Device Management. Tripp Lite NETDIRECTORTM B064-016-02-IPG, NetDirector B064-016-02-IPG
Add to My manuals81 Pages
advertisement
OSD Operation (continued)
Network
(continued)
The settings in this sub-section are described in the table below.
Item
IP Installer
Service Ports
Redundant NIC
IPv4 Settings
IPv6 Settings
Description
The B064-Series KVM switch comes with an IP Installer application that allows Windows computers to easily view and edit the KVMs network settings. This section determines what access the IP Installer has to the KVM switch.
• Enabled – When selected, the IP Installer can locate the KVM switch on the network and display its current IP address. It also allows the IP Installer to be used to change the IP address of the KVM switch.
• View Only – When selected, the IP Installer can locate the KVM switch on the network and display its current IP address, but it cannot be used to change the IP address of the KVM switch.
• Disabled – When selected, the IP Installer cannot locate the KVM switch on the network, nor can it be used to change the IP address of the KVM switch.
This section allows you to set up port numbers that will be allowed by a firewall. If the port numbers on this page are not allowed access by the firewall, you will not be able to access the KVM switch. Valid entries for all of the service ports are from 1 to 65535. Note: You must enter a different port number for each field. If the KVM is connected to a network without a firewall, it doesn’t matter what these ports are set to, as they will have no effect.
• Program – This is the port number that is used when accessing connected computers via the browser and nonbrowser Windows and Java clients. It is also the port number that is used when accessing virtual media. The default value is 9000. Note: This port number must match the port number in the non-browser Windows and Java clients when using them to connect to the KVM switch.
• HTTP – This is the port that is used for a browser login. The default value is 80.
• HTTPS – This is the port that is used for a secure browser login. The default is 443.
• SSH – This is the port number that is used when accessing the KVM switch via SSH. The default value is 22.
• Telnet – This is the port number that is used when accessing the KVM switch via Telnet. The default value is 23.
The B064-Series KVM switch features two network interfaces. You can assign the same IP address to both, or assign a separate IP address for each. When this checkbox is checked, the same IP address gets assigned to both network interfaces, and the NIC drop-down menu below it is grayed out. If unchecked, the NIC drop-down menu is activated, and you must assign an IP address for each interface. Select a network interface from the drop-down to edit its settings.
The B064-Series KVM switch supports both IPv4 and IPv6. If you wish to use an IPv6 IP address, ignore this section.
• Obtain an IP Address Automatically (DHCP) – When this option is checked, the KVM switch will have its IP address assigned to it by a DHCP server upon booting up, and the remaining fields in this section will be grayed out. This option is checked by default.
• Set IP Address Manually (Fixed IP) – Check this option if you wish to assign an IP address to the KVM yourself.
When checked, the settings fields below will be activated for you to edit.
• IP Address – Enter in the desired IP address here.
• Subnet Mask – Enter in the desired Subnet Mask here.
• Default Gateway – Enter in the desired Default Gateway here.
• Obtain DNS Server Address Automatically – When this option is checked, the KVM switch will have its DNS Server address assigned to it by a DHCP server upon booting up, and the remaining fields in this section will be grayed out.
If you selected to set the IP address manually above, this option will be grayed out, and you will be required to enter the DNS Server address manually as well.
• Set DNS Server Address Manually – Check this option if you wish to assign a DNS Server address to the KVM yourself. When checked, the settings fields below will be activated for you to edit.
• Preferred DNS Server – Enter in the preferred DNS Server address here.
• Alternate DNS Server – Enter in the alternate DNS Server address here. This is an optional field.
The B064-Series KVM switch supports both IPv4 and IPv6. If you wish to use an IPv4 IP address, ignore this section.
• Obtain IPv6 Address Automatically (DHCP) – When this option is checked, the KVM switch will have its IP address assigned to it by a DHCP server upon booting up, and the remaining fields in this section will be grayed out. This option is checked by default.
• Set IPv6 Address Manually (Fixed IP) – Check this option if you wish to assign an IP address to the KVM yourself.
When checked, the settings fields below will be activated for you to edit.
• IPv6 Address – Enter in the desired IP address here.
• Subnet Prefix Length – Enter in the desired Subnet Prefix length here.
• Default Gateway – Enter in the desired Default Gateway here.
• Obtain DNS Server Address Automatically – When this option is checked, the KVM switch will have its DNS Server address assigned to it by a DHCP server upon booting up, and the remaining fields in this section will be grayed out.
If you selected to set the IP address manually above, this option will be grayed out, and you will be required to enter the DNS Server address manually as well.
• Set DNS Server Address Manually – Check this option if you wish to assign a DNS Server address to the KVM yourself. When checked, the settings fields below will be activated for you to edit.
• Preferred DNS Server – Enter in the preferred DNS Server address here.
• Alternate DNS Server – Enter in the alternate DNS Server address here. This is an optional field.
Network Transfer Rate This setting allows you to set the size of the data transfer stream to match your network, by setting the rate at which the
KVM transfers data to remote computers. The range is from 4 to 99,999 KBps. The default is 99999.
35
OSD Operation (continued)
Advanced Network Management Settings
The ANMS sub-section is used to set up login authentication and authorization management from external sources. It is split up into two pages; Event Destination and Authentication, which are explained in the sections that follow.
Event Destination
The Event Destination page allows the KVM to be set up to record and send notifications of events that take place on the system. It allows you to enable and set up notification via SMTP, SNMP, Syslog Server and the Log Server.
