Page 1 Console Server with PowerAlert Model: B092-016 Tripp Lite World Headquarters 1111 W. 35th Street, Chicago, IL 60609 USA (773) 869-1234 (USA) • 773.869.1212 (International) www.tripplite.com Copyright © 2009 Tripp Lite. All rights reserved. All trademarks are the property of their respective owners.
Page 2: Table Of Contents
INTRODUCTION INSTALLATION Models 2.1.1 Kit components: B096-048 and B096-016 Console Server Management Switch 2.1.2 Kit components: B092-016 Console Server with PowerAlert Power connection 2.2.1 Power: Console Server Management Switch 2.2.2 Power: Console Server with PowerAlert Network connection Serial Port connection...
Page 3 Set up Windows XP/ 2003/Vista client for dial-in 5.1.4 Set up earlier Windows clients for dial-in 5.1.5 Set up Linux clients for dial-in OoB Broadband Access (B096-048/016 only) Broadband Ethernet Failover (B096-048/016 only) Dial-Out Failover SECURE TUNNELING AND SDT CONNECTOR Configuring for SDT Tunneling to Hosts SDT Connector Configuration 6.2.1...
Page 4 6.2.9 Choosing an alternate SSH client (e.g. PuTTY) SDT Connector to Management Console SDT Connector - Telnet or SSH connect to serially attached devices Using SDT Connector for out-of-band connection to the gateway Importing (and exporting) preferences SDT Connector Public Key Authentication Setting up SDT for Remote Desktop access 6.8.1 Enable Remote Desktop on the target Windows computer to be accessed...
Page 5 8.1.4 User power management Uninterruptible Power Supply Control (UPS) 8.2.1 Managed UPS connections 8.2.2 Configure UPS powering the Console Server 8.2.3 Configuring powered computers to monitor a Managed UPS 8.2.4 UPS alerts 8.2.5 UPS status 8.2.6 Overview of Network UPS Tools (NUT) Environmental Monitoring 8.3.1 Connecting the EMD...
Page 6 10.4.2 Basic Nagios plug-ins 10.4.3 Additional plug-ins SYSTEM MANAGEMENT 11.1 System Administration and Reset 11.2 Upgrade Firmware 11.3 Configure Date and Time STATUS REPORTS 12.1 Port Access and Active Users 12.2 Statistics 12.3 Support Reports 12.4 Syslog MANAGEMENT 13.1 Device Management 13.2 Port and Host Management 13.3...
Page 7 Alert Configuration 14.7 SDT Host Configuration SDT Host TCP Ports 14.8 Configuration backup and restore 14.9 General Linux command usage ADVANCED CONFIGURATION 15.1 Advanced Portmanager 15.2 External Scripts and Alerts 15.3 Raw Access to Serial Ports 15.4 IP- Filtering 15.5 Modifying SNMP Configuration Adding more than on SNMP server 15.6...
Page 8 16.1.4 Connect- SSH 16.1.5 Connect- IPMI 16.1.6 Connect- Remote Desktop (RDP) 16.1.7 Connect- Citrix ICA 16.1.8 Connect- PowerAlert 16.2 Advanced Control Panel 16.2.1 System: Terminal 16.2.2 System: Shutdown / Reboot 16.2.3 System: Logout 16.2.4 Custom 16.2.5 Status 16.2.6 Logs 16.3 Remote control Appendix A Hardware Specification Appendix B Serial Port Connectivity...
Page 9: Introduction
INTRODUCTION This Manual This User Manual is provided to help you get the most from your B096-016 / B096-048 Console Server Management Switch or B092-016 Console Server with PowerAlert product. These products are referred to generically in this manual as Console Servers.
Page 10: Manual Organization
Opening or removing the cover may expose you to dangerous voltage which may cause fire or electric shock. Refer all service to Tripp Lite qualified personnel To avoid electric shock the power cord protective grounding conductor must be connected through to ground...
Page 11: Types Of Users
10. Nagios Integration 11. System Management 12. Status Reports 13. Management 14. Basic Configuration 15. Advanced Config 16. Thin Client Types of users The Console Server supports two classes of users: Administrative users: Those who will be authorized to configure and control the Console Server; and to access and control all the connected devices.
Page 12: Manual Conventions
location, to configure the Console Server, set up Users, configure the ports and connected hosts, and set up logging and alerts. An authorized User can use the Management Console to access and control configured devices, review port logs, use the in-built java terminal to access serially attached consoles and control power to connected devices.
Page 13: Publishing History
Text presented like this highlights important issues and it is essential you read and take heed of these warnings Text presented with an arrow head indent indicates an action you should take as part of the procedure. Bold text indicates text that you type, or the name of a screen object (e.g. a menu or button) on the Management Console.
Page 14: Installation
B096-048 B096-016 B092-016 2.1.1 Kit components: B096-048 and B096-016 Console Server Management Switch Unpack your Console Server Management Switch kit and verify you have all the parts shown above, and that they all appear in good working order Console Modem...
Page 15: Kit Components: B092-016 Console Server With Poweralert
2.2.1 Power: Console Server Management Switch The B096-048/16 Console Server Management Switch has dual universal AC power supplies with auto failover built in. These power supplies each accept AC input voltage between 100 and 240 VAC with a frequency of 50 or 60 Hz and the total power consumption per Console Server is less than 30W. Two IEC AC power sockets are located at the rear of the metal case, and these IEC power inlets use conventional IEC AC power cords.
Page 16: Power: Console Server With Poweralert
B096-048/016 Console Server Management Switch. All physical connections are made using industry standard Cat5e patch cables (Tripp Lite N001 and N002 series cables). Ensure you only connect the LAN port to an Ethernet network that supports 10Base-T/100Base-T. For the initial configuration of the Console Server you must connect a computer to the Console Server’s principal network port.
Page 17: Usb Port Connection
The Console Server also has a DB9 LOCAL (Console/Modem) port. This DB-9 connector is on the rear panel of the B092-016 Console Server, and on the front panel of the B096-048/016 Console Server Management Switch. USB Port Connection The B096-048/016 Console Server Management Switch has one USB port on the front panel. External USB devices can be plugged into this USB port.
Page 18: Initial System Configuration
INITIAL SYSTEM CONFIGURATION Introduction This chapter provides step-by-step instructions for the initial configuration of your Console Server and connecting it to your management or operational network. This involves the Administrator: Activating the Management Console Changing the Administrator password Setting the IP address for the Console Server’s principal LAN port Selecting the network services to be supported This chapter also discusses the communications software tools that the Administrator may use to access the Console Server.
Page 19: Browser Connection
o IP address: 192.168.0.100 o Subnet mask: 255.255.255.0 If you wish to retain your existing IP settings for this network connection, click Advanced and Add the above as a secondary IP connection. If it is not convenient to change your computer network address, you can use the ARP-Ping command to reset the Console Server IP address.
Page 20 You will be prompted to log in. Enter the default administration username and administration password: Username: root Password: default The above screen, which lists four initial installation configuration steps, will be displayed: Change the default administration password on the System/Administration page Configure the local network settings on the System/IP page Configure port settings and enable the Serial &...
Page 21: Initial B092-016 Connection
3.1.3 Initial B092-016 connection For the initial configuration of the B092-016 Console Server, you will need to connect a console (keyboard, mouse and display) or a KVM switch directly to its mouse, keyboard and VGA ports. When you initially power on the B092-016, you will be prompted on your directly connected video console to log in Enter the default administration username and password (Username: root Password: default).
Page 22: Network Ip Address
Select System: Administration Enter a new System Password then re-enter it in Confirm System Password. This is the new password for root, the main administrative user account, so it is important that you choose a complex password, and keep it safe You may now wish to enter a System Name and System Description for the Console Server to give it a unique ID and make it simple to identify Click Apply.
Page 23: Ipv6 Configuration
If you select DHCP, the Console Server will look for configuration details from a DHCP server on your management LAN. This selection automatically disables any static address. The Console Server MAC address can be found on a label on the base plate Note In its factory default state (with no Configuration Method selected) the Console Server has its DHCP client enabled, so it automatically accepts any network IP address assigned by a DHCP...
Page 24: System Services
You will then need to configure the IPv6 parameters on each interface page System Services The Administrator has a selection of access protocols that can be used to access the Console Server. The factory default enables HTTPS and SSH access to the Console Server and disables HTTP and Telnet. The User can also use the nominated services for limited access to the Console Server itself.
Page 25 Select System: Services. Then select /deselect the service to be enabled /disabled. The following access protocol options are available: HTTPS Ensures secure browser access to all the Management Console menus. It also allows appropriately configured Users secure browser access to selected Management Console Manage menus.
Page 26 There are also a number of related service options that can be configured at this stage: SNMP Enables netsnmp in the Console Server which will keep a remote log of all posted information. SNMP is disabled by default. To modify the default SNMP settings, the Administrator must make the edits at the command line as described in Chapter 15 –...
Page 27: Communications Software
This section provides an overview of the communications software tools that can be used on the remote computer. Tripp Lite recommends the SDT Connector software tool that is provided with the Console Server, however, generic tools such as PuTTY and SSHTerm may also be used.
Page 28: Sshterm
3.5.3 SSHTerm Another common communications package that may be useful is SSHTerm. This is an open source package that can be downloaded from To use PuTTY for an SSH terminal session from a Windows client, enter the Console Server’s IP address as the ‘Host Name (or IP address)’...
Page 29: Management Network Configuration (B096-048/016 Only)
Management Network Configuration (B096-048/016 only) The B096-048/016 Console Server Management Switches have a second Ethernet network port that can be configured as a management Console Server/LAN port or as a failover/OoB access port. 3.6.1 Configure Management Switch as a Management LAN gateway The Management Switch in the B096-048/016 Console Servers can be configured to provide a management LAN gateway.
Page 30 Management LAN as the Failover Interface when you configured the principal Network connection on the System: IP menu The B096-048/016 Console Server Management Switches also host a DHCP server which by default is set at disabled. The DHCP server enables the automatic distribution of IP addresses to hosts running DHCP clients on the Management LAN.
Page 31 IP address of the B096-048/016 will be used Enter the Primary DNS and Secondary DNS address to issue the DHCP clients. Again if this field is left blank, the IP address of the B096-048/016 is used, so leave this field blank for automatic DNS server assignment Optionally enter a Domain Name suffix to issue DHCP clients Enter the Default Lease time and Maximum Lease time in seconds.
