Raritan Home Security System - Manual

Contents vii Chapter 9 Users and User Groups 129 The Users Tab ........................................................................................................................... 130 Default User Groups ............................................................................................

Contents viii Using Custom Views in the Admin Client .................................................................................. 155 Custom Views for Nodes ................................................................................................. 155 Custom Views for Devices..............

Contents ix Navigate Multiple Page Reports ...................................................................................... 181 Print a Report................................................................................................................... 181 Save a Report to a File ...........

Contents x Chapter 15 Advanced Administration 206 Configuring a Message of the Day ............................................................................................ 206 Configuring Applications for Accessing Nodes .......................................................................... ...

Contents xi Security Manager ....................................................................................................................... 234 Remote Authentication .................................................................................................... 234 AES Encryption.........

Contents xii Edit Network Interfaces Configuration (Network Interfaces) ........................................... 275 Ping an IP Address .......................................................................................................... 276 Use Traceroute ......................................

Contents xiii CC-SG and Client for IPMI, iLO/RILOE, DRAC, RSA ..................................................... 318 CC-SG and SNMP........................................................................................................... 318 CC-SG Internal Ports.....................................

Contents xiv Appendix C User Group Privileges 321 Appendix D SNMP Traps 330 Appendix E CSV File Imports 332 Common CSV File Requirements.............................................................................................. 333 Audit Trail Entries for Importing ..................................

Contents xv Node Information ....................................................................................................................... 353 Location Information .................................................................................................................. 354 Contact...

xvi The following sections have changed or information has been added to the CommandCenter Secure Gateway Administrators Guide based on enhancements and changes to the equipment and/or documentation. • Discover and Add Devices (on page 15) • Add User Groups and Users (on page 19) • Add a KVM or Seri...

What's New in the CC-SG Administrators Guide xvii • Configuring Power Control of Power IQ IT Devices (on page 306) • CC-SG Clustering (on page 315) See the Release Notes for a more detailed explanation of the changes applied to this version of the CommandCenter Secure Gateway.

1 The CommandCenter Secure Gateway (CC-SG) Administrators Guide offers instructions for administering and maintaining your CC-SG. This guide is intended for administrators who typically have all available privileges. Users who are not administrators should see Raritan's CommandCenter Secure Gateway ...

Chapter 1: Introduction 2 Terminology/Acronyms Terms and acronyms found in this document include: Access Client - HTML-based client intended for use by normal access users who need to access a node managed by CC-SG. The Access Client does not allow the use of administration functions. Admin Client -...

Chapter 1: Introduction 3 Ghosted Ports - when managing Paragon devices, a ghosted port can occur when a CIM or target server is removed from the system or powered off (manually or accidentally). See Raritan's Paragon II User Guide. Hostname - can be used if DNS server support is enabled. See About ...

Chapter 1: Introduction 4 Node Groups - a defined group of nodes that are accessible to a user. Node groups are used when creating a policy to control access to the nodes in the group. Ports - connection points between a Raritan device and a node. Ports exist only on Raritan devices, and they identi...

5 You can access CC-SG in several ways: • Browser: CC-SG supports numerous web browsers (for a complete list of supported browsers, see the Compatibility Matrix on the Raritan Support website). • Thick Client: You can install a Java Web Start thick client on your client computer. The thick client fu...

Chapter 2: Accessing CC-SG 6 JRE Incompatibility If you do not have the minimum required version of JRE installed on your client computer, you will see a warning message before you can access the CC-SG Admin Client. The JRE Incompatibility Warning window opens when CC-SG cannot find the required JRE...

Chapter 2: Accessing CC-SG 7 5. To check the setting in CC-SG: Choose Administration > Security. In the Encryption tab, look at the Browser Connection Protocol option. If the HTTPS/SSL option is selected, then you must select the Secure Socket Layer SSL checkbox in the thick client's IP address s...

10 Upon the first login to CC-SG, you should confirm the IP address, set the CC-SG server time, and check the firmware and application versions installed. You may need to upgrade the firmware and applications. Once you have completed your initial configurations, proceed to Guided Setup. See Configur...

Chapter 3: Getting Started 11 ƒ Date - click the drop-down arrow to select the Month, use the up and down arrows to select the Year, and then click the Day in the calendar area. ƒ Time - use the up and down arrows to set the Hour, Minutes, and Seconds, and then click the Time zone drop-down arrow to...

Chapter 3: Getting Started 12 2. Select an Application name from the list. Note the number in the Version field. Some applications do not automatically show a version number. To upgrade an application: If the application version is not current, you must upgrade the application. You can download the ...

13 Guided Setup offers a simple way to complete initial CC-SG configuration tasks once the network configuration is complete. The Guided Setup interface leads you through the process of defining Associations, discovering and adding devices to CC-SG, creating device groups and node groups, creating u...

Chapter 4: Configuring CC-SG with Guided Setup 14 Associations in Guided Setup Create Categories and Elements To create categories and elements in Guided Setup: 1. In the Guided Setup window, click Associations, and then click Create Categories in the left panel to open the Create Categories panel. ...

Chapter 4: Configuring CC-SG with Guided Setup 15 Discover and Add Devices The Discover Devices panel opens when you click Continue at the end of the Associations task. You can also click Device Setup, and then click Discover Devices in the Guided Tasks tree view in the left panel to open the Discov...

Chapter 4: Configuring CC-SG with Guided Setup 16 14. If you are manually adding a PowerStrip device, click the Number of ports drop-down arrow and select the number of outlets the PowerStrip contains. 15. If you are adding an IPMI Server, type an Interval, used to check for availability, and an Aut...

Chapter 4: Configuring CC-SG with Guided Setup 17 3. There are two ways to add devices to a group, Select Devices and Describe Devices. The Select Devices tab allows you to select which devices you want to assign to the group by selecting them from the list of available devices. The Describe Devices...

Chapter 4: Configuring CC-SG with Guided Setup 18 ƒ Select Nodes a. Click the Select Nodes tab in the Node Group: New panel. b. In the Available list, select the node you want to add to the group, and then click Add to move the node into the Selected list. Nodes in the Selected list will be added to...

Chapter 4: Configuring CC-SG with Guided Setup 19 Add User Groups and Users The Add User Group panel opens when you click Continue at the end of the Create Groups task. You can also click User Management, and then click Add User Group in the Guided Tasks tree view in the left panel to open the Add U...

21 In This Chapter About Associations ..................................................................................21 Adding, Editing, and Deleting Categories and Elements ........................22 Adding Categories and Elements with CSV File Import ..........................23 About Associati...

Chapter 5: Associations, Categories, and Elements 22 Policies also use categories and elements to control user access to servers. For example, the category/element pair Location/America can be used to create a Policy to control user access to servers in America. See Policies for Access Control. (see...

Chapter 5: Associations, Categories, and Elements 23 ƒ Select String if the value is read as text. ƒ Select Integer if the value is a number. 5. In the Applicable For field, select whether this category applies to: Devices, Nodes, or Device and Nodes. 6. Click OK to create the new category. The new ...

Chapter 5: Associations, Categories, and Elements 24 Categories and Elements CSV File Requirements The categories and elements CSV file defines the categories, their associated elements, their type, and whether they apply to devices, nodes or both. • All CATEGORY and CATEGORYELEMENT records are rela...

Chapter 5: Associations, Categories, and Elements 25 Sample Categories and Elements CSV File ADD, CATEGORY, OS, String, Node ADD, CATEGORYELEMENT, OS, UNIX ADD, CATEGORYELEMENT, OS, WINDOWS ADD, CATEGORYELEMENT, OS, LINUX ADD, CATEGORY, Location, String, Device ADD, CATEGORYELEMENT, Location, Aisle ...

Chapter 5: Associations, Categories, and Elements 26 Export Categories and Elements The export file contains comments at the top that describe each item in the file. The comments can be used as instructions for creating a file for importing. To export categories and elements: 1. Choose Administratio...

27 To add Raritan PowerStrip Devices that are connected to other Raritan devices to CC-SG, see Managed PowerStrips (on page 69). Note: To configure iLO/RILOE devices, IPMI devices, Dell DRAC devices, IBM RSA devices, or other non-Raritan devices, use the Add Node menu and add these items as an inter...

Chapter 6: Devices, Device Groups, and Ports 28 Viewing Devices The Devices Tab Click the Devices tab to display all devices under CC-SG management. Each device's configured ports are nested under the devices they belong to. Devices with configured ports appear in the list with a + symbol. Click the...

Chapter 6: Devices, Device Groups, and Ports 30 Note: For blade servers without an integrated KVM switch, such as HP BladeSystem servers, their parent device is the virtual blade chassis that CC-SG creates, not the KX2 device. These servers will be sorted only within the virtual blade chassis device...

Chapter 6: Devices, Device Groups, and Ports 31 The Device Profile includes tabs that contain information about the device. Associations tab The Associations tab contains all categories and elements assigned to the node. You can change the associations by making different selections. See Association...

Chapter 6: Devices, Device Groups, and Ports 32 2. Choose Devices > Device Manager > Topology View. The Topology View for the selected device appears. ƒ Click + or - to expand or collapse the view. Right Click Options in the Devices Tab You can right-click a device or port in the Devices tab t...

Chapter 6: Devices, Device Groups, and Ports 33 Discovering Devices Discover Devices initiates a search for all devices on your network. After discovering the devices, you may add them to CC-SG if they are not already managed. To discover devices: 1. Choose Devices > Discover Devices. 2. Type the...

Chapter 6: Devices, Device Groups, and Ports 34 Adding a Device Devices must be added to CC-SG before you can configure ports or add interfaces that provide access to the nodes connected to ports. The Add Device screen is used to add devices whose properties you know and can provide to CC-SG. To sea...

