1Owner’s ManualWarranty Registration: register online today for a chance to win a FREE Tripp Lite product—www.tripplite.com/warrantyConsole Server M
10Please take care to follow the safety precautions below when installing andoperating theConsole Server:Do not remove the metal covers. There are no
100C.For earlier version Windows computers,follow the steps in Section B,above.To get to theMakeNew Connectionbutton:For Windows 2000,clickStartand s
101Next,add a New SDT Host. In the Host address you need to put portxx where xx = the portto which youare connecting. Example,for port 3 you would hav
1027.ALERTS AND LOGGINGIntroductionThis chapter describes the alert generationand loggingfeatures of theConsole Server.The alert facilitymonitors the
103IntheSMTPServerfield,enterthe IP address of the outgoing mailServer.You mayenteraSenderemail address which will appear as the“from”address in all
104In theSMTP SMS Serverfield in theAlerts & Logging: SMTP &SMSmenu,enter the IP addressof the outgoing mailServer.You may enter aSenderemai
105NoteTheConsole Servers have ansnmptrapdaemon to send traps/notifications to remote SNMPservers on defined trigger events,as detailed above.TheConso
106SelectAlerts & Logging: Alertswhich will display all the alerts currently configured.ClickAddAlert.7.2.1Adda New AlertThe first step is to spe
107ActivateNagiosnotification if it is tobeused for this event.In anSDT Nagios centrally managedenvironment,you can check theNagios alert option. On
108Serial PortPattern Match Alert–This alert will be triggered if a regular expression is found inthe serial ports character stream that matches the
109If you have selectedApplicable Alarm Sensor(s)that are to be monitored for this alert event,then youcan also set time windows when these sensors wi
1110. Nagios IntegrationSettingNagios central managementwith SDT extensionsandconfiguring theConsole Serveras a distributed Nagios server.11. System M
1107.4Serial Port LoggingInConsole Servermode, activity logsof all serial port activitycan be maintained. These records arestoredon an off-server, or
1117.5Network TCP or UDPPortLoggingTheConsole Serverscan also log anyaccess to and communications with network attached Hosts.For each Host, when you
1128.POWER& ENVIRONMENTAL MANAGEMENTIntroductionTheB095-004/003 andB092-016Console ServerandB096-048/016Console ServerManagement Switchproducts em
113ClickAddRPC.Enter aRPCNameandDescriptionfor the RPC.InConnected Via,selectthepre-configured serial port orthe network host address thatconnects
114system is unresponsive. To set up IPMI power control, the Administrator first enters the IPaddress/domain name of the BMC or service processor (e.g
115Theoutletstatusis displayed.You caninitiate the desiredActionto be taken by selecting theappropriateicon:Power ONPower OFFPower CyclePower StatusY
116SelectUPSas the Device Type in theSerial & Network: Serial Portmenu for each port whichhas Master control over a UPSand in theSerial & Net
117Enter aUPS NameandDescription(optional)andidentifyif the UPS will beConnected ViaUSBor over pre-configured serial port or via HTTP/HTTPS over the
118CheckLog Statusandspecify theLog Rate(i.e.minutes between samples) if you wish the statusfrom this UPS to be logged. These logs can be views from
1198.2.3ConfiguringPowered Computersto Monitor a Managed UPSOnce you have added a Managed UPS, each server that is drawing power through the UPS shoul
12Console, either locally or from a remote location, to configuretheConsole Server, set upUsers,configuretheportsand connected hosts, and set up loggi
120-passwordis the Password of the ManagerUPS8.2.4UPS AlertsYou can now set UPS alerts usingAlerts & Logging: Alerts(refertoChapter 7).8.2.5UPS St
121NUT can be configured using the Management Console as described above, or you can configure thetools and manage the UPS’s directly from the command
122So NUT supports the more complex power architectures found in data centers, computer rooms andNOCs where many UPS’s from many vendors power many sy
1238.3.1Connecting the EMDThe Environmental Monitoring Sensor(EMD)connects toanyserial port on theConsole Serverviaa specialEMDAdapterandstandardCAT5
124ClickAdd.Enter aNameandDescriptionfor the EMD andselectpre-configured serial port thattheEMDwill beConnected Via.ProvideLabelsforeach of the two
125Select theStatus:EnvironmentalStatusmenu and a table with the summary status of allconnected EMDhardware will be displayed.Click onView Logor sel
1269.AUTHENTICATIONIntroductionTheTripp LiteConsole Serveris a dedicated Linux computer,andit embodiespopular and proven Linuxsoftwaremodules forsecur
