Raritan COMMANDCENTER 2.20 - Spezifikationen

CommandCenter ® Secure Gateway CC-SG Administrator Guide Release 3.1.1 Copyright © 2007 Raritan, Inc. CCA-0E-E April 2007 255-80-5140-00

vi CONTENTS Adding and Deleting Applications ...162

82 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE For IPMI Power Control connections: Figure 70 Configuring an IPMI Power Control Interface 1.

CHAPTER 7: CONFIGURING NODES AND NODE GROUPS 83 Bulk Copy for Node Categories and Elements The Bulk Copy command allows you to copy the assigned ca

84 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Figure 72 Editing an Interface 5. You cannot change the type of the existing interface. You c

CHAPTER 7: CONFIGURING NODES AND NODE GROUPS 85 Figure 73 Edit Node Screen 2. If you want, type a new name for the node in the Node Name field. A

86 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 2. Right-click the node you want to delete and select Delete Node. The Delete Node screen appe

CHAPTER 7: CONFIGURING NODES AND NODE GROUPS 87 Chat Chat provides a way for users connected to the same node to communicate with each other. You m

88 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE This page intentionally left blank.

CHAPTER 8: ADDING AND MANAGING USERS AND USER GROUPS 89 Chapter 8: Adding and Managing Users and User Groups Users make up the individual users and

90 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Special User Groups CC-SG is configured with three user groups by default: CC-Super User, Syst

CHAPTER 8: ADDING AND MANAGING USERS AND USER GROUPS 91 Add User Groups Creating user groups first will help you organize users when they are added

CONTENTS vii Configuring Browser Connection Protocol: HTTP or HTTPS/SSL...188 Setting the Port Numbe

92 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 7. Click the Device/Node Policies tab. A table of policies appears. Figure 78 The Policies Ta

CHAPTER 8: ADDING AND MANAGING USERS AND USER GROUPS 93 Edit A User Group Edit a User Group to change the existing privileges and policies for that

94 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Delete User Group Deleting a User Group removes that group from CC-SG. Users in the deleted gro

CHAPTER 8: ADDING AND MANAGING USERS AND USER GROUPS 95 6. Check Remote Authentication only if you want the user to be authenticated by an externa

96 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 4. Uncheck Login enabled if you want to prevent this user from logging in to CC-SG. Check Logi

CHAPTER 8: ADDING AND MANAGING USERS AND USER GROUPS 97 Assign Users To Group Use this command to assign an existing users to a group they currentl

98 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 4. On the Users menu, click User Manager, then Delete User From Group. The Delete User appears

CHAPTER 8: ADDING AND MANAGING USERS AND USER GROUPS 99 a. Type your current password in the Old Password field. b. Type your new password in the

100 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Bulk Copy for Users To save time, Bulk Copy can be used to clone one user’s privileges and pol

CHAPTER 9: POLICIES 101 Chapter 9: Policies and Node Groups Controlling Access Using Policies Configuring policies to provide user access to nodes

viii CONTENTS Diagnostic Console Passwords (Admin)...226 Displaying

102 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Node Groups Node groups are used to organize nodes into a set. This group will then become the

CHAPTER 9: POLICIES 103 3. If viewing a group based on attributes, click View Nodes to display a list of nodes currently in the Node Group. A Nod

104 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Select Nodes Figure 90 Adding Nodes Using Select Nodes 1. Click the Select Nodes tab. 2. Cl

CHAPTER 9: POLICIES 105 Describe Nodes Figure 91 Describing a Node Group With Multiple Rules 1. Click the Select Nodes tab. 2. Click Add New R

106 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 4. If you want to add another rule, click Add New Row again, and make the necessary configura

CHAPTER 9: POLICIES 107 Edit Node Group Edit a node group to change the membership or description of the group. To edit a node group: 1. On the A

108 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Device Groups Device groups operate in a similar fashion to Node Groups, except that Device Gr

CHAPTER 9: POLICIES 109 3. Type a name for the new policy in the Enter policy name field. 4. Click OK. The new policy will be added to the Poli

110 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 4. Click the Device Group drop-down arrow, and select the Device Group this policy governs ac

CHAPTER 9: POLICIES 111 Virtual Media provides the ability to perform most tasks remotely including: transferring files, running diagnostics, inst

FIGURES ix Figures Figure 1 Login Window ...

