DL manuals
Raritan
Gateway
CCA-0N-V5.1-E
Administration Manual

Raritan CCA-0N-V5.1-E Administration Manual

Manual is about: CommandCenter Secure Gateway

Page of 420

Download

Print this page

Bookmark us

CCA-0N-v5.1-E

February 2011

255-80-5140-00-0N

CommandCenter Secure Gateway

Administrators Guide

Release 5.1

1 2 3 4 5 6 7 Next › »

Summary of CCA-0N-V5.1-E

Page 2
This document contains proprietary information that is protected by copyright. All rights reserved. No part of this document may be photocopied, reproduced, or translated into another language without express prior written consent of raritan, inc. © copyright 2011 raritan, inc. All third-party softw...
Page 3: Contents
Iii contents what's new in the cc-sg administrators guide xvii chapter 1 introduction 1 prerequisites .................................................................................................................................. 1 terminology/acronyms ...............................................
Page 4
Contents iv licensing - limited operation before license install .................................................................. 28 licensing - existing customers ................................................................................................... 29 licensing - rehosting ............
Page 5
Contents v discovering devices .................................................................................................................... 53 adding a device ........................................................................................................................... 54 add a ...
Page 6
Contents vi copying device configuration ..................................................................................................... 87 restarting a device ...................................................................................................................... 88 pinging the ...
Page 7
Contents vii adding location and contacts to a node profile ....................................................................... 111 adding notes to a node profile ................................................................................................. 111 configuring the virtual infrast...
Page 8
Contents viii limit the number of kvm sessions per user ............................................................................ 162 configuring access auditing for user groups ........................................................................... 162 adding, editing, and deleting users ......
Page 9
Contents ix specify a base dn........................................................................................................... 189 specifying modules for authentication and authorization ......................................................... 189 establishing order of external aa servers...
Page 10
Contents x audit trail report ....................................................................................................................... 210 error log report ........................................................................................................................ 211 acce...
Page 11
Contents xi chapter 15 advanced administration 237 configuring a message of the day ............................................................................................ 237 configuring applications for accessing nodes .............................................................................
Page 12
Contents xii refresh a neighborhood ................................................................................................. 266 delete a neighborhood .................................................................................................... 266 security manager .....................
Page 13
Contents xiii navigate administrator console ...................................................................................... 305 edit diagnostic console configuration ............................................................................ 306 edit network interfaces configuration (networ...
Page 14
Contents xiv appendix b cc-sg and network configuration 349 required open ports for cc-sg networks: executive summary ............................................. 349 cc-sg communication channels ............................................................................................. 350 cc-sg...
Page 15
Contents xv appendix c user group privileges 357 appendix d snmp traps 366 appendix e csv file imports 368 common csv file requirements .............................................................................................. 369 audit trail entries for importing ..................................
Page 16
Contents xvi user information ........................................................................................................................ 389 node information ....................................................................................................................... 389 loca...
Page 17: What'S New In The Cc-Sg
Xvii the following sections have changed or information has been added to the commandcenter secure gateway administrators guide based on enhancements and changes to the equipment and/or documentation. Add a license (on page 30) pause and resume management of devices using a scheduled task (on page 8...
Page 19: Chapter 1 Introduction
1 the commandcenter secure gateway (cc-sg) administrators guide offers instructions for administering and maintaining your cc-sg. This guide is intended for administrators who typically have all available privileges. Users who are not administrators should see raritan's commandcenter secure gateway ...
Page 20
Chapter 1: introduction 2 terminology/acronyms terms and acronyms found in this document include: access client - html-based client intended for use by normal access users who need to access a node managed by cc-sg. The access client does not allow the use of administration functions. Admin client -...
Page 21
Chapter 1: introduction 3 ghosted ports - when managing paragon devices, a ghosted port can occur when a cim or target server is removed from the system or powered off (manually or accidentally). See raritan's paragon ii user guide. Hostname - can be used if dns server support is enabled. See about ...
Page 22
Chapter 1: introduction 4 node groups - a defined group of nodes that are accessible to a user. Node groups are used when creating a policy to control access to the nodes in the group. Ports - connection points between a raritan device and a node. Ports exist only on raritan devices, and they identi...
Page 23
5 you can access cc-sg in several ways: browser: cc-sg supports numerous web browsers (for a complete list of supported browsers, see the compatibility matrix on the raritan support website). Thick client: you can install a java web start thick client on your client computer. The thick client functi...
Page 24
Chapter 2: accessing cc-sg 6 jre incompatibility if you do not have the minimum required version of jre installed on your client computer, you will see a warning message before you can access the cc-sg admin client. The jre incompatibility warning window opens when cc-sg cannot find the required jre...
Page 25
Chapter 2: accessing cc-sg 7 4. If the cc-sg is configured for secure browser connections, you must select the secure socket layer (ssl) checkbox. If the cc-sg is not configured for secure browser connections, you must deselect the secure socket layer (ssl) checkbox. This setting must be correct or ...
Page 26
Chapter 2: accessing cc-sg 8 cc-sg admin client upon valid login, the cc-sg admin client appears..
Page 27
Chapter 2: accessing cc-sg 9 nodes tab: click the nodes tab to display all known target nodes in a tree view. Click a node to view the node profile. Interfaces are grouped under their parent nodes. Click the + and - signs to expand or collapse the tree. Right-click an interface and select connect to...
Page 28
10 before you can begin configuring and working in cc-sg, you must have valid licenses installed. Then, upon first login, you should confirm the ip address, set the cc-sg server time, and check the firmware and application versions installed. You may need to upgrade the firmware and applications. On...
Page 29
Chapter 3: getting started 11 licensing - basic license information licenses are based on the number of nodes configured in cc-sg. Your purchase of a physical or virtual appliance includes a license to use a specific number of nodes. This "base license" enables cc-sg functionality and includes licen...
Page 30
Chapter 3: getting started 12 cc-sg product description information needed to create license for first time cc-v1-256 cc-sg v1 appliance, includes 256 node license host id of the cc-sg unit ccsg128-va cc-sg virtual appliance, includes 128 node license  host id of the windows or linux license server...
Page 31
Chapter 3: getting started 13 3. Check the number of nodes in your database on this page. You can determine how many more nodes you can add up to your licensed limit..
Page 32
Chapter 3: getting started 14 licensing - new customers - physical appliance if you are a new customer who has just purchased a physical cc-sg 5.0 appliance, follow these instructions to ensure that you have valid licenses installed and activated. Step 1 - get your license: 1. The license administra...
Page 33
Chapter 3: getting started 15 4. Click the link in the email to go to the software license key login page on raritan's website and login with the user account just created. 5. Click the product license tab. The licenses you purchased display in a list. You may have only 1 license, or multiple licens...
Page 34
Chapter 3: getting started 16 step 3: check out the licenses you want to activate: you must check out licenses to activate the features. Select a license from the list then click check out. Check out all the licenses you want to activate. Licensing - clusters - new customers a cluster kit license en...
Page 35
Chapter 3: getting started 17 licensing - virtual appliance with license server the cc-sg virtual appliance requires you to install a license server to host your license. Raritan provides the license server software and tools and a vendor daemon, which you install on a physical server. See virtual a...
Page 36
Chapter 3: getting started 18 download installation files the complete set of installation files is available at http://www.Raritan.Com/support/commandcenter-secure-gateway/. You must log in to the raritan licensing portal to access these files at this link. See get your license (on page 19). If you...
Page 37
Chapter 3: getting started 19 7. Move the raritan vendor daemon file using this command: cp raritan /home/flex/flexserverv11.8/i86_lsb/ 8. Enter this command: chmod +x raritan 9. Make sure you have the redhat-lsb package installed. To install it, run yum install redhat-lsb as root. Windows server 1....
Page 38
Chapter 3: getting started 20 3. Check your email for another message from raritan licensing portal from the email address licensing@raritan.Com, with the subject line your raritan commandcenter sg software license key is available. 4. Click the link in the email to go to the software license key lo...
Page 39
Chapter 3: getting started 21  linux: su - root; dmidecode -s system-uuid  windows: use cd to change to the /flexnet-win/i86_n3 directory, then run dmidecode -s system-uuid  enter the tcp port number that cc-sg will use to communicate with the license server. The default port is 27000. If the lic...
Page 40
Chapter 3: getting started 22 2. Enter this command to change to the directory. Cd c:\flexnet-win\i86_n3\ 3. Run lmgrd to start the server. In the sample commands, "license-file.Lic" is the file name of the .Lic file. If you have more than 1 license file, you must specify each file name in the comma...
Page 41
Chapter 3: getting started 23 b. Type and then confirm the new password. The new password must be a strong password consisting of at least eight characters that are a combination of letters and numbers. 3. Press ctrl+x when you see the welcome screen. 4. Choose operation > network interfaces > netwo...
Page 42
Chapter 3: getting started 24 6. Select the ccsg128-va base license then click check-out to activate it. 7. To activate add-on licenses, select each license then click check-out. See the cc-sg administrators guide for more details about licenses. See the flexera ™ flexnet publisher ® documentation f...
Page 43
Chapter 3: getting started 25 restart license servers after an outage if the license server goes down, and then resumes operation, or if you move, add or delete license files, you should restart the license server. Restarting the license server ensures that cc-sg is synchronized with the most curren...
Page 44
Chapter 3: getting started 26 lmdown allows for the graceful shutdown of selected license daemons. Lmdown -vendor raritan is used to shut down the raritan vendor daemon lmhostid allows the user to retrieve the host id of the current platform. Includes the –uuid, and, –hostdomain or –internet argumen...
Page 45
Chapter 3: getting started 27 lmver reports the version of a flexnet publisher library or binary file, such as lmgrd, lmadmin, lmdown, vendor daemon. Install or upgrade vmware tools vmware tools is recommended by vmware for all virtual machine deployments. Once you install vmware tools on your comma...
Page 46
Chapter 3: getting started 28 licensing - limited operation before license install until you have installed and checked out the proper licenses, cc-sg operations are limited. Only the following menu choices are enabled. Diagnostic console: to retrieve necessary information and logs, configure networ...
Page 47
Chapter 3: getting started 29 licensing - existing customers if you are an existing cc-sg customer, with a physical cc-sg appliance, when you upgrade your cc-sg unit to 5.0 or higher, a license file is created and installed that allows you to continue using cc-sg with the number of nodes configured ...
Page 48
Chapter 3: getting started 30 add a license you can add a license to cc-sg if you purchase a new add-on license, or need to replace your licenses. When replacing licenses, add the base license first. Add-on licenses associated with the previous base license will be deleted automatically if they are ...
Page 49
Chapter 3: getting started 31 only the cc super-user and users with similar privileges can configure time and date. Changing the time zone is disabled in a cluster configuration. To configure the cc-sg server time and date: 1. Choose administration > configuration. 2. Click the time/date tab. A. To ...
Page 50
Chapter 3: getting started 32 checking and upgrading application versions check and upgrade the cc-sg applications, including raritan console (rc) and raritan remote client (rrc). To check an application version: 1. Choose administration > applications. 2. Select an application name from the list. N...
Page 51: Setup
33 guided setup offers a simple way to complete initial cc-sg configuration tasks once the network configuration is complete. The guided setup interface leads you through the process of defining associations, discovering and adding devices to cc-sg, creating device groups and node groups, creating u...
Page 52
Chapter 4: configuring cc-sg with guided setup 34 associations in guided setup create categories and elements to create categories and elements in guided setup: 1. In the guided setup window, click associations, and then click create categories in the left panel to open the create categories panel. ...
Page 53
Chapter 4: configuring cc-sg with guided setup 35 discover and add devices the discover devices panel opens when you click continue at the end of the associations task. You can also click device setup, and then click discover devices in the guided tasks tree view in the left panel to open the discov...
Page 54