127LocalTACACS/RADIUS/LDAP:Trieslocal authenticationfirst, falling back to remote if local failsTACACS /RADIUS/LDAPLocal:Triesremote authenticationfir
128administrative control over the authentication and authorization processes. TACACS+ allows for asingle access control server (the TACACS+ daemon) t
129login, and other authentication mechanisms.Further information on configuring remote RADIUSservers can be found at the following sites:http://www.m
13Text presented like this highlights important issues and it isessential you readand take heed of these warnings.Text presented with an arrowhead in
130LDAPThe Lightweight Directory Access Protocol (LDAP) is based on the X.500 standard, butissignificantly simpler and more readily adapted to meet cu
1319.2PAM (Pluggable Authentication Modules)TheConsole Serversupports RADIUS, TACACS+ andLDAP fortwo-factor authenticationviaPAM(Pluggable Authenticat
132port2= 192.168.254.145/port05}global = cleartext mit}RADIUSExample:paul Cleartext-Password := "luap"Service-Type = Framed-User,Fall-Throu
133When you first enable and connectviaHTTPS,it is normal that youmay receive a certificate warning.ThedefaultSSL certificatein yourConsole Serverisem
13410.NAGIOS INTEGRATIONIntroductionNagiosis a powerful, highly extensible open source tool for monitoring network hosts and services. Thecore Nagios
13510.2Central ManagementThe Nagios solutionhas three parts: the Central Nagios server, DistributedConsole Servers and the SDTfor Nagios software.Cent
136You will also require a web server such as Apache to display the Nagios web UI(andthis may be installedautomatically as a dependency of the Nagios
137CheckNSCA Enabled, choose anNSCA Encryption Methodand enter and confirm anNSCASecret.Remember these details as you will need them later on.ForNSCA
138ClickApply.Now set theConsole Servertosend alerts to the Nagios server:SelectAlertsfrom theAlerts & Loggingmenuand clickAdd Alert.InDescript
139Enter theNagios Host Namethat theConsole Serverwill be referred to in the Nagios centralserver–this will begenerated from local System Name (enter
142.INSTALLATIONIntroductionThis chapter describesthe physicalinstallationof theConsole Serverhardwareand connection tocontrolled devices.2.1ModelsThe
14010.3.2 Enable NRPE MonitoringEnabling NRPE allows you to executeplug-ins (such ascheck_tcpandcheck_ping) on the remoteConsoleServerto monitor seria
14110.3.3 Enable NSCA MonitoringNSCA is the mechanism that allows you to send passive check results from the remoteConsole Servertothe Nagios daemon r
142SelectEnable Nagios,specify the name of the device on the upstream server and determine thecheckto be run on this port.Serial Statusmonitors the h
143TheNagios Checknominated as thecheck-host-alivecheck is used to determine whether thenetwork host itself is up or down.Typically this willbeCheck
14410.4Advanced Distributed Monitoring Configuration10.4.1Sample Nagios ConfigurationAn example configuration for Nagios is listed below.It shows how
145service_descriptionSerial Statushost_nameserverusegeneric-servicecheck_commandcheck_serial_status}define service {service_descriptionserial-signals
146host_nametripplitedependent_host_nameserverdependent_service_descriptionPort Logservice_descriptionNRPE Daemonexecution_failure_criteriaw,u,c}; Pin
147usegeneric-servicecheck_commandcheck_conn_via_tripplite!tcp!22}define service {service_descriptionhost-port-tcp-22-server; host-port-<protocol&g
148check_aptcheck_by_sshcheck_clamdcheck_digcheck_dnscheck_dummycheck_fpingcheck_ftpcheck_gamecheck_hpjdcheck_httpcheck_imapcheck_jabbercheck_ldapchec
14911.SYSTEM MANAGEMENTIntroductionThis chapter describes howthe Administrator canperforma range ofgeneral systemadministration andconfigurationtaskso
15Unpack yourConsole ServerManagement Switchkit and verify you have all the parts shownabove, and that they all appear in good working order.If you
150performing this procedure.Do not use a graphite pencil. Depress the button gentlytwice(withina 5 secondperiod) while the unit is powered ON.This wi
151Specify the address and name of the downloaded Firmware Upgrade File, orBrowsethe localsubnet and locate the downloaded file.ClickApplyand theCon
152TheConsole Servercan synchronize its system time with a remote time server using the Network TimeProtocol (NTP). Configuringwiththe NTP time server
153To restore a remote backup:ClickBrowsein the Remote Configuration Backup menuand select theBackup Fileyou wish torestore.ClickRestoreand clickOK.
