Raritan CC-SG Service manual
CommandCenter®
Secure Gateway
CC-SG
Administrator Guide
Release 3.1
Copyright © 2007 Raritan, Inc.
CCA-0D-E
January 2007
255-80-5140-00
This page intentionally left blank.
Copyright and Trademark Information
This document contains proprietary information that is protected by copyright. All rights reserved.
No part of this document may be photocopied, reproduced, or translated into another language
without express prior written consent of Raritan, Inc.
© Copyright 2007 Raritan, CommandCenter, RaritanConsole, Dominion, and the Raritan
company logo are trademarks or registered trademarks of Raritan, Inc. All rights reserved. Java is
a registered trademark of Sun Microsystems, Inc. Internet Explorer is a registered trademark of
Microsoft Corporation. Netscape and Netscape Navigator are registered trademarks of Netscape
Communication Corporation. All other marks are the property of their respective owners.
FCC Information
This equipment has been tested and found to comply with the limits for a Class A digital device,
pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection
against harmful interference in a commercial installation. This equipment generates, uses, and can
radiate radio frequency energy and if not installed and used in accordance with the instructions,
may cause harmful interference to radio communications. Operation of this equipment in a
residential environment may cause harmful interference.
Japanese Approvals
Raritan is not responsible for damage to this product resulting from accident, disaster, misuse,
abuse, non-Raritan modification of the product, or other events outside of Raritan’s reasonable
control or not arising under normal operating conditions.
LISTED
CUS
L
U
1F61
I.T.E.
For assistance in the North or South America, please contact the Raritan Technical Support Team
Ask for Technical Support – Monday through Friday, 8:00am to 8:00pm, Eastern.
For assistance around the world, please refer to the last page of this guide for
regional Raritan office contact information.
Safety Guidelines
To avoid potentially fatal shock hazard and possible damage to Raritan equipment:
•Do not use a 2-wire power cord in any product configuration.
•Test AC outlets at your computer and monitor for proper polarity and grounding.
•Use only with grounded outlets at both the computer and monitor. When using a backup UPS,
power the computer, monitor and appliance off the supply.
Rack Mount Safety Guidelines
In Raritan products which require Rack Mounting, please follow these precautions:
•Operation temperature in a closed rack environment may be greater than room temperature.
Do not exceed the rated maximum ambient temperature of the appliances Please refer to
Appendix A: Specifications.
•Ensure sufficient airflow through the rack environment.
•Mount equipment in the rack carefully to avoid uneven mechanical loading.
•Connect equipment to the supply circuit carefully to avoid overloading circuits.
•Ground all equipment properly, especially supply connections, such as power strips (other
than direct connections), to the branch circuit.
CONTENTS i
Contents
Chapter 1: Introduction......................................... 1
Prerequisites.................................................................................................................................1
Intended Audience........................................................................................................................1
Terminology/Acronyms ................................................................................................................1
Chapter 2: Accessing CC-SG ..................................... 3
Browser-Based Access..................................................................................................................3
Thick Client Access......................................................................................................................4
Install the Thick Client .........................................................................................................................4
Use the Thick Client.............................................................................................................................5
CC-SG Window Components........................................................................................................6
Check IP Address, Firmware Version, and Application Versions......................................................7
Confirm IP Address..............................................................................................................................7
Set the CC-SG Server Time...................................................................................................................8
Check and Upgrade CC-SG Firmware Version........................................................................................9
Check and Upgrade Application Versions.............................................................................................10
Power Down CC-SG...................................................................................................................11
Compatibility Matrix ..................................................................................................................11
Chapter 3: Configuring CC-SG with Guided Setup..................... 13
Prepare to Configure CC-SG with Guided Setup ..........................................................................13
Guided Setup Overview ..............................................................................................................13
Start Guided Setup:.....................................................................................................................13
Associations...............................................................................................................................14
Create Categories and Elements...........................................................................................................14
Device Setup..............................................................................................................................15
Discover and Add Devices..................................................................................................................15
Create Groups ............................................................................................................................18
Add Device Groups and Node Groups..................................................................................................18
User Management.......................................................................................................................21
Add User Groups and Users ................................................................................................................21
Chapter 4: Creating Associations ................................. 25
Associations...............................................................................................................................25
Association Terminology....................................................................................................................25
Associations--Defining Categories and Elements...................................................................................26
How to Create Associations.................................................................................................................27
Association Manager ..................................................................................................................27
Add Category ....................................................................................................................................27
Edit Category.....................................................................................................................................28
Delete Category .................................................................................................................................29
Add Element......................................................................................................................................29
Edit Element......................................................................................................................................30
Delete Element ..................................................................................................................................30
Chapter 5: Adding Devices and Device Groups........................ 33
The Device Tab..........................................................................................................................33
Device and Port Icons .................................................................................................................34
Search for Devices......................................................................................................................35
Add a Device .............................................................................................................................36
Adding a KVM or Serial Device..........................................................................................................36
Adding a PowerStrip Device ...............................................................................................................37
Discover Devices........................................................................................................................38
Edit Device ................................................................................................................................40
Edit PowerStrip Device.......................................................................................................................40
Delete Device.............................................................................................................................41
Configure Ports ..........................................................................................................................42
Configure a Serial Port .......................................................................................................................42
Configure a KVM Port .......................................................................................................................44
Edit Ports ..........................................................................................................................................45
Delete Ports.......................................................................................................................................46
Device Management ...................................................................................................................46
Bulk Copy for Device Categories and Elements ....................................................................................46
ii CONTENTS
Upgrade Device .................................................................................................................................47
Backup Device Configuration..............................................................................................................47
Restore Device Configuration..............................................................................................................48
Copy Device Configuration.................................................................................................................48
Restart Device ...................................................................................................................................49
Ping Device.......................................................................................................................................49
Pause Management.............................................................................................................................49
Resume Management .........................................................................................................................49
Device Power Manager.......................................................................................................................50
Launch Admin...................................................................................................................................50
Topological View...............................................................................................................................51
Disconnect Users ...............................................................................................................................52
