- DL manuals
- Raritan
- Network Hardware
- Dominion SX16
- Installation And Operation Manual
Raritan Dominion SX16 Installation And Operation Manual
Summary of Dominion SX16
Page 1
Installation and operations manual sx16 sx32.
Page 2
This page intentionally left blank..
Page 3: Installation and
Installation and operations manual sx16 sx32 raritan computer inc. 400 cottontail lane somerset, nj 08873 usa tel. 1-732-764-8886 fax. 1-732-764-8887 sales@raritan.Com http://www.Raritan.Com raritan computer europe, b.V. Eglantierbaan 16 2908 lv capelle aan den ijssel the netherlands tel. 31-10-284-...
Page 4
This page intentionally left blank..
Page 5
Copyright and trademark information this document contains proprietary information that is protected by copyright. All rights reserved. No part of this document may be photocopied, reproduced, or translated into another language without express prior written consent of raritan computer, inc. ©copyri...
Page 6
This page intentionally left blank..
Page 7: Table of Contents
T able of c ontents i table of contents chapter 1: introduction ............................................................................1 dominion sx overview ...........................................................................................................................1 product phot...
Page 8
Ii t able of c ontents time................................................................................................................................................59 notification.....................................................................................................................
Page 9
T able of c ontents iii file directory structure.................................................................................................................121 file system api through tcl.......................................................................................................121 t...
Page 10
Iv t able of c ontents.
Page 11: Table of Figures
T able of f igures v table of figures figure 1 dominion sx32 unit ........................................................................................................................1 figure 2 rear panel ...............................................................................................
Page 12
Vi t able of f igures figure 44 port editing display .....................................................................................................................41 figure 45 users tab display ......................................................................................................
Page 13
T able of f igures vii figure 89 certificate signers’ certificates window in netscape .................................................................86 figure 90 new certificate authority window in netscape...........................................................................87 figure 91 cisc...
Page 14
Viii t able of f igures.
Page 15: Chapter 1: Introduction
C hapter 1: i ntroduction 1 chapter 1: introduction dominion sx overview the dominion sx series of serial over ip console servers offers convenient and secure, remote access and control via lan/wan, internet or dial-up modem of all networking devices. Dominion sx connects to any networking device (s...
Page 16
2 d ominion sx i nstallation and o perations m anual strong security and user-authentication • encryption security: 128-bit secure socket layer (ssl) handshake protocol and rc4 encryption. • user authentication security: login name and password scheme (md5 hash) with global access control list (acl)...
Page 17: Chapter 2: Installation
C hapter 2: i nstallation 3 chapter 2: installation this section describes the steps necessary to configure dominion sx for use on a local area network (lan). All new dominion sx units come with default network settings, illustrated in the table below. Once units are connected to the network, these ...
Page 18
4 d ominion sx i nstallation and o perations m anual physical installation of dominion sx for initial configuration: 1. Obtain a computer with a network card and crossover network cable. This computer will be referred to as the ‘installation computer.’ 2. A unique mac address for each unit is shown ...
Page 19
C hapter 2: i nstallation 5 initial software configuration figure 4 hardware setup for initial software configuration user information: this information should be entered for each user, up to 50 user accounts, with at least one administrator for each dominion sx unit: • user name: 32 characters maxi...
Page 20
6 d ominion sx i nstallation and o perations m anual step-by-step configuration 1. Access the unit through your web browser on an installation computer that is on the same subnet by typing the url: https://192.0.0.192. Figure 5 initial configuration showing physical installation was successful 2. Cl...
Page 21
C hapter 2: i nstallation 7 3. When the user configuration window appears, enter the information for the first user for dominion sx. By default, the first user will have administrator privileges. All fields except for the information field are required. − name: user’s (real) name − information: desc...
Page 22
8 d ominion sx i nstallation and o perations m anual 6. Click on the [finish] button to complete the initial configuration of dominion sx. You will see a screen that indicates successful configuration of the unit. The system will reboot and apply the new settings. Figure 8 end of initial setup time ...
Page 23
C hapter 2: i nstallation 9 deployment after the initial software configuration phase, a dominion sx unit is configured for operation on the lan. Figure 10 deployment 1. Make sure you have an allocated ethernet cable connected to the network for use with the unit. 2. Physically mount the unit in an ...
Page 24
10 d ominion sx i nstallation and o perations m anual.
Page 25: Chapter 3: Operation
C hapter 3: o peration 11 chapter 3: operation overview once the dominion sx unit has been deployed in its final destination, you can access the console of the target device. This chapter explains the normal operational procedures. Accessing the remote device the remote device can be accessed in one...
