Raritan DOMINION KSX II User Manual

Other manuals for DOMINION KSX II: User Manual, Quick Setup Manual, Quick Installation And Setup Manual, Quick Setup Manual, User Manual, Quick Setup Manual

Page of 362

Download

Print this page

Bookmark us

DKSXII-v2.3.0-0D-E

December 2010

255-62-4030-00

Dominion KSX II

User Guide

Release 2.3.0

1 2 3 4 5 6 7 Next › »

Summary of DOMINION KSX II

Page 2
This document contains proprietary information that is protected by copyright. All rights reserved. No part of this document may be photocopied, reproduced, or translated into another language without express prior written consent of raritan, inc. © copyright 2010 raritan, inc. All third-party softw...
Page 3: Contents
Iii contents chapter 1 introduction 1 ksx ii overview ............................................................................................................................. 2 what's new in help ......................................................................................................
Page 4
Contents iv connection information ..................................................................................................... 60 keyboard options .............................................................................................................. 60 video properties ...............
Page 5
Contents v adding a new user group ............................................................................................... 114 modifying an existing user group ................................................................................... 119 users .........................................
Page 6
Contents vi encryption & share .......................................................................................................... 193 enabling fips 140-2 ....................................................................................................... 196 configuring ip access control ...
Page 7
Contents vii cli prompts ............................................................................................................................... 234 cli commands .......................................................................................................................... 234 sec...
Page 8
Contents viii resetting the ksx ii using the reset button ............................................................................ 254 chapter 14 modem configuration 256 certified modems for unix, linux and mpc ............................................................................. 256 low...
Page 9
Contents ix setting the registry to permit write operations to the schema ............................................... 295 creating a new attribute ............................................................................................................ 295 adding attributes to the class ........
Page 10
Contents x appendix d faqs 314 general questions ..................................................................................................................... 315 serial access ......................................................................................................................
Page 11: Chapter 1 Introduction
1 in this chapter ksx ii overview ........................................................................................ 2 what's new in help ................................................................................... 4 ksx ii help .............................................................
Page 12
Chapter 1: introduction 2 ksx ii overview raritan's dominion ksx ii is an enterprise-class, secure digital device that provides a single integrated solution for remote kvm (keyboard, video, mouse) server access and serial device management, as well as power control from anywhere in the world from a ...
Page 13
Chapter 1: introduction 3 diagram key cat5 cable remote virtual media usb drive(s) computer interface module (cim) rack pdu (power strip) ksx ii local access remote kvm and serial devices ip lan/wan modem access pstn remote (network) access.
Page 14
Chapter 1: introduction 4 what's new in help the following information has been added based on enhancements and changes to the equipment and/or user documentation. You are able to configure http and/or https ports used by the ksx ii. See http and https port settings (on page 141). Information on the...
Page 15
Chapter 1: introduction 5 ksx ii help theksx ii help provides information on how to install, set up, and configure the ksx ii. It also includes information on accessing target servers and power strips, using virtual media, managing users and security, and maintaining and diagnosing the ksx ii. A pdf...
Page 16
Chapter 1: introduction 6 virtual media all ksx ii models support virtual media. The benefits of virtual media - mounting of remote drives/media on the target server to support software installation and diagnostics - are now available in all of the ksx ii models. Virtual media sessions can be secure...
Page 17
Chapter 1: introduction 7 ksx ii 144 and 188 cim serial adapter product features hardware kvm and serial remote access over ip 1u rack-mountable; brackets included dksx2-144 - 4 serial/4 kvm server ports dksx2-188 - 8 serial/8 kvm server ports 1 kvm channel shareable by 8 users, multiple serial user...
Page 18
Chapter 1: introduction 8 software virtual media with d2cim-vusb and d2cim-dvusb cims absolute mouse synchronization with d2cim-vusb cim and d2cim-dvusb cims plug-and-play web-based access and management intuitive graphical user interface (gui) 256-bit encryption of complete kvm signal, including vi...
Page 19
Chapter 1: introduction 9 item description usb port remote indicator light lan1 and lan2 indicator lights power indicator light.
Page 20
Chapter 1: introduction 10 item description ac power cord plug see power control (on page 158) for additional information. Power on/off switch lan 3 port note: the lan 3 port is reserved for future use. Lan1 and lan2 ports see step 3: connect the equipment (on page 25) for additional information. Ad...
Page 21
Chapter 1: introduction 11 terminology this manual uses the following terminology for the components of a typical ksx ii configuration:.
Page 22
Chapter 1: introduction 12 diagram key tcp/ip ipv4 and/or ipv6 kvm (keyboard, video, mouse) utp cable (cat5/5e/6) ksx ii local access console local user - an optional user console (consisting of a keyboard, mouse, and multi-sync vga monitor) attached directly to the ksx ii to control kvm target serv...
Page 23
Chapter 1: introduction 13 diagram key serial port connected remotely via ksx ii. Routers dominion px rack pdu (power strip) raritan rack pdus accessed remotely via the ksx ii. Package contents each ksx ii ships as a fully-configured stand-alone product in a standard 1u 19" rackmount chassis. Each k...
Page 24
14 in this chapter overview .................................................................................................. 14 default login information ........................................................................ 14 getting started .......................................................
Page 25
Chapter 2: installation and configuration 15 getting started step 1: configure kvm target servers kvm target servers are the computers that will be accessed and controlled via the ksx ii. Before installing the ksx ii, configure all kvm target servers to ensure optimum performance. This configuration...
Page 26
Chapter 2: installation and configuration 16 operating system mouse and video settings this section provides video mode and mouse information specific to the operating system in use on the target server. Windows xp, windows 2003 and windows 2008 settings to configure kvm target servers running windo...
Page 27
Chapter 2: installation and configuration 17 windows vista settings to configure kvm target servers running windows vista ® operating system: 1. Configure the mouse settings: a. Choose start > settings > control panel > mouse. B. Select "advanced system settings" from the left navigation panel. The ...
Page 28
Chapter 2: installation and configuration 18  set the mouse motion speed setting to exactly the middle speed.  disable the "enhanced pointer precision" option.  click ok. 2. Disable animation and fade effects: a. Select control panel > system and security. B. Select system and then select "advanc...
Page 29
Chapter 2: installation and configuration 19  deselect the "use the following transition effect for menus and tooltips" option. 3. Click ok and close the control panel. Linux settings (red hat 4) note: the following settings are optimized for standard mouse mode only. To configure kvm target server...
Page 30
Chapter 2: installation and configuration 20 suse linux 10.1 settings note: do not attempt to synchronize the mouse at the suse linux ® login prompt. You must be connected to the target server to synchronize the mouse cursors. To configure the mouse settings: 1. Choosedesktop > control center. The d...
Page 31
Chapter 2: installation and configuration 21 tip: if you do not want to be prompted upon log out, follow these procedures instead. To make your settings permanent in linux (no prompt): 1. Choose desktop > control center > system > sessions. 2. Click the session options tab. 3. Deselect the "prompt o...
Page 32
Chapter 2: installation and configuration 22 display resolution vertical refresh rate aspect ratio 1280 x 1024 60,75,85 hz 5:4 1152 x 864 75 hz 4:3 1024 x 768 60,70,75,85 hz 4:3 800 x 600 56,60,72,75,85 hz 4:3 720 x 400 85 hz 9:5 640 x 480 60,72,75,85 hz 4:3 3. Kvm target servers running the solaris...
Page 33
Chapter 2: installation and configuration 23 4. Set the threshold slider to 1.0. 5. Click ok. Accessing the command line 1. Right click. 2. Choose tools > terminal. A terminal window opens. (it is best to be at the root to issue commands.) video settings (post) sun systems have two different resolut...
Page 34
Chapter 2: installation and configuration 24 ibm aix 5.3 settings follow these steps to configure kvm target servers running ibm ® aix ™ 5.3. To configure the mouse: 1. Go to launcher. 2. Choose style manager. 3. Click mouse. The style manager - mouse dialog appears. 4. Use the sliders to set the mo...
Page 35
Chapter 2: installation and configuration 25 to take advantage of the ksx ii: the firewall must allow inbound communication on: web-access capabilities port 443 - standard tcp port for https communication automatic redirection of http requests to https (so the more common “http://xxx.Xxx.Xxx.Xxx” ca...
Page 36
Chapter 2: installation and configuration 26 b. Network port the ksx ii provides two ethernet ports for failover purposes (not for load-balancing). By default, only lan1 is active and the automatic failover is disabled. When enabled, if the ksx ii internal network interface or the network switch to ...
Page 37
Chapter 2: installation and configuration 27 connection description mouse attach either a standard ps/2 mouse to the mini-din6 (female) mouse port or a standard usb mouse to one of the usb type a (female) ports. You can use the local admin port to connect the ksx ii directly to a workstation to mana...
Page 38
Chapter 2: installation and configuration 28 e. Rack pdu (power strip) to connect the dominion px to the ksx ii: 1. Plug one end of a cat5 cable into the serial port on the front of the dominion px. 2. Connect the other end of the cat5 cable to either the power ctrl. 1 or power ctrl. 2 ports on the ...
Page 39
Chapter 2: installation and configuration 29 diagram key ksx ii px serial port ksx ii power ctrl. 1 port or power ctrl. 2 port cat5 cable px f. Serial target ports to connect a serial target to the ksx ii, use a cat5 cable with an appropriate serial adapter. The following table lists the necessary k...
Page 40
Chapter 2: installation and configuration 30 vendor device console connector serial connection graphics sun ™ sparcstation db25f ascsdb25m adapter and a cat 5 cable sun netra t1 rj-45 crlvr-15 cable; or crlvr-1 adapter and a cat5 cable sun cobalt db9m ascsdb9f adapter and a cat 5 cable various windo...
Page 41
Chapter 2: installation and configuration 31 5. Click apply. 6. You will receive confirmation that the password was successfully changed. Click ok. The port access page is displayed. Note: the default password can also be changed from the raritan multi-platform client (mpc). For more information, re...
Page 42
Chapter 2: installation and configuration 32 a. Select the ipv6 checkbox to activate the fields in the section. B. Enter a global/unique ip address. This is the ip address assigned to the ksx ii. C. Enter the prefix length. This is the number of bits used in the ipv6 address. D. Enter the gateway ip...
Page 43
Chapter 2: installation and configuration 33 see lan interface settings (on page 138) for information in configuring this section of the network settings page. Note: in some environments, the default lan interface speed & duplex setting autodetect (autonegotiator) does not properly set the network p...
Page 45
Chapter 2: installation and configuration 35 configure the ssh tcp port as "7888". Once this is done, connection to the target can be done by using “ssh –l - p 7888”. 3. Click ok to save this information. Once you have created the direct port access, it can be connected in a client application such ...
Page 46
Chapter 2: installation and configuration 36 note to cc-sg users note to cc-sg users if you are using the ksx ii in a cc-sg configuration, perform the installation steps, and when finished, consult the commandcenter secure gateway user guide, administrator guide, or deployment guide to proceed (all ...
