Page 1
CC2000 Control Center Over the NET™
User Manual
www.aten.com
Page 2
CC2000 User Manual
FCC Information
FEDERAL COMMUNICATIONS COMMISSION INTERFERENCE STATEMENT:
This equipment has been tested and found to comply with the limits for a Class B digital
service, pursuant to Part 15 of the FCC rules. These limits are designed to provide
reasonable protection against harmful interference in a residential installation. Any
changes or modifications made to this equipment may void the user’s authority to
operate this equipment. This equipment generates, uses, and can radiate radio frequency
energy. If not installed and used in accordance with the instructions, may cause harmful
interference to radio communications. However, there is no guarantee that interference
will not occur in a particular installation. If this equipment does cause harmful
interference to radio or television reception, which can be determined by turning the
equipment off and on, the user is encouraged to try to correct the interference by one or
more of the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and receiver.
Connect the equipment into an outlet on a circuit different from that to which the
receiver is connected.
Consult the dealer or an experienced radio/TV technician for help.
FCC Caution: Any changes or modifications not expressly approved by the party
responsible for compliance could void the user's authority to operate this equipment.
RoHS
This product is RoHS compliant.
ii
Page 3
CC2000 User Manual
User Information
Online Registration
Be sure to register your product at our online support center:
International http://eservice.aten.com
Telephone Support
For telephone support, call this number:
International 886-2-8692-6959
China 86-400-810-0-810
Japan 81-3-5615-5811
Korea 82-2-467-6789
North America 1-888-999-ATEN ext 4988
1-949-428-1111
User Notice
All information, documentation, and specifications contained in this manual
are subject to change without prior notification by the manufacturer. The
manufacturer makes no representations or warranties, either expressed or
implied, with respect to the contents hereof and specifically disclaims any
warranties as to merchantability or fitness for any particular purpose. Any of
the manufacturer's software described in this manual is sold or licensed as is.
Should the programs prove defective following their purchase, the buyer (and
not the manufacturer, its distributor, or its dealer), assumes the entire cost of all
necessary servicing, repair and any incidental or consequential damages
resulting from any defect in the software.
The manufacturer of this system is not responsible for any radio and/or TV
interference caused by unauthorized modifications to this device. It is the
responsibility of the user to correct such interference.
The manufacturer is not responsible for any damage incurred in the operation
of this system if the correct operational voltage setting was not selected prior
to operation. PLEASE VERIFY THAT THE VOLTAGE SETTING IS
CORRECT BEFORE USE.
iii
Page 4
CC2000 User Manual
Copyright © 2008–2019 ATEN® International Co., Ltd.
Manual Date: 2019/04/10
Altusen and the Altusen logo are registered trademarks of ATEN International Co., Ltd. All rights reserved. All
other brand names and trademarks are the registered property of their respective owners.
Package Contents
The CC2000 package consists of:
1 CC2000 USB License Key
1 Software CD
1 User Instructions*
Check to make sure that all of the components are present and in good order.
If anything is missing, or was damaged in shipping, contact your dealer.
Read this manual thoroughly and follow the installation and operation
procedures carefully to prevent any damage to the switch or to any other
devices on the CC2000 installation.
* Features may have been added to the CC2000 since this manual was
published. Please visit our website to download the most up-to-date version.
iv
Page 5
CC2000 User Manual
Contents
FCC Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ii
User Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .iii
Online Registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .iii
Telephone Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .iii
User Notice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .iii
Package Contents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iv
Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
About this Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xiii
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xiii
Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xiv
Product Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xiv
Important Note about Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xiv
Chapter 1.
Introduction
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Secure Centralized Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Powerful Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Server Management Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
Server Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
Client Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Browsers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Device Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Secondaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Chapter 2.
CC2000 Server Installation
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
CC1000 Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Upgrading the CC1000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Uninstalling the CC1000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Windows Version Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Starting the Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Post-installation Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Linux Version Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Before you Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Installing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Post-installation Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Post-Installation Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Uninstalling the CC2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
v
Page 6
CC2000 User Manual
Uninstalling from a Windows System . . . . . . . . . . . . . . . . . . . . . . . . . 21
Uninstalling from a Linux System . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Upgrading the CC2000. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Preliminary Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
CC2000 Secondary Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
CC2000 Redundant Secondary Servers . . . . . . . . . . . . . . . . . . . . . . . . . 23
Chapter 3.
Browser Operation
Logging In. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
The CC Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Screen Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
The Navigation Buttons. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Tree View Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Interactive Display Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Selecting List Items. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Web Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Notifications and Message Box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Chapter 4.
Port Access
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Table Headings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Action Buttons. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Launch Multiviewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
The Sidebar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Sidebar Characteristics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Sidebar Filter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Port Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
CC Viewer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Web Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Power ON / OFF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
SSH / Telnet Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Port Access Views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Port View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Target View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Device View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Panel Array Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Department View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Location View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Type View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Favorites View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Adding a Favorite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Viewing a Favorite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Managing Favorites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
vi
Page 7
CC2000 User Manual
User Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Port Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Alias. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
SN Ports Broadcast. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54
Chapter 5.
User Management
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55
Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56
Adding User Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Managing User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
User Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
Group Membership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
Access Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61
Adding Device Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61
Modifying Device Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63
Removing Device Access . . . . . . . . . . . . . . . . . . . . . . . . . . . .63
Managing Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Copy / Paste Access Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Deleting User Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Importing User Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Unlocking User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66
Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Creating Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Adding Users to Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Removing Users from Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69
Access Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70
User Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70
Members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71
Type Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
System Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72
Custom Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73
Authentication Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74
CC2000 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
External Authentication Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Adding an External Authentication Server . . . . . . . . . . . . . . . . . . 78
Service Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79
Deleting an External Authentication Server . . . . . . . . . . . . . . . . .82
Group Authorization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Chapter 6.
Device Management
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87
Preliminary Procedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Using VPN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88
Menu Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89
Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90
Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90
Adding a Folder or Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93
Adding Folders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94
vii
Page 8
CC2000 User Manual
Adding Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Adding an APC PDU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Adding an Aggregate Device . . . . . . . . . . . . . . . . . . . . . . . . . 102
Adding Ports to an Aggregate Device . . . . . . . . . . . . . . . . . . 106
Adding a Blade Chassis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Adding a Virtual Machine. . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Mapped IP Function. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Adding NRGence PDUs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Adding a Generic Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Adding a Group Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Modifying Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Deleting Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Deleting Unused Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Detached Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Redundant Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Locking / Unlocking Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Locking / Unlocking Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Transfer Device Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Restoring Device Configurations . . . . . . . . . . . . . . . . . . . . . . . . 126
Default Access Rights. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Device Sync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Auto Discovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Sidebar Device Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
KVM Devices and Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Properties Page Action Buttons . . . . . . . . . . . . . . . . . . . . . . . . . 133
Access Rights – KVM Devices . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Adding Users or Groups to the Device User/Group List . . . . 134
Modifying a User’s or Group’s Rights . . . . . . . . . . . . . . . . . . 135
Deleting a User’s or Group’s Rights . . . . . . . . . . . . . . . . . . . 135
Action Buttons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Access Rights – KVM Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Adding Users or Groups to the Port User/Group List . . . . . . 136
Modifying a User’s or Group’s Rights . . . . . . . . . . . . . . . . . . 137
Deleting a User’s or Group’s Access Rights . . . . . . . . . . . . . 137
Action Buttons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Copy-Paste Access Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Device Configuration (For KVM Devices) . . . . . . . . . . . . . . . . . . 138
Port Configuration (For Cat5e KVM Devices) . . . . . . . . . . . . . . 139
Power Devices, Stations, and Outlets. . . . . . . . . . . . . . . . . . . . . . . . 141
Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Properties Page Action Buttons . . . . . . . . . . . . . . . . . . . . . . . . . 141
Access Rights – Power Devices, Stations, and Outlets . . . . . . . 142
Adding Users or Groups to the Device, Station, or Outlet Access
List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Modifying a User’s or Group’s Rights . . . . . . . . . . . . . . . . . . 142
Deleting a User’s or Group’s Rights . . . . . . . . . . . . . . . . . . . 142
Device Configuration (For Power Devices) . . . . . . . . . . . . . . . . 143
Station Configuration (For Power Devices). . . . . . . . . . . . . . . . . 145
Port (Outlet) Configuration (For Power Devices). . . . . . . . . . . . . 147
viii
Page 9
CC2000 User Manual
Port Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .147
Schedule Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .148
Serial Devices and Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .150
Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .150
SN device session history . . . . . . . . . . . . . . . . . . . . . . . . . . .150
Action Buttons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .150
Access Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .150
Adding Users or Groups to the Device or Port Access List . . 150
Modifying a User’s or Group’s Rights. . . . . . . . . . . . . . . . . . .151
Deleting a User’s or Group’s Rights. . . . . . . . . . . . . . . . . . . .151
Action Buttons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151
Device Configuration (For Serial Devices). . . . . . . . . . . . . . . . . .152
Port Configuration (For Serial Devices). . . . . . . . . . . . . . . . . . . .153
Port Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153
Departments, Locations and Types . . . . . . . . . . . . . . . . . . . . . . . . . . . .155
Online Devices Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157
Unsupported Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .158
Advanced Port Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154
Adding a Department Location or Type. . . . . . . . . . . . . . . . . . . . . . .155
Assigning Devices and Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155
Modifying a Department, Location, or Type . . . . . . . . . . . . . . . . . . .156
Deleting a Department, Location, or Type. . . . . . . . . . . . . . . . . . . . .156
Chapter 7.
System Management
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159
Menu Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160
CC Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161
CC Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161
Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163
Login Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163
Lockout Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163
User Role Restriction Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . .164
Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .164
This Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166
Server Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166
Action Buttons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .168
Promote Role (Secondary to Primary) . . . . . . . . . . . . . . . . . .168
Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .169
Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .170
SMTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .170
NTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .172
SNMP Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
SNMP Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .174
SNMP Trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175
Syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .176
Dial In. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177
Dial Out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178
Primary Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
ix
Page 10
CC2000 User Manual
VMware Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
IP Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
MAC Filtering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Virtual Media Security Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Single Sign On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Changing a Self-Signed Certificate . . . . . . . . . . . . . . . . . . . . . . 186
Importing a Signed SSL Server Certificate . . . . . . . . . . . . . . . . . 188
Import Private Key and Certificate. . . . . . . . . . . . . . . . . . . . . . . . 189
License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Upgrading the License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
License Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
License Conflict. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Adding a Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Backup the Primary Server Database . . . . . . . . . . . . . . . . . . . . . 196
Export Event Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Power Control a Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Upgrade Selected Appliance Firmware . . . . . . . . . . . . . . . . . . . 201
Backup Device Configuration/Account Information . . . . . . . . . . . 204
Export Device Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Export Session History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Editing a Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Deleting a Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Replicate Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Appliance Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Firmware Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Adding Firmware Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Deleting Firmware Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Deleting Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Sidebar Server Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Chapter 8.
