TABLE OF CONTENTS
TABLE OF CONTENTS
CHAPTER ONE: INTRODUCTION
1.0 Theory of Operation ............................................................................
3
4
CHAPTER TWO: INSTALLATION
2.0 Settings ..............................................................................................
2.1 Connection Diagram .........................................................................
2.2 List of Items in Connection Diagram ................................................
2.3 Installation, Contents and Mounting .................................................
5
6
11
12
13
CHAPTER THREE: CONNECTIONS
14
3.0 Network Configuration........................................................................
CHAPTER FOUR: REMOTE ADMINISTRATION
15
18
4.0 Remote Administration Using a Web Browser ...............................
4.0 Remote Administration Using a VNC Viewer ..................................
CHAPTER FIVE: LOCAL CONSOLE OPERATION
19
24
27
5.0 Basic Configuration from Local Console .........................................
5.1 Network Configuration ......................................................................
5.2 Monitoring Settings ...........................................................................
5.3 Introduction to Security Configuration .............................................
5.4 Security Settings ................................................................................
5.5 Introduction to Serial Port Functions ..............................................
5.6 Serial Ports 1 and 2 ..........................................................................
5.7 Serial port (RS-232 config) ...............................................................
5.8 Local User Control .............................................................................
5.9 Virtual Network Computer (VNC) Configuration ..............................
CHAPTER SIX: BROWSER BASED OPERATION
28
29
30
33
34
37
38
40
42
44
45
6.0 Overview of Web Menu Items ...........................................................
6.1 Network Configuration ......................................................................
6.2 Users and Passwords ........................................................................
6.3 Setting the Date and Time ................................................................
6.4 Security Policy Configuration ............................................................
6.5 Local Console Security ......................................................................
6.6 Monitoring ..........................................................................................
6.7 Error Conditions to Monitor ..............................................................
6.8 Introduction to Serial Port Functions ...............................................
6.9 Serial Ports 1 and 2 ..........................................................................
6.10 Serial port configuration .................................................................
6.11 Local User / VNC Server Configuration .........................................
46
47
48
50
51
55
56
58
60
61
63
65
950.0007.001 Rev. 2.0
1
TABLE OF CONTENTS
CHAPTER SEVEN: POWER CONTROL
67
7.0 Installation ..................................................................................
7.1 Remote power control .............................................................
CHAPTER EIGHT: FLASH FILE MANAGEMENT
68
70
72
8.0 Firmware Upgrades ...................................................................
8.1 Certificates/keys ........................................................................
CHAPTER NINE: TROUBLESHOOTING
73
74
75
9.0 Video ........................................................................................
9.1 Keyboard and mouse ...............................................................
9.2 Network-related and other..........................................................
APPENDICES
76
78
79
80
A Specifications ..........................................................................................
B Video Modes............................................................................................
C FCC Compliance ......................................................................................
D Copyright Information..............................................................................
E Contacting Digital V6 ..............................................................................
F Warranty ..................................................................................................
G SNMP ......................................................................................................
81
83
84
85
86
87
88
950.0007.001 Rev. 2.0
2
C H A P T E R
1
INTRODUCTION
1.0 Theory of Operation
3
INTRODUCTION
1.0 Theory of Operation
Introduction
Kaveman remotely controls servers,
either over the Internet or a local
network via TCP/IP. Also, Kaveman
automatically monitors server activities
and notifies users if their server
becomes problematic.
The main benefit of Kaveman is that it
will help network administrators recover
quickly from mission critical server
failures, from anywhere in the world,
using Digital V6's patent-pending
technology. The Kaveman is available in
single and eight channel versions; the
eight channel version can be used as an
over IP KVM.
With Kaveman, users can reset the
hardware, access the BIOS, have
keyboard and mouse control and cycle
the power - as if the user is on location.
Theory of Operation
With Kaveman, you can remotely control
a target computer over a TCP/IP network
from a client computer.
Physically, Kaveman connects to the
controlled computer's mouse and
keyboard ports using a standard 6-pin
mini-din male-to-male cable and
connects to the video port using highdensity 15-pin male-to-female cable.
Kaveman connects to the TCP/IP
network via a RJ- 45 connector.
Kaveman has a local port where a
separate mouse, keyboard and monitor
to which the Kaveman can be connected
for local monitoring. The local port
allows the user to view the video data
from the controlled computer and to
issue local commands from a local
keyboard and mouse to the controlled
computer and to the Kaveman unit.
Functionally, Kaveman senses the
controlled computer's video mode,
digitizes and compresses the video
using a proprietary compression
algorithm, and passes the video through
the On Screen Display (OSD) circuits to
the local port. Then, the compressed
digital video data is sent over the TCP/IP
network to the client computer.
From the client computer, mouse and
keyboard data is encrypted using 128
Bit SSL and is sent over the TCP/IP
network to the unit. Then, Kaveman
decodes the data internally before
sending it to the controlled computer.
Kaveman performs hardware emulation
of the mouse and keyboard so that the
controlled computer is not aware of the
absence of the keyboard and mouse.
The Kaveman has two RS-232 serial
ports that are used for multiple
applications. The first serial port is
modem compatible port and the second
is a three wire RS-232 port.
4
C H A P T E R
2
INSTALLATION
2.0 Settings
2.1 Connection Diagram
2.2 List of Items in Connection
Diagram
2.3 Installation, Contents and
Mounting
5
INSTALLATION
2.0 Settings
Recommended Settings for Target Server(s)
Video Resolution
1280x1024 or less
Refresh Frequency
60 Hz
Mouse Speed/Acceleration
Must be turned off!
