Raritan-engineering Command Center CC-SG Bedienungsanleitung

CommandCenter ® Secure Gateway CC-SG Administrator Guide Release 3.0 Copyright © 2006 Raritan, Inc. CCA-0B-E May 2006 255-80-5140-00

vi FIGURES Figures Figure 1 CC-SG Front View ...

84 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 7. Type a Target Username that the application will use as a Start-up parameter. If a target n

CHAPTER 6: CONFIGURING PORTS AND PORT GROUPS 85 3. Click the Configure button that corresponds to the outlet port line item you wish to configure.

86 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Delete Ports Delete a port to remove the port entry from the Ports tree and Cancel all accessib

CHAPTER 6: CONFIGURING PORTS AND PORT GROUPS 87 Bulk Copy To save time, use the Bulk Copy command to duplicate Port names or associations to other

88 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Edit Port Edit a Serial Port 1. Click on the Ports tab and select a serial port to be edited.

CHAPTER 6: CONFIGURING PORTS AND PORT GROUPS 89 Edit a KVM Port 1. Click on the Ports tab and select a KVM port to be edited. 2. On the Ports men

90 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Edit a Generic Port 1. Click on the Ports tab and select a Generic port to be edited. 2. On t

CHAPTER 6: CONFIGURING PORTS AND PORT GROUPS 91 Port Group Manager Add Port Group 1. On the Associations menu, click Groups Manager and then cli

92 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Edit Port Group 1. On the Associations menu, click Groups Manager and then click Port Group M

CHAPTER 7: ADDING USERS AND USER GROUPS 93 Chapter 7: Adding Users and User Groups User Manager commands are listed in the Users menu and allow you

FIGURES vii Figure 52 Add Device Selection Screen ...

94 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 8. Check the Force Change Password on Next Login check box if you want this user to be forced

CHAPTER 7: ADDING USERS AND USER GROUPS 95 5. Check the Force Change Password Periodically check box if you want this user to have to change his o

96 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 2. Type your old password in the Old Password field. 3. Type your new password in the Passwor

CHAPTER 7: ADDING USERS AND USER GROUPS 97 Logoff User(s) Use this command to disconnect any logged-in user from CC-SG. 1. Click on the Users tab

98 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Bulk Copy To save time, use the Bulk Copy command to duplicate user profiles or port assignment

CHAPTER 7: ADDING USERS AND USER GROUPS 99 Add User to Group To manage users with similar privileges, you can assign them to groups. When you add a

100 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Add User Group Use the Add User Group command to create specific groups and assign them differ

CHAPTER 7: ADDING USERS AND USER GROUPS 101 Edit User Group This command allows you to rename group and modify its Features. Important: Please rem

102 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Apply (Edit) User Group Policies Groups can be assigned policies, or permissions, that allow t

CHAPTER 7: ADDING USERS AND USER GROUPS 103 Delete User Group This command allows you to remove a group name from the system. Users from the delet

viii FIGURES Figure 105 Configure Ports Screen for IPMI Server...

104 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 6. Click OK to assign users to the group or Cancel to exit without saving. A Users Assigned S

CHAPTER 7: ADDING USERS AND USER GROUPS 105 Supported Wildcards These wildcards are supported: WILDCARD DESCRIPTION ? Indicates any character. [-]

106 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

CHAPTER 8: CREATING POLICIES 107 Chapter 8: Creating Policies Controlling User Access with Policies Using policies to control user access to ports

108 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE User Groups User groups are used to define a group of users and CC-SG privileges they possess.