112 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE This page intentionally left blank.

CHAPTER 10: CONFIGURING REMOTE AUTHENTICATION 113 Chapter 10: Configuring Remote Authentication Authentication and Authorization (AA) Users of CC-

114 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Distinguished Names for LDAP and AD Configuration of remotely authenticated users on LDAP or A

CHAPTER 10: CONFIGURING REMOTE AUTHENTICATION 115 Establish Order of External AA Servers In the General tab, you can set the order in which CC-SG

116 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Figure 95 Add Module 3. Click the Module Type drop-down menu and select AD from the list. 4.

CHAPTER 10: CONFIGURING REMOTE AUTHENTICATION 117 Figure 96 AD General Settings 1. Type the AD domain you want to query in the Domain field. For

118 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Note: The user specified must have permission to execute search queries in the AD domain. For

CHAPTER 10: CONFIGURING REMOTE AUTHENTICATION 119 structure. cn=Administrators,cn=Users,dc=raritan,dc=comThe search query for the user entry will b

120 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Figure 98 AD Group Settings 2. Specify a Base DN (directory level/entry) under which the gro

CHAPTER 10: CONFIGURING REMOTE AUTHENTICATION 121 Figure 99 AD Trust Settings

x FIGURES Figure 51 Devices Tree Regular View Screen...

122 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 2. For each domain in the Trust Partner column, click the Trust Direction drop-down menu, and

CHAPTER 10: CONFIGURING REMOTE AUTHENTICATION 123 3. Click Import Groups… to retrieve a list of user group values stored on the AD server. If any

124 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Synchronize AD User Groups When you synchronize AD user groups, CC-SG retrieves the groups for

CHAPTER 10: CONFIGURING REMOTE AUTHENTICATION 125 Figure 102 Synchronization of All AD Modules 7. A confirmation message will appear when all AD m

126 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 7. Repeat these steps to reconfigure all AD modules. 8. Once you have reconfigured all AD mo

CHAPTER 10: CONFIGURING REMOTE AUTHENTICATION 127 LDAP General Settings 1. Click the General tab. Figure 105 LDAP General Settings 2. Type the I

128 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 10. Click Test Connection to test the LDAP server using the given parameters. You should rece

CHAPTER 10: CONFIGURING REMOTE AUTHENTICATION 129 9. The new LDAP module appears in the Security Manager screen, under External AA Servers. Check

130 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Add a TACACS+ Module CC-SG users who are remotely authenticated by a TACACS+ server need to be

CHAPTER 10: CONFIGURING REMOTE AUTHENTICATION 131 TACACS+ General Settings 1. Type the IP address or hostname of the TACACS+ server in the IP Add

FIGURES xi Figure 104 Add LDAP Module...

132 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Add a RADIUS Module CC-SG users who are remotely authenticated by a RADIUS server need to be c

CHAPTER 10: CONFIGURING REMOTE AUTHENTICATION 133 RADIUS General Settings 1. Click the General tab. Figure 110 Specifying a RADIUS Server 2. Ty

134 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE This page intentionally left blank.

CHAPTER 11: GENERATING REPORTS 135 Chapter 11: Generating Reports Reports can be sorted by clicking on the column headers. Click a column header to

136 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 4. Click OK to run the report. The report is generated, displaying data about activities tha

CHAPTER 11: GENERATING REPORTS 137 • If you want to limit the report to a particular IP address’s activities, type the user’s IP address in the Us

138 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 3. You can limit the data that the report will contain by entering additional parameters in t

CHAPTER 11: GENERATING REPORTS 139 Availability Report The Availability Report displays the status of all connections, showing devices by name and

140 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Active Users Report The Active Users report displays current users and user sessions. You can

CHAPTER 11: GENERATING REPORTS 141 Locked Out Users Report The Locked Out Users report displays users who are currently locked out of CC-SG because

xii FIGURES Figure 157 Extra Initialization Commands ...

