Tripp Lite B092-016 Owner's Manual

1Owner’s ManualWarranty Registration: register online today for a chance to win a FREE Tripp Lite product—www.tripplite.com/warrantyConsole Server M

10Please take care to follow the safety precautions below when installing andoperating theConsole Server:Do not remove the metal covers. There are no

100C.For earlier version Windows computers,follow the steps in Section B,above.To get to theMakeNew Connectionbutton:For Windows 2000,clickStartand s

101Next,add a New SDT Host. In the Host address you need to put portxx where xx = the portto which youare connecting. Example,for port 3 you would hav

1027.ALERTS AND LOGGINGIntroductionThis chapter describes the alert generationand loggingfeatures of theConsole Server.The alert facilitymonitors the

103IntheSMTPServerfield,enterthe IP address of the outgoing mailServer.You mayenteraSenderemail address which will appear as the“from”address in all

104In theSMTP SMS Serverfield in theAlerts & Logging: SMTP &SMSmenu,enter the IP addressof the outgoing mailServer.You may enter aSenderemai

105NoteTheConsole Servers have ansnmptrapdaemon to send traps/notifications to remote SNMPservers on defined trigger events,as detailed above.TheConso

106SelectAlerts & Logging: Alertswhich will display all the alerts currently configured.ClickAddAlert.7.2.1Adda New AlertThe first step is to spe

107ActivateNagiosnotification if it is tobeused for this event.In anSDT Nagios centrally managedenvironment,you can check theNagios alert option. On

108Serial PortPattern Match Alert–This alert will be triggered if a regular expression is found inthe serial ports character stream that matches the

109If you have selectedApplicable Alarm Sensor(s)that are to be monitored for this alert event,then youcan also set time windows when these sensors wi

1110. Nagios IntegrationSettingNagios central managementwith SDT extensionsandconfiguring theConsole Serveras a distributed Nagios server.11. System M

1107.4Serial Port LoggingInConsole Servermode, activity logsof all serial port activitycan be maintained. These records arestoredon an off-server, or

1117.5Network TCP or UDPPortLoggingTheConsole Serverscan also log anyaccess to and communications with network attached Hosts.For each Host, when you

1128.POWER& ENVIRONMENTAL MANAGEMENTIntroductionTheB095-004/003 andB092-016Console ServerandB096-048/016Console ServerManagement Switchproducts em

113ClickAddRPC.Enter aRPCNameandDescriptionfor the RPC.InConnected Via,selectthepre-configured serial port orthe network host address thatconnects

114system is unresponsive. To set up IPMI power control, the Administrator first enters the IPaddress/domain name of the BMC or service processor (e.g

115Theoutletstatusis displayed.You caninitiate the desiredActionto be taken by selecting theappropriateicon:Power ONPower OFFPower CyclePower StatusY

116SelectUPSas the Device Type in theSerial & Network: Serial Portmenu for each port whichhas Master control over a UPSand in theSerial & Net

117Enter aUPS NameandDescription(optional)andidentifyif the UPS will beConnected ViaUSBor over pre-configured serial port or via HTTP/HTTPS over the

118CheckLog Statusandspecify theLog Rate(i.e.minutes between samples) if you wish the statusfrom this UPS to be logged. These logs can be views from

1198.2.3ConfiguringPowered Computersto Monitor a Managed UPSOnce you have added a Managed UPS, each server that is drawing power through the UPS shoul

12Console, either locally or from a remote location, to configuretheConsole Server, set upUsers,configuretheportsand connected hosts, and set up loggi

120-passwordis the Password of the ManagerUPS8.2.4UPS AlertsYou can now set UPS alerts usingAlerts & Logging: Alerts(refertoChapter 7).8.2.5UPS St

121NUT can be configured using the Management Console as described above, or you can configure thetools and manage the UPS’s directly from the command

122So NUT supports the more complex power architectures found in data centers, computer rooms andNOCs where many UPS’s from many vendors power many sy

1238.3.1Connecting the EMDThe Environmental Monitoring Sensor(EMD)connects toanyserial port on theConsole Serverviaa specialEMDAdapterandstandardCAT5

124ClickAdd.Enter aNameandDescriptionfor the EMD andselectpre-configured serial port thattheEMDwill beConnected Via.ProvideLabelsforeach of the two

125Select theStatus:EnvironmentalStatusmenu and a table with the summary status of allconnected EMDhardware will be displayed.Click onView Logor sel