Page 26
12 d ominion sx i nstallation and o perations m anual 3. When the login screen appears, enter your login name and password, and click on the [login] button. Figure 12 login display 4. When the main display page appears, click on the desired [port#] button to launch that port’s console display. Figur...
Page 27
C hapter 3: o peration 13 security dialog for console display raritanconsole, an applet included with your dominion sx unit, is designed by raritan to enable the applet to access the resources of the user’s computer. Both the copy and paste and the logging features of these applications require the ...
Page 28
14 d ominion sx i nstallation and o perations m anual netscape navigator raritanconsole loads without displaying a security warning window. When actions that require user permissions are performed, a security dialog will appear. Each operation requires a unique permission. The start logging and copy...
Page 29
C hapter 3: o peration 15 once the security screens are completed, the console window appears, and the user can begin working with the remote target system. Figure 17 console window sending a break / null some target systems, such as sun servers, require a null character (break) to be sent from the ...
Page 30
16 d ominion sx i nstallation and o perations m anual.
Page 31: Chapter 4: Console Features
C hapter 4: c onsole f eatures 17 chapter 4: console features there are six drop-down menus available in the menu bar of the console window: • emulator • edit • chat • tools • script • help emulator settings the settings window displays the buffer size, terminal type, and cursor type for the console...
Page 32
18 d ominion sx i nstallation and o perations m anual history the history feature allows you to view the recent history of console sessions by displaying the console messages to and from the target device. This function displays up to 999 lines of recent console message history, allowing a user to s...
Page 33
C hapter 4: c onsole f eatures 19 write access the user with write access can send commands to the target device. Write access can be transferred among users working in raritanconsole via the get write access command or by using the f8> key (please see chapter 2: operation for additional details). T...
Page 34
20 d ominion sx i nstallation and o perations m anual 4. When another user assumes write access from you, a modal display will appear on your screen. Loss of write access is indicated by a red block before write access in the status bar. The modal display appears only on the screen of the user who c...
Page 35
C hapter 4: c onsole f eatures 21 user list the user list command allows you to view a list of other users who are accessing the same port. An asterisk (*) appears before the user who has write access to the console. To view the user list: 1. Click on emulator in the main menu. 2. Select user list f...
Page 36
22 d ominion sx i nstallation and o perations m anual close to close raritanconsole: 1. Click on emulator in the main menu. 2. Select close from the drop-down menu. Figure 23 close command.
Page 37
C hapter 4: c onsole f eatures 23 edit use the copy, paste, and select all text commands to relocate and / or re-use important text. Figure 24 edit commands - copy, paste, and select all text to copy and paste all text: 1. Click on edit in the main menu. 2. Select select all text from the drop-down ...
Page 38
24 d ominion sx i nstallation and o perations m anual tools raw console data from the target device can be logged to a file in your computer. The logging indicator on the status bar indicates whether logging is on or off. Start logging 1. Click on tools in the main menu. 2. Select start logging from...
Page 39
C hapter 4: c onsole f eatures 25 stop logging 1. Click on tools in the main menu. 2. Select stop logging from the drop-down menu. Figure 26 stop logging command logging is on until the stop logging command is executed..
Page 40
26 d ominion sx i nstallation and o perations m anual script raritanconsole supports tcl version 7.0, an industry standard scripting engine. Using tcl scripting capabilities, system administrators can create their own conditions for event detection, and generate customer-specific notifications and a...
Page 41
C hapter 4: c onsole f eatures 27 securechat a real-time interactive chat feature called securechat provides you and other users who are accessing the console port of the target device to conduct an online dialog for training or collaborative diagnostic activities. To use securechat: 1. Click on cha...
Page 42
28 d ominion sx i nstallation and o perations m anual help help topics include on-line assistance for operating raritanconsole and the console window, and release information about raritanconsole. Help topics to access help topics: 1. Click on help in the main menu. 2. Select help topics from the dr...
Page 43
C hapter 4: c onsole f eatures 29 about raritanconsole the ‘about’ window displays version information (name and revision number) for the console terminal emulation software, and copyright information. When contacting raritan for technical support when performing a software upgrade, etc., you may be...
Page 44
30 d ominion sx i nstallation and o perations m anual direct port access this approach provides a quick and direct method of connecting to the console port in order to access unit programmability or the console of the target device directly. There are two ways to access the target device console dir...
Page 45
C hapter 4: c onsole f eatures 31 url with port number 1. Type the following url into the browser's location bar: https:///dpa.Htm?Port="portnumber" − ipaddress: this is the ip address of the unit. This can be either the actual ip address of the unit or ipaddress assigned for a modem. − “portnumber”...
Page 46
32 d ominion sx i nstallation and o perations m anual incomplete parameters specified: if the parameters specified in the url are incomplete, for example, if only the user name and port number are specified and password is omitted in the url, the user is alerted that there is missing information. Fi...
