console About Administrator Co nsole The Adm inistrator Console allows you to set some initial param eters, provide initial network ing configuration, debug lo g files, and perform some limited diagnostics and restarting CC -SG.
Chapter 16 : Diag nostic Console 304 The main Administrat or Console screen ap pears. Administrator Console Screen Administrator Consol e screen consists of 4 m ain areas. Menu bar: You can perform Administrator Console f unctions by activating the menu bar.
Chapter 16 : Diagn ostic Console 305 Status bar: Status bar is just abo ve the navigation ke ys bar. It displa y s s ome important s ystem information, includin g CC-SG's serial number, firmware version, an d the tim e when the information shown in the main display area was loaded or updated.
Chapter 16 : Diag nostic Console 306 Edit Diagnostic Consol e Configuratio n The Diagnostic Consol e can be access ed via the serial port (CO M1), VGA/Keyboard/Mouse ( KVM) port, or f rom SSH clients. If you want to access Status Consol e, one m ore access mechanism , W eb acc ess, is also available.
Chapter 16 : Diagn ostic Console 307 4. Click Save. Edit Network Interfa ces Configuration (Network Interfaces) In Network Interf ace Configuration, you can perform initial setup tasks, such as setting the hos tname and IP address of the CC -SG. 1. Choose Operation > N etwork Interfaces > Network Interfac e Config.
Chapter 16 : Diag nostic Console 308 Even if DHCP is be ing used to determ ine the IP configuration f or an interface, you m ust provide a properl y form atted IP addres s and Netmask .
Chapter 16 : Diagn ostic Console 309 Option Description Record Route Records route. T urns on the IP record rout e option, which will store th e route of the packet inside the IP hea der. Use Broadcast Address Allows pinging a broadcast message. Adaptive Tim ing Adaptive ping.
Chapter 16 : Diag nostic Console 310 Option Description No DNS Resolution Does not resolve addr esses to host names. Use ICMP (vs. norm al UDP) Use ICMP ECHO ins tead of UDP datagram s.
Chapter 16 : Diagn ostic Console 311 Although you can delete all other routes, including the Default Ga teway, doing this will greatl y impact the comm unication with CC -SG.
Chapter 16 : Diag nostic Console 312 View Log Files in Diagnostic Consol e You can view one or m ore log files sim ultaneously via LogViewer, which allows browsing throu gh several files at once to examine s ystem activity.
Chapter 16 : Diagn ostic Console 313 3. Click with the m ouse or use the arro w ke y s t o navigate and press the Space bar to select a log file, m arking it with an X.
Chapter 16 : Diag nostic Console 314 Option Description contents of this pack age is not available to cu stom er. Exported logfiles will be a vailable for up to 1 0 days, and then the system will automatically delete them . View View the selected log(s).
Chapter 16 : Diagn ostic Console 315 Note: System load is static as of the start of th is Admin Conso le session - use the TOP utility to dynamically mon itor system resources . To filter a log file w ith a regular expression: 1. T y pe e to add or edit a regular expr ession and select a lo g from the list if you have chosen t o view several.
Chapter 16 : Diag nostic Console 316 Diagnostic Console. See Restarting CC- SG (on page 229 ) . Restarting CC-SG in D iagnostic Con sole will NOT notify users that it is being restarted. To restart CC-SG w ith Diagnostic Con sole: 1. Choose Operation > Admin > CC- SG Restart.
Chapter 16 : Diagn ostic Console 317 2. Either click REBOOT System or press Enter to reboot CC -SG. Confirm the reboot in the next scr een to proceed. Power Off CC- SG System from Diagnosti c Console This option will power of f the CC-SG unit. Logged-in users will not receive a notification.
Chapter 16 : Diag nostic Console 318 2. Either click Power OFF the CC-SG or pr ess Enter to re move AC power from the CC-SG. Confirm the power off operation in the next screen to proceed. Reset CC Super- User Passw ord with Diagnostic Console This option will reset t he password for the CC Super Us er account to the factor y default value.
Chapter 16 : Diagn ostic Console 319 2. Either click Reset CC-SG GUI Adm in Password or press Enter to change the adm in password back to factory default. Confirm the password reset in the next screen to proceed. Reset CC-SG Factor y Configuration This option will reset a ll or parts of the CC -SG s ystem back to their factor y default values.
Chapter 16 : Diag nostic Console 320 Option Description Full CC-SG Databas e Reset This option rem oves the existing CC -SG database a nd builds a new version with the factor y default values . Network settings , SNMP settings, firmware, and diagnostic c onsole settings are not part of the CC -SG database.