SMTP Settings
The SMTP Settings section allows you to have notifications of system events emailed to you via the SMTP server. To set up this feature, follow the steps below.
• Check the Enable report from the following SMTP Server checkbox.
• In the SMTP Server field, key in the IPv4 address, IPv6 address or domain name of the SMTP server.
• If your server requires a secure SSL connection, check the My server requires secure connection (SSL) checkbox.
• If your server requires authentication, check the My server requires authentication checkbox.
• Enter in the Account Name and Password for your SMTP server.
• In the From field, key in the email address that you want the report to show up as being sent from. Note: Only one email address is allowed in the From field, and it cannot exceed 64 Bytes. 1 Byte is equal to 1 English alphanumeric character.
• In the To field, key in the email address(es) you want the report to be sent to. Note: If you are entering more than one address, separate them with a semicolon. The size of all email addresses cannot combine to more than 256 Bytes. 1 Byte is equal to 1
English alphanumeric character.
Log Server
In addition to the log that is built into the OSD, the KVM comes with an external Windows-based log server that can be installed on a computer. (See The Log Server section for details.) The Log Server section on this page is where the external log server can be enabled and set up for use. To do this, follow the steps below.
1. Check the Enable checkbox in the Log Server section.
2. In the MAC Address field, enter the MAC address of the computer that the log server resides on.
3. In the Service Port field, enter in a port that the firewall will allow to be used to access the log server. The valid port range is between 1 and 65535. The default port number is 9001. Note: The port number entered here must not be the same as any of the ports entered into the Network sub-section. (See Network section under Device
Management for details.)
36
SNMP Server
This section allows you to enable SNMP traps to be sent. When enabled, the following SNMP traps are sent; System Power On, Login
Failure and System Reset. To enable SNMP traps, do the following.
1. Check the Enable SNMP Agent checkbox.
2. In the Server IP field, enter the IPv4 address, IPv6 address or domain name of the computer to be notified of SNMP trap events.
3. In the Service Port field, enter in a port that the firewall will allow to be used to access the SNMP server. The valid port range is between 1 and 65535. The default port number is 162. Note: The port number entered here must not be the same as any of the ports entered into the Network sub-section. (See Network section under
Device Management in OSD Operation for details.)
Syslog Server
To record all the events that take place on the KVM and write them to a Syslog server, do the following:
1. Check the Enable checkbox in the Syslog Server section.
2. In the Server IP field, enter the IPv4 address, IPv6 address or domain name of the Syslog server.
3. In the Service Port field, enter in a port that the firewall will allow to be used to access the Syslog server. The valid port range is between 1 and 65535. The default port number is 514. Note: The port number entered here must not be the same as any of the ports entered into the Network sub-section. (See Network section under
Device Management in OSD Operation for details.)
OSD Operation (continued)
Advanced Network Management Settings
(continued)
Authentication
The Authentication page allows remote authentication to be set up via
RADIUS and LDAP/S.
Disable Local Authentication
Check this checkbox to disable local login authentication of the KVM switch. If checked, the switch can only be accessed using LDAP,
LDAPS, MS Active Directory and/or RADIUS authentication.
RADIUS Settings
To allow authentication and authorization for the B064-Series KVM Switch through a RADIUS server, do the following:
1. Check the Enable check box in the RADIUS section.
2. Fill in the IP addresses and port numbers for the Preferred and Alternate RADIUS servers.
3. In the Timeout field, set the time in seconds that the B064-Series KVM Switch waits for a RADIUS server reply before it times out.
4. In the Retries field, set the number of allowed RADIUS retries.
5. In the Shared Secret field, key in the character string that you want to use for authentication between the B064-Series KVM Switch and the
RADIUS Server.
6. On the RADIUS server, set the entry for each user as su/xxxx, where xxxx represents the username assigned to the user in the KVM switch.
User access rights will be the same as those that were assigned to them in the KVM switch. (See User Management section for details.)
LDAP / LDAPS Authentication and Authorization Settings
To allow authentication and authorization for the B064 Series KVM Switch via LDAP / LDAPS, refer to the information in the table, below:
Character
Enable
LDAP / LDAPS
LDAP Server IP and
Port
Timeout
Admin DN
Admin Name
Password
Search DN
Meaning
Put a check in the Enable checkbox to allow LDAP / LDAPS authentication and authorization.
Click to specify whether to use LDAP or LDAPS.
Fill in the IP address and port number for the LDAP or LDAPS server. For LDAP, the default port number is 389; for
LDAPS, the default port number is 636.
Set the time in seconds that the B064-Series KVM Switch waits for an LDAP or LDAPS server reply before it times out.
Consult the LDAP / LDAPS administrator to ascertain the appropriate entry for this field. For example, the entry might look like this: ou=b064-032-04-ip,dc=tripplite,dc=com
Key in the LDAP administrator’s username.
Key in the LDAP administrator’s password.
Set the distinguished name of the search base. This is the domain name where the search starts for user names.
Note: If the LDAP Setting is enabled, the LDAP schema for MS Active Directory must be extended, or an OpenLDAP server must be installed and configured. (See LDAP Server Configuration, in the following section for details.)