Mouse Speed and Acceleration
In order to ensure mouse control during remote administration, you must turn off
and/or set to normal all operating system specific adjustments to mouse speed and
acceleration on the target server.
Windows NT4:
Windows NT4:
- Control Panel -> Mouse
Properties -> Motion
- Set Pointer Speed to
"Slow" (the lowest setting)
6
INSTALLATION
2.0 Settings
Windows 2000:
Windows 2000:
Control Panel -> Mouse
Properties -> Motion
Set Mouse acceleration to
"none" and leave pointer
speed at default (center
position)
Windows XP:
Windows XP:
Control Panel -> Mouse
Properties -> Motion
Turn off "Enhance Pointer
Precision" and leave
pointer speed at default
(center position)
7
INSTALLATION
2.0 Settings
Windows ME:
Windows ME:
Control Panel -> Mouse
Properties ->
1. Mouse Speed is at
default (4 bars to the right)
2. Click on “Accelerate...”
and disable pointer
acceleration.
Windows 98:
Control Panel -> Mouse Properties ->
Set motion at “Slow”
8
INSTALLATION
2.0 Settings
Linux
Linux
Default mouse settings.
Acceleration: in the middle
(between slow and fast)
Threshold: Middle (between
small and large)
SGI
SGI
Go to Mouse Settings menu.
Acceleration: see picture.
Threshold: see picture.
These values may change
slightly depending on your
system.
9
INSTALLATION
2.0 Settings
QUICK CONNECTION
1
2
Check video resolution on server/mouse settings.
Video resolution on server must be 1280x1024@75Hz or less. Mouse settings may
need to be adjusted based on operating system. See Chapter 2 of User Manual for
details.
Disconnect monitor, keyboard and mouse from server
Disconnect monitor, keyboard and mouse from server (or KVM-switch) that is to be
remotely controlled.
3
Connect Kaveman to server
Connect Kaveman to “server computer” ports to server (or KVM-switch) via supplied
KVM cables to allow Kaveman to digitize and emulate monitor keyboard and mouse
signals for remote control.
4
Connect Kaveman to local console
Connect monitor, keyboard and mouse to “local console" ports to allow for local
access of Kaveman and server (or KVM-switch).
5
Connecting the Kaveman to the network
Connect the network and the Kaveman using the on-board 10/100 Base T Ethernet
port (RJ-45) labeled “Network”.
6
Connect power
Connect supplied power cord from Kaveman to power source.
Rear view of the Kaveman
10
INSTALLATION
2.1 Connection Diagram
Single Server Mode
For a detailed description of numbered items, please see the next page.
11
INSTALLATION
2.2 List of Items in Connection Diagram
1 A/C grounded power source, 100-240
15 VGA cable for monitor port HDDB15
2 Kaveman power connector
16 PS/2 cable for keyboard port 6 pin
VAC 50/60 Hz 1A.
3 Power cord with ground (supplied)
4 RJ-45 network connector
network through which
5 Company
remote client communicates with
Kaveman
6
RJ-45 Category 5 network cable
7
PS/2 connector for keyboard 6 pin
MiniDIN female on server
8 PS/2 connector for mouse 6 pin
MiniDIN female on server
male/male with thumbscrews
MiniDIN male/male
17 PS/2 cable for mouse port 6 pin
MiniDIN male/male
18 VGA connector for monitor HDDB15
female on Kaveman
19 Local Console Keyboard
20 Local Console Mouse
21 Local Console Monitor
22 Serial port 2. Used for power control
(relay module) or secondary serial port
9 VGA connector for monitor HDDB15 23 Reset button. Use a paper clip (or
female on server
10 PS/2 connector for keyboard 6 pin
MiniDIN female on Kaveman
11
PS/2 connector for mouse 6 pin
MiniDIN female on Kaveman
12 VGA connector for Monitor HDDB15
similar) to reset hardware of the
Kaveman. Will not affect controlled
computer.
24 Primary serial port. RS-232C DCE
connection. Connect using a malefemale 9-pin straight-through cable to
any computer.
female on Kaveman for local console
monitor
25 10/100 Speed light: Green - 100 Base
13 PS/2 connector for keyboard 6 pin
26 Link/Activity Light - On indicates good
MiniDIN female on Kaveman for local
console keyboard
14 PS/2 connector for mouse 6 pin
MiniDIN female on Kaveman for local
console mouse
T connection; Orange - 10 Base T.
link connection, Off indicates no link,
Blinking indicates is that there is
network traffic.
27 Red and green indicator lights that
should alternate when the unit is well.
12
INSTALLATION
2.3 Installation, Contents, and Mounting
Contents and Inspection
Mounting
Kaveman has been thoroughly calibrated
and inspected, both electrically and
mechanically, to ensure that it meets the
published specifications. Allow at least
30 minutes after the unit is removed
from the packing material before
applying power to Kaveman as to
eliminate unwanted condensation due to
a sudden change in temperature. The
following items are included with each
Kaveman:
The Kaveman is 1.70" high, 5.7" wide,
and 16" deep allowing three Kaveman
units to fit into one standard console or
19" racks. The Kaveman is also designed
to fit on top of a computer case. If the
unit is to be mounted in a rack, then a
rack tray (sold separately, visit
www.digitalv6.com) must be used for
support.
- Kaveman Remote Server Management
Unit (1)
- Users manual (1)
- Quick Start manual (1)
- AC Line Cord (1)
- Keyboard, Video, Mouse Cable (1)
Each tray can hold three Kaveman in 1U
of rack space. Care must be taken to
select a dry, well-ventilated location with
a minimum of dust and vibration to install
the unit. Leave sufficient clearance
between the sides of the tray and any
obstacle or wall to allow proper air
circulation in and around the unit.
