Installation and operations manual dominion sx series raritan computer inc. 400 cottontail lane somerset, nj 08873 usa tel. 1-732-764-8886 fax. 1-732-764-8887 e-mail: sales@raritan.Com http://www.Raritan.Com raritan computer europe, b.V. Eglantierbaan 16 2908 lv capelle aan den ijssel the netherland...
This page intentionally left blank..
Copyright and trademark information this document contains proprietary information that is protected by copyright. All rights reserved. No part of this document may be photocopied, reproduced, or translated into another language without express prior written consent of raritan computer, inc. ©copyri...
This page intentionally left blank..
C ontents i contents chapter 1: introduction .................................................................. 1 dominion sx overview ..............................................................................................................1 product photos..........................................
Ii c ontents chapter 5: using the command line interface with secure shell and telnet..................................................................................... 69 secure shell (ssh) access .......................................................................................................
C ontents iii appendix g: modem configuration............................................. 131 client dialup networking configuration .................................................................................131 windows nt dialup networking configuration .........................................
Iv f igures figures figure 1 dominion sx32 unit...........................................................................................................................1 figure 2 rear panel of 32-port single power supply model ..........................................................................
F igures v figure 52 view self-signed certificate display..............................................................................................50 figure 53 activating default certificate ............................................................................................................
Vi f igures figure 106 unit selection display per user .................................................................................................129 figure 107 ldap configuration screen .......................................................................................................130 ...
C hapter 1: i ntroduction 1 chapter 1: introduction dominion sx overview the dominion sx series of serial over ip console servers offers convenient and secure, remote access and control via lan/wan, internet or dial-up modem of all networking devices. Dominion sx connects to any networking device (s...
2 d ominion sx i nstallation and o perations m anual − observer : has read-only access to the console window; cannot modify the configuration of unit (except own password). Strong security and user-authentication • sshv2 support. • encryption security: 128-bit secure socket layer (ssl) handshake pro...
C hapter 2: i nstallation 3 chapter 2: installation beginning with the dominion sx release 2.5, there are two ways of completing the initial network installation of the dominion sx – via ethernet (with an installation computer), and via a serial cable with a vt100/equivalent, e.G., a pc with hyperte...
4 d ominion sx i nstallation and o perations m anual hardware installation figure 2 rear panel of 32-port single power supply model physical installation of dominion sx for initial configuration: 1. Obtain a computer with a network card and crossover network cable. This computer will be referred to ...
C hapter 2: i nstallation 5 example: route add 192.168.0.192 15.128.122.12 -interface 8. On the command line interface, type: ping 192.168.0.192. A. If this command successfully produces a reply from the dominion sx unit, please proceed to step 9. B. If this does not produce a reply, verify that the...
6 d ominion sx i nstallation and o perations m anual initial configuration 1. Disable proxies in the installation computer web browser. Use “no proxies” or temporarily add 192.168.0.192 to the list of urls for which no proxy is configured. 2. Enable java applet execution in the installation computer...
C hapter 2: i nstallation 7 dominion sx initial configuration can also be performed through cli; please see chapter 4: console features, factory reset for additional information. 1. Initially, you must change the administrator password. Access the unit through your web browser on an installation com...
8 d ominion sx i nstallation and o perations m anual 4. Click on the [ configuration ] button in the left navigation panel to view the configuration screens, and then click on the time tab to configure the current date and time. Features such as certificate generation depend on the correct timestamp...
C hapter 2: i nstallation 9 11. Click on the [ save ] button. A confirmation window will appear; click [ ok ] to accept all data, or click [ cancel ] to return to the configuration screens. Figure 9 confirm save window 12. If you click [ok], dominion sx must reboot. A confirmation window will appear...
10 d ominion sx i nstallation and o perations m anual deployment after the initial software configuration phase, a dominion sx unit is configured for operation on the lan. Figure 10 deployment 1. Ensure that you have an ethernet cable connected to the network for use with the unit. 2. Physically mou...
C hapter 3: o peration 11 chapter 3: operation overview once the dominion sx unit has been deployed in its final destination, you can access the console of the target device. This chapter explains the normal operational procedures. Accessing the remote device the remote device can be accessed in one...
12 d ominion sx i nstallation and o perations m anual 3. When the login screen appears, enter your login name and password, and click on the [ login ] button. Please note that multiple logins using the same login name are permitted. Figure 12 login display 4. When the main display page appears, clic...
C hapter 3: o peration 13 security dialog for console display raritanconsole, an applet included with your dominion sx unit, is designed to enable access to your computer’s resources, including the default code set preferences. Internet explorer before the raritanconsole window appears, a security w...
14 d ominion sx i nstallation and o perations m anual netscape navigator raritanconsole loads without displaying a security warning window. When actions that require user permissions are performed, a security dialog will appear. Each operation requires a unique permission. Once permissions are grant...
C hapter 4: c onsole f eatures 15 chapter 4: console features there are six drop-down menus available in the menu bar of the console window: • emulator • edit • chat • tools • script • help emulator settings the settings window displays the terminal type and cursor type for the console window. • the...