Chapter 6: Devices, Device Groups, and Ports 37 ƒ If you do not see the Category or Element values you want to use, you can add others. See Associations, Categories, and Elements (on page 21). 8. When you are done configuring this device, click Apply to add this device and open a new blank Add Devic...

Chapter 6: Devices, Device Groups, and Ports 38 Adding Notes to a Device Profile You can use the Notes tab to add notes about a device for other users to read. All notes display in the tab with the date, username, and IP address of the user who added the note. If you have the Device, Port, and Node ...

Chapter 6: Devices, Device Groups, and Ports 39 Deleting a Device You can delete a device to remove it from CC-SG management. Important: Deleting a device will remove all ports configured for that device. All interfaces associated with those ports will be removed from the nodes. If no other interfac...

Chapter 6: Devices, Device Groups, and Ports 40 6. Click the Access Application drop-down menu and select the application you want to use when you connect to this port from the list. To allow CC-SG to automatically select the correct application based on your browser, select Auto-Detect. 7. Click OK...

Chapter 6: Devices, Device Groups, and Ports 41 Editing a Port You can edit ports to change various parameters, such as port name, access application, and serial port settings. The changes you can make vary, based on port type and device type. Note: You can also edit Dominion KX2 port settings by us...

Chapter 6: Devices, Device Groups, and Ports 42 Deleting a Port Delete a port to remove the port entry from a Device. When a port is down, the information in the Port Profile screen is read-only. You can delete a port that is down. Important: If you delete a port that is associated with a node, the ...

Chapter 6: Devices, Device Groups, and Ports 43 Blade Chassis without an Integrated KVM Switch A blade chassis without an integrated KVM switch, such as HP BladeSystem series, allows each blade server to connect to KX2 respectively via a CIM. As each blade server in that chassis has a CIM for access...

Chapter 6: Devices, Device Groups, and Ports 44 3. CC-SG automatically creates a virtual blade chassis and adds the blade chassis icon in one tab. Note that a virtual blade chassis never appears as a node in the Nodes tab. ƒ In the Devices tab, the virtual blade chassis device appears beneath the KX...

Chapter 6: Devices, Device Groups, and Ports 45 To configure slots using the Configure Blades command: 1. In the Devices tab, click the + next to the KX2 device that is connected to the blade chassis device. 2. Select the blade chassis device whose slots you want to configure. 3. Choose Nodes > C...

Chapter 6: Devices, Device Groups, and Ports 46 Deleting Slots on a Blade Chassis Device You can delete unused blade servers or slots so they do not appear in the Devices and Nodes tabs. To delete a slot from the Delete Ports screen: 1. In the Devices tab, click the + next to the KX2 device that is ...

Chapter 6: Devices, Device Groups, and Ports 47 Delete a Blade Chassis Device You can delete a blade chassis device connected to a KX2 device from CC-SG. When you delete the blade chassis device from the KX2 device, the blade chassis device and all configured blade servers or slots disappear from th...

Chapter 6: Devices, Device Groups, and Ports 48 2. Change the blade port group for these blade servers to a non-blade port group. a. In CC-SG, choose Devices > Device Manager > Launch Admin. The KX2 Admin Client opens. b. Click Port Group Management. c. Click the blade port group whose group p...

Chapter 6: Devices, Device Groups, and Ports 49 7. In the Location and Contacts tab, select the checkbox for the information you want to copy: ƒ Select the Copy Location Information checkbox to copy the location information displayed in the Location section. ƒ Select the Copy Contact Information che...

Chapter 6: Devices, Device Groups, and Ports 50 ƒ If the group was formed based on common attributes, the Describe Devices tab will appear, showing the rules that govern selection of the devices for the group. ƒ To search for a device in the device group list, type a string in the Search field at th...

Chapter 6: Devices, Device Groups, and Ports 51 3. Select the Create Full Access Policy for Group checkbox to create a policy for this device group that allows access to all devices in the group at all times with control permission. 4. To add another device group, click Apply to save this group, the...

Chapter 6: Devices, Device Groups, and Ports 53 7. Click View Devices to see what nodes satisfy this expression. A Devices in Device Group Results window opens, displaying the devices that will be grouped by the current expression. This can be used to check if the description was correctly written. ...

Chapter 6: Devices, Device Groups, and Ports 54 Delete a Device Group To delete a device group: 1. Choose Associations > Device Groups. The Device Groups Manager window opens. 2. Existing device groups appear in the left panel. Select the device group you want to delete. The Device Group Details ...

Chapter 6: Devices, Device Groups, and Ports 55 Devices CSV File Requirements The devices CSV file defines the devices, ports, and their details required to add them to CC-SG. • For devices that support power strips connected to a port (SX, KX, KX2, KSX2), configuring the port will configure the pow...

Chapter 6: Devices, Device Groups, and Ports 57 Column number Tag or value Details Use " OUTLET " for configuring outlets on a PX device. 5 Port or Outlet Number Required field. 6 Port or Outlet Name Optional. If left blank, a default name or the name already assigned at the device level wil...

Chapter 6: Devices, Device Groups, and Ports 58 Column number Tag or value Details 2 DEVICE-CATEGORYELEMENT Enter the tag as shown. Tags are not case sensitive. 3 Device Name Required field. 4 Category Name Required field. 5 Element Name Required field. Sample Devices CSV File ADD, DEVICE, DOMINION ...

Chapter 6: Devices, Device Groups, and Ports 59 5. Check the Actions area to see the import results. Items that imported successfully show in green text. Items that failed import show in red text. Items that failed import because a duplicate item already exists or was already imported also show in r...

Chapter 6: Devices, Device Groups, and Ports 60 5. A message appears. Click Yes to restart the device. A message appears when the device has been upgraded. 6. To ensure that your browser loads all upgraded files, close your browser window, and then login to CC-SG in a new browser window. Backing Up ...

Chapter 6: Devices, Device Groups, and Ports 61 Restoring Device Configurations The following device types allow you to restore a full backup of the device configuration. • KX • KSX • KX101 • SX • IP-Reach KX2, KSX2, and KX2-101 devices allow you to choose which components of a backup you want to re...

Chapter 6: Devices, Device Groups, and Ports 64 3. Click Upload. Navigate to and select the device backup file. The file type is .rfp. Click Open. The device backup file uploads to CC-SG and appears in the page. Copying Device Configuration The following device types allow you to copy configurations...

Chapter 6: Devices, Device Groups, and Ports 65 Restarting a Device Use the Restart Device function to restart a device. To restart a device 1. Click the Devices tab and select the device you want to restart. 2. Choose Devices > Device Manager > Restart Device. 3. Click OK to restart the devic...

Chapter 6: Devices, Device Groups, and Ports 66 2. Choose Devices > Device Manager > Resume Management. The device icon in the Device Tree will indicate the device's active state. Device Power Manager Use the Device Power Manager to view the status of a PowerStrip device (including voltage, cu...

Chapter 6: Devices, Device Groups, and Ports 67 Disconnecting Users Administrators can terminate any user's session on a device. This includes users who are performing any kind of operation on a device, such as connecting to ports, backing up the configuration of a device, restoring a device's confi...

Chapter 6: Devices, Device Groups, and Ports 68 IP-Reach and UST-IP Administration You can perform administrative diagnostics on IP-Reach and UST-IP devices connected to your Paragon System setup directly from the CC-SG interface. After adding the Paragon System device to CC-SG, it appears in the De...

69 There are three ways to configure power control using powerstrips in CC-SG. 1. All supported Raritan-brand powerstrips can be connected to another Raritan device and added to CC-SG as a Powerstrip device. Raritan-brand powerstrips include Dominion PX and RPC powerstrips. Check the Compatibility M...

Chapter 7: Managed Powerstrips 70 Configuring Powerstrips that are Managed by Another Device in CC-SG In CC-SG, managed powerstrips can be connected to one of the following devices: • Dominion KX • Dominion KX2 • Dominion KX2-101 • Dominion SX 3.0 • Dominion SX 3.1 • Dominion KSX • Dominion KSX2 • P...

Chapter 7: Managed Powerstrips 71 Configuring PowerStrips Connected to KX, KX2, KX2-101, KSX2, and P2SC CC-SG automatically detects PowerStrips connected to KX, KX2, KX2-101, KSX2, and P2SC devices. You can perform the following tasks in CC-SG to configure and manage PowerStrips connected to these d...

Chapter 7: Managed Powerstrips 72 Delete a PowerStrip Connected to a KX, KX2, KX2-101, KSX2, or P2SC Device You cannot delete a PowerStrip connected to a KX, KX2, KX2-101, KSX2, or P2SC device from CC-SG. You must physically disconnect the PowerStrip from the device to delete the PowerStrip from CC-...

Chapter 7: Managed Powerstrips 73 10. For each Category listed, click the Element drop-down menu and select the element you want to apply to the device. Select the blank item in the Element field for each Category you do not want to use. See Associations, Categories, and Elements (on page 21). Optio...

Chapter 7: Managed Powerstrips 74 Configuring Powerstrips Connected to SX 3.1 You can perform the following tasks in CC-SG to configure and manage Powerstrips connected to SX 3.1 devices. • Add a Powerstrip Connected to an SX 3.1 Device (on page 74) • Move an SX 3.1's Powerstrip to a Different Port ...

Chapter 7: Managed Powerstrips 75 Move an SX 3.1's Powerstrip to a Different Port When you physically move a Powerstrip from one SX 3.1 device or port to another SX 3.1 device or port, you must delete the Powerstrip from the old SX 3.1 port and add it to the new SX 3.1 port. See Delete a Powerstrip ...

Chapter 7: Managed Powerstrips 76 3. Choose Devices > Port Manager > Configure Ports. ƒ To configure multiple outlets with the default names shown in the screen, select the checkbox for each outlet you want to configure, and then click OK to configure each outlet with the default name. ƒ To co...