Power control capabilities are an optional
feature. If power control was purchased,
Kaveman will also include:
- Power control strip (1)
We suggest that you keep all packing
materials to facilitate reshipment should
it ever become necessary.
13
C H A P T E R
3
CONNECTIONS
3.0 Network Configurations
14
CONNECTIONS
3.0 Network Configurations
Multiple Servers Mode
Kaveman can connect to an existing KVM switch as shown in Figure 3a. Please visit
www.digitalv6.com for a list of approved KVM switches. During initial setup the user
must connect a keyboard, monitor, and a mouse to the local port to setup Kaveman.
After the initial setup is complete the user can leave the keyboard, monitor, and the
mouse connected to the local port for local monitoring.
Server 1
Server 2
Server 3
Server 4
Server 5
Server 6
Server 7
Server 8
8x1 KVM
To local keyboard,
video and mouse
Kaveman
To TCP/IP connection
Figure 3a
Multiple Servers Mode
15
CONNECTIONS
3.0 Network Configurations
Network configurations
As shown in Figure 3b Kaveman is connected to the same Ethernet and hub as the
server. Another application would be to connect Kaveman to a different Ethernet
connection between a dedicated monitoring point and Kaveman as shown in Figure
3c. In this example Kaveman will continue to monitor the servers even if the firewall
fails or the connection to the firewall goes down.
Ethernet/TCP/IP
KVM
Server
Kaveman
Hub
Figure 3b
Kaveman Shares Ethernet and Hub with Server
Hub
Kaveman
Server
Hub
Figure 3c
Kaveman and Server Connected to Different Hubs
16
CONNECTIONS
3.0 Network Configurations
Network configurations continued
Another application for Kaveman would be to connect a computer that does not
have a network connection on the web as shown in Figure 3d.
Ethernet/TCP/IP
KVM
Server
Kaveman
Hub
Figure3d
Server Without a Network Connection
Internet
Firewall
Server 1
Server 2
Server 3
Server 4
Server 5
Server 6
Server 7
Server 8
KVM Switch
Kaveman
Figure 3e
17
C H A P T E R
REMOTE
4
ACCESS
4.0 Remote Administration Using
a Web Browser
4.1 Remote Administration Using
a VNC Viewer
18
REMOTE ACCESS
4.0 Remote Administration Using a Web Browser
Accessing the Target Computer
Enter the Kaveman IP address into the address bar in your web browser. When you
have connected to the unit, you will arrive at the Kaveman Home Page.
Address
http://292.168.2.73/
Checking the Host Status
From the home page, you can immediately check the status of the host’s screen and
power. You can also access a log of recent activity.
The screen will appear as follows:
Host Status
VGA Screen: 1024x768
Host power: Powered up, looks okay
Log info: 14 lines buffered View log here
The Activity Log
The log will appear as follows:
Figure 4a
Activity log
19
REMOTE ACCESS
4.0 Remote Administration Using a Web Browser
Taking Control of the Target Computer
Follow the instructions on the Kaveman home page to view the current screen
contents and take control of the host’s keyboard and mouse. You can open a new
window to view the screen contents or start a new full screen browser window. You
may need to use Alt-F4 to get out of that special window.
Figure 4b
Controlled target computer
20
REMOTE ACCESS
4.0 Remote Administration Using a Web Browser
1
Connect
2
3 Refresh ...
Resync mouse
Reload screen
Optimize sharpness
All of the Above
Disconnect
4 Send key(s) ...
Send Ctrl-Alt-Del
Alt-F4
Windows (L)
Windows (R)
Apps
Power
Sleep
Wake
Alt-Enter
5 Power ...
6 Fit screen
Cycle power
Turn power off
Turn power on
Kill power all
Menu Items - Screen Contents Viewer
1,2
Connecting to/disconnecting from the target computer
Press these buttons to connect to/disconnect from the target computer.
3
Refresh menu
Resync mouse - Kaveman resyncs the mouse position
Reload screen - Kaveman reloads the screen of the target computer
Optimize sharpness - Kaveman automatically tunes the video picture for sharpness
4
Send key(s)...
Use this menu to send key combinations/commands to the target computer. If you
press any of these key combinations on the computer running the browser, the
computer will process the commands locally instead of sending them to the target
computer.
5
Power...
For details on controlling power, see Chapter 7, Power Control.
6
Fit screen/Full screen
Adjusts screen size to fit into browser window.
21
REMOTE ACCESS
4.0 Remote Administration Using a Web Browser
7 Shift screen off
8
Encrypted
9
x Kb/s
Menu Items - Screen Contents (Java) Viewer
7
Shift screen off/on
If you find that there is a small black border on your screen or that your mouse
consistently does not align by a small fixed amount, turn the shift screen on and use
the arrow keys to fix this problem. Once you are satisfied, turn the shift screen off.
8
Encrypted
In order for the Kaveman 8 to function correctly and encrypt keyboard and mouse
data, users must have a Java environment that runs SSL. We recommend using
Internet Explorer 6.0 with the java plug-in JRE 1.4.0.
How to encrypt keyboard and mouse data
Method 1: HTTPS Sign In
When you type in the IP address of the unit into the browser, add an "s" to http. For
example, if the Kaveman 8 unit were named http://ip.address/, you would type in
https://ip.address/ to encrypt html pages (and requests for html pages).
Method 2: Initiate Encryption in Java View
To initiate encryption in the Java Viewer, click on the "Encrypt" button in the Java
Viewer window. If the unit was connected, it will disconnect, and then reconnect
using two sockets (one encrypted uplink to the Kaveman 8, and one unencrypted
downlink for the video feed).
Please note: if the unit is not connected, when you click the encrypt button it will
stay disconnected until the user clicks on Connect.