Viewing Devices ........................................................................................................................53
Tree View .........................................................................................................................................53
Custom View.....................................................................................................................................53
Special Access to Paragon II System Devices................................................................................56
Paragon II System Controller (P2-SC)..................................................................................................56
IP-Reach and UST-IP Administration...................................................................................................57
Device Group Manager...............................................................................................................58
Add Device Group .............................................................................................................................58
Edit Device Group..............................................................................................................................62
Delete Device Group..........................................................................................................................63
Chapter 6: Configuring Nodes and Interfaces......................... 65
View Nodes ...............................................................................................................................65
Nodes Tree........................................................................................................................................65
Node Profile......................................................................................................................................65
Node and Interface Icons.....................................................................................................................65
Nodes and Interfaces Overview....................................................................................................66
About Nodes......................................................................................................................................66
About Interfaces.................................................................................................................................66
Add Node ..................................................................................................................................67
Add an Interface.........................................................................................................................67
Connect to a Node ......................................................................................................................73
Edit an Interface .........................................................................................................................73
Delete an Interface......................................................................................................................74
Ping a Node ...............................................................................................................................74
Edit a Node................................................................................................................................74
Delete a Node.............................................................................................................................75
Chat...........................................................................................................................................76
Node Groups..............................................................................................................................76
Chapter 7: Adding and Managing Users and User Groups................ 77
The Users Tree...........................................................................................................................77
Special User Groups ...................................................................................................................78
CC Super-User Group.........................................................................................................................78
System Administrators Group..............................................................................................................78
CC Users Group.................................................................................................................................78
Users Not in Group ............................................................................................................................78
Add User Groups........................................................................................................................79
Edit A User Group......................................................................................................................81
Delete User Group......................................................................................................................82
Add User ...................................................................................................................................82
Edit a User.................................................................................................................................83
Delete User ................................................................................................................................84
Assign Users To Group...............................................................................................................85
Delete Users From Group............................................................................................................85
Other User and User Group Functions..........................................................................................86
My Profile.........................................................................................................................................86
Logout Users.....................................................................................................................................87
Bulk Copy.........................................................................................................................................88
Chapter 8: Policies ........................................... 89
Controlling Access Using Policies................................................................................................89
Policy Summary.................................................................................................................................89
Node Groups..............................................................................................................................90
CONTENTS iii
Add Node Groups ..............................................................................................................................91
Edit Node Group................................................................................................................................95
Delete Node Group.............................................................................................................................95
Device Groups............................................................................................................................96
Policy Manager ..........................................................................................................................96
Add Policy ........................................................................................................................................96
Edit a Policy......................................................................................................................................97
Delete a Policy...................................................................................................................................98
Applying Policies To User Groups...............................................................................................98
Chapter 9: Configuring Remote Authentication ....................... 99
Authentication and Authorization (AA)........................................................................................99
Flow for Authentication......................................................................................................................99
User Accounts ...................................................................................................................................99
Distinguished Names for LDAP and AD ....................................................................................100
Username........................................................................................................................................100
Base DN..........................................................................................................................................100
AD Configurations....................................................................................................................101
Add AD Module to CC-SG ...............................................................................................................101
AD General Settings.........................................................................................................................102
AD Advanced Settings......................................................................................................................103
AD Group Settings...........................................................................................................................104
AD Trust Settings.............................................................................................................................105
Edit AD Modules.............................................................................................................................106
Import AD User Groups....................................................................................................................106
Synchronize AD User Groups............................................................................................................108
Synchronize All AD Modules............................................................................................................108
Set AD Synchronization Time...........................................................................................................109
AD Configuration—Upgrade from CC-SG 3.0.2 .................................................................................109
Add LDAP (Netscape) Module to CC-SG...................................................................................110
LDAP General Settings.....................................................................................................................111
LDAP Advanced Settings .................................................................................................................112
LDAP Certificate Settings.................................................................................................................113
Add a TACACS+ Module.........................................................................................................114
TACACS+ General Settings..............................................................................................................115
Add a RADIUS Module............................................................................................................116
RADIUS General Settings.................................................................................................................117
Specify Modules for Authentication and Authorization................................................................118
Establish Order of External AA Servers......................................................................................118
Chapter 10: Generating Reports ................................. 119
Audit Trail Report ....................................................................................................................119
Error Log Report ......................................................................................................................120
Access Report ..........................................................................................................................121