Page 32: Configure Management Switch For Failover Or Broadband Oob
Configure Management Switch for Failover or Broadband OoB The Management Switch in the B096-048/016 Console Server can be configured to provide a failover option. In the event of a problem using the main LAN connection for accessing the Console Server, an alternate access path is used.
Page 33: Serial Port And Network Host
SERIAL PORT AND NETWORK HOST Introduction The Console Server enables access and control of serially-attached devices and network-attached devices (hosts). The Administrator must configure access privileges for each of these devices, and specify the services that can be used to control the devices. The Administrator can also set up new users and specify each user’s individual access and control privileges.
Page 34: Common Settings
When you have configured the common settings and the mode for each port, set up any remote syslog (Chapter 4.1.7), then click Apply If the Console Server has been configured with distributed Nagios monitoring enabled then you will also be presented with Nagios Settings options to enable nominated services on the Host to be monitored (refer to Chapter 10 –...
Page 35: Console Server Mode
4.1.2 Console Server Mode Select Console Server Mode to enable remote management access to the serial console that is attached to the serial port: Logging Level This specifies the level of information to be logged and monitored (refer to Chapter 7 - Alerts and Logging)
Page 36 Telnet Check to enable Telnet access to the serial port. When enabled, a Telnet client on a User or Administrator’s computer can connect to a serial device attached to this serial port on the Console Server. The default port address is IP Address _ Port (2000 + serial port #) i.e. 2001 – 2048 Telnet communications are unencrypted, so this protocol is generally recommended for local connections only.
Page 37 PuTTY can be downloaded at http://www.tucows.com/preview/195286.html It is recommended that the User or Administrator uses SSH as the protocol for connecting to serial consoles attached to the Console Server when communicating over the Internet or any other public network. This will provide an authenticated, encrypted connection between the SSH client program on the remote user’s computer and the Console Server.
Page 38 This syntax enables users to set up SSH tunnels to all serial ports with only a single IP port 22 having to be opened in their firewall/gateway. RAW TCP allows connections directly to a TCP socket. Communications programs such as PuTTY also support RAW TCP, however, this protocol would usually be used by a custom application.
Page 39: Sdt Mode
4.1.3 SDT Mode This setting allows port forwarding of LAN protocols such as RDP, VNC, HTPP, HTTPS, SSH and Telnet through to computers which are connected locally to the Console Server by their serial COM port. However such port forwarding requires a PPP link to be set up over this serial port. Refer to Chapter 6.6 - Using SDT Connector to Telnet or SSH connect to devices that are serially attached to the Console Server for configuration details 4.1.4...
Page 40: Serial Bridging Mode
The getty will then configure the port and wait for a connection to be made. An active connection on a serial device is usually indicated by the Data Carrier Detect (DCD) pin on the serial device being raised. When a connection is detected, the getty program issues a login: prompt, and then invokes the login program to handle the actual system login.
Page 41: Syslog
You may secure the communications over the local Ethernet by enabling SSH however you will need to generate and upload keys (refer to Chapter 14 – Advanced Configuration) 4.1.7 Syslog In addition to built-in logging and monitoring (which can be applied to serial-attached and network- attached management accesses, as covered in Chapter 7 - Alerts and Logging), the Console Server can also be configured to support the remote syslog protocol on a per serial port basis: Select the Syslog Facility/Priority fields to enable logging of traffic on the selected serial port to...
Page 42 Users can be authorized to access specified Console Server serial ports and specified network-attached hosts. These users can also be given full Administrator status (with full configuration and management and access privileges). To simplify user setup, they can be configured as members of Groups. There are two Groups set up by default (admin and user).
Page 43 Select Serial & Network: Users & Groups to display the configured Groups and Users Click Add Group to add a new Group Add a Group name and Description for each new Group, then nominate Accessible Hosts and Accessible Ports to specify the serial ports and hosts you wish any users in this new Group to be able to access Click Apply Select Serial &...
Page 44: Authentication
Add a Username and a confirmed Password for each new User. You may also include information related to the user (e.g. contact details) in the Description field Nominate Accessible Hosts and Accessible Ports to specify which serial ports and which LAN connected hosts you wish the user to have access to Specify which Group (or Groups) you wish the user to be a member of.
Page 45 Selecting Serial & Network: Network Hosts presents all the network connected Hosts that have been enabled for access, and the related access TCP ports/services Click Add Host to enable access to a new Host (or select Edit to update the settings for existing Host) Enter the IP Address or DNS Name of the new network connected Host (and optionally enter a Description)
Page 46: Trusted Networks
Trusted Networks The Trusted Networks facility gives you the option to nominate specific IP addresses that users (Administrators and Users) must be located at in order to have access to Console Server serial ports: Select Serial & Network: Trusted Networks To add a new trusted network, select Add Rule Select the Accessible Port(s) that the new rule is to be applied to Then enter the Network Address of the subnet to be permitted access...
Page 47: Serial Port Cascading
Network IP Address Subnet Mask If however you want to allow all the users operating from within a specific range of IP addresses (say any of the thirty addresses from 204.15.5.129 to 204.15.5.158) to be permitted connection to the nominated port: Host /Subnet Address Subnet Mask Click Apply...
Page 48: Manually Generate And Upload Ssh Keys
Now select whether to generate the keys using RSA and/or DSA (if unsure, select only RSA). Generating each set of keys will require approximately two minutes and the new keys will destroy any old keys of that type that may previously been uploaded. Also while the new generation is under way on the master, functions relying on SSH keys (e.g.
Page 49 Next, you must register the Public Key as an Authorized Key on the Slave. In the simple case with only one Master with multiple Slaves, you need only upload the one RSA or DSA public key for each Slave. Note The use of key pairs can be confusing because in many cases one file (Public Key) fulfills two roles –...
Page 50: Configure The Slaves And Their Serial Ports
4.6.3 Configure the Slaves and their serial ports You can now begin setting up the Slaves and configuring Slave serial ports from the Master Console Server: Select Serial & Network: Cascaded Ports on the Master’s Management Console To add clustering support select Add Slave Note You will be prevented from adding any Slaves until you have automatically or manually generated SSH keys:...
Page 51: Managing The Slaves
4.6.4 Managing the Slaves The Master is in control of the Slave serial ports. So, for example, if you change a User’s access privileges or edit any serial port setting on the Master, the updated configuration files will be sent out to each Slave in parallel.
Page 52: Failover And Out-Of-Band Access
Then remote Administrator’s must be configured to dial-in and must establish a network connection to the Console Server. Note The B096-048/016 Console Servers have an internal modem for dial-up OoB access. The B092- 016 Console Servers need an external modem to be attached via a serial cable to their DB9 port. 5.1.1...
Page 53 Select the System: Dial menu option and the port to be configured (Serial DB9 Port or Internal Modem Port) Note The Console Server’s console/modem serial port is set by default to 115200 baud, No parity, 8 data bits and 1 stop bit, with software (Xon-Xoff) flow control enabled. You can modify the baud rate and flow control using the Management Console.
Page 54: Using Sdt Connector Client For Dial-In
established. Again, you can select any address for the Local IP Address but both must be in the same network range as the Remote IP Address The Default Route option enables the dialed PPP connection to become the default route for the Console Server The Custom Modem Initialization option allows a custom AT string modem initialization string to be entered (e.g.
Page 55: Set Up Earlier Windows Clients For Dial-In
Select Connect to the Internet and click Next On the Getting Ready screen select Set Up My Connection Manually and click Next On the Internet Connection screen select Connect Using a Dial-Up Modem and click Next Enter a Connection Name (any name you choose) and the dial-up Phone Number that will connect thru to the Console Server modem Enter the PPP User Name and Password for have set up for the Console Server 5.1.4...
Page 56: Set Up Linux Clients For Dial-In
Do not set up the Console Server PPP link as the default for Internet connection OoB Broadband Access (B096-048/016 only) The B096-048/016 Console Server Management Switch has a second Ethernet network port that can be configured for alternate and OoB (out-of-band) broadband access. With two active broadband access paths to the Console Server, in the event you are unable to access through the primary management network, you may still have access through the alternate broadband path (e.g.
Page 57 Management LAN (eth1) as the Failover Interface to be used when a fault has been detected with main Network Interface (eth0) Specify the Probe Addresses of two sites (the Primary and Secondary) that the B096-048/016 is to ping to determine if Network (eth0) is still operational...
Page 58: Dial-Out Failover
Then configure Management LAN Interface (eth1) with the same IP setting that you used for the main Network Interface (eth0) to ensure transparent redundancy In this mode, Network 2 (eth1) is available as the transparent back-up port to Network 1 (eth0) for accessing the management network.
Page 60: Secure Tunneling And Sdt Connector
SECURE TUNNELING AND SDT CONNECTOR Introduction Each Console Server has an embedded SSH server and uses SSH tunneling. This enables one Console Server to securely manage all the systems and network devices in the data center, using text-based console tools (such as SSH, Telnet, SoL) or graphical desktop tools (VNC, RDP, HTTPS, HTTP, X11, VMware, DRAC, iLO etc).
Page 61: Configuring For Sdt Tunneling To Hosts
Using SDT Connector to Telnet or SSH connect to devices that are serially attached to the Console Server (Section 6.4) The chapter then covers more advanced SDT Connector and SDT tunneling topics: Using SDT Connector for out of band access (Section 6.5) Automatic importing and exporting of configurations (Section 6.6) Configuring Public Key Authentication (Section 6.7) Setting up a SDT Secure Tunnel for Remote Desktop (Section 6.8)
Page 62: Sdt Connector Client Installation