Chapter 16 : Diagn ostic Console 321 Option Description Diagnostic Console R eset This option restores D iagnostic Conso le settings back to f actory defaults.
Chapter 16 : Diag nostic Console 322 2. In the Password Hist ory Depth field, t ype the num ber of passwords that will be rem embered. The default setting is f ive. 3. Select either Regular, Random, or Strong for th e admin and status (if enabled) pass words.
Chapter 16 : Diagn ostic Console 323 Password setting Description every password m ust have at least one digit in it. Diagnostic Console Account Conf iguration By default, the status ac count does not require a p assword, but you can configure it to require o ne.
Chapter 16 : Diag nostic Console 324 Setting Description User User Nam e (Read-onl y ). This is the curr ent user nam e or ID for this account. Last Changed (Read-onl y ). This is the date of the last password chan ge for this account. Expire (Read-onl y ).
Chapter 16 : Diagn ostic Console 325 Configure Remote S ystem M onitoring You can enable the rem ote s y st em m onitoring feature to use the G KrellM tool. The GKrellM too l provides a graph ical view of resourc e utilization on the CC-SG unit. T his tool is sim ilar to the W indows Task Manager's Performance tab.
Chapter 16 : Diag nostic Console 326 3: Configure the remot e system monitoring client to w ork with CC -SG: Follow the instructions in the Read Me file to set the CC -SG unit as t he target to monitor. W indows users must use the comm and line to locate the Gk rellm installation director y and then run the com mands specif ied in the Read.
Chapter 16 : Diagn ostic Console 327 Display R AID Status and Disk Utiliz ation This option displa ys the status of CC -SG disk s, including disk size, active and up status, state of the RAID-1, and amount of spa ce currently used by various file s ystems.
Chapter 16 : Diag nostic Console 328 Perform Disk or R AID Tests You can manuall y perform SMART disk drive tests or RAID chec k and repair operations. To perform a disk d rive test or a R AID check and re pair operation: 1. Choose Operation > U tilities > Disk/RAID Ut ilities > Manual Disk/RAID T ests.
Chapter 16 : Diagn ostic Conso le 329 d. After the test is com plete, you can view the resu lts in the Repair/Rebuild RAID screen. See R epair or Rebuild RAID Disks (on page 33 1).
Chapter 16 : Diag nostic Console 330 Schedule Disk T ests You can schedule SMART -based tes ts of the disk drives to be periodically perf ormed. Firmware on the disk drive will perform these tests, and you can vie w the test results in the R epair/Rebuild screen.
Chapter 16 : Diagn ostic Console 331 2. Click with the m ouse or use the arro w keys to navigate and pres s the Space bar to select a t est type, m arking it with an X. Diff erent types of tests tak e a different period of time. A Short test takes about 2 m inutes to complete when the system is lightly loaded.
Chapter 16 : Diag nostic Console 332 2. If any item does not sh ow "No" under the "Replace??" or "Rebu ild??" column, contact Rar itan Technical Support for assistance.
Chapter 16 : Diagn ostic Console 333 4. Selecting either Rep lace Disk Drive or Reb uild RAID Arra y, and follow onscreen instructi ons until you f inish the operati on. View To p Display with Diagnostic Consol e Top Display allows you to view the list of currently-ru nning processes and their attributes, as well as overall system health.
Chapter 16 : Diag nostic Console 334 NTP is not enabled or n ot configured prop erly: NTP is properl y configured and running:.
Chapter 16 : Diagn ostic Console 335 Take a System Snapshot W hen CC-SG does not function proper ly, it is extremely helpful if you can capture the inform ation stored in CC- SG, such as the s ystem logs, configurations or databas e, and provide it to R aritan Technical Supp ort for analysis and trou bleshooting.
Chapter 16 : Diag nostic Console 336 2: Retrieve the CC -SG snapshot file: 1. Using a supported Inter net browser, t ype this URL: http(s)://<IP_address>/upload/ where <IP_add ress> is the IP address of the C C-SG. Note the forward slash (/ ) following /upload is mandator y.
337 If you have a CC- SG and Po wer IQ, there are severals wa ys to use them together. 1. Control power to Power IQ IT devices via CC -SG. For exam ple, if you want to control power to a P ower IQ IT device which is also a CC- SG node, you can use a Power IQ Prox y interface to give power control com mands in CC -SG.