CHAPTER 8: CREATING POLICIES 109 Policies Policies define what you can do, what you can do it to, and when you can do it. Policies allow specific

110 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Policy Manager Policy Manager commands allow you to add, edit, delete, and assign policies to

CHAPTER 8: CREATING POLICIES 111 10. Click Update to add the policy. The Update Policy window appears Figure 134 Update Policy Window 11. Click Y

112 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Delete Policy 1. On the Associations menu, click Policy Manager. The Policy Manager screen ap

CHAPTER 9: CONFIGURING REMOTE AUTHENTICATION 113 Chapter 9: Configuring Remote Authentication Authentication and Authorization Users of CC-SG can

FIGURES ix Figure 158 Generate Certificate Signing Request Screen ... 132 Figu

114 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Establish Order of Authentication Databases The General properties allow you to set the order

CHAPTER 9: CONFIGURING REMOTE AUTHENTICATION 115 Base DN You also enter a Distinguished Name (DN) to specify where the search for users begins. Ent

116 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 2. On the Active Directory server, set up your users under the Users organizational unit (ou)

CHAPTER 9: CONFIGURING REMOTE AUTHENTICATION 117 Setup on CC-SG 1. On CC-SG, click Security Manager from the Setup menu. When the Security Manage

118 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE General Settings on CC-SG 1. Type the IP Address/Hostname of the Active Directory server. For

CHAPTER 9: CONFIGURING REMOTE AUTHENTICATION 119 Advanced Settings on CC-SG 1. If you want to configure advanced settings, click on the Advanced t

120 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 5. Specify a Base DN (directory level/entry) under which the authentication search query will

CHAPTER 9: CONFIGURING REMOTE AUTHENTICATION 121 Group Settings on CC-SG Use to retrieve groups from the AD server and import into CC-SG local data

122 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 5. On CC-SG, in the Security Manager screen, click Import Groups… to retrieve a list of user

CHAPTER 9: CONFIGURING REMOTE AUTHENTICATION 123 10. Verify the policy of the group that was imported by clicking the Users tab, right-clicking on

x FIGURES Figure 211 Configuration Settings Device Settings Screen... 174 Figur

124 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE LDAP (Netscape) Once the CC-SG applet is started and a user name and password are entered, a q

CHAPTER 9: CONFIGURING REMOTE AUTHENTICATION 125 2. In Add Module screen, select LDAP from the pulldown menu, specify a name for the server, and c

126 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 11. Click Test Connection to test the LDAP server using the given parameters. You should rece

CHAPTER 9: CONFIGURING REMOTE AUTHENTICATION 127 Sun One LDAP (iPlanet) Configuration Settings If using a Sun One LDAP server for remote authentica

128 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE TACACS+ CC-SG users who are remotely authenticated by a TACACS+ server need to be created on t

CHAPTER 9: CONFIGURING REMOTE AUTHENTICATION 129 2. In the Add Module screen, select TACACS+ from the pulldown menu, specify a name for the server

130 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE RADIUS CC-SG users who are remotely authenticated by a RADIUS server need to be created on the

CHAPTER 9: CONFIGURING REMOTE AUTHENTICATION 131 3. Type the IP address or hostname of the RADIUS server in the IP Address/Hostname field. For hos

132 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Generate Certificate Signing Request The following explains how to generate a CSR and a privat

CHAPTER 9: CONFIGURING REMOTE AUTHENTICATION 133 11. Type raritan in the Password field if the CSR was generated by CC-SG. If a different applicat

FIGURES xi Figure 264 Selecting Network Interface Configuration...209 Fi

134 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE IP-ACL This feature restricts access to CC-SG based on IP addresses. Specify an IP-access cont

CHAPTER 10: GENERATING REPORTS 135 Chapter 10: Generating Reports Reports can be sorted by clicking on the column headers. Click on a column header

136 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 3. Click Manage Report Data… to save or print the report. Click Save to save the report to a

CHAPTER 10: GENERATING REPORTS 137 Asset Management Report The Asset Management report displays data on current devices. 1. On the Reports menu

138 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Audit Trail Report The Audit Trail report displays audit logs and access in CC-SG. It capture

CHAPTER 10: GENERATING REPORTS 139 6. The Audit Trail report is generated, displaying data about sessions that occurred during the designated time

140 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Error Log Report CC-SG stores error messages in a series of Error Log files, which can be brou

CHAPTER 10: GENERATING REPORTS 141 6. The Error Log report is generated, displaying data about sessions that occurred during the designated time p

142 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Ping Report The Ping Report displays the status of all connections, showing devices by name a