SDT Connector can connect to the Console Server using an alternate OoB access. It can also be configured to access the Console Server itself and to access devices connected to serial ports on the Console Server. 6.2.1 SDT Connector client installation The SDT Connector set up program (SDTConnector Setup-1.n.exe or sdtcon-1.n.tar.gz) is included on the CD supplied with your Console Server Run the set-up program:...
Page 63: Configuring A New Gateway In The Sdt Connector Client
To operate SDT Connector, add the new gateways to the client software by entering the access details for each Console Server (refer to Section 6.2.2). Then let the client auto-configure with all host and serial port connections from each Console Server (refer Section 6.2.3). Now point-and-click to connect to the Hosts and serial devices (refer to Section 6.2.4) Alternately you can manually add network connected hosts (refer Section 6.2.5) as well as manually configure new services to be used when accessing the Console Server and the hosts (refer Section 6.2.6).
Page 64: Auto-Configure Sdt Connector Client With The User's Access Privileges
Optionally, you can enter a Descriptive Name to display instead of the IP or DNS address, and any Notes or a Description of this gateway (such as its firmware version, site location or anything special about its network configuration). Click OK and an icon for the new gateway will now appear in the SDT Connector home page Note For an SDT Connector user to access a Console Server (and then access specific hosts or serial devices connected to that Console Server), that user must first be set up on the Console Server,...
Page 65: Make An Sdt Connection Through The Gateway To A Host
configure access to network-connected Hosts that the user is authorized to access and set up (for each of these Hosts) the services (e.g. HTTPS, IPMI2.0) and the related IP ports being redirected configure access to the Console Server itself (this is shown as a Local Services host) configure access with the enabled services for the serial port devices connected to the Console Server Note...
Page 66: Manually Adding Hosts To The Sdt Connector Gateway
However, there is a limit on the number of SDT Connector SSH tunnels that can be open at one time on a particular Gateway. The B096-016 / B096-048 Console Server Management Switch and B092-016 Console Server with PowerAlert each support at least 50 such concurrent connections.
Page 67: Manually Adding New Services To The New Hosts
6.2.6 Manually adding new services to the new hosts To extend the range of services that can be used when accessing hosts with SDT Connector: Select Edit: Preferences and click the Services tab. Click Add Enter a Service Name and click Add Under the General tab, enter the TCP Port that this service runs on (e.g.
Page 68 The second redirection is for the VNC service that the user may choose to launch later from the RAC web console. It automatically loads in a Java client served through the web browser, so it does not need a local client associated with it. On the Add Service screen, you can click Add as many times as needed to add multiple new port redirections and associated clients You may also specify Advanced port redirection options:...
Page 69: Adding A Client Program To Be Started For The New Service
6.2.7 Adding a client program to be started for the new service Clients are local applications that may be launched when a related service is clicked. To add to the pool of client programs: Select Edit: Preferences and click the Client tab. Click Add Enter a Name for the client.
Page 70: Dial- In Configuration
Also some clients are launched in a command line or terminal window. The Telnet client is an example of this: Click OK 6.2.8 Dial-in configuration If the client computer is dialing into Local/Console port on the Console Server, you will need to set up a dial-in PPP link: Configure the Console Server for dial-in access (following the steps in the Configuring for Dial-In PPP Access section in Chapter 5, Configuring Dial In Access)
Page 71 SDT Connector client software that is supplied with the gateway. However there is also a wide selection of commercial and free SSH client programs that are supported: PuTTY is a complete (though not very user-friendly:) freeware implementation of SSH for Win32 and UNIX platforms SSHTerm is a useful open source SSH communications package...
Page 72 specified when setting up the SDT Hosts on the Console Server was accounts.myco.intranet.com, then specify the Destination as accounts.myco.intranet.com:3389 If your destination computer is serially connected to the Console Server, set the Destination as <port label>:3389. For example, if the Label you specified on the SDT enabled serial port on the Console Server is win2k3, then specify the remote host as win2k3:3389.
Page 73 Select Local and click the Add button Click Open to SSH connect the Client computer to the Console Server. You will now be prompted for the Username/Password for the Console Server User you SDT enabled Note You can also secure the SDT communications from local and enterprise VPN-connected Client computers using SSH as above.
Page 74 Note How secure is VNC? VNC access generally allows access to your whole computer, so security is very important. VNC uses a random challenge-response system to provide the basic authentication that allows you to connect to a VNC server. This is reasonably secure and the password is not sent over the network.
Page 75: Sdt Connector To Management Console
SDT Connector to Management Console SDT Connector can also be configured for browser access to the gateway’s Management Console – and for Telnet or SSH access to the gateway command line. For these connections to the gateway itself, you must configure SDT Connector to access the gateway (itself) by setting the Console Server up as a host, and then configuring the appropriate services: Launch SDT Connector on your computer.
Page 76: Sdt Connector - Telnet Or Ssh Connect To Serially Attached Devices
SDT Connector - Telnet or SSH connect to serially attached devices SDT Connector can also be used to access text consoles on devices that are attached to the Console Server’s serial ports. For these connections, you must configure the SDT Connector client software with a Service that will access the target gateway serial port, and then set the gateway up as a host: Launch SDT Connector on your computer.
Page 77: Using Sdt Connector For Out-Of-Band Connection To The Gateway
Click Add then scroll to the bottom and click Apply Administrators by default have gateway and serial port access privileges; however for Users to access the gateway and the serial port, you will need to give those Users the required access privileges.
Page 78 cmd /c start "Starting Out of Band Connection" /wait /min rasdial network_connection login password The network_connection in the above is the name of the network connection as displayed in Control Panel -> Network Connections. Login is the dial-in username, and password is the dial-in password for the connection.
Page 79: Importing (And Exporting) Preferences
Importing (and exporting) preferences To enable the distribution of pre-configured client config files, SDT Connector has an Export/Import facility: To save a configuration .xml file (for backup or for importing into other SDT Connector clients), select File -> Export Preferences and select the location to save the configuration file To import a configuration, select File ->...
Page 80: Setting Up Sdt For Remote Desktop Access
SSH client that SDT Connector launches (e.g. Putty, OpenSSH) and the host's SSH server for public key authentication. Essentially, what you are using is SSH over SSH, and the two SSH connections are entirely separate. Setting up SDT for Remote Desktop Access Microsoft’s Remote Desktop Protocol (RDP) enables the system manager securely to access and manage remote Windows computers: to reconfigure applications and user profiles, upgrade the server’s operating system, reboot the machine, etc.
Page 81: Configure The Remote Desktop Connection Client
To set the user(s) who can remotely access the system with RDP, click Add on the Remote Desktop Users dialog box Note If you need to set up new users for Remote Desktop access, open User Accounts in the Control Panel and proceed through the steps to nominate the new user’s name, password and account type (Administrator or Limited) Note...
Page 82 In Computer, enter the appropriate IP Address and Port Number: Where there is a direct local or enterprise VPN connection, enter the IP Address of the Console Server, and the Port Number of the SDT Secure Tunnel for the Console Server’s serial port (the one that is attached to the Windows computer to be controlled).
Page 83 Note The Remote Desktop Connection software is pre-installed on Windows XP. However, for earlier Windows computers, you will need to download the RDP client: Go to the Microsoft Download Center site http://www.microsoft.com/downloads/details.aspx?familyid=80111F21-D48D-426E-96C2- 08AA2BD23A49&displaylang=en and click the Download button This software package will install the client portion of Remote Desktop on Windows 95, Windows 98 and 98 Second Edition, Windows Me, Windows NT 4.0, Windows 2000, and Windows 2003.
Page 84 Note The rdesktop client is supplied with Red Hat 9.0: rpm -ivh rdesktop-1.2.0-1.i386.rpm For Red Hat 8.0 or other distributions of Linux; download source, untar, configure, make, make then install. rdesktop currently runs on most UNIX based platforms with the X Window System and can be downloaded from http://www.rdesktop.org/ C.
Page 85: Sdt Shh Tunnel For Vnc
SDT SHH Tunnel for VNC Alternately, with SDT and Virtual Network Computing (VNC), Users and Administrators can securely access and control Windows 98/NT/2000/XP/2003, Linux, Macintosh, Solaris and UNIX computers. There’s a range of popular VNC software available (UltraVNC, RealVNC, TightVNC) freely and commercially.
Page 86: Install, Configure And Connect The Vnc Viewer
To set up a persistent VNC server on Red Hat Enterprise Linux 4: o Set a password using vncpasswd o Edit /etc/sysconfig/vncservers o Enable the service with chkconfig vncserver on o Start the service with service vncserver start o Edit /home/username/.vnc/xstartup if you want a more advanced session than just twm and an xterm C.
Page 87 A. When the Viewer computer is connected to the Console Server through an SSH tunnel (over the public Internet, or a dial-in connection, or private network connection), enter localhost (or 127.0.0.1) as the IP VNC Server IP address and the source port you entered when setting SSH tunneling/port forwarding (in Section 6.2.6) e.g.
Page 88: Using Sdt To Ip Connect To Hosts That Are Serially Attached To The Gateway
Note For general background reading on Remote Desktop and VNC access, we recommend the following: The Microsoft Remote Desktop How-To http://www.microsoft.com/windowsxp/using/mobility/getstarted/remoteintro.mspx The Illustrated Network Remote Desktop help page http://theillustratednetwork.mvps.org/RemoteDesktop/RemoteDesktopSetupandTroubleshooting.ht What is Remote Desktop in Windows XP and Windows Server 2003? by Daniel Petri http://www.petri.co.il/what's_remote_desktop.htm Frequently Asked Questions about Remote Desktop http://www.microsoft.com/windowsxp/using/mobility/rdfaq.mspx...
Page 89 Windows 2003 and Windows XP Professional allow you to create a simple dial-in service which can be used for the Remote Desktop/VNC/HTTP/X connection to the Console Server: Open Network Connections in Control Panel and click the New Connection Wizard Select Set up an advanced connection and click Next On the Advanced Connection Options screen, select Accept Incoming Connections and click Next Select the Connection Device (i.e.