Page 47
C hapter 4: c onsole f eatures 33 if changes have been saved already, the unit will confirm the request to exit. Click on the [ok] button to log out of the unit. Figure 37 exit confirmation display a confirmation screen will indicate disconnection from the unit. Figure 38 unit disconnection display.
Page 48
34 d ominion sx i nstallation and o perations m anual dominion sx management aside from providing the capability to manage a remote target device, dominion sx has a number of powerful built-in features and capabilities available to manage the unit itself. With dominion sx, users can: • upgrade the s...
Page 49
C hapter 4: c onsole f eatures 35 • configuration tabs: displays several screens in which the user configures different elements of the application • configuration save commands: used to save or ignore changes made to configuration configuration lock and the configuration save commands dominion sx i...
Page 50
36 d ominion sx i nstallation and o perations m anual note: if you are making changes to several different configuration screens in one session, click on the [update] button in each screen, but wait until making changes in the final configuration screen, and then click on the [save] button to save a...
Page 51
C hapter 4: c onsole f eatures 37 configuration report overview the report configuration screen displays detailed information on how the dominion sx has been configured, which can be useful if debugging or troubleshooting. • system time and date • ethernet address • network configuration (ip address...
Page 52
38 d ominion sx i nstallation and o perations m anual network overview the network configuration screen provides an area for administrators to define both the network and modem (optional) settings for the unit. Figure 41 network configuration display some dominion sx units comes equipped with a 56kb...
Page 53
C hapter 4: c onsole f eatures 39 the parameters for configuring modem access include: parameter description enable modem configures the modem to answer calls ppp server ip ip address of the ppp server (dominion sx unit) ppp client ip ip address of the ppp client (remote computer) configure modem pa...
Page 54
40 d ominion sx i nstallation and o perations m anual modem usage dial-up connection support for the unit allows users to access the connected target device when normal network connectivity to dominion sx is not available. Once the ppp connection is established between the client computer and the un...
Page 55
C hapter 4: c onsole f eatures 41 ports overview the ports configuration screen allows administrators to define the serial/console port settings in order to communicate with remote target devices. Figure 43 port configuration display figure 44 port editing display configure port parameters • name: n...
Page 56
42 d ominion sx i nstallation and o perations m anual • parity check: enabling or disabling of the parity function of the serial port; should also match the target device’s setting • xon/xoff: can be enabled if the target system supports this feature; will allow the unit to control the data flow and...
Page 57
C hapter 4: c onsole f eatures 43 users overview the users configuration screen provides a place to define a user list with appropriate unit access permissions. There are three classes of users, each with different rights: • administrators: can view and modify all configuration information, includin...
Page 58
44 d ominion sx i nstallation and o perations m anual • ports: list of ports that the user can access; by default, administrators are given access to all ports, and can assign ports to operators and observers add a new user only an administrator can create a new administrator, operator, or observer....
Page 59
C hapter 4: c onsole f eatures 45 edit existing user information all users can edit their own passwords, but only administrators can edit all other user information (except login name). Observers and operators cannot change any user information. If the user is logged in at the time the administrator...
Page 60
46 d ominion sx i nstallation and o perations m anual ip acl overview the ip acl (access control list) tab provides additional security by allowing administrators to limit the client machines that can access the unit. Administrators can specify either specific ip addresses or ranges of ip addresses ...
Page 61
C hapter 4: c onsole f eatures 47 if an invalid subnet mask is entered, an error message will appear. For example, 255.10.255.0 is an invalid subnet mask. Figure 49 invalid subnet mask message add a new address 1. Click on the [new] button. 2. Enter the ip address range. 3. Enter the subnet mask. 4....
Page 62
48 d ominion sx i nstallation and o perations m anual certificate overview the certificate configuration screen provides an area for administrators to define security parameters. Dominion sx supports certificate-based server authentication to establish an encrypted ssl session and to assure the user...
Page 63
C hapter 4: c onsole f eatures 49 • active user certificate. • user certificate and active default certificate. • pending csr and active default certificate figure 51 certificate configuration display default certificate the unit ships with a 1024-bit self-signed certificate signed by raritan. When ...
Page 64
50 d ominion sx i nstallation and o perations m anual generate default certificate this function is used when the certificate has expired and a new one is needed. 1. Click on the [generate default certificate] button. 2. When the confirmation window appears, confirm that the correct date is displaye...
Page 65
C hapter 4: c onsole f eatures 51 activate default certificate this button is active only when a user certificate is installed and active on the unit. When you click on the [activate default certificate] button, the default certificate generated by raritan becomes active. The unit will reboot and us...