154To backupto theUSBenter a briefDescriptionof the backupin the LocalConfiguration Backupsmenuand selectSave BackupThe Local Configuration Backup m
155Select theSystem: Administrationmenu option.CheckFIPS Modeto enable FIPS mode on boot,and checkRebootto safely reboot the consoleserver.ClickApp
15612.STATUS REPORTSIntroductionThis chapter describesthe selection of statusreports that are available for review:Port Access and Active UsersStati
15712.3Support ReportsTheSupport Reportprovides useful status information that will assist theTripp Litetechnical supportteamtoresolve any issuesyou m
158Remote System LoggingThe syslog record can be redirected to a remoteSyslog Server:Enter the remote Syslog Server address and port details andthenc
15912.5.1Configuring the DashboardOnlyuserswho are membersof theadmingroup(andtherootuser) can configure and access thedashboard.To configure a custom
16ConnectorsDB9F-RJ45S straight andcross-overExternalpowersupplyQuick Start Guide and CD-ROMUnpack yourConsole Serverkit and verify you have all the
160The Dashboard displays sixwidgets.These widgets include each of the Status screens (alerts, devices,ports,UPS, RPCand environmental status) and a c
161Create a file called "widget-<name>.sh" in the folder/etc/config/scripts/where <name> can beanything. You can have as many cu
16213.MANAGEMENTIntroductionTheConsole ServerManagementConsolehas a number of reports and tools that can be accessed byboth Administrators and Users:
163To display Host logs selectManage: Host Logsand the Host to be displayed.13.3Power ManagementAdministrator and Users can access and manage the con
164ClickConnect toSDT Connectorto access theConsole Servercommand line shell or the serialports viaSDT Connector.This willactivate theSDT Connectorcl
165To access theConsole Servercommand line,enter the gateway’s TCP address (e.g.192.168.254.198) ashostnameand the Username([email protected])
166
16714.BASIC CONFIGURATION-LINUX COMMANDSIntroductionFor those who preferto configure theirConsole Serverat theLinux commandlinelevel(ratherthanuse a b
16814.1The Linux Command LinePower up theConsole Serverand connect the “terminal” device:oIf you are connecting using the serial line, plug a serial
169Options-a–run-allRun all registered configurators. Thisperformseveryconfigurationsynchronization action pushingall changes to the live system.-h–he
17TheAC power socketislocated at the rear of theB092-016. This power inlet uses a conventional ACpower cord.ANorth American power cord is provided by
17014.2Administration Configuration14.2.1System SettingsTo change system settings to the following values:System Nameog.mydomain.comSystem Password (r
171# /bin/config–-set=config.auth.server=192.168.0.32# /bin/config–-set=config.auth.password=Secret# /bin/config–-set=”config.auth.ldap.basenode=some
172Time ZoneTo change the system time zone USAtoEastern Standard Time,you need to issue the followingcommands:# /bin/config–-set=config.system.timezon
173IP Address:192.168.1.100Primary DNS:192.168.1.254Secondary DNS:10.1.0.254You would need to issue the following commands from the command line:# /bi
174# /bin/config–-set=config.console.flow=Hardware# /bin/config–-set=config.console.initstring=ATQ0V1H0The following command will synchronize the live
175# /bin/config–-del=config.services.pingreply.enabledThe following command will synchronize the live system with thenew configuration:# /bin/config–
17614.5.2Supported Protocol ConfigurationTo ensure remote access to serial port 5 isconfigured as follows:TelnetAccess LANDisabledSSH Access LANEnable
177If you want a user named “user1” with a password of “secret” who will have access to serialport 5 from the network,you need to issue the these comm
178# /bin/config–-set=config.portaccess.total=2Please note that this rule becomes live straight away.14.6Event Logging Configuration14.6.1Remote Seria
179# /bin/config–-get=config.alerts.totalThis command should display output similar to:config.alerts.total 1Note that if you see:config.alerts.totalTh
182.5USB Port ConnectionTheB096-048/016Console ServerManagementSwitchhas one USB port on the front panel. ExternalUSB devices can be plugged into this
180</host1><total>3</total><host2><address>accounts.intranet.myco.com</address><description>Accounts server&
181/tmpis not a good location for the backup except as a temporary location before transferring itoff-box.The/tmpdirectory will not survive a reboot.T
182TheConsole Serverplatform is a dedicated Linux computer, optimized to provideaccess to serialconsoles of critical server systemsand control network
183smtpclientsttystuneltcpdumptftptiptracerouteMore details on theaboveLinux commands can found online at:http://en.tldp.org/HOWTO/HOWTO-INDEX/howtos.
