Page 1: Console Server
Console Server with PowerAlert Model: B092-016 Console Server Models: B095-004-1E / B095-003-1E-M Tripp Lite World Headquarters 1111 W. 35th Street, Chicago, IL 60609 USA www.tripplite.com/support Copyright © 2010 Tripp Lite. All rights reserved. All trademarks are the property of their respective owners.
Page 2: Table Of Contents
INDEX INTRODUCTION INSTALLATION Models 2.1.1 Kit Components: B096-048 and B096-016 Console Server Management Switch 2.1.2 Kit Components: B092-016 Console Server with PowerAlert 2.1.3 Kit Components: B095-004-1E and B095-003-1E-M Console Server Power Connection 2.2.1 Power: Console Server Management Switch 2.2.2 Power: Console Server with PowerAlert 2.2.3...
Page 3 4.1.1 Common Settings 4.1.2 Console Server Mode 4.1.3 SDT Mode 4.1.4 Device (RPC, UPS, EMD) Mode 4.1.5 Terminal Server Mode 4.1.6 Serial Bridging Mode 4.1.7 Syslog Add/Edit Users Authentication Network Hosts Trusted Networks Serial Port Cascading 4.6.1 Automatically Generate and Upload SSH Keys 4.6.2 Manually Generate and Upload SSH Keys 4.6.3...
Page 4 SDT Connector Configuration 6.2.1 SDT Connector Client Installation 6.2.2 Configuring a New Gateway in the SDT Connector Client 6.2.3 Auto-Configure SDT Connector Client with the User’s Access Privileges 6.2.4 Make an SDT Connection Through the Gateway to a Host 6.2.5 Manually Adding Hosts to the SDT Connector Gateway 6.2.6 Manually Adding New Services to the New Hosts...
Page 5 Remote Log Storage Serial Port Logging Network TCP or UDP Port Logging POWER & ENVIRONMENTAL MANAGEMENT Remote Power Control (RPC) 8.1.1 RPC Connection 8.1.2 RPC Alerts 8.1.3 RPC Status 8.1.4 User Power Management Uninterruptible Power Supply Control (UPS) 8.2.1 Managed UPS Connections 8.2.2 Configure UPS Powering the Console Server 8.2.3...
Page 6 Creating Custom Widgets for the Dashboard MANAGEMENT 13.1 Device Management 13.2 Port & Host Management 13.3 Power Management 13.4 Serial Port Terminal Connection 13.5 Remote Console Access (B092-016 only) BASIC CONFIGURATION - LINUX COMMANDS 14.1 The Linux Command Line 14.2 Administration Configuration...
Page 7 System Settings 14.2.1 Authentication Configuration 14.2.2 14.3 Date and Time Configuration 14.4 Network Configuration IP Configuration 14.4.1 Dial-In Configuration 14.4.2 Services Configuration 14.4.3 14.5 Serial Port Configuration Serial Port Settings 14.5.1 Supported Protocol Configuration 14.5.2 Users 14.5.3 Trusted Networks 14.5.4 14.6 Event Logging Configuration Remote Serial Port Log Storage...
Page 8 Power Strip Control PowerMan 15.9.1 pmpower 15.9.2 Adding New RPC Devices 15.9.3 15.10 IPMItool 15.11 Scripts for Managing Slaves THIN CLIENT (B092-016) 16.1 Local Client Service Connections 16.1.1 Connect- Serial Terminal 16.1.2 Connect- Browser 16.1.3 Connect- VNC 16.1.4 Connect- SSH 16.1.5...
Page 9: Introduction
This User Manual is provided to help you get the most from your B096-016 / B096-048 Console Server Management Switch, B092-016 Console Server with PowerAlert or B095-004-1E / B095-003-1E-M Console Server product. These products are referred to generically in this manual as Console Servers.
Page 10 Do not remove the metal covers. There are no operator-serviceable components inside. Opening or removing the cover may expose you to dangerous voltage which may cause fire or electric shock. Refer all service to Tripp Lite qualified personnel  To avoid electric shock the power cord protective grounding conductor must be connected through to ground ...
Page 11: Types Of Users
The Console Server Management Console runs in a browser. It provides a view of your Console Server Management Switch (B096-016/048), Console Server with PowerAlert (B092-016) or Console Server (B095-004/003) product and all the connected equipment. Administrators can use the Management...
Page 12: Manual Conventions
Console Server through an SSH tunnel using the SDTConnector. The B092-016 Console Server also has PowerAlert software and a selection of thin clients embedded (RDP, Firefox etc). You will be able to use these consoles as well as the standard Management Console for access and control.
Page 13 Text presented like this highlights important issues and it is essential you read and take heed of these warnings.  Text presented with an arrowhead indent indicates an action you should take as part of the procedure. Bold text indicates text that you type, or the name of a screen object (e.g. a menu or button) on the Management Console.
Page 14: Installation
Ports Port Port B096-048 Internal Dual AC Universal Input B096-016 Internal Dual AC Universal Input B092-016 1+KVM Single AC Universal Input B095-004-1E External DC Supply B095-003-1E-M Internal External DC Supply 2.1.1 Kit Components: B096-048 and B096-016 Console Server Management Switch...
Page 15: Kit Components: B092-016 Console Server With Poweralert
Take care to heed the Safety Precautions listed earlier.  Proceed to connect your B092-016 to the network, to the serial and USB ports of the controlled devices, to any rack side LCD console or KVM switch and to power as outlined below.
Page 16: Power Connection
2.2.2 Power: Console Server with PowerAlert The standard B092-016 Console Server has a built-in universal auto-switching AC power supply. This power supply accepts AC input voltage between 100 and 240 VAC with a frequency of 50 or 60 Hz and...
Page 17: Power: Console Server Management Switch
Server are located on the side of the metal case marked PXR. Network Connection The RJ45 10/100 LAN port is located on the rear of the B092-016 Console Server, on the front of the B096-048/016 Console Server Management Switch and on the side panel of the B095-004/003 Console Server .
Page 18: Usb Port Connection
USB memory stick so that it will be installed in this port for extended log file storage. There are four USB 2.0 ports on the rear panel of the B092-016 Console Server and one USB 2.0 port located under the RJ45 10/100 LAN connector on the B095-004/003 Console Server.
Page 19: Initial System Configuration
INITIAL SYSTEM CONFIGURATION Introduction This chapter provides step-by-step instructions for the initial configuration of your Console Server and connecting it to your management or operational network. This involves the Administrator: Activating the Management Console  Changing the Administrator password  Setting the IP address for the Console Server’s principal LAN port ...
Page 20: Browser Connection
o IP address: 192.168.0.100 o Subnet mask: 255.255.255.0 If you wish to retain your existing IP settings for this network connection, click Advanced  and Add the above as a secondary IP connection  If it is not convenient to change your computer network address, you can use the ARP-Ping command to reset the Console Server IP address.
Page 21  You will be prompted to log in. Enter the default administration username and administration password: Username: root Password: default The above screen, which lists four initial installation configuration steps, will be displayed: Change the default administration password on the System/Administration page (Chapter 3).
Page 22: Initial B092-016 Connection
For the initial configuration of the B092-016 Console Server, you will need to connect a console (keyboard, mouse and display) or a KVM switch directly to its mouse, keyboard and VGA ports. When you initially power on the B092-016, you will be prompted on your directly connected video console to log in: ...
Page 23: Network Ip Address
 Select System: Administration.  Enter a new System Password then re-enter it in Confirm System Password. This is the new password for root, the main administrative user account, so it is important that you choose a complex password, and keep it safe. ...
Page 24: Ipv6 Configuration
 If you select DHCP, the Console Server will look for configuration details from a DHCP server on your management LAN. This selection automatically disables any static address. The Console Server MAC address can be found on a label on the base plate. Note In its factory default state (with no Configuration Method selected) the Console Server has its DHCP client enabled, so it automatically accepts any network IP address assigned by a DHCP...
Page 25: System Services
 You will then need to configure the IPv6 parameters on each interface page. System Services The Administrator has a selection of access protocols that can be used to access the Console Server. The factory default enables HTTPS and SSH access to the Console Server and disables HTTP and Telnet. The User can also use the nominated services for limited access to the Console Server itself.
Page 26  Select System: Services. Then select /deselect the service to be enabled /disabled. The following access protocol options are available: HTTPS Ensures secure browser access to all the Management Console menus. It also allows appropriately configured Users secure browser access to selected Management Console Manage menus.
Page 27 5800 to the B092-016 Console Server (refer to Chapter 16). PowerAlert This configuration option will automatically start the PowerAlert application on the B092-016 and display the console as soon as you log into the local display or VNC session (refer to Chapter 16). The complete PowerAlert manual can be downloaded at www.tripplite.com/EN/support/PowerAlert/Downloads.cfm...
Page 28: Communications Software
This section provides an overview of the communications software tools that can be used on the remote computer. Tripp Lite recommends the SDT Connector software tool that is provided with the Console Server, however, generic tools such as PuTTY and SSHTerm may also be used.
Page 29: Sshterm
To use PuTTY for an SSH terminal session from a  Windows client, enter the Console Server’s IP address as the ‘Host Name (or IP address)’ To access the Console Server command line,  select ‘SSH’ as the protocol and use the default IP Port 22 Click ‘Open’...
Page 30: Management Network Configuration (B096-048/016 Only)
A message may appear about the host key fingerprint.  You will need to select ‘Yes’ or ‘Always’ to continue The next step is password authentication. You will be  prompted for your username and password from the remote system. You will then be logged on to the Console Server Management Network Configuration (B096-048/016 only) The B096-048/016 Console Server Management Switches have a second Ethernet network port that can...
Page 31 Note second Ethernet port on the B096-048/016 can be configured as either a Management LAN gateway port or it can be configured as an OoB/Failover port - but not both. So be sure that you did not allocate Management LAN as the Failover Interface when you configured the principal Network connection on the System: IP menu.
Page 32 To configure the DHCP server for the Management LAN:  Enter the Gateway address that is to be issued to the DHCP clients. If this field is left blank, the IP address of the B096-048/016 will be used.  Enter the Primary DNS and Secondary DNS address to issue the DHCP clients. Again if this field is left blank, the IP address of the B096-048/016 is used, so leave this field blank for automatic DNS server assignment.
Page 33: Configure Management Switch For Failover Or Broadband Oob
Once DHCP has initially allocated hosts addresses, it is recommended to copy these into the pre- assigned list so the same IP address will be reallocated in the event of a reboot. 3.6.2 Configure Management Switch for Failover or Broadband OoB The Management Switch in the B096-048/016 Console Server can be configured to provide a failover option.
Page 34: Serial Port And Network Host
SERIAL PORT AND NETWORK HOST Introduction The Console Server enables access and control of serially-attached devices and network-attached devices (hosts). The Administrator must configure access privileges for each of these devices, and specify the services that can be used to control the devices. The Administrator can also set up new users and specify each user’s individual access and control privileges.
Page 35: Common Settings
Note If you wish to set the same protocol options for multiple serial ports at once, click Edit Multiple Ports and select which ports you wish to configure as a group.  When you have configured the common settings and the mode for each port, set up any remote syslog (Chapter 4.1.7), then click Apply.
Page 36: Console Server Mode
4.1.2 Console Server Mode Select Console Server Mode to enable remote management access to the serial console that is attached to the serial port: Logging Level This specifies the level of information to be logged and monitored (refer to Chapter 7 - Alerts and Logging).
Page 37 Telnet Check to enable Telnet access to the serial port. When enabled, a Telnet client on a User or Administrator’s computer can connect to a serial device attached to this serial port on the Console Server. The default port address is IP Address _ Port (2000 + serial port #) i.e. 2001 – 2048.