Chapter 4: configuring cc-sg with guided setup 36 14. If you are manually adding a powerstrip device, click the number of ports drop-down arrow and select the number of outlets the powerstrip contains. 15. If you are adding an ipmi server, type an interval, used to check for availability, and an aut...
Page 55
Chapter 4: configuring cc-sg with guided setup 37 3. There are two ways to add devices to a group, select devices and describe devices. The select devices tab allows you to select which devices you want to assign to the group by selecting them from the list of available devices. The describe devices...
Page 56
Chapter 4: configuring cc-sg with guided setup 38  select nodes a. Click the select nodes tab in the node group: new panel. B. In the available list, select the node you want to add to the group, and then click add to move the node into the selected list. Nodes in the selected list will be added to...
Page 57
Chapter 4: configuring cc-sg with guided setup 39 add user groups and users the add user group panel opens when you click continue at the end of the create groups task. You can also click user management, and then click add user group in the guided tasks tree view in the left panel to open the add u...
Page 58
Chapter 4: configuring cc-sg with guided setup 40 13. Select the login enabled checkbox if you want the user to be able to log in to cc-sg. 14. Select the remote authentication checkbox only if you want the user to be authenticated by an outside server, such as tacacs+, radius, ldap, or ad. If you a...
Page 59: Elements
41 in this chapter about associations .................................................................................. 41 adding, editing, and deleting categories and elements ........................ 42 adding categories and elements with csv file import .......................... 43 about associ...
Page 60
Chapter 5: associations, categories, and elements 42 policies also use categories and elements to control user access to servers. For example, the category/element pair location/america can be used to create a policy to control user access to servers in america. See policies for access control (on p...
Page 61
Chapter 5: associations, categories, and elements 43  select integer if the value is a number. 5. In the applicable for field, select whether this category applies to: devices, nodes, or device and nodes. 6. Click ok to create the new category. The new category name appears in the category name fie...
Page 62
Chapter 5: associations, categories, and elements 44 categories and elements csv file requirements the categories and elements csv file defines the categories, their associated elements, their type, and whether they apply to devices, nodes or both. All category and categoryelement records are relate...
Page 63
Chapter 5: associations, categories, and elements 45 sample categories and elements csv file add, category, os, string, node add, categoryelement, os, unix add, categoryelement, os, windows add, categoryelement, os, linux add, category, location, string, device add, categoryelement, location, aisle ...
Page 64
Chapter 5: associations, categories, and elements 46 export categories and elements the export file contains comments at the top that describe each item in the file. The comments can be used as instructions for creating a file for importing. To export categories and elements: 1. Choose administratio...
Page 65
47 to add raritan powerstrip devices that are connected to other raritan devices to cc-sg, see managed powerstrips (on page 93). Note: to configure ilo/riloe devices, ipmi devices, dell drac devices, ibm rsa devices, or other non-raritan devices, use the add node menu and add these items as an inter...
Page 66
Chapter 6: devices, device groups, and ports 48 viewing devices the devices tab click the devices tab to display all devices under cc-sg management. Each device's configured ports are nested under the devices they belong to. Devices with configured ports appear in the list with a + symbol. Click the...
Page 67
Chapter 6: devices, device groups, and ports 49 icon meaning serial port unavailable ghosted port (see raritan's paragon ii user guide for details on ghosting mode.) device paused device unavailable power strip outlet port blade chassis available blade chassis unavailable blade server available blad...
Page 68
Chapter 6: devices, device groups, and ports 50 note: for blade servers without an integrated kvm switch, such as hp bladesystem servers, their parent device is the virtual blade chassis that cc-sg creates, not the kx2 device. These servers will be sorted only within the virtual blade chassis device...
Page 69
Chapter 6: devices, device groups, and ports 51 the device profile includes tabs that contain information about the device. Associations tab the associations tab contains all categories and elements assigned to the node. You can change the associations by making different selections. See association...
Page 70
Chapter 6: devices, device groups, and ports 52 2. Choose devices > device manager > topology view. The topology view for the selected device appears.  click + or - to expand or collapse the view. Right click options in the devices tab you can right-click a device or port in the devices tab to disp...
Page 71
Chapter 6: devices, device groups, and ports 53 discovering devices discover devices initiates a search for all devices on your network. After discovering the devices, you may add them to cc-sg if they are not already managed. To discover devices: 1. Choose devices > discover devices. 2. Type the ra...
Page 72
Chapter 6: devices, device groups, and ports 54 adding a device devices must be added to cc-sg before you can configure ports or add interfaces that provide access to the nodes connected to ports. The add device screen is used to add devices whose properties you know and can provide to cc-sg. To sea...
Page 73
Chapter 6: devices, device groups, and ports 55 6. Type the time (in seconds) that should elapse before timeout between the new device and cc-sg in the heartbeat timeout (sec) field. 7. When adding a dominion sx or dominion kx2 version 2.2 or later device, the allow direct device access checkbox ena...
Page 74
Chapter 6: devices, device groups, and ports 56 14. If the firmware version of the device is not compatible with cc-sg, a message appears. Click yes to add the device to cc-sg. You can upgrade the device firmware after adding it to cc-sg. See upgrading a device (on page 82). Add a powerstrip device ...
Page 75
Chapter 6: devices, device groups, and ports 57  if you do not see the category or element values you want to use, you can add others. See associations, categories, and elements (on page 41). 8. When you are done configuring this device, click apply to add this device and open a new blank add devic...
Page 76
Chapter 6: devices, device groups, and ports 58 2. Type the new device properties in the appropriate fields on this screen. If necessary, edit the categories and elements associated with this device. 3. Click the outlet tab to view all outlets of this powerstrip. 4. If an outlet is associated with a...
Page 77
Chapter 6: devices, device groups, and ports 59 adding location and contacts to a device profile enter details about the location of the device and contact information for the people who administer or use the device. To add location and contacts to a device profile: 1. Select a device in the devices...
Page 78
Chapter 6: devices, device groups, and ports 60 configuring ports if all ports of a device were not automatically added by selecting configure all ports when you added the device, use the configure ports screen to add individual ports or a set of ports on the device to cc-sg. Once you configure port...
Page 79
Chapter 6: devices, device groups, and ports 61 3. Click the configure button that corresponds to the kvm port you want to configure. 4. Type a port name in the port name field. For ease of use, name the port after the target that is connected to the port. See naming conventions (on page 389) for de...
Page 80
Chapter 6: devices, device groups, and ports 62 3. Click the access application drop-down menu and select the application you want to use when you connect to this port from the list. To allow cc-sg to automatically select the correct application based on your browser, select auto-detect. 4. Click ok...
Page 81
Chapter 6: devices, device groups, and ports 63 3. Select the checkbox of the port you want to delete. 4. Click ok to delete the selected port. A message appears when the port has been deleted. Configuring a blade chassis device connected to kx2 blade chassis overview there are two types of blade ch...
Page 82
Chapter 6: devices, device groups, and ports 64 add a blade chassis device the procedure to add a blade chassis device varies depending on the blade chassis type. A blade chassis device always show two names in the devices tab: the name without the parentheses is retrieved from the kx2 device, and t...
Page 83
Chapter 6: devices, device groups, and ports 65 configuring slots on a blade chassis device if the blade servers or slots are not configured yet in cc-sg. You must configure them by following the procedure in this section, or the blade servers do not appear in the devices and nodes tabs. An out-of-b...
Page 84
Chapter 6: devices, device groups, and ports 66  to configure each slot individually, click the configure button next to the slot. Then type a name for the slot in the port name field, and type a node name in the node name field. The default access application is set according to the default applic...
Page 85
Chapter 6: devices, device groups, and ports 67 to delete a slot using the delete blade command: 1. In the devices tab, click the + next to the kx2 device that is connected to the blade chassis device. 2. Click the + next to the blade chassis device whose slots you want to delete. 3. Right-click the...
Page 86
Chapter 6: devices, device groups, and ports 68 move a blade chassis device to a different port when physically moving a blade chassis device from one kx2 device or port to another kx2 device or port, cc-sg cannot detect and automatically update the configuration data of the blade chassis device to ...
Page 87
Chapter 6: devices, device groups, and ports 69 bulk copying for device associations, location and contacts the bulk copy command allows you to copy categories, elements, location and contact information from one device to multiple other devices. Note that the selected information is the only proper...
Page 88
Chapter 6: devices, device groups, and ports 70 configuring analog kvm switches connected to kx2 2.3 or higher kx2 version 2.3 enables you to connect a generic analog kvm switch to a target port. The generic analog kvm switch and its ports will be available as nodes to cc-sg. You must configure this...
Page 89
Chapter 6: devices, device groups, and ports 71 4. Select the checkbox for each slot you want to configure, then click ok. To configure slots from the configure ports screen: 1. In the devices tab, click the + next to the kx2 device that is connected to the kvm switch device. 2. Select the kvm switc...
Page 90
Chapter 6: devices, device groups, and ports 72 device groups overview device groups are used to organize devices into a set. The device group will become the basis for a policy either allowing or denying access to this particular set of devices. See adding a policy (on page 176). Devices can be gro...
Page 91
Chapter 6: devices, device groups, and ports 73 2. Click the new group icon in the toolbar. The device group: new panel appears. 3. In the group name field, type a name for a device group you want to create. See naming conventions (on page 389) for details on cc-sg's rules for name lengths. 4. There...
Page 92
Chapter 6: devices, device groups, and ports 74  category - select an attribute that will be evaluated in the rule. All categories you created in the association manager are available here. If any blade chassis has been configured in the system, a blade chassis category is available by default.  o...
Page 93
Chapter 6: devices, device groups, and ports 75 example 2: if you want to describe a group of devices that belong to the engineering department or are located in philadelphia, and specify that all of the machines must have 1 gb of memory, you must create three rules. Department = engineering (rule0)...
Page 94
Chapter 6: devices, device groups, and ports 76 describe method versus select method use the describe method when you want your group to be based on some attribute of the node or devices, such as the categories and elements. The advantage of the describe method is that when you add more devices or n...
Page 95
Chapter 6: devices, device groups, and ports 77 adding devices with csv file import you can add devices to cc-sg by importing a csv file that contains the values. You must have the device, port, and node management and cc setup and control privileges to import and export devices. You must be assigne...
Page 96
Chapter 6: devices, device groups, and ports 78 column number tag or value details spaces or certain special characters. Dominion px device names cannot include periods. Upon import, periods are converted to hyphens. 5 ip address or hostname required field. 6 username required field. 7 password requ...
Page 97
Chapter 6: devices, device groups, and ports 79 to add a port to the csv file: use the device-port tag only if you add a device with configure all ports set to false, and you want to specify ports individually. The ports you add must be un-configured in cc-sg when you import the csv file. Column num...
Page 98
Chapter 6: devices, device groups, and ports 80 column number tag or value details 6 blade name optional. If left blank, the name assigned at the device level is used. If a name is entered in the csv file, it will be copied to the device level. 7 node name enter a name for the node that will be crea...
Page 99
Chapter 6: devices, device groups, and ports 81 column number tag or value details 2 device-categoryeleme nt enter the tag as shown. Tags are not case sensitive. 3 device name required field. 4 category name required field. 5 element name required field. Sample devices csv file add, device, dominion...
Page 100
Chapter 6: devices, device groups, and ports 82 6. To view more import results details, check the audit trail report. See audit trail entries for importing (on page 370). Export devices the export file contains comments at the top that describe each item in the file. The comments can be used as inst...
Page 101
Chapter 6: devices, device groups, and ports 83 backing up a device configuration you can back up all user configuration and system configuration files for a selected device. If anything happens to the device, you can restore the previous configurations from cc-sg using the backup file created. The ...
Page 102
Chapter 6: devices, device groups, and ports 84 restoring device configurations the following device types allow you to restore a full backup of the device configuration. Kx ksx kx101 sx ip-reach kx2, ksx2, and kx2-101 devices allow you to choose which components of a backup you want to restore to t...
Page 103
Chapter 6: devices, device groups, and ports 85 restore all configuration data except network settings to a kx2, ksx2, or kx2-101 device the protected restore option allows you to restore all configuration data in a backup file, except network settings, to a kx2, ksx2, or kx2-101 device. You can use...
Page 104
Chapter 6: devices, device groups, and ports 86 restore all configuration data to a kx2, ksx2, or kx2-101 device the full restore option allows you to restore all configuration data in a backup file to a kx2, ksx2, or kx2-101 device. To restore all configuration data to a kx2, ksx2, or kx2-101 devic...
Page 105
Chapter 6: devices, device groups, and ports 87 3. Click upload. Navigate to and select the device backup file. The file type is .Rfp. Click open. The device backup file uploads to cc-sg and appears in the page. Copying device configuration the following device types allow you to copy configurations...
Page 106
