Raritan CCA-0N-V5.1-E - Manual

Contents vi Copying Device Configuration ..................................................................................................... 87 Restarting a Device ...................................................................................................................... 88 Pinging the ...

Contents vii Adding Location and Contacts to a Node Profile ....................................................................... 111 Adding Notes to a Node Profile ................................................................................................. 111 Configuring the Virtual Infrast...

Contents viii Limit the Number of KVM Sessions per User ............................................................................ 162 Configuring Access Auditing for User Groups ........................................................................... 162 Adding, Editing, and Deleting Users ......

Contents ix Specify a Base DN........................................................................................................... 189 Specifying Modules for Authentication and Authorization ......................................................... 189 Establishing Order of External AA Servers...

Contents x Audit Trail Report ....................................................................................................................... 210 Error Log Report ........................................................................................................................ 211 Acce...

Contents xi Chapter 15 Advanced Administration 237 Configuring a Message of the Day ............................................................................................ 237 Configuring Applications for Accessing Nodes .............................................................................

Contents xii Refresh a Neighborhood ................................................................................................. 266 Delete a Neighborhood .................................................................................................... 266 Security Manager .....................

Contents xiii Navigate Administrator Console ...................................................................................... 305 Edit Diagnostic Console Configuration ............................................................................ 306 Edit Network Interfaces Configuration (Networ...

Contents xiv Appendix B CC-SG and Network Configuration 349 Required Open Ports for CC-SG Networks: Executive Summary ............................................. 349 CC-SG Communication Channels ............................................................................................. 350 CC-SG...

Contents xv Appendix C User Group Privileges 357 Appendix D SNMP Traps 366 Appendix E CSV File Imports 368 Common CSV File Requirements .............................................................................................. 369 Audit Trail Entries for Importing ..................................

Contents xvi User Information ........................................................................................................................ 389 Node Information ....................................................................................................................... 389 Loca...

xvii The following sections have changed or information has been added to the CommandCenter Secure Gateway Administrators Guide based on enhancements and changes to the equipment and/or documentation.  Add a License (on page 30)  Pause and Resume Management of Devices Using a Scheduled Task (on pa...

1 The CommandCenter Secure Gateway (CC-SG) Administrators Guide offers instructions for administering and maintaining your CC-SG. This guide is intended for administrators who typically have all available privileges. Users who are not administrators should see Raritan's CommandCenter Secure Gateway ...

Chapter 1: Introduction 2 Terminology/Acronyms Terms and acronyms found in this document include: Access Client - HTML-based client intended for use by normal access users who need to access a node managed by CC-SG. The Access Client does not allow the use of administration functions. Admin Client -...

Chapter 1: Introduction 3 Ghosted Ports - when managing Paragon devices, a ghosted port can occur when a CIM or target server is removed from the system or powered off (manually or accidentally). See Raritan's Paragon II User Guide. Hostname - can be used if DNS server support is enabled. See About ...

Chapter 1: Introduction 4 Node Groups - a defined group of nodes that are accessible to a user. Node groups are used when creating a policy to control access to the nodes in the group. Ports - connection points between a Raritan device and a node. Ports exist only on Raritan devices, and they identi...

5 You can access CC-SG in several ways:  Browser: CC-SG supports numerous web browsers (for a complete list of supported browsers, see the Compatibility Matrix on the Raritan Support website).  Thick Client: You can install a Java Web Start thick client on your client computer. The thick client fu...

Chapter 2: Accessing CC-SG 6 JRE Incompatibility If you do not have the minimum required version of JRE installed on your client computer, you will see a warning message before you can access the CC-SG Admin Client. The JRE Incompatibility W arning window opens when CC-SG cannot find the required JR...

Chapter 2: Accessing CC-SG 7 4. If the CC-SG is configured for secure browser connections, you must select the Secure Socket Layer (SSL) checkbox. If the CC-SG is not configured for secure browser connections, you must deselect the Secure Socket Layer (SSL) checkbox. This setting must be correct or ...

10 Before you can begin configuring and working in CC-SG, you must have valid licenses installed. Then, upon first login, you should confirm the IP address, set the CC-SG server time, and check the firmware and application versions installed. You may need to upgrade the firmware and applications. On...

Chapter 3: Getting Started 11 Licensing - Basic License Information Licenses are based on the number of nodes configured in CC-SG. Your purchase of a physical or virtual appliance includes a license to use a specific number of nodes. This "base license" enables CC-SG functionality and includ...

Chapter 3: Getting Started 12 CC-SG product Description Information needed to create license for first time CC-V1-256 CC-SG V1 Appliance, includes 256 Node License Host ID of the CC-SG unit CCSG128-VA CC-SG Virtual Appliance, includes 128 Node License  Host ID of the W indows or Linux license serve...

Chapter 3: Getting Started 13 3. Check the number of nodes in your database on this page. You can determine how many more nodes you can add up to your licensed limit.

Chapter 3: Getting Started 14 Licensing - New Customers - Physical Appliance If you are a new customer who has just purchased a physical CC-SG 5.0 appliance, follow these instructions to ensure that you have valid licenses installed and activated. Step 1 - Get your license: 1. The license administra...

Chapter 3: Getting Started 15 4. Click the link in the email to go to the Software License Key Login page on Raritan's website and login with the user account just created. 5. Click the Product License tab. The licenses you purchased display in a list. You may have only 1 license, or multiple licens...

Chapter 3: Getting Started 17 Licensing - Virtual Appliance with License Server The CC-SG virtual appliance requires you to install a license server to host your license. Raritan provides the license server software and tools and a vendor daemon, which you install on a physical server. See Virtual A...

Chapter 3: Getting Started 18 Download Installation Files The complete set of installation files is available at http://www.raritan.com/support/CommandCenter-Secure-Gateway/. You must log in to the Raritan Licensing Portal to access these files at this link. See Get Your License (on page 19). If you...

Chapter 3: Getting Started 19 7. Move the Raritan vendor daemon file using this command: cp raritan /home/flex/flexserverv11.8/i86_lsb/ 8. Enter this command: chmod +x raritan 9. Make sure you have the redhat-lsb package installed. To install it, run yum install redhat-lsb as root. Windows Server 1....

Chapter 3: Getting Started 20 3. Check your email for another message from Raritan Licensing Portal from the email address [email protected], with the subject line Your Raritan Commandcenter SG Software License Key is Available. 4. Click the link in the email to go to the Software License Key Lo...

Chapter 3: Getting Started 21  Linux: su - root; dmidecode -s system-uuid  Windows: Use cd to change to the /flexnet-win/i86_n3 directory, then run dmidecode -s system-uuid  Enter the TCP port number that CC-SG will use to communicate with the license server. The default port is 27000. If the lic...

Chapter 3: Getting Started 22 2. Enter this command to change to the directory. cd c:\flexnet-win\i86_n3\ 3. Run lmgrd to start the server. In the sample commands, "license-file.lic" is the file name of the .LIC file. If you have more than 1 license file, you must specify each file name in t...

Chapter 3: Getting Started 23 b. Type and then confirm the new password. The new password must be a strong password consisting of at least eight characters that are a combination of letters and numbers. 3. Press CTRL+X when you see the Welcome screen. 4. Choose Operation > Network Interfaces >...

Chapter 3: Getting Started 24 6. Select the CCSG128-VA base license then click Check-Out to activate it. 7. To activate Add-On licenses, select each license then click Check-Out. See the CC-SG Administrators Guide for more details about licenses. See the Flexera ™ FlexNet Publisher ® documentation f...

Chapter 3: Getting Started 25 Restart License Servers After an Outage If the license server goes down, and then resumes operation, or if you move, add or delete license files, you should restart the license server. Restarting the license server ensures that CC-SG is synchronized with the most curren...

Chapter 3: Getting Started 27 lmver Reports the version of a FLEXnet Publisher library or binary file, such as lmgrd, lmadmin, lmdown, vendor daemon. Install or Upgrade VMware Tools VMware Tools is recommended by VMware for all virtual machine deployments. Once you install VMware Tools on your Comma...

Chapter 3: Getting Started 28 Licensing - Limited Operation Before License Install Until you have installed and checked out the proper licenses, CC-SG operations are limited. Only the following menu choices are enabled.  Diagnostic Console: To retrieve necessary information and logs, configure netw...

Chapter 3: Getting Started 29 Licensing - Existing Customers If you are an existing CC-SG customer, with a physical CC-SG appliance, when you upgrade your CC-SG unit to 5.0 or higher, a license file is created and installed that allows you to continue using CC-SG with the number of nodes configured ...

Chapter 3: Getting Started 30 Add a License You can add a license to CC-SG if you purchase a new add-on license, or need to replace your licenses. When replacing licenses, add the base license first. Add-on licenses associated with the previous base license will be deleted automatically if they are ...

Chapter 3: Getting Started 31 Only the CC Super-User and users with similar privileges can configure Time and Date. Changing the time zone is disabled in a cluster configuration. To configure the CC-SG server time and date: 1. Choose Administration > Configuration. 2. Click the Time/Date tab. a. ...

Chapter 3: Getting Started 32 Checking and Upgrading Application Versions Check and upgrade the CC-SG applications, including Raritan Console (RC) and Raritan Remote Client (RRC). To check an application version: 1. Choose Administration > Applications. 2. Select an Application name from the list...

33 Guided Setup offers a simple way to complete initial CC-SG configuration tasks once the network configuration is complete. The Guided Setup interface leads you through the process of defining Associations, discovering and adding devices to CC-SG, creating device groups and node groups, creating u...

Chapter 4: Configuring CC-SG with Guided Setup 34 Associations in Guided Setup Create Categories and Elements To create categories and elements in Guided Setup: 1. In the Guided Setup window, click Associations, and then click Create Categories in the left panel to open the Create Categories panel. ...

Chapter 4: Configuring CC-SG with Guided Setup 35 Discover and Add Devices The Discover Devices panel opens when you click Continue at the end of the Associations task. You can also click Device Setup, and then click Discover Devices in the Guided Tasks tree view in the left panel to open the Discov...

Chapter 4: Configuring CC-SG with Guided Setup 36 14. If you are manually adding a PowerStrip device, click the Number of ports drop-down arrow and select the number of outlets the PowerStrip contains. 15. If you are adding an IPMI Server, type an Interval, used to check for availability, and an Aut...

Chapter 4: Configuring CC-SG with Guided Setup 37 3. There are two ways to add devices to a group, Select Devices and Describe Devices. The Select Devices tab allows you to select which devices you want to assign to the group by selecting them from the list of available devices. The Describe Devices...