142 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE User Data Report The User Data report displays certain data on all users in the CC-SG database

CHAPTER 11: GENERATING REPORTS 143 Users in Groups Report The Users In Group report displays data on users and the groups with which they are assoc

144 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Group Data Report The Group Data report displays user group, node group, and device group info

CHAPTER 11: GENERATING REPORTS 145 4. Click Apply. The AD User Group report is generated. Figure 123 AD User Group Report • Click Manage Report

146 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE records. Click Print to print the records that are displayed in the current report page or Pri

CHAPTER 11: GENERATING REPORTS 147 3. Click Apply to generate the report. The Node Asset Report generates. Figure 126 Node Asset Report • Click

148 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Click Print to print the records that are displayed in the current report page or Print All to

CHAPTER 11: GENERATING REPORTS 149 Query Port Report The Query Port Report displays all ports according to port status. 1. On the Reports menu, c

150 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 4. Click Apply to generate the report. Figure 131 Query Port Report • Click the arrow icon

CHAPTER 11: GENERATING REPORTS 151 • To disconnect a port from a current session, select the port you want to disconnect, and then click Disconnec

FIGURES xiii Figure 211 NTP not configured in CC-SG GUI ...

152 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 2. Select a Last Discovered Date, and then click Get Targets. The targets that were discovere

CHAPTER 12: SYSTEM MAINTENANCE 153 Chapter 12: System Maintenance About Maintenance Mode Maintenance mode restricts access to CC-SG so that an admi

154 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Backup CC-SG Best practice is to enter Maintenance Mode before backing up CC-SG. 1. On the S

CHAPTER 12: SYSTEM MAINTENANCE 155 c. If you are not using the default port for the selected protocol (FTP: 21, SFTP: 22) type the communications

156 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE • Custom – Allows you to specify which components of the backup to restore to CC-SG by checki

CHAPTER 12: SYSTEM MAINTENANCE 157 To Delete a backup 1. From the Available Backups table, select the backup you want to delete. 2. Click Delete

158 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 2. Type your password in the Password field. 3. Accept the default message or type a warning

CHAPTER 12: SYSTEM MAINTENANCE 159 Shut Down CC-SG These are the recommended methods for Administrators to shut down CC-SG. Shutting down CC-SG shu

160 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE This page intentionally left blank.

CHAPTER 13: ADVANCED ADMINISTRATION 161 Chapter 13: Advanced Administration Guided Setup Guided Setup steps an administrator through some of the mo

xiv COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE This page intentionally left blank.

162 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Application Manager The Application Manager provides an interface for administrators to add ac

CHAPTER 13: ADVANCED ADMINISTRATION 163 5. Click OK when the necessary devices have been selected to work with the application. An Open dialog win

164 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Firmware Manager CC-SG stores firmware for Raritan devices in order to update the devices unde

CHAPTER 13: ADVANCED ADMINISTRATION 165 Delete Firmware 1. On the Administration menu, click Firmware. 2. Click the Firmware Name drop-down arrow

166 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE What is Primary/Backup mode? Primary/Backup mode allows you to use two CC-SG LAN ports to impl

CHAPTER 13: ADVANCED ADMINISTRATION 167 To configure Primary/Backup mode in CC-SG 1. On the Administration menu, click Configuration. 2. Click th

168 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE What is Active/Active mode? Active/Active mode allows you to use CC-SG to manage devices and n

CHAPTER 13: ADVANCED ADMINISTRATION 169 Figure 151 Network Setup Panel—Active/Active 3. Select Active/Active mode. 4. Type the CC-SG hostname in

170 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Log Configuration From the Logs tab you can configure CC-SG to report to external logging serv

CHAPTER 13: ADVANCED ADMINISTRATION 171 Purging CC-SG’s Internal Log: The Logs tab can also be used to clear CC-SG’s log of events. This command on

CHAPTER 1: INTRODUCTION 1 Chapter 1: Introduction Congratulations on your purchase of CommandCenter Secure Gateway (CC-SG), Raritan’s convenient a

172 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Time/Date Configuration CC-SG’s Time and Date must be accurately maintained to provide credibi

CHAPTER 13: ADVANCED ADMINISTRATION 173 Note: Changing the time zone is disabled in a cluster configuration. Modem Configuration Use this screen to

174 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 2. Click the Modems tab. Figure 156 Modems Tab 3. Click Properties. 4. Click the Advanced

CHAPTER 13: ADVANCED ADMINISTRATION 175 3. Under Network Tasks in the Network Connections window, click Create a new connection. Figure 158 Cre

176 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Configure the Call-back Connection If the CC-SG uses a call-back connection, you need to use a

CHAPTER 13: ADVANCED ADMINISTRATION 177 Connect to CC-SG with Modem To connect to CC-SG: 1. On the start menu, click My Network Places. 2. Click

178 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 7. If Show terminal window was checked as described in section Configure the Call-back Conne

CHAPTER 13: ADVANCED ADMINISTRATION 179 Connection Modes: Direct and Proxy About Connection Modes CC-SG offers three connection modes: Direct, Prox

180 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE To Configure a Combination of Direct Mode and Proxy Mode When you configure CC-SG to use a com

CHAPTER 13: ADVANCED ADMINISTRATION 181 Device Settings 1. On the Administration menu, click Configuration. 2. Click the Device Settings tab. F

This page intentionally left blank.