Availability Report ...................................................................................................................123
Active Users Report..................................................................................................................124
Locked Out Users Report..........................................................................................................125
User Data Report......................................................................................................................126
Users in Groups Report.............................................................................................................127
Group Data Report....................................................................................................................128
AD User Group Report .............................................................................................................128
Asset Management Report.........................................................................................................129
Node Asset Report....................................................................................................................130
Active Nodes Report.................................................................................................................131
Node Creation Report ...............................................................................................................132
Query Port Report.....................................................................................................................133
Active Ports Report...................................................................................................................134
Scheduled Reports....................................................................................................................135
CC-NOC Synchronization Report ..............................................................................................135
Chapter 11: System Maintenance ................................ 137
Maintenance Mode ...................................................................................................................137
Scheduled Tasks and Maintenance Mode............................................................................................137
Entering Maintenance Mode..............................................................................................................137
Exiting Maintenance Mode ...............................................................................................................137
Backup CC-SG.........................................................................................................................138
iv CONTENTS
Restore CC-SG.........................................................................................................................139
Saving and Deleting Backup Files......................................................................................................140
Reset CC-SG............................................................................................................................141
Restart CC-SG..........................................................................................................................141
Upgrade CC-SG .......................................................................................................................142
Shut Down CC-SG ...................................................................................................................142
Restarting CC-SG after Shutdown..............................................................................................143
End CC-SG Session..................................................................................................................143
Log Out...........................................................................................................................................143
Exit CC-SG.....................................................................................................................................143
Chapter 12: Advanced Administration............................. 145
Guided Setup............................................................................................................................145
Message of the Day Setup .........................................................................................................145
Application Manager ................................................................................................................146
Adding, Editing and Deleting Applications.........................................................................................146
Default Applications.........................................................................................................................148
Firmware Manager....................................................................................................................149
Upload Firmware .............................................................................................................................149
Delete Firmware ..............................................................................................................................150
Configuration Manager.....................................................................................................................150
Network Configuration.....................................................................................................................150
Log Configuration............................................................................................................................153
Configuring Logging Activity: ..........................................................................................................153
Purging CC-SG’s Internal Log:..........................................................................................................154
Inactivity Timer Configuration ..........................................................................................................154
Time/Date Configuration ..................................................................................................................155
Modem Configuration ......................................................................................................................156
SNMP.............................................................................................................................................163
Cluster Configuration................................................................................................................165
Create a Cluster................................................................................................................................165
Remove Secondary CC-SG Node.......................................................................................................167
Remove Primary CC-SG Node..........................................................................................................167
Recover a Failed CC-SG Node ..........................................................................................................168
Set Advanced Settings......................................................................................................................168
Configure Security....................................................................................................................169
Remote Authentication .....................................................................................................................169
Secure Client Connections ................................................................................................................169
Login Settings..................................................................................................................................170
Portal..............................................................................................................................................172
Certificate .......................................................................................................................................173
IP-ACL...........................................................................................................................................176
Notification Manager................................................................................................................178
Task Manager...........................................................................................................................179
Task Types......................................................................................................................................179
Scheduling Sequential Tasks .............................................................................................................179
Email Notifications ..........................................................................................................................179
Scheduled Reports............................................................................................................................179
Create a New Task ...........................................................................................................................180
View a Task, Details of a Task, and Task History................................................................................181
CommandCenter NOC..............................................................................................................182
Add a CC-NOC ...............................................................................................................................182
Edit a CC-NOC................................................................................................................................184
Launch CC-NOC .............................................................................................................................184
Delete a CC-NOC ............................................................................................................................184
SSH Access to CC-SG ..............................................................................................................185
SSH Commands...............................................................................................................................186
Command Tips ................................................................................................................................187
Create an SSH Connection to an SX Device........................................................................................188
Use SSH to Connect to a Node via a Serial Out of Band Interface.........................................................189
Exit a Session ..................................................................................................................................189
Diagnostic Console...................................................................................................................190
About Status Console .......................................................................................................................190
About Administrator Console............................................................................................................190
Accessing Diagnostic Console via VGA/Keyboard/Mouse Port ............................................................190
Accessing Diagnostic Console via SSH..............................................................................................190
Accessing Administrator Console ......................................................................................................191
CONTENTS v
Appendix A: Specifications (G1, V1, and E1) ........................ 211
G1 Platform .............................................................................................................................211
General Specifications......................................................................................................................211
Hardware Specifications ...................................................................................................................211
Environmental Requirements.............................................................................................................211
V1 Platform .............................................................................................................................212