Chapter 4: Configuring CC-SG with Guided Setup 38  Select Nodes a. Click the Select Nodes tab in the Node Group: New panel. b. In the Available list, select the node you want to add to the group, and then click Add to move the node into the Selected list. Nodes in the Selected list will be added to...

Chapter 4: Configuring CC-SG with Guided Setup 39 Add User Groups and Users The Add User Group panel opens when you click Continue at the end of the Create Groups task. You can also click User Management, and then click Add User Group in the Guided Tasks tree view in the left panel to open the Add U...

41 In This Chapter About Associations .................................................................................. 41 Adding, Editing, and Deleting Categories and Elements ........................ 42 Adding Categories and Elements with CSV File Import .......................... 43 About Associ...

Chapter 5: Associations, Categories, and Elements 42 Policies also use categories and elements to control user access to servers. For example, the category/element pair Location/America can be used to create a Policy to control user access to servers in America. See Policies for Access Control (on p...

Chapter 5: Associations, Categories, and Elements 43  Select Integer if the value is a number. 5. In the Applicable For field, select whether this category applies to: Devices, Nodes, or Device and Nodes. 6. Click OK to create the new category. The new category name appears in the Category Name fie...

Chapter 5: Associations, Categories, and Elements 44 Categories and Elements CSV File Requirements The categories and elements CSV file defines the categories, their associated elements, their type, and whether they apply to devices, nodes or both.  All CATEGORY and CATEGORYELEMENT records are rela...

Chapter 5: Associations, Categories, and Elements 45 Sample Categories and Elements CSV File ADD, CATEGORY, OS, String, Node ADD, CATEGORYELEMENT, OS, UNIX ADD, CATEGORYELEMENT, OS, WINDOWS ADD, CATEGORYELEMENT, OS, LINUX ADD, CATEGORY, Location, String, Device ADD, CATEGORYELEMENT, Location, Aisle ...

Chapter 5: Associations, Categories, and Elements 46 Export Categories and Elements The export file contains comments at the top that describe each item in the file. The comments can be used as instructions for creating a file for importing. To export categories and elements: 1. Choose Administratio...

47 To add Raritan PowerStrip Devices that are connected to other Raritan devices to CC-SG, see Managed PowerStrips (on page 93). Note: To configure iLO/RILOE devices, IPMI devices, Dell DRAC devices, IBM RSA devices, or other non-Raritan devices, use the Add Node menu and add these items as an inter...

Chapter 6: Devices, Device Groups, and Ports 48 Viewing Devices The Devices Tab Click the Devices tab to display all devices under CC-SG management. Each device's configured ports are nested under the devices they belong to. Devices with configured ports appear in the list with a + symbol. Click the...

Chapter 6: Devices, Device Groups, and Ports 50 Note: For blade servers without an integrated KVM switch, such as HP BladeSystem servers, their parent device is the virtual blade chassis that CC-SG creates, not the KX2 device. These servers will be sorted only within the virtual blade chassis device...

Chapter 6: Devices, Device Groups, and Ports 51 The Device Profile includes tabs that contain information about the device. Associations tab The Associations tab contains all categories and elements assigned to the node. You can change the associations by making different selections. See Association...

Chapter 6: Devices, Device Groups, and Ports 52 2. Choose Devices > Device Manager > Topology View. The Topology View for the selected device appears.  Click + or - to expand or collapse the view. Right Click Options in the Devices Tab You can right-click a device or port in the Devices tab t...

Chapter 6: Devices, Device Groups, and Ports 53 Discovering Devices Discover Devices initiates a search for all devices on your network. After discovering the devices, you may add them to CC-SG if they are not already managed. To discover devices: 1. Choose Devices > Discover Devices. 2. Type the...

Chapter 6: Devices, Device Groups, and Ports 54 Adding a Device Devices must be added to CC-SG before you can configure ports or add interfaces that provide access to the nodes connected to ports. The Add Device screen is used to add devices whose properties you know and can provide to CC-SG. To sea...

Chapter 6: Devices, Device Groups, and Ports 57  If you do not see the Category or Element values you want to use, you can add others. See Associations, Categories, and Elements (on page 41). 8. When you are done configuring this device, click Apply to add this device and open a new blank Add Devic...

Chapter 6: Devices, Device Groups, and Ports 58 2. Type the new device properties in the appropriate fields on this screen. If necessary, edit the Categories and Elements associated with this device. 3. Click the Outlet tab to view all outlets of this PowerStrip. 4. If an outlet is associated with a...

Chapter 6: Devices, Device Groups, and Ports 59 Adding Location and Contacts to a Device Profile Enter details about the location of the device and contact information for the people who administer or use the device. To add location and contacts to a device profile: 1. Select a device in the Devices...

Chapter 6: Devices, Device Groups, and Ports 60 Configuring Ports If all ports of a device were not automatically added by selecting Configure all ports when you added the device , use the Configure Ports screen to add individual ports or a set of ports on the device to CC-SG. Once you configure por...

Chapter 6: Devices, Device Groups, and Ports 61 3. Click the Configure button that corresponds to the KVM port you want to configure. 4. Type a port name in the Port Name field. For ease of use, name the port after the target that is connected to the port. See Naming Conventions (on page 389) for de...

Chapter 6: Devices, Device Groups, and Ports 62 3. Click the Access Application drop-down menu and select the application you want to use when you connect to this port from the list. To allow CC-SG to automatically select the correct application based on your browser, select Auto-Detect. 4. Click OK...

Chapter 6: Devices, Device Groups, and Ports 63 3. Select the checkbox of the port you want to delete. 4. Click OK to delete the selected port. A message appears when the port has been deleted. Configuring a Blade Chassis Device Connected to KX2 Blade Chassis Overview There are two types of blade ch...

Chapter 6: Devices, Device Groups, and Ports 64 Add a Blade Chassis Device The procedure to add a blade chassis device varies depending on the blade chassis type. A blade chassis device always show two names in the Devices tab: the name without the parentheses is retrieved from the KX2 device, and t...

Chapter 6: Devices, Device Groups, and Ports 65 Configuring Slots on a Blade Chassis Device If the blade servers or slots are not configured yet in CC-SG. you must configure them by following the procedure in this section, or the blade servers do not appear in the Devices and Nodes tabs. An Out-of-B...

Chapter 6: Devices, Device Groups, and Ports 66  To configure each slot individually, click the Configure button next to the slot. Then type a name for the slot in the Port Name field, and type a node name in the Node Name field. The default Access Application is set according to the default applic...

Chapter 6: Devices, Device Groups, and Ports 68 Move a Blade Chassis Device to a Different Port When physically moving a blade chassis device from one KX2 device or port to another KX2 device or port, CC-SG cannot detect and automatically update the configuration data of the blade chassis device to ...

Chapter 6: Devices, Device Groups, and Ports 69 Bulk Copying for Device Associations, Location and Contacts The Bulk Copy command allows you to copy categories, elements, location and contact information from one device to multiple other devices. Note that the selected information is the only proper...

Chapter 6: Devices, Device Groups, and Ports 70 Configuring Analog KVM Switches Connected to KX2 2.3 or Higher KX2 version 2.3 enables you to connect a generic analog KVM switch to a target port. The generic analog KVM switch and its ports will be available as nodes to CC-SG. You must configure this...

Chapter 6: Devices, Device Groups, and Ports 71 4. Select the checkbox for each slot you want to configure, then click OK. To configure slots from the Configure Ports screen: 1. In the Devices tab, click the + next to the KX2 device that is connected to the KVM switch device. 2. Select the KVM switc...

Chapter 6: Devices, Device Groups, and Ports 72 Device Groups Overview Device groups are used to organize devices into a set. The device group will become the basis for a policy either allowing or denying access to this particular set of devices. See Adding a Policy (on page 176). Devices can be gro...

Chapter 6: Devices, Device Groups, and Ports 73 2. Click the New Group icon in the toolbar. The Device Group: New panel appears. 3. In the Group Name field, type a name for a device group you want to create. See Naming Conventions (on page 389) for details on CC-SG's rules for name lengths. 4. There...

Chapter 6: Devices, Device Groups, and Ports 76 Describe Method versus Select Method Use the describe method when you want your group to be based on some attribute of the node or devices, such as the categories and elements. The advantage of the describe method is that when you add more devices or n...

Chapter 6: Devices, Device Groups, and Ports 77 Adding Devices with CSV File Import You can add devices to CC-SG by importing a CSV file that contains the values. You must have the Device, Port, and Node Management and CC Setup and Control privileges to import and export devices. You must be assigne...

Chapter 6: Devices, Device Groups, and Ports 80 Column number Tag or value Details 6 Blade Name Optional. If left blank, the name assigned at the device level is used. If a name is entered in the CSV file, it will be copied to the device level. 7 Node Name Enter a name for the node that will be crea...

Chapter 6: Devices, Device Groups, and Ports 81 Column number Tag or value Details 2 DEVICE-CATEGORYELEMENT Enter the tag as shown. Tags are not case sensitive. 3 Device Name Required field. 4 Category Name Required field. 5 Element Name Required field. Sample Devices CSV File ADD, DEVICE, DOMINION ...

Chapter 6: Devices, Device Groups, and Ports 82 6. To view more import results details, check the Audit Trail report. See Audit Trail Entries for Importing (on page 370). Export Devices The export file contains comments at the top that describe each item in the file. The comments can be used as inst...

Chapter 6: Devices, Device Groups, and Ports 83 Backing Up a Device Configuration You can back up all user configuration and system configuration files for a selected device. If anything happens to the device, you can restore the previous configurations from CC-SG using the backup file created. The ...

Chapter 6: Devices, Device Groups, and Ports 84 Restoring Device Configurations The following device types allow you to restore a full backup of the device configuration.  KX  KSX  KX101  SX  IP-Reach KX2, KSX2, and KX2-101 devices allow you to choose which components of a backup you want to re...

Chapter 6: Devices, Device Groups, and Ports 87 3. Click Upload. Navigate to and select the device backup file. The file type is .rfp. Click Open. The device backup file uploads to CC-SG and appears in the page. Copying Device Configuration The following device types allow you to copy configurations...

Chapter 6: Devices, Device Groups, and Ports 88 Restarting a Device Use the Restart Device function to restart a device. To restart a device 1. Click the Devices tab and select the device you want to restart. 2. Choose Devices > Device Manager > Restart Device. 3. Click OK to restart the devic...