9
Bandwidth Meter
Measures the amount of bandwidth being used to produce the video display. When
there is no activity on the Kaveman, the bandwidth being used should be at about
0. It is a good measure of the amount of noise generated by KVMs or video cards.
22
REMOTE ACCESS
4.0 Remote Administration Using a Web Browser
10
11
10 [REMOTE FOCUS]
The purpose of the "remote focus" indicator is to indicate what computer you are
controlling. If the remote focus indicator is highlighted, it means that the keyboard
and mouse is engaged on the remote client. If the remote focus indicator is not
highlighted, it means that keystrokes and mouse movements are being sent to your
desktop.
If you ever have a problem with sending keystroke combinations, double check to
ensure that the remote focus is engaged. For example, imagine that you would like
to send the "Ctrl+Alt+Del" command to the remote server. If the remote focus isn't
engaged, the keystrokes will be sent erroneously to your local desktop and you will
be asked if you would like to shut down your computer.
11 [NUM], [CAPS], [SCROLL]
Indicates if the Num Lock, Caps Lock, and/or Scroll Lock is engaged.
23
REMOTE ACCESS
4.1 Remote Administration Using a VNC Viewer
How to encrypt keyboard and mouse data
Method 1: HTTPS Sign In
When you type in the IP address of the unit into the browser, add an "s" to http. For
example, if the Kaveman unit were named http://ip.address/, you would type in
https://ip.address/ to encrypt html pages (and requests for html pages).
Method 2: Initiate Encryption in Java View
To initiate encryption in the Java Viewer, click on the "Encrypt" button in the Java
Viewer window. If the unit was connected, it will disconnect, and then reconnect
using two sockets (one encrypted uplink to the Kaveman, and one unencrypted
downlink for the video feed).
Please note: if the unit is not connected, when you click the encrypt button it will
stay disconnected until the user clicks on Connect.
REMOTE ADMINISTRATION USING A VNC VIEWER
A VNC Viewer can be used to access the target computer. To download the VNC Viewer
for free, visit www.uk.research.att.com/vnc.
Once the VNC Viewer has been installed, follow these four steps to remotely access
and control the target computer through the Kaveman.
1 Accessing the Target Computer
Open the VNC Viewer. Enter the Kaveman
IP address into the Connection Details
dialogue box.
Connection Details
V
VNC server:
292.168.2.73
Use host display
e.g. snoopy2
(Display defaults to 0 if not
given)
2 Enter the Kaveman password into the
VNC Authentication dialogue box. For
instructions on how to set up a password,
please see Chapter 6. After a few
seconds, you should see the target
computer’s screen.
OK
Cancel
Options...
VNC Authentication
OK
V
Session password:
******
Cancel
24
REMOTE ACCESS
4.1 Remote Administration Using a VNC Viewer
3 Accessing the Standard VNC Menu
To access the standard VNC menu, click on the top left-hand corner of the VNC Viewer
window.
V
a)
b)
c)
d)
e)
f)
g)
h)
i)
j)
k)
Name of Kaveman Unit
Connection options...
Connection info
Request screen refresh
Full screen
Send Ctrl-Alt-Del
Ctrl Down
Ctrl Up
Alt Down
Alt Up
New connection...
Save connection info as...
About VNC Viewer
Figure 4d
Standard VNC Menu Items
Standard VNC Menu Items Explained
a) Connection options ...
Adjust preferred encoding, mouse and display characteristics through connection
options.
b) Connection info
See connection info including host, port number, keyboard name, etc.
c) Request screen refresh
Completely refresh the viewer screen using this function.
d) Full screen
Change the view to full screen. To exit from full screen mode, use Ctrl-Esc-Esc and
then right click on the VNC task bar menu icon to see the full menu.
25
REMOTE ACCESS
4.1 Remote Administration Using a VNC Viewer
e), Send Ctrl-Alt-Del, Ctrl Down, Ctrl Up, Alt Down, Alt Up
f),g) Use these commands to send Ctrl-Alt-Del, Ctrl Down, Ctrl Up, Alt Down and Alt Up
h),i) keystrokes to the target computer. If you press any of these key combinations on the
computer running VNC, the computer will process the commands locally instead of
sending them to the target computer.
j) New Connection
Use this command to establish a new connection with another device or to
reestablish the connection with the Kaveman.
k) Save Connection Info As ...
It is possible to save the connection information for a VNC session.
4 Accessing the Kaveman VNC Menu
The hot key combination for accessing the Kaveman VNC menu is programmable. The
default hot key combination is scroll lock scroll lock.
Press scroll lock twice rapidly to open up VNC Menu. If you would like instructions on
how to change the hot keys to open the VNC Menu, please see Chapter 6, page 60.
Kaveman VNC Menu
R - > Resync mouse position
K - > Reset keyboard shift keys
F - > Redraw whole screen
P - > Power cycle host
A - > Optimize video sharpness
Arrows - > Move screen position
Figure 4e
Kaveman Specific VNC Menu Items
Kaveman VNC Menu Items Explained:
R - Resync mouse position - Kaveman resyncs the mouse position
K - Reset keyboard shifts keys - Kaveman clears the keyboard buffer
F - Redraw whole screen - Kaveman redraws the screen of the target computer
P - Power cycle host - Kaveman turns off and on the power of the connected server.