Page 66
52 d ominion sx i nstallation and o perations m anual figure 56 csr configurable parameters the first three fields in this screen are required; the other fields are optional: • key strength: 512, 1024, or 2048 • certificate validity period: in days, two years maximum • common name: fully qualified h...
Page 67
C hapter 4: c onsole f eatures 53 user certificate (install server certificate) this function allows the user to install a certificate from various certificate authorities (ca) such as verisign, thawte, and baltimore. If you do not want to use the certificate generated by the unit, you can obtain on...
Page 68
54 d ominion sx i nstallation and o perations m anual when a user connects to the unit, the server certificate is downloaded. The browser trusts the server certificate if the signer of this certificate, or “ca root,” is installed in the browser. Figure 59 schematic of external certificate utilizatio...
Page 69
C hapter 4: c onsole f eatures 55 radius overview the radius configuration screen allows administrators to modify information regarding radius, or the remote authentication dial-in user service, an access server authentication, authorization, and accounting protocol developed by livingston enterpris...
Page 70
56 d ominion sx i nstallation and o perations m anual radius users are treated differently from local users only until authentication comes from the radius server. Once the radius server authenticates a particular user, this radius user enjoys the same privileges as any other local user. Note: the m...
Page 71
C hapter 4: c onsole f eatures 57 enabling radius every unit has to be configured for radius communication to obtain authentication from the radius server. Administrators should log on to the unit as any non-radius user, and then configure the unit following these steps to obtain authentication: 1. ...
Page 72
58 d ominion sx i nstallation and o perations m anual usage once you are logged on to the unit as a radius user, you can check your login name in the current users list in the left panel. This list contains a list of radius and as well as non-radius users currently logged-in to the unit. Figure 63 c...
Page 73
C hapter 4: c onsole f eatures 59 time overview the time configuration screen is important for modifying the time and date in the dominion sx unit. Some features in dominion sx, for example, certificate generation, depend on the correct timestamp, which is used to check the validity period of the ce...
Page 74
60 d ominion sx i nstallation and o perations m anual notification overview the notification configuration screen allows an administrator to set up notification schemes based on events that occur on the target device. Notification events are sent out as email messages. It is possible to convert the ...
Page 75
C hapter 4: c onsole f eatures 61 add a new notification 1. Click on the [new] button. 2. Select the desired event from the event name drop-down list, for which an email is to be generated. The event list contains events predefined by raritan. To subscribe to a user-defined event, type the user defi...
Page 76
62 d ominion sx i nstallation and o perations m anual edit a notification entry 1. Select the entry to be modified. 2. Click on the [edit] button. 3. Make changes to the entry in the fields that appear in the lower portion of the screen. 4. Click on the [update] button. 5. Click on the [save] button...
Page 77
C hapter 4: c onsole f eatures 63 dominion sx standard notification events the following is a list of standard events with their descriptions. Event name description event.Amp event.Amp.Notice event.Amp.Notice.Boot unit has successfully booted. Event.Amp.Notice.Reboot unit has been requested to be r...
Page 78
64 d ominion sx i nstallation and o perations m anual upgrade the upgrade feature allows an administrator to upgrade the dominion sx unit's firmware/application to a newer version of firmware. Firmware and application upgrades preserve user-defined settings, so the unit does not need to be re-config...
Page 79
C hapter 4: c onsole f eatures 65 to upgrade the application: dominion sx has the ability to run different applications on each port; raritan has a library of applications available for purchase, please contact us for more information. To load these applications into the unit for deployment: 1. Clic...
Page 80
66 d ominion sx i nstallation and o perations m anual reset soft reset only an administrator can execute a soft reset by clicking on the [reset] button in the left panel of the main window. This resets the unit, logs off all the logged-in users and exits the application. A list of logged-in users wh...
Page 81
C hapter 4: c onsole f eatures 67 factory reset you may want to perform a factory reset, or hard reset to the dominion sx unit to revert the configuration to known defaults. This is useful if the ip address of the unit is no longer known. Using the following procedure, the network settings of the un...
Page 82
68 d ominion sx i nstallation and o perations m anual.
Page 83: Out Guides
C hapter 5: d ominion sx c onnectivity and s erial p in -o ut g uides 69 chapter 5: dominion sx connectivity and serial pin- out guides connectivity table: this table lists the necessary dominion sx hardware (adapters and/or cables) for connecting dominion sx to common vendor/model combinations: ven...
Page 84
70 d ominion sx i nstallation and o perations m anual.
Page 85: Appendix A: Specifications
A ppendix a: s pecifications 71 appendix a: specifications item dimensions weight power sx4 11.34” (w) x 10.7” (d) x 1.75” (h) (288mm x 270mm x 44mm) 4.61 lbs. (2.08 kg.) 110/220v auto-switching: 50-60 hz sx8 11.34” (w) x 10.7” (d) x 1.75” (h) (288mm x 270mm x 44mm) 4.81 lbs. (2.17 kg.) 110/220v aut...