16 d ominion sx i nstallation and o perations m anual history the history feature allows you to view the recent history of console sessions by displaying the console messages to and from the target device. This function displays up to 64 kilobytes of recent console message history, allowing a user t...
C hapter 4: c onsole f eatures 17 write access the user with write access can send commands to the target device. Write access can be transferred among users working in raritanconsole via the get write access command from the emulator drop-down menu. To obtain write access: 1. Click on emulator in t...
18 d ominion sx i nstallation and o perations m anual sending a break/null to get access to a certain commands, sun solaris servers require a null character (break) to be sent from the console to get to an ok prompt. This is the equivalent of issuing a stop-a from the sun keyboard. Only users with o...
C hapter 4: c onsole f eatures 19 user list the user list command allows you to view a list of other users who are accessing the same port. An asterisk (*) appears before the user who has write access to the console. To view the user list: 1. Click on emulator in the main menu. 2. Select user list f...
20 d ominion sx i nstallation and o perations m anual close to close raritanconsole: 1. Click on emulator in the main menu. 2. Select close from the drop-down menu. Figure 23 close command.
C hapter 4: c onsole f eatures 21 edit use the copy, paste , and select all text commands to relocate and / or re-use important text. Figure 24 edit commands - copy, paste, and select all text to copy and paste all text: 1. Click on edit in the main menu. 2. Select select all text from the drop-down...
22 d ominion sx i nstallation and o perations m anual tools raw console data from the target device can be logged to a file in your computer. The logging indicator on the status bar indicates whether logging is on or off. Start logging 1. Click on tools in the main menu. 2. Select start logging from...
C hapter 4: c onsole f eatures 23 stop logging 1. Click on tools in the main menu. 2. Select stop logging from the drop-down menu. Figure 26 stop logging command logging is on until the stop logging command is executed..
24 d ominion sx i nstallation and o perations m anual script raritanconsole supports tcl version 7.0, an industry standard scripting engine. Using tcl scripting capabilities, system administrators can create their own conditions for event detection, and generate customer-specific notifications and a...
C hapter 4: c onsole f eatures 25 securechat when using ssl (browser access), a real-time interactive chat feature called securechat provides you and other users who are accessing the console port of the target device to conduct an online dialog for training or collaborative diagnostic activities. T...
26 d ominion sx i nstallation and o perations m anual help help topics include on-line assistance for operating raritanconsole and the console window, and release information about raritanconsole. Help topics to access help topics: 1. Click on help in the main menu. 2. Select help topics from the dr...
C hapter 4: c onsole f eatures 27 about raritanconsole the ‘about’ window displays version information (name and revision number) for the console terminal emulation software, and copyright information. When contacting raritan for technical support when performing a software upgrade, etc., you may be...
28 d ominion sx i nstallation and o perations m anual direct port access this approach provides a quick and direct method of connecting to the console port in order to access unit programmability or the console of the target device directly. There are two ways to access the target device console dir...
C hapter 4: c onsole f eatures 29 url with port number 1. Type the following url into the browser's location bar: https:///dpa.Htm − ipaddress : this is the ip address of the unit. This can be either the actual ip address of the unit or ipaddress assigned for a modem. − “ portnumber ”: port number f...
30 d ominion sx i nstallation and o perations m anual exit the application click on the [ exit ] button in the left panel of the dominion sx window to exit dominion sx. If changes to the configuration have been made but not saved, a screen will prompt you to save changes and log out of the unit. Cli...
C hapter 4: c onsole f eatures 31 a confirmation screen will indicate disconnection from the unit. Figure 37 unit disconnection display.
32 d ominion sx i nstallation and o perations m anual dominion sx management some advanced features are configured through a command line interface (cli) using ssh (and telnet, if enabled). Aside from providing the capability to manage a remote target device, dominion sx has a number of powerful bui...
C hapter 4: c onsole f eatures 33 • configuration tabs : displays several screens in which the user configures different elements of the application • configuration save commands : used to save or ignore changes made to configuration configuration lock and the configuration save commands dominion sx...
34 d ominion sx i nstallation and o perations m anual note: when you make changes to network settings on this screen, a warning message alerts you that the system will automatically reboot when you save your changes. Changing modem settings does not require a system reboot. 8. A success message appe...
C hapter 4: c onsole f eatures 35 configuration report overview the report configuration screen displays detailed information on how the dominion sx has been configured, which can be useful if debugging or troubleshooting. This information is accessible only by administrators. • system time and date...
36 d ominion sx i nstallation and o perations m anual network overview the network configuration screen provides an area for administrators to define both the network and modem (optional) settings for the unit. Figure 40 sample of network configuration display some dominion sx units come equipped wi...
C hapter 4: c onsole f eatures 37 tcp/ip network may be set to listen to broadcasts on this address; if this is the case, it can be configured to use another port address. However, this port address must match the port address specified by the cc administrator; otherwise the dominion sx unit will no...
