How it Works
Raritan Computer
Loading...
CommandCenter Secure Gateway
User Manual
420 pgs4.03 Mb0
Table of contents
Loading...

Raritan Computer CommandCenter Secure Gateway User Manual

CommandCenter Secure Gateway
Administrators Guide
Release 5.1
Copyright © 2011 Raritan, Inc. CCA-0N-v5.1-E February 2011 255-80-5140-00-0N
This document contains proprietary information that is protected by copyright. All rights reserved. No part of this document may be photocopied, reproduced, or translated into another language without express prior written consent of Raritan, Inc.
© Copyright 2011 Raritan, Inc. All third-party software and hardware mentioned in this document are registered trademarks or trademarks of and are the property of their respective holders.
FCC Information
This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial installation. This equipment generates, uses, and can radiate radio frequency energy and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. Operation of this equipment in a residential environment may cause harmful interference.
VCCI Information (Japan)
Raritan is not responsible for damage to this product resulting from accident, disaster, misuse, abuse, non-Raritan modification of the product, or other events outside of Raritan's reasonable control or not arising under normal operating conditions.
iii
Contents
What's New in the CC-SG Administrators Guide xvii
Chapter 1 Introduction 1
Prerequisites .................................................................................................................................. 1
Terminology/Acronyms .................................................................................................................. 2
Client Browser Requirements ........................................................................................................ 4
Chapter 2 Accessing CC-SG 5
Browser-Based Access via the CC-SG Admin Client .................................................................... 5
JRE Incompatibility .............................................................................................................. 6
Thick Client Access ........................................................................................................................ 6
Install the Thick Client ......................................................................................................... 6
Use the Thick Client ............................................................................................................ 7
CC-SG Admin Client ...................................................................................................................... 8
Chapter 3 Getting Started 10
Licensing - Getting Started - New and Existing Customers......................................................... 10
Licensing - Basic License Information ......................................................................................... 11
Available Licenses ............................................................................................................. 11
Find Your Physical Appliance Host ID and Check Number of Nodes In Database .......... 12
Licensing - New Customers - Physical Appliance ....................................................................... 14
Licensing - Clusters - New Customers .............................................................................. 16
Licensing - Virtual Appliance with License Server ....................................................................... 17
Virtual Appliance Installation Requirements ...................................................................... 17
Download Installation Files ................................................................................................ 18
Install License Server Software on a Linux or Windows Server ........................................ 18
Get Your License ............................................................................................................... 19
Copy the License File to the License Server ..................................................................... 21
Start the License Server .................................................................................................... 21
Install CommandCenter Secure Gateway on VMware ESX Server 4.0 ............................ 22
Log in to Diagnostic Console to Set CC-SG IP Address ................................................... 22
Log in to CC-SG ................................................................................................................ 23
Install and Check Out Your License .................................................................................. 23
License Server Communication ......................................................................................... 24
Command Line Utilities for Managing License Server ...................................................... 25
Install or Upgrade VMware Tools ...................................................................................... 27
Configure Backups and Snapshots of Virtual Appliance and Storage Servers ................. 27
Virtual Appliances with Remote Storage Servers .............................................................. 27
Contents
iv
Licensing - Limited Operation Before License Install .................................................................. 28
Licensing - Existing Customers ................................................................................................... 29
Licensing - Rehosting .................................................................................................................. 29
Add a License .............................................................................................................................. 30
Confirming IP Address ................................................................................................................. 30
Setting CC-SG Server Time ........................................................................................................ 30
Checking the Compatibility Matrix ............................................................................................... 31
Checking and Upgrading Application Versions ........................................................................... 32
Chapter 4 Configuring CC-SG with Guided Setup 33
Before You Use Guided Setup .................................................................................................... 33
Associations in Guided Setup ...................................................................................................... 34
Create Categories and Elements ...................................................................................... 34
Device Setup ................................................................................................................................ 34
Discover and Add Devices ................................................................................................ 35
Creating Groups ........................................................................................................................... 36
Add Device Groups and Node Groups .............................................................................. 36
User Management ....................................................................................................................... 38
Add User Groups and Users ............................................................................................. 39
Chapter 5 Associations, Categories, and Elements 41
About Associations ...................................................................................................................... 41
Association Terminology ................................................................................................... 41
Associations - Defining Categories and Elements ............................................................ 41
How to Create Associations .............................................................................................. 42
Adding, Editing, and Deleting Categories and Elements ............................................................. 42
Add a Category .................................................................................................................. 42
Delete a Category .............................................................................................................. 43
Add an Element ................................................................................................................. 43
Adding Categories and Elements with CSV File Import .............................................................. 43
Categories and Elements CSV File Requirements ........................................................... 44
Sample Categories and Elements CSV File ...................................................................... 45
Import Categories and Elements ....................................................................................... 45
Export Categories and Elements ....................................................................................... 46
Chapter 6 Devices, Device Groups, and Ports 47
Viewing Devices ........................................................................................................................... 48
The Devices Tab................................................................................................................ 48
Device and Port Icons ....................................................................................................... 48
Port Sorting Options .......................................................................................................... 49
Device Profile Screen ........................................................................................................ 50
Topology View ................................................................................................................... 51
Right Click Options in the Devices Tab ............................................................................. 52
Searching for Devices .................................................................................................................. 52
Wildcards for Search ......................................................................................................... 52
Wildcard Examples ............................................................................................................ 52
Contents
v
Discovering Devices .................................................................................................................... 53
Adding a Device ........................................................................................................................... 54
Add a KVM or Serial Device .............................................................................................. 54
Add a PowerStrip Device ................................................................................................... 56
Add a Dominion PX Device ............................................................................................... 56
Editing a Device ........................................................................................................................... 57
Change the HTTP and HTTPS Ports for a KX2 Device .............................................................. 57
Editing a PowerStrip Device or a Dominion PX Device ............................................................... 57
Adding Notes to a Device Profile ................................................................................................. 58
Adding Location and Contacts to a Device Profile ...................................................................... 59
Deleting a Device ......................................................................................................................... 59
Configuring Ports ......................................................................................................................... 60
Configure a Serial Port ...................................................................................................... 60
Configure a KVM Port ........................................................................................................ 60
Nodes Created by Configuring Ports ................................................................................. 61
Editing a Port ............................................................................................................................... 61
Deleting a Port ............................................................................................................................. 62
Configuring a Blade Chassis Device Connected to KX2 ............................................................. 63
Blade Chassis Overview .................................................................................................... 63
Add a Blade Chassis Device ............................................................................................. 64
Edit a Blade Chassis Device ............................................................................................. 67
Delete a Blade Chassis Device ......................................................................................... 67
Move a Blade Chassis Device to a Different Port ............................................................. 68