Chapter 6: devices, device groups, and ports 88 restarting a device use the restart device function to restart a device. To restart a device 1. Click the devices tab and select the device you want to restart. 2. Choose devices > device manager > restart device. 3. Click ok to restart the device. 4. ...
Page 107
Chapter 6: devices, device groups, and ports 89 resuming management of a device you can resume cc-sg management of a paused device to bring it back under cc-sg control. To resume cc-sg's management of a paused device: 1. Click the devices tab and select the paused device from the devices tree. 2. Ch...
Page 108
Chapter 6: devices, device groups, and ports 90 6. Select the devices to include in the task by selecting a device group from the device group drop-down list. Select the devices to include in the available list, then use the arrow buttons to move the devices to the selected list. Devices in the sele...
Page 109
Chapter 6: devices, device groups, and ports 91 disconnecting users administrators can terminate any user's session on a device. This includes users who are performing any kind of operation on a device, such as connecting to ports, backing up the configuration of a device, restoring a device's confi...
Page 110
Chapter 6: devices, device groups, and ports 92 ip-reach and ust-ip administration you can perform administrative diagnostics on ip-reach and ust-ip devices connected to your paragon system setup directly from the cc-sg interface. After adding the paragon system device to cc-sg, it appears in the de...
Page 111
93 there are three ways to configure power control using powerstrips in cc-sg. 1. All supported raritan-brand powerstrips can be connected to another raritan device and added to cc-sg as a powerstrip device. Raritan-brand powerstrips include dominion px and rpc powerstrips. Check the compatibility m...
Page 112
Chapter 7: managed powerstrips 94 configuring powerstrips that are managed by another device in cc-sg in cc-sg, managed powerstrips can be connected to one of the following devices: dominion kx dominion kx2 dominion kx2-101 dominion sx 3.0 dominion sx 3.1 dominion ksx dominion ksx2 paragon ii/parago...
Page 113
Chapter 7: managed powerstrips 95 configuring powerstrips connected to kx, kx2, kx2-101, ksx2, and p2sc cc-sg automatically detects powerstrips connected to kx, kx2, kx2-101, ksx2, and p2sc devices. You can perform the following tasks in cc-sg to configure and manage powerstrips connected to these d...
Page 114
Chapter 7: managed powerstrips 96 delete a powerstrip connected to a kx, kx2, kx2-101, ksx2, or p2sc device you cannot delete a powerstrip connected to a kx, kx2, kx2-101, ksx2, or p2sc device from cc-sg. You must physically disconnect the powerstrip from the device to delete the powerstrip from cc-...
Page 115
Chapter 7: managed powerstrips 97 10. For each category listed, click the element drop-down menu and select the element you want to apply to the device. Select the blank item in the element field for each category you do not want to use. See associations, categories, and elements (on page 41). Optio...
Page 116
Chapter 7: managed powerstrips 98 configuring powerstrips connected to sx 3.1 you can perform the following tasks in cc-sg to configure and manage powerstrips connected to sx 3.1 devices. Add a powerstrip connected to an sx 3.1 device (on page 98) move an sx 3.1's powerstrip to a different port (on ...
Page 117
Chapter 7: managed powerstrips 99 move an sx 3.1's powerstrip to a different port when you physically move a powerstrip from one sx 3.1 device or port to another sx 3.1 device or port, you must delete the powerstrip from the old sx 3.1 port and add it to the new sx 3.1 port. See delete a powerstrip ...
Page 118
Chapter 7: managed powerstrips 100  to configure multiple outlets with the default names shown in the screen, select the checkbox for each outlet you want to configure, and then click ok to configure each outlet with the default name.  to configure each outlet individually, click the configure but...
Page 119
101 this section covers how to view, configure, and edit nodes and their associated interfaces, and how to create node groups. Connecting to nodes is covered briefly. See raritan's commandcenter secure gateway user guide for details on connecting to nodes. In this chapter nodes and interfaces overvi...
Page 120
Chapter 8: nodes, node groups, and interfaces 102 node names node names must be unique. Cc-sg will prompt you with options if you attempt to manually add a node with an existing node name. When cc-sg automatically adds nodes, a numbering system ensures that node names are unique. See naming conventi...
Page 121
Chapter 8: nodes, node groups, and interfaces 103 node profile click a node in the nodes tab to open the node profile page. The node profile page includes tabs that contain information about the node..
Page 122
Chapter 8: nodes, node groups, and interfaces 104 interfaces tab the interfaces tab contains all the node's interfaces. You can add, edit, and delete interfaces on this tab, and select the default interface. Nodes that support virtual media include an additional column that shows whether virtual med...
Page 123
Chapter 8: nodes, node groups, and interfaces 105 control system server nodes, such as vmware's virtual center, include the control system data tab. The control system data tab contains information from the control system server that is refreshed when the tab opens. You can access a topology view of...
Page 124
Chapter 8: nodes, node groups, and interfaces 106 service accounts service accounts overview service accounts are special login credentials that you can assign to multiple interfaces. You can save time by assigning a service account to a set of interfaces that often require a password change. You ca...
Page 125
Chapter 8: nodes, node groups, and interfaces 107 add, edit, and delete service accounts to add a service account: 1. Choose nodes > service accounts. The service accounts page opens. 2. Click the add row icon to add a row to the table. 3. Enter a name for this service account in the service account...
Page 126
Chapter 8: nodes, node groups, and interfaces 108 2. Find the service account whose password you want to change. 3. Enter the new password in the password field. 4. Re-type the password in the retype password field. 5. Click ok. Note: cc-sg updates all interfaces that use the service account to use ...
Page 127
Chapter 8: nodes, node groups, and interfaces 109 adding, editing, and deleting nodes add a node to add a node to cc-sg: 1. Click the nodes tab. 2. Choose nodes > add node. 3. Type a name for the node in the node name field. All node names in cc-sg must be unique. See naming conventions (on page 389...
Page 128
Chapter 8: nodes, node groups, and interfaces 110 nodes created by configuring ports when you configure the ports of a device, a node is created automatically for each port. An interface is also created for each node. When a node is automatically created, it is given the same name as the port to whi...
Page 129
Chapter 8: nodes, node groups, and interfaces 111 adding location and contacts to a node profile enter details about the location of the node, and contact information for the people who administer or use the node. To add location and contacts to a node profile: 1. Select a node in the nodes tab. The...
Page 130
Chapter 8: nodes, node groups, and interfaces 112 configuring the virtual infrastructure in cc-sg terminology for virtual infrastructure cc-sg uses the following terminology for virtual infrastructure components. Term definition example control system the control system is the managing server. The c...
Page 131
Chapter 8: nodes, node groups, and interfaces 113 virtual nodes overview you can configure your virtual infrastructure for access in cc-sg. The virtualization page offers two wizard tools, add control system wizard and add virtual host wizard, that help you add control systems, virtual hosts, and th...
Page 132
Chapter 8: nodes, node groups, and interfaces 114  to use a service account for authentication, select the use service account credentials checkbox. Select the service account to use in the service account name menu. Or  enter a username and password for authentication. Maximum 64 characters each....
Page 133
Chapter 8: nodes, node groups, and interfaces 115  use ctrl+click or shift+click to select multiple virtual machines that you want to add.  in the check/uncheck selected rows section, select the virtual machine checkbox.  to add a vnc, rdp, or ssh interface to the virtual host nodes and virtual m...
Page 134
Chapter 8: nodes, node groups, and interfaces 116  one node for each virtual host. Each virtual host node has a vi client interface. Virtual host nodes are named with their ip addresses or host names.  one node for the control system. The control system node has a vi client interface. Control syst...
Page 135
Chapter 8: nodes, node groups, and interfaces 117 12. Add virtual machines to cc-sg. One node will be created for each virtual machine. Each associated virtual host will also be configured. Only one virtual host node will be added, even if the virtual host is associated with multiple virtual machine...
Page 136
Chapter 8: nodes, node groups, and interfaces 118  vi client interfaces  vmware viewer interfaces  virtual power interfaces  rdp, vnc, and ssh interfaces, if specified b. Enter login credentials, if needed. Some interface types do not require login credentials.:  to use a service account, selec...
Page 137
Chapter 8: nodes, node groups, and interfaces 119 5. Change the information as needed. See add a control system with virtual hosts and virtual machines (on page 113) and add a virtual host with virtual machines (on page 116) for complete field descriptions. 6. Click next. 7. Delete one or multiple v...
Page 138
Chapter 8: nodes, node groups, and interfaces 120 delete control systems and virtual hosts you can delete control systems and virtual hosts from cc-sg. When you delete a control system, the virtual hosts and virtual machines associated with it are not deleted. When you delete a virtual host, the con...
Page 139
Chapter 8: nodes, node groups, and interfaces 121 vsphere 4 users must install new plug-in when upgrading your virtual environment from a previous version to vsphere 4, you must remove the vmware remote console plug-in from the browser. After removing the plug-in, the correct plug-in for vsphere4 wi...
Page 140
Chapter 8: nodes, node groups, and interfaces 122 synchronize the virtual infrastructure you can perform a synchronization of cc-sg with your virtual infrastructure. When you select a control system for synchronization, the associated virtual hosts will also be synchronized, whether or not you selec...
Page 141
Chapter 8: nodes, node groups, and interfaces 123 reboot or force reboot a virtual host node you can reboot or force reboot the virtual host server. A reboot operation performs a normal reboot of the virtual host server when it is in maintenance mode. A force reboot operation forces the virtual host...
Page 142
Chapter 8: nodes, node groups, and interfaces 124 connecting to a node once a node has an interface, you can connect to that node through the interface in several different ways. See raritan's commandcenter secure gateway user guide. To connect to a node: 1. Click the nodes tab. 2. Select the node t...
Page 143
Chapter 8: nodes, node groups, and interfaces 125 adding, editing, and deleting interfaces add an interface note: interfaces for virtual nodes, such as control system, virtual hosts, and virtual machines, can only be added using the virtualization tools under nodes > virtualization. See configuring ...
Page 144
Chapter 8: nodes, node groups, and interfaces 126 see interfaces for out-of-band kvm, out-of-band serial connections (on page 128). Power control connections:  power control - drac: select this item to create a power control connection to a dell drac server.  power control - ilo processor: select ...
Page 145
Chapter 8: nodes, node groups, and interfaces 127 interfaces for in-band connections in-band connections include rdp, vnc, ssh, rsa kvm, ilo processor kvm, drac kvm, and telnet. Telnet is not a secure access method. All usernames, passwords, and traffic are transmitted in clear text. To add an inter...
Page 146
Chapter 8: nodes, node groups, and interfaces 128 microsoft rdp connection details if using a windows xp client, you must have terminal server client 6.0 or higher to connect a microsoft rdp interface from cc-sg. Update the terminal server client to 6.0 using this link: http://support.Microsoft.Com/...
Page 147
Chapter 8: nodes, node groups, and interfaces 129 interfaces for drac power control connections to add an interface for drac power control connections: 1. Type the ip address or hostname for this interface in the ip address/hostname field. 2. Type a tcp port for this connection in the tcp port field...
Page 148
Chapter 8: nodes, node groups, and interfaces 130 rsa interface details when you create an in-band rsa kvm or power interface, cc-sg discards the username and password associated with the interface, and creates two user accounts on the rsa server. This allows you to have simultaneous kvm and power a...
Page 149
Chapter 8: nodes, node groups, and interfaces 131 3. Power strip name: select the power strip or px device that provides power to the node. The power strip or px device must be configured in cc-sg before it appears in this list. 4. Outlet name: select the name of the outlet the node is plugged into....
Page 150
Chapter 8: nodes, node groups, and interfaces 132 interfaces for power iq proxy power control connections add a power iq proxy power control interface when you want to use cc-sg to control power to a power iq it device that you've added to cc-sg as a node. This enables you to control power to nodes ...
Page 151
Chapter 8: nodes, node groups, and interfaces 133 web browser interface you can add a web browser interface to create a connection to a device with an embedded web server, such as a dominion px. See example: adding a web browser interface to a px node (on page 134). For a blade chassis with an integ...
Page 152
Chapter 8: nodes, node groups, and interfaces 134 5. Type the field names for the username and password fields used in the login screen for the web application in the username field and password field. You must view the html source of the login screen to find the field names, not the field labels. S...
Page 153
Chapter 8: nodes, node groups, and interfaces 135 results of adding an interface when you add an interface to a node, it appears in the interfaces table and the default interface drop-down menu of the add node or node profile screen. You can click the drop-down menu to select the default interface t...
Page 154
Chapter 8: nodes, node groups, and interfaces 136 bookmarking an interface if you frequently access a node via a particular interface, you can bookmark it so that it is readily available from your browser. To bookmark an interface in any browser: 1. In the nodes tab, select the interface you want to...
Page 155
Chapter 8: nodes, node groups, and interfaces 137 configuring direct port access to a node you can configure direct port access to a node using the bookmark node interface feature. See bookmarking an interface (on page 136). Bulk copying for node associations, location and contacts the bulk copy com...
Page 156
Chapter 8: nodes, node groups, and interfaces 138 using chat chat provides a way for users connected to the same node to communicate with each other. You must be connected to a node to start a chat session for that node. Only users on the same node can chat with each other. To start a chat session: ...
Page 157
Chapter 8: nodes, node groups, and interfaces 139 nodes csv file requirements the nodes csv file defines the nodes, interfaces, and their details required to add them to cc-sg. Node names must be unique. If you enter duplicate node names, cc-sg adds a number in parentheses to the name to make it uni...