General Specifications......................................................................................................................212
Hardware Specifications ...................................................................................................................212
Environmental Requirements.............................................................................................................212
E1 Platform..............................................................................................................................213
General Specifications......................................................................................................................213
Hardware Specifications ...................................................................................................................213
Environmental Requirements.............................................................................................................213
Appendix B: CC-SG and Network Configuration ..................... 215
Introduction .............................................................................................................................215
Executive Summary..................................................................................................................215
CC-SG Communication Channels..............................................................................................217
CC-SG and Raritan Devices..............................................................................................................217
CC-SG Clustering ............................................................................................................................217
Access to Infrastructure Services .......................................................................................................218
PC Clients to CC-SG........................................................................................................................218
PC Clients to Nodes .........................................................................................................................219
CC-SG & Client for IPMI, iLO/RILOE, DRAC, RSA..........................................................................219
CC-SG & SNMP..............................................................................................................................220
CC-SG & CC-NOC..........................................................................................................................220
CC-SG Internal Ports........................................................................................................................220
CC-SG Access via NAT-enabled Firewall ..................................................................................220
Security and Open Port Scans....................................................................................................221
Appendix C: User Group Privileges............................... 223
Appendix D: SNMP Traps ..................................... 231
Appendix E: Troubleshooting................................... 233
Client Browser Requirements ....................................................................................................233
Appendix F: Two-Factor Authentication ........................... 235
Supported Environments ...........................................................................................................235
Setup Requirements..................................................................................................................235
Known Issues...........................................................................................................................235
Appendix G: FAQs .......................................... 237
Appendix H: Keyboard Shortcuts ................................ 243
vi FIGURES
Figures
Figure 1 Login Window ..................................................................................................................................3
Figure 2 IP Specification Window....................................................................................................................4
Figure 3 CC-SG Window Components .............................................................................................................6
Figure 4 Confirm IP Address...........................................................................................................................7
Figure 5 Time/Date Configuration....................................................................................................................8
Figure 6 Upgrade CC-SG................................................................................................................................9
Figure 7 CC-SG Application Manager............................................................................................................10
Figure 8 Compatibility Matrix .......................................................................................................................11
Figure 9 Guided Setup Window.....................................................................................................................13
Figure 10 Guided Setup – Create Categories and Elements ...............................................................................14
Figure 11 Guided Setup -- Discover Devices...................................................................................................15
Figure 12 Guided Setup – Device Discovery Results........................................................................................16
Figure 13 Guided Setup – Add Device............................................................................................................17
Figure 14 Guided Setup—Add Device Groups, Select Devices..........................................................................18
Figure 15 Guided Setup—Add Node Groups, Select Nodes ..............................................................................20
Figure 16 Guided Setup--Group Summary ......................................................................................................21
Figure 17 Add User Group--Privileges............................................................................................................22
Figure 18 Add User Group-Policies................................................................................................................23
Figure 19 CC-SG Association Example ..........................................................................................................25
Figure 20 Association Manager Screen...........................................................................................................27
Figure 21 Add Category Window...................................................................................................................28
Figure 22 Edit Category Window...................................................................................................................28
Figure 23 Delete Category Window................................................................................................................29
Figure 24 Association Manager Screen...........................................................................................................29
Figure 25 Add Element Window....................................................................................................................30
Figure 26 Edit Element Window....................................................................................................................30
Figure 27 Delete Element Window.................................................................................................................31
Figure 28 The Devices Tree...........................................................................................................................33
Figure 29 Devices Tab and Devices Profile.....................................................................................................34
Figure 30 Add Device Screen ........................................................................................................................36
Figure 31 Adding a PowerStrip device............................................................................................................37
Figure 32 Discover Devices Screen................................................................................................................38
Figure 33 Discovered Devices List Window....................................................................................................39
Figure 34 Adding a Discovered Device...........................................................................................................39
Figure 35 The Device Profile Screen ..............................................................................................................40
Figure 36 Delete Device Screen.....................................................................................................................41
Figure 37 Configure Ports Screen...................................................................................................................42
Figure 38 Configure Serial Ports Screen..........................................................................................................43
Figure 39 Configure Ports Screen...................................................................................................................44
Figure 40 Configure KVM Port Screen...........................................................................................................44
Figure 41 Ports Profile..................................................................................................................................45
Figure 42 Delete Port Screen .........................................................................................................................46
Figure 43 Upgrade Device Screen ..................................................................................................................47
Figure 44 Backup Device Configuration Screen...............................................................................................47
Figure 45 Restore Device Configuration Screen...............................................................................................48
Figure 46 Restart Device Screen ....................................................................................................................49
Figure 47 Ping Device Screen........................................................................................................................49
Figure 48 Launch Admin for a KX Device......................................................................................................50
Figure 49 Topological View..........................................................................................................................51
Figure 50 Disconnect Users...........................................................................................................................52
Figure 51 Devices Tree Regular View Screen..................................................................................................53
FIGURES vii
Figure 52 Custom View Screen......................................................................................................................54
Figure 53 Selecting a Custom View................................................................................................................54
Figure 54 Custom View Screen......................................................................................................................55
Figure 55 Paragon Manager Application Window............................................................................................56
Figure 56 IP-Reach Administration Screen......................................................................................................57
Figure 57 Device Groups Manager.................................................................................................................58
Figure 58 Device Group: New Panel, Select Devices Tab.................................................................................59
Figure 59 Describe Devices Tab.....................................................................................................................60