77 This section covers how to view, configure, and edit nodes and their associated interfaces, and how to create node groups. Connecting to nodes is covered briefly. See Raritan's CommandCenter Secure Gateway User Guide for details on connecting to nodes. In This Chapter Nodes and Interfaces Overvie...

Chapter 8: Nodes, Node Groups, and Interfaces 78 Node Names Node names must be unique. CC-SG will prompt you with options if you attempt to manually add a node with an existing node name. When CC-SG automatically adds nodes, a numbering system ensures that node names are unique. See Naming Conventio...

Chapter 8: Nodes, Node Groups, and Interfaces 79 Node Profile Click a Node in the Nodes tab to open the Node Profile page. The Node Profile page includes tabs that contain information about the node.

Chapter 8: Nodes, Node Groups, and Interfaces 82 Service Accounts Service Accounts Overview Service accounts are special login credentials that you can assign to multiple interfaces. You can save time by assigning a service account to a set of interfaces that often require a password change. You can...

Chapter 8: Nodes, Node Groups, and Interfaces 84 2. Find the service account whose password you want to change. 3. Enter the new password in the Password field. 4. Re-type the password in the Retype Password field. 5. Click OK. Note: CC-SG updates all interfaces that use the service account to use t...

Chapter 8: Nodes, Node Groups, and Interfaces 85 Adding, Editing, and Deleting Nodes Add a Node To add a node to CC-SG: 1. Click the Nodes tab. 2. Choose Nodes > Add Node. 3. Type a name for the node in the Node Name field. All node names in CC-SG must be unique. See Naming Conventions (on page 3...

Chapter 8: Nodes, Node Groups, and Interfaces 86 Nodes Created by Configuring Ports When you configure the ports of a device, a node is created automatically for each port. An interface is also created for each node. When a node is automatically created, it is given the same name as the port to whic...

Chapter 8: Nodes, Node Groups, and Interfaces 87 Adding Location and Contacts to a Node Profile Enter details about the location of the node, and contact information for the people who administer or use the node. To add location and contacts to a node profile: 1. Select a node in the Nodes tab. The ...

Chapter 8: Nodes, Node Groups, and Interfaces 88 Configuring the Virtual Infrastructure in CC-SG Terminology for Virtual Infrastructure CC-SG uses the following terminology for virtual infrastructure components. Term Definition Example Control System The Control System is the managing server. The Co...

Chapter 8: Nodes, Node Groups, and Interfaces 89 Virtual Nodes Overview You can configure your virtual infrastructure for access in CC-SG. The Virtualization page offers two wizard tools, Add Control System wizard and Add Virtual Host wizard, that help you add control systems, virtual hosts, and the...

Chapter 8: Nodes, Node Groups, and Interfaces 94 ƒ One node for each virtual host. Each virtual host node has a VI Client interface. Virtual host nodes are named with their IP addresses or host names. Edit Control Systems, Virtual Hosts, and Virtual Machines You can edit the control systems, virtual...

Chapter 8: Nodes, Node Groups, and Interfaces 95 10. For each interface type, enter a name and login credentials. The name and login credentials will be shared by all the interfaces added to each virtual machine node and virtual host node configured. Optional. You can leave these fields blank if you...

Chapter 8: Nodes, Node Groups, and Interfaces 96 Delete a Virtual Machine Node There are two ways to delete virtual machine nodes: • Use the Delete Node feature. See Delete a Node (on page 86). • Deselect the Configure checkbox for the virtual machine. See Edit Control Systems, Virtual Hosts, and Vi...

Chapter 8: Nodes, Node Groups, and Interfaces 97 2. In the list of nodes, select the nodes you want to synchronize. Use Ctrl+click to select multiple items. 3. Click Synchronize. If the virtual infrastructure had changed since the last synchronization, the information in CC-SG updates. ƒ The Configu...

Chapter 8: Nodes, Node Groups, and Interfaces 98 3. Click Reboot or Force Reboot. Accessing the Virtual Topology View The Topology View is a tree structure that shows the relationships of the control system, virtual hosts, and virtual machines associated with the selected node. You must have the Dev...

Chapter 8: Nodes, Node Groups, and Interfaces 99 Pinging a Node You can ping a node from CC-SG to make sure that the connection is active. To ping a node: 1. Click the Nodes tab, and then select the node you want to ping. 2. Choose Nodes > Ping Node. The ping results appear in the screen. Adding,...

Chapter 8: Nodes, Node Groups, and Interfaces 100 ƒ In-Band - VNC: Select this item to create a KVM connection to a node through VNC server software. See Interfaces for In-Band Connections (on page 101). Out-of-Band Connections: ƒ Out-of-Band - KVM: Select this item to create a KVM connection to a n...

Chapter 8: Nodes, Node Groups, and Interfaces 101 See Web Browser Interface (on page 106). 3. A default name appears in the Name field depending on the type of interface you select. You can change the name. This name appears next to the interface in the Nodes list. See Naming Conventions (on page 35...

Chapter 8: Nodes, Node Groups, and Interfaces 102 Microsoft RDP Connection Details • If using a Windows XP client, you must have Terminal Server Client 6.0 or higher to connect a Microsoft RDP interface from CC-SG. Update the Terminal Server Client to 6.0 using this link: http://support.microsoft.co...

Chapter 8: Nodes, Node Groups, and Interfaces 103 Interfaces for DRAC Power Control Connections To add an interface for DRAC power control connections: 1. Type the IP Address or Hostname for this interface in the IP Address/Hostname field. 2. Type a TCP Port for this connection in the TCP Port field...

Chapter 8: Nodes, Node Groups, and Interfaces 104 RSA Interface Details When you create an In-Band RSA KVM or Power interface, CC-SG discards the username and password associated with the interface, and creates two user accounts on the RSA server. This allows you to have simultaneous KVM and power a...

Chapter 8: Nodes, Node Groups, and Interfaces 105 6. Click OK to save your changes. Note: A Managed Power Strip interface can be added to a blade chassis node, but not to a blade server node. Interfaces for IPMI Power Control Connections To add an interface for IPMI power control connections: 1. Typ...

Chapter 8: Nodes, Node Groups, and Interfaces 106 ƒ If the IT device has not been added to Power IQ yet, accept the default value for the external key or change it, but make sure to use the same value when adding the IT device to Power IQ. You can quickly make a file of all node and interface inform...

Chapter 8: Nodes, Node Groups, and Interfaces 107 ƒ http(s)://www.example.com/cgi/login ƒ http(s)://example.com/home.html 4. Enter authentication information: Optional. ƒ To use a service account for authentication, select the Use Service Account Credentials checkbox. Select the service account to u...

Chapter 8: Nodes, Node Groups, and Interfaces 108 Example: Adding a Web Browser Interface to a PX Node A Dominion PX-managed powerstrip can be added to CC-SG as a node. Then you can add a Web Browser Interface that enables users to access the Dominion PX's Web-based administration application to the...

Chapter 8: Nodes, Node Groups, and Interfaces 109 Delete an Interface You can delete any interface from a node except for these: ƒ A VMW Viewer interface or a VMW Power interface on a virtual machine node. ƒ A Web Browser interface on a blade chassis which has an integrated KVM switch and has a URL ...

Chapter 8: Nodes, Node Groups, and Interfaces 110 4. A default name for the bookmark appears in the Bookmark Name field. You can change the name, which will appear in your Favorites list in Internet Explorer. 5. Click OK. The Add Favorite window opens. 6. Click OK to add the bookmark to your Favorit...

Chapter 8: Nodes, Node Groups, and Interfaces 111 6. In the Associations tab, select the Copy Node Associations checkbox to copy all categories and elements of the node. ƒ You may change, add or delete any data in this tab. The modified data will be copied to multiple nodes in the Selected Nodes lis...

Chapter 8: Nodes, Node Groups, and Interfaces 112 Adding Nodes with CSV File Import You can add nodes and interfaces to CC-SG by importing a CSV file that contains the values. You must have the Device, Port, and Node Management and CC Setup and Control privileges to import and export nodes. You must...

Chapter 8: Nodes, Node Groups, and Interfaces 113 Nodes CSV File Requirements The nodes CSV file defines the nodes, interfaces, and their details required to add them to CC-SG. • Node names must be unique. If you enter duplicate node names, CC-SG adds a number in parentheses to the name to make it u...

Chapter 8: Nodes, Node Groups, and Interfaces 116 To add an SSH or TELNET interface to the CSV file: Column number Tag or value Details 1 ADD The first column for all tags is the command ADD . 2 NODE-SSH-INTERFACE for SSH interfaces NODE-TELNET- INTERFACE for TELNET interfaces Enter the tag as shown...

Chapter 8: Nodes, Node Groups, and Interfaces 118 Column number Tag or value Details account or a username and password. Leave blank if specifying service account. 8 Password You must enter either a service account or a username and password. Leave blank if specifying service account. 9 Description ...

Chapter 8: Nodes, Node Groups, and Interfaces 121 To add a Power IQ Proxy power control interface tothe CSV file: See Power Control of Power IQ IT Devices (on page 305) for details about configuring this interface type. Column number Tag or value Details 1 ADD The first column for all tags is the co...

Chapter 8: Nodes, Node Groups, and Interfaces 122 To assign categories and elements to a node to the CSV file: Categories and elements must already be created in CC-SG. You can assign multiple elements of the same category to a node in the CSV file. Column number Tag or value Details 1 ADD The first...

Chapter 8: Nodes, Node Groups, and Interfaces 123 ƒ If the file is not valid, an error message appears. Click OK and look at the Problems area of the page for a description of the problems with the file. Click Save to File to save the problems list. Correct your CSV file and then try to validate it ...

Chapter 8: Nodes, Node Groups, and Interfaces 124 Adding, Editing, and Deleting Node Groups Node Groups Overview Node groups are used to organize nodes into a set. The node group will become the basis for a policy either allowing or denying access to this particular set of nodes. See Adding a Policy...