38 d ominion sx i nstallation and o perations m anual modem usage dial-up connection support for the unit allows users to access the connected target device when normal network connectivity to dominion sx is not available. Once the ppp connection is established between the client computer and the un...
C hapter 4: c onsole f eatures 39 figure 43 port editing display configure port parameters • name : name that associates the serial port with the connected target device; can be up to 64 characters in length and must be unique from the other port names (only 20 characters are displayed on port acces...
40 d ominion sx i nstallation and o perations m anual users overview the users configuration screen provides a place to define a user list with appropriate unit access permissions. There are three classes of users, each with different rights: • administrators : can view and modify all configuration ...
C hapter 4: c onsole f eatures 41 • password : authentication password; alphanumeric text, 6 – 16 characters in length (mandatory) • ports : list of ports that the user can access; by default, administrators are given access to all ports, and can assign ports to operators and observers • configure i...
42 d ominion sx i nstallation and o perations m anual edit existing user information only administrators can edit all user information (except login name ). Observers and operators cannot change any user information, except their own passwords, which they can change using cli. If the user is logged ...
C hapter 4: c onsole f eatures 43 ip acl important: please make absolutely certain that all ip addresses have been entered correctly before enabling ip acl. If not, you may be locked out of the unit and be unable to access the unit in the future; the only way to restore access to the unit is to perf...
44 d ominion sx i nstallation and o perations m anual browser – graphical user interface (gui) the dominion sx gui provides a front end to the iptables. Figure 47 inserting a rule into the browser-based ip acl configuration screen. Figure 48 gui user interface we recommend the following link for lea...
C hapter 4: c onsole f eatures 45 the dominion sx gui command buttons assist in editing the dominion sx configuration: insert insert a new rule, e.G., rule 0 denies access from all ip addresses in the range 192.168.2.10 to 192.168.2.255, and will not log the activity. Append allows administrator to ...
46 d ominion sx i nstallation and o perations m anual ssh/telnet – command line interface (cli) user interface for configuring ip-acls important: Æ make certain that the ip address from which you are connected to the dominion sx is not accidentally entered into the ip acl deny list (“allow=no”); if ...
C hapter 4: c onsole f eatures 47 aclcfg clear remove all the ipacl rules current in the list. Aclcfg move move the ipacl rule at to . Aclcfg delete [pos2] delete can have one or two parameters, if there is one parameter, then this command will delete the rule at . If there are two parameters, then ...
48 d ominion sx i nstallation and o perations m anual certificate overview the certificate configuration screen provides an area for administrators to define security parameters. Dominion sx supports certificate-based server authentication to establish an encrypted ssl session and to assure the user...
C hapter 4: c onsole f eatures 49 • user certificate and active default certificate. • pending csr and active default certificate figure 50 certificate configuration display default certificate the unit ships with a 1024-bit self-signed certificate signed by raritan. When a user powers up the unit f...
50 d ominion sx i nstallation and o perations m anual generate default certificate this function is used when the certificate has expired and a new one is needed. 1. Click on the [ generate default certificate ] button. 2. When the confirmation window appears, confirm that the correct date is displa...
C hapter 4: c onsole f eatures 51 activate default certificate this button is active only when a user certificate is installed and active on the unit. When you click on the [ activate default certificate ] button, the default certificate generated by raritan becomes active. The unit will reboot and ...
52 d ominion sx i nstallation and o perations m anual figure 55 csr configurable parameters the first three fields in this screen are required; the other fields are optional: • key strength : 512, 1024, or 2048 • certificate validity period : in days, two years maximum • common name : fully qualifie...
C hapter 4: c onsole f eatures 53 user certificate (install server certificate) this function allows the user to install a certificate from various certificate authorities (ca) such as verisign, thawte, and baltimore. If you do not want to use the certificate generated by the unit, you can obtain on...
54 d ominion sx i nstallation and o perations m anual radius overview the radius configuration screen allows administrators to modify information regarding radius, or the remote authentication dial-in user service, an access server authentication, authorization, and accounting protocol developed by ...
C hapter 4: c onsole f eatures 55 radius users are treated differently from local users only until authentication comes from the radius server. Once the radius server authenticates a particular user, this radius user enjoys the same privileges as any other local user. When radius, ldap, or tacacs ar...
56 d ominion sx i nstallation and o perations m anual enabling radius every unit has to be configured for radius communication to obtain authentication from the radius server. Administrators should log on to the unit as any non-radius user, and then configure the unit following these steps to obtain...
C hapter 4: c onsole f eatures 57 usage once you are logged on to the unit as a radius user, you can check your login name in the current users list in the left panel. This list contains a list of radius and as well as non-radius users currently logged-in to the unit. Figure 62 current users list if...
58 d ominion sx i nstallation and o perations m anual time overview the time configuration screen is important for modifying the time, date, time zone, and ntp server address in the dominion sx unit. Some features in dominion sx, for example, certificate generation, depend on the correct timestamp, ...