Restore Blade Servers Ports to Normal KX2 Ports ..................................................................... 68
Bulk Copying for Device Associations, Location and Contacts ................................................... 69
Configuring Analog KVM Switches Connected to KX2 2.3 or Higher .......................................... 70
Add a KVM Switch Connected to KX2............................................................................... 70
Configuring Ports on an Analog KVM Switch Device Connected to KX2.......................... 70
Device Group Manager ................................................................................................................ 71
Device Groups Overview ................................................................................................... 72
Add a Device Group .......................................................................................................... 72
Edit a Device Group .......................................................................................................... 76
Delete a Device Group ...................................................................................................... 76
Adding Devices with CSV File Import .......................................................................................... 77
Devices CSV File Requirements ....................................................................................... 77
Sample Devices CSV File ................................................................................................. 81
Import Devices ................................................................................................................... 81
Export Devices ................................................................................................................... 82
Upgrading a Device ..................................................................................................................... 82
Backing Up a Device Configuration ............................................................................................. 83
Restoring Device Configurations ................................................................................................. 84
Restore a Device Configuration (KX, KSX, KX101, SX, IP-Reach) .................................. 84
Restore All Configuration Data Except Network Settings to a KX2, KSX2, or KX2-101
Device ................................................................................................................................ 85
Restore Only Device Settings or User and User Group Data to a KX2, KSX2, or KX2-101
Device ................................................................................................................................ 85
Restore All Configuration Data to a KX2, KSX2, or KX2-101 Device ............................... 86
Save, Upload, and Delete Device Backup Files ................................................................ 86
Contents
vi
Copying Device Configuration ..................................................................................................... 87
Restarting a Device ...................................................................................................................... 88
Pinging the Device ....................................................................................................................... 88
Pausing CC-SG's Management of a Device ................................................................................ 88
Resuming Management of a Device ............................................................................................ 89
Pause and Resume Management of Devices Using a Scheduled Task ..................................... 89
Device Power Manager................................................................................................................ 90
Launching a Device's Administrative Page .................................................................................. 90
Disconnecting Users .................................................................................................................... 91
Special Access to Paragon II System Devices ............................................................................ 91
Paragon II System Controller (P2-SC) .............................................................................. 91
IP-Reach and UST-IP Administration ................................................................................ 92
Chapter 7 Managed Powerstrips 93
Configuring Powerstrips that are Managed by Another Device in CC-SG .................................. 94
Configuring PowerStrips Connected to KX, KX2, KX2-101, KSX2, and P2SC ........................... 95
Add a PowerStrip Device Connected to a KX, KX2, KX2-101, KSX2, or P2SC Device ... 95
Move a KX, KX2, KX2-101, KSX2, or P2SC's PowerStrip to a Different Port ................... 95
Delete a PowerStrip Connected to a KX, KX2, KX2-101, KSX2, or P2SC Device ........... 96
Configuring PowerStrips Connected to SX 3.0 and KSX ............................................................ 96
Add a PowerStrip Connected to an SX 3.0 or KSX device ............................................... 96
Delete a PowerStrip Connected to an SX 3.0 or KSX Device ........................................... 97
Change a PowerStrip's Device or Port Association (SX 3.0, KSX) ................................... 97
Configuring Powerstrips Connected to SX 3.1 ............................................................................ 98
Add a Powerstrip Connected to an SX 3.1 Device ............................................................ 98
Move an SX 3.1's Powerstrip to a Different Port ............................................................... 99
Delete a Powerstrip Connected to an SX 3.1 Device ........................................................ 99
Configuring Outlets on a Powerstrip ............................................................................................ 99
Chapter 8 Nodes, Node Groups, and Interfaces 101
Nodes and Interfaces Overview ................................................................................................. 101
About Nodes .................................................................................................................... 101
Node Names .................................................................................................................... 102
About Interfaces............................................................................................................... 102
Viewing Nodes ........................................................................................................................... 102
Nodes Tab ....................................................................................................................... 102
Node Profile ..................................................................................................................... 103
Node and Interface Icons ................................................................................................ 105
Service Accounts ....................................................................................................................... 106
Service Accounts Overview ............................................................................................. 106
Add, Edit, and Delete Service Accounts .......................................................................... 107
Change the Password for a Service Account .................................................................. 107
Assign Service Accounts to Interfaces ............................................................................ 108
Adding, Editing, and Deleting Nodes ......................................................................................... 109
Add a Node ...................................................................................................................... 109
Nodes Created by Configuring Ports ............................................................................... 110
Edit a Node ...................................................................................................................... 110
Delete a Node .................................................................................................................. 110
Contents
vii
Adding Location and Contacts to a Node Profile ....................................................................... 111
Adding Notes to a Node Profile ................................................................................................. 111
Configuring the Virtual Infrastructure in CC-SG ........................................................................ 112
Terminology for Virtual Infrastructure .............................................................................. 112
Virtual Nodes Overview ................................................................................................... 113
Add a Control System with Virtual Hosts and Virtual Machines ...................................... 113
Add a Virtual Host with Virtual Machines ........................................................................ 116
Edit Control Systems, Virtual Hosts, and Virtual Machines ............................................. 118
Delete Control Systems and Virtual Hosts ...................................................................... 120
Delete a Virtual Machine Node ........................................................................................ 120
Delete a Virtual Infrastructure .......................................................................................... 120
vSphere 4 Users Must Install New Plug-In ...................................................................... 121
Synchronizing the Virtual Infrastructure with CC-SG ................................................................. 121
Synchronize the Virtual Infrastructure ............................................................................. 122
Enable or Disable Daily Synchronization of the Virtual Infrastructure ............................. 122
Reboot or Force Reboot a Virtual Host Node ............................................................................ 123
Accessing the Virtual Topology View ......................................................................................... 123
Connecting to a Node ................................................................................................................ 124
Firefox Users of the Access Client Must Download JNLP File ........................................ 124
Pinging a Node .......................................................................................................................... 124
Adding, Editing, and Deleting Interfaces.................................................................................... 125
Add an Interface .............................................................................................................. 125
Edit an Interface............................................................................................................... 135
Delete an Interface .......................................................................................................... 135
Bookmarking an Interface .......................................................................................................... 136
Configuring Direct Port Access to a Node ................................................................................. 137
Bulk Copying for Node Associations, Location and Contacts.................................................... 137
Using Chat ................................................................................................................................. 138
Adding Nodes with CSV File Import .......................................................................................... 138
Nodes CSV File Requirements ........................................................................................ 139
Sample Nodes CSV File .................................................................................................. 148
Import Nodes ................................................................................................................... 148
Export Nodes ................................................................................................................... 149
Editing IP Addresses with CSV File Import................................................................................ 149
Adding, Editing, and Deleting Node Groups .............................................................................. 150
Node Groups Overview ................................................................................................... 150
Add a Node Group ........................................................................................................... 151
Edit a Node Group ........................................................................................................... 154
Delete a Node Group ....................................................................................................... 154
Chapter 9 Users and User Groups 156
The Users Tab ........................................................................................................................... 157