Logs
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
CC Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
CC Log Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Notification Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Adding and Configuring Notification Users . . . . . . . . . . . . . . . . . 221
Modifying Notification Configurations . . . . . . . . . . . . . . . . . . . . . 222
Deleting Notification Configurations . . . . . . . . . . . . . . . . . . . . . . 222
Testing Event Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Export Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Import Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Advanced Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
x
Page 11
CC2000 User Manual
Device Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .226
Device Log Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .227
Device Log Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228
Session History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229
Session History Search. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Session History Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
SNMP Trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231
SNMP Trap Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231
Search Condition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231
SNMP Trap Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232
Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233
Access Per User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233
Device Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235
Port Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .236
Device Access (Top 10) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Port Access (Top 10). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240
Asset Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .241
Report Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .241
Appendix A
Technical Information
Safety Instructions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .243
General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .243
Rack Mounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245
Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246
International. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246
North America . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246
USB Authentication Key Specifications. . . . . . . . . . . . . . . . . . . . . . . . . . 246
CC2000 Capable ATEN/Altusen IP Products . . . . . . . . . . . . . . . . . . . . .247
Energy Intelligence Rack PDUs . . . . . . . . . . . . . . . . . . . . . . . . .247
Supported KVM Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .249
Device ANMS Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .249
VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .250
Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251
CC2000 Proxy Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .252
Name, Description and Range Parameters . . . . . . . . . . . . . . . . . . . . . .253
Trusted Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .256
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .256
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .257
Self-Signed Private Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .262
Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .262
Importing the Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .262
Appendix B
The CC2000 Utility
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263
System Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .264
Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .265
View License. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
xi
Page 12
CC2000 User Manual
Appendix C
Authentication Key Utility
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
Key Status Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
Key Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
Key Firmware Upgrade. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Starting the Upgrade. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Upgrade Succeeded . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Key License Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Online Upgrade. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Upgrade Succeeded . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Offline Upgrade. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Preliminary Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Performing the Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Offline Upgrade Failure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Order Expiration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
Appendix D
External Authentication Services
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Approved Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
LDAP/LDAPS – OpenLDAP Setting Example . . . . . . . . . . . . . . . . . . . . 287
Active Directory Settings Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
RADIUS Settings Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
TACACS+ Settings Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
NT Domain Settings Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
LDAP Group Authorization Setting Examples . . . . . . . . . . . . . . . . . . . . 295
Example 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Example 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
Active Directory Group Authorization Setting Example . . . . . . . . . . . . . 300
MOTP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
Appendix E
SSO HTML Sample Codes
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
SSO HTML Sample Codes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
xii
Page 13
CC2000 User Manual
About this Manual
This User Manual is provided to help you get the most from your CC2000
system. It covers all aspects of installation, configuration and operation. An
overview of the information found in the manual is provided below.
Generally speaking, chapters 1, 3, and 4 are sufficient for basic users. The other
chapters and appendixes are only required for specialized user types. For
example, System Administrators, should read the entire manual; Device
Administrators, chapters 6 and 8; User Managers, chapter 7. Custom user types
will want to read the chapters appropriate to their assigned roles.
Overview
Chapter 1, Introduction, introduces you to the CC2000 System. Its
purpose, features and benefits are presented, and its front and back panel
components are described.
Chapter 2, CC2000 Server Installation, provides step-by-step
instructions for installing the CC2000 on both a Windows and Linux system.
Chapter 3, Browser Operation, explains how to log into the CC2000 with
a browser, and describes how to work with the CC2000’s browser GUI
interface.
Chapter 4, Port Access, shows how to access and control the devices that
will be managed over the CC2000 network.
Chapter 5, User Management, describes how to: add, modify and delete
user accounts; create user groups and assign users to them; specify device
access rights for users and groups; and specify the user authentication method.
Chapter 6, Device Management, explains how to add, configure, and
organize the devices that will be managed over the CC2000 network.
Chapter 7, System Management, provides an overview of the CC2000
organizational concept, and demonstrates how to deploy, configure, and
manage the CC2000 primary and secondary servers on your installation.
Chapter 8, Logs, explains the CC2000’s logging function and how to
access, filter, and search the various logs that are kept by the CC2000.
Appendix A, Technical Information, provides technical as well as
troubleshooting information.
Appendix B, The CC2000 Utility, shows how to configure a number of the
CC2000’s parameters from the desktop of the computer that the CC2000 runs
on, without having to invoke the browser GUI.
xiii
Page 14
CC2000 User Manual
Appendix C, Authentication Key Utility, describes how to access and
update the information contained in the CC2000 Authentication Key.
Appendix D, External Authentication Services, discusses the use of
authentication via external third party services. It also provides examples of
configuring OpenLDAP for CC2000 authentication, and configuring RADIUS
for CC2000 authentication in a Linux environment.
Conventions
This manual uses the following conventions:
Monospaced Indicates text that you should key in.
[ ] Indicates keys you should press. For example, [Enter] means
1. Numbered lists represent procedures with sequential steps.
♦ Bullet lists provide information, but do not involve sequential
→ Indicates selecting the option (on a menu or dialog box, for
to press the Enter key. If keys need to be chorded, they appear
together in the same bracket with a plus sign between them:
[Ctrl+Alt].
steps.
example), that comes next. For example, Start
to open the Start menu, and then select Run.
Indicates critical information.
→
Run means
Product Information
For information about all Altusen products and how they can help you connect
without limits, visit Altusen on the Web or contact an Altusen Authorized
Reseller. Visit Altusen on the Web for a list of locations and telephone
numbers:
International http://www.aten.com
Important Note about Firmware
Due to database changes that have been made with a previous firmware release
(V2.3.222), this version of CC2000 is not compatible with any previous
CC2000 releases. CC2000 firmware V2.7.264 supports Java Web Start
(JNLP).
xiv
Page 15
Chapter 1
Introduction
Overview
The CC2000 Control Center Over the NET™ provides single portal, single
login, secure, centralized, access, administration and management of your
entire network – local and worldwide – anywhere; anytime.
The CC2000 offers a single, integrated browser-based interface to manage all
your devices. Users no longer need to learn the interface for each individual
device, making system management easier and more efficient.
The CC2000’s Primary / Secondary architecture allows multiple CC2000 units
to be linked in a communication network to create an integrated web of devices
– all of which can be accessed with a single login from a web browser. (The
diagram on the following page provides a CC2000 deployment example.)
The Primary-Secondary paradigm also safeguards your data transmissions
through its built-in redundancy factors including: automated database backup
of Primary, Secondaries and devices; and real-time database updating.
Redundancy ensures smooth, uninterrupted access management of all your
devices. Should any of the CC2000 servers go down, the CC2000 management
system keeps functioning since the redundant secondary unit takes over to
provide the required services until the downed unit comes back up.
By consolidating the management of your ATEN/ALTUSEN IT devices, the
CC2000 allows every device to be securely accessed and controlled by means
of a single IP address. Servers and network equipment are integrated into a
single tree view, making the CC2000 ideal for enterprises with data centers and
branch offices, located in several remote locations.
Recognizing the broad spectrum of computing environments, the CC2000’s
Java software implementation allows it to work with Sun Java Runtime
Environment (JRE) enabled operating systems – ensuring multi-platform
integration and mutual operability.
1
Page 16
CC2000 User Manual
Deployment Example:
Devices
Secondary
Secondary
Secondary
Secondary
Primary
Secondary
Secondary
Secondary
Secondary
2
Page 17
Chapter 1. Introduction
Features
Secure Centralized Management
Complete control of your enterprise – consolidates the management of all
ATEN/Altusen IT devices
Single portal, single sign-on, single IP address to securely access every
device on the installation
All devices are integrated into a single tree view for centralized access,
administration, and management of a worldwide network from anywhere
at anytime
Primary/Secondary topology provides redundancy – including real-time
database updating
Double Redundancy – the CC2000 not only provides a redundant
Secondary server for the Primary server, each Secondary server can also
have a redundant Secondary server.
Aggregate Device – The KVM port, serial port and power outlet of an IT
device can be associated and presented in the same web page, which
enables IT administrators to completely control an IT device from a single
user interface
Multiplatform installation support – Windows / Linux
Multiplatform client support (Windows, Mac OS X, Linux, Sun)
Multi-browser support – Internet Explorer, Chrome, Firefox, Safari,
Opera, Mozilla, Netscape
Email notification of specified system events
Automatic scheduling of system, configuration, and maintenance tasks
Logging and auditing of system events for the CC2000 and managed
devices
Session logs provide serial device keystroke history
ATEN/Altusen device auto-discovery with device-availability status, and
alarms
View, manage, and terminate active user sessions in real time
User level management identification
Browser-based GUI offers a multilanguage interface to minimize user
training time and increase productivity
Generic Device support – users can be redirected to 3rd party data center
devices from the CC2000
3
Page 18
CC2000 User Manual
Flexible logging and report options
Blade Server Integration supports Centralized Server Control, Power
Management – to power on/off the server, Sensor and log Readings for
Service Processor Management
APC PDU (AP79xx, AP89xx, AP86xx) support
Supports single sign-on for Dell DRAC 5, iDRAC 6 (standard rack server
(monolithic) and blade server (modular)), IBM RSA II, IBM IMM, IBM
AMM, HP iLO 2, HP iLO 3, HP iLO 5,and IPMI
Energy Intelligence Rack PDU support
Integrates all access rights – Web, SSH/Telnet, VNC/RDP, IPMI/SPM,
KVM, serial, power to target device
Virtual Infrastructure includes VMware vSphere 5.5, 6.0, Windows Server
2008, 2012 & 2016, and Citrix XenServer 6.5
Panel DynaArray – view the output of multiple ports in individual panels
on the same screen
Power association with ATEN/Altusen PDU enables the switch’s KVM
ports to associate with the PDU’s power outlets for remote power
management of the servers from the switch’s interface
Web-based wizard to quickly install devices
Primary can pull device port names from Secondary servers; Primary can
push device port names to Secondary server
Advanced search function for log entries
Strong session management/Integrates multi-session (ATEN iKVM, Blade
server, VMware, PDU, and so on)
License Saving-use Aggregate Devices to consolidate multiple ports into a
single node license
Data export /import to remote server or local in real time or on schedule.
AES/DES encryption support for data export
OOBC, PAP and CHAP authentication
IPv6 support
NTS support – allow your device to get the accurate time from a server
that the administrator assigns
4
Page 19
Chapter 1. Introduction
Powerful Security
Powerful security features include both internal and external
authentication – external authentication support includes LDAP, LDAPS,
Kerberos, Active Directory, RADIUS, TACACS+, and NT Domain
Option to force users of all CC managed devices to be authenticated
through the CC – users cannot log in to the devices directly
Compliant with the X.509 Digital Certificate Standard
Supports TLS 1.2 data encryption and RSA 2048-bit certificates to secure
users logging in from browsers
Flexible session time-outs
Configurable user and group permissions for server access and control
Supports password protection, SAS 70 compliance for configurable
amount of failed login attempts and user ID lock out parameters
Devices can identify themselves by Name, MAC address, or IP in the
browser
IP and MAC filtering
Private CA support
Server Management Features
BIOS level support
Flexible encryption design allows users to choose any combination of 56-
bit DES, 168-bit 3DES, 256-bit AES, 128-bit RC4, or Random for
independent KB/Mouse, video, and virtual media data encryption
Virtual Media – supports CAC/Smart Card readers, fingerprint readers,
DVD/CD drives, USB mass storage devices, PC hard drives and ISO
images
Exit Macro support
Mouse DynaSync – automatically synchronizes the local and remote
mouse movements
Panel Array Mode – simultaneous monitoring of the video output of the
installations’ servers
Message Box for Administrators to communicate with users
Message Board for communication among remote users
Scalable Video Display
5
Page 20
CC2000 User Manual
Requirements
Server Requirements
Systems that the CC2000 server will be installed on should meet the following
requirements:
Hardware Requirements
CPU: Pentium 4, 2.60 GHz or higher
Memory: At least 512MB (1GB or more recommended)
Hard drive: 500MB or more free space
Ethernet: At least 1 Ethernet adapter (100Mbps or higher) – Giga LAN
recommended
Operating System Requirements
Windows: 2000, XP, 2000 Server, Server 2003, Server 2008, or
Windows Vista with Java Runtime Environment (JRE) 8 or higher
(with the latest service package for each installed)
Linux (with Java Runtime Environment (JRE) 8 or higher)
Red Hat Enterprise Linux V. 4
Novell SUSE Enterprise Server 9 and 10
Ubuntu 15.10 x64
Ubuntu 15.10 x86
Debian 8.2 x64
Fedora 23 x64
Fedora 23 x86
OpenSUSE 13.1 x64
CentOS 7 x64
6
Page 21
Chapter 1. Introduction
Client Requirements
Hardware Requirements
CPU: We recommend that the computers used to access the switch have at
least a Pentium 4 2GHz processor, with their screen resolution set to 1024
x 768.