1269.AUTHENTICATIONIntroductionTheTripp LiteConsole Serveris a dedicated Linux computer,andit embodiespopular and proven Linuxsoftwaremodules forsecur

127LocalTACACS/RADIUS/LDAP:Trieslocal authenticationfirst, falling back to remote if local failsTACACS /RADIUS/LDAPLocal:Triesremote authenticationfir

128administrative control over the authentication and authorization processes. TACACS+ allows for asingle access control server (the TACACS+ daemon) t

129login, and other authentication mechanisms.Further information on configuring remote RADIUSservers can be found at the following sites:http://www.m

13Text presented like this highlights important issues and it isessential you readand take heed of these warnings.Text presented with an arrowhead in

130LDAPThe Lightweight Directory Access Protocol (LDAP) is based on the X.500 standard, butissignificantly simpler and more readily adapted to meet cu

1319.2PAM (Pluggable Authentication Modules)TheConsole Serversupports RADIUS, TACACS+ andLDAP fortwo-factor authenticationviaPAM(Pluggable Authenticat

132port2= 192.168.254.145/port05}global = cleartext mit}RADIUSExample:paul Cleartext-Password := "luap"Service-Type = Framed-User,Fall-Throu

133When you first enable and connectviaHTTPS,it is normal that youmay receive a certificate warning.ThedefaultSSL certificatein yourConsole Serverisem

13410.NAGIOS INTEGRATIONIntroductionNagiosis a powerful, highly extensible open source tool for monitoring network hosts and services. Thecore Nagios

13510.2Central ManagementThe Nagios solutionhas three parts: the Central Nagios server, DistributedConsole Servers and the SDTfor Nagios software.Cent

136You will also require a web server such as Apache to display the Nagios web UI(andthis may be installedautomatically as a dependency of the Nagios

137CheckNSCA Enabled, choose anNSCA Encryption Methodand enter and confirm anNSCASecret.Remember these details as you will need them later on.ForNSCA

138ClickApply.Now set theConsole Servertosend alerts to the Nagios server:SelectAlertsfrom theAlerts & Loggingmenuand clickAdd Alert.InDescript

139Enter theNagios Host Namethat theConsole Serverwill be referred to in the Nagios centralserver–this will begenerated from local System Name (enter

142.INSTALLATIONIntroductionThis chapter describesthe physicalinstallationof theConsole Serverhardwareand connection tocontrolled devices.2.1ModelsThe

14010.3.2 Enable NRPE MonitoringEnabling NRPE allows you to executeplug-ins (such ascheck_tcpandcheck_ping) on the remoteConsoleServerto monitor seria

14110.3.3 Enable NSCA MonitoringNSCA is the mechanism that allows you to send passive check results from the remoteConsole Servertothe Nagios daemon r

142SelectEnable Nagios,specify the name of the device on the upstream server and determine thecheckto be run on this port.Serial Statusmonitors the h

143TheNagios Checknominated as thecheck-host-alivecheck is used to determine whether thenetwork host itself is up or down.Typically this willbeCheck

14410.4Advanced Distributed Monitoring Configuration10.4.1Sample Nagios ConfigurationAn example configuration for Nagios is listed below.It shows how

145service_descriptionSerial Statushost_nameserverusegeneric-servicecheck_commandcheck_serial_status}define service {service_descriptionserial-signals

146host_nametripplitedependent_host_nameserverdependent_service_descriptionPort Logservice_descriptionNRPE Daemonexecution_failure_criteriaw,u,c}; Pin

147usegeneric-servicecheck_commandcheck_conn_via_tripplite!tcp!22}define service {service_descriptionhost-port-tcp-22-server; host-port-<protocol&g

148check_aptcheck_by_sshcheck_clamdcheck_digcheck_dnscheck_dummycheck_fpingcheck_ftpcheck_gamecheck_hpjdcheck_httpcheck_imapcheck_jabbercheck_ldapchec

14911.SYSTEM MANAGEMENTIntroductionThis chapter describes howthe Administrator canperforma range ofgeneral systemadministration andconfigurationtaskso

15Unpack yourConsole ServerManagement Switchkit and verify you have all the parts shownabove, and that they all appear in good working order.If you

150performing this procedure.Do not use a graphite pencil. Depress the button gentlytwice(withina 5 secondperiod) while the unit is powered ON.This wi

151Specify the address and name of the downloaded Firmware Upgrade File, orBrowsethe localsubnet and locate the downloaded file.ClickApplyand theCon

152TheConsole Servercan synchronize its system time with a remote time server using the Network TimeProtocol (NTP). Configuringwiththe NTP time server

153To restore a remote backup:ClickBrowsein the Remote Configuration Backup menuand select theBackup Fileyou wish torestore.ClickRestoreand clickOK.