Page 47
Chapter 2: installation and configuration 37 create user groups and users as part of the initial configuration, you must define user groups and users in order for users to access the ksx ii. The ksx ii uses system-supplied default user groups and allows you to create groups and specify the appropria...
Page 48
38 in this chapter interfaces ................................................................................................. 38 proxy server configuration for use with ksx ii, mpc, vkc and akc ... 52 virtual kvm client (vkc) ...........................................................................
Page 49
Chapter 3: working with target servers 39 the following sections of the user guide contain information about using specific interfaces to connect to the ksx ii and manage targets: ksx ii local console interface: ksx ii devices (see " ksx ii local console: ksx ii devices " on page 39) ksx ii remote c...
Page 50
Chapter 3: working with target servers 40 ksx ii remote console interface the ksx ii remote console is a browser-based graphical user interface that allows you to log in to kvm target servers and serial targets connected to the ksx ii and to remotely administer the ksx ii. The ksx ii remote console ...
Page 51
Chapter 3: working with target servers 41 depending on your browser and security settings, you may see various security and certificate warnings. It is necessary to accept these warnings to launch the ksx ii remote console. You can reduce the number of warning messages during subsequent log ins by c...
Page 52
Chapter 3: working with target servers 42 interface and navigation ksx ii console layout both the ksx ii remote console and the ksx ii local console interfaces provide an html (web-based) interface for configuration and administration, as well as target server list and selection. The options are org...
Page 53
Chapter 3: working with target servers 43 left panel the left panel of the ksx ii interface contains the following information. Note that some information is conditional and will only be displayed if you are a certain of user, are using certain features, and so on. This conditional information is no...
Page 54
Chapter 3: working with target servers 44 information description when displayed? Connected users the users, identified by their username and ip address, who are currently connected to the ksx ii. Always online help - user guide links to online help. Always favorite devices see managing favorites (o...
Page 55
Chapter 3: working with target servers 45 port access page after successfully logging on to the ksx ii remote console, the port access page appears. This page lists all of the ksx ii ports, the connected kvm target servers, and their status and availability. The port access page provides access to t...
Page 56
Chapter 3: working with target servers 46  availability - the availability can be idle, connected, busy, or unavailable. Blade servers will have an availability of either shared or exclusive when a connection to that blade is in place. 3. Click view by port, view by group or view by search to switc...
Page 57
Chapter 3: working with target servers 47 power on - powers on the target server through the associated outlet. This option is visible only when there are one or more power associations to the target. Power off - powers off the target server through the associated outlets. This option is visible onl...
Page 58
Chapter 3: working with target servers 48 managing favorites a favorites feature is provided so you can organize and quickly access the devices you use frequently. The favorite devices section is located in the lower left side (sidebar) of the port access page and provides the ability to: create and...
Page 59
Chapter 3: working with target servers 49 note: both ipv4 and ipv6 addresses are supported. Manage favorites page to open the manage favorites page: click the manage button in the left panel. The manage favorites page appears and contains the following: use: to: favorites list manage your list of fa...
Page 60
Chapter 3: working with target servers 50 c. Click save. 3. Click refresh. The list of devices on the local subnet is refreshed. To add devices to your favorites list: 1. Select the checkbox next to the device name/ip address. 2. Click add. Tip: use the select all and deselect all buttons to quickly...
Page 61
Chapter 3: working with target servers 51 adding, deleting and editing favorites to add a device to your favorites list: 1. Choose manage > add new device to favorites. The add new favorite page appears. 2. Type a meaningful description. 3. Type the ip address/host name for the device. 4. Change the...
Page 62
Chapter 3: working with target servers 52 proxy server configuration for use with ksx ii, mpc, vkc and akc when the use of a proxy server is required, a socks proxy must also be provided and configured on the remote client pc. Note: if the installed proxy server is only capable of the http proxy pro...
Page 63
Chapter 3: working with target servers 53 start javaw -xmn128m -xmx512m -xx:maxheapfreeratio=70 -xx:minheapfreeratio=50 -dsun.Java2d.Noddraw=true -dsocksproxyhost=192.168.99.99 -dsocksproxyport=1080 -classpath .\sdeploy.Jar;.\sfoxtrot.Jar;.\jaws.Jar;.\smpc.Jar com.Raritan.Rrc.Ui.Rrcapplication %1 vi...
Page 64
Chapter 3: working with target servers 54 toolbar note: the kx ii-101 vkc interface is different from the other dominion kx products. See vkc toolbar for the kx ii-101. Button button name description connection properties opens the modify connection properties dialog from which you can manually adju...
Page 65
Chapter 3: working with target servers 55 button button name description full screen mode maximizes the screen real estate to view the target server desktop. Scaling increases or reduces the target video size so you can view the entire contents of the target server window without using the scroll ba...
Page 66
Chapter 3: working with target servers 56 to power off a target server: 1. From the ksx ii remote console, click the port access tab to open it. The port access page opens. 2. Click the port name of the appropriate target server. The port action menu appears. 3. Choose power off. A confirmation mess...
Page 67
Chapter 3: working with target servers 57 after you have connected to a target server, you can change the usb profile as necessary. By default, the profiles that appear under the usb profile menu in the vkc are those that you are most likely to use. These profiles have been preselected by the admini...
Page 68
Chapter 3: working with target servers 58 connection properties the dynamic video compression algorithms maintain kvm console usability under varying bandwidth constraints. The devices optimize kvm output not only for lan use, but also for wan use. These devices can also control color depth and limi...
Page 69
Chapter 3: working with target servers 59  100 mb ethernet  10 mb ethernet  1.5 mb (max dsl/t1)  1 mb (fast dsl/t1)  512 kb (medium dsl/t1)  384 kb (slow dsl/t1)  256 kb (cable)  128 kb (dual isdn)  56 kb (isp modem)  33 kb (fast modem)  24 kb (slow modem) note that these settings are an ...
Page 70
Chapter 3: working with target servers 60 connection information to obtain information about your virtual kvm client connection: choose connection > connection info. The connection info window opens. The following information is displayed about the current connection: device name - the name of the d...
Page 71
Chapter 3: working with target servers 61 building a keyboard macro to build a macro: 1. Click keyboard > keyboard macros. The keyboard macros dialog appears. 2. Click add. The add keyboard macro dialog appears. 3. Type a name for the macro in the keyboard macro name field. This name will appear in ...
Page 72
Chapter 3: working with target servers 62 10. Click close to close the keyboard macros dialog. The macro will now appear on the keyboard menu in the application. Select the new macro on the menu to run it or use the keystrokes you assigned to the macro. Running a keyboard macro once you have created...
Page 73
Chapter 3: working with target servers 63 5. Click ok. To remove a macro: 1. Choose keyboard > keyboard macros. The keyboard macros dialog appears. 2. Choose the macro from among those listed. 3. Click remove. The macro is deleted. Hot-key combinations that coincide with blade chassis switching key ...
Page 74
Chapter 3: working with target servers 64 auto-sense video settings the auto-sense video settings command forces a re-sensing of the video settings (resolution, refresh rate) and redraws the video screen. Note: vkc for the kx ii-101 uses an icon set that differs from the icon set used in vkc for oth...
Page 75
Chapter 3: working with target servers 65 the device can filter out the electrical interference of video output from graphics cards. This feature optimizes picture quality and reduces bandwidth. Higher settings transmit variant pixels only if a large color variation exists in comparison to the neigh...
Page 76
Chapter 3: working with target servers 66  best possible video mode the device will perform the full auto sense process when switching targets or target resolutions. Selecting this option calibrates the video for the best image quality.  quick sense video mode with this option, the device will use...
Page 77
Chapter 3: working with target servers 67 note: some sun background screens, such as screens with very dark borders, may not center precisely on certain sun servers. Use a different background or place a lighter colored icon in the upper left corner of the screen. Note: vkc for the kx ii-101 uses an...
Page 78
Chapter 3: working with target servers 68 using screenshot from target you are able to take a screenshot of a target server using the screenshot from target server command. You can then save this screenshot to a file location of your choosing as a bitmap, jpeg or png file. Note: the screenshot from ...
Page 79
Chapter 3: working with target servers 69 changing the maximum refresh rate if the video card you are using on the target uses custom software and you are accessing the target through mpc or vkc, you may need to change the maximum refresh rate of the monitor in order for the refresh rate to take eff...
Page 80
Chapter 3: working with target servers 70 mouse pointer synchronization when remotely viewing a target server that uses a mouse, you will see two mouse cursors: one belonging to your remote client workstation and the other belonging to the target server. When the mouse pointer lies within the virtua...
Page 81
Chapter 3: working with target servers 71 additional notes for intelligent mouse mode be sure that there are no icons or applications in the upper left section of the screen since that is where the synchronization routine takes place. Do not use an animated mouse. Disable active desktop on kvm targe...
Page 82
Chapter 3: working with target servers 72 intelligent mouse mode in intelligent mouse mode, the device can detect the target mouse settings and synchronize the mouse cursors accordingly, allowing mouse acceleration on the target. Intelligent mouse mode the default for non-vm targets. In this mode, t...
Page 83
Chapter 3: working with target servers 73 please note that mouse configurations will vary on different target operating systems. Consult your os guidelines for further details. Also note that intelligent mouse synchronization does not work with unix targets. Absolute mouse mode in this mode, absolut...
Page 84
Chapter 3: working with target servers 74 2. Click the single/double mouse cursor button in the toolbar. To exit single mouse mode: 1. Press ctrl+alt+o on your keyboard to exit single mouse mode. Vkc virtual media see the chapter on virtual media (on page 90) for complete information about setting u...
Page 85
Chapter 3: working with target servers 75 smart cards for a list of supported smart cards, smart card readers, and additional system requirements, see supported and unsupported smart card readers (on page 282). When accessing a server remotely, you will have the opportunity to select an attached sma...
Page 86
Chapter 3: working with target servers 76 to update the smart card in the select smart card reader dialog: click refresh list if a new smart card reader has been attached to the client pc. To send smart card remove and reinsert notifications to the target: select the smart card reader that is curren...
Page 87
Chapter 3: working with target servers 77  us/international  french (france)  german (germany)  japanese  united kingdom  korean (korea)  french (belgium)  norwegian (norway)  portuguese (portugal)  danish (denmark)  swedish (sweden)  german (switzerland)  hungarian (hungary)  spanish ...
Page 88
Chapter 3: working with target servers 78 a. To configure the monitor on which the target viewer is launched:  select 'monitor client was launched from' if you want the target viewer to be launched using the same display as the application that is being used on the client (for example, a web browse...
Page 89
Chapter 3: working with target servers 79 note: the keyboard indicator should be used on linux systems using gnome as a desktop environment. View options view toolbar you can use the virtual kvm client with or without the toolbar display. To toggle the display of the toolbar (on and off): choose vie...
Page 90
Chapter 3: working with target servers 80 help options about raritan virtual kvm client this menu command provides version information about the virtual kvm client, in case you require assistance from raritan technical support. To obtain version information: 1. Choose help > about raritan virtual kv...
Page 91
Chapter 3: working with target servers 81 akc supported .Net framework, operating systems and browsers .Net framework akc requires windows .Net ® version 3.5, and will work with both 3.5 and 4.0 installed. Operating systems akc is compatible with the following platforms running .Net framework 3.5: w...