Page 90 Specify which Users will be allowed to use this connection. This should be the same Users who were given Remote Desktop access privileges in the earlier step. Click Next On the Network Connection screen, select TCP/IP and click Properties Select Specify TCP/IP addresses on the Incoming TCP/IP Properties screen. Nominate a From: and a To: TCP/IP address and click Next Note You can choose any TCP/IP addresses as long as they are addresses which are not used...
Page 91: Set Up Sdt Serial Ports On Console Server
Note The above notes describe setting up an incoming connection for Windows XP. The steps are the same for Windows 2003, except that the setup screens present slightly differently: Put a check in the box for Always allow directly connected devices such as palmtop….. Also, the option to Set up an advanced connection is not available in Windows 2003 if RRAS is configured.
Page 92: Set Up Sdt Connector To Ssh Port Forward Over The Console Server Serial Port
On the SDT Settings menu, select SDT Mode (which will enable port forwarding and SSH tunneling) and enter a Username and User Password. Note When you enable SDT, this will override all other Configuration protocols on that port Note If you leave the Username and User Password fields blank, they default to portXX and portXX where XX is the serial port number.
Page 93: Alerts And Logging
ALERTS AND LOGGING Introduction This chapter describes the alert generation and logging features of the Console Server. The alert facility monitors the serial ports, all logins, the power status and environmental monitors and probes. It sends emails, SMS, Nagios or SNMP alerts when specified trigger events occurs. First, enable and configure the service that will be used to carry the alert (Section 7.1) Then specify the alert trigger condition and the actual destination to which that particular alert is to be sent (Section 7.2)
Page 94: Sms Alerts
In the SMTP Server field, enter the IP address of the outgoing mail Server You may enter a Sender email address which will appear as the “from” address in all email notifications sent from this Console Server. Many SMTP servers check the sender’s email address with the host domain name to verify the address as authentic.
Page 95: Snmp Alerts
In the SMTP SMS Server field in the Alerts & Logging: SMTP &SMS menu, enter the IP address of the outgoing mail Server You may enter a Sender email address which will appear as the “from” address in all email notifications sent from this Console Server.
Page 96: Nagios Alerts
Note The Console Servers have an snmptrap daemon to send traps/notifications to remote SNMP servers on defined trigger events, as detailed above. The Console Servers also embed the net- snmpd daemon which accept SNMP requests from remote SNMP management servers and provides information on network interface, running processes, disk usage, etc.
Page 97: Add A New Alert
Select Alerts & Logging: Alerts which will display all the alerts currently configured. Click Add Alert 7.2.1 Add a new alert The first step is to specify the alert service that will be used to send notification for this event, who to notify, and what port/host/device is to be monitored: At Add a New Alert.
Page 98: Select General Alert Type
Activate Nagios notification if it is to be used for this event. In an SDT Nagios centrally managed environment, you can check the Nagios alert option. On the trigger condition (for matched patterns, logins, power events and signal changes), an NSCA check "warning" result will be sent to the central Nagios server.
Page 99: Configuring Environment And Power Alert Type
Serial Port Pattern Match Alert – This alert will be triggered if a regular expression is found in the serial ports character stream that matches the regular expression you enter in the Pattern field. This alert type will only be applied serial ports UPS Power Status Alert - This alert will be triggered when the UPS power status changes between On Line, On Battery, and Low Battery.
Page 100: Remote Log Storage
If you have selected Applicable Alarm Sensor(s) that are to be monitored for this alert event, then you can also set time windows when these sensors will not be monitored (e.g. for a door-open sensor, you may not wish to activate the sensor alert monitoring during the working day) Click Apply Remote Log Storage Before activating Serial or Network Port Logging on any port or UPS logging, you must specify where...
Page 101: Serial Port Logging
Serial Port Logging In Console Server mode, activity logs of all serial port activity can be maintained. These records are stored on an off-server, or in the Console Server flash memory. Specify which serial ports are to have activities recorded and to what level data is to be logged: Select Serial &...
Page 102: Network Tcp Or Udp Port Logging
Network TCP or UDP Port Logging The Console Servers can also log any access to and communications with network attached Hosts. For each Host, when you set up the Permitted Services which are authorized to be used, you also must set up the level of logging that is to be maintained for each service Specify the logging level that is to be maintained for that particular TDC/UDP port/service on that particular Host: Level 0...
Page 103: Power & Environmental Management
POWER & ENVIRONMENTAL MANAGEMENT Introduction The B092-016 Console Server and B096-048/016 Console Server Management Switch products embed software that can be used to manage connected Power Distribution Systems (PDU’s), IPMI devices and Uninterruptible Power Supplies (UPS’s) supplied by a number of vendors, and some the environmental monitoring devices.
Page 104 Click Add RPC Enter a RPC Name and Description for the RPC In Connected Via, select the pre-configured serial port or the network host address that connects to the RPC Select any specific labels you wish to apply to specific RPC Outlets (e.g. the PDU may have 20 outlets connected to 20 powered devices you may wish to identify by name) Enter the Username and Password used to login into the RPC.
Page 105: Rpc Alerts
system is unresponsive. To set up IPMI power control, the Administrator first enters the IP address/domain name of the BMC or service processor (e.g. a Dell DRAC) in Serial & Network: Network Hosts. Then in Serial & Network: RPC Connections, the Administrator specifies the RPC Type to be IPMI1.5 or 2.0 8.1.2 RPC alerts...
Page 106: Uninterruptible Power Supply Control (Ups)
The outlet status is displayed. You can initiate the desired Action to be taken by selecting the appropriate icon: Power ON Power OFF Power Cycle Power Status You will only be presented with icons for those operations that are supported by the Target you have selected Uninterruptible Power Supply Control (UPS) The Console Servers manage UPS hardware using Network UPS Tools (refer Section 8.2.6 for an...
Page 107 Select UPS as the Device Type in the Serial & Network: Serial Port menu for each port which has Master control over a UPS and in the Serial & Network: Network Hosts menu for each network connected UPS (refer to Chapter 4) No such configuration is required for USB-connected UPS hardware.
Page 108 Enter a UPS Name and Description (optional) and identify if the UPS will be Connected Via USB or over pre-configured serial port or via HTTP/HTTPS over the preconfigured network Host connection Enter the UPS login details. This Username and Password is used by Slaves of this UPS (i.e. other computers that are drawing power through this UPS) to connect to the Console Server for monitoring of the UPS status and shutdown when battery power is low.
Page 109: Configure Ups Powering The Console Server
Check Log Status and specify the Log Rate (i.e. minutes between samples) if you wish the status from this UPS to be logged. These logs can be views from the Status: UPS Status screen Check Enable Nagios to enable this UPS to be monitored using Nagios central management Click Apply You can also customize the upsmon, upsd and upsc settings for this UPS hardware directly from the command line...
Page 110: Configuring Powered Computers To Monitor A Managed Ups
8.2.3 Configuring powered computers to monitor a Managed UPS Once you have added a Managed UPS, each server that is drawing power through the UPS should be setup to monitor the UPS status as a Slave. This is done by installing the NUT package on each server, and setting up upsmon to connect to the Console Server.
Page 111: Ups Alerts
- password is the Password of the Manager UPS 8.2.4 UPS alerts You can now set UPS alerts using Alerts & Logging: Alerts (refer to Chapter 7) 8.2.5 UPS status You can monitor the current status of all your Managed or Monitored UPS’s, whether they are on the network or connected serially or via USB: Select the Status: UPS Status menu and a table with the summary status of all connected UPS hardware will be displayed...
Page 112 NUT can be configured using the Management Console as described above, or you can configure the tools and manage the UPS’s directly from the command line. This section provides an overview of NUT. You can find full documentation at http://www.networkupstools.org/doc. NUT is built on a networked model with a layered scheme of drivers, server and clients.
Page 113: Environmental Monitoring
So NUT supports the more complex power architectures found in data centers, computer rooms and NOCs where many UPS’s from many vendors power many systems with many clients and each of the larger UPS’s power multiple devices and many of these devices are themselves dual powered. Environmental Monitoring The Environmental Monitoring Device (EMD), model B090-EMD, can be connected to any Console Server serial port and each Console Server can support multiple EMD’s.
Page 114: Connecting The Emd
8.3.1 Connecting the EMD The Environmental Monitoring Sensor (EMD) connects to any serial port on the Console Server via a special EMD Adapter and standard CAT5 cable. The EMD is powered over this serial connection and communicates using a custom handshake protocol. It is not an RS232 device and should not be connected without the adapter: The EMD can be used only with a Console Server and cannot be connected to standard RS232 serial ports on other appliances.
Page 115: Environmental Alerts
Click Add Enter a Name and Description for the EMD and select pre-configured serial port that the EMD will be Connected Via Provide Labels for each of the two alarms Check Log Status and specify the Log Rate (minutes between samples) if you wish the status from this EMD to be logged.
Page 116 Select the Status: Environmental Status menu and a table with the summary status of all connected EMD hardware will be displayed Click on View Log or select the Environmental Logs menu and you will be presented with a table and graphical plot of the log history of the select EMD...
Page 117: Authentication Configuration
AUTHENTICATION Introduction The Tripp Lite Console Server is a dedicated Linux computer, and it embodies popular and proven Linux software modules for secure network access (OpenSSH) and communications (OpenSSL) and sophisticated user authentication (PAM, RADIUS, TACACS+ and LDAP). This chapter details how the Administrator can use the Management Console to establish...
Page 118: Local Authentication
Local TACACS /RADIUS/LDAP: Tries local authentication first, falling back to remote if local fails TACACS /RADIUS/LDAP Local: Tries remote authentication first, falling back to local if remote fails TACACS /RADIUS/LDAP Down Local: Tries remote authentication first, falling back to local if the remote authentication returns an error condition (e.g.