Page 38 PuTTY can be downloaded at http://www.tucows.com/preview/195286.html It is recommended that the User or Administrator uses SSH as the protocol for connecting to serial consoles attached to the Console Server when communicating over the Internet or any other public network. This will provide an authenticated, encrypted connection between the SSH client program on the remote user’s computer and the Console Server.
Page 39 This syntax enables users to set up SSH tunnels to all serial ports with only a single IP port 22 having to be opened in their firewall/gateway. RAW TCP allows connections directly to a TCP socket. Communications programs such as PuTTY also support RAW TCP, however, this protocol would usually be used by a custom application.
Page 40: Sdt Mode
 Proceed to the appropriate device configuration page (Serial & Network: UPS Connections, RPC Connection or Environmental) as detailed in Chapter 8 - Power & Environmental Management). The B092-016 Console Server also allows you to configure ports as UPS devices that PowerAlert ...
Page 41: Serial Bridging Mode
The getty will then configure the port and wait for a connection to be made. An active connection on a serial device is usually indicated by the Data Carrier Detect (DCD) pin on the serial device being raised. When a connection is detected, the getty program issues a login: prompt, and then invokes the login program to handle the actual system login.
Page 42: Syslog
 You may secure the communications over the local Ethernet by enabling SSH however you will need to generate and upload keys (refer to Chapter 14 – Advanced Configuration). 4.1.7 Syslog In addition to built-in logging and monitoring (which can be applied to serial-attached and network- attached management accesses, as covered in Chapter 7 - Alerts and Logging), the Console Server can also be configured to support the remote syslog protocol on a per serial port basis: ...
Page 43 Users can be authorized to access specified Console Server serial ports and specified network-attached hosts. These users can also be given full Administrator status (with full configuration and management and access privileges). To simplify user setup, they can be configured as members of Groups. There are two Groups set up by default (admin and user).
Page 44  Select Serial & Network: Users & Groups to display the configured Groups and Users.  Click Add Group to add a new Group.  Add a Group name and Description for each new Group, then nominate Accessible Hosts and Accessible Ports to specify the serial ports and hosts you wish any users in this new Group to be able to access.
Page 45: Authentication
Note that while there are no specific limits, the time to re-configure does increase as the number and complexity increases so we recommend the aggregate number if users and groups be kept under 250 (or 1000 for B092-016). The Administrator can also edit the access settings for any existing users: ...
Page 46  Selecting Serial & Network: Network Hosts presents all the network connected Hosts that have been enabled for access, and the related access TCP ports/services.  Click Add Host to enable access to a new Host (or select Edit to update the settings for existing Host).
Page 47: Trusted Networks
Trusted Networks The Trusted Networks facility gives you the option to nominate specific IP addresses that users (Administrators and Users) must be located at in order to have access to Console Server serial ports:  Select Serial & Network: Trusted Networks. ...
Page 48: Serial Port Cascading
Network IP Address 204.15.5.0 Subnet Mask 255.255.255.255 If however you want to allow all the users operating from within a specific range of IP  addresses (say any of the thirty addresses from 204.15.5.129 to 204.15.5.158) to be permitted connection to the nominated port: Host /Subnet Address 204.15.5.128 Subnet Mask...
Page 49: Manually Generate And Upload Ssh Keys
Now select whether to generate the keys using RSA and/or DSA (if unsure, select only RSA). Generating each set of keys will require approximately two minutes and the new keys will destroy any old keys of that type that may previously been uploaded. Also while the new generation is under way on the master, functions relying on SSH keys (e.g.
Page 50 Next, you must register the Public Key as an Authorized Key on the Slave. In the simple case with only one Master with multiple Slaves, you need only upload the one RSA or DSA public key for each Slave. Note The use of key pairs can be confusing because in many cases one file (Public Key) fulfills two roles –...
Page 51: Configure The Slaves And Their Serial Ports
4.6.3 Configure the Slaves and their Serial Ports You can now begin setting up the Slaves and configuring Slave serial ports from the Master Console Server:  Select Serial & Network: Cascaded Ports on the Master’s Management Console.  To add clustering support select Add Slave. Note You will be prevented from adding any Slaves until you have automatically or manually generated SSH keys:...
Page 52: Managing The Slaves
This is covered in Chapter 11. Serial Port Redirection Tripp Lite’s VirtualPort software delivers the virtual serial port technology your Windows applications need to open remote serial ports and read the data from serial devices that are connected to your Console Server.
Page 53: Configure The Virtualport Client
VirtualPort is fully compatible with 32-bit and 64-bit versions of Windows NT 4.x, Windows XP, Windows 2000, Windows 2003, Windows 2008, Windows Vista and 64-bit and Windows 7. The installation process is simple.  The VirtualPort_setup.exe program is included on the CD supplied with your Console Server (or a copy can be freely downloaded from the ftp site).
Page 54 Enter the Console Server's IP address (or network name).  Enter the Server TCP Port number that matches the port you have configured for the serial  device on the remote Console Server. Ensure this port isn't blocked by a firewall. o Telnet RFC2217 mode is configured by default so the range of port numbers available on a 16-port console server would be 5001-5016 o Alternately check RAW mode (4001- 4048 on a 48 port console server)
Page 55 Connect at system startup—When enabled VirtualPort will try to connect to the Console Server when the VirtualPort service starts (as opposed to waiting for the application to open the serial port before initiating the connection to the Console Server). The Time between connection retries specifies the number of seconds between TCP connection retries after a client-initiated connection failure.
Page 56: Remove A Configured Port
Check Receive DSR/DCD/CTS changes if the flow control signal status from the physical serial port on Console Server is to be reflected back to the Windows COM port driver (as some serial communications applications prefer to run without any hardware flow control, i.e. in “two wire” mode).
Page 57: Managed Devices (B095-004/003 Only)
Managed Devices (B095-004/003 only) Managed Devices presents a consolidated view of all the connections to a device that can be accessed and monitored through the Console Server. Note Managed Devices feature was introduced with Revision 3.0.1 firmware so is only currently available on B095-004-1E / B095-003-1E-M Console Servers.
Page 58 To add a new network connected Managed Device:  The Administrator adds a new network connected Managed Device using Add Host on the Serial&Network: Network Host menu. This automatically creates a corresponding new Managed Device (as covered in Section 4.4 - Network Hosts). ...
Page 59 Also all the outlet names on the PDU will by default be “Outlet 1” “Outlet 2”. When you connect a particular Managed Device (that draws power from the outlet), the outlet will then take up the name of the powered Managed Device.
Page 60: Failover And Out-Of-Band Access
The B096-048/016 and B095-003-M Console Servers have an internal modem for dial-up OoB access. The B092-016 Console Server needs an external modem to be attached via a serial cable to its DB9 port. the four serial ports are all configured by default as RJ serial On the B095-004 Console Server, Console Server ports.
Page 61: Configure Dial-In Ppp
5.1.1 Configure Dial-In PPP To enable dial-in PPP access on the Console Server modem port/ internal modem:  Select the System: Dial menu option and the port to be configured (Serial DB9 Port or Internal Modem Port). Note The Console Server’s console/modem serial port is set by default to 115200 baud, No parity, 8 data bits and 1 stop bit, with software (Xon-Xoff) flow control enabled.
Page 62: Using Sdt Connector Client For Dial-In
 In the Local Address field, enter the IP address for the Dial-In PPP Server. This is the IP address that will be used by the remote client to access Console Server once the modem connection is established. Again, you can select any address for the Local IP Address but both must be in the same network range as the Remote IP Address.
Page 63: Set Up Earlier Windows Clients For Dial-In
 Select Connect to the Internet and click Next.  On the Getting Ready screen select Set Up My Connection Manually and click Next.  On the Internet Connection screen select Connect Using a Dial-Up Modem and click Next.  Enter a Connection Name (any name you choose) and the dial-up Phone Number that will connect thru to the Console Server modem.
Page 64: Set Up Linux Clients For Dial-In
5.1.5 Set Up Linux Clients for Dial-In The online tutorial http://www.yolinux.com/TUTORIALS/LinuxTutorialPPP.html presents a selection of methods for establishing a dial up PPP connection: Command line PPP and manual configuration (which works with any Linux distribution) Using the Linuxconf configuration tool (for Red Hat compatible distributions).
Page 65 When configuring the principal network connection on the System: IP Network Interface menu,  select Management LAN (eth1) as the Failover Interface to be used when a fault has been detected with main Network Interface (eth0). Specify the Probe Addresses of two sites (the Primary and Secondary) that the B096-048/016 is to ...
Page 66: Dial-Out Failover
Then configure Management LAN Interface (eth1) with the same IP setting that you used for the  main Network Interface (eth0) to ensure transparent redundancy. In this mode, Network 2 (eth1) is available as the transparent back-up port to Network 1 (eth0) for accessing the management network.
Page 68: Secure Tunneling And Sdt Connector
SECURE TUNNELING AND SDT CONNECTOR Introduction Each Console Server has an embedded SSH server and uses SSH tunneling. This enables one Console Server to securely manage all the systems and network devices in the data center, using text-based console tools (such as SSH, Telnet, SoL) or graphical desktop tools (VNC, RDP, HTTPS, HTTP, X11, VMware, DRAC, iLO etc).
Page 69: Configuring For Sdt Tunneling To Hosts
Using SDT Connector to Telnet or SSH connect to devices that are serially attached to the  Console Server (Section 6.4) The chapter then covers more advanced SDT Connector and SDT tunneling topics: Using SDT Connector for out of band access (Section 6.5) ...
Page 70: Sdt Connector Client Installation
SDT Connector can connect to the Console Server using an alternate OoB access. It can also be configured to access the Console Server itself and to access devices connected to serial ports on the Console Server. 6.2.1 SDT Connector Client Installation ...
Page 71: Configuring A New Gateway In The Sdt Connector Client
To operate SDT Connector, add the new gateways to the client software by entering the access details for each Console Server (refer to Section 6.2.2). Then let the client auto-configure with all host and serial port connections from each Console Server (refer Section 6.2.3). Now point-and-click to connect to the Hosts and serial devices (refer to Section 6.2.4).
Page 72: Auto-Configure Sdt Connector Client With The User's Access Privileges
 Optionally, you can enter a Descriptive Name to display instead of the IP or DNS address, and any Notes or a Description of this gateway (such as its firmware version, site location or anything special about its network configuration). ...
Page 73: Make An Sdt Connection Through The Gateway To A Host
Configure access to network-connected Hosts that the user is authorized to access  and set up (for each of these Hosts) the services (e.g. HTTPS, IPMI2.0) and the related IP ports being redirected Configure access to the Console Server itself (this is shown as a Local Services host) ...
Page 74: Manually Adding Hosts To The Sdt Connector Gateway