154To backupto theUSBenter a briefDescriptionof the backupin the LocalConfiguration Backupsmenuand selectSave BackupThe Local Configuration Backup m

155Select theSystem: Administrationmenu option.CheckFIPS Modeto enable FIPS mode on boot,and checkRebootto safely reboot the consoleserver.ClickApp

15612.STATUS REPORTSIntroductionThis chapter describesthe selection of statusreports that are available for review:Port Access and Active UsersStati

15712.3Support ReportsTheSupport Reportprovides useful status information that will assist theTripp Litetechnical supportteamtoresolve any issuesyou m

158Remote System LoggingThe syslog record can be redirected to a remoteSyslog Server:Enter the remote Syslog Server address and port details andthenc

15912.5.1Configuring the DashboardOnlyuserswho are membersof theadmingroup(andtherootuser) can configure and access thedashboard.To configure a custom

16ConnectorsDB9F-RJ45S straight andcross-overExternalpowersupplyQuick Start Guide and CD-ROMUnpack yourConsole Serverkit and verify you have all the

160The Dashboard displays sixwidgets.These widgets include each of the Status screens (alerts, devices,ports,UPS, RPCand environmental status) and a c

161Create a file called "widget-<name>.sh" in the folder/etc/config/scripts/where <name> can beanything. You can have as many cu

16213.MANAGEMENTIntroductionTheConsole ServerManagementConsolehas a number of reports and tools that can be accessed byboth Administrators and Users:

163To display Host logs selectManage: Host Logsand the Host to be displayed.13.3Power ManagementAdministrator and Users can access and manage the con

164ClickConnect toSDT Connectorto access theConsole Servercommand line shell or the serialports viaSDT Connector.This willactivate theSDT Connectorcl

165To access theConsole Servercommand line,enter the gateway’s TCP address (e.g.192.168.254.198) ashostnameand the Username([email protected])

166

16714.BASIC CONFIGURATION-LINUX COMMANDSIntroductionFor those who preferto configure theirConsole Serverat theLinux commandlinelevel(ratherthanuse a b

16814.1The Linux Command LinePower up theConsole Serverand connect the “terminal” device:oIf you are connecting using the serial line, plug a serial

169Options-a–run-allRun all registered configurators. Thisperformseveryconfigurationsynchronization action pushingall changes to the live system.-h–he

17TheAC power socketislocated at the rear of theB092-016. This power inlet uses a conventional ACpower cord.ANorth American power cord is provided by

17014.2Administration Configuration14.2.1System SettingsTo change system settings to the following values:System Nameog.mydomain.comSystem Password (r

171# /bin/config–-set=config.auth.server=192.168.0.32# /bin/config–-set=config.auth.password=Secret# /bin/config–-set=”config.auth.ldap.basenode=some

172Time ZoneTo change the system time zone USAtoEastern Standard Time,you need to issue the followingcommands:# /bin/config–-set=config.system.timezon

173IP Address:192.168.1.100Primary DNS:192.168.1.254Secondary DNS:10.1.0.254You would need to issue the following commands from the command line:# /bi

174# /bin/config–-set=config.console.flow=Hardware# /bin/config–-set=config.console.initstring=ATQ0V1H0The following command will synchronize the live

175# /bin/config–-del=config.services.pingreply.enabledThe following command will synchronize the live system with thenew configuration:# /bin/config–

17614.5.2Supported Protocol ConfigurationTo ensure remote access to serial port 5 isconfigured as follows:TelnetAccess LANDisabledSSH Access LANEnable

177If you want a user named “user1” with a password of “secret” who will have access to serialport 5 from the network,you need to issue the these comm

178# /bin/config–-set=config.portaccess.total=2Please note that this rule becomes live straight away.14.6Event Logging Configuration14.6.1Remote Seria

179# /bin/config–-get=config.alerts.totalThis command should display output similar to:config.alerts.total 1Note that if you see:config.alerts.totalTh

182.5USB Port ConnectionTheB096-048/016Console ServerManagementSwitchhas one USB port on the front panel. ExternalUSB devices can be plugged into this

180</host1><total>3</total><host2><address>accounts.intranet.myco.com</address><description>Accounts server&

181/tmpis not a good location for the backup except as a temporary location before transferring itoff-box.The/tmpdirectory will not survive a reboot.T

182TheConsole Serverplatform is a dedicated Linux computer, optimized to provideaccess to serialconsoles of critical server systemsand control network

183smtpclientsttystuneltcpdumptftptiptracerouteMore details on theaboveLinux commands can found online at:http://en.tldp.org/HOWTO/HOWTO-INDEX/howtos.