37
OSD Operation (continued)
Advanced Network Management Settings
(continued)
LDAP Configuration — Active Directory
To allow authentication and authorization for the B064-Series KVM Switch via LDAP or LDAPS, the Active Directory’s LDAP Schema must be extended so that an extended attribute name for the B064-Series KVM Switch – userprofile – is added as an optional attribute to the person class.
• Authentication refers to determining the authenticity of the person logging in.
• Authorization refers to assigning permission to use the device’s various features.
In order to configure the LDAP server, you will have to complete the following procedures: 1) Install the Windows 2003 Support Tools; 2) Install the Active Directory Schema Snap-in; and 3) Extend and Update the Active Directory Schema.
Install the Windows 2003 Support Tools
1. On your Windows Server CD, open the Support Tools folder.
2. In the right panel of the dialog box that comes up, double click SupTools.msi.
3. Follow along with the Installation Wizard to complete the procedure.
Install the Active Directory Schema Snap-in
1. Open a Command Prompt.
2. Key in regsvr32 schmmgmt.dll to register schmmgmt.dll on your computer.
3. Open the Start menu. Click Run and key in mmc /a. Click OK.
4. On the File menu of the screen that appears, click Add/Remove Snap-in, then click Add.
5. Under Available Standalone Snap-ins, double click Active Directory Schema, click Close and click OK.
6. On the screen you are in, open the File menu and click Save.
7. For Save in, specify the C:\Windows\system32 directory.
8. For File name, key in schmmgmt.msc.
9. Click Save to complete the procedure.
Creating a Start Menu Shortcut Entry
To create a shortcut entry on the Start Menu for the Active Directory Schema, do the following:
1. Right click Start; select: Open all Users Programs Administrative Tools.
2. On the File menu, select New Shortcut
3. In the dialog box that comes up, browse to or key in the path to schmmgmt.msc (C:\Windows\system32\schmmgmt.msc) and click Next .
4. In the dialog box that comes up, key in Active Directory Schema as the name for the shortcut, then click Finish .
38
OSD Operation (continued)
Advanced Network Management Settings
(continued)
Extend and Update the Active Directory Schema
Step 1 - Create a New Attribute: a) Open Control Panel Administrative Tools Active
Directory Schema.
Step 2 - Extend the Object Class With the New Attribute: a) Open Control Panel Administrative Tools Active
Directory Schema.
b) In the left panel of the screen that comes up, select Classes.
c) In the right panel, right-click person: b) In the left panel of the screen that comes up, right-click Attributes: c) Select New Attribute.
d) In the warning message that appears, click Continue to bring up the
Create New Attribute dialog box.
e) Fill in the dialog box according to the example below and click OK to complete step 1 of the procedure.
• Common Name – userprofile
• LDAP Display Name – userprofile
• Syntax – Unicode String
• Minimum – 1
• Maximum – 255
Note: The Unique X500 Object ID uses periods, not commas.
d) Select Properties; the person Properties page comes up with the
General tab displayed. Click the Attributes tab.
e) Select the Attributes tab and click the Add button:
39
OSD Operation (continued)
Advanced Network Management Settings
(continued) f) In the list that comes up, select userprofile, then click OK to complete step 2 of the procedure.
d) Right-click on the user’s name and select Properties . e) On the Attribute Editor page of the dialog box that appears, select userprofile from the list.
Step 3 - Edit Active Directory Users With the Extended Schema: a) Run ADSI Edit. (Installed as part of the Support Tools.) b) Open Domain, and navigate to the cn=users dc=tripplite dc=com node.
c) Locate the user you wish to edit.
f) Click Edit to bring up the String Attribute Editor: g) Replace the value shown with su/xxxx, where xxxx represents the username assigned to the user in the KVM switch. User access rights will be the same as those that were assigned to them in the
KVM switch. (See User Management section for details.)
40
OSD Operation (continued)
Advanced Network Management Settings
(continued) h) Click OK. When you return to the Attribute Editor page, the userprofile entry now reflects the new permissions:
OpenLDAP Server
OpenLDAP is an Open source LDAP server designed for UNIX platforms. A Windows version can be downloaded from: http://download.bergmans.us/openldap/openldap-2.2.29/ openldap-2.2.29-db-4.3.29-openssl-0.9.8awin32_Setup.exe.
OpenLDAP Server Installation
After downloading the program, launch the installer, select your language, accept the license and choose the target installation directory. The default directory is: c:\Program Files\OpenLDAP .
When the Select Components dialog box appears, select install BDB- tools and install OpenLDAP-slapd as NT service, as shown in the diagram, below: i) Click Apply to save the change and complete the procedure.
j) Repeat Step 3 (Edit Active Directory Users With the Extended
Schema ) for any other users you wish to add.
41
OSD Operation (continued)
Advanced Network Management Settings
(continued)
OpenLDAP Server Configuration
The main OpenLDAP configuration file, slapd.conf, has to be customized before launching the server. The modifications to the configuration file will do the following:
• Specify the Unicode data directory. The default is ./ucdata.
• Choose the required LDAP schemas. The core schema is mandatory.
• Configure the path for the OpenLDAP pid and args start up files.
The first contains the server pid, the second includes command line arguments.
• Choose the database type. The default is bdb (Berkeley DB).
• Specify the server suffix. All entries in the directory will have this suffix, which represents the root of the directory tree. For example, with suffix dc=tripplite,dc=com, the fully qualified name of all entries in the database will end with dc=tripplite,dc=com.
• Define the name of the administrator entry for the server (rootdn), along with its password (rootpw). This is the server’s super user.