CHAPTER 10: GENERATING REPORTS 143 Accessed Devices Report Run the Accessed Devices report to view information about any accessed devices, when

144 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 5. Click OK to run the report. Figure 172 Accessed Devices Report 6. The Accessed Devices

CHAPTER 10: GENERATING REPORTS 145 Group Data Report The Group Data report displays user, port, and device Group information. View user groups by n

146 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE User Data Report The User Data report displays certain data on all users in the CC-SG database

CHAPTER 10: GENERATING REPORTS 147 Users In Groups Report The Users In Group report displays data on users and the groups with which they are assoc

148 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Query Port Report The Query Port Report displays all ports according to port status. 1. On t

CHAPTER 10: GENERATING REPORTS 149 View Stored Reports The View Stored Reports displays reports that were scheduled in the Task Managersee section

150 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Locked Out Users Report The Locked Out Users report displays users who are currently locked ou

CHAPTER 10: GENERATING REPORTS 151 CC-NOC Synchronization Report The CC-NOC Synchronization report lists all targets, along with their IP addresses

152 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

CHAPTER 11: SYSTEM MAINTENANCE 153 Chapter 11: System Maintenance Reset CC-SG Use the Reset CommandCenter command to reset CC-SG database data – pl

CHAPTER 1: INTRODUCTION 1 Chapter 1: Introduction Congratulations on your purchase of CommandCenter Secure Gateway (CC-SG), Raritan’s convenient a

154 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Restore CC-SG 1. On the Setup menu, click Restore CommandCenter. 2. When the Restore Comman

CHAPTER 11: SYSTEM MAINTENANCE 155 Saving and Uploading Backup Files You can also save and load CC-SG backups to and from your local PC using the R

156 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Refresh CC-SG Display Any edits or modifications made to users, ports, categories, elements, a

CHAPTER 11: SYSTEM MAINTENANCE 157 Upgrade CC-SG Note: If you are operating a CC-SG cluster, you must remove the cluster first and upgrade each no

158 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 5. Click OK to restart CC-SG or Cancel to exit the screen without restarting. Once you restar

CHAPTER 11: SYSTEM MAINTENANCE 159 End CC-SG Session Log Out To exit CC-SG at the end of a session, or to refresh the database in case you or anoth

160 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Scheduled Tasks Scheduled tasks cannot execute while CC-SG is in Maintenance Mode─please see s

CHAPTER 12: ADVANCED ADMINISTRATION 161 Chapter 12: Advanced Administration Configuration Manager Network Configuration 1. On the Setup menu, c

162 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE A. Choose Primary/Backup mode to implement network failover and redundancy. In this mode, on

CHAPTER 12: ADVANCED ADMINISTRATION 163 In this mode, CC-SG acts as a “router” or “traffic cop” between two separate IP domains; particularly when

2 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Product Features and Benefits • Seamless Management CC-SG offers seamless management of Domini

164 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 3. Click on the Level to Forward drop-down arrow to select a level. 4. Repeat steps 2 and 3

CHAPTER 12: ADVANCED ADMINISTRATION 165 Time/Date Configuration CC-SG’s Time and Date stamps must be accurately maintained in order to provide cred

166 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Modem Configuration Use this screen to access CC-SG from a client machine over a dial-up conne

CHAPTER 12: ADVANCED ADMINISTRATION 167 4. Click on the Advanced tab. Figure 200 Extra Initialization Commands 5. Type an initialization command

168 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 4. Click Next. Figure 202 New Connection Wizard 5. Click Connect to the network at my workp

CHAPTER 12: ADVANCED ADMINISTRATION 169 10. In the next screen, typically you want to click My use only in the next screen to make the connection a

170 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE transmit "ccclient^M" endproc Connect to CC-SG with Modem To connect to CC-SG: 1.