Chapter 6: Devices, Device Groups, and Ports 89 Resuming Management of a Device You can resume CC-SG management of a paused device to bring it back under CC-SG control. To resume CC-SG's management of a paused device: 1. Click the Devices tab and select the paused device from the Devices tree. 2. Ch...

Chapter 6: Devices, Device Groups, and Ports 90 6. Select the devices to include in the task by selecting a device group from the Device Group drop-down list. Select the devices to include in the Available list, then use the arrow buttons to move the devices to the Selected list. Devices in the Sele...

Chapter 6: Devices, Device Groups, and Ports 91 Disconnecting Users Administrators can terminate any user's session on a device. This includes users who are performing any kind of operation on a device, such as connecting to ports, backing up the configuration of a device, restoring a device's confi...

Chapter 6: Devices, Device Groups, and Ports 92 IP-Reach and UST-IP Administration You can perform administrative diagnostics on IP-Reach and UST-IP devices connected to your Paragon System setup directly from the CC-SG interface. After adding the Paragon System device to CC-SG, it appears in the De...

93 There are three ways to configure power control using powerstrips in CC-SG. 1. All supported Raritan-brand powerstrips can be connected to another Raritan device and added to CC-SG as a Powerstrip device. Raritan-brand powerstrips include Dominion PX and RPC powerstrips. Check the Compatibility M...

Chapter 7: Managed Powerstrips 94 Configuring Powerstrips that are Managed by Another Device in CC-SG In CC-SG, managed powerstrips can be connected to one of the following devices:  Dominion KX  Dominion KX2  Dominion KX2-101  Dominion SX 3.0  Dominion SX 3.1  Dominion KSX  Dominion KSX2  P...

Chapter 7: Managed Powerstrips 95 Configuring PowerStrips Connected to KX, KX2, KX2-101, KSX2, and P2SC CC-SG automatically detects PowerStrips connected to KX, KX2, KX2-101, KSX2, and P2SC devices. You can perform the following tasks in CC-SG to configure and manage PowerStrips connected to these d...

Chapter 7: Managed Powerstrips 96 Delete a PowerStrip Connected to a KX, KX2, KX2-101, KSX2, or P2SC Device You cannot delete a PowerStrip connected to a KX, KX2, KX2-101, KSX2, or P2SC device from CC-SG. You must physically disconnect the PowerStrip from the device to delete the PowerStrip from CC-...

Chapter 7: Managed Powerstrips 97 10. For each Category listed, click the Element drop-down menu and select the element you want to apply to the device. Select the blank item in the Element field for each Category you do not want to use. See Associations, Categories, and Elements (on page 41). Optio...

Chapter 7: Managed Powerstrips 98 Configuring Powerstrips Connected to SX 3.1 You can perform the following tasks in CC-SG to configure and manage Powerstrips connected to SX 3.1 devices.  Add a Powerstrip Connected to an SX 3.1 Device (on page 98)  Move an SX 3.1's Powerstrip to a Different Port ...

Chapter 7: Managed Powerstrips 99 Move an SX 3.1's Powerstrip to a Different Port When you physically move a Powerstrip from one SX 3.1 device or port to another SX 3.1 device or port, you must delete the Powerstrip from the old SX 3.1 port and add it to the new SX 3.1 port. See Delete a Powerstrip ...

Chapter 7: Managed Powerstrips 100  To configure multiple outlets with the default names shown in the screen, select the checkbox for each outlet you want to configure, and then click OK to configure each outlet with the default name.  To configure each outlet individually, click the Configure but...

101 This section covers how to view, configure, and edit nodes and their associated interfaces, and how to create node groups. Connecting to nodes is covered briefly. See Raritan's CommandCenter Secure Gateway User Guide for details on connecting to nodes. In This Chapter Nodes and Interfaces Overvi...

Chapter 8: Nodes, Node Groups, and Interfaces 102 Node Names Node names must be unique. CC-SG will prompt you with options if you attempt to manually add a node with an existing node name. When CC-SG automatically adds nodes, a numbering system ensures that node names are unique. See Naming Conventi...

Chapter 8: Nodes, Node Groups, and Interfaces 103 Node Profile Click a Node in the Nodes tab to open the Node Profile page. The Node Profile page includes tabs that contain information about the node.

Chapter 8: Nodes, Node Groups, and Interfaces 106 Service Accounts Service Accounts Overview Service accounts are special login credentials that you can assign to multiple interfaces. You can save time by assigning a service account to a set of interfaces that often require a password change. You ca...

Chapter 8: Nodes, Node Groups, and Interfaces 108 2. Find the service account whose password you want to change. 3. Enter the new password in the Password field. 4. Re-type the password in the Retype Password field. 5. Click OK. Note: CC-SG updates all interfaces that use the service account to use ...

Chapter 8: Nodes, Node Groups, and Interfaces 109 Adding, Editing, and Deleting Nodes Add a Node To add a node to CC-SG: 1. Click the Nodes tab. 2. Choose Nodes > Add Node. 3. Type a name for the node in the Node Name field. All node names in CC-SG must be unique. See Naming Conventions (on page ...

Chapter 8: Nodes, Node Groups, and Interfaces 110 Nodes Created by Configuring Ports When you configure the ports of a device, a node is created automatically for each port. An interface is also created for each node. When a node is automatically created, it is given the same name as the port to whi...

Chapter 8: Nodes, Node Groups, and Interfaces 111 Adding Location and Contacts to a Node Profile Enter details about the location of the node, and contact information for the people who administer or use the node. To add location and contacts to a node profile: 1. Select a node in the Nodes tab. The...

Chapter 8: Nodes, Node Groups, and Interfaces 112 Configuring the Virtual Infrastructure in CC-SG Terminology for Virtual Infrastructure CC-SG uses the following terminology for virtual infrastructure components. Term Definition Example Control System The Control System is the managing server. The C...

Chapter 8: Nodes, Node Groups, and Interfaces 113 Virtual Nodes Overview You can configure your virtual infrastructure for access in CC-SG. The Virtualization page offers two wizard tools, Add Control System wizard and Add Virtual Host wizard, that help you add control systems, virtual hosts, and th...

Chapter 8: Nodes, Node Groups, and Interfaces 118  VI Client Interfaces  VMware Viewer Interfaces  Virtual Power Interfaces  RDP, VNC, and SSH Interfaces, if specified b. Enter login credentials, if needed. Some interface types do not require login credentials.:  To use a Service Account, selec...

Chapter 8: Nodes, Node Groups, and Interfaces 119 5. Change the information as needed. See Add a Control System with Virtual Hosts and Virtual Machines (on page 113) and Add a Virtual Host with Virtual Machines (on page 116) for complete field descriptions. 6. Click Next. 7. Delete one or multiple v...

Chapter 8: Nodes, Node Groups, and Interfaces 121 vSphere 4 Users Must Install New Plug-In When upgrading your virtual environment from a previous version to vSphere 4, you must remove the VMware Remote Console plug-in from the browser. After removing the plug-in, the correct plug-in for vSphere4 wi...

Chapter 8: Nodes, Node Groups, and Interfaces 123 Reboot or Force Reboot a Virtual Host Node You can reboot or force reboot the virtual host server. A Reboot operation performs a normal reboot of the virtual host server when it is in maintenance mode. A Force Reboot operation forces the virtual host...

Chapter 8: Nodes, Node Groups, and Interfaces 124 Connecting to a Node Once a node has an interface, you can connect to that node through the interface in several different ways. See Raritan's CommandCenter Secure Gateway User Guide. To connect to a node: 1. Click the Nodes tab. 2. Select the node t...

Chapter 8: Nodes, Node Groups, and Interfaces 125 Adding, Editing, and Deleting Interfaces Add an Interface Note: Interfaces for virtual nodes, such as control system, virtual hosts, and virtual machines, can only be added using the Virtualization tools under Nodes > Virtualization. See Configuri...

Chapter 8: Nodes, Node Groups, and Interfaces 127 Interfaces for In-Band Connections In-band connections include RDP, VNC, SSH, RSA KVM, iLO Processor KVM, DRAC KVM, and TELNET. Telnet is not a secure access method. All usernames, passwords, and traffic are transmitted in clear text. To add an inter...

Chapter 8: Nodes, Node Groups, and Interfaces 129 Interfaces for DRAC Power Control Connections To add an interface for DRAC power control connections: 1. Type the IP Address or Hostname for this interface in the IP Address/Hostname field. 2. Type a TCP Port for this connection in the TCP Port field...

Chapter 8: Nodes, Node Groups, and Interfaces 130 RSA Interface Details When you create an In-Band RSA KVM or Power interface, CC-SG discards the username and password associated with the interface, and creates two user accounts on the RSA server. This allows you to have simultaneous KVM and power a...

Chapter 8: Nodes, Node Groups, and Interfaces 131 3. Power Strip Name: select the Power Strip or PX device that provides power to the node. The power strip or PX device must be configured in CC-SG before it appears in this list. 4. Outlet Name: select the name of the outlet the node is plugged into....

Chapter 8: Nodes, Node Groups, and Interfaces 132 Interfaces for Power IQ Proxy Power Control Connections Add a Power IQ Proxy power control interface when you want to use CC-SG to control power to a Power IQ IT device that you've added to CC-SG as a node. This enables you to control power to nodes ...

Chapter 8: Nodes, Node Groups, and Interfaces 133 Web Browser Interface You can add a W eb Browser Interface to create a connection to a device with an embedded web server, such as a Dominion PX. See Example: Adding a Web Browser Interface to a PX Node (on page 134). For a blade chassis with an inte...

Chapter 8: Nodes, Node Groups, and Interfaces 134 5. Type the field names for the username and password fields used in the login screen for the web application in the Username Field and Password Field. You must view the HTML source of the login screen to find the field names, not the field labels. S...

Chapter 8: Nodes, Node Groups, and Interfaces 135 Results of Adding an Interface When you add an interface to a node, it appears in the Interfaces table and the Default Interface drop-down menu of the Add Node or Node Profile screen. You can click the drop-down menu to select the default interface t...

Chapter 8: Nodes, Node Groups, and Interfaces 136 Bookmarking an Interface If you frequently access a node via a particular interface, you can bookmark it so that it is readily available from your browser. To bookmark an interface in any browser: 1. In the Nodes tab, select the interface you want to...

