Raritan Engineering CC-SG User Manual

Download

CommandCenter ®

Secure Gateway

CC-SG

Administrator Guide

Release 3.0

CCA-0B-E

May 2006

255-80-5140-00

This page intentionally left blank.

This document contains proprietary information that is protected by copyright. All rights reserved. No part of this document may be photocopied, reproduced, or translated into another language without express prior written consent of Raritan, Inc.

© Copyright 2006 Raritan, CommandCenter, RaritanConsole, Dominion, and the Raritan company logo are trademarks or registered trademarks of Raritan, Inc. All rights reserved. Java is a registered trademark of Sun Microsystems, Inc. Internet Explorer is a registered trademark of Microsoft Corporation. Netscape and Netscape Navigator are registered trademarks of Netscape Communication Corporation. All other marks are the property of their respective owners.

FCC Information

This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial installation. This equipment generates, uses, and can radiate radio frequency energy and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. Operation of this equipment in a residential environment may cause harmful interference.

Japanese Approvals

Raritan is not responsible for damage to this product resulting from accident, disaster, misuse, abuse, non-Raritan modification of the product, or other events outside of Raritan’s reasonable control or not arising under normal operating conditions.

LI STED

1F61

I.T.E.

For assistance in the North or South America, please contact the Raritan Technical Support Team

by telephone (732) 764-8886, by fax (732) 764-8887, or by e-mail

tech@raritan.com

Ask for Technical Support – Monday through Friday, 8:00am to 8:00pm, Eastern.

For assistance around the world, please see the last page of this guide for

regional Raritan office contact information.

Safety Guidelines

To avoid potentially fatal shock hazard and possible damage to Raritan equipment:

• Do not use a 2-wire power cord in any product configuration.

• Test AC outlets at your computer and monitor for proper polarity and grounding.

• Use only with grounded outlets at both the computer and monitor. When using a backup UPS,

power the computer, monitor and appliance off the supply.

Rack Mount Safety Guidelines

In Raritan products which require Rack Mounting, please follow these precautions:

• Operation temperature in a closed rack environment may be greater than room temperature.

Do not exceed the rated maximum ambient temperature of the appliances (see

Specifications).

• Ensure sufficient airflow through the rack environment.

• Mount equipment in the rack carefully to avoid uneven mechanical loading.

• Connect equipment to the supply circuit carefully to avoid overloading circuits.

• Ground all equipment properly, especially supply connections, such as power strips (other

than direct connections), to the branch circuit.

Appendix A:

CONTENTS i

Contents

Chapter 1: Introduction....................................................................................................1

Prerequisites..............................................................................................................................1

Intended Audience.....................................................................................................................1

Product Photos...........................................................................................................................1

Product Features and Benefits ..................................................................................................2

Terminology/Acronyms ..............................................................................................................3

New 3.0 Features.......................................................................................................................6

Chapter 2: Accessing CC-SG............................................................................................7

Browser-Based Access..............................................................................................................7

Standalone Client Access..........................................................................................................9

Confirm IP Address....................................................................................................................9

Check and Upgrade CC-SG Firmware Version.......................................................................10

Check and Upgrade Application Versions ...............................................................................10

Connection to Console and KVM Management Appliances ............................................................11

Power Down CC-SG................................................................................................................13

CC-SG Window Components..................................................................................................13

Overview ..................................................................................................................................14

Main Window Components..............................................................................................................15

Configuring CC-SG Manager Components .............................................................................16

Configurable Parameters.................................................................................................................16

Compatibility Matrix..................................................................................................................17

Chapter 3: Example Configuration Workflow .............................................................19

Create Associations.................................................................................................................19

Add Devices.............................................................................................................................22

Configure Ports........................................................................................................................24

Serial Port........................................................................................................................................24

KVM Port.........................................................................................................................................26

Add Users to System Administrators Group............................................................................27

Control User Access ................................................................................................................28

Create User Groups.........................................................................................................................28

Create/Edit Port Groups ..................................................................................................................30

Create/Edit Policies .........................................................................................................................31

Apply Policies to User Groups.........................................................................................................32

Add Users to User Group ................................................................................................................33

Chapter 4: Creating Associations...................................................................................35

Associations.............................................................................................................................35

Associations-Defining Categories and Elements.............................................................................35

Association Terminology.................................................................................................................. 36

How to Create Associations.............................................................................................................37

Association Manager................................................................................................................37

Add Category...................................................................................................................................38

Edit Category...................................................................................................................................39

Delete Category...............................................................................................................................39

Add Element....................................................................................................................................40

Edit Element....................................................................................................................................41

Delete Element................................................................................................................................41

Association Wizard...................................................................................................................42

Import Categories, Devices, Ports from CSV File....................................................................45

CSV File Format..............................................................................................................................46

CSV File Example............................................................................................................................46

Chapter 5: Adding Devices and Device Groups............................................................49

Device Manager.......................................................................................................................49

Device Icons....................................................................................................................................50

Add Device...................................................................................................................................... 51

Edit Device ......................................................................................................................................54

Delete Device ..................................................................................................................................55

Bulk Copy........................................................................................................................................55

Backup Device Configuration ..........................................................................................................56

Restore Device Configuration..........................................................................................................56

ii CONTENTS

Copy Device Configuration..............................................................................................................57

Upgrade Device............................................................................................................................... 57

Ping Device .....................................................................................................................................58

Restart Device.................................................................................................................................58

Pause Device ..................................................................................................................................59

Resume Device ...............................................................................................................................59

View Devices............................................................................................................................59

Regular View ...................................................................................................................................59

Custom View ...................................................................................................................................60

Add Custom View............................................................................................................................61

Edit Custom View ............................................................................................................................61

Delete Custom View........................................................................................................................62

Topological View..............................................................................................................................63

Special Access to Paragon II System Devices........................................................................64

Paragon II System Controller (P2-SC).............................................................................................64

IP-Reach and UST-IP Administration ..............................................................................................65

Device Power Manager............................................................................................................66

Discover Devices .....................................................................................................................67

Device Group Manager............................................................................................................69

Add Device Group ...........................................................................................................................69

Edit Device Group Name.................................................................................................................70

Delete Device Group .......................................................................................................................71

Add Device Rule..............................................................................................................................71

Delete Device Rule..........................................................................................................................72

Search for Devices...................................................................................................................73

Navigation Tips................................................................................................................................73

Supported Wildcards .......................................................................................................................73

Disconnect Users.....................................................................................................................74

Chapter 6: Configuring Ports and Port Groups...........................................................75

Port Manager ...........................................................................................................................75

Port Icons ........................................................................................................................................77

Configure Port .................................................................................................................................78

Edit Port...........................................................................................................................................88

Port Group Manager........................................................................................................................91

Chapter 7: Adding Users and User Groups ..................................................................93

Add User ..................................................................................................................................93

Edit User ..................................................................................................................................94

Change User Password...................................................................................................................95

Change Own Password ...........................................................................................................95

Delete User..............................................................................................................................96

Logoff User(s) ..........................................................................................................................97

Bulk Copy.................................................................................................................................98

Add User to Group...................................................................................................................99

Delete User from Group...........................................................................................................99

Default User Groups ................................................................................................................99

Add User Group.....................................................................................................................100

Edit User Group .....................................................................................................................101

Apply (Edit) User Group Policies ...........................................................................................102

Delete User Group.................................................................................................................103

Assign Users to Group...........................................................................................................103

Search for Users....................................................................................................................104

Navigation Tips..............................................................................................................................104

Supported Wildcards .....................................................................................................................105

Chapter 8: Creating Policies.........................................................................................107

Controlling User Access with Policies....................................................................................107

Policy Terminology ........................................................................................................................107

User Groups ..................................................................................................................................108

Port Groups ...................................................................................................................................108

Device Groups...............................................................................................................................108

Policies..........................................................................................................................................109

Apply Policies to User Group.........................................................................................................109

Policy Summary.............................................................................................................................109

Policy Manager ......................................................................................................................110

Add Policy......................................................................................................................................110

CONTENTS iii

Edit Policy......................................................................................................................................111

Delete Policy..................................................................................................................................112

Chapter 9: Configuring Remote Authentication ........................................................113

Authentication and Authorization...........................................................................................113

Flow for Authentication..................................................................................................................113

User Accounts ...............................................................................................................................113

Establish Order of Authentication Databases........................................................................114

Distinguished Names for LDAP and Active Directory............................................................114

Username......................................................................................................................................114

Base DN........................................................................................................................................115

Active Directory (AD)..............................................................................................................115

Setup on AD Server.......................................................................................................................115

Setup on CC-SG............................................................................................................................117

General Settings on CC-SG ..........................................................................................................118

Advanced Settings on CC-SG .......................................................................................................119

Group Settings on CC-SG.............................................................................................................121

LDAP (Netscape)...................................................................................................................124

Sun One LDAP (iPlanet) Configuration Settings............................................................................127

OpenLDAP (eDirectory) Configuration Settings.............................................................................127

TACACS+...............................................................................................................................128

RADIUS..................................................................................................................................130

Certificate...............................................................................................................................131

Export Current Certificate and Private Key....................................................................................131

Generate Certificate Signing Request ...........................................................................................132

Generate Self Signed Certificate Request.....................................................................................133

IP-ACL....................................................................................................................................134

Chapter 10: Generating Reports..................................................................................135

Active Users Report...............................................................................................................135

Active Ports Report................................................................................................................136

Asset Management Report....................................................................................................137

Audit Trail Report...................................................................................................................138

Error Log Report ....................................................................................................................140

Ping Report............................................................................................................................142

Accessed Devices Report......................................................................................................143

Group Data Report.................................................................................................................145

User Data Report...................................................................................................................146

Users In Groups Report.........................................................................................................147

Query Port Report..................................................................................................................148

View Stored Reports..............................................................................................................149

Locked Out Users Report.......................................................................................................150

CC-NOC Synchronization Report..........................................................................................151

Chapter 11: System Maintenance.................................................................................153

Reset CC-SG.........................................................................................................................153

Backup CC-SG.......................................................................................................................153

Restore CC-SG......................................................................................................................154

Saving and Uploading Backup Files..............................................................................................155

Refresh CC-SG Display.........................................................................................................156

Upgrade CC-SG.....................................................................................................................157

Restart CC-SG.......................................................................................................................157

Shut Down CC-SG.................................................................................................................158

Restart CC-SG after Shutdown......................................................................................................158

End CC-SG Session ..............................................................................................................159

Log Out..........................................................................................................................................159

Exit CC-SG....................................................................................................................................159

Maintenance Mode.................................................................................................................159

Scheduled Tasks...........................................................................................................................160

Entering Maintenance Mode..........................................................................................................160

Exiting Maintenance Mode ............................................................................................................160

Chapter 12: Advanced Administration........................................................................161

Configuration Manager...........................................................................................................161

Network Configuration...................................................................................................................161

Log Configuration ..........................................................................................................................163

iv CONTENTS

Inactivity Timer Configuration ........................................................................................................164

Time/Date Configuration................................................................................................................165

Modem Configuration ....................................................................................................................166

Connection Mode...........................................................................................................................172

Device Settings..............................................................................................................................174

SNMP............................................................................................................................................175

Configure Security..................................................................................................................176

Strong Password Rules.................................................................................................................177

Enable User Lockout .....................................................................................................................177

Application Manager ..............................................................................................................178

Add Application..............................................................................................................................178

Edit Application..............................................................................................................................179

Delete Application..........................................................................................................................180

Firmware Manager.................................................................................................................180

Upload Firmware ...........................................................................................................................180

Delete Firmware............................................................................................................................181

CommandCenter NOC...........................................................................................................181

Add a CC-NOC..............................................................................................................................182

Edit a CC-NOC..............................................................................................................................185

Launch CC-NOC............................................................................................................................186

Delete a CC-NOC..........................................................................................................................187

Cluster Configuration .............................................................................................................187

Create a Cluster.............................................................................................................................188

Remove Secondary CC-SG Node.................................................................................................190

Remove Primary CC-SG Node......................................................................................................190

Recover a Failed CC-SG Node .....................................................................................................190

Set Advanced Settings ..................................................................................................................191

Task Manager........................................................................................................................191

Task Types....................................................................................................................................191

Scheduling Sequential Tasks ........................................................................................................192

Email Notifications.........................................................................................................................192

Stored Reports ..............................................................................................................................192

Create a New Task........................................................................................................................193

View a Task, Details of a Task, and Task History..........................................................................195

Notification Manager..............................................................................................................197

SSH Access to CC-SG...........................................................................................................198

Command Tips ..............................................................................................................................200

Create a SSH Connection to an SX Device...................................................................................201

Connect to a Serial Port.................................................................................................................202

Exit a Session................................................................................................................................203

Diagnostic Console................................................................................................................204

Accessing Diagnostic Console via SSH.........................................................................................204

Accessing Status Console.............................................................................................................205

Accessing Administrator Console..................................................................................................206

Appendix A: Specifications (G1, V1) ...........................................................................225

G1 Platform............................................................................................................................225

General Specifications...................................................................................................................225

Hardware Specifications................................................................................................................225

Remote Connection.......................................................................................................................225

Environmental Requirements ........................................................................................................225

Electrical Specifications.................................................................................................................226

V1 Platform ............................................................................................................................227

General Specifications...................................................................................................................227

Hardware Specifications................................................................................................................227

Remote Connection.......................................................................................................................227

Environmental Requirements ........................................................................................................227

Electrical Specifications.................................................................................................................228

Appendix B: CC-SG and Network Configuration......................................................229

Introduction ............................................................................................................................229

Executive Summary...............................................................................................................229

CC-SG Communication Channels.........................................................................................231

CC-SG and Raritan Devices.......................................................................................................... 231

CC-SG Clustering..........................................................................................................................231

Access to Infrastructure Services ..................................................................................................232

PC Clients to CC-SG.....................................................................................................................232

PC Clients to Targets.....................................................................................................................233

CC-SG & Client for IPMI, iLO/RILOE, Etc......................................................................................233

CONTENTS v

CC-SG & SNMP ............................................................................................................................234

CC-SG & CC-NOC ........................................................................................................................234

CC-SG Internal Ports.....................................................................................................................234

CC-SG Access via NAT-enabled Firewall..............................................................................234

Security and Open Port Scans...............................................................................................235

Appendix C: Initial Setup Process Overview..............................................................237

Appendix D: User Group Privileges.............................................................................239

Appendix E: SNMP Traps ............................................................................................243

Appendix F: Troubleshooting.......................................................................................245

Client Browser Requirements................................................................................................245

Import CSV File (Category, Device, Port) Error Message.....................................................245

Port and Policy Group Creation Failure.................................................................................246

Appendix G: FAQs ........................................................................................................247

vi FIGURES

Figures

Figure 1 CC-SG Front View.........................................................................................................................1

Figure 2 CC-SG - Rear Panel......................................................................................................................1

Figure 3 Security Alert Window.................................................................................................................... 7

Figure 4 Login Window ................................................................................................................................8

Figure 5 CC-SG Application Window...........................................................................................................8

Figure 6 IP Specification Window ...............................................................................................................9

Figure 7 Set IP Address with Configuration Manager Commands............................................................... 9

Figure 8 Upgrade CC-SG...........................................................................................................................10

Figure 9 CC-SG Application Manager........................................................................................................ 10

Figure 10 CC-SG Application Search Window...........................................................................................11

Figure 11 Security Warning for Signed Console Applet.............................................................................12