CHAPTER 12: ADVANCED ADMINISTRATION 171 7. If Show terminal window was checked as described in section Configure the Call-back Connection earlier

172 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Connection Mode When connected to a device, you have the option to pass data back and forth di

CHAPTER 12: ADVANCED ADMINISTRATION 173 iii. Click the Add button to add the Net Address and Mask to the screen. You may have to use the scroll ba

CHAPTER 1: INTRODUCTION 3 • Comprehensive Logging − Logs events locally. − Can use an external syslog server for event logs (events are immedia

174 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Device Settings 1. On the Setup menu, click Configuration Manager. When the Configuration Man

CHAPTER 12: ADVANCED ADMINISTRATION 175 SNMP Simple Network Management Protocol allows CC-SG to push SNMP traps (event notifications) to an existin

176 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE System Log traps, which include notifications for the status of the CC unit itself, such as a

CHAPTER 12: ADVANCED ADMINISTRATION 177 Strong Password Rules Strong password rules require users to observe strict guidelines when creating passwo

178 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 6. Type an email address in Lockout notification email so notification is sent to the address

CHAPTER 12: ADVANCED ADMINISTRATION 179 4. Click OK to add the new application or Cancel to close the window. If you clicked OK, a search window a

180 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 6. Modify parameters in the Parameters panel and click the Update button in the Details panel

CHAPTER 12: ADVANCED ADMINISTRATION 181 2. Click Add to add a new firmware file. A search window appears. Figure 222 Search Window 3. Click on t

182 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Add a CC-NOC Note: To create a valid connection, the time settings on both the CC-NOC and CC-S

CHAPTER 12: ADVANCED ADMINISTRATION 183 3. Select a software version of CC-NOC you want to add and click Next. Version 5.1 has fewer integration f

This page intentionally left blank.

4 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE • CIM (Computer Interface Module)—is the hardware used to connect a target server and a Raritan

184 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE To stop CC-NOC from monitoring a device, it can be unmanaged – see the CommandCenter NOC Admin

CHAPTER 12: ADVANCED ADMINISTRATION 185 Important: To increase security, you must enter the passcodes in CC-NOC within five minutes after they are

186 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 2. Highlight a CC-NOC in the list and click Edit. The Edit CC-NOC Configuration screen appear

CHAPTER 12: ADVANCED ADMINISTRATION 187 Delete a CC-NOC To remove and unregister a CC-NOC in CC-SG, do the following. 1. On the CommandCenter NOC

188 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Create a Cluster In the event of a failover, the administrator should send an email to all CC-

CHAPTER 12: ADVANCED ADMINISTRATION 189 Set Secondary CC-SG Node 1. Click Discover CommandCenters to scan and display all CC-SG appliances on the

190 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Remove Secondary CC-SG Node 1. To remove Secondary Node status from a CC-SG unit and reassig

CHAPTER 12: ADVANCED ADMINISTRATION 191 Set Advanced Settings To configure advanced settings of a cluster configuration: 1. Select the Primary nod

192 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE • Outlet Port Power Management (Power On/Off/Recycle Outlet ports) • Generate all Reports

CHAPTER 12: ADVANCED ADMINISTRATION 193 Create a New Task To schedule a new task: 1. On the Setup menu, click Task Manager. Figure 237 Task Manag

CHAPTER 1: INTRODUCTION 5 • Ports—are connection points between a Raritan Device and a target system or server. Or, a port can be a device that i

194 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 4. Click on the Task Data tab and from the pulldown menu, select the task to be scheduled, su

CHAPTER 12: ADVANCED ADMINISTRATION 195 8. Change Own Password in Chapter 7: Adding Users and User Groups. If an email was not configured, then th

196 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 4. To view the history of a task, select a task and click Task History. Figure 243 Task His

CHAPTER 12: ADVANCED ADMINISTRATION 197 Notification Manager Use Notification Manager to configure an external SMTP server so notifications can be

198 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE SSH Access to CC-SG Use Secure Shell (SSH) clients, such as Putty or OpenSHH Client, to access

CHAPTER 12: ADVANCED ADMINISTRATION 199 4. A shell prompt appears. Type ls to display all commands available from SSH. Figure 248 CC-SG Commands

200 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 6. Typing the command with the –h switch displays help for that command, such as listfirmware