Gateway. The B096-016 / B096-048 Console Server Management Switch and B092-016 Console Server with PowerAlert each support at least 50 such concurrent connections. So for a site with a B096-016 gateway you can have, at any time, up to 50 users securely controlling an unlimited number of network attached computers, power devices and other appliances (routers, etc) at that site.
Page 75: Manually Adding New Services To The New Hosts
6.2.6 Manually Adding New Services to the New Hosts To extend the range of services that can be used when accessing hosts with SDT Connector:  Select Edit: Preferences and click the Services tab. Click Add.  Enter a Service Name and click Add. ...
Page 76 The second redirection is for the VNC service that the user may choose to launch later from the RAC web console. It automatically loads in a Java client served through the web browser, so it does not need a local client associated with it. ...
Page 77: Adding A Client Program To Be Started For The New Service
6.2.7 Adding a Client Program to be Started for the New Service Clients are local applications that may be launched when a related service is clicked. To add to the pool of client programs:  Select Edit: Preferences and click the Client tab. Click Add. ...
Page 78: Dial-In Configuration
Also some clients are launched in a command line or terminal window. The Telnet client is an example of this:  Click OK. 6.2.8 Dial-In Configuration If the client computer is dialing into Local/Console port on the Console Server, you will need to set up a dial-in PPP link: ...
Page 79 SDT Connector client software that is supplied with the gateway. However there is also a wide selection of commercial and free SSH client programs that are supported: PuTTY is a complete (though not very user-friendly:) freeware implementation of SSH for Win32 and UNIX platforms SSHTerm is a useful open source SSH communications package...
Page 80 specified when setting up the SDT Hosts on the Console Server was accounts.myco.intranet.com, then specify the Destination as accounts.myco.intranet.com:3389 If your destination computer is serially connected to the Console Server, set the Destination  as <port label>:3389. For example, if the Label you specified on the SDT enabled serial port on the Console Server is win2k3, then specify the remote host as win2k3:3389.
Page 81  Select Local and click the Add button.  Click Open to SSH connect the Client computer to the Console Server. You will now be prompted for the Username/Password for the Console Server User you SDT enabled. Note You can also secure the SDT communications from local and enterprise VPN-connected Client computers using SSH as above.
Page 82 Note How secure is VNC? VNC access generally allows access to your whole computer, so security is very important. VNC uses a random challenge-response system to provide the basic authentication that allows you to connect to a VNC server. This is reasonably secure and the password is not sent over the network.
Page 83: Sdt Connector To Management Console
SDT Connector to Management Console SDT Connector can also be configured for browser access to the gateway’s Management Console – and for Telnet or SSH access to the gateway command line. For these connections to the gateway itself, you must configure SDT Connector to access the gateway (itself) by setting the Console Server up as a host, and then configuring the appropriate services: ...
Page 84: Sdt Connector - Telnet Or Ssh Connect To Serially Attached Devices
SDT Connector - Telnet or SSH Connect to Serially Attached Devices SDT Connector can also be used to access text consoles on devices that are attached to the Console Server’s serial ports. For these connections, you must configure the SDT Connector client software with a Service that will access the target gateway serial port, and then set the gateway up as a host: ...
Page 85: Using Sdt Connector For Out-Of-Band Connection To The Gateway
 Click Add then scroll to the bottom and click Apply.  Administrators by default have gateway and serial port access privileges; however for Users to access the gateway and the serial port, you will need to give those Users the required access privileges.
Page 86 cmd /c start "Starting Out of Band Connection" /wait /min rasdial network_connection login password The network_connection in the above is the name of the network connection as displayed in Control Panel -> Network Connections. Login is the dial-in username, and password is the dial-in password for the connection.
Page 87: Importing (And Exporting) Preferences
Importing (and exporting) Preferences To enable the distribution of pre-configured client config files, SDT Connector has an Export/Import facility:  To save a configuration .xml file (for backup or for importing into other SDT Connector clients), select File -> Export Preferences and select the location to save the configuration file. ...
Page 88: Setting Up Sdt For Remote Desktop Access
SSH client that SDT Connector launches (e.g. Putty, OpenSSH) and the host's SSH server for public key authentication. Essentially, what you are using is SSH over SSH, and the two SSH connections are entirely separate. Setting up SDT for Remote Desktop Access Microsoft’s Remote Desktop Protocol (RDP) enables the system manager securely to access and manage remote Windows computers: to reconfigure applications and user profiles, upgrade the server’s operating system, reboot the machine, etc.
Page 89: Configure The Remote Desktop Connection Client
 To set the user(s) who can remotely access the system with RDP, click Add on the Remote Desktop Users dialog box. Note If you need to set up new users for Remote Desktop access, open User Accounts in the Control Panel and proceed through the steps to nominate the new user’s name, password and account type (Administrator or Limited).
Page 90  In Computer, enter the appropriate IP Address and Port Number: Where there is a direct local or enterprise VPN connection, enter the IP Address of the  Console Server, and the Port Number of the SDT Secure Tunnel for the Console Server’s serial port (the one that is attached to the Windows computer to be controlled).
Page 91 Note The Remote Desktop Connection software is pre-installed on Windows XP. However, for earlier Windows computers, you will need to download the RDP client:  Go to the Microsoft Download Center site http://www.microsoft.com/downloads/details.aspx?familyid=80111F21-D48D-426E-96C2- 08AA2BD23A49&displaylang=en and click the Download button This software package will install the client portion of Remote Desktop on Windows 95, Windows 98 and 98 Second Edition, Windows Me, Windows NT 4.0, Windows 2000, and Windows 2003.
Page 92 Note The rdesktop client is supplied with Red Hat 9.0:  rpm -ivh rdesktop-1.2.0-1.i386.rpm For Red Hat 8.0 or other distributions of Linux; download source, untar, configure, make, make then install. rdesktop currently runs on most UNIX based platforms with the X Window System and can be downloaded from http://www.rdesktop.org/ C.
Page 93: Sdt Shh Tunnel For Vnc
SDT SHH Tunnel for VNC Alternately, with SDT and Virtual Network Computing (VNC), Users and Administrators can securely access and control Windows 98/NT/2000/XP/2003, Linux, Macintosh, Solaris and UNIX computers. There’s a range of popular VNC software available (UltraVNC, RealVNC, TightVNC) freely and commercially.
Page 94: Install, Configure And Connect The Vnc Viewer
 To set up a persistent VNC server on Red Hat Enterprise Linux 4: o Set a password using vncpasswd o Edit /etc/sysconfig/vncservers o Enable the service with chkconfig vncserver on o Start the service with service vncserver start o Edit /home/username/.vnc/xstartup if you want a more advanced session than just twm and an xterm C.
Page 95 A. When the Viewer computer is connected to the Console Server through an SSH tunnel (over the public Internet, or a dial-in connection, or private network connection), enter localhost (or 127.0.0.1) as the IP VNC Server IP address and the source port you entered when setting SSH tunneling/port forwarding (in Section 6.2.6) e.g.
Page 96: Using Sdt To Ip Connect To Hosts That Are Serially Attached To The Gateway
Note For general background reading on Remote Desktop and VNC access, we recommend the following:  The Microsoft Remote Desktop How-To http://www.microsoft.com/windowsxp/using/mobility/getstarted/remoteintro.mspx  The Illustrated Network Remote Desktop help page http://theillustratednetwork.mvps.org/RemoteDesktop/RemoteDesktopSetupandTroubleshooting.ht  What is Remote Desktop in Windows XP and Windows Server 2003? by Daniel Petri http://www.petri.co.il/what's_remote_desktop.htm ...
Page 97 B. For Windows XP and 2003 computers, follow the steps below to set up an advanced network connection between the Windows computer, through its COM port, to the Console Server. Both Windows 2003 and Windows XP Professional allow you to create a simple dial-in service which can be used for the Remote Desktop/VNC/HTTP/X connection to the Console Server: ...
Page 98  Specify which Users will be allowed to use this connection. This should be the same Users who were given Remote Desktop access privileges in the earlier step. Click Next.  On the Network Connection screen, select TCP/IP and click Properties. ...
Page 99 Alternately you can set the advanced connection and access on the Windows computer to use the Console Server defaults:  Specify 10.233.111.254 as the From: address  Select Allow calling computer to specify its own address Also you could use the Console Server default username and password when you set up the new Remote Desktop User and give this User permission to use the advance connection to access the Windows computer: ...
Page 100: Set Up Sdt Serial Ports On Console Server
C. For earlier version Windows computers, follow the steps in Section B, above. To get to the Make New Connection button: For Windows 2000, click Start and select Settings. At the Dial-Up Networking Folder, click  Network and Dial-up Connections and click Make New Connection. Note: you first may need to set up a connection over the COM port using Connect directly to another computer before proceeding to Set up an advanced connection For Windows 98, you double-click My Computer on the Desktop, then open Dial-Up...
Page 101 Next, add a New SDT Host. In the Host address you need to put portxx where xx = the port to which you are connecting. Example, for port 3 you would have a Host Address of: port03 and then select the RDP Service check box.
Page 102: Alerts And Logging
ALERTS AND LOGGING Introduction This chapter describes the alert generation and logging features of the Console Server. The alert facility monitors the serial ports, all logins, the power status and environmental monitors and probes. It sends emails, SMS, Nagios or SNMP alerts when specified trigger events occurs. First, enable and configure the service that will be used to carry the alert (Section 7.1) ...
Page 103: Sms Alerts
 In the SMTP Server field, enter the IP address of the outgoing mail Server.  You may enter a Sender email address which will appear as the “from” address in all email notifications sent from this Console Server. Many SMTP servers check the sender’s email address with the host domain name to verify the address as authentic.
Page 104: Snmp Alerts
 In the SMTP SMS Server field in the Alerts & Logging: SMTP &SMS menu, enter the IP address of the outgoing mail Server.  You may enter a Sender email address which will appear as the “from” address in all email notifications sent from this Console Server.
Page 105: Nagios Alerts
Note The Console Servers have an snmptrap daemon to send traps/notifications to remote SNMP servers on defined trigger events, as detailed above. The Console Servers also embed the net- snmpd daemon which accept SNMP requests from remote SNMP management servers and provides information on network interface, running processes, disk usage, etc.
Page 106: Add A New Alert
 Select Alerts & Logging: Alerts which will display all the alerts currently configured. Click Add Alert. 7.2.1 Add a New Alert The first step is to specify the alert service that will be used to send notification for this event, who to notify, and what port/host/device is to be monitored: ...
Page 107: Select General Alert Type
 Activate Nagios notification if it is to be used for this event. In an SDT Nagios centrally managed environment, you can check the Nagios alert option. On the trigger condition (for matched patterns, logins, power events and signal changes), an NSCA check "warning" result will be sent to the central Nagios server.
Page 108: Configuring Environment And Power Alert Type
 Serial Port Pattern Match Alert – This alert will be triggered if a regular expression is found in the serial ports character stream that matches the regular expression you enter in the Pattern field. This alert type will only be applied serial ports. ...