2 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE etc. that are managed by CC-SG. These devices control the target servers and systems that are co

182 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Figure 168 Configuration Settings Device Settings Screen 3. To identify the SNMP agent runni

CHAPTER 13: ADVANCED ADMINISTRATION 183 and active connections, and all status data is replicated between the two nodes. The primary and secondary

184 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 2. Click Discover CommandCenters to scan and display all CC-SG appliances on the same subset

CHAPTER 13: ADVANCED ADMINISTRATION 185 Set Secondary CC-SG Node 1. Click Discover CommandCenters to scan and display all CC-SG appliances on the

186 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Note: Clicking Remove Cluster does not delete the Primary CC-SG unit from your configuration;

CHAPTER 13: ADVANCED ADMINISTRATION 187 Configure Security The Security Manager is used to manage how CC-SG provides access to users. Within Secur

188 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Configuring Browser Connection Protocol: HTTP or HTTPS/SSL In Security Manager, you can config

CHAPTER 13: ADVANCED ADMINISTRATION 189 Strong Password Settings Strong password rules require users to observe strict guidelines when creating pas

190 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Lockout Settings Administrators can lock out CC-SG, CC-NOC users, and SSH users after a specif

CHAPTER 13: ADVANCED ADMINISTRATION 191 Portal Portal settings allow administrators to configure a logo and an access agreement to greet users when

CHAPTER 2: ACCESSING CC-SG 3 Chapter 2: Accessing CC-SG Once you have configured CC-SG with an IP address, the CC-SG unit can be placed at its fin

192 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE a. Click Browse. A dialog window appears. b. In the dialog window, select the text file with

CHAPTER 13: ADVANCED ADMINISTRATION 193 2. Click the Certificate tab. Figure 176 Security Manager Certificate Screen Export Current Certificate

194 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 2. Type the requested data for the CSR into the fields. Figure 177 Generate Certificate Sig

CHAPTER 13: ADVANCED ADMINISTRATION 195 9. Copy and paste the signed certificate into the Certificate Request field. Paste the Private Key that wa

196 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 2. Click the IP-ACL tab. Figure 180 Security Manager IP-ACL Screen 3. To change the order

CHAPTER 13: ADVANCED ADMINISTRATION 197 Notification Manager Use Notification Manager to configure an external SMTP server so notifications can be

198 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Task Manager Use Task Manager to schedule CC-SG tasks on a daily, weekly, monthly, or yearly b

CHAPTER 13: ADVANCED ADMINISTRATION 199 Schedule a New Task To schedule a new task: 1. On the Administration menu, click Tasks. The Task Manager s

200 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE • Periodic: Use the up and down arrows to select the Start time at which the task should begi

CHAPTER 13: ADVANCED ADMINISTRATION 201 • To view the history of a task, select the task, and then click Task History. • To view details of a ta

4 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Thick Client Access The CC-SG thick client allows you to connect to CC-SG by launching a Java We

202 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 3. Select a software version of CC-NOC you want to add, and then click Next. Version 5.1 has

CHAPTER 13: ADVANCED ADMINISTRATION 203 To stop CC-NOC from monitoring a device, it can be unmanaged. Please refer to the CommandCenter NOC Adminis

204 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Delete a CC-NOC To remove and unregister a CC-NOC in CC-SG, do the following. 1. On the Acce

CHAPTER 13: ADVANCED ADMINISTRATION 205 SSH Access to CC-SG Use Secure Shell (SSH) clients, such as Putty or OpenSHH Client, to access a command li

206 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE SSH Commands The following table describes all commands available in SSH. You must be assigned

CHAPTER 13: ADVANCED ADMINISTRATION 207 more [-p <page_size>] Make paging pingdevice <[-id <device_id>] | [host]> Ping devi