CHAPTER 12: ADVANCED ADMINISTRATION 201 Create a SSH Connection to an SX Device You can create an SSH connection to an SX device to perform adminis

202 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Connect to a Serial Port Connect to a serial port to access a target server. You can access se

CHAPTER 12: ADVANCED ADMINISTRATION 203 3. Once connected to the port, type the default Escape keys of ‘~’ followed by a dot ‘.’. An intermediate

6 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE New 3.0 Features These administrator features are now available in CC-SG 3.0: Note: If viewing a

204 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Diagnostic Console The Diagnostic Console is a standard, non-graphical interface that provides

CHAPTER 12: ADVANCED ADMINISTRATION 205 Accessing Status Console Entering a password to access the Status Console is not required, but can be enfor

206 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Accessing Administrator Console At the time of logging into Administrator Console, all informa

CHAPTER 12: ADVANCED ADMINISTRATION 207 Navigating Administrator Console PRESS.. TO… CTRL+C or CTRL+Q To exit Diagnostic Console. CTRL+L Refresh

208 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 3. Click Save as Default at the bottom of the screen or press the TAB key and press Enter onc

CHAPTER 12: ADVANCED ADMINISTRATION 209 Figure 263 Edit Status Console Config 3. Click Save at the bottom of the screen or press the TAB key an

210 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 2. If this is the first time accessing CC-SG and the network interfaces have not been configu

CHAPTER 12: ADVANCED ADMINISTRATION 211 Ping an IP Address (Network Interfaces) Use ping to check that the connection between your computer and a p

212 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Using Traceroute (Network Interfaces) Traceroute is often used for network troubleshooting. By

CHAPTER 12: ADVANCED ADMINISTRATION 213 Active/Active network settings where each interface is attached to a separate IP domain-see section Network

CHAPTER 2: ACCESSING CC-SG 7 Chapter 2: Accessing CC-SG Once you have configured CC-SG with an IP address and have defined at least one user, as d

214 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 2. Click with the mouse or use the ↓↑ keys to navigate and press the Enter key to select a lo

CHAPTER 12: ADVANCED ADMINISTRATION 215 3. When View is selected with Merged Windows, the LogViewer displays: Figure 272 Selecting Log Files to V

216 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 7. If desired, you can filter the log file with a regular expression. Type e to add or edit a

CHAPTER 12: ADVANCED ADMINISTRATION 217 9. Select F1 to get help on all LogViewer options. Pressing CTL+C and CTL+Q (as well as a plain q) termina

218 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 2. Either click Restart CC-SG Application or press ENTER. Figure 279 Restarting CC-SG in Dia

CHAPTER 12: ADVANCED ADMINISTRATION 219 2. Either click REBOOT System or press ENTER to reboot CC-SG. A screen to confirm this action appears and

220 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE In Password Configuration, enter the number of passwords that will be remembered. This is the

CHAPTER 12: ADVANCED ADMINISTRATION 221 Account Configuration By default, the status account does not require a password, but you can configure it

222 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 4. For the Admin and Status accounts, you can configure: SETTING DESCRIPTION User \ User Nam

CHAPTER 12: ADVANCED ADMINISTRATION 223 2. Either click Refresh or press Enter to refresh the display. Refreshing the display is especially useful

8 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 2. You will be warned if you are using an unsupported Java Runtime Environment version on your

224 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 2. View the total running, sleeping, total number and processes that have stopped. Figure 2

APPENDIX A: SPECIFICATIONS 225 Appendix A: Specifications (G1, V1) G1 Platform General Specifications Form Factor 1U Dimensions (DxWxH) 22.1”x 1

226 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE NON-OPERATING Temperature 0 - 30 deg C; 32 – 104 deg F Humidity 10% - 90% RH Altitude Operate

APPENDIX A: SPECIFICATIONS 227 V1 Platform General Specifications Form Factor 1U Dimensions (DxWxH) 24.21”x 19.09” x 1.75” 615mm x 485mm x 44mm

228 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE NON-OPERATING Temperature -40 - +60 (-40-140) Humidity 5% - 95% RH Altitude Operate prope