Page 86
72 d ominion sx i nstallation and o perations m anual.
Page 87: Appendix B: System Defaults
A ppendix b: s ystem d efaults 73 appendix b: system defaults dominion sx system defaults, as shipped from raritan, are defined in the table below. I tem d efault ip address 192.0.0.192 subnet mask 255.255.0.0 port address 23 g eneral s ettings modem disabled radius disabled s erial p orts baud rate...
Page 88
74 d ominion sx i nstallation and o perations m anual.
Page 89: Appendix C: Certificates
A ppendix c: c ertificates 75 appendix c: certificates certificate a certificate is an electronic document that is used to identify an individual, a server, or some other entity and to associate that identity with the public key. Certificate contents this section discusses certificate contents and t...
Page 90
76 d ominion sx i nstallation and o perations m anual certificate authority certificates are issued by certificate authorities (cas), such as verisign, thawte, baltimore, and others. These certificate authorities validate the identity of the individual/entity before issuing the certificate. A certif...
Page 91
A ppendix c: c ertificates 77 installing dominion sx ca-root certificate to a browser the ca root certificate generated in the dominion sx unit must be installed in the browser in order for the browser to trust the server certificate. When the user connects to the dominion sx unit by entering the ip...
Page 92
78 d ominion sx i nstallation and o perations m anual installing ca root for ie browsers each time you access an ssl-enabled dominion sx unit, you will see a new site certificate window. Eliminate this window’s appearance by either accepting a session certificate permanently or by installing the app...
Page 93
A ppendix c: c ertificates 79 5. Paste the text into a text editor such as notepad or wordpad, and save it as a ca_root.Cer file on your desktop. 6. Open the ca_root.Cer file by double-clicking on it. This will open the certificate. Figure 76 view of ca_root.Cer 7. Click on the [install certificate]...
Page 94
80 d ominion sx i nstallation and o perations m anual 9. Select the certificate store, the system area where the certificates are stored. If you do not want the certificate manager to select the certificate store automatically, click on the place all certificates into the following store radio butto...
Page 95
A ppendix c: c ertificates 81 remove an accepted certificate removing a certificate that you have previously accepted from the unit is the same process whether removing an raritan default certificate or a user-installed third-party certificate. 1. Open ie and select tools internet options from the m...
Page 96
82 d ominion sx i nstallation and o perations m anual install ca root for netscape navigator each time you access an ssl-enabled dominion sx unit, you will see a new site certificate window. Eliminate this window’s appearance by either accepting a session certificate permanently or by installing the...
Page 97
A ppendix c: c ertificates 83 install the dominion sx root certificate install the raritan root certificate in netscape navigator to eliminate the new site certificate window from appearing whenever you access any ssl-secured dominion sx unit. 1. Open netscape navigator and connect to the unit. Ente...
Page 98
84 d ominion sx i nstallation and o perations m anual a. Description of type: enter x509 digital certificate b. File extension: enter x509 c. Mime type: enter application/x-x509-ca-cer d. Application to use: click on the [browse] button and locate the netscape navigator executable, netscape.Exe, on ...
Page 99
A ppendix c: c ertificates 85 remove an accepted certificate removing a previously accepted certificate from a dominion sx unit uses the same process whether removing a raritan default certificate or removing a user-installed third-party certificate. 1. Open netscape navigator and click on either th...
Page 100
86 d ominion sx i nstallation and o perations m anual install a third-party root certificate if you have installed a third-party certificate on the unit, you can obtain its corresponding root certificate from the certificate authority that provided you with a certificate. These instructions can be u...
Page 101
A ppendix c: c ertificates 87 4. Click on the [delete] button and then click on the [ok] button. 5. Return to the ca’s website and try to download the root certificate again. Note: if an error message appears, it indicates that the certificate deleted from the list in the netscape security settings ...
Page 102
88 d ominion sx i nstallation and o perations m anual.
Page 103: Appendix D: Radius Server
A ppendix d: radius s erver 89 appendix d: radius server note: this section has been provided for reference only. Please consult your local system administrator for exact implementation details. Overview the details of installing and configuring the radius server software will depend on the server y...
Page 104
90 d ominion sx i nstallation and o perations m anual − if the radius server is not configured for vendor-specific type or it fails to follow the above specifications, the value specified for the service-type will determine the privileges to be given to the user. In this case, the user will be given...
Page 105
A ppendix d: radius s erver 91 d. Register radius client the client file installed in the radius server must be modified. This flat file stores information about radius clients, including ip addresses and shared secrets; the shared secrets must be protected from casual access. Every client trying to...