Chapter 8: Nodes, Node Groups, and Interfaces 137 Configuring Direct Port Access to a Node You can configure Direct Port Access to a node using the Bookmark Node Interface feature. See Bookmarking an Interface (on page 136). Bulk Copying for Node Associations, Location and Contacts The Bulk Copy com...

Chapter 8: Nodes, Node Groups, and Interfaces 138 Using Chat Chat provides a way for users connected to the same node to communicate with each other. You must be connected to a node to start a chat session for that node. Only users on the same node can chat with each other. To start a chat session: ...

Chapter 8: Nodes, Node Groups, and Interfaces 139 Nodes CSV File Requirements The nodes CSV file defines the nodes, interfaces, and their details required to add them to CC-SG.  Node names must be unique. If you enter duplicate node names, CC-SG adds a number in parentheses to the name to make it u...

Chapter 8: Nodes, Node Groups, and Interfaces 142 Column number in CSV file Tag or value Details Default is Java. To add an SSH or TELNET interface to the CSV file: Column number Tag or value Details 1 ADD The first column for all tags is the command ADD . 2 NODE-SSH-INTERFACE for SSH interfaces NOD...

Chapter 8: Nodes, Node Groups, and Interfaces 147 Column number Tag or value Details 12 Description Optional. To add a Power IQ Proxy power control interface to the CSV file: See Power Control of Power IQ IT Devices (on page 337) for details about configuring this interface type. Column number Tag o...

Chapter 8: Nodes, Node Groups, and Interfaces 148 To assign categories and elements to a node to the CSV file: Categories and elements must already be created in CC-SG. You can assign multiple elements of the same category to a node in the CSV file. Column number Tag or value Details 1 ADD The first...

Chapter 8: Nodes, Node Groups, and Interfaces 149  If the file is not valid, an error message appears. Click OK and look at the Problems area of the page for a description of the problems with the file. Click Save to File to save the problems list. Correct your CSV file and then try to validate it ...

Chapter 8: Nodes, Node Groups, and Interfaces 150 7. Import the .csv file. See Import Nodes (on page 148). Adding, Editing, and Deleting Node Groups Node Groups Overview Node groups are used to organize nodes into a set. The node group will become the basis for a policy either allowing or denying ac...

Chapter 8: Nodes, Node Groups, and Interfaces 151 Add a Node Group To add a node group: 1. Choose Associations > Node Group. The Node Groups Manager window appears 2. Choose Groups > New. A template for a node group appears. 3. In the Group Name field, type a name for a node group you want to ...

Chapter 8: Nodes, Node Groups, and Interfaces 152  To remove a node from the group, select the node name in the Selected list and click Remove.  You can search for a node in either the Available or Selected list. Type the search terms in the field below the list, and then click Go 4. If you want t...

156 User accounts are created so that users can be assigned a username and password to access CC-SG. A User Group defines a set of privileges for its members. You cannot assign privileges to users themselves, only to user groups. All users must belong to at least one user group. CC-SG maintains a ce...

Chapter 9: Users and User Groups 157 The Users Tab Click the Users tab to display all user groups and users in CC-SG. Users are nested underneath the user groups to which they belong. User groups with users assigned to them appear in the list with a + symbol next to them. Click the + to expand or co...

Chapter 9: Users and User Groups 158 Default User Groups CC-SG is configured with three default user groups: CC-Super User, System Administrators, and CC Users. CC Super-User Group The CC Super-User group has full administrative and access privileges. Only one user can be a member of this group. The...

Chapter 9: Users and User Groups 159 Adding, Editing, and Deleting User Groups Add a User Group Creating user groups first will help you organize users when the users are added. W hen a user group is created, a set of privileges is assigned to the user group. Users assigned to the group will inherit...

Chapter 9: Users and User Groups 160 The All Policies table lists all the policies available on CC-SG. Each policy represents a rule allowing or denying access to a group of nodes. See Policies for Access Control (on page 175) for details on policies and how they are created. 9. In the All Policies ...

Chapter 9: Users and User Groups 161 7. Select the checkbox that corresponds to each privilege you want to assign to the user group. Deselect a privilege to remove it from the group. 8. In the Node Access area, click the drop-down menu for each kind of interface you want this group to have access th...

Chapter 9: Users and User Groups 162 Limit the Number of KVM Sessions per User You can limit the number of KVM sessions allowed per user for sessions with Dominion KXII, KSXII and KX (KX1) devices. This prevents any single user from using all available channels at once. When a user attempts a connec...

Chapter 9: Users and User Groups 163 2. Select the Require Users to Enter Access Information When Connecting to a Node checkbox. 3. In the Message to Users field, enter a message that users will see when attempting to access a node. A default message is provided. 256 character maximum. 4. Move the u...

Chapter 9: Users and User Groups 164 If strong passwords are enabled, the password entered must conform to the established rules. The information bar at the top of the screen will display messages to assist with the password requirements. See Advanced Administration (on page 237) for details on stro...

Chapter 9: Users and User Groups 165 4. In the New Password and Retype New Password fields, type a new password to change this user's password. Note: If Strong Passwords are enabled, the password entered must conform to the established rules. The information bar at the top of the screen will assist ...

Chapter 9: Users and User Groups 166 4. Users who are not assigned to the target group appear in the Users not in group list.  Select the users you want to add from this list, and then click > to move them to the Users in group list.  Click the >> button to move all users not in the group...

Chapter 9: Users and User Groups 167 Users CSV File Requirements The import enables you to add user groups, users, and AD modules, and assign policies and permissions and user groups.  Policies must already be created in CC-SG. The import assigns the policy to a user group. You cannot create new po...

Chapter 9: Users and User Groups 170 Column number Tag or value Details Periodically is set to TRUE, specify the number of days after which password must be changed. Enter just the number, from 1 to 365 . To add a user to a user group: Column number Tag or value Details 1 ADD The first column for al...

Chapter 9: Users and User Groups 171 Import Users Once you've created the CSV file, validate it to check for errors then import it. Duplicate records are skipped and are not added. 1. Choose Administration > Import > Import Users. 2. Click Browse and select the CSV file to import. Click Open. ...

Chapter 9: Users and User Groups 172 Your User Profile My Profile allows all users to view details about their account, change some details, and customize usability settings. It is the only way for the CC Super User account to change the account name. To view your profile: Choose Secure Gateway >...

Chapter 9: Users and User Groups 173  Find Matching String - Does not support the use of wildcards and will highlight the closest match in the nodes, users, or devices as you type. The list will be limited to those items that contain the search criteria after clicking Search. 3. Click OK to save yo...

Chapter 9: Users and User Groups 174 To log out all users of a User Group: 1. In the Users tab, select the user group you want to log out of CC-SG.  To log out multiple user groups, hold the Shift key as you click additional user groups. 2. Choose Users > User Group Manager > Logout Users. Th...

175 Policies are rules that define which nodes and devices users can access, when they can access them, and whether virtual-media permissions are enabled, where applicable. The easiest way to create policies is to categorize your nodes and devices into node groups and device groups, and then create ...

Chapter 10: Policies for Access Control 177 14. If you selected Control in the Device/Node Access Permission field, the Virtual Media Permission section will become enabled. In the Virtual Media Permission field, select an option to allow or deny access to virtual media available in the selected nod...

Chapter 10: Policies for Access Control 178 9. Select the checkbox that corresponds to each day you want this policy to cover. 10. In the Start Time field, type the time of day this policy goes into effect. The time must be in 24-Hour format. 11. In the End Time field, type the time of day this poli...

Chapter 10: Policies for Access Control 179 Support for Virtual Media CC-SG provides remote virtual media support for nodes connected to virtual media-enabled KX2, KSX2, and KX2-101 devices. For detailed instructions on accessing virtual media with your device, see:  Dominion KX II User Guide  Dom...

180 Custom Views enable you to specify different ways to display the nodes and devices in the left panel, using Categories, Node Groups, and Device Groups. In This Chapter Types of Custom Views ......................................................................... 180 Using Custom Views in the Ad...

Chapter 11: Custom Views for Devices and Nodes 181 Using Custom Views in the Admin Client Custom Views for Nodes Add a Custom View for Nodes To add a custom view for nodes: 1. Click the Nodes tab. 2. Choose Nodes > Change View > Create Custom View. The Custom View screen appears. 3. In the Cus...

Chapter 11: Custom Views for Devices and Nodes 182 2. Click the Name drop-down arrow and select a custom view from the list. 3. Click Apply View. or  Choose Nodes > Change View. All defined custom views are options in the pop-up menu. Choose the custom view you want to apply. Change a Custom Vie...

Chapter 11: Custom Views for Devices and Nodes 183 2. Choose Nodes > Change View > Create Custom View. The Custom View screen appears. 3. Click the Name drop-down arrow, and select a custom view from the list. Details of the items included and their order appear in the Custom View Details pane...

Chapter 11: Custom Views for Devices and Nodes 184 3. In the Custom View panel, click Add. The Add Custom View window appears. 4. Type a name for the new custom view in the Custom View Name field. 5. In the Custom View Type section:  Select Filter by Device Group to create a custom view that displa...

Chapter 11: Custom Views for Devices and Nodes 185 2. Choose Devices > Change View > Create Custom View. The Custom View screen appears. 3. Click the Name drop-down arrow, and select a custom view from the list. Details of the items included and their order appear in the Custom View Details pa...

Chapter 11: Custom Views for Devices and Nodes 186 Assign a Default Custom View for Devices To assign a default custom view for devices: 1. Click the Devices tab. 2. Choose Devices > Change View > Create Custom View. The Custom View screen appears. 3. Click the Name drop-down arrow, and select...

187 In This Chapter Authentication and Authorization (AA) Overview .................................. 187 Distinguished Names for LDAP and AD ................................................ 188 Specifying Modules for Authentication and Authorization ..................... 189 Establishing Order of E...

Chapter 12: Remote Authentication 188 2. CC-SG connects to the external server and sends the username and password. 3. Username and password are either accepted or rejected and sent back. If authentication is rejected, this results in a failed login attempt. 4. If authentication is successful, autho...

Chapter 12: Remote Authentication 189 Specify a Distinguished Name for LDAP Distinguished Names for Netscape LDAP and eDirectory LDAP should follow this structure:  user id (uid), organizational unit (ou), organization (o) Specify a Username for AD When authenticating CC-SG users on an AD server by...

Chapter 12: Remote Authentication 190 Establishing Order of External AA Servers CC-SG will query the configured external authorization and authentication servers in the order that you specify. If the first checked option is unavailable, CC-SG will try the second, then the third, and so on, until it ...

