DDM Distributed Database Manager for SQL and ODBC

DDM Distributed Database
Manager
for SQL and ODBC
Installation and User Guide
Version 5.27.xx
Communication Devices Inc.
85 Fulton St.
Boonton, NJ 07005
USA
Phone: 800 359 8561
Fax: 973 334 0545
Internet: [email protected]
Last Revision 4/2010
Table of Contents
1
INTRODUCTION .......................................................................................................................... 1-1
1.1
1.2
1.3
1.4
1.5
2
OVERVIEW .................................................................................................................................. 2-1
2.1
2.2
2.3
3
DDM VERSIONS................................................................................................................... 1-1
WHAT THIS MANUAL CONTAINS ............................................................................................. 1-1
SYSTEM REQUIREMENTS ...................................................................................................... 1-1
README FILES ..................................................................................................................... 1-2
CONTACT INFORMATION ....................................................................................................... 1-2
CDI’S ROLE IN NETWORK SECURITY ..................................................................................... 2-1
DEVICE MANAGEMENT.......................................................................................................... 2-2
DATABASE ORGANIZATION .................................................................................................... 2-2
INSTALLING THE DDM SQL VERSION..................................................................................... 3-1
3.1
INSTALL THE DDM SQL SOFTWARE. ..................................................................................... 3-1
3.2
CREATE, INSTALL, OR UPGRADE THE DDM DATABASE ON THE SQL SERVER.......................... 3-4
3.2.1 Create New SQL Server DDM Database ........................................................................ 3-4
3.2.2 Create New Server DDM Database and import DDM Database Data............................ 3-5
3.2.3 Create/Upgrade SQL Server and Import DDM Databases ............................................. 3-5
3.2.4 Upgrade Existing SQL Server DDM Database................................................................ 3-5
3.2.5 Upgrade DDM Client Only ............................................................................................... 3-6
3.4
EXECUTING THE DDM SQL PROGRAM:................................................................................. 3-7
3.5
ACCESSING THE PROGRAM ................................................................................................... 3-7
4
INSTALLING THE DDM ODBC VERSION.................................................................................. 4-1
4.1
4.2
5
INSTALLATION STEPS FOR DDM ODBC VERSION .................................................................. 4-1
ACCESSING THE PROGRAM ................................................................................................... 4-3
GETTING STARTED.................................................................................................................... 5-1
5.1
STARTING THE DDM PROGRAM ............................................................................................ 5-1
5.2
NAVIGATING THE DDM SOFTWARE ........................................................................................ 5-1
5.3
OPENING SCREEN ................................................................................................................ 5-2
5.3.1 Device View ..................................................................................................................... 5-2
5.4
INSTALLATION AND SET UP OVERVIEW .................................................................................. 5-4
6
WORKING WITH GROUPS ......................................................................................................... 6-1
6.1
6.2
6.3
6.4
6.5
6.6
6.7
6.8
ADD A GROUP ...................................................................................................................... 6-1
RENAME A GROUP ............................................................................................................... 6-3
DELETE A GROUP ................................................................................................................ 6-3
GROUP MODIFICATIONS ....................................................................................................... 6-3
UNIGUARD GROUP MODIFICATIONS ...................................................................................... 6-4
PORT AUTHORITY GROUP MODIFICATIONS ............................................................................ 6-6
MULTIGUARD GROUP MODIFICATIONS .................................................................................. 6-8
REAL TIME LOG LIST ............................................................................................................ 6-9
6.9
ENABLING THE REAL TIME LOG LIST.................................................................................... 6-10
6.9.1 Printing, Saving and Deleting the DDM Real Time Log ................................................ 6-11
6.9.2 Deleting items from the DDM Real Time Log................................................................ 6-12
7
DEVICES ...................................................................................................................................... 7-1
7.1
ADD A DEVICE TO A GROUP ................................................................................................... 7-1
7.1.1 Duplicate a Device........................................................................................................... 7-1
7.1.2 Move a Device ................................................................................................................. 7-1
7.1.3 Use the Device Wizard to add a device .......................................................................... 7-1
7.1.4 Modifying Device Properties............................................................................................ 7-3
7.1.5 Renaming a Device ......................................................................................................... 7-3
7.1.6 Deleting a Device ............................................................................................................ 7-3
7.2
CONFIGURING A DEVICE ....................................................................................................... 7-3
7.2.1 Device Info Screen .......................................................................................................... 7-4
7.2.2 Country Dialing Using the DDM....................................................................................... 7-7
7.3
SETTING THE NETWORK PROPERTIES OF A SPECIFIC DEVICE ................................................. 7-8
7.3.1 Network Properties, IP Configuration .............................................................................. 7-8
7.3.2 DDM Heartbeat Attributes ............................................................................................. 7-10
7.3.3 DNS Attributes ............................................................................................................... 7-11
7.3.4 SNMP Attributes ............................................................................................................ 7-11
7.3.5 Network Properties (versions below 4.01)..................................................................... 7-11
7.3.6 Network Properties (IP type set for external) ................................................................ 7-12
7.4
SYSTEM OPTIONS .............................................................................................................. 7-12
7.4.1 Port Authority SAM Host Devices.................................................................................. 7-13
7.4.2 SAM Authentication Process ......................................................................................... 7-14
7.4.3 Port Authority devices.................................................................................................... 7-14
7.4.4 UniGuard devices .......................................................................................................... 7-14
7.4.5 UniGuard Clients ........................................................................................................... 7-15
7.5
COMMUNICATIONS SCREEN ................................................................................................ 7-16
7.6
DEFINED PORTS SCREEN ................................................................................................... 7-16
7.6.1 Port Properties - Host Port Configuration...................................................................... 7-18
7.6.2 Power Port Configuration .............................................................................................. 7-18
7.6.3 Slave Device Setting (For Port Authority Only) ............................................................. 7-18
7.6.4 Programmable ESC Code ............................................................................................. 7-18
7.7
REMOTE ENCRYPTORS SCREEN ......................................................................................... 7-19
8
CLIENT ENCRYPTORS............................................................................................................... 8-1
8.1
PORT AUTHORITY SAM CLIENT ............................................................................................ 8-1
8.1.1 Device Info Screen for a Port Authority SAM Client Device,........................................... 8-2
8.1.2 System Options for Port Authority SAM Client Encryptor ............................................... 8-4
8.1.3 Communications Screen for Port Authority SAM Client Device ...................................... 8-6
8.2
UNIGUARD CLIENT ENCRYPTOR ........................................................................................... 8-7
8.2.1 AES/TDES Mode for UniGuard Client............................................................................. 8-7
8.2.2 Client Encryptor pre-dialog .............................................................................................. 8-7
8.3
UNIGUARD CLIENT ............................................................................................................... 8-8
8.3.1 Adding a UniGuard Client................................................................................................ 8-8
8.3.2 UniGuard Client Device Information Screen ................................................................... 8-8
8.3.3 Network Properties for a UniGuard Client ..................................................................... 8-10
8.3.4 UniGuard Client, System Options.................................................................................. 8-11
8.3.5 Communications Screen UniGuard Client..................................................................... 8-12
8.4
SSE CLIENT ...................................................................................................................... 8-13
8.4.1 Adding an SSE Client .................................................................................................... 8-14
9
USERS ......................................................................................................................................... 9-1
9.1
ADD A USER ......................................................................................................................... 9-1
9.1.1
User Info ....................................................................................................................... 9-2
9.1.2
User Security................................................................................................................ 9-3
9.1.3
Token Key Info Screen................................................................................................. 9-4
9.1.4
RSA SecurID Token Info .............................................................................................. 9-5
9.1.5
Encryption User and ENCRYPTOR ............................................................................. 9-6
9.2
ADDING EXISTING USERS TO A GROUP.................................................................................. 9-7
9.3
DELETE A USER FROM A GROUP ........................................................................................... 9-7
9.4
LISTING USERS OF A GROUP ................................................................................................ 9-7
9.5
MODIFY PROPERTIES OF A USER .......................................................................................... 9-8
9.6
USER LOCK LIST .................................................................................................................. 9-8
9.7
USER MANAGEMENT LIST ..................................................................................................... 9-8
10
SETTINGS............................................................................................................................... 10-1
10.1 SETUP SCREEN.................................................................................................................. 10-1
10.1.1 Modem Properties ...................................................................................................... 10-3
10.1.2 Setup Properties for UniGuard................................................................................... 10-3
10.2 DATABASE UTILITIES .......................................................................................................... 10-3
10.3 DB ADMINISTRATOR LIST................................................................................................... 10-4
10.3.1 Enabling Automatic Services and Database Management........................................ 10-4
10.3.2 Unlock Database Records.......................................................................................... 10-5
10.3.3 DDM Seat Licenses DDM SQL only .......................................................................... 10-5
10.3.4 Add Seat Licenses to Database DDM SQL only........................................................ 10-5
10.4 DEVICE LICENSE ................................................................................................................ 10-6
10.4.1 Adding Device Licenses to the database ................................................................... 10-6
10.5 RSA SECURID TOKEN ATTRIBUTES .................................................................................... 10-6
10.5.1 RSA Pin Length.......................................................................................................... 10-7
10.5.2 RSA Next Pin Mode ................................................................................................... 10-7
10.6 RSA SECURID ENABLE FILES ............................................................................................ 10-7
10.6.1 Add RSA SecurID Enable Files.................................................................................. 10-8
10.7 DDM LOG FILES PURGING SETUP ...................................................................................... 10-8
10.8 DEFINE SNMP EVENTS ...................................................................................................... 10-9
10.9 SETTING UP MULTIPLE DDM POLLING ............................................................................... 10-10
10.9.1 MultiPoll\License File Path DDM SQL only .............................................................. 10-10
10.9.2 DDM Polling Stations ............................................................................................... 10-10
10.9.3 Adding Poll Stations ................................................................................................. 10-10
10.9.4 SELECT GROUPS TO POLL ................................................................................................ 10-11
10.9.5 Edit a Station ............................................................................................................ 10-11
10.9.6 Deleting a Station ..................................................................................................... 10-11
10.10 DDM IP DIALOUT LIST ..................................................................................................... 10-11
10.10.1 Adding a non-CDI device ......................................................................................... 10-12
10.10.2 Edit a non-CDI Device.............................................................................................. 10-13
10.10.3 Delete Device ........................................................................................................... 10-13
10.10.4 Adding CDI Devices to the IP Dialout ................................................................... 10-14
10.11 EMAIL ALARM ALERT LIST ................................................................................................. 10-14
10.11.1 Enabling the Email Alerts feature.......................................................................... 10-15
10.11.2 Email User Properties ........................................................................................... 10-16
10.11.3 Adding an Email User ........................................................................................... 10-16
10.12 DISPLAY DDM REGISTRATION FORM ................................................................................ 10-18
10.13 SSM SETTING ................................................................................................................. 10-18
10.14 DDM RADIUS SERVICE .................................................................................................... 10-18
10.15 EXPORT DDM DATABASE TO XML FILE ............................................................................ 10-18
11
PROGRAMMING DEVICES ................................................................................................... 11-1
11.1 PROGRAM MENU ................................................................................................................ 11-1
11.2 PROGRAMMING DEVICES OVERVIEW ................................................................................... 11-3
11.2.1 Program-Update Device............................................................................................. 11-3
11.2.2 Program-Reload Device ............................................................................................. 11-4
11.2.3 Program Group........................................................................................................... 11-4
11.3 RESET A GROUP ................................................................................................................ 11-4
11.4 PROGRAMMING FLASH FOR A SELECTED GROUP ................................................................. 11-5
11.5 PROGRAMMING FLASH FOR A SELECTED DEVICE ................................................................. 11-5
11.6 PROGRAM ALL DEVICES ..................................................................................................... 11-5
11.7 TELNET TO DEVICE............................................................................................................. 11-6
11.8 STATUS ............................................................................................................................. 11-6
11.9 PROGRAM DEVICE CONTACT LIST ....................................................................................... 11-6
11.10 CONFIGURE THE IP CARD OF A DEVICE................................................................................ 11-7
11.11 DDM PROGRAMMING A REMOTE SSE USING MODEM COMMUNICATIONS.............................. 11-7
11.12 DDM FLASH PROGRAMMING A REMOTE SSE USING MODEM COMMUNICATIONS ................... 11-8
11.13 DISPLAYING THE DDM REAL TIME INFORMATION FOR A SELECTED DEVICE ........................... 11-8
11.14 DISPLAYING THE AUDIT INFORMATION FOR A DEVICE ........................................................... 11-9
11.15 PROGRAM GROUP FLASH DEVICES IP CARD ..................................................................... 11-10
11.16 CLEAR DEVICE ................................................................................................................. 11-11
12
REPORTING AND MAINTENANCE ...................................................................................... 12-1
12.1 REPORT VIEW .................................................................................................................... 12-1
12.2 REPORT TEMPLATES .......................................................................................................... 12-2
12.3 AUDIT TRAIL MAINTENANCE ................................................................................................ 12-3
12.3.1 Purging the Audit Trail................................................................................................ 12-4
12.3.2 Archive DDM ODBC Databases ................................................................................ 12-4
12.3.3 .Purging the Audit Trail............................................................................................... 12-4
12.3.4 Purging the DDM Real Time Log ............................................................................... 12-5
12.4 EXIT THE REPORT SECTION AND RETURN TO THE DEVICES/USER VIEW ................................ 12-6
13
DDM POLLING SERVICES .................................................................................................... 13-1
13.1 ABOUT POLLING SERVICES ................................................................................................. 13-1
13.2 EDITING A POLLING SERVICE .............................................................................................. 13-2
13.3 ACCOUNT TYPES ............................................................................................................... 13-3
13.4 POLLING MODES ................................................................................................................ 13-5
13.4.1
Poll all devices in the database............................................................................... 13-5
13.4.2
Poll by selected groups........................................................................................... 13-5
13.4.3
Poll by selected devices.......................................................................................... 13-6
13.5 INSTALLING A POLLING SERVICE ......................................................................................... 13-7
13.5.1
Scheduling a Service .............................................................................................. 13-8
13.5.2
Stopping or Deleting a Polling Service.................................................................. 13-10
14
TROUBLESHOOTING............................................................................................................ 14-1
Appendix A Cabling
Appendix B Multiport Options
Appendix C Audit Trail Events
1 INTRODUCTION
The Distributed Database Manager (DDM) software products are designed to
remotely manage the databases of CDI’s UniGuard, Port Authority, Port Authority
SAM, and SSE devices.
The software products are menu-driven and easily learned. The program is designed
to function using the Windows XP, operating system. Windows Server 2003 and
MS/SQL 2005 are recommended for DDM SQL server installations.
1.1
DDM Versions
Two versions of the DDM are available: DDM SQL and DDM ODBC.
The DDM SQL version is designed to handle multiple concurrent sessions. Through
the SQL Server database, a number of DDM managers can access the database
simultaneously. The DDM databases are stored on the SQL Server database and are
easily modified, synchronized, and updated. All information can be backed up for
easy and safe restoration in the event of system failure using the SQL Server
database utilities.
The DDM ODBC version cannot handle multiple concurrent sessions and is meant
for a single DDM connection on the concurrent machine. The DDM ODBC databases
are stored on a Microsoft Access database. All information can be backed up for
easy and safe restoration through the DDM ODBC Utilities.
1.2
What this Manual Contains
This manual will provides installation and operation instructions for both the SQL and
the ODBC versions of the DDM program.
Installation and operation instructions for the Port Authority, Port Authority SAM, and
SSE devices are detailed in their respective manuals.
1.3
System Requirements
The DDM software requires a workstation (PC) that meets the following
requirements.
Memory: 1GB RAM minimum
Operating System: Windows XP, Windows 2003 server
Hard Drive: 100 GB minimum
CD or DVD drive
Access to a SQL Server 2005
1-1
The program is loaded from a CD ROM Disk. A separate mini-CD disk, “The Device
License” disk, is provided which will enable the number of devices (UniGuard, Port
Authority and or SAM Units) allowed stored in the system. The number of devices
that can be managed is virtually infinite, limited only by the storage capacity of the
workstation.
1.4
Readme Files
The program disk contains a readme file that contains the updates and related
information. Please read this file before installing the software.
1.5
Contact Information
If you need to contact us, please call Communication Devices Inc. at
1-800-359-8561 or visit us at www.commdevices.com.
1-2
2 OVERVIEW
A network is comprised of routers, firewalls, and other network elements. These
elements are usually monitored by Network Operations Center (NOC) technicians.
When there is a problem, the technicians must access the console port of the router
or other network element to reset the device or perform other maintenance. The
console port can be accessed by in-band or out-of-band communications.
For security purposes, it is important to limit access to this port to authorized users,
and protect the information being sent from the technician to the router or other
element.
2.1
CDI’s Role in Network Security
CDI offers devices that provide both authentication and encryption functions or
authentication only. These devices provide secure out-of-band communication
between the technicians and network elements. Out-of-band communication uses a
secondary path for communication providing more security and enabling devices to
be contacted even when there is a network problem
Before accessing a router, a technician connects to a CDI UniGuard or Port Authority
device and authenticates. Each CDI device maintains a database of authorized
users and authentication information. Once the user has successfully authenticated,
he/she is permitted to access the network element. All information is encrypted. On
the NOC side, a UniGuard device can be set to encryption mode only and encrypt the
information being sent by the technician.
Figure 2-1 Example of Secure Out-of-Band Management for Routers
2-1
In certain situations, the encryption of data is not required. For these situations, a
secure authentication modem (SAM), which operates out-of-band and provides
authentication only, can be installed.
2.2
Device Management
The CDI devices are managed remotely by the CDI’s Distributed Database Manager
(DDM) application running on a Windows PC. The number of devices managed by
the DDM is limited by the resources of the PC.
The DDM provides centralized management and maintains a central database of
users and devices enabling devices and users to be added, deleted, or modified from
one location.
Each UniGuard and Port Authority device has a local database updated from the
DDM database. The DDM communicates with remote devices over dial-up phone
lines, serial ports, or IP connections. All communications are encrypted.
2.3
Database organization
The central database maintained by the DDM is separated into groups. A group is a
collection of devices that share a common user database. A group can be defined by
region, company, or by some other association. A device can only belong to one
group but an individual user can be assigned to multiple groups.
When changes are made to the database, the changes can be sent to one device,
devices of one group, or all devices. A log file is maintained by the DDM for tracking
system events, such as database updates.
GROUP DATABASE STRUCTURE
GROUP
USERS
New York Corp
J. Williams
H. Peterson
S. Murphy
M. Clarke
DEVICES
Port Authority
UniGuard1
UniGuard2
UniGuard3
Figure 2-2 Group Database Structure
In this example, the Group New York Corp has four users, each having access to any
of four devices. If a device is a multiport device, such as the Port Authority, a user
may have access to a single port, several ports, or all ports of the Port Authority.