Page 92
Chapter 3: working with target servers 82 prerequisites for using akc in order to use akc: ensure the cookies from the ip address of the device that is being accessed are not currently being blocked. Windows vista, windows 7 and windows 2008 server users should ensure that the ip address of the devi...
Page 93
Chapter 3: working with target servers 83 1. To open mpc from a client running any supported browser, type http://ip-address/mpc into the address line, where ip-address is the ip address of your raritan device. Mpc will open in a new window. Note: the alt+tab command will toggle between windows only...
Page 94
Chapter 3: working with target servers 84 opening rsc from the remote console to open the raritan serial console (rsc) from the remote console: 1. Select the port access tab. 2. Click the name of the serial port you want to access for the rsc. Note: a security pop-up screen appears only if you used ...
Page 95
Chapter 3: working with target servers 85 2. Enter the device's ip address, account information, and the desired target (port). 3. Click start. Rsc opens with a connection to the port. Note: if you experience unrecognized characters or blurry pages in the rsc window due to localization support, try ...
Page 96: Control
86 in this chapter overview .................................................................................................. 86 turning outlets on/off and cycling power ............................................. 87 overview the ksx ii allows you to control raritan px and rpc series rack pdu (po...
Page 97
Chapter 4: rack pdu (power strip) outlet control 87 initially, when you open the powerstrip page, the power strips that are currently connected to the ksx ii are displayed in the powerstrip drop-down. Additionally, information relating to the currently selected power strip is displayed. If no power ...
Page 98
Chapter 4: rack pdu (power strip) outlet control 88 5. Click ok to close the power on confirmation dialog. The outlet will be turned on and its state will be displayed as 'on'. To turn an outlet off: 1. Click off. 2. Click ok on the power off dialog. 3. Click ok on the power off confirmation dialog....
Page 99
Chapter 4: rack pdu (power strip) outlet control 89 2. Click ok. The outlet will then cycle (note that this may take a few seconds). 3. Once the cycling is complete the dialog will open. Click ok to close the dialog..
Page 100: Chapter 5 Virtual Media
90 in this chapter overview .................................................................................................. 91 prerequisites for using virtual media ...................................................... 94 using virtual media via vkc and akc in a windows environment ........ 95 u...
Page 101
Chapter 5: virtual media 91 overview virtual media extends kvm capabilities by enabling kvm target servers to remotely access media from a client pc and network file servers. With this feature, media mounted on a client pc and network file servers is essentially "mounted virtually" by the target ser...
Page 102
Chapter 5: virtual media 92.
Page 103
Chapter 5: virtual media 93 diagram key desktop pc cd/dvd drive ksx ii usb mass storage device cim pc hard drive target server remote file server (iso images).
Page 104
Chapter 5: virtual media 94 prerequisites for using virtual media with the virtual media feature, you can mount up to two drives (of different types) that are supported by the usb profile currently applied to the target. These drives are accessible for the duration of the kvm session. For example, y...
Page 105
Chapter 5: virtual media 95 using virtual media via vkc and akc in a windows environment windows xp ® operating system administrator and standard user privileges vary from those of the windows vista ® operating system and the windows 7 ® operating system. When enabled in vista or windows 7, user acc...
Page 106
Chapter 5: virtual media 96 using virtual media with the ksx ii virtual media feature, you can mount up to two drives (of different types). These drives are accessible for the duration of the kvm session. For example, you can mount a specific cd-rom, use it, and then disconnect it when you are done....
Page 107
Chapter 5: virtual media 97 target server kvm target servers must support usb connected drives. Kvm target servers running the windows 2000 ® operating system must have all of the recent patches installed. 1. Usb 2.0 ports are both faster and preferred.. 2. If you plan to access file server iso imag...
Page 108
Chapter 5: virtual media 98 file server setup (file server iso images only) note: this feature is only required when using virtual media to access file server iso images. Iso9660 format is the standard supported by raritan. However, other cd-rom extensions may also work. Note: smb/cifs support is re...
Page 109
Chapter 5: virtual media 99 note: you cannot access a remote iso image via virtual media using an ipv6 address due to technical limitations of third-party software used by the by the kx, ksx or kx101 g2 device. Note: if you are connecting to a windows 2003 ® server and attempt to load an iso image f...
Page 110
Chapter 5: virtual media 100 connecting to virtual media local drives this option mounts an entire drive, which means the entire disk drive is mounted virtually onto the target server. Use this option for hard drives and external drives only. It does not include network drives, cd-rom, or dvd-rom dr...
Page 111
Chapter 5: virtual media 101 warning: enabling read/write access can be dangerous! Simultaneous access to the same drive from more than one entity can result in data corruption. If you do not require write access, leave this option unselected. 4. Click connect. The media will be mounted on the targe...
Page 112
Chapter 5: virtual media 102 2. For internal and external cd-rom or dvd-rom drives: a. Choose the local cd/dvd drive option. B. Choose the drive from the local cd/dvd drive drop-down list. All available internal and external cd and dvd drive names will be populated in the drop-down list. C. Click co...
Page 113
Chapter 5: virtual media 103 disconnecting virtual media to disconnect the virtual media drives: for local drives, choose virtual media > disconnect drive. For cd-rom, dvd-rom, and iso images, choose virtual media > disconnect cd-rom/iso image. Note: in addition to disconnecting the virtual media us...
Page 114: Chapter 6 Usb Profiles
104 in this chapter overview ................................................................................................ 104 cim compatibility .................................................................................. 105 available usb profiles .............................................
Page 115
Chapter 6: usb profiles 105 cim compatibility in order to make use of usb profiles, you must use a d2cim-vusb or d2cim-dvusb with updated firmware. A vm-cim that has not had its firmware upgraded will support a broad range of configurations (keyboard, mouse, cd-rom, and removable drive) but will not...
Page 116
Chapter 6: usb profiles 106 usb profile description restrictions: usb bus speed limited to full-speed (12 mbit/s) no virtual media support bios dellpoweredge keyboard only dell poweredge bios access (keyboard only) use this profile to have keyboard functionality for the dell poweredge bios when usin...
Page 117
Chapter 6: usb profiles 107 usb profile description bios generic bios generic use this profile when generic os profile does not work on the bios. Warning: usb enumeration will trigger whenever virtual media is connected or disconnected. Restrictions: usb bus speed limited to full-speed (12 mbit/s) a...
Page 118
Chapter 6: usb profiles 108 usb profile description module d2cim-dvusb is connected to the advanced management module. Restrictions: virtual cd-rom and disk drives cannot be used simultaneously bios lenovo thinkpad t61 & x61 bios lenovo thinkpad t61 and x61 (boot from virtual media) use this profile...
Page 119
Chapter 6: usb profiles 109 usb profile description installation) use this profile for the hp proliant dl360/dl380 g4 series server when installing windows 2003 server without the help of hp smartstart cd. Restrictions: usb bus speed limited to full-speed (12 mbit/s) linux ® generic linux profile th...
Page 120
Chapter 6: usb profiles 110 usb profile description restrictions: virtual cd-rom and disk drives cannot be used simultaneously suse 9.2 suse linux 9.2 use this for suse linux 9.2 distribution. Restrictions: absolute mouse synchronization™ not supported usb bus speed limited to full-speed (12 mbit/s)...
Page 121
Chapter 6: usb profiles 111 usb profile description virtual cd-rom and disk drives cannot be used simultaneously warning: usb enumeration will trigger whenever virtual media is connected or disconnected. Use full speed for virtual media cim use full speed for virtual media cim this profile resembles...
Page 122
Chapter 6: usb profiles 112 mouse modes when using the mac os-x usb profile with a dcim-vusb if you are using a dcim-vusb, using a mac os-x ® usb profile, and running mac os-x 10.4.9 (or later), when you reboot you must be in single mouse mode to use the mouse at the boot menu. To configure the mous...
Page 123
113 in this chapter user groups .......................................................................................... 113 users ..................................................................................................... 120 authentication settings ........................................
Page 124
Chapter 7: user management 114 user group list user groups are used with local and remote authentication (via radius or ldap/ldaps). It is a good idea to define user groups before creating individual users since, when you add a user, you must assign that user to an existing user group. The user grou...
Page 125
Chapter 7: user management 115 the group page is organized into the following categories: group, permissions, port permissions, and ip acl. 2. Type a descriptive name for the new user group into the group name field (up to 64 characters). 3. Set the permissions for the group. Select the checkboxes b...
Page 126
Chapter 7: user management 116 3. Select the appropriate permissions. 4. Click ok. Note: see alternate radius authentication settings for information on additional settings if you are using alternate radius authentication. Permissions important: selecting the user management checkbox allows the memb...
Page 127
Chapter 7: user management 117 permission description management authentication (ldap/ldaps/radius), login settings port permissions for each server port, you can specify the access type the group has, as well as the type of port access to the virtual media and the power control. Please note that th...
Page 128
Chapter 7: user management 118 group-based ip acl (access control list) important: exercise caution when using group-based ip access control. It is possible to be locked out of your ksx ii if your ip address is within a range that has been denied access. This feature limits access to the ksx ii devi...
Page 129
Chapter 7: user management 119 4. Click insert. If the rule number you just typed equals an existing rule number, the new rule is placed ahead of the exiting rule and all rules are moved down in the list. To replace a rule: 1. Specify the rule number you want to replace. 2. Type the starting ip and ...
Page 130
Chapter 7: user management 120 4. Set the ip acl (optional). This feature limits access to the ksx ii device by specifying ip addresses. See group-based ip acl (access control list). 5. Click ok. To delete a user group: important: if you delete a group with users in it, the users are automatically a...
Page 131
Chapter 7: user management 121 adding a new user it is a good idea to define user groups before creating ksx ii users because, when you add a user, you must assign that user to an existing user group. Refer to adding a new user group (on page 114) for more information. From the user page, you can ad...
Page 132
Chapter 7: user management 122 modifying an existing user to modify an existing user: 1. Open the user list page by choosing user management > user list. 2. Locate the user from among those listed on the user list page. 3. Click the user name. The user page opens. 4. On the user page, change the app...
Page 133
Chapter 7: user management 123 authentication settings authentication is the process of verifying that a user is who he says he is. Once a user is authenticated, the user's group is used to determine his system and port permissions. The user's assigned privileges determine what type of access is all...
Page 134
Chapter 7: user management 124 implementing ldap/ldaps remote authentication lightweight directory access protocol (ldap/ldaps) is a networking protocol for querying and modifying directory services running over tcp/ip. A client starts an ldap session by connecting to an ldap/ldaps server (through t...
Page 135
Chapter 7: user management 125 9. In the user search dn field, enter the distinguished name of where in the ldap database you want to begin searching for user information. Up to 64 characters can be used. An example base search value might be: cn=users,dc=raritan,dc=com. Consult your authentication ...
Page 136
Chapter 7: user management 126 13. Select the enable secure ldap checkbox if you would like to use ssl. This will enable the enable ldaps server certificate validation checkbox. Secure sockets layer (ssl) is a cryptographic protocol that allows ksx ii to communicate securely with the ldap/ldaps serv...