18415.ADVANCED CONFIGURATIONIntroductionThis chapterdocumentsthe embeddedportmanagerapplicationwhich manages theserialports ontheConsole Serverand giv

18515.1 Advanced PortmanagerpmshellThepmshellcommand acts similarlyto thestandardtiporcucommands, but all serial portaccess is directedviathe portmana

186pmchatThepmchatcommand acts similarlyto thestandardchatcommand, but all serial port access isdirectedviathe portmanager.Example:To run a chat scrip

187Portmanager DaemonCommand line options:There is normally no need to stop and restart the daemon.To restart the daemon, just run thecommand:# portma

188When an alert occurs on a port, the portmanager will attempt to execute/etc/config/scripts/portXX.alert(where XX is the port number, e.g. 08).The s

189fiif [-z "$LABEL" ]; thenecho "Welcome $USER,you are connected to Port $PORT"elseecho "Welcome $USER, you are connected to

193.INITIAL SYSTEM CONFIGURATIONIntroductionThis chapter provides step-by-step instructions forthe initial configuration of yourConsole Serverandconne

190To override the standard modem initialization string,either use the Management Console(refertoChapter5) or the command line config tool (refertoDia

191Customizing the IP-Filter:/etc/config/filter-customIf the standard system firewall configuration is not adequate for your needs,it can be bypasseds

192ResourcesThere are many high-quality tutorials andHOWTOs availableviathenetfilterwebsite;inparticular,peruse the tutorials listed on thenetfilterHO

193Thesnmpd.confis extremely powerful and too flexible tocovercompletely here. Theconfiguration file itself is commented extensively and good document

194To set the Engine ID field (SNMP version 3 only):config--set config.system.snmp.engineid2=800000020109840301.. replacing800000020109840301with the

195OpenSSH, the de facto open source SSH application, encrypts all traffic (including passwords) toeffectively eliminate these risks. Additionally, Op

196Enter file in which to save the key (/home/user/.ssh/id_rsa):/home/user/keys/control_roomEnterpassphrase(empty for no passphrase):Enter samepassphr

197Assuming the user on the Management Console is called "fred"; the IP address of theConsoleServeris 192.168.0.1 (default); and the public

198-----BEGIN RSAPRIVATE KEY-----MIIEogIBAAKCAQEAyIPGsNf5+a0LnPUMcnujXXPGiQGyD3b79KZg3UZ4MjZI525sCyopv4TJTvTK6e8QIYtGYTByUdIid_rsaid_rsa.pubssh-rsaAAA

199OpenSSH:http://www.openssh.org/OpenSSH (Windows):http://sshwindows.sourceforge.net/download/For example,using PuTTYgen, make sure you have a recent

2INDEX1.INTRODUCTION92.INSTALLATION142.1Models142.1.1Kit Components: B096-048 and B096-016 Console Server Management Switch142.1.2Kit Components: B092

20oIP address:192.168.0.100oSubnet mask:255.255.255.0If you wish to retain your existing IP settings for this network connection, clickAdvancedandAdd

200Create a new file "authorized_keys" (with notepad) and copy your publickey data fromthe "Public key for pasting into OpenSSHauthori

201The authenticity of host 'remhost (192.168.0.1)' can't be established.RSA key fingerprint is 8d:11:e0:7e:8a:6f:ad:f1:94:0f:93:fc:7c:

202As detailed inChapter 4,theServergateway is setup inConsole Servermode with either RAWor RFC2217 enabled and theClientgateway is set up in Serial B

203Generated keys may be one of two types-RSA or DSA (and it is beyondthe scope of thisdocumentto recommend one over the other).RSA keys will go into

204Your identification has been saved in/home/user/keys/control_roomYour public key has been saved in/home/user/keys/control_room.pub.The key fingerpr

205To use public key authentication withSDT Connector, first you mustfirst create an RSA orDSA key pair (usingssh-keygen, PuTTYgenor a similar tool)

206http://www.openssl.org/docs/apps/openssl.htmlhttp://www.openssl.org/docs/HOWTO/certificates.txt15.8 HTTPSThe Management Console can be served using

207You will be promptedto enter a lot of information. Most of it doesn't matter, but the "CommonName" should be the domain name of your