The number of devices assigned to a group as well as the total number of groups is
virtually infinite, limited only by the storage capacity of the computer running the DDM
program.
2-2
3 INSTALLING THE DDM SQL VERSION
This section provides the DDM Administrator with DDM Installation instructions for
the SQL version. The SQL version should be installed if multiple concurrent sessions
are necessary.
To install the DDM SQL version, you must install the software and then create,
upgrade, or install DDM database.
.
3.1
Install the DDM SQL software.
Place the installation CD-ROM in your
CD drive. After a few seconds, the
Installation Guide screen is displayed.
To install the DDM software, click on
the “Install CDI Distribution Database
Manager Software” link.
The InstallShield Wizard, which guides
you through the installation, is installed.
The InstallShield Wizard starts the
installation of the DDM-SQL software.
Click Next to continue with the
installation.
3-1
The Software License Agreement is
displayed. After you have read it, click
the appropriate radio button to accept
the agreement. Click Next to continue
with the installation
The Customer Information screen is
displayed. Enter your User name and
Organization and select an installation
option.
The first option allows anyone who has
access to this computer to use this
program. The second one limits access
to the user whose name appears in the
User Name window.
Click Next to continue the installation.
During this part of the installation you
will need to choose the folder in which
the DDM Software is to be installed. To
use the suggested folder, click Next to
continue or click Change to select a
different location.
3-2
After all the required information has
been entered, the DDM Install Shield
Wizard displays a summary page of the
information entered. To change the
information, click Edit. If no changes
are required, click Install to start the
installation process.
A completion message is displayed when
the software has been successfully
installed. Click Finish to close the
InstallShield Wizard.
After you click Finish, the DDM Registration
Form is displayed. To be eligible for
covered upgrades and support, this form
must be returned to CDI. You may submit
the form by email or print it and send it to
the address listed on the form.
CDI needs this information to contact you,
or the current administrator with important
updates that may affect the performance of
the products. This is not used as a sales
tool
Remove the CD ROM Disk from the drive.
3-3
3.2
Create, Install, or Upgrade the DDM Database on the SQL Server.
After the DDM program has been installed, you must then create, load, or upgrade
the databases on the SQL server. Click on the appropriate option. Each option is
explained below.
You must logon on to the SQL Server and have administration
rights. You will be asked to confirm that you have the
appropriate rights to create a new or modify the SQL database
before you can continue.
3.2.1 Create New SQL Server DDM Database
Select the "Create New SQL Server DDM Databases from the DDM Database” if you
are installing the database for the first time. This means that the DDM database
does not exist on the SQL Server and old DDM databases (access databases) do not
need to be imported onto the SQL Server.
You will be asked to confirm that you have the appropriate rights to create a new
SQL database before you can continue.
If the database already exists, a message indicating this is displayed.
3-4
3.2.2 Create New Server DDM Database and import DDM Database Data
Select the "Create New SQL Server DDM Databases and Import Access DDM
Database Data to the new SQL Server DDM Database” only if the DDM Database
does not exist on the SQL Server and you need to import old DDM Databases
(access databases) onto the SQL Server.
Before you start, make sure all users are disconnected from the DDM databases.
Copy the databases ddmdata.mdb and ddmlog.mdb databases to another directory
as a backup.
The DDM installation will create the DDM databases in the SQL Server, then copy
the database information from the old DDM databases to the new SQL Server DDM
databases.
TIP
It may take as long as 15 minutes to import large DDM databases.
To avoid interference from the network during this time, copy the
databases to your local PC and perform the upgrade there. Point
the “ddmdata” and “ddmlog” databases to this directory on your
PC from the ODBC Administrator dialog in the Windows Control
Panel and then continue with the upgrade.
3.2.3 Create/Upgrade SQL Server and Import DDM Databases
To Create/Upgrade an SQL Server and Import Multiple Access DDM Databases into
the SQL Server, click on the button labeled Create/Upgrade an SQL Server and
Import Multiple Access DDM Databases into the SQL Server.
3.2.4 Upgrade Existing SQL Server DDM Database
Select the " Upgrade Existing Server DDM Database” option from the DDM Database
Upgrade Program screen. For this to occur the DDM databases must already exist in
the SQL Server.
You will need to logon to the SQL Server and have administration rights to be able to
create and alter databases. The DDM installation will upgrade the DDM databases in
the SQL Server.
3-5
Enter a Username and Password that has full rights in the SQL Server.
3.2.5 Upgrade DDM Client Only
Select the button labeled "Upgrade DDM Client Only" from the DDM Database
Upgrade Program screen. This will only install or upgrade the DDM Client files,
bypassing a SQL Server DDM database creation or upgrade process.
For RSA SecurID Token type users that are RSA SecurID Token type, RSA SecurID
will supply a disk with their serial numbers.
3.3 Version Control
At the end of the installation, the user is given the option of implementing DDM Version
Control. When version control is implemented, DDM stations can be updated to the
latest production DDM software when the DDM program is started. If the DDM version is
below 5.27.01, a query will be presented to the DDM user to update its files to the latest
DDM production files. The DDM Database level in the SQL Server must be at or above
version 5.26 for this to be presented to the DDM user.
If Version Control is not implemented during the installation, the install files would have to
be run again in order to get to the option of implementing Version Control.
3-6
If the user accepts this installation query, the installation will create a directory
(…\\DDMInstalls\DDM52701\...) in the shared path (License File Path) with all the DDM
installation files for version 5.27.01. The DDM/SSM users must have full rights to this shared
path. If this path is not defined, DDM Version Control cannot be implemented.
3.4
Executing the DDM SQL Program:
Once the CDI Distributed Database Manager SQL has been successfully installed,
remove the Distributed Database Manager CD ROM disk from the CD ROM.
To run the CDI Database Manager application, click the Start button and then select
CDI DDM Manager SQL from the program list. You may also start the application
from the Finished Installation window.
3.5
Accessing the Program
To access the program, the DDM user must successfully authenticate by using one
of two types of SQL Server authentication: Trusted Connection or SQL Server User
Name/Password.
3-7
Trusted Connection
A Trusted Connection uses Windows authentication credentials. Enter the user
name and password that you use to logon to your PC workstation.
SQL Server User Name/Password
The SQL Server authentication relies on the SQL server security options set up by
the System Administrator. You must enter the SQL Server name to successfully
logon to the DDM SQL Server.
Connection Timeout: Enter the number of seconds the system will wait to connect
to the SQL Server (default value is 15 seconds).
3-8
4 INSTALLING THE DDM ODBC VERSION
This section provides the DDM Administrator with DDM instructions for the
installation of the DDM Installation—ODBC version. The ODBC version is selected
when capability of multiple concurrent sessions is not necessary and there are a
limited number of users.
4.1
Installation Steps for DDM ODBC Version
Place the installation CDROM in your CD
drive. After a few seconds, the Installation
Guide screen is displayed. To install the
DDM software, click on the “Install CDI
Distribution Database Manager Software”
link.
The InstallShield Wizard guides you
through the installation of the DDM-ODBC
software. Click Next to continue with the
installation.
The Software License Agreement is
displayed. After you have read it, click the
appropriate radio button to accept the
agreement. Click Next to continue with the
installation
4-1
The Customer Information screen is
displayed. Enter your User name and
Organization and select an installation
option.
The first option allows anyone who has
access to this computer to use this program.
The second one limits access to the user
whose name appears in the User Name
window.
Click Next to continue the installation.
During this part of the installation you will
need to choose the folder in which the DDM
Software is to be installed. Click Next to use
the suggested folder or click Change to
select a different location.
After all the required information has been
entered, the DDM Install Shield Wizard
displays a summary page of the information
entered. To change the information, click
Edit. If no changes are required, click Install
to start the installation process.
4-2
A completion message is displayed when the
software has been successfully installed.
Click Finish to close the Install Shield
Wizard.
After you click Finish, the DDM Registration
Form is displayed.
To be eligible for covered upgrades and
support, this form must be returned to CDI.
You may submit the form by email or print it
and send it to the address listed on the form.
CDI needs this information to contact you, or
the current administrator with important
updates that may affect the performance of
the products. This is not used as a sales tool
Remove the CD ROM Disk from the drive.
4.2
Accessing the Program
When the program is accessed, the DDM
ODBC user must successfully authenticate to
enter the DDM ODBC program.
Enter the same "user name" that you use to
initially log on the PC. This is a security
measure to insure that only valid users can
access the program.
4-3
5 GETTING STARTED
This section describes how to get started using the DDM program to manage
UniGuard, Port Authority, and SAM devices.
5.1
Starting the DDM Program
Start the DDM program either from the Start Menu or by clicking the DDM desktop
shortcut. After you enter your username and password, the Opening screen is
displayed.
Figure 5-1 Opening screen, Device/User View
5.2
Navigating the DDM software
The DDM software is menu-driven and easy to navigate. Dropdown menus list
options.
5.3
Help
A brief description of the option and links is displayed when you rollover the option
with your mouse.
5-1
5.4
Opening Screen
The options displayed in the menu bar depend on whether Device/User or Report
View is selected. To switch views, click View in the Menu bar.
•
Device/User view is the default view. It is used when adding or modifying
groups, devices, or users.
•
Report View is selected when creating or viewing reports. Please refer to
section 12 for more information about Report View and reports.
5.4.1 Device View
The left pane of the screen displays the Group List. The right pane displays the
names and certain attributes of the devices in a selected group.
Group List
The Group List is displayed in the left pane. The Group List may be expanded to
display all groups. The Groups displayed in the Group List will have been retrieved
from the DDM Databases in the SQL Server.
The Device Not Contacted List is a list of all devices in the system that have not been
programmed and/or an error has occurred in the programming of a CDI device.
The DDM Real Time Log List is a list of all events that happen to a device in real
time. The device must have an IP card to communicate with the PC running the DDM
program and the DDM Real Time Log must be enabled on the particular DDM PC.
Each Group may be expanded to display information pertaining to the Groups: A
Group may be compressed to display the only the Group name.
•
•
•
•
•
•
Devices in the Group
Client Encryptors in the Group
Users in the Group
User Locked List
New Device Template for the Group
Group Modifications
5-2
Devices and Attributes
The right pane lists the names and attributes of devices of a group.
Each field is described below:
•
Device Name: Name given to the device when the device was added.
•
Device Type: Type of device, such as Master Port Authority-88 with IP,
UniGuard with IP, Port Authority 11SAM.
•
Device Mode: Authentication mode of the device
Standard (default)
Auto Authentication/Encryption – Connects to the device in an
encrypted session but goes directly into the port list without a user
ID/password authentication.
RSA SecurID Device – Allows the device to use RSA tokens for
authentication.
•
Host ID: A unique number used to identify the device in the DDM database.
The serial number of the device is used as the Host ID.
•
Program Status: Indicates whether the device can be contacted.
This field will be blank if there are no problems with the device. If there
was a problem programming or contacting the device, it will display a
message in red.
Examples:
No Contact From Device: A device that has heartbeat
properties configured and did not send the heartbeat “I’m Alive”
message back to the DDM.
Invalid Communications: Failed to connect to the device.
Error in Programming: Failed during programming of the
device.
Invalid System Key: The system key that is programmed into
the device is different than the device record in the DDM.
Invalid System Password: The system password that is
programmed into the device is different than the device record
in the DDM.
•
Version: Current firmware version of the device.
•
Phone Number: Phone number used to contact the device.
•
IP address: IP address of device.
5-3
•
IP version: Current IP card firmware version.
•
Def Credentials (Default Credentials):
PK: Indicates that both the device’s system password and system key
are at default levels.
P: Indicates the device’s system password is at a default level.
K: Indicates that the device’s system key is at a default level.
5.4.2 Viewing Device Status
To view the device status, right-click on the device name. The Device Properties
screen will be displayed. The Device Status is displayed on the right-hand side. The
Device status displays the program status of the device when the DDM attempts to
connect to the device.
The program status may be Idle, In use, or Alarm. Each status type is described
below:
Idle: The device is available to connect to the DDM
In Use: The device is already connected to the DDM
Alarm:: The device is in an alarm state and cannot be connected to the DDM.
To clear the device status, right-click on the status and select “Clear Device Status to
Idle.” Select “Set Device Status to Alarm” to put the device into an alarm state.
5.4.3 Report View
Please refer to section 12 for more information about Report View and reports.
5.5
Installation and Set Up Overview
An overview of the steps to install and set up the DDM program are listed below.
1. Install the DDM application on a computer running Windows. The Install
Wizard will guide you through the steps. (Sections 3 and 4).
2. Create one or more groups. For each group, enter a Group name, the main
device type, and the primary and secondary (optional) communication
method. (Section 6)
3. Set up the device template. Any changes made to the device template will
appear every time a device is added to the group. (Section 6.1)
4. Add devices or client encryptors to the group. Select the device type and
enter a device name. Unless otherwise configured, the parameters in the
device template will be used. (Sections 7 and 8).
5. Add users to the group. The users will be added to the database of the
devices of the group. (Section 9)
5-4
Device
Maximum number
of users
UniGuard
150
Port Authority Sam 22/44
150
Port Authority Sam11
50
MultiGuard
1200
6. Set DDM system-wide parameters as required. These include adding
device licenses, seat licenses for the DDM, and RSA licenses; assigning
users as administrators; selecting the modem used to connect to CDI
devices, setting up polling of devices, and other functions. (Section 10)
7. Reload (program) a single device, all devices of a group, or all devices
(Section 11)
8. Create reporting templates. Switch to report view to view reports and
manage reports. (Section 12).
5-5
6 WORKING WITH GROUPS
A group is the collection of devices that can be accessed by a set of users. Groups
can be defined by location, by region, or by another way that makes sense for your
organization. Keep in mind that while a device may only be assigned to one group; a
user may belong to multiple groups.
This section describes how to do the following:
6.1
•
Add, delete, and rename a group
•
Make modifications to all devices of the same type
•
View a Real Time log
Add a Group
1. In the main screen, click on Group List. Click on Group in the Menu Bar. From
the dropdown list, select Add New Group.
2. On the Group Attributes screen, enter the Group Name. You may also enter a
brief description. After entering the appropriate information in the Group
Attributes screen, click Ok to continue. The New Device Template for Group
screen displays.
6-1
3. Set up the Device Template for a device type. From the dropdown list, select the
Device Type. Click Next to continue
The Device Template establishes the default settings for the entire group. When
a new device is added, the settings in the Device Template for that particular
device type are used. You may later modify all settings of a device type in the
Group Modifications screen.
4. Select the method for primary DDM communications and secondary DDM
Communications. These settings determine the means by which the device and
the DDM manager will communicate.
5. After you select the primary and secondary communications methods, the
Device Template screen is displayed.
6. Click the tabs to enter device information, system options, communications
settings, port options, and remote encryption. For a new or existing device,
these settings may be modified in the Device Properties screen.
6-2
6.2
Rename a Group
Double-click on a Group Name or highlight the Group name and selecting Rename
Group. The Group Attributes screen is displayed. Enter the new group name and
description in the information field.
6.3
Delete a Group
Select “Delete Group” or highlight the Group and press the
Delete key. You will be prompted to confirm that you want to
delete the group. Click Yes to continue or No to cancel the
Delete request.
CAUTION: Responding "Yes" to this prompt will delete the
entire group and all of its device associations. The data will be
unrecoverable.
6.4
Group Modifications
Group Modifications allows you to modify certain settings of all devices of a particular
type in the selected group. The settings of Group Modifications will be applied to any
device added to the group.
6-3
To display the Group Modifications screen, click on Group Modifications under the
Group you wish to modify.
From the Select Device Type screen, select the device type that you wish to modify
or select “All” to modify all device types. Selecting “All” essentially allows modifying
only those parameters that common to all device types and are listed in the Device
Template screen.
The parameters of the Group Modification screen differ slightly depending on the
device. The parameters for each device type—UniGuard, Port Authority, and
MultiGuard--are listed in the following sections. For a detailed description of each
parameter, please see the Devices chapter.
.
6.5
UniGuard Group Modifications
For more detailed information about the UniGuard parameters, please refer to the
Devices section.
UNIGUARD Group Modifications
Parameters
Tab
Device info
None
System Options
User Security Level
Host “AT” Command Access)
Host Dialout
Update System Password
Update System Key
Device Mode
Host DTR/RTS loss of Signal
Time (secs)
First Message Delay Time
Login Inactivity Time
6-4
Description
User Security Level: Establishes the
User ID as either User ID only or User ID
and Password as the security method
when logging in to the device.
Host “AT” Command Access: Enables
the host to manage and access the
device’s internal modem. If full host
management of the device’s internal
modem is necessary, this option should
UNIGUARD Group Modifications
Parameters
Tab
Description
be set for Enabled Transparency.
Host Dialout: Enable or disable the host
ability to dial out using the device’s
modem.
Device Mode:
Standard device (default) Security is
enabled.
Auto Authentication: device only
communicates with UniGuard clients in
an encrypted session.
RSA SecurID ACM (act as an RSA ACM
device)
RSA SecurID Device (first authenticates
with a valid User ID and then
authenticates using RSA SecurID.
Standard Device Bypass Security:
Security is disabled on the device.
Update System Password: The system
password is used by the DDM to access
and program the device.
Update System Key: The default key
used for all devices of this type. .The
system key may be generated or
entered.
Communications
Modem Port Bits/Parity
Modem Port Baud Rate
Power Port Value
Primary Defined Message
Secondary Defined Message
Host Connect Defined Message
Extra AT Command Settings
Primary Defined Message: A userdefined message sent out when before
the authentication process begins.
Secondary Defined Message: A userdefined message sent out after the first
user response/prompt has been
processed.
Host Connect: Only applies to UniGuard
devices. A user-defined message sent
out to the host port after successful user
authentication. The user then connects
to the host application.
Defined Ports
None
Remote
Encryptors
Edit Client ID
Add Encryptor ID
Delete Encryptor ID
Select Encryptor IDs from
database
Select from Client Database: Displays a
list of IDs of clients that are allowed to
access devices that belong to this group.
Group IP Filter
List*
Add IP Filter
Edit IP Filter
Delete IP Filter
The IP Filter address ranges can be set
for inclusion mode and exclusion mode.
6-5
UNIGUARD Group Modifications
Parameters
Tab
Description
Inclusion mode defines an address
range that can connect to the CDI device
via IP and have full access to the device
after user authentication.
Exclusion mode defines an address
range that will have no IP access to the
CDI device.