A - Optimize video sharpness - Kaveman automatically tunes the video picture
for sharpness
Arrows - Use arrows to move the screen position when the left edge or top is cut off,
or there are black bars on either edge of the screen
26
C H A P T E R
5
LOCAL CONSOLE
OPERATION
5.0 Basic Configuration from
Local Console
5.1 Network Configuration
5.2 Monitoring Settings
5.3 Introduction to Security
Configuration
5.4 Security Settings
5.5 Introduction to Serial Port
Functions
5.6 Serial Ports 1 and 2
5.7 Serial port (RS-232 config)
5.8 Local User Control
5.9 Virtual Network Computer
(VNC) Configuration
27
LOCAL CONSOLE OPERATION
5.0 Basic Configuration from Local Console
ON SCREEN DISPLAY (OSD) MENU COMMANDS
Page
Up
Scroll
Lock
Scroll
Lock
OR
Page
Down
Press scroll lock twice quickly to gain
access to the local on screen display.
Use arrow or page up/down keys to
navigate through the menu.
Enter
Press enter to change a value.
Use the left arrow
key to return to
the root menu.
Use the right arrow
key to advance to
a submenu.
INITIAL CONFIGURATION
For a step-by-step description of what
is required for the initial set up of your
Kaveman unit, please consult the
Quick Start manual.
Main Menu
O
O
O
O
O
O
O
Network Configuration
Monitoring Settings
Security Settings
Serial port (RS-232) config
Local user control
Virtual Network Computer
Version Information
Figure 5a
Main On Screen Display Menu
28
LOCAL CONSOLE OPERATION
5.1 Network Configuration
Call up the main menu by hitting the appropriate hot key combination (the default is
Scroll Lock +Scroll Lock). Select Network Configuration to view the following menu:
Network Configuration
192.165.1.77
1 IP address:
Subnet mask:
255.255.255.0
Default Gateway:
192.165.1.1
> Commit IP config changes
Kaveman1
2 Machine name:
00:01:b2:80:00:07
3 MAC address:
Figure 5b
Network Configuration Menu
1 Addressing and Routing
From this screen, you can configure the network details for the Kaveman. If you are
reading this over the network (you are), then these values are probably pretty close
to what you want.
Please note: When you make changes to any of the above, your changes will take
effect after the next reset or power-cycle. If you want the new values to be in effect
immediately, select "Commit IP config changes".
2 Changing the Machine Name
This simple text string identifies this machine. To change the machine name, type in
a new name up to 15 characters long.
3 Accessing the Ethernet Address (MAC Address)
This is the hardware address of the Ethernet interface on this Kaveman. It is
assigned by the factory to uniquely identify this unit and it cannot be changed. You
may need this number to configure other software on your network, such as DHCP
servers, hubs or monitoring software.
29
LOCAL CONSOLE OPERATION
5.2 Monitoring Settings
Introduction to Monitoring
The Kaveman may be configured here to detect certain common failure modes.
Once enabled, the Kaveman will continuously monitor for a failure and, if it occurs,
will log the event. It can also be configured to send out an email to alert you to the
problem. For completely autonomous monitoring, it is also possible to reset the
power to the controlled computer.
Configuring Alert Actions
You can configure what you would like the unit to do when an error condition occurs.
All error conditions are logged when they happen whether email is enabled or not.
To access the Monitoring Settings Menu (below), call up the Main menu by hitting
the appropriate hot key combination (the default is Scroll Lock +Scroll Lock) and
selecting Monitoring Settings:
1
2
3
4
5
6
7
8
MORE Monitoring settings
Alert email addresses:
support@digitalv6.com
SMTP relay & destination (IP address):
192.111.52.1
Message format:
Normal
Send email for alerts: No (default), Yes
Power-cycle host if alert happens: Yes, No
Alert if no video: Yes, No
Alert if no NumLock toggle: Yes, No
Alert if text (blue screen): Yes, No
Figure 5c
Monitoring Submenu 1
Monitoring settings
Alert if turtle shell active: Yes, No
Alert if host power lost: Yes, No
Alert if my power reset: Yes, No
Alert if my Ethernet link down: Yes, No
ICMP Ping this address: (disabled) … or enter address
HTTP Ping this address: (disabled) … or enter address
HTTP Ping this port number: (disabled) … or enter number
Current time (approx): Mon, 17 Sep 2004
MORE
9
10
11
12
13
14
15
16
Figure 5d
Monitoring Submenu 2
30
LOCAL CONSOLE OPERATION
5.2 Monitoring Settings
1
Setting alert email addresses
This is the email address used in outgoing email when the monitoring function
detects a failure.
2
SMTP relay/destination (IP address)
The SMTP relay/destination is the IP address (numeric) for the SMTP server to use
to send the mail. This server must be willing to relay to the above email address, or
else be the mail server for that domain. Disable this by setting address to 0.0.0.0.
3
Message format
You can choose the type of email message to send in the event of a failure. The
default message length is normal; the short format is appropriate for messages sent
to cell-phones and pagers that have a limited display.
4
Send email for alerts
This control must be enabled before any email will be sent. You can use this to turn
off email, without losing your other settings.
5
Power-cycle host if alert happens
You can enable the Kaveman to reset the controlled computer to be automatically
(via power cycle) when an error condition occurs.
Please note: This option carries a certain risk to it, since there is a possibility of
false positives with all of the failure tests.
6
Alert if no video
Enabling alert if no video will cause a notification if no graphics or text video signal
coming from controlled computer. Please note that power saving screen-savers
(DPMS) may trigger this falsely. To enable, select Yes. To disable, select No.
7
Alert if no NumLock toggle
If this is enabled, then the Kaveman will simulate the NumLock key being pressed
regularly (every few seconds). If at any time, the NumLock light does not toggle in
response to a NumLock key press, then the software on the controlled computer is
assumed to have crashed and this error condition will be active. To enable, select
Yes. To disable, select No.