Chapter 17 : Power IQ Integration 338 Configuring Pow er IQ Services You must configure t he Power IQ Service bef ore you can ad d Power IQ proxy interfaces to nodes, or synchronize Po wer IQ with CC -SG to add IT Devices to CC- SG as nodes. T his is done via the CC -SG Access menu.
Chapter 17 : P ow er IQ Integration 339 Troubleshoot Connections to Power IQ Check these possib le error m essages and solutions to troubleshoot your connection to a Power IQ . Determine the cause, t hen edit the conf iguration to cor rect it. See Configuring Power IQ S ervices ( on page 338).
Chapter 17 : Power IQ Integration 340 Configuring Synchronization of Power IQ and CC- SG CC -SG will s ynchronize with Power IQ to add th e IT Devices conf igured in Power IQ to CC -SG as nodes. W hen synchronizing, CC -SG will create a node with a Po werIQ Prox y i n terface for eac h new IT Device identified.
Chapter 17 : P ow er IQ Integration 341 Step 3 - Create a synchronization polic y: Note: The synchron ization policy applies to ALL Power IQ insta nces configured in CC- SG. See Pow er IQ Synchronizatio n Policies ( on page 342) for deta ils of each policy an d other synchroni zation results.
Chapter 17 : Power IQ Integration 342 Power IQ Synchroniz ation Policies W hen CC-SG detects a duplicated nod e, the synchroni zation policy you choose determ ines whether the nodes ar e consolidated, renam ed, or rejected. See Configuring Synch ronization of Power IQ and CC - SG (on page 340 ) to set the s ynchronization po licy.
Chapter 17 : P ow er IQ Integration 343 Import Power Strips from Power IQ You can import Dom inion PX devices and the ir outlet nam es from Power IQ. If the Dominion PX devices are alread y managed by CC -SG, you must delete them first. The im port adds the Dominion PX devices, and configures and nam es the outlets specified i n the CS V file.
Chapter 17 : Power IQ Integration 344 Column number Tag or value Details 6 Configure All Outlets TRUE or FALSE Default is FALSE. 7 Description Optional. Step 3: Import the edited CSV file into CC - SG 1. In the CC-SG Adm in Client, choose Administration > Im port > Import Powerstrips.
Chapter 17 : P ow er IQ Integration 345 3. T y pe a n ame f or the file and choose the location where you want to save it 4. Click Save. Step 2: Edit the CSV fil e and import into Pow er IQ: The export file conta ins three sections .
346 In This Chapter V1 Model ................................................................................................ 346 E1 Model ................................................................................................ 347 V1 Model V1 General Specific ations Form Factor 1U Dimensions (DxW xH) 24.
Appendix A : Specifi cations for V1 and E1 347 Operating Humidity 5% - 95% RH Altitude Operate properl y at any altitude between 0 to 10,000 feet, storage 40,000 feet (Estimated) Vibration 5- 55 -5 HZ, 0.3 8mm,1 m inutes per cycle; 30 minutes for each ax is (X,Y,Z) Shock N/A E1 Model E1 General Specific ations Form Factor 2U Dimensions (DxW xH) 27.
Appendix A : Specifi c ations for V1 and E1 348 Operating Non-Operating Temperature - 40° -70° C Humidity 5-90%, non-condensi ng Altitude Sea level to 40,000 f eet Vibration 10 Hz to 300 Hz s weep a.
349 This appendix contai ns network r equirements, including addresses , protocols, and ports, of a typical CC - SG deplo y m ent. It includes inform ation about how to configure your network for both external acc ess and internal securit y and routing polic y enforcement.
Appendix B : CC -SG and Netw ork Configuration 350 Port Number Protocol Purpose Details Raritan device that will be externally accessed. T he other ports in the table m ust be opened only for accessing CC- SG. AES-128/AES- 256 encrypted if configured.
Appendix B : CC -SG and Netw ork Configuration 351 CC -SG and Raritan D evices A main role of CC- SG is to m anage and control Raritan de vices, such as Dominion KX II.
Appendix B : CC -SG and Netw ork Configuration 352 Communication Direction Port Number Protocol Configurable? Details CC -SG to CC- SG 5432 TCP no From HA-JDBC o n Primar y t o Backup PostgreSQL DB server. Not encrypted. CC -SG to CC- SG 8732 TCP no Primar y -Back up server sync clustering control data exchange.
Appendix B : CC -SG and Netw ork Configuration 353 Communication Direction Port Number Protocol Configurable? Details PC Client to CC-SG 443 TCP no Client-server com munication. SSL/AES-128/A ES-256 encrypted if conf igured. PC Client to CC- SG 80 TCP no Client-server com munication.