Example: The IP address range with the
starting address of 192.1.142 to the
ending address of 192.168.1.199 is set
for exclusion mode. Another IP Address
range with the starting address of
192.168.1.168 to the ending address of
192.168.1.170 is set for inclusion mode.
These IP address settings result in the
following:
All IP addresses from 192.168.1.142 to
192.168.1.199 will have no access to the
specified CDI Device with the exception
of IP Address 192.168.1.168.
192.168.1.169, and 192.168.1.170.
*The Group IP Filter List is for CDI devices that have a CDI internal IP card at version 2.00 or
above.
6.6
Port Authority Group Modifications
For more detailed information about Port Authority parameters, please refer to the
Devices chapter.
PORT AUTHORITY Group Modifications
Tab
Parameters
Device info
screen
None
System Options
User Security Level
Update System Password
Update System Key
Device Mode (Type))
First Message Delay Time
Inactivity Time
Host DTR/RTS loss of Signal Time
(secs)
First Message Delay Time
Login Inactivity Time
Description
User Security Level: Establishes
the User ID as either User ID only or
User ID and Password as the
security method when logging in to
the device.
Update System Key: This is the
default key used for all devices of
this type. The system key may be
generated or entered.
Standard device (default) Security is
enabled.
6-6
PORT AUTHORITY Group Modifications
Tab
Parameters
Description
Auto Authentication: device only
communicates with UniGuard
clients in an encrypted session.
RSA SecurID ACM (act as an RSA
ACM device)
RSA SecurID Device (first
authenticates with a valid User ID
and then authenticates using RSA
SecurID.
Standard Device Bypass Security:
Security is disabled on the device.
Communications
Modem Port Bits/Parity
Modem Baud Rate
Primary Defined Message
Secondary Defined Message
Send AT Command
Primary Defined Message: A userdefined message sent out before
the authentication process begins.
Secondary Defined Message: A
user-defined message sent out after
the first user response/prompt has
been processed.
Defined Ports
Control Mimicking
Modem Connect Message
Remote
Encryptors
Edit Client ID
Add Client ID
Delete Client ID
Select Client IDs from database
Displays a list of IDs of clients that
are allowed to access devices that
belong to this group.
Group IP Filter
List*
Add IP Filter
Edit IP Filter
Delete IP Filter
The IP Filter address ranges can be
set for inclusion mode and exclusion
mode.
Inclusion mode defines an address
range that can connect to the CDI
device via IP and have full access to
the device after user authentication.
Exclusion mode defines an address
range that will have no IP access to
the CDI device.
Example: The IP address range
with the starting address of
192.1.142 to the ending address of
192.168.1.199 is set for exclusion
mode. Another IP Address range
with the starting address of
192.168.1.168 to the ending
address of 192.168.1.170 is set for
inclusion mode.
Result of these IP address settings:
All IP addresses from
6-7
PORT AUTHORITY Group Modifications
Tab
Parameters
Description
192.168.1.142 to 192.168.1.199 will
have no access to the specified CDI
Device with the exception of IP
Address 192.168.1.168.
192.168.1.169, and 192.168.1.170.
*The Group IP Filter List is for CDI devices that have a CDI internal IP card at version 2.00 or
above.
6.7
MultiGuard Group Modifications
For more detailed information about the MultiGuard parameters, please refer to the
Devices chapter.
MULTIGUARD Group Modifications
Tab
Parameters
Device info screen
None
System Options
User Security Level
Host “AT” Command Access
Update System Password
Device Mode (Type)
Update System Key
First Message Delay Time
Host DTR/RTS loss of Signal
Time (secs)
First Message Delay Time
Login Inactivity Time
Description
User Security Level: Establishes the
User ID as either User ID only or User ID
and Password as the security method
when logging in to the device.
Update System Key: The system key
may be generated or entered. This is the
default key used for all devices of this
type.
Standard device (default) Security is
enabled.
Auto Authentication: device only
communicates with UniGuard clients in
an encrypted session.
RSA SecurID ACM (act as an RSA ACM
device)
RSA SecurID Device (first authenticates
with a valid User ID and then
authenticates using RSA SecurID.
Standard Device Bypass Security:
Security is disabled on the device.
Communications
Primary Messages:
Primary
Secondary
Primary Defined Message: A userdefined message sent out when before
the authentication process begins.
Extra AT Command Settings
Secondary Defined Message: A userdefined message sent out after the first
user response/prompt has been
processed.
6-8
MULTIGUARD Group Modifications
Tab
Parameters
Defined Ports
None
Remote
Encryptors
None
Group IP Filter
List*
Add IP Filter
Edit IP Filter
Delete IP Filter
Description
The IP Filter address ranges can be set
for inclusion mode and exclusion mode.
Inclusion mode defines an address
range that can connect to the CDI device
via IP and have full access to the device
after user authentication.
Exclusion mode defines an address
range that will have no IP access to the
CDI device.
Example: The IP address range with the
starting address of 192.1.142 to the
ending address of 192.168.1.199 is set
for exclusion mode. Another IP Address
range with the starting address of
192.168.1.168 to the ending address of
192.168.1.170 is set for inclusion mode.
These result in the following:
All IP addresses from 192.168.1.142 to
192.168.1.199 will have no access to the
specified CDI Device with the exception
of IP Address 192.168.1.168.
192.168.1.169, and 192.168.1.170.
The Group IP Filter List is for CDI devices that have a CDI internal IP card at version 2.00 or above.
6.8
Real Time Log List
The DDM Real Time Log List is a list of all events that happen to a device in real
time. The device must have an IP card to communicate with the PC running the DDM
applications and the DDM Real Time Log must be enabled on the particular DDM
PC.
These logs can only be viewed from the Real Time Log List. The items are
color-coded to indicate the severity of the real time log item.
6-9
REAL TIME LOG ALERT
SEVERITY LEVELS
SEVERITY
COLOR
ALERT
Green
INFORMATION
Blue
DEBUG
Blue
WARNING
Orange
EMERGENCY
Red
CRITICAL
Red
ERROR
Red
NOTICE
Red
Each entry in the log has the following information: Date/Time, Device Name,
Facility, Severity, Message, and Source IP Address.
6.9
Enabling the Real Time Log List
The Real Time log list must be enabled before you can view it.
1. Click on SETTINGS in the Menu bar. From the dropdown menu, select Setup.
2. In the Setup window, click the checkbox titled “Enable DDM Real Time Log.”
3. Modify the default DDM Real Time Log Port value if necessary. The default port
is 514.
4. Click OK to enable the Real Time Log option and exit the Setup window. When
this option has been enabled, the IP address of the DDM will appear in the title
bar of the Setup window.
5. After enabling the DDM Real Time Log option and exiting the Setup window, the
DDM Real Time Log listener will be activated. As logs come in, they will be
validated Select DDM RealTime Log List under Group List to view the log. All
new log items will be inserted in the view list in real time. and inserted into the
DDM databases (DDMSysLog and DDMLog).
6-10
Number of log entries
6.9.1 Printing, Saving and Deleting the DDM Real Time Log
The DDM Real Time Log can be printed or saved to a file. To print or save the file,
highlight any line on the DDM Real Time Log and click on the GROUP in the menu
bar of the DDM window. From the list displayed, select the appropriate action--Print
DDM Real Time Log or Save DDM Real Time Log to file.
If Save DDM Real Time Log has been selected, choose the folder in which the file is
to be saved and enter the filename in the displayed Save As window.
6-11
6.9.2 Deleting items from the DDM Real Time Log
To delete a real-time log, click Devices in the menu bar and then select Delete DDM
Real Time Log. The real-time log of DDM actions will be deleted. Once deleted, it
cannot be recovered.
6-12
7 DEVICES
This section explains how to add to a device to group, remove a device from a group,
and configure the properties of a specific device.
For information about adding UniGuards and Port Authority devices as client
encryptors, may be added to a group as client encryptors, please refer to the Client
Encryptors chapter.
7.1
Add a device to a group
A device may be added to group by one of the following ways:
•
•
•
Duplicate a device
Move a device from one group to another
Use the Add Device Wizard
7.1.1 Duplicate a Device
Display the Device List by double-clicking the
Device Leaf of the Selected Group; the
device list for this group will be displayed.
To duplicate a device, click on the device and
drag and drop it to the new Group. From the
Duplicate or Move Device screen, select
Duplicate Device.
When a device is duplicated, the device settings will be duplicated only. The group
parameters for the device will be dependent on the group to which it is attached.
7.1.2 Move a Device
To move a device from one group to another, click on the device and drag it to the
new group. The Duplicate or Move Device screen will be displayed. From this screen,
select Move device.
When device is moved from one group to another, the device settings remain the
same but the group setting for the device changes. For instance, the device will be
attached to the users and client IDs attached of this group only.
7.1.3 Use the Device Wizard to add a device
The Add Device Wizard guides you through the steps to add a new device. When a
new device is added to a group, the New Device Template is applied, which was
7-1
created when the Group was created. The New Device Template uses the group
parameters as a basis for the device properties.
1. Click on the name of the group to which you want to add the device.
2. Click on Devices in the menu bar and select Add New Device. The New Device
Properties screen is displayed. Alternatively, you may double-click the Device
leaf under the Group name to display the New Device Properties screen.
Alternatively, click to highlight a device name in the right panel. Right-click the
device name and a menu with device options is displayed. Select the Add New
Device option to add a device.
3. From the New Device Properties screen, select the device type from the scroll
down list. Enter a name for the device.
4. Click on Device Info to add optional information. Click Next to continue.
7-2
5. The wizard displays the Connection screen. From the scroll-down list, select the
primary and secondary method by which the device will communicate with the
DDM. For each communication method, enter the IP address, port, and other
requested information.
6. On the next screen, the wizard then prompts you to enter a password for the
device. You also have the option to use RSA SecurID. Select Yes to use RSA
SecurID. .
7. Click Finish to complete the procedure.
8. After the device parameters and all the users for this device have been entered,
the information can be loaded to the device from the DDM. To do this, select
Reset Device from the Program menu.. This will reset the device to the default
parameters and load the new system and port options. It will clear the device’s
User database and reprogram it with the latest User database for this Group.
If you are adding several devices to a group, add all the devices first, and then
select Reset Group from the Program menu.
7.1.4 Modifying Device Properties
You can change the properties of an existing device. To do this, double-click on the
device in the Device List view to display the Device Properties screen. You may then
change the Device Info properties or click on the appropriate tab to modify other
settings.
Alternatively, you can click on Device in the Device List view, then click on Device in
the menu bar. Select Display/Rename Device to display the Device Properties
screen.
7.1.5 Renaming a Device
The name of an existing device can be changed by highlighting the existing device in
the device list and then selecting, Display/Rename Device, or by double clicking on
the device in the Device List view.
7.1.6 Deleting a Device
To delete a device, highlight the existing device in the Device List view and then click
on Device in the menu bar. Select Delete device.
You can also click on the device in the device list and then press the delete key.
"Display/Rename Device Attributes" will display the Device Properties screen and
"Delete Device" will delete the device from the group after the appropriate warning
prompt.
7.2
Configuring a Device
The Device Properties screen enables you to configure devices managed by the
DDM. You can display this screen by double-clicking on the device name from the
device list in the Main screen.
7-3
You can also display the Device Properties screen by clicking on the specific device
name. From the menu bar, click Devices and then Display Device Attributes.
The Device Properties screen has five tabs that display screens for entering
parameters to set up for devices managed by DDM. Not all tabs apply to all device
types. The fields on the screens depend on the device type selected.
•
Device Info
•
System Options
•
Communications
•
Defined Ports (for Port Authority, Port Authority SAM or a
MultiGuard devices only)
•
Remote Encryptions
7.2.1 Device Info Screen
The Device Info screen enables you to enter reference information about the device
being added and define the communication paths by which DDM will access the
device.
To display the Device Info screen, Right click on a device. From the menu, select
Edit Device (or double click on device), and then click the Primary Network Properties
button
7-4
Device Type: Required. Select the device type from the dropdown list. Available
devices include the Port Authority SAM (-11, -22, -44), UniGuard, Port Authority (-88,
-44 or –84), or a MultiGuard. The default setting is UniGuard.
Device Name: Required; for reference to the device’s ID, such as company, location,
etc
Device Status link: Click on this link to view whether the program status of the
device.
IDLE: Device is ready to connect to the DDM
IN USE: Device is connected to the DDM
ALARM: Device is in the alarm state and can not be connected to the DDM
To clear a device or to put in an alarm state, click the status link. Select Clear Device
Status to put the device in an idle state. Select Set Device Status to Alarm to put the
device in an alarm state.
NOTE: When the DDM is communicating with a CDI device,
device the status will read IN SE. If the device is not being used
and the status still reads INUSE, click on the status and select
Clear Device Status to IDLE.
Serial Number: No entry is necessary. When the DDM accesses the device, it
retrieves the device’s serial number and adds it to the DDM database.
RSA SecurID Enable: Set this to make the device act as an ACM device and as a
replacement for an RSA SecurID “ACM” unit. The device can also be an RSA
SecurID unit (CDI device/ACM device). The serial number field will display the RSA
Serial Number.
Version: No entry is necessary. When the DDM accesses the device, it retrieves the
device version and adds it to the DDM Database.
7-5
Primary Polling Device: This unit will be polled first when the Group is being polled
if this option is selected. A group need not have a Primary Polling Device assigned.
Each group can have one device that will be the primary device of Group.
Asset Tag: Optional. Enter additional information to better define the CDI device. A
maximum of 20 characters may be entered for this field.
Information: Optional. Enter additional reference information.
Primary Communications: Determines whether the primary method of accessing
the device will be via a network, dial-up phone lines through a modem or through the
serial port. If Serial Port is selected, you will be prompted to enter the COM port
number the DDM will use to communicate with this device.
Secondary Communications: Optional; Determines the secondary path of
communication. If the Serial Port is selected, a window will request a COM port
number that the DDM will use to communicate with this device.
Time Offset: Optional; The hours ahead of or behind local time at the Network
Administrator’s location. The offset is used in report generation and to set the time of
the remote devices.
Example: If the DDM Manager is located in New York (EST) and the device
is located in Los Angles (PT) then the offset will equal –3 (hours).
Primary Network Properties: Click this button to configure the parameters of the IP
card of a device that has IP capabilities, allowing access to the device through a
network.
RSA SecurID Enable: Click the RSA SecurID Enable button
to display the Enter the Device Serial Number screen. In this
screen, you can set the device as an RSA device.
For RSA SecuID ACM only: If the device is a
replacement for an RSA SecurID “ACM” unit, select
this setting makes the UniGuard act like an ACM
device.
RSA SecurID unit: The device can also be an RSA
SecurID unit (CDI device/ACM device). The device will
authenticate with an RSA Token and non-RSA user types.
Use Dialing Options: Required if the device will be dialing a country or region
requiring a Country or Region dial code.
Country/Region List: (Displayed only if Use Dialing Options is enabled). A list of
countries and their associated country codes. If used, dialing options will be enabled
and the list will define the devices destinations country code.
Dialout Modem Number: Required for devices that will be accessed via phone lines.
When typing the phone number do not put in any spaces.
IP Type, Internal/External: IP Type defines the type of IP card, Internal or external.
Internal IP - The device is set for an internal CDI IP card.
7-6
External IP - The device is not set for an internal CDI IP card but it can be
programmed by the DDM through an external IP connection. For example,
the link port of a UniGuard (no IP card) can be connected to a Cisco
Router's AUX port. To connect to the Cisco Router AUX port a connection
would be made to the Cisco Router via an IP address (ex. 192.168.0.176
4001). The DDM then can program (contact) the device via Network
communications using this IP address.
The following is only displayed in the devices that have the IP Option.
Use as IP Dialout Connection (Optional) with internal IP card or external IP access
device.
The IP Dialout allows access to a modem for Dialout purposes but first connects to
the modem via a Network IP Address (virtual modem port, e.g. Terminal Server,
UniGuard device (version 8.13 and up)).
If device type is a UniGuard and it has a network address, it can be used by the DDM
as an IP Dialout connection by checking the Use as IP Dialout Connection option in
the Device Properties window of the UniGuard.
7.2.2 Country Dialing Using the DDM
Each device can be contacted by the DDM via Modem or IP Dial out communications
using the dialing properties of the PC.
If the option “Use Dial Options” is enabled in the Device Properties screen, the device
can be set for a (destination) Country/ Region code by selecting the Country Name
and corresponding Country Code from Country/region list in the Device Info screen.
When dialing the device, the DDM PC will use the latest location information, the
dialing properties of the PC, the destination country code, and the phone number
defined in the DDM device’s properties.
Example of Country Dialing Using the DDM
A device in the DDM database is to be dialed by two DDM PCs, one located in the
US and the other located in the UK. They are connected to a SQL Server 2000
database located in the UK. We want to be able dial to the device, which is located in
Japan, from both DDM locations. In each DDM location, the DDM can be set to use a
particular location name.
For the device in Japan, enable Use Dialing Options in the Device Properties screen.
After User Dialing Options has been enabled, select Japan as the country from the
Country/region list [ex. Japan (81)]. You will need to enter the telephone number of
the device (ex. “262 5551212”) for the DDM to dial it.
7-7
Device located in Japan dialed by
DDM client in the UK
Long Distance Access prefix = 787 (if defined)
International Rule for UK is 00
DDM dials 787 00 81 262 5551212.
7.3
Device located in Japan dialed by
DDM client in the US
Long Distance Access prefix = 987 (if defined)
International Rule for US is 011
DDM dials 987 011 81 262 5551212
Setting the Network Properties of a Specific Device
The Primary Networks Properties screen enables you to configure the network
properties of a specific device.
This screen is accessed from the Device Properties screen. To display the Primary
Networks Properties screen, click the Primary Network Properties button on the
Device Properties screen.
7.3.1 Network Properties, IP Configuration
The Network Properties screen, IP Configuration allows for the configuration of an IP
Port including a Gateway Address if required.
Device IP Address: Required. Address of the IP Port.
Port No: Port number used to communicate from the Network side “ex.
Telnet Port Number.” To update the port number, click the Update Port
7-8
Number button. Break commands can only be sent out on Port 23 (Telnet
Port).
Use Default Port for DDM Programming: Click to enable the DDM to use
of the device default port for programming.
NAT Address: Required: Enter the NAT Address. Normally this is the
same as the Device IP address. The purpose for this address is for the
devices of an Internal network to be identified by one IP address when
routed to a different network.
Subnet Mask: Required: The Subnet Mask is a mask used to determine to
which subnet an IP address belongs by filtering with this bit pattern. If your
host PC is using the wrong subnet mask you will not be able to correctly
identify all users on that subnet and many users could be unreachable by
your computer. The subnet mask is defaulted to work with an 8-bit host
address. For any other host bit address, you must change the subnet mask
to the proper setting.