208443 stream tcp nowait root sslwrap-cert /etc/config/ssl_cert.pem-key /etc/config/ssl_key.pem-exec /bin/httpd /home/httpd"Save the file and sig

209Targets connected to RPC's that could not be contacted (e.g. due to networkfailure) are reported as status "unknown". If possible, o

21You will be prompted to log in. Enter the defaultadministrationusernameand administrationpassword:Username:rootPassword:defaultThe abovescreen, whi

210Power on foo0,foo4,foo5:powerman--on foo[0,4-5]As a reminder to the reader, some shells will interpret brackets ([ and ]) for pattern matching.Depe

211The first is tohavescripts to supportthe particular RPCincluded inthe open sourcePowerManproject(http://sourceforge.net/projects/powerman).ThePower

212This value will be passed tothe scripts in the environment variableoutlet,allowing the script toaddress the correct outlet.There are four possible

213[-U<username>][-A<authtype>][-L<privlvl>][-a|-E|-P|-f<password>][-o<oemtype>]<command>ipmitool[-c|-h|-v|-V]-Ila

214-f<password_file>Specifies a file containing the remote server password. If this option is absent, or ifpassword_file is empty, the password

215environments where system security is not an issue or where there is a dedicated secure'management network'or access has been provided th

216ipmitoolchassis helpChassis Commands: status, power, identify, policy, restart_cause, poh, bootdevipmitoolchassis power helpchassis power Commands:

217-SelectStatus: Support Report-Scroll down toProcesses-Look for:/bin/ssh-MN-o ControlPath=/var/run/cascade/%hSlavename-These are theSlaves that are

21816.THIN CLIENT(B092-016)IntroductionTheB092-016has a selection of managementclients(Firefox browser, SSH,Telnet, VNC viewer, ICA,RDP)embeddedas wel

219For each new Host you add, you will be asked to enter aLabel(enter a descriptive name) and aHostname(enter theIP AddressorDNS Nameof the new netwo

223.1.3InitialB092-016ConnectionFortheinitial configuration of theB092-016Console Server,youwill need to connect aconsole(keyboard, mouse and display)

22016.1.1Connect-Serial TerminalSelectConnect: Serialon the control panel and click on the desired serial port. A window will becreated with a connec

221The B092-016provides a powerful Mozilla Firefox browser with a licensed Sun Java JRE.Java and all Java based trademarks andlogos are trademarks or

222If theHostNamewas left blank when the VNC server connection was configured,then the VNCViewer will start with a request for the VNC server.Select

223TheB092-016SSH connection uses OpenSSH (http://www.openssh.com/) and the terminal connection ispresented using rxvt (ouR XVT).You can find more det

224Theresultingserial character connection is presented in anrxvt (ouR XVT) window.Also the Serial-Over-LAN feature is only applicable to IPMI2.0 devi

225You can use Add/Delete/Edit to customize therdesktopclient (e.g. to include login usernamepasswords). The command line protocol is:rdesktop-uwindow

22616.1.8Connect-PowerAlertSelectConnect:PowerAlerton the control panel.The PowerAlert software will be launched.16.2Advanced Control Panel16.2.1Syst

22716.2.2System: Shutdown / RebootClickingSystem: Shutdownon the control panel will shut down theB092-016system. You will need tocycle the power to re

22816.3Remote ControlYou can access theB092-016locallyviaadirectly connected keyboard, monitor andmouse (or KVMswitch). If theB092-016is connectedtoaK

229AppendixAHardware SpecificationFEATUREVALUEDimensionsB096-016 / B096-048: 17 x 12 x 1.75 in (43.2 x 31.3. x 4.5 cm)B092-016:17 x 6.7 x 1.75 in (44

23SelectSystem: Administration.Enter a newSystem Passwordthen re-enter it inConfirm System Password.This is thenewpasswordforroot, the main administ

230AppendixBSerial PortConnectivityPinout standards exist for both DB9 and DB25connectors,however,there are notpinout standards forserial connectivity

231ConnectorsIncluded inConsole ServerTheB092-016Console Serverwith PowerAlert, and theB096-048/016Console ServerManagementSwitchshipwitha “cross-over

232AppendixCEnd UserLicense AgreementREAD BEFORE USING THE ACCOMPANYING SOFTWAREYOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE US

233EXPORT RESTRICTIONS.You agree that you will not export or re-export the Software, any part thereof,or any process or service that is the direct pro