Default User Groups .................................................................................................................. 158
CC Super-User Group ..................................................................................................... 158
System Administrators Group .......................................................................................... 158
CC Users Group .............................................................................................................. 158
Adding, Editing, and Deleting User Groups ............................................................................... 159
Add a User Group ............................................................................................................ 159
Edit a User Group ............................................................................................................ 160
Delete a User Group ........................................................................................................ 161
Contents
viii
Limit the Number of KVM Sessions per User ............................................................................ 162
Configuring Access Auditing for User Groups ........................................................................... 162
Adding, Editing, and Deleting Users .......................................................................................... 163
Add a User ....................................................................................................................... 163
Edit a User ....................................................................................................................... 164
Delete a User ................................................................................................................... 165
Assigning a User to a Group ...................................................................................................... 165
Deleting a User From a Group ................................................................................................... 166
Adding Users with CSV File Import ........................................................................................... 166
Users CSV File Requirements ......................................................................................... 167
Sample Users CSV File ................................................................................................... 170
Import Users .................................................................................................................... 171
Export Users .................................................................................................................... 171
Your User Profile ........................................................................................................................ 172
Change your password .................................................................................................... 172
Change your name .......................................................................................................... 172
Change your default search preference .......................................................................... 172
Change the CC-SG default font size ............................................................................... 173
Change your email address ............................................................................................. 173
Change the CC-SG Super User's Username .................................................................. 173
Logging Users Out ..................................................................................................................... 173
Bulk Copying Users ................................................................................................................... 174
Chapter 10 Policies for Access Control 175
Adding a Policy .......................................................................................................................... 176
Editing a Policy .......................................................................................................................... 177
Deleting a Policy ........................................................................................................................ 178
Support for Virtual Media ........................................................................................................... 179
Assigning Policies To User Groups ........................................................................................... 179
Chapter 11 Custom Views for Devices and Nodes 180
Types of Custom Views ............................................................................................................. 180
View by Category............................................................................................................. 180
Filter by Node Group ....................................................................................................... 180
Filter by Device Group ..................................................................................................... 180
Using Custom Views in the Admin Client .................................................................................. 181
Custom Views for Nodes ................................................................................................. 181
Custom Views for Devices ............................................................................................... 183
Chapter 12 Remote Authentication 187
Authentication and Authorization (AA) Overview ....................................................................... 187
Flow for Authentication .................................................................................................... 187
User Accounts ................................................................................................................. 188
Distinguished Names for LDAP and AD .................................................................................... 188
Specify a Distinguished Name for AD ............................................................................. 188
Specify a Distinguished Name for LDAP ......................................................................... 189
Specify a Username for AD ............................................................................................. 189
Contents
ix
Specify a Base DN........................................................................................................... 189
Specifying Modules for Authentication and Authorization ......................................................... 189
Establishing Order of External AA Servers ................................................................................ 190
AD and CC-SG Overview .......................................................................................................... 190
Adding an AD Module to CC-SG ............................................................................................... 190
AD General Settings ........................................................................................................ 191
AD Advanced Settings ..................................................................................................... 192
AD Group Settings ........................................................................................................... 193
AD Trust Settings............................................................................................................. 194
Editing an AD Module ................................................................................................................ 195
Importing AD User Groups ........................................................................................................ 195
Synchronizing AD with CC-SG .................................................................................................. 197
Synchronize All User Groups with AD ............................................................................. 198
Synchronize All AD Modules ........................................................................................... 199
Enable or Disable Daily Synchronization of All AD Modules ........................................... 199
Change the Daily AD Synchronization Time ................................................................... 200
Renaming and Moving AD Groups ............................................................................................ 201
About LDAP and CC-SG............................................................................................................ 201
Add an LDAP (Netscape) Module to CC-SG ............................................................................. 201
LDAP General Settings ................................................................................................... 202
LDAP Advanced Settings ................................................................................................ 202
Sun One LDAP (iPlanet) Configuration Settings ............................................................. 203
OpenLDAP (eDirectory) Configuration Settings .............................................................. 204
IBM LDAP Configuration Settings ................................................................................... 204
About TACACS+ and CC-SG .................................................................................................... 205
Add a TACACS+ Module ........................................................................................................... 205
TACACS+ General Settings ............................................................................................ 205
About RADIUS and CC-SG ....................................................................................................... 206
Add a RADIUS Module .............................................................................................................. 206
RADIUS General Settings ............................................................................................... 206
Two-Factor Authentication Using RADIUS ...................................................................... 207
Chapter 13 Reports 208
Using Reports ............................................................................................................................ 208
Sort Report Data .............................................................................................................. 208
Resize Report Column Width .......................................................................................... 208
View Report Details ......................................................................................................... 209
Navigate Multiple Page Reports ...................................................................................... 209
Print a Report ................................................................................................................... 209
Save a Report to a File .................................................................................................... 209
Purge a Report's Data From CC-SG ............................................................................... 210
Hide or Show Report Filters ............................................................................................ 210
Contents
x
Audit Trail Report ....................................................................................................................... 210
Error Log Report ........................................................................................................................ 211
Access Report ............................................................................................................................ 212
Availability Report ...................................................................................................................... 212
Active Users Report ................................................................................................................... 213
Locked Out Users Report .......................................................................................................... 213
All Users Data Report ................................................................................................................ 213
User Group Data Report ............................................................................................................ 214
Device Asset Report .................................................................................................................. 214
Device Group Data Report ........................................................................................................ 215
Query Port Report ...................................................................................................................... 215
Node Asset Report ..................................................................................................................... 216
Active Nodes Report .................................................................................................................. 217
Node Creation Report ................................................................................................................ 217