Gateway Address Optional: The router/gateway address that allows you
access to other network segments. This address must be within the local
network
Assigned Client PPP Address (Optional): Enter the Assigned Client PPP
Address. The CDI device will send a request to the host at the PPP address
entered, establishing a PPP session.
Hardware Address: If the device will be programmed through a
modem/dial-up connection you DO NOT NEED to enter the Hardware
address, DDM will automatically receive it when dialed in.
IMPORTANT: If the device will be programmed through the IP Network you must
enter the hardware address in the “Hardware Address” field.
SysLog IP Address: Optional: Enter the SysLog IP Address. If a Syslog
Server application is running on your network, CDI Devices can report audit
trail messages back to the Syslog Server for monitoring purposes.
Backup SysLog Server: Optional. Enter the Backup SysLog Server
address.
SysLog IP Port: Optional: Enter the SysLog IP Port that the CDI Device
can use for communication purposes.
Radius IP Address: Optional: Enter the Radius IP Address
Backup Radius Address: Optional. Enter a backup IP address for the
Radius server.
Radius IP Port Number: Optional. Enter the Radius IP Port Number
Radius Key Optional: Enter the Radius Key. This can be up to 128
characters.
7-9
7.3.2 DDM Heartbeat Attributes
The DDM Heartbeat is an automatic “I’m alive” message that is sent periodically by a
remote device to a DDM workstation enabled for real time logs. If heartbeat
messages (or any other messages) are not sent to the DDM within the given time
interval, a “No Contact From Device” alarm will be triggered for this device.
The CDI device must have an Internal IP card running version 4.01 or above.
DEVICE PROPERTIES SCREEN Æ DEVICE INFO TAB Æ PRIMARY NETWORKS PROPERTIES BUTTON Æ
DDM HEARTBEAT BUTTON Æ HEARTBEAT ATTRIBUTES SCREEN
Example: If the Maximum Number of Missed heartbeats is set to three beats and the
Heartbeat Message Interval to 60 minutes, a “No Contact From Device” error is
generated by the DDM each time the device does not respond with 180 minutes (3 x
60).
Tip: A screen explaining the DDM heartbeat attributes can be displayed by clicking
the Help button of the DDM Heartbeat Attributes window.
DDM Real-Time Log Address: IP address of the DDM workstation that is enabled
for Real Time logs.
DDM Real-Time Log Port: The port number associated with the DDM Real-Time
Log Address. The port number can range from 5000 and up. This port number will be
set from the DDM workstation that is enabled for DDM Real Time Logs.
Max No. Of Missed Heartbeats: Number of missed heartbeats that will trigger an
alarm from the DDM workstation that is set for real time logs. The default is zero.
Heartbeat Message Interval: The time in minutes between heartbeats sent by the
remote device. For example, an interval of 60 would generate a heartbeat once an
hour by the remote device. This interval would be programmed into the device. The
default is zero.
7-10
Disable Heartbeat Attributes: Check the Disable Heartbeat Values box to disable
the DDM Heartbeat for this device
7.3.3 DNS Attributes
Click this button to display the DNS attributes for this device.
7.3.4 SNMP Attributes
Click this button to display the SNMP attributes for the device. Enter the primary and
backup SNMP IP addresses and the primary and backup SNMP port numbers.
7.3.5 Network Properties (versions below 4.01)
The Network Properties screen for CDI devices with an
internal IP card running a version below 4.01 have the
fields listed in previous section as well as the following
fields.
Use IP Address for Device Programming: This
defines the IP address to be used by the DDM for the
remote programming of the device.
Enable ID/Password Authentication option. When
enabled (check marked) all network connections to this
IP address (e.g. 192.168.000.168) will first need to
authenticate (ID/Password authentication) successfully before accessing the CDI
device. This is only for CDI devices with the CDI internal IP Card version 3.03 and
above.
The IP Admin User ID and IP Admin Password fields are used for ID/Password
Authentication and can be up to 10 characters. If the Enable ID/Password
Authentication option is enabled, the Radius fields will be disabled.
7-11
The Update ID button for the IP Admin User ID
field and the Update Password buttons for the
IP Admin Password field will always be
displayed when editing an existing device.
The IP Admin User ID can only be updated using the Update ID button. The IP Admin
Password can only be updated using the Update Password button.
The Update Port Number button for the IP Port
number field will always be displayed when editing
an existing device. The IP Port number can only be
updated using the Update Port Number button.
7.3.6 Network Properties (IP type set for external)
The Network Properties screen for external IP type device has three fields. The
fields are described below.
Device IP Address: Enter the IP address of the IP card.
Port No: Enter the port number for communication from the Network side, for
example. “Telnet Port number.”
NAT Address (Network Address Translation): Address that will allow multiple
devices to use a single IP address to access the Internet.
7.4
System Options
The parameters on this screen enables you to set user security levels, system
password and key information, and first message delay time. The System Options
screen may have different parameters depending on the device.
User Security Level: Select the security method used when a user logs on to the
device. The two methods available are User ID and User ID and Password.
7-12
IP Dialout (for devices with the IP Option). This enables the device to use the
network for programming and communication purposes. You may select IP dialout
with or without encryption, or you may disable (not allow) IP dialout.
Sys Password: To change the system password of an existing device, click on the
Update Password button to display the System Password Update screen. Enter the
new password in both fields. For security purposes, the password will be displayed
as asterisks.
System Password: Click Update Password to
change the system password.
Update System Key: To change the System Key,
click the Update System Key button to display the
System Key Update screen. You may enter a key
or click “Generate” to have the system create the
key.
A new System key may be set for a single device,
for all devices in a group, or set all devices of a
particular type in a group.
First Message Delay Time (sec): Enter the time in seconds until the “Enter User ID”
prompt is displayed.
Login Inactivity Time: Enter the time in seconds after which the login call is
disconnected if there is no data flow between the user and host
7.4.1 Port Authority SAM Host Devices
This section applies only to SAM host devices.
Sam Client-Host Authentication (Only Port
Authority SAM Host Device): This setting
determines how the Host SAM Device will
authenticate with the SAM Client Device.
Disabled: No authentication takes place.
User Authentication: The authentication process
starts after the connection is up and the user ID
has been entered.
Auto Authentication: The authentication process
starts as soon as the connection is up.
7-13
7.4.2 SAM Authentication Process
When a user dials into a SAM Host Device, the SAM Host will start the authentication
process by sending a start message to the client. After receiving this message the
SAM Client will send back its 6-digit ID (Client ID) and its authentication credentials.
The authentication credentials are derived using AES 128 Bit encryption for
proprietary time base authentication using its client key.
The SAM Host will then check if the 6-digit ID of the client is defined in its database.
If it is not found, the SAM host sends back error message to the client. After the third
attempt, it will drop the call.
If the SAM Client’s 6-digit ID exists in the SAM Host database, the host attempts to
validate the Client’s authentication credentials using the client key defined in the
SAM Host’s database. If the authentication validation fails, the SAM host will restart
the process and make another attempt to validate the client’s credentials. After three
unsuccessful attempts, it will drop the call.
If the authentication validation is successful, the user authentication process will
continue.
7.4.3 Port Authority devices
This following System Options applies only to
Port Authority devices.
Host DTR/RTS Loss of Signal time (sec)
AES/DES Mode – Select either Triple DES or
AES encryption type
7.4.4 UniGuard devices
The following System Options apply only to
UniGuard devices
Host AT Command Access (Only
UniGuards in the AT Command State)
Enables the Host to access the modem in
the AT Command State.
Host Dialout: Enables or disables the Host
to dial out using the modem. If Auto
7-14
authentication is selected, a dial-in user will make an authentication request for
remote control management.
Host DTR: This option monitors or ignores the DTR (Data Terminal Ready) signal
from the Host port of the UniGuard. The default is Monitor.
Power\IP Port Options: Select Program Only, Power Port Connection, IP
authentication, or IP Dialout.
7.4.5 UniGuard Clients
The following section applies only to UniGuard Clients
AES/Triple DES Mode: Select the encryption type.
Triple DES: The Host device will only do Triple Des encryption with Client
Encryptors (UniGuard Clients and SSE Clients). (64 bit)
AES: The Host device will only
do AES encryption with Client
Encryptors (UniGuard Clients and
SSE Clients). The device must
have a CDI AES Engine attached
to its link port to do AES
encryption. (128 bit)
Device Mode: Select the security
type.
Standard Type: The Standard
type is a normal CDI device. The
default is Standard Device Mode.
Automatic Authentication: The Automatic Authentication for UniGuard devices
(above Ver 7.01) and Port Authority devices. If set for Automatic Authenticate, it
will only communicate with devices in an encrypted session.
Standard Device, Bypass Security: This is a CDI Device with the security
disabled.
7-15
7.5
Communications Screen
The fields of the Communications screen enable you to define modem/host port
parameters of the UniGuard and the modem port of the Port Authority and Port
Authority SAM devices. The screen is the
same for both client and host devices.
Modem/Bits Parity
These options define the modem/host port of
the UniGuard and the modem port of the Port
Authority SAM and the Port Authority.
AT Commands Settings
AT commands to be sent to a remote device.
To enable this feature, make the “Send AT
Command” box is checked. When this box is
checked, the AT commands entered will be
sent to the device the next time it
communicates with the device or when
the AT command has been changed.
UniGuard Communications screen
When unchecked, the AT commands will not be sent.
Deferred Messages The Primary, Secondary and Host Connect Messages
(optional)
Primary, Secondary, and Host Connect
messages can be defined for the UniGuard
and Port Authority SAM devices.
The Port Authority device only uses the
Primary and Secondary messages; there is
no Host Connect message.
Consult the UniGuard, Port Authority SAM,
Port Authority and MultiGuard manuals for
a description of these messages.
This is only for CDI Devices that contain
MultiTech MT2834ZDX modems or MultiTech Global modems.
7.6
Defined Ports Screen
This screen enables you to set communication parameters for the Host and Power
ports of the Port Authority, Port Authority SAM, and MultiGuard devices. This screen
is not available for the UniGuard device since it is a single-port device.
7-16
Port Authority devices and Host Ports
Device
Host and Power Ports
Port Authority-88
Port Authority-44
Port Authority-84
Port Authority SAM-44
Port Authority SAM-22
Port Authority SAM-11
8 Host Ports and 8 Power
4 Host Ports and 4 Power Pots
8 Host and 4 Power
4 Host and 4 Power
2 Host and 2 Power
1 Host Port and 1 Power Port
Port Authority, Defined Ports screen, showing configured ports is shown below.
Click a line item to display the
Port Properties screen for that port.
Port Authority Communications screen showing configured ports
Control Mimicking (for Both Port Authority SAM and Port Authority)
Mimicking will allow the Host port of the Port Authority to copy the control signals of
the Dial-In modem port. The default setting is “Disabled.”
Modem Connect Message (for Both Port Authority SAM and Port Authority)
The Modem Connect message may be enabled or disabled. If enabled the modem
connect message is sent to the Host Port. . The default setting is “Disabled.”
Master/Slave Device (for Port Authority only)
The DDM software allows a Port Authority device to be defined as Master or Slave.
This will allow the host ports of a Master Port Authority to connect to the Maintenance
port of a Slave Port Authority. Using the Master/Slave function can expand the Port
Authority up to 64 ports.
The number of Ports available in a Master/Slave connection is equal to the
Number of Port Authorities multiplied by 8, MINUS the number of Slave units.
7-17
A diagram showing an example of Port Authority Master-Slave cable
connections is shown in Appendix 1
7.6.1 Port Properties - Host Port Configuration
Each Host Port 1 through 8 can be assigned a unique name (optional), Baud Rate,
Data Bits, and Parity (required).
If you double-click on one of the Line items for the Ports the Port Properties screen
will display. In this screen, you may change the Port Name, Baud Rate and
Bits/Parity of individual Ports.
7.6.2 Power Port Configuration
Each Power Port 1 through 8 can be assigned a value (the number of ports is
dependant on device type).
Power Port Value is the time in seconds that the device, controlled by that port, will
have its power in the off state.
To edit the name and power port value of the individual ports, double-click on one of
the line items the screen.
7.6.3 Slave Device Setting (For Port Authority Only)
Double-click on one of the Line items in the Port
Configuration Screen will populate.
Here you may select a device from the slave
device list to set up a daisy chain, between two
Port Authority Devices.
7.6.4 Programmable ESC Code
Programmable ESC Combo list functionality is only
for Port Authority devices with firmware at or above 3.05.xx.
After accessing and modifying a host or power port of a Port Authority device, a user
exits the port by entering the esc character. The user may then access a different
host or power port.
If the ESC character interferes with other functions of the host application, the user
may need to use a different character. The Programmable ESC code option allows
the user to change the ESC code from one character to another. The default esc
character will be changed and the new ESC code character will be installed after the
DDM has programmed the Port Authority device.
7-18
For example, the Programmable ESC character is set as an esc character. When the
user wants to exit this host port, an esc character would be keyed. The device then
sends the prompt “Type EXIT with a CR (return)”. After keying in “EXIT with a return,
the user would be brought back to the Port Authority Port list to access a different
host or power port.
7.7
Remote Encryptors Screen
This screen will only be available if Encryptor ID's are to be assigned to devices
(default) in the Setup Screen (click Settings in the menu bar and then select Setup).
Clicking on "Add Encryptor ID" or editing an existing ID will display the Encryptor ID
INFO window. For a MultiGuard device, this page will be blank.
Note: Encryptor IDs can only be added or modified from the Group Modification
screen, which is show below.
ENCRYPTOR ID:
The encryptor ID is the unique 6-digit
ID of the remote encryption device.
Key Field
The Key field holds the encryption
"Seed Key". The Seed Key is a 16digit (48 digit using triple DES)
hexadecimal key that can be manually
entered or can be automatically
generated by the program by clicking
on the "Generate" button.
The triple DES key is shown as three separate 16-digit keys. The same key(s) must
be installed in the remote encryption device. The default DES setting is triple DES.
7-19
This option is located in the Setup dialog window under Settings menu in the Menu
bar. When editing an existing Encryptor ID, Key1, Key2 and Key3 fields will display
as asterisks.
Key Signature Field
This is the Signature of the Primary Key. The Key Signature of the remote Encryptor
is compared with this Key Signature. If both Signatures are the same, then the Keys
will be the same.
If the remote unit is set for single DES, the first 16 hex digits MUST be the same as
the remote unit’s single hex digit key.
7-20
8 CLIENT ENCRYPTORS
A client encryptor is a CDI device that is used to dial out to another UniGuard or Port
Authority when a session must be encrypted.
This section explains how to add and configure the following client encryptors.
8.1
•
Port Authority SAM Client
•
UniGuard Client
•
SSE Client
Port Authority SAM Client
A Port Authority SAM Client is a Port Authority SAM device that can be programmed
to be a client encryptor by the DDM. The Port Authority SAM Client then allows
remote users to authenticate with a SAM Host using AES 128 Bit Encryption for
proprietary time base authentication.
To add a Port Authority SAM Client, double-click on
the Client Encryptor box in the Group List that the
Port Authority SAM Client is to be placed or highlight
Client Encryptor, then click Devices-Add Device.
This will bring up the Select Client Device Type List
screen.
From the Select Client Device Type List, click on the
Port Authority-11, 22, or 44 SAM Client. This will
open the Device series of screens.
Enter the name of the client device.
Phone number: Phone # of the Device you are
adding.
Primary and Secondary connection: Type of
connection you will use when programming the Client
Device.
For Client Devices with IP, enter the appropriate
information in the IP Address, Port, and Hardware
Address fields.
Note: The IP Port defaults to 10001; you may change this if necessary.
8-1
If you are programming the Client Device via a modem, enter the IP Address; the
Hardware Address will then automatically be pulled from unit.
If you are programming the Client Device via network you will have to provide the
Hardware address along with the IP address.
After the information has been entered, the following message is then displayed.
8.1.1 Device Info Screen for a Port Authority SAM Client Device,
The Device Info screen enables you to enter reference information about the client
encryptor being added and to define the communication paths by which DDM will
access it.
Device Type: Required. Select the device type from the dropdown list.
Device name: Required. for reference to the device’s ID, such as company, location,
etc
Licenses Available: The number of licenses that are available for that Device Type.
Phone Number: Enter the phone number of the device.
Device ID-S/N: No entry is necessary. When the DDM accesses the device, it
retrieves the device’s serial number and adds it to the DDM database.
8-2
Version: The firmware version running in device will populate here after
programming.
Primary Polling Device: This unit will be polled first when the Group is being polled
if this option is selected. A group need not have a Primary Polling Device assigned.
Each group can have one device that will be the primary device of Group.
Asset Tag: Optional. Enter additional information to better define the CDI device. A
maximum of 20 characters may be entered for this field.
Information: Optional. Enter additional reference information.
Primary Communications: Determines whether the primary method of accessing
the device will be via a network, dial-up phone lines through a modem, or through the
serial port. If Serial Port is selected, you will be prompted to enter the COM port
number the DDM will use to communicate with this device.
Secondary Communications: Optional; Determines the secondary path of
communication. If the Serial Port is selected, a window will request a COM port
number that the DDM will use to communicate with this device.
Time Offset: Optional. The hours ahead of or behind local time at the Network
Administrator’s location. The offset is used in report generation and to set the time of
the remote devices and be synchronized with the DDM.
Example: If the DDM Manager is located in New York (EST) and the
device is located in Los Angles (PT) then the offset will equal –3 (hours).
Primary Network Properties: If the Device has IP capabilities click this button to
configure the parameters of the IP card.
IP Address: The IP address assigned to this unit. You may also edit the IP address
in this field as well.
Use Dialing Options: If checked, will use the dialing properties of the DDM PC, the
defined destination country code for the device, and the Phone Number in the dialing
process.
Country/Region List: (Displayed only if Use Dialing Options is enabled). A list of
countries and their associated country codes is displayed. If used, dialing options will
be enabled and the list will define the device’s destinations country code.
Dialout Modem Number: Required if device will be accessed via phone lines. When
entering a phone number, do not include spaces.
IP Type, Internal/External: IP Type defines the type of IP card, Internal or external.
Internal IP - The device is set for an internal CDI IP card.
External IP - The device is not set for an internal CDI IP card but it can
be programmed by the DDM through an external IP connection. For
example, the link port of a UniGuard (no IP card) can be connected to a
Cisco Router's AUX port. To connect to the Cisco Router AUX port a
connection would be made to the Cisco Router via an IP address (ex.
8-3
192.168.0.176 4001). The DDM then can program (contact) the device
via Network communications using this IP address.