18415.ADVANCED CONFIGURATIONIntroductionThis chapterdocumentsthe embeddedportmanagerapplicationwhich manages theserialports ontheConsole Serverand giv
18515.1 Advanced PortmanagerpmshellThepmshellcommand acts similarlyto thestandardtiporcucommands, but all serial portaccess is directedviathe portmana
186pmchatThepmchatcommand acts similarlyto thestandardchatcommand, but all serial port access isdirectedviathe portmanager.Example:To run a chat scrip
187Portmanager DaemonCommand line options:There is normally no need to stop and restart the daemon.To restart the daemon, just run thecommand:# portma
188When an alert occurs on a port, the portmanager will attempt to execute/etc/config/scripts/portXX.alert(where XX is the port number, e.g. 08).The s
189fiif [-z "$LABEL" ]; thenecho "Welcome $USER,you are connected to Port $PORT"elseecho "Welcome $USER, you are connected to
193.INITIAL SYSTEM CONFIGURATIONIntroductionThis chapter provides step-by-step instructions forthe initial configuration of yourConsole Serverandconne
190To override the standard modem initialization string,either use the Management Console(refertoChapter5) or the command line config tool (refertoDia
191Customizing the IP-Filter:/etc/config/filter-customIf the standard system firewall configuration is not adequate for your needs,it can be bypasseds
192ResourcesThere are many high-quality tutorials andHOWTOs availableviathenetfilterwebsite;inparticular,peruse the tutorials listed on thenetfilterHO
193Thesnmpd.confis extremely powerful and too flexible tocovercompletely here. Theconfiguration file itself is commented extensively and good document
194To set the Engine ID field (SNMP version 3 only):config--set config.system.snmp.engineid2=800000020109840301.. replacing800000020109840301with the
195OpenSSH, the de facto open source SSH application, encrypts all traffic (including passwords) toeffectively eliminate these risks. Additionally, Op
196Enter file in which to save the key (/home/user/.ssh/id_rsa):/home/user/keys/control_roomEnterpassphrase(empty for no passphrase):Enter samepassphr
197Assuming the user on the Management Console is called "fred"; the IP address of theConsoleServeris 192.168.0.1 (default); and the public
198-----BEGIN RSAPRIVATE KEY-----MIIEogIBAAKCAQEAyIPGsNf5+a0LnPUMcnujXXPGiQGyD3b79KZg3UZ4MjZI525sCyopv4TJTvTK6e8QIYtGYTByUdIid_rsaid_rsa.pubssh-rsaAAA
199OpenSSH:http://www.openssh.org/OpenSSH (Windows):http://sshwindows.sourceforge.net/download/For example,using PuTTYgen, make sure you have a recent
2INDEX1.INTRODUCTION92.INSTALLATION142.1Models142.1.1Kit Components: B096-048 and B096-016 Console Server Management Switch142.1.2Kit Components: B092
20oIP address:192.168.0.100oSubnet mask:255.255.255.0If you wish to retain your existing IP settings for this network connection, clickAdvancedandAdd
200Create a new file "authorized_keys" (with notepad) and copy your publickey data fromthe "Public key for pasting into OpenSSHauthori
201The authenticity of host 'remhost (192.168.0.1)' can't be established.RSA key fingerprint is 8d:11:e0:7e:8a:6f:ad:f1:94:0f:93:fc:7c:
202As detailed inChapter 4,theServergateway is setup inConsole Servermode with either RAWor RFC2217 enabled and theClientgateway is set up in Serial B
203Generated keys may be one of two types-RSA or DSA (and it is beyondthe scope of thisdocumentto recommend one over the other).RSA keys will go into
204Your identification has been saved in/home/user/keys/control_roomYour public key has been saved in/home/user/keys/control_room.pub.The key fingerpr
205To use public key authentication withSDT Connector, first you mustfirst create an RSA orDSA key pair (usingssh-keygen, PuTTYgenor a similar tool)
206http://www.openssl.org/docs/apps/openssl.htmlhttp://www.openssl.org/docs/HOWTO/certificates.txt15.8 HTTPSThe Management Console can be served using
207You will be promptedto enter a lot of information. Most of it doesn't matter, but the "CommonName" should be the domain name of your
208443 stream tcp nowait root sslwrap-cert /etc/config/ssl_cert.pem-key /etc/config/ssl_key.pem-exec /bin/httpd /home/httpd"Save the file and sig
209Targets connected to RPC's that could not be contacted (e.g. due to networkfailure) are reported as status "unknown". If possible, o
21You will be prompted to log in. Enter the defaultadministrationusernameand administrationpassword:Username:rootPassword:defaultThe abovescreen, whi