Memory: At least 512MB (1GB or more recommended)
Ethernet: At least 1 Ethernet adapter – 10Mbps or higher – 100Mbps
recommended
Browsers must support 128 bit SSL encryption.
For the browser-based Java Applet Viewer the latest version of the Java
Runtime Environment (JRE) must be installed.
At least 205MB of memory must be available for the first viewer after
logging in from the browser and 100MB for each additional viewer that is
opened, thereafter.
Operating Systems
Supported operating systems for client workstations that connect to the
CC2000 are shown in the table, below:
OS Versi on
Windows 2000 and higher
Linux RedHat 7.1 and higher
Fedora Core 2 and higher
SuSE 9.0 and higher
Mandriva (Mandrake) 9.0 and higher
UNIX AIX 4.3 and higher
FreeBSD 4.2 and higher
Sun Solaris 8 and higher
Supported operating systems for users that log into the CC2000 include
Windows 2000 and higher, and those capable of running the Java Runtime
Environment (JRE) 8 or higher.
Note: The Windows 2000 Client does not support the WinClient Viewer.
7
Page 22
CC2000 User Manual
Browsers
Supported browsers for users that log into the CC2000 include the following:
Browser Version
IE 9 and higher
Chrome 8.0 and higher*
Firefox Windows 3.5 and higher
Linux 3.0 and higher
Safari Windows 4.0 and higher
Mac 3.1 and higher
Opera 10.0 and higher
Mozilla Windows 1.7 and higher
Sun 1.7 and higher
Netscape 9.0 and higher
Note: For newer versions of Chrome, you may need to enable the NPAPI
(Netscape Plugin Application Programming Interface) manually by
keying the command "chrome://flags/#enable-npapi" in the URL bar.
Or you can go to Java.com (https://java.com/en/download/faq/
chrome.xml) for more details.
Device Requirements
All ATEN/Altusen IP products must be at a firmware level that contains the CC
Management function, and the CC Management function must be enabled.
Download and install the latest version of the relevant firmware from our
Website, if necessary. For details on upgrading the firmware see Upgrade
Selected Appliance Firmware, page 201.
Note: 1. Devices must be configured to communicate on the same port that
you configure for the CC2000’s Device Port (see Device port,
page 15).
2. For a list of supported devices see CC2000 Capable ATEN/Altusen IP
Products, page 247.
8
Page 23
Chapter 1. Introduction
Licenses
The CC2000 license controls the number of Secondary servers and nodes
permitted on the CC2000 server installation. License information is contained
on the USB License Key that came with your CC2000 purchase.
Upon completion of the CC2000 server software installation, a default license
for one primary (no secondaries), and 16 nodes is automatically provided. To
add anything more (secondary servers and nodes), you must upgrade the
license. See Upgrading the License, page 191, for detailed information.
Nodes
A node can either be a physical port, or an aggregate device. Each node
requires a license.
Aggregate devices can be created when a device (router, server, Ethernet
switch, etc.,) managed through the CC2000 is capable of being accessed
through several ATEN/Altusen NET™ ports. By consolidating those ports
into a single Aggregate Device, the Aggregate Device counts as a single
node, and only requires a single license.
Ports on ATEN/Altusen NET™ devices, when not part of an aggregate
device, must be unlocked (see Locking / Unlocking Ports, page 123) in
order to be used. Each unlocked port counts as one node.
Generic devices (routers, switches, etc.) are not counted.
Direct Web Access devices are not counted.
Group Devices do not count as nodes. They are made up of unlocked
physical ports that are grouped together. The same physical port can be
added to more than one Group device, but it only requires one node license
no matter how many Group devices it is added to.
Like Group Devices, Folders do not count as nodes, however each
physical port within a folder counts as a node. In addition, each Aggregate
Device contained in a folder counts as one node.
Note: See Devices, page 90 for detailed information on each of the device
categories.
Secondaries
The license specifies how many secondaries you can register with the primary
CC2000. See CC2000 Secondary Servers, page 23 for details regarding
registering a Secondary with a primary.
9
Page 24
CC2000 User Manual
This Page Intentionally Left Blank
10
Page 25
Chapter 2
CC2000 Server Installation
Overview
Recognizing the increasing importance of Linux in the server environment, the
CC2000 Control Center Over the NET™ system makes the CC2000’s
management services available on both the Windows and Linux platforms.
This chapter describes how to install the CC2000 server on each of them.
CC1000 Considerations
Upgrading the CC1000
Users who already have CC1000 USB license keys for a minimum of 2 users
can upgrade to the CC2000-LE (CC2000 Lite) version, which provides a
license for 1 Primary and 128 nodes. This is accomplished by upgrading the
CC1000 key firmware to the CC2000 key firmware (see Key Firmware
Upgrade, page 268). After performing the upgrade, the license key changes to
the CC2000 license method.
Note: If you decide to go back to the CC1000 license method, you must
“upgrade” the key with CC1000 key firmware (V1.2.111), at which
time your CC1000 key license – with the original number of users – will
be restored.
Uninstalling the CC1000
If you attempt to install a standard CC2000 version over a prior CC1000
installation, a message appears on screen informing you that you must first
uninstall the CC1000 in order to install the CC2000:
Note: If you would prefer not to uninstall the CC1000 (and thereby lose all of
its information), you must install the CC2000 on a different system.
11
Page 26
CC2000 User Manual
Windows Version Installation
Before You Begin
Before running the installation program, make sure that Sun's Java Runtime
Environment (JRE) 8 or higher has been installed on your system. If not, you
will first need to download and install it. You can find the latest version on
Java’s official web site:
http://java.com
After JRE has been installed on your system, you will be ready to install the
CC2000 program.
Starting the Installation
To install CC2000 on a Windows system, do the following:
1. Put the software CD that came with your package into the computer’s CD
or DVD drive.
2. Go to the folder where CC2000Setup_Win.exe is located, and execute it. A
screen, similar to the one below, appears:
Click Next to move on.
12
Page 27
Chapter 2. CC2000 Server Installation
3. In the screen that comes up, read the License Agreement, then click to
enable the I accept... radio button:
4. Click Next to continue.
5. The following dialog box appears:
6. Key in the CC2000’s software serial number (the serial number can be
found on the CD case), then click Next to continue.
Note: We recommend that you save your software serial number in a safe
place in case you need to use it for reinstallation.
13
Page 28
CC2000 User Manual
7. In the Choose Installation Folder dialog box, specify the CC2000’s
installation folder. If you don’t want to use the default entry, click
Choose... to browse to the location that you want, then click Next to
continue.
8. In the Choose Shortcut Folder dialog box, click one of the radio buttons to
specify where you would like to create product icons, then click Next to
continue.
9. In the Configuration dialog box that comes up, fill in the fields according
to the information provided in the table, below.
14
Page 29
Chapter 2. CC2000 Server Installation
Heading Explanation
Server name The dialog box presents the default name for the server – as
defined in the Windows Computer Name setting. You can choose a
different name to identify the server on the CC2000 installation, if
you wish. The name can be from 2–32 bytes in any supported
language.
Note: 1. The following characters may not be used: " ' \
2. This name is only for CC2000 server purposes – it doesn’t
change the actual computer name.
CC port The port that the CC2000 server uses to communicate with other
CC2000 servers. The default is 8001.
Note: 1. This is the CC Port referred to on the This Server web
page (see Server Information, page 166).
2. Although each CC2000 server on the system can use its
own port setting, for ease of management we recommend
that all CC2000 servers use the same port setting.
Device port The port that the CC2000 server uses to communicate with the
devices (ATEN/Altusen IP products) on the installation. The default
is 8000.
Each CC2000 can have a separate Device port number, but in order
to communicate with the devices connected on its network
segment, those devices must be configured to use the same port as
the one set here.
HTTP port The port that the CC2000 server uses for web communication. The
default is 80. If you use a different port, users must specify the port
number in the URL of their browsers.
HTTPS port The port that the CC2000 server uses for secure web
communication. The default is 443. If you use a different port, users
must specify the port number in the URL of their browsers.
15
Page 30
CC2000 User Manual
10. After the fields have been filled, click Next to continue.
Note: You can change any of these settings following the installation.
See Server Information, page 166, for details.
11. The dialog box changes to inform you that files are being copied to the
installation folder. Once the files have been copied, click Continue to
move on.
12. The Pre-Installation Summary screen appears:
If you wish to change anything, click Previous to go back, If the
information is correct, click Install.
13. When the installation utility brings up a screen informing you that the
installation has completed successfully, click Done to exit the installer.
16
Page 31
Chapter 2. CC2000 Server Installation
14. At the completion of the installation, a CC2000 entry is created in the
Windows Start menu:
Post-installation Check
After the installation completes successfully, the CC2000 program starts
automatically (and starts automatically with every bootup).
To check that the CC2000 has started, navigate through the following folders:
Control Panel
CC2000 entry. If the CC2000 is running it will appear in the services list. You
should see a screen similar to the one, below:
→
Administrative Tools → Services. Look down the list to the
The entry for the Status field should say Started. If it does not, right click
anywhere on the CC2000 entry line and select Start from the pop up menu.
17
Page 32
CC2000 User Manual
Linux Version Installation
Before you Begin
The procedure for installing CC2000 on a Linux system is similar to that for
Windows, but there are Java considerations to take note of first.
If Java isn’t already installed on your system, you will need to download it
from the Java web site:
http://java.com
Installation instructions are provided on the Java download page.
CC2000 program requires the system to run JRE versions 8 or higher.
Some Linux distributions install earlier versions than the JRE 8. To find
out the Java version on your system, open a terminal and enter the
following:
java -version
If the version it displays do not fit the system requirement, please make
sure you have a JRE version that is Version 8 or higher. (See the previous
point regarding downloading and installing Java.)
Make sure your PATH and JAVA_HOME environment variables point to
the new version in your /root/.bash_profile file. For example:
JAVA_HOME=/usr/java/jre1.6.0_0-b11
PATH=$JAVA_HOME/bin:$PATH:./
BASH_ENV= $HOME/.bashrc
USERNAME= "root"
export JAVA_HOME PATH BASH_ENV USERNAME
Even after you install an appropriate Java version and set the new PATH
and JAVA_HOME environment variables, the distribution may still not
recognize the new version and continue to use its original Java version. If
the problem exists on your installation, correct it by doing the following:
1. Copy the CC2000Setup_Linux.bin file from the distribution CD to a
folder on your hard disk.
2. Open a terminal and go to the directory where the
CC2000Setup_Linux.bin file is located.
3. Enter the following commands:
export LAX_DEBUG=1
sh CC2000-Setup-ForLinux.bin
Note: If the installation program starts, cancel it.
18
Page 33
Chapter 2. CC2000 Server Installation
4. In the screen output, look for the line (it will be in bold) that starts:
Using VM.........
to see which Java your distribution is defaulting to.
5. If the Using VM entry shows a path to a file named java in the old Java
version directory, go to that directory and either delete the java file or
rename it.
6. Log out and log back in.
Installing
After making sure that the appropriate version of the JRE has been installed,
do the following:
1. Put the software CD that came with your package into the computer’s CD
or DVD drive.