Page 106
92 d ominion sx i nstallation and o perations m anual (1) click on the [advanced] button and add vendor-specific for raritan. Please use vendor code = 8267 and enter string in the following format: (a) ip address of the dominion sx unit separated by a ‘:’. (b) privileges to be given to the user sepa...
Page 107
A ppendix d: radius s erver 93 • for a service-type of login, framed, callback login, callback framed, outbound, or callback nas prompt, the user is mapped only to an observer-type user and has read-only access to all ports. Note: the setting of remote access permission on the user object will overr...
Page 108
94 d ominion sx i nstallation and o perations m anual h. Enable the routing and remote access service if this server is a member of a windows 2000 active directory domain and you are not a domain administrator, your domain administrator must add the computer account of this server to the ras and ias...
Page 109
A ppendix d: radius s erver 95 k. Add a user account 1. Open active directory users and computers. 2. In the console tree, double-click on the domain node. 3. In the details pane, right-click on the organizational unit to which you want to add the user, point to new and select user. 4. In the first ...
Page 110
96 d ominion sx i nstallation and o perations m anual d. From the attribute types pop-up menu, click on windows-groups e. Click on the [add] button. F. Click on groups menu. G. Click on the [add] button. H. Click on the appropriate group and click on the [ok] button. After these steps are executed, ...
Page 111
A ppendix e: c onfiguring c isco acs radius s erver 97 appendix e: configuring cisco acs radius server use the following procedure to configure the cisco radius server so that you can work with dominion sx. It is assumed here that administrators are familiar with setting up and configuring the radiu...
Page 112
98 d ominion sx i nstallation and o perations m anual 3. Click on the [interface configuration] button in the left panel of the screen. Figure 93 interface configuration display 4. Click on the radius (ietf) link to edit properties. Under the user heading, click on the check boxes before service-typ...
Page 113
A ppendix e: c onfiguring c isco acs radius s erver 99 6. To edit existing users, click on the [user setup] button in the left panel of the screen. Click on the [list all users] button and select a user from the list. Figure 95 new user display 7. Once you have selected a user, on the user propertie...
Page 114
100 d ominion sx i nstallation and o perations m anual.
Page 115
A ppendix f: rsa ace/s erver c onfiguration 101 appendix f: rsa ace/server configuration this section provides guidelines for configuring the rsa ace/server 5.0 so that secureid can be used as the authentication mechanism. Users in an ace server native database can log on to dominion sx units instal...
Page 116
102 d ominion sx i nstallation and o perations m anual 3. Define and configure all dominion sx units. Figure 99 add agent host display a. Name: name of the agent host; must be a primary name or alias listed in the local host file or dns server. If an alias is entered, the primary name of the agent h...
Page 117
A ppendix f: rsa ace/s erver c onfiguration 103 4. Select profile → add profile in the main menu. Figure 101 add profile selection 5. In the add profile window, assign an appropriate name to identify the desired profile, such as raritan- administrator. Figure 102 add profile display 6. Scroll throug...
Page 118
104 d ominion sx i nstallation and o perations m anual 7. Click on the [ok] button to save the changes, then click on the [ok] button in the add profile window to return to the main menu. Figure 103 add attribute display note: only the user’s role can be controlled on the dominion sx units using spe...
Page 119
A ppendix f: rsa ace/s erver c onfiguration 105 9. Click on the [assign profile] button and select the appropriate profile from the select profile window. Only one profile can be assigned to each user. Click on the [ok] button. Figure 105 profile selection display 10. To control access to specific u...
Page 120
106 d ominion sx i nstallation and o perations m anual.
Page 121
A ppendix g: m odem c onfiguration 107 appendix g: modem configuration client dialup networking configuration configuring microsoft windows dialup networking for use with dominion sx allows configuration of a pc to reside on the same ppp network as the dominion sx. After the dial-up connection is es...
Page 122
108 d ominion sx i nstallation and o perations m anual 3. The new phonebook entry window allows you to configure the details of this connection. Click on the basic tab and complete the following fields: a. Entry name: name of the dominion sx connection b. Phone number: phone number of the line attac...
Page 123
A ppendix g: m odem c onfiguration 109 windows 98 dialup networking configuration 1. Select start → programs → accessories → communications → dialup networking. 2. Double-click on the make new connection icon in the dialup networking window to launch it. Figure 110 configuring windows 98 dialup netw...
Page 124
110 d ominion sx i nstallation and o perations m anual f. The next window will inform you that you have successfully created the dialup networking connection. Figure 112 make new connection – complete g. Click on the [finish] button and an icon will appear in the dialup networking window. 4. Double-...