Chapter 12: Remote Authentication 191 5. Type a name for the AD server in the Module name field.  The maximum number of characters is 31.  All printable characters may be used.  The module name is optional and is specified only to distinguish this AD server module from any others that you configu...

Chapter 12: Remote Authentication 192  [email protected]  Raritan/UserName Note: The user specified must have permission to execute search queries in the AD domain. For example, the user may belong to a group within AD that has Group scope set to Global, and Group type set to Security. 5. Type ...

Chapter 12: Remote Authentication 193 5. Type a user's attributes in the Filter field so the search query will be restricted to only those entries that meet this criterion. The default filter is objectclass=user, which means that only entries of the type user are searched. 6. Specify the way in whic...

Chapter 12: Remote Authentication 194 3. Type a user's attributes in the Filter field so the search query for the user in the group will be restricted to only those entries that meet this criterion. For example, if you specify cn=Groups,dc=raritan,dc=com as the Base DN and (objectclass=group) as the...

Chapter 12: Remote Authentication 195 Editing an AD Module Once you have configured AD modules, you can edit them at any time. To edit an AD module: 1. Choose Administration > Security. 2. Click the Authentication tab. All configured external Authorization and Authentication Servers appear in a t...

Chapter 12: Remote Authentication 197 Synchronizing AD with CC-SG There are several methods for synchronizing the information on CC-SG with the information on your AD server.  Daily synchronization of all modules: You can enable scheduled synchronization to allow CC-SG to synchronize all AD modules...

Chapter 12: Remote Authentication 198 Synchronize All User Groups with AD You should synchronize all user groups if you have made a change to a user group, such as moving a user group from one AD module to another. You can also change the AD association of a user group manually, in the User Group Pr...

Chapter 12: Remote Authentication 199 Synchronize All AD Modules You should synchronize all AD Modules whenever you change or delete a user in AD, change user permissions in AD, or make changes to a domain controller. When you synchronize all AD modules, CC-SG retrieves the user groups for all confi...

Chapter 12: Remote Authentication 200 To disable daily synchronization of all AD modules: 1. Choose Administration > Security. 2. Click the Authentication tab. All configured Authorization and Authentication Servers appear in a table. 3. Deselect the Daily synchronization of All Modules checkbox....

Chapter 12: Remote Authentication 201 Renaming and Moving AD Groups Renaming a group in AD: When an AD group that has been imported into CC-SG changes its name in AD, CC-SG reports a warning in the Audit Trail when the name change is detected, either at synchronization or when an affected AD user lo...

Chapter 12: Remote Authentication 203 2. Select Base 64 if you want the password to be sent to the LDAP server with encryption. Select Plain Text if you want the password to be sent to the LDAP server as plain text. 3. Default Digest: select the default encryption of user passwords. 4. Type the user...

Chapter 12: Remote Authentication 205 About TACACS+ and CC-SG CC-SG users who are remotely authenticated by a TACACS+ server must be created on the TACACS+ server and on CC-SG. The user name on the TACACS+ server and on CC-SG must be the same, although the passwords may be different. See Users and U...

Chapter 12: Remote Authentication 206 About RADIUS and CC-SG CC-SG users who are remotely authenticated by a RADIUS server must be created on the RADIUS server and on CC-SG. The user name on the RADIUS server and on CC-SG must be the same, although the passwords may be different. See Users and User ...

Chapter 12: Remote Authentication 207 Two-Factor Authentication Using RADIUS By using an RSA RADIUS Server that supports two-factor authentication in conjunction with an RSA Authentication Manager, CC-SG can make use of two-factor authentication schemes with dynamic tokens. In such an environment, u...

208 In This Chapter Using Reports ........................................................................................ 208 Audit Trail Report ................................................................................... 210 Error Log Report ....................................................

Chapter 13: Reports 210 Purge a Report's Data From CC-SG You can purge the data that appears in the Audit Trail and Error Log reports. Purging these reports deletes all data that satisfy the search criteria used. For example, if you search for all Audit Trail entries from March 26, 2008 through Marc...

Chapter 13: Reports 211 3. You can limit the data that the report will contain by entering additional parameters in the Message Type, Message, Username, and User IP address fields. Wildcards are accepted in these fields except for the Message Type field.  To limit the report to a type of message, s...

Chapter 13: Reports 212  Click Purge to delete the Error Log. See Purge a Report's Data from CC-SG (on page 210). Access Report Generate the Access report to view information about accessed devices and nodes, when they were accessed, and the user who accessed them. To generate the Access Report: 1....

Chapter 13: Reports 213 3. Click Apply. Active Users Report The Active Users report displays current users and user sessions. You can select active users from the report and disconnect them from CC-SG. To generate the Active Users report:  Choose Reports > Users > Active Users. To disconnect ...

Chapter 13: Reports 214  The Password Expiration field displays the number of days that the user can use the same password before being forced to change it. See Add a User (on page 163).  The Groups field displays the user groups to which the user belongs.  The Privileges field displays the CC-SG...

Chapter 13: Reports 215 Device Group Data Report The Device Group Data report displays device group information. To generate the Device Group Data report: 1. Choose Reports > Devices > Device Group Data. 2. Double-click a row to display the list of devices in the group. Query Port Report The Q...

Chapter 13: Reports 216 State Type Port State Definition been configured. 3. Select Ghosted Ports to include ports that are ghosted. A ghosted port can occur when a CIM or target server is removed from a Paragon system or powered off (manually or accidentally). See Raritan's Paragon II User Guide. O...

Chapter 13: Reports 217 3. The URL column contains direct links to each node. You can use this information to create a web page with links to each node, instead of bookmarking each node individually. See Bookmarking an Interface (on page 136). Active Nodes Report The Active Nodes report includes the...

Chapter 13: Reports 218 Node Group Data Report The Node Group Data report displays the list of nodes that belong to each group, the user groups that have access to each node group, and, if applicable, the rules that define the node group. The list of nodes is in the report details, which you can vie...

Chapter 13: Reports 219 Scheduled Reports Scheduled Reports displays reports that were scheduled in the Task Manager. You can find the Upgrade Device Firmware reports and Restart Device reports in the Scheduled Reports screen. Scheduled reports can be viewed in HTML format only. See Task Manager (on...

Chapter 13: Reports 220 Upgrade Device Firmware Report The Upgrade Device Firmware report is located in the Scheduled Reports list. This report is generated when an Upgrade Device Firmware task is running. View the report to get real-time status information about the task. Once the task has complete...

221 In This Chapter Maintenance Mode ................................................................................ 221 Entering Maintenance Mode.................................................................. 222 Exiting Maintenance Mode ............................................................

Chapter 14: System Maintenance 222 Entering Maintenance Mode 1. Choose System Maintenance > Maintenance Mode > Enter Maintenance Mode. 2. Password: Type your password. Only users with the CC Setup and Control privilege can enter maintenance mode. 3. Broadcast message: Type the message that wil...

Chapter 14: System Maintenance 223 4. Select a Backup Type: Full or Standard. See What is the difference between Full backup and Standard backup? (on page 224) 5. To save a copy of this backup file to an external server, select the Backup to Remote Location checkbox. Optional. a. Select a Protocol u...

Chapter 14: System Maintenance 224 What is the difference between Full backup and Standard backup? Standard backup: A standard backup includes all data in all fields of all CCSG pages, except for data in the following pages:  Administration > Configuration Manager > Network tab  Administrati...

Chapter 14: System Maintenance 225 3. Click OK to delete the backup from the CC-SG system. Restoring CC-SG You can restore CC-SG using a backup file that you created. Important: The Neighborhood configuration is included in the CC-SG backup file so make sure you remember or note down its setting at ...

Chapter 14: System Maintenance 227 Option Description Full Database This option removes the existing CC-SG database and builds a new version with the factory default values. Network settings, SNMP agents, firmware, and Diagnostic Console settings are not part of the CC-SG database. The SNMP configur...

Chapter 14: System Maintenance 229 Restarting CC-SG The restart command is used to restart the CC-SG software. Restarting CC-SG will log all active users out of CC-SG. Restarting will not cycle power to the CC-SG. To perform a full reboot, you must access Diagnostic Console or the power switch on th...

Chapter 14: System Maintenance 231 10. Clear the Java cache. See Clear the Java Cache (on page 231). 11. Launch a new web browser window. 12. Log into the CC-SG Admin Client using an account that has the CC Setup and Control privilege. 13. Choose Help > About Raritan Secure Gateway. Check the ver...

Chapter 14: System Maintenance 232 Upgrading a Cluster To upgrade a CC-SG cluster, follow this recommended upgrade procedure. Only physical CC-SG units can be in a cluster. A CC-SG cluster license is a special kind of license file that the 2 CC-SG units in the cluster share. See Cluster Licenses (on...

Chapter 14: System Maintenance 233 Primary Node Upgrade Failure If the upgrade of your primary node fails while following the Upgrading a Cluster (on page 232) procedure, follow these steps to complete the cluster upgrade. 1. If the primary node upgrade fails, shutdown the CC-SG application by choos...

Chapter 14: System Maintenance 235 Restarting CC-SG after Shutdown After shutting down CC-SG, use one of these two methods to restart the unit:  Use the Diagnostic Console. See Restart CC-SG with Diagnostic Console (on page 315).  Recycle the power to your CC-SG unit. Powering Down CC-SG If CC-SG ...

237 In This Chapter Configuring a Message of the Day ........................................................ 237 Configuring Applications for Accessing Nodes...................................... 238 Configuring Default Applications ........................................................... 240 Ma...

Chapter 15: Advanced Administration 238 c. Click the Font Size drop-down menu and select a font size for the message text.  If you select Message of the Day File: a. Click Browse to browse for the message file. b. Select the file in the dialog window that opens then click Open. c. Click Preview to ...

Chapter 15: Advanced Administration 239 2. Click the Application name drop-down arrow and select the application that must be upgraded from the list. If you do not see the application, you must add it first. See Add an Application (on page 239). 3. Click Browse, locate and select the application upg...

Chapter 15: Advanced Administration 240 5. Click OK. An Open dialog appears. 6. Navigate to and select the application file (usually a .jar or .cab file), and then click Open. 7. The selected application loads onto CC-SG. Delete an Application To delete an application: 1. Choose Administration > ...

Chapter 15: Advanced Administration 241 View the Default Application Assignments To view the default application assignments: 1. Choose Administration > Applications. 2. Click the Default Applications tab to view and edit the current default applications for various Interfaces and Port Types. App...