8
Alert if text (blue screen)
Alert if text (blue screen) occurs when the machine is rebooting (BIOS screen) or
displays the “Blue Screen of Death”. Can be useful for detected self-initiated
reboots. To enable, select Yes. To disable, select No.
31
LOCAL CONSOLE OPERATION
5.2 Monitoring Settings
9 Alert if turtle shell active
Alert if turtle shell active occurs if turtle mode is activated by too many bad login
attempts over a certain period. To enable, select Yes. To disable, select No.
10 Alert if host power lost
The alert is activated when the power supply fails to the controlled computer, this
condition is considered active. To enable, select Yes. To disable, select No.
11 Alert if power is reset
If the Kaveman is reset or powered-off for any reason, then this condition is
activated when power is restored. This might be used in combination with other
controls above.
12 Alert if my Ethernet link down
If the Ethernet link signal to Kaveman is lost, then this condition is activated. There
can be some difficulty sending email if this condition occurs, since the Kaveman is
off the net in this situation. The event is still logged, however. To enable, select Yes.
To disable, select No.
13 Designating an ICMP Ping
ICMP Ping this address should be an IP address that will be pinged continuously. If
more than half of the packets are lost during a short interval, then the error
condition is triggered. This IP address does not need have to be the controlled
computer, but might be a border router or other important component of your
network. To enable, enter an IP address to ping. To disable, use 0.0.0.0.
14 HTTP Ping this address
The number designated for HTTP pings of addresses/ports should be an IP address
of a web (HTTP) server. The server will be asked to get the root page. If nothing is
returned (zero length) or the connection fails, then this error condition is considered
active. To disable, use 0.0.0.0.
15 HTTP Ping this port number
The number designated for HTTP pings of addresses/ports should be an IP address
of a web (HTTP) server. The server will be asked to get the root page. If nothing is
returned (zero length) or the connection fails, then this error condition is considered
active.To disable, use 0.0.0.0.
16 Current time (approx)
The value 'Current time (approx)' is a web-only value and cannot be changed from
the local console. You must use the web interface instead.
32
LOCAL CONSOLE OPERATION
5.3 Introduction to Security Configuration
Overall Policy
You may choose one of the following three security policy buttons to configure this unit for
common situations. Once this has been done, you may further fine tune other security settings,
including local settings.
Relaxed Security (Default)
This is the factory default. It requires passwords (where defined) but allows those passwords to
be transmitted "in the clear" over the network. This means network sniffers can see the
passwords needed to access the Kaveman. This is the only mode that leaves the telnet server
enabled. You might need to use this mode if your browser does not support encryption.
Internal LAN with Snoopers
The is the recommended setting for most office networks. It requires all connections to use
encryption. Passwords are not visible to network sniffers but the unit does not try to conceal its
presence on the network.
For Use on the Public Internet
The is the recommended setting if the unit is outside of a firewall and is visible to the public
Internet. Non-standard values are used for web server TCP/IP ports (8888 for HTTP, 4444 for
HTTPS), but you should change them from these default values. This mode also enables two
proprietary features of the Kaveman: Turtle mode and Stealth mode.
Turtle Mode
This optional mode enables the Kaveman to shut-down when it feels that its security may be
under attack. For example, if more than five password failures are detected in a certain time
frame, the Kaveman will shut down and disconnect itself from the network. The only way to
recover operation of the Kaveman is to login from the local control port (the keyboard
connected to the ‘thru’ connector) and give the appropriate reset command. Remote access to
the Kaveman is completely locked out. The operation of the attached server is not affected.
Clearly, turtle mode opens the Kaveman to denial-of-service attacks which could be rather
annoying to legitimate users. Therefore, this mode is not enabled by default. There is an
optional Turtle timeout duration (in hours) that by default is set to 24 hours.
Stealth Mode
In Stealth mode, a Digital V6 exclusive feature, the Kaveman deliberately violates certain
TCP/IP protocol standards in order to conceal its presence on the network. For example, it will
not respond to any ICMP PING requests. A TCP/IP connection request (or UDP packet) to any
unused port will go unanswered and will not solicit the normal “connection refused” response.
The goal is to make the Kaveman invisible to a “port scan” attack, by acting as if it was not
there. For optimum security, the web server port number should be changed from the default
as well (user configurable).
Operation of the Kaveman by legitimate users who know both the IP address and web server
port number will be as normal. However, outsiders who might be searching for the Kaveman will
not be able to detect it on the network unless they correctly guess both the IP address and port
number.
33
LOCAL CONSOLE OPERATION
5.4 Security Settings
To access the Security Settings Menu (below), call up the Main menu by hitting the
appropriate hot key combination (the default is Scroll Lock +Scroll Lock) and selecting Security Settings:
Security settings
+ Change overall security mode
Admin password:
Turtle mode:
Turtle reset timeout:
Reset turtle protection now
Stealth mode:
Require encryption (HTTPS):
MORE
1
2
3
4
5
6
7
*******
Disabled
24 hours
Disabled
Optional
Figure 5e
Security Submenu 1
Security settings
Require client SSL certificate: No, Yes
HTTP port number: 80
HTTPS port number: 443
Reset web server (what does this do?)
Idle logout time (minutes): 30
Telnet server port number: 23
Java viewer port number (clear): 123
Java viewer port number (SSL): 124
+ User #1
MORE
8
9
10
11
12
13
14
15
16
Figure 5f
Security Submenu 2
MORE
17
18
19
20
+
+
+
+
User
User
User
User
#2
#3
#4
#5
Security settings
Figure 5g
Security Submenu 3
34
LOCAL CONSOLE OPERATION
5.4 Security Settings
1 Change overall security mode
There are three security modes to choose from: Relaxed (default), Internal LAN with
Snoopers, and For Use on the Public Internet. For an explanation of these modes, please
see page 31.