Page 137
Chapter 7: user management 127 18. The ksx ii provides you with the ability to test the ldap configuration from the authentication settings page due to the complexity sometimes encountered with successfully configuring the ldap server and ksx ii for remote authentication. To test the ldap configurat...
Page 138
Chapter 7: user management 128 4. From the ksx ii, enable and configure your ad server properly. See implementing ldap/ldaps remote authentication. Important notes: group name is case sensitive. The ksx ii provides the following default groups that cannot be changed or deleted: admin and . Verify th...
Page 139
Chapter 7: user management 129 8. The timeout is recorded in seconds and default timeout is 1 second, but can be changed as required. The timeout is the length of time the ksx ii waits for a response from the radius server before sending another authentication request. 9. The default number of retri...
Page 140
Chapter 7: user management 130  chap - with chap, authentication can be requested by the server at any time. Chap provides more security than pap..
Page 141
Chapter 7: user management 131 returning user group information via radius when a radius authentication attempt succeeds, the ksx ii determines the permissions for a given user based on the permissions of the user's group. Your remote radius server can provide these user group names by returning an ...
Page 142
Chapter 7: user management 132 attribute data log out accounting-request(4) acct-status (40) stop(2) - stops the accounting nas-port-type (61) virtual (5) for network connections. Nas-port (5) always 0. Nas-ip-address (4) the ip address for the ksx ii. User-name (1) the user name entered at the logi...
Page 143
Chapter 7: user management 133 user authentication process remote authentication follows the process specified in the flowchart below:.
Page 144
Chapter 7: user management 134 changing a password to change your password: 1. Choose user management > change password. The change password page opens. 2. Type your current password in the old password field. 3. Type a new password in the new password field. Retype the new password in the confirm n...
Page 145
135 in this chapter network settings ................................................................................... 135 device services ..................................................................................... 140 configuring modem settings .............................................
Page 146
Chapter 8: device management 136 network basic settings these procedures describe how to assign an ip address on the network settings page. For complete information about all of the fields and the operation of this page, see network settings. To assign an ip address: 1. Choose device settings > netw...
Page 147
Chapter 8: device management 137 d. Enter the gateway ip address. E. Link-local ip address. This address is automatically assigned to the device. It is used for neighbor discovery or when no routers are present. Read-only f. Zone id. This identifies the device with which the address is associated. R...
Page 148
Chapter 8: device management 138 see lan interface settings (on page 138) for information in configuring this section of the network settings page. Note: in some environments, the default lan interface speed & duplex setting autodetect (autonegotiator) does not properly set the network parameters, w...
Page 149
Chapter 8: device management 139  autodetect (default option)  10 mbps/half - both leds blink  10 mbps/full - both leds blink  100 mbps/half - yellow led blinks  100 mbps/full - yellow led blinks  1000 mbps/full (gigabit) - green led blinks  half-duplex provides for communication in both dire...
Page 150
Chapter 8: device management 140 device services the device services page allows you to configure the following functions: enabling telnet enabling ssh access configuring http and https port settings enabling serial console access configuring the discovery port access enabling direct port access ena...
Page 151
Chapter 8: device management 141 http and https port settings you are able to configure http and/or https ports used by the ksx ii. For example, if you are using the default http port 80 for another purpose, changing the port will ensure the ksx ii does not attempt to use it. To change the http and/...
Page 152
Chapter 8: device management 142 enabling direct port access via url direct port access allows users to bypass having to use the device's login dialog and port access page. This feature also provides the ability to enter a username and password directly and proceed to the target if the username and ...
Page 153
Chapter 8: device management 143 3. Click ok. Configuring direct port access via telnet, ip address or ssh the information in this topic is specific to enabling direct port access for serial targets. Use the enable direct port access via url option on the device services page to enable direct port a...
Page 154
Chapter 8: device management 144 configure the telnet tcp port as "7770". Once this is done, connection to the target can be done using "telnet ip address> 7770".  direct port access via ssh port: configure the ssh tcp port as "7888". Once this is done, connection to the target can be done by using...
Page 155
Chapter 8: device management 145 once you have created the direct port access, it can be connected in a client application such as putty. Following is an example of how the direct port access information would appear in putty. Note that putty is not the only client application that can be used. It i...
Page 156
Chapter 8: device management 146 enabling the akc download server certificate validation if you are using the akc client, you can choose to use the enable akc download server certificate validation feature or opt not to use this feature. Option 1: do not enable akc download server certificate valida...
Page 157
Chapter 8: device management 147 3. Click ok. Configuring modem settings to configure modem settings: 1. Click device settings > modem settings to open the modem settings page. 2. Check enable modem, if needed. 3. Enter the ppp server ip address. The internet address assigned to the ksx ii when a co...
Page 158
Chapter 8: device management 148 configuring date/time settings use the date/time settings page to specify the date and time for the ksx ii. There are two ways to do this: manually set the date and time. Synchronize the date and time with a network time protocol (ntp) server. To set the date and tim...
Page 159
Chapter 8: device management 149 6. Click ok. Event management the ksx ii event management feature allows you enable and disable the distribution of system events to snmp managers, the syslog and the audit log. These events are categorized, and for each event you can determine whether you want the e...
Page 160
Chapter 8: device management 150 configuring event management settings snmp configuration simple network management protocol (snmp) is a protocol governing network management and the monitoring of network devices and their functions. Ksx ii offers snmp agent support through event management. To conf...
Page 161
Chapter 8: device management 151 4. Type the agent community string (the device's string). An snmp community is the group that devices and management stations running snmp belong to. It helps define where information is sent. The community name is used to identify the group. The snmp device or agent...
Page 162
Chapter 8: device management 152 configuring event management - destinations system events, if enabled, can generate snmp notification events (traps), or can be logged to syslog or audit log. Use the event management - destinations page to select which system events to track and where to send this i...
Page 163
Chapter 8: device management 153 snmp trap configuration snmp provides the ability to send traps, or notifications, to advise an administrator when one or more conditions have been met. The following table lists the ksx ii snmp traps: trap name description cimconnected a cim is plugged into to the k...
Page 164
Chapter 8: device management 154 trap name description network. Networkparameterchanged a change has been made to the network parameters. Passwordsettingschanged strong password settings have changed. Portconnect a previously authenticated user has begun a kvm session. Portconnectiondenied a connect...
Page 165
Chapter 8: device management 155 trap name description userauthenticationfailure a user attempted to log in without a correct username and/or password. Userconnectionlost a user with an active session has experienced an abnormal session termination. Userdeleted a user account has been deleted. Userl...
Page 166
Chapter 8: device management 156  port name - the name assigned to the port. A port name displayed in black indicates that you cannot change the name and that the port cannot be edited; port names displayed in blue can be edited. Note: do not use apostrophes for the port (cim) name.  port type por...
Page 167
Chapter 8: device management 157  for serial ports, the port page for serial ports is opened..
Page 168
Chapter 8: device management 158 power control power control is configured on the port page. The port page opens when you select a port that is connected to a target server from the port configuration page. From the port page, you can make power associations and change the port name to something mor...
Page 169
Chapter 8: device management 159 assigning a name to the px the portpage opens when you select a port on the port configuration page. The port appears on this page when connected to a raritan remote rack pdu (power strip). The type and the name fields are prepopulated. Use this page to name the rack...
Page 170
Chapter 8: device management 160 to remove a rack pdu association: 1. Select the appropriate rack pdu from the power strip name drop-down list. 2. For that rack pdu, select the appropriate outlet from the outlet name drop-down list. 3. From the outlet name drop-down list, select none. 4. Click ok. T...
Page 171
Chapter 8: device management 161 configuring blade chassis in addition to standard servers and rack pdus (power strips), you can control blade chassis that are plugged into a dominion device port. Up to eight blade chassis can be managed at a given time. As with standard servers, blade chassis are a...
Page 172
Chapter 8: device management 162 the use of hot key sequences to switch kvm access to a blade chassis is also supported. For blade chassis that allow users to select a hot key sequence, those options will be provided on the port configuration page. For blade chassis that come with predefined hot key...
Page 173
Chapter 8: device management 163 3. On the port configuration page, click on the name of the blade chassis you want to configure. The port page will open. 4. Select the blade chassis radio button. The page will then display the necessary fields to configure a blade chassis. 5. Select generic from th...
Page 174
Chapter 8: device management 164 c. Username - enter the username used to access the interface. Optional d. Password - enter the password used to access the interface. Optional note: leave the username and password fields blank for drac, ilo, and rsa web applications or the connection will fail. E. ...
Page 175
Chapter 8: device management 165 to configure a dell poweredge m1000e: 1. If you selected dell poweredge ™ m1000e, auto-discovery is available. Configure the blade chassis as applicable. Prior to configuring a blade chassis that can be auto-discovered, it must be configured to enable ssh connections...
Page 176
Chapter 8: device management 166 the first url link is intended for use to connect to the blade chassis administration module gui. Note: access to the url links entered in this section of the page is governed by the blade chassis port permissions. A. Active - to activate the link once it is configur...
Page 177
Chapter 8: device management 167 b. Maximum number of slots - the default maximum number of slots available on the blade chassis is automatically entered. C. Administrative module primary ip address/host name - not applicable. D. Port number - the default port number for the blade chassis is 22. Not...
Page 178
Chapter 8: device management 168 e. The username field and password field, which are both optional, contain the labels that are expected to be associated with the username and password entries. It is in these fields you should enter the field names for the username and password fields used on the lo...
Page 179
Chapter 8: device management 169 d. Port number - the default port number for the blade chassis is 22. Change the port number if applicable. Required for auto-discovery mode e. Username - enter the username used to access the blade chassis. Required for auto-discovery mode f. Password - enter the pa...
Page 180
Chapter 8: device management 170 note: leave the username and password fields blank for drac, ilo, and rsa web applications or the connection will fail. E. The username field and password field, which are both optional, contain the labels that are expected to be associated with the username and pass...
Page 181
Chapter 8: device management 171 4. In the blade chassis managed links section of the page, you are able to configure the connection to a blade chassis web browser interface if one is available. Click the blade chassis managed links icon to expand the section on the page. The first url link is inten...
Page 182
Chapter 8: device management 172 tips for adding a web browser interface you can add a web browser interface to create a connection to a device with an embedded web server. A web browser interface can also be used to connect to any web application, such as the web application associated with an rsa,...
Page 183
Chapter 8: device management 173 hp blade chassis configuration (port group management) the ksx ii supports the aggregation of ports connected to certain types of blades into a group representing the blade chassis. Specifically, hp ® bladeserver blades and dell ® poweredge ™ 1855/1955 blades when th...
Page 184
Chapter 8: device management 174 3. Enter a port group name. The port group name is not case sensitive and can contain up to 32 characters. 4. Select the blade server group checkbox. If you want to designate that these ports are attached to blades housed in a blade chassis (for example, hp c3000 or ...
Page 185
Chapter 8: device management 175 to delete a port group: 1. Click on the port group management page, select the checkbox of the port group you want to delete. 2. Click the delete button. 3. Click ok on the warning message. Supported blade chassis models this table contains the blade chassis models t...