C hapter 4: c onsole f eatures 59 notification overview the notification configuration screen allows an administrator to set up notification schemes based on events that occur on the target device. Notification events are sent out as email messages. It is possible to convert the email service to a p...
60 d ominion sx i nstallation and o perations m anual add a new notification 1. Click on the [ new ] button. 2. Select the desired event from the event name drop-down list, for which an email is to be generated. The event list contains events predefined by raritan. To subscribe to a user-defined eve...
C hapter 4: c onsole f eatures 61 edit a notification entry 1. Select the entry to be modified. 2. Click on the [ edit ] button. 3. Make changes to the entry in the fields that appear in the lower portion of the screen. 4. Click on the [ update ] button. 5. Click on the [ save ] button. Figure 66 ed...
62 d ominion sx i nstallation and o perations m anual dominion sx standard notification events the following is a list of standard events with their descriptions. Event name description event.Amp event.Amp.Notice event.Amp.Notice.Boot unit has successfully booted. Event.Amp.Notice.Reboot unit has be...
C hapter 4: c onsole f eatures 63 upgrade the upgrade feature allows an administrator to upgrade the dominion sx unit's firmware/application to a newer version of firmware. Firmware and application upgrades preserve user-defined settings, so the unit does not need to be re-configured after the upgra...
64 d ominion sx i nstallation and o perations m anual to upgrade the application: dominion sx has the ability to run different applications on each port; raritan has a library of applications available for purchase, please contact us for more information. To load these applications into the unit for...
C hapter 4: c onsole f eatures 65 reset soft reset only an administrator can execute a soft reset by clicking on the [ reset ] button in the left panel of the main window. This resets the unit, logs off all the logged-in users and exits the application. A list of logged-in users who will be logged o...
66 d ominion sx i nstallation and o perations m anual factory reset you may want to perform a factory reset, or hard reset, to the dominion sx unit to revert the configuration to known defaults. This is useful if the ip address of the unit is no longer known. Using the following procedure, the netwo...
C hapter 4: c onsole f eatures 67 the procedure for performing a factory reset varies depending on the model. For sx16 and sx32 units, the procedure is as outlined below. (for sx4, sx8, and other models with a reset switch, please see the paragraph that follows): 1. Power off the dominion sx unit. 2...
68 d ominion sx i nstallation and o perations m anual.
C hapter 5: u sing the c ommand l ine i nterface with s ecure s hell and t elnet 69 chapter 5: using the command line interface with secure shell and telnet secure shell (ssh) access using a secure shell (ssh) client, you can connect and get direct access to the remote target device’s console ports....
70 d ominion sx i nstallation and o perations m anual administrators have access to the following commands currently supported with ssh. Please note that the commands are case sensitive: 1. Console_cmd : connect to a serial console target. This command accepts a port number to which the user wants t...
72 d ominion sx i nstallation and o perations m anual quit: leave the current command context. Dominion:command>port dominion:port> help detect: enable/disable the port disconnection detection. [] help: display help for all commands or one in particular. [command] quit: leave the current command con...
74 d ominion sx i nstallation and o perations m anual escape character is ctrl-\ user [admin] is now master [write access allowed] for this port. [now user can access serial target connected to port 2 of dominion sx] user name [test] type [help] for all commands test:command>? Console_cmd [w] list_p...
76 d ominion sx i nstallation and o perations m anual warning: time of day goes back (-8553us), taking countermeasures. 64 bytes from 192.168.50.66: icmp_seq=1 ttl=64 time=4.79 ms 64 bytes from 192.168.50.66: icmp_seq=2 ttl=64 time=0.691 ms 64 bytes from 192.168.50.66: icmp_seq=3 ttl=64 time=0.692 m...
C hapter 5: u sing the c ommand l ine i nterface with s ecure s hell and t elnet 77 phone: get/set a user's dial-back phone number (in digits only). Pre-requisite modem is enabled and dialback is also enabled. Login [phone number] modem: enable/disable modem and ppp settings. [][server ip] [client i...
78 d ominion sx i nstallation and o perations m anual admin:network> ? Etherspeed: force the network speed [] failover: enable/disable network failover [enable/disable] network: get/set network parameters. [name name] [domain name] [ip ip] [mask mask] [gw gateway] [port port] [discover port] help: d...
C hapter 5: u sing the c ommand l ine i nterface with s ecure s hell and t elnet 79 port# portname [1] port1 [2] port2-sun [3] port3 [4] port4 [5] port5 [6] port6 serial port 2 connected. Escape character is ctrl-\ user [admin] is now master [write access allowed] for this port. Note: after the seri...
80 d ominion sx i nstallation and o perations m anual.
C hapter 6: a uthentication and a uthorization 81 chapter 6: authentication and authorization if you selected ldap as your remote authentication protocol, use the steps in the following section, implementing ldap remote authentication, to complete fields in the ldap tab. 1. Before starting the confi...