234REGARDING THE DEVICE OR THE SOFTWARE, THOSE WARRANTIES DO NOT ORIGINATE FROM,AND ARE NOT BINDING ON,TRIPPLITE.NO LIABILITY FOR CERTAIN DAMAGES.EXCE

235Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.GNU GENERAL PUBLIC LICENSETER

236a) Accompany it with the complete corresponding machine-readablesource code, which must be distributed underthe terms of Sections 1 and 2 above on

237distribution limitation excludingthose countries, so that distribution is permitted only in or amongcountries not thusexcluded.In such case, this L

2383. Source Code. Software may contain source code that, unless expressly licensed for other purposes, is providedsolely for reference purposes pursu

239AppendixDService and WarrantyServiceYour Tripp Lite product is covered by the warranty described in this manual. A variety of ExtendedWarranty and

24If you selectDHCP,theConsole Serverwill look for configuration details from a DHCP serveronyourmanagementLAN.This selection automatically disables

240(Some states do not allow limitations on how long an implied warranty lasts, and some states do notallow the exclusionor limitation of incidental o

241Send old equipment for recycling on a one-for-one, like-for-like basis (this varies depending onthe country)Send the new equipment back for recyc

Tripp Lite World Headquarters1111 W. 35th Street, Chicago, IL 60609 USAwww.tripplite.com/support2201001079 93-2879-EN

25You will thenneed toconfigure the IPv6 parameters on each interface page.3.4SystemServicesThe Administratorhasaselectionof access protocolsthatcanb

26SelectSystem: Services.Thenselect /deselectthe service to be enabled /disabled.The followingaccess protocoloptions are available:HTTPSEnsuressecure

27There are also a number of related service options that can be configured at this stage:SNMPEnablesnetsnmpin theConsole Serverwhich will keep a rem

28ClickApply. Asyou apply your services selections, the screen will be updated with aconfirmation message:MessageChanges to configuration succeeded.3

29To use PuTTY for an SSH terminal session from aWindows client,entertheConsole Server’s IPaddress as the‘Host Name (or IP address)’To access theCon

34.1.1Common Settings354.1.2Console Server Mode364.1.3SDT Mode404.1.4Device (RPC, UPS, EMD) Mode404.1.5Terminal Server Mode404.1.6Serial Bridging Mode

30Amessagemay appearabout the host key fingerprint.Youwill need to select ‘Yes’ or ‘Always’ to continueThe next step is password authentication.You

31NoteThesecond Ethernet portontheB096-048/016can be configured as either aManagement LANgateway portorit can be configured asan OoB/Failover port-but

32To configure the DHCP serverfor the Management LAN:Enter theGatewayaddress that istobeissuedtothe DHCP clients. If this field is left blank, theIP

33OnceDHCP has initially allocated hosts addresses,it is recommended to copy these into the pre-assigned list so the same IP address will be reallocat

344.SERIAL PORT AND NETWORK HOSTIntroductionTheConsole Serverenables access and control of serially-attacheddevicesand network-attacheddevices(hosts).

35NoteIf you wish to set the same protocol options formultiple serial ports at once,clickEdit MultiplePortsand select which ports you wish to configur

364.1.2Console ServerModeSelectConsole ServerModeto enable remote management access to the serial console that is attachedtotheserial port:Logging Lev

37TelnetCheck to enableTelnetaccesstotheserial port. Whenenabled,aTelnetclient onaUserorAdministrator’scomputercanconnectto aserial deviceattachedtoth

38PuTTYcan be downloaded athttp://www.tucows.com/preview/195286.htmlSSHIt isrecommendedthattheUseror AdministratorusesSSH as the protocolforconnecting

39This syntax enablesusersto set up SSH tunnels to all serial ports with only a single IP port 22having to beopened in their firewall/gateway.TCPRAW T

46.2SDT Connector Configuration696.2.1SDT Connector Client Installation706.2.2Configuring a New Gateway in the SDT Connector Client716.2.3Auto-Configu

404.1.3SDTModeThis setting allows port forwarding ofLAN protocolssuch as RDP, VNC, HTPP, HTTPS, SSH andTelnetthrough to computers which are connectedl

41Thegettywill thenconfigure the port and wait for a connection to be made. An active connection on aserial device is usually indicated by the Data Ca

42You may secure the communications over the local Ethernet by enabling SSHhowever you willneed to generate and upload keys (refertoChapter 14–Advanc

43Userscan be authorized to access specifiedConsole Serverserialports and specified network-attachedhosts.These users can also be given full Administr