The rootdn name must match the suffix defined above. (Since all entry names must end with the defined suffix, and the rootdn is an entry)
An example configuration file is provided in the figure, below:
Customizing the OpenLDAP Schema
The schema that slapd uses may be extended to support additional syntaxes, matching rules, attribute types, and object classes. In the case of the B064-Series KVM Switch, the B064-Series KVM Switch
User class and the permission attribute are extended to define a new schema. The extended schema file used to authenticate and authorize users logging in to the B064-Series KVM Switch is shown in the figure, below:
LDAP DIT Design and LDIF File
LDAP Data Structure
An LDAP Directory stores information in a tree structure known as the Directory Information Tree (DIT). The nodes in the tree are directory entries, and each entry contains information in attributevalue form. An example of the LDAP directory tree for the B064-
Series KVM Switch is shown in the figure below:
Starting the OpenLDAP Server
To start the OpenLDAP Server, run slapd (the OpenLDAP Server executable file) from the command line. slapd supports a number of command line options, the most important option is the d switch that triggers debug information. For example, a command of slapd -d 256 would start OpenLDAP with a debug level of 256, as shown in the following screenshot:
Note: For details about slapd options and their meanings, refer to the
OpenLDAP documentation.
42
OSD Operation (continued)
Advanced Network Management Settings
(continued)
DIT Creation
The LDAP Data Interchange Format (LDIF) is used to represent
LDAP entries in a simple text format (please refer to RFC 2849).
The figure below illustrates an LDIF file that creates the DIT for the
B064-Series KVM Switch directory tree (shown in the figure in the previous section).
Using the New Schema
To use the new schema, do the following:
1. Save the new schema file (e.g., B064-Series KVM switch.schema) in the /OpenLDAP/ schema/ directory.
2. Add the new schema to the slapd.conf file, as shown in the figure:
3. Restart the LDAP server.
4. Write the LDIF file and create the database entries in init.ldif with the ldapadd command, as shown in the following example: ldapadd -f init.ldif -x -D “cn=Manager,dc=tripplite,dc=com” -w secret
The following figure illustrates an LDIF file that defines the
OpenLDAP group for the B064-Series KVM Switch.
43
OSD Operation (continued)
OOBC
In case the B064-Series KVM switch cannot be accessed via the
LAN, it can be accessed via the switch’s modem port. To enable support for PPP (modem) operation, check the Enable Out of Band
Access checkbox. When checked, Enable Dial Back and Enable Dial
Out functions become available.
Enable Dial Back
If the Enable Dial Back checkbox is checked, the switch will disconnect calls that dial into it, and dial back to one of the entries specified in the table below.
Setting
Enable Fixed Number
Dial Back
Enable Flexible Dial
Back
Description
When the Enable Fixed Number Dial Back checkbox is checked, the KVM will hang up on the modem when there is an incoming call, and dial back to the modem represented by the phone number mentioned in the Phone Number field.
When the Enable Flexible Dial Back checkbox is checked, the KVM can dial back to any modem specified by the user connecting to the KVM. Simply enter a password into the Password field, and when a user connects to the KVM, they will be prompted to enter a username and password. They should enter the phone number of the modem that they want to dial back to as the username, and use the password that is set in the Password field as the password.
Enable Dial Out
To use the dial out feature, you must establish an account with an Internet Service Provider (ISP), and use a modem to dial out to your ISP account. Check the Enable Dial Out checkbox to enable this feature. The settings found in this section are described in the table below.
Setting
ISP Settings
Dial Out Schedule
Emergency Dial Out
Dial Out Mail
Configuration
Description
Enter in the Phone Number, Account Name and Password that you use to connect to your ISP here.
This section allows you to determine what times your KVM switch will dial out over your ISP connection.
• Every – Check this option to choose between the 5 options in the drop-down menu; Never, every Hour, every 2
Hours, every 3 Hours or every 4 Hours.
• Daily at – Check this option to enter in a time that the KVM will dial out over your ISP every day. Use the hh:mm format to specify the desired time.
• PPP Online Time – Enter in the amount of time you want a ISP connection to last before it is terminated. A setting of
0 means that the ISP connection will not automatically disconnect itself.
In the event that the KVM gets disconnected from the network, or the network goes down, this feature will automatically connect via the ISP dial up connection.
• PPP Stays Online Until Network Recovery – When this option is checked, the ISP connection will remain active until the network connection is reestablished.
• PPP Online Time – When this option is checked, the ISP connection will remain active for the amount of time you set here. A setting of 0 means that the ISP connection will not automatically disconnect itself.
This section allows you to set up email notifications of system events via a SMTP server. These notifications will be sent over the ISP network connection, as opposed to the notifications that are set up in the Network page (see Network section under
Device Management in OSD Operation for details), which go out over the standard network.
• SMTP Server IP Address – Enter the IPv4 address, IPv6 address or domain name of you SMTP server here.
• SMTP Server Requires Secure Connection (SSL) – Check this checkbox if your server requires a secure SSL connection.
• SMTP Server Requires Authentication – Check this checkbox if your server requires authentication. When checked, the
Account Name and Password fields are activated. Enter in the Account Name and Password for your SMTP server.
• In the From field, key in the email address that you want the report to show up as being sent from. Note: Only one email address is allowed in the From field, and it cannot exceed 64 Bytes. 1 Byte is equal to 1 English alphanumeric character.