82 d ominion sx i nstallation and o perations m anual tacacs+ server configuration • the dominion sx requires a new service to be added and two argument-value pairs to be returned by the server. The new service is called dominionsx . The valid authorization parameters are port-list and user-type . •...
C hapter 6: a uthentication and a uthorization 83 cisco secure acs: these instructions have been written for version 3.2. Please refer also to the following url: http://cisco.Com/en/us/products/sw/secursw/ps2086/products_user_guide_chapter09186a008007cd49.Html #12231 1. Allow new services. A. Select...
84 d ominion sx i nstallation and o perations m anual.
C hapter 7: l ogging 85 chapter 7: logging nfs per port logging configuration usage name nfsportlog enable/disable/status > [ [ ] ] description set the configuration parameters for logging all port activity to a nfs shared directory. All user activity and user port login/logouts are logged. Nfsportl...
86 d ominion sx i nstallation and o perations m anual nfs server setup the nfs server must have the exported directory with write permission for the port logging to work. Because the per-port logging application runs at a privileged level, the nfs server used must also be set up to allow root access...
88 d ominion sx i nstallation and o perations m anual tanaka:command> snmp del 10.0.0.56 78 any snmp configuration changes require rebooting to take effect. Tanaka:command> snmp enabled: n community: public trap destinations: 10.0.0.125 6.6.6.6 tanaka:command> snmp enable any snmp configuration chan...
90 d ominion sx i nstallation and o perations m anual note: if the user issues the command lpa enable after changing the default port speed, the next time the command lpa enable is used without the optional port speed parameter, the port speed last set, e.G., 38400, will be used as a default; to ove...
C hapter 9: s ystem c onfiguration 91 example: tanaka:command> service telnet enabled: no ssh enabled: yes tanaka:command> service telnet enable the system will need to be rebooted for changes to take effect. Tanaka:command> service ssh disable the system will need to be rebooted for changes to take...
92 d ominion sx i nstallation and o perations m anual.
A ppendix a: s pecifications 93 appendix a: specifications item dimensions (w) x (d) x (h) weight power sx4 11.34” x 10.7” x 1.75” 288 x 270 x 44mm 4.61 lbs (2.08 kg) 110/220v auto-switching: 50-60 hz dsxb-4- dc 11.34" x 10.7" x 1.75" 288 x 270 x 44mm 4.61 lbs (2.08 kg) dsxb-4- dcm 11.34" x 10.7" x ...
94 d ominion sx i nstallation and o perations m anual browser requirements (tested) platform browser netscape 7.0 win 2k - sun jre 1.4.2 netscape 7.1 win 2k - sun jre 1.4.2 mozilla 1.6 win 2k - sun jre 1.4.2 ie 6.0 win xp - ms vm netscape 7.0 win xp - sun jre 1.4.2 netscape 7.1 win xp - sun jre 1.4....
A ppendix a: s pecifications 95 dominion sx serial pinouts the rj45 connector on the rear of the unit has the following pinout: rj45 pin signal 1 rts 2 dtr 3 txd 4 gnd 5 signal gnd 6 rxd 7 dsr 8 cts.
96 d ominion sx i nstallation and o perations m anual.
A ppendix b: s ystem d efaults 97 appendix b: system defaults dominion sx system defaults, as shipped from raritan, are defined in the table below. I tem d efault ip address 192.168.0.192 subnet mask 255.255.255.0 port address 51000 port address for cc discovery 5000 factory default username admin f...
98 d ominion sx i nstallation and o perations m anual.
A ppendix c: c ertificates 99 appendix c: certificates certificate a certificate is an electronic document that is used to identify an individual, a server, or some other entity and to associate that identity with the public key. Certificate contents this section discusses certificate contents and t...
100 d ominion sx i nstallation and o perations m anual certificate authority certificates are issued by certificate authorities (cas), such as verisign, thawte, baltimore, and others. These certificate authorities validate the identity of the individual/entity before issuing the certificate. A certi...
A ppendix c: c ertificates 101 installing dominion sx ca-root certificate to a browser the ca root certificate generated in the dominion sx unit must be installed in the browser in order for the browser to trust the server certificate . When the user connects to the dominion sx unit by entering the ...
102 d ominion sx i nstallation and o perations m anual installing ca root for ie browsers each time you access an ssl-enabled dominion sx unit, you will see a new site certificate window. Eliminate this window’s appearance by either accepting a session certificate permanently or by installing the ap...
A ppendix c: c ertificates 103 6. Open the ca_root.Cer file by double-clicking on it. This will open the certificate. Figure 76 view of ca_root.Cer 7. Click on the [ install certificate ] button to start the certificate manager import wizard. Figure 77 certificate manager import wizard 8. Click on t...
104 d ominion sx i nstallation and o perations m anual 9. Select the certificate store , the system area where the certificates are stored. If you do not want the certificate manager to select the certificate store automatically, click on the place all certificates into the following store radio but...
A ppendix c: c ertificates 105 remove an accepted certificate removing a certificate that you have previously accepted from the unit is the same process whether removing an raritan default certificate or a user-installed third-party certificate. 1. Open ie and select tools Æ internet options from th...