Page 109: Remote Log Storage
If you have selected Applicable Alarm Sensor(s) that are to be monitored for this alert event, then you can also set time windows when these sensors will not be monitored (e.g. for a door-open sensor, you may not wish to activate the sensor alert monitoring during the working day): ...
Page 110: Serial Port Logging
Serial Port Logging In Console Server mode, activity logs of all serial port activity can be maintained. These records are stored on an off-server, or in the Console Server flash memory. Specify which serial ports are to have activities recorded and to what level data is to be logged: ...
Page 111: Network Tcp Or Udp Port Logging
Network TCP or UDP Port Logging The Console Servers can also log any access to and communications with network attached Hosts.  For each Host, when you set up the Permitted Services which are authorized to be used, you also must set up the level of logging that is to be maintained for each service. ...
Page 112: Power & Environmental Management
POWER & ENVIRONMENTAL MANAGEMENT Introduction The B095-004/003 and B092-016 Console Server and B096-048/016 Console Server Management Switch products embed software that can be used to manage connected Power Distribution Systems (PDU’s), IPMI devices and Uninterruptible Power Supplies (UPS’s) supplied by a number of vendors, and some the environmental monitoring devices.
Page 113  Click Add RPC.  Enter a RPC Name and Description for the RPC.  In Connected Via, select the pre-configured serial port or the network host address that connects to the RPC.  Select any specific labels you wish to apply to specific RPC Outlets (e.g. the PDU may have 20 outlets connected to 20 powered devices you may wish to identify by name).
Page 114: Rpc Alerts
system is unresponsive. To set up IPMI power control, the Administrator first enters the IP address/domain name of the BMC or service processor (e.g. a Dell DRAC) in Serial & Network: Network Hosts. Then in Serial & Network: RPC Connections, the Administrator specifies the RPC Type to be IPMI1.5 or 2.0.
Page 115: Uninterruptible Power Supply Control (Ups)
 The outlet status is displayed. You can initiate the desired Action to be taken by selecting the appropriate icon: Power ON Power OFF Power Cycle Power Status You will only be presented with icons for those operations that are supported by the Target you have selected.
Page 116  Select UPS as the Device Type in the Serial & Network: Serial Port menu for each port which has Master control over a UPS and in the Serial & Network: Network Hosts menu for each network connected UPS (refer to Chapter 4). No such configuration is required for USB-connected UPS hardware.
Page 117  Enter a UPS Name and Description (optional) and identify if the UPS will be Connected Via USB or over pre-configured serial port or via HTTP/HTTPS over the preconfigured network Host connection.  Enter the UPS login details. This Username and Password is used by Slaves of this UPS (i.e. other computers that are drawing power through this UPS) to connect to the Console Server for monitoring of the UPS status and shutdown when battery power is low.
Page 118: Configure Ups Powering The Console Server
 Check Log Status and specify the Log Rate (i.e. minutes between samples) if you wish the status from this UPS to be logged. These logs can be views from the Status: UPS Status screen.  Check Enable Nagios to enable this UPS to be monitored using Nagios central management. ...
Page 119: Configuring Powered Computers To Monitor A Managed Ups
8.2.3 Configuring Powered Computers to Monitor a Managed UPS Once you have added a Managed UPS, each server that is drawing power through the UPS should be setup to monitor the UPS status as a Slave. This is done by installing the NUT package on each server, and setting up upsmon to connect to the Console Server.
Page 120: Ups Alerts
- password is the Password of the Manager UPS 8.2.4 UPS Alerts You can now set UPS alerts using Alerts & Logging: Alerts (refer to Chapter 7). 8.2.5 UPS Status You can monitor the current status of all your Managed or Monitored UPSs, whether they are on the network or connected serially or via USB: ...
Page 121 NUT can be configured using the Management Console as described above, or you can configure the tools and manage the UPS’s directly from the command line. This section provides an overview of NUT. You can find full documentation at http://www.networkupstools.org/doc NUT is built on a networked model with a layered scheme of drivers, server and clients.
Page 122: Environmental Monitoring
So NUT supports the more complex power architectures found in data centers, computer rooms and NOCs where many UPS’s from many vendors power many systems with many clients and each of the larger UPS’s power multiple devices and many of these devices are themselves dual powered. Environmental Monitoring The Environmental Monitoring Device (EMD), model B090-EMD, can be connected to any Console Server serial port and each Console Server can support multiple EMD’s.
Page 123: Connecting The Emd
8.3.1 Connecting the EMD The Environmental Monitoring Sensor (EMD) connects to any serial port on the Console Server via a special EMD Adapter and standard CAT5 cable. The EMD is powered over this serial connection and communicates using a custom handshake protocol. It is not an RS232 device and should not be connected without the adapter: Plug the RJ plug on the EMD Adapter (model B090-EMD- ...
Page 124: Environmental Alerts
 Click Add.  Enter a Name and Description for the EMD and select pre-configured serial port that the EMD will be Connected Via.  Provide Labels for each of the two alarms.  Check Log Status and specify the Log Rate (minutes between samples) if you wish the status from this EMD to be logged.
Page 125  Select the Status: Environmental Status menu and a table with the summary status of all connected EMD hardware will be displayed.  Click on View Log or select the Environmental Logs menu and you will be presented with a table and graphical plot of the log history of the selected EMD.
Page 126: Authentication Configuration
AUTHENTICATION Introduction The Tripp Lite Console Server is a dedicated Linux computer, and it embodies popular and proven Linux software modules for secure network access (OpenSSH) and communications (OpenSSL) and sophisticated user authentication (PAM, RADIUS, TACACS+ and LDAP). This chapter details how the Administrator can use the Management Console to establish ...
Page 127: Local Authentication
Local TACACS /RADIUS/LDAP: Tries local authentication first, falling back to remote if local fails TACACS /RADIUS/LDAP Local: Tries remote authentication first, falling back to local if remote fails TACACS /RADIUS/LDAP Down Local: Tries remote authentication first, falling back to local if the remote authentication returns an error condition (e.g.
Page 128: Radius Authentication
administrative control over the authentication and authorization processes. TACACS+ allows for a single access control server (the TACACS+ daemon) to provide authentication, authorization, and accounting services independently. Each service can be tied into its own database to take advantage of other services available on that server or on the network, depending on the capabilities of the daemon.
Page 129: Ldap Authentication
login, and other authentication mechanisms. Further information on configuring remote RADIUS servers can be found at the following sites: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/d4fe8248-eecd- 49e4-88f6-9e304f97fefc.mspx http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800945cc.shtml http://www.freeradius.org/ 9.1.4 LDAP Authentication Perform the following procedure to configure the LDAP authentication method to be used whenever the Console Server or any of its serial ports or hosts is accessed: ...
Page 130: Radius/Tacacs User Configuration
LDAP The Lightweight Directory Access Protocol (LDAP) is based on the X.500 standard, but is significantly simpler and more readily adapted to meet custom needs. The core LDAP specifications are all defined in RFCs. LDAP is a protocol used to access information stored in an LDAP server.
Page 131: Pam (Pluggable Authentication Modules)
PAM (Pluggable Authentication Modules) The Console Server supports RADIUS, TACACS+ and LDAP for two-factor authentication via PAM (Pluggable Authentication Modules). PAM is a flexible mechanism for authenticating Users. Nowadays, a number of new ways of authenticating users have become popular. The challenge is that each time a new authentication scheme is developed, it requires all the necessary programs (login, ftpd, etc.) to be rewritten to support it.
Page 132: Secure Management Console Access
port2 = 192.168.254.145/port05 global = cleartext mit RADIUS Example: paul Cleartext-Password := "luap" Service-Type = Framed-User, Fall-Through = No, Framed-Filter-Id=":group_name=admin" The list of groups may include any number of entries separated by a comma. If the admin group is included, the user will be made an Administrator. If there is already a Framed-Filter-Id, simply add the list of group_names after the existing entries, including the separating colon ":".
Page 133 When you first enable and connect via HTTPS, it is normal that you may receive a certificate warning. The default SSL certificate in your Console Server is embedded during testing and is not signed by a recognized third party certificate authority. Rather, it is signed by our own signing authority. These warnings do not affect the encryption protection you have against eavesdroppers.
Page 134: Nagios Integration
Nagios software package will typically be installed on a server or virtual server, the central Nagios server. Tripp Lite Console Servers can operate in conjunction with a central/upstream Nagios server to provide distributing monitoring of attached network hosts and serial devices. The Console Servers can embed the NSCA (Nagios Service Checks Acceptor) and NRPE (Nagios Remote Plug-in Executor) add-ons.
Page 135: Central Management
Typically a client PC, laptop, etc. running Windows, Linux or Mac OS X  Runs Tripp Lite SDT Connector client software 1.5.0 or later  Connect to the central Nagios server web UI to view status of monitored hosts and serial devices ...
Page 136: Set Up Distributed Console Servers
You will also require a web server such as Apache to display the Nagios web UI (and this may be installed automatically as a dependency of the Nagios packages). Alternatively, you may wish to download the Nagios source code directly from the Nagios website, and build and install the software from scratch.
Page 137  Check NSCA Enabled, choose an NSCA Encryption Method and enter and confirm an NSCA Secret. Remember these details as you will need them later on. For NSCA Interval, enter 5.  Click Apply. Next, configure the attached Window network host and specify the services you will be checking with Nagios (HTTP and HTTPS): ...
Page 138: Configuring Nagios Distributed Monitoring
 Click Apply. Now set the Console Server to send alerts to the Nagios server:  Select Alerts from the Alerts & Logging menu and click Add Alert.  In Description enter: Administrator connection.  Check Nagios (NSCA).  In Applicable Ports check the serial port that has the router console port attached. In Applicable Hosts check the IP address/DNS name of the IIS server.
Page 139  Enter the Nagios Host Name that the Console Server will be referred to in the Nagios central server – this will be generated from local System Name (entered in System: Administration) if unspecified.  In Nagios Host Address, enter the IP address or DNS name that the upstream Nagios server will use to reach the Console Server –...
Page 140: Enable Nrpe Monitoring
10.3.2 Enable NRPE Monitoring Enabling NRPE allows you to execute plug-ins (such as check_tcp and check_ping) on the remote Console Server to monitor serial or network attached remote servers. This will offload CPU load from the upstream Nagios monitoring machine which is especially valuable if you are monitoring hundreds or thousands of hosts.
Page 141: Enable Nsca Monitoring
10.3.3 Enable NSCA Monitoring NSCA is the mechanism that allows you to send passive check results from the remote Console Server to the Nagios daemon running on the monitoring server. To enable NSCA:  Select System: Nagios and check NSCA Enabled. ...
Page 142: Configure Selected Network Hosts For Nagios Monitoring
 Select Enable Nagios, specify the name of the device on the upstream server and determine the check to be run on this port. Serial Status monitors the handshaking lines on the serial port and Check Port monitors the data logged for the serial port. 10.3.5 Configure Selected Network Hosts for Nagios Monitoring The individual Network Hosts connected to the Console Server that is to be monitored must also be configured for Nagios checks:...