Figure 60 Device Groups Manager Screen ......................................................................................................62
Figure 61 Device Groups Manager Screen ......................................................................................................63
Figure 62 Delete Device Group Window.........................................................................................................63
Figure 63 Delete Device Group Panel.............................................................................................................64
Figure 64 The Nodes Tab And Nodes Profile Screen........................................................................................65
Figure 65 Add Node Screen...........................................................................................................................67
Figure 66 Add Interface—In-Band iLO/RILOE KVM......................................................................................69
Figure 67 Configuring an Out-of-Band KVM Connection.................................................................................70
Figure 68 Configuring a Managed Power Strip Power Control Interface.............................................................71
Figure 69 Configuring an IPMI Power Control Interface...................................................................................72
Figure 70 Connecting to a Node's Configured Interface....................................................................................73
Figure 71 Editing an Interface........................................................................................................................73
Figure 72 Edit Node Screen...........................................................................................................................74
Figure 73 Deleting a Node.............................................................................................................................75
Figure 74 Chat Session for a Node .................................................................................................................76
Figure 75 The Users Tree..............................................................................................................................77
Figure 76 Add User Groups Screen ................................................................................................................79
Figure 77 The Policies Tab on the Add User Group Screen...............................................................................80
Figure 78 Editing the Selected Group .............................................................................................................81
Figure 79 Deleting a User Group....................................................................................................................82
Figure 80 Adding a User ...............................................................................................................................82
Figure 81 Editing a Selected User...................................................................................................................83
Figure 82 Deleting a User..............................................................................................................................84
Figure 83 Add Users To Group Screen ...........................................................................................................85
Figure 84 Deleting a User From A Group........................................................................................................86
Figure 85 My Profile Screen..........................................................................................................................86
Figure 86 Bulk Copy Screen..........................................................................................................................88
Figure 87 Policy Summary ............................................................................................................................89
Figure 88 The Node Group Manager ..............................................................................................................90
Figure 89 Nodes in a Group Based on Attributes..............................................................................................91
Figure 90 Adding Nodes Using Select Nodes ..................................................................................................92
Figure 91 Describing a Node Group With Multiple Rules.................................................................................93
Figure 92 Editing a Node Group ....................................................................................................................95
Figure 93 Policy Manager .............................................................................................................................96
Figure 94 Adding a Policy.............................................................................................................................96
Figure 95 Add Module................................................................................................................................101
Figure 96 AD General Settings ....................................................................................................................102
Figure 97 AD Advanced Settings.................................................................................................................103
Figure 98 AD Group Settings.......................................................................................................................104
Figure 99 AD Trust Settings........................................................................................................................105
Figure 100 Importing Groups from AD Server...............................................................................................107
Figure 101 Synchronize AD User Groups .....................................................................................................108
Figure 102 Synchronization of All AD Modules............................................................................................108
Figure 103 Synchronization of All AD Modules............................................................................................109
Figure 104 Add LDAP Module....................................................................................................................110
viii FIGURES
Figure 105 LDAP General Settings ..............................................................................................................111
Figure 106 LDAP Advanced Settings ..........................................................................................................112
Figure 107 Add TACACS+ Module.............................................................................................................114
Figure 108 TACACS+ General Settings........................................................................................................115
Figure 109 Security Manager Add Module Screen.........................................................................................116
Figure 110 Specifying a RADIUS Server......................................................................................................117
Figure 111 Security Manager General tab .....................................................................................................118
Figure 112 Audit Trail Screen......................................................................................................................119
Figure 113 Audit Trail Report......................................................................................................................120
Figure 114 Error Log Screen........................................................................................................................120
Figure 115 Error Log Report........................................................................................................................121
Figure 116 Access Report Screen.................................................................................................................121
Figure 117 Access Report............................................................................................................................122
Figure 118 Availability Report.....................................................................................................................123
Figure 119 Active Users Report...................................................................................................................124
Figure 120 Locked Out Users Report............................................................................................................125
Figure 121 All Users’ Data Report ...............................................................................................................126
Figure 122 Users In Groups Report ..............................................................................................................127
Figure 123 Groups Report...........................................................................................................................128
Figure 124 AD User Group Report...............................................................................................................129
Figure 125 Asset Management Report ..........................................................................................................129
Figure 126 Node Asset Report Screen...........................................................................................................130
Figure 127 Node Asset Report.....................................................................................................................131
Figure 128 Active Nodes Report..................................................................................................................131
Figure 129 Node Creation Report Screen......................................................................................................132
Figure 130 Node Creation Report.................................................................................................................132
Figure 131 Query Port Screen......................................................................................................................133
Figure 132 Query Port Report......................................................................................................................134
Figure 133 Active Ports Report....................................................................................................................134
Figure 134 CC-NOC Synchronization Report................................................................................................135
Figure 135 Enter Maintenance Mode............................................................................................................137
Figure 136 Backup CommandCenter Screen..................................................................................................138
Figure 137 Restore CommandCenter Screen..................................................................................................139
Figure 138 Saving a Backup File..................................................................................................................140
Figure 139 Reset CC-SG Screen ..................................................................................................................141
Figure 140 Restart Screen............................................................................................................................141
Figure 141 Upgrade CC-SG Screen..............................................................................................................142
Figure 142 Shutdown CC-SG Screen............................................................................................................143
Figure 143 Configuring the Message of the Day ............................................................................................145
Figure 144 Applications Tab of the Application Manager...............................................................................146
Figure 145 Adding an Application................................................................................................................146
Figure 146 Edit Applications Window..........................................................................................................147