Figure 12 RaritanConsole Application........................................................................................................12

Figure 13 CC-SG Application Window....................................................................................................... 15

Figure 14 Compatibility Matrix....................................................................................................................17

Figure 15 Association Wizard Overview ....................................................................................................19

Figure 16 Association Wizard - Category and Elements Screen................................................................20

Figure 17 Adding Another Category...........................................................................................................21

Figure 18 Association Wizard - Confirm Choices ....................................................................................... 21

Figure 19 Association Wizard - Summary Screen......................................................................................22

Figure 20 Add Device CC-SG....................................................................................................................22

Figure 21 Add Device PowerStrip..............................................................................................................23

Figure 22 Add Device SX...........................................................................................................................23

Figure 23 Configuration Ports....................................................................................................................24

Figure 24 Configure Serial Ports................................................................................................................25

Figure 25 Configure Ports..........................................................................................................................26

Figure 26 Configure KVM Port................................................................................................................... 26

Figure 27 Add User Screen........................................................................................................................27

Figure 28 Add User Group Screen.............................................................................................................29

Figure 29 Port Groups Manager Screen....................................................................................................30

Figure 30 Add Port Group Window............................................................................................................30

Figure 31 Policy Manager Screen..............................................................................................................31

Figure 32 Update Policy Window...............................................................................................................32

Figure 33 Edit User Group Policies Screen................................................................................................32

Figure 34 Add User Screen........................................................................................................................33

Figure 35 CC-SG Organization Example...................................................................................................35

Figure 36 Association Manager Screen.....................................................................................................38

Figure 37 Add Category Window...............................................................................................................38

Figure 38 Edit Category Window ............................................................................................................... 39

Figure 39 Delete Category Window...........................................................................................................39

Figure 40 Association Manager Screen.....................................................................................................40

Figure 41 Add Element Window.................................................................................................................40

Figure 42 Edit Element Window................................................................................................................. 41

Figure 43 Delete Element Window.............................................................................................................41

Figure 44 Association Wizard Overview ....................................................................................................42

Figure 45 Association Wizard - Category And Elements Screen...............................................................42

Figure 46 Adding Another Category...........................................................................................................43

Figure 47 Association Wizard - Confirm Choices ....................................................................................... 43

Figure 48 Association Wizard - Summary Screen......................................................................................44

Figure 49 Import Categories Screen.......................................................................................................... 45

Figure 50 Analysis Report Screen .............................................................................................................47

Figure 51 The Devices Tab And View Devices Screen.............................................................................. 49

FIGURES vii

Figure 52 Add Device Selection Screen ....................................................................................................51

Figure 53 Add Device Screen for PowerStrip.............................................................................................51

Figure 54 Add Device Screen for Raritan Devices ..................................................................................... 52

Figure 55 Add Device Screen for iLO, RILOE............................................................................................52

Figure 56 Add Device Screen for IPMI Server (v 1.5)................................................................................ 53

Figure 57 Add Device Screen for Generic Device......................................................................................53

Figure 58 Edit Device Screen ....................................................................................................................54

Figure 59 Delete Device Screen................................................................................................................55

Figure 60 Bulk Copy Screen......................................................................................................................55

Figure 61 Backup Device Configuration Screen ........................................................................................56

Figure 62 Restore Device Configuration Screen........................................................................................56

Figure 63 Copy Device Configuration Screen............................................................................................57

Figure 64 Upgrade Device Screen.............................................................................................................57

Figure 65 Ping Device Screen ...................................................................................................................58

Figure 66 Restart Device Screen............................................................................................................... 58

Figure 67 Devices Tree Regular View Screen...........................................................................................59

Figure 68 Custom View Screen .................................................................................................................60

Figure 69 Add Custom View Window.........................................................................................................61

Figure 70 Edit Custom View Window.........................................................................................................61

Figure 71 Custom View Screen .................................................................................................................62

Figure 72 Delete Custom View Window.....................................................................................................62

Figure 73 Topological View Screen ...........................................................................................................63

Figure 74 Paragon System Launch Admin Menu Option...........................................................................64

Figure 75 Paragon Manager Application Window......................................................................................64

Figure 76 Remote User Station Admin Option...........................................................................................65

Figure 77 IP-Reach Administration Screen................................................................................................65

Figure 78 Device Power Manager Screen ................................................................................................. 66

Figure 79 Discover Devices Screen...........................................................................................................67

Figure 80 Discovered Devices List Window...............................................................................................67

Figure 81 Add Device Screen....................................................................................................................68

Figure 82 Device Groups Manager Screen................................................................................................ 69

Figure 83 Add Device Group Window........................................................................................................69

Figure 84 Device Groups Manager Screen................................................................................................ 70

Figure 85 Edit Device Group Window........................................................................................................70

Figure 86 Device Groups Manager Screen................................................................................................ 71

Figure 87 Delete Device Group Window....................................................................................................71

Figure 88 Device Groups Manager Screen................................................................................................ 71

Figure 89 Device Groups Manager Screen................................................................................................ 72

Figure 90 Delete Rule Window ..................................................................................................................72

Figure 91 Search for Devices.....................................................................................................................73

Figure 92 Disconnect Users....................................................................................................................... 74

Figure 93 The Ports Tab And View KVM Port Screen ...............................................................................76

Figure 94 Configure Ports Screen..............................................................................................................78

Figure 95 Configure Serial Ports Screen ...................................................................................................79

Figure 96 Associated Generic Device with a Serial Port ............................................................................ 79

Figure 97 In-Band Parameters...................................................................................................................80

Figure 98 Configure Ports Screen..............................................................................................................81

Figure 99 Configure KVM Port Screen....................................................................................................... 81

Figure 100 In-Band Parameters.................................................................................................................82

Figure 101 Associated Generic Device with a KVM Port...........................................................................82

Figure 102 Configure Ports Screen............................................................................................................83

Figure 103 Configure Generic Ports Screen..............................................................................................83

Figure 104 Configure Ports Screen for Powerstrip Device ......................................................................... 84

viii FIGURES

Figure 105 Configure Ports Screen for IPMI Server...................................................................................84

Figure 106 Configure Outlet Port Screen...................................................................................................85

Figure 107 Delete Port Screen...................................................................................................................86

Figure 108 Bulk Copy Screen....................................................................................................................87

Figure 109 Edit Serial Port Screen.............................................................................................................88

Figure 110 Edit KVM Port Screen.............................................................................................................. 89

Figure 111 Edit Generic Port Screen ......................................................................................................... 90

Figure 112 Port Groups Manager Screen..................................................................................................91

Figure 113 Add Port Group Window..........................................................................................................91

Figure 114 Edit Port Group Window ..........................................................................................................92

Figure 115 Delete Port Group Window......................................................................................................92

Figure 116 Add User Screen......................................................................................................................93

Figure 117 Edit User Screen......................................................................................................................94

Figure 118 Change User Password Screen............................................................................................... 95

Figure 119 Change My Profile Screen....................................................................................................... 95

Figure 120 Delete User Screen..................................................................................................................96

Figure 121 Logoff Users Screen................................................................................................................97

Figure 122 Bulk Copy Screen....................................................................................................................98

Figure 123 Add User To Group Screen .....................................................................................................99

Figure 124 Delete User From Group Screen ............................................................................................. 99

Figure 125 Add User Group Screen.........................................................................................................100

Figure 126 Edit User Group Screen.........................................................................................................101

Figure 127 Edit User Group Policies Screen............................................................................................102

Figure 128 Group Delete User Group Screen .......................................................................................... 103

Figure 129 Assign Users in Group Screen............................................................................................... 103

Figure 130 Search for Users....................................................................................................................104

Figure 131 Ports, Port Groups, Policies, User Groups, Users .................................................................109

Figure 132 Policy Manager Screen..........................................................................................................110

Figure 133 Add Appliance Policy Window ...............................................................................................110

Figure 134 Update Policy Window........................................................................................................... 111

Figure 135 Edit Appliance Policy Window................................................................................................111

Figure 136 Update Policy Window........................................................................................................... 111

Figure 137 Delete Appliance Policy Window............................................................................................112

Figure 138 Security Manager General Screen......................................................................................... 114

Figure 139 Active Directory Account........................................................................................................115

Figure 140 Active Directory Users ...........................................................................................................116

Figure 141 Assigning User to a Group.....................................................................................................116

Figure 142 Specifying a Name for Active Directory Server......................................................................117

Figure 143 Specifying General Values for Active Directory Server.......................................................... 118

Figure 144 Specifying Advanced Values for Active Directory Server.......................................................119

Figure 145 Specifying Group Values for Active Directory Server............................................................. 121

Figure 146 Importing Groups from Active Directory Server .....................................................................122

Figure 147 Viewing Privileges of Imported Group....................................................................................122

Figure 148 Viewing Policy of Imported Group.......................................................................................... 123

Figure 149 Logging In as Remotely Authenticated User.......................................................................... 123

Figure 150 Security Manager Add Module Screen ..................................................................................124

Figure 151 Security Manager LDAP Screen General Tab ....................................................................... 125

Figure 152 Security Manager LDAP Screen Advanced Tab....................................................................126

Figure 153 Security Manager Add Module Screen ..................................................................................128

Figure 154 Specifying a TACACS+ Server .............................................................................................. 129

Figure 155 Security Manager Add Module Screen ..................................................................................130

Figure 156 Specifying a RADIUS Server .................................................................................................130

Figure 157 Security Manager Certificate Screen .....................................................................................131

FIGURES ix

Figure 158 Generate Certificate Signing Request Screen ....................................................................... 132

Figure 159 Certificate Request Generated...............................................................................................132

Figure 160 Generate Self Signed Certificate Window..............................................................................133

Figure 161 Security Manager IP-ACL Screen..........................................................................................134

Figure 162 Active Users Report...............................................................................................................135

Figure 163 Manage Report Window ........................................................................................................136

Figure 164 Active Ports Report................................................................................................................ 136

Figure 165 Asset Management Report .................................................................................................... 137

Figure 166 Audit Trail Screen ..................................................................................................................138

Figure 167 Audit Trail Report................................................................................................................... 139

Figure 168 Error Log Screen....................................................................................................................140

Figure 169 Error Log Report....................................................................................................................141

Figure 170 Ping Report............................................................................................................................142

Figure 171 Accessed Devices Screen ..................................................................................................... 143

Figure 172 Accessed Devices Report......................................................................................................144

Figure 173 Groups Report .......................................................................................................................145

Figure 174 All Users’ Data Report ...........................................................................................................146

Figure 175 Users In Groups Report.........................................................................................................147

Figure 176 Query Port Report .................................................................................................................. 148

Figure 177 View Stored Reports..............................................................................................................149

Figure 178 Locked Out Users Report ......................................................................................................150

Figure 179 CC-NOC Synchronization Report .........................................................................................151

Figure 180 Reset CC-SG Screen.............................................................................................................153

Figure 181 Backup CC-SG Screen..........................................................................................................153

Figure 182 Restore CC-SG Screen .........................................................................................................154

Figure 183 Browse to Upload a Backup of CC-SG..................................................................................155

Figure 184 Refresh Shortcut Button.........................................................................................................156

Figure 185 Upgrade CC-SG Screen ........................................................................................................ 157

Figure 186 Restart Screen.......................................................................................................................157

Figure 187 Info Window...........................................................................................................................158

Figure 188 Shutdown CC-SG Screen...................................................................................................... 158

Figure 189 Logout Window......................................................................................................................159

Figure 190 Exit Window...........................................................................................................................159

Figure 191 Enter Maintenance Mode.......................................................................................................160

Figure 192 Configuration Manager Network Settings Screen..................................................................161

Figure 193 Primary/Backup Network .......................................................................................................162

Figure 194 Active/Active Network............................................................................................................162

Figure 195 Configuration Manager Logs Screen .....................................................................................163

Figure 196 Configuration Manager Inactivity Timer Screen.....................................................................164

Figure 197 Configuration Manager Time/Date Screen............................................................................. 165

Figure 198 Configuration Manager Modem Screen ................................................................................. 166

Figure 199 Modems Tab..........................................................................................................................166

Figure 200 Extra Initialization Commands................................................................................................167

Figure 201 Create a new connection ....................................................................................................... 167

Figure 202 New Connection Wizard ........................................................................................................168

Figure 203 Connection Name..................................................................................................................168

Figure 204 Phone Number to Dial............................................................................................................168

Figure 205 Specify Dial-up Script.............................................................................................................169

Figure 206 Connecting to CC-SG............................................................................................................170

Figure 207 Entering username and password .........................................................................................170

Figure 208 After Dial Terminal.................................................................................................................171

Figure 209 Configuration Manager Connection Screen – Direct Mode or Proxy Mode............................ 172

Figure 210 Configuration Manager Connection Screen – Both...............................................................173

x FIGURES

Figure 211 Configuration Settings Device Settings Screen......................................................................174

Figure 212 Configuration Settings Device Settings Screen......................................................................175

Figure 213 Security Manager General Screen......................................................................................... 176

Figure 214 Lockout Settings ....................................................................................................................177

Figure 215 Error (User Being Locked Out) Screen..................................................................................178

Figure 216 Application Manager Screen..................................................................................................178

Figure 217 Add Application Window ........................................................................................................ 178

Figure 218 Search Window...................................................................................................................... 179

Figure 219 Edit Application Window ........................................................................................................179

Figure 220 Delete Application Window.................................................................................................... 180

Figure 221 Firmware Manager Screen ....................................................................................................180

Figure 222 Search Window...................................................................................................................... 181

Figure 223 Delete Firmware Window.......................................................................................................181

Figure 224 CC-NOC Configuration Screen.............................................................................................. 182

Figure 225 CC-NOC Configuration Screen.............................................................................................. 182

Figure 226 Add CC-NOC Configuration Screen.......................................................................................183

Figure 227 CC-NOC Passcodes.............................................................................................................. 184

Figure 228 CC-NOC Configuration Screen.............................................................................................. 185

Figure 229 Edit CC-NOC Configuration Screen.......................................................................................186

Figure 230 Launch CC-NOC.................................................................................................................... 186

Figure 231 Delete CC-NOC Screen.........................................................................................................187

Figure 232 Cluster Configuration Screen.................................................................................................188

Figure 233 Cluster Configuration – Primary Node Set.............................................................................188

Figure 234 Cluster Configuration – Set Secondary CC-SG .....................................................................189

Figure 235 Recovering a node from Waiting status................................................................................. 190

Figure 236 Cluster Configuration Advanced Settings ..............................................................................191

Figure 237 Task Manager........................................................................................................................ 193

Figure 238 Create Task ........................................................................................................................... 193

Figure 239 Selecting a Task to Schedule.................................................................................................194

Figure 240 Specifying Task Recurrence..................................................................................................194

Figure 241 Specifying Task Email Notification......................................................................................... 195

Figure 242 View a Task...........................................................................................................................195

Figure 243 Task History...........................................................................................................................196

Figure 244 Task Details...........................................................................................................................196

Figure 245 Notification Manager.............................................................................................................. 197

Figure 246 SSH Client ............................................................................................................................. 198

Figure 247 Login to CC-SG via SSH........................................................................................................198

Figure 248 CC-SG Commands via SSH..................................................................................................199

Figure 249 SSH Help...............................................................................................................................199

Figure 250 SSH listfirmwares Help..........................................................................................................200

Figure 251 Listing Devices on CC-SG ..................................................................................................... 201