8.1.2 System Options for Port Authority SAM Client Encryptor
The Port Authority SAM Client is selected by clicking on “Client Encryptors”, below
“Devices” in the Group list. The Device Properties screen for the SAM Client is
displayed. Click the System Options tab to display security parameters.
Sys Password: This password is used in the authentication process between the
unit and DDM. The default is “password.” To change the password, click on Update
Password. Enter the password, and then confirm it by entering it again in the
appropriate field.
Important! If the default password is changed and the original parameters are
deleted from DDM you will have to set the correct password in this field for DDM to
successfully program the Client Device.
8-4
The authentication process can be disabled from the System Options screen.
Display the System Options screen by clicking the tab in the Device Properties
screen. Under SAM Client Host Authentication, select “Disabled.”
The red Client Key Info button enables you to provide client key information.
This client key is used by the Port Authority SAM Client when authenticating with the
SAM Host Device (the device to which the SAM client is connected).
Every Port Authority SAM Client has a client key, which is used along with the unit’s
Client-ID in the authentication (AES 128 Bit Encryption for proprietary time base
authentication) process between the SAM host device, which initiates the
authentication process, and the SAM Client.
Generate Client Key (When adding a new
Port Authority SAM Encryptor)
When adding a new Client Encryptor, the
Generate Client Key window with three keys of
16 hex characters is displayed. You may enter
your own keys or have DDM generate them for
you by clicking Generate.
Encryption Key Info (when editing an existing Port Authority SAM Encryptor)
When this key is clicked, the Encryption Key Info window will display. The key
consists of three hex keys. You may change the key by entering your own key or by
clicking “Generate” to have the DDM create it.
8-5
Important! If you change the client’s key, you must program all Sam Host Devices in
your group so that the correct key will be stored into the Host Device and the
authentication process will not fail.
8.1.3 Communications Screen for Port Authority SAM Client Device
The Communication Screen contains the modem parameters for the device.
Modem Port Bits/Parity: Select the bits and parity of the modem.
Defined Messages: These are messages you may program the unit to display
when it is accessed.
Primary Message will display before the authentication process begins
(before user prompt populates).
Secondary Message will display after User ID is entered.
Modem Baud Rate: Sets the Baud Rate for the Modem Port
Extra AT Command Settings:
If anything is changed in the field under Send AT Commands or if Send AT
Commands is checked, the AT Command in that field will be programmed into
modem. You do not have to enter an AT in the front of command string and do not
include spaces or delimiters between commands.
Modem Inactivity Timer (minutes):
This will set the number of minutes during which the modem detects no activity
before it disconnects. If this field is set to “0”, this feature will be disabled.
8-6
8.2
UniGuard Client Encryptor
To add a UniGuard Client encryptor, click on “Client Encryptors”,” in the Group list in
the left pane of the Opening screen. From the “Select Client Type List” select
UniGuard Client.
Only the fields that are unique to the UniGuard client encryptors are described in this
section. Common fields are described in the previous sections.
8.2.1 AES/TDES Mode for UniGuard Client
Triple DES: The Host device will only do
Triple Des encryption with Client
Encryptors (UniGuard Clients and SSE
Clients). (64 bit)
AES: The Host device will only do AES
encryption with Client Encryptors
(UniGuard Clients and SSE Clients). The
device must have a CDI AES Engine
attached to its link port to do AES
encryption. (128 bit)
Both: This will enable the device to
operate with Host Encryptors (UniGuard and Port Authorities) in both Triple
DES and AES modes. The UniGuard Client must also have an AES Engine
connected to its link port to be able to do AES.
8.2.2 Client Encryptor pre-dialog
When Adding or Editing a Remote or Client Encryptor,
“DES/AES Display”. Window is displayed.
The Encryptor information will be displayed according to the
display type (DES or AES) selected. The DES display has
three keys of 16 hex characters each. The AES display has
one key of 64 hex characters.
Encryption Key AES Display
Encryption Key DES Display
8-7
8.3
UniGuard Client
A UniGuard Client is a UniGuard device that can be programmed to be a client
encryptor by the DDM. The UniGuard Client then allows remote users to securely
connect to CDI devices via Triple DES/AES commuNications.
8.3.1 Adding a UniGuard Client
To add a UniGuard Client, double click on the Client Encryptor box in the Group List
that the UniGuard Client is to be placed or highlight Client Encryptor, then click
DEVICES- ADD DEVICE. The Select Client Device Type List screen is displayed.
8.3.2 UniGuard Client Device Information Screen
This screen provides for entering reference information about the UniGuard Client
and defines the communication path by which the DDM software will access the
device.
Device Type:
Select the device type from the dropdown list.
Device name: Required for reference to the device’s ID, such as company, location,
etc
8-8
Licenses Available: The number of licenses that are available for that Device Type.
Phone Number: Enter the phone number of the device.
Device ID-S/N: No entry is necessary. When the DDM accesses the device, it
retrieves the device’s serial number and adds it to the DDM database.
Version: The firmware version running in device will populate here after
programming.
Asset Tag: Optional. Enter additional information to better define the CDI device. A
maximum of 20 characters may be entered for this field.
Information: Optional. Enter additional reference information.
Primary Communications: Determines whether the primary method of accessing
the device will be via a network, dial-up phone lines through a modem or through the
serial port. If Serial Port is selected, you will be prompted to enter the COM port
number the DDM will use to communicate with this device.
Secondary Communications: Optional; Determines the secondary path of
communication. If the Serial Port is selected, a window will request a COM port
number that the DDM will use to communicate with this device.
PC Time Offset: Optional; The hours ahead of or behind local time at the Network
Administrator’s location. The offset is used in report generation and to set the time of
the remote devices and be synchronized with the DDM.
Example: If the DDM Manager is located in New York (EST) and the
device is located in Los Angles (PT) then the offset will equal –3 (hours).
Primary Network Properties: Required for devices with IP capabilities. Click this
button to configure the IP card parameters of a device that has IP capabilities..
Use Dialing Options: If checked, will use the dialing properties of the DDM PC, the
defined destination country code for the device, and the Phone Number in the dialing
process.
Country/Region List: (Displayed only if Use Dialing Options is enabled). A list of
countries and their associated country codes. If used, dialing options will be enabled
and the list will define the devices destinations country code.
IP Type, Internal/External: IP Type defines the type of IP card, Internal or external.
Internal IP - The device is set for an internal CDI IP card.
External IP - The device is not set for an internal CDI IP card but it can
be programmed by the DDM through an external IP connection. For
example, the link port of a UniGuard (no IP card) can be connected to a
Cisco Router's AUX port. To connect to the Cisco Router AUX port a
connection would be made to the Cisco Router via an IP address (ex.
192.168.0.176 4001). The DDM then can program (contact) the device
via Network communications using this IP address.
8-9
8.3.3 Network Properties for a UniGuard Client
Device IP Address: A unique identifier used to define a specific CDI device in a
TCP/IP Network.
Port No –The port number that you will use to communicate from the Network side
“ex. Telnet Port number.”
NAT Address – (Network Address Translation) The address will allow numerous
devices to use a single unique IP address for translation into the Internet world. The
purpose for this address is for an internal network to be identified as one IP address
when routed to a different Network which will create less traffic.
Subnet Mask - The Subnet Mask is a bit pattern that is used to mask off the network
portions from the host PC portions of the address. If your host PC is using the wrong
subnet mask you will not be able to correctly identify all Users on that subnet and
many users could be unreachable by your computer. (Reminder: Standard class A
8/24 (net/host), class B 16/16, class C 24/8 bits)
Gateway IP Address – This Router/Gateway address will be the door entrance to
allow you access to other Network Segments. Make sure this address is within the
local Network.
SysLog IP address – “Optional.” If you have a Syslog Server application running on
your network the CDI Devices can report audit trail messages back to the Syslog
Server for monitoring purposes.
SysLog IP Port – This will be the virtual port of the Syslog Server that the CDI
Device needs to know for communication purposes
8-10
Assigned Client PPP Address – In order for the CDI device to negotiate a PPP
session, you will need a PPP Address for the CDI Device to assign to your
application. Make sure the PPP address is within the local Network Segment into
which you are dialing.
8.3.4 UniGuard Client, System Options
UniGuard Client, System Options screen
User Security Level: This establishes the method when the User Log’s on to the
device.
Host AT Command Access: Enables the Host to access the modem
Host Dialout: Enables the Host to Dialout using the modem.
Host DTR: This option monitors or ignores the DTR (Data Terminal Ready) signal
from the Host port of the UniGuard. The default is Monitor.
Link\IP Port Options: The Link port options are; Link Connection, Power Port
Connection and IP authentication, IP Dialout/No Encryption and IP
Dialout/Encryption.
ASE/TDES Mode for Client Encryptor (UniGuard Client)
8-11
Added to the AES/TDES Mode for the Client Encryptor is “Both” This will enable the
device to operate with Host Encryptors (UniGuard and Port Authorities) in both TDES
and AES modes. The UniGuard Client must also have an AES Engine connected to
its link port to be able to do AES.
Password: When editing an existing device, the password will display asterisks.
System Key: The User can define his/her own default System Key in the Setup
Dialog page under Settings.
Update System Key: Clicking on the Update System Key bar will display the
System Key Update screen.
Set an existing device for a new System Key, or set all devices in a group or set all of
a particular device in a group for a new System Key (same Key).
Client Key: Clicking on the Client Key bar will display the Encryptor ID Information
screen. Enter a key or click Generate to have the DDM create one.
First Message Delay Time: The First Message to be sent (defined in the
Communication screen, Primary, Secondary and Host Connect) can be delayed by
entering the number of seconds for the required delay. This allows time for the
modem to connect.
Inactivity Time: The number of minutes that will cause the unit to signal the modem
to disconnect if exceeded. A zero (default) will disable this function.
8.3.5 Communications Screen UniGuard Client
The Communications screen allows for setting the parameters that the UniGuard
client will use to communicate. .
8-12
Baud Rate: Clicking the down arrow along side the Baud Rate window will display
the available baud rates. The baud rate can be set between 1200 Baud and 230,400
Baud. An Auto Baud is also available which will seek out the Baud Rate from the
incoming data.
Primary, Secondary, and Host Connect Messages: The primary, secondary and
host connect messages can also be defined here (optional). Clicking on the
appropriate bar will open a blank screen in which the message can be entered.
Enable the AT Command: Click on the Send AT Command to enable the AT
Command to be sent.
Enter the AT Command: The AT Command can be entered in the window beneath
the Enable AT Command.
8.4
SSE Client
The SSE Device acts as a client encryptor and comes with a unique 6-digit ID. The
SSE Triple DES/AES key can only be programmed by the DDM.
An SSE Client has a hardware component and a software component.
SSE – Secure Session Encryptor (CDI USB Token) that includes a USB
cable. One end of this cable is attached to the USB port of the PC. The
other end is connected to the SSE hardware device. A device license is
required for the SSE hardware device to be managed by the DDM.
SST – Secure Session Terminal is a Communication Software program
(Windows ME, 98, 2k, and XP platforms) that allows remote users to
securely connect to CDI devices via Triple DES/AES communications
using the SSE.
8-13
8.4.1 Adding an SSE Client
To add an SSE Client, double-click on the Client Encryptor leaf in the Group List that
the SSE Client is to be placed. The Select Client Device Type List screen is
displayed.
Click on the SSE Client to display the SSE Client Information screen.
If no SSE Device licenses are available, a message will be displayed asking the user
to contact CDI for additional licenses.
Minimum Pin Length
The Minimum Pin length is the least number of
characters that may be entered for the pin. The
range is from 4 to 12 characters. The pin must
be between the minimum length and 12
characters.
Unlock/Lock SSE Device
The user can unlock or lock the SSE (default is
unlocked).
After a consecutive number of failed logon
attempts, the SSE is put into a locked state.
When locked, the SSE device cannot do
encryption.
SSE Client Information screen, Modem Dial Out
Communication Type
Once locked, the SSE must be unlocked before logons can be attempted. When
unlocked the SSE is put in new pin mode.
Setting the Lock SSE Threshold value
The Lock Threshold value can be accessed from
the Setting menu bar in the main screen. Click on
Settings in the menu bar, then select Setup in the
drop down screen.
The threshold value is the number of consecutive
failed logon attempts that will put the SSE in the
locked state (default is 5). If the threshold is not
reached and a successful logon has occurred,
the SSE lock value is reset. If the SSE lock
6hreshold value is set to zero, then the locking of
the SSE will be disabled.
SSE Client Information screen, Local USB
Communication Type
Require Pin Validation
If enabled (default is enabled), the user must enter a pin to logon to the SSE device.
Require New Pin
If enabled (default is enabled), the user must enter a pin to logon to the SSE device.
8-14
Defining the Communication Type
Communication Types available are Modem Dial out, Modem Dial in, Direct to a
COM Port or Local USB
Selecting the Communication Type
To display a list of Communication Types, click on the arrow of the Communication
Type field. Click the appropriate communication type to select it.
Modem Dial Out
Selecting Modem Dial Out will require that you enter the phone number in the
Modem Dial Out window.
Modem Dial In
Selecting Modem Dial in will require entering of the Wait for connection value.
This is the number of minutes that the DDM will wait for a connection; the
maximum value is 15 minutes.
Direct to COM Port
Selecting Direct to a COM Port will require choosing the desired COM Port.
Local USB Port
Selecting the Local USB Port will require choosing the COM Port to which the
SSE device is connected.
Information
Information about the SSE Client can be entered in the Information window. This
information will be displayed when this screen is displayed.
Selecting the SSE Key Info Button
Clicking on the SSE Key Info Button on the SSE Client Information screen will display
the Encryptor ID Info screen. You may enter the Encryptor keys or you may click
Generate to have the DDM produce one.
After the device has been added, it must be programmed. Please refer to the
Program Devices section.
8-15
9 USERS
User information is stored in a database managed by the DDM. When you add,
modify, or delete a user, a change is made to the database stored on the DDM PC.
The databases of the remote devices can then be programmed with the updated
information.
This section contains information about managing users and includes the following:
9.1
•
Add, edit, and delete a user
•
User types
•
Display a list of users of a group or all users in the system
•
Program devices with the updated user information
Add a user
You must first select the group to which a user is to be added. To do this, click on
"Users" under the Group to which the user is being added.
Click on User in the Menu Bar and select the Add New User to Selected Group
option. The User Properties screen is displayed.
Shortcut: Double-click on Users in the desired group to display
the User Properties screen and add a new user.
A user may belong to more than one group. A user from one group can be copied or
moved to another group by dragging the user to the appropriate group. To do this,
display the complete user list, click on a user id and drag it to the appropriate group.
9-1
The User Properties screen has 5 tabs: User Info, User Security, Token Key Info,
RSA SecurID, and Token Info.
9.1.1 User Info
User Type: Required. Allows you to select the type of user access for a particular
user and thus the security level. Select the type of authentication that will be used to
confirm the user identity from the pull-down option list. Available user types and
descriptions are listed in the following table.
User Type
Description
RSA SecurID Token
User must have an RSA token and pin to use the
passcode to gain access to a device
Password and ID
User inputs a User ID and password to gain access
Callback
(MultiGuard only)
Requires a valid ID and Password and the user to be
connected to the phone number listed in their user profile.
The Device will call back the user on the designated
number
Roving
Same as call back but the user specifies the callback
number when they first try to authenticate, this number is
deleted from memory after the session
CryptoCard
Proprietary type token, user must have the User ID, PIN,
and token
DPI Token
Proprietary type token, user must have the User ID, PIN,
and token
Encryption
User ID and Password and the whole session is
encrypted. For an encrypted session, the user must dial
out through a UniGuard Client or normal modem with an
SSE.
Encryption Mode can be selected for all of the above options so that the access
and session are both secure.
9-2
User ID: The ID that the user will enter to log on to the system. The User ID may
have a maximum of 10 characters in length.
User Name: Enter the name of the user. You may enter the actual name or a
nickname.
User Information: Optional: Enter descriptive information about he user.
Assign User to Port Authority Ports: Users for Port Authority units can be granted
access to any single port, group of ports, or to all ports. Each port can be clicked
separately. If a user is to have access to all the ports in the Port Authority, then the
ALL box may be checked, as shown.
Lockout User allows the administrator to lock out a user from a group without having
to delete their profile. The user will then be included in the locked user list.
Note: To unlock a locked-out user, click to uncheck this box.
Click Accept to continue. Depending the User Type selected, a message is
displayed indicating additional information must be entered in the User Security
screen. For example, if you selected User ID and Password as the security type,
then a message informing you that you must enter a password is displayed.
9.1.2 User Security
The fields displayed on this screen depend on the User type selected on the User
Info screen. This screen applies to Password and ID, Call Back, Roving, and
Encryption user types.
Password: The User Password can be up to 10 characters in length and is used by
the UniGuard, Port Authority, or MultiGuard device to authenticate the user.
Note: When modifying the user properties of an existing user who has a
password field enabled, the password will be displayed as asterisks.
9-3
Call Back Number: (applies only to Callback or Roving user types). Enter the phone
number of the line to which the user’s modem is connected.
Pager field: (applies only to UniGuard and Port Authority devices; a user must be a
Pager user type). Enter the pager number for a "Pager" user type.
(Ex. 1,800,5557727,,,,,,). The commas provide pauses of approximately 2 seconds.
9.1.3 Token Key Info Screen
This screen will only be available if "Token User, “Cryptocard User” or “DPI Token
User” was selected as the user type in the User Info screen.
Token Serial Number (optional): Enter the serial number or click Generate to have
the DDM provide one.
Token Key Information allows the administrator to set up the Token encryption key
and PIN
Primary Key: The Primary Key field is required and MUST contain 16 HEX
digits. You may enter a key or click Generate to have the DDM enter a key.
Token Type field (optional): Select Hex or Octal.
Primary Pin (optional): Enter a pin for the Primary Key or click Generate
to have the DDM enter a PIN.
Secondary Key and Secondary Pin fields are unused and are reserved for future
use.
When editing an existing User of this type the Primary field will be displayed with
asterisks.
9-4
9.1.4 RSA SecurID Token Info
The following information applies to when adding a new RSA SecurID Token User.
RSA token information is stored on the disk supplied with the tokens. When a new
RSA SecurID Token user is generated and the RSA SecurID Token Info tab is first
selected, you are prompted for this disk. The token serial number selected from the
list of available tokens. The Token Serial Number, Birth Date, and Death Date are
then automatically updated.
To update this information, press the Update RSA SecurID Token Record button
RSA SecurID Token Info user properties apply to new and existing RSA token users.
RSA SecurID Token Serial Number: The permanent number on the token.
RSA SecurID Token Death Date: Date the token will expire (and will require
replacing)
9-5
RSA SecurID Token Pin: PIN that is used to authenticate the user.