Page 186
Chapter 8: device management 176 supported cims for blade chassis the following cims are supported for blade chassis being managed through the ksx ii: dcim-ps2 dcim-usbg2 d2cim-vusb d2cim-dvusb following is a table containing supported cims for each blade chassis model that the ksx ii supports. Blad...
Page 187
Chapter 8: device management 177 blade chassis connection method recommended cim(s) m1000e with this chassis. The ikvm is compatible with the following peripherals: usb keyboards, usb pointing devices vga monitors with ddc support. Source: dell chassis management controller, firmware version 1.0, us...
Page 188
Chapter 8: device management 178 blade chassis connection method recommended cim(s) one advanced management module. In contrast to the standard bladecenter chassis, the kvm module and the management module in the bladecenter t chassis are separate components. The front of the management module only ...
Page 189
Chapter 8: device management 179 blade chassis required/recommended action slot, not by name. Ikvm may not work correctly if this is not done. Do not designate any slots for scan operations in the ikvm gui setup scan menu. Ikvm may not work correctly otherwise. Do not designate any slots for broadca...
Page 190
Chapter 8: device management 180 blade chassis required/recommended action management module. The ssh port configured on the blade chassis management module and the port number entered on the port configuration page must match. Ibm kx2 virtual media raritan ksx ii virtual media is supported only on ...
Page 191
Chapter 8: device management 181 configuring usb profiles (port page) you choose the available usb profiles for a port in the select usb profiles for port section of the port page. The usb profiles chosen in the port page become the profiles available to the user in vkc when connecting to a kvm targ...
Page 192
Chapter 8: device management 182  ctrl-click to select several discontinuous profiles. 2. Click add. The selected profiles appear in the selected list. These are the profiles that can be used for the kvm target server connected to the port. To specify a preferred usb profile: 1. After selecting the...
Page 193
Chapter 8: device management 183 2. Click remove. The selected profiles appear in the available list. These profiles are no longer available for a kvm target server connected to this port. To apply a profile selection to multiple ports: 1. In the apply selected profiles to other ports section, selec...
Page 194
Chapter 8: device management 184  german (germany)  jis (japanese industry standard)  simplified chinese  traditional chinese  dubeolsik hangul (korean)  german (switzerland)  portuguese (portugal)  norwegian (norway)  swedish (sweden)  danish (denmark)  belgian (belgium) note: keyboard u...
Page 195
Chapter 8: device management 185 a. Select the power save mode checkbox. B. Set the amount of time (in minutes) in which power save mode will be initiated. 8. Choose the resolution for the ksx ii local console from the drop-down list. The browser will be restarted when this change is made.  800x600...
Page 196
Chapter 8: device management 186 port keywords port keywords work as a filter. If a keyword is detected, a corresponding message be logged in a local port log and a corresponding trap will be sent via snmp (if configured). Defining keywords guarantees that only messages that contain those keywords a...
Page 197
Chapter 8: device management 187 2. Define a keyword for the first time, by clicking the add button on the port keyword list page. The add keyword page will then open. Follow steps 3 - 5 to create new keywords. 3. Type a keyword in the keyword field and then click the add button. The keyword will be...
Page 198
Chapter 8: device management 188 port group management this function is specific to hp blade chassis configuration. See hp blade chassis configuration (port group management) (on page 173)..
Page 199
189 in this chapter security settings .................................................................................... 189 configuring ip access control .............................................................. 198 ssl certificates ..............................................................
Page 200
Chapter 9: security management 190 to reset back to defaults: click reset to defaults. Login limitations using login limitations, you can specify restrictions for single login, password aging, and the logging out idle users. Limitation description enable single login limitation when selected, only o...
Page 201
Chapter 9: security management 191 limitation description change is required. The default is 60 days. Log out idle users, after (1-365 minutes) select the "log off idle users" checkbox to automatically disconnect users after the amount of time you specify in the "after (1-365 minutes)" field. If the...
Page 202
Chapter 9: security management 192 field description numeric character character is required in the password. Enforce at least one printable special character when checked, at least one special character (printable) is required in the password. Number of restricted passwords based on history this fi...
Page 203
Chapter 9: security management 193 option description timer lockout users are denied access to the system for the specified amount of time after exceeding the specified number of unsuccessful login attempts. When selected, the following fields are enabled:  attempts - the number of unsuccessful log...
Page 204
Chapter 9: security management 194 encryption mode description auto this is the recommended option. The ksx ii autonegotiates to the highest level of encryption possible. You must select auto in order for the device and client to successfully negotiate the use of fips compliant algorithms. Rc4 secur...
Page 205
Chapter 9: security management 195 2. Apply encryption mode to kvm and virtual media. When selected, this option applies the selected encryption mode to both kvm and virtual media. After authentication, kvm and virtual media data is also transferred with 128-bit encryption. 3. For government and oth...
Page 206
Chapter 9: security management 196 checking your browser for aes encryption the ksx ii supports aes-256. If you do not know if your browser uses aes, check with the browser manufacturer or navigate to the https://www.Fortify.Net/sslcheck.Html website using the browser with the encryption method you ...
Page 207
Chapter 9: security management 197 for additional security, you can also create a new certificate signing request once fips mode is activated. This will be created using the required key ciphers. Upload the certificate after it is signed or create a self-signed certificate. The ssl certificate statu...
Page 208
Chapter 9: security management 198 configuring ip access control using ip access control, you can control access to your ksx ii. By setting a global access control list (acl) you are ensuring that your device does not respond to packets being sent from disallowed ip addresses. The ip access control ...
Page 209
Chapter 9: security management 199 4. Click insert. If the rule # you just typed equals an existing rule #, the new rule is placed ahead of the exiting rule and all rules are moved down in the list. Tip: the rule numbers allow you to have more control over the order in which the rules are created. T...
Page 210
Chapter 9: security management 200 ssl certificates the ksx ii uses the secure socket layer (ssl) protocol for any encrypted network traffic between itself and a connected client. When establishing a connection, the ksx ii has to identify itself to a client using a cryptographic certificate. It is p...
Page 211
Chapter 9: security management 201 j. Key length - the length of the generated key in bits. 1024 is the default. K. Select the create a self-signed certificate checkbox (if applicable). 3. Click create to generate the certificate signing request (csr). To download a csr certificate: 1. The csr and t...
Page 212
Chapter 9: security management 202 security banner ksx ii provides you with the ability to add a security banner to the ksx ii login process. This feature requires users to either accept or decline a security agreement before they can access the ksx ii. The information provided in a security banner ...
Page 213
Chapter 9: security management 203 note: you cannot upload a text file from the local port..
Page 214: Chapter 10 Maintenance
204 in this chapter maintenance features (local/remote console) ................................... 204 audit log................................................................................................ 205 device information ......................................................................
Page 215
Chapter 10: maintenance 205 audit log a log is created of the ksx ii system events. To view the audit log for your ksx ii: 1. Choose maintenance > audit log. The audit log page opens. The audit log page displays events by date and time (most recent events listed first). The audit log provides the fo...
Page 216
Chapter 10: maintenance 206 device information the device information page provides detailed information about your ksx ii device and the cims in use. This information is helpful should you need to contact raritan technical support. To view information about your dominion ksx ii and cims: choose mai...
Page 217
Chapter 10: maintenance 207 backup and restore from the backup/restore page, you can backup and restore the settings and configuration for your ksx ii. In addition to using backup and restore for business continuity purposes, you can use this feature as a time-saving mechanism. For instance, you can...
Page 218
Chapter 10: maintenance 208 if you are using internet explorer 6 or higher, to backup your ksx ii: 1. Click backup. A file download dialog appears that contains an open button. Do not click open. In ie 6 and higher, ie is used as the default application to open files, so you are prompted to open the...
Page 219
Chapter 10: maintenance 209 full restore - a complete restore of the entire system. Generally used for traditional backup and restore purposes. Protected restore - everything is restored except device-specific information such as ip address, name, and so forth. With this option, you can setup one ks...
Page 220
Chapter 10: maintenance 210 usb profile management from the usb profile management page, you can upload custom profiles provided by raritan tech support. These profiles are designed to address the needs of your target server ‟s configuration, in the event that the set of standard profiles does not a...
Page 221
Chapter 10: maintenance 211 as noted, you may delete a custom profile from the system while it is still designated as an active profile. Doing so will terminate any virtual media sessions that were in place. Handling conflicts in profile names a naming conflict between custom and standard usb profil...
Page 222
Chapter 10: maintenance 212 3. Click the upgrade button. You are prompted to confirm the upgrade. 4. Click ok to continue the upgrade. Progress bars are displayed during the upgrade. Upgrading takes approximately 2 minutes or less per cim. Upgrading firmware use the firmware upgrade page to upgrade ...
Page 223
Chapter 10: maintenance 213 7. Click upload from the firmware upgrade page. Information about the upgrade and version numbers is displayed (if you opted to review cim information, that information is displayed as well). Note: at this point, connected users are logged off and new login attempts are b...
Page 224
Chapter 10: maintenance 214 9. As prompted, close the browser and wait approximately 5 minutes before logging on to the ksx ii again. Upgrade history the ksx ii provides information about upgrades performed on the ksx ii and attached cims. To view the upgrade history: choose maintenance > upgrade hi...
Page 225
Chapter 10: maintenance 215 information is provided about the ksx ii upgrade(s) that have been run, the final status of the upgrade, the start and end times, and the previous and current firmware versions. Information is also provided about the cims, which can be obtained by clicking the show link f...
Page 226
Chapter 10: maintenance 216 2. Click reboot. You are prompted to confirm the action. Click yes to proceed with the reboot. Cc unmanage when a ksx ii device is under commandcenter secure gateway control and you attempt to access the device directly using the ksx ii remote console, the following messa...
Page 227
Chapter 10: maintenance 217 stopping cc-sg management while the ksx ii is under cc-sg management, if you try to access the device directly, you are notified that it the device is under cc-sg management. If you are managing the ksx ii through cc-sg and connectivity between cc-sg and the ksx ii is los...
Page 228
Chapter 10: maintenance 218 3. Click yes to remove the device cc-sg management. Once cc-sg management has ended, a confirmation will be displayed..
Page 229: Chapter 11 Diagnostics
219 the diagnostics pages are used for troubleshooting and are intended primarily for the administrator of the ksx ii device. All of the diagnostics pages (except device diagnostics) run standard networking commands and the information that is displayed is the output of those commands. The diagnosti...
Page 230
Chapter 11: diagnostics 220  statistics - produces a page similar to the one displayed here.  interfaces - produces a page similar to the one displayed here..
Page 231
Chapter 11: diagnostics 221  route - produces a page similar to the one displayed here. 3. Click refresh. The relevant information is displayed in the result field. Ping host page ping is a network tool used to test whether a particular host or ip address is reachable across an ip network. Using th...
Page 232
Chapter 11: diagnostics 222 3. Click ping. The results of the ping are displayed in the result field. Trace route to host page trace route is a network tool used to determine the route taken to the provided hostname or ip address. To trace the route to the host: 1. Choose diagnostics > trace route t...