Appendix B : CC -SG and Netw ork Configuration 354 Communication Direction Port Number Protocol Configurable? Details Client to Raritan De vice to Out- of -Band K VM Node (Direct Mode) 5000 (on Raritan Device) TCP yes Client-server communication. SSL/AES-128/A ES-256 encrypted if conf igured.
Appendix B : CC -SG and Netw ork Configuration 355 Communication Direction Port Number Protocol Configurable? Details CC -SG to SNMP Manager 162 UDP yes SNMP standard CC -SG Internal Po rts CC -SG uses several ports for internal functio ns, and its local fire wall function blocks access to these ports.
Appendix B : CC -SG and Netw ork Configuration 356 VNC Access to Node s Port 5800 or 5900 m ust be open for VNC ac cess to nodes. SSH A cc ess to Nodes Port 22 mus t be open for SSH access to n odes. Remote System M onitoring Port W hen the Re mote S ystem Monitoring feat ure is enabled, port 19 150 is opened by default.
357 This table shows which privilege must be ass igned for a user to ha ve access to a CC-SG m enu item . *None means that no particular privilege is required.
Appendix C : User Group Privilege s 358 Menu > Sub-menu Menu Item Required Privilege Description Node Auditing User Managem ent Devices This menu and the De vices tree is avai lable only for users .
Appendix C : User Group Privilege s 359 Menu > Sub-menu Menu Item Required Privilege Description > Launch Admin Device, Port, and Nod e Management or Device Configuration and Upgrad e Management.
Appendix C : User Group Privilege s 360 Menu > Sub-menu Menu Item Required Privilege Description Management > By Port Num ber Device, Port, and Nod e Management or Device Configuration and Upgra.
Appendix C : User Group Privilege s 361 Menu > Sub-menu Menu Item Required Privilege Description Group Power Control Power Control Configure Blades Device, Port, and Nod e Management Ping Node Devi.
Appendix C : User Group Privilege s 362 Menu > Sub-menu Menu Item Required Privilege Description Node Out- of -Band Access or Node Power Control > Tree View Any of the following: Device, Port, a.
Appendix C : User Group Privilege s 363 Menu > Sub-menu Menu Item Required Privilege Description > User Group Data User Managem ent > Devices > Device Asset Report Device, Port, and Nod e .
Appendix C : User Group Privilege s 364 Menu > Sub-menu Menu Item Required Privilege Description Firmware CC Setup and Contr ol or Device Configuration an d Upgrade Managem ent Configuration CC Set.
Appendix C : User Group P rivilege s 365 Menu > Sub-menu Menu Item Required Privilege Description Export Nodes CC Setup and Contr ol and Device, Port, and Nod e Management Export Devices CC Setup a.
366 CC -SG provides the f ollowing SNMP traps: SNMP T rap Description ccUnavailable CC -SG application is un available. ccAvailable CC -SG application is a vailable. ccUserLogin CC -SG user logged in. ccUserLogout CC -SG user logged out. ccPortConnectionStarted CC -SG session started.
Appendix D : SNMP Trap s 367 SNMP T rap Description ccDiagnosticConsoleL ogout User has logged out of the CC -SG Diagnostic Console. ccUserGr oupAdded A new user group h as been added t o CC-SG. ccUserGr oupDeleted CC -SG user group has been deleted. ccUserGr oupModified CC -SG user group has been m odified.
368 This section contains m ore inform ation about CSV file im ports. In This Chapter Comm on CSV File Requirem ents ......................................................... 369 Audit Trail Entries f or Importing .....................................
Appendix E : CSV File I m ports 369 Common CSV File Requirements The best wa y to create the CSV file is to ex port a file from CC -SG, a nd then use the exported C SV file as an exam ple for creating your own. The export file contains com ments at the top that describe each item in the file.
Appendix E : CSV File I m ports 370 A udit Trail Entries for Importing Each item im ported into CC- SG is logged in the Audit T rail. Skipped duplicates are not logg ed in the Audit Trail. The Audit Trail includes a n entry for the f ollowing actions, under the Message T ype "Configuration.
Appendix E : CSV File I m ports 371 Troubleshoot CSV File Problems To troubleshoot CSV file validation: Error messages app ear in the Problem s area of the Import page. T he error m essages identify problem s that are found in the CSV file during validation.