APPENDIX B: CC-SG AND NETWORK CONFIGURATION 229 Appendix B: CC-SG and Network Configuration Introduction This appendix discloses network requireme

230 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Figure 290 CC-SG Deployment Elements Internet (Unsecured Network) CC-SG Cluster Peer CC Cli

APPENDIX B: CC-SG AND NETWORK CONFIGURATION 231 CC-SG Communication Channels The communication channels are partitioned as follows: • CC-SG ↔ Rari

232 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Each CC-SG in the cluster may be on a separate LAN. However, the inter-connection between the

APPENDIX B: CC-SG AND NETWORK CONFIGURATION 233 The first mode is the primary means for users and administrators to connect to CC-SG. The other t

CHAPTER 2: ACCESSING CC-SG 9 Standalone Client Access The standalone CC-SG client allows you to connect to CC-SG servers by launching a Java appli

234 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE CC-SG & SNMP Simple Network Management Protocol (SNMP) allows CC-SG to push SNMP traps (ev

APPENDIX B: CC-SG AND NETWORK CONFIGURATION 235 Security and Open Port Scans As part of the CC-SG Quality Assurance process, several open port sca

APPENDIX C: INITIAL SETUP PROCESS OVERVIEW 237 Appendix C: Initial Setup Process Overview Pre-requisites: • Add Devices with Category/Element cl

238 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

APPENDIX D: USER GROUP PRIVILEGES 239 Appendix D: User Group Privileges USERS GROUP PRIVILEGE AVAILABLE COMMANDS USER CAPABILITY Application Manag

240 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE USERS GROUP PRIVILEGE AVAILABLE COMMANDS USER CAPABILITY Configuration Manager Users are abl

APPENDIX D: USER GROUP PRIVILEGES 241 USERS GROUP PRIVILEGE AVAILABLE COMMANDS USER CAPABILITY Association Manager Users are able to associate ca

242 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

APPENDIX E: SNMP TRAPS 243 Appendix E: SNMP Traps CC-SG provides the following traps: SNMP TRAP DESCRIPTION CCDeviceUpgrade CC-SG has upgraded t

10 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 3. Click Update Configuration to submit the changes. A confirmation window asks if you wish to

244 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

APPENDIX F: TROUBLESHOOTING 245 Appendix F: Troubleshooting • In order to launch CC-SG from your web browser, it requires a Java plug-in. If your

246 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Port and Policy Group Creation Failure The default port groups and policies created in the Ass

APPENDIX G: FAQS 247 Appendix G: FAQs QUESTION ANSWER General What is CC-SG? CC-SG is a network management device for aggregating and integrati

248 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE QUESTION ANSWER to add a console/serial port to CC-SG? the following conditions are met: - T

APPENDIX G: FAQS 249 QUESTION ANSWER If we had more than 1,000 users, how would this be managed? That is, do you support Active Directory? CC-SG

250 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE QUESTION ANSWER track down to who switched on or off a power plug? through the CC-SG GUI can

APPENDIX G: FAQS 251 QUESTION ANSWER or simply box level? switches, the tightness of integration will vary. How would I mitigate the restricti

252 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 255-80-5140-00

APPENDIX G: FAQS 253

CHAPTER 2: ACCESSING CC-SG 11 2. Select an application from the pull-down menu and note the number in the version field. If the firmware needs up

North American Headquarters Raritan 400 Cottontail Lane Somerset, NJ 08873 U.S.A. Tel. (732) 764-8886 or (800) 724-8090 Fax (732) 764-8887 Email:

12 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE To access a remote target device that is connected via a serial port, click on the appropriate

CHAPTER 2: ACCESSING CC-SG 13 Power Down CC-SG If running CC-SG on the V1 platform and if it loses AC power while it is up and running, the V1 uni

Copyright and Trademark Information This document contains proprietary information that is protected by copyright. All rights reserved. No part o

14 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Note: To make ports easier to find, right-click on the tree and select the desired listing meth

CHAPTER 2: ACCESSING CC-SG 15 Main Window Components Figure 13 CC-SG Application Window The CC-SG menu bar displays all operations and configu