Figure 147 A List of Default Applications.....................................................................................................148
Figure 148 Firmware Manager Screen..........................................................................................................149
Figure 149 Firmware Search Window...........................................................................................................149
Figure 150 Delete Firmware Window...........................................................................................................150
Figure 151 Configuration Manager Network Settings Screen..........................................................................150
Figure 152 Primary/Backup Network............................................................................................................151
Figure 153 Active/Active Network...............................................................................................................152
Figure 154 Configuration Manager Logs Screen............................................................................................153
Figure 155 Inactivity Timer Tab...................................................................................................................154
Figure 156 Configuration Manager Time/Date Screen....................................................................................155
Figure 157 Configuration Manager Modem Screen........................................................................................156
FIGURES ix
Figure 158 Modems Tab .............................................................................................................................157
Figure 159 Extra Initialization Commands ....................................................................................................157
Figure 160 Create a New Connection............................................................................................................158
Figure 161 Connection Name ......................................................................................................................158
Figure 162 Phone Number to Dial................................................................................................................158
Figure 163 Specify Dial-up Script................................................................................................................159
Figure 164 Connecting to CC-SG.................................................................................................................160
Figure 165 Entering username and password.................................................................................................160
Figure 166 After Dial Terminal....................................................................................................................161
Figure 167 Configuration Manager Connection Screen – Direct Mode.............................................................162
Figure 168 Configuration Settings Device Settings Screen..............................................................................163
Figure 169 Configuration Settings Device Settings Screen..............................................................................164
Figure 170 Cluster Configuration Screen ......................................................................................................166
Figure 171 Cluster Configuration – Primary Node Set....................................................................................166
Figure 172 Cluster Configuration Advanced Settings .....................................................................................168
Figure 173 Secure Client Connections ..........................................................................................................169
Figure 174 Login Settings ...........................................................................................................................170
Figure 175 Portal Settings ...........................................................................................................................172
Figure 176 Login Portal With Restricted Service Agreement...........................................................................173
Figure 177 Security Manager Certificate Screen............................................................................................174
Figure 178 Generate Certificate Signing Request Screen ................................................................................175
Figure 179 Certificate Request Generated .....................................................................................................175
Figure 180 Generate Self Signed Certificate Window.....................................................................................176
Figure 181 Security Manager IP-ACL Screen................................................................................................177
Figure 182 Notification Manager .................................................................................................................178
Figure 183 Task Manager............................................................................................................................180
Figure 184 Add CC-NOC Configuration Screen............................................................................................182
Figure 185 CC-SG Commands via SSH........................................................................................................185
Figure 186 Listing Devices on CC-SG..........................................................................................................188
Figure 187 Access SX Device via SSH.........................................................................................................188
Figure 188 Listinterfaces in SSH..................................................................................................................189
Figure 189 Connecting to a Node via a Serial Out-of-Band Interface ...............................................................189
Figure 190 Login to Diagnostic Console.......................................................................................................190
Figure 191 Status Console...........................................................................................................................191
Figure 192 Administrator Console................................................................................................................192
Figure 193 Editing MOTD for Status Console...............................................................................................193
Figure 194 Edit Diagnostic Console Configuration ........................................................................................194
Figure 195 Editing Network Interfaces .........................................................................................................195
Figure 196 Editing Static Routes..................................................................................................................197
Figure 197 Selecting Log Files to View........................................................................................................198
Figure 198 Selecting Log Files to View........................................................................................................199
Figure 199 Changing Colors in Log Files......................................................................................................199
Figure 200 Displaying Information...............................................................................................................200
Figure 201 Adding Expressions in Log Files .................................................................................................200
Figure 202 Specifying a Regular Expression for a Log File.............................................................................201
Figure 203 Restarting CC-SG in Diagnostic Console......................................................................................202
Figure 204 Rebooting CC-SG in Diagnostic Console .....................................................................................202
Figure 205 Power Down CC-SG in Diagnostic Console..................................................................................203
Figure 206 Admin Password Reset for CC-SG GUI in Diagnostic Console.......................................................204
Figure 207 Reset CC-SG Factory Configuration............................................................................................204
Figure 208 Configuring Password Settings....................................................................................................206
Figure 209 Configuring Accounts ................................................................................................................207
Figure 210 Displaying Disk Status of CC-SG in Diagnostic Console ...............................................................209
x FIGURES
Figure 211 Displaying CC-SG Processes in Diagnostic Console......................................................................209
Figure 212 NTP not configured in CC-SG GUI .............................................................................................210
Figure 213 NTP running on the CC-SG GUI .................................................................................................210
Figure 214 CC-SG Deployment Elements.....................................................................................................216
CHAPTER 1: INTRODUCTION 1
Chapter 1: Introduction
Congratulations on your purchase of CommandCenter Secure Gateway (CC-SG), Raritan’s
convenient and secure method for managing various UNIX servers, firewalls, routers, load
balancers, Power Management devices, and Windows servers.
CC-SG provides central management and administration, using a set of serial and KVM
appliances. It is designed to operate in a variety of environments, from high-density Data Centers
to Service Provider environments to corporate environments handling large remote offices.
CC-SG, when used in conjunction with Raritan’s Dominion or IP-Reach port-level management
appliances, streamlines and simplifies the management of the target devices (referred to as
“nodes”), easing administration of data center equipment by connecting to the IP network and
presenting the serial console and KVM ports of all the nodes within the managed network.
Prerequisites
Before configuring a CC-SG according to the procedures in this document, refer to Raritan’s
Digital Solution Deployment Guide for more comprehensive instructions on deploying Raritan
devices that are managed by CC-SG.
Intended Audience
This document is intended for administrators who typically have all available privileges. Please
refer to Appendix C: User Group Privileges. Users who are not administrators usually have
fewer privileges, such as being granted only the Nodes Access privileges. Those users should
refer to Raritan’s CommandCenter Secure Gateway User Guide for additional information.
Terminology/Acronyms
Terms and acronyms found in this document include:
•Access Client – An HTML based client intended for use by normal access users who need to
access a node managed by CC-SG. The Access Client does not allow the use of
administration functions.
•Associations—are the relationship between categories, elements of a category, and ports or
devices or both. For example, if you want to associate the “Location” category with a device,
create associations first before adding devices and ports in CC-SG.
•Category—is a variable that contains a set values or elements. An example of a Category is
Location, which may have elements such as “New York City, “Philadelphia”, or “Data
Center 1”. When you add devices and ports to CC-SG, you will associate this information
with them. It is easier if you set up associations correctly first, before adding devices and
ports to them. Another example of a Category is “OS Type”, which may have elements such
as “Windows®” or “Unix®” or “Linux®”.
•CIM (Computer Interface Module)—is the hardware used to connect a target server and a
Raritan device. Each target requires a CIM, except for the Dominion KX101 which is
attached directly to one target and therefore, does not require a CIM. Target servers should be
powered on and connected to CIMs, and CIMs should be connected to the Raritan device
BEFORE adding the device and configuring ports in CC-SG. Otherwise, a blank CIM name
will overwrite the CC-SG port name. Servers need to be rebooted after connecting to a CIM.