Page 143: Configure The Upstream Nagios Monitoring Host
The Nagios Check nominated as the check-host-alive check is used to determine whether the  network host itself is up or down.  Typically this will be Check Ping – although in some cases the host will be configured not to respond to pings.
Page 144: Advanced Distributed Monitoring Configuration
10.4 Advanced Distributed Monitoring Configuration 10.4.1 Sample Nagios Configuration An example configuration for Nagios is listed below. It shows how to set up a remote Console Server to monitor a single host, with both network and serial connections. Each check has two configurations, one for NRPE and one for NSCA.
Page 145 service_description Serial Status host_name server generic-service check_command check_serial_status define service { service_description serial-signals-server host_name server generic-service check_command check_serial_status active_checks_enabled 0 passive_checks_enabled define servicedependency{ name tripplite_nrpe_daemon_dep host_name tripplite dependent_host_name server dependent_service_description Serial Status service_description NRPE Daemon execution_failure_criteria w,u,c ; Port Log define command{ command_name check_port_log command_line $USER1$/check_nrpe -H 192.168.254.147 -p 5666 -c port_log_$HOSTNAME$...
Page 146 host_name tripplite dependent_host_name server dependent_service_description Port Log service_description NRPE Daemon execution_failure_criteria w,u,c ; Ping define command{ command_name check_ping_via_tripplite command_line $USER1$/check_nrpe -H 192.168.254.147 -p 5666 -c host_ping_$HOSTNAME$ define service { service_description Host Ping host_name server generic-service check_command check_ping_via_tripplite define service { service_description host-ping-server host_name...
Page 147: Basic Nagios Plug-Ins
10.4.3 Additional Plug-Ins Additional Nagios plug-ins (listed below) are available for all the Tripp Lite Console Servers:...
Page 148 check_apt check_http check_nt check_snmp check_by_ssh check_imap check_ntp check_spop check_clamd check_jabber check_nwstat check_ssh check_dig check_ldap check_overcr check_ssmtp check_dns check_load check_ping check_swap check_dummy check_mrtg check_pop check_tcp check_fping check_mrtgtraf check_procs check_time check_ftp check_nagios check_real check_udp check_game check_nntp check_simap check_ups check_hpjd check_nntps check_smtp check_users There also are bash scripts which can be downloaded and run (primarily check_log.sh).
Page 149: System Management
11. SYSTEM MANAGEMENT Introduction This chapter describes how the Administrator can perform a range of general system administration and configuration tasks on the Console Server, such as: Applying Soft and Hard Resets to the gateway  Re-flashing the firmware  Configuring the Date, Time and NTP ...
Page 150: Upgrade Firmware
performing this procedure. Do not use a graphite pencil. Depress the button gently twice (within a 5 second period) while the unit is powered ON. This will reset the Console Server back to its factory default settings and clear the Console Server’s stored configuration information.
Page 151: Configure Date And Time
 Specify the address and name of the downloaded Firmware Upgrade File, or Browse the local subnet and locate the downloaded file.  Click Apply and the Console Server appliance will undertake a soft reboot and commence upgrading the firmware. This process will take several minutes. ...
Page 152: Configuration Backup (B095-004/003 Only)
The Console Server can synchronize its system time with a remote time server using the Network Time Protocol (NTP). Configuring with the NTP time server ensures that the Console Server clock will be accurate soon after the Internet connection is established. Also, if NTP is not used, the system clock will be reset randomly every time the Console Server is powered up.
Page 153 To restore a remote backup:  Click Browse in the Remote Configuration Backup menu and select the Backup File you wish to restore.  Click Restore and click OK. This will overwrite all the current configuration settings in your Console Server. Alternately you can save the backup file locally onto the Console Server USB storage.
Page 154: Fips Mode (B095-004/003 Only)
To backup to the USB enter a brief Description of the backup in the Local Configuration Backups  menu and select Save Backup The Local Configuration Backup menu will display all the configuration backup files you have  stored onto the USB flash To restore a backup from the USB simply, select Restore on the particular backup you wish to ...
Page 155  Select the System: Administration menu option.  Check FIPS Mode to enable FIPS mode on boot, and check Reboot to safely reboot the console server.  Click Apply and the Console Server will now reboot. It will take several minutes to reconnect as secure communications with your browser are validated.
Page 156: Status Reports
12. STATUS REPORTS Introduction This chapter describes the selection of status reports that are available for review: Port Access and Active Users  Statistics  Support Reports  Syslog  UPS Status  Dashboard  12.1 Port Access and Active Users The Administrator can see which Users have access privileges to each serial port: ...
Page 157: Support Reports
12.3 Support Reports The Support Report provides useful status information that will assist the Tripp Lite technical support team to resolve any issues you may experience with your Console Server. If you do experience an issue and have to contact Support, ensure you include the Support Report with your email support request.
Page 158: Dashboard
Remote System Logging The syslog record can be redirected to a remote Syslog Server:  Enter the remote Syslog Server address and port details and then click Apply. Local System Logging To view the local Syslog file:  Select Alerts & Logging: Syslog. To make it easier to find information in the local Syslog file, a pattern matching filter tool is provided.
Page 159: Configuring The Dashboard
12.5.1 Configuring the Dashboard Only users who are members of the admin group (and the root user) can configure and access the dashboard. To configure a custom dashboard: Select System: Configure Dashboard and select the user (or group) you are configuring this ...
Page 160: Creating Custom Widgets For The Dashboard
The Dashboard displays six widgets. These widgets include each of the Status screens (alerts, devices, ports, UPS, RPC and environmental status) and a custom script screen. The admin user can configure which of these widget is to be displayed where: Go to the Dashboard layout panel and select which widget is to be displayed in each of the six ...
Page 161 Create a file called "widget-<name>.sh" in the folder /etc/config/scripts/ where <name> can be anything. You can have as many custom dashboard files as you want. Inside this file you can put any code you wish. When configuring the dashboard, choose "widget- <name>.sh"...
Page 162: Management
13. MANAGEMENT Introduction The Console Server Management Console has a number of reports and tools that can be accessed by both Administrators and Users: Access and control configured devices  View serial port logs and host logs  Use SDT Connector or the java terminal to access serially attached consoles ...
Page 163: Power Management
 To display Host logs select Manage: Host Logs and the Host to be displayed. 13.3 Power Management Administrator and Users can access and manage the connected power devices.  Select Manage: Power. 13.4 Serial Port Terminal Connection Administrator and Users can communicate directly with the Console Server command line and with devices attached to the Console Server serial ports using SDT Connector and their local Telnet client, or using a java terminal in their browser.
Page 164 Telnet client to connect to the command line or serial port using SSH. Note Tripp Lite SDT Connector must be installed on the computer from which you are browsing and the Console Server must be added as a gateway, as detailed in Chapter 6.
Page 165: Remote Console Access (B092-016 Only)
Administrator and Users can also connect to the B092-016 Console Server with PowerAlert remotely (as if they were plugged in locally to the KVM connectors on the B092-016). This connection will enable the remote users to run the PowerAlert software and the other thin client programs (refer to Chapter 16) embedded in the Console Server: Select Manage: KVM Console Server.
Page 167: Basic Configuration - Linux Commands
14. BASIC CONFIGURATION - LINUX COMMANDS Introduction For those who prefer to configure their Console Server at the Linux command line level (rather than use a browser and the Management Console), this chapter describes how to get command line access and use the config tool to manage the system and configure the ports, etc. from the command line: Administration Configuration (System Settings and Authentication Configuration) ...
Page 168: The Linux Command Line
14.1 The Linux Command Line  Power up the Console Server and connect the “terminal” device: o If you are connecting using the serial line, plug a serial cable between the Console Server local DB-9 port and terminal device. Configure the serial connection of the “terminal”...
Page 169 Options -a –run-all Run all registered configurators. This performs every configuration synchronization action pushing all changes to the live system. -h –help Display a brief usage message. -v –verbose Log extra debug information. -d –del=id Remove the given configuration element specified by a '.' separated identifier.
Page 170: Administration Configuration
14.2 Administration Configuration 14.2.1 System Settings To change system settings to the following values: System Name og.mydomain.com System Password (root account) secret System SMTP Server 192.168.0.124 System SMTP Sender og@mydomain.com The following commands must be issued: # /bin/config –-set=config.system.name=og.mydomain.com # /bin/config –-set=config.system.password= #secret # /bin/config –-set=config.system.smtp.server=192.168.0.124 # /bin/config –-set=config.system.smtp.sender=og@mydomain.com The following command will synchronize the live system with the new configuration:...
Page 171: Date And Time Configuration
# /bin/config –-set=config.auth.server=192.168.0.32 # /bin/config –-set=config.auth.password=Secret # /bin/config –-set=”config.auth.ldap.basenode=some base node” The following command will synchronize the live system with the new configuration: # /bin/config –-run=auth 14.3 Date and Time Configuration Manually Change Clock Settings To change the running system time, you need to issue the following commands: # date 092216452005.05 Format is MMDDhhmm[[CC]YY][.ss] Then the following command will save this new system time to the hardware clock:...
Page 172: Network Configuration
Time Zone To change the system time zone USA to Eastern Standard Time, you need to issue the following commands: # /bin/config –-set=config.system.timezone=US/Eastern The following command will synchronize the live system with the new configuration: # /bin/config –-run=time 14.4 Network Configuration 14.4.1 IP Configuration Please note that supported interface modes are 'dhcp' and 'static':...
Page 173: Dial-In Configuration
IP Address: 192.168.1.100 Primary DNS: 192.168.1.254 Secondary DNS: 10.1.0.254 You would need to issue the following commands from the command line: # /bin/config --set=config.interfaces.wan.mode=static # /bin/config --set=config.interfaces.wan.address=192.168.1.100 # /bin/config --set=config.interfaces.wan.netmask=255.255.255.0 # /bin/config --set=config.interfaces.wan.gateway=192.168.1.1 # /bin/config --set=config.interfaces.wan.dns1=192.168.1.254 # /bin/config --set=config.interfaces.wan.dns2=10.1.0.254 The following command will synchronize the live system with the new configuration: # /bin/config –-run=ipconfig 14.4.2 Dial-In Configuration...
Page 174: Services Configuration
# /bin/config –-set=config.console.flow=Hardware # /bin/config –-set=config.console.initstring=ATQ0V1H0 The following command will synchronize the live system with the new configuration: # /bin/config –-run=dialin Please note that supported authentication types are 'None', 'PAP', 'CHAP' and 'MSCHAPv2'. Supported serial port baud-rates are '9600', '19200', '38400', '57600', '115200', and '230400'. Supported parity values are 'None', 'Odd', 'Even', 'Mark' and 'Space'.
Page 175: Serial Port Configuration