372 Launching CC-SG fr om y o ur web browser requires a Java plug -in. If your machine has an i ncorrect version, CC -SG wil l guide you through the installat ion steps. If your machine does not ha ve a Java plug-in, CC-SG can not autom atically launch.
Appendix F : Troubleshoo t ing 373 If you access m ore than one CC- SG unit using the sa me client and Firefox, you m ay see a "Secure Connection Fa iled" message that says you have an inval id certificate. You can res ume acces s by clearing the invalid cert ificate from you r browser.
374 CC -SG com es with a few diagnostic utilities which ma y be extremely helpful for you or Rar itan Technical Supp ort to anal y s e and debug the cause of CC-SG pro blems. In This Chapter Memor y D iagnostic ........................................
Appendix G : Diagnostic U tilities 375 Capture the Mem test86+ screen containing the memor y errors and contact Raritan T echnical S upport for assistance. Shut down CC- SG and re-install the m emor y DI MM modu les to ensure the contact is g ood.
Appendix G : Diagnostic Utilities 376 CC -SG Disk Monitoring If CC-SG disk space exhaustion in one or m ore file s y s tems occurs, it may negativel y impact your operation an d even results in the loss of some engineering dat a.
Appendix G : Diagnostic U tilities 377 File system Data Corrective action /sg/DB CC -SG database Contact Raritan Tec hnical Support /opt CC -SG backups and snapshots 1. Save any new snapsh ot files on a remote client PC. See Take a System Snapshot ( on page 335 ) for the retrieval procedure.
Appendix G : Diagnostic Utilities 378 Note: For file system problems that are n ot mentioned in th is section, or when the corrective ac tions you take ca nnot resolve the prob lems, contact Raritan Techn ical Support for assista nce.
379 CC -SG can be configured t o point to an RSA RADI US Server that supports two-factor au thentication via an associated RSA Authen ticat ion Manager. CC-SG acts as a RADIUS clie nt and sends user auth entication requests to RSA RADIU S Server. T he authentication r equest includes user id, a fixed pass word, and a dynam ic token code.
380 In This Chapter General FAQs ........................................................................................ 380 Authentication FAQs .............................................................................. 382 Security FAQs ........
Appendix I : FAQs 381 Question Answer access CC- SG. Can I upgrade to n ewer versions of CC- SG software as they becom e available? Yes. Contact your authorized Raritan sales representative or Raritan, Inc.
Appendix I : FAQs 382 Question Answer is the most eff ective and cost -efficient way to scale a single location. It also su pports the network model with IP-Reac h and the IP User S tation (UST-IP).
Appendix I : FAQs 383 Question Answer for authentication wit h directory services and security tools such as LD AP, AD, RADIUS, and so on? authentication.
Appendix I : FAQs 384 Question Answer well as external (not jus t W AN, but LAN, too)? LAN or W AN. Does CC-SG support CRL List, that is, LDAP l ist of invalid certificates? No. Does CC-SG support Client Certificate Request? No. A ccounting F AQs Question Answer Accounting The event times in t he Audit Trail report seem incorrect.
Appendix I : FAQs 385 Grouping FAQs Question Answer Grouping Is it possible to put a g iven server in m ore than one group? Yes. Just as one user c an belong to m ultiple groups, one device can belong t o multiple groups.
Appendix I : FAQs 386 Interoperability FAQs Question Answer Interoperabilit y How does CC-SG integrate with Blade Chassis products? CC -SG can support any device with a KVM or seri al interface as a transpare nt pass -through.
Appendix I : FAQs 387 Licensing FAQs If you must replace your installed licenses, f ollo w these rules. Base licenses m ust be replaced first. For exam ple, if replacing stand-alon e licenses CC- E1 -.
388 The following ke yboard shortcuts can be used in the Java -based Adm in Client. Operation Keyboard Shortcut Refresh F5 Print panel Ctrl + P Help F1 Insert row in Assoc iations table Ctrl + I A p p.
389 This appendix includes i nformation about th e naming convent ions used in CC-SG. Com ply with the m aximum character lengths when nam ing all the parts of your CC-SG configuration. In This Chapter User Inform ation ...............................
Appendix K : Naming Co nventions 390 Field in CC- SG Number of characters CC- SG allows Audit Inform ation 256 Location Information Field in CC- SG Number of characters CC- SG allows Department 64 Sit.
Appendix K : Naming Co nventions 391 Field in CC- SG Number of characters CC- SG allows periods are converted t o hyphens. Device Description 160 Device IP/Hostnam e 64 Usernam e 64 Password 64 Notes .