208 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Create an SSH Connection to an SX Device You can create an SSH connection to an SX device to p

CHAPTER 13: ADVANCED ADMINISTRATION 209 Use SSH to Connect to a Node via a Serial Out of Band Interface You can use SSH to connect to a node throu

210 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Diagnostic Console The Diagnostic Console is a standard, non-graphical interface that provides

CHAPTER 13: ADVANCED ADMINISTRATION 211 Accessing Status Console A password is not required to access the Status Console, but password usage can be

CHAPTER 2: ACCESSING CC-SG 5 9. Type your Username and Password in the corresponding fields, and then click Login to continue. Use the Thick C

212 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Accessing Administrator Console Note: All information displayed in the Administrator Console i

CHAPTER 13: ADVANCED ADMINISTRATION 213 Editing Diagnostic Console Configuration The Diagnostic Console can be accessed via the serial port (COM1)

214 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 2. If the network interfaces have already been configured, you will see a Warning message sta

CHAPTER 13: ADVANCED ADMINISTRATION 215 Ping an IP Address (Network Interfaces) Use ping to check that the connection between CC-SG computer and a

216 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 3. (Optional) Select: OPTION DESCRIPTION Verbose Verbose output, which lists received ICMP

CHAPTER 13: ADVANCED ADMINISTRATION 217 Viewing Log Files (Admin) You can view one or more log files simultaneously via LogViewer, which allows bro

218 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE The “Sort Logfile list by:” window is a set of radio-button (e.g., mutually exclusive) and con

CHAPTER 13: ADVANCED ADMINISTRATION 219 5. If desired, you can change colors in a log file to highlight what is important. Type c to change colors

220 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 8. Type a to add a regular expression. For example, if you want to display information on the

CHAPTER 13: ADVANCED ADMINISTRATION 221 Restarting CC-SG (Admin) You can restart CC-SG, which will log off all current CC-SG users and terminate th

6 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE CC-SG Window Components Upon valid login, the CC-SG application window appears. Figure 3 CC-SG

222 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Rebooting CC-SG (Admin) This option will reboot the entire CC-SG, which simulates a power cycl

CHAPTER 13: ADVANCED ADMINISTRATION 223 Powering Off the CC-SG System (Admin) This option will power down the entire CC-SG. Users will not receive

224 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE To reset the CC-SG GUI admin password: 1. Click Operation, Admin, and then click CC-SG ADMIN

CHAPTER 13: ADVANCED ADMINISTRATION 225 OPTION DESCRIPTION Full CC-SG Database Reset Selecting this option completes removes the existing CC-SG Da

226 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Diagnostic Console Passwords (Admin) This option provides the ability to configure the strengt

CHAPTER 13: ADVANCED ADMINISTRATION 227 3. Select either Regular, Random, or Strong for the admin and status (if enabled) passwords. PASSWORD SET

228 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE This screen is split into three main areas: • The top displays read-only information about t

CHAPTER 13: ADVANCED ADMINISTRATION 229 2. Either click Refresh or press Enter to refresh the display. Refreshing the display is especially useful

230 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 3. Type h to bring up an extensive help screen for the top command. The standard F1 help key

CHAPTER 13: ADVANCED ADMINISTRATION 231 Serial Admin Port The serial admin port on CC-SG can be connected directly to a Raritan serial device, such

CHAPTER 2: ACCESSING CC-SG 7 Initial Configurations Upon first login, you should confirm the IP address, set the CC-SG server time, and check the

232 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE This page intentionally left blank.

APPENDIX A: SPECIFICATIONS 233 Appendix A: Specifications (G1, V1, and E1) G1 Platform General Specifications Form Factor 1U Dimensions (DxWxH)

234 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE V1 Platform General Specifications Form Factor 1U Dimensions (DxWxH) 24.21”x 19.09” x 1.75” 6

APPENDIX A: SPECIFICATIONS 235 E1 Platform General Specifications Form Factor 2U Dimensions (DxWxH) 27.05”x 18.7” x 3.46”—687 mm x 475 mm x 88 m

236 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Shock 30 g for 11 ms with a ½ sine wave for each of the perpendicular axes X, Y, and Z

APPENDIX B: CC-SG AND NETWORK CONFIGURATION 237 Appendix B: CC-SG and Network Configuration Introduction This appendix discloses network requireme