210Power on foo0,foo4,foo5:powerman--on foo[0,4-5]As a reminder to the reader, some shells will interpret brackets ([ and ]) for pattern matching.Depe
211The first is tohavescripts to supportthe particular RPCincluded inthe open sourcePowerManproject(http://sourceforge.net/projects/powerman).ThePower
212This value will be passed tothe scripts in the environment variableoutlet,allowing the script toaddress the correct outlet.There are four possible
213[-U<username>][-A<authtype>][-L<privlvl>][-a|-E|-P|-f<password>][-o<oemtype>]<command>ipmitool[-c|-h|-v|-V]-Ila
214-f<password_file>Specifies a file containing the remote server password. If this option is absent, or ifpassword_file is empty, the password
215environments where system security is not an issue or where there is a dedicated secure'management network'or access has been provided th
216ipmitoolchassis helpChassis Commands: status, power, identify, policy, restart_cause, poh, bootdevipmitoolchassis power helpchassis power Commands:
217-SelectStatus: Support Report-Scroll down toProcesses-Look for:/bin/ssh-MN-o ControlPath=/var/run/cascade/%hSlavename-These are theSlaves that are
21816.THIN CLIENT(B092-016)IntroductionTheB092-016has a selection of managementclients(Firefox browser, SSH,Telnet, VNC viewer, ICA,RDP)embeddedas wel
219For each new Host you add, you will be asked to enter aLabel(enter a descriptive name) and aHostname(enter theIP AddressorDNS Nameof the new netwo
223.1.3InitialB092-016ConnectionFortheinitial configuration of theB092-016Console Server,youwill need to connect aconsole(keyboard, mouse and display)
22016.1.1Connect-Serial TerminalSelectConnect: Serialon the control panel and click on the desired serial port. A window will becreated with a connec
221The B092-016provides a powerful Mozilla Firefox browser with a licensed Sun Java JRE.Java and all Java based trademarks andlogos are trademarks or
222If theHostNamewas left blank when the VNC server connection was configured,then the VNCViewer will start with a request for the VNC server.Select
223TheB092-016SSH connection uses OpenSSH (http://www.openssh.com/) and the terminal connection ispresented using rxvt (ouR XVT).You can find more det
224Theresultingserial character connection is presented in anrxvt (ouR XVT) window.Also the Serial-Over-LAN feature is only applicable to IPMI2.0 devi
225You can use Add/Delete/Edit to customize therdesktopclient (e.g. to include login usernamepasswords). The command line protocol is:rdesktop-uwindow
22616.1.8Connect-PowerAlertSelectConnect:PowerAlerton the control panel.The PowerAlert software will be launched.16.2Advanced Control Panel16.2.1Syst
22716.2.2System: Shutdown / RebootClickingSystem: Shutdownon the control panel will shut down theB092-016system. You will need tocycle the power to re
22816.3Remote ControlYou can access theB092-016locallyviaadirectly connected keyboard, monitor andmouse (or KVMswitch). If theB092-016is connectedtoaK
229AppendixAHardware SpecificationFEATUREVALUEDimensionsB096-016 / B096-048: 17 x 12 x 1.75 in (43.2 x 31.3. x 4.5 cm)B092-016:17 x 6.7 x 1.75 in (44
23SelectSystem: Administration.Enter a newSystem Passwordthen re-enter it inConfirm System Password.This is thenewpasswordforroot, the main administ
230AppendixBSerial PortConnectivityPinout standards exist for both DB9 and DB25connectors,however,there are notpinout standards forserial connectivity
231ConnectorsIncluded inConsole ServerTheB092-016Console Serverwith PowerAlert, and theB096-048/016Console ServerManagementSwitchshipwitha “cross-over
232AppendixCEnd UserLicense AgreementREAD BEFORE USING THE ACCOMPANYING SOFTWAREYOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE US
233EXPORT RESTRICTIONS.You agree that you will not export or re-export the Software, any part thereof,or any process or service that is the direct pro
234REGARDING THE DEVICE OR THE SOFTWARE, THOSE WARRANTIES DO NOT ORIGINATE FROM,AND ARE NOT BINDING ON,TRIPPLITE.NO LIABILITY FOR CERTAIN DAMAGES.EXCE
235Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.GNU GENERAL PUBLIC LICENSETER
236a) Accompany it with the complete corresponding machine-readablesource code, which must be distributed underthe terms of Sections 1 and 2 above on
237distribution limitation excludingthose countries, so that distribution is permitted only in or amongcountries not thusexcluded.In such case, this L