Chapter 8: Nodes, Node Groups, and Interfaces 125 2. Choose Groups > New. A template for a node group appears. 3. In the Group Name field, type a name for a node group you want to create. See Naming Conventions (on page 353) for details on CC- SG's rules for name lengths. 4. There are two ways to...

Chapter 8: Nodes, Node Groups, and Interfaces 126 4. If you want to create a policy that allows access to the nodes in this group at any time, select the Create Full Access Policy for Group checkbox. 5. When you are done adding nodes to the group, click OK to create the node group. The group will be...

129 User accounts are created so that users can be assigned a username and password to access CC-SG. A User Group defines a set of privileges for its members. You cannot assign privileges to users themselves, only to user groups. All users must belong to at least one user group. CC-SG maintains a ce...

Chapter 9: Users and User Groups 130 The Users Tab Click the Users tab to display all user groups and users in CC-SG. Users are nested underneath the user groups to which they belong. User groups with users assigned to them appear in the list with a + symbol next to them. Click the + to expand or co...

Chapter 9: Users and User Groups 131 Default User Groups CC-SG is configured with three default user groups: CC-Super User, System Administrators, and CC Users. CC Super-User Group The CC Super-User group has full administrative and access privileges. Only one user can be a member of this group. The...

Chapter 9: Users and User Groups 132 Adding, Editing, and Deleting User Groups Add a User Group Creating user groups first will help you organize users when the users are added. When a user group is created, a set of privileges is assigned to the user group. Users assigned to the group will inherit ...

Chapter 9: Users and User Groups 133 The All Policies table lists all the policies available on CC-SG. Each policy represents a rule allowing or denying access to a group of nodes. See Policies for Access Control (on page 149) for details on policies and how they are created. 9. In the All Policies ...

Chapter 9: Users and User Groups 135 Limit the Number of KVM Sessions per User You can limit the number of KVM sessions allowed per user for sessions with Dominion KXII, KSXII and KX (KX1) devices. This prevents any single user from using all available channels at once. When a user attempts a connec...

Chapter 9: Users and User Groups 136 2. Select the Require Users to Enter Access Information When Connecting to a Node checkbox. 3. In the Message to Users field, enter a message that users will see when attempting to access a node. A default message is provided. 256 character maximum. 4. Move the u...

Chapter 9: Users and User Groups 137 Note: See Naming Conventions (on page 353) for details on CC- SG's rules for name lengths. If strong passwords are enabled, the password entered must conform to the established rules. The information bar at the top of the screen will display messages to assist wi...

Chapter 9: Users and User Groups 138 3. Select the Remote Authentication only checkbox if you want the user to be authenticated by an external server such as TACACS+, RADIUS, LDAP, or AD. If you are using remote authentication, a password is not required and the New Password and Retype New Password ...

Chapter 9: Users and User Groups 139 Assigning a User to a Group Use this command to assign an existing user to another group. Users assigned in this way will be added to the new group while still existing in any group they were previously assigned to. To move a user, use this command in conjunction...

Chapter 9: Users and User Groups 140 Adding Users with CSV File Import You can add user information to CC-SG by importing a CSV file that contains the values. If you have multiple CC-SG units in a neighborhood, exporting users from one CC-SG then importing the users into another CC-SG is a quick way...

Chapter 9: Users and User Groups 141 Column number Tag or value Details 6 Maximum number of KVM sessions allowed per user Enter just the number, from 1-8 . Default is 2 . To assign permissions to a user group in the CSV file: Enter the value TRUE to assign a permission to the user group. Enter the v...

Chapter 9: Users and User Groups 142 Column number Tag or value Details Tags are not case sensitive. 3 User Group Name Required field. User Group names are case sensitive. 4 Policy Name Required field. To associate an AD module to a user group in the CSV file: Column number Tag or value Details 1 AD...

Chapter 9: Users and User Groups 145 Export Users The export file contains all users that have a user account created in CC-SG. This excludes AD-authorized users, unless they also have a user account created on CC-SG. The export file includes user and the details from the user profile, user groups, ...

Chapter 9: Users and User Groups 147 Change the CC-SG Super User's Username You must be logged into CC-SG using the CC Super User account to change the CC Super User's username. The default CC Super User username is admin . 1. Choose Secure Gateway > My Profile. 2. Type a new name in the Username...

Chapter 9: Users and User Groups 148 Bulk Copying Users You can use Bulk Copy for users to copy one user's user group affiliations to another user or list of users. If the users receiving the affiliations have existing group affiliations, the existing affiliations will be removed. To perform a Bulk ...

149 Policies are rules that define which nodes and devices users can access, when they can access them, and whether virtual-media permissions are enabled, where applicable. The easiest way to create policies is to categorize your nodes and devices into node groups and device groups, and then create ...

Chapter 10: Policies for Access Control 150 Adding a Policy If you create a policy that denies access (Deny) to a node group or device group, you also must create a policy that allows access (Control) for the selected node group or device group. Users will not automatically receive Control rights wh...

Chapter 10: Policies for Access Control 151 13. In the Device/Node Access Permission field, select Control to define this policy to allow access to the selected node or device group for the designated times and days. Select Deny to define this policy to deny access to the selected node or device gro...

Chapter 10: Policies for Access Control 152 7. Click the Days drop-down arrow, and then select which days of the week this policy covers: All (everyday), Weekday (Monday through Friday only) and Weekend (Saturday and Sunday only), or Custom (select specific days). 8. Select Custom to select your own...

Chapter 10: Policies for Access Control 153 Support for Virtual Media CC-SG provides remote virtual media support for nodes connected to virtual media-enabled KX2, KSX2, and KX2-101 devices. For detailed instructions on accessing virtual media with your device, see: • Dominion KX II User Guide • Dom...

154 Custom Views enable you to specify different ways to display the nodes and devices in the left panel, using Categories, Node Groups, and Device Groups. In This Chapter Types of Custom Views .........................................................................154 Using Custom Views in the Adm...

Chapter 11: Custom Views for Devices and Nodes 155 Using Custom Views in the Admin Client Custom Views for Nodes Add a Custom View for Nodes To add a custom view for nodes: 1. Click the Nodes tab. 2. Choose Nodes > Change View > Create Custom View. The Custom View screen appears. 3. In the Cus...

Chapter 11: Custom Views for Devices and Nodes 156 2. Click the Name drop-down arrow and select a custom view from the list. 3. Click Apply View. or • Choose Nodes > Change View. All defined custom views are options in the pop-up menu. Choose the custom view you want to apply. Change a Custom Vie...

Chapter 11: Custom Views for Devices and Nodes 157 2. Choose Nodes > Change View > Create Custom View. The Custom View screen appears. 3. Click the Name drop-down arrow, and select a custom view from the list. Details of the items included and their order appear in the Custom View Details pane...

Chapter 11: Custom Views for Devices and Nodes 158 3. In the Custom View panel, click Add. The Add Custom View window appears. 4. Type a name for the new custom view in the Custom View Name field. 5. In the Custom View Type section: ƒ Select Filter by Device Group to create a custom view that displa...

Chapter 11: Custom Views for Devices and Nodes 159 2. Choose Devices > Change View > Create Custom View. The Custom View screen appears. 3. Click the Name drop-down arrow, and select a custom view from the list. Details of the items included and their order appear in the Custom View Details pa...

Chapter 11: Custom Views for Devices and Nodes 160 Assign a Default Custom View for Devices To assign a default custom view for devices: 1. Click the Devices tab. 2. Choose Devices > Change View > Create Custom View. The Custom View screen appears. 3. Click the Name drop-down arrow, and select...

161 In This Chapter Authentication and Authorization (AA) Overview ..................................161 Distinguished Names for LDAP and AD ................................................162 Specifying Modules for Authentication and Authorization .....................163 Establishing Order of Exte...

Chapter 12: Remote Authentication 162 3. Username and password are either accepted or rejected and sent back. If authentication is rejected, this results in a failed login attempt. 4. If authentication is successful, authorization is performed. CC-SG checks if the username entered matches a group th...

Chapter 12: Remote Authentication 163 Specify a Username for AD When authenticating CC-SG users on an AD server by specifying cn=administrator,cn=users,dc=xyz,dc=com in username, if a CC-SG user is associated with an imported AD group, the user will be granted access with these credentials. Note tha...

Chapter 12: Remote Authentication 164 2. Click the Authentication tab. All configured external Authorization and Authentication Servers appear in a table. 3. Select a server from the list, and then click the up and down arrows to prioritize the order of engagement. 4. Click Update to save your chang...

Chapter 12: Remote Authentication 165 AD General Settings In the General tab, you must add the information that allows CC-SG to query the AD server. Do not add duplicate AD modules. If your users see a message that says "You are not a member of any group" when attempting to login, you may ha...

Chapter 12: Remote Authentication 166 5. Type the password for the user account you want to use to query the AD server in the Password and Confirm Password fields. Maximum length is 32 characters. 6. Click Test Connection to test the connection to the AD server using the given parameters. You should...

Chapter 12: Remote Authentication 167 ƒ Select the Use Bind checkbox if the user logging in from the applet has permissions to perform search queries in the AD server. If a username pattern is specified in Bind username pattern, the pattern will be merged with the username supplied in the applet and...

Chapter 12: Remote Authentication 168 4. Click Next to proceed. The Trusts tab opens. AD Trust Settings In the Trusts tab, you can set up trust relationships between this new AD domain and any existing domains. A trust relationship allows resources to be accessible by authenticated users across doma...

Chapter 12: Remote Authentication 169 3. Select the AD module you want edit, and then click Edit. 4. Click each tab in the Edit Module window to view the configured settings. Make changes as needed. See AD General Settings (on page 165), AD Advanced Settings (on page 166), AD Group Settings (on page...