Figure 252 Access SX Device via SSH....................................................................................................201

Figure 253 Listing Ports on CC-SG..........................................................................................................202

Figure 254 Connecting to a Serial Port....................................................................................................202

Figure 255 SSH Client ............................................................................................................................. 204

Figure 256 Login to Status Console.........................................................................................................205

Figure 257 Status Console.......................................................................................................................205

Figure 258 Login to Administrator Console..............................................................................................206

Figure 259 Administrator Console............................................................................................................206

Figure 260 Selecting to Edit Pre-Login Message..................................................................................... 207

Figure 261 Editing MOTD for Status Console.......................................................................................... 207

Figure 262 Selecting to Edit Status Console Config ................................................................................208

Figure 263 Edit Status Console Config....................................................................................................209

FIGURES xi

Figure 264 Selecting Network Interface Configuration.............................................................................209

Figure 265 Editing Network Interfaces.....................................................................................................210

Figure 266 Pinging a Target.....................................................................................................................211

Figure 267 Performing Traceroute on a Target........................................................................................212

Figure 268 Selecting Static Routes..........................................................................................................213

Figure 269 Editing Static Routes..............................................................................................................213

Figure 270 Viewing Log Files................................................................................................................... 213

Figure 271 Selecting Log Files to View....................................................................................................214

Figure 272 Selecting Log Files to View....................................................................................................215

Figure 273 Changing Colors in Log Files.................................................................................................215

Figure 274 Displaying Information ...........................................................................................................215

Figure 275 Adding Expressions in Log Files............................................................................................ 216

Figure 276 Specifying a Regular Expression for a Log File .....................................................................216

Figure 277 Getting Help (F1) ...................................................................................................................217

Figure 278 Selecting CC-SG Restart in Diagnostic Console....................................................................217

Figure 279 Restarting CC-SG in Diagnostic Console ..............................................................................218

Figure 280 Selecting CC-SG System Reboot in Diagnostic Console.......................................................218

Figure 281 Rebooting CC-SG in Diagnostic Console ..............................................................................219

Figure 282 Password Configuration......................................................................................................... 219

Figure 283 Configuring Password Settings..............................................................................................220

Figure 284 Account Configuration............................................................................................................221

Figure 285 Configuring Accounts.............................................................................................................221

Figure 286 Selecting Disk Status in Diagnostic Console .........................................................................222

Figure 287 Displaying Disk Status of CC-SG in Diagnostic Console.......................................................223

Figure 288 Selecting Top Display in Diagnostic Console......................................................................... 223

Figure 289 Displaying CC-SG Processes in Diagnostic Console.............................................................224

Figure 290 Association Management Process.........................................................................................237

Figure 291 Port Group Failure .................................................................................................................246

CHAPTER 1: INTRODUCTION 1

Chapter 1: Introduction

Congratulations on your purchase of CommandCenter Secure Gateway (CC-SG), Raritan’s convenient and secure method for managing various UNIX servers, firewalls, routers, load balancers, Power Management devices, and Windows servers.

CC-SG provides central management and administration, using a set of serial and KVM appliances. It is designed to operate in a variety of environments, from high-density Data Centers to Service Provider environments to corporate environments handling large remote offices.

CC-SG, when used in conjunction with Raritan’s Dominion or IP-Reach port-level management appliances, streamlines and simplifies the management of the target devices, easing administration of data center equipment by connecting to the IP network and presenting the serial console and KVM ports of all the target devices within the managed network.

Prerequisites

Before configuring a CC-SG according to the procedures in this document, refer to Raritan’s

CommandCenter Secure Gateway Setup Guide for instructions on how to quickly install CC- SG and its managed devices. Refer to Raritan’s Digital Solution Deployment Guide for more

comprehensive instructions on deploying Raritan devices that are managed by CC-SG.

Intended Audience

This document is intended for Administrators who reside in the System Administrator user group. These administrators typically have all privileges⎯please see

Privileges. Users that reside outside these groups usually have fewer privileges, such as being granted only the Ports Access privilege⎯please refer to Raritan’s CommandCenter Secure

Gateway User Guide for additional information.

Appendix D: User Group

Product Photos

Figure 1 CC-SG Front View

Figure 2 CC-SG - Rear Panel

2 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

Product Features and Benefits

• Seamless Management

CC-SG offers seamless management of Dominion series and Paragon® management appliances through Paragon remote User Stations (UST1R/UST2R) – leverage your embedded base with a CC-SG to draw substantial incremental value:

− Constantly updated to keep up with changing needs.

− Streamlines, provides wider process focus and offers productivity improvements,

organization wide.

− Reduces Total Cost of Ownership (TCO); cost savings from high-availability of

applications (high cost for downtime); front-ends and secures and improves reliability of high economic value equipment.

− Handles scalability elegantly – multiple data centers (primary and backup), growing

number of locations.

− Provides centralized management, Role-Based Access and Control (RBAC), and

Reporting Capabilities.

• Uncompromising Security

Secure 128-bit encryption (both intranet and Internet); flexibility of access via SSL, access restriction (by time of day, and/or maximum session duration) as part of user profile in user management:

− Has the ability to restrict login access to products based on time of day, the ability to

restrict duration of on-line sessions, handle password expiration, and prompt for password changes. All user operations, including access to port history buffer and access to logs, will be granted or denied based on user authorization level.

− IP ACL (IP-Filtering) – grants/restricts access by domain name or IP addresses.

− Grants or restricts access on an individual user basis.

− Supports primary and secondary servers.

− Fallback authentication through local database

• Single IP Address Access

Reduces the complexities of managing multiple IP addresses with associated user names and passwords.

• Broad Support for Third Party Authentication

Leverages existing investment in authentication protocols and allows centralized authentication and authorization. Streamlines deployment of large multi-unit systems and centralizes administration and control. Supports LDAP (including AD, iPlanet, eDirectory), RADIUS, and TACACS+. Support for Active Directory® authorization and the importing of user groups.

• Comprehensive Administration Tools

Reduces TCO for managing IT infrastructure; found time can be used for proactive maintenance:

− Provides powerful multi-tired user and permissions grouping (user/leaf nodes, targets by

topology and by function); CC-SG’s powerful, user-customizable categorization allows you to easily tailor your solution and security, for example, create a “Location” attribute and assign all users in a given LDAP or Active Directory group access to servers in that Location). The possibilities are limitless!

− Provides powerful user-customizable views of all devices connected to CC-SG; supports

automatic and manual device discovery.

− Simplifies administration – device upgrade, reset, diagnosis, ping, auto discover, edit,

delete firmware upgrades, monitoring and access for back up, retrieval and push-down of configuration to leaf nodes (Dominion Series); simplifies daily maintenance and firmware management.

• Flexible Reporting

Provides adjustable ways to view active devices, users, ports, and asset inventory; reports include Audit Trail, Error Log, Firmware Report, Ping Report, View By Groups, and Users in Groups.

CHAPTER 1: INTRODUCTION 3

• Comprehensive Logging

− Logs events locally.

− Can use an external syslog server for event logs (events are immediately posted or

exported) and the ability to have other Raritan products use it as a syslog server.

− Provides full auditing and tracking capabilities.

− Keeps an audit trail for tracking user activity.

• Support for SNMP Agents and Traps

− Provides SNMP GET/SET operations with third-party enterprise Management Solutions,

such as HP OpenView. To support the operations, you must provide SNMP agent identifier information such as these MIB-II System Group objects: sysContact, sysName, and sysLocation.

− Provides System level trap notification of CC-SG’s operational events.

− Provides Application level trap notification regarding the monitoring of managed devices,

availability events, and the audit events of user access and authorization to CC-SG.

• Infrastructure Support for Customizable Applets via GUI

− Customizable applets control ranges of devices including power strips, HP’s iLO/RILOE

cards, etc.

− Target systems accessed through applets – remote access to servers and other data center

equipment managed by Raritan management appliances through downloadable applets/COM controls.

− Power strip outlet user authorization setting, mapping, parameter-passing, target server-

mapping.

• Access to CommandCenter NOC® (CC-NOC)

For detailed auditing, monitoring and notification of infrastructure and Raritan devices.

• Operational Flexibility/Ease of Use/Administrator Presentation

Enhanced system setup entirely through graphical user interface (state-of-the-art UI standards with professional look and feel).

• Designed for High Availability

− ATA Raid-1 card and two ATA hard drivers to provision for fault-tolerance at the

hardware and OS level.

− Two network interfaces for failover or to be configured for public and private IP

addresses on separate NICs.

− Redundant power supplies and ECC memory.

− Auto-recovery (watchdog timer).

− Modem access for emergency administration.

− Support for primary and secondary servers.

• Support for Clustering and Geographic Redundancy

Enabling backup availability with CC-SGs located on the same or different networks.

• Internationalization

Language, keyboard, scope of support; documentation available in French, German, Japanese, Traditional Chinese, Simplified Chinese, and Korean.

Terminology/Acronyms

Terms and acronyms found in this document include:

• Associations—is the relationship between categories, elements of a category, and ports or

devices or both. For example, if you want to associate the “Location” category with a device,

Create associations first before adding devices and ports in CC-SG.

• Category—is a variable that contains a set values or elements. An example of a Category is

Location, which may have elements such as “New York City, “Philadelphia”, or “Data Center 1”. When you add devices and ports to CC-SG, you will associate this information with them. It is easier if you set up associations correctly first, before adding devices and ports to them. Another example of a Category is “OS Type”, which may have elements such as “Windows®” or “Unix®” or “Linux®”.

4 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

• CIM (Computer Interface Module)—is the hardware used to connect a target server and a

Raritan device. Each target requires a CIM, except for the Dominion KX101 which is attached directly to one target and therefore, does not require a CIM. Targets servers should be powered on and connected to CIMs and CIMs should be connected to the Raritan Device BEFORE adding the ports in CC-SG. Otherwise, the blank CIM name will overwrite the CCSG port name. Servers need to be rebooted after connecting to a CIM.

• CommandCenter NOC (CC-NOC)—is a network monitoring appliance that audits and

monitors the status of servers, equipment, and Raritan devices that CC-SG manages.

• Device Group—a defined group of devices (see the Devices definition) that are accessible to

a user. Device groups are used when creating a policy to control access to the devices in the group.

• Devices—are Raritan products such as Dominion KX116, Dominion SX48, Dominion

KSX440, IP-Reach, Paragon II System Controller, Paragon II UMT832 with USTIP, etc. that are managed by CC-SG. These devices control the target servers and systems that are connected to them.

• Elements—are the values of a category. For example, the “New York City” element belongs

to the “Location” category. Or, the “Windows” element belongs to the “OS Type” category.

• Generic Devices—a device, such as a hub, Windows server, or Cisco router, that can be

managed by CC-SG. Generic devices cannot be discovered by CC-SG; they have to be manually added—see section

Add Device in Chapter 5: Adding Devices and Device

Groups.

• Ghosted Ports—a ghosted port can occur when managing Paragon devices and when a CIM

or target server is removed from the system or powered off (manually or accidentally). Refer

to Raritan’s Paragon II User Manual for additional information.

• Hostname—A hostname can be used if DNS server support is enabled (see section

Configuration in

Chapter 12: Advanced Administration for additional information). The

Network

hostname and its Fully-Qualified Domain Name (FQDN = Hostname + Suffix) cannot exceed 257 characters. It can consist of any number of components, as long as they are separated by “.”. Each component has a maximum size of 63 characters and the first character must be alphabetic. The remaining characters can be alphabetic, numeric, or “-“ (hyphen or minus). The last character of a component may not be “-”. While the system preserves the case of the characters entered into the system, the FQDN is case-insensitive when used.

• iLO/RILOE—Hewlett Packard’s Integrated Lights Out/Remote Insight Lights Out servers

that can be managed by CC-SG. Data between CC-SG and iLO/RILOE device is SSL encrypted. Targets of an iLO/RILOE device are powered on/off and recycled directly. iLO/RILOE devices cannot be discovered by CC-SG; they have to be manually added—see section

Add Device in Chapter 5: Adding Devices and Device Groups.

• In-band Access—going through the TCP/IP network to correct or troubleshoot a target in

your network. KVM, Serial, and Generic devices can be accessed via these in-band

applications: RemoteDesktop Viewer, SSH Client, VNC Viewer.

• IPMI Servers (Intelligent Platform Management Interface)—servers that can be controlled

by CC-SG. IPMI are discovered automatically but can be added manually as well—see section

Add Device in Chapter 5: Adding Devices and Device Groups.

• Out-of-Band Access—using applications such as Raritan Remote Console (RRC), Raritan

Console (RC), or Multi-Platform Client (MPC) to correct or troubleshoot a KVM or serial

managed target in your network.

• Policies—define the permissions, type of access, and to which ports and/or devices a user

group has access to. Policies are applied to a user group and have several control parameters to determine the level of control, such as date and time of access.

• Port Groups—a defined group of ports that are accessible to a user. Port groups are used

when creating a policy to control access to the ports in the group.

CHAPTER 1: INTRODUCTION 5

• Ports—are connection points between a Raritan Device and a target system or server. Or, a

port can be a device that is directly connected to a LAN/CC-SG via In-band access. In CCSG, you click on a port to access and manage the target. The port is essentially the destination

system and should be named appropriately for that system, for example, NYC_SunSRV1.

• SASL—(Simple Authentication and Security Layer). A method for adding authentication

support to connection-based protocols.

• SSH—clients, such as Putty or OpenSSH, provide a command line interface to CC-SG. Only

a subset of CC-SG commands is provided via SSH to administer devices and CC-SG itself—

please see Chapter 12: Advanced Administration for additional information.

• Target Usernames—specified when configuring in-band parameters of a serial, KVM, or

generic port. When a name is specified, only a password is required when accessing the target.

• User Groups—are a set of users that share the same level of access and privileges. For

example, the default user group System Administrators has full access to all configuration

tasks and target hosts and servers. All other user groups have restricted CC-SG access and should typically be employed for users who need port access only to a particular set of devices or target servers and systems.

6 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

New 3.0 Features

These administrator features are now available in CC-SG 3.0:

Note: If viewing a PDF file, click on the page number to navigate to the location in the document where the feature is described.

FEATURE LOCATION

Import of Categories, Devices, Ports from CSV File Page 45

Support for adding IPMI Servers and Generic Devices Page 51

Support for Encryption in KX Devices Page 54

Discover Device Enhancement Page 67

Search for Devices Page 73

In-band Access for Serial, KVM, and Generic Ports Page 78, 81, 83

Disconnect Users from Port Page 74

Search for Users Page 104

Active Directory Enhancements Page 115

Query Port Report Enhancements Page 148

View Stored Report Page 149

Locked Out Users Report Page 150

CC-NOC Synchronization Report Page 151

Modem Configuration Page 166

SNMP Get/Set Enhancements Page 175

Enable User Lockout Page 177

Saving MPC Profile Changes Page 178

CC-NOC Integration Enhancements Page 181

Scheduling Tasks (Task Manager) Page 191

Notification Manager Page 191

Maintenance Mode Page 159

SSH Access to CC-SG Page 198

Diagnostic Console Page 204

New CC-SG 3.0 user features including Port Chat, Bookmark Port, and Search for Ports are

documented in Raritan’s CommandCenter Secure Gateway User Guide.