2383. Source Code. Software may contain source code that, unless expressly licensed for other purposes, is providedsolely for reference purposes pursu
239AppendixDService and WarrantyServiceYour Tripp Lite product is covered by the warranty described in this manual. A variety of ExtendedWarranty and
24If you selectDHCP,theConsole Serverwill look for configuration details from a DHCP serveronyourmanagementLAN.This selection automatically disables
240(Some states do not allow limitations on how long an implied warranty lasts, and some states do notallow the exclusionor limitation of incidental o
241Send old equipment for recycling on a one-for-one, like-for-like basis (this varies depending onthe country)Send the new equipment back for recyc
Tripp Lite World Headquarters1111 W. 35th Street, Chicago, IL 60609 USAwww.tripplite.com/support2201001079 93-2879-EN
25You will thenneed toconfigure the IPv6 parameters on each interface page.3.4SystemServicesThe Administratorhasaselectionof access protocolsthatcanb
26SelectSystem: Services.Thenselect /deselectthe service to be enabled /disabled.The followingaccess protocoloptions are available:HTTPSEnsuressecure
27There are also a number of related service options that can be configured at this stage:SNMPEnablesnetsnmpin theConsole Serverwhich will keep a rem
28ClickApply. Asyou apply your services selections, the screen will be updated with aconfirmation message:MessageChanges to configuration succeeded.3
29To use PuTTY for an SSH terminal session from aWindows client,entertheConsole Server’s IPaddress as the‘Host Name (or IP address)’To access theCon
34.1.1Common Settings354.1.2Console Server Mode364.1.3SDT Mode404.1.4Device (RPC, UPS, EMD) Mode404.1.5Terminal Server Mode404.1.6Serial Bridging Mode
30Amessagemay appearabout the host key fingerprint.Youwill need to select ‘Yes’ or ‘Always’ to continueThe next step is password authentication.You
31NoteThesecond Ethernet portontheB096-048/016can be configured as either aManagement LANgateway portorit can be configured asan OoB/Failover port-but
32To configure the DHCP serverfor the Management LAN:Enter theGatewayaddress that istobeissuedtothe DHCP clients. If this field is left blank, theIP
33OnceDHCP has initially allocated hosts addresses,it is recommended to copy these into the pre-assigned list so the same IP address will be reallocat
344.SERIAL PORT AND NETWORK HOSTIntroductionTheConsole Serverenables access and control of serially-attacheddevicesand network-attacheddevices(hosts).
35NoteIf you wish to set the same protocol options formultiple serial ports at once,clickEdit MultiplePortsand select which ports you wish to configur
364.1.2Console ServerModeSelectConsole ServerModeto enable remote management access to the serial console that is attachedtotheserial port:Logging Lev
37TelnetCheck to enableTelnetaccesstotheserial port. Whenenabled,aTelnetclient onaUserorAdministrator’scomputercanconnectto aserial deviceattachedtoth
38PuTTYcan be downloaded athttp://www.tucows.com/preview/195286.htmlSSHIt isrecommendedthattheUseror AdministratorusesSSH as the protocolforconnecting
39This syntax enablesusersto set up SSH tunnels to all serial ports with only a single IP port 22having to beopened in their firewall/gateway.TCPRAW T
46.2SDT Connector Configuration696.2.1SDT Connector Client Installation706.2.2Configuring a New Gateway in the SDT Connector Client716.2.3Auto-Configu
404.1.3SDTModeThis setting allows port forwarding ofLAN protocolssuch as RDP, VNC, HTPP, HTTPS, SSH andTelnetthrough to computers which are connectedl
41Thegettywill thenconfigure the port and wait for a connection to be made. An active connection on aserial device is usually indicated by the Data Ca
42You may secure the communications over the local Ethernet by enabling SSHhowever you willneed to generate and upload keys (refertoChapter 14–Advanc
43Userscan be authorized to access specifiedConsole Serverserialports and specified network-attachedhosts.These users can also be given full Administr
44SelectSerial & Network: Users & Groupsto display the configured Groups and Users.ClickAdd Groupto add a new Group.Add aGroupname andDescr
45Add aUsernameandaconfirmedPasswordfor each newUser. You may also includeinformation related to the user (e.g.contact details) in theDescriptionfiel