2. Go to the folder where CC2000Setup_Linux.bin is located, and run it.
Note: 1. You must run the installation program as the root user.
2. Make sure that the installation file has executable permissions
3. For some versions of Linux, the program must be run in a terminal.
A screen, similar to the one below, appears:
Click Next to move on.
19
Page 34
CC2000 User Manual
4. From here, the installation procedure is the same as the one for Windows.
Refer to the Windows installation procedure (see page 12), for details on
how to proceed.
Post-installation Check
After the installation completes successfully, the CC2000 program starts
automatically (and starts automatically with every bootup).
To check that the CC2000 has started, start, stop, and restart, the service by
issuing the following commands (as root) from a terminal console:
/etc/init.d/cc2000service start#to start the service
/etc/init.d/cc2000service stop#to stop the service
/etc/init.d/cc2000service restart#to restart the service
/etc/init.d/cc2000service status#to check the service status
To check on the Java version your system is running, do the following:
1. Open the Start menu.
2. Navigate to the CC2000 entry (Programs
Version Checker.
→
CC2000), and select Java
Post-Installation Setup
The CC2000 software comes with a default demo license that allows the ser v er
to be a primary server with no secondaries and 16 nodes (all of which must be
on the same network as the server). For anything beyond this minimum, you
will need a license key that allows secondary servers and additional nodes.
Once the software is installed on the server, the next step is to specify whether
the server will be a Primary or Secondary.
If this server is going to be a Primary, insert the CC2000’s USB license
key into a USB port; log into the server (see Logging In, page 25); go to
the License page, and click Upgrade (see Upgrading the License,
page 191, for details). The number of Secondaries and nodes that are
allowed depends on your license key purchase.
Note: After upgrading the license remove the key and place it somewhere
safe, since you will need it for future upgrades.
If this installation is going to be a Secondary server, there is no need to
insert a license key – you simply need register it with the primary.
See Register, page 169, for details.
20
Page 35
Chapter 2. CC2000 Server Installation
Uninstalling the CC2000
Uninstalling from a Windows System
To uninstall the CC2000 from a Windows system, do the following:
1. Open the Start menu.
2. Navigate to the CC2000 entry (Programs
Uninstall CC2000.
Note: The removal program does not remove a number of the CC2000 files
and folders that were created during operation. For a complete removal
(necessary if you plan on reinstalling), you must remove them yourself
from the location that the CC2000 was installed at (the default folder is
C:\CC2000).
→
CC2000), and select
Uninstalling from a Linux System
To uninstall the CC2000 from a Linux system, as root, execute the following
command:
/install-path/Uninstall_CC2000/Uninstall_CC2000
Where /install-path/ represent s the path and direc tory tha t you spec ified fo r the
CC2000’s location when you installed the program.
Note: The removal program does not remove a number of the CC2000 files
and folders that were created during installation. For a complete
removal (necessary if you plan on reinstalling), you must remove them
yourself. The default is /home/CC2000.
21
Page 36
CC2000 User Manual
Upgrading the CC2000
If the CC2000 program has already been installed, it is not necessary to
perform a full install. You can upgrade to the latest CC2000 version by running
the CC2000-Upgrade program:
CC2000Upgrade_Win.exe (for Windows)
CC2000Upgrade_Linux.bin (for Linux)
Note: When you upgrade, you must upgrade the primary and each of the
secondaries.
New versions of the Upgrade Program are put up on our website for download
as they become available. Check the website to get the most up-to-date version.
Preliminary Steps
These steps make sure that the installation database is at the most current level
across all of the CC2000 units. If a problem should occur after the upgrade, you
can use the backup created with them to restore the database to its latest
working level.
We recommend you take the following backup steps on each CC2000 unit
before you begin.
1. Replicate the database of each of the secondaries; use Run Now for the
schedule setting. (See Replicate Database, page 209.)
2. After replication completes; go back and set the schedule to a time that
will not take place during the upgrade time (next week, next month, etc.).
3. On the primary unit, do a Database Backup (see page 196).
Once you have finished these preliminary steps you can upgrade the primary
and each of the secondaries. When you run the upgrade program, simply follow
the installation Wizard to complete the procedure.
22
Page 37
Chapter 2. CC2000 Server Installation
CC2000 Secondary Servers
A complete CC2000 installation can comprise 1 Primary and up to 31
Secondaries servers located anywhere throughout the world. The Primary
server becomes automatically designated when you upgrade the demo license
that came with your CC2000 software. See License, page 190, for details.
Once the Primary server has been set, you can then register each of the other
CC2000 servers as Secondaries with the Register function. See Register,
page 169, for details.
CC2000 Redundant Secondary Servers
To provide CC2000 server redundancy – where a backup (alternate) CC2000
automatically takes over from a failed primary (preferred) one – do the
following:
1. Install two CC2000 servers on the same network segment.
2. Under Device Management, for each device on the segment, specify the IP
addresses of the preferred and alternate CC2000s on the device’s ANMS
settings page (see Device Configuration (For KVM Devices), page 138).
Now, should the device fail to connect with the preferred CC2000 server (due
to network failure, CC2000 failure, etc.), the device will connect with the
alternate CC2000. Once it connects with the alternate CC2000, the device will
thereafter seek the alternate as its first connection choice. The alternate remains
the first choice until such time as the device cannot connect with it, and then
looks to connect with the original preferred server.
Note: Redundant Secondaries are not a special category of CC2000 server.
They are no different than any other Secondary servers in the CC2000
management system. They are only redundant in the sense that they
provide a fall-back in case the device’s preferred CC2000 fails. This is
similar to specifying a preferred and alternate DNS server for a TCP/IP
network.
23
Page 38
CC2000 User Manual
This Page Intentionally Left Blank
24
Page 39
Chapter 3
Browser Operation
To ensure multi-platform operability, access to the CC2000 is available
through most standard web browsers. Once users log in and are authenticated,
the CC2000’s browser GUI comes up. This chapter explains the login
procedure, and describes the CC2000’s browser GUI components.
Logging In
To log into the CC2000, do the following:
1. Open the browser and specify the IP address of the CC2000 in the
browser's URL location bar.
Note: If the system administrator has configured the HTTP or HTTPS port
setting as something other than the CC2000 defaults, you must
include http:// or https:// before the IP address, and specify the port
number along with the IP address. For example:
http://192.168.1.20:8082
Where 8082 is the http port number, and a colon is inserted between
it and the IP address.
2. If any Security Alert dialog boxes appear, accept the certificate – it can be
trusted. See Trusted Certificates, page 256 for details. After a moment, the
Login page appears:
25
Page 40
CC2000 User Manual
3. Provide your CC2000 Username and Password*, then click Login.
Note: There is a pre-installed system administrator account that can be
used to log in for the first time to begin creating users and groups,
adding devices, configure the system, etc. The Username for this
account is administrator; the password is password. For security
purposes, we strongly recommend you change this to something
unique. See Managing User Accounts, page 60 for details.
4. If you are using MOTP authentication, provide the PIN and OTP*, then
click Login.
Note: When using MOTP authentication, you should key in the PIN or
OTP assigned to you. For information related to MOTP, refer to
page 74.
The CC Interface
After you have successfully logged in, the CC web page appears:
The CC web page components are described in the table on the next page.
26
Page 41
Chapter 3. Browser Operation
Screen Components
The CC’s screen components are described in the table, below:
No. Item Description
1 Tab Bar The tab bar contains the CC2000’s main operation
2 Page Menu Bar The page menu bar contains operational sub-
3 Sidebar The Sidebar provides a tree view listing of items that
4 About About provides information regarding the current
5 Logout Click this button to log out of your CC2000 session.
6 Welcome Message If this function is enabled (see Preferences,
7 Navigation Buttons These buttons move you through the Sidebar. Their
8 Interactive Display Panel This is your main work area. The screens that
categories. The items that appear in the tab bar are
determined by the user’s type, and the authorization
options that were selected when the user’s account
was created.
categories that pertain to the item selected in the tab
bar. The items that appear in the menu bar are
determined by the user’s type, and the authorization
options that were selected when the user’s account
was created.
relate to the various tab bar and menu bar
selections. Clicking an item in the Sidebar brings up
a page with the details that are relevant to it.
version of the CC2000.
page 31), a welcome message displays here.
usage is discussed in the next section of this
chapter.
appear reflect your menu choices and Sidebar item
selection. The use of this panel is discussed later in
this chapter – see Interactive Display Panel,
page 29.
27
Page 42
CC2000 User Manual
The Navigation Buttons
The navigation buttons move you through the items in the Sidebar as follows:
Button Action
Moves to the item in the tree that is one level out and one step up from the
current selection (its parent item). In the diagram below: If the focus were on
OutletA, it would move to PN0108RPSwitch.
Moves to the item in the tree that is on the same level of depth and one step
up from the current selection (its sibling item). In the diagram below:
If the focus were on OutletB, it would move to OutletA.
If the focus were on PN0108RPSwitch, it would move to KN4132-23.
Moves to the item in the tree that is on the same level of depth and one step
down from the current selection (its sibling item). In the diagram below:
If the focus were on KN4132-23, it would move to PN0108RPSwitch.
If the focus were on OutletA, it would move to OutletB.
Moves to the item in the tree that is one level in and one step down from the
current selection (its child item). In the diagram below: If the focus were on
PN0108RPSwitch, it would move to OutletA.
One of the advantages of using the navigation buttons instead of clicking on an
item in the Sidebar lies in the fact that you stay on the same Panel Menu page
as you move from item to item.
Note: When you make a menu choice, a Panel Menu bar with further choices
appears in the Interactive Display Panel. See Interactive Display Panel,
page 29, and the table on page 30.
If, for example, you made a change to OutletA that you also wanted to make to
OutletD, by using the navigation buttons, you could conveniently get to the
desired location in OutletD without having to click through all the Panel Menus
to get there.
If you access an item by clicking on it in the Sidebar, however, the opening
page for that item appears. To make the same change to OutletD that you made
to OutletA, you would have to start at the beginning and click through all the
Panel Menus to get to the desired location.
Note: If an item’s icon contains a question mark, it indicates there is a
mismatch between the device’s information and the information for it
stored in the CC2000’s database. See Update, page 133, for information
on resolving the problem.
28
Page 43
Chapter 3. Browser Operation
Tree View Considerations
Only items a user is authorized to access appear in the Sidebar tree view.
A plus (+) sign in front of an item means that there are additional items
nested inside of it. Click the plus sign to expand the view and show the
nested items.
The plus sign changes to a minus sign (-)when an item is expanded. Click
the minus sign to collapse the view and hide the nested items.
For devices, if the device is on line, its icon is in color; if it is off line, its
icon is gray.
Note: User’s can configure the way devices and ports display in the Sidebar
tree view. See User Preferences, page 51, for details.
Interactive Display Panel
Overview
The Interactive Display Panel (also referred to as the main panel) is your main
work area. The screens that appear reflect your menu choices and Sidebar item
selection. The reason it is called an interactive display panel, is that in addition
to displaying the contents of your menu choices, it is also a work area where
you can make configuration settings and perform actions on selected devices.
An explanation of a typical interactive display panel is given below:
29
Page 44
CC2000 User Manual
(Continued from previous page.)
No. Item Description
1 Panel Menu
Bar
2 Panel Menu
Title Bar
3 Action-Input
Area
Refines the menu category into smaller related groupings.
If there are secondary Panel Menu pages, hovering over the
Panel Menu title causes a popup menu to appear. Click on
the menu item to go to the desired secondary page.