Node Group Data Report ........................................................................................................... 218
AD User Group Report............................................................................................................... 218
Scheduled Reports .................................................................................................................... 219
Upgrade Device Firmware Report ............................................................................................. 220
Chapter 14 System Maintenance 221
Maintenance Mode .................................................................................................................... 221
Scheduled Tasks and Maintenance Mode ...................................................................... 221
Entering Maintenance Mode ...................................................................................................... 222
Exiting Maintenance Mode ........................................................................................................ 222
Backing Up CC-SG .................................................................................................................... 222
What is the difference between Full backup and Standard backup? .............................. 224
Saving and Deleting Backup Files ............................................................................................. 224
Save a Backup File .......................................................................................................... 224
Delete a Backup File ....................................................................................................... 224
Restoring CC-SG ....................................................................................................................... 225
Resetting CC-SG ....................................................................................................................... 226
Restarting CC-SG ...................................................................................................................... 229
Upgrading CC-SG ...................................................................................................................... 229
Clear the Browser's Cache .............................................................................................. 231
Clear the Java Cache ...................................................................................................... 231
Upgrading a Cluster ................................................................................................................... 232
Primary Node Upgrade Failure ........................................................................................ 233
Migrating a CC-SG Database .................................................................................................... 233
Requirements for Migration ............................................................................................. 233
Migrate a CC-SG Database ............................................................................................. 233
CC-SG Shutdown ...................................................................................................................... 234
Restarting CC-SG after Shutdown ............................................................................................. 235
Powering Down CC-SG ............................................................................................................. 235
Ending CC-SG Session ............................................................................................................. 235
Log Out of CC-SG ........................................................................................................... 235
Exit CC-SG ...................................................................................................................... 236
Contents
xi
Chapter 15 Advanced Administration 237
Configuring a Message of the Day ............................................................................................ 237
Configuring Applications for Accessing Nodes .......................................................................... 238
About Applications for Accessing Nodes ......................................................................... 238
Checking and Upgrading Application Versions ............................................................... 238
Older Version of Application Opens After Upgrading ...................................................... 239
Add an Application ........................................................................................................... 239
Delete an Application ....................................................................................................... 240
Prerequisites for Using AKC ............................................................................................ 240
Configuring Default Applications ................................................................................................ 240
About Default Applications .............................................................................................. 240
View the Default Application Assignments ...................................................................... 241
Set the Default Application for an Interface or Port Type ................................................ 241
Managing Device Firmware ....................................................................................................... 241
Upload Firmware ............................................................................................................. 241
Delete Firmware .............................................................................................................. 242
Configuring the CC-SG Network ................................................................................................ 242
About Network Setup ....................................................................................................... 242
About CC-SG LAN Ports ................................................................................................. 242
What is IP Failover mode? .............................................................................................. 243
What is IP Isolation mode? .............................................................................................. 246
Recommended DHCP Configurations for CC-SG ........................................................... 248
Configuring Logging Activity ...................................................................................................... 248
Purge CC-SG's Internal Log ............................................................................................ 249
Configuring the CC-SG Server Time and Date ......................................................................... 249
Connection Modes: Direct and Proxy ........................................................................................ 250
About Connection Modes ................................................................................................ 250
Configure Direct Mode for All Client Connections ........................................................... 251
Configure Proxy Mode for All Client Connections ........................................................... 251
Configure a Combination of Direct Mode and Proxy Mode ............................................. 251
Device Settings .......................................................................................................................... 251
Enabling the AKC Download Server Certificate Validation ............................................. 253
Configuring Custom JRE Settings ............................................................................................. 254
Configuring SNMP ..................................................................................................................... 255
MIB Files .......................................................................................................................... 256
Configuring CC-SG Clusters ...................................................................................................... 256
Requirements for CC-SG Clusters .................................................................................. 257
Access a CC-SG Cluster ................................................................................................. 257
Create a Cluster............................................................................................................... 257
Configure Cluster Settings ............................................................................................... 258
Switch the Primary and Secondary Node Status ............................................................ 259
Recover a Cluster ............................................................................................................ 259
Delete a Cluster ............................................................................................................... 260
Upgrade a Cluster............................................................................................................ 260
Cluster Licenses .............................................................................................................. 261
Configuring a Neighborhood ...................................................................................................... 262
What is a Neighborhood? ................................................................................................ 262
Create a Neighborhood ................................................................................................... 262
Edit a Neighborhood ........................................................................................................ 263
Contents
xii
Refresh a Neighborhood ................................................................................................. 266
Delete a Neighborhood .................................................................................................... 266
Security Manager ....................................................................................................................... 266
Remote Authentication .................................................................................................... 266
AES Encryption................................................................................................................ 266
Configure Browser Connection Protocol: HTTP or HTTPS/SSL ..................................... 268
Set the Port Number for SSH Access to CC-SG ............................................................. 268
Login Settings .................................................................................................................. 268
Configure the Inactivity Timer .......................................................................................... 271
Portal ............................................................................................................................... 271
Certificates ....................................................................................................................... 273
Access Control List .......................................................................................................... 276
Notification Manager .................................................................................................................. 277
Configure an External SMTP Server ............................................................................... 277
Task Manager ............................................................................................................................ 278
Task Types ...................................................................................................................... 278
Schedule Sequential Tasks ............................................................................................. 279
Email Notifications for Tasks ........................................................................................... 279
Scheduled Reports .......................................................................................................... 279
Find and View Tasks ....................................................................................................... 279
Schedule a Task .............................................................................................................. 280
Schedule a Device Firmware Upgrade ............................................................................ 282
Change a Scheduled Task .............................................................................................. 284
Reschedule a Task .......................................................................................................... 284
Schedule a Task that is Similar to Another Task ............................................................. 284
Delete a Task ................................................................................................................... 285
SSH Access to CC-SG .............................................................................................................. 285
Get Help for SSH Commands ......................................................................................... 286