Page 158
Chapter 8: nodes, node groups, and interfaces 140 column number tag or value details 3 node name enter the same value as entered for raritan port name. 4 raritan device name required field. The device must already be added to cc-sg. 5 port number required field. 6 blade slot/kvm switch port if the n...
Page 159
Chapter 8: nodes, node groups, and interfaces 141 column number tag or value details raritan port name. 8 baud rate valid for sx ports only. 9 parity valid for sx ports only. 10 flow control valid for sx ports only. 11 description optional. To add an rdp interface to the csv file: column number in c...
Page 160
Chapter 8: nodes, node groups, and interfaces 142 column number in csv file tag or value details default is java. To add an ssh or telnet interface to the csv file: column number tag or value details 1 add the first column for all tags is the command add. 2 node-ssh-interface for ssh interfaces node...
Page 161
Chapter 8: nodes, node groups, and interfaces 143 column number tag or value details 6 tcp port default is 5900. 7 service account name optional. Leave blank if specifying password. 8 password optional. Leave blank if specifying service account. 9 description optional. To add a drac kvm, drac power,...
Page 162
Chapter 8: nodes, node groups, and interfaces 144 column number tag or value details 7 username you must enter either a service account or a username and password. Leave blank if specifying service account. 8 password you must enter either a service account or a username and password. Leave blank if...
Page 163
Chapter 8: nodes, node groups, and interfaces 145 column number tag or value details 10 description optional. To add an ipmi power control interface to the csv file: column number tag or value details 1 add the first column for all tags is the command add. 2 node-ipmi-interface enter the tag as show...
Page 164
Chapter 8: nodes, node groups, and interfaces 146 column number tag or value details 5 powerstrip name required field. 6 outlet required field. 7 managing device the name of the device that the power strip is connected to. Required field for all power strips except dominion px. 8 managing port the n...
Page 165
Chapter 8: nodes, node groups, and interfaces 147 column number tag or value details 12 description optional. To add a power iq proxy power control interface to the csv file: see power control of power iq it devices (on page 337) for details about configuring this interface type. Column number tag o...
Page 166
Chapter 8: nodes, node groups, and interfaces 148 to assign categories and elements to a node to the csv file: categories and elements must already be created in cc-sg. You can assign multiple elements of the same category to a node in the csv file. Column number tag or value details 1 add the first...
Page 167
Chapter 8: nodes, node groups, and interfaces 149  if the file is not valid, an error message appears. Click ok and look at the problems area of the page for a description of the problems with the file. Click save to file to save the problems list. Correct your csv file and then try to validate it ...
Page 168
Chapter 8: nodes, node groups, and interfaces 150 7. Import the .Csv file. See import nodes (on page 148). Adding, editing, and deleting node groups node groups overview node groups are used to organize nodes into a set. The node group will become the basis for a policy either allowing or denying ac...
Page 169
Chapter 8: nodes, node groups, and interfaces 151 add a node group to add a node group: 1. Choose associations > node group. The node groups manager window appears 2. Choose groups > new. A template for a node group appears. 3. In the group name field, type a name for a node group you want to create...
Page 170
Chapter 8: nodes, node groups, and interfaces 152  to remove a node from the group, select the node name in the selected list and click remove.  you can search for a node in either the available or selected list. Type the search terms in the field below the list, and then click go 4. If you want t...
Page 171
Chapter 8: nodes, node groups, and interfaces 153 an example rule might be department = engineering, meaning it describes all nodes that the category “department” set to “engineering.” this is exactly what happens when you configure the associations during an add node operation. 4. If you want to ad...
Page 173
Chapter 8: nodes, node groups, and interfaces 155.
Page 174
156 user accounts are created so that users can be assigned a username and password to access cc-sg. A user group defines a set of privileges for its members. You cannot assign privileges to users themselves, only to user groups. All users must belong to at least one user group. Cc-sg maintains a ce...
Page 175
Chapter 9: users and user groups 157 the users tab click the users tab to display all user groups and users in cc-sg. Users are nested underneath the user groups to which they belong. User groups with users assigned to them appear in the list with a + symbol next to them. Click the + to expand or co...
Page 176
Chapter 9: users and user groups 158 default user groups cc-sg is configured with three default user groups: cc-super user, system administrators, and cc users. Cc super-user group the cc super-user group has full administrative and access privileges. Only one user can be a member of this group. The...
Page 177
Chapter 9: users and user groups 159 adding, editing, and deleting user groups add a user group creating user groups first will help you organize users when the users are added. When a user group is created, a set of privileges is assigned to the user group. Users assigned to the group will inherit ...
Page 178
Chapter 9: users and user groups 160 the all policies table lists all the policies available on cc-sg. Each policy represents a rule allowing or denying access to a group of nodes. See policies for access control (on page 175) for details on policies and how they are created. 9. In the all policies ...
Page 179
Chapter 9: users and user groups 161 7. Select the checkbox that corresponds to each privilege you want to assign to the user group. Deselect a privilege to remove it from the group. 8. In the node access area, click the drop-down menu for each kind of interface you want this group to have access th...
Page 180
Chapter 9: users and user groups 162 limit the number of kvm sessions per user you can limit the number of kvm sessions allowed per user for sessions with dominion kxii, ksxii and kx (kx1) devices. This prevents any single user from using all available channels at once. When a user attempts a connec...
Page 181
Chapter 9: users and user groups 163 2. Select the require users to enter access information when connecting to a node checkbox. 3. In the message to users field, enter a message that users will see when attempting to access a node. A default message is provided. 256 character maximum. 4. Move the u...
Page 182
Chapter 9: users and user groups 164 if strong passwords are enabled, the password entered must conform to the established rules. The information bar at the top of the screen will display messages to assist with the password requirements. See advanced administration (on page 237) for details on stro...
Page 183
Chapter 9: users and user groups 165 4. In the new password and retype new password fields, type a new password to change this user's password. Note: if strong passwords are enabled, the password entered must conform to the established rules. The information bar at the top of the screen will assist ...
Page 184
Chapter 9: users and user groups 166 4. Users who are not assigned to the target group appear in the users not in group list.  select the users you want to add from this list, and then click > to move them to the users in group list.  click the >> button to move all users not in the group to the u...
Page 185
Chapter 9: users and user groups 167 users csv file requirements the import enables you to add user groups, users, and ad modules, and assign policies and permissions and user groups. Policies must already be created in cc-sg. The import assigns the policy to a user group. You cannot create new poli...
Page 186
Chapter 9: users and user groups 168 column number tag or value details 2 usergroup-permission s enter the tag as shown. Tags are not case sensitive. 3 user group name required field. User group names are case sensitive. 4 cc setup and control true or false 5 device configuration upgrade management ...
Page 187
Chapter 9: users and user groups 169 column number tag or value details command add. 2 usergroup-admodule enter the tag as shown. Tags are not case sensitive. 3 user group name required field. User group names are case sensitive. 4 ad module name required field. To add a user to cc-sg: column number...
Page 188
Chapter 9: users and user groups 170 column number tag or value details periodically is set to true, specify the number of days after which password must be changed. Enter just the number, from 1 to 365. To add a user to a user group: column number tag or value details 1 add the first column for all...
Page 189
Chapter 9: users and user groups 171 import users once you've created the csv file, validate it to check for errors then import it. Duplicate records are skipped and are not added. 1. Choose administration > import > import users. 2. Click browse and select the csv file to import. Click open. 3. Cli...
Page 190
Chapter 9: users and user groups 172 your user profile my profile allows all users to view details about their account, change some details, and customize usability settings. It is the only way for the cc super user account to change the account name. To view your profile: choose secure gateway > my...
Page 191
Chapter 9: users and user groups 173  find matching string - does not support the use of wildcards and will highlight the closest match in the nodes, users, or devices as you type. The list will be limited to those items that contain the search criteria after clicking search. 3. Click ok to save yo...
Page 192
Chapter 9: users and user groups 174 to log out all users of a user group: 1. In the users tab, select the user group you want to log out of cc-sg.  to log out multiple user groups, hold the shift key as you click additional user groups. 2. Choose users > user group manager > logout users. The logo...
Page 193
175 policies are rules that define which nodes and devices users can access, when they can access them, and whether virtual-media permissions are enabled, where applicable. The easiest way to create policies is to categorize your nodes and devices into node groups and device groups, and then create ...
Page 194
Chapter 10: policies for access control 176 adding a policy if you create a policy that denies access (deny) to a node group or device group, you also must create a policy that allows access (control) for the selected node group or device group. Users will not automatically receive control rights wh...
Page 195
Chapter 10: policies for access control 177 14. If you selected control in the device/node access permission field, the virtual media permission section will become enabled. In the virtual media permission field, select an option to allow or deny access to virtual media available in the selected nod...
Page 196
Chapter 10: policies for access control 178 9. Select the checkbox that corresponds to each day you want this policy to cover. 10. In the start time field, type the time of day this policy goes into effect. The time must be in 24-hour format. 11. In the end time field, type the time of day this poli...
Page 197
Chapter 10: policies for access control 179 support for virtual media cc-sg provides remote virtual media support for nodes connected to virtual media-enabled kx2, ksx2, and kx2-101 devices. For detailed instructions on accessing virtual media with your device, see: dominion kx ii user guide dominio...
Page 198: Nodes
180 custom views enable you to specify different ways to display the nodes and devices in the left panel, using categories, node groups, and device groups. In this chapter types of custom views ......................................................................... 180 using custom views in the ad...
Page 199
Chapter 11: custom views for devices and nodes 181 using custom views in the admin client custom views for nodes add a custom view for nodes to add a custom view for nodes: 1. Click the nodes tab. 2. Choose nodes > change view > create custom view. The custom view screen appears. 3. In the custom vi...
Page 200
Chapter 11: custom views for devices and nodes 182 2. Click the name drop-down arrow and select a custom view from the list. 3. Click apply view. Or choose nodes > change view. All defined custom views are options in the pop-up menu. Choose the custom view you want to apply. Change a custom view for...
Page 201
Chapter 11: custom views for devices and nodes 183 2. Choose nodes > change view > create custom view. The custom view screen appears. 3. Click the name drop-down arrow, and select a custom view from the list. Details of the items included and their order appear in the custom view details panel 4. I...
Page 202
Chapter 11: custom views for devices and nodes 184 3. In the custom view panel, click add. The add custom view window appears. 4. Type a name for the new custom view in the custom view name field. 5. In the custom view type section:  select filter by device group to create a custom view that displa...
Page 203
Chapter 11: custom views for devices and nodes 185 2. Choose devices > change view > create custom view. The custom view screen appears. 3. Click the name drop-down arrow, and select a custom view from the list. Details of the items included and their order appear in the custom view details panel. T...
Page 204
Chapter 11: custom views for devices and nodes 186 assign a default custom view for devices to assign a default custom view for devices: 1. Click the devices tab. 2. Choose devices > change view > create custom view. The custom view screen appears. 3. Click the name drop-down arrow, and select a cus...
Page 205
187 in this chapter authentication and authorization (aa) overview .................................. 187 distinguished names for ldap and ad ................................................ 188 specifying modules for authentication and authorization ..................... 189 establishing order of e...
Page 206
Chapter 12: remote authentication 188 2. Cc-sg connects to the external server and sends the username and password. 3. Username and password are either accepted or rejected and sent back. If authentication is rejected, this results in a failed login attempt. 4. If authentication is successful, autho...
Page 207
Chapter 12: remote authentication 189 specify a distinguished name for ldap distinguished names for netscape ldap and edirectory ldap should follow this structure: user id (uid), organizational unit (ou), organization (o) specify a username for ad when authenticating cc-sg users on an ad server by s...
Page 208
Chapter 12: remote authentication 190 establishing order of external aa servers cc-sg will query the configured external authorization and authentication servers in the order that you specify. If the first checked option is unavailable, cc-sg will try the second, then the third, and so on, until it ...
Page 209
Chapter 12: remote authentication 191 5. Type a name for the ad server in the module name field.  the maximum number of characters is 31.  all printable characters may be used.  the module name is optional and is specified only to distinguish this ad server module from any others that you configu...
Page 210
Chapter 12: remote authentication 192  username@raritan.Com  raritan/username note: the user specified must have permission to execute search queries in the ad domain. For example, the user may belong to a group within ad that has group scope set to global, and group type set to security. 5. Type ...
Page 211