106 d ominion sx i nstallation and o perations m anual install ca root for netscape navigator each time you access an ssl-enabled dominion sx unit, you will see a new site certificate window. Eliminate this window’s appearance by either accepting a session certificate permanently or by installing th...
A ppendix c: c ertificates 107 install the dominion sx root certificate install the raritan root certificate in netscape navigator to eliminate the new site certificate window from appearing whenever you access any ssl-secured dominion sx unit. 1. Open netscape navigator and connect to the unit. Ent...
108 d ominion sx i nstallation and o perations m anual c. Mime type : enter application/x-x509-ca-cer d. Application to use : click on the [ browse ] button and locate the netscape navigator executable, netscape.Exe , on your hard drive. Select this executable and click on the [ open ] button. The p...
A ppendix c: c ertificates 109 remove an accepted certificate removing a previously accepted certificate from a dominion sx unit uses the same process whether removing a raritan default certificate or removing a user-installed third-party certificate. 1. Open netscape navigator and click on either t...
110 d ominion sx i nstallation and o perations m anual install a third-party root certificate if you have installed a third-party certificate on the unit, you can obtain its corresponding root certificate from the certificate authority that provided you with a certificate. These instructions can be ...
A ppendix c: c ertificates 111 5. Return to the ca’s website and try to download the root certificate again. Note: if an error message appears, it indicates that the certificate deleted from the list in the netscape security settings may not have been the correct one. Please go back to the list and ...
112 d ominion sx i nstallation and o perations m anual.
A ppendix d: radius s erver 113 appendix d: radius server note: this section has been provided for reference only. Please consult your local system administrator for exact implementation details. Overview the details of installing and configuring the radius server software will depend on the server ...
114 d ominion sx i nstallation and o perations m anual − if the radius server is not configured for vendor-specific type or it fails to follow the above specifications, the value specified for the service-type will determine the privileges to be given to the user. In this case, the user will be give...
A ppendix d: radius s erver 115 d. Register radius client the client file installed in the radius server must be modified. This flat file stores information about radius clients, including ip addresses and shared secrets; the shared secrets must be protected from casual access. Every client trying t...
116 d ominion sx i nstallation and o perations m anual (1) click on the [ advanced ] button and add vendor-specific for raritan . Please use vendor code = 8267 and enter string in the following format: (a) ip address of the dominion sx unit separated by a ‘:’. (b) privileges to be given to the user ...
A ppendix d: radius s erver 117 f. Select requests to be logged 1. Open ias. 2. In the console tree, click on remote access logging . 3. In the details pane, right-click on local file and select properties . 4. Click on the settings tab and select one or more check boxes for recording authentication...
118 d ominion sx i nstallation and o perations m anual h. Enable the routing and remote access service if this server is a member of a windows 2000 active directory domain and you are not a domain administrator, your domain administrator must add the computer account of this server to the ras and ia...
A ppendix d: radius s erver 119 k. Add a user account 1. Open active directory users and computers. 2. In the console tree, double-click on the domain node. 3. In the details pane, right-click on the organizational unit to which you want to add the user, point to new and select user . 4. In the firs...
120 d ominion sx i nstallation and o perations m anual g. Click on the [ add ] button. H. Click on the appropriate group and click on the [ ok ] button. After these steps are executed, a new user can connect to the nas device and ias will look at the user name, find the group in which it is a member...
A ppendix e: c onfiguring c isco acs radius s erver 121 appendix e: configuring cisco acs radius server use the following procedure to configure the cisco radius server so that you can work with dominion sx. It is assumed here that administrators are familiar with setting up and configuring the radi...
122 d ominion sx i nstallation and o perations m anual 3. Click on the [ interface configuration ] button in the left panel of the screen. Figure 93 interface configuration display 4. Click on the radius (ietf) link to edit properties. Under the user heading, click on the check boxes before service-...
A ppendix e: c onfiguring c isco acs radius s erver 123 6. To edit existing users, click on the [user setup] button in the left panel of the screen. Click on the [ list all users ] button and select a user from the list. Figure 95 new user display 7. Once you have selected a user, on the user proper...
124 d ominion sx i nstallation and o perations m anual.
A ppendix f: rsa ace/s erver c onfiguration 125 appendix f: rsa ace/server configuration this section provides guidelines for configuring the rsa ace/server 5.0 so that secureid can be used as the authentication mechanism. Users in an ace server native database can log on to dominion sx units instal...
126 d ominion sx i nstallation and o perations m anual 3. Define and configure all dominion sx units. Figure 99 add agent host display a. Name : name of the agent host; must be a primary name or alias listed in the local host file or dns server. If an alias is entered, the primary name of the agent ...
A ppendix f: rsa ace/s erver c onfiguration 127 4. Select profile → add profile in the main menu. Figure 101 add profile selection 5. In the add profile window, assign an appropriate name to identify the desired profile, such as raritan- administrator. Figure 102 add profile display 6. Scroll throug...