Page 119: Radius Authentication
administrative control over the authentication and authorization processes. TACACS+ allows for a single access control server (the TACACS+ daemon) to provide authentication, authorization, and accounting services independently. Each service can be tied into its own database to take advantage of other services available on that server or on the network, depending on the capabilities of the daemon.
Page 120: Ldap Authentication
login, and other authentication mechanisms. Further information on configuring remote RADIUS servers can be found at the following sites: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/d4fe8248-eecd- 49e4-88f6-9e304f97fefc.mspx http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800945cc.shtml http://www.freeradius.org/ 9.1.4 LDAP authentication Perform the following procedure to configure the LDAP authentication method to be used whenever the Console Server or any of its serial ports or hosts is accessed: Select Serial and Network: Authentication and check LDAP or LocalLDAP or LDAPLocal or LDAPDownLocal...
Page 121: Radius/Tacacs User Configuration
LDAP The Lightweight Directory Access Protocol (LDAP) is based on the X.500 standard, but is significantly simpler and more readily adapted to meet custom needs. The core LDAP specifications are all defined in RFCs. LDAP is a protocol used to access information stored in an LDAP server.
Page 122: Pam (Pluggable Authentication Modules)
PAM (Pluggable Authentication Modules) The Console Server supports RADIUS, TACACS+ and LDAP for two-factor authentication via PAM (Pluggable Authentication Modules). PAM is a flexible mechanism for authenticating Users. Nowadays, a number of new ways of authenticating users have become popular. The challenge is that each time a new authentication scheme is developed, it requires all the necessary programs (login, ftpd, etc.) to be rewritten to support it.
Page 123: Secure Management Console Access
port2 = 192.168.254.145/port05 global = cleartext mit RADIUS Example: paul Cleartext-Password := "luap" Service-Type = Framed-User, Fall-Through = No, Framed-Filter-Id=":group_name=admin" The list of groups may include any number of entries separated by a comma. If the admin group is included, the user will be made an Administrator. If there is already a Framed-Filter-Id, simply add the list of group_names after the existing entries, including the separating colon ":".
Page 124 When you first enable and connect via HTTPS, it is normal that you may receive a certificate warning. The default SSL certificate in your Console Server is embedded during testing and is not signed by a recognized third party certificate authority. Rather, it is signed by our own signing authority. These warnings do not affect the encryption protection you have against eavesdroppers.
Page 125: Nagios Integration
Nagios software package will typically be installed on a server or virtual server, the central Nagios server. Tripp Lite Console Servers can operate in conjunction with a central/upstream Nagios server to provide distributing monitoring of attached network hosts and serial devices. The Console Servers can embed the NSCA (Nagios Service Checks Acceptor) and NRPE (Nagios Remote Plug-in Executor) add-ons.
Page 126: Central Management
Typically a client PC, laptop, etc. running Windows, Linux or Mac OS X Runs Tripp Lite SDT Connector client software 1.5.0 or later Connect to the central Nagios server web UI to view status of monitored hosts and serial devices...
Page 127: Set Up Distributed Console Servers
Enter the IP address that the clients running SDT Connector will use to connect through the distributed Console Servers in SDT Gateway address Check Prefer NRPE, NRPE Enabled and NRPE Command Arguments _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 127...
Page 128 Check Telnet (SSH access is not required, as SDT Connector is used to secure the otherwise unsecured Telnet connection) Scroll down to Nagios Settings and check Enable Nagios Check Port Log and Serial Status _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 128...
Page 129: Configuring Nagios Distributed Monitoring
Lastly the central/upstream Nagios monitoring host must be configured 10.3.1 Enable Nagios on the Console Server Select System: Nagios on the Console Server Management Console and tick the Nagios service Enabled _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 129...
Page 130 When NRPE and NSCA are both enabled, NSCA is preferred method for communicating with the upstream Nagios server – check Prefer NRPE to use NRPE whenever possible (i.e. for all communication except for alerts) _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 130...
Page 131: Enable Nrpe Monitoring
By default, the Console Server will accept a connection between the upstream Nagios monitoring server and the NRPE server with SSL encryption, without SSL, or tunneled through SSH. The security for the connection is configured at the Nagios server. _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 131...
Page 132: Enable Nsca Monitoring
Hosts that are network connected to the Console Server. To enable Nagios to monitor a device connected to the Console Server serial port: Select Serial & Network: Serial Port and click Edit on the serial Port # to be monitored _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 132...
Page 133: Configure Selected Network Hosts For Nagios Monitoring
Select Check Permitted TCP/UDP to monitor a service that you have previously added as a Permitted Service Select Check TCP/UDP to specify a service port that you wish to monitor, but do not wish to allow external (SDT Connector) access Select Check TCP to monitor _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 133...
Page 134: Configure The Upstream Nagios Monitoring Host
If NRPE is enabled, then the upstream server will be able to request status updates under its own scheduling. _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 134...
Page 135: Advanced Distributed Monitoring Configuration
$USER1$/check_nrpe -H 192.168.254.147 -p 5666 define service { service_description NRPE Daemon host_name tripplite generic-service check_command ; Serial Status define command { command_name check_serial_status command_line $USER1$/check_nrpe -H 192.168.254.147 -p 5666 -c check_serial_$HOSTNAME$ define service { _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual check_nrpe_daemon Page 135...
Page 136 Port Log host_name server generic-service check_command define service { service_description port-log-server host_name server generic-service check_command active_checks_enabled 0 passive_checks_enabled define servicedependency{ name _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual check_serial_status check_serial_status tripplite_nrpe_daemon_dep tripplite server NRPE Daemon w,u,c check_port_log check_port_log tripplite_nrpe_daemon_dep Page 136...
Page 137 ; SSH Port define command{ command_name check_conn_via_tripplite command_line $USER1$/check_nrpe -H 192.168.254.147 -p 5666 -c host_$HOSTNAME$_$ARG1$_$ARG2$ define service { service_description SSH Port host_name server _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual tripplite server NRPE Daemon w,u,c check_ping_via_tripplite check_ping_via_tripplite tripplite_nrpe_daemon_dep tripplite server NRPE Daemon...
Page 138: Basic Nagios Plug-Ins
10.4.3 Additional plug-ins Additional Nagios plug-ins (listed below) are available for all the Tripp Lite Console Servers: _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual...
Page 139 Network Host to be monitored, and select New Checks. The additional check option will have been included in the updated Nagios Checks list. You can again customize the arguments _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual check_nt check_snmp check_ntp...
Page 140: System Management
Pushing the Erase button on the rear panel twice. A ball point pen or bent paper clip is a suitable tool for performing this procedure. Do not use a graphite pencil. Depress the button gently twice (within a 5 second period) while the unit is powered ON. _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 140...
Page 141: Upgrade Firmware
Save this downloaded firmware image file on to a system on the same subnet as the Console Server Also download and read the release_notes.txt for the latest information To then upload the firmware image file to your Console Server, select System: Firmware _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 141...
Page 142: Configure Date And Time
Enter the IP address of the remote NTP Server and click Apply Specify your local time zone so the system clock can show local time (and not UTP): Set your appropriate region/locality in the Time Zone selection box and click Apply _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 142...
Page 143: Status Reports
The Administrator can also see the current status to identify which Users have an active session on each port: Select the Status: Active Users 12.2 Statistics The Statistics report provides a snapshot of the data traffic and other activities and operations of your Console Server _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 143...
Page 144: Support Reports
12.3 Support Reports The Support Report provides useful status information that will assist the Tripp Lite technical support team to resolve any issues you may experience with your Console Server. If you do experience an issue and have to contact Support, ensure you include the Support Report with your email support request.
Page 145 Specify the Match Pattern that is to be searched for (e.g. the search for Mount is shown below) and click Apply. The Syslog will then be represented with only those entries that actually include the specified pattern _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 145...
Page 146: Management
Chapter 8. 13.2 Port & Host Management Administrator and Users can view logs of data transfers to connected devices. Select Manage: Port Logs and the serial Port # to be displayed _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 146...
Page 147: Power Management
Administrator and Users can communicate directly with the Console Server command line and with devices attached to the Console Server serial ports using SDT Connector and their local Telnet client, or using a java terminal in their browser Select Manage: Terminal _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 147...
Page 148 Select Manage: Terminal. The jcterm java applet is downloaded from the Console Server to your browser and the virtual terminal will be displayed Select File -> Open SHELL Session from the jcterm menu to access the command line using SSH _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 148...
Page 149: Remote Console Access (B092-016 Only)
Click Standard VNC Remote control and a VNC Java applet will be loaded into your browser to connect to the B092-016 Console Server. Then log in to the VNC applet and the Console Server (refer to Chapter 16.3 for more details) _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 149...
Page 150 _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 150...
Page 151: Basic Configuration - Linux Commands
However, doing this will not always guarantee these changes are permanent. This chapter is not intended to teach you Linux. We assume you already have a certain level of understanding before you execute Linux kernel-level commands. _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 151...
Page 152: The Linux Command Line