Chapter 12: Remote Authentication 170 ƒ To search for user groups, type a search string in the Search for User Group field, and then click Go. ƒ Click a column header to sort the list of user groups by the information in that column. ƒ Click Select all to select all user groups for import. ƒ Click D...

Chapter 12: Remote Authentication 171 Synchronize All User Groups with AD You should synchronize all user groups if you have made a change to a user group, such as moving a user group from one AD module to another. You can also change the AD association of a user group manually, in the User Group Pr...

Chapter 12: Remote Authentication 172 Synchronize All AD Modules You should synchronize all AD Modules whenever you change or delete a user in AD, change user permissions in AD, or make changes to a domain controller. When you synchronize all AD modules, CC-SG retrieves the user groups for all confi...

Chapter 12: Remote Authentication 173 To disable daily synchronization of all AD modules: 1. Choose Administration > Security. 2. Click the Authentication tab. All configured Authorization and Authentication Servers appear in a table. 3. Deselect the Daily synchronization of All Modules checkbox....

Chapter 12: Remote Authentication 175 2. Select Base 64 if you want the password to be sent to the LDAP server with encryption. Select Plain Text if you want the password to be sent to the LDAP server as plain text. 3. Default Digest: select the default encryption of user passwords. 4. Type the user...

Chapter 12: Remote Authentication 177 About TACACS+ and CC-SG CC-SG users who are remotely authenticated by a TACACS+ server must be created on the TACACS+ server and on CC-SG. The user name on the TACACS+ server and on CC-SG must be the same, although the passwords may be different. See Users and U...

Chapter 12: Remote Authentication 178 About RADIUS and CC-SG CC-SG users who are remotely authenticated by a RADIUS server must be created on the RADIUS server and on CC-SG. The user name on the RADIUS server and on CC-SG must be the same, although the passwords may be different. See Users and User ...

Chapter 12: Remote Authentication 179 Two-Factor Authentication Using RADIUS By using an RSA RADIUS Server that supports two-factor authentication in conjunction with an RSA Authentication Manager, CC-SG can make use of two-factor authentication schemes with dynamic tokens. In such an environment, u...

180 In This Chapter Using Reports ........................................................................................180 Audit Trail Report...................................................................................182 Error Log Report .......................................................

Chapter 13: Reports 182 Purge a Report's Data From CC-SG You can purge the data that appears in the Audit Trail and Error Log reports. Purging these reports deletes all data that satisfy the search criteria used. For example, if you search for all Audit Trail entries from March 26, 2008 through Marc...

Chapter 13: Reports 183 3. You can limit the data that the report will contain by entering additional parameters in the Message Type, Message, Username, and User IP address fields. Wildcards are accepted in these fields except for the Message Type field. ƒ To limit the report to a type of message, s...

Chapter 13: Reports 184 ƒ Click Purge to delete the Error Log. See Purge a Report's Data from CC-SG (on page 182). Access Report Generate the Access report to view information about accessed devices and nodes, when they were accessed, and the user who accessed them. To generate the Access Report: 1....

Chapter 13: Reports 185 3. Click Apply. Active Users Report The Active Users report displays current users and user sessions. You can select active users from the report and disconnect them from CC-SG. To generate the Active Users report: • Choose Reports > Users > Active Users. To disconnect ...

Chapter 13: Reports 186 ƒ The Password Expiration field displays the number of days that the user can use the same password before being forced to change it. See Add a User (on page 136). ƒ The Groups field displays the user groups to which the user belongs. ƒ The Privileges field displays the CC-SG...

Chapter 13: Reports 187 Device Group Data Report The Device Group Data report displays device group information. To generate the Device Group Data report: 1. Choose Reports > Devices > Device Group Data. 2. Double-click a row to display the list of devices in the group. Query Port Report The Q...

Chapter 13: Reports 188 State Type Port State Definition been configured. 3. Select Ghosted Ports to include ports that are ghosted. A ghosted port can occur when a CIM or target server is removed from a Paragon system or powered off (manually or accidentally). See Raritan's Paragon II User Guide. O...

Chapter 13: Reports 189 3. The URL column contains direct links to each node. You can use this information to create a web page with links to each node, instead of bookmarking each node individually. See Bookmarking an Interface (on page 109). Active Nodes Report The Active Nodes report includes the...

Chapter 13: Reports 190 Node Group Data Report The Node Group Data report displays the list of nodes that belong to each group, the user groups that have access to each node group, and, if applicable, the rules that define the node group. The list of nodes is in the report details, which you can vie...

Chapter 13: Reports 191 Scheduled Reports Scheduled Reports displays reports that were scheduled in the Task Manager. You can find the Upgrade Device Firmware reports and Restart Device reports in the Scheduled Reports screen. Scheduled reports can be viewed in HTML format only. See Task Manager (on...

Chapter 13: Reports 192 Upgrade Device Firmware Report The Upgrade Device Firmware report is located in the Scheduled Reports list. This report is generated when an Upgrade Device Firmware task is running. View the report to get real-time status information about the task. Once the task has complete...

193 In This Chapter Maintenance Mode ................................................................................193 Entering Maintenance Mode..................................................................193 Exiting Maintenance Mode ..............................................................

Chapter 14: System Maintenance 194 2. Password: Type your password. Only users with the CC Setup and Control privilege can enter maintenance mode. 3. Broadcast message: Type the message that will display to users who will be logged out of CC-SG. 4. Enter maintenance mode after (min): Enter the numbe...

Chapter 14: System Maintenance 195 b. Type the IP address or hostname of the server in the IP Address/Hostname field. c. If you are not using the default port for the selected protocol (FTP: 21, SFTP: 22), type the communications port used in the Port Number field. d. Type a username for the remote ...

Chapter 14: System Maintenance 196 What is the difference between Full backup and Standard backup? Standard backup: A standard backup includes all data in all fields of all CCSG pages, except for data in the following pages: • Administration > Configuration Manager > Network tab • Administrati...

Chapter 14: System Maintenance 197 3. Click OK to delete the backup from the CC-SG system. Restoring CC-SG You can restore CC-SG using a backup file that you created. Important: The Neighborhood configuration is included in the CC-SG backup file so make sure you remember or note down its setting at ...

Chapter 14: System Maintenance 198 ƒ Restore Data - CC-SG configuration, Device and Node configuration, and User Data. Selecting Data restores the Standard backup portion of a Full backup file. See What is the difference between Full backup and Standard backup? (on page 196) ƒ Restore Logs - Error l...

Chapter 14: System Maintenance 199 Option Description part of the CC-SG database. The SNMP configuration and traps are reset. The SNMP agent is not reset. IP-ACL settings are reset with a Full Database reset whether you select the IP ACL Tables option or not. The Neighborhood configuration is remove...

Chapter 14: System Maintenance 203 Clear the Browser's Cache These instructions may vary slightly for different browser versions. To clear the browser cache in Internet Explorer 6.0 or later: 1. Choose Tools > Internet Options. 2. On the General tab, click Delete Files then click OK to confirm. I...

Chapter 14: System Maintenance 204 If specifying over 10 minutes, the broadcast message displays to users immediately, and then repeats at 10 and 5 minutes before the event occurs. 5. Click OK to shut down CC-SG. Restarting CC-SG after Shutdown After shutting down CC-SG, use one of these two methods...

Chapter 14: System Maintenance 205 Ending CC-SG Session There are two ways to end a CC-SG Session. • Log out to end your session while keeping the client window open. See Log Out of CC-SG (on page 205). • Exit to end your session and close the client window. See Exit CC- SG (on page 205). Log Out of...

206 In This Chapter Configuring a Message of the Day ........................................................206 Configuring Applications for Accessing Nodes .....................................207 Configuring Default Applications ...........................................................209 Manag...

Chapter 15: Advanced Administration 207 c. Click the Font Size drop-down menu and select a font size for the message text. ƒ If you select Message of the Day File: a. Click Browse to browse for the message file. b. Select the file in the dialog window that opens then click Open. c. Click Preview to ...

Chapter 15: Advanced Administration 208 2. Click the Application name drop-down arrow and select the application that must be upgraded from the list. If you do not see the application, you must add it first. See Add an Application (on page 208). 3. Click Browse, locate and select the application upg...

Chapter 15: Advanced Administration 209 5. Click OK. An Open dialog appears. 6. Navigate to and select the application file (usually a .jar or .cab file), and then click Open. 7. The selected application loads onto CC-SG. Delete an Application To delete an application: 1. Choose Administration > ...

Chapter 15: Advanced Administration 210 View the Default Application Assignments To view the default application assignments: 1. Choose Administration > Applications. 2. Click the Default Applications tab to view and edit the current default applications for various Interfaces and Port Types. App...

Chapter 15: Advanced Administration 211 2. Click Add to add a new firmware file. A search window opens. 3. Navigate to and select the firmware file you want to upload to CC- SG, and then click Open. When the upload completes, the new firmware appears in the Firmware Name field. Delete Firmware To de...

Chapter 15: Advanced Administration 213 If the Primary LAN is connected and receiving a Link Integrity signal, CC-SG uses this LAN port for all communications. If the Primary LAN loses Link Integrity, and Secondary LAN is connected, CC-SG will failover its assigned IP address to the Secondary LAN. T...

Chapter 15: Advanced Administration 215 What is IP Isolation mode? IP Isolation mode allows you to isolate clients from devices by placing them on separate sub-networks and forcing clients to access the devices through CC-SG. In this mode, CC-SG manages traffic between the two separate IP domains. I...

Chapter 15: Advanced Administration 216 • Specify at most one Default Gateway in the Network Setup panel in CC-SG. Use Diagnostic Console to add more static routes if needed. See Edit Static Routes (on page 278). To configure IP Isolation mode in CC-SG: 1. Choose Administration > Configuration. 2...