SSH Commands and Parameters ................................................................................... 287
Command Tips ................................................................................................................ 289
Create an SSH Connection to a Serial-Enabled Device ................................................. 290
Use SSH to Connect to a Node via a Serial Out-of-Band Interface ................................ 291
End SSH Connections ..................................................................................................... 292
Serial Admin Port ....................................................................................................................... 293
About Terminal Emulation Programs............................................................................... 293
Finding Your CC-SG Serial Number ................................................................................ 294
Web Services API ...................................................................................................................... 294
CC-NOC ..................................................................................................................................... 295
Chapter 16 Diagnostic Console 296
Accessing Diagnostic Console .................................................................................................. 296
Access Diagnostic Console via VGA/Keyboard/Mouse Port ........................................... 296
Access Diagnostic Console via SSH ............................................................................... 296
Status Console ........................................................................................................................... 297
About Status Console ...................................................................................................... 297
Access Status Console .................................................................................................... 297
Status Console Information ............................................................................................. 298
Administrator Console................................................................................................................ 303
About Administrator Console ........................................................................................... 303
Access Administrator Console ......................................................................................... 303
Contents
xiii
Navigate Administrator Console ...................................................................................... 305
Edit Diagnostic Console Configuration ............................................................................ 306
Edit Network Interfaces Configuration (Network Interfaces) ........................................... 307
Ping an IP Address .......................................................................................................... 308
Use Traceroute ................................................................................................................ 309
Edit Static Routes ............................................................................................................ 310
View Log Files in Diagnostic Console ............................................................................. 312
Restart CC-SG with Diagnostic Console ......................................................................... 315
Reboot CC-SG with Diagnostic Console ......................................................................... 316
Power Off CC-SG System from Diagnostic Console....................................................... 317
Reset CC Super-User Password with Diagnostic Console ............................................. 318
Reset CC-SG Factory Configuration ............................................................................... 319
Diagnostic Console Password Settings ........................................................................... 321
Diagnostic Console Account Configuration ..................................................................... 323
Configure Remote System Monitoring............................................................................. 325
Display Historical Data Trending Reports ....................................................................... 326
Display RAID Status and Disk Utilization ........................................................................ 327
Perform Disk or RAID Tests ............................................................................................ 328
Schedule Disk Tests ........................................................................................................ 330
Repair or Rebuild RAID Disks ......................................................................................... 331
View Top Display with Diagnostic Console ..................................................................... 333
Display NTP Status.......................................................................................................... 333
Take a System Snapshot ................................................................................................ 335
Change the Video Resolution for Diagnostic Console .................................................... 336
Chapter 17 Power IQ Integration 337
Power Control of Power IQ IT Devices ...................................................................................... 337
Configuring Power IQ Services ....................................................................................... 338
Configuring Power Control of Power IQ IT Devices ........................................................ 339
Configuring Synchronization of Power IQ and CC-SG .............................................................. 340
Synchronize Power IQ and CC-SG ................................................................................. 341
Power IQ Synchronization Policies.................................................................................. 342
Importing and Exporting Dominion PX Data from Power IQ ...................................................... 342
Import Power Strips from Power IQ ................................................................................. 343
Export Dominion PX Data to Use in Power IQ ................................................................ 344
Appendix A Specifications for V1 and E1 346
V1 Model .................................................................................................................................... 346
V1 General Specifications ............................................................................................... 346
V1 Environmental Requirements ..................................................................................... 346
E1 Model .................................................................................................................................... 347
E1 General Specifications ............................................................................................... 347
E1 Environmental Requirements ..................................................................................... 347
Contents
xiv
Appendix B CC-SG and Network Configuration 349
Required Open Ports for CC-SG Networks: Executive Summary ............................................. 349
CC-SG Communication Channels ............................................................................................. 350
CC-SG and Raritan Devices ............................................................................................ 351
CC-SG Clustering ............................................................................................................ 351
Access to Infrastructure Services .................................................................................... 352
PC Clients to CC-SG ....................................................................................................... 352
PC Clients to Nodes ........................................................................................................ 353
CC-SG and Client for IPMI, iLO/RILOE, DRAC, RSA ..................................................... 354
CC-SG and SNMP ........................................................................................................... 354
CC-SG Internal Ports ....................................................................................................... 355
CC-SG Access via NAT-enabled Firewall ....................................................................... 355
RDP Access to Nodes ..................................................................................................... 355
VNC Access to Nodes ..................................................................................................... 356
SSH Access to Nodes ..................................................................................................... 356
Remote System Monitoring Port ...................................................................................... 356
Contents
xv
Appendix C User Group Privileges 357
Appendix D SNMP Traps 366
Appendix E CSV File Imports 368
Common CSV File Requirements .............................................................................................. 369
Audit Trail Entries for Importing ................................................................................................. 370
Troubleshoot CSV File Problems .............................................................................................. 371
Appendix F Troubleshooting 372
Appendix G Diagnostic Utilities 374
Memory Diagnostic .................................................................................................................... 374
Debug Mode .............................................................................................................................. 375
CC-SG Disk Monitoring.............................................................................................................. 376
Appendix H Two-Factor Authentication 379
Supported Environments for Two-Factor Authentication ........................................................... 379
Two-Factor Authentication Setup Requirements ....................................................................... 379
Two-Factor Authentication Known Issues ................................................................................. 379
Appendix I FAQs 380
General FAQs ............................................................................................................................ 380
Authentication FAQs .................................................................................................................. 382
Security FAQs ............................................................................................................................ 383
Accounting FAQs ....................................................................................................................... 384
Performance FAQs .................................................................................................................... 384
Grouping FAQs .......................................................................................................................... 385
Interoperability FAQs ................................................................................................................. 386
Authorization FAQs .................................................................................................................... 386
User Experience FAQs .............................................................................................................. 386
Licensing FAQs .......................................................................................................................... 387
Appendix J Keyboard Shortcuts 388
Appendix K Naming Conventions 389
Contents
xvi
User Information ........................................................................................................................ 389
Node Information ....................................................................................................................... 389
Location Information .................................................................................................................. 390
Contact Information .................................................................................................................... 390
Service Accounts ....................................................................................................................... 390
Device Information ..................................................................................................................... 390
Port Information ......................................................................................................................... 391
Associations ............................................................................................................................... 391
Administration ............................................................................................................................ 391
Appendix L Diagnostic Console Bootup Messages 392
Index 393
xvii
The following sections have changed or information has been added to