'config.version'. The config tool is designed to perform multiple actions from one command if needed, so if necessary, options can be chained together. _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 152...
Page 153 -S --separator=char The pattern to separate fields with, default is '.'. The registered configurators are: alerts auth cascade console dhcp dialin eventlog hosts ipaccess _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual ipconfig nagios power serialconfig services Slave systemsettings time users Page 153...
Page 154: Administration Configuration
You can configure the system remote authentication with the following settings: Remote Authentication Method Server IP Address Server Password LDAP Base Node By issuing the following commands: # /bin/config –-set=config.auth.type=LDAP _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual og.mydomain.com secret 192.168.0.124 og@mydomain.com LDAP 192.168.0.32 Secret...
Page 155: Date And Time Configuration
To enable NTP using a server at pool.ntp.org, issue the following commands: # /bin/config –-set=config.ntp.enabled=on # /bin/config –-set=config.ntp.server=pool.ntp.org The following command will synchronize the live system with the new configuration. # /bin/config –-run=time _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Format is MMDDhhmm[[CC]YY][.ss] Page 155...
Page 156: Network Configuration
Please note that supported interface modes are 'dhcp' and 'static'. Static To set static configuration on the primary Network interface with the following attributes: IP Address: Network Mask: Default Gateway: _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual 192.168.1.100 255.255.255.0 192.168.1.1 Page 156...
Page 157: Dial-In Configuration
You would need to issue the following commands from the command line to set system configuration: # /bin/config –-set=config.console.ppp.localip=172.24.1.1 # /bin/config –-set=config.console.ppp.remoteip=172.24.1.2 # /bin/config –-set=config.console.ppp.auth=MSCHAPv2 # /bin/config –-set=config.console.ppp.enabled=on # /bin/config –-set=config.console.speed=115200 _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual 192.168.1.100 192.168.1.254 10.1.0.254 172.24.1.1 172.24.1.2 MSCHAPv2 115200...
Page 158: Services Configuration
You would need to issue the following commands from the command line to set system configuration: # /bin/config –-set=config.services.http.enabled=on # /bin/config –-del=config.services.https.enabled # /bin/config –-del=config.services.Telnet.enabled # /bin/config –-set=config.services.ssh.enabled=on # /bin/config –-del=config.services.snmp.enabled _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Enabled Disabled Disabled Enabled Disabled Disabled Page 158...
Page 159: Serial Port Configuration
‘1200’, ‘1800’, ‘2400’, ‘4800’, ‘9600’, '19200', '38400', '57600', '115200', and '230400'. Supported parity values are 'None', 'Odd', 'Even', 'Mark' and 'Space'. Supported data-bits values are '8', '7', '6' and '5'. Supported stop-bits values are '1', '1.5' and '2'. _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual 115200 None Software Page 159...
Page 160: Supported Protocol Configuration
Determine the total number of existing Users. If you have no existing Users, you can assume this is 0. # /bin/config –-get=config.users.total This command should display: config.users.total 1 Note that if you see: config.users.total This means you have 0 Users configured. _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Disabled Enabled Disabled Page 160...
Page 161: Trusted Networks
If you want to restrict access to serial port 5 to computers from a single C class network 192.168.5.0, you need to issue the following commands (assuming you have a previous rule in place): # /bin/config –-set=config.portaccess.rule2.address=192.168.5.0 _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 161...
Page 162: Event Logging Configuration
The following command will synchronize the live system with the new configuration. # /bin/config –-run=eventlog Note that supported remote storage server types are 'None', 'cifs', 'nfs' and 'syslog'. Supported port logging levels are '0', '1' and '2'. _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual 192.168.0.254 C:\\tripplite\logs\ cifs_user secret 2 (input/output logging as well as user connections &...
Page 163: Alert Configuration
To setup the list of TCP ports for a host, you use the config command: # config -s config.sdt.hosts.host3.tcpports.tcport1 = 23 # config -s config.sdt.hosts.host3.tcpports.tcport2 = 5900 _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual alert1@domain.org when the regular expression Page 163...
Page 164 The above assumes the config below: # vi /etc/config/config.xml ~ </users> </host1> <total>3</total> <host2> <address>accounts.intranet.myco.com</address> <description>Accounts server</description> <users> <total>1</total> <user1>John</user1> </users> </host2> <host3> <address>192.168.254.191</address> <description>Tonys Win2000 Box</description> <users> <total>1</total> <user1>John</user1> </users> <tcpports><tcpport1>23</tcpport1></tcpports> </host3> </hosts> </sdt> </config> _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 164...
Page 165: Configuration Backup And Restore
SSH keys is either stopped or completed before restoring configuration. If this is not done, then a mix of old and new keys may be put in place. _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 165...
Page 166: General Linux Command Usage
(has lots of unix shell commands and tools) chat dhcpcd hwclock iproute iptables netcat ifconfig mii-tool netstat _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual and source code will provided for any of the components of the http://www.ece.ucdavis.edu/ucd-snmp/ Page 166...
Page 167 More details on the above Linux commands can found online at: http://en.tldp.org/HOWTO/HOWTO-INDEX/howtos.html http://www.faqs.org/docs/Linux-HOWTO/Remote-Serial-Console-HOWTO.html http://www.stokely.com/unix.serial.port.resources/serial.switch.html _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 167...
Page 168: Advanced Configuration
IP Filtering rules modifying SNMP with net-snmpd public key authenticated SSH communications SSL, configuring HTTPS and issuing certificates using the pmpower application and powerman for power device management using IPMI tools _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 168...
Page 169: Advanced Portmanager
Set RTS to 1 run the command: # pmshell --rts=1 Show all signa # pmshell –signals DSR=1 DTR=1 CTS=1 RTS=1 DCD=0 Read a line of text from the serial port: # pmshell –getline _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 169...
Page 170 Port 8: user2 The above output indicates that a user named “user1” is actively connected to ports 1 and 2, while “user2” is connected to both ports 1 and 8. _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 170...
Page 171: External Scripts And Alerts
If the script cannot be executed, then portmanager will execute /etc/config/scripts/portXX.chat via the chat command on the serial port. When an alert occurs on a port: _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 171...
Page 172 </etc/config/pmshell-start.sh> #!/bin/sh PORT="$1" USER="$2" LABEL=$(config -g config.ports.port$PORT.label | cut -f2- -d' ') if [ "$USER" == "root" ]; then echo "Permission denied for Super User" exit 1 _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 172...
Page 173: Raw Access To Serial Ports
UUCP locking (so you can use the same device for dial-in and dial-out). mgetty provides very extensive logging facilities. All standard mgetty options are supported. Modem initialization strings _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 173...
Page 174: Ip- Filtering
Rules are added which explicitly allow network traffic to access enabled services e.g. HTTP, SNMP etc. e) Rules are added which explicitly allow traffic network traffic access to serial ports over enabled protocols e.g. Telnet, SSH and raw TCP. _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 174...
Page 175 # Explicitly accept any connections from computers on # 192.168.10.0/24 iptables –-append INPUT –-source 192.168.10.0/24 –-jump ACCEPT Good documentation about using the iptables command can be found at the linux netfilter website http://netfilter.org/documentation/index.html _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 175...
Page 176: Modifying Snmp Configuration
Not defined (edit /etc/default/snmpd.conf) syslocation Not defined (edit /etc/default/snmpd.conf) Simply change the values of sysdescr, syscontact, sysname and syslocation to the desired settings and restart snmpd. _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual responds to SNMP queries for management Snmpd, when Page 176...
Page 177 --set config.system.snmp.version2=1 or config --set config.system.snmp.version2=2c or config --set config.system.snmp.version2=3 To set the Community field (SNMP version 1 and 2c only) config --set config.system.snmp.community2=yourcommunityname .. replacing yourcommunityname with the community name _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 177...
Page 178: Secure Shell (Ssh) Public Key Authentication
Secure Shell (SSH) is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over unsecure channels. _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 178...
Page 179: Generating Public Keys (Linux)
It is advisable to create a new directory to store your generated keys. It is also possible to name the files after the device they will be used for. For example: $ mkdir keys $ ssh-keygen -t rsa _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual http://www.openssh.com/ The only Page 179...
Page 180: Installing The Ssh Public/Private Keys (Clustering)
Fingerprinting as described below. Installing SSH Public Key Authentication (Linux) Alternately, the public key can be installed on the unit remotely from the Linux host with the scp utility as follows: _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 180...
Page 181 $ ls /home/user/keys control_room control_room.pub plant_entrance plant_entrance.pub $ cat /home/user/keys/control_room.pub /home/user/keys/plant_entrance.pub > /home/user/keys/authorized_keys_bridge_server _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 181...
Page 182: Generating Public/Private Keys For Ssh (Windows)
"testuser") making sure it is a member of the "users" group. If you do not already have a public/private key pair you can generate them now using ssh- keygen, PuTTYgen or a similar tool: PuTTYgen: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 182...
Page 183 Follow the instruction to move the mouse over the blank area of the program in order to create random data used by PUTTYGEN to generate secure keys. Key generation will occur once PUTTYGEN has collected sufficient random data _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 183...
Page 184: Fingerprinting
~/.ssh/known_hosts. To receive the fingerprint from the remote server, log in to the client as the required user (usually root) and establish a connection to the remote host: # ssh remhost _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 184...
Page 185: Ssh Tunneled Serial Bridging
If it has not changed, this indicates a serious problem that should be investigated immediately. SSH tunneled serial bridging You have the option to apply SSH tunneling when two Console Servers are configured for serial bridging. _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 185...