44SelectSerial & Network: Users & Groupsto display the configured Groups and Users.ClickAdd Groupto add a new Group.Add aGroupname andDescr

45Add aUsernameandaconfirmedPasswordfor each newUser. You may also includeinformation related to the user (e.g.contact details) in theDescriptionfiel

46SelectingSerial & Network: Network Hostspresentsallthe network connectedHosts thathavebeen enabled for access,and therelated access TCPports/se

474.5Trusted NetworksTheTrusted Networksfacility gives youtheoption to nominate specific IP addresses that users(Administrators and Users)must be loca

48Network IP Address204.15.5.0Subnet Mask255.255.255.255If however you want to allow all the users operating from within a specific range of IPaddres

49Nowselect whether to generatethekeys using RSAand/or DSA(ifunsure, select only RSA).Generatingeach set of keys will require approximately two minute

57.3Remote Log Storage1097.4Serial Port Logging1107.5Network TCP or UDP Port Logging1118.POWER & ENVIRONMENTAL MANAGEMENT1128.1Remote Power Contro

50Next, you must register the Public Key as an AuthorizedKey ontheSlave.In the simple case with onlyone Master with multipleSlaves, you need only uplo

514.6.3Configure theSlaves and their Serial PortsYou cannowbeginsetting up theSlaves and configuringSlaveserial portsfrom the MasterConsoleServer:Sel

524.6.4Managing theSlavesThe Master is in controlof theSlaveserial ports.So,for example,ifyouchange aUser’saccessprivilegesor edit any serial port set

53VirtualPortis fully compatible with 32-bit and 64-bit versions of Windows NT 4.x, Windows XP, Windows2000,Windows 2003, Windows 2008, Windows Vista

54Enter theConsoleServer'sIP address (or network name).Enter theServer TCP Portnumber that matches the port you have configured for the seriald

55-Connect at system startup—When enabledVirtualPortwill try to connect to theConsole Serverwhen theVirtualPortservice starts (as opposed to waiting f

56-CheckReceive DSR/DCD/CTS changesif the flow control signal status from the physical serialport onConsole Serveris to be reflected back to the Windo

574.8Managed Devices(B095-004/003 only)Managed Devices presents a consolidated view of all the connections to a device that can be accessedand monitor

58To adda newnetwork connected Managed Device:TheAdministratoradds a new network connected Managed Device usingAdd Hoston theSerial&Network: Netw

59Alsoallthe outlet names on thePDUwill by default be “Outlet 1” “Outlet 2”. When you connect aparticular Managed Device (that draws power from the ou

610.3Configuring Nagios Distributed Monitoring13810.3.1Enable Nagios on the Console Server13810.3.2Enable NRPE Monitoring14010.3.3Enable NSCA Monitori

605.FAILOVER ANDOUT-OF-BAND ACCESSIntroductionTheConsole Serverhas a number of failover and out-of-bandaccesscapabilities to ensureavailabilityinthe e

615.1.1ConfigureDial-In PPPTo enable dial-in PPP access on theConsole Servermodem port/internal modem:Select theSystem: Dialmenu optionand the port t

62In theLocal Addressfield,enter the IP address for the Dial-In PPP Server. This is the IP addressthat will be used by the remote client to accessCon

63SelectConnectto the Internetand clickNext.On theGettingReadyscreen selectSet Up My ConnectionManuallyandclickNext.On theInternet Connectionscreen

645.1.5Set UpLinux Clientsfor Dial-InThe online tutorialhttp://www.yolinux.com/TUTORIALS/LinuxTutorialPPP.htmlpresentsa selection ofmethods for establ

65When configuring the principal network connectionon theSystem:IP Network Interfacemenu,selectManagement LAN(eth1)as theFailover Interfaceto be used

66Then configureManagement LAN Interface(eth1) with the same IP setting that you used for themainNetwork Interface(eth0) to ensure transparent redund

67

686.SECURE TUNNELINGANDSDT CONNECTORIntroductionEachConsole Serverhas anembeddedSSHserver and uses SSH tunneling.This enablesoneConsoleServertosecurel

69UsingSDT ConnectortoTelnetor SSHconnect to devices that are serially attached to theConsole Server(Section 6.4)The chapter then covers more advance

714.2.1System Settings17014.2.2Authentication Configuration17014.3Date and Time Configuration17114.4Network Configuration17214.4.1IP Configuration1721

70SDT Connectorcan connect to theConsole Serverusing an alternate OoB access.Itcan also beconfigured to access theConsole Serveritself and to access d