Chapter 12: remote authentication 193 5. Type a user's attributes in the filter field so the search query will be restricted to only those entries that meet this criterion. The default filter is objectclass=user, which means that only entries of the type user are searched. 6. Specify the way in whic...
Page 212
Chapter 12: remote authentication 194 3. Type a user's attributes in the filter field so the search query for the user in the group will be restricted to only those entries that meet this criterion. For example, if you specify cn=groups,dc=raritan,dc=com as the base dn and (objectclass=group) as the...
Page 213
Chapter 12: remote authentication 195 editing an ad module once you have configured ad modules, you can edit them at any time. To edit an ad module: 1. Choose administration > security. 2. Click the authentication tab. All configured external authorization and authentication servers appear in a tabl...
Page 214
Chapter 12: remote authentication 196 2. Click the authentication tab. All configured authorization and authentication servers appear in a table. 3. Select the ad server whose ad user groups you want to import. 4. Click import ad user groups to retrieve a list of user group values stored on the ad s...
Page 215
Chapter 12: remote authentication 197 synchronizing ad with cc-sg there are several methods for synchronizing the information on cc-sg with the information on your ad server. Daily synchronization of all modules: you can enable scheduled synchronization to allow cc-sg to synchronize all ad modules d...
Page 216
Chapter 12: remote authentication 198 synchronize all user groups with ad you should synchronize all user groups if you have made a change to a user group, such as moving a user group from one ad module to another. You can also change the ad association of a user group manually, in the user group pr...
Page 217
Chapter 12: remote authentication 199 synchronize all ad modules you should synchronize all ad modules whenever you change or delete a user in ad, change user permissions in ad, or make changes to a domain controller. When you synchronize all ad modules, cc-sg retrieves the user groups for all confi...
Page 218
Chapter 12: remote authentication 200 to disable daily synchronization of all ad modules: 1. Choose administration > security. 2. Click the authentication tab. All configured authorization and authentication servers appear in a table. 3. Deselect the daily synchronization of all modules checkbox. 4....
Page 219
Chapter 12: remote authentication 201 renaming and moving ad groups renaming a group in ad: when an ad group that has been imported into cc-sg changes its name in ad, cc-sg reports a warning in the audit trail when the name change is detected, either at synchronization or when an affected ad user lo...
Page 220
Chapter 12: remote authentication 202 ldap general settings 1. Click the general tab. 2. Type the ip address or hostname of the ldap server in the ip address/hostname field. See terminology/acronyms (on page 2) for hostname rules. 3. Type theport value in the port field. The default port is 389. 4. ...
Page 221
Chapter 12: remote authentication 203 2. Select base 64 if you want the password to be sent to the ldap server with encryption. Select plain text if you want the password to be sent to the ldap server as plain text. 3. Default digest: select the default encryption of user passwords. 4. Type the user...
Page 222
Chapter 12: remote authentication 204 openldap (edirectory) configuration settings if using an openldap server for remote authentication, use this example: parameter name open ldap parameters ip address/hostname user name cn=, o= password user base o=accounts, o= user filter (objectclass=person) pas...
Page 223
Chapter 12: remote authentication 205 about tacacs+ and cc-sg cc-sg users who are remotely authenticated by a tacacs+ server must be created on the tacacs+ server and on cc-sg. The user name on the tacacs+ server and on cc-sg must be the same, although the passwords may be different. See users and u...
Page 224
Chapter 12: remote authentication 206 about radius and cc-sg cc-sg users who are remotely authenticated by a radius server must be created on the radius server and on cc-sg. The user name on the radius server and on cc-sg must be the same, although the passwords may be different. See users and user ...
Page 225
Chapter 12: remote authentication 207 two-factor authentication using radius by using an rsa radius server that supports two-factor authentication in conjunction with an rsa authentication manager, cc-sg can make use of two-factor authentication schemes with dynamic tokens. In such an environment, u...
Page 226: Chapter 13 Reports
208 in this chapter using reports ........................................................................................ 208 audit trail report ................................................................................... 210 error log report ....................................................
Page 227
Chapter 13: reports 209 view report details double-click a row to view details of the report. When a row is highlighted, press the enter key to view details. All details of the selected report display in a dialog that appears, not just the details you can view in the report screen. For example, the ...
Page 228
Chapter 13: reports 210 purge a report's data from cc-sg you can purge the data that appears in the audit trail and error log reports. Purging these reports deletes all data that satisfy the search criteria used. For example, if you search for all audit trail entries from march 26, 2008 through marc...
Page 229
Chapter 13: reports 211 3. You can limit the data that the report will contain by entering additional parameters in the message type, message, username, and user ip address fields. Wildcards are accepted in these fields except for the message type field.  to limit the report to a type of message, s...
Page 230
Chapter 13: reports 212  click purge to delete the error log. See purge a report's data from cc-sg (on page 210). Access report generate the access report to view information about accessed devices and nodes, when they were accessed, and the user who accessed them. To generate the access report: 1....
Page 231
Chapter 13: reports 213 3. Click apply. Active users report the active users report displays current users and user sessions. You can select active users from the report and disconnect them from cc-sg. To generate the active users report: choose reports > users > active users. To disconnect a user f...
Page 232
Chapter 13: reports 214  the password expiration field displays the number of days that the user can use the same password before being forced to change it. See add a user (on page 163).  the groups field displays the user groups to which the user belongs.  the privileges field displays the cc-sg...
Page 233
Chapter 13: reports 215 device group data report the device group data report displays device group information. To generate the device group data report: 1. Choose reports > devices > device group data. 2. Double-click a row to display the list of devices in the group. Query port report the query p...
Page 234
Chapter 13: reports 216 state type port state definition been configured. 3. Select ghosted ports to include ports that are ghosted. A ghosted port can occur when a cim or target server is removed from a paragon system or powered off (manually or accidentally). See raritan's paragon ii user guide. O...
Page 235
Chapter 13: reports 217 3. The url column contains direct links to each node. You can use this information to create a web page with links to each node, instead of bookmarking each node individually. See bookmarking an interface (on page 136). Active nodes report the active nodes report includes the...
Page 236
Chapter 13: reports 218 node group data report the node group data report displays the list of nodes that belong to each group, the user groups that have access to each node group, and, if applicable, the rules that define the node group. The list of nodes is in the report details, which you can vie...
Page 237
Chapter 13: reports 219 scheduled reports scheduled reports displays reports that were scheduled in the task manager. You can find the upgrade device firmware reports and restart device reports in the scheduled reports screen. Scheduled reports can be viewed in html format only. See task manager (on...
Page 238
Chapter 13: reports 220 upgrade device firmware report the upgrade device firmware report is located in the scheduled reports list. This report is generated when an upgrade device firmware task is running. View the report to get real-time status information about the task. Once the task has complete...
Page 239
221 in this chapter maintenance mode ................................................................................ 221 entering maintenance mode.................................................................. 222 exiting maintenance mode ............................................................
Page 240
Chapter 14: system maintenance 222 entering maintenance mode 1. Choose system maintenance > maintenance mode > enter maintenance mode. 2. Password: type your password. Only users with the cc setup and control privilege can enter maintenance mode. 3. Broadcast message: type the message that will disp...
Page 241
Chapter 14: system maintenance 223 4. Select a backup type: full or standard. See what is the difference between full backup and standard backup? (on page 224) 5. To save a copy of this backup file to an external server, select the backup to remote location checkbox. Optional. A. Select a protocol u...
Page 242
Chapter 14: system maintenance 224 what is the difference between full backup and standard backup? Standard backup: a standard backup includes all data in all fields of all ccsg pages, except for data in the following pages: administration > configuration manager > network tab administration > clust...
Page 243
Chapter 14: system maintenance 225 3. Click ok to delete the backup from the cc-sg system. Restoring cc-sg you can restore cc-sg using a backup file that you created. Important: the neighborhood configuration is included in the cc-sg backup file so make sure you remember or note down its setting at ...
Page 244
Chapter 14: system maintenance 226  restore data - cc-sg configuration, device and node configuration, and user data. Selecting data restores the standard backup portion of a full backup file. See what is the difference between full backup and standard backup? (on page 224)  restore logs - error l...
Page 245
Chapter 14: system maintenance 227 option description full database this option removes the existing cc-sg database and builds a new version with the factory default values. Network settings, snmp agents, firmware, and diagnostic console settings are not part of the cc-sg database. The snmp configur...
Page 246
Chapter 14: system maintenance 228 option description  read-write community: private  system contact, name, location: none  snmp trap configuration  snmp trap destinations default firmware this option resets all device firmware files to factory defaults. This option does not change the cc-sg dat...
Page 247
Chapter 14: system maintenance 229 restarting cc-sg the restart command is used to restart the cc-sg software. Restarting cc-sg will log all active users out of cc-sg. Restarting will not cycle power to the cc-sg. To perform a full reboot, you must access diagnostic console or the power switch on th...
Page 248
Chapter 14: system maintenance 230 cc-sg will reboot as part of the upgrade process. Do not stop the process, reboot the unit manually, power off, or power cycle the unit during the upgrade to upgrade cc-sg: 1. Download the firmware file to your client pc. 2. Log into the cc-sg admin client using an...
Page 249
Chapter 14: system maintenance 231 10. Clear the java cache. See clear the java cache (on page 231). 11. Launch a new web browser window. 12. Log into the cc-sg admin client using an account that has the cc setup and control privilege. 13. Choose help > about raritan secure gateway. Check the versio...
Page 250
Chapter 14: system maintenance 232 upgrading a cluster to upgrade a cc-sg cluster, follow this recommended upgrade procedure. Only physical cc-sg units can be in a cluster. A cc-sg cluster license is a special kind of license file that the 2 cc-sg units in the cluster share. See cluster licenses (on...
Page 251
Chapter 14: system maintenance 233 primary node upgrade failure if the upgrade of your primary node fails while following the upgrading a cluster (on page 232) procedure, follow these steps to complete the cluster upgrade. 1. If the primary node upgrade fails, shutdown the cc-sg application by choos...
Page 252
Chapter 14: system maintenance 234 note: the cc-sg that you are migrating to must have its own valid licenses to be fully operational. A valid license is not required to complete the full restore. 5. Resume management of all devices. You can schedule a task to resume all devices, if you are using cc...
Page 253
Chapter 14: system maintenance 235 restarting cc-sg after shutdown after shutting down cc-sg, use one of these two methods to restart the unit: use the diagnostic console. See restart cc-sg with diagnostic console (on page 315). Recycle the power to your cc-sg unit. Powering down cc-sg if cc-sg lose...
Page 254
Chapter 14: system maintenance 236 2. Click yes to log out of cc-sg. Once you log out, the cc-sg login window opens. Exit cc-sg 1. Choose secure gateway > exit. 2. Click yes to exit cc-sg..
Page 255
237 in this chapter configuring a message of the day ........................................................ 237 configuring applications for accessing nodes...................................... 238 configuring default applications ........................................................... 240 ma...
Page 256
Chapter 15: advanced administration 238 c. Click the font size drop-down menu and select a font size for the message text.  if you select message of the day file: a. Click browse to browse for the message file. B. Select the file in the dialog window that opens then click open. C. Click preview to ...
Page 257
Chapter 15: advanced administration 239 2. Click the application name drop-down arrow and select the application that must be upgraded from the list. If you do not see the application, you must add it first. See add an application (on page 239). 3. Click browse, locate and select the application upg...
Page 258
Chapter 15: advanced administration 240 5. Click ok. An open dialog appears. 6. Navigate to and select the application file (usually a .Jar or .Cab file), and then click open. 7. The selected application loads onto cc-sg. Delete an application to delete an application: 1. Choose administration > app...
Page 259
Chapter 15: advanced administration 241 view the default application assignments to view the default application assignments: 1. Choose administration > applications. 2. Click the default applications tab to view and edit the current default applications for various interfaces and port types. Applic...
Page 260
Chapter 15: advanced administration 242 2. Click add to add a new firmware file. A search window opens. 3. Navigate to and select the firmware file you want to upload to cc-sg, and then click open. When the upload completes, the new firmware appears in the firmware name field. Delete firmware to del...
Page 261
Chapter 15: advanced administration 243 model primary lan name primary lan location secondary lan name secondary lan location v1-0 or v1-1 lan1 left lan port lan2 right lan port e1 lan ports: model primary lan name primary lan location secondary lan name secondary lan location e1-0 not labeled top l...
Page 262
Chapter 15: advanced administration 244 if the primary lan is connected and receiving a link integrity signal, cc-sg uses this lan port for all communications. If the primary lan loses link integrity, and secondary lan is connected, cc-sg will failover its assigned ip address to the secondary lan. T...
Page 263