New Pin Mode: Selected the first time the user is entered into the database. When
the user logs on for the first time they are given their password and the device
registers that they have authenticated. Next time the DDM programs the device it
retrieves this information and automatically unchecks the New Pin Mode box.
Ideally the NOC would get all users to first only authenticate to one device, then
program that device, get the pins and validation then program the other devices.
DDM Assigned: Checked if the Administrator wishes to assign the PIN
User Assigned: Blanks out the PIN and allows the user to enter their own PIN when
they first authenticate
9.1.5 Encryption User and ENCRYPTOR
Encryption Users only apply to UniGuard, Port Authority 88, and Port Authority 44
units.
This screen will only be available if "Encryption User" was selected as the user type
in the User Info screen and ENCRYPTOR keys were designated for assignment to
users in system setup (in the Setup dialog under Settings). All fields are required.
Encryptor ID: Enter the unique six digits ID of the remote encryption device.
NOTE: The Encryption Type (single or Triple DES/AES) that has
been designated in the System Settings is indicated:
Key Field: Enter the encryption "Seed Key". This is a 16 or 48 digit hexadecimal
key that can be manually entered or can be automatically generated by the program
by clicking on the "Generate" button. The size of the field depends on the encryption
type (single DES, 16 Hex Digit field and Triple DES (TDES), 48 Hex Digits).
9-6
Key Signature: Signature of the Primary Key. The Key Signature of remote
Encryptors is compared with this Key Signature. If both Signatures are the same then
the Keys will be the same.
Note: If triple DES is the selected Encryption type, three 16-digit hex keys will be
required when editing a User of this type The Primary field will display all asterisks.
The encryption type is set in the Setup dialog menu from the Settings button. The
default is Triple DES (TDES).
9.2
Adding Existing Users to a Group
A user can belong to as many Groups as necessary. All users in a Group will have
access to all devices in that Group. Port Authority devices are the only exception.
Because Port Authority devices have multiple ports, a user may be restricted from
some ports.
Users can be added to another Group by clicking on the User and holding down the
left mouse button while dragging the User to the desired Group. This will result in a
sub screen asking, “Do you want to add the user (User ID) to the group (Group
Name).
9.3
Delete a User from a Group
To delete a user from a group, click on Users under Group. The users of the group
are displayed in the right pane. Click on the User ID and then select Delete User
from the User dropdown menu.
9.4
Listing Users of a Group
Clicking on "Users" from the Main Menu bar will display all the users in the database
for the selected Group. Users can be added, edited, or deleted from the selected
Group’s database.
The properties of an individual user can be displayed either by double clicking on the
User ID or highlighting the ID and selecting the desired action from the "Users" pull
down menu.
9-7
9.4.1 Alternate Method of Listing Users of a Group
To display a list of all users of the selected Group, double-click on Users of the
selected Group, You may then perform the following tasks.
9.5
•
Sort the list. Click on a column heading to sort by that heading. You may
sort by User ID, User Name, User Type, and Token Serial Number.
•
Add a user to another group by dragging the user from the system User
Management list to another group.
•
Modify a user. Double-click on a user whose properties you wish to edit.
The User Properties screen for that user is displayed.
•
You may also select a user by clicking on the User ID, and then selecting the
“Display User” option from the User dropdown menu.
Modify Properties of a User
You can modify a user by highlighting the User ID from the list of users and selecting
"Display User" from the menu bar. The User Properties screen is displayed.
9.6
User Lock List
The User Lock List is a list of users that are denied access to some or all devices of a
Group. To display the User Lock list of a Group, select the group by clicking on the
Group name. After the group has been selected, double-click on User Locked List for
that group.
To unlock a user, click on the User ID to select the user. Right-click on the user and
select “Edit User” from the User menu. The User Properties screen is displayed.
Click to uncheck “Lockout User.”
9.7
User Management List
The User Management List is a list of all users of the DDM System. To display the
list, click Users from the Menu bar, and then select “Display Complete User List for
System”. The “User Management List for System“ screen displays. By clicking the
appropriate button under ”Display List Format”, you can display the User List (all
users) or only RSA users
9-8
From the User Management List, you can perform the following functions:
•
Add a user to another group by dragging the user from the system User
Management list to another group.
•
Delete a user from all groups.
•
Sort the users by User ID, User Name, User Type, or Token Serial Number
by clicking on the column heading.
•
Modify a user. Double-click on a user whose properties you wish to edit.
The User Properties screen for that user is displayed.
•
You may also select a user by clicking on the User Id, and then selecting the
“Display User” option from the User dropdown menu.
NOTE:
After making changes, you will need to distribute updated user information to the
remote devices. Please refer to the Programming section for more information.
9-9
10 SETTINGS
The options of the Settings menu allow you to specify DDM system-wide setting and to
perform system wide functions. These include compacting databases, adding and
deleting administrators, set up polling, and entering addresses for an email alert list.
The Settings Menu has options that allow you to set certain DDM parameters and
perform certain administrative tasks.
10.1 Setup Screen
The options in this screen enable you to set the communication parameters for the
DDM. These include the DDM PC modem properties, encryption information, the
number of unsuccessful login attempts by a user before lockout, the number of SSE
unsuccessful attempts before lockout, and other parameters.
10-1
Modem List: Select the modem that will be used to connect to remote devices. The
modem list reflects the modem list displayed in the Control Panel of the computer.
Modem properties can be displayed by clicking the Modem Properties button.
Update Cycle and Time
Update Cycle: Enter the time interval between polling of the remote
units. The Update period can be set for days, hours, or minutes. This
field only applies to MultiPolling DDM users and users who have been
granted access to Automatic Services by the Master Administrator.
Default values are Update Cycle 2 and 00:00 for Time.
Time: Enter the time (hours-minutes) that the update should occur.
Assign IP Address: This box must be checked when setting up a UniGuard, Port
Authority, or MultiGuard device with an IP card via the network.
When this option is enabled and the DDM is programming a device via the network
(Program Æ Reset Device), it first tries to ping the selected IP address to see if the
address exists. If the IP address does not exist, the DDM assign its IP address to the
network. The DDM will then attempt to program the selected device via the network.
Constantly Polling Devices: Click to enable continuous polling of pre-defined CDI
devices. This option applies only to this DDM PC. This option must be selected if
there are users enabled for Automatic Services and for Multi-Polling users.
Polling is activated when the Constantly Polling Devices) box is checked or the
Update Period is set. The DDM also needs to be configured as a polling station with
devices specified for polling (Settings Æ Multiple DDM Polling Setup).
DDM Communications Encryption Mode can be set to Single DES or Triple DES;
this only applies to the DDM program sessions.
Encryptor Ids: Sets the ENCRYPTOR Key Exchange to use the user key or the
device key. The default setting is Device Key.
Display Token Key: Only applies to token type users. The Token KEY can be
displayed in either HEX (0-9,A-F), OCTAL (0-7) or hidden with asterisks.
If the Display Token box is not checked, asterisks will conceal the Token KEY. This is
the default setting.
If the Display Token box is checked, the Display Token KEY window will expand to
include a bulls-eye for HEX Display and another for Octal Display. This Token Key
will be displayed in the Token Key Info field in the User Properties screen, (Token
Key Info).
Default System Key: When new groups are added, this default System Key will be
the System Key for all new devices added to these respective groups.
User/SSE Lockout Attempts: The number of times that a user can enter incorrect
logon information before being locked out of the system. The default is 5. If set to 0,
this feature is disabled.
10-2
If the threshold is not reached and a successful logon has occurred, the SSE lock
value will be cleared to zero. If the lock threshold value is zero, then the locking of the
SSE will be disabled.
DDM Real Time Log: Enable this for real-time logging.
DDM Real Time Log Port: Specifies the port on which real-time log entries are
received by the DDM.
10.1.1 Modem Properties
This displays the modem properties defined for the PC.. The Port Speed should be
set to 9600; the other settings should not be changed.
Advanced Modem Properties
The Advanced tab will allow changes to be made in the Terminal Window and
Hardware Settings.
10.1.2 Setup Properties for UniGuard
UniGuard Power Port Reset Override: If enabled, the DDM will send the command
to restore the UniGuard device to default settings when Reset Device or Reset Group
(Program Æ Reload Device or Reload Group) is selected.
10.2 Database Utilities
These utilities are used to compact and repair DDM databases.
10-3
10.3 DB Administrator List
The DB Administrator List screen lets you manage
administrators and assign users to automatic polling.
There must be at least one Master Administrator but
no more than three. Administrators may be added
and removed from this list.
Master Administrators are the only DDM users who
can do the following.
•
Add, remove, and change Administrators.
There must always be at least one administrator.
•
Change the Master Administrator.
•
Assign a DDM User for Automatic Services. Automatic services are the
automatic polling of devices, automatic purging of Audit Trail data, and
automatic backup of DDM database files.
10.3.1 Enabling Automatic Services and Database Management
Automatic Services sets the user for the automatic polling of devices, purging of Audit
Trail data, and backup of DDM database files (ODBC version only). The user will not
be able to do any database management or communicate manually with the CDI
devices in the field
A DDM User can be enabled for Automatic Services and Database Management or
for Automatic Services only. To do this, click Assign and enter the user name.
Select the appropriate Automatic Services option.
10-4
All administrators must be enabled for Automatic Services and Database
Management. Non-administrator DDM users can be set only for Automatic Services.
DDM Users not set for Automatic Services will be able to do database management
and communicate manually with the CDI devices in the field.
10.3.2 Unlock Database Records
Database records can be unlocked from the
Database Master Administrator List screen. Click
on the Unlock DB Records bar to display the
Unlock DB Records screen.
Select Unlock All Records to unlock all records
without first querying them.
Select Query Lock Records to query the records before unlocking them. This enables
you to select the records to unlock.
10.3.3 DDM Seat Licenses DDM SQL only
A DDM Seat License is required to access the SQL Server DDM Databases. If
multiple DDM Users access the DDM database concurrently, the DDM Seat License
limit must be equal to or greater than the number of concurrent DDM users.
The DDM Seat License screen displays the number of Seat Licenses available. From
this screen you can clear all DDM Seat Licenses or Add additional DDM Seat
Licenses. This is only for the DDM SQL version.
10.3.4 Add Seat Licenses to Database DDM SQL only
DDM Seat Licenses can be added from the
Administrator List screen by clicking the DDM Seat
License bar in the Add DDM License area.
You are then prompted to place the DDM Seat
License disk in the drive.
After you click OK, the Open File screen will be displayed. Select the location where
the Updated DDM Seat Licenses should be placed.
10-5
10.4 Device License
Each device added to the DDM must have a license.
The number of devices that can be added to the
DDM depends on the number of available licenses.
The DDM is shipped with a default number of Device
Licenses (3 UniGuards, 2 Port Authority units, and 1
MultiGuard).
Licenses for additional units can be obtained from
CDI. The licenses must then be added to the
database. (See Adding Device Licenses to the Database section).
The Device License screen displays the following information for UniGuard, Port
Authority, MultiGuard, and SSE units.
•
The number of device licenses available in the database.
•
The Device License Limit in the database for each device type.
•
The number of device licenses used in the database for each device type.
10.4.1 Adding Device Licenses to the database
To add a device license to the database, insert the Device License CD-ROM. The
licenses are stored in the license.lod file.
From the Settings menu, select the Device License option and click the Add Device
License button. From the list of files, select the license.lod file.
After the licenses have been added, you may click Update Device Licenses to update
the values displayed on the screen.
10.5 RSA SecurID Token Attributes
The RSA SecurID Token Attributes files set the RSA pin attributes.
10-6
The RSA Pin Attributes can be set for
•
Alpha/Numeric Fixed Pin Length
•
Numeric Fixed Pin Length
•
Alpha/Numeric Varying Pin Length
•
Numeric Varying Pin Length
10.5.1 RSA Pin Length
The RSA Pin Length can be set for a range between 4 through 8 characters. The
default setting is a minimum length of 4 and a maximum length is 8.
10.5.2 RSA Next Pin Mode
The RSA Next Pin Mode denotes the number of times that an incorrect pin can be
entered before the Next Pin Mode takes place. When this happens, the caller will be
prompted for the next pin appearing on the RSA Token. The default setting is 3.
10.6 RSA SecurID Enable Files
The RSA SecurID Enable files enables a CDI device to operate as an RSA SecurID
authentication device. There must be an RSA Enable File for each device that is to
be RSA SecurID enabled.
The RSA SecurID Enable Files screen displays the total number of licenses, the
number those are available, and the number used.
New RSA Enable Files are added by clicking on the Add Device Licenses to
Database button.
After you add a license(s), the values displayed can be updated immediately by
clicking Add Device License to Database.
10-7
RSA SecurID Enable Available is the number of RSA SecurID files unassigned.
RSA SecurID Used in the Database is the number of RSA SecurID files assigned.
RSA SecurID Enable Limit is the number of RSA SecurID files that are allowed in
this DDM System. Adding additional RSA SecurID files can expand the Enable Limit.
These can be obtained by contacting CDI.
10.6.1 Add RSA SecurID Enable Files
Click the Add RSA SecurID Enable Files button to add RSA SecurID files to the main
RSA SecurID Enable file located in the MultiPoll/License file defined path. This is
defined in the Database Master Administrator List.
10.7 DDM Log Files Purging Setup
DDM log files, including the Audit log and the
RealTime log, can be deleted automatically after a
specified number of days.
Enter the number of days the files are to be kept.
Files are deleted after the number of days specified
and cannot be recovered. Valid entries are from 1 to
365 days.
You can also manually purge the logs by clicking the
Manual Purge DDM Log Files.
Click OK to continue.
10-8
10.8 Define SNMP Events
This screen enables you to specify the SNMP Manager’s address(es) to which
messages initiated by CDI devices will be sent.
SNMP Manager’s IP Address 1: IP Address of the first SNMP Trap Receiver that
you want the traps to be sent to.
SNMP Community Name 1: The Community string (“password”) that the first trap
receiver uses to validate traps.
SNMP Manager’s IP Address 2: IP Address of the optional second SNMP Trap
Receiver that you want the traps to be sent to.
SNMP Community Name 2: Community string that the optional second trap
receiver uses to validate traps.
SNMP Manager’s IP Address 3: IP Address of the optional third SNMP Trap
Receiver that you want the traps to be sent to.
SNMP Community Name 3: Community string that the optional third trap receiver
uses to validate traps.
SNMP Version: Select the version of SNMP trap that is being sent.
SNMP Event List: A list of all the possible SNMP traps that can be generated.
SNMP Defined Events box displays a list of possible SNMP events that can be
monitored. To select an event that will be monitored, click on the event and then
click >>. The event will then be listed in the SNMP Defined Events box. The events
in the Defined Events box are passed on to the SNMP manager.
To move a Defined Event back to the Event List, select the event, and then click the
<<.
To delete an event, click Clear.
10-9
10.9 Setting up Multiple DDM Polling
Multi-Polling allows you to set up polling for other PC’s running the DDM application.
Only a Master Administrators can access this option (see DB Administrator List).
Click Settings and select the Multiple DDM Polling Setup option.
When the Multi-Poll Settings screen is displayed, the DDM will search for the file of
DDM Poll Station names and populates the DDM Poll List box with the Poll Station
names.
The MultiPoll files are located in the MultiPoll/License file path defined in the DB
Administrator List. The name of the computer must be used as the DDM poll station
name. There can be up to eight DDM Poll Stations.
10.9.1 MultiPoll\License File Path DDM SQL only
The file path to the location of MultiPoll files and all
License files can be defined or changed in the
Change Multipoll Licenses File Path. If the path is
known, it can be inserted in the window. If the path is
not known, click the Browse MultiPoll\License File
Path box to view storage devices and folders to
locate the file. NOTE: This only applies to the DDM
SQL version.
10.9.2 DDM Polling Stations
The Multiple DDM Polling screen displays the Station DDM Poll list and allow you to
select to poll by groups or by devices.
Click the Properties Bar to display the Setup properties for the DDM.
10.9.3 Adding Poll Stations
Adding Poll Stations lets you add a DDM polling station to the list. A maximum of
eight DDM Poll Stations can be added.
10-10
Click on the Add Station bar to display the Add/Edit DDM Poll Station List screen.
Type in the names of the computers you want to add in the DDM Poll Station field,
and then click OK. The Select Groups (for the computer name that was added)
screen is displayed.
Depending on the Poll Type selected, either the Select Groups to Poll or the Select
Devices to Poll screen is displayed.
10.9.4 Select Groups to Poll
From the Select Groups to Poll list, highlight the Groups you want polled by this
computer and click on >> to transfer them to the Group Select window. Groups can
be removed from the Selected Groups list by highlighting them and clicking <<.
When you have completed your selections, click OK to place the groups in the Group
List for that computer. A message similar to the one below will appear informing you
that the computer must be restarted for the polling process to begin.
10.9.5 Edit a Station
To change the name of a Station, click on the Computer name then click Edit. Enter
the new name.
10.9.6 Deleting a Station
To delete a Computer Station, click on the Computer name then click Delete. When
deleting DDM Poll Station names from list, the associated computername.pol file will
also be deleted from the MultiPoll/License file path.
10.10 DDM IP Dialout List
The IP Dialout List is a list of Client Encryptors (UniGuards in client mode) with
internal IP cards that can be used by the DDM or SSM to contact remote devices in
the field using IP Dialout Communications.
The DDM or SSM will connect to the particular client via a network connection, take
control of its internal modem, and dial out to a remote device.
This list is sorted by client encryptor that has not been used the longest. When a
client encryptor has been used, it goes to the end of the list.
Non-CDI devices that have IP Dialout capability, such as Cisco Routers used as
Terminal Servers, can be added in the list.
To display the list, select DDM IP Dialout List from the Settings menu.
10-11
Each entry in the list contains a Device Name and an IP Address/Port Number that
the DDM can use for IP Dialout communications.
All items displayed in blue are CDI devices set to be used as IP Dialout connections.
(See Device Properties). All non-CDI devices are listed in black type.
From this screen, you may Add, Edit, Delete, and Select Devices from Database. All
CDI device items in the list may only be viewed; they cannot be modified from this
screen.
IP Dialout Expiration Period is used in conjunction with the dialout process. If the IP
Client device cannot be connected to during the start of the IP dialout process, the
DDM will use this value to determine if the client device should be put into an ALARM
state.
If the time stamp of the client (last time it was successfully connected to) plus the IP
Dialout Expiration Period is less than the current time, this client device will be into an
ALARM state. This will alert the user that there is a problem with IP Client device.
This value is in minutes. 0 disables this feature.
10.10.1 Adding a non-CDI device
The Add Device button only applies the non-CDI Devices and allows non-CDI
devices to be added to the IP Dialout list.