Chapter 15: Advanced Administration 242 2. Click Add to add a new firmware file. A search window opens. 3. Navigate to and select the firmware file you want to upload to CC-SG, and then click Open. W hen the upload completes, the new firmware appears in the Firmware Name field. Delete Firmware To de...

Chapter 15: Advanced Administration 244 If the Primary LAN is connected and receiving a Link Integrity signal, CC-SG uses this LAN port for all communications. If the Primary LAN loses Link Integrity, and Secondary LAN is connected, CC-SG will failover its assigned IP address to the Secondary LAN. T...

Chapter 15: Advanced Administration 245 6. Click the Adapter Speed drop-down arrow and select a line speed from the list. Make sure your selection agrees with your switch's adapter port setting. If your switch uses 1 Gig line speed, select Auto. 7. If you selected Auto in the Adapter Speed field, th...

Chapter 15: Advanced Administration 246 What is IP Isolation mode? IP Isolation mode allows you to isolate clients from devices by placing them on separate sub-networks and forcing clients to access the devices through CC-SG. In this mode, CC-SG manages traffic between the two separate IP domains. I...

Chapter 15: Advanced Administration 247  Specify at most one Default Gateway in the Network Setup panel in CC-SG. Use Diagnostic Console to add more static routes if needed. See Edit Static Routes (on page 310). To configure IP Isolation mode in CC-SG: 1. Choose Administration > Configuration. 2...

Chapter 15: Advanced Administration 248 Recommended DHCP Configurations for CC-SG Review the following recommended DHCP configurations. Make sure that your DHCP server is set up properly before you configure CC-SG to use DHCP.  Configure the DHCP to statically allocate CC-SG's IP address.  Configu...

Chapter 15: Advanced Administration 249 Purge CC-SG's Internal Log You can purge the CC-SG's internal log. This operation does not delete any events recorded on your external log servers. Note: The Audit Trail and Error Log reports are based on CC-SG's internal log. If you purge CC-SG's internal log...

Chapter 15: Advanced Administration 250 Note: Network Time Protocol (NTP) is the protocol used to synchronize the attached computer's date and time data with a referenced NTP server. When CC-SG is configured with NTP, it can synchronize its clock time with the publicly available NTP reference server...

Chapter 15: Advanced Administration 251 Configure Direct Mode for All Client Connections To configure direct mode for all client connections: 1. Choose Administration > Configuration. 2. Click the Connection Mode tab. 3. Select Direct mode. 4. Click Update Configuration. Configure Proxy Mode for ...

Chapter 15: Advanced Administration 252 3. Select a Device Type in the table and double-click the Default Port value. 4. Type the new Default Port value. 5. Click Update Configuration to save your changes. To configure timeout duration for devices: 1. Choose Administration > Configuration. 2. Cli...

Chapter 15: Advanced Administration 253 Enabling the AKC Download Server Certificate Validation If you are using the AKC client, you can choose to use the Enable AKC Download Server Certificate Validation feature or opt not to use this feature. Option 1: Do Not Enable AKC Download Server Certificate...

Chapter 15: Advanced Administration 254 3. Click OK. Configuring Custom JRE Settings CC-SG will display a warning message to users who attempt to access CC-SG without the minimum JRE version that you specify. Check the Compatibility Matrix for the minimum supported JRE version. Choose Administration...

Chapter 15: Advanced Administration 255 3. Click Restore Default. 4. Click Update. To clear the default message and minimum JRE version: 1. Choose Administration > Configuration. Click the Custom JRE tab. 2. Click Clear. Configuring SNMP Simple Network Management Protocol allows CC-SG to push SNM...

Chapter 15: Advanced Administration 256 9. Select the checkboxes before the traps you want CC-SG to push to your SNMP hosts: Under Trap Sources, a list of SNMP traps grouped into two different categories: System Log traps, which include notifications for the status of the CC unit itself, such as a h...

Chapter 15: Advanced Administration 257 Requirements for CC-SG Clusters  The Primary and Secondary nodes in a cluster must be running the same firmware version on the same hardware version (V1 or E1).  Your CC-SG network must be in IP Failover mode to be used for clustering. Clustering will not wo...

Chapter 15: Advanced Administration 258 5. Type a valid user name and password for the Backup node in the Username for Backup Secure Gateway and Password for Backup Secure Gateway fields. 6. Select the Redirect by Hostname checkbox to specify that secondary to primary redirection access should be vi...

Chapter 15: Advanced Administration 259 Switch the Primary and Secondary Node Status You can exchange the roles of Primary and Secondary nodes when the Secondary, or Backup, node is in the "Joined" state. When the Secondary node is in the "Waiting" state, switching is disabled. After...

Chapter 15: Advanced Administration 260 Note: If the clustered CC-SG units do not share the same time zone, when the Primary node failure occurs, and the Secondary node becomes the new Primary node, the time specified for Automatic Rebuild still follows the time zone of the old Primary node. Delete ...

Chapter 15: Advanced Administration 261 Cluster Licenses You can operate a CC-SG cluster using separate standalone licenses with the same node capacity, or a cluster kit license. Cluster licenses differ from standalone licenses in that they contain the host IDs of both CC-SG units in the cluster. On...

Chapter 15: Advanced Administration 262 Configuring a Neighborhood What is a Neighborhood? A Neighborhood is a collection of up to 10 CC-SG units. After setting up the Neighborhood in the Admin Client, users can access multiple CC-SG units in the same Neighborhood with single sign-on using the Acces...

Chapter 15: Advanced Administration 263  If one or more CC-SG units cannot be found, a message appears and these CC-SG units will be highlighted in yellow in the table. Remove these units or modify their IP addresses or hostnames, and click Next again. 7. CC-SG displays a list of CC-SG units along ...

Chapter 15: Advanced Administration 264 Add a Neighborhood Member To add a new CC-SG unit into the Neighborhood 1. Choose Administration > Neighborhood. 2. Click Add Member. The Add Member dialog appears. 3. Add CC-SG units. The number of CC-SG units that can be added varies depending on the numb...

Chapter 15: Advanced Administration 265  To deactivate a CC-SG unit, deselect the Active checkbox next to the unit.  To change a Secure Gateway Name, click the name, type a new one and press Enter. The name must be unique.  To retrieve all CC-SG units' latest data, click Refresh Member Data.  To...

Chapter 15: Advanced Administration 266 Refresh a Neighborhood You can retrieve the latest status of all Neighborhood members immediately in the Neighborhood Configuration panel. 1. Choose Administration > Neighborhood. 2. Click Refresh Member Data. 3. Click Send Update to save the changes and di...

Chapter 15: Advanced Administration 267 Check Your Browser for AES Encryption CC-SG supports AES-128 and AES-256. If you do not know if your browser uses AES, check with the browser manufacturer. You may also want to try navigating to the following web site using the browser whose encryption method ...

Chapter 15: Advanced Administration 268  Click the Key Length drop-down arrow to select the encryption level - 128 or 256.  The CC-SG Port field displays 80.  The Browser Connection Protocol field displays HTTPS/SSL selected. 5. Click Update to save your changes. Configure Browser Connection Prot...

Chapter 15: Advanced Administration 269 Require strong passwords for all users 1. Choose Administration > Security. 2. Click the Login Settings tab. 3. Select the Strong Passwords Required for All Users checkbox. 4. Select a Maximum Password Length. Passwords must contain fewer than the maximum n...

Chapter 15: Advanced Administration 271 2. Open the Login Settings tab. 3. Deselect the Lockout Enabled for Local Users checkbox to disable lockout for locally authenticated users. Deselect the Lockout Enabled for Remote Users checkbox to disable lockout for remotely authenticated users. 4. Click Up...

Chapter 15: Advanced Administration 272 Logo A small graphic file can be uploaded to CC-SG to act as a banner on the login page. The maximum size of the logo is 998 by 170 pixels. To upload a logo: 1. Click Browse in the Logo area of the Portal tab. An Open dialog appears. 2. Select the graphic file...

Chapter 15: Advanced Administration 273  Click Browse. A dialog window opens.  In the dialog window, select the text file with the message you want to use, and then click Open. The maximum length of the text message is 10,000 characters.  Click Preview to preview the text contained in the file. T...

Chapter 15: Advanced Administration 275 14. Type raritan in the Password field if the CSR was generated by CC-SG. If a different application generated the CSR, use the password for that application. Note: If the imported certificate is signed by a root and subroot CA (certificate authority), using o...

Chapter 15: Advanced Administration 277 6. Click the Action drop-down arrow and select Allow or Deny to specify whether the specified users in the IP range can access CC-SG. 7. Click Update to save your changes. To change the order in which CC-SG applies rules: 1. Choose Administration > Security...

Chapter 15: Advanced Administration 278 7. Type a valid email address that will identify messages from CC-SG in the From field. 8. Type the number of times emails should be re-sent should the send process fail in the Sending retries field. 9. Type the number of minutes (from 1-60) that should elapse...

Chapter 15: Advanced Administration 279 Schedule Sequential Tasks You may want to schedule tasks sequentially to confirm that expected behavior occurred. For example, you may want to schedule an Upgrade Device Firmware task for a given device group, and then schedule an Asset Management Report task ...

Chapter 15: Advanced Administration 281  Upgrade Device Firmware (individual device or device group): See Schedule a Device Firmware Upgrade (on page 282).  Generate all reports: See Reports (on page 208). 6. Click the Recurrence tab. The Recurrence tab is disabled for Upgrade Device Firmware task...

Chapter 15: Advanced Administration 282 10. If a task fails, CC-SG can retry the task at a later time as specified in the Retry tab. Type the number of times CC-SG should retry to execute the task in the Retry count field. Type the time that should elapse between retries in the Retry Interval field....

Chapter 15: Advanced Administration 285 Delete a Task You can delete a task to remove it from the Task Manager. You cannot delete a task that is currently running. To delete a task:  Select the task, then click Delete. SSH Access to CC-SG Use Secure Shell (SSH) clients, such as Putty or OpenSHH Cli...

Chapter 15: Advanced Administration 286 To display all SSH commands:  At the shell prompt, type ls to display all commands available. Get Help for SSH Commands You can get limited help for all commands at once. You can also get in-depth help on a single command at a time. To get help for a single S...

Chapter 15: Advanced Administration 287 SSH Commands and Parameters The following table lists all commands available in SSH. You must be assigned the appropriate privileges in CC-SG to access each command. Some commands have additional parameters that you must type to execute the command. For more i...