238 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Figure 215 CC-SG Deployment Elements Internet (Unsecured Network)CC-SG Cluster Peer CC Clien

APPENDIX B: CC-SG AND NETWORK CONFIGURATION 239 CC-SG Communication Channels The communication channels are partitioned as follows: • CC-SG ↔ Rar

240 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Each CC-SG in the cluster may be on a separate LAN. However, the inter-connection between the

APPENDIX B: CC-SG AND NETWORK CONFIGURATION 241 PC Clients to Nodes Another significant role of CC-SG is to connect PC clients to various nodes. T

8 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Set the CC-SG Server Time 1. Log onto CC-SG. 2. On the Administration menu, click Configuratio

242 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE CC-SG & CC-NOC CC-NOC can optional appliance that can be deployed in conjunction with CC-S

APPENDIX B: CC-SG AND NETWORK CONFIGURATION 243 Security and Open Port Scans As part of the CC-SG Quality Assurance process, several open port sca

244 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE This page intentionally left blank.

APPENDIX C: USER GROUP PRIVILEGES 245 Appendix C: User Group Privileges MENU > SUB-MENU MENU ITEM REQUIRED PRIVILEGE DESCRIPTION Secure Gateway

246 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE MENU > SUB-MENU MENU ITEM REQUIRED PRIVILEGE DESCRIPTION > Bulk Copy Device, Port an

APPENDIX C: USER GROUP PRIVILEGES 247 MENU > SUB-MENU MENU ITEM REQUIRED PRIVILEGE DESCRIPTION Upgrade Management > Launch User Station Ad

248 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE MENU > SUB-MENU MENU ITEM REQUIRED PRIVILEGE DESCRIPTION Options Node Management or Device

APPENDIX C: USER GROUP PRIVILEGES 249 MENU > SUB-MENU MENU ITEM REQUIRED PRIVILEGE DESCRIPTION > By Node Status Any of the following: Dev

250 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE MENU > SUB-MENU MENU ITEM REQUIRED PRIVILEGE DESCRIPTION Access or Node Out-of-Band Access

APPENDIX C: USER GROUP PRIVILEGES 251 MENU > SUB-MENU MENU ITEM REQUIRED PRIVILEGE DESCRIPTION > Devices Asset Management Device, Port an

CHAPTER 2: ACCESSING CC-SG 9 Check and Upgrade CC-SG Firmware Version 1. Login to CC-SG. 2. On the Help menu, click About Raritan Secure Gateway

252 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE MENU > SUB-MENU MENU ITEM REQUIRED PRIVILEGE DESCRIPTION Notifications CC Setup and Con

APPENDIX D: SNMP TRAPS 253 Appendix D: SNMP Traps CC-SG provides the following traps: SNMP TRAP DESCRIPTION ccUnavailable CC-SG application is u

254 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE ccUserGroupModified CC-SG user group has been modified ccSuperuserNameChanged CC-SG Superuse

APPENDIX E: TROUBLESHOOTING 255 Appendix E: Troubleshooting • To launch CC-SG from your web browser, it requires a Java plug-in. If your machine

256 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE This page intentionally left blank.

APPENDIX F: TWO-FACTOR AUTHENTICATION 257 Appendix F: Two-Factor Authentication As part of CC-SG RADIUS based remote authentication, CC-SG can be c

258 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE This page intentionally left blank.

APPENDIX G: FAQS 259 Appendix G: FAQs QUESTION ANSWER General What is CC-SG? CC-SG is a network management device for aggregating and integrati

260 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE QUESTION ANSWER sure that they are not checked. What do I do if I am unable to add a console

APPENDIX G: FAQS 261 QUESTION ANSWER access to a specific user? have the ability to assign specific nodes per user. If we had more than 1,000 u

10 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Check and Upgrade Application Versions Check and upgrade the CC-SG applications, such as Rarita

262 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Accounting The event times in the Audit Trail report seem incorrect. Why? Log event times are

APPENDIX G: FAQS 263 Interoperability How does CC-SG integrate with Blade Chassis products? CC-SG can support any device with a KVM or serial int

264 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE This page intentionally left blank.