2 Admin password
The master (or root) password can be changed here. The user name for the master account cannot
be changed: The system will accept either `root' or `administrator' as the name of this account.
3 Turtle mode
To enable turtle mode, change the default setting of Disabled to Enabled. For a complete
description of this security setting, please see page 27.
4 Turtle reset timeout
Change this value to set the number of hours the Kaveman 8 stays in turtle mode after
an attack.
5 Reset turtle protection now
The “shell” of protection can be manually reset at the local console.
6 Stealth mode
To enable stealth mode, change the default setting of Disabled to Enabled. For a
complete description of this security setting, please see page 27.
7 Require encryption (HTTPS): No, Yes
To require HTTPS encryption for all activities through the Kaveman 8.
8 Require client SSL certificate: No, Yes
Kaveman provides security on several levels, one is SSL encryption. In order for this feature to
function you have to install a valid server certificate and key provided by a trusted source into
Kaveman. The certificate and key must be of the PEM format and the name of the files should be
server-cert.crt and server-cert.key. To install the certificate and key, you must access the "manage
flash file system" through Kaveman's web browser and upload the certificate and key through the
browser. A hard reset should be performed to allow Kaveman to load the new certificate and key
and delete also any old ones in the system.If you are using a browser, you must have the Sun Java
Plug-in 1.4.0 or higher installed. SSL is not available through VNC.
9 HTTP port number: 80
Change the HTTP port number.
10 HTTPS port number: 443
Change the HTTPS port number.
35
LOCAL CONSOLE OPERATION
5.4 Security Settings
11 Reset web server
Use this command to reset the web server.
12 Idle logout time (minutes): 30
Idle logout time is set in minutes. To change, enter new number of minutes.
13 Telnet server port number: 23
To change, enter new Telnet server port number.
14 Java viewer port number (clear): 123
To change, enter new java viewer port number.
15 Java viewer port number (SSL): 124
To change, enter new java viewer port number.
16 Setting User Passwords (+ User #1, + User #2, etc.)
17 The process in the example below, Figure X: User settings submenu, applies to all of
the users that you will create for the Kaveman.
18
UserX
19 User X Name:
User
X
Password:
******
20
User X Flags:
Normal
Figure 5h
User settings submenu
Flags
Not only is the administrator responsible for assigning user's passwords and names, in the
flags section the administrator chooses how much authority to give the user.
Normal
Normal means the user can log in and use Kaveman with full privileges.
View Only
View only means the user can watch what the server is doing but cannot send keyboard and
mouse commands.
Disabled
In the disabled mode Kaveman will not accept the log in name or user ID.
To enable the new username, you must change the value to Normal or View Only.
36
LOCAL CONSOLE OPERATION
5.5 Introduction to Serial Port Functions
The Kaveman has two serial ports. Each may be used for four different purposes:
1. Kaveman Log - Output log from Kaveman to serial port.
2. Telnet - Allow remote telnet user to connect to serial device.
3. Watchdog - Detect and log the presence of string (or absence).
4. Power Control - Connect to a serial device to turn off/on power to the controlled
device.
1 Kaveman Log - Outputs log from the Kaveman serial port.
The following is an example of format of the log output:
"@ Tue, 14 Aug 2001 15:34:37 -400 INFO:
System startup. (Previously up at: Tue, 14 Aug 2001 15:32:32 -400)
@ Tue, 14 Aug 2001 15:34:22 -400 INFO:
Random words are 76/160 (47%) ones (passed test)."
The Kaveman log can also be read from the web interface.
2 Telnet - Allow remote telnet user to connect to serial device. The user must
connect the serial cable to the serial device, configure the serial port and start
"Telnet" to the device through kaveman. Kaveman is transparent in this mode and
allows bi-directional link.
3 Watch dog - Detect and log the presence or absence of a string Watchdog pattern
(string): Each line of input (to the Kaveman) will be matched against this simple
string. Only lines that contain this string will be logged in Watchdog mode. If this
field is empty, then all lines will be logged.
Watchdog mode: Choose what to do with lines that match the pattern. See
monitoring section to configure what happens with the alert.
Watchdog timeout: Period of time during which a matching string must be seen,
before an error condition is considered to have occurred. Used only with Watchdog
mode "Alert if missing".
4 Power Control - Connect to a serial device to turn off/on power to the controlled
device.
For further instructions, see Chapter 7, Power Control.
37
LOCAL CONSOLE OPERATION
5.6 Serial Ports 1 and 2
Port 1 (DB-9 Female)
This port has all the signals of an typical RS-232 serial port (see Figure 5h, Port
Configuration). This port can be fully configured form the web interface in the serial
interface configuration menu.
Configuration
To configure the serial port choose the desired baud rate, parity, data bits, stop bits,
and hardware flow control configuration.
Baud Rate
Data Bits
Parity
Stop Bits
Hardware
Flow
300 bps
7 Bits
Odd
1 Stop bit
None
2400 bps
8 Bits
Even
2 Stop Bits
CTS/ RTS
4800 bps
None
9600 bps
Mark
19200 bps
Space
38400 bps
56000 bps
115200 bps
Figure 5h
Port Configuration
1
6
2
7
3
8
4
9
5
DCD
DTR
TXD
CTS
RXD
RTS
DSR
DCD
GND
Figure 5i
DB9 Female Serial Port 1
38
LOCAL CONSOLE OPERATION
5.6 Serial Ports 1 and 2
Port 2 (8-pin mini din)
Port 2 is an RS-232 port with minimum handshaking support (see Figure 6c, 8-Pin Mini Din
Serial Port 2). Port 2 also has an added capability to control serial protocol capable power
bars.