Chapter 15: Advanced Administration 289 To restart a device: restartdevice <[-id <device_id>] | [host]> To restore a device configuration: restoredevice <[-host <host>] | [-id <device_id>]> [backup_id] To shutdown CC-SG: shutdowncc minutes [message] To open an SSH conne...

Chapter 15: Advanced Administration 290 Command syntax Device ID value You should type ssh -id <device_id> 100 ssh -id 100  The default escape character is a tilde followed by a period. For example: ~. See End SSH Connections (on page 292) for details on using the escape character and the exi...

Chapter 15: Advanced Administration 291 2. Connect to the device by typing ssh -id <device_id> . Using the figure above as an example, you can connect to SX-229 by typing ssh -id 1370 . Use SSH to Connect to a Node via a Serial Out-of-Band Interface You can use SSH to connect to a node through...

Chapter 15: Advanced Administration 292 Command Alias Description get_write gw Gets Write Access. Allows SSH user to execute commands at target server while browser user can only observe proceedings. get_history gh Gets History. Displays the last few commands and results at target server. send_break...

Chapter 15: Advanced Administration 293 Serial Admin Port The serial admin port on CC-SG can be connected directly to a Raritan serial device, such as Dominion SX or KSX. You can connect to the SX or KSX via the IP address using a terminal emulation program, such as HyperTerminal or PuTTY. Set the b...

Chapter 15: Advanced Administration 294 Finding Your CC-SG Serial Number To find your CC-SG serial number: 1. Log into the Admin Client. 2. Choose Help > About Raritan Secure Gateway. 3. A new window opens with your CC-SG serial number. Web Services API You must accept the End User Agreement befo...

296 The Diagnostic Console is a non-graphical, menu-based interface that provides local access to CC-SG. You can access Diagnostic Console from a serial or KVM port. See Access Diagnostic Console via VGA/Keyboard/Mouse Port (on page 296). Or, you can access Diagnostic Console from a Secure Shell (SS...

Chapter 16: Diagnostic Console 297 Status Console About Status Console  You can use the Status Console to check the health of CC-SG, the various services CC-SG uses, and the attached network.  By default, Status Console does not require a password.  You can configure CC-SG to provide the Status C...

Chapter 16: Diagnostic Console 298 2: Access the Status Console via web browser: 1. Using a supported Internet browser, type this URL: http(s)://<IP_address>/status/ where <IP_address> is the IP address of the CC-SG. Note the forward slash (/) following /status is mandatory. For example,...

Chapter 16: Diagnostic Console 299 CC-SG Title, Date and Time The CC-SG title is constant so users know that they are connected to a CC-SG unit. The date and time at the top of the screen is the last time when the CC-SG data was polled. The date and time reflect the timing values saved on the CC-SG ...

Chapter 16: Diagnostic Console 301 Information Description Duplex Indicate whether the interface is Full- or Half-duplex. IPAddr The current Ipv4 Address of this interface. RX -Pkts The number of IP packets received on this interface since CC-SG was booted. TX -Pkts The number of IP packets transmit...

Chapter 16: Diagnostic Console 303 Administrator Console About Administrator Console The Administrator Console allows you to set some initial parameters, provide initial networking configuration, debug log files, and perform some limited diagnostics and restarting CC-SG. The default login for the Ad...

Chapter 16: Diagnostic Console 305  Status bar: Status bar is just above the navigation keys bar. It displays some important system information, including CC-SG's serial number, firmware version, and the time when the information shown in the main display area was loaded or updated. Screenshots con...

Chapter 16: Diagnostic Console 306 Edit Diagnostic Console Configuration The Diagnostic Console can be accessed via the serial port (COM1), VGA/Keyboard/Mouse (KVM) port, or from SSH clients. If you want to access Status Console, one more access mechanism, Web access, is also available. For each por...

Chapter 16: Diagnostic Console 307 4. Click Save. Edit Network Interfaces Configuration (Network Interfaces) In Network Interface Configuration, you can perform initial setup tasks, such as setting the hostname and IP address of the CC-SG. 1. Choose Operation > Network Interfaces > Network Int...

Chapter 16: Diagnostic Console 308  Even if DHCP is being used to determine the IP configuration for an interface, you must provide a properly form atted IP address and Netmask. 6. In the Adapter Speed, select a line speed. The other values of 10, 100, and 1000 Mbps are on a scrollable list (where ...

Chapter 16: Diagnostic Console 309 Option Description Record Route Records route. Turns on the IP record route option, which will store the route of the packet inside the IP header. Use Broadcast Address Allows pinging a broadcast message. Adaptive Timing Adaptive ping. Interpacket interval adapts t...

Chapter 16: Diagnostic Console 312 View Log Files in Diagnostic Console You can view one or more log files simultaneously via LogViewer, which allows browsing through several files at once to examine system activity. The Logfile list is updated only when the associated list becomes active, as when a...

Chapter 16: Diagnostic Console 313 3. Click with the mouse or use the arrow keys to navigate and press the Space bar to select a log file, marking it with an X. You can view more than one log file at a time. To sort the Logfiles to View list: The Sort Logfile list by options control the order in whi...

Chapter 16: Diagnostic Console 314 Option Description contents of this package is not available to customer. Exported logfiles will be available for up to 10 days, and then the system will automatically delete them. View View the selected log(s). When View is selected with Individual W indows, the L...

Chapter 16: Diagnostic Console 315 Note: System load is static as of the start of this Admin Console session - use the TOP utility to dynamically monitor system resources. To filter a log file with a regular expression: 1. Type e to add or edit a regular expression and select a log from the list if ...

Chapter 16: Diagnostic Console 316 Diagnostic Console. See Restarting CC-SG (on page 229). Restarting CC-SG in Diagnostic Console will NOT notify users that it is being restarted. To restart CC-SG with Diagnostic Console: 1. Choose Operation > Admin > CC-SG Restart. 2. Either click Restart CC-...

Chapter 16: Diagnostic Console 317 2. Either click REBOOT System or press Enter to reboot CC-SG. Confirm the reboot in the next screen to proceed. Power Off CC-SG System from Diagnostic Console This option will power off the CC-SG unit. Logged-in users will not receive a notification. CC-SG, SSH, an...

Chapter 16: Diagnostic Console 318 2. Either click Power OFF the CC-SG or press Enter to remove AC power from the CC-SG. Confirm the power off operation in the next screen to proceed. Reset CC Super-User Password with Diagnostic Console This option will reset the password for the CC Super User accou...

Chapter 16: Diagnostic Console 319 2. Either click Reset CC-SG GUI Admin Password or press Enter to change the admin password back to factory default. Confirm the password reset in the next screen to proceed. Reset CC-SG Factory Configuration This option will reset all or parts of the CC-SG system b...

Chapter 16: Diagnostic Console 321 Option Description Diagnostic Console Reset This option restores Diagnostic Console settings back to factory defaults. IP Access Control Lists Reset This option removes all entries from the IP-ACL table. IP-ACL settings are reset with a Full Database reset whether ...

Chapter 16: Diagnostic Console 323 Password setting Description every password must have at least one digit in it. Diagnostic Console Account Configuration By default, the status account does not require a password, but you can configure it to require one. Other aspects of the admin password can be ...

Chapter 16: Diagnostic Console 325 Configure Remote System Monitoring You can enable the remote system monitoring feature to use the GKrellM tool. The GKrellM tool provides a graphical view of resource utilization on the CC-SG unit. This tool is similar to the W indows Task Manager's Performance tab...

Chapter 16: Diagnostic Console 327 Display RAID Status and Disk Utilization This option displays the status of CC-SG disks, including disk size, active and up status, state of the RAID-1, and amount of space currently used by various file systems. To display disk status of the CC-SG: 1. Choose Opera...

Chapter 16: Diagnostic Console 328 Perform Disk or RAID Tests You can manually perform SMART disk drive tests or RAID check and repair operations. To perform a disk drive test or a RAID check and repair operation: 1. Choose Operation > Utilities > Disk/RAID Utilities > Manual Disk/RAID Test...

Chapter 16: Diagnostic Console 329 d. After the test is complete, you can view the results in the Repair/Rebuild RAID screen. See Repair or Rebuild RAID Disks (on page 331). If a non-zero value displays in the Mis-Match column for the given Array, indicating that there may be a problem, you should c...

Chapter 16: Diagnostic Console 330 Schedule Disk Tests You can schedule SMART-based tests of the disk drives to be periodically performed. Firmware on the disk drive will perform these tests, and you can view the test results in the Repair/Rebuild screen. See Repair or Rebuild RAID Disks (on page 33...

Chapter 16: Diagnostic Console 331 2. Click with the mouse or use the arrow keys to navigate and press the Space bar to select a test type, marking it with an X. Different types of tests take a different period of time.  A Short test takes about 2 minutes to complete when the system is lightly load...

Chapter 16: Diagnostic Console 333 4. Selecting either Replace Disk Drive or Rebuild RAID Array, and follow onscreen instructions until you finish the operation. View Top Display with Diagnostic Console Top Display allows you to view the list of currently-running processes and their attributes, as w...

Chapter 16: Diagnostic Console 335 Take a System Snapshot When CC-SG does not function properly, it is extremely helpful if you can capture the information stored in CC-SG, such as the system logs, configurations or database, and provide it to Raritan Technical Support for analysis and troubleshooti...

337 If you have a CC-SG and Power IQ, there are severals ways to use them together. 1. Control power to Power IQ IT devices via CC-SG. For example, if you want to control power to a Power IQ IT device which is also a CC-SG node, you can use a Power IQ Proxy interface to give power control commands i...

Chapter 17: Power IQ Integration 339 Troubleshoot Connections to Power IQ Check these possible error messages and solutions to troubleshoot your connection to a Power IQ. Determine the cause, then edit the configuration to correct it. See Configuring Power IQ Services (on page 338). Message Resoluti...

Chapter 17: Power IQ Integration 340 Configuring Synchronization of Power IQ and CC-SG CC-SG will synchronize with Power IQ to add the IT Devices configured in Power IQ to CC-SG as nodes. When synchronizing, CC-SG will create a node with a PowerIQ Proxy interface for each new IT Device identified. W...

Chapter 17: Power IQ Integration 341 Step 3 - Create a synchronization policy: Note: The synchronization policy applies to ALL Power IQ instances configured in CC-SG. See Power IQ Synchronization Policies (on page 342) for details of each policy and other synchronization results. 1. In the Synchroni...