• In the To field, key in the email address(es) you want the report to be sent to. Note: If you are entering more than one address, separate them with a semicolon. The size of all email addresses cannot combine to more than 256 Bytes. 1 Byte is equal to 1 English alphanumeric character.
When you are done making all of your changes, click the Save button.
44
OSD Operation (continued)
OOBC
(continued)
Follow the steps below to setup and access the B064-Series KVM
Switch via dial-in modem:
1. Set up your hardware configuration to match the diagram below.
You will need to use Cat5e cable and the included RJ45 to DB9
Adapter to connect the B064-Series KVM Switch’s modem port to the modem.
2. From your computer, use your modem terminal program to dial into the B064-Series KVM Switch’s modem.
Note: If you don’t know the B064-Series KVM Switch modem’s serial parameters, get them from the system administrator. An example of setting up a modem terminal program under Windows XP is provided on the next page.
3. Once the connection is established, open your browser, and specify
192.168.192.1 in the URL box.
Note: The default username and password are blank.
From here, operation is the same as if you had logged in from a browser or with the AP programs.
Connection Setup Example (Windows XP)
To set up a dial-in connection to the B064-Series KVM Switch under
Windows XP, do the following:
1. From the Start menu, select Control Panel Network
Connections Create a New Connection.
2. When the Welcome to the New Connection Wizard dialog box appears, click Next to move on.
3. In the Network Connection Type dialog box, select Connect to the network at my workplace and click Next.
4. In the Network Connection dialog box, select Dial-up connection and click Next.
5. In the Connection Name dialog box, key in a name for the connection and click Next.
6. In the Connection Availability dialog box, you can select either
Anyone’s use or My use only, depending on your preferences, then click Next.
Note: If you are the only user on this computer, this dialog box won’t appear.
7. In the Phone Number to dial dialog box, key in the phone number of the modem connected to the B064 Series KVM Switch (be sure to include country and area codes, if necessary), then click Next.
8. In the Completing the New Connection Wizard dialog box, check
Add a shortcut to this connection on my desktop and click Finish.
This completes the connection setup. Double click the desktop shortcut icon to make a dial-in connection to the B064-Series KVM
Switch.
Security
The following section describes the settings found in the Security subsection.
45
OSD Operation (continued)
Security
(continued)
Login Failures
The Login Failures section allows you to set up the parameters for what occurs when an account fails to login successfully. To enable the settings entered here, check the Enable checkbox. The table below describes the settings found in this section.
Note: When the Login Failures settings are disabled, there is no restriction on the number of login failures. It is strongly recommended that you enable these features, and that both the Lock Client PC and Lock Account settings are enabled.
Setting
Allowed
Timeout
Lock Client PC
Lock Account
Description
Determines the number of failed login attempts an account gets before they are prevented from accessing the KVM switch.
Determines the amount of time that the user is prevented from accessing the KVM switch after exceeding the maximum number of failed login attempts.
When this checkbox is checked, the computer used to unsuccessfully access the KVM will be locked out after exceeding the maximum number of failed login attempts. Note: This feature blocks the computer using its IP address. If the computer IP address is changed, it will be able to access the KVM in spite of this setting.
When this checkbox is checked, the account used to unsuccessfully access the KVM will be locked out after exceeding the maximum number of failed login attempts.
Filtering
To enable IP and/or MAC filtering, click the IP Filter Enable and/ or MAC Filter Enable checkbox. There are a maximum of 100 filters allowed for each.
• If the include button is checked, all the addresses within the filter range are allowed access to the B064-Series KVM Switch; all other addresses are denied access.
• If the exclude button is checked, all the addresses within the filter range are denied access to the B064-Series KVM Switch; all other addresses are allowed access.
IP Filtering
To add an IP filter:
1. Check the IP Filter Enable check box.
2. Click Add. A dialog box similar to the one below appears:
46
3. Check the IPv4 or IPv6 option, depending on what type of address you are filtering. Note: You must access the OSD via the local console or one of the non-browser clients in order to filter an IPv6 address. When accessing the OSD via browser, you are only able to set up IPv4 filters.
4. To filter a single IP address, check the Single IP checkbox and enter the IP address you want to filter in the From field. Note: This feature is not available when accessing the OSD via browser. To filter a single IP address via the browser OSD, you must enter in the same IP address in both the From and To fields.
5. To filter a range of IP addresses, enter the starting IP address in the
From field, and the ending IP address in the To field.
6. After filtering in the addresses, click OK.
7. Repeat these steps for any additional IP addresses you want to filter.
To delete an IP filter:
Select the desired IP filter from the list and click Remove.
To modify an IP filter:
1. Select the desired IP filter from the list and click Edit. An Edit dialog box similar to the Add dialog box will appear.
2. Delete the old start IP address and replace it with the new one.
3. Delete the old end IP address and replace it with the new one. Click OK.
Note: To block a computer from accessing the B064-Series KVM
Switch, you do not need to filter both its IP address and its MAC address. Any computer blocked by an IP filter will be denied access to the KVM switch, even if the computer is allowed to access the KVM switch under the MAC filters that are set up.
OSD Operation (continued)
Security
(continued)
Login String
The Login String allows the KVMs IP address to be more secure by adding extra text to the end of it. When text is entered into the Login
String field, users will need to include a forward slash (/) and the
Login String at the end of the URL to access the KVM switch. For example, if a Login String of abcdefg is entered, the user must enter a
URL such as 192.168.0.126/abcdefg.