CHAPTER 2: ACCESSING CC-SG 7

Chapter 2: Accessing CC-SG

Once you have configured CC-SG with an IP address and have defined at least one user, as

described in Raritan’s CommandCenter Secure Gateway Setup Guide, the CC-SG unit can be

placed at its final destination. Make all necessary hardware connections to make the unit operational.

You can access CC-SG in several ways, each described in this chapter:

• Through a browser: CC-SG supports numerous Web browsers (please see the Compatibility

Matrix on CommandCenter for a complete list of browsers and platforms).

• Through a standalone client: Install the executable from the included CD and run this instead

of using the browser-based applet. This executable functions exactly like the downloaded applet.

• Through SSH: Please note that remote devices connected via the serial port can be accessed

using this approach. Please see Chapter 12: Advanced Administration for additional

information.

• Through the Diagnostic Console: Provides emergency repair and diagnostics only and is not a

replacement for the primary GUI to configure and operate the CC-SG unit. Please see

Chapter 12: Advanced Administration for additional information.

http://www.raritan.com/support and click Firmware Upgrades then

Note: Users can be connected simultaneously, using the browser, standalone client, and SSH while accessing the application.

Browser-Based Access

1. Using a supported Internet browser, enter the URL of the CC-SG: https://<IP address> (for

example, https://10.0.3.30 with the procedure. CC-SG is always SSL enabled; when you connect via IE, the Security Alert is displayed because the CA root certificate is not installed in the browser.

). When the security alert window appears, click Yes to continue

Figure 3 Security Alert Window

8 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

2. You will be warned if you are using an unsupported Java Runtime Environment version on

your machine. From the window that pops up, select whether you will download the correct JRE version from the CC-SG server (if available), download it from the Sun Microsystems

web site, or continue with the incorrect version, and click OK. The Login window appears.

Figure 4 Login Window

3. Type your Username and Password and click Login.

4. Upon valid login, the CC-SG application window appears. The menu bar and tool bar, which

contain commands for operating and configuring CC-SG, are at the top of the screen. The Ports tab, Users tab, and Devices tab, which contain the Ports selection tree, Users selection tree, and Devices selection tree, appear on the left side of the window. The central panel is where operations and configuration screens will appear.

Figure 5 CC-SG Application Window

CHAPTER 2: ACCESSING CC-SG 9

Standalone Client Access

The standalone CC-SG client allows you to connect to CC-SG servers by launching a Java application instead of running an applet through a Web browser.

1. Install the standalone CC-SG client located on the included CD ROM onto your PC.

2. Double-click on the CC Application icon on your desktop to launch the CC-SG client. An

address specification window appears.

Figure 6 IP Specification Window

3. Type the IP address of the CC-SG unit you wish to access in the IP to Connect field and

press Start. You will be warned if you are using an unsupported Java Runtime Environment

version on your machine. Once you have connected to a CC-SG server, its IP address is automatically saved in the client’s History file and can be selected from the drop-down menu in the future.

4. After the standalone client successfully connects to CC-SG, the standard login menu appears,

and the client looks and behaves just like its browser-based counterpart. Type your

Username and Password and click on Login to proceed.

Confirm IP Address

After logging in, you should confirm the IP address, and check firmware and application versions.

1. From the Setup menu, click Configuration Manager. The Network Setup screen should be

visible; if not, click on the Network Setup tab.

Figure 7 Set IP Address with Configuration Manager Commands

2. Ensure that the network settings display the values entered while setting up the unit; if not,

please modify and follow the steps below.

10 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

3. Click Update Configuration to submit the changes. A confirmation window asks if you wish

to restart CC-SG in order to apply changes.

4. Click OK to log out from your current session and restart CC-SG.

5. Access CC-SG using the new IP address.

Check and Upgrade CC-SG Firmware Version

Note: Before you can upgrade CC-SG, you must be in Maintenance Mode. See section Maintenance Mode in Chapter 11: System Maintenance for additional information.

1. Log onto CC-SG.

2. On the Help menu, select About Raritan CommandCenter.

3. If the version is not current, you must upgrade your firmware by following the next few steps.

4. On the Setup menu, click Upgrade CommandCenter.

Figure 8 Upgrade CC-SG

5. Click Browse and locate the file. The file must be accessible from your client PC. This

means that it must have been downloaded from the Raritan website or off a Raritan CD.

If you have just acquired the firmware as a zip file, unzip the file and follow the instructions provided by the README file.

Check and Upgrade Application Versions

Check and upgrade the CC-SG applications, for example, Raritan Console (RC) or Raritan Remote Client (RRC).

1. On the Setup menu, click Application Manager.

Figure 9 CC-SG Application Manager

CHAPTER 2: ACCESSING CC-SG 11

2. Select an application from the pull-down menu and note the number in the version field. If

the firmware needs upgrading, see the previous section

Check and Upgrade CC-SG

Firmware Version and continue to step 3.

3. Select the application name that needs to be upgraded.

4. Click Browse.

Figure 10 CC-SG Application Search Window

5. Click on the Look In drop-down menu and navigate to locate the application on your PC

where the new firmware resides. When you find the application, select it, and click Open. The application name will appear in the Location field in the Application Manager screen.

6. Click Upload to upload the application. A progress window indicates that the new

application is being uploaded. When complete, a new window will indicate that the application has been added to the CC-SG database and is available for configuration and attachment to a specific port.

7. Edit the version field to reflect the new version uploaded, and then click Update.

8. Click Close to close the Application Manager screen.

Connection to Console and KVM Management Appliances

• CC-SG may interface with the Console and KVM management appliances of the Dominion

series and the IP-Reach series. Both serial and KVM devices are supported.

• Raritan provides a standard console access, a vt100 Java terminal emulation for remote target

devices that require a serial connection. In addition, Raritan offers a variety of specialized applications that allow users to set up a customized look and feel.

• The application interface varies, depending on device type selected. In the case of the KVM

device, Raritan provides the complete keyboard, video, and mouse (KVM) of the remote target system through CC-SG.

• CC-SG can also interface with HP servers that have iLO or RILOE access capabilities. In this

case, CC-SG will launch HP’s own Java management applet when connecting to these devices and log into iLO/RILOE without prompting the user to re-authenticate.

12 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

To access a remote target device that is connected via a serial port, click on the appropriate device in the Devices selection tree, under the Devices tab. If the port is configured for a console application, a Security Warning appears, indicating that the console applet is a signed applet from

Raritan Systems. Click Yes and the console port appears.

Figure 11 Security Warning for Signed Console Applet

Figure 12 RaritanConsole Application

Warning: The security warning display (appearing in IE only) appears the first time the user connects to a serial port. Click Yes when this display appears; if you click No, the console application will not launch and you must exit CC–SG, close the browser, re-launch the browser, and connect to CC–SG again.

For additional details about RaritanConsole operation, please refer to Raritan’s RaritanConsole User Guide.

When a custom application is associated with a KVM or serial port, selecting that port launches the associated application. Raritan Remote Control and RaritanConsole are examples of custom applications that can be integrated into CC-SG.

CHAPTER 2: ACCESSING CC-SG 13

Power Down CC-SG

If running CC-SG on the V1 platform and if it loses AC power while it is up and running, the V1 unit remembers its last power state. Once AC power is restored, the V1 unit automatically reboots. However, if a V1 unit loses AC power when it is turned OFF, the V1 unit will remain powered off when AC power is restored.

Important: Do not hold the POWER button for four or more seconds to forcibly power down CC-SG, particularly when CC-SG is up and running. The recommended way to power down CC-SG is to use the following procedure.

To power down the CC-SG:

1. Remove the bezel and firmly tap the POWER button.

2. Wait for approximately one minute while CC-SG gracefully powers down. You can monitor

the progress on the console that is attached to the KVM port.

Note: If users are logged into CC-SG via Diagnostic Console, they will receive a short broadcast message. Users logged into CC-SG via the GUI or SSH will not receive a message.

3. If removing the AC power cord, let the power down process completely finish before

removing the power cord. This is required for CC-SG to complete all transactions, close the databases, and place the disk drives into a safe state for power removal.

CC-SG Window Components

1. Ports Selection tab: Click on the Ports tab to display all known target Ports in a Ports tree

view. Right-click on a port and select Connect to connect to that port.

2. Users Selection tab: Click on the Users tab to display all registered Users and Groups in a

Users tree view. Click on the + and - signs to expand or collapse the tree.

3. Devices Selection tab: Click on the Devices tab to display all known Raritan devices in a

Devices tree view. Different device types have different icons. Known target ports are grouped under their parent devices, click on the + and - signs to expand or collapse the tree.

Right-click on a port and select Connect to connect to that port.

4 5

14 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

Note: To make ports easier to find, right-click on the tree and select the desired listing method under Port Sorting Options. Ports sorted by name will be listed alphabetically; ports sorted by status will be grouped in the order of: Available Ports, Busy Ports, Unavailable Ports, and listed alphabetically within each group. On the Devices tab, devices are sorted and their respective ports are sorted underneath.

4. Quick Commands toolbar: This toolbar offers some shortcut buttons for executing common

commands rapidly.

Note: The Quick Commands toolbar includes “Back” and “Forward” buttons, the left and rightpointing arrows. Please use these as you would use the Back and Forward commands in your Internet browser. The Back Forward

button moves you forward to the next screen you viewed, after you have used the

arrow button will return you to the last screen you viewed, and the

Back command.

5. Operation and Configuration menu bar: These drop down menus offer commands to

operate and configure CC-SG. Please Note: You can also execute some of these commands by right-clicking on the icons in the Ports/Users/Devices tree view.

6. Main Display area: The commands you select from the menu bar and/or the tool bar will

display in this main area. Displays here are referred to as ‘screens’ and screens may be broken down into ‘panels.’

7. User ID: Identification of current logged-in user.

8. Language Information: Indication of which language version of CC-SG you are currently

using.

9. Time and timezone as configured on CC-SG in Configuration Manager. May be different on

the client. This time is used when scheduling tasks in Task Manager⎯see section

Manager in

Chapter 12: Advanced Administration.

Task

Important: This guide is written to address CC-SG Administrators in the second person. Any phrase that addresses the reader as “you” is referring to users with Administrator privileges. Administrators can assign subsets of Administrator privileges to other users.

Overview

In addition to providing the capability to aggregate and manage multiple Dominion series serial units and IP-Reach units from a central location, CC-SG has powerful built-in features and capabilities for management and configuration:

• Contains administrative tools to manage the application

• Runs health checks on all Dominion and IP-Reach access devices it manages

• Automatically refreshes the Ports, Users, and Devices trees when new components are added

• Queries and sorts information as it is presented on the display

• Configures various authentication schemes, based on operational environment needs

• Allows addition, deletion, and modification of users

• Allows addition, deletion, and modification of Dominion and IP-Reach access devices

managed

• Allows addition, deletion, and modification of the applications associated with ports

CHAPTER 2: ACCESSING CC-SG 15

)

Main Window Components

Menu Bar (Operation and Configuration commands)

Toolbar (shortcuts for

commands

Selection tabs (Ports, Users, and Devices)

Selection tree (expandable / collapsible using + and – signs)

Screen Display Area

Figure 13 CC-SG Application Window

The CC-SG menu bar displays all operations and configuration commands. Active commands are based upon the privileges of the user, as established by the CC-SG Administrator. The user’s privileges also determine the ports and devices that appear in the Ports and Devices trees.

Clicking on the Ports tab displays the Ports selection tree, clicking on the Users tab displays the Users selection tree, and clicking on the Devices tab displays the Devices selection tree. Expand and collapse these trees by clicking on the + and – buttons in front of the icons to view all or a specific set of Ports, Users, or Devices. Users can arrange listed ports by name or status by right-

clicking on the tree and selecting the desired Port Sorting Option.

Administrators must configure Ports, Users, and Devices in the CC-SG system upon setup and before executing any commands. Please see

Appendix C: Initial Setup Process Overview for an

overview of this process.

Note: The Quick Commands toolbar has been upgraded to include “Back” and “Forward” buttons, the left and right-pointing arrows. Please use these as you would use the Back and Forward commands in your Internet browser. The Back last screen you viewed, and the Forward

button moves you forward to the next screen you

arrow button will return you to the

viewed, after you have used the Back command.

16 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

Configuring CC-SG Manager Components

In order to use CC-SG effectively, you must complete the following configuration steps, as described in this and the next chapter:

• Configure and install Dominion series and IP-Reach appliances (both serial and KVM

devices).

− Configure the devices and establish them on your network.

− Load and associate customized applications for serial ports.

− Load and associate customized applications for KVM ports.

− Install and load the KVM client application.

− Define and configure categories and elements to display the information under the all

tabs.

• Create and define users with appropriate privileges and devices they can manage (please see

Chapter 7: Adding Users and User Groups for additional information).

• Establish the appropriate security and authentication policies. Only an Administrator who has

root privileges in CC-SG can do this (please see information).

Configurable Parameters

These fields are mandatory and must follow the guidelines as listed:

User Name: Alphanumeric text, 1 – 16 characters in length, underscores permitted. Password: Alphanumeric text, 6 – 16 characters in length. The first six characters of the

password must contain at least two alpha and one numeric character, and the first four characters cannot be the same as the user name.

Chapter 8: Creating Policies for additional

CHAPTER 2: ACCESSING CC-SG 17

Compatibility Matrix

The Compatibility Matrix lists the firmware versions of Raritan devices and software versions of applications that are compatible with the current version of CC-SG. To view the Compatibility

Matrix, on the Devices menu, click Compatibility Matrix.

Figure 14 Compatibility Matrix

CC-SG checks against this data whenever you add a device, upgrade device firmware, or select an application for use. If the firmware or software version is incompatible, CC-SG warns you of this before you proceed further.

Note: Each version of CC-SG will only support the current and previous firmware versions for Raritan devices at the time of release.

18 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

CHAPTER 3: EXAMPLE CONFIGURATION WORKFLOW 19

Chapter 3: Example Configuration Workflow

Create Associations

The Association Wizard guides you through steps to create categories and their associated elements. The Wizard then automatically creates a port group for each element and a policy for

each port group.

1. On the Associations menu, click Association Wizard. The Association Wizard screen

appears.

Figure 15 Association Wizard Overview

20 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

2. After reading the overview, click Next. The Create Category and Elements screen of the

Wizard appears.

Figure 16 Association Wizard - Category and Elements Screen

3. Type the name of a category you wish to organize your ports by (for example: Location) in

the Category field.

4. Type the name of each element in that category in the Elements fields below. These elements

are used to group your ports within the category (for example: LA Market Area, Chicago

Market Area, etc.). If you require more than eight elements for this category, click Add More Elements.

CHAPTER 3: EXAMPLE CONFIGURATION WORKFLOW 21

5. To create another category, click Add Another Category and repeat steps 3 and 4. To review

categories and elements you have created, click Previous or Next to cycle through them.

Figure 17 Adding Another Category

6. When you are done creating categories, click Next at the bottom of the screen. The Confirm

Choices screen of the Wizard appears.

Figure 18 Association Wizard - Confirm Choices

7. Review the list of categories and associated elements that will be created. Click Previous if

you need to go back and make changes. If everything is correct, click Finish.

22 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

8. CC-SG will show a progress bar while it is creating the associations, port groups and policies.

When this is complete, the Association Wizard Summary screen appears displaying the list what was created. Click Done to exit the wizard.

Figure 19 Association Wizard - Summary Screen

The Association Wizard has now created a port group for each element, and a policy for each port

group. You can add ports to these port groups by using the Port Group Manager. To make changes to any of the categories after using the Wizard, from the Associations menu, click

Association Manager. To make changes to any of the policies, click Policy Manager from the Associations menu. By default, the Association Wizard sets the policy for control access at all

times.