Chapter 15: advanced administration 245 6. Click the adapter speed drop-down arrow and select a line speed from the list. Make sure your selection agrees with your switch's adapter port setting. If your switch uses 1 gig line speed, select auto. 7. If you selected auto in the adapter speed field, th...
Page 264
Chapter 15: advanced administration 246 what is ip isolation mode? Ip isolation mode allows you to isolate clients from devices by placing them on separate sub-networks and forcing clients to access the devices through cc-sg. In this mode, cc-sg manages traffic between the two separate ip domains. I...
Page 265
Chapter 15: advanced administration 247 specify at most one default gateway in the network setup panel in cc-sg. Use diagnostic console to add more static routes if needed. See edit static routes (on page 310). To configure ip isolation mode in cc-sg: 1. Choose administration > configuration. 2. Cli...
Page 266
Chapter 15: advanced administration 248 recommended dhcp configurations for cc-sg review the following recommended dhcp configurations. Make sure that your dhcp server is set up properly before you configure cc-sg to use dhcp. Configure the dhcp to statically allocate cc-sg's ip address. Configure t...
Page 267
Chapter 15: advanced administration 249 purge cc-sg's internal log you can purge the cc-sg's internal log. This operation does not delete any events recorded on your external log servers. Note: the audit trail and error log reports are based on cc-sg's internal log. If you purge cc-sg's internal log...
Page 268
Chapter 15: advanced administration 250 note: network time protocol (ntp) is the protocol used to synchronize the attached computer's date and time data with a referenced ntp server. When cc-sg is configured with ntp, it can synchronize its clock time with the publicly available ntp reference server...
Page 269
Chapter 15: advanced administration 251 configure direct mode for all client connections to configure direct mode for all client connections: 1. Choose administration > configuration. 2. Click the connection mode tab. 3. Select direct mode. 4. Click update configuration. Configure proxy mode for all...
Page 270
Chapter 15: advanced administration 252 3. Select a device type in the table and double-click the default port value. 4. Type the new default port value. 5. Click update configuration to save your changes. To configure timeout duration for devices: 1. Choose administration > configuration. 2. Click ...
Page 271
Chapter 15: advanced administration 253 enabling the akc download server certificate validation if you are using the akc client, you can choose to use the enable akc download server certificate validation feature or opt not to use this feature. Option 1: do not enable akc download server certificate...
Page 272
Chapter 15: advanced administration 254 3. Click ok. Configuring custom jre settings cc-sg will display a warning message to users who attempt to access cc-sg without the minimum jre version that you specify. Check the compatibility matrix for the minimum supported jre version. Choose administration...
Page 273
Chapter 15: advanced administration 255 3. Click restore default. 4. Click update. To clear the default message and minimum jre version: 1. Choose administration > configuration. Click the custom jre tab. 2. Click clear. Configuring snmp simple network management protocol allows cc-sg to push snmp t...
Page 274
Chapter 15: advanced administration 256 9. Select the checkboxes before the traps you want cc-sg to push to your snmp hosts: under trap sources, a list of snmp traps grouped into two different categories: system log traps, which include notifications for the status of the cc unit itself, such as a h...
Page 275
Chapter 15: advanced administration 257 requirements for cc-sg clusters the primary and secondary nodes in a cluster must be running the same firmware version on the same hardware version (v1 or e1). Your cc-sg network must be in ip failover mode to be used for clustering. Clustering will not work w...
Page 276
Chapter 15: advanced administration 258 5. Type a valid user name and password for the backup node in the username for backup secure gateway and password for backup secure gateway fields. 6. Select the redirect by hostname checkbox to specify that secondary to primary redirection access should be vi...
Page 277
Chapter 15: advanced administration 259 switch the primary and secondary node status you can exchange the roles of primary and secondary nodes when the secondary, or backup, node is in the "joined" state. When the secondary node is in the "waiting" state, switching is disabled. After the roles are s...
Page 278
Chapter 15: advanced administration 260 note: if the clustered cc-sg units do not share the same time zone, when the primary node failure occurs, and the secondary node becomes the new primary node, the time specified for automatic rebuild still follows the time zone of the old primary node. Delete ...
Page 279
Chapter 15: advanced administration 261 cluster licenses you can operate a cc-sg cluster using separate standalone licenses with the same node capacity, or a cluster kit license. Cluster licenses differ from standalone licenses in that they contain the host ids of both cc-sg units in the cluster. On...
Page 280
Chapter 15: advanced administration 262 configuring a neighborhood what is a neighborhood? A neighborhood is a collection of up to 10 cc-sg units. After setting up the neighborhood in the admin client, users can access multiple cc-sg units in the same neighborhood with single sign-on using the acces...
Page 281
Chapter 15: advanced administration 263  if one or more cc-sg units cannot be found, a message appears and these cc-sg units will be highlighted in yellow in the table. Remove these units or modify their ip addresses or hostnames, and click next again. 7. Cc-sg displays a list of cc-sg units along ...
Page 282
Chapter 15: advanced administration 264 add a neighborhood member to add a new cc-sg unit into the neighborhood 1. Choose administration > neighborhood. 2. Click add member. The add member dialog appears. 3. Add cc-sg units. The number of cc-sg units that can be added varies depending on the number ...
Page 283
Chapter 15: advanced administration 265  to deactivate a cc-sg unit, deselect the active checkbox next to the unit.  to change a secure gateway name, click the name, type a new one and press enter. The name must be unique.  to retrieve all cc-sg units' latest data, click refresh member data.  to...
Page 284
Chapter 15: advanced administration 266 refresh a neighborhood you can retrieve the latest status of all neighborhood members immediately in the neighborhood configuration panel. 1. Choose administration > neighborhood. 2. Click refresh member data. 3. Click send update to save the changes and distr...
Page 285
Chapter 15: advanced administration 267 check your browser for aes encryption cc-sg supports aes-128 and aes-256. If you do not know if your browser uses aes, check with the browser manufacturer. You may also want to try navigating to the following web site using the browser whose encryption method ...
Page 286
Chapter 15: advanced administration 268  click the key length drop-down arrow to select the encryption level - 128 or 256.  the cc-sg port field displays 80.  the browser connection protocol field displays https/ssl selected. 5. Click update to save your changes. Configure browser connection prot...
Page 287
Chapter 15: advanced administration 269 require strong passwords for all users 1. Choose administration > security. 2. Click the login settings tab. 3. Select the strong passwords required for all users checkbox. 4. Select a maximum password length. Passwords must contain fewer than the maximum numb...
Page 288
Chapter 15: advanced administration 270 lockout settings administrators can lock out cc-sg users and ssh users after a specified number of failed login attempts. You can enable this feature for locally authenticated users, for remotely authenticated users, or for all users. Note: by default, the adm...
Page 289
Chapter 15: advanced administration 271 2. Open the login settings tab. 3. Deselect the lockout enabled for local users checkbox to disable lockout for locally authenticated users. Deselect the lockout enabled for remote users checkbox to disable lockout for remotely authenticated users. 4. Click up...
Page 290
Chapter 15: advanced administration 272 logo a small graphic file can be uploaded to cc-sg to act as a banner on the login page. The maximum size of the logo is 998 by 170 pixels. To upload a logo: 1. Click browse in the logo area of the portal tab. An open dialog appears. 2. Select the graphic file...
Page 291
Chapter 15: advanced administration 273  click browse. A dialog window opens.  in the dialog window, select the text file with the message you want to use, and then click open. The maximum length of the text message is 10,000 characters.  click preview to preview the text contained in the file. T...
Page 292
Chapter 15: advanced administration 274 a. Encryption mode: if require aes encryption between client and server is selected in the administration > security > encryption screen, aes-128 is the default. If aes is not required, des 3 is the default. B. Private key length: 1024 is the default. C. Valid...
Page 293
Chapter 15: advanced administration 275 14. Type raritan in the password field if the csr was generated by cc-sg. If a different application generated the csr, use the password for that application. Note: if the imported certificate is signed by a root and subroot ca (certificate authority), using o...
Page 294
Chapter 15: advanced administration 276 access control list an ip access control list specifies ranges of client ip addresses for which you want to deny or allow access to cc-sg. Each entry in the access control list becomes a rule that determines whether a user in a certain group, with a certain ip...
Page 295
Chapter 15: advanced administration 277 6. Click the action drop-down arrow and select allow or deny to specify whether the specified users in the ip range can access cc-sg. 7. Click update to save your changes. To change the order in which cc-sg applies rules: 1. Choose administration > security. 2...
Page 296
Chapter 15: advanced administration 278 7. Type a valid email address that will identify messages from cc-sg in the from field. 8. Type the number of times emails should be re-sent should the send process fail in the sending retries field. 9. Type the number of minutes (from 1-60) that should elapse...
Page 297
Chapter 15: advanced administration 279 schedule sequential tasks you may want to schedule tasks sequentially to confirm that expected behavior occurred. For example, you may want to schedule an upgrade device firmware task for a given device group, and then schedule an asset management report task ...
Page 298
Chapter 15: advanced administration 280 schedule a task this section covers most tasks that can be scheduled. See schedule a device firmware upgrade (on page 282) for details on scheduling device firmware upgrades. To schedule a task: 1. Choose administration > tasks. 2. Click new. 3. In the main ta...
Page 299
Chapter 15: advanced administration 281  upgrade device firmware (individual device or device group): see schedule a device firmware upgrade (on page 282).  generate all reports: see reports (on page 208). 6. Click the recurrence tab. The recurrence tab is disabled for upgrade device firmware task...
Page 300
Chapter 15: advanced administration 282 10. If a task fails, cc-sg can retry the task at a later time as specified in the retry tab. Type the number of times cc-sg should retry to execute the task in the retry count field. Type the time that should elapse between retries in the retry interval field....
Page 301
Chapter 15: advanced administration 283 d. Concurrent upgrades: specify the number of devices that should begin the file transfer portion of the upgrade simultaneously. Maximum is 10. As each file transfer completes, a new file transfer will begin, ensuring that only the maximum number of concurrent...
Page 302
Chapter 15: advanced administration 284 when the task starts running, you can open the upgrade device firmware report any time during the scheduled time period to view the status of the upgrades. See upgrade device firmware report (on page 220). Change a scheduled task you can change a scheduled tas...
Page 303
Chapter 15: advanced administration 285 delete a task you can delete a task to remove it from the task manager. You cannot delete a task that is currently running. To delete a task: select the task, then click delete. Ssh access to cc-sg use secure shell (ssh) clients, such as putty or openshh clien...
Page 304
Chapter 15: advanced administration 286 to display all ssh commands: at the shell prompt, type ls to display all commands available. Get help for ssh commands you can get limited help for all commands at once. You can also get in-depth help on a single command at a time. To get help for a single ssh...
Page 305
Chapter 15: advanced administration 287 ssh commands and parameters the following table lists all commands available in ssh. You must be assigned the appropriate privileges in cc-sg to access each command. Some commands have additional parameters that you must type to execute the command. For more i...
Page 308
Chapter 15: advanced administration 290 command syntax device id value you should type ssh -id 100 ssh -id 100 the default escape character is a tilde followed by a period. For example: ~. See end ssh connections (on page 292) for details on using the escape character and the exit command. You may h...
Page 309
Chapter 15: advanced administration 291 2. Connect to the device by typing ssh -id . Using the figure above as an example, you can connect to sx-229 by typing ssh -id 1370. Use ssh to connect to a node via a serial out-of-band interface you can use ssh to connect to a node through its associated ser...
Page 310
Chapter 15: advanced administration 292 command alias description get_write gw gets write access. Allows ssh user to execute commands at target server while browser user can only observe proceedings. Get_history gh gets history. Displays the last few commands and results at target server. Send_break...
Page 311
Chapter 15: advanced administration 293 serial admin port the serial admin port on cc-sg can be connected directly to a raritan serial device, such as dominion sx or ksx. You can connect to the sx or ksx via the ip address using a terminal emulation program, such as hyperterminal or putty. Set the b...
Page 312
Chapter 15: advanced administration 294 finding your cc-sg serial number to find your cc-sg serial number: 1. Log into the admin client. 2. Choose help > about raritan secure gateway. 3. A new window opens with your cc-sg serial number. Web services api you must accept the end user agreement before ...
Page 313
Chapter 15: advanced administration 295 e. State or province: maximum 64 characters. Type in the whole state or province name. Do not abbreviate. F. City/locality: csr tag is locality name. Maximum 64 characters. G. Registered company name: csr tag is organization name. Maximum 64 characters. H. Div...
Page 314
296 the diagnostic console is a non-graphical, menu-based interface that provides local access to cc-sg. You can access diagnostic console from a serial or kvm port. See access diagnostic console via vga/keyboard/mouse port (on page 296). Or, you can access diagnostic console from a secure shell (ss...
Page 315
Chapter 16: diagnostic console 297 status console about status console you can use the status console to check the health of cc-sg, the various services cc-sg uses, and the attached network. By default, status console does not require a password. You can configure cc-sg to provide the status console...
Page 316
Chapter 16: diagnostic console 298 2: access the status console via web browser: 1. Using a supported internet browser, type this url: http(s):///status/ where is the ip address of the cc-sg. Note the forward slash (/) following /status is mandatory. For example, https://10.20.3.30/status/. 2. A sta...