# /bin/config –-del=config.services.pingreply.enabled The following command will synchronize the live system with the new configuration: # /bin/config –-run=services Note: “/bin/config” commands can be combined into one command for convenience. 14.5 Serial Port Configuration 14.5.1 Serial Port Settings Setup serial port 5 to use the following properties: Baud Rate 115200 Parity...
Page 176: Supported Protocol Configuration
14.5.2 Supported Protocol Configuration To ensure remote access to serial port 5 is configured as follows: Telnet Access LAN Disabled SSH Access LAN Enabled Raw TCP via LAN Disabled You would need to issue the following commands from the command line to set system configuration: # /bin/config –-set=config.ports.port5.ssh=on # /bin/config –-del=config.ports.port5.Telnet...
Page 177: Trusted Networks
If you want a user named “user1” with a password of “secret” who will have access to serial port 5 from the network, you need to issue the these commands (assuming you have a previous user in place): # /bin/config –-set=config.users.user2.username=user1 # /bin/config –-set=config.users.user2.password=secret # /bin/config –-set=”config.users.user2.description=The Second User”...
Page 178: Event Logging Configuration
# /bin/config –-set=config.portaccess.total=2 Please note that this rule becomes live straight away. 14.6 Event Logging Configuration 14.6.1 Remote Serial Port Log Storage To setup remote storage of serial port 5 log to a remote Windows share with the following properties: IP Address 192.168.0.254 Directory...
Page 179: Sdt Host Configuration
# /bin/config –-get=config.alerts.total This command should display output similar to: config.alerts.total 1 Note that if you see: config.alerts.total This means you have 0 alerts configured. Your new alert will be the existing total plus 1. So if the previous command gave you 0, then you start with user number 1.
Page 180: Configuration Backup And Restore
</host1> <total>3</total> <host2> <address>accounts.intranet.myco.com</address> <description>Accounts server</description> <users> <total>1</total> <user1>John</user1> </users> </host2> <host3> <address>192.168.254.191</address> <description>Tonys Win2000 Box</description> <users> <total>1</total> <user1>John</user1> </users> <tcpports><tcpport1>23</tcpport1></tcpports> </host3> </hosts> </sdt> </config> 14.8 Configuration Backup and Restore Before backing up the configuration, you need to arrange a way to transfer the backup off-box. This could be via an NFS share, a Samba (Windows) share to USB storage, or copied off-box via the network.
Page 181: General Linux Command Usage
/tmp is not a good location for the backup except as a temporary location before transferring it off-box. The /tmp directory will not survive a reboot. The /etc/config directory is not a good place either, as it will not survive a restore. Backup and restore should be done by the root user to ensure correct file permissions are set.
Page 182 The Console Server platform is a dedicated Linux computer, optimized to provide access to serial consoles of critical server systems and control network connected hosts. Being based around uClinux (a small footprint but extensible Linux), it embodies a myriad of popular and proven Linux software modules for networking (NetFilter, IPTables), secure access (OpenSSH) and communications (OpenSSL) and sophisticated user authentication (PAM, RADIUS, TACACS+ and LDAP).
Page 183 smtpclient stty stunel tcpdump tftp traceroute More details on the above Linux commands can found online at: http://en.tldp.org/HOWTO/HOWTO-INDEX/howtos.html http://www.faqs.org/docs/Linux-HOWTO/Remote-Serial-Console-HOWTO.html http://www.stokely.com/unix.serial.port.resources/serial.switch.html...
Page 184: Advanced Configuration
15. ADVANCED CONFIGURATION Introduction This chapter documents the embedded portmanager application which manages the serial ports on the Console Server and gives examples of its use: portmanager documentation  Scripts and alerts  Raw data access to the ports and modems ...
Page 185: Advanced Portmanager
15.1 Advanced Portmanager pmshell The pmshell command acts similarly to the standard tip or cu commands, but all serial port access is directed via the portmanager. Example: To connect to port 8 via the portmanager: # pmshell -l port08 pmshell Commands: Once connected, the pmshell command supports a subset of the '~' escape commands that tip/cu support.
Page 186 pmchat The pmchat command acts similarly to the standard chat command, but all serial port access is directed via the portmanager. Example: To run a chat script via the portmanager: # pmchat -v -f /etc/config/scripts/port08.chat < /dev/port08 For more information on using chat (and pmchat), you should consult the UNIX man pages: http://techpubs.sgi.com/library/tpl/cgi- bin/getdoc.cgi?coll=linux&db=man&fname=/usr/share/catman/man8/chat.8.html pmusers...
Page 187: External Scripts And Alerts
Portmanager Daemon Command line options: There is normally no need to stop and restart the daemon. To restart the daemon, just run the command: # portmanager Supported command line options are: Force portmanager to run in the foreground: --nodaemon Set the level of debug logging: --loglevel={debug,info,warn,error,alert} Change which configuration file it uses: -c /etc/config/portmanager.conf...
Page 188 When an alert occurs on a port, the portmanager will attempt to execute /etc/config/scripts/portXX.alert (where XX is the port number, e.g. 08). The script is run with STDIN containing the data which triggered the alert, and STDOUT redirected to /dev/null, NOT to the serial port. If you wish to communicate with the port, use pmshell or pmchat from within the script.
Page 189: Raw Access To Serial Ports
if [ -z "$LABEL" ]; then echo "Welcome $USER, you are connected to Port $PORT" else echo "Welcome $USER, you are connected to Port $PORT ($LABEL)" </etc/config/pmshell-start.sh> 15.3 Raw Access to Serial Ports Access to Serial Ports You can tip and stty to completely bypass the portmanager and have raw access to the serial ports.
Page 190: Ip- Filtering
To override the standard modem initialization string, either use the Management Console (refer to Chapter 5) or the command line config tool (refer to Dial-In Configuration Chapter 14). Enabling Boot Messages on the Console  If you are not using a modem on the DB9 console port and instead wish to connect to it directly via a Null Modem cable, you may want to enable verbose mode, allowing you to see the standard linux start-up messages.
Page 191 Customizing the IP-Filter: etc/config/filter-custom If the standard system firewall configuration is not adequate for your needs, it can be bypassed safely by creating a file at /etc/config/filter, custom- containing commands to build a specialized firewall. This firewall script will be run whenever the LAN interface is brought up (including initially) and will override any automated system firewall settings.
Page 192: Modifying Snmp Configuration
Resources There are many high-quality tutorials and HOWTOs available via the netfilter website; in particular, peruse the tutorials listed on the netfilter HOWTO page. A list of useful web locations has been compiled for your convenience below: Netfilter Homepage http://netfilter.org Netfilter/iptables Tutorials http://netfilter.org/documentation/index.html#documentation- tutorials...
Page 193: Adding More Than One Snmp Server
The snmpd.conf is extremely powerful and too flexible to cover completely here. The configuration file itself is commented extensively and good documentation is available at the net-snmp website http://www.net-snmp.org, specifically: Man Page: http://www.net-snmp.org/docs/man/snmpd.conf.html FAQ: http://www.net-snmp.org/docs/FAQ.html Net-SNMPD Tutorial: http://www.net-snmp.org/tutorial/tutorial-5/demon/snmpd.html 15.5.1 Adding More than One SNMP Server To add more than one SNMP server for alert traps, add the first SNMP server using the Management Console (refer to Chapter 7) or the command line config tool.
Page 194: Secure Shell (Ssh) Public Key Authentication
To set the Engine ID field (SNMP version 3 only): config --set config.system.snmp.engineid2=800000020109840301 .. replacing 800000020109840301 with the engine ID To set the Username field (SNMP version 3 only): config --set config.system.snmp.username2=yourusername .. replacing yourusername with the username config.system.snmp.username2 (3 only) To set the Engine ID field (SNMP version 3 only): config --set config.system.snmp.password2=yourpassword ..
Page 195: Generating Public Keys (Linux)
OpenSSH, the de facto open source SSH application, encrypts all traffic (including passwords) to effectively eliminate these risks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods. OpenSSH is the port of OpenBSD's excellent OpenSSH[0] to Linux and other versions of Unix. OpenSSH is based on the last free version of Tatu Ylonen's sample implementation with all patent-encumbered algorithms removed (to external libraries), all known security bugs fixed, new features reintroduced and many other clean-ups.
Page 196: Installing The Ssh Public/Private Keys (Clustering)
Enter file in which to save the key (/home/user/.ssh/id_rsa): /home/user/keys/control_room Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/keys/control_room Your public key has been saved in /home/user/keys/control_room.pub. The key fingerprint is: 28:aa:29:38:ba:40:f4:11:5e:3f:d4:fa:e5:36:14:d6 user@server You must ensure there is no password associated with the keys.
Page 197 Assuming the user on the Management Console is called "fred"; the IP address of the Console Server is 192.168.0.1 (default); and the public key is on the linux/unix computer in ~/.ssh/id_dsa.pub. Execute the following command on the linux/unix computer: scp ~/.ssh/id_dsa.pub \ root@192.168.0.1:/etc/config/users/fred/.ssh/authorized_keys The authorized_keys file on the Console Server needs to be owned by "fred", so login to the Management Console as root and type:...
Page 198: Generating Public/Private Keys For Ssh (Windows)
authorized_keys ssh-rsa AAAAB3NzaC1yc2Efg4+tGHl AAA== name@client1 id_dsa ssh-dss AAAAB3NzaZr+OV01C8gdgz id_rsa XDg== name@client2 -----BEGIN DSA PRIVATE KEY----- -----BEGIN RSA MIIBugIBAAKBgQCR PRIVATE KEY----- kixjJ0SKuiREXTM MIIEogIBAAKCAQEA x0PFp9HqBvEg7Ww9 yIPGsNf5+a0LnPUMc oynY4QNiXj1YU7T nujXXPGiQGyD3b79 87ITLQiAhn3yp7ZWy KZg3UZ4MjZI525sCy 7Z5C3sLF8o46Go opv4TJTvTK6e8QIYt GYTByUdI ssh-rsa ssh-dss AAAAB3NzaC1yc2Efg4+tG AAAAB3NzaZr+OV01C8gdgz HlAAA== name@client1 XDg== name@client2 id_dsa.pub id_rsa.pub More documentation on OpenSSH can be found at: http://openssh.org/portable.html...
Page 199 OpenSSH: http://www.openssh.org/ OpenSSH (Windows): http://sshwindows.sourceforge.net/download/ For example, using PuTTYgen, make sure you have a recent version of the puttygen.exe (available from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html). Make sure you have a recent version of WinSCP (available from http://winscp.net/eng/download.php). To generate a SSH key using PuTTY http://sourceforge.net/docs/F02/#clients: ...
Page 200: Fingerprinting
 Create a new file " authorized_keys " (with notepad) and copy your public key data from the "Public key for pasting into OpenSSH authorized_keys file" section of the PuTTY Key Generator, and paste the key data to the "authorized_keys" file. Make sure there is only one line of text in this file ...
Page 201: Ssh Tunneled Serial Bridging
The authenticity of host 'remhost (192.168.0.1)' can't be established. RSA key fingerprint is 8d:11:e0:7e:8a:6f:ad:f1:94:0f:93:fc:7c:e6:ef:56. Are you sure you want to continue connecting (yes/no)? At this stage, answer yes to accept the key. You should get the following message: Warning: Permanently added 'remhost,192.168.0.1' (RSA) to the list of known hosts. You may be prompted for a password, but there is no need to log in: you have received the fingerprint and can Ctrl-C to cancel the connection.
Page 202 As detailed in Chapter 4, the Server gateway is set up in Console Server mode with either RAW or RFC2217 enabled and the Client gateway is set up in Serial Bridging Mode with the Server Address, and Server TCP Port (4000 + port for RAW or 5000 + port # for RFC2217) specified: Select SSH Tunnel when configuring the Serial Bridging Setting.
Page 203 Generated keys may be one of two types - RSA or DSA (and it is beyond the scope of this document to recommend one over the other). RSA keys will go into the files id_rsa and id_rsa.pub. DSA keys will be stored in the files id_dsa and id_dsa.pub. For simplicity going forward, the term private key will be used to refer to either id_rsa or id_dsa and public key to refer to either id_rsa.pub or id_dsa.pub.
Page 204: Sdt Connector Public Key Authentication