APPENDIX H: KEYBOARD SHORTCUTS 265 Appendix H: Keyboard Shortcuts The following keyboard shortcuts can be used in the Director Client. OPERATION K

North American Headquarters Raritan 400 Cottontail Lane Somerset, NJ 08873 U.S.A. Tel. (732) 764-8886 or (800) 724-8090 Fax (732) 764-8887 Email:

CHAPTER 2: ACCESSING CC-SG 11 Important: Do not hold the POWER button to forcibly power down CC-SG. The recommended way to power down CC-SG is to

Copyright and Trademark Information This document contains proprietary information that is protected by copyright. All rights reserved. No part of

12 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE This page intentionally left blank.

CHAPTER 3: CONFIGURING CC-SG WITH GUIDED SETUP 13 Chapter 3: Configuring CC-SG with Guided Setup Prepare to Configure CC-SG with Guided Setup Bef

14 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE • Create Groups—Categorize the devices and nodes that CC-SG manages into groups and create ful

CHAPTER 3: CONFIGURING CC-SG WITH GUIDED SETUP 15 • To delete an element, select its row, and then click the Delete Row icon to delete the selec

16 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 5. Check Broadcast discovery if searching for devices on the same subnet on which CC-SG resid

CHAPTER 3: CONFIGURING CC-SG WITH GUIDED SETUP 17 9. In the table of discovered devices, select the device you want to add to CC-SG, and then clic

18 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 20. If you want the Element to apply to the device and to the nodes connected to the device, ch

CHAPTER 3: CONFIGURING CC-SG WITH GUIDED SETUP 19 Select Devices a. Click the Select Devices tab in the Add Devices Groups panel. Figure 14 Guide

20 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE g. In the Group name field, type a name for a node group you want to create. h. There are two

CHAPTER 3: CONFIGURING CC-SG WITH GUIDED SETUP 21 Select Nodes a. Click the Select Nodes tab in the Add Nodes Groups panel. Figure 15 Guided Setu

Safety Guidelines To avoid potentially fatal shock hazard and possible damage to Raritan equipment: • Do not use a 2-wire power cord in any produc

22 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE f. When you have finished adding node groups, click OK. The Group Summary panel displays a lis

CHAPTER 3: CONFIGURING CC-SG WITH GUIDED SETUP 23 5. In the Node Access section, you can specify whether you want the user group to have access to

24 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 7. In the All Policies list, select the Policy that you want to assign to the user group then

CHAPTER 3: CONFIGURING CC-SG WITH GUIDED SETUP 25 20. Click the User Group drop-down arrow and select the user group to which you want to assign th

26 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE This page intentionally left blank.

CHAPTER 4: CREATING ASSOCIATIONS 27 Chapter 4: Creating Associations Associations You can set up Associations to help organize the equipment that

28 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE • Devices—are Raritan products such as Dominion KX, Dominion SX, Dominion KSX, IP-Reach, Parag

CHAPTER 4: CREATING ASSOCIATIONS 29 How to Create Associations There are two ways to create associations, Guided Setup and Association Manager. •

30 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 2. Click Add in the Category panel to add a new category. The Add Category window appears. Fi

CHAPTER 4: CREATING ASSOCIATIONS 31 Delete Category Deleting a category deletes all of the elements created within that category. The deleted categ

CONTENTS i Contents Chapter 1: Introduction ...1

32 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 3. Click Add in the Elements For Category panel to add a new element. The Add Element window a

CHAPTER 4: CREATING ASSOCIATIONS 33 3. Select the element to be deleted from the Element For Category list, and then click Delete in the Elements

34 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE This page intentionally left blank.

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 35 Chapter 5: Adding KVM and Serial Devices and Device Groups You must add Raritan KVM and Serial devic

36 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Device and Port Icons For easier identification, KVM, Serial, and Power devices and ports have

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 37 Device Profile Screen When you click a device from the Devices tab, the Device Profile screen appear

38 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Adding a KVM or Serial Device 3. Type a name for the device in the Device name field. Number o

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 39 Discover Devices Discover Devices initiates a search for all devices on your network. The search can

40 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Figure 31 Adding a Discovered Device 8. Type the user name and password (that were created sp

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 41 Figure 32 The Device Profile Screen 2. Type the new device properties in the appropriate fields on

ii CONTENTS Right Click Options in the Device Tab ...35

42 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Delete Device You can delete a device to remove it from CC-SG management. Important: Deleting a

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 43 Configure Ports If the ports of a device were not all automatically added by checking Configure all