Add Devices

Before adding devices to CC-SG, prepare them by assigning them an IP address, creating a CC-

SG admin account. Please see CommandCenter Secure Gateway Setup Guide for more

information.

Important: Ensure that no other users are logged into the device during CC-SG configuration.

1. Click on the Devices tab.

2. On the Devices menu, click Device Manager, and then click Add Device. The Add Device

selection screen appears.

Figure 20 Add Device CC-SG

3. Click on the Device Type drop-down arrow and select a type of device from the list.

CHAPTER 3: EXAMPLE CONFIGURATION WORKFLOW 23

4. Click Next to proceed. The Add Device description screen appears. Depending on the type of

device you selected, you will see slightly different Add Device screens.

Figure 21 Add Device PowerStrip

Figure 22 Add Device SX

5. Type the device name in the Device Name field. Do not use spaces.

6. Type the device description in the Description field.

7. Type the Device IP address when you prepared the device and use the previously created CC-

SG Username and Password, such as ccadmin/password. Please see Raritan’s CommandCenter Secure Gateway Setup Guide for additional information.

8. Select a category and appropriate element from the Category and Element (double-click on

an element field to see and select element choices) window. Click OK to add the device. A

24 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

Device Created successfully message confirms that device has been added. This step is very

important. Make sure you select the correct associations and elements for the device. Some devices such as SX may take up to a minute to add.

9. Repeat steps 1 through 8 to add additional devices.

Configure Ports

You must now add ports for each device you just added. The port is the connection to the actual target system or server. After adding ports, you can change the configuration of individual ports

by clicking the Ports tab, right-clicking on a port, and clicking Edit Port.

Serial Port

1. Click on the Devices tab and select a serial device, for example, Dominion SX, from the

Devices tree.

2. On the Devices menu, click Port Manager, and then click Configure Ports. Alternatively,

you can right-click on the device and select Configure Ports. The Configure Ports screen

appears.

Figure 23 Configuration Ports

CHAPTER 3: EXAMPLE CONFIGURATION WORKFLOW 25

3. Click Configure next to the serial port line item you wish to configure. The Configure

Serial Port screen appears.

Figure 24 Configure Serial Ports

4. Type a port name in Port Name field. Typically, you should name the port after the target

server the device connects to, for example, NYC_MsSrv1.

5. Click on the Application Name drop-down menu and select an application name. This

application, for example, Raritan Console (RC), is used to manage the target system.

6. Click on the Baud Rate drop-down arrow and select a rate.

7. Click on the Parity/Data Bits drop-down arrow and select a parity value.

8. Click on the Flow Control drop-down arrow and select a flow control value.

9. Click on the Associate Power Strip drop-down arrow and associate with a power strip if

necessary.

10. Select the associated category and element from the Port Associations table by double-

clicking the element field.

11. Click OK to save the serial port configuration. A Port Configured Successfully message

confirms that port has been created.

12. Repeat steps 1 through 11 to configure other serial ports.

26 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

KVM Port

1. Click on the Devices tab and select a KVM device, for example, Dominion KX, from the

Devices tree.

2. On the Devices menu, click Port Manager, and then click Configure Ports. Alternatively,

you can right-click on the device and select Configure Ports. The Configure Ports screen

appears.

Figure 25 Configure Ports

3. Click Configure next to the KVM port line item you wish to configure. The Configure

KVM Port screen appears.

Figure 26 Configure KVM Port

4. Type a port name in the Port Name field. Typically, you should name the port after the target

server the device connects to, for example, NYC_MsSrv1.

CHAPTER 3: EXAMPLE CONFIGURATION WORKFLOW 27

5. Click on the Application Name drop-down menu and select name. This application, for

example, Raritan Remote Console (RRC), is used to manage the target system. All ports should use RRC except for those on an SX.

6. Select the associated category and element from the Port Associations table by double-

clicking the element field.

7. Click OK to save the KVM port configuration. A Port Configured Successfully message

confirms that port has been created.

8. Repeat steps 1 through 7 to configure other KVM ports.

Add Users to System Administrators Group

If you want your users to have access to all devices, ports, and CC-SG, you can simply create and place users in the System Administrators user group. This simplifies the configuration process by eliminating the need to create user groups, port groups, and policies to control user access. If you do not put users in the default System Administrators group, you will need to complete the additional sections that follow this one. After adding a user, they will be able to log into CC-SG and connect to ports, configure the system, etc.

Note: Please remember that many of the commands in the Users menu can be accessed by rightclicking on the user icon and using the shortcut menu that appears.

1. Click on the Users tab.

2. On the Users menu, click Add User. Alternatively, right-click on a user and select Add User.

The Add User screen appears.

Figure 27 Add User Screen

3. Type the user’s name in the Username field (1-32 characters, alphanumeric characters or

underscores, no spaces).

4. Check the Remote Authentication check box only if the user should be authenticated by

TACACS+, RADIUS, LDAP, or AD. Note: Checking the Remote Authentication box

implies that a remote server is being used for authentication. If so, a local password is not

needed and the Password and Retype Password fields are grayed out.

28 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

5. If using local authentication, type the new password into the Password field (6-16 characters,

alphanumeric characters and underscores).

6. If using local authentication, re-type password in Retype Password field.

7. Type a dial back number in the Dial Back Number field, if needed.

8. Check the Login Enabled check box to authenticate against the system (if not, user cannot

enter the system).

9. Check the Force Change Password on Next Login check box if you want this user to be

forced to change password the next time he or she logs in to CC-SG.

10. Check the Force Change Password Periodically check box if you want this user to have to

change his or her password from time to time.

11. Type the expiration period for this user’s password in the Expiration Period field.

12. Type an email address for this user in the Email Address field, if desired.

13. Click OK to add this user to the system. A User Created successfully message indicates the

user has been added to the system.

14. Drag the new user icon to the desired user group.

15. Repeat steps 1 through 14 to add additional users.

Important: If you do not wish to restrict or control user access to systems or CC-SG, your installation is now complete. Your users should all be assigned to the system administrator’s user group.

Control User Access

You can control user access to devices, ports, and CC-SG administration through user groups and policies. User groups define a user’s privileges and polices specify the devices and ports a user

can access. First, create a user group, apply a policy to the user group, then add users to the user group.

Create User Groups

Use the Add User Group command to create specific user groups and assign them privileges,

based on the needs of your work environment. Groups can help you keep your system organized.

Assign privileges to Groups upon creating them. These privileges are either a command type or an event type. Command type privileges permit users to see and execute commands. Event type privileges permit users to view events in the Ports and Devices trees.

Users inherit the privileges assigned to the group to which they belong. No user can have any

rights other than those assigned to the group. As an example, if a group is assigned the User Management privilege, all users in that group can see and execute the User Manager commands in the Users menu: Add User, Edit User, Change User Password, etc.

In order to see Ports and Devices trees, a user group has to be assigned the Device and Port Management privilege. To view other events that occur in the system, those privileges must be

selected upon adding or editing a user group.

Note: A user group by default has no access to any ports. Therefore, a policy must be applied to the user group.

1. Click on the Users tab.

CHAPTER 3: EXAMPLE CONFIGURATION WORKFLOW 29

2. On the Users menu, click Add User Group. Alternatively, right-click on a user group and

select Add User Group. The Add User Group screen appears.

Figure 28 Add User Group Screen

3. Type the group name in the User Group Name field (1-16 characters, alphanumeric

characters and underscores).

4. Type the group description (for example, based on department, region, or assignment) in the

Description field.

5. In the Select Privileges section, check the corresponding boxes in the Has it column to add

those privileges to the group. The Type column indicates whether the privilege is a Command type or Event type. Most user groups should only have Ports Access enabled to

allow them to access systems and servers.

6. Click OK to add the group. A Group Created Successfully message confirms that a group

has been created.

7. Repeat steps 1 through 6 to add other groups.

30 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

Create/Edit Port Groups

CC-SG uses port groups to control user access. Policies can be applied to specific user groups that allow only access to those ports specified in the port group. For example, if you wanted to restrict user access to only UNIX ports, you would create a port group that included only UNIX ports. Then you would create a policy that included this port group and apply it to the desired user group.

Port groups were automatically created per element when the Association Wizard was run, see

Create Associations earlier in this chapter for additional information. These port groups contain

general rules so you may want to edit these port groups and add more specific rules.

1. On the Associations menu, click Groups Manager and then click Port Group Manager.

The Port Groups Manager screen appears.

Figure 29 Port Groups Manager Screen

2. Click Add in the Group panel to add a new group. The Add Port Group window appears.

Figure 30 Add Port Group Window

3. Type the name for the new Port Group in the Enter Port Group Name field.

4. Click OK to add the new group.

5. Create a desired rule (such as PortType=UNIX) using pre-defined categories and elements

and then click Add Rule. In this example, PortType is a category and UNIX is an element.

Repeat for additional rules.

CHAPTER 3: EXAMPLE CONFIGURATION WORKFLOW 31

6. If needed, enter the Boolean logic to apply additional rules in the Validate panel. Example:

use (Rule0 & Rule1) for AND or use (Rule0 | Rule1) for OR. Additional combinations can be used.

7. Click Validate then Update.

8. Click Close to close Port Groups Manager screen.

9. Repeat steps 1 through 8 to add other port groups.

Create/Edit Policies

Polices specify the devices and ports a user can access as well as when they can be accessed. Polices were automatically created per element when the Association Wizard was run, see section

Create Associations earlier in this chapter for additional information. These policies, for

example, Allow Linux Ports, include the port group that was automatically generated and grant full access to the ports. Once created, you will then apply the policy to a user group.

1. On the Associations menu, click Policy Manager. The Policy Manager screen appears.

Figure 31 Policy Manager Screen

2. Click Add to add a new policy. The Add Appliance Policy window appears.

3. Type the name of the new policy in the Enter Policy Name field.

4. Click OK to add the new policy. If you clicked OK, the new policy name appears in the

Name field.

5. Click on the Device Group drop-down arrow and select a device group.

6. Click on the Port Group drop-down arrow and select a port group.

7. Click on the up or down arrows in the Start Time and End Time fields to assign a starting

time and an ending time during a 24-hour period for this policy to be in effect.

8. Select the appropriate option buttons for this policy to be in effect: Any to apply policy every

day, Weekday to apply policy every working day, Weekend to apply policy Saturdays and

32 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

Sundays, and Custom to manually choose the days policy to be applied. If you choose Custom, check on the days of the week to apply the policy.

9. Click on a Permission value to select a permission type: Deny, or Control.

10. Click Update to add the policy. The Update Policy window appears.

Figure 32 Update Policy Window

11. Click Yes to add the policy or No to close the window.

12. Click Close to close the Policy Manager screen.

13. Repeat steps 1 through 12 to add other policies.

Apply Policies to User Groups

A user group does not specify the ports that can be accessed by the group and a policy does. Therefore, you need to apply a policy to a user group.

1. Click on the Users tab and select a group.

2. On the User menu, click Edit User Group Policies. Alternatively, right-click on a user group

and select Edit User Group Policies. The Edit User Group Policies screen appears.

Figure 33 Edit User Group Policies Screen

3. Scroll up or down to view all policies in this list. Click on a line item in the Policies list

(under the All Policies panel) that you wish to assign to the group. Click on the Day(s) check

boxes to select which days of the week the policy should be assigned.

4. Click Add to add the policy to the Selected Policies panel and assign it to the group.

5. To remove an assigned policy from the Selected Policies list, select the policy line item and

click Delete.

CHAPTER 3: EXAMPLE CONFIGURATION WORKFLOW 33

6. Click OK to add the policy or policies to the group. A Group Policies Updated successfully

message confirms that policies have been updated.

7. Repeat steps 1 through 6 to edit other groups’ policies.

Add Users to User Group

You now need to add users or drag and drop an existing user to the user group that has just been assigned a policy. These users will then be able to login to the CC-SG and have access or be denied access to the ports as specified in the policy.

1. Click on the Users tab and select the user group you wish to add the user to.

2. On the User menu, click Add User. Alternatively, right-click on a user and select Add User.

The Add User screen appears.

Figure 34 Add User Screen

3. Type the user’s name in the Username field (1-32 characters, alphanumeric characters or

underscores, no spaces).

4. Check the Remote Authentication check box only if the user should be authenticated by

TACACS+, RADIUS, LDAP, or AD. Note: Checking the Remote Authentication box

implies that a remote server is being used for authentication. If so, a local password is not

needed and the Password and Retype Password fields are grayed out.

5. If using local authentication, type the new password into the Password field (6-16 characters,

alphanumeric characters and underscores).

6. If using local authentication, re-type password in Retype Password field.

7. Type a dial back number in the Dial Back Number field, if needed.

8. Check the Login Enabled check box to authenticate against the system (if not, user cannot

enter the system).

9. Check the Force Change Password on Next Login check box if you want this user to be

forced to change password the next time he or she logs in to CC-SG.

10. Check the Force Change Password Periodically check box if you want this user to have to

change his or her password from time to time.

11. Type the expiration period for this user’s password in the Expiration Period field.

34 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

12. Type an email address for this user in the Email Address field, if desired.

13. Click OK to add this user to the system. A User Created successfully message indicates the

user has been added to the system.

14. Drag the new user icon to the desired user group.

15. Repeat steps 1 through 14 to add additional users.

CHAPTER 4: CREATING ASSOCIATIONS 35

Chapter 4: Creating Associations

Associations

CC-SG provides powerful, highly customizable organizational capabilities. Associations provide this organizational capability and are used to organize your equipment. For example, you may have Raritan devices that manage target servers in a New York data center and a Philadelphia data center. Associations help in grouping and displaying Raritan device and target systems in the CC-SG web interface. For example, the following screen is a custom view that hierarchically displays three data centers, that is, DataCenter1, NYC, and Philadelphia, and the type of target servers in them. You can customize the CC-SG to organize and display your servers however you like.

Figure 35 CC-SG Organization Example

Associations-Defining Categories and Elements

An important concept in CC-SG is categories and elements. Categories and elements are defined

with the Association Wizard or Association Manager. Raritan devices and ports are organized by category and elements. Each category/element pair is assigned to a device, a port, or both. Therefore, you need to define your categories and elements before you add a Raritan device and configure ports in CC-SG.

A category is a group, or set, of similar elements. For example, you could have a category to group your Raritan devices by location. So, Location, can be a category and could contain a set of elements, such as New York City and Philadelphia. These organizational capabilities are defined using the Association Wizard or Association Manager.

The categories and elements are also used by policies, which are used to control user access to servers. The above example can be used to create policies to control user access to only NYC servers, or network ports, or any combination such as MS2003 servers in NYC.

36 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

Other examples of typical Association configurations of Category and Elements are as follows:

CATEGORY ELEMENTS

Location New York City, Philadelphia, DC1

OS Type Unix, Windows, Linux

Department Sales, IT, Engineering

Port Type KVM, Serial, Power

Association configurations should be kept simple to accomplish server/port organizational objectives and user access objectives. It is important to realize that a port can only be assigned to a single element of a category. For example, a target server cannot be assigned to both the Windows and Unix elements of the OS Type category above.