Your identification has been saved in /home/user/keys/control_room Your public key has been saved in /home/user/keys/control_room.pub. The key fingerprint is: 28:aa:29:38:ba:40:f4:11:5e:3f:d4:fa:e5:36:14:d6 user@server You should ensure there is no password associated with the keys. If there is a password, then the Console Server devices will have no way to supply it as runtime. Authorized Keys If the Console Server device selected to be the server will only have one client device, then the authorized_keys file is simply a copy of the public key for that device.
Page 205: Secure Sockets Layer (Ssl) Support
To use public key authentication with SDT Connector, first you must first create an RSA or  DSA key pair (using ssh-keygen, PuTTYgen or a similar tool) and add the public part of your SSH key pair to the Console Server – as described in the earlier section. Next, add the private part of your SSH key pair (this file is typically named id_rsa or id_dsa) ...
Page 206: Https
http://www.openssl.org/docs/apps/openssl.html http://www.openssl.org/docs/HOWTO/certificates.txt 15.8 HTTPS The Management Console can be served using HTTPS by running the webserver via sslwrap. The server can be launched on request using inetd. The HTTP server provided is a slightly modified version of the fnord-httpd from http://www.fefe.de/fnord/ The SSL implementation is provided by the sslwrap application compiled with OpenSSL support.
Page 207 You will be prompted to enter a lot of information. Most of it doesn't matter, but the "Common Name" should be the domain name of your computer (e.g. test.tripplite.com). When you have entered everything, the certificate will be created in a file called ssl_cert.pem. 3.
Page 208: Power Strip Control
443 stream tcp nowait root sslwrap -cert /etc/config/ssl_cert.pem -key /etc/config/ssl_key.pem -exec /bin/httpd /home/httpd" Save the file and signal inetd of the configuration change. kill -HUP `cat /var/run/inetd.pid` The HTTPS server should be accessible from a web client at a URL similar to this: https://<common name of unit>...
Page 209 Targets connected to RPC's that could not be contacted (e.g. due to network failure) are reported as status "unknown". If possible, output will be compressed into host ranges. -n, --node Query node power status of targets (if implemented by RPC). If no targets are specified, query all targets.
Page 210: Pmpower
Power on foo0,foo4,foo5: powerman --on foo[0,4-5] As a reminder to the reader, some shells will interpret brackets ([ and ]) for pattern matching. Depending on your shell, it may be necessary to enclose ranged lists within quotes. For example, in tcsh, the last example above should be executed as: powerman --on "foo[0,4-5]"...
Page 211 The first is to have scripts to support the particular RPC included in the open source PowerMan project (http://sourceforge.net/projects/powerman). The PowerMan device specifications are unusual and it is suggested that you leave the actual writing of these scripts to the PowerMan authors.
Page 212: Ipmitool
This value will be passed to the scripts in the environment variable outlet, allowing the script to address the correct outlet. There are four possible scripts: on, off, cycle and status. When a script is run, its standard input and output is redirected to the appropriate serial port. The script receives the outlet and port in the outlet and port environment variables respectively.
Page 213 [-U <username>] [-A <authtype>] [-L <privlvl>] [-a|-E|-P|-f <password>] [-o <oemtype>] <command> ipmitool [-c|-h|-v|-V] -I lanplus -H <hostname> [-p <port>] [-U <username>] [-L <privlvl>] [-a|-E|-P|-f <password>] [-o <oemtype>] [-C <ciphersuite>] <command> Description This program lets you manage Intelligent Platform Management Interface (IPMI) functions of either the local system, via a kernel device driver, or a remote system, using IPMI V1.5 and IPMI v2.0.
Page 214 -f <password_file> Specifies a file containing the remote server password. If this option is absent, or if password_file is empty, the password will default to NULL. Get basic usage help from the command line. -H <address> Remote server address can be an IP address or hostname. This option is required for lan and lanplus interfaces.
Page 215 environments where system security is not an issue or where there is a dedicated secure 'management network' or access has been provided through an Console Server. Further, it is strongly advised that you should not enable IPMI for remote access without setting a password, and that the password should not be the same as any other password on that system.
Page 216: Scripts For Managing Slaves
The list can then be nicely formatted and displayed. It is also possible to run this as a CGI script on the . In this case, the remote/USB logged port logs files are in: B092-016 /var/run/portmanager/logdir (or they are in /var/log). Otherwise you can run the script on the remote log server.
Page 217 - Select Status: Support Report - Scroll down to Processes - Look for: /bin/ssh -MN -o ControlPath=/var/run/cascade/%h Slavename - These are the Slaves that are connected - Note: The end of the Slaves' names will be truncated, so the first 5 characters must be unique Alternatively, you can write a custom CGI script as described above.
Page 218: Local Client Service Connections
The B092-016 has a selection of management clients (Firefox browser, SSH, Telnet, VNC viewer, ICA, RDP) embedded as well as the Tripp Lite PowerAlert software. With these, the B092-016 provides rack side control of computers, networking, telecom, power and other managed devices via serial, USB or IP over the LAN.
Page 219  The sixteen serial ports are pre-configured by default in Console Server mode for the B096-016 / B096-048 Console Server Management Switch or in UPS (PowerAlert) mode for the B092-016 Console Server with PowerAlert product. To change these settings, select Configure, which will load the local Firefox browser and run the Management Console.
Page 220: Connect- Serial Terminal
16.1.1 Connect- Serial Terminal  Select Connect: Serial on the control panel and click on the desired serial port. A window will be created with a connection to the device on the selected serial port: The embedded terminal emulator uses rxvt (a color vt102 terminal emulator). You can find more details on configuration options in http://www.rxvt.org/manual.html 16.1.2 Connect- Browser...
Page 221: Connect- Vnc
Select Connect: VNC on the control panel and click on the VNC server Host to be accessed.  The VNC Viewer client in your B092-016 will be started and a VNC connection window to the selected server will be opened.
Page 222: Connect- Ssh
 If the HostName was left blank when the VNC server connection was configured, then the VNC Viewer will start with a request for the VNC server.  Selecting Options at this stage enables you to configure the VNC Viewer. ...
Page 223: Connect- Ipmi
(ouR XVT). You can find more details on configuration options in: http://www.rxvt.org/manual.html 16.1.5 Connect- IPMI The B092-016 control panel provides a number of IPMI tools for managing service processors or Baseboard Management Controllers (BMCs). These IPMI controls are built on the ipmitools program. Find more details on configuration options in http://ipmitool.sourceforge.net/manpage.html...
Page 224: Connect- Remote Desktop (Rdp)
Select Connect: RDP on the control panel and click on the Windows computer to be  accessed. The rdesktop program in your B092-016 will be started, an RDP connection to the Remote  Desktop server in the selected computer will be opened, the rdesktop window will appear on your B092-016 screen and you will be prompted for a password.
Page 225: Connect- Citrix Ica
You can use Add/Delete/Edit to customize the rdesktop client (e.g. to include login username passwords). The command line protocol is: rdesktop -u windows-user-id -p windows-password -g 1200x950 ms-windows-terminal-server- host-name option Description Color depth: 8, 16, 24 Device redirection. i.e. Redirect sound on remote machine to local device i.e. -0 -r sound (MS/Windows 2003) Geometry: widthxheight or 70% screen percentage Use -p - to receive password prompt...
Page 226: Connect- Poweralert
16.2 Advanced Control Panel 16.2.1 System: Terminal Selecting System: Terminal on the control panel logs you in at the command line to the B092-016 Linux kernel. As detailed in Chapters 14 and 15, this enables you to configure and customize your B092-016...
Page 227: System: Shutdown / Reboot
Users and ends any SSH sessions that had been established. A soft reset will also occur when you switch OFF power from the B092-016, and then switch the power back ON. However, if you cycle the power while the unit is writing to flash, you could corrupt or lose data, so the software Shutdown or Reboot from the control panel is the safer option.
Page 228: Remote Control
 Log in as root (or some other configured B092-016 username) and as a remote Administrator you can then connect to the VNC server in the B092-016 and gain remote access to (and monitor and take control of) the B092-016 local display.
Page 229 Dimensions B096-016 / B096-048: 17 x 12 x 1.75 in (43.2 x 31.3. x 4.5 cm) B092-016: 17 x 6.7 x 1.75 in (44 x 17 x 4.5 cm) B095-004 / B095-003: 4.1x3.4x1.1 in (10.3 x 8.7 x 2.8 cm)
Page 230 PSUs have adopted their own unique pinout; so custom connectors and cables may be required to interconnect your Console Server. In an endeavor to create some move to standardization, Tripp Lite Console Server products all use the same RJ45 pinout convention as adopted by Cisco, SUN and others.
Page 231 Connectors Included in Console Server The B092-016 Console Server with PowerAlert, and the B096-048/016 Console Server Management Switch ship with a “cross-over” and a “straight” RJ45-DB9 connector for connecting to other vendor’s products: DB9F-RJ45S straight connector DB9F-RJ45S cross-over connector...
Page 232 Software, you agree to be bound by the terms of this EULA. If you do not agree to the terms of this EULA, Tripp Lite is not willing to license the Software to you. In such event, do not use or install the Software. If you have purchased the Software, promptly return the Software and all accompanying materials with proof of purchase for a refund.
Page 233 LIMITED WARRANTY Tripp Lite warrants the media containing the Software for a period of ninety (90) days from the date of original purchase from Tripp Lite or its authorized retailer. Proof of date of purchase will be required. Any updates to the Software provided by Tripp Lite (which may be provided by Tripp Lite at its sole discretion) shall be governed by the terms of this EULA.
Page 234 REGARDING THE DEVICE OR THE SOFTWARE, THOSE WARRANTIES DO NOT ORIGINATE FROM, AND ARE NOT BINDING ON, TRIPP LITE. NO LIABILITY FOR CERTAIN DAMAGES. EXCEPT AS PROHIBITED BY LAW, TRIPP LITE SHALL HAVE NO LIABILITY FOR COSTS, LOSS, DAMAGES OR LOST OPPORTUNITY OF ANY TYPE...
Page 235 Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License.
Page 236 a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange;...
Page 237 POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS SUN Java License B092-016 Console Server with PowerAlert prod uct only) 1. Java Technology Restrictions. Licensee shall not create, modify, change the behavior of, or authorize licensees of Licensee to create, modify, or change the behavior of, classes, interfaces, or subpackages that are in any way identified as "java", "javax", "sun"...
Page 238 3. Source Code. Software may contain source code that, unless expressly licensed for other purposes, is provided solely for reference purposes pursuant to the terms of your license. Source code may not be redistributed unless expressly provided for in the terms of your license. 4.
Page 239: Limited Warranty
Service and Warranty Service Your Tripp Lite product is covered by the warranty described in this manual. A variety of Extended Warranty and On-Site Service Programs are also available from Tripp Lite. For more information on service, visit www.tripplite.com/support. Before returning your product for service, follow these steps: 1.
Page 240: Warranty Registration
Visit www.tripplite.com/warranty today to register the warranty for your new Tripp Lite product. You’ll be automatically entered into a drawing for a chance to win a FREE Tripp Lite product!* * No purchase necessary. Void where prohibited. Some restrictions apply. See website for details.
Page 241 Send old equipment for recycling on a one-for-one, like-for-like basis (this varies depending on the country)  Send the new equipment back for recycling when this ultimately becomes waste Tripp Lite follows a policy of continuous improvement. Product specifications are subject to change without notice.
Page 242 Tripp Lite World Headquarters 1111 W. 35th Street, Chicago, IL 60609 USA www.tripplite.com/support 201001079 93-2879-EN...