Chapter 15: Advanced Administration 217 Recommended DHCP Configurations for CC-SG Review the following recommended DHCP configurations. Make sure that your DHCP server is set up properly before you configure CC-SG to use DHCP. • Configure the DHCP to statically allocate CC-SG's IP address. • Configu...

Chapter 15: Advanced Administration 218 2. Click the Logs tab. 3. Click Purge. 4. Click Yes. Configuring the CC-SG Server Time and Date CC-SG's time and date must be accurately maintained to provide credibility for its device-management capabilities. Important: The Time/Date configuration is used wh...

Chapter 15: Advanced Administration 219 Connection Modes: Direct and Proxy About Connection Modes CC-SG offers three connection modes for in-band and out-of-band connections: Direct, Proxy, and Both. • Direct mode allows you to connect to a node or port directly, without passing data through CC-SG. ...

Chapter 15: Advanced Administration 220 Configure Proxy Mode for All Client Connections To configure proxy mode for all client connections: 1. Choose Administration > Configuration. 2. Click the Connection Mode tab. 3. Select Proxy mode. 4. Click Update Configuration. Configure a Combination of D...

Chapter 15: Advanced Administration 221 3. Type a new timeout duration in the Heartbeat (sec) field. The valid range is 30 seconds to 50,000 seconds. 4. Click Update Configuration to save your changes. To enable or disable a warning message for all power operations: Select the Display Warning Messag...

Chapter 15: Advanced Administration 223 Configuring Custom JRE Settings CC-SG will display a warning message to users who attempt to access CC-SG without the minimum JRE version that you specify. Check the Compatibility Matrix for the minimum supported JRE version. Choose Administration > Compati...

Chapter 15: Advanced Administration 224 To clear the default message and minimum JRE version: 1. Choose Administration > Configuration. Click the Custom JRE tab. 2. Click Clear. Configuring SNMP Simple Network Management Protocol allows CC-SG to push SNMP traps (event notifications) to an existin...

Chapter 15: Advanced Administration 225 9. Select the checkboxes before the traps you want CC-SG to push to your SNMP hosts: Under Trap Sources, a list of SNMP traps grouped into two different categories: System Log traps, which include notifications for the status of the CC unit itself, such as a h...

Chapter 15: Advanced Administration 226 Requirements for CC-SG Clusters • The Primary and Secondary nodes in a cluster must be running the same firmware version on the same hardware version (V1 or E1). • Your CC-SG network must be in IP Failover mode to be used for clustering. Clustering will not wo...

Chapter 15: Advanced Administration 227 5. Type a valid user name and password for the Backup node in the Username for Backup Secure Gateway and Password for Backup Secure Gateway fields. 6. Select the Redirect by Hostname checkbox to specify that secondary to primary redirection access should be vi...

Chapter 15: Advanced Administration 228 Switch the Primary and Secondary Node Status You can exchange the roles of Primary and Secondary nodes when the Secondary, or Backup, node is in the "Joined" state. When the Secondary node is in the "Waiting" state, switching is disabled. After...

Chapter 15: Advanced Administration 229 Note: If the clustered CC-SG units do not share the same time zone, when the Primary node failure occurs, and the Secondary node becomes the new Primary node, the time specified for Automatic Rebuild still follows the time zone of the old Primary node. Delete ...

Chapter 15: Advanced Administration 230 Create a Neighborhood You can log into a CC-SG unit where you want to create a Neighborhood and which is not a member of any Neighborhood yet. After a Neighborhood is created, all members in the Neighborhood share the same Neighborhood information. If any memb...

Chapter 15: Advanced Administration 231 ƒ To deactivate any CC-SG unit, deselect the Activate checkbox next to that unit. Deactivated CC-SG units operate as standalone units and do not show up as one of the Neighborhood members to Access Client users. ƒ Click the column header to sort the table by t...

Chapter 15: Advanced Administration 232 4. If new CC-SG units meet the Neighborhood criteria and are found, they display in the Neighborhood Configuration table. Otherwise, a message appears and return you to the Add Member dialog. Then make changes in the dialog as needed. 5. Select the Active chec...

Chapter 15: Advanced Administration 233 Delete a Neighborhood Member When a CC-SG unit in a Neighborhood becomes inappropriate, you may either remove or deactivate it in the Neighborhood configuration. Otherwise, Access Client users may find these units inaccessible when trying to switch to them. Fo...

Chapter 15: Advanced Administration 234 2. Choose Administration > Neighborhood. 3. Click Delete Neighborhood. 4. Click Yes to confirm the deletion. Security Manager The Security Manager is used to manage how CC-SG provides access to users. Within Security Manager you can configure authentication...

Chapter 15: Advanced Administration 235 Check Your Browser for AES Encryption CC-SG supports AES-128 and AES-256. If you do not know if your browser uses AES, check with the browser manufacturer. You may also want to try navigating to the following web site using the browser whose encryption method ...

Chapter 15: Advanced Administration 236 ƒ Click the Key Length drop-down arrow to select the encryption level - 128 or 256. ƒ The CC-SG Port field displays 80. ƒ The Browser Connection Protocol field displays HTTPS/SSL selected. 5. Click Update to save your changes. Configure Browser Connection Prot...

Chapter 15: Advanced Administration 237 Require strong passwords for all users 1. Choose Administration > Security. 2. Click the Login Settings tab. 3. Select the Strong Passwords Required for All Users checkbox. 4. Select a Maximum Password Length. Passwords must contain fewer than the maximum n...

Chapter 15: Advanced Administration 239 2. Open the Login Settings tab. 3. Deselect the Lockout Enabled for Local Users checkbox to disable lockout for locally authenticated users. Deselect the Lockout Enabled for Remote Users checkbox to disable lockout for remotely authenticated users. 4. Click Up...

Chapter 15: Advanced Administration 240 Logo A small graphic file can be uploaded to CC-SG to act as a banner on the login page. The maximum size of the logo is 998 by 170 pixels. To upload a logo: 1. Click Browse in the Logo area of the Portal tab. An Open dialog appears. 2. Select the graphic file...

Chapter 15: Advanced Administration 241 ƒ Click Browse. A dialog window opens. ƒ In the dialog window, select the text file with the message you want to use, and then click Open. The maximum length of the text message is 10,000 characters. ƒ Click Preview to preview the text contained in the file. T...

Chapter 15: Advanced Administration 243 14. Type raritan in the Password field if the CSR was generated by CC- SG. If a different application generated the CSR, use the password for that application. Note: If the imported certificate is signed by a root and subroot CA (certificate authority), using ...

Chapter 15: Advanced Administration 245 6. Click the Action drop-down arrow and select Allow or Deny to specify whether the specified users in the IP range can access CC-SG. 7. Click Update to save your changes. To change the order in which CC-SG applies rules: 1. Choose Administration > Security...

Chapter 15: Advanced Administration 246 7. Type a valid email address that will identify messages from CC-SG in the From field. 8. Type the number of times emails should be re-sent should the send process fail in the Sending retries field. 9. Type the number of minutes (from 1-60) that should elapse...

Chapter 15: Advanced Administration 247 Schedule Sequential Tasks You may want to schedule tasks sequentially to confirm that expected behavior occurred. For example, you may want to schedule an Upgrade Device Firmware task for a given device group, and then schedule an Asset Management Report task ...

Chapter 15: Advanced Administration 249 b. Periodic: Use the up and down arrows to select the Start time at which the task should begin. Type the number of times the task should be executed in the Repeat Count field. Type the time that should elapse between repetitions in the Repeat Interval field. ...

Chapter 15: Advanced Administration 252 Change a Scheduled Task You can change a scheduled task before it runs. To change a scheduled task: 1. Select the task you want to change. 2. Click Edit. 3. Change the task specifications as needed. See Schedule a Task (on page 248) and Schedule a Device Firmw...

Chapter 15: Advanced Administration 253 Delete a Task You can delete a task to remove it from the Task Manager. You cannot delete a task that is currently running. To delete a task: • Select the task, then click Delete. SSH Access to CC-SG Use Secure Shell (SSH) clients, such as Putty or OpenSHH Cli...

Chapter 15: Advanced Administration 254 To display all SSH commands: • At the shell prompt, type ls to display all commands available. Get Help for SSH Commands You can get limited help for all commands at once. You can also get in-depth help on a single command at a time. To get help for a single S...

Chapter 15: Advanced Administration 255 SSH Commands and Parameters The following table lists all commands available in SSH. You must be assigned the appropriate privileges in CC-SG to access each command. Some commands have additional parameters that you must type to execute the command. For more i...

Chapter 15: Advanced Administration 257 To restart a device: restartdevice <[-id <device_id>] | [host]> To restore a device configuration: restoredevice <[-host <host>] | [-id <device_id>]> [backup_id] To shutdown CC-SG: shutdowncc minutes [message] To open an SSH conne...

Chapter 15: Advanced Administration 258 Command syntax Device ID value You should type ssh -id <device_id> 100 ssh -id 100 • The default escape character is a tilde followed by a period. For example: ~. See End SSH Connections (on page 260) for details on using the escape character and the exi...

Chapter 15: Advanced Administration 259 2. Connect to the device by typing ssh -id <device_id> . Using the figure above as an example, you can connect to SX-229 by typing ssh -id 1370 . Use SSH to Connect to a Node via a Serial Out-of-Band Interface You can use SSH to connect to a node through...

Chapter 15: Advanced Administration 260 Command Alias Description get_write gw Gets Write Access. Allows SSH user to execute commands at target server while browser user can only observe proceedings. get_history gh Gets History. Displays the last few commands and results at target server. send_break...

Chapter 15: Advanced Administration 261 Serial Admin Port The serial admin port on CC-SG can be connected directly to a Raritan serial device, such as Dominion SX or KSX. You can connect to the SX or KSX via the IP address using a terminal emulation program, such as HyperTerminal or PuTTY. Set the b...