392 Prior to version 4.0, CC -SG Diagnost ic Console displays a n umber of messages on the sc reen each time when it boots up. These m essages are standard Linux diagnostic and warning m ess ages and usuall y do not imply any system problems. T he table offers a short introduction to a few frequent mess ages.
393 A About Adm inistrator Con sole • 296, 303 About Applications f or Accessing Nodes • 238 About Associations • 41 About CC- SG L AN Ports • 242, 243, 24 6 About CC- SG pass words • 269 Ab.
Index 394 Adding, Editing, and D eleting Node Groups • 150 Adding, Editing, and D eleting Nodes • 109 Add ing, Editing, and D eleting User Groups • 108, 159 Adding, Editing, and D eleting Users .
Index 395 Change your default s earch preference • 52, 172 Change your em ail address • 173 Change your nam e • 172 Change your password • 172 Changing the Blade Server Status • 6 6 Check Yo.
Index 396 Default CC- SG Sett ings • 23 Default User Groups • 1 58 Delete a Backup Fi le • 224 Delete a Blade Chas sis Device • 67, 68 Delete a Categor y • 43 Delete a Cluster • 2 60 Delet.
Index 397 End SSH Connections • 290, 292 Ending CC- SG Sess ion • 235 Entering Maintenanc e Mode • 32, 222, 230, 232, 238 Error Log Report • 211 Estab lishing Order of External AA Servers • .
Index 398 Licensing - Ne w Customers - Physical Appliance • 10, 11, 12, 14, 16 Licensing - Rehost ing • 29 Licensing - Virtual Ap pliance with License Server • 10, 11, 17 Licensing FAQs • xv i.
Index 399 Q Query Port Report • 21 5 R RADIUS General S ettings • 206 RDP Access to Nodes • 355 Reboot CC- SG with Diagnostic Conso le • 3 16, 336, 374 Reboot or Force Rebo ot a Virtual Host N.
Index 400 Specify a Distinguished N am e for AD • 188 Specify a Distinguished N am e for LDAP • 189 Specify a U sernam e for AD • 189 Specifying Modules f or Authentication and Authorization •.
Index 401 Virtual Appliance Insta llation Requirem ents • 17 Virtual Appliances with Rem ote Storage Servers • 27 Virtual Nodes Over view • 113 VNC Access to Nodes • 356 vSphere 4 Users M ust .
U.S./Canada/Latin America Monday - Friday 8 a.m. - 6 p.m. ET Phone: 800- 724 -8090 or 73 2-764-8886 For CommandCenter NOC: Press 6, then Press 1 For CommandCenter Secure Gateway: Press 6, then Press 2 Fax: 732- 764 -8887 Email for CommandCenter NOC: tech-ccnoc@raritan.
Un punto importante, dopo l’acquisto del dispositivo (o anche prima di acquisto) è quello di leggere il manuale. Dobbiamo farlo per diversi motivi semplici:
Se non hai ancora comprato il Raritan CCA-0N-V5.1-E è un buon momento per familiarizzare con i dati di base del prodotto. Prime consultare le pagine iniziali del manuale d’uso, che si trova al di sopra. Dovresti trovare lì i dati tecnici più importanti del Raritan CCA-0N-V5.1-E - in questo modo è possibile verificare se l’apparecchio soddisfa le tue esigenze. Esplorando le pagine segenti del manuali d’uso Raritan CCA-0N-V5.1-E imparerai tutte le caratteristiche del prodotto e le informazioni sul suo funzionamento. Le informazioni sul Raritan CCA-0N-V5.1-E ti aiuteranno sicuramente a prendere una decisione relativa all’acquisto.
In una situazione in cui hai già il Raritan CCA-0N-V5.1-E, ma non hai ancora letto il manuale d’uso, dovresti farlo per le ragioni sopra descritte. Saprai quindi se hai correttamente usato le funzioni disponibili, e se hai commesso errori che possono ridurre la durata di vita del Raritan CCA-0N-V5.1-E.
Tuttavia, uno dei ruoli più importanti per l’utente svolti dal manuale d’uso è quello di aiutare a risolvere i problemi con il Raritan CCA-0N-V5.1-E. Quasi sempre, ci troverai Troubleshooting, cioè i guasti più frequenti e malfunzionamenti del dispositivo Raritan CCA-0N-V5.1-E insieme con le istruzioni su come risolverli. Anche se non si riesci a risolvere il problema, il manuale d’uso ti mostrerà il percorso di ulteriori procedimenti – il contatto con il centro servizio clienti o il servizio più vicino.