What's New in the CC-SG Administrators Guide

the CommandCenter Secure Gateway Administrators Guide based on enhancements and changes to the equipment and/or documentation.
Add a License (on page 30) Pause and Resume Management of Devices Using a Scheduled
Task (on page 89)
IBM IMM Module Connection Details (on page 131) Assigning Policies To User Groups (on page 179) Upgrading a Cluster (on page 232) Primary Node Upgrade Failure (on page 233) Migrating a CC-SG Database (on page 233) Requirements for Migration (on page 233) Migrate a CC-SG Database (on page 233) Cluster Licenses (on page 261) Licensing FAQs (on page 387)
See the Release Notes for a more detailed explanation of the changes applied to this version of the CommandCenter Secure Gateway.
1
In This Chapter
Prerequisites .............................................................................................. 1
Terminology/Acronyms .............................................................................. 2
Client Browser Requirements .................................................................... 4

Prerequisites

Chapter 1

Introduction

The CommandCenter Secure Gateway (CC-SG) Administrators Guide offers instructions for administering and maintaining your CC-SG.
This guide is intended for administrators who typically have all available privileges.
Users who are not administrators should see Raritan's CommandCenter Secure Gateway User Guide.
Before configuring a CC-SG according to the procedures in this document, see Raritan's CommandCenter Secure Gateway Deployment Guide for more comprehensive instructions on deploying Raritan devices that are managed by CC-SG.
Chapter 1: Introduction
2

Terminology/Acronyms

Terms and acronyms found in this document include: Access Client - HTML-based client intended for use by normal access
users who need to access a node managed by CC-SG. The Access Client does not allow the use of administration functions.
Admin Client - Java-based client for CC-SG useable by both normal access users and administrators. It is the only client that permits administration.
Associations - relationships between categories, elements of a category, and ports or devices or both. For example, if you want to associate the
“Location” category with a device, create associations before adding
devices and ports in CC-SG. Category - a variable that contains a set of values or elements. An
example of a Category is Location, which may have elements such as
“New York City,” “Philadelphia,” or “Data Center 1.” When you add
devices and ports to CC-SG, you will associate this information with them. It is easier if you set up associations correctly first, before adding devices and ports to them. Another example of a Category is “OS Type,” which may have elements such as “Windows” or “Unix” or “Linux.”
CIM (Computer Interface Module) - hardware used to connect a target server and a Raritan device. Each target requires a CIM, except for the Dominion KX101, which is attached directly to one target and therefore does not require a CIM. Target servers should be powered on and connected to CIMs, and CIMs should be connected to the Raritan device BEFORE adding the device and configuring ports in CC-SG. Otherwise, a blank CIM name will overwrite the CC-SG port name. Servers must be rebooted after connecting to a CIM.
Device Group - defined group of devices that are accessible to a user. Device groups are used when creating a policy to control access to the devices in the group.
Devices - Raritan products such as Dominion KX, Dominion KX II, Dominion SX, Dominion KSX, IP-Reach, Paragon II System Controller, and Paragon II UMT832 with USTIP that are managed by CC-SG. These devices control the target servers and systems, or "nodes" that are connected to them. Check the CC-SG Compatibility Matrix on the Raritan Support web site for a list of supported devices.
Elements - values of a category. For example, the “New York City” element belongs to the “Location” category, and the “Windows” element belongs to the “OS Type” category.
Chapter 1: Introduction
3
Ghosted Ports - when managing Paragon devices, a ghosted port can occur when a CIM or target server is removed from the system or powered off (manually or accidentally). See Raritan's Paragon II User Guide.
Hostname - can be used if DNS server support is enabled. See About
Network Setup (on page 242).
The hostname and its Fully-Qualified Domain Name (FQDN = Hostname + Suffix) cannot exceed 257 characters. It can consist of any number of components, as long as they are separated by “.”.
Each component has a maximum size of 63 characters and the first character must be alphabetic. The remaining characters can be
alphabetic, numeric, or “-” (hyphen or minus). The last character of a component may not be “-”.
While the system preserves the case of the characters entered into the system, the FQDN is case-insensitive when used.
iLO/RILOE and iLO2/RILOE2 - Hewlett Packard's Integrated Lights Out/Remote Insight Lights Out servers that can be managed by CC-SG. Targets of an iLO/RILOE device are powered on/off and recycled directly. iLO/RILOE devices cannot be discovered by CC-SG; they have to be manually added as nodes. In this guide, the term iLO/RILOE includes both iLO/RILOE and iLO2/RILOE2.
In-band Access - going through the TCP/IP network to correct or troubleshoot a target in your network. KVM and Serial devices can be accessed via these in-band applications: RemoteDesktop Viewer, SSH Client, RSA Client, VNC Viewer.
IPMI Servers (Intelligent Platform Management Interface) - servers that can be controlled by CC-SG. IPMI are discovered automatically but can be added manually as well.
Out-of-Band Access - using applications such as Raritan Remote Console (RRC), Raritan Console (RC), Multi-Platform Client (MPC), Virtual KVM Client (VKC) or Active KVM Client (AKC) to correct or troubleshoot a KVM or serial managed node in your network.
Policies - define a user group's access within the CC-SG network. Policies are applied to a user group and have several control parameters to determine the level of control, such as date and time of access.
Nodes - target systems, such as servers, desktop PCs, and other networked equipment, that CC-SG users can access.
Interfaces - the different ways a Node can be accessed, whether through an out-of-band solution such as a Dominion KX2 connection, or through an in-band solution, such as a VNC server.
Chapter 1: Introduction
4
Node Groups - a defined group of nodes that are accessible to a user. Node groups are used when creating a policy to control access to the nodes in the group.
Ports - connection points between a Raritan device and a node. Ports exist only on Raritan devices, and they identify a pathway from that device to a node.
SASL (Simple Authentication and Security Layer) - method for adding authentication support to connection-based protocols.
SSH - clients, such as PuTTY or OpenSSH, that provide a command line interface to CC-SG. Only a subset of CC-SG commands is provided via SSH to administer devices and CC-SG itself.
User Groups - sets of users that share the same level of access and privileges.