Chapter 15: Advanced Administration 262 3. A new window opens with your CC-SG serial number. Web Services API You must accept the End User Agreement before adding a Web Services API client to CC-SG. You can add up to five WS-API clients. See the CC-SG Web Services API Guide for details on using the ...

Chapter 15: Advanced Administration 263 h. Division/Department Name: CSR tag is Organization Unit Name. Maximum 64 characters. i. Fully Qualified Domain Name: CSR tag is Common Name. j. Administrator Email Address: Type in the email address of the administrator who is responsible for the certificate...

264 The Diagnostic Console is a non-graphical, menu-based interface that provides local access to CC-SG. You can access Diagnostic Console from a serial or KVM port. See Access Diagnostic Console via VGA/Keyboard/Mouse Port (on page 264). Or, you can access Diagnostic Console from a Secure Shell (SS...

Chapter 16: Diagnostic Console 265 Status Console About Status Console • You can use the Status Console to check the health of CC-SG, the various services CC-SG uses, and the attached network. • By default, Status Console does not require a password. • You can configure CC-SG to provide the Status C...

Chapter 16: Diagnostic Console 266 2: Access the Status Console via web browser: 1. Using a supported Internet browser, type this URL: http(s)://<IP_address>/status/ where <IP_address> is the IP address of the CC-SG. Note the forward slash (/) following /status is mandatory. For example,...

Chapter 16: Diagnostic Console 267 CC-SG Title, Date and Time The CC-SG title is constant so users know that they are connected to a CC-SG unit. The date and time at the top of the screen is the last time when the CC-SG data was polled. The date and time reflect the timing values saved on the CC-SG ...

Chapter 16: Diagnostic Console 269 Information Description Speed The speed that this interface is operating: 10, 100 or 1000 Mbits per second. Duplex Indicate whether the interface is Full- or Half-duplex. IPAddr The current Ipv4 Address of this interface. RX -Pkts The number of IP packets received ...

Chapter 16: Diagnostic Console 270 Status Console via Web Browser After connecting to the Status Console via the web browser, the read-only Status Console web page appears. The web page displays the same information as the Status Console, and also updates the information approximately every 5 second...

Chapter 16: Diagnostic Console 271 Administrator Console About Administrator Console The Administrator Console allows you to set some initial parameters, provide initial networking configuration, debug log files, and perform some limited diagnostics and restarting CC-SG. The default login for the Ad...

Chapter 16: Diagnostic Console 272 The main Administrator Console screen appears. Administrator Console Screen Administrator Console screen consists of 4 main areas. • Menu bar: You can perform Administrator Console functions by activating the menu bar. Press Ctrl+X to activate the menu bar or click...

Chapter 16: Diagnostic Console 273 • Status bar: Status bar is just above the navigation keys bar. It displays some important system information, including CC-SG's serial number, firmware version, and the time when the information shown in the main display area was loaded or updated. Screenshots con...

Chapter 16: Diagnostic Console 274 Edit Diagnostic Console Configuration The Diagnostic Console can be accessed via the serial port (COM1), VGA/Keyboard/Mouse (KVM) port, or from SSH clients. If you want to access Status Console, one more access mechanism, Web access, is also available. For each por...

Chapter 16: Diagnostic Console 275 4. Click Save. Edit Network Interfaces Configuration (Network Interfaces) In Network Interface Configuration, you can perform initial setup tasks, such as setting the hostname and IP address of the CC-SG. 1. Choose Operation > Network Interfaces > Network Int...

Chapter 16: Diagnostic Console 276 ƒ Even if DHCP is being used to determine the IP configuration for an interface, you must provide a properly formatted IP address and Netmask. 6. In the Adapter Speed, select a line speed. The other values of 10, 100, and 1000 Mbps are on a scrollable list (where o...

Chapter 16: Diagnostic Console 277 Option Description Record Route Records route. Turns on the IP record route option, which will store the route of the packet inside the IP header. Use Broadcast Address Allows pinging a broadcast message. Adaptive Timing Adaptive ping. Interpacket interval adapts t...

Chapter 16: Diagnostic Console 280 View Log Files in Diagnostic Console You can view one or more log files simultaneously via LogViewer, which allows browsing through several files at once to examine system activity. The Logfile list is updated only when the associated list becomes active, as when a...

Chapter 16: Diagnostic Console 281 3. Click with the mouse or use the arrow keys to navigate and press the Space bar to select a log file, marking it with an X. You can view more than one log file at a time. To sort the Logfiles to View list: The Sort Logfile list by options control the order in whi...

Chapter 16: Diagnostic Console 282 Option Description contents of this package is not available to customer. Exported logfiles will be available for up to 10 days, and then the system will automatically delete them. View View the selected log(s). When View is selected with Individual Windows, the Lo...

Chapter 16: Diagnostic Console 283 Note: System load is static as of the start of this Admin Console session - use the TOP utility to dynamically monitor system resources. To filter a log file with a regular expression: 1. Type e to add or edit a regular expression and select a log from the list if ...

Chapter 16: Diagnostic Console 284 Diagnostic Console. See Restarting CC-SG (on page 200). Restarting CC-SG in Diagnostic Console will NOT notify users that it is being restarted. To restart CC-SG with Diagnostic Console: 1. Choose Operation > Admin > CC-SG Restart. 2. Either click Restart CC-...

Chapter 16: Diagnostic Console 285 2. Either click REBOOT System or press Enter to reboot CC-SG. Confirm the reboot in the next screen to proceed. Power Off CC-SG System from Diagnostic Console This option will power off the CC-SG unit. Logged-in users will not receive a notification. CC-SG, SSH, an...

Chapter 16: Diagnostic Console 286 2. Either click Power OFF the CC-SG or press Enter to remove AC power from the CC-SG. Confirm the power off operation in the next screen to proceed. Reset CC Super-User Password with Diagnostic Console This option will reset the password for the CC Super User accou...

Chapter 16: Diagnostic Console 287 2. Either click Reset CC-SG GUI Admin Password or press Enter to change the admin password back to factory default. Confirm the password reset in the next screen to proceed. Reset CC-SG Factory Configuration (Admin) This option will reset all or parts of the CC-SG ...

Chapter 16: Diagnostic Console 289 Option Description Diagnostic Console Reset This option restores Diagnostic Console settings back to factory defaults. IP Access Control Lists Reset This option removes all entries from the IP-ACL table. IP-ACL settings are reset with a Full Database reset whether ...

Chapter 16: Diagnostic Console 291 Password setting Description every password must have at least one digit in it. Diagnostic Console Account Configuration By default, the status account does not require a password, but you can configure it to require one. Other aspects of the admin password can be ...

Chapter 16: Diagnostic Console 293 Configure Remote System Monitoring You can enable the remote system monitoring feature to use the GKrellM tool. The GKrellM tool provides a graphical view of resource utilization on the CC-SG unit. This tool is similar to the Windows Task Manager's Performance tab....

Chapter 16: Diagnostic Console 295 Display RAID Status and Disk Utilization This option displays the status of CC-SG disks, including disk size, active and up status, state of the RAID-1, and amount of space currently used by various file systems. To display disk status of the CC-SG: 1. Choose Opera...

Chapter 16: Diagnostic Console 296 Perform Disk or RAID Tests You can manually perform SMART disk drive tests or RAID check and repair operations. To perform a disk drive test or a RAID check and repair operation: 1. Choose Operation > Utilities > Disk/RAID Utilities > Manual Disk/RAID Test...

Chapter 16: Diagnostic Console 297 d. After the test is complete, you can view the results in the Repair/Rebuild RAID screen. See Repair or Rebuild RAID Disks (on page 299). If a non-zero value displays in the Mis- Match column for the given Array, indicating that there may be a problem, you should ...

Chapter 16: Diagnostic Console 298 Schedule Disk Tests You can schedule SMART-based tests of the disk drives to be periodically performed. Firmware on the disk drive will perform these tests, and you can view the test results in the Repair/Rebuild screen. See Repair or Rebuild RAID Disks (on page 29...

Chapter 16: Diagnostic Console 299 2. Click with the mouse or use the arrow keys to navigate and press the Space bar to select a test type, marking it with an X. Different types of tests take a different period of time. ƒ A Short test takes about 2 minutes to complete when the system is lightly load...

Chapter 16: Diagnostic Console 301 4. Selecting either Replace Disk Drive or Rebuild RAID Array, and follow onscreen instructions until you finish the operation. View Top Display with Diagnostic Console Top Display allows you to view the list of currently-running processes and their attributes, as w...

Chapter 16: Diagnostic Console 303 Take a System Snapshot When CC-SG does not function properly, it is extremely helpful if you can capture the information stored in CC-SG, such as the system logs, configurations or database, and provide it to Raritan Technical Support for analysis and troubleshooti...

Chapter 16: Diagnostic Console 304 2: Retrieve the CC-SG snapshot file: 1. Using a supported Internet browser, type this URL: http(s)://<IP_address>/upload/ where <IP_address> is the IP address of the CC-SG. Note the forward slash (/) following /upload is mandatory. For example, https://...

305 If you have a CC-SG and Power IQ, there are severals ways to use them together. 1. Control power to Power IQ IT devices via CC-SG. For example, if you want to control power to a Power IQ IT device which is also a CC-SG node, you can use a Power IQ Proxy interface to give power control commands i...

Chapter 17: Power IQ Integration 306 2. Type a name for the device in the Power IQ Device Name field. The name must be unique for the Power IQ Device providing the service. CC-SG does not accept duplicate names. See Naming Conventions (on page 353) for details on CC-SG's rules for name lengths. 3. T...

Chapter 17: Power IQ Integration 307 Import Power Strips from Power IQ You can import Dominion PX devices and their outlet names from Power IQ. If the Dominion PX devices are already managed by CC-SG, you must delete them first. The import adds the Dominion PX devices, and configures and names the o...