44 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 3. Click the Configure button that corresponds to the serial port you want to configure. Fig

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 45 Configure a KVM Port 1. Click the Devices tab and select a KVM device from the Devices tree. 2. O

46 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE the port. This means that you will type the same name in the Port name and Node Name fields. 6

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 47 Delete Ports Delete a port to remove the port entry from a Device. Important: If you delete a port

48 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 6. Click OK to bulk copy. A Device Copied Successfully message confirms that device categorie

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 49 Restore Device Configurations About Restoring Device Configurations The following device types allow

50 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 2. On the Devices menu, click Device Manager, Configuration, and then click Restore. Figure

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 51 6. When the Restart message appears, click Yes to restart the device. A Device Configuration Restor

CONTENTS iii Process for Configuring Power Control in CC-SG...69 Configuring Power

52 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 4. Highlight the devices you want to copy this configuration to in the Available Devices colum

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 53 Restart Device Use the Restart Device function to restart a device. 1. Click the Devices tab and se

54 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Device Power Manager Device Power Manager is used to view the status of a PowerStrip device (in

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 55 Topological View Topological View displays the structural setup of all the connected appliances in y

56 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Disconnect Users Administrators can terminate any user's session with a device. This incl

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 57 Viewing Devices CC-SG offers different options for displaying devices in the Devices tab. Tree View

58 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 2. On the Devices menu, click Change View, then click Create Custom View. Figure 52 Custom V

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 59 4. Type a new custom view name, and then click OK or click Cancel to close the window. The new view

60 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Special Access to Paragon II System Devices Paragon II System Controller (P2-SC) Paragon II Sys

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 61 IP-Reach and UST-IP Administration You can also perform administrative diagnostics on IP-Reach and U

iv CONTENTS Delete User Group ...9

62 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Device Group Manager Use the Device Groups Manager screen to add device groups, edit device gro

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 63 2. Click the New Group icon in the toolbar. The Device Group: New panel displays. Figure 58 Dev

64 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Describe Devices a. Click the Describe Devices tab in the Device Group: New panel. In the Desc

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 65 e. The table of rules only makes available criteria for evaluating nodes. To write a description fo

66 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Edit Device Group 1. On the Associations menu, click Device Groups. The Device Groups Manag

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 67 Delete Device Group 1. On the Associations menu, click Device Groups. The Device Groups Manager w

68 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 4. The Delete Device Group panel appears. Click Delete. Figure 63 Delete Device Group Panel 5

CHAPTER 6: POWER CONTROL 69 Chapter 6: Configuring Power Control In CC-SG, PowerStrips must be connected to one of the following devices: • Domin

70 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Delete a PowerStrip Connected to a KX, KX2, or P2SC Device You cannot delete a PowerStrip conne

CHAPTER 6: POWER CONTROL 71 6. Click the Managing Port drop-down menu, and then select the port on the SX 3.0 or KSX device to which this power s

CONTENTS v LDAP Advanced Settings ...12

72 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE If the SX 3.1 device has already been added to CC-SG, and the PowerStrip is connected to the de

CHAPTER 6: POWER CONTROL 73 2. Click the + next to the PowerStrip to expand all outlets. 3. On the Devices menu, click Port Manager, Delete Port

74 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE This page intentionally left blank.

CHAPTER 7: CONFIGURING NODES AND NODE GROUPS 75 Chapter 7: Configuring Nodes and Interfaces This chapter discusses how to view, configure, and edit

76 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Node unavailable – the node has does not have an interface that is up. Nodes and Interfaces Ov

CHAPTER 7: CONFIGURING NODES AND NODE GROUPS 77 Add Node To add a new node to CC-SG: 1. Click the Nodes tab. 2. On the Nodes menu, click Add Node

78 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE The Add Interface Window appears. 2. Click the Interface Type drop-down menu and select the ty

CHAPTER 7: CONFIGURING NODES AND NODE GROUPS 79 For In-Band connections and DRAC, RSA, and iLO/RILOE power connections: Figure 67 Add Interface—In

80 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE For Out-of-Band KVM, Out-of-Band Serial connections: Figure 68 Configuring an Out-of-Band KVM

CHAPTER 7: CONFIGURING NODES AND NODE GROUPS 81 For Managed Power Strip connections: Figure 69 Configuring a Managed Power Strip Power Control Int