The following characters are allowed in the login string:
0 through 9, a through z, A through Z, ~ ! @$^&*()_+’<>,.|
The following characters are not allowed:
%”:/?#\[Space]
Note: If a Login String is not entered, anyone can access the KVM switch using the IP Adress alone, making the installation less secure.
MAC Filtering
To add a MAC filter:
1. Click Add. A dialog box similar to the one below appears:
2. Type in the desired MAC address and click OK.
3. Repeat these steps for any additional MAC addresses you want to filter.
To delete a MAC filter:
Select the desired MAC filter from the list and click Remove.
To modify a MAC filter:
1. Select the desired MAC filter from the list and click Edit. An Edit dialog box box appears.
2. Delete the old address and replace it with the new one. Click OK.
Note: To block a computer from accessing the B064-Series KVM
Switch, you do not need to filter both its IP address and its MAC address. Any computer blocked by a MAC filter will be denied access to the KVM switch, even if the computer is allowed to access the
KVM switch under the IP filters that are set up.
If any filters have been configured, they appear in the IP Filter and/or
MAC Filter list boxes.
Account Policy
The Account Policy section allows rules for usernames and passwords to be regulated. The settings in this section are described in the table below.
Item Description
Minimum Username Length Sets the minimum number of characters required for each username. Values from 1 to 16 can be entered.
Minimum Password Length Sets the minimum number of characters required for each password. Values can be from 0 to 16.
Password Must Contain at Least
• One Upper Case – Checking this box will require that each password contain one upper case letter
• One Lower Case – Checking this box will require that each password contain one lower case letter
• One Number – Checking this box will require that each password contain one number
Note: Current usernames and passwords are not affected when these settings are changed. Only usernames and passwords that are created after these settings have been changed must follow the rules.
Disable Duplicate Login Checking this box will prevent users from logging in with the same username and password to open more than one session at the same time.
Encryption
This section allows you to set different encryption settings for the Keyboard/Mouse, Video and Virtual Media functions of the KVM switch. You can choose any combination of encryption methods (DES, 3DES, AES and/or RC4), you can choose to randomly switch between them or you can choose no encryption at all. Although enabling encryption will add more security to you installation, it can also slow down system performance
(mouse, keyboard, video), with the following having the most impact:
• RC4 impacts performance the least out of the four encryption methods. DES is second to least in impact, followed by 3DES and AES.
• Of all the possible combinations, a combination of RC4 and DES impacts performance the least.
47
OSD Operation (continued)
Security
(continued)
Working Mode
The Working Mode section allows you to enable/disable operation features of the KVM switch. The table below describes the available settings.
Setting Description
Enable ICMP When this box is checked, the KVM switch can be pinged. If it is not checked, the KVM cannot be pinged.
Enable Multiuser Operation When this box is checked, multiple accounts (up to 32) can log onto the same bus (see Bus Info section under
Control Panel in Remote Session Operation for details) at the same time. If not selected, the KVM switch can only be simultaneously accessed by the number of users that the unit has buses for. The B064-016-02-IPG and B064-
032-02-IPG have 3 buses each (1 local, 2 remote), and the B064-016-04-IPG and B064-032-04-IPG have 5 buses each (1 local, 4 remote).
Enable Virtual Media Write
Operation
Enable Local Virtual Media
When this box is checked, applicable virtual media (see Virtual Media section under Control Panel in Remote
Session Operation for details) will be able to have information written to it from the remote computer. If this box is not checked, any virtual media mounted to a remote computer will only be able to be viewed, and not written to.
When this box is checked, applicable USB media (see Virtual Media section under Control Panel in Remote Session
Operation for details) can be connected to the USB ports on the front of the KVM switch and accessed on the connected computers. If this box is not checked, USB media connected to the KVM will not be accessible on the connected computers.
Browser Service
Disable Authentication
When this box is checked, browser access to the KVM switch can be limited by selecting one of the three options in the drop-down menu.
• Disable Browser – Browser access is disabled completely.
• Disable HTTP – Browser access is permitted, but only when using a HTTPS URL.
• Disable HTTPS – Browser access is permitted, but only when using a HTTP URL.
When this box is checked, no authentication procedures are used to check accounts logging into the KVM. All users will be logged onto the KVM switch with full access, regardless of what account type they are. Note: Enabling this setting creates a very unsecure situation, and is not recommended.
Private Certificate
When logging into the KVM switch over a secure (SSL) connection, a certificate is required to ensure you are logging into a secure site. If a certificate is not recognized as secure, you will be prompted each time you log in to verify you want to continue to the website. This section allows you to import an Encryption Key and Certificate. To import an Encryption Key and Certificate, follow the steps below.
1. Click the Browse button to the right of Private Key, browse to where your private encryption key file is located, and then select it.
2. Click the Browse button to the right of Certificate, browse to where your certificate file is located, and then select it.
3. Click the Upload button to complete the procedure. Note: Both the Private Key and Certificate must be imported at the same time. Clicking the Restore Default button returns the KVM to the default certificate that came installed on it.
48
OSD Operation (continued)
Security
(continued)
Certificate Signing Request
The Certificate Signing Request section provides an automated way of obtaining and installing a CA signed SSL server certificate. To perform this operation, follow the steps below.