The items that appear in the Panel Menu bar are determined
by the user’s type, and the authorization options that were
selected when the user’s account was created.
Describes the Panel Menu category.
If there are secondary Panel Menu pages, an arrow icon
indicates so. Click the Down-Arrow icon to go to the next
page in the sequence; click the Up-Arrow icon to go to
the previous page in the sequence.
A button or input box displays here directing you to take an
action (Save, Delete, Add, Next, etc.), with regard to the
current page.
Selecting List Items
Many of the pages displayed in the Interactive Display Panel contain a list of
items (devices, users, groups, configuration files, etc.), that you will select to
perform some operation on. For example:
You can select an individual item by clicking to put a check in the
checkbox in front of its name.
You can select a group of items by clicking to put a check in the checkbox
in front of each of their names.
You can select all of the items by clicking to put a check in the checkbox at
the top of the column.
30
Page 45
Chapter 3. Browser Operation
Preferences
Users can set individual preferences for their browser sessions by clicking the
Preferences tab on the Tab Bar. The Interactive Display Panel opens to the
default page – Web Options. The Panel Menu bar shows the available
categories: Web Options and Password.
31
Page 46
CC2000 User Manual
Web Options
For Language:
Click the Use Browser Settings radio button to have the CC2000’s
pages display in the same language that your browser is set to.
Note: If your browser is set to a non-supported language, the CC2000
looks to what your server’s operating system is set to. If the
operating system is set to a supported language it will use that
language to display its pages. If the operating system is set to a
non-supported language, the CC2000 defaults to English.
Click the Use radio button to drop down a list of supported languages
and have the CC2000’s pages display in the language you select.
Note: The language selected here, if different from the browser’s
setting, will only take effect after login. The login page will
follow the sequence described in the note for Use Browser
Settings.
For Login Page: You can choose to have the CC open to the default page
when you log in – which is the first page of the first available tab on the
Tab Bar – or you can choose to have the CC open to the page you were on
the last time you logged out.
32
Page 47
Chapter 3. Browser Operation
For Welcome Page:
If you want the Welcome Message to appear on screen, select Show; if
you don’t want it to appear, select Hide.
If you want a Screen Name to appear with the Welcome Message, key
it into the Display screen name text box.
Note: 1. This provides a way of changing the screen name specified in
your User Account. When you change the name here, the
Screen Name entry in the User Accounts settings will
automatically change to what you specify here (see Adding
User Accounts, page 56).
2. The Screen Name will not display unless you choose to Show
the Welcome Message.
To disable mouse-over hints from appearing, click to put a check mark in
the Disable hints checkbox.
When you have made your choices, click Save.
Password
If you wish to change your password, do the following:
1. Check Change Password. This enables the password input fields.
2. Key in your old password in the Old password field.
3. Key in your new password in the New password field.
4. Key in your new password again in the Confirm password field.
5. Click Save.
33
Page 48
CC2000 User Manual
Notifications and Message Box
The Message section under the Preferences tab has a notification system that
allows an administrator to send notifications to any or all CC2000 users.
Note: This is an Administrator-only function.
For all users, there is an instant messenger that provides an online chat function
for all users that are currently logged in to the CC2000.
When users receive a message, the mail icon will appear in the lower right
corner of the page. When read, the icon changes to a chevron.
Click on the green chevron at the lower right corner of the Message Box to
enable/disable the instant messenger:
Note: The chat function is available throughout the interface.
34
Page 49
Chapter 4
Port Access
Overview
The Port Access page is used to access and control the devices, ports and
outlets that are managed over the CC2000 network. The page’s Menu Bar
provides different organizational views of those items, as shown in the
screenshot, below:
Click the view on the Menu Bar that you want to see the items organized by.
From there, you can operate the items as described in the sections that follow.
Note: If no access rights have been assigned to a user, the Port Access tab and
page do not display – even for System Administrators.
35
Page 50
CC2000 User Manual
Table Headings
An explanation of the column headings is provided in the table, below.
Note: 1. The headings at the top of the table don’t all appear for each view.
Which ones appear vary depending on the view selected.
2. You can change the sort order of the items by clicking on the column
headings.
Heading Explanation
Name The name given to the port when it was added to the CC2000
Alias If you gave the port an alias, the alias name appears here.
Port The port’s port number on the device it belongs to.
Port Type Indicates the kind of device that the port belongs to.
Device Name The name of the device that the port belongs to.
Device Type The type of device that the port belongs to (SNxxx, PNxxx, KNxxx,
Options
Status
IP Address For physical devices – the device’s IP Address displays here.
MAC Address For physical devices – the device’s MAC Address displays here.
Operation The default action for accessing the device/port appears in this cell.
Link
installation.
Blade, etc.).
For KVM ports, indicates the port’s Access Mode. See Mode,
page 140, for details.
For Serial ports, indicates the port’s Operating Mode. See Port
Settings, page 153, for details.
For Power outlets, indicates the port’s Power Management
Configuration. See Port Settings, page 147, for details.
This item is blank for Target device ports.
For KVM ports, indicates whether the port is online or offline.
For Serial ports, indicates whether the port is online or offline.
For Power outlets, indicates whether the outlet port’s power socket is
On or Off.
Note: This category does not apply to Blade Chassis or individual
blades, therefore N/A (not applicable) displays in this field for Blade
Chassis, and Unknown displays for individual blades.
Click the arrow at the right of the table cell to see what other actions
(if any), are available.
Click your choice to open a session for the device/port. The various
device/port operation choices are described in the Port Operation
section that follows.
→
Click to go to the device’s Device Management
Port page.
36
Page 51
Chapter 4. Port Access
Action Buttons
There are two buttons on the main panel: Filter at the bottom of the page, and
Launch Multiviewer at the top right of the page.
Filter
Filter allows you to control which items appear in the main panel list. Key in a
string and click Filter (or tap [Enter]). Only items that have that particular
string in their names display in the list.
For example, if TD is your string, only items with names containing TD, such
as TD-AGG-01, will be displayed.
Sort by: To sort the devices displayed in the main panel, use the Sort by menu
to select a criteria to sort by: Name, Alias, Type, IP Address, or MAC Address.
You can use the Sort by feature with or without applying the filter.
Items/Page: Use this drop down menu to select how many devices you want
to display on the page. Options are: 25, 50, 75, 100, and 400. To prevent
extremely slow loading, the maximum number of devices that can be displayed
per page is 400.
To clear the filter and bring back the complete list, erase the contents of the
input box and click Filter, again.
Launch Multiviewer
If you want to launch viewers for more than one port at a time, check the
checkbox in front of the name of the ports you want to access, then click
Launch Multiviewer.
37
Page 52
CC2000 User Manual
The Sidebar
Devices, ports and outlets that have been configured on the CC2000 are listed
in a tree structure in the Sidebar at the left of the screen:
Sidebar Characteristics
The characteristics of the Sidebar tree structure are the following:
Users are only allowed to see the devices, ports and outlets that they have
access permission for.
Ports/outlets and child devices can be nested under their parent devices.
Click the + in front of a device to expand the tree and see the ports/
outlets nested underneath it. Click the - to collapse the tree and hide the
nested ports/outlets.
For faster port access the tree is collapsed and must be expanded for
node access. For every 2000 nodes the tree will be divided into a
separate folder, so that the page loads faster.
Switches and ports that are online have their monitor screen icons in
Green; the monitor screens are Gray for devices and ports that are offline.
38
Page 53
Chapter 4. Port Access
Clicking an item in the tree brings up its Status and Operation page.
Double clicking an active device or port opens the viewer for it.
Right clicking an active device or port opens a pop-up that allows you to
select a viewer to access it with (see Port Operation, page 40, for details).
Sidebar Filter
Filter allows you to control the number and type of devices, ports and outlets
that display in the Sidebar. When you click the funnel icon at the bottom
left of the Sidebar panel it brings up the Filter dialog, which looks similar to
the image, below:
The meanings of the choices are explained in the following table:
Choices Explanation
All This is the default view. With no other filter options selected,
Online If you enable Online (by putting a check in the checkbox) only
Search If you key in a search string and click Search, only device,
all of the devices, ports and outlets that are accessible to the
user are listed in the Sidebar.
Drop down the list box to see all of the available choices and
select one of them instead of All. Only the items that match
your selection display in the tree.
items that are online display in the tree.
port, and outlet names that match the search string display in
the tree. Wildcards (? and *) are acceptable, so that more than
one item can show up in the list. For example, if you key in
Web*, both Web Server 1 and Web Server 2 show up in the
list.
To dismiss the Filter dialog, click the downward-pointing chevron at the
bottom left of the Sidebar panel.
39
Page 54
CC2000 User Manual
Port Operation
Depending on the item chosen, various port operation methods are available to
access and control it. Click the arrow at the right of the Operation cell to select
an operation method, as explained in the following sections.
CC Viewer
Clicking CC Viewer opens a KVM or Serial viewer directly to the device
running on the selected port. It is just like what you would see if you logged
into the device directly and then selected that port on the device’s GUI. A
window with that device’s port session opens on your desktop.
For example, TD-AGG-01 in our screenshot on page 43, is an aggregate device
that contains ports from a KN2124v KVM switch, a PN0108 PDU, and an
SN0108 serial device. When I click CC Viewer, I get a window with the
KN2124v’s first port in the aggregate device selected:
To switch p orts in th e viewer, o pen the hi dden Control Pan el (by hovering over
the top center of the viewer window), and select the Port List icon. The port list
choices include all the ports belonging to the device.
40
Page 55
Chapter 4. Port Access
In the list, select the device the port belongs to (SN0108 in the screenshot),
then click the port you want to access.
The device or port name (port ID) displays in the CC Viewer title bar.
The viewer window of each port has a hidden Control Panel. To switch to
a different port on the device, bring up the port list and click the desired
port.
If the target device is associated with a PDU, additional power controls
appear in the CC Viewer Control Panel.
When you have finished with your session, open the Control Panel and
select the Exit icon.
Note: The CC Viewer does not support OpenJDK.
Web Access
Clicking Web Access opens a browser session for the device on your desktop
just as if you had opened your browser and logged into from the URL bar:
41
Page 56
CC2000 User Manual
Power ON / OFF
For Aggregate and Power devices you can choose All ON or All OFF to
turn all the outlets belonging to that device on or off.
For Power outlets, you can choose ON or OFF. If the port’s status is ON,
the choice is OFF – click OFF to turn the power to the outlet off.
Note: The change doesn’t show in the table until you leave the page and
come back to it.
SSH / Telnet Session
Choose to open an SSH or Telnet session to the selected port. You get an SSH
or Telnet viewer window just as if you had logged into the serial device
(SN0108, for example), with your browser and had chosen Telnet on the Main
Web page.
42
Page 57
Chapter 4. Port Access
Port Access Views
Port View
When Port Access is selected on the tab bar, the default page is Port V iew. Thi s
page lists all of the ports that have been deployed under the CC2000
management system, independently of their devices:
To only see a particular port, click on it in the Sidebar.
Targe t Vi ew
Target devices include Aggregate Devices, Blade Chassis (and individual
blades), and Virtual Machines. The Target page default view has All selected
at the top of the Sidebar, and the Status and Operation page displayed in the
Interactive Display panel:
To only see the ports for a particular device, click on the device in the Sidebar.
43
Page 58
CC2000 User Manual
Device View
Device view displays all of the devices that have been deployed under the
CC2000 management system:
To only see the ports for a particular device, click on the device in the Sidebar.