46SelectingSerial & Network: Network Hostspresentsallthe network connectedHosts thathavebeen enabled for access,and therelated access TCPports/se
474.5Trusted NetworksTheTrusted Networksfacility gives youtheoption to nominate specific IP addresses that users(Administrators and Users)must be loca
48Network IP Address204.15.5.0Subnet Mask255.255.255.255If however you want to allow all the users operating from within a specific range of IPaddres
49Nowselect whether to generatethekeys using RSAand/or DSA(ifunsure, select only RSA).Generatingeach set of keys will require approximately two minute
57.3Remote Log Storage1097.4Serial Port Logging1107.5Network TCP or UDP Port Logging1118.POWER & ENVIRONMENTAL MANAGEMENT1128.1Remote Power Contro
50Next, you must register the Public Key as an AuthorizedKey ontheSlave.In the simple case with onlyone Master with multipleSlaves, you need only uplo
514.6.3Configure theSlaves and their Serial PortsYou cannowbeginsetting up theSlaves and configuringSlaveserial portsfrom the MasterConsoleServer:Sel
524.6.4Managing theSlavesThe Master is in controlof theSlaveserial ports.So,for example,ifyouchange aUser’saccessprivilegesor edit any serial port set
53VirtualPortis fully compatible with 32-bit and 64-bit versions of Windows NT 4.x, Windows XP, Windows2000,Windows 2003, Windows 2008, Windows Vista
54Enter theConsoleServer'sIP address (or network name).Enter theServer TCP Portnumber that matches the port you have configured for the seriald
55-Connect at system startup—When enabledVirtualPortwill try to connect to theConsole Serverwhen theVirtualPortservice starts (as opposed to waiting f
56-CheckReceive DSR/DCD/CTS changesif the flow control signal status from the physical serialport onConsole Serveris to be reflected back to the Windo
574.8Managed Devices(B095-004/003 only)Managed Devices presents a consolidated view of all the connections to a device that can be accessedand monitor
58To adda newnetwork connected Managed Device:TheAdministratoradds a new network connected Managed Device usingAdd Hoston theSerial&Network: Netw
59Alsoallthe outlet names on thePDUwill by default be “Outlet 1” “Outlet 2”. When you connect aparticular Managed Device (that draws power from the ou
610.3Configuring Nagios Distributed Monitoring13810.3.1Enable Nagios on the Console Server13810.3.2Enable NRPE Monitoring14010.3.3Enable NSCA Monitori
605.FAILOVER ANDOUT-OF-BAND ACCESSIntroductionTheConsole Serverhas a number of failover and out-of-bandaccesscapabilities to ensureavailabilityinthe e
615.1.1ConfigureDial-In PPPTo enable dial-in PPP access on theConsole Servermodem port/internal modem:Select theSystem: Dialmenu optionand the port t
62In theLocal Addressfield,enter the IP address for the Dial-In PPP Server. This is the IP addressthat will be used by the remote client to accessCon
63SelectConnectto the Internetand clickNext.On theGettingReadyscreen selectSet Up My ConnectionManuallyandclickNext.On theInternet Connectionscreen
645.1.5Set UpLinux Clientsfor Dial-InThe online tutorialhttp://www.yolinux.com/TUTORIALS/LinuxTutorialPPP.htmlpresentsa selection ofmethods for establ
65When configuring the principal network connectionon theSystem:IP Network Interfacemenu,selectManagement LAN(eth1)as theFailover Interfaceto be used
66Then configureManagement LAN Interface(eth1) with the same IP setting that you used for themainNetwork Interface(eth0) to ensure transparent redund
67
686.SECURE TUNNELINGANDSDT CONNECTORIntroductionEachConsole Serverhas anembeddedSSHserver and uses SSH tunneling.This enablesoneConsoleServertosecurel
69UsingSDT ConnectortoTelnetor SSHconnect to devices that are serially attached to theConsole Server(Section 6.4)The chapter then covers more advance
714.2.1System Settings17014.2.2Authentication Configuration17014.3Date and Time Configuration17114.4Network Configuration17214.4.1IP Configuration1721
70SDT Connectorcan connect to theConsole Serverusing an alternate OoB access.Itcan also beconfigured to access theConsole Serveritself and to access d
71To operateSDT Connector,addthenew gateways to the client software by entering the access detailsfor eachConsole Server(refertoSection 6.2.2).Thenlet
72Optionally,you canenter aDescriptive Nameto display instead of the IP or DNS address, andanyNotesor aDescriptionof this gateway (such as its firmwa