Page 317
Chapter 16: diagnostic console 299 cc-sg title, date and time the cc-sg title is constant so users know that they are connected to a cc-sg unit. The date and time at the top of the screen is the last time when the cc-sg data was polled. The date and time reflect the timing values saved on the cc-sg ...
Page 318
Chapter 16: diagnostic console 300 information description suspended. Down database server has not started yet. Web status most of the access to the cc-sg server is through the web. This field shows the state of the web server and available statuses include: responding/unsecured the web server is up...
Page 319
Chapter 16: diagnostic console 301 information description duplex indicate whether the interface is full- or half-duplex. Ipaddr the current ipv4 address of this interface. Rx -pkts the number of ip packets received on this interface since cc-sg was booted. Tx -pkts the number of ip packets transmit...
Page 320
Chapter 16: diagnostic console 302 status console via web browser after connecting to the status console via the web browser, the read-only status console web page appears. The web page displays the same information as the status console, and also updates the information approximately every 5 second...
Page 321
Chapter 16: diagnostic console 303 administrator console about administrator console the administrator console allows you to set some initial parameters, provide initial networking configuration, debug log files, and perform some limited diagnostics and restarting cc-sg. The default login for the ad...
Page 322
Chapter 16: diagnostic console 304 the main administrator console screen appears. Administrator console screen administrator console screen consists of 4 main areas. Menu bar: you can perform administrator console functions by activating the menu bar. Press ctrl+x to activate the menu bar or click a...
Page 323
Chapter 16: diagnostic console 305 status bar: status bar is just above the navigation keys bar. It displays some important system information, including cc-sg's serial number, firmware version, and the time when the information shown in the main display area was loaded or updated. Screenshots conta...
Page 324
Chapter 16: diagnostic console 306 edit diagnostic console configuration the diagnostic console can be accessed via the serial port (com1), vga/keyboard/mouse (kvm) port, or from ssh clients. If you want to access status console, one more access mechanism, web access, is also available. For each por...
Page 325
Chapter 16: diagnostic console 307 4. Click save. Edit network interfaces configuration (network interfaces) in network interface configuration, you can perform initial setup tasks, such as setting the hostname and ip address of the cc-sg. 1. Choose operation > network interfaces > network interface...
Page 326
Chapter 16: diagnostic console 308  even if dhcp is being used to determine the ip configuration for an interface, you must provide a properly formatted ip address and netmask. 6. In the adapter speed, select a line speed. The other values of 10, 100, and 1000 mbps are on a scrollable list (where o...
Page 327
Chapter 16: diagnostic console 309 option description record route records route. Turns on the ip record route option, which will store the route of the packet inside the ip header. Use broadcast address allows pinging a broadcast message. Adaptive timing adaptive ping. Interpacket interval adapts t...
Page 328
Chapter 16: diagnostic console 310 option description no dns resolution does not resolve addresses to host names. Use icmp (vs. Normal udp) use icmp echo instead of udp datagrams. 4. Type values for how many hops the traceroute command will use in outgoing probe packets (default is 30), the udp dest...
Page 329
Chapter 16: diagnostic console 311 although you can delete all other routes, including the default gateway, doing this will greatly impact the communication with cc-sg..
Page 330
Chapter 16: diagnostic console 312 view log files in diagnostic console you can view one or more log files simultaneously via logviewer, which allows browsing through several files at once to examine system activity. The logfile list is updated only when the associated list becomes active, as when a...
Page 331
Chapter 16: diagnostic console 313 3. Click with the mouse or use the arrowkeys to navigate and press the space bar to select a log file, marking it with an x. You can view more than one log file at a time. To sort the logfiles to view list: the sort logfile list by options control the order in whic...
Page 332
Chapter 16: diagnostic console 314 option description contents of this package is not available to customer. Exported logfiles will be available for up to 10 days, and then the system will automatically delete them. View view the selected log(s). When view is selected with individual windows, the lo...
Page 333
Chapter 16: diagnostic console 315 note: system load is static as of the start of this admin console session - use the top utility to dynamically monitor system resources. To filter a log file with a regular expression: 1. Type e to add or edit a regular expression and select a log from the list if ...
Page 334
Chapter 16: diagnostic console 316 diagnostic console. See restarting cc-sg (on page 229). Restarting cc-sg in diagnostic console will not notify users that it is being restarted. To restart cc-sg with diagnostic console: 1. Choose operation > admin > cc-sg restart. 2. Either click restart cc-sg app...
Page 335
Chapter 16: diagnostic console 317 2. Either click reboot system or press enter to reboot cc-sg. Confirm the reboot in the next screen to proceed. Power off cc-sg system from diagnostic console this option will power off the cc-sg unit. Logged-in users will not receive a notification. Cc-sg, ssh, an...
Page 336
Chapter 16: diagnostic console 318 2. Either click power off the cc-sg or press enter to remove ac power from the cc-sg. Confirm the power off operation in the next screen to proceed. Reset cc super-user password with diagnostic console this option will reset the password for the cc super user accou...
Page 337
Chapter 16: diagnostic console 319 2. Either click reset cc-sg gui admin password or press enter to change the admin password back to factory default. Confirm the password reset in the next screen to proceed. Reset cc-sg factory configuration this option will reset all or parts of the cc-sg system b...
Page 338
Chapter 16: diagnostic console 320 option description full cc-sg database reset this option removes the existing cc-sg database and builds a new version with the factory default values. Network settings, snmp settings, firmware, and diagnostic console settings are not part of the cc-sg database. Ip-...
Page 339
Chapter 16: diagnostic console 321 option description diagnostic console reset this option restores diagnostic console settings back to factory defaults. Ip access control lists reset this option removes all entries from the ip-acl table. Ip-acl settings are reset with a full database reset whether ...
Page 340
Chapter 16: diagnostic console 322 2. In the password history depth field, type the number of passwords that will be remembered. The default setting is five. 3. Select either regular, random, or strong for the admin and status (if enabled) passwords. Password setting description regular these are st...
Page 341
Chapter 16: diagnostic console 323 password setting description every password must have at least one digit in it. Diagnostic console account configuration by default, the status account does not require a password, but you can configure it to require one. Other aspects of the admin password can be ...
Page 342
Chapter 16: diagnostic console 324 setting description user \ user name (read-only). This is the current user name or id for this account. Last changed (read-only). This is the date of the last password change for this account. Expire (read-only). This is the day that this account must change its pa...
Page 343
Chapter 16: diagnostic console 325 configure remote system monitoring you can enable the remote system monitoring feature to use the gkrellm tool. The gkrellm tool provides a graphical view of resource utilization on the cc-sg unit. This tool is similar to the windows task manager's performance tab....
Page 344
Chapter 16: diagnostic console 326 3: configure the remote system monitoring client to work with cc-sg: follow the instructions in the read me file to set the cc-sg unit as the target to monitor. Windows users must use the command line to locate the gkrellm installation directory and then run the co...
Page 345
Chapter 16: diagnostic console 327 display raid status and disk utilization this option displays the status of cc-sg disks, including disk size, active and up status, state of the raid-1, and amount of space currently used by various file systems. To display disk status of the cc-sg: 1. Choose opera...
Page 346
Chapter 16: diagnostic console 328 perform disk or raid tests you can manually perform smart disk drive tests or raid check and repair operations. To perform a disk drive test or a raid check and repair operation: 1. Choose operation > utilities > disk/raid utilities > manual disk/raid tests. 2. To ...
Page 347
Chapter 16: diagnostic console 329 d. After the test is complete, you can view the results in the repair/rebuild raid screen. See repair or rebuild raid disks (on page 331). If a non-zero value displays in the mis-match column for the given array, indicating that there may be a problem, you should c...
Page 348
Chapter 16: diagnostic console 330 schedule disk tests you can schedule smart-based tests of the disk drives to be periodically performed. Firmware on the disk drive will perform these tests, and you can view the test results in the repair/rebuild screen. See repair or rebuild raid disks (on page 33...
Page 349
Chapter 16: diagnostic console 331 2. Click with the mouse or use the arrow keys to navigate and press the space bar to select a test type, marking it with an x. Different types of tests take a different period of time.  a short test takes about 2 minutes to complete when the system is lightly load...
Page 350
Chapter 16: diagnostic console 332 2. If any item does not show "no" under the "replace??" or "rebuild??" column, contact raritan technical support for assistance.  a good system:  a contrived system showing multiple problems: the system will update displayed information when you move between disk...
Page 351
Chapter 16: diagnostic console 333 4. Selecting either replace disk drive or rebuild raid array, and follow onscreen instructions until you finish the operation. View top display with diagnostic console top display allows you to view the list of currently-running processes and their attributes, as w...
Page 352
Chapter 16: diagnostic console 334  ntp is not enabled or not configured properly:  ntp is properly configured and running:.
Page 353
Chapter 16: diagnostic console 335 take a system snapshot when cc-sg does not function properly, it is extremely helpful if you can capture the information stored in cc-sg, such as the system logs, configurations or database, and provide it to raritan technical support for analysis and troubleshooti...
Page 354
Chapter 16: diagnostic console 336 2: retrieve the cc-sg snapshot file: 1. Using a supported internet browser, type this url: http(s):///upload/ where is the ip address of the cc-sg. Note the forward slash (/) following /upload is mandatory. For example, https://10.20.3.30/upload/. 2. The enter netw...
Page 355
337 if you have a cc-sg and power iq, there are severals ways to use them together. 1. Control power to power iq it devices via cc-sg. For example, if you want to control power to a power iq it device which is also a cc-sg node, you can use a power iq proxy interface to give power control commands i...
Page 356
Chapter 17: power iq integration 338 configuring power iq services you must configure the power iq service before you can add power iq proxy interfaces to nodes, or synchronize power iq with cc-sg to add it devices to cc-sg as nodes. This is done via the cc-sg access menu. You must have the cc setup...
Page 357
Chapter 17: power iq integration 339 troubleshoot connections to power iq check these possible error messages and solutions to troubleshoot your connection to a power iq. Determine the cause, then edit the configuration to correct it. See configuring power iq services (on page 338). Message resoluti...
Page 358
Chapter 17: power iq integration 340 configuring synchronization of power iq and cc-sg cc-sg will synchronize with power iq to add the it devices configured in power iq to cc-sg as nodes. When synchronizing, cc-sg will create a node with a poweriq proxy interface for each new it device identified. W...
Page 359
Chapter 17: power iq integration 341 step 3 - create a synchronization policy: note: the synchronization policy applies to all power iq instances configured in cc-sg. See power iq synchronization policies (on page 342) for details of each policy and other synchronization results. 1. In the synchroni...
Page 360
Chapter 17: power iq integration 342 power iq synchronization policies when cc-sg detects a duplicated node, the synchronization policy you choose determines whether the nodes are consolidated, renamed, or rejected. See configuring synchronization of power iq and cc-sg (on page 340) to set the synch...
Page 361
Chapter 17: power iq integration 343 import power strips from power iq you can import dominion px devices and their outlet names from power iq. If the dominion px devices are already managed by cc-sg, you must delete them first. The import adds the dominion px devices, and configures and names the o...
Page 362
Chapter 17: power iq integration 344 column number tag or value details 6 configure all outlets true or false default is false. 7 description optional. Step 3: import the edited csv file into cc-sg 1. In the cc-sg admin client, choose administration > import > import powerstrips. 2. Click browse and...
Page 363
Chapter 17: power iq integration 345 3. Type a name for the file and choose the location where you want to save it 4. Click save. Step 2: edit the csv file and import into power iq: the export file contains three sections. Read the comments in the csv file for instructions on how to use each section...
Page 364
346 in this chapter v1 model................................................................................................ 346 e1 model................................................................................................ 347 v1 model v1 general specifications form factor 1u dimensions (...
Page 365
Appendix a: specifications for v1 and e1 347 operating humidity 5% - 95% rh altitude operate properly at any altitude between 0 to 10,000 feet, storage 40,000 feet (estimated) vibration 5-55-5 hz, 0.38mm,1 minutes per cycle; 30 minutes for each axis (x,y,z) shock n/a e1 model e1 general specificatio...
Page 366
Appendix a: specifications for v1 and e1 348 operating non-operating temperature -40°-70° c humidity 5-90%, non-condensing altitude sea level to 40,000 feet vibration 10 hz to 300 hz sweep at 2 g constant acceleration for one hour on each of the perpendicular axes x, y, and z shock 30 g for 11 ms wi...
Page 367
349 this appendix contains network requirements, including addresses, protocols, and ports, of a typical cc-sg deployment. It includes information about how to configure your network for both external access and internal security and routing policy enforcement. Details are provided for the benefit o...
Page 368
Appendix b: cc-sg and network configuration 350 port number protocol purpose details raritan device that will be externally accessed. The other ports in the table must be opened only for accessing cc-sg. Aes-128/aes-256 encrypted if configured. 80 and 443 for control system nodes 80, 443, 902, and 9...
Page 369