10-12
Device name: A name that will help the user define this device. IP Dialout address:
The correct IP address of the device.
Extra AT commands: Enter AT command.
10.10.2 Edit a non-CDI Device
The Edit Device button only applies the non-CDI Devices. This allows the Device
name, IP address, and Extra AT commands of the non-CDI device to be changed.
10.10.3 Delete Device
You can remove both non-CDI and CDI devices from the IP Dialout list.
After you select a device to delete and click the Delete button, you will be prompted
to confirm your selection.
10-13
When CDI items are deleted from the list, the IP Dialout Connection box in the
Device Properties screen for that device is unchecked.
10.10.4 Adding CDI Devices to the IP Dialout
You can add CDI devices to the IP Dialout List that have a valid IP address but have
not been set for IP Dialout connection.
1. Click the Select Devices From Database button. A list of UniGuard devices in
the system that have a valid IP Address and are not set to be used as an IP
Dialout connection are displayed (Devices Available list.).
2. To select devices for IP Dialout communications from the Devices Available list,
highlight the device(s). Click >> to move the selected device(s) to the Devices
Selected list.
3. Click the OK button to exit the window. The selected devices will now appear in
the IP Dialout list.
The DDM can now communicate with the device using IP Dialout.
10.11 Email Alarm Alert List
The DDM Client has the ability to email alarm alerts when the DDM is programming
(communicating) devices. You may add, edit, or delete the email addresses to which
selected alerts are sent. A maximum of 25 users can be added to the email alarm
list.
10-14
10.11.1 Enabling the Email Alerts feature
To enable this feature, check the “Enable this DDM Client to send Email Alarm
Alerts” box. The DDM Client Email Information window is displayed. The l
information displayed in this window is used by the DDM to send email alarm alerts.
Users must already be listed in the Email Alarm Alert list for the DDM Client to send
email alerts to these email users. For information about adding email users, see
Adding an Email User.
This window is the email information needed for this DDM Client to send out email
alarm alerts.
SMTP Outgoing Server name and SMTP Port number (usually 25) parameters
can be found in your Mail Account properties (ex. Microsoft Outlook or Netscape
Mail).
Enable SMTP Authentication: If this is enabled (checked), then you will need your
User Name (which can be found in your Mail Account properties) and email account
password. The email password will be displayed as asterisks and is saved in
encrypted format.
If the Enable SMTP Authentication checkbox is not checked, then the Username
and Password fields are not used. The DDM Client will try to connect to the SMTP
Server without security.
10-15
Whether or not the DDM Client can connect to the SMTP server is dependent on
the SMTP server. Some SMTP servers will allow this and others will not. It is
depended on the SMTP server. Your email address can also be found in your Mail
Account properties.
The email address format should be the same as displayed in you address book.
User name followed by < followed by the actual email address.
10.11.2 Email User Properties
Email users are added and user properties are edited in the Edit Email User screen.
Enter the User Name and Email Address. From the Email Alarm List, select the
alarms that are to be emailed to the user.
10.11.3 Adding an Email User
In the Add Email User screen, enter the username and email address at the
prompts.
The Email Alarm list displays all alarms that may be selected. Click to select an
alarm. Move this alarm to the Selected List by clicking the arrow pointing to the
Email Selected List box. After you have finished selecting alarms, click OK.
10-16
To remove an alarm from the Selected List, highlight the Alarm and click the arrow
pointing to the Email Alarm List box. Click OK to continue.
These Alarm events occur in the process of communicating with CDI devices. To be
able to email alerts, the Alarm type must be defined in the Email Alarm List.
Example
For example email user John Doe1 has the following events defined.
1. User ID/Password Error
2. RSA Token Expired
And email user John Doe2 has the following events defined.
1. User ID/Password Error
2. Connected to an Invalid Device UniGuard.
And email user John Doe3 has the following events defined.
1. RSA Token Expired
2. Connected to an Invalid Device UniGuard.
This DDM Client sends a manual Reset Device or Program Device command to
UniGuard device. When retrieving the audit trail from this device, a “User
ID/Password Error” event is received. An email will be sent to John Doe1 and
JohnDoe2.
11/11/2004 11:11:00 Device Name
User ID
Port No. User ID/Password Error
Then an “RSA Token Expired” event is received. . This DDM Client will send out an
email to John Doe3 and JohnDoe1.
11/11/2004 11:11:00 Device Name
User ID
Port No.
RSA Token Expired
Email Alerts when Multiple Devices are Programmed
When multiple devices are programmed, the DDM builds separate files for each
defined email user. As each event is processed, it will append the defined event to
the appropriate email file.
Multiple devices are programmed when any of the following options is selected:
•
Reset Group
•
Program Group
•
MultiPoll Programming
•
Program All devices
10-17
•
Program Failed to Contact List
After all the devices are programmed, emails are sent to the appropriate email
users.
John Doe1
11/11/2004 11:11:00
11/11/2004 11:11:00
Device Name
Device Name
User ID
User ID
Port No. User ID/Password Error
Port No RSA Token Expired
John Doe2
11/11/2004 11:11:00
Device Name
User ID
Port No. User ID/Password Error
John Doe3
11/11/2004 11:11:00
Device Name
User ID
Port No. RSA Token Expired
After sending these emails, the DDM sends a list of the devices the DDM could not
contact to all email users
10.12 Display DDM Registration Form
This displays the DDM Registration form. You may email or print the form. This is
used only for update information and not as a sales tool.
10.13 SSM Setting
SSM is for NOC (Network Operating Center) and has access to the DDM Databases.
It is used to contact the remote devices by modem, network, IP dialout, or serial
communications). When connected, the user will authenticate to the remote device
and can access its host applications.
10.14 DDM Radius Service
This option enables you to set up Radius server services using the Service Install
Wizard.
10.15 Export DDM Database to XML File
This option allows you to do the following:
•
Export the DDM database to an XML File.
•
Extract device information for all devices in the database into an XML file for
importation into a spreadsheet (such as Excel spreadsheet).
You will need to enter a filename and select the folder in which the file is to be
saved.
10-18
11 PROGRAMMING DEVICES
Whenever a change has been made to the DDM database, the databases of remote
devices need to be updated. Changes to the database include the addition,
modification, or deletion of users, device configuration, and the addition of new
devices.
This section describes how to do the following:
•
Reload/Update all devices, devices of a group, or a single device
•
Update the firmware
•
Telnet to a device (for devices that have an IP card)
•
Update the firmware of the IP card
•
Configure the IP card of a device
•
View the status of a device
•
Display DDM real-time log entries for the device and display audit
information for a device.
11.1 Program menu
The Program menu lists the options to program, reset, clear and telnet to devices as
well as options for updating the time and displaying audit logs.
The options available depend on whether you have clicked on Group List, a group
name, Devices listed under group list, or on a specific device.
11-1
Program-Reload Device: Clears the memory of the device then re-programs it with
all the settings in the device record information The device record is all the
information, parameters, settings, and properties that the DDM stores about a
device..
Program-Update Device: Updates the device by adding any changes configured in
the device record since the last time the device was programmed.
Program Group: Programs all devices in the selected group.
Program Flash For Selected Device: Programs the firmware of the selected device
Program Flash For Selected Group: Programs the firmware of all devices in the
selected group.
Program All Devices: Programs all devices in the system with the any changes to
the DDM database since the last update.
Telnet To Device: Opens a Telnet Session to a device with an internal IP Card
Reset Group: Clears then re-programs all the devices in the selected group.
Program Flash Device’s IP Card: Programs the firmware of the internal IP of the
selected device
Program Flash SSE Device: Programs the firmware of the selected SSE device.
Program Device Contact List: Programs all devices in the Not Contacted List
Configure Device’s IP Card(s): Configures the internal IP Card of the device when
using Network Communications. When any other communication mode is used, this
option will act like a normal program device
Status: Displays the Program-Update to-do list for all devices in the system
Display DDM RealTime Information For Device: Displays the real time information
for selected device
Display Audit Information For Device: Displays the audit information for the
selected device
Update Device Time: Resets the date and time of the device.
Program Group Flash Devices IP Card: Programs the Firmware of the IP Card for
all devices in the selected group.
Test Device’s Internal Modem by Network: Tests the internal modem by
connecting to the device via network communications.
Clear Device: Clear all security credentials (system password and system key) from
the device. The device must then be reprogrammed before it can be accessed.
11-2
11.2 Programming Devices Overview
When the database is modified or a device is added, the devices need to be
programmed with information from the DDM computer database. The device may be
reloaded with information from database of the DDM computer or a device may be
updated with any information that is new.
You may choose to program all devices, all
devices of a group, or a single device. After you
select the appropriate option, a series of screens
are displayed that provide you with the status of
the procedure. The first screen is the Call Status
screen. You may stop the process by clicking
Hangup.
Several informational screens will display after this screen. When the programming of
the device or devices has been successfully completed, the message “Successfully
Programmed:” is displayed. If the operation is not successful, a popup window with
an error message is displayed. An entry in the Audit Trail log will indicate the success
or failure of the operation.
11.2.1 Program-Update Device
The Program-Update Device option enables you to update the database of a single
device with any changes to the device record since the last time the device was
programmed.
1. Under Group List, click the name of the group that contains the device
to be updated. A list of devices is displayed in the right pane.
2. From the list, select the name of the Device to be updated.
3. Click Program in the Menu Bar. Select Program-Update device.
An alternative method of updating a remote device is to click on Devices in the group
to which the device belongs. The device list displays. Highlight and then right-click
the device name. From the menu displayed, select Program-Update.
11-3
11.2.2 Program-Reload Device
Program-Reload Device clears a single device and then reprograms it with the
information in the device record, including device, user, and client information.
Program-Reload is selected when you a programming a new device, or device that
has been cleared.
1. Under Group List, click the name of the group that contains the device
to be reloaded. A list of devices is displayed in the right pane.
2. From the list, select the name of the Device to be reloaded.
3. Click Program in the Menu Bar. Select Program-Reload Device.
An alternative method of clearing and reprogramming a remote device is to click on
Devices in the group to which the device belongs. The device list displays. Highlight
and then right-click the device name. From the menu displayed, select ProgramReload.
11.2.3 Program Group
Program Group lets you program each device of a selected group. Based on the
changes made to the database residing on the DDM PC, Program Group adds and
deletes users from the database of each device of the group. Program Group does
not clear the default parameters of a device; it updates the devices with the changes
since the last time the devices were programmed.
1. Under Group List, select the Group Name.
2. Click Program in the Menu Bar. Select either Program Group.
11.3 Reset a Group
Reset Group clears all devices in the selected Group to the default settings, and then
programs each device with the date and time, system options, port options, and the
client ID list (if it is not a client).
1. To reset a Group, select the Group in the Group tree list.
2. Click “Program” in the Menu bar and select Reset Group. A message
will be displayed requesting a confirmation of the Reset.
11-4
11.4 Programming Flash for a Selected Group
Select this option to program the flash memory of all devices in the selected Group.
To program the flash memory, the DDM computer sends a hex file to all devices of
the selected group.
1. Select the Group from the group tree list in the left pane.
2. Click on “Program” in the menu bar.
3. Select Program Flash for the group.
11.5 Programming Flash for a Selected Device
Select this option to program the Flash memory in the selected device. This
procedure loads a hex file from the DDM computer.
1. Click on the Device Name in the right pane.
2. Select “Program” from the menu bar.
3. Select “Program Flash for Selected Device” from the pull down menu.
The Hex file list will be displayed.
4. Select the HEX file to be loaded into the
device.
UniGuard devices: the file should be named
Ugrdxxx.hex where xxx = the version (ex 7.01).
Port Authority devices: the file should be
Paxxx.hex, where xxx = version (ex 1.03).
MultiGuard devices: the file should be
MG04xxx.hex, where xxx is the version number
(ex. 5.02).
11.6 Program All Devices
To program all devices, click on “Group List” in the left pane. From the Program
menu, select “Program All Devices” to update each device in the group with the
changes since the last update.
11-5
11.7 Telnet to Device
To telnet to a device, click on the Devices icon of the Group to which the device
belongs and select the device from the list.
From the Program menu, select “Telnet to Device”. A telnet connection to the
selected device will be established.
11.8 Status
To display the Device Spooler Status log, click Status. The Device Spooler Status
lists the Program tasks to be completed. The entries will be automatically deleted
from the lists as the programming tasks are completed.
To display this log, select Status from the Program menu.
11.9 Program Device Contact List
Select this option to display a list of all devices that have not been contacted.
11-6
11.10 Configure the IP Card of a device
Select this option to configure the IP card of a device when using Network
Communications.
In the right panel, click to highlight the device name. Once the device name has
been highlighted, select the Configure Device’s IP card option from the Program
menu.
If the communications mode is set to Network, then only the IP card is configured. If
any other communication mode is selected, then the device is reprogrammed as if
Program-Update device was selected.
If a communication mode other than Network communications (modem, serial port, IP
dialout) is used, then this option acts like a Program-Update Device option.
A series of informational screens will be displayed. If the programming is
unsuccessful, a pop-up window that displays a failed to connect to device message
will be displayed.
11.11 DDM Programming a Remote SSE using Modem Communications
To program a remote SSE, the DDM dials out to a SST Terminal that has an attached
SSE device.
1. Highlight the SSE device from the DDM Client List view. The
Communication type for this device should be set for Modem Dialout
(check the SSE device properties). There should also be a dialout
modem number defined in this SSE device’s properties (check the SSE
device properties).
2. From the SST Terminal, connect using the “Direct To Com Port
communication” type with the correct Com port selected. This Com port
must have a modem connected (internally or externally).
11-7
3. From the DDM, select the Program from the menu bar and then
Program-Reload device from the popup menu.
4. The DDM will then dial out to the remote SST that has an attached SSE.
After connecting to the SST, the modal popup windows on both the DDM
and SST will indicate if the SSE device was program successfully
(Successful Communication with CDI SST Terminal).
11.12 DDM Flash Programming a Remote SSE using Modem
Communications
To flash program a remote SSE, the DDM uses modem communications and dial out
to a SST Terminal that has an attached SSE device.
Highlight the SSE device from the DDM Client List view. The Communication type for
this device should be set for Modem Dialout (check the SSE device properties).
There should also be a dialout modem number defined in this SSE device’s
properties (check the SSE device properties).
1. From the SST Terminal, connect using the “Direct To Com Port
communication” type with the correct Com port selected. This Com port
must have a modem connected (internally or externally).
2. From the DDM select the Program menu bar. Then select Program SSE
Flash from the popup menu.
3. The next window is the Choose Flash Type window. Select the correct
Pilot file and SSE Flash file. These files will be used in the SSE Flash
process. Then select the Start button to start the SSE Flash process.
4. The DDM will then dialout to the remote SST that has an attached SSE.
After connecting to the SST, the modal popup windows on both the DDM
and SST will indicate the Flash process status.
The DDM will first send the pilot file. After the pilot file was successfully sent, the DDM
will send the image file to the SSE. After the image file was successfully sent, both the
DDM and SST will both display that the SSE was successfully flashed. The DDM will
then reprogram the SSE device. This procedure may take from 5 to 10 minutes to
complete.
11.13 Displaying the DDM Real Time Information for a Selected Device
To select the device for which you want to display DDM Real Time Information, click
Devices in the Group containing the Device. From the list displayed, select the
device. From the Program menu, select “Display Real Time DDM Information for
Device.”
11-8
.”
When the Display DDM Real Time Information For Device is selected, the DDM Real
Time Log for that device will be displayed.
From this screen the Log can be printed, sent to a file, or deleted.
11.14 Displaying the Audit Information for a Device
Audit information for a device includes each event that occurred to a device, the date
and time of the occurrence, the port and other information. Failures and errors are
listed in red. The Audit Information log may be printed, sent to a file, or deleted.
Display a list of the devices of a group by clicking on Devices icon in the Group
containing the device to be selected. From the list displayed, select the device. From
the Program menu, select “Display Audit Information for Device.”
11-9
The information includes each event that occurred to a device, the date/time that the
event occurred, the port, and other information. Note that failures and other errors are
listed in red.
11.15 Program Group Flash Devices IP Card
Select this option to program the Firmware of the IP Card for all devices of a
particular group that have a particular card type.
Select the IP card type from the window displayed. For example, if a 10 MEG IP card
is selected, all devices of the group that have a 10 MEG IP card will be programmed.
If there are devices that have cards of a different type, you will need to repeat this
process.
11-10
11.16 Clear Device
This option clears all the security credentials from the device it must than be
reprogrammed before it can be accessed. To reprogram a cleared device, select
Program-Reload.
11-11
12 REPORTING and MAINTENANCE
The DDM generates system, client, and device reports automatically. This section
describes the following:
•
Switching to Report view
•
Creating a report template
•
Deleting a template
•
Deleting an audit trail
•
Purging logs
12.1 Report View
To access the Reports section, click on “View” on the Menu Bar. From the menu
displayed, select Report. Select All under Report to display all audit trail information in the
database.
Reports are displayed in
the View pane
Template
list
The left window lists the existing templates. The right window displays the actual System
Log. System Log, Device, and Client reports are automatically generated by the DDM.
12-1
All includes all device/user interactions in the report.
System Log lists any modifications to the DDM database.
Device Report lists events that occurred to devices.
Client Report lists events that occur to client devices.
12.2 Report Templates
A Report Template is a group of parameters that define the information displayed in an
Audit Trail Report. An unlimited number of templates can be designed to display the data
required.
Templates may be created, edited, and deleted.
To create a new template, highlight "Audit Trail Template List" in the left window. Click
Template on the menu bar and select Add from the pull down window. The Audit Trail
Configuration window is displayed.
Template Name
Assign a name for this template. To display all devices, all Users, and all events in the
Selected list boxes, double click on Display All Lists.
Date and Time Fields
Select the date format as MM/DD/YYYY or DD/MM/YYYY.
12-2
Enter the date/time range for which this report is to be compiled. The format for the date
and time is: MM/DD/YYYY HH:MM. AM/PM. Leading zeros are required
Group Name
The left window shows all the groups in the database. To transfer a group to the
"Selected" window for this report, double click on the group name. To de-select a
group, double click on the name in the "Selected" window. To include all available
groups in the report, double click on "All Groups".
This method of selecting applies to all other report parameters for the template.
Device Name
The left window shows all the devices in the groups. Transfer the devices to be included
in this report to the selected Device Name list on the right.
User ID
All the users assigned to the selected groups are displayed on the left. Transfer the users
whose activities are to be included in the report to the selected User ID list on the right.
Audit Trail Event
The Audit Trail Event List (left window) shows all events, which can be monitored.