Chapter 17: Power IQ Integration 308 Column number Tag or value Details Default is FALSE. 7 Description Optional. Step 3: Import the edited CSV file into CC-SG 1. In the CC-SG Admin Client, choose Administration > Import > Import Powerstrips. 2. Click Browse and select the CSV file to import. ...

Chapter 17: Power IQ Integration 309 4. Click Save. Step 2: Edit the CSV file and import into Power IQ: The export file contains three sections. Read the comments in the CSV file for instructions on how to use each section as part of a Power IQ multi-tabbed CSV import file. See the Power IQ User Gui...

310 In This Chapter V1 Model................................................................................................310 E1 Model................................................................................................311 V1 Model V1 General Specifications Form Factor 1U Dimensions (Dx...

Appendix A: Specifications for V1 and E1 311 Operating Humidity 5% - 95% RH Altitude Operate properly at any altitude between 0 to 10,000 feet, storage 40,000 feet (Estimated) Vibration 5-55-5 HZ, 0.38mm,1 minutes per cycle; 30 minutes for each axis (X,Y,Z) Shock N/A E1 Model E1 General Specificatio...

Appendix A: Specifications for V1 and E1 312 Operating Non-Operating Temperature -40°-70° C Humidity 5-90%, non-condensing Altitude Sea level to 40,000 feet Vibration 10 Hz to 300 Hz sweep at 2 g constant acceleration for one hour on each of the perpendicular axes X, Y, and Z Shock 30 g for 11 ms wi...

313 This appendix contains network requirements, including addresses, protocols, and ports, of a typical CC-SG deployment. It includes information about how to configure your network for both external access and internal security and routing policy enforcement. Details are provided for the benefit o...

Appendix B: CC-SG and Network Configuration 314 Port Number Protocol Purpose Details Raritan device that will be externally accessed. The other ports in the table must be opened only for accessing CC-SG. AES-128/AES-256 encrypted if configured. 80 and 443 for Control System nodes 80, 443, 902, and 9...

Appendix B: CC-SG and Network Configuration 319 Communication Direction Port Number Protocol Configurable? Details CC-SG to SNMP Manager 162 UDP yes SNMP standard CC-SG Internal Ports CC-SG uses several ports for internal functions, and its local firewall function blocks access to these ports. Howev...

Appendix B: CC-SG and Network Configuration 320 VNC Access to Nodes Port 5800 or 5900 must be open for VNC access to nodes. SSH Access to Nodes Port 22 must be open for SSH access to nodes. Remote System Monitoring Port When the Remote System Monitoring feature is enabled, port 19150 is opened by de...

321 This table shows which privilege must be assigned for a user to have access to a CC-SG menu item. *None means that no particular privilege is required. Any user who has access to CC-SG will be able to view and access these menus and commands. Menu > Sub-menu Menu Item Required Privilege Descr...

Appendix C: User Group Privileges 322 Menu > Sub-menu Menu Item Required Privilege Description Devices This menu and the Devices tree is available only for users with any one of the following privileges: Device, Port, and Node Management Device Configuration and Upgrade Management Discover Device...

Appendix C: User Group Privileges 323 Menu > Sub-menu Menu Item Required Privilege Description Management or Device Configuration and Upgrade Management > Launch User Station Admin Device, Port, and Node Management > Disconnect Users Device, Port, and Node Management or Device Configuration...

330 CC-SG provides the following SNMP traps: SNMP Trap Description ccUnavailable CC-SG application is unavailable. ccAvailable CC-SG application is available. ccUserLogin CC-SG user logged in. ccUserLogout CC-SG user logged out. ccPortConnectionStarted CC-SG session started. ccPortConnectionStopped ...

Appendix D: SNMP Traps 331 SNMP Trap Description ccDiagnosticConsoleLogout User has logged out of the CC-SG Diagnostic Console. ccUserGroupAdded A new user group has been added to CC-SG. ccUserGroupDeleted CC-SG user group has been deleted. ccUserGroupModified CC-SG user group has been modified. ccS...

332 This section contains more information about CSV file imports. In This Chapter Common CSV File Requirements .........................................................333 Audit Trail Entries for Importing .............................................................334 Troubleshoot CSV File Proble...

Appendix E: CSV File Imports 333 Common CSV File Requirements The best way to create the CSV file is to export a file from CC-SG, and then use the exported CSV file as an example for creating your own. The export file contains comments at the top that describe each item in the file. The comments can...

Appendix E: CSV File Imports 334 Audit Trail Entries for Importing Each item imported into CC-SG is logged in the Audit Trail. Skipped duplicates are not logged in the Audit Trail. The Audit Trail includes an entry for the following actions, under the Message Type "Configuration." • Import o...

Appendix E: CSV File Imports 335 Troubleshoot CSV File Problems To troubleshoot CSV file validation: Error messages appear in the Problems area of the Import page. The error messages identify problems that are found in the CSV file during validation. You can save the list of errors to a CSV file. Ea...

336 • Launching CC-SG from your web browser requires a Java plug-in. If your machine has an incorrect version, CC-SG will guide you through the installation steps. If your machine does not have a Java plug-in, CC-SG cannot automatically launch. In this case, you must uninstall or disable your old Ja...

Appendix F: Troubleshooting 337 • If you access more than one CC-SG unit using the same client and Firefox, you may see a "Secure Connection Failed" message that says you have an invalid certificate. You can resume access by clearing the invalid certificate from your browser. a. In Firefox, ...

338 CC-SG comes with a few diagnostic utilities which may be extremely helpful for you or Raritan Technical Support to analyse and debug the cause of CC-SG problems. In This Chapter Memory Diagnostic ................................................................................338 Debug Mode ........

Appendix G: Diagnostic Utilities 339 ƒ Capture the Memtest86+ screen containing the memory errors and contact Raritan Technical Support for assistance. ƒ Shut down CC-SG and re-install the memory DIMM modules to ensure the contact is good. Then perform the Memtest86+ diagnostic to verify if the memo...

Appendix G: Diagnostic Utilities 340 CC-SG Disk Monitoring If CC-SG disk space exhaustion in one or more file systems occurs, it may negatively impact your operation and even results in the loss of some engineering data. Therefore, you should monitor the CC-SG disk usage and take corrective actions ...

Appendix G: Diagnostic Utilities 341 File system Data Corrective action /sg/DB CC-SG database Contact Raritan Technical Support /opt CC-SG backups and snapshots 1. Save any new snapshot files on a remote client PC. See Take a System Snapshot (on page 303) for the retrieval procedure. 2. Enter the Sy...

343 CC-SG can be configured to point to an RSA RADIUS Server that supports two-factor authentication via an associated RSA Authentication Manager. CC-SG acts as a RADIUS client and sends user authentication requests to RSA RADIUS Server. The authentication request includes user id, a fixed password,...

344 In This Chapter General FAQs........................................................................................344 Authentication FAQs..............................................................................346 Security FAQs ................................................................

Appendix I: FAQs 346 Question Answer model with IP-Reach and the IP User Station (UST-IP). The network model scales through use of the TCP/IP network and aggregates access through CC-SG, so users don't have to know IP addresses or the topology of access devices. It also provides the convenience of s...

Appendix I: FAQs 347 Question Answer security tools such as LDAP, AD, RADIUS, and so on? TACACS+, RADIUS, and LDAP. Why does the error message "Incorrect username and/or password" appear after I correctly enter a valid username and password to log into CC-SG? Check the user account in AD. If...

Appendix I: FAQs 348 Question Answer WAN, but LAN, too)? Does CC-SG support CRL List, that is, LDAP list of invalid certificates? No. Does CC-SG support Client Certificate Request? No. Accounting FAQs Question Answer Accounting The event times in the Audit Trail report seem incorrect. Why? Log event...

Appendix I: FAQs 349 Grouping FAQs Question Answer Grouping Is it possible to put a given server in more than one group? Yes. Just as one user can belong to multiple groups, one device can belong to multiple groups. For example, a Sun in NYC could be part of Group Sun: "Ostype = Solaris" and...

Appendix I: FAQs 350 Interoperability FAQs Question Answer Interoperability How does CC-SG integrate with Blade Chassis products? CC-SG can support any device with a KVM or serial interface as a transparent pass-through. To what level is CC-SG able to integrate with third party KVM tools, down to th...

352 The following keyboard shortcuts can be used in the Java-based Admin Client. Operation Keyboard Shortcut Refresh F5 Print panel Ctrl + P Help F1 Insert row in Associations table Ctrl + I Appendix J Keyboard Shortcuts

353 This appendix includes information about the naming conventions used in CC-SG. Comply with the maximum character lengths when naming all the parts of your CC-SG configuration. In This Chapter User Information ....................................................................................353...

Appendix K: Naming Conventions 354 Field in CC-SG Number of characters CC-SG allows Audit Information 256 Location Information Field in CC-SG Number of characters CC-SG allows Department 64 Site 64 Location 128 Contact Information Field in CC-SG Number of characters CC-SG allows Primary Contact Name...

Appendix K: Naming Conventions 355 Field in CC-SG Number of characters CC-SG allows periods are converted to hyphens. Device Description 160 Device IP/Hostname 64 Username 64 Password 64 Notes 256 Port Information Field in CC-SG Number of characters CC-SG allows Port Name 32 Associations Field in CC...

356 Prior to version 4.0, CC-SG Diagnostic Console displays a number of messages on the screen each time when it boots up. These messages are standard Linux diagnostic and warning messages and usually do not imply any system problems. The table offers a short introduction to a few frequent messages....

357 A About Administrator Console • 264, 271 About Applications for Accessing Nodes • 207 About Associations • 21 About CC-SG LAN Ports • 211, 212, 215 About CC-SG passwords • 237 About Connection Modes • 78, 219 About Default Applications • 209 About Interfaces • 78, 219 About LDAP and CC-SG • 173 ...