Client Browser Requirements

For a complete list of supported browsers, see the Compatibility Matrix on the Raritan Support web site.
5
You can access CC-SG in several ways:
In This Chapter
Browser-Based Access via the CC-SG Admin Client ............................... 5
Thick Client Access ................................................................................... 6
CC-SG Admin Client .................................................................................. 8
Chapter 2

Accessing CC-SG

Browser: CC-SG supports numerous web browsers (for a complete
list of supported browsers, see the Compatibility Matrix on the Raritan Support website).
Thick Client: You can install a Java Web Start thick client on your
client computer. The thick client functions exactly like the browser-based client.
SSH: Remote devices connected via the serial port can be accessed
using SSH.
Diagnostic Console: Provides emergency repair and diagnostics only
and is not a replacement for the browser-based GUI to configure and operate CC-SG. See Diagnostic Console (on page 296).
Note: Users can be connected simultaneously, using the browser, thick client, and SSH while accessing CC-SG.

Browser-Based Access via the CC-SG Admin Client

The CC-SG Admin client is a Java-based client that provides a GUI for both administrative and access tasks, depending on your permissions.
1. Using a supported Internet browser, type the URL of the CC-SG and then type /admin: http(s)://IP address/admin, for example,
http://10.0.3.30/admin (https://10.0.3.30/admin) or
https://10.0.3.30/admin.
If you see the JRE Incompatibility Warning window, select the JRE version that is appropriate for your client computer and install it. Once JRE is installed, try this procedure again. See JRE
Incompatibility (on page 6).
Or, you can continue without installing a new JRE version.
2. If you see a Restricted Service Agreement, read the agreement text and select the I Understand and Accept the Restricted Service Agreement checkbox.
3. Type your Username and Password and click Log In.
4. Upon valid login, the CC-SG Admin Client opens.
Chapter 2: Accessing CC-SG
6

JRE Incompatibility

If you do not have the minimum required version of JRE installed on your client computer, you will see a warning message before you can access the CC-SG Admin Client. The JRE Incompatibility Warning window opens when CC-SG cannot find the required JRE file on your client computer.
If you see the JRE Incompatibility Warning window, select the JRE version that is appropriate for your client computer and install it, or you can continue without installing a new JRE version.
You must launch CC-SG again once JRE is installed. Administrators can configure the JRE minimum version that is
recommended and the message that appears in the JRE Incompatibility Warning window. See Configuring Custom JRE Settings (on page
254).

Thick Client Access

The CC-SG thick client allows you to connect to CC-SG by launching a Java Web Start application instead of running an applet through a web browser. The thick client can be faster than a browser. The minimum Java version required for running the thick client is 1.6.0.10.

Install the Thick Client

To download the thick client from CC-SG:
Note: If you are using JRE version 1.6.0_20, ensure that "Keep temporary files on my computer" is selected in the Temporary Internet Files tab in the Java Control panel. Without this setting, the thick client cannot launch and displays the following message: "Unable to launch application."
1. Launch a web browser and type this URL: http(s)://<IP_address>/install where <IP_address> is the IP address of the CC-SG.
If a security warning message appears, click Start to continue the
download.
2. When the download is complete, a new window in which you can specify the CC-SG IP address opens.
3. Type the IP address of the CC-SG unit you want to access in the IP to Connect field. Once you have connected, this address will be available from the IP to Connect drop-down list. The IP addresses are stored in a properties file that is saved to your desktop.
Chapter 2: Accessing CC-SG
7
4. If the CC-SG is configured for secure browser connections, you must select the Secure Socket Layer (SSL) checkbox. If the CC-SG is not configured for secure browser connections, you must deselect the Secure Socket Layer (SSL) checkbox. This setting must be correct or the thick client will not be able to connect to CC-SG.
To check the setting in CC-SG: Choose Administration >
Security. In the Encryption tab, look at the Browser Connection Protocol option. If the HTTPS/SSL option is selected, then you must select the Secure Socket Layer SSL checkbox in the thick client's IP address specification window. If the HTTP option is selected, deselect the Secure Socket Layer SSL checkbox in the thick client's IP address specification window.
5. Click Start. A warning message appears if you are using an unsupported
Java Runtime Environment version on your machine. Follow the prompts to either download a supported Java version, or continue with the currently installed version.
6. The login screen appears.
7. If the Restricted Service Agreement is enabled, read the agreement text, and then select the I Understand and Accept the Restricted Service Agreement checkbox.
8. Type your Username and Password in the corresponding fields, and then click Login to continue.

Use the Thick Client

The minimum Java version required for running the thick client is
1.6.0.10.
Once the thick client is installed, there are two ways to access it on your client computer.
To access the thick client:
Launch the thick client from the Java Control Panel's Java
Application Cache Viewer.
Use the Java Control Panel's Java Application Cache Viewer to
install a shortcut icon on your desktop for the thick client.
Chapter 2: Accessing CC-SG
8