A useful approach for organizing your systems when servers are similar and need to be randomly organized is the following:

CATEGORY ELEMENT

usergroup1 usergroup1port

usergroup2 usergroup2port

usergroup3 usergroup3port

The design and specification of the Association requirements should be done prior to setting up CC-SG. You should give careful thought upfront on how you want to organize and display your Raritan devices and target systems and how you want to control user access to the ports.

As you add devices and ports, you link them to your predefined categories and elements. When you create port and device groups to include in a policy, you will use your categories and elements to define which ports and devices go in each group.

Association Terminology

You should read the following definitions to understand associations:

• Associations—is the relationship between categories, elements of a category, and ports or

devices or both. For example, you want to associate the “Location” category with a device. You should create associations first, or edit them later, before adding devices and ports in

CC-SG.

• Category—is a variable that contains a set values or elements. An example of a Category is

• Elements—are the values of a category. For example, the “New York City” element belongs

to the “Location” category. Or, the “Windows” element belongs to the “OS Type” category.

CHAPTER 4: CREATING ASSOCIATIONS 37

• Devices—are Raritan products such as Dominion KX116, Dominion SX48, Dominion

KSX440, IP-Reach, Paragon II System Controller, Paragon II UMT832 with USTIP, etc. that are managed by CC-SG. These devices control the target servers and systems that are connected to them.

• Ports—are connection points between a Raritan Device and a target system or server. Or, a

port can be a device that is directly connected to a LAN/CC-SG via In-band access. In CCSG, you click on a port to access and manage the target. The port is essentially the destination

system and should be named appropriately for that system, for example, NYC_SunSRV1.

How to Create Associations

An easy way to create categories and elements within these categories is by using CC-SG’s

Association Wizard. The wizard prompts you to create categories and elements and automatically

creates port groups and default user policies based on the categories and elements defined.

You can also manually create or edit associations with the Association Manager. This will require

you to manually create policies.

Association Manager

Association Manager commands allow you to add, modify, or delete Categories and Elements. In CC-SG, each device or port has an associated IP Address and Port Name by default. For further

differentiation, additional types of attributes, known as categories, are associated to the device or port for ease of administration. Each Category has elements associated with it.

For example, the category “Country” might have the elements “USA,” “Japan,” and “Germany” associated with it; the category “Location” might have the elements “San Jose,” “San Francisco,” and “New York” associated with it, and so on. Once the tree view is customized using these attributes, you can easily find, for example, all Firewall devices located in the New York location without searching through an extensive list of managed devices/ports.

Once you add a new category and its elements, you can associate CC-SG’s configured devices/ports. When configuring devices/ports, you can choose one element from each category to associate with each device/port.

Please see CC-SG.

Appendix C: Initial Setup Process Overview for a summary of this process within

38 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

Add Category

1. On the Associations menu, click Association Manager. The Association Manager screen

appears.

Figure 36 Association Manager Screen

2. Click Add in the Category panel to add a new category. The Add Category window appears.

Figure 37 Add Category Window

3. Type a category name in the Category Name field. Maximum length is 31 characters.

4. Click on the Value Type drop-down arrow to select a value type of String or Integer.

5. Click on the Applicable For drop-down arrow to select the type of device this category

applies to: Device, Port, or Both.

6. Click OK to create the new category or Cancel to exit without creating. The new category

name appears in the Category Name field.

7. Repeat steps 1 through 6 to add other new categories.

CHAPTER 4: CREATING ASSOCIATIONS 39

Edit Category

1. On the Associations menu, click Association Manager. The Association Manager screen

appears.

2. Click on the Category Name drop-down arrow and select the category to be edited.

3. Click Edit in the Category panel of the screen to edit the category. The Edit Category

window appears.

Figure 38 Edit Category Window

4. Type the new category name in Category Name field.

5. Click the Applicable For drop-down arrow to change whether this category applies to

Device, Port, or Both. Please note that a string value cannot be changed to an integer value,

and vice versa. If you must make this type of change, please delete the category, and add a brand new one.

6. Click OK to edit the category or Cancel to exit without editing. The updated category name

appears in the Category Name field.

7. Click Close to close the Association Manager screen.

8. Repeat steps 1 through 7 to edit other categories.

Delete Category

Deleting a category deletes all of the elements created within that category. The deleted category will no longer appear in the Devices tree once the screen is refreshed or the user logs out and logs back into CC-SG.

1. On the Associations menu, click Association Manager. The Association Manager screen

appears.

2. Click on the Category Name drop-down arrow and select the category to be deleted.

3. Click Delete in the Category panel of the screen to delete the category. The Delete Category

window appears.

Figure 39 Delete Category Window

4. Click Yes to delete the category or No to close the window.

5. Click Close to close the Association Manager screen.

6. Repeat steps 1 through 5 to delete other categories.

40 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

Add Element

1. On the Associations menu, click Association Manager. The Associations Manager screen

appears.

Figure 40 Association Manager Screen

2. Click Add in the Element for Category panel to add a new element. The Add Element

window appears.

Figure 41 Add Element Window

3. Type the new element name in the Enter Value for Element field.

4. Click OK to add the element or Cancel to exit the window. The new element appears in the

Elements For Category panel.

5. Click Close to close the Association Manager screen.

6. Repeat steps 1 through 5 to add other elements.

CHAPTER 4: CREATING ASSOCIATIONS 41

Edit Element

1. On the Associations menu, click Association Manager. The Association Manager screen

appears.

2. Select the element to be edited from the Element For Category list and click Edit in the

Elements For Category panel. The Edit Element window appears.

Figure 42 Edit Element Window

3. Type the new name of the element in the Enter New Value for Element field.

4. Click OK to update the element or Cancel to close the window. The new element name is

displayed in the Element For Category list.

5. Click Close to close the Association Manager screen.

6. Repeat steps 1 through 5 to edit other elements.

Delete Element

Deleting an element removes that element from all Port associations, leaving association fields blank.

1. On the Associations menu, click Association Manager. The Association Manager screen

appears.

2. Select the element to be deleted from the Element For Category list and click Delete in the

Elements For Category panel. The Delete Element window appears.

Figure 43 Delete Element Window

3. Click Yes to delete the element or No to close the window. The element name disappears

from the Element For Category list.

4. Click Close to close the Association Manager screen.

5. Repeat steps 1 through 4 to delete other elements.

Note: Deleting an element removes the element from all device and port category associations, leaving all pre-associated element fields blank.

42 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

Association Wizard

The Association Wizard guides you through steps to create categories and their associated elements, as described in the Association Manager section above, then automates the creation of

related Port Groups and Policies for those elements.

1. On the Associations menu, click Association Wizard. The Association Wizard screen

appears.

Figure 44 Association Wizard Overview

2. After reading the overview, click Next. The Category and Elements screen of the Wizard

appears.

Figure 45 Association Wizard - Category And Elements Screen

3. Type the name of a category you wish to organize your ports by (for example: Location) in

the Category field. Maximum length is 31 characters.

4. Type a unique name of each element in that category in the Elements fields below.

Maximum length is 19 characters. These elements are used to group your ports within the

category (for example: LA Market Area, Chicago Market Area, etc.). If you require more elements for this category, click Add More Elements.

CHAPTER 4: CREATING ASSOCIATIONS 43

5. If you wish to create another category, click Add Another Category and repeat steps 3 and

Figure 46 Adding Another Category

6. When you are done creating categories, click Next at the bottom of the screen. The Confirm

Choices screen of the Wizard appears.

Figure 47 Association Wizard - Confirm Choices

7. Review the list of categories and associated elements that will be created. Click Previous if

you need to go back and make changes. If everything is correct, click Finish.

44 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

8. CC-SG will show a progress bar while it is creating the associations, port groups and policies.

When this is complete, the Association Wizard Summary screen appears displaying the list what was created. Click Done to exit the wizard.

Figure 48 Association Wizard - Summary Screen

9. The Association Wizard has now created a port group for each element, and a policy for each

port group. If the element names were not unique, the default port groups and policies cannot be created–see

Appendix F: Troubleshooting for additional information. You can now add ports to these port groups using the Port Group Manager. To make changes to any of the categories, from the Associations menu, click Association Manager. To make changes to any of the policies, from the Associations menu, click Policy Manager. By default, the

Association Wizard sets the policy for control access at all times.

CHAPTER 4: CREATING ASSOCIATIONS 45

Import Categories, Devices, Ports from CSV File

To expedite configuration, you can import pre-defined categories, elements of those categories, and the ports and devices to which the categories apply from a CSV file. After importing, you can have CC-SG validate the file to ensure the file was formatted properly. If errors are discovered, they are displayed.

Once successfully imported, the categories and elements are added to the CC-SG database and they are applied to the ports and devices as specified in the file. The devices specified in the CSV file must have been added to CC-SG prior to importing⎯please see

Adding Devices and Device Groups. Also, the ports specified in the CSV file must have been configured in CC-SG prior to importing⎯please see

Configure Port in Chapter 6: Configuring

Ports and Port Groups.

On the Setup menu, click Scripts, then Import Categories. The Import Categories screen appears.

Add Device in Chapter 5:

Figure 49 Import Categories Screen

1. Click Browse and select a CSV file.

2. Click Validate to ensure it is in the correct format. If there are errors, they will be displayed

so they can be corrected and you can re-import the file.

3. If no errors are found or after correcting any errors, click Import to import the file.

46 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

CSV File Format

The entries in the CSV file are case-sensitive and each row in the CSV file has this format:

{tag},{value}[,{value},….]

TAG SUBSEQUENT FIELDS COMMENTS

CATEGORY Category Name,ValueType,

Applicability

CSV File Example

CATEGORY,Memory,String,Port

CATEGORYELEMENT,Memory,256 MB

CATEGORYELEMENT,Memory,512 MB

CATEGORYELEMENT,Memory,1024 MB

CATEGORY,OS,String,Port

CATEGORYELEMENT,OS,UNIX

CATEGORYELEMENT,OS,WINDOWS

CATEGORYELEMENT,OS,LINUX

CATEGORY,Location,String,Device

CATEGORYELEMENT,Location,Aisle 1

CATEGORYELEMENT,Location,Aisle 2

CATEGORYELEMENT,Location,Aisle 3

DEVICE,192.168.32.20, Location,Aisle 2

PORT,192.168.32.20, Raritan Port ID, Port 3, OS,UNIX

PORT,192.168.32.20, Raritan Port ID, Port 3, Memory,1024 MB

CHAPTER 4: CREATING ASSOCIATIONS 47

Once successfully imported, you should see something like:

Figure 50 Analysis Report Screen

If necessary, refer to Appendix F: Troubleshooting for problem resolution.

48 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 49

Chapter 5: Adding Devices and Device Groups

Device Manager

Device Manager commands allow you to configure Dominion series and IP-Reach units and their individual ports. From a CC-SG perspective, connection to a remote target device is made via a serial or KVM port. You can configure the system on a port-by-port basis in order to easily access remote target devices.

When you click on the Devices tab and select a device from the Devices tree, the View Device

screen will automatically appear, displaying information about the selected device. For easier identification, KVM, Serial, and Power devices have different icons in the Devices tree. In addition, availability status of each device also has a different icon. For a description of what the icons represent, please see the table below.

Figure 51 The Devices Tab And View Devices Screen

50 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

Device Icons

ICON MEANING

Device available

Port available

KVM port connected – in current user session

Port paused – because device is paused

Port unavailable – because device is unavailable

Port busy – other user connected to port

Serial port available – not connected

Serial port connected – in current user session

Serial port busy – other user connected to port

Serial port unavailable – device is down and unavailable

Serial port paused – because device is paused

Device paused

Device unavailable – device restarted and e = 33 is thrown

Power strip available

Outlet port available

Power strip paused

Outlet paused

Important! Many of the menu bar commands can be accessed by right-clicking on a Device icon and selecting a command from the shortcut menu that appears.

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 51

Add Device

Use this command to add a new device to the system.

1. Click on the Devices tab.

2. On the Devices menu, click Device Manager, and then click Add Device. The Add Device

selection screen appears.

Figure 52 Add Device Selection Screen

3. Click on the Device Type drop-down arrow and select a type of device from the list.

4. Click Next to proceed. The Add Device description screen appears. Depending on the type of

device you selected, you will see a device in the Dominion family (KSX, KX, KX101, or SX), an IP-Reach, a Paragon II System Controller, an Intelligent Platform Management Interface (IPMI) v1.5 device, a PowerStrip, a Generic device (for example, a hub, Windows server, or Cisco router) or an iLO/RILOE screen.

Figure 53 Add Device Screen for PowerStrip

52 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

Figure 54 Add Device Screen for Raritan Devices

Figure 55 Add Device Screen for iLO, RILOE

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 53

Figure 56 Add Device Screen for IPMI Server (v 1.5)

Figure 57 Add Device Screen for Generic Device

5. Type the new device name in the Device name field.

6. Type the IP Address or Hostname of the new device in the Device IP or Hostname field. For

hostname rules, see

Terminology/Acronyms in Chapter 1: Introduction.

7. The TCP/UDP port number value will be populated automatically based on the device type.

For example, the default UDP port for an IPMI device is 623.

8. Type a description (or location) of the new device in the Description field.

9. Type the name used to log onto this device in the Username field.

10. Type the password needed to access this device in the Password field.

11. If applicable, type the time (in seconds) that should elapse before timeout between the new

device and CC-SG in the Heartbeat timeout (sec) field.

12. For IPMI Servers, enter an Interval that is used to check for availability and an

Authentication Method, which needs to match what has been configured on the IPMI Server.

Note: You will not see a TCP port number or Heartbeat timeout field for HP iLO/RILOE devices, older Dominion SX units (version 2.4 or earlier), IPMI Servers, and Generic devices.

13. Click OK to add the device or Cancel to exit without saving.

14. For Raritan devices, if the firmware version of the device is not compatible with CC-SG, a

message will alert you and ask if you want to proceed (please see Chapter 2: Accessing CC- SG for additional information). Click Yes to add the device to CC-SG, or No to cancel the

operation. You can easily upgrade the device firmware after adding it to CC-SG (see section

Upgrade Device later in this chapter).

15. A Device Created Successfully message confirms that device has been added.

16. Repeat steps 1 through 12 to add other devices.

54 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

KX Devices with Encryption

CC-SG supports adding and managing Dominion KX devices, such as KX101, that have been configured with:

• SSL authentication and no data encryption

• SSL authentication and data encryption

• SSL authentication and SSL data encryption

• No authentication and no encryption

Refer to Raritan’s Dominion KX User Guide for definitions of these encryption modes.

Edit Device

Use this command to rename a device and /or modify its properties.

1. Click on the Devices tab and select a device from Devices tree.

2. On the Devices menu, click Device Manager, and then click Edit Device. The Edit Device

screen appears.

Figure 58 Edit Device Screen

3. Type the new device properties in the appropriate fields on this screen, up to and including

selecting different or new Category and Element properties from the Device Association

panel.

4. Click OK to edit the device or Cancel to exit with modifying. A Device Updated

Successfully message confirms that device has been modified.

5. Repeat steps 1 through 4 to edit other devices.

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 55

Delete Device

1. Click on the Devices tab and select a device from Devices tree.

2. On the Devices menu, click Device Manager, and then click Delete Device. The Delete

Device screen appears.

Figure 59 Delete Device Screen

3. Click OK to delete the device or Cancel to exit without deleting. A Device Deleted

Successfully message confirms that the device has been deleted.

4. Repeat steps 1 through 3 to delete other devices.

Bulk Copy

The Bulk Copy command allows you to copy the assigned categories and elements from one device to multiple other devices. Please note that categories and elements are the only properties copied in this process.