128 d ominion sx i nstallation and o perations m anual 7. Click on the [ ok ] button to save the changes, then click on the [ ok ] button in the add profile window to return to the main menu. Figure 103 add attribute display note: only the user’s role can be controlled on the dominion sx units using...
A ppendix f: rsa ace/s erver c onfiguration 129 9. Click on the [ assign profile ] button and select the appropriate profile from the select profile window. Only one profile can be assigned to each user. Click on the [ ok ] button. Figure 105 profile selection display 10. To control access to specif...
130 d ominion sx i nstallation and o perations m anual lightweight directory access protocol (ldap) using dominion sx software revision 2.1 or higher, your dominion sx unit can authenticate users via ldap/s (ldap secure). If your dominion sx unit does not have revision 2.1, upgrade via the upgrade f...
A ppendix g: m odem c onfiguration 131 appendix g: modem configuration client dialup networking configuration configuring microsoft windows dialup networking for use with dominion sx allows configuration of a pc to reside on the same ppp network as the dominion sx. After the dial-up connection is es...
132 d ominion sx i nstallation and o perations m anual 3. The new phonebook entry window allows you to configure the details of this connection. Click on the basic tab and complete the following fields: a. Entry name : name of the dominion sx connection b. Phone number : phone number of the line att...
A ppendix g: m odem c onfiguration 133 windows 98 dialup networking configuration 1. Select start → programs → accessories → communications → dialup networking . 2. Double-click on the make new connection icon in the dialup networking window to launch it. Figure 111 configuring windows 98 dialup net...
134 d ominion sx i nstallation and o perations m anual f. The next window will inform you that you have successfully created the dialup networking connection. Figure 113 make new connection – complete g. Click on the [ finish ] button and an icon will appear in the dialup networking window. 4. Doubl...
A ppendix g: m odem c onfiguration 135 windows 2000 dialup networking configuration 1. Select start → programs → accessories → communications → network and dial-up connections . 2. When the network and dial-up connections window appears, double-click on the make new connection icon. Figure 115 windo...
136 d ominion sx i nstallation and o perations m anual 4. Click on the dial-up to private network radio button and click on the [ next ] button. Figure 117 network connection type 5. Click on the check box before the modem that you want to use to connect to the dominion sx unit and then click on the...
A ppendix g: m odem c onfiguration 137 6. Click in the use dialing rules check box and enter the area code and phone number you wish to dial in the fields. Click on the [ next ] button. Figure 119 phone number to dial 7. In the connection availability screen, click on the only for myself radio butto...
138 d ominion sx i nstallation and o perations m anual 8. The network connection has been created, and you can complete set-up of the dial-up connection by entering the name of the dial-up connection. Figure 121 network connection wizard completion 9. Click on the [ finish ] button. 10. To connect t...
A ppendix h: tcl p rogramming g uide 139 appendix h: tcl programming guide disclaimer: the information contained in this section is subject to change without notice. Raritan shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, ...
140 d ominion sx i nstallation and o perations m anual − internal buffers are circular buffers; 64kbytes. − the buffer uses the fifo storage method. − a data stream methodology for data retrieval is used and there is no random access capability. Extensions have been made to the tcl framework to enab...
A ppendix h: tcl p rogramming g uide 141 amppermission, amplisten and ampresponse are commands to enable a tcl script to interact with other tcl users. • amppermission − on will enforce permission checking. − off will allow observers and operators to access tcl. • amplisten − remember who sent the c...
142 d ominion sx i nstallation and o perations m anual cd change the current directory to the new directory specified. This command will take a relative path or an absolute path. /ata and system related directories are not accessible. Del delete specified file name tcl commands the tcl interpreter i...
A ppendix h: tcl p rogramming g uide 143 accessing tcl window the tcl interpreter can be accessed through raritanconsole using the script menu selection, as described in chapter 4: console features . The tcl prompt is “%”. The command(s) to be executed must be entered after the prompt. The result wi...
144 d ominion sx i nstallation and o perations m anual the prompt does not return if the script contains forever-loops, but the shell is active (listening) and will take input if the script is designed to accept them. Automatic execution of a tcl script upon power up for a tcl script to be executed ...
A ppendix h: tcl p rogramming g uide 145 generating a user event tcl scripts are a powerful tool for performing true device management, in the form of customer-defined monitoring and notification of events. A sample script is shown below: #this script performs the monitoring of http servers. Proc ps...
146 d ominion sx i nstallation and o perations m anual extensions to tcl various extensions have been incorporated into tcl to support functions to interact with the raritanconsole unit. The command info comm amp (executed in a script shell window) lists all the commands that are supported. Ampsetco...
A ppendix h: tcl p rogramming g uide 147 possible error condition: % ampsetconfiguration network portaddress 2398 tcl cannot write to the configuration: locked by john smith this denotes that there is a user that is viewing/modifying the configuration of the unit and the command cannot modify the co...