Appendix b: cc-sg and network configuration 351 cc-sg and raritan devices a main role of cc-sg is to manage and control raritan devices, such as dominion kx ii. Typically, cc-sg communicates with these devices over a tcp/ip network (local, wan, or vpn) and both tcp and udp protocols are used as foll...
Page 370
Appendix b: cc-sg and network configuration 352 communication direction port number protocol configurable? Details cc-sg to cc-sg 5432 tcp no from ha-jdbc on primary to backup postgresql db server. Not encrypted. Cc-sg to cc-sg 8732 tcp no primary-backup server sync clustering control data exchange....
Page 371
Appendix b: cc-sg and network configuration 353 communication direction port number protocol configurable? Details pc client to cc-sg 443 tcp no client-server communication. Ssl/aes-128/aes-256 encrypted if configured. Pc client to cc-sg 80 tcp no client-server communication. Not encrypted. If ssl i...
Page 372
Appendix b: cc-sg and network configuration 354 communication direction port number protocol configurable? Details client to raritan device to out-of-band kvm node (direct mode) 5000 (on raritan device) tcp yes client-server communication. Ssl/aes-128/aes-256 encrypted if configured. Client to rarit...
Page 373
Appendix b: cc-sg and network configuration 355 communication direction port number protocol configurable? Details cc-sg to snmp manager 162 udp yes snmp standard cc-sg internal ports cc-sg uses several ports for internal functions, and its local firewall function blocks access to these ports. Howev...
Page 374
Appendix b: cc-sg and network configuration 356 vnc access to nodes port 5800 or 5900 must be open for vnc access to nodes. Ssh access to nodes port 22 must be open for ssh access to nodes. Remote system monitoring port when the remote system monitoring feature is enabled, port 19150 is opened by de...
Page 375
357 this table shows which privilege must be assigned for a user to have access to a cc-sg menu item. *none means that no particular privilege is required. Any user who has access to cc-sg will be able to view and access these menus and commands. Menu > sub-menu menu item required privilege descript...
Page 376
Appendix c: user group privileges 358 menu > sub-menu menu item required privilege description node auditing user management devices this menu and the devices tree is available only for users with any one of the following privileges: device, port, and node management device configuration and upgrade...
Page 377
Appendix c: user group privileges 359 menu > sub-menu menu item required privilege description > launch admin device, port, and node management or device configuration and upgrade management > launch user station admin device, port, and node management > disconnect users device, port, and node manag...
Page 378
Appendix c: user group privileges 360 menu > sub-menu menu item required privilege description management > by port number device, port, and node management or device configuration and upgrade management nodes this menu and the nodes tree is available only for users with any one of the following pri...
Page 379
Appendix c: user group privileges 361 menu > sub-menu menu item required privilege description group power control power control configure blades device, port, and node management ping node device, port, and node management bookmark node interface node in-band access or node out-of-band access > nod...
Page 380
Appendix c: user group privileges 362 menu > sub-menu menu item required privilege description node out-of-band access or node power control > tree view any of the following: device, port, and node management or node in-band access or node out-of-band access or node power control associations this m...
Page 381
Appendix c: user group privileges 363 menu > sub-menu menu item required privilege description > user group data user management > devices > device asset report device, port, and node management or device configuration and upgrade management > device group data device, port, and node management > qu...
Page 382
Appendix c: user group privileges 364 menu > sub-menu menu item required privilege description firmware cc setup and control or device configuration and upgrade management configuration cc setup and control cluster configuration cc setup and control neighborhood cc setup and control security cc setu...
Page 383
Appendix c: user group privileges 365 menu > sub-menu menu item required privilege description export nodes cc setup and control and device, port, and node management export devices cc setup and control and device, port, and node management export power iq data cc setup and control and device, port,...
Page 384: Appendix D Snmp Traps
366 cc-sg provides the following snmp traps: snmp trap description ccunavailable cc-sg application is unavailable. Ccavailable cc-sg application is available. Ccuserlogin cc-sg user logged in. Ccuserlogout cc-sg user logged out. Ccportconnectionstarted cc-sg session started. Ccportconnectionstopped ...
Page 385
Appendix d: snmp traps 367 snmp trap description ccdiagnosticconsolelogout user has logged out of the cc-sg diagnostic console. Ccusergroupadded a new user group has been added to cc-sg. Ccusergroupdeleted cc-sg user group has been deleted. Ccusergroupmodified cc-sg user group has been modified. Ccs...
Page 386
368 this section contains more information about csv file imports. In this chapter common csv file requirements ......................................................... 369 audit trail entries for importing ............................................................. 370 troubleshoot csv file prob...
Page 387
Appendix e: csv file imports 369 common csv file requirements the best way to create the csv file is to export a file from cc-sg, and then use the exported csv file as an example for creating your own. The export file contains comments at the top that describe each item in the file. The comments can...
Page 388
Appendix e: csv file imports 370 audit trail entries for importing each item imported into cc-sg is logged in the audit trail. Skipped duplicates are not logged in the audit trail. The audit trail includes an entry for the following actions, under the message type "configuration." import of csv file...
Page 389
Appendix e: csv file imports 371 troubleshoot csv file problems to troubleshoot csv file validation: error messages appear in the problems area of the import page. The error messages identify problems that are found in the csv file during validation. You can save the list of errors to a csv file. Ea...
Page 390
372 launching cc-sg from your web browser requires a java plug-in. If your machine has an incorrect version, cc-sg will guide you through the installation steps. If your machine does not have a java plug-in, cc-sg cannot automatically launch. In this case, you must uninstall or disable your old java...
Page 391
Appendix f: troubleshooting 373 if you access more than one cc-sg unit using the same client and firefox, you may see a "secure connection failed" message that says you have an invalid certificate. You can resume access by clearing the invalid certificate from your browser. A. In firefox, choose too...
Page 392
374 cc-sg comes with a few diagnostic utilities which may be extremely helpful for you or raritan technical support to analyse and debug the cause of cc-sg problems. In this chapter memory diagnostic ................................................................................ 374 debug mode .......
Page 393
Appendix g: diagnostic utilities 375  capture the memtest86+ screen containing the memory errors and contact raritan technical support for assistance.  shut down cc-sg and re-install the memory dimm modules to ensure the contact is good. Then perform the memtest86+ diagnostic to verify if the memo...
Page 394
Appendix g: diagnostic utilities 376 cc-sg disk monitoring if cc-sg disk space exhaustion in one or more file systems occurs, it may negatively impact your operation and even results in the loss of some engineering data. Therefore, you should monitor the cc-sg disk usage and take corrective actions ...
Page 395
Appendix g: diagnostic utilities 377 file system data corrective action /sg/db cc-sg database contact raritan technical support /opt cc-sg backups and snapshots 1. Save any new snapshot files on a remote client pc. See take a system snapshot (on page 335) for the retrieval procedure. 2. Enter the sy...
Page 396
Appendix g: diagnostic utilities 378 note: for file system problems that are not mentioned in this section, or when the corrective actions you take cannot resolve the problems, contact raritan technical support for assistance..
Page 397
379 cc-sg can be configured to point to an rsa radius server that supports two-factor authentication via an associated rsa authentication manager. Cc-sg acts as a radius client and sends user authentication requests to rsa radius server. The authentication request includes user id, a fixed password,...
Page 398: Appendix I Faqs
380 in this chapter general faqs ........................................................................................ 380 authentication faqs .............................................................................. 382 security faqs ............................................................
Page 399
Appendix i: faqs 381 question answer access cc-sg. Can i upgradeto newer versions of cc-sg software as they become available? Yes. Contact your authorized raritan sales representative or raritan, inc. Directly. How many nodes and/or dominion units and/or ip-reach units can be connected to cc-sg? The...
Page 400
Appendix i: faqs 382 question answer is the most effective and cost-efficient way to scale a single location. It also supports the network model with ip-reach and the ip user station (ust-ip). The network model scales through use of the tcp/ip network and aggregates access through cc-sg, so users do...
Page 401
Appendix i: faqs 383 question answer for authentication with directory services and security tools such as ldap, ad, radius, and so on? Authentication. Remote authentication servers supported include: ad, tacacs+, radius, and ldap. Why does the error message "incorrect username and/or password" appe...
Page 402
Appendix i: faqs 384 question answer well as external (not just wan, but lan, too)? Lan or wan. Does cc-sg support crl list, that is, ldap list of invalid certificates? No. Does cc-sg support client certificate request? No. Accounting faqs question answer accounting the event times in the audit trai...
Page 403
Appendix i: faqs 385 grouping faqs question answer grouping is it possible to put a given server in more than one group? Yes. Just as one user can belong to multiple groups, one device can belong to multiple groups. For example, a sun in nyc could be part of group sun: "ostype = solaris" and group n...
Page 404
Appendix i: faqs 386 interoperability faqs question answer interoperability how does cc-sg integrate with blade chassis products? Cc-sg can support any device with a kvm or serial interface as a transparent pass-through. To what level is cc-sg able to integrate with third party kvm tools, down to th...
Page 405
Appendix i: faqs 387 licensing faqs if you must replace your installed licenses, follow these rules. Base licenses must be replaced first. For example, if replacing stand-alone licenses cc-e1-512 and ccl-512 with cluster licenses cc-2xe1-512 and ccl-512, the base license cc-e1-512 must be replaced b...
Page 406
388 the following keyboard shortcuts can be used in the java-based admin client. Operation keyboard shortcut refresh f5 print panel ctrl + p help f1 insert row in associations table ctrl + i appendix j keyboard shortcuts.
Page 407
389 this appendix includes information about the naming conventions used in cc-sg. Comply with the maximum character lengths when naming all the parts of your cc-sg configuration. In this chapter user information .................................................................................... 38...
Page 408
Appendix k: naming conventions 390 field in cc-sg number of characters cc-sg allows audit information 256 location information field in cc-sg number of characters cc-sg allows department 64 site 64 location 128 contact information field in cc-sg number of characters cc-sg allows primary contact name...
Page 409
Appendix k: naming conventions 391 field in cc-sg number of characters cc-sg allows periods are converted to hyphens. Device description 160 device ip/hostname 64 username 64 password 64 notes 256 port information field in cc-sg number of characters cc-sg allows port name 32 associations field in cc...
Page 410: Messages
392 prior to version 4.0, cc-sg diagnostic console displays a number of messages on the screen each time when it boots up. These messages are standard linux diagnostic and warning messages and usually do not imply any system problems. The table offers a short introduction to a few frequent messages....
Page 411: Index
393 a about administrator con sole • 296, 303 about applications for accessing nodes • 238 about associations • 41 about cc- sg lan ports • 242, 243, 246 about cc- sg passwords • 269 about connection modes • 102, 128, 250 about default applications • 240 about interfaces • 102, 250 about ldap and cc...
Page 412
Index 394 adding, editing, and deleting node groups • 150 adding, editing, and deleting nodes • 109 add ing, editing, and deleting user groups • 108, 159 adding, editing, and deleting users • 163 administration • 391 administrator console • 303 administrator console screen • 304 advanced administrat...
Page 413
Index 395 change your default search preference • 52, 172 change your email address • 173 change your name • 172 change your password • 172 changing the blade server status • 66 check your browser for aes encryption • 267 checking and upgrading application versions • 32, 238 checking the compatibili...
Page 414
Index 396 default cc- sg settings • 23 default user groups • 158 delete a backup file • 224 delete a blade chassis device • 67, 68 delete a category • 43 delete a cluster • 260 delete a custom view for devices • 185 delete a custom view for nodes • 182 del ete a device group • 76 delete a neighborho...
Page 415
Index 397 end ssh connections • 290, 292 ending cc- sg session • 235 entering maintenance mode • 32, 222, 230, 232, 238 error log report • 211 estab lishing order of external aa servers • 190 example adding a web browser interface to a px node • 133, 134 exit cc- sg • 235, 236 exiting maintenance mo...
Page 416
Index 398 licensing - new customers - physical appliance • 10, 11, 12, 14, 16 licensing - rehosting • 29 licensing - virtual appliance with license server • 10, 11, 17 licensing faqs • xvii, 30, 387 limit the number of kvm sessions per user • 39, 159, 160, 162 linux server • 18, 21 location informat...
Page 417
Index 399 q query port report • 215 r radius general settings • 206 rdp access to nodes • 355 reboot cc- sg with diagnostic console • 316, 336, 374 reboot or force reboot a virtual host node • 123 recommended dhcp configurations for cc-sg • 242, 244, 247, 248 recover a cluster • 259 refresh a neighb...
Page 418
Index 400 specify a distinguished name for ad • 188 specify a distinguished name for ldap • 189 specify a u sername for ad • 189 specifying modules for authentication and authorization • 189 ssh access to cc-sg • 268, 285 ssh access to nodes • 356 ssh commands and parameters • 287 start the license ...
Page 419
Index 401 virtual appliance installation requirements • 17 virtual appliances with remote storage servers • 27 virtual nodes overview • 113 vnc access to nodes • 356 vsphere 4 users must install new plug- in • 121 w web browser interface • 126, 133 web services api • 294 what is a neighborhood? • 24...
Page 420
U.S./canada/latin america monday - friday 8 a.M. - 6 p.M. Et phone: 800-724-8090 or 732-764-8886 for commandcenter noc: press 6, then press 1 for commandcenter secure gateway: press 6, then press 2 fax: 732-764-8887 email for commandcenter noc: tech-ccnoc@raritan.Com email for all other products: te...