Page 233
Chapter 11: diagnostics 223 device diagnostics note: this page is for use by raritan field engineers or when you are directed by raritan technical support. Device diagnostics downloads the diagnostics information from ksx ii to the client machine. Two operations can be performed on this page: operat...
Page 234
Chapter 11: diagnostics 224 3. To create a diagnostics file to send to raritan technical support: a. Click the save to file button. The file download dialog appears. B. Click save. The save as dialog appears. C. Navigate to the desired directory and click save. 4. Email this file as directed by rari...
Page 235
225 in this chapter overview ................................................................................................ 226 accessing the ksx ii using cli ............................................................ 227 ssh connection to the ksx ii ................................................
Page 236
Chapter 12: command line interface (cli) 226 overview the ksx ii serial console supports all serial devices such as: servers, including windows server 2003 ® when using the emergency management console (ems-) special administration console, or sac with bios redirection in the server bios. Routers la...
Page 237
Chapter 12: command line interface (cli) 227 accessing the ksx ii using cli access the ksx ii by using one of the following methods: telnet via ip connection ssh (secure shell) via ip connection local port-via rs-232 serial interface a number of ssh/telnet clients are available and can be obtained f...
Page 238
Chapter 12: command line interface (cli) 228 telnet connection to the ksx ii due to the lack of security, user name, password and all traffic is in clear-text on the wire. Telnet access is disabled by default. Enabling telnet if you wish to use telnet to access the ksx ii, first access the ksx ii fr...
Page 239
Chapter 12: command line interface (cli) 229 port settings ensure that the port settings (serial communication parameters) are configured as follows: data bits = 8 parity = none stop bits =1 flow control = none bits per second = 9600 logging on to log in, enter the user name admin as shown: 1. Log i...
Page 240
Chapter 12: command line interface (cli) 230 after reviewing the following navigation of the cli (on page 231) section, perform the initial configuration tasks. Welcome! 192.168.59.202 login: admin passwd: ---------------------------------------------------- ---------------------------- device type:...
Page 241
Chapter 12: command line interface (cli) 231 login as: janet password: authentication successful. ---------------------------------------------------- ------------ welcome to the ksx ii [model: ksx2] unitname:ksx ii firmwareversion:3.0.0.5.1 serial:wacea00008 ip address:192.168.51.194 useridletimeou...
Page 242
Chapter 12: command line interface (cli) 232 cli syntax -tips and shortcuts tips commands are listed in alphabetical order. Commands are not case sensitive. Parameter names are single word without underscore. Commands without arguments default to show current settings for the command. Typing a quest...
Page 243
Chapter 12: command line interface (cli) 233 initial configuration using cli note: these steps, which use the cli, are optional since the same configuration can be done via kvm. See getting started for more information. Ksx ii devices come from the factory with default factory settings. When you fir...
Page 244
Chapter 12: command line interface (cli) 234 the ksx ii now has the basic configuration and can be accessed remotely via ssh, gui, or locally using the local serial port. The administrator needs to configure the users and groups, services, security, and serial ports to which the serial targets are a...
Page 245
Chapter 12: command line interface (cli) 235 security issues elements to consider when addressing security for console servers: encrypting the data traffic sent between the operator console and the ksx ii device. Providing authentication and authorization for users. Security profile. The ksx ii supp...
Page 246
Chapter 12: command line interface (cli) 236 port sharing using cli it is possible for access client users to share ports with other authenticated and authorized users, regardless of whether they are access client users (rsc) or ssh/telnet users. Port sharing is used for training or for troubleshoot...
Page 247
Chapter 12: command line interface (cli) 237 interface command theinterface command is used to configure the ksx ii network interface. The syntax of the interface command is: interface [ipauto ] [ip ] [mask ] [gw ] [mode ] set/get ethernet parameters ipauto ip auto configuration (none/dhcp) ip ip ad...
Page 248
Chapter 12: command line interface (cli) 238 connect commands the connect commands provide a means to access ports and their history. Command description connect connect to a port. The port sub-menu, reached using escape key sequence. Clearhistory clear history buffer for this port. Only available t...
Page 249
Chapter 12: command line interface (cli) 239 ipv6 command use the ipv6_command to set ipv6 network parameters and retrieve existing ipv6 parameters..
Page 250
240 in this chapter overview ................................................................................................ 240 using the ksx ii local console ............................................................ 240 ksx ii local console interface ..............................................
Page 251
Chapter 13: ksx ii local console 241 ksx ii local console interface when you are located at the server rack, the ksx ii provides standard kvm management and administration via the ksx ii local console. The ksx ii local console provides a direct kvm (analog) connection to your connected servers; the ...
Page 252
Chapter 13: ksx ii local console 242 local console smart card access to use a smart card to access a server at the local console, plug a usb smart card reader into the ksx ii using one of the usb ports located on the ksx ii. Once a smart card reader is plugged in or unplugged from the ksx ii, the ks...
Page 253
Chapter 13: ksx ii local console 243 to update the card readers detected list: click refresh if a new smart card has been mounted. The card readers detected list will be refreshed to reflect the newly added smart card reader. Local console usb profile options from the usb profile options section of ...
Page 254
Chapter 13: ksx ii local console 244 3. Click ok. The usb profile will be applied to the local port and will appear in the profile in use field. Available resolutions the ksx ii local console provides the following resolutions to support various monitors: 800x600 1024x768 1280x1024 each of these res...
Page 255
Chapter 13: ksx ii local console 245 port access page (local console server display) after you login to the ksx ii local console, the port access page opens. This page lists all of the ksx ii ports, the connected kvm target servers, and their status and availability. Also displayed on the port acces...
Page 256
Chapter 13: ksx ii local console 246 3. Click the port name of the target server you want to access. The port action menu appears. See port action menu (on page 46) for details on available menu options. 4. Choose the desired menu command from the port action menu. To change the display sort order: ...
Page 257
Chapter 13: ksx ii local console 247 status - the status is either up or down. To change the sort order:  click the column heading you want to sort by. The list of kvm target servers is sorted by that column. Hot keys and connect keys because the ksx ii local console interface is completely replace...
Page 258
Chapter 13: ksx ii local console 248 blade chassis connect key action key sequence example switch between ports switch from target port 5, slot 2 to port 5, slot 11: press left alt > press and release 5 > press and release - > press and release 1 > press and release 1 > release left alt disconnect f...
Page 259
Chapter 13: ksx ii local console 249 language regions keyboard layout japanese japan jis keyboard french france french (azerty) layout keyboard. German germany and austria german keyboard (qwertz layout) belgian belgium belgian norwegian norway norwegian danish denmark danish swedish sweden swedish ...
Page 260
Chapter 13: ksx ii local console 250 sun key local port key combination compose ctrl+ alt + kpad * vol + ctrl + alt + kpad + vol - ctrl + alt + kpad - stop no key combination power no key combination accessing a target server to access a target server: 1. Click the port name of the target you want t...
Page 261
Chapter 13: ksx ii local console 251 ksx ii local console local port settings from the local port settings page, you can customize many settings for the ksx ii local console including keyboard, local port hot key, video switching delay, power save mode, local user interface resolution settings, and ...
Page 262
Chapter 13: ksx ii local console 252 hot key: take this action: double click caps lock press caps lock key twice quickly double click left alt key press the left alt key twice quickly double click left shift key press the left shift key twice quickly double click left ctrl key press the left ctrl ke...
Page 263
Chapter 13: ksx ii local console 253 10. Click ok. To reset back to defaults: click reset to defaults. Ksx ii local console factory reset note: this feature is available only on the ksx ii local console. The ksx ii offers several types of reset modes from the local console user interface. Note: it i...
Page 264
Chapter 13: ksx ii local console 254 full factory reset - removes the entire configuration and resets the device completely to the factory defaults. Note that any management associations with commandcenter will be broken. Because of the complete nature of this reset, you will be prompted to confirm ...
Page 265
Chapter 13: ksx ii local console 255 2. Use a pointed object to press and hold the reset button. 3. While continuing to hold the reset button, power the ksx ii device back on. 4. Continue holding the reset button for 10 seconds. Once the device has been reset, two short beeps signal its completion..
Page 266
256 in this chapter certified modems for unix, linux and mpc ......................................... 256 low bandwidth kvm settings ............................................................... 257 client dial-up networking configuration ............................................... 258 window...
Page 267
Chapter 14: modem configuration 257 low bandwidth kvm settings following are the settings that raritan recommends in order to achieve optimum performance when using kvm over low bandwidth speeds typical of dsl connections. This information applies to both virtual kvm and mpc. Setting to achieve opti...
Page 268
Chapter 14: modem configuration 258 setting to achieve optimum performance: enable this option. Client dial-up networking configuration configuring microsoft windows ® dial-up networking for use with ksx ii allows configuration of a pc to reside on the same ppp network as the ksx ii. After the dial-...
Page 269
Chapter 14: modem configuration 259 3. Click next and follow the steps in the network connection wizard dialog to create custom dial-up network profiles. 4. Click the dial-up to private network radio button and click next. 5. Select the checkbox before the modem that you want to use to connect to th...
Page 270
Chapter 14: modem configuration 260 6. Type the area code and phone number you wish to dial in the appropriate fields. 7. Click the country/region code drop-down arrow and select the country or region from the list. 8. Click next. The connection availability dialog appears..
Page 271
Chapter 14: modem configuration 261 9. Click the only for myself radio button in the connection availability dialog. 10. Click next. The network connection has been created. 11. Type the name of the dial-up connection. 12. Click finish. 13. Click dial to connect to the remote machine when the dial d...
Page 272
Chapter 14: modem configuration 262 note: in order to access the ksx ii, the username and password cannot use a \ (backslash). 7. Click connect. Windows xp dial-up networking configuration 1. Choose start > programs > accessories > communications > new connection wizard. 2. Click next and follow the...
Page 273
Chapter 14: modem configuration 263 3. Click the connect to the internet radio button and click next..
Page 274
Chapter 14: modem configuration 264 4. Click the "set up my connection manually" radio button and click next..
Page 275
Chapter 14: modem configuration 265 5. Click the "connect using a dial-up modem" radio button and click next..
Page 276
Chapter 14: modem configuration 266 6. Type a name to identify this particular connection in theisp name field and click next..
Page 277
Chapter 14: modem configuration 267 7. Type the phone number for the connection in the phone number field and click next. 8. Type your isp information. Type the user name and password in the appropriate fields, and retype the password to confirm it..
Page 278
Chapter 14: modem configuration 268 9. Select the checkbox before the appropriate option below the fields and click next. 10. Click finish. 11. Click dial to connect to the remote machine when the dial dialog appears. A dialog indicating that you connected successfully appears. If you get any errors...
Page 279
269 in this chapter physical specifications .......................................................................... 269 supported operating systems (clients) ................................................ 270 supported operating systems and cims (kvm target servers) .......... 271 supported bro...
Page 280
Appendix a: specifications 270 supported operating systems (clients) the following operating systems are supported on the virtual kvm client and multi-platform client (mpc): client operating system virtual media (vm) support on client windows 7 ® yes windows xp ® yes windows 2008 ® yes windows vista...