1. Click on the Devices tab and select a device from Devices tree.

2. On the Devices menu, click Device Manager, and then click Bulk Copy. The Bulk Copy

screen appears.

Figure 60 Bulk Copy Screen

3. In the All Devices list, select the device(s) to which you are copying the categories and

elements of the device in the Device Name field.

4. Click > to add a device to the Selected Devices list.

5. To remove a device from the Selected Devices list, select the device, and click <.

6. Click OK to bulk copy or Cancel to exit without copying. A Device Copied Successfully

message confirms that device categories and elements have been copied.

7. Repeat steps 1 through 6 to copy other categories and elements of other devices.

56 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

Backup Device Configuration

Use this command to back up all user configuration and system configuration files. If anything happens to your system, you can restore your previous configurations from memory.

Note: Only for Dominion SX 2.5 devices or later, network settings, such as IP address, subnet mask, IP gateway are not included in the backup file.

1. Click on the Devices tab and select a device from the Devices tree.

2. On the Devices menu, click Device Manager, and then click Backup Device Configuration.

The Backup Device Configuration screen appears.

Figure 61 Backup Device Configuration Screen

3. Click OK to back up the device configuration or Cancel to exit without backing up. A

Device Configuration Backed Up Successfully message confirms that device configuration

has been backed up.

4. Repeat steps 1 through 3 to back up other device configurations.

Restore Device Configuration

This command allows you to restore a previously backed-up device configuration.

1. Click on the Devices tab and select a device from the Devices tree.

2. On the Devices menu, click Device Manager, and then click Restore Device Configuration.

The Restore Device Configuration screen appears.

Figure 62 Restore Device Configuration Screen

3. Click on the Backup Date drop-down arrow and select a date from the list of when you last

made a back up of the device.

4. Click OK to restore the back up or Cancel to exit without restoring.

5. When the Restart message appears, click Yes to restart the device or No to close the window

without restarting. A Device Configuration Restored Successfully message confirms that all

user and system configuration data has been restored.

6. Repeat step 1 through 5 to restore other devices’ configurations.

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 57

Copy Device Configuration

This command allows you to copy configurations from one device to another or multiple devices.

Note: Configuration can only be copied between Dominion SX units and DSX units that have the same number of ports.

1. Click on the Devices tab and select the device whose configuration you wish to copy to other

devices from the Devices tree.

2. On the Devices menu, click Device Manager, and then click Copy Device Configuration.

The Copy Device Configuration screen appears.

Figure 63 Copy Device Configuration Screen

3. If you have used the Backup Device option on this device, you can copy that configuration

instead by selecting From Saved Configuration and then selecting the configuration from

the saved configuration drop-down arrow.

4. Highlight the devices you want to copy this configuration to in the Available Devices column

and click the right arrow to move them to the Copy Configuration To column. The left arrow moves selected devices out of the Copy Configuration To column.

5. Click OK to copy the configuration to the devices in the Copy Configuration To column, or

Cancel to exit without copying. A Restart message appears after copying.

6. Click Yes to restart the device or No to close the window without restarting. A Device

Configuration Copied Successfully to message confirms that device configuration has been

copied.

7. Repeat steps 1 through 6 to copy other devices’ configurations.

Upgrade Device

Use the Upgrade Device command to download new versions of device firmware.

1. Click on the Devices tab and select a device from the Devices tree.

2. On the Devices menu, click Device Manager, and then click Upgrade Device. The Upgrade

Device screen appears.

Figure 64 Upgrade Device Screen

3. Click on the Firmware Name drop-down arrow and select the appropriate firmware from the

list (Raritan or your reseller will provide this information).

4. Click OK to upgrade the device or Cancel to close the Upgrade Device screen.

58 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

If the firmware version of the device is not compatible with CC-SG, a message will alert you

and ask if you want to proceed (please see Chapter 2: Accessing CC-SG for additional information). Click Yes to upgrade the device, or No to cancel the operation.

5. A Restart message appears; click Yes to restart the device or No to close the window

without restarting.

6. A Device Upgraded Successfully message confirms that the device has been upgraded.

7. Repeat steps 1 through 6 to upgrade other devices.

Note: Firmware for iLO/RILOE cannot be upgraded using CC-SG.

Ping Device

You can ping a device to determine if the device is available in your network.

1. Click on the Devices tab and select a device from the Devices tree.

2. On the Devices menu, click Device Manager, and then click Ping Device. The Ping Device

screen appears, showing the result of the ping.

Figure 65 Ping Device Screen

3. Click Close to clear this screen.

4. Repeat steps 1 through 3 to ping other devices.

Restart Device

Use the Restart Device command to restart a device.

1. Click on the Devices tab and select a device from the Devices tree.

2. On the Devices menu, click Device Manager, and then click Restart Device. The Restart

Device screen appears.

Figure 66 Restart Device Screen

3. Click OK to restart the device or Cancel to exit without restarting. A Device Restart

Successfully message confirms that the device has been restarted.

4. Repeat steps 1 through 3 to restart other devices.

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 59

Pause Device

You can pause a device to temporarily suspend CC-SG’s control of it without losing any of the configuration data stored within the CC-SG Server.

1. Click on the Devices tab and select a device from the Devices tree.

2. On the Devices menu, click Device Manager, and then click Pause Management. The

indicator of the device being paused is its icon changing from a grey ‘active’ state to a red ‘paused’ state in the Devices tree.

Resume Device

After pausing a device, have it continue with its normal activity by commanding it to resume.

1. Click on the Devices tab and select the paused device from the Devices tree.

2. On the Devices menu, click Device Manager, and then click Resume Management. The

device icon changes from the red ‘paused’ state to a grey ‘active’ state.

View Devices

Regular View

Select this command to view devices in the Devices tree grouped in default view (you can change

the regular view by assigning new criteria in custom view, see the next section

1. Click on the Devices tab.

2. On the Devices menu, click Change View, and then click Regular View. The Regular View

of the Devices tree appears.

Custom View).

Figure 67 Devices Tree Regular View Screen

Known ports are nested under their parent devices. Right-click on the tree, then click Port Sorting Options, then Sort By Port Name or Sort By Port Status to arrange the ports within

their devices alphabetically by name or by availability status. Ports arranged by status are sorted alphabetically within their connection status grouping. Devices will also be sorted accordingly.

60 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

Custom View

You can customize the Devices tree by organizing devices to appear in a particular format. You might want to view devices by Country, by Time Zone, or by any other option that helps you differentiate between them. Set up a Custom View using the next few sessions. Please also see section Categories to CC-SG.

1. Click on the Devices tab.

2. On the Devices menu, click Change View, and then click Custom View. The Custom View

Association Manager in Chapter 4: Creating Associations for more details on adding

screen appears.

Figure 68 Custom View Screen

3. To customize your view, click on the Name drop-down arrow and select a custom view that

has already been saved in the database. Details of the View categories appear in the Custom View Details field.

4. Click Set Current to arrange the Devices tree to reflect the selected custom view.

5. Click Set Default if you want the selected custom view to be displayed when logging into

CC-SG.

6. Click Close to close the Custom View screen.

7. Repeat steps 1 through 5 to change custom view. Known ports are nested under their parent devices. Right-click on the tree, then click Port

Sorting Options, then Sort By Port Name or Sort By Port Status to arrange the ports within

their devices alphabetically by name or by availability status. Ports arranged by status are sorted alphabetically within their connection status grouping. Devices will also be sorted accordingly.

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 61

Add Custom View

1. Click on the Devices tab.

2. On the Devices menu, click Change View, and then click Custom View. The Custom View

screen appears.

3. In the Custom View panel, click Add. An Add Custom View window appears.

Figure 69 Add Custom View Window

4. Type a new custom view name and click OK or click Cancel to close the window. The new

view name appears in the Name field.

5. In the Custom View Details panel, click on the drop-down arrow at the bottom of the panel.

This list contains categories that you can use to filter custom views. Select a detail from the

drop-down list and click Add to add the detail to the Custom View Details panel. Select as

many details as needed.

6. To re-order the details in the Custom User Details panel, select a detail and use the Up and

Down buttons to arrange details in the order you want devices sorted. To remove a detail from the list, select the detail and click the Delete button in the Custom User Details panel.

7. Click Update to update the custom view. A Custom View Updated Successfully message

confirms that the custom view has been updated.

8. Click Set Current to arrange the Devices tree to reflect the selected custom view.

9. Click Close to close the Custom View screen.

10. Repeat steps 1 through 9 to add a new custom view.

Edit Custom View

1. Click on the Devices tab.

2. On the Devices menu click Change View, and then click Custom View. The Custom View

screen appears.

3. Click on the Name drop-down arrow in the Custom View panel and select the custom view

to be edited. Click Edit. An Edit Custom View window appears.

Figure 70 Edit Custom View Window

4. Type a new custom view name and click OK to confirm or Cancel to close window.

62 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

5. In the Custom View Details panel, click on the drop-down arrow at the bottom of the panel.

This list contains categories that you can use to filter custom views. Select a detail from the

drop-down list and click Add to add the detail to the Custom View Details panel. Select as

many details as needed.

6. To re-order the details in the Custom User Details panel, select a detail and use the Up and

Down buttons to arrange details in the order you want devices sorted. To remove a detail from the list, select the detail and click the Delete button in the Custom User Details panel.

7. Click Update to update custom view. A Custom View Updated Successfully message

confirms that the custom view has been updated.

8. Click Set Current to arrange the Devices tree to reflect the selected custom view.

9. Click Close to close the Custom View screen.

10. Repeat steps 1 through 9 to edit other custom views.

Delete Custom View

1. Click on the Devices Tab.

2. On the Devices menu click Change View, and then click Custom View. The Custom View

screen appears.

Figure 71 Custom View Screen

3. Click on the Name drop-down arrow in the Custom View panel and select the custom view

to be deleted.

4. Click on the Delete button in the Custom View panel. A Delete Custom View window

appears.

Figure 72 Delete Custom View Window

5. Click Yes to delete the custom view or No to close the window.

6. Click Close to close the Custom View screen.

7. Repeat steps 1 through 6 to delete other custom views.

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 63

Topological View

Use the Topological View command to view the structural setup of all the connected appliances in your configuration.

1. Click on the Devices tab and select a device from the Devices tree.

2. On the Devices menu, click Topological View. The Topological View for the selected

device appears.

Figure 73 Topological View Screen

3. Navigate through the Topological View in the same way you navigate through the Devices

tree; click on the + or – to expand or collapse the view.

4. Click Close to close Topological View screen.

64 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

Special Access to Paragon II System Devices

Paragon II System Controller (P2-SC)

Paragon II System Integration users can add their P2-SC devices to the CC-SG Devices tree and configure them via the P2-SC Admin application from within CC-SG. For more detailed

directions on using P2-SC Admin, please see Raritan’s Paragon II System Controller User Guide.

After adding your Paragon System device (the Paragon System includes the P2-SC device, connected UMT units, and connected IP-Reach units) to CC-SG, it will appear in the Devices tree.

Right-click on the Paragon System icon in the Devices tree and select Launch Admin to launch

the Paragon II System Controller application in a new browser window and configure your PII UMT units.

Figure 74 Paragon System Launch Admin Menu Option

Figure 75 Paragon Manager Application Window

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 65

IP-Reach and UST-IP Administration

You can also perform administrative diagnostics on IP-Reach and UST-IP devices connected to your Paragon System setup directly from the CC-SG interface.

After adding the Paragon System device to CC-SG, it appears in the Devices tree. Right-click on

the device icon in the Devices tree and select Remote User Station Admin. The Remote User

Station Admin screen appears, listing all connected IP-Reach and UST-IP units. Click the

Launch Admin button in the row of the device you want to work with to activate Raritan Remote

Console and launch the blue device configuration screen in a new window.

Figure 76 Remote User Station Admin Option

Figure 77 IP-Reach Administration Screen

66 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

Device Power Manager

Before using the Device Power Manager view, make a physical connection of a PowerStrip to a Dominion SX or Dominion KSX unit. When you add the PowerStrip device, define this connection in CC-SG. Once the PowerStrip is added, you can associate it with the Dominion SX serial ports or with Dominion KSX dedicated power ports. The Device Power Manager view displays outlets connected to devices’ ports and allows you to remotely power on or power off associated ports, as well as monitor power, voltage, current, and temperature of the device.

1. In the Devices tree, select a device, then on the Devices menu, click Device Power Manager.

The Device Power Manager screen appears.

Figure 78 Device Power Manager Screen

2. The outlets will be listed in the Outlets Status panel. You may have to scroll to view all

outlets.

3. Click the On or Off radio buttons for each outlet to power ON or power OFF the outlet.

4. Click Recycle to restart the device connected to the outlet.

5. Click Close to close the Device Power Manager screen.

6. Repeat steps 1 through 5 to monitor and control other devices.

Note: CC-SG automatically recognizes the outlets of PowerStrips attached to Dominion KX and P2-SC devices as additional ports of those devices; no PowerStrip association is necessary. These outlets are added and configured the same as any other device port. See section

Manager in

Chapter 6: Configuring Ports and Port Groups for instructions on adding and

Port

editing ports.

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 67

Discover Devices

Use this command to initiate a search for all devices on your system. The search will automatically detect all newly attached, and previously existing Raritan devices on your network, including Paragon, P2-SC, IP-Reach, Dominion KX, Dominion KSX units, IPMI servers, and CC-SGs. After locating the devices, you may connect them to your CC-SG system if they are not already connected.

Note: iLO/RILOE devices and Generic devices, such as hubs, Windows servers, Cisco routers, cannot be discovered. They have to be manually added.

1. Click on the Devices tab.

2. On the Devices menu, click Discover Devices. The Discover Devices screen appears.

Figure 79 Discover Devices Screen

3. Type the range of IP addresses where you expect to find the devices in the From Address

and To Address fields. The To Address should be larger than the From Address. Specify a

mask to apply to the range. If a mask is not specified, then a broadcast address of

255.255.255.255 is sent, which broadcasts to all local networks. To discover devices across

subnets, you must specify a mask.

4. Click Broadcast discovery if searching for devices on the same subnet on which CC-SG

resides. Uncheck Broadcast discovery to discover devices across all subnets.

5. To search for a particular type of device, highlight it in the list of Device types. By default,

ALL device types are highlighted. Use Ctrl+click to select one or more device types.

6. Click OK to start the search, or Cancel to exit without searching, or Stop to discontinue the

discovery process. Discovered devices appear in a Discover Devices list.

Figure 80 Discovered Devices List Window

68 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

7. Select a device from the list and click Add to add the device to CC-SG or click Close to exit

without adding the device. If you clicked Add, the Add Device screen appears.

Figure 81 Add Device Screen

8. Type the user name and password (that were created specifically for CC-SG in the device) in

the Username and Password fields to allow CC-SG to authenticate the device when communicating with it in the future. Select a Category or Element to apply to the device.

9. Click OK to add the new device or Cancel to exit without adding. To return to the previous

screen, click Previous. A Device Added Successfully message confirms that the device has

been added.

10. Click Previous to return to the Discover Devices screen and add another device from the list

if so desired.

11. Repeat steps 1 through 10 to find and add other devices.

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 69

Device Group Manager

Use the Device Groups Manager screen to add, edit, assign, and remove device groups and the rules that govern them. First add a Device Group, then add a Device Rule(s) to make working with and viewing devices easier.