148 d ominion sx i nstallation and o perations m anual ampadduser creates a new user account or edit an existing user account. The last argument is optional. Usage: ampadduser [information] • loginname : user login name • function : type of user (administrator, operator, observer) • user_name : name...
A ppendix h: tcl p rogramming g uide 149 ampreset reboots the unit. All users are disconnected. Usage: ampreset ampupgrade upgrades the unit. Ip_address specifies the server to obtain the file specified by file_path. If the login and password are specified they are used by ftp. If they are not speci...
150 d ominion sx i nstallation and o perations m anual ampsetipacl add adds an ip address to the ip acl list. Usage: ampsetipacl add • ip_address : ip address to be added to the list • subnet_mask : subnet mask % ampsetipacl add 10.0.1.120 255.255.0.0 set ip acl successful % ampsave save complete % ...
A ppendix h: tcl p rogramming g uide 151 ampgetsubscription returns a string listing all user-defined subscriptions. Ampaddsubscription creates a subscription for the url to the event specified. The url encapsulates the service to be used for notification, and any parameters required by that service...
152 d ominion sx i nstallation and o perations m anual ampdelay pauses the tcl script a number of seconds equal to the integer argument. Amptriggerevent generates an event with the appropriate associated message. The event may not begin with the amp prefix. Events that begin with the amp prefix may ...
A ppendix h: tcl p rogramming g uide 153 ampopensocket [ip_address port_number] opens a socket to a specific port on a device with a given ip address. The command returns a unique socket id. If the command fails or the arguments are improperly formatted, the command will return an error message. The...
154 d ominion sx i nstallation and o perations m anual ampreadsocket [socket_id length timeout] a non-blocking call: reads from the socket represented by the socket id until either the length or timeout is reached. Timeout is specified in microseconds; a timeout of zero indicates the socket will be ...
A ppendix h: tcl p rogramming g uide 155 basic tcl server example while (1) { amppermission off set s "" set s [amplisten] if {[string length $s] !=0} { puts $s ampresponse } if {[string length $s] == 5} { amppermision on break } } script function description: this tcl server will echo back any stri...
156 d ominion sx i nstallation and o perations m anual basic cpu utilization monitoring example #description: this tcl script checks the cpu utilization for each port connected # to a hp-ux server. It alerts the subscribed user that the threshold # limit has reached through e-mail notification. This...
A ppendix h: tcl p rogramming g uide 157 #clear any previous data in the read buffer ampclear $port #write to the console ampwrite "vmstat -n" $port #ignore the first 8 lines to read the cpu usage params. For {set i 0 } {$i set cpu [ampread 1 "" $port] } #unlock the console ampunlock $port #set ...
158 d ominion sx i nstallation and o perations m anual initevents #main loop starts here... While { 1>0 } { cpuutil $ports ampdelay $intr set rval [listencmds] if { $rval == 1} { delevents unset $ports unset $noofports unset $thr unset $intr unset $mailid break } incr ports 1 if { $ports > $noofport...
A ppendix h: tcl p rogramming g uide 159 tcl server designed to interact with a tcl user amppermission off amplock 1 ampclear 1 set val1 0.0 set val2 0.0 set val3 0.0 while { 1 } { set s [amplisten] if {[string length $s] > 0}{ if {$s == “data”}{ puts [format “mach value = %f; voltage value = %f; cu...
160 d ominion sx i nstallation and o perations m anual puts “a tcl script is running.\rinputs accepted are data/read1/read2/read3/console/quit" ampresponse } } } input received is not as per expectation. Remind user what the expected inputs are..
A ppendix i: t roubleshooting 161 appendix i: troubleshooting problems and suggested solutions page access p roblem s olution cannot login – what are factory defaults? (only for dominion sx units running firmware version 2.5 or higher) username: admin (all lower case) password: raritan (all lower ca...
162 d ominion sx i nstallation and o perations m anual firewall p roblem s olution unable to access the web page firewalls must allow access on port 80 and 443 in order for the unit to operate through a firewall. Contact your system administrator and request port 80 and 443 access. Login failure fir...
A ppendix i: t roubleshooting 163 port access p roblem s olution port access refresh the unit does not automatically refresh the port access list. It is refreshed only when the user clicks on the [ port access ] button, therefore, it is possible that a user will have permissions revoked and these ch...
164 d ominion sx i nstallation and o perations m anual.
A ppendix j: t echnical faq s 165 appendix j: technical faqs q uestion a nswer what are the browsers (and versions) supported? Netscape 7.0 or greater (but not 6.0), mozilla firefox 1.0 or higher, or internet explorer 6.0 with java microsoft vm or sun jre 1.4.2 or higher. Is the status of the unit l...
166 d ominion sx i nstallation and o perations m anual q uestion a nswer once i have assigned the unit a unique ip address, how do i access the unit in the future? Open your supported web browser, enter the ip address you have assigned to that unit into the address field, and press the enter > key. ...
A ppendix j: t echnical faq s 167.
168 d ominion sx i nstallation and o perations m anual 255-60-2000