71To operateSDT Connector,addthenew gateways to the client software by entering the access detailsfor eachConsole Server(refertoSection 6.2.2).Thenlet

72Optionally,you canenter aDescriptive Nameto display instead of the IP or DNS address, andanyNotesor aDescriptionof this gateway (such as its firmwa

73Configure access to network-connected Hoststhat the user is authorized to accessand set up (for each of these Hosts) the services (e.g. HTTPS, IPMI

74NoteTheSDT Connectorclient can be configured withanunlimited number of Gateways. EachGateway can be configured to port forward to an unlimited numbe

756.2.6Manually Adding New Services to theNew HostsTo extend the range of services that can beused when accessing hosts withSDT Connector:SelectEdit:

76The second redirection is for the VNC service that the user may choose tolaunch later from the RAC webconsole. Itautomatically loads in a Java clien

776.2.7Adding aClient Program to be Started for theNew ServiceClients are local applications that may be launchedwhen a related service is clicked. To

78Also some clients are launched in a command line or terminal window.TheTelnetclient is anexample of this:ClickOK.6.2.8Dial-In ConfigurationIf the c

79SDT Connectorclient software that is suppliedwith the gateway. However there is also a wide selectionof commercial and free SSH client programs that

815.6.8SDT Connector Public Key Authentication20415.7Secure Sockets Layer (SSL) Support20515.8HTTPS20615.9Power Strip Control20815.9.1PowerMan20815.9.

80specified when setting uptheSDT Hostson theConsole Serverwasaccounts.myco.intranet.com, then specify the Destination asaccounts.myco.intranet.com:33

81SelectLocaland click theAddbutton.ClickOpento SSH connect the Clientcomputerto theConsole Server.You will now be promptedfor the Username/Password

82NoteHow secure is VNC?VNC access generally allows access to your whole computer, so security isvery important. VNC uses a random challenge-response

836.3SDT ConnectortoManagement ConsoleSDT Connectorcan also be configured for browser accesstothe gateway’s Management Console–andforTelnetor SSH acce

846.4SDT Connector-Telnetor SSH ConnecttoSerially AttachedDevicesSDT Connectorcanalso be used to access text consoles on devices that are attached to

85ClickAddthen scroll to the bottom and clickApply.Administrators by default have gateway and serialport access privileges; however for Users toacce

86cmd /c start "Starting Out of Band Connection" /wait /min rasdial network_connection loginpasswordThenetwork_connectionin the aboveis the

876.6Importing (and exporting) PreferencesTo enable the distribution of pre-configured client config files,SDT Connectorhas anExport/Importfacility:T

88SSH client thatSDT Connectorlaunches (e.g. Putty, OpenSSH) and the host's SSH serverfor public keyauthentication.Essentially,what you are using

89To set the user(s) who can remotely access the system with RDP,clickAddon theRemoteDesktop Usersdialog box.NoteIf you need to set up new users for

91.INTRODUCTIONThis ManualThis UserManualis provided to help you get the most fromyourB096-016 /B096-048Console ServerManagement Switch,B092-016Consol

90InComputer, enter the appropriate IP Address and Port Number:Where there is a direct local or enterprise VPN connection, enter the IP Address of t

91NoteThe Remote Desktop Connection software is pre-installedonWindows XP.However,for earlierWindowscomputers,you will need to download the RDP client

92NoteTherdesktopclient is supplied with Red Hat 9.0:rpm-ivhrdesktop-1.2.0-1.i386.rpmFor Red Hat 8.0 or other distributions of Linux; download source

936.9SDT SHHTunnel for VNCAlternately, with SDT and Virtual Network Computing (VNC), Users and Administrators can securelyaccess and control Windows 9

94To set up a persistent VNC server on Red Hat Enterprise Linux 4:oSet a password usingvncpasswdoEdit/etc/sysconfig/vncserversoEnable the service wit

95A.When the Viewercomputeris connected to theConsole ServerthroughanSSH tunnel (over thepublic Internet, or a dial-in connection, or private network

96NoteFor general background reading on Remote Desktop and VNC access,we recommend thefollowing:The Microsoft Remote Desktop How-Tohttp://www.microso

97B.For Windows XP and 2003 computers,follow the steps below toset up an advanced networkconnection between the Windows computer, through its COM port

98Specify which Users will be allowed to use this connection. This should be the same Users whoweregiven Remote Desktop access privileges in the earl

99Alternately you can set the advanced connection and access on the Windows computer to usetheConsole Serverdefaults:Specify 10.233.111.254 as theFro