16 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Configuring CC-SG Manager Components In order to use CC-SG effectively, you must complete the f

CHAPTER 2: ACCESSING CC-SG 17 Compatibility Matrix The Compatibility Matrix lists the firmware versions of Raritan devices and software versions o

18 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

CHAPTER 3: EXAMPLE CONFIGURATION WORKFLOW 19 Chapter 3: Example Configuration Workflow Create Associations The Association Wizard guides you thro

20 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 2. After reading the overview, click Next. The Create Category and Elements screen of the Wiza

CHAPTER 3: EXAMPLE CONFIGURATION WORKFLOW 21 5. To create another category, click Add Another Category and repeat steps 3 and 4. To review categor

22 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 8. CC-SG will show a progress bar while it is creating the associations, port groups and polic

CHAPTER 3: EXAMPLE CONFIGURATION WORKFLOW 23 4. Click Next to proceed. The Add Device description screen appears. Depending on the type of device

Safety Guidelines To avoid potentially fatal shock hazard and possible damage to Raritan equipment: • Do not use a 2-wire power cord in any produc

24 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Device Created successfully message confirms that device has been added. This step is very impo

CHAPTER 3: EXAMPLE CONFIGURATION WORKFLOW 25 3. Click Configure next to the serial port line item you wish to configure. The Configure Serial Po

26 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE KVM Port 1. Click on the Devices tab and select a KVM device, for example, Dominion KX, from t

CHAPTER 3: EXAMPLE CONFIGURATION WORKFLOW 27 5. Click on the Application Name drop-down menu and select name. This application, for example, Rarit

28 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 5. If using local authentication, type the new password into the Password field (6-16 characte

CHAPTER 3: EXAMPLE CONFIGURATION WORKFLOW 29 2. On the Users menu, click Add User Group. Alternatively, right-click on a user group and select Add

30 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Create/Edit Port Groups CC-SG uses port groups to control user access. Policies can be applied

CHAPTER 3: EXAMPLE CONFIGURATION WORKFLOW 31 6. If needed, enter the Boolean logic to apply additional rules in the Validate panel. Example: use (

32 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Sundays, and Custom to manually choose the days policy to be applied. If you choose Custom, ch

CHAPTER 3: EXAMPLE CONFIGURATION WORKFLOW 33 6. Click OK to add the policy or policies to the group. A Group Policies Updated successfully message

CONTENTS i Contents Chapter 1: Introduction ...1

34 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 12. Type an email address for this user in the Email Address field, if desired. 13. Click OK to

CHAPTER 4: CREATING ASSOCIATIONS 35 Chapter 4: Creating Associations Associations CC-SG provides powerful, highly customizable organizational cap

36 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Other examples of typical Association configurations of Category and Elements are as follows:

CHAPTER 4: CREATING ASSOCIATIONS 37 • Devices—are Raritan products such as Dominion KX116, Dominion SX48, Dominion KSX440, IP-Reach, Paragon II Sy

38 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Add Category 1. On the Associations menu, click Association Manager. The Association Manager s

CHAPTER 4: CREATING ASSOCIATIONS 39 Edit Category 1. On the Associations menu, click Association Manager. The Association Manager screen appears.

40 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Add Element 1. On the Associations menu, click Association Manager. The Associations Manager

CHAPTER 4: CREATING ASSOCIATIONS 41 Edit Element 1. On the Associations menu, click Association Manager. The Association Manager screen appears.

42 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Association Wizard The Association Wizard guides you through steps to create categories and the

CHAPTER 4: CREATING ASSOCIATIONS 43 5. If you wish to create another category, click Add Another Category and repeat steps 3 and 4. Figure 46 Ad

ii CONTENTS Copy Device Configuration...