1. Click the Create CSR button. The following dialog box appears.
2. Fill in the form with the appropriate information for your company. The table below is an example of a filled out form.
Field Example
Country (2 letter code)
State or Province
Locality
TW
Taiwan
Taipei
Organization
Unit
Common Name
Your Company, Ltd.
Techdoc Department www.mycompany.com Note: This entry must be the exact domain name of the site that you want the certificate to be valid for. If the site’s domain name is www.mycompany.com, and you enter mycompany.com, the certificate will not be valid.
Email Address [email protected]
3. When all fields have been filled out (all fields are required), click the Create button.
4. Click the Get CSR button, and then save the certificate file to a convenient location on your computer. This is the file that you give to the third party CA to apply for their signed SSL certificate.
5. After you have received the certificate from the third party CA, save it to a convenient location on your computer. In the Certificate Signing
Request section of the Security page, click the Browse button and navigate to and select the certificate.
6. Click the Upload button. Note: When uploading the file, the KVM checks to make sure the specified information still matches. If it does, the file is accepted. If it does not match, the file will be rejected. If you want to remove the certificate (e.g. to replace it with a new one because of a domain name change), click the Remove CSR button.
49
OSD Operation (continued)
Date/Time
The Date/Time page allows the user to set the date and time parameters for the KVM switch. The following section describes the settings on this page.
Time Zone
• Select the Time Zone and City that most closely resembles where the KVM switch is in using the drop-down menu at the top of this section.
• If your area uses Daylight Savings Time, check the Daylight
Savings Time checkbox.
To manually set the date and time, do the following:
1. In the Date section, select the current month using the drop-down menu.
2. If needed, click the < or > buttons in the Date section to move backward or forward to the correct year.
3. In the calendar in the Date section, click on the current day.
4. In the Time section, enter in the current time using the 24 hour
HH:MM:SS format.
5. Click the Set button in the Time section to apply your changes.
Network Time
To have the time automatically synchronized to a network time server, do the following:
1. Check the Enable Auto Adjustment checkbox.
2. Select a time server from the Preferred Time Server drop-down list; or, check the Preferred Custom Server IP checkbox and enter in the
IP of your preferred time server.
3. If desired, repeat step two to enter an Alternate Time Server.
4. Key in the desired number of days between synchronization in the
Adjust Time Every __ Days field.
5. Click the Adjust Time Now button to synchronize immediately.
50
OSD Operation (continued)
Log
The B064-Series KVM switch logs all the events that take place and writes them to a log file. The Log section is split into two sub-sections; Log
Information and Notification Settings.
Log Information
The Log Information sub-section is where you can view the contents of the built-in log file. When opened, a page similar to the one below appears.
The Log Information page can store up to 512 events, at which time the oldest files are deleted and replaced with newer files. The records it displays show the Time, Severity, User and Log Information associated with the event. At the bottom of the screen are four icons, whose functionality is described below.
• Pause – Clicking the Pause button stops new events from being displayed in the Log Information page. When clicked, the icon changes to Resume. Click Resume to allow events to be displayed again.
• Clear Log – Clicking the Clear Log button will clear the records displayed in the Log Information page.
• Export Log – Clicking the Export Log button will allow you to export and save the log file to your computer.
• Filter – Clicking the Filter button opens the Filter settings, shown below, which allow you to display only records that match the filter settings entered. The filter settings are described in the table below.
Field
Time
Information
User
Priority
Reset
Exit
Example
The Time filter settings allow you to display only those records that occurred at a specific time. Below are the options.
• Today Only – Check the Today Only checkbox and click the Apply button to display only those events that occurred on today’s date.
• Start Date/Time – Check the Start Date/Time checkbox and click in the field to the right of it to bring up a calendar that allows you to select a desired date and time. Click the Apply button to display all of the events that occurred between the date/time entered into the Start Date/Time field and the present date/time.
• End Date/Time – This setting works in conjunction with the Start Date/Time field. Check the Start Date/Time checkbox and click in the field to the right of it to bring up a calendar that allows you to select a desired date and time. Check the End Date/Time checkbox and click in the field to the right of it to bring up a calendar that allows you to select a desired date and time. Click the Apply button to display all of the events that occurred between the date/time entered into the Start Date/Time field and the date/time entered into the End Date/Time field.
The Information field allows you to type in a key word or string, and display only those records that contain the search term. Simply type in a search term and click the Apply button.
The User field allows you to type in a user name, and display only those records that contain the text that you entered in the User field. To filter by User, you must check the User checkbox, type in a search term, and then click the Apply button.
The Priority fields allow you to filter by the Priority of the event being recorded; Least, Less or Most. To filter by
Priority, check the Priority checkbox, then check the Priority level checkbox(es) that you wish to filter by, and then click the Apply button.
Click the Reset button at any time to clear any filter settings that were entered and display all events.
Click the Exit button to close the Filter settings.
Notification Settings
The Notification Settings sub-section allows you to select which events are sent out to SNMP, SMTP and SysLog servers. Simply check the checkboxes in the rows of the events that you want notifications sent out for, and in the column(s) of the methods you want them to be sent to. When checked, the corresponding event notification will be sent using the corresponding method. Note: You can check multiple boxes at the same time using the [Shift] or [Ctrl] keys. To highlight a group of consecutive ports, start by highlighting the first port, hold down the [Shift] key, and then highlight the last port that you wish to highlight. All ports from the first one you highlighted to the last will be highlighted. You can then click on any of the permission checkboxes to change that permission for all of the highlighted ports. To highlight multiple non-consecutive ports, start by highlighting the first port, hold down the [Ctrl] key, and then highlight each additional port one by one while continuing to hold down the [Ctrl] key. When all of the desired ports are highlighted, click on any checkbox to change that permission for all of the highlighted ports.