•CommandCenter NOC (CC NOC)—is a network monitoring appliance that audits and
monitors the status of servers, equipment, and Raritan devices that CC-SG manages.
•Device Group—a defined group of devices that are accessible to a user. Device groups are
used when creating a policy to control access to the devices in the group.
•Devices—are Raritan products such as Dominion KX116, Dominion SX48, Dominion
KSX440, IP-Reach, Paragon II System Controller, Paragon II UMT832 with USTIP, etc. that
2 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE
are managed by CC-SG. These devices control the target servers and systems that are
connected to them.
•Director Client—A Java-based client for CC-SG useable by both normal access users and
administrators. It is the only client that permits administration.
•Elements—are the values of a category. For example, the “New York City” element belongs
to the “Location” category. Or, the “Windows” element belongs to the “OS Type” category.
•Ghosted Ports—a ghosted port can occur when managing Paragon devices and when a CIM
or target server is removed from the system or powered off (manually or accidentally). Refer
to Raritan’s Paragon II User Manual for additional information.
•Hostname—A hostname can be used if DNS server support is enabled. Please refer to
Network Configuration in Chapter 12: Advanced Administration for additional
information. The hostname and its Fully-Qualified Domain Name (FQDN = Hostname +
Suffix) cannot exceed 257 characters. It can consist of any number of components, as long as
they are separated by “.”. Each component has a maximum size of 63 characters and the first
character must be alphabetic. The remaining characters can be alphabetic, numeric, or “-
“ (hyphen or minus). The last character of a component may not be “-”. While the system
preserves the case of the characters entered into the system, the FQDN is case-insensitive
when used.
•iLO/RILOE—Hewlett Packard’s Integrated Lights Out/Remote Insight Lights Out servers
that can be managed by CC-SG. Targets of an iLO/RILOE device are powered on/off and
recycled directly. iLO/RILOE devices cannot be discovered by CC-SG; they have to be
manually added as nodes.
•In-band Access—going through the TCP/IP network to correct or troubleshoot a target in
your network. KVM and Serial devices can be accessed via these in-band applications:
RemoteDesktop Viewer, SSH Client, RSA Client, VNC Viewer.
•IPMI Servers (Intelligent Platform Management Interface)—servers that can be controlled
by CC-SG. IPMI are discovered automatically but can be added manually as well.
•Out-of-Band Access—using applications such as Raritan Remote Console (RRC), Raritan
Console (RC), or Multi-Platform Client (MPC) to correct or troubleshoot a KVM or serial
managed node in your network.
•Policies—define the permissions, type of access, and to which nodes and devices a user
group can access. Policies are applied to a user group and have several control parameters to
determine the level of control, such as date and time of access.
•Nodes—are the target systems, such as servers, desktop PCs, or other networked equipment,
that CC-SG users can access.
•Interfaces—Interfaces are ways a Node can be accessed, whether through an out-of-band
solution such as a Dominion KX101 connection, or through an in-band solution such as a
VNC server.
•Node Groups—a defined group of nodes that are accessible to a user. Node groups are used
when creating a policy to control access to the nodes in the group.
•Ports—are connection points between a Raritan Device and a Node. Ports only exist on
Raritan devices and identify a pathway from that device to a node.
•SASL—(Simple Authentication and Security Layer). A method for adding authentication
support to connection-based protocols.
•SSH—Clients, such as Putty or OpenSSH, that provide a command line interface to CC-SG.
Only a subset of CC-SG commands is provided via SSH to administer devices and CC-SG
itself. Please refer to Chapter 12: Advanced Administration for additional information.
•User Groups—sets of users that share the same level of access and privileges. For example,
the default user group System Administrators has full access to all configuration tasks and
target nodes.
CHAPTER 2: ACCESSING CC-SG 3
Chapter 2: Accessing CC-SG
Once you have configured CC-SG with an IP address, the CC-SG unit can be placed at its final
destination. Make all necessary hardware connections to make the unit operational.
You can access CC-SG in several ways, each described in this chapter:
•Browser: CC-SG supports numerous web browsers. (For a complete list of supported
browsers and platforms, please refer to the Compatibility Matrix on
http://www.raritan.com/support. On the Support page, click Firmware Upgrades, and
then click CommandCenter Secure Gateway.)
•Thick Client: You can install a Java Web Start thick client on your client computer. The
thick client functions exactly like the browser-based client.
•SSH: Remote devices connected via the serial port can be accessed using SSH. Please refer to
Chapter 12: Advanced Administration for additional information.
•Diagnostic Console: Provides emergency repair and diagnostics only and is not a
replacement for the browser-based GUI to configure and operate CC-SG. Please refer to
Chapter 12: Advanced Administration for additional information.
Note: Users can be connected simultaneously, using the browser, thick client, and SSH while
accessing CC-SG.
Browser-Based Access
1. Using a supported Internet browser, type this URL: https://<IP_address>/admin where
<IP_address> is the IP address of the CC-SG. For example, https://10.20.3.30/admin.
2. When the security alert window appears, click Yes to continue.
3. You will be warned if you are using an unsupported Java Runtime Environment version on
your machine. From the window that pops up, select whether you will download the correct
JRE version from the CC-SG server (if available), download it from the Sun Microsystems
website, or continue with the incorrect version, and then click OK. The Login window
appears.