Page 281
Appendix a: specifications 271 mode operating system browser windows server 2003 ® internet explorer 6.0 sp1++, ie 7, ie 8 firefox 1.06 - 3 windows vista ® internet explorer 7.0 or 8.0 windows 7 ® internet explorer 7.0 or 8.0 firefox 1.06 - 3 windows x64 64-bit mode windows xp 64bit os, 32bit browse...
Page 282
Appendix a: specifications 272 supported dominion cims & d2cims operating system and serial devices (where applicable) virtual media absolute mouse mode intelligent mouse mode standard mouse mode dcim-ps2 dcim-ps2 dcim-usb dcim-usb g2 windows xp ® operating system windows 2000 ® operating system win...
Page 283
Appendix a: specifications 273 target server supported cims mouse modes 4.0 and 5.0 dcim-usb g2 workstation 3.0) suse linux professional 9.2 and 10 dcim-ps2 dcim-usb dcim-usb g2 d2cim-vusb fedora ® core 3 ® and above dcim-ps2 dcim-usb dcim-usb g2 d2cim-vusb mac os dcim-usb dcim-usb g2 d2cim-vusb all...
Page 284
Appendix a: specifications 274 supported browsers ksx ii supports the following browsers: internet explorer ® 6, 7 and 8 firefox ® 1.5, 2.0, and 3.0 (up to build 3.0.10) safari ® computer interface modules (cims) part number line item description upc code weight product dimensions (wxdxh) shipping w...
Page 285
Appendix a: specifications 275 supported paragon cims and configurations the ksx ii supports the p2cim-aps2dual and p2cim-ausbdual cims, which provide two rj45 connections to different kvm switches. Support of these cims provides a second path to access the target in the event that one of the kvm sw...
Page 286
Appendix a: specifications 276 ksx ii to ksx ii guidelines the following system configuration guidelines should be followed when you are using paragon cims in a ksx iito ksx ii configuration: concurrent access both ksx ii kvm switches should be configured with the same policy for concurrent access t...
Page 287
Appendix a: specifications 277 if a connection to the target is in place from the other ksx ii, the availability is checked when a connection is attempted. Access is denied or allowed consistent with the pc-share policy in place for the ksx ii. Until that time, the availability is not be updated on ...
Page 288
Appendix a: specifications 278 paragon ii operation mode mode description supported? Pc share a server or other device on a specific channel port can be selected and controlled by more than one user, but only one user has keyboard and mouse control at any one time. Supported. However, pc share idle ...
Page 289
Appendix a: specifications 279 supported video resolutions ensure that each target server's video resolution and refresh rate are supported by the ksx ii and that the signal is noninterlaced. Video resolution and cable length are important factors in the ability to obtain mouse synchronization. See ...
Page 290
Appendix a: specifications 280 note: composite sync and sync-on-green video require an additional adapter. Note: some resolutions may not be available by default. If you do not see a resolution, plug in the monitor first, remove the monitor and then plug in the cim. Note: if the 1440x900 and 1680x10...
Page 291
Appendix a: specifications 281 port description http, port 80 this port can be configured as needed. See http and https port settings (on page 141). By default, all requests received by the ksx ii via http (port 80) are automatically forwarded to https for complete security. The ksx ii responds to p...
Page 292
Appendix a: specifications 282 smart card readers supported and unsupported smart card readers only usb type external smart card readers are supported by the ksx ii. Supported smart card readers type vendor model verified usb scm microsystems scr331 verified on local and remote usb actividentity ® a...
Page 293
Appendix a: specifications 283 this table contains a list of readers that raritan has tested with the ksx ii and we know not to work, therefore they are unsupported. If a smart card reader does not appear in the supported smart card readers table or in the unsupported smart card readers table, rarit...
Page 294
Appendix a: specifications 284 windows xp ® operating system targets must be running windows xp sp3 in order to use smart cards with the ksx ii. If you are working with .Net 3.5 in a windows xp environment on the target server, you must be using sp1. Linux targets if you are using a linux ® target, ...
Page 295
Appendix a: specifications 285 suse 11 pcsc-lite-1.4.102-1.24 fedora ® core 10 pcsc-lite-1.4.102.3.Fc10.I386 create a java ™ library link a soft link must be created to the libpcsclite.So after upgrading rhel 4, rhel 5 and fc 10. For example, ln –s /usr/lib/libpcsclite.So.1 /usr/lib/libpcsclite.So, ...
Page 296
Appendix a: specifications 286 local access local access for “crash-cart” applications. See connectivity (on page 290) for a list of necessary ksx ii hardware (adapters and/or cables) for connecting the ksx ii to common vendor/model combinations. Electrical specifications parameter value input nomin...
Page 297
Appendix a: specifications 287 port description field to access the ksx ii, but while still preserving complete security. Https, port 443 this port is used for the actual kvm-over-ip communication from the ksx ii device to the kvm client on the user's desktop. It cannot be changed. Ksx ii (raritan k...
Page 298
Appendix a: specifications 288 port description the default is port 22. Telnet telnet port can be configured but is not recommended. The default port is 23. Target server connection distance and video resolution the maximum supported distance is a function of many factors including the type/quality ...
Page 299
Appendix a: specifications 289 network speed settings ksx ii network speed setting network switch port setting auto 1000/full 100/full 100/half 10/full 10/half auto highest available speed 1000/full ksx ii: 100/full switch: 100/half 100/half ksx ii: 10/full switch: 10/half 10/half 1000/full 1000/ful...
Page 300
Appendix a: specifications 290 functions; not recommended not supported by ethernet specification; product will communicate, but collisions will occur per ethernet specification, these should be “no communication,” however, note that the ksx ii behavior deviates from expected behavior note: for reli...
Page 301
Appendix a: specifications 291 vendor device console connector serial connection silicon graphics origin cat 5 cable sun ™ sparcstation db25f ascsdb25m adapter and a cat 5 cable sun netra t1 rj-45 crlvr-15 cable; or crlvr-1 adapter and a cat5 cable sun cobalt db9m ascsdb9f adapter and a cat 5 cable ...
Page 302
Appendix a: specifications 292 rj-45 (female) db9 (female) 1 8 2 1, 6 3 2 4 shell 5 5 6 3 7 4 8 7 db9m nulling serial adapter pinouts rj-45 (female) db9 (male) 1 8 2 1, 6 3 2 4 shell 5 5 6 3 7 4 8 7 db25f nulling serial adapter pinouts rj-45 (female) db25 (female) 1 5 2 6, 8 3 3 4 1 5 7 6 2 7 20
Page 303
Appendix a: specifications 293 rj-45 (female) db25 (female) 8 4 db25m nulling serial adapter pinouts rj-45 (female) db25 (male) 1 5 2 6, 8 3 3 4 1 5 7 6 2 7 20 8 4.
Page 304
294 important: the procedures in this chapter should be attempted only by experienced users. In this chapter returning user group information ........................................................ 294 setting the registry to permit write operations to the schema ........... 295 creating a new attr...
Page 305
Appendix b: updating the ldap/ldaps schema 295 setting the registry to permit write operations to the schema to allow a domain controller to write to the schema, you must set a registry entry that permits schema updates. To permit write operations to the schema: 1. Right-click the active directory ®...
Page 306
Appendix b: updating the ldap/ldaps schema 296 3. Click new and then choose attribute. When the warning message appears, click continue and the create new attribute dialog appears. 4. Type rciusergroup in the common name field. 5. Type rciusergroup in the ldap display name field. 6. Type 1.3.6.1.4.1...
Page 307
Appendix b: updating the ldap/ldaps schema 297 2. Scroll to the user class in the right pane and right-click it. 3. Choose properties from the menu. The user properties dialog appears. 4. Click the attributes tab to open it. 5. Click add..
Page 308
Appendix b: updating the ldap/ldaps schema 298 6. Choose rciusergroup from the select schema object list. 7. Click ok in the select schema object dialog. 8. Click ok in the user properties dialog. Updating the schema cache to update the schema cache: 1. Right-click active directory ® schema in the l...
Page 309
Appendix b: updating the ldap/ldaps schema 299 3. Go to the directory where the support tools were installed. Run adsiedit.Msc. The adsi edit window opens. 4. Open the domain. 5. In the left pane of the window, select the cn=users folder..
Page 310
Appendix b: updating the ldap/ldaps schema 300 6. Locate the user name whose properties you want to adjust in the right pane. Right-click the user name and select properties. 7. Click the attribute editor tab if it is not already open. Choose rciusergroup from the attributes list. 8. Click edit. The...
Page 311
301 in this chapter overview ................................................................................................ 301 java ....................................................................................................... 301 ipv6 support notes .........................................
Page 312
Appendix c: informational notes 302 applications prerequisites supported mpc applet requires installation of java cryptography extension (jce) unlimited strength jurisdiction policy files + browser supported firefox ® 2.0.0.7 yes firefox 3.0.X yes internet explorer ® 6* no internet explorer 7 yes in...
Page 313
Appendix c: informational notes 303 the ksx ii remote console and mpc require jre ™ to function. Java runtime environment ™ (jre) version 1.6.X or higher are supported. The ksx ii remote console checks the java version. If the version is incorrect or outdated, you will be prompted to download a comp...
Page 314
Appendix c: informational notes 304 keyboards non-us keyboards french keyboard caret symbol (linux ® clients only) the virtual kvm client and the multi-platform client (mpc) do not process the key combination of alt gr + 9 as the caret symbol (^) when using french keyboards with linux clients. To ob...
Page 315
Appendix c: informational notes 305 tilde symbol from the virtual kvm client and the multi-platform client, the key combination of alt gr + 2 does not produce the tilde (~) symbol when using a french keyboard. To obtain the tilde symbol: create a macro consisting of the following commands: press rig...
Page 316
Appendix c: informational notes 306 note: the keyboard indicator should be used on linux systems using gnome as a desktop environment. When using a hungarian keyboard from a linux client, the latin letter u with double acute and the latin letter o with double acute work only with jre 1.6. There are ...
Page 317
Appendix c: informational notes 307 macintosh keyboard when a macintosh ® is used as the client, the following keys on the mac ® keyboard are not captured by the java ™ runtime environment (jre ™ ): f9 f10 f11 f14 f15 volume up volume down mute eject as a result, the virtual kvm client and the multi...
Page 318
Appendix c: informational notes 308 fedora resolving fedora core focus using the multi-platform client (mpc), occasionally there is an inability to log in to a ksx ii device or to access kvm target servers (windows ® , suse, and so forth). In addition, the ctrl+alt+m key combination may not bring up...
Page 319
Appendix c: informational notes 309 usb ports and profiles vm-cims and dl360 usb ports hp ® dl360 servers have one usb port on the back of the device and another on the front of the device. With the dl360, both ports cannot be used at the same time. Therefore, a dual vm-cim cannot be used on dl360 s...
Page 320
Appendix c: informational notes 310 usb profile help appears in the usb profile help window. For detailed information about specific usb profiles, see available usb profiles (on page 105). Raritan provides a standard selection of usb configuration profiles for a wide range of operating system and bi...
Page 321
Appendix c: informational notes 311 changing a usb profile when using a smart card reader there may be certain circumstances under which you will need to change the usb profile for a target server. For example, you may need to change the connection speed to "use full speed for virtual media cim" whe...