CC-SG Admin Client

Upon valid login, the CC-SG Admin Client appears.
Chapter 2: Accessing CC-SG
9
Nodes tab: Click the Nodes tab to display all known target nodes in a
tree view. Click a node to view the Node Profile. Interfaces are grouped under their parent nodes. Click the + and - signs to expand or collapse the tree. Right-click an interface and select Connect to connect to that interface. You can sort the nodes by Node Name (alphabetically) or Node Status (Available, Busy, Unavailable). Right-click the tree view, select Node Sorting Options, and then select By Node Name or By Node Status.
Users tab: Click the Users tab to display all registered Users and
Groups in a tree view. Click the + and - signs to expand or collapse the tree.
Devices tab: Click the Devices tab to display all known Raritan
devices in a tree view. Different device types have different icons. Ports are grouped under their parent devices. Click the + and - signs to expand or collapse the tree. Click a port to view the Port Profile. Right-click a port and select Connect to connect to that port. You can sort the ports by Port Name (alphabetical), Port Status (Available, Busy, Unavailable) or Port Number (numerical). Right-click the tree view, select Port Sorting Options, and then select By Node Name or By Node Status.
Quick Commands toolbar: This toolbar offers shortcut buttons for
executing common commands.
Operation and Configuration menu bar: These menus contain
commands to operate and configure CC-SG. You can access some of these commands by right-clicking on the icons in the Nodes, Users, and Devices Selection tabs. The menus and menu items you see are based on your user access privileges.
Server time: The current time and time zone as configured on
CC-SG in Configuration Manager. This time is used when scheduling tasks in Task Manager. See Task Manager (on page 278). This time may be different than the time your client PC uses.
10
Before you can begin configuring and working in CC-SG, you must have
In This Chapter
Licensing - Getting Started - New and Existing Customers .................... 10
Licensing - Basic License Information ..................................................... 11
Licensing - New Customers - Physical Appliance ................................... 14
Licensing - Virtual Appliance with License Server .................................. 17
Licensing - Limited Operation Before License Install .............................. 28
Licensing - Existing Customers ............................................................... 29
Licensing - Rehosting .............................................................................. 29
Add a License .......................................................................................... 30
Confirming IP Address ............................................................................. 30
Setting CC-SG Server Time .................................................................... 30
Checking the Compatibility Matrix ........................................................... 31
Checking and Upgrading Application Versions ....................................... 32
Chapter 3

Getting Started

valid licenses installed. Then, upon first login, you should confirm the IP address, set the CC-SG server time, and check the firmware and application versions installed. You may need to upgrade the firmware and applications.
Once you have completed your initial configurations, proceed to Guided Setup. See Configuring CC-SG with Guided Setup (on page 33).

Licensing - Getting Started - New and Existing Customers

In CC-SG 5.0, Raritan introduces a new licensing technology. You must have valid licenses installed before you can begin using
CC-SG 5.0. Until the licenses are installed, your CC-SG only allows access to limited functions. See Licensing - Limited Operation Before
License Install (on page 28).
To get started with licensing:
If you're a new customer to CC-SG with a physical appliance, see
Licensing - New Customers - Physical Appliance (on page 14).
If you're a new customer to CC-SG with a virtual appliance, see
Licensing - Virtual Appliance with License Server (on page 17).
If you're an existing customer who is upgrading to CC-SG 5.0, see
Licensing - Existing Customers (on page 29).
Chapter 3: Getting Started
11

Licensing - Basic License Information

CC-SG product
Description
Information needed to create license for first time
CC-E1-128
CC-SG E1 Appliance, includes 128 Node License
Host ID of the CC-SG unit
CC-E1-256
CC-SG E1 Appliance, includes 256 Node License
Host ID of the CC-SG unit
CC-E1-512
CC-SG E1 Appliance, includes 512 Node License
Host ID of the CC-SG unit
CC-V1-128
CC-SG V1 Appliance, includes 128 Node License
Host ID of the CC-SG unit
Licenses are based on the number of nodes configured in CC-SG. Your purchase of a physical or virtual appliance includes a license to use
a specific number of nodes. This "base license" enables CC-SG functionality and includes licensing for up to the set number of nodes. If you need more nodes, you will also purchase an Add-On license for additional nodes. If you want to use the WS-API feature, you must also purchase an Add-On license for WS-API access.
License files for physical appliances are associated with a specific CC-SG unit's Host ID.
License files for virtual appliances are associated with a specific license server's Host ID.
This means that license files are not transferable.
If you are a new customer with a physical appliance, you will
download your license files from the Raritan Licensing Page website. See Licensing - New Customers - Physical Appliance (on page
14).
If you are an existing pre-5.0 customer, you do not need to download
license files. When a pre-5.0 CC-SG unit is upgraded to 5.0 or higher, the licenses are converted to the new format. A new base license and any applicable Add-On licenses are created and automatically installed and checked out as needed to accommodate your current configuration. See Licensing - Existing Customers (on page 29)
If you are a virtual appliance customer, you must deploy a license
server. See Licensing - Virtual Appliance with License Server (on page 17).

Available Licenses

Chapter 3: Getting Started
12
CC-SG product
Description
Information needed to create license for first time
CC-V1-256
CC-SG V1 Appliance, includes 256 Node License
Host ID of the CC-SG unit
CCSG128-VA
CC-SG Virtual Appliance, includes 128 Node License
Host ID of the Windows or Linux license
server
Hostname or IP address of the Windows or
Linux license server
CC-2XE1-512
Cluster Kit: 2 CC-SG E1 Appliances, includes 512 Node License
Host IDs of each CC-SG unit in the cluster
CC-2XE1-1024
Cluster Kit: 2 CC-SG E1 Appliances, includes 1024 Node License
Host IDs of each CC-SG unit in the cluster
CC-2XV1-256
Cluster Kit: 2 CC-SG V1 Appliances, includes 256 Node License
Host IDs of each CC-SG unit in the cluster
Add-on Licenses
Licenses for additional nodes and value added services, such as WS-API.
Host ID of the CC-SG unit

Find Your Physical Appliance Host ID and Check Number of Nodes In Database

The License Manager page contains information about your licenses, including the number of licensed nodes currently in your database. You can retrieve the physical appliance Host ID from the License Management page. You will need to enter your CommandCenter Secure Gateway's Host ID when creating a license file on the Raritan Licensing portal. See Licensing - New Customers - Physical Appliance (on page 14) for details on getting your new license files.
If you have a virtual appliance, see Get Your License (on page 19) for details on retrieving your license server Host ID.
To view your Host ID and check number of nodes in database:
1. Choose Administration > License Management.
2. The Host ID of the CommandCenter Secure Gateway unit you are logged into displays in the License Management page. You can copy and paste the Host ID. For virtual CC-SG, the Host ID displays in the License Summary section after you have installed the license server. The License Manager page is slightly different for physical and virtual appliances.
Loading...
+ 390 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use