Figure 1 Login Window
4. If the Restricted Service Agreement is enabled, read the agreement text, and then check the I
Understand and Accept the Restricted Service Agreement checkbox.
5. Type your Username and Password, and then click Log In.
4 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE
Thick Client Access
The CC-SG thick client allows you to connect to CC-SG by launching a Java Web Start
application instead of running an applet through a web browser. The advantage of using the thick
client instead of a browser is that the client can outperform the browser in terms of speed and
efficiency.
Install the Thick Client
1. To download the thick client from CC-SG, launch a web browser and type this URL:
http(s)://<IP_address>/install where <IP_address> is the IP address of the CC-SG.
2. If a security warning message appears, click Start to continue the download.
3. If your client computer is running Java version 1.4, a Desktop Integration window appears.
If you want Java to add a shortcut icon for the thick client to your desktop, click Yes.
4. When the download is complete, a new window in which you can specify the CC-SG IP
address appears.
Figure 2 Thick Client IP Address Specification Window
5. Type the IP address of the CC-SG unit you want to access in the IP to Connect field. Once
you have connected, this address will be available from the IP to Connect drop-down list.
The IP addresses are stored in a properties file that is saved to your desktop.
6. If the CC-SG is configured for secure browser connections, you must check the Secure
Socket Layer (SSL) checkbox. If the CC-SG is not configured for secure browser
connections, you must clear the Secure Socket Layer (SSL) checkbox. This setting must be
correct or the thick client will not be able to connect to CC-SG.
•To check the setting in CC-SG: On the Administration menu, click Security. In the
General tab, look at the Browser Connection Protocol field. If the HTTPS/SSL option
is selected, then you must check the Secure Socket Layer SSL checkbox in the thick
client’s IP address specification window. If the HTTP option is selected, then you must
clear the Secure Socket Layer SSL checkbox in the thick client’s IP address
specification window.
7. Click Start.
•A warning message appears if you are using an unsupported Java Runtime Environment
version on your machine. Follow the prompts to either download a supported Java
version, or continue with the currently installed version.
8. The login screen appears, and the thick client looks and behaves just like the browser-based
Java client. If the Restricted Service Agreement is enabled, read the agreement text, and then
check the I Understand and Accept the Restricted Service Agreement checkbox.
CHAPTER 2: ACCESSING CC-SG 5
9. Type your Username and Password in the corresponding fields, and then click Login to
continue.
Use the Thick Client
Once the thick client is installed, there are 2 different ways to access it on your client computer.
These are determined by the Java version you are using.
•Java 1.4.x
If your client computer is running Java version 1.4.x and you clicked Yes in the Desktop
Integration window when you installed the thick client, you can double-click the shortcut icon
on your desktop to launch the thick client and access CC-SG. If you do not have a shortcut icon,
you can create one at any time: search your client computer for AMcc.jnlp, and create a shortcut
to that file.
•Java 1.5
If your client computer is running Java version 1.5, you can:
a. Launch the thick client from the Java Control Panel’s Java Application Cache Viewer.
b. Use the Java Control Panel’s Java Application Cache Viewer to install a shortcut icon on
your desktop for the thick client.
6 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE
CC-SG Window Components
Upon valid login, the CC-SG application window appears.
Figure 3 CC-SG Window Components
1. Nodes tab: Click the Nodes tab to display all known target nodes in a tree view. Click a node
to view the Node Profile. Interfaces are grouped under their parent nodes. Click the + and -
signs to expand or collapse the tree. Right-click an interface and select Connect to connect to
that interface. You can sort the nodes by Node Name (alphabetical) or Node Status (Available,
Busy, Unavailable). Right-click the tree view, select Node Sorting Options, and then select
By Node Name or By Node Status.
2. Users tab: Click the Users tab to display all registered Users and Groups in a tree view.
Click the + and - signs to expand or collapse the tree.
3. Devices tab: Click the Devices tab to display all known Raritan devices in a tree view.
Different device types have different icons. Ports are grouped under their parent devices.
Click the + and - signs to expand or collapse the tree. Click a port to view the Port Profile.
Right-click a port and select Connect to connect to that port. You can sort the ports by Port
Name (alphabetical) or Port Status (Available, Busy, Unavailable). Right-click the tree view,
select Port Sorting Options, and then select By Node Name or By Node Status.
4. Quick Commands toolbar: This toolbar offers some shortcut buttons for executing common
commands.
5. Operation and Configuration menu bar: These menus contain commands to operate and
configure CC-SG. You can also access some of these commands by right-clicking on the
icons in the Nodes, Users, and Devices Selection tabs. The menus and menu items you see
are determined by your user access privileges.
6. Server time: The current time and time zone as configured on CC-SG in Configuration
Manager. This time is used when scheduling tasks in Task Manager. Please refer to Task
Management in Chapter 12: Advanced Administration for additional information. This
time may be different than the time used by the client.
45
1
2
3
6
Other manuals for CC-SG
1
This manual suits for next models
1
Table of contents
Other Raritan Gateway manuals
Raritan
Raritan CommandCenter Secure Gateway CC-SG V1 User manual
Raritan
Raritan CC-SG User manual
Raritan
Raritan E1 series User manual
Raritan
Raritan commandcenter secure e1 User manual
Raritan
Raritan CommandCenter CC-SG User manual
Raritan
Raritan CCA-0N-V5.1-E Instruction Manual
Raritan
Raritan Laptop How to use
Raritan
Raritan V1 User manual
Raritan
Raritan Command Center CC-SG Service manual
