Device Management; Pre-Configured Settings; One-Time "Recovery" Passwords; One-Time Passwords: How They Work - GE MDS Master Station Technical Manual

5.0 DEVICE MANAGEMENT

This section describes the steps for connecting a PC, logging in, and setting unit parameters. The
focus here is on the local serial/USB console interface, but other methods of connection are
available and offer similar capabilities. The key differences are with initial access and appear-
ance of data.
™
The MDS Master Station offers several interfaces to allow device configuration and monitoring
of status and performance. These include local serial console, USB, NETCONF, HTTP/HTTPS,
and Secure Shell (SSH) for local and remote access via the WAN and LAN networks. The serial
console, USB, and SSH services offer a command line interface (CLI). There are three user ac-
counts/roles for management access:
aged with a RADIUS server, with RADIUS accounts being mapped to one of the three user ac-
counts/roles. Refer to MDS Orbit MCR Technical Manual (05-6632A01) for details on con-
figuring RADIUS authentication.
The MDS™ Master Station is designed for high security environments. As such, man-
agement of the device does not support Telnet, but instead implements the more secure
SSH protocol.

5.1 Pre-Configured Settings

The unit is highly configurable to meet field requirements, but comes pre-configured as follows:
is configured for transparent serial payload at a baud rate of
• COM1
is configured to operate at a baud rate of
•
COM2
operation.
is enabled for local console operation (proper system drivers must be installed on the
•
USB
PC connected to the MDS
these drivers are available from the GE MDS website).
The Ethernet ports are bridged together, with spanning-tree protocol enabled, with a
•
default IP address of

5.2 One-Time "Recovery" Passwords

The MDS Orbit platform employs extensive security measures to prevent unauthorized access.
As such, there are no hidden manufacturer passwords or other "backdoors" found in less secure
products.
If a password is lost, there is no way to access the unit, except by using a one-time password
(OTP) for recovery. The user must create this OTP manually. Without a one-time password, the
unit will not be accessible, and the hardware will need to be replaced. The factory will not be
able to assist you if a password is lost, so creating a one-time password is strongly encouraged.

One-Time Passwords: How They Work

One-time recovery passwords put control directly and exclusively in the user's hands. They are
similar to spare keys for a lock. If you make a spare key, and put it away safely, you can take it
30
, , and
admin tech
™
Master Station to use the USB port as a virtual serial device;
.
192.168.1.1/24
MDS™ Master Station
. User accounts can be centrally man-
oper
115200
, and is enabled for local console
115200 8N1
MDS 05-6399A01, Rev. E
, .
8N1