Page 322
Appendix c: informational notes 312 virtual media dell optiplex and dimension computers from certain dell optiplex ™ and dimension computers, it may not be possible to boot a target server from a redirected drive/iso image, or to access the target server bios when a virtual media session is active (...
Page 323
Appendix c: informational notes 313 cc-sg virtual kvm client version not known from cc-sg proxy mode when the virtual kvm client is launched from commandcenter secure gateway (cc-sg) in proxy mode, the virtual kvm client version is unknown. In the about raritan virtual kvm client dialog, the version...
Page 324: Appendix D Faqs
314 in this chapter general questions ................................................................................. 315 serial access ......................................................................................... 317 universal virtual media ...............................................
Page 325
Appendix d: faqs 315 general questions what is ksx ii? The ksx ii is a second generation digital kvm (keyboard, video mouse) switch that enables it administrators to access and control 8, 16, 32, or 64* servers over the network with bios-level functionality. The ksx ii is completely hardware and os-...
Page 326
Appendix d: faqs 316 in general, customers can continue to use their existing switches for many years. As their data centers expand, customers can purchase and use the new ksx ii models. Raritan's centralized management unit, commandcenter secure gateway, and the multi-platform client (mpc) both sup...
Page 327
Appendix d: faqs 317 serial access my dominion ksx ii has just been configured with a network address and i can successfully ping the ip, but when i try to access it using a web browser, the message reads "page cannot be found or server error, contact system administrator." check your web browser se...
Page 328
Appendix d: faqs 318 can i open multiple windows and "tile" to monitor multiple servers and other it equipment? Yes, you may monitor and "tile" as many windows as there are serial ports on the dominion ksx ii. I manage many servers. How do i select a server to connect to? From a browser, a simple me...
Page 329
Appendix d: faqs 319 i have lost my admin password to the dominion ksx ii. Is there a back door or secret password? There is no back-door password. The only option is to restore the unit to its factory default settings and create the administrator user name and password again. A hardware reset funct...
Page 330
Appendix d: faqs 320 what is the name of the terminal emulation package included with dominion ksx ii? Raritan serial console. What authentication mechanisms does the dominion ksx ii support? Local database, radius, ldap/s, active directory. Does dominion ksx ii support snmp? Yes. Dominion ksx ii su...
Page 331
Appendix d: faqs 321 yes. Can i use ksx ii over a vpn connection? Yes, ksx ii fits into most any network configuration utilizing tcp/ip. Ksx ii uses standard internet protocol (ip) technologies from layer 1 through layer 4. Set up the vpn (typically ipsec) connection then start the web-browser and e...
Page 332
Appendix d: faqs 322 go to the raritan website (www.Raritan.Com) support page to find the latest information about the ksx ii serial pinouts (rj-45). The dominion ksx ii uses the web browser to access serial devices. What are the advantages of java-enabled web browser access? For many solaris/unix/l...
Page 333
Appendix d: faqs 323 usb profiles what is a usb profile? Certain servers require a specifically configured usb interface for usb based services such as virtual media. The usb profile tailors the ksx ii‟s usb interface to the server to accommodate these server specific characteristics. Why would i us...
Page 334
Appendix d: faqs 324 do i need a special cim to use usb profiles? You must use a d2cim-vusb or d2cim-dvusb with updated firmware. Will raritan provide usb profiles for other target server configurations? Raritan will provide new usb profiles to suit customer needs. As these profiles become available...
Page 335
Appendix d: faqs 325 ipv6 networking what is ipv6? Ipv6 is the acronym for “internet protocol version 6”. Ipv6 is the “next generation” ip protocol which will replace the current ip version 4 (ipv4) protocol. Ipv6 addresses a number of problems in ipv4, such as the limited number of ipv4 addresses. ...
Page 336
Appendix d: faqs 326 where can i get more information on ipv6? See www.Ipv6.Org for general information on ipv6. The ksx ii user guide describes the ksx ii‟s support for ipv6. Remote access how many users can remotely access servers on each ksx ii? Up to 8 kvm users can share one kvm channel and up ...
Page 337
Appendix d: faqs 327 speed description time 60mbps likely practical 100mbit network speed 0.08 seconds 10mbps theoretical 10mbit network speed .4 seconds 6mbps likely practical 10mbit network speed .8 seconds 512kbps cable modem download speed (typical) 8 seconds how do i access servers connected to...
Page 338
Appendix d: faqs 328 ethernet and ip networking does the ksx ii offer dual gigabit ethernet ports to provide redundant fail-over, or load balancing? Yes. The ksx ii features dual gigabit ethernet ports to provide redundant failover capabilities. Should the primary ethernet port (or the switch/router...
Page 339
Appendix d: faqs 329 use case required bandwidth idle windows desktop 0 mbps move static 400x600 window/dialog 0.35mbps navigate start menu 0.49mbps scroll an entire page of text 1.23mbps run 3d maze screensaver 1.55mbps.
Page 340
Appendix d: faqs 330 what is the slowest connection (lowest bandwidth) over which the ksx ii can operate? 33kbps or above is recommended for acceptable ksx ii performance over a modem connection. What is the speed of the ksx ii's ethernet interfaces? The ksx ii supports two 10/100/1000 speed etherne...
Page 341
Appendix d: faqs 331 if an external authentication server (such as ldap/ldaps, active directory, radius, and so forth) is used, the ksx ii allows this as well, and will even failover to its own internal authentication should the external authentication server become unavailable. In this way, the ksx...
Page 342
Appendix d: faqs 332 servers does the ksx ii depend on a windows ® server to operate? No. The ksx ii is completely independent. Even if a user chooses to configure the ksx ii to authenticate against an active directory server - if that active directory server becomes unavailable, the ksx ii's own au...
Page 343
Appendix d: faqs 333 are the paragon blade cims used? No, the paragon ii blade cim will not work with the ksx ii. Which cim should i use? It depends on the type of kvm ports on the specific make and model of the blade server you are using. The following cims are supported: dcim-ps2, dcim-usbg2, d2ci...
Page 344
Appendix d: faqs 334 i'm running vmware on some of my blade servers. Is this supported? Yes, with cc-sg you can display and access virtual machines running on blade servers. Is virtual media supported? We support vm on ibm bladecenter ® model h and e with the d2cim - dvusb. Is absolute mouse synchro...
Page 345
Appendix d: faqs 335 installation besides the device itself, what do i need to order from raritan to install the ksx ii? Each server that connects to the ksx ii requires a dominion computer interface module (cim), a serial cable adapter, and an adapter that connects directly to the keyboard, video, ...
Page 346
Appendix d: faqs 336 the ksx ii models range from 4 to 8 server ports in a 1u chassis. This is the industry's highest digital kvm switch port density. What happens if i disconnect a server from the ksx ii and reconnect it to another ksx ii device, or connect it to a different port on the same ksx ii...
Page 347
Appendix d: faqs 337 local port can i access my servers directly from the rack? Yes. At the rack, the ksx ii functions just like a traditional kvm switch - allowing control of up to 16 servers using a single keyboard, monitor, and mouse. When i am using the local port, do i prevent other users from ...
Page 348
Appendix d: faqs 338 yes. The local port presentation is identical and completely in sync with remote access clients, as well as raritan's optional commandcenter secure gateway management device. To be clear, if the name of a server via the ksx ii onscreen display is changed, this updates all remote...
Page 349
Appendix d: faqs 339 power control does the power supply used by the ksx ii automatically detect voltage settings? Yes. The ksx ii's power supply can be used in ac voltage ranges from 100-240 volts, at 50-60 hz. What type of power control capabilities does the ksx ii offer? Raritan's remote power co...
Page 350
Appendix d: faqs 340 scalability how do i connect multiple ksx ii devices together into one solution? Multiple ksx ii devices do not need to be physically connected together. Instead, each ksx ii device connects to the network. They automatically work together as a single solution if deployed with r...
Page 351
Appendix d: faqs 341 security is the ksx ii fips 140-2 certified? The kx ii 2.2.0 and later, and the ksx ii 2.3.0 and later, provides users with the option to use an embedded fips 140-2-validated cryptographic module running on a linux platform per fips 140-2 implementation guidelines. This cryptogr...
Page 352
Appendix d: faqs 342 yes, the ksx ii has administrator-configurable, strong password checking to ensure that user-created passwords meet corporate and/or government standards and are resistant to brute force hacking. If the ksx ii encryption mode is set to auto, what level of encryption is achieved?...
Page 353
Appendix d: faqs 343 smart cards and cac authentication does the ksx ii support smart card and cac authentication? Yes, smart cards and dod common access card (cac) authentication to target servers is supported in release kx ii 2.1.10 and later, and ksx ii 2.3.0 and later. What ksx ii models support...
Page 354
Appendix d: faqs 344 managability can the ksx ii be remotely managed and configured via web browser? Yes, the ksx ii can be completely configured remotely via web browser. Note that this does require that the workstation have an appropriate java runtime environment (jre) version installed. Besides t...
Page 355
Appendix d: faqs 345 miscellaneous what is the ksx ii's default ip address? 192.168.0.192 what is the ksx ii's default user name and password? The ksx ii's default user name is admin and the default password is raritan [all lower case]. However, for the highest level of security, the ksx ii forces t...
Page 357: Index
347 a a. Ac power • 25 absolute mouse mode • 73 accessing a t arget server • 250 accessing telnet from a windows pc • 228 accessing the ksx ii using cli • 227 accessing virtual media on a windows 2000 server using a d2cim- vusb • 312 active kvm client (akc) • 4, 39, 80 adding a new user • 121 adding...
Page 358
Index 348 create user groups and users • 37 creating a new attribute • 295 d d. Kvm target server ports • 27 db25f nulling serial adapter pinouts • 292 db25m nulling serial adapter pinouts • 293 db9f nulling serial ada pter pinouts • 291 db9m nulling serial adapter pinouts • 292 default login inform...
Page 359
Index 349 k key combinations and the java runtime environment (jre) • 306 keyboard language preference (fedora linux clients) • 305 keyboard macros • 60 keyboard options • 60 keyboards • 304 ksx ii client applications • 5 k sx ii console layout • 42 ksx ii help • 5 ksx ii local console • 240 ksx ii ...
Page 360
Index 350 port action menu • 46, 246 port group management • 188 port keywords • 186 port permissions • 115, 117 port settings • 229 port sharing using cli • 236 ports used • 286 power control • 10, 158, 339 power con trolling a target server • 55 prerequisites for using akc • 82 prerequisites for u...
Page 361
Index 351 supported cims for blade chassis • 162, 164, 168, 176 supported keyboard languages • 248 supported operating systems (clients) • 4, 270 supported operating systems and cims (kvm target servers) • 4, 27, 271, 316 supported paragon cims and configurations • 4, 195, 275 supported protocols • ...
Page 362
U.S./canada/latin america monday - friday 8 a.M. - 6 p.M. Et phone: 800-724-8090 or 732-764-8886 for commandcenter noc: press 6, then press 1 for commandcenter secure gateway: press 6, then press 2 fax: 732-764-8887 email for commandcenter noc: tech-ccnoc@raritan.Com email for all other products: te...