Page 186 It is possible to generate only one set of keys, and reuse them for every SSH session. While this is not recommended, each organization will need to balance the security of separate keys against the additional administration they bring. _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 186...
Page 187 $ mkdir keys $ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): /home/user/keys/control_room Enter passphrase (empty for no passphrase): Enter same passphrase again: _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 187...
Page 188: Sdt Connector Public Key Authentication
SDT Connector Public Key Authentication SDT Connector can authenticate against a Console Server using your SSH key pair rather than requiring your to enter your password (i.e. public key authentication). _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 188...
Page 189: Secure Sockets Layer (Ssl) Support
In the Console Server, OpenSSL is used primarily in conjunction with ‘http’ in order to have secure browser access to the GUI management console across insecure networks. More documentation on OpenSSL is available from: _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 189...
Page 190: Https
To create a 1024 bit RSA key and a self-signed certificate, send the following openssl command from the host you have openssl installed on: openssl req -x509 -nodes -days 1000 \ -newkey rsa:1024 -keyout ssl_key.pem -out ssl_cert.pem _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual http://www.rickk.com/sslwrap/ Page 190...
Page 191 Alternatively, inetd can be configured to launch the secure fnord server from the command line of the unit as follows. Edit the inetd configuration file. From the unit command line: vi /etc/config/inetd.conf Append a line: _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 191...
Page 192: Power Strip Control
(see TARGET SPECIFICATION below). -q, --query Query plug status of targets. If none specified, query all targets. Status is not cached; each time this option is used, powermand queries the appropriate RPC's. _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 192...
Page 193 Some examples of powerman targets follows. Power on hosts bar,baz,foo01,foo02,...,foo05: powerman --on bar baz foo[01-05] Power on hosts bar,foo7,foo9,foo10: powerman --on bar,foo[7,9-10] _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 193...
Page 194: Pmpower
Devices can be added in /etc/config/powerstrips.xml. If an action is attempted which has not been configured for a specific Power Device, pmpower will exit with an error. Adding new RPC devices There are two simple paths to adding support for new RPC devices. _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 194...
Page 195 The id appears on the web page in the list of available devices types to configure. The outlets describe targets that the scripts can control. For example, a power control board may control several different outlets. The port-id is the native name for identifying the outlet. _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 195...
Page 196: Ipmitool
System Event Log (SEL), print Field Replaceable Unit (FRU) inventory information, read and set LAN configuration parameters, and perform remote chassis power control. SYNOPSIS ipmitool [-c|-h|-v|-V] -I open <command> ipmitool [-c|-h|-v|-V] -I lan -H <hostname> [-p <port>] _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 196...
Page 197 See table 22-19 in the IPMIv2 specification. The default is 3 which specifies RAKP-HMAC-SHA1 authentication, HMAC-SHA1-96 integrity, and AES-CBC-128 encryption algorightms. The remote server password is specified by the environment variable IPMI_PASSWORD. _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 197...
Page 198 IPMI LAN interface. A remote station has the ability to control a system's power state as well as being able to gather certain platform information. To reduce vulnerability, it is strongly advised that the IPMI LAN interface only be enabled in 'trusted' _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 198...
Page 199 Configure IPMIv1.5 Serial-over-LAN user Configure Management Controller users channel Configure Management Controller channels session Print session information exec Run list of commands from file Set runtime variable for shell and exec _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 199...
Page 200: Scripts For Managing Slaves
There is a useful tutorial on creating a bash script CGI at http://www.yolinux.com/TUTORIALS/LinuxTutorialCgiShellScript.html Similarly the Master maintains a view of the status of the Slaves: _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual http://ipmitool.sourceforge.net/manpage.html where 192.168.0.1 is the IP address of the Console Page 200...
Page 201 Alternatively, you can write a custom CGI script as described above. The currently connected Slaves can be determined by running: ls /var/run/cascade and the configured Slaves can be displayed by running: config -g config.cascade.Slaves _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 201...
Page 202: Thin Client (B092-016)
The B092-016 has a selection of management clients (Firefox browser, SSH, Telnet, VNC viewer, ICA, RDP) embedded as well as the Tripp Lite PowerAlert software. With these, the B092-016 provides rackside control of computers, networking, telecom, power and other managed devices via serial, USB or IP over the LAN.
Page 203 The sixteen serial ports are pre-configured by default in Console Server mode for the B096-016 / B096-048 Console Server Management Switch or in UPS (PowerAlert) mode for the B092-016 Console Server with PowerAlert product. To change these settings, select Configure, which will load the local Firefox browser and run the Management Console.
Page 204: Connect- Serial Terminal
16.1.2 Connect- browser Select Connect: Browser on the control panel and click on the Host/web site you have configured to be accessed using the browser. Sites can be internal or external. _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 204...
Page 205: Connect- Vnc
The VNC Viewer client in your B092-016 will be started and a VNC connection window to the selected server will be opened _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Java and all Java based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc.
Page 206: Connect- Ssh
Select Connect: SSH on the control panel and click on the Host to be accessed An SSH connection window will be opened. Enter the SSH login password and you will be securely connected to the selected Host _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 206...
Page 207: Connect- Ipmi
Select Connect: IPMI on the control panel and select the Serial over LAN connection to be accessed This will launch a Serial-Over-LAN session by running: # ipmitool -I lanplus -H hostname -U username -P password sol activate _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 207...
Page 208: Connect- Remote Desktop (Rdp)
Desktop server in the selected computer will be opened, the rdesktop window will appear on your B092-016 screen and you will be prompted for a password. (If the selected computer does not have RDP access enabled, then the rdesktop window will not appear.) _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 208...
Page 209: Connect- Citrix Ica
Further information on rdesktop can be found at 16.1.7 Connect- Citrix ICA Select Connect: Citrix ICA on the control panel and click on the Citrix server to be accessed _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Description http://www.rdesktop.org/ Page 209...
Page 210: Connect- Poweralert
Selecting System: Terminal on the control panel logs you in at the command line to the B092-016 Linux kernel. As detailed in Chapters 14 and 15, this enables you to configure and customize your B092-016 using the config and portmanager commands or general Linux commands. _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 210...
Page 211: System: Shutdown / Reboot
16.2.5 Status These menu items give the user a snapshot of the serial port and IPMI device status. 16.2.6 Logs These menu items give the user an audit log of B092-016 activity. _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 211...
Page 212: Remote Control
You can also run a VNC client application such as RealVNC, TightVNC or UltraVNC directly on a remote computer and configure it with the B092-016’s IP address to connect to the B092-016 VNC server _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 212...
Page 213: Appendix A Hardware Specification
_____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual VALUE B096-016 / B096-048: 17 x 12 x 1.75 in (43.2 x 31.3. x 4.5 cm) B092-016: 17 x 6.7 x 1.75 in (44 x 17 x 4.5 cm) B096-016 / B096-048: 11.8 lbs (5.4 kg) B092-016: 8.5 lb (3.9 kg)
Page 214: Serial Port Pinout
PSUs have adopted their own unique pinout; so custom connectors and cables may be required to interconnect your Console Server. In an endeavor to create some move to standardization, Tripp Lite Console Server products all use the same RJ45 pinout convention as adopted by Cisco, SUN and others.
Page 215 Connectors included in Console Server The B092-016 Console Server with PowerAlert, and the B096-048/016 Console Server Management Switch ship with a “cross-over” and a “straight” RJ45-DB9 connector for connecting to other vendor’s products: DB9F-RJ45S straight connector DB9F-RJ45S cross-over connector _____________________________________________________________________...
Page 216: Appendix C End User License Agreement
Software, you agree to be bound by the terms of this EULA. If you do not agree to the terms of this EULA, Tripp Lite is not willing to license the Software to you. In such event, do not use or install the Software. If you have purchased the Software, promptly return the Software and all accompanying materials with proof of purchase for a refund.
Page 217 LIMITED WARRANTY Tripp Lite warrants the media containing the Software for a period of ninety (90) days from the date of original purchase from Tripp Lite or its authorized retailer. Proof of date of purchase will be required. Any updates to the Software provided by Tripp Lite (which may be provided by Tripp Lite at its sole discretion) shall be governed by the terms of this EULA.
Page 218 REGARDING THE DEVICE OR THE SOFTWARE, THOSE WARRANTIES DO NOT ORIGINATE FROM, AND ARE NOT BINDING ON, TRIPP LITE. NO LIABILITY FOR CERTAIN DAMAGES. EXCEPT AS PROHIBITED BY LAW, TRIPP LITE SHALL HAVE NO LIABILITY FOR COSTS, LOSS, DAMAGES OR LOST OPPORTUNITY OF ANY TYPE...
Page 219 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual GNU GENERAL PUBLIC LICENSE Page 219...
Page 220 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 220...
Page 221 Sun's rights in the Java Marks; and (c) assist Sun in protecting those rights, including assigning to Sun any rights acquired by Licensee in any Java Mark. _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual NO WARRANTY SUN Java License...
Page 222 4. Third Party Code. Additional copyright notices and license terms applicable to portions of the Software are set forth in the THIRDPARTYLICENSEREADME.txt file. _____________________________________________________________________ B096-016 B096-048 and B092-016 User Manual Page 222...
Page 223: Limited Warranty
Visit www.tripplite.com/warranty today to register the warranty for your new Tripp Lite product. You’ll be automatically entered into a drawing for a chance to win a FREE Tripp Lite product!* * No purchase necessary. Void where prohibited. Some restrictions apply. See website for details.
Page 224 Tripp Lite World Headquarters 1111 W. 35th Street, Chicago, IL 60609 USA (773) 869-1234 (USA) • 773.869.1212 (International) www.tripplite.com 200903108 93-2879_EN...