Chapter 17: Power IQ Integration 342 Power IQ Synchronization Policies When CC-SG detects a duplicated node, the synchronization policy you choose determines whether the nodes are consolidated, renamed, or rejected. See Configuring Synchronization of Power IQ and CC-SG (on page 340) to set the synch...

Chapter 17: Power IQ Integration 343 Import Power Strips from Power IQ You can import Dominion PX devices and their outlet names from Power IQ. If the Dominion PX devices are already managed by CC-SG, you must delete them first. The import adds the Dominion PX devices, and configures and names the o...

Chapter 17: Power IQ Integration 344 Column number Tag or value Details 6 Configure All Outlets TRUE or FALSE Default is FALSE. 7 Description Optional. Step 3: Import the edited CSV file into CC-SG 1. In the CC-SG Admin Client, choose Administration > Import > Import Powerstrips. 2. Click Brow...

Chapter 17: Power IQ Integration 345 3. Type a name for the file and choose the location where you want to save it 4. Click Save. Step 2: Edit the CSV file and import into Power IQ: The export file contains three sections. Read the comments in the CSV file for instructions on how to use each section...

346 In This Chapter V1 Model................................................................................................ 346 E1 Model................................................................................................ 347 V1 Model V1 General Specifications Form Factor 1U Dimensions (...

Appendix A: Specifications for V1 and E1 347 Operating Humidity 5% - 95% RH Altitude Operate properly at any altitude between 0 to 10,000 feet, storage 40,000 feet (Estimated) Vibration 5-55-5 HZ, 0.38mm,1 minutes per cycle; 30 minutes for each axis (X,Y,Z) Shock N/A E1 Model E1 General Specificatio...

Appendix A: Specifications for V1 and E1 348 Operating Non-Operating Temperature -40°-70° C Humidity 5-90%, non-condensing Altitude Sea level to 40,000 feet Vibration 10 Hz to 300 Hz sweep at 2 g constant acceleration for one hour on each of the perpendicular axes X, Y, and Z Shock 30 g for 11 ms wi...

349 This appendix contains network requirements, including addresses, protocols, and ports, of a typical CC-SG deployment. It includes information about how to configure your network for both external access and internal security and routing policy enforcement. Details are provided for the benefit o...

Appendix B: CC-SG and Network Configuration 350 Port Number Protocol Purpose Details Raritan device that will be externally accessed. The other ports in the table must be opened only for accessing CC-SG. AES-128/AES-256 encrypted if configured. 80 and 443 for Control System nodes 80, 443, 902, and 9...

Appendix B: CC-SG and Network Configuration 355 Communication Direction Port Number Protocol Configurable? Details CC-SG to SNMP Manager 162 UDP yes SNMP standard CC-SG Internal Ports CC-SG uses several ports for internal functions, and its local firewall function blocks access to these ports. Howev...

Appendix B: CC-SG and Network Configuration 356 VNC Access to Nodes Port 5800 or 5900 must be open for VNC access to nodes. SSH Access to Nodes Port 22 must be open for SSH access to nodes. Remote System Monitoring Port When the Remote System Monitoring feature is enabled, port 19150 is opened by de...

357 This table shows which privilege must be assigned for a user to have access to a CC-SG menu item. *None means that no particular privilege is required. Any user who has access to CC-SG will be able to view and access these menus and commands. Menu > Sub-menu Menu Item Required Privilege Descr...

Appendix C: User Group Privileges 359 Menu > Sub-menu Menu Item Required Privilege Description > Launch Admin Device, Port, and Node Management or Device Configuration and Upgrade Management > Launch User Station Admin Device, Port, and Node Management > Disconnect Users Device, Port, an...

366 CC-SG provides the following SNMP traps: SNMP Trap Description ccUnavailable CC-SG application is unavailable. ccAvailable CC-SG application is available. ccUserLogin CC-SG user logged in. ccUserLogout CC-SG user logged out. ccPortConnectionStarted CC-SG session started. ccPortConnectionStopped ...

Appendix D: SNMP Traps 367 SNMP Trap Description ccDiagnosticConsoleLogout User has logged out of the CC-SG Diagnostic Console. ccUserGroupAdded A new user group has been added to CC-SG. ccUserGroupDeleted CC-SG user group has been deleted. ccUserGroupModified CC-SG user group has been modified. ccS...

368 This section contains more information about CSV file imports. In This Chapter Common CSV File Requirements ......................................................... 369 Audit Trail Entries for Importing ............................................................. 370 Troubleshoot CSV File Prob...

Appendix E: CSV File Imports 369 Common CSV File Requirements The best way to create the CSV file is to export a file from CC-SG, and then use the exported CSV file as an example for creating your own. The export file contains comments at the top that describe each item in the file. The comments can...

Appendix E: CSV File Imports 370 Audit Trail Entries for Importing Each item imported into CC-SG is logged in the Audit Trail. Skipped duplicates are not logged in the Audit Trail. The Audit Trail includes an entry for the following actions, under the Message Type "Configuration."  Import o...

Appendix E: CSV File Imports 371 Troubleshoot CSV File Problems To troubleshoot CSV file validation: Error messages appear in the Problems area of the Import page. The error messages identify problems that are found in the CSV file during validation. You can save the list of errors to a CSV file. Ea...

372  Launching CC-SG from your web browser requires a Java plug-in. If your machine has an incorrect version, CC-SG will guide you through the installation steps. If your machine does not have a Java plug-in, CC-SG cannot automatically launch. In this case, you must uninstall or disable your old Ja...

Appendix F: Troubleshooting 373  If you access more than one CC-SG unit using the same client and Firefox, you may see a "Secure Connection Failed" message that says you have an invalid certificate. You can resume access by clearing the invalid certificate from your browser. a. In Firefox, ...

374 CC-SG comes with a few diagnostic utilities which may be extremely helpful for you or Raritan Technical Support to analyse and debug the cause of CC-SG problems. In This Chapter Memory Diagnostic ................................................................................ 374 Debug Mode .......

Appendix G: Diagnostic Utilities 375  Capture the Memtest86+ screen containing the memory errors and contact Raritan Technical Support for assistance.  Shut down CC-SG and re-install the memory DIMM modules to ensure the contact is good. Then perform the Memtest86+ diagnostic to verify if the memo...

Appendix G: Diagnostic Utilities 376 CC-SG Disk Monitoring If CC-SG disk space exhaustion in one or more file systems occurs, it may negatively impact your operation and even results in the loss of some engineering data. Therefore, you should monitor the CC-SG disk usage and take corrective actions ...

Appendix G: Diagnostic Utilities 377 File system Data Corrective action /sg/DB CC-SG database Contact Raritan Technical Support /opt CC-SG backups and snapshots 1. Save any new snapshot files on a remote client PC. See Take a System Snapshot (on page 335) for the retrieval procedure. 2. Enter the Sy...

379 CC-SG can be configured to point to an RSA RADIUS Server that supports two-factor authentication via an associated RSA Authentication Manager. CC-SG acts as a RADIUS client and sends user authentication requests to RSA RADIUS Server. The authentication request includes user id, a fixed password,...

380 In This Chapter General FAQs ........................................................................................ 380 Authentication FAQs .............................................................................. 382 Security FAQs ............................................................

Appendix I: FAQs 382 Question Answer is the most effective and cost-efficient way to scale a single location. It also supports the network model with IP-Reach and the IP User Station (UST-IP). The network model scales through use of the TCP/IP network and aggregates access through CC-SG, so users do...

Appendix I: FAQs 383 Question Answer for authentication with directory services and security tools such as LDAP, AD, RADIUS, and so on? authentication. Remote authentication servers supported include: AD, TACACS+, RADIUS, and LDAP. Why does the error message "Incorrect username and/or password&#...

Appendix I: FAQs 384 Question Answer well as external (not just WAN, but LAN, too)? LAN or W AN. Does CC-SG support CRL List, that is, LDAP list of invalid certificates? No. Does CC-SG support Client Certificate Request? No. Accounting FAQs Question Answer Accounting The event times in the Audit Tra...

Appendix I: FAQs 385 Grouping FAQs Question Answer Grouping Is it possible to put a given server in more than one group? Yes. Just as one user can belong to multiple groups, one device can belong to multiple groups. For example, a Sun in NYC could be part of Group Sun: "Ostype = Solaris" and...

Appendix I: FAQs 386 Interoperability FAQs Question Answer Interoperability How does CC-SG integrate with Blade Chassis products? CC-SG can support any device with a KVM or serial interface as a transparent pass-through. To what level is CC-SG able to integrate with third party KVM tools, down to th...

Appendix I: FAQs 387 Licensing FAQs If you must replace your installed licenses, follow these rules. Base licenses must be replaced first. For example, if replacing stand-alone licenses CC-E1-512 and CCL-512 with cluster licenses CC-2XE1-512 and CCL-512, the base license CC-E1-512 must be replaced b...

388 The following keyboard shortcuts can be used in the Java-based Admin Client. Operation Keyboard Shortcut Refresh F5 Print panel Ctrl + P Help F1 Insert row in Associations table Ctrl + I Appendix J Keyboard Shortcuts

389 This appendix includes information about the naming conventions used in CC-SG. Comply with the maximum character lengths when naming all the parts of your CC-SG configuration. In This Chapter User Information .................................................................................... 38...

Appendix K: Naming Conventions 390 Field in CC-SG Number of characters CC-SG allows Audit Information 256 Location Information Field in CC-SG Number of characters CC-SG allows Department 64 Site 64 Location 128 Contact Information Field in CC-SG Number of characters CC-SG allows Primary Contact Name...

Appendix K: Naming Conventions 391 Field in CC-SG Number of characters CC-SG allows periods are converted to hyphens. Device Description 160 Device IP/Hostname 64 Username 64 Password 64 Notes 256 Port Information Field in CC-SG Number of characters CC-SG allows Port Name 32 Associations Field in CC...

392 Prior to version 4.0, CC-SG Diagnostic Console displays a number of messages on the screen each time when it boots up. These messages are standard Linux diagnostic and warning messages and usually do not imply any system problems. The table offers a short introduction to a few frequent messages....

393 A About Administrator Con sole • 296, 303 About Applications for Accessing Nodes • 238 About Associations • 41 About CC- SG LAN Ports • 242, 243, 246 About CC- SG passwords • 269 About Connection Modes • 102, 128, 250 About Default Applications • 240 About Interfaces • 102, 250 About LDAP and CC...