Add Device Group

1. On the Associations menu, click Groups Manager, and then click Device Group Manager.

The Device Group Manager screen appears.

Figure 82 Device Groups Manager Screen

2. Click Add in the Groups panel. The Add Device Group window appears.

Figure 83 Add Device Group Window

3. Type a device group name in the Enter Device Group Name field. Click OK to add the

group or Cancel to close the window. The new group name will appear in the Group Name field.

4. Click Close to close Device Groups Manager screen.

5. Repeat steps 1 through 4 to add other device groups.

70 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

Edit Device Group Name

1. On the Associations menu, click Groups Manager, and then click Device Group Manager.

The Device Group Manager screen appears.

Figure 84 Device Groups Manager Screen

2. Click on the Groups drop-down arrow and select the group to be edited from the list. Click

Edit and the Edit Device Group window appears.

Figure 85 Edit Device Group Window

3. Type the new name for the device group in the Enter New Name for Device Group field.

Click OK to edit the device group or Cancel to close the window. The new name appears in the Group Name field.

4. Click Close to close Device Groups Manager screen.

5. Repeat steps 1 through 4 to edit other device group names.

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 71

Delete Device Group

1. On the Associations menu, click Groups Manager, and then click Device Group Manager.

The Device Groups Manager screen appears.

Figure 86 Device Groups Manager Screen

2. Click on the Group Names drop down arrow and select the device group to be deleted. Click

Delete and the Delete Device Group window appears.

Figure 87 Delete Device Group Window

3. Click Yes to delete the group or No to Cancel and close the window.

4. Click Close to close Device Groups Manager screen.

5. Repeat steps 1 through 4 to delete other devices.

Add Device Rule

After adding a device group, apply one or more rules to the group so that devices can be grouped by matching parameters and you have a navigable Devices tree.

1. On the Associations menu, click Groups Manager, and then click Device Group Manager.

The Device Groups Manager screen appears.

Figure 88 Device Groups Manager Screen

2. Click on the Group Name drop-down arrow and select the device group for which you want

to set rules.

3. Click on the Prefix, Category, Operator, and Element drop-down arrows to set up a rule,

and type the name of the rule in the Rule Name field.

4. Click Add Rule. The new rule appears in the rule table as a short regular expression.

72 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

Important: You can combine the application of two or more rules by using operators such as ‘&’ meaning ‘and’ or ‘ ⎜’ (vertical bar that shares the <\> key on your keyboard) meaning ‘or.’

Note: When you select a category, make sure you select a proper operator that relates to the element in order for the rule to take effect. For example, if countries of the world category is selected, relate it to ‘=’operator to equal only the country you pick as an element of the rule. Devices are grouped according to this rule once added to the system.

1. Click Validate and the short regular expression expands into a normal expression of the rule

in the lower field of the screen.

2. Click Update to update the device group. The new rule is associated with this device group

from now on, and any new devices will also comply with rules assigned to this device group.

3. Click Close to close the Device Groups Manager screen.

4. Repeat steps 1 through 7 to add other rules to device groups.

Delete Device Rule

1. On the Associations menu, click Groups Manager, and then click Device Group Manager.

The Device Groups Manager screen appears.

Figure 89 Device Groups Manager Screen

2. Select a rule to be deleted from the rule table and click Delete Rule. The Delete Rule window

appears.

Figure 90 Delete Rule Window

3. Click Yes to delete the rule or No to close the window.

4. Click Close to close Device Groups Manager screen.

5. Repeat steps 1 through 4 to delete other rules.

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 73

Search for Devices

CC-SG can search for a device name that satisfies the text entered in the search box. Searches are case-insensitive.

1. Click on the Devices tab.

Figure 91 Search for Devices

2. At the bottom of the window, enter a search string in Search For Device.

3. Click Go or press ENTER.

Navigation Tips

• When a device has been found and is highlighted in the Devices tree, use the ↓ and ↑ keys to

navigate to the next device.

• When a device is highlighted in the Devices tree, press the TAB key to return to the Search

For Device box.

• To clear the results and refresh the display in the Devices tree, you can press the F5 key or

click

in the toolbar.

Supported Wildcards

These wildcards are supported:

WILDCARD DESCRIPTION

? Indicates any character.

[-]

Indicates a character in range.

Indicates zero or more characters.

74 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

Examples are as follows:

EXAMPLE DESCRIPTION

KX? KX*

KX[0-9][0-9]T

Locates KX1, and KXZ, but not KX1Z. Locates KX1, KX, KX1, and KX1Z. Locates KX95T, KX66T, but not KXZ and KX5PT.

Disconnect Users

Administrators can terminate any user's session with a device. This includes users who are performing any kind of operation on a device, such as, connecting to ports, backing up the configuration of a device, restoring a device’s configuration, or upgrading the firmware of a device. The administrator, however, will remain logged into CC-SG.

Note: Firmware upgrades and device configuration backups and restores are allowed to complete before the user's session with the device is terminated. All other operations will be terminated immediately.

1. Click on the Devices tab.

2. Right-click on the device you want to disconnect one or more users.

Figure 92 Disconnect Users

3. Click Disconnect Users.

4. Highlight one or more users in the Disconnect users panel.

5. Click Disconnect.

Note: For Dominion SX devices only, you can disconnect users who are directly logged onto the device as well as those who are connected to the device (port) via CC-SG.

CHAPTER 6: CONFIGURING PORTS AND PORT GROUPS 75

Chapter 6: Configuring Ports and Port Groups

This chapter discusses how to configure and edit ports and port groups. Procedures on how to use ports (connect, disconnect, bookmark ports, search for ports, create views, use port power

management, use port chat) are described in Raritan’s CommandCenter Secure Gateway User Guide.

Port Manager

Port Manager commands allow you to configure, connect to, and disconnect from ports of serial devices, generic devices, IPMI servers, and KVM devices in your CC-SG.

Once configured, CC-SG provides centralized access to the target devices(s) attached to Dominion and IP-Reach units. CC-SG supports Raritan products, as listed in the table below.

RARITAN UNITS NUMBER OF PORTS SSL

Dominion SX4 4 Always On

Dominion SX8 8 Always On

Dominion SX16 16 Always On

Dominion SX32 32 Always On

Dominion SX48 48 Always On

Dominion KSX440 8 Always On

Dominion KSX880 16 Always On

Dominion KX116* 16 Always On

Dominion KX216* 16 Always On

Dominion KX232* 32 Always On

Dominion KX416 16 Always On

Dominion KX432 32 Always On

Dominion KX101 1 Always On

IP-Reach Model Dependent Always On

P2-SC Varies Always On

*Requires DKX firmware support

76 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

When you click on the Ports tab, the Ports tree displays information about the Ports connected with CC-SG. Clicking on a port causes the View Port screen to appear. Ports are arranged alphabetically by name, or grouped by availability status. Ports arranged by status are sorted alphabetically within their availability grouping. To switch between arranging methods, right-

click on the tree, click Port Sorting Options, then click Sort By Port Name or Sort By Port Status.

Figure 93 The Ports Tab And View KVM Port Screen

CHAPTER 6: CONFIGURING PORTS AND PORT GROUPS 77

Port Icons

For easier identification, different ports have different icons in the tree. In addition, availability status of each port also has a different icon. For a description of what the icons represent, please see the table below.

ICON MEANING

Device available

Port available

Ghosted Port – a ghosted port can occur when managing Paragon devices and when a CIM or target server is removed from the system or powered off but a record of it remains.

KVM port connected – in current user session

Port paused – because device is paused

Port unavailable – because device is unavailable

Port busy – other user connected to port

Serial port available – not connected

Serial port connected – in current user session

Serial port busy – other user connected to port

Serial port unavailable – device is down and unavailable

Serial port paused – because device is paused

Power strip available

Outlet port available

Power strip paused

Outlet paused

Important! Many of the menu bar commands described in this section can be accessed by right-clicking on a Port icon and selecting a command from the shortcut menu that appears.

78 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

Configure Port

Configure a Serial Port

Click on the Devices tab and select a serial device from the Devices tree.

1. On the Devices menu, click Port Manager, and then click Configure Ports. The Configure

Ports screen appears.

Figure 94 Configure Ports Screen

2. To make ports easier to find, click on a column header to sort the ports by that attribute in

ascending order. Click on the header again to sort the ports in descending order.

CHAPTER 6: CONFIGURING PORTS AND PORT GROUPS 79

3. Click the Configure button that corresponds to the serial port line item you wish to configure.

The Configure Serial Port screen appears.

Figure 95 Configure Serial Ports Screen

4. Type a port name in Port Name field. For ease of use, you should name the port after the

server that is connected to the port.

5. Click on the Application Name drop-down arrow and select an application name.

6. Click on the Baud Rate drop-down arrow and select a rate.

7. Click on the Parity/Data Bits drop-down arrow and select a parity value.

8. Click on the Flow Control drop-down arrow and select a flow control value.

9. Click on the Associate Device drop-down arrow and select a Generic device, IPMI Server, or

Powerstrip, which will be associated with this Serial port. When a Generic device is associated with a Serial port, it looks like this in the Devices tree:

Figure 96 Associated Generic Device with a Serial Port

10. Select the associated category and element from the Port Associations table.

80 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

11. Click In-Band Parameters if you want to allow in-band access for this Serial port.

Figure 97 In-Band Parameters

12. Click on the In-band application drop-down arrow and select either RemoteDesktop

Viewer, SSH Client, VNC Viewer. Type the IP address of the target associated with this port in the Target IP Address field, type the port used by the In-band application in Target TCP Port, and type a username that is used to login to the in-band application in the Target Username field. Click OK to save the In-band parameter settings or Cancel to exit without

saving.

13. Click OK to configure the serial port or Cancel to exit without configuring. A Port

Configured Successfully message confirms that the port has been created.

14. Repeat steps 1 through 11 to configure other serial ports.

Note: For KSX power ports and SX serial ports, associating a device with the port is available in the Configure Serial screen and not in the In-Band parameters screen.

CHAPTER 6: CONFIGURING PORTS AND PORT GROUPS 81

Configure a KVM Port

1. Click on the Devices tab and select a KVM device from the Devices tree.

2. On the Devices menu, click Port Manager, and then click Configure Ports. The Configure

Ports screen appears.

Figure 98 Configure Ports Screen

3. To make ports easier to find, click on a column header to sort the ports by that attribute in

ascending order. Click on the header again to sort the ports in descending order.

4. Click the Configure button that corresponds to the KVM port line item you wish to configure.

The Configure KVM Port screen appears.

Figure 99 Configure KVM Port Screen

82 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

5. Type a port name in the Port Name field. For ease of use, you should name the port after the

server that is connected to the port.

6. Click on the Application Name drop-down arrow and either use the default application as

configured in Application Manager or select another application if desired.

7. Select the associated category and element from the Port Associations table.

8. Click In-Band Parameters if you want to allow in-band access for this KVM port.

Figure 100 In-Band Parameters

9. Click on the Associate Generic Device drop-down arrow and select a Generic device, which

will be associated with this KVM port. When a Generic device is associated with a KVM port, it looks like this in the Devices tree:

Figure 101 Associated Generic Device with a KVM Port

10. Click on the In-band application drop-down arrow and select either RemoteDesktop

Viewer, SSH Client, VNC Viewer. Type the IP address of the target associated with this port in the Target IP Address field, type the port used by the In-band application in Target TCP Port, and type a username that is used to login to the in-band application in the Target Username field. If a target name is supplied, then only a password is required when

accessing a target. Click OK to save the In-band parameter settings or Cancel to exit without

saving.

11. Click OK to configure the KVM port or Cancel to exit with configuring. A Port Configured

Successfully message confirms that port has been created.

12. Repeat steps 1 through 11 to configure other KVM ports.

Note: You can access a Generic device that is associated with a KVM port by right-clicking on the port in the Ports tree and selecting Connect, which uses the application selected, such as Raritan Remote Console, or by selecting In-band Access, which uses the in-band application as configured in the In-band Parameters screen.

CHAPTER 6: CONFIGURING PORTS AND PORT GROUPS 83

Configure a Generic Port with In-Band Access

In-band access to Generic devices, such as hubs, Windows servers, CISCO routers, can be managed with one of these in-band applications:

• Windows Remote Desktop (RDP)

• Secure Shell (SSH)

• Virtual Network Computer (VNC)

1. Click on the Devices tab and select a Generic device from the Devices tree.

2. On the Devices menu, click Port Manager, and then click Configure Ports. The Configure

Ports screen appears.

Figure 102 Configure Ports Screen

3. Click the Configure button that corresponds to the Generic port line item you wish to

configure. The Configure Generic Port screen appears.

Figure 103 Configure Generic Ports Screen

4. Type a port name in the Port Name field. For ease of use, you should name the port after the

server that is connected to the port.

5. Click on the In-Band application name drop-down arrow and select an in-band application,

such as SSH Client, VNC Viewer, or RemoteDesktop Viewer to manage the device.

6. Type a TCP port number that the application will use as a Start-up parameter.

84 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

7. Type a Target Username that the application will use as a Start-up parameter. If a target

name is supplied, then only a password is required when accessing a target.

8. Select the associated category and element from the Port Associations table.

9. Click OK to configure the Generic port or Cancel to exit with configuring. A Port

Configured Successfully message confirms that port has been created.

10. Repeat steps 1 through 9 to configure other Generic ports.

Configure an Outlet Port

Outlet ports can be configured for PowerStrip devices and IPMI servers.

1. Click on the Devices tab and select a PowerStrip device from the Devices tree.

2. On the Devices menu, click Port Manager, and then click Configure Ports. The Configure

Ports screen appears.

Figure 104 Configure Ports Screen for Powerstrip Device

Figure 105 Configure Ports Screen for IPMI Server

Raritan Engineering CC-SG User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Prerequisites

Intended Audience

Product Photos

Product Features and Benefits

Terminology/Acronyms

New 3.0 Features

Chapter 2: Accessing CC-SG

Browser-Based Access

Standalone Client Access

Confirm IP Address

Check and Upgrade CC-SG Firmware Version

Check and Upgrade Application Versions

Connection to Console and KVM Management Appliances

Power Down CC-SG

CC-SG Window Components

Overview

Main Window Components

Configuring CC-SG Manager Components

Configurable Parameters

Compatibility Matrix

Chapter 3: Example Configuration Workflow

Create Associations

Add Devices

Configure Ports

Serial Port

KVM Port

Add Users to System Administrators Group

Control User Access

Create User Groups

Create/Edit Port Groups

Create/Edit Policies

Apply Policies to User Groups

Add Users to User Group

Chapter 4: Creating Associations

Associations

Association Terminology

How to Create Associations

Association Manager

Add Category

Edit Category

Delete Category

Add Element

Edit Element

Delete Element

Association Wizard

CSV File Format

CSV File Example

Chapter 5: Adding Devices and Device Groups

Device Manager

Device Icons

Add Device

KX Devices with Encryption

Edit Device

Delete Device

Bulk Copy

Backup Device Configuration

Restore Device Configuration

Copy Device Configuration

Upgrade Device

Ping Device

Restart Device

Pause Device

Resume Device

View Devices

Regular View

Custom View

Add Custom View

Edit Custom View

Delete Custom View

Topological View

Special Access to Paragon II System Devices

Paragon II System Controller (P2-SC)

IP-Reach and UST-IP Administration

Device Power Manager

Discover Devices

Device Group Manager