51
OSD Operation (continued)
Maintenance
The Maintenance section is used to upgrade the B064-Series KVM Switch’s firmware, as well as the firmware of the Server Interface Units
(SIUs) used to connect its ports to the installed devices.
Note: Super Administrators are the only users who are guaranteed access to the Maintenance section of the KVM. Administrators and Users can only access this function if they are given permission.
The Main Screen
The Maintenance section can be used to upgrade the KVM and
SIU firmware, backup/restore system configuration and account information, ping network devices, and restore the KVMs default values. When selected, the Maintenance section opens with the
Upgrade Main Firmware subsection displayed.
Upgrade Main Firmware
The Upgrade Main Firmware sub-section is used to upgrade the firmware of the KVM switch. As firmware upgrades become available, they can be found on www.tripplite.com/support. To upgrade the KVM firmware, follow the steps below.
1. Go to www.tripplite.com/support to download the most current firmware and save it to a computer that is not connected to the
KVM switch.
2. Logon to the OSD, and navigate to the Maintenance section, which will open with the Upgrade Main Firmware sub-section page displayed.
3. By default, the Check Main Firmware Version box is checked, which causes the KVM to check to see if the current firmware is newer than that of the firmware file you are using to upgrade the
KVM. If the current version is newer, you will not be allowed to continue with the upgrade. If you wish to perform a firmware upgrade without checking to see if the current firmware version is newer than the upgrade file, simply uncheck this checkbox.
4. Click the Browse button, and then navigate to and select the firmware upgrade file you downloaded from the Tripp Lite website.
When selected, the Upgrade Firmware button becomes active.
5. Click the Upgrade Firmware button to begin the firmware upgrade.
As the upgrade proceeds, progress is shown in the Upload Progress bar.
6. When the upload is complete, a pop-up appears stating System will reboot in a few seconds . The KVM switch will reboot (this may take a few minutes), and the upgrade will be complete. In the event of a firmware upgrade failure, see the Main Firmware Upgrade
Recovery section below.
Main Firmware Upgrade Recovery
Should the KVM firmware upgrade procedure fail, and the switch becomes unusable, follow the steps below to restore the KVM.
1. Power off the KVM.
2. Press and hold the Reset switch on the front of the unit.
3. Power on the KVM while holding down the Reset switch.
4. The KVM will be restored to the originally installed firmware version. You will now be able to access the KVM switch and try upgrading the firmware again.
52
OSD Operation (continued)
Maintenance
(continued)
Upgrade Adapters
In addition to upgrading the KVM firmware, the Maintenance section allows you to upgrade the firmware of the connected SIUs. The firmware upgrade file for the master KVM also contains the firmware for the SIUs, so you do not need separate files for each SIU. Once you have uploaded the most current KVM firmware, the most current
SIU firmware is available via the Upgrade Adapters sub-section.
Note: Only those SIUs that are directly connected to the master KVM switch can be upgraded. SIUs that are connected to cascaded KVMs will not be upgradeable via the master KVMs Maintenance section.
To upgrade the firmware to the connected SIUs, follow the steps below.
1. Logon to the OSD, and navigate to the Maintenance section, which will open with the Upgrade Main Firmware sub-section page displayed. Select the Upgrade Adapters sub-section. The Upgrade
Adapters page opens, with a list of KVM ports displayed, and the model number and firmware version number of the connected SIUs listed to the right of the port number.
2. By default, the Check Adapter Firmware Version box is checked, which causes the KVM to check to see if the current firmware is newer than that of the firmware file you are using to upgrade the SIUs. If the current version is newer, you will not be allowed to continue with the upgrade. If you wish to perform a firmware upgrade without checking to see if the current firmware version is newer than the upgrade file, simply uncheck this checkbox.
3. Click the Adapter Firmware Info button to display the most current
SIU firmware versions available on the KVM switch. Compare this information with the firmware version numbers displayed in the
Upgrade Adapters list. If the version number displayed next to the connected SIUs is older than that in the Adapter Firmware Info list, you should upgrade the firmware.
4. Check the checkbox next to each SIU you wish to upgrade. Check the master KVM checkbox to automatically check all SIUs at once.
5. Click the Upgrade Adapters button to begin the firmware upgrade. As the upgrade proceeds, progress is shown in the Status column.
6. When the upgrade is finished, the Status column will display the text
Upgrade Successful.
In the event of a firmware upgrade failure, see the
SIU Firmware Upgrade Recovery section below.
SIU Firmware Upgrade Recovery
Should the SIU firmware upgrade procedure fail, and the SIU becomes unusable, follow the steps below.
1. Unplug the SIU from the computer/server it is connected to.
2. Slide the Firmware Upgrade Recovery switch (located next to the Cat5 connector) to the Recover position.
3. Plug the SIU back into the computer/server.
4. Start the SIU firmware upgrade procedure again.
5. After the SIU has been successfully upgraded, unplug it from the computer/server, slide the Firmware Upgrade Recovery switch to the
Normal position, and plug it back in.
53
advertisement
Related manuals
advertisement