This manual is also suitable for:

B096-016 93-2879 B092-016

Tripp Lite B096-048 Owner's Manual

Introduction

Installation

Models

Power Connection

Network Connection

Serial Port Connection

USB Port Connection

Rackmount Console / KVM Connection (B092-016 Only)

Initial System Configuration

Management Console Connection

Administrator Password

Network IP Address

System Services

Communications Software

Management Network Configuration (B096-048/016 Only)

Serial Port and Network Host

Configuring Serial Ports

4.3 Authentication

4.2 Add/Edit Users

4.5 Trusted Networks

4.4 Network Hosts

Serial Port Cascading

Failover and Out-Of-Band Access

Oob Dial-In Access

Oob Broadband Access (B096-048/016 Only)

Broadband Ethernet Failover (B096-048/016 Only)

5.4 Dial-Out Failover

6 Secure Tunneling and Sdt Connector

Configuring for SDT Tunneling to Hosts

SDT Connector Configuration

SDT Connector to Management Console

SDT Connector - Telnet or SSH Connect to Serially Attached Devices

Using SDT Connector for Out-Of-Band Connection to the Gateway

Importing (and Exporting) Preferences

6.7 SDT Connector Public Key Authentication

Setting up SDT for Remote Desktop Access

SDT SHH Tunnel for VNC

Using SDT to IP Connect to Hosts that Are Serially Attached to the Gateway

Alerts and Logging

Configure Smtp/Sms/Snmp/Nagios Alert Service

Activate Alert Events and Notifications

Remote Log Storage

Serial Port Logging

Network TCP or UDP Port Logging

Power & Environmental Management

Remote Power Control (RPC)

Uninterruptible Power Supply Control (UPS)

8.3 Environmental Monitoring

9.1 Authentication Configuration

PAM (Pluggable Authentication Modules)

Secure Management Console Access

Nagios Integration

Nagios Overview

Central Management

Configuring Nagios Distributed Monitoring

Advanced Distributed Monitoring Configuration

11 System Management

System Administration and Reset

Upgrade Firmware

Configure Date and Time

12 Status Reports

Port Access and Active Users

Statistics

Support Reports

Syslog

13 Management

Device Management

Port and Host Management

Power Management

Serial Port Terminal Connection

Remote Console Access (B092-016 Only)

Basic Configuration - Linux Commands

The Linux Command Line

Administration Configuration

Date and Time Configuration

Network Configuration

Serial Port Configuration

Event Logging Configuration

SDT Host Configuration