This manual is also suitable for:

B095-004-1e B095-003-1e-m B096-016 B096-048

Tripp Lite B092-016 Owner's Manual

2 Installation

1 Introduction

Models

Power Connection

2.3 Network C

Serial Port Connection

USB Port Connection

Rackmount Console / KVM Connection (B092-016 Only)

3 Initial System Configuration

Management Console Connection

Administrator Password

Network IP Address

System Services

Communications Software

Management Network Configuration (B096-048/016 Only)

Serial Port and Network Host

Configuring Serial Ports

Add/Edit Users

Syslog

4.3 Authentication

Network Hosts

Authentication

4.5 Trusted Networks

Serial Port Cascading

Serial Port Redirection

Managed Devices (B095-004/003 Only)

Failover and Out-Of-Band Access

Oob Dial-In Access

Oob Broadband Access (B096-048/016 Only)

Broadband Ethernet Failover (B096-048/016 Only)

Dial-Out Failover

Secure Tunneling and Sdt Connector

SDT Connector Configuration

Configuring for SDT Tunneling to Hosts

SDT Connector to Management Console

SDT Connector - Telnet or SSH Connect to Serially Attached Devices

Using SDT Connector for Out-Of-Band Connection to the Gateway

Importing (and Exporting) Preferences

6.7 SDT Connector Public Key Authentication

Setting up SDT for Remote Desktop Access

SDT SHH Tunnel for VNC

Using SDT to IP Connect to Hosts that Are Serially Attached to the Gateway

Alerts and Logging

Configure Smtp/Sms/Snmp/Nagios Alert Service

Activate Alert Events and Notifications

Remote Log Storage

Serial Port Logging

Network TCP or UDP Port Logging

8 Power & Environmental Management

Remote Power Control (RPC)

Uninterruptible Power Supply Control (UPS)

Environmental Monitoring

LDAP Authentication

PAM (Pluggable Authentication Modules)

Secure Management Console Access

Nagios Integration

Nagios Overview

Central Management

Configuring Nagios Distributed Monitoring

Advanced Distributed Monitoring Configuration

System Management

System Administration and Reset

Upgrade Firmware

Configure Date and Time

Configuration Backup (B095-004/003 Only)

FIPS Mode (B095-004/003 Only)

Status Reports

Port Access and Active Users

Statistics

Support Reports

Dashboard

Management

Device Management

13.2 Port & Host Management

Power Management

Serial Port Terminal Connection

Remote Console Access (B092-016 Only)

Basic Configuration - Linux Commands

The Linux Command Line