Panel Array Mode
After you create a group device, you can launch panel array mode of the device
by clicking the CC Viewer button (Operation column) and click the Panel
Array icon in the control panel.
A video reference is available in the link below:
https://www.youtube.com/watch?v=tbaQWK1vh60
44
Page 59
Chapter 4. Port Access
Department View
Department view displays all of the departments that have been created under
the CC2000 management system, and the ports that have been assigned to
each:
To only see the ports belonging to a particular department, click on the
department in the Sidebar.
45
Page 60
CC2000 User Manual
Location View
Location View displays all of the locations that have been created under the
CC2000 management system, and the ports that have been assigned to each:
To only see the ports belonging to a particular location, click on the location in
the Sidebar.
Type View
Type View displays all of the device types that have been created under the
CC2000 management system, and the ports that have been assigned to each:
To only see the ports belonging to a particular device type, click on the type in
the Sidebar.
46
Page 61
Chapter 4. Port Access
Favorites View
The Favorites page is similar to a bookmarks feature. Devices and ports that
you frequently access can be saved under favorite names of your choosing
here. Simply open this page and select the name – rather than hunting for
devices and ports in the Sidebar. This feature is especially handy on large,
crowded installations.
When you select Favorites on the menu bar, the default page comes up, listing
all of the devices and ports that have been deployed under the CC2000
management system:
Note: Filter and Launch Multiviewer work the way they do on the other View
pages.
Adding a Favorite
To create a Favorite and populate it with ports, do the following:
1. Drop down the Select Operation list and choose Add Favorites.
2. In the page that comes up, give the Favorite a name, click the checkboxes
of the ports you want to include, then click Save.
47
Page 62
CC2000 User Manual
When the operation completes, your Favorite displays in the main panel,
and it is also listed in the Sidebar.
Viewing a Favorite
There is a filter panel at the bottom of the sidebar that lets you control the items
that display on this page:
Use of the filter is described in the table, below:
Choices Explanation
Default This is the default view. With no other filter options selected,
Online If you enable Online (by putting a check in the checkbox) only
Search If you key in a search string and click Search, only port names
48
all of the ports that are accessible to the user are listed in the
Sidebar and display in the main panel.
If any Favorites have been created, you can drop down the list
box and select the one you want to view. When you select a
Favorites, only the items that you have chosen for it display in
the Sidebar and main panel.
the ports whose attached devices are online appear in the
Sidebar and the main panel.
that match the search string display in the Sidebar and main
panel. Partial entries are acceptable, so that key in Web, any
ports that contain the string Web anywhere in their name,
show up in the Sidebar and main panel.
Page 63
Chapter 4. Port Access
Managing Favorites
To add or remove ports from a Favorite. do the following:
1. Select the Favorite in the filter list.
2. Click Edit Ports (at the top-right of the panel).
A page comes up showing all of the ports available to the user, with the
ports that are currently included in the Favorite having a check in their
checkboxes:
3. Check any ports you want to include in the Favorite; uncheck any ports
you want to remove from the Favorite.
4. click Save.
49
Page 64
CC2000 User Manual
Dashboard
The Dashboard page provides a quick view of all devices by category. The
Dashboard lets you see the status of each device by color and gives a link to its
Port Status and Operations page.
Use the drop down menu at the top right corner of the page to select devices by
category. When you select a category, the devices in that category will appear
highlighted by the color used in the drop down menu for that type. Devices
with a white background are not in the category selected.
Online devices appear with white text and a dark background:
Offline devices appear with black text and a light background:
Unmonitored devices that do not have a protocol to support an on/off status,
such as a URL, will always appear Online.
Double Click any device to bring up its Port Status and Operations page.
50
Page 65
Chapter 4. Port Access
User Preferences
The last item on the Menu Bar, User Preferences, is different from the other
Menu Bar items in that it doesn’t provide an organizational view of the devices
and ports. It has two Panel Menu items: Port Display, and Alias. Port Display
lets you configure how the device tree appears in the Sidebar; Alias lets you
give nicknames to your devices and ports.
Port Display
The Port Display page is the default that opens when you select User
Preferences.
An explanation of the display settings is given in the following table:
Item Explanation
Display Settings
View Settings If you select Allow group devices to expand in By Device, ports
Drop down the list to select which view you want the page to open
to when you click the Port Access tab.
If you choose Show complete tree, all the nested devices and
ports will display when you click to expand the tree.
If you choose Hide physical devices or ports that are included
in group devices, physical ports that are included in group
devices will not display under their originating devices when you
click to expand the tree.
nested under aggregate or group devices also appear in the tree
view. Otherwise, there is no plus sign in front of the group device,
and its ports cannot be displayed.
51
Page 66
CC2000 User Manual
Item Explanation
Viewer Client
Settings
If you choose Auto-detect system, the CC2000 will check to see
if you logged in with IE or with another browser. If you logged in
with IE, it will open the Windows Client Viewer when you access a
device or port. If you logged in with a browser other than IE, it will
open the Java Client Viewer.
If you choose Always use java Client, the CC2000 will open the
Java Client Viewer no matter which browser you logged in with.
Checking Use Win32 PuTTY Telnet/SSH client for single port
operation will open the PuTTY Telnet/SSH client software when
connecting to a serial device via CC2000.
Scan Duration sets the interval time for scanning ports when
viewing ports in array mode.
52
Page 67
Chapter 4. Port Access
Alias
Selecting Alias on the Panel Menu, brings up a page that allows you to give
your devices, ports, and outlets a nickname to make it more convenient to
remember which items you are managing:
The default view only shows devices. To give an alias to a port or outlet,
click the arrowhead in front of the device’s name to show them.
Key the alias into the Alias field that corresponds to the device, port, or
outlet. When you return to an organizational view page, the alias appears
in the Sidebar instead of the device or port name.
Note: The alias only appears for the particular user that creates it. Other users
see the original name (or an alias that they have created).
53
Page 68
CC2000 User Manual
SN Ports Broadcast
Selecting SN Ports Broadcast on the Panel Menu, brings up a page that allows
you to select ports on a serial device to receive broadcast commands, by
selecting the boxes. Selecting multiple Broadcast Ports allows you to access
and make changes on a single serial port and the same change will be made
across all Broadcast Ports.
For broadcasting to work, you must access a Broadcast Port using the
SNViewer and turn Broadcast on from the Control Panel. See the SN0148 user
manual, Control Panel Functions, page 38 for details.
Broadcast timeout: If there is no user input for the amount of time set here,
the Broadcast function (to other ports) is automatically ended. Key in a value
from 0–240 seconds. A setting of 0 (zero) has the same effect as disabling the
function.
Selecting Broadcast Ports will put a check in all serial ports and broadcast
changes as such.
Selecting Broadcast among all ports will put a check in all serial ports for a
particular serial device. You can also expand the serial device to select
individual ports for broadcasting.
Note: The CC2000 will only list serial devices which are connected to a
switch that supports broadcast ports.
54
Page 69
Chapter 5
User Management
Overview
The User Management page is used to perform the following functions:
Add, import, modify and delete user accounts
Create user groups and assign users to them
Specify device access rights for users and groups based on system default
or custom defined user types
Specify whether the user's authentication will be performed via the
CC2000 (internal) or via an external authentication server
When you click the User Management tab, the CC2000 opens to the default
Accounts page, which looks similar to the screen, below:
All users and groups, are listed in the Sidebar and in a table in the Interactive
Display Panel. To access any user or group, simply click on the name in either
location.
Note: The User Management page is for System Administrators and User
Administrators. Other user types can omit this chapter.
55
Page 70
CC2000 User Manual
Accounts
The Accounts page is used to add, modify and delete user accounts. The default
Accounts page looks similar to the one below:
Adding User Accounts
To add a user, do the following:
1. Select Users in the Sidebar.
2. Click Add at the top-right of the main panel. The Add User - Account
Information page appears:
56
Page 71
Chapter 5. User Management
3. Enter the required information in the appropriate fields. A description of
each of the fields is given in the table below:
Field Description
Login name Internal (CC2000) Accounts: A maximum of the equivalent of
Description Additional information about the user that you may wish to
User type Drop down the list to select the User Type you want to assign
Authentication
server
User base RDN If the authentication server is an LDAP server, the user’s base
Session Timeout If you don’t want to have a session time out after the user has
Unexpected
disconnection
timeout
16 English alphanumeric characters is allowed. The minimum
number of characters is based on the CC2000’s account policy
settings (see CC2000 Authentication, page 76).
External Authentication: The Login name should be one that
exists on the external authentication server.
Note: These external servers provide authentication services
only – they do not provide authorization services. Authorization
is provided through the CC2000 management system,
therefore the access rights need to be set in the CC2000.
include. A maximum of 256 Bytes is allowed.
the new user to. See p. 70 for information about User Types.
For authentication by the CC2000, leave the selection as is.
For authentication by an external authentication service, drop
down the list to select the one you wish to use.
Note: Before you can make this selection, an external authentication server must first be added. See External Authentication Servers, page 78, for details.
RDN setting must be in this field.
been idle for a specified amount of time, select the No timeout
radio button.
If you do want to have a session time out after the user has
been idle for a specified amount of time, select the Timeout
after radio button. Valid settings are from 1–99 mins. The
default is 3 mins.
Note: This setting pertains to Web log in sessions.
If the user unexpectedly disconnects (i.e. closes the browser),
the CC2000 times out the user’s session after the amount of
time specified here. The timeout interval is from 3–10 minutes;
default is 3 minutes.
57
Page 72
CC2000 User Manual
4. Click Next at the top-right of the main panel. If CC2000 was chosen for
authentication, The Add User - Account Status page appears:
Note: If an external authentication server was chose for authentication, the
account status information is maintained on that server, so this page
doesn’t appear. Instead, you go directly to the Add User - Personal
Information page (see step 5).
A description of each of the fields is given in the table below:
58
Field Description
Password
Enabling Use "password" as default sets password as the
user’s password.
If you do not enable Use "password" as default, enter the
user’s password in the Password field. A maximum of the
equivalent of 16 English alphanumeric characters is allowed.
The minimum number of characters is based on the CC2000’s
account policy settings (see CC2000 Authentication, page 76).
To be sure there is no mistake in the password, enter it again in
the Confirm Password field. The two entries must match.
Page 73
Chapter 5. User Management
Field Description
Restrictions
Account
Expires
Disable account temporarily cancels a user’s account without
deleting it – so that the account can easily be reinstated at a
future time.
If User cannot change password is enabled, the user can’t
change his own password. Otherwise, the user can use the
Preferences tab to change his own password. See Password,
page 33 for details.
If User must change password at next login is enabled, the
user must change his password the next time he logs in.
Enabling Password never expires, prevents the user’s
password from expiring after a given period of time. This
overrides the system-wide configuration set on the CC2000’s
account policy settings (see CC2000 Authentication, page 76).
Note: Enabling some restrictions automatically disables others.
Clicking the Never radio button sets it so that the account never
expires.
To have the account expire on a certain date, click the Expires
on radio button; then click the calendar icon to select the
expiration date.
5. Click Next at the right of the panel. The Add User - Personal Information
page appears.
The fields on this page are optional. You can leave them blank, or fill in as
much as you like.
6. When you have finished with the Add User - Personal Information page,
click Save at the top-right of the main panel to bring up the Add Access
Rights page.
This page lets you set the user’s access rights to the devices and ports that
exist on the installation. See Access Rights, page 61 for information on the
configuration settings.
7. When you have finished setting the user’s access rights, click Save at the
top-right of the main panel to add the user to the Users list, and bring up
the Access Rights Summary page. See Access Rights, page 61, for details
about adding access rights.