44 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 8. CC-SG will show a progress bar while it is creating the associations, port groups and polic

CHAPTER 4: CREATING ASSOCIATIONS 45 Import Categories, Devices, Ports from CSV File To expedite configuration, you can import pre-defined categorie

46 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE CSV File Format The entries in the CSV file are case-sensitive and each row in the CSV file has

CHAPTER 4: CREATING ASSOCIATIONS 47 Once successfully imported, you should see something like: Figure 50 Analysis Report Screen If necessary, refe

48 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 49 Chapter 5: Adding Devices and Device Groups Device Manager Device Manager commands allow you to conf

50 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Device Icons ICON MEANING Device available Port available KVM port connected – in current

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 51 Add Device Use this command to add a new device to the system. 1. Click on the Devices tab. 2. On

52 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Figure 54 Add Device Screen for Raritan Devices Figure 55 Add Device Screen for iLO, RILOE

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 53 Figure 56 Add Device Screen for IPMI Server (v 1.5) Figure 57 Add Device Screen for Generic Device

CONTENTS iii Edit Policy...

54 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE KX Devices with Encryption CC-SG supports adding and managing Dominion KX devices, such as KX1

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 55 Delete Device 1. Click on the Devices tab and select a device from Devices tree. 2. On the Devices

56 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Backup Device Configuration Use this command to back up all user configuration and system confi

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 57 Copy Device Configuration This command allows you to copy configurations from one device to another

58 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE If the firmware version of the device is not compatible with CC-SG, a message will alert you an

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 59 Pause Device You can pause a device to temporarily suspend CC-SG’s control of it without losing any

60 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Custom View You can customize the Devices tree by organizing devices to appear in a particular

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 61 Add Custom View 1. Click on the Devices tab. 2. On the Devices menu, click Change View, and then c

62 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 5. In the Custom View Details panel, click on the drop-down arrow at the bottom of the panel.

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 63 Topological View Use the Topological View command to view the structural setup of all the connected

iv CONTENTS Inactivity Timer Configuration ...

64 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Special Access to Paragon II System Devices Paragon II System Controller (P2-SC) Paragon II Sys

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 65 IP-Reach and UST-IP Administration You can also perform administrative diagnostics on IP-Reach and U

66 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Device Power Manager Before using the Device Power Manager view, make a physical connection of

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 67 Discover Devices Use this command to initiate a search for all devices on your system. The search wi

68 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 7. Select a device from the list and click Add to add the device to CC-SG or click Close to ex

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 69 Device Group Manager Use the Device Groups Manager screen to add, edit, assign, and remove device gr

70 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Edit Device Group Name 1. On the Associations menu, click Groups Manager, and then click Devic

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 71 Delete Device Group 1. On the Associations menu, click Groups Manager, and then click Device Group

72 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Important: You can combine the application of two or more rules by using operators such as ‘&am

CHAPTER 5: ADDING DEVICES AND DEVICE GROUPS 73 Search for Devices CC-SG can search for a device name that satisfies the text entered in the search

CONTENTS v CC-SG & SNMP ...

74 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Examples are as follows: EXAMPLE DESCRIPTION KX? Locates KX1, and KXZ, but not KX1Z. KX* Loca

CHAPTER 6: CONFIGURING PORTS AND PORT GROUPS 75 Chapter 6: Configuring Ports and Port Groups This chapter discusses how to configure and edit ports

76 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE When you click on the Ports tab, the Ports tree displays information about the Ports connected

CHAPTER 6: CONFIGURING PORTS AND PORT GROUPS 77 Port Icons For easier identification, different ports have different icons in the tree. In addition

78 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Configure Port Configure a Serial Port Click on the Devices tab and select a serial device from

CHAPTER 6: CONFIGURING PORTS AND PORT GROUPS 79 3. Click the Configure button that corresponds to the serial port line item you wish to configure.

80 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 11. Click In-Band Parameters if you want to allow in-band access for this Serial port. Figure

CHAPTER 6: CONFIGURING PORTS AND PORT GROUPS 81 Configure a KVM Port 1. Click on the Devices tab and select a KVM device from the Devices tree. 2

82 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 5. Type a port name in the Port Name field. For ease of use, you should name the port after th

CHAPTER 6: CONFIGURING PORTS AND PORT GROUPS 83 Configure a Generic Port with In-Band Access In-band access to Generic devices, such as hubs, Windo