Transfer the events desired for this report to the Audit Trail Event List (right) window.
List of Audit Trail Events
A complete list of Audit Trail Events is listed in the Appendix.
Edit an Existing Template
To edit an existing template, double-click on the template name or highlight the name.
Click on Template in the Menu Bar and then select Display/Modify from the pull down
window.
Delete an Existing Template
To delete an existing template, double-click on the template name or highlight the name.
Click on Template in the Menu Bar and select then Delete from the pull down window.
Displaying an Audit Trail for a Template
To display an Audit Trail for a specified Template, click on the Template name in the
Report tree view. The selected Audit Trail will be displayed in the Report List view.
12.3 Audit Trail Maintenance
Maintenance of the Audit Trail consists of the following tasks.
•
Setup
12-3
•
Archiving
•
Purging
12.3.1 Purging the Audit Trail
To purge an Audit Trail, click on Maintenance in the Menu Bar and select "Purge" from the
pull down window. The Purge pull down window will be displayed. This will allow all Audit
Trail information prior to the displayed date to be purged from the database.
12.3.2 Archive DDM ODBC Databases
To archive (Backup) the DDM ODBC Database, click on Maintenance in the Menu Bar
and select " Database Archive " from the pull down window. The Database query
message box will be displayed. Select “Yes” to archive the database.
You will then be asked to select the folder in which the database will be archived. The
archived databases (ddmdatammddyy.mdb and ddmlogmmddyy.mdb) will be copied to
the selected folder.
12.3.3 Purging the Audit Trail
An audit trail may be purged automatically or manually.
The DDM SQL version can automatically purge the Audit Trail and the SQL Server utilities
will archive (backup) the DDM SQL databases.
The DDM ODBC version can automatically purge the Audit Trail as well as archive the
database automatically or manually.
Automatic Purge of an Audit Trail
Setting up automatic purging of an Audit Trail consists of defining the number of days that
an Audit Trail/ Real Time DDM Real Time Log will be maintained providing the Automatic
Purge window is checked.
Example: To automatically purge all information over 30 days from the Audit Trail log,
set Maintain an Audit Trail to 30 days
Manual Purge of an Audit Trail
To purge an Audit Trail manually, click Maintenance in the menu bar and select "Purge"
from the pull down window. The Purge window will be displayed. This will allow all Audit
Trail information prior to the displayed date to be purged from the database.
12-4
12.3.4 Purging the DDM Real Time Log
The DDM Real Time Log can be manually or automatically purge from the DDM Real
Time Log database.
Manual Purge of the DDM Real Time Log
You must be in Report View to manually purge the DDM Real Time log. Select the
Maintenance option and then the DDM Real Time Log Purge option. The Manual DDM
Real Time Log Purge screen is displayed.
Set to maintain the DDM Real Time Log on this screen. The range is from zero (0) to 365
days. If zero (0) is selected, only data from the day is saved. All other days will have
been purged. If the number of days has been set to 29, only the last 29 days of data will
remain in the log.
Automatic purge of the DDM Real Time Log
The automatic purge process is accomplished from the Report View.
Select the Maintenance option and then Maintenance Setup. The Maintenance Setup
screen is displayed.
12-5
Specify the number of days to keep in the log, and the time that purging of the log is to
take place. The default is 30 days for each and the default time is 00.10 (HH.MM).
12.4 Exit the Report Section and Return to the Devices/User View
Click View on the menu bar to exit
Report View. To switch from the
Report View to Device/User view, click
Device/User List.
12-6
13 DDM POLLING SERVICES
This section describes how to set up and edit a polling service. Polling services are
applicable only to DDM SQL.
13.1 About Polling Services
DDM Polling Services can have a maximum of five polling services running on a
Windows PC (preferably a Windows Server where the DDM databases exist). The
DDM Monitoring Service will monitor these polling services’ schedules. Upon
reaching a pre-defined schedule it will automatically start the defined polling service.
The polling services only operate with DDM SQL database connections (SQL
Server). These services can be started manually or automatically at a scheduled
date-time. The DDM Polling service names are listed below:
•
DDMPollService#1
•
DDMPollService#2
•
DDMPollService#3
•
DDMPollService#4
•
DDMPollService#5
13-1
13.2 Editing a Polling Service
To edit a service double-click the service or right-click the service and select Edit
Service from the popup menu. The Service Properties screen will be displayed.
13-2
The DDM Polling Services 1 thru 5 Start Type are initially set to Manual Start.
When you set up a polling service, you can change the Start Type to Auto Start,
Manual Start, or Disabled Start. Auto Start will automatically start the service on PC
boot up. The DDM Monitoring service’s start type should be set for Auto Start.
13.3 Account Types
There are two types of accounts: System and User.
System Account
The system account uses the local system account for the service.
User Account
User account associates a polling service with a user. This account will need a
password and confirmation of the password.
13-3
The User Name is the name of a user under which the service shall run.
This account must have the advanced user right enabled, which is done through the
Control Panel of the DDM PC. (Log on as a service (found in Control
Panel\Administrative Tools\Local Security Policy)). The following format should be
used: <Domain>\<user> (Example: EuroS2Team\jko).
If the domain is predefined as the local machine, only the user name is necessary.
(Example: \jko).
If the services are not running on the Windows Server where SQL Server (DDM)
databases are located, you should use a user account not the local system account.
Enabling the Local Path Logging option will log information of the service's process to
a pre-determined log file on the local path. This option is mainly used for debugging
purposes. For example, ascertaining why the service does not start. You can view
the appending log file information by clicking the View Log button.
13-4
The Interact with Desktop option can only be used for local system accounts. This
should be disabled since there will be no interaction by the desktop with the polling
services.
13.4 Polling Modes
13.4.1 Poll all devices in the database.
Select this option to poll all devices of all groups.
13.4.2 Poll by selected groups.
Select this option to choose the groups to be polled by this service, When selecting
this option you will be ask to log into the DDM SQL Server databases. You must have
the proper credentials to log in successfully.
After successfully logging on, the Select Groups to Poll screen will be displayed.
Select the appropriate group(s) from the Groups Available list to the Groups Selected
list. Click Ok to save your selections and exit.
13-5
13.4.3 Poll by selected devices.
The Poll by selected devices option lets you select the devices to be polled by this
service only. After you select this option you will be ask to log into the DDM SQL
Server databases. You must have the proper credentials to log in successfully.
13-6
If modem dial out (not IP dialout communications) communications is used for polling,
select a modem driver to be used by the service must be selected. Click the Modem
List button and select the appropriate modem driver from the list. Click OK to save
your selections and exit.
13.5 Installing a Polling Service
You must be logged into the DDM SQL databases to install the service. The service
needs to have the proper credentials to access the DDM SQL Server database for
polling access.
The Service Properties screen is displayed. In this screen, you can set the Start type
(automatic or manual), Polling Mode, logging, up automatic polling.
13-7
13.5.1 Scheduling a Service
Click the Scheduler button to schedule the service to start at a pre-defined date-time.
To enable scheduling, the service’s schedule type must be set for the option with
Scheduler.
13-8
In this example, the polling service will start every seven days at 1:00 AM. The next
time the polling service will start is November 11, 2008, which is a Tuesday, at
1:00AM. The frequency is measured in days. The Current Cycle is the number of
days that have passed without the scheduled start time being reached.
Polling service installation
To install a service, click the Install Service button on the Service Properties screen.
13-9
DDM Polling Service #1 has been installed and the DDM Monitoring service is
installed and running.
13.5.2 Stopping or Deleting a Polling Service
To stop a service that is running (Service Status displays running), right-click on the
service in the list and select Stop Service.
To delete a listed service, right-click on the service name and select Delete Service.
13-10
14 TROUBLESHOOTING
Some users are not reachable by the DDM.
Check that the subnet mask is set correctly. Device Properties Æ Primary Network
Properties
The device is unable to negotiate a PPP session.
Verify that the PPP address is within the local network segment. Device Properties Æ
Primary Network Properties
No heartbeat messages or alarms are being received even though the
heartbeat attributes have been defined.
The DDM must be enabled for real time logs. Verify that the device has an internal
IP card.
The device status is INUSE but the device is not being used. Can I clear the
device?
When a device is being contacted by the DDM, the device will have a status of
INUSE. If the device is not being used and the status still reads INUSE, click on the
status and select Clear Device Status to IDLE.
14-1
APPENDIX A Cabling Diagrams
Port Authority Master-Slave Cabling Diagrams
The cable connection shows a Master Port Authority connected to two Port Authority
Slave units. The interconnecting cables, Part # CBL CAT5 Yellow, are yellow to
distinguish them from other cables can be obtained from CDI.
NOTE MAINT (Maintenance) port is changed to Serial Port (this is a running
change).
MultiGuard Master-Slave Cable Connections
Using the Master/Slave function can expand the MultiGuard up to 36 ports. One
Master an up to eight Slave MG-400 units. The DDM software allows for MultiGuard
to be defined as Master or Slave. The connections are from a Maintenance Port to a
Link Port.
The cable connection shows a Master MultiGuard connected to two MultiGuard Slave
units. The interconnecting cables, Part # CBL MG-400 LINK, are orange to
distinguish them from other cables can be obtained from CDI.
Power
Power Control Modules
Communication Ports
TELCO MAINT LINK
18-19 VAC CT
Power
1
Power Control Modules
18-19 VAC CT
3
4
MultiGuard
MODEM HOST MODEM HOST MODEM HOST MODEM HOST
1
Power Control Modules
2
Communication Ports
TELCO MAINT LINK
18-19 VAC CT
Power
MODEM HOST MODEM HOST MODEM HOST MODEM HOST
2
3
4
MultiGuard
Communication Ports
TELCO MAINT LINK
MODEM HOST MODEM HOST MODEM HOST MODEM HOST
1
2
3
4
MultiGuard, Master/Slave connections
MultiGuard
APPENDIX B MultiGuard Port Options
Device Property, MultiGuard Defined Ports Options
There are two different types of MultiGuard devices: MG-400 and MG-1600. The
MultiGuard 400 contains four (4) ports and the MultiGuard 1600 contains sixteen (16)
ports.
The Assign MG Slaves bar will be displayed for a Master MultiGuard-400. When this
bar is activated the Slave device list from the database dialog list will be displayed.
The MG-400 slaves that are displayed in this list, must be defined in the same group
as the Master MG-400 device and have the same device mode as the Master MG400 device This will allow the attaching of slaves to the Master MultiGuard-400
device.
This remainder of this screen is for setting communication parameters for each of the
MultiGuard ports, sixteen for the MG-1600 and four for the MG-400. The display will
only be available if MultiGuard was selected as the "Device Type" on the Device Info
screen. Additional information can be displayed by moving the scroll bars. These
options are described in the MultiGuard manual.
MultiGuard Port Properties
Each Host Port (1 through 4 for the MG
400 and 1 through 16 for the MG 1600)
can be assigned:
Baud rate (9600),
Data Bits and Parity (8/no parity),
Security Mode (Secure, Bypass).
Host Dialout (Disabled, Enabled)
Select Line Type (Full, Half Duplex).
Configure Type (This port, All ports)
Note: The underlined are Defaults
APPENDIX C AUDIT TRAIL EVENTS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
Invalid System Logon
Network Connect Start
IP Connection
User Dates Error
Ring No Answer
Incomplete Call
Turn On Power Port
Turn Off Power Port
Network Connect Ended
No Modem Hangup
Modem Not Responding
User ID/Password Error
User Already In Use
Timeout During User Logon
Pager Input Error
Calculator Input Error
Unable to Connect to Host
Host Connect End
Modem Connect End
User Logon
Connect to Host
Call Started (Carrier Detected)
Call Started
Call End
Host Down
Host Up
Host Accessing Modem
Random to Pager
Redialing User
Password Updated
Pager User Call Incomplete
Connect to Port
Disconnect from Port
User Logout
Device Updated
Device Cleared and Updated
Database Error During
Communication
Failed to Connect to Device
Communication Error
Device Successfully Programmed
Communication Dropped
Purged Audit Trail
Failed to Purged Audit Trail
Successful Flash Update
Failed Flash Update
Network Disconnect
Device Powered Up
Device Reset
Card Removed or Bad
Card Replaced
Unable to Complete Call
RSA Expired Token
New Pin Mode
User Locked Out
Next Pin Mode
Send New Pin
No DTR-RTS on Host
No RTS on Host
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
Invalid Key
Invalid Encryptor
Number of Slaves Connected
IP Initiated a Call
IP Dialout
No Telco Connection for Modem
Device Not Responding
DTR on Host
No DTR on Host
RTS on Host
DDM User Logged On
DDM User Logged Off
Added User to DDM DB
Modified User to DDM DB
Deleted User from Group
Deleted User from DDM DB
Added Device to DDM DB
Modified Device to DDM DB
Deleted Device from DDM DB
Added User to Group
Modified User in Group
Unlocked All Records
Added Master Administrator
Changed Master Administrator
Removed Master Administrator
Purged Expired RSA Users
Error in Purge of Expired RSA Users
Connected to an Invalid Device
UniGuard
Connected to an Invalid Device Port
Authority
Connected to an Invalid Device
MultiGuard
DDM Failed: Invalid System
Password
DDM Failed: Invalid System Key
Failed in Programming Users
Failed in Programming Encryptor
Info
Failed to Retrieve Device Audit
Line Busy
No Dial Tone
Access is Denied
Error Configuring Primary IP Card
Slave IP Flashed Updated
Master IP Flashed Updated
Device Unable to Write to Master
Flash
Device Unable to Write to Slave
Flash
Successful SSE Device Update
Invalid SSE Device Update
SSE Flashed Updated
No User ID or Password Prompt
Error Configuring Secondary IP Card
AES Engine Flashed Updated
Successful DDM Database Backup
No Contact From Device
Device Is Alive
No DTR on Host
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
DTR on Host
Network Error
Remote Closed Network Port
Device Closed Network Port
Invalid IP Admin ID/Password
Failed Master IP Pilot Flash
Failed Slave IP Pilot Flash
Failed Master IP Image Flash
Failed Slave IP Image Flash
Successfully Configured Primary IP
Successfully Configured Secondary
IP
Re-Establish Contact with Device
Failed in Programming DateTime
Failed in Programming System
Options
Failed in Programming Modem Port
Options
Failed in Programming Defined Port
Options
Device is Running in Re-Flash Mode
Device Failed To Reboot After ReFlash
Device Failed During Flash
Download
No Response To Flash Ping
Message
No SAM Client Reply
Invalid SAM Client ID
Failed SAM Client Authentication
Successful SAM Client
Authentication
Device Failed During Boot Loader
Flash Download
Local Client No Socket Connection
Local Client No Dial Tone
Local Client Line Busy
Device is Busy
Device is in Alarm Mode
Start of Polling Process
End of Polling Process
Failed in Flashing Primary IP card
Invalid System Logon
Network Connect Start
IP Connection
User Dates Error
Ring No Answer
Incomplete Call
Turn On Power Port
Turn Off Power Port
Network Connect Ended
No Modem Hangup
Modem Not Responding
User ID/Password Error
User Already In Use
Timeout During User Logon
Pager Input Error
Calculator Input Error
Unable to Connect to Host
Host Connect End
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
Modem Connect End
User Logon
Connect to Host
Call Started (Carrier Detected)
Call Started
Call End
Host Down
Host Up
Host Accessing Modem
Random to Pager
Redialing User
Password Updated
Pager User Call Incomplete
Connect to Port
Disconnect from Port
User Logout
Device Updated
Device Cleared and Updated
Database Error During
Communication
Failed to Connect to Device
Communication Error
Device Successfully Programmed
Communication Dropped
Purged Audit Trail
Failed to Purged Audit Trail
Successful Flash Update
Failed Flash Update
Network Disconnect
Device Powered Up
Device Reset
Card Removed or Bad
Card Replaced
Unable to Complete Call
RSA Expired Token
New Pin Mode
User Locked Out
Next Pin Mode
Send New Pin
No DTR-RTS on Host
No RTS on Host
Invalid Key
Invalid Encryptor
Number of Slaves Connected
IP Initiated a Call
IP Dialout
No Telco Connection for Modem
Device Not Responding
DTR on Host
No DTR on Host
RTS on Host
DDM User Logged On
DDM User Logged Off
Added User to DDM DB
Modified User to DDM DB
Deleted User from Group
Deleted User from DDM DB
Added Device to DDM DB
Modified Device to DDM DB
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
Deleted Device from DDM DB
Added User to Group
Modified User in Group
Unlocked All Records
Added Master Administrator
Changed Master Administrator
Removed Master Administrator
Purged Expired RSA Users
Error in Purge of Expired RSA Users
Connected to an Invalid Device
UniGuard
Connected to an Invalid Device Port
Authority
Connected to an Invalid Device
MultiGuard
DDM Failed: Invalid System
Password
DDM Failed: Invalid System Key
Failed in Programming Users
Failed in Programming Encryptor
Info
Failed to Retrieve Device Audit
Line Busy
No Dial Tone
Access is Denied
Error Configuring Primary IP Card
Slave IP Flashed Updated
Master IP Flashed Updated
Device Unable to Write to Master
Flash
Device Unable to Write to Slave
Flash
Successful SSE Device Update
Invalid SSE Device Update
SSE Flashed Updated
No User ID or Password Prompt
Error Configuring Secondary IP Card
AES Engine Flashed Updated
Successful DDM Database Backup
No Contact From Device
Device Is Alive
No DTR on Host
DTR on Host
Network Error
258.
259.
260.
261.
262.
263.
264.
265.
266.
267.
268.
269.
270.
271.
272.
273.
274.
275.
276.
277.
278.
279.
280.
281.
282.
283.
284.
285.
286.
287.
288.
Remote Closed Network Port
Device Closed Network Port
Invalid IP Admin ID/Password
Failed Master IP Pilot Flash
Failed Slave IP Pilot Flash
Failed Master IP Image Flash
Failed Slave IP Image Flash
Successfully Configured Primary IP
Successfully Configured Secondary
IP
Re-Establish Contact with Device
Failed in Programming DateTime
Failed in Programming System
Options
Failed in Programming Modem Port
Options
Failed in Programming Defined Port
Options
Device is Running in Re-Flash Mode
Device Failed To Reboot After ReFlash
Device Failed During Flash
Download
No Response To Flash Ping
Message
No SAM Client Reply
Invalid SAM Client ID
Failed SAM Client Authentication
Successful SAM Client
Authentication
Device Failed During Boot Loader
Flash Download
Local Client No Socket Connection
Local Client No Dial Tone
Local Client Line Busy
Device is Busy
Device is in Alarm Mode
Start of Polling Process
End of Polling Process
Failed in Flashing Primary IP card

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project