73Configure access to network-connected Hoststhat the user is authorized to accessand set up (for each of these Hosts) the services (e.g. HTTPS, IPMI
74NoteTheSDT Connectorclient can be configured withanunlimited number of Gateways. EachGateway can be configured to port forward to an unlimited numbe
756.2.6Manually Adding New Services to theNew HostsTo extend the range of services that can beused when accessing hosts withSDT Connector:SelectEdit:
76The second redirection is for the VNC service that the user may choose tolaunch later from the RAC webconsole. Itautomatically loads in a Java clien
776.2.7Adding aClient Program to be Started for theNew ServiceClients are local applications that may be launchedwhen a related service is clicked. To
78Also some clients are launched in a command line or terminal window.TheTelnetclient is anexample of this:ClickOK.6.2.8Dial-In ConfigurationIf the c
79SDT Connectorclient software that is suppliedwith the gateway. However there is also a wide selectionof commercial and free SSH client programs that
815.6.8SDT Connector Public Key Authentication20415.7Secure Sockets Layer (SSL) Support20515.8HTTPS20615.9Power Strip Control20815.9.1PowerMan20815.9.
80specified when setting uptheSDT Hostson theConsole Serverwasaccounts.myco.intranet.com, then specify the Destination asaccounts.myco.intranet.com:33
81SelectLocaland click theAddbutton.ClickOpento SSH connect the Clientcomputerto theConsole Server.You will now be promptedfor the Username/Password
82NoteHow secure is VNC?VNC access generally allows access to your whole computer, so security isvery important. VNC uses a random challenge-response
836.3SDT ConnectortoManagement ConsoleSDT Connectorcan also be configured for browser accesstothe gateway’s Management Console–andforTelnetor SSH acce
846.4SDT Connector-Telnetor SSH ConnecttoSerially AttachedDevicesSDT Connectorcanalso be used to access text consoles on devices that are attached to
85ClickAddthen scroll to the bottom and clickApply.Administrators by default have gateway and serialport access privileges; however for Users toacce
86cmd /c start "Starting Out of Band Connection" /wait /min rasdial network_connection loginpasswordThenetwork_connectionin the aboveis the
876.6Importing (and exporting) PreferencesTo enable the distribution of pre-configured client config files,SDT Connectorhas anExport/Importfacility:T
88SSH client thatSDT Connectorlaunches (e.g. Putty, OpenSSH) and the host's SSH serverfor public keyauthentication.Essentially,what you are using
89To set the user(s) who can remotely access the system with RDP,clickAddon theRemoteDesktop Usersdialog box.NoteIf you need to set up new users for
91.INTRODUCTIONThis ManualThis UserManualis provided to help you get the most fromyourB096-016 /B096-048Console ServerManagement Switch,B092-016Consol
90InComputer, enter the appropriate IP Address and Port Number:Where there is a direct local or enterprise VPN connection, enter the IP Address of t
91NoteThe Remote Desktop Connection software is pre-installedonWindows XP.However,for earlierWindowscomputers,you will need to download the RDP client
92NoteTherdesktopclient is supplied with Red Hat 9.0:rpm-ivhrdesktop-1.2.0-1.i386.rpmFor Red Hat 8.0 or other distributions of Linux; download source
936.9SDT SHHTunnel for VNCAlternately, with SDT and Virtual Network Computing (VNC), Users and Administrators can securelyaccess and control Windows 9
94To set up a persistent VNC server on Red Hat Enterprise Linux 4:oSet a password usingvncpasswdoEdit/etc/sysconfig/vncserversoEnable the service wit
95A.When the Viewercomputeris connected to theConsole ServerthroughanSSH tunnel (over thepublic Internet, or a dial-in connection, or private network
96NoteFor general background reading on Remote Desktop and VNC access,we recommend thefollowing:The Microsoft Remote Desktop How-Tohttp://www.microso
97B.For Windows XP and 2003 computers,follow the steps below toset up an advanced networkconnection between the Windows computer, through its COM port
98Specify which Users will be allowed to use this connection. This should be the same Users whoweregiven Remote Desktop access privileges in the earl
99Alternately you can set the advanced connection and access on the Windows computer to usetheConsole Serverdefaults:Specify 10.233.111.254 as theFro
Comments to this Manuals