Note: To add additional users, you must start by clicking Users in the Sidebar.
59
Page 74
CC2000 User Manual
Managing User Accounts
To manage a user account do the following:
1. Select Users in the Sidebar.
2. Either click the user’s name in the Sidebar, or click the user’s name in the
main panel. The user’s Account Information page appears:
This page is similar to the adding a user account page, except there are
three Panel Menu items at the top: User Information, Group Membership,
and Access Rights.
User Information
This Panel Menu item contains all three pages (Account Information, Account
Status, and Personal Information), that were in the Adding a User Account
procedure (see page 56). They are used to modify a user’s account – such as
changing the user’s password. To modify the information on these pages, you
can either move through them sequentially, by clicking the arrow icons, or you
can go directly to a page by hovering over the menu and selecting the page from
the popup menu that appears.
Group Membership
Clicking this Panel Menu item brings up a page that shows a list of all the
groups a user belongs to. You can click on the group name in the list to go to
the group’s Group Information page. See Groups, page 67 for details about
this page.
60
Page 75
Chapter 5. User Management
Access Rights
To configure a user’s access rights to devices, ports, and outlets, do the
following:
1. Select Accounts on the Menu Bar.
2. Select the User in the Sidebar.
3. Select Access Rights on the Panel Menu Bar in the Interactive Display
Panel to bring up the user’s Access Rights page.
If no devices have been assigned to the user, the page that comes up looks like
the one shown below:
Note: Access rights do not have to be individually assigned in all cases. See
Copy / Paste Access Rights, page 63, for details.
Adding Device Access
To add devices that the user can access, do the following:
1. Click Add at the top right of the panel.
A screen with a list of all the devices on the installation, appears:
2. Check the devices, ports, and outlets that you want the user to be able to
access.
61
Page 76
CC2000 User Manual
3. For each selected device, port, and outlet, click on the arrow in the
Configuration Rights column to set the user’s configuration rights for that
item. Allowed means the user can configure the device or port settings;
Denied means that the user cannot configure the device or port settings.
4. For each selected device, port, and outlet, click on the arrow in the Access
Rights column to set the user’s access rights for that item. An explanation
of the access rights is given in the table, below:
Rights Port Type Explanation
Full access and
VM (Read / Write)
Full access and
VM (Read Only)
Full access The user can access the device (or specified ports
View only The user can access the device (or specified ports
No access The user has no access to the device (or specified
Allowed The user is allowed to configure the power status
Denied The user is not allowed to configure the power sta-
Telnet Serial The device (or specified ports on the device) must
SSH The device (or specified ports on the device) must
Administrator ATEN
KVM The user can access the device (or specified ports
Generic;
Web SSO
on the device), view the screen and can perform I/
O operations on it with the keyboard and mouse.
The user also has read/write rights to use the virtual media function.
The user can access the device (or specified ports
on the device), view the screen and can perform I/
O operations on it with the keyboard and mouse.
The user also has read only rights for the virtual
media function.
on the device), view the screen and can perform I/
O operations on it with the keyboard and mouse.
on the device), and view the screen, but cannot
perform any operations on it.
ports on the device). The device (or the specified
ports) will not show up in the Port Access Sidebar
or List.
of the device (or specified ports on the device).
tus of the device (or specified ports on the device).
The device (or the specified ports) will not show up
in the Port Access Sidebar or List.
be accessed over a Telnet connection.
be accessed over an SSH connection.
The administrator can perform all configurations
and operations.
62
Page 77
Chapter 5. User Management
Rights Port Type Explanation
User ATEN
View only The user can view the screen, but cannot perform
No access The user has no access. The Web Access option
Generic;
Web
Access
The user can perform all operations.
any operations.
does not appear as an Operation choice on the
Port Access page.
5. When you have finished making your selections, click Save.
6. To add access for additional devices, bring up the user’s Access Rights
page and repeat the procedures described above.
Modifying Device Access
To change the access rights to a device, port, or outlet, bring up the user’s
Access Rights page; make the configuration rights and access rights
changes to the desired items; then click Save.
Removing Device Access
To remove access to a device, port, or outlet, bring up the user’s Access
Rights page; click to place a check in the box in front of the device you
want to remove; then click Delete.
Managing Devices
You can bring up the Management page of any device, port, or outlet, by
clicking on it in the Device Name or Port Name list.
Copy / Paste Access Rights
The access rights copy-paste function is enabled between compatible nodes
(i.e. user to user). To use this function, in the sidebar tree, right-click on a user’s
name and select copy access right. Right-click on another user and select paste
access right.
63
Page 78
CC2000 User Manual
Deleting User Accounts
To delete a user account do the following:
1. Select Users in the Sidebar.
2. In the Interactive Display panel, click to put a check in front of the user
whose account you wish to delete.
Note: You can delete more than one user by checking as many names as
you require. You can delete all deleteable accounts by checking the
box at the top of the column.
3. After you have made your selection, click Delete at the right of the panel.
4. In the confirmation popup that appears, click OK.
64
Page 79
Chapter 5. User Management
Importing User Accounts
If you have many user accounts to add you can simplify this process by using
the Import Users feature to open a previously saved users list in *.cvs format.
To import a list of users, do the following:
1. Create a spreadsheet with a list of users using the following format to
define the data for each user’s account:
2. Save the spreadsheet as a *.cvs file.
3. Select Users in the Sidebar.
4. In the Interactive Display panel, at the upper right corner, click Import
Users.
5. Click Browse to select the *.cvs file saved in step 2.
6. Click Import.
65
Page 80
CC2000 User Manual
Unlocking User Accounts
If a user has been locked out due to exceeding the number of login attempts,
and the Force manual unlock option has been enabled (see Lockout Policy,
page 163), to unlock the user, do the following:
1. Select Users in the Sidebar.
The user account that is locked will show Locked in the Status column.
2. In the Interactive Display panel, click to put a check in front of the user
whose account you wish to unlock.
3. After you have made your selection, click Unlock at the right of the panel.
4. In the confirmation popup that appears, click OK.
Note: 1. You can unlock more than one user by checking as many names as
you require. You can unlock all locked accounts by checking the box
at the top of the column.
2. If all users – including the System Administrator – get locked out, the
System Administrator can use the CC2000 Utility to restore his
account and then unlock the locked out users. See Restore, page 265.
66
Page 81
Chapter 5. User Management
Groups
Groups allow administrators to easily and efficiently manage users and
devices. Since device access rights apply to anyone who is a member of the
group, administrators need only set them once for the group, instead of having
to set them for each user individually. Multiple groups can be defined to allow
some users access to specific devices while restricting other users from
accessing them.
Creating Groups
To add a group, do the following:
1. Select Groups from the User Management menu bar. The Group List page
appears:
2. Click Add at the top-right of the main panel. The Group Information page
appears:
3. Key in a Name and a Description (optional) for the group.
Note: 1. The Name can be the equivalent of from 2–32 English
alphanumeric characters, but cannot contain the following: / \ [ ]
: ; | = , + * ? < > @ " '
2. The Description can be up to 256 Bytes
67
Page 82
CC2000 User Manual
3. Click Save to create the group. The group now appears in the Sidebar and
the Group Information list in the Interactive Display Panel.
Note: You can add users to the group before performing this step. See the
next section for details on adding users to groups.
Adding Users to Groups
To add a user to a group, do the following:
1. Select Groups from the User Management menu bar.
2. Either in the Sidebar or the Interactive Display panel, click the group’s
name. The Group Information page appears.
3. Select the user you wish to add to the group from the Available list, then
click Add to move the user from the Available list to the Selected list.
4. Repeat step 3 for any other users you wish to add to the group.
Note: A shortcut for adding multiple users is to select the ones you want
in the Available column using Ctrl+Click or Shift+Click before
clicking Add to move all the selected ones at once.
5. When you have finished adding users, click Save to complete the
procedure.
Note: If a user has permissions in addition to the ones assigned to the group,
the user keeps those permissions in addition to the group ones.
68
Page 83
Chapter 5. User Management
Removing Users from Groups
To remove a user from a group, do the following:
1. Select Groups from the User Management menu bar.
2. Either in the Sidebar or the Interactive Display panel, click the group’s
name. The Group Information page appears.
3. Select the user you wish to remove from the group from the Selected list,
then click Remove to move the user from the Selected list to the Available
list.
4. Repeat step 3 for any other users you wish to remove from the group.
Note: A shortcut for removing multiple users is to select the ones you want
in the Selected column using Ctrl+Click or Shift+Click before
clicking Remove to move all the selected ones at once.
5. When you have finished removing users, click Save to complete the
procedure.
69
Page 84
CC2000 User Manual
Access Rights
To configure the access rights for a group, do the following:
1. Select Groups from the User Management menu bar. The Group List page
appears.
2. Select the group that you want to configure the access rights for.
3. In the Group Information page that comes up, select Access Rights on the
Panel Menu bar:
The procedures for configuring Group access rights are similar to the ones
described for User Accounts. See Access Rights, page 61, for details.
User Types
There are two major categories of user types: System and Custom. By default,
the CC2000 supports six user types. These are referred to as System user types
because they are built in to the system. The roles assigned to members of these
user types are fixed and cannot be changed.
The Custom user type category, by contrast provides you with the convenience
and flexibility of assigning various combinations of roles that best suit your
installation’s requirements.
When you click User Types on the menu bar, the User Type List appears in the
Interactive Display panel, showing all the user types that have been configured:
70
Page 85
Chapter 5. User Management
Members
Clicking a user type in the Sidebar or in the Interactive Display panel brings up
the Members Panel Menu page showing all the users that belong to that type.
Clicking a user’s name brings you to that user’s Account Information page.
To add a user to the type, click Add at the top-right of the main panel. In
the page that comes up, select the user you would like to add, then click
OK.
To change the user’s type, check the box in front of the user’s name, then
click Change at the top-right of the main panel. In the page that comes up,
select the new type for the user, then click OK.
Type Information
When you are in the Members page, you can click Type Information to see a
description of that user type, as well as, the roles that are assigned to it:
Note: The only change you can make on this page is in the Description field
where you can provide additional information about the user type.
71
Page 86
CC2000 User Manual
System Types
The roles performed by members of the System category are fixed. The roles
associated with each type are summarized in the table below:
Assigned Roles
System configuration and settings
Backup and restore database
Set / Change Primary-Secondary
relationship
System tasks
View license status and session
information
Authentication services
User / Group management
User / Group device access rights
Device management
Log configuration and setting
View logs / reports
Users can change their own
passwords
Super
Admin
System
Admin
√√
√√
√√
√√
√√
√√√
√√√
√√√
√√ √
√√√√
√√√√
√√√√√√
User
Admin
Device
Admin
User Auditor
Note: 1. The differences between the Super Administrator and The System
Administrator are as follows:
The Super Administrator is authorized for all roles automatically, and
includes access to all devices, ports, and outlets. The roles are fixed and
can’t be changed.
Each of the System Administrator’s roles can be assigned manually, and
access to devices, ports, and outlets must be assigned manually.
The Super Administrator’s user type can’t be changed; the System
Administrator’s type can be changed.
2. With regard to the Auditor type:
The Auditor type can access all tabs and pages, but is restricted to View
Only rights.
Under the Log tab, the Auditor type can export and print logs in addition
to viewing them, but cannot change any settings.
Under the Preferences tab, the Auditor type can change his/her Color
Scheme, Web Options, and Password settings.