Page 125
A ppendix g: m odem c onfiguration 111 windows 2000 dialup networking configuration 1. Select start → programs → accessories → communications → network and dial-up connections. 2. When the network and dial-up connections window appears, double-click on the make new connection icon. Figure 114 window...
Page 126
112 d ominion sx i nstallation and o perations m anual 4. Click on the dial-up to private network radio button and click on the [next] button. Figure 116 network connection type 5. Click on the check box before the modem that you want to use to connect to the dominion sx unit and then click on the [...
Page 127
A ppendix g: m odem c onfiguration 113 6. Click in the use dialing rules check box and enter the area code and phone number you wish to dial in the fields. Click on the [next] button. Figure 118 phone number to dial 7. In the connection availability screen, click on the only for myself radio button....
Page 128
114 d ominion sx i nstallation and o perations m anual 8. The network connection has been created, and you can complete set-up of the dial-up connection by entering the name of the dial-up connection. Figure 120 network connection wizard completion 9. Click on the [finish] button. 10. To connect to ...
Page 129
A ppendix h: c lient s oftware i nstallation 115 appendix h: client software installation a client installation that speeds up the connection to the unit is available for both ie and netscape. This is especially useful when using the modem to access the unit. Once this client is installed, it will b...
Page 130
116 d ominion sx i nstallation and o perations m anual 7. Log on to the unit as usual. 8. Click on desired port to access the target device. 9. Ie starts to download the application plugin – the unit will download the plugin only if it is not present on the client machine. 10. Another security warni...
Page 131
A ppendix h: c lient s oftware i nstallation 117 remove raritanconsole on windows nt/2000/98 with ie 1. Open your explorer and find the directory c:/winntw (or winnt)/download program files/. 2. Right-click on the file mpadmin and select remove from the drop-down menu. This will remove the admin par...
Page 132
118 d ominion sx i nstallation and o perations m anual.
Page 133
A ppendix i: tcl p rogramming g uide 119 appendix i: tcl programming guide disclaimer: the information contained in this section is subject to change without notice. Raritan shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, ...
Page 134
120 d ominion sx i nstallation and o perations m anual • data received from each target system on the rs-232 port is sent to all connected java user consoles and also stored in an internal tcl buffer. Each internal buffer has the following properties: − data received on an rs-232 port from a target ...
Page 135
A ppendix i: tcl p rogramming g uide 121 • access control for tcl. • by default, administrators are the only users that can access tcl. However, administrators may disable the check. Amppermission, amplisten and ampresponse are commands to enable a tcl script to interact with other tcl users. • ampp...
Page 136
122 d ominion sx i nstallation and o perations m anual mkdir if absolute path is not provided, then the new directory is created in the present working directory. Rmdir remove the specified directory. Cd change the current directory to the new directory specified. This command will take a relative p...
Page 137
A ppendix i: tcl p rogramming g uide 123 accessing tcl window the tcl interpreter can be accessed through raritanconsole using the script menu selection, as described in chapter 4: console features. The tcl prompt is “%”. The command(s) to be executed must be entered after the prompt. The result wil...
Page 138
124 d ominion sx i nstallation and o perations m anual executing tcl scripts a stored tcl script may be executed as follows. % source the prompt does not return if the script contains forever-loops, but the shell is active (listening) and will take input if the script is designed to accept them. Aut...
Page 139
A ppendix i: tcl p rogramming g uide 125 generating a user event tcl scripts are a powerful tool for performing true device management, in the form of customer-defined monitoring and notification of events. A sample script is shown below: #this script performs the monitoring of http servers. Proc ps...
Page 140
126 d ominion sx i nstallation and o perations m anual extensions to tcl various extensions have been incorporated into tcl to support functions to interact with the raritanconsole unit. The command info comm amp (executed in a script shell window) lists all the commands that are supported. Ampsetco...
Page 141
A ppendix i: tcl p rogramming g uide 127 ampsetconfiguration sets the specified field to the value passed. Returns an error if the interpreter cannot get the config lock. Usage: ampsetconfiguration • category: network, datacom, smtp, radius • field_name: field to be altered in a particular category ...
Page 142
128 d ominion sx i nstallation and o perations m anual usage: ampadduser [information] • loginname: user login name • function: type of user (administrator, operator, observer) • user_name: name of user; if there are spaces in the name, the name must be entered in quotes • password: password • port ...
Page 143
A ppendix i: tcl p rogramming g uide 129 usage: ampreset ampupgrade upgrades the unit. Ip_address specifies the server to obtain the file specified by file_path. If the login and password are specified they are used by ftp. If they are not specified, anonymous ftp is used. Usage: ampupgrade [login] ...
Page 144
130 d ominion sx i nstallation and o perations m anual ampsetipacl add adds an ip address to the ip acl list. Usage: ampsetipacl add • ip_address: ip address to be added to the list • subnet_mask: subnet mask % ampsetipacl add 10.0.1.120 255.255.0.0 set ip acl successful % ampsave save complete % am...
Page 145
A ppendix i: tcl p rogramming g uide 131 ampaddsubscription creates a subscription for the url to the event specified. The url encapsulates the service to be used for notification, and any parameters required by that service. % ampgetsubscription % ampaddsubscription event.User.Statusupdate mailto:/...
Page 146
132 d ominion sx i nstallation and o perations m anual ampdelay pauses the tcl script a number of seconds equal to the integer argument. Amptriggerevent generates an event with the appropriate associated message. The event may not begin with the amp prefix. Events that begin with the amp prefix may ...
Page 147
A ppendix i: tcl p rogramming g uide 133 amppermission [on/off] in order for observers and operators to access a user programmed tcl script server, the script must issue amppermssion off to allow the access. Note: if the permission is left off without restoring security, non-administrator users may ...
Page 148
134 d ominion sx i nstallation and o perations m anual ampclosesocket [socket_id] closes the socket represented by the socket id. If the command fails or the arguments are invalid, the command will return an error with an error message. Command return messages 0 (tcl_ok) • no message returned 1 (tcl...
Page 149
A ppendix i: tcl p rogramming g uide 135 ampsetconfig datacom checkparity enables the parity bit if value is 1; disables the parity bit if value is 0. An administrator/operator user will not have write access in a console window when a tcl script is running and has executed amplock for that port. Is...
Page 150
136 d ominion sx i nstallation and o perations m anual basic cpu utilization monitoring example #description: this tcl script checks the cpu utilization for each port connected # to a hp-ux server. It alerts the subscribed user that the threshold # limit has reached through e-mail notification. This...
Page 151
A ppendix i: tcl p rogramming g uide 137 set id 0 #lock the console amplock $port #clear any previous data in the read buffer ampclear $port #write to the console ampwrite "vmstat -n" $port #ignore the first 8 lines to read the cpu usage params. For {set i 0 } {$i set cpu [ampread 1 "" $port] } ...
Page 152
138 d ominion sx i nstallation and o perations m anual ampresponse } ampresponse } set ports 1 set noofports 2 initevents #main loop starts here... While { 1>0 } { cpuutil $ports ampdelay $intr set rval [listencmds] if { $rval == 1} { delevents unset $ports unset $noofports unset $thr unset $intr un...
Page 153
A ppendix i: tcl p rogramming g uide 139 • in the subscription option, the user must type in the exact event shown previously: event.Alarm.Cpu. • delay 10 seconds so the script does not overflow the e-mail system. This is configurable using the command intr while this script is running using the amp...
Page 154
140 d ominion sx i nstallation and o perations m anual ampresponse break } else { puts “a tcl script is running.\rinputs accepted are data/read1/read2/read3/console/quit" ampresponse } } } input received is not as per expectation. Remind user what the expected inputs are..
Page 155: Appendix J: Troubleshooting
A ppendix j: t roubleshooting 141 appendix j: troubleshooting problems and suggested solutions page access p roblem s olution server unreachable if a unit appears to be unreachable by a given browser, please run through the following troubleshooting list: • verify that the unit is powered on. • veri...
Page 156
142 d ominion sx i nstallation and o perations m anual firewall p roblem s olution unable to access the web page firewalls must allow access on port 80 and 443 in order for the unit to operate through a firewall. • contact your system administrator and request port 80 and 443 access. Login failure f...
Page 157
A ppendix j: t roubleshooting 143 port access p roblem s olution port access refresh the unit does not automatically refresh the port access list. It is refreshed only when the user clicks on the [port access]button, therefore, it is possible that a user will have permissions revoked and these chang...
Page 158
144 d ominion sx i nstallation and o perations m anual.
Page 159: Appendix K: Technical Faqs
A ppendix k: t echnical faq s 145 appendix k: technical faqs q uestion a nswer what are the browsers (and versions) supported? Netscape 4.7 or greater (but not 6.0), or internet explorer 5.0 with java vm 5.0 or greater. Is the status of the unit limited by the status of the device or equipment to wh...
Page 160
146 d ominion sx i nstallation and o perations m anual q uestion a nswer can i assign specific port access to a specific user? Yes, but only if the user is not an administrator. Administrator will always have access to all the ports. Sometimes when i try to log on, i see a message that states my “lo...
Page 161
A ppendix k: t echnical faq s 147 dsx-0a-e 255-60-2000 ##########.
Page 162
148 d ominion sx i nstallation and o perations m anual.