72
Page 87
Chapter 5. User Management
Custom Types
The CC2000 provides the ability to create custom user types, with any
combination of roles assigned to them, which may better suit your
requirements than the pre-defined System types. To create a custom user type,
do the following:
1. Select Types from the User Management menu bar.
2. In the Sidebar, click Custom Types. The User Type List appears, showing
all the Custom user types that have been configured.
3. Click Add at the top-right of the panel. In the page that comes up, key in a
name and description for the new type, then check the roles you want the
new user type to perform.
Note: 1. The Name can be the equivalent of from 2–32 English
alphanumeric characters, but cannot contain the following: " ' \
2. The Description can be up to 256 Bytes.
3. Some roles may appear gray (and are unselectable) due to the user
role restriction policy. See User Role Restriction Policy,
page 164.
4. When your selections have been made click Save.
73
Page 88
CC2000 User Manual
Authentication Services
The CC2000 provides an internal Username / Password authentication service.
In addition, the CC2000 supports the following third party external
authentication servers: LDAP, LDAPS, Active Directory, RADIUS,
TACACS+, Windows NT Domain and MOTP*.
Note: 1. Authentication refers to determining the authenticity of the person
logging in; authorization refers to assigning permission to use the
device’s various functions.
2. These external servers provide authentication services only – they do
not provide authorization services. Authorization is provided through
the CC2000 management system.
3. The CC2000 supports Mobile One-Time Password (MOTP) servers
that can be used as 3rd party authentication servers to improve
security. If you want to use MOTP authentication, please contact your
local distributor. For more information, see MOTP Settings,
page 302, or visit our web site: www.aten.com/CC2000-OTP
By adding an external authentication server to the CC2000 management
system (see page 78 for details), when you add a user account, you can select
the external authentication server from the list of authentication servers (see
Adding User Accounts, page 56).
Note: For LDAP, LDAPS, and Active Directory there is an additional
authentication method in which the user attempting to log in does not
have an account on the CC2000. In this case, the CC2000 checks the
external server to see if it contains an account with the username and
password of the user attempting to log in. If it does, the CC2000 checks
to see if the user belongs to a group that corresponds to a group that
exists on the CC2000. If it does, the CC2000 lets the user log in and
assigns him the access rights of the group. See Group Authorization,
page 84, for details
(Continues on next page.)
74
Page 89
Chapter 5. User Management
(Continued from previous page.)
When you click Authentication Services on the menu bar, the Authentication
Server List appears in the Interactive Display panel, showing all the
authentication services that have been configured:
75
Page 90
CC2000 User Manual
CC2000 Authentication
With regard to the CC2000’s internal authentication services, there are some
configuration settings you can make to the password policy function. All user
accounts must follow the requirements you set here. To configure the
CC2000’s password policy, do the following:
1. Select Authentication Services from the User Management menu bar.
2. Either in the Sidebar or in the Interactive Display Panel, click CC2000.
The Properties page appears
3. Make the configuration choices you desire. (Refer to the table, below, for
an explanation of the fields.)
Minimum username
length
Minimum password
length
Password expiration For security purposes you can force users to renew their
Enforce password history For security purposes, enable this setting and enter the
Passwords must contain
upper case letters
76
The username length can be the equivalent of from 1–16
English alphanumeric characters. The default is 6 characters.
The password length can be the equivalent of from 0–16
English alphanumeric characters. The default is 6 characters. A setting of 0 means that no password is required.
Since this leaves your installation in a highly insecure
state, we strongly recommend against a setting of 0.
passwords at specific time intervals. To do so, enable
Password expiration, then specify the number of days
that the password will expire after. Once a password
expires, a new one must be set. Passwords start expiring
from the time an account is created, or a new password is
set.
number of unique passwords that must be created before
a user can use a password that was previously used.
For security purposes, enable this setting to force the
user to include upper case letters in the password.
Page 91
Chapter 5. User Management
Passwords must contain
upper case letters
Passwords must contain
numbers
Passwords must contain
symbols
For security purposes, enable this setting to force the
user to include lower case letters in the password.
For security purposes, enable this setting to force the
user to include numbers in the password.
For security purposes, enable this setting to force the
user to include symbols in the password.
4. When you have finished, click Save.
77
Page 92
CC2000 User Manual
External Authentication Servers
Adding an External Authentication Server
In order to use a third party external authentication server, you must first add it
to the Authentication Server list. To do so:
1. Select Authentication Services from the User Management menu bar to
bring up the Authentication Server list:
2. Click Add at the top-right of the main panel. In the Add Authentication
Service page that appears, drop down the Server type list to select the
service you want to add; give it a name and description, then click Next at
the top-right of the panel.
3. The page that comes up next depends on the service you have chosen.
Follow along with the Wizard’s pages, keying in the information required
for the external authentication server you selected. When you have
finished, click Save.
Note: 1. The Server name can be the equivalent of from 2–32 English
alphanumeric characters, but cannot contain the following: " '
2. The Description can be up to 256 bytes.
78
Page 93
Chapter 5. User Management
Service Information
An explanation of the information required for each of the services is provided,
below.
1. LDAP/LDAPS
Heading Information
Connection Settings Get the information for these fields from the LDAP
SSL Mode
LDAP User Schema Get the information for these fields from the LDAP
Browsing Method When adding or modifying user accounts (see Adding
administrator. The port default is 636, but check with
the LDAP/LDAPS administrator to see if it may be
something else.
For example settings see LDAP/LDAPS – OpenLDAP
Setting Example, page 287.
Click the Do not use SSL radio button to use LDAP.
Click the Use SSL in Trust All mode radio button to
use LDAPS.
administrator.
For example settings see LDAP/LDAPS – OpenLDAP
Setting Example, page 287.
User Accounts, page 56), you can click the Browse
button to browse all users in User RDN to choose the
Login name.
Select Browse with user credentials to allow the
user to browse LDAP/LDAPS using credentials
configured on the server. If this is selected the user
doesn’t have to input his credentials each time he
browses.
Select User must input credentials when browsing
to have the user input his credentials each time he
browses the LDAP/LDAPS.
79
Page 94
CC2000 User Manual
2. Active Directory
Heading Information
Connection Settings Get the information for these fields from the Active Direc-
SSL Mode Click a radio button to choose whether or not to use SSL in
Browsing Method
tory administrator. For example settings see Active Directory Settings Example, page 289.
Trust All mode.
Select Browse with user credentials to allow the user to
browse the Active Directory using credentials
configured on the server. If this is selected the user
doesn’t have to input his credentials each time he
browses.
Select User must input credentials when browsing to
have the user input his credentials each time he
browses the Active Directory.
3. RADIUS and TACACS+
Heading Information
Connection Settings Get the information for these fields from the service admin-
istrator. The default for RADIUS is 1812; the default for
TACACS+ is 49, but check with the service administrator
to see if it may be something else. For example settings
see RADIUS Settings Example, page 290 and TACACS+
Settings Example, page 292.
Authentication Settings Get the information for these fields from the service admin-
istrator. For example settings see RADIUS Settings Exam-
ple, page 290 and TACACS+ Settings Example,
page 292.
1. Drop down the list to select the Authentication type
your RADIUS server is configured for.
2. In the Shared Secret field, key in the character string
that you use for authentication with the RADIUS server.
3. Key the shared secret in again in the Confirm Shared
Secret field.
80
Page 95
Chapter 5. User Management
4. Windows NT Domain
Get the information for the Domain Name from the service administrator.
For example settings see NT Domain Settings Example, page 294.
5. MOTP (Mobile One-Time Password)
Heading Information
MOTP Connection
Settings
Authentication Settings Get the most up to date information for these fields from
Get the information for the IP and Port fields from the service administrator. The default MOTP port is 1812, but
check with the service administrator to see if it has been
changed. Select Radius agent for the Agent type. For
more help with MOTP settings, see MOTP Settings,
page 302.
the service administrator. For more help with MOTP settings, see MOTP Settings, page 302.
1. The Authentication type is set to PAP by default which
the MOTP is configured for.
2. In the Shared Secret field, key in the character string
that you use for authentication with the MOTP server.
3. Key the shared secret in again in the Confirm Shared
Secret field.
*
81
Page 96
CC2000 User Manual
Heading Information
Two Factor This section allows you to select the authentication
method used for logging in to the CC2000.
1. If you select OTP only, when you login to the CC2000,
only the Username and OTP fields are used to authenticate the user. The Password/PIN field can be ignored.
2. If you select PIN + OTP, when you login to the CC2000,
the MOTP server will authenticate the Username, PIN
and OTP fields. You do not need to key in a CC2000
password in the Password/PIN field on the CC2000
login page.
3. If you select External password + OTP, when you login
to the CC2000, the MOTP server will authenticate the
Username, Password and OTP fields. You do not need
to key in a PIN in the Password/PIN field on the
CC2000 login page.
Note: 1. The MOTP server is for One-Time Password (OTP) token
authentication only. If you want to adopt the OTP function, you
need to install a MOTP server first.
2. If you want to purchase a MOTP server, please contact a local
distributor for information.
Deleting an External Authentication Server
To delete an external authentication server, do the following:
1. Select Authentication Services from the User Management menu bar to
bring up the Authentication Server list:
2. In the Interactive Display panel, click to put a check in front of the
external authentication server you wish to delete.
Note: 1. You can delete more than one server by checking as many names
as you require.
82
Page 97
Chapter 5. User Management
2. You can delete all deleteable servers by checking the box at the
top of the column.
3. If a user account has been created on the CC2000 that uses an
external authentication server, the server cannot be deleted.
4. After you have made your selection, click Delete at the right of the panel.
5. In the confirmation popup that appears, click OK.
83
Page 98
CC2000 User Manual
Group Authorization
For LDAP, LDAPS, and Active Directory there is an additional authentication
method in which the access rights for a specified group are set. This function
is used to make it easier to authorize users with accounts on an external
authentication server. Instead of having to authorize the user on a rights-byrights basis, the administrator assigns the user to a group, and the user inherits
the rights that the group has.
To add a group for group authorization, do the following:
1. Under User Management
→
Authentication Services, select the external
authentication server from the Sidebar or the main panel list. The server’s
Properties page comes up.
2. Select Group Authorization (on the Panel Menu bar). The Group
Authorization page appears:
Note: 1. The screenshot shows a page that appears if an LDAP service was
chosen. The LDAP Group Related Schema settings fields do not
appear if Active Directory was selected.
2. For the LDAP Group Related Schema settings, get the
information for these fields from the LDAP administrator. For
example settings see LDAP Group Authorization Setting
Examples, page 295.
84
3. The default setting for OpenLDAP is Group has Member
attribute – see Example 1, page 295. This method adds members
to groups on the LDAP server.
The alternative setting is User has Member Of attribute – see
Example 2, page 297. With this method groups are added to the
users’ accounts on the LDAP server.
Page 99
Chapter 5. User Management
4. There are two methods to add users to an authorization group:
Click Add. In the page that comes up either key in the user’s RDN, or
retrieve it with the Browse button, then click Save.
– or –
Click Find User to see a list of all users in the server’s database, then
select the user from the list.
5. In the Properties page that comes up, key in the Basic Information and
Session Timeout information.
Note: This page is similar to the adding user account page, see Adding
User Accounts, page 56 for settings details.
6. In the Sidebar, or the main panel, select the group you just added.
7. Select Access Rights on the Panel Menu bar, then click Add. A list of
available devices appears. See Access Rights, page 61 for information on
how to assign access rights on this page.
8. After you have made your access rights selections, click Save (at the topright of the panel).
85
Page 100
CC2000 User Manual
This Page Intentionally Left Blank
86
Loading...