Port 2 has the same menu options as Port 1. The user must configure each port separately.
Each port can be configured for different functions. When both ports are configured for the
same functions then the outputs of each port are identical. For example if each port is set to
Telnet function and a telnet command is sent to Kaveman then both ports will output the
same command. Port 1 and Port2 can operate at different baud rates.
Note: Port 2 does not support hardware flow control.
8
7
6
4
3
5
2
1: RTS
2: RXD
3: CTS
4: GND
5: TXD
6: GND
7: RELAY RET
8: RELAY CONTROL
1
Figure 5j
8-Pin Mini Din Serial Port 2
39
LOCAL CONSOLE OPERATION
5.7 Serial port (RS-232 config)
To access the Serial Port (RS-232 config) Menu (below), call up the Main menu by
hitting the appropriate hot key combination (the default is Scroll Lock +Scroll Lock)
and selecting Serial Port (RS-232 config):
Serial port (RS-232 config)
+ Port 1 - Baud rate settings
P1 - Flow Control
None
P1- Serial port 1 mode:
Kaveman Log
P1 - Watchdog mode:
Log lines
P1 - Watch pattern:
P1 - Watchdog timeout:
2 minutes
MORE
1
2
3
4
5
6
Serial Port Submenu 1
Serial port (RS-232 config)
+Port 2 - Baud rate settings
P2 - Serial port 2 mode: Kaveman Log, Telnet, Watchdog
P2 - Watchdog mode: Log lines, Alert if found, Alert if missing
P2 - Watch pattern:
P2 - Watchdog timeout: 1 minutes
MORE
1
3
4
5
6
Serial Port Submenu 2
BAUD RATE SETTINGS SUBMENU
1.a)
b)
c)
d)
e)
Port X - Baud rate settings
PX - Baud Rate: 56k, 115.2K, 300, 2400, 4800, 9600, 19200,
38400
PX - Data bits: 8 bits, 7 bits
PX - Parity: None, Mark, Space, Odd, Even
PX - Stop bits: 1 stop bit, 2 stop bits
PX - Flow Control: None, CTS & RTS
Baud Rate Settings
40
LOCAL CONSOLE OPERATION
5.7 Serial port (RS-232 config)
Baud Rate Settings Submenu Items Explained
Please note:
The settings for P1 and P2 are identical, except for the flow control setting which
only applies to P1. Accordingly, from this point forward, ports will be referred to as
PX or Port X.
Port X - Baud rate settings
1
BAUD RATE SETTING OPTIONS:
a)
b)
c)
d)
e)
PX
PX
PX
PX
PX
-
Baud Rate: 56k, 115.2K, 300, 2400, 4800, 9600, 19200, 38400
Data bits: 8 bits, 7 bits
Parity: None, Mark, Space, Odd, Even
Stop bits: 1 stop bit, 2 stop bits
Flow Control: None, CTS & RTS
2
PX - Flow Control
OPTIONS: None, CTS & RTS.
3
Serial Port X Mode
OPTIONS: Kaveman Log, Telnet, Watchdog, Power Control (Port 1 only). For an
explanation of these functions, please see page 31.
4
PX - Watchdog mode
Use this function to choose what to do with lines that match the pattern. Your
options are to Log lines, Alert if found or Alert if missing. For more information on
configuring what happens when there is an alert, see the monitoring section.
5
PX - Watch pattern:
Each line of input (to the Kaveman) will be matched against this simple string. Only
lines that contain this string will be logged in Watchdog mode. If this field is empty,
then all lines will be logged.
6
PX - Watchdog timeout:
Period of time during which a matching string must be seen, before an error
condition is considered to have occurred. Used only with Watchdog mode "Alert if
missing".
41
LOCAL CONSOLE OPERATION
5.8 Local User Control
To access the Local User Control Menu (below), call up the Main menu by hitting the
appropriate hot key combination (the default is Scroll Lock +Scroll Lock) and selecting Local User Control:
LOCAL USER CONTROL MENU
MORE
Local user control
1
Reset local keyboard and mouse
2
Resync mouse position
3 Mouse threshold: 2
4 Mouse acceleration: 4
5 Local console: No passwords, Require passwords, Disable
access
6 Local user exclude: Share access, No keyboard, Blank
screen + keyboard
7 Local port (8:1): 1, 2, 3, 4, 5, 6, 7, 8
8 Remote port (8:1): 1, 2, 3, 4, 5, 6, 7, 8
Serial Port Submenu 1
Local user control
Clear memory log buffer
Reset the power to outlet #
Turn off the power to outlet #
Turn on the power to outlet #
MORE
9
10
11
12
Serial Port Submenu 2
42
LOCAL CONSOLE OPERATION
5.8 Local User Control
1 Reset local keyboard and mouse
2 Resync mouse position
3,4 Mouse threshold and acceleration
These two values determine the speed of the local mouse. When the mouse is
moved faster than "threshold", it's movement will be accelerated by "acceleration"
factor. None of this has any impact on remote users via VNC or Java viewer.
5 Local Console Passwords
You can set a password for the local console. This does not affect the passwords
used for remote access.
6 Local user exclude
OPTIONS: Share, No Keyboard, and Blank Screen and Keyboard.
When local user exclude is set to share the local user can type when the remote
user (VNC, java) is connected and also controlling the same machine. When local
user exclude is set to No Keyboard, the local keyboard is locked out when a remote
user connects. When local user exclude is set to Blank Screen and Keyboard, the
local keyboard is locked out AND the screen is blacked out so a local user cannot
see the screen when a remote user is logged in.
7 Local port (8:1): 1, 2, 3, 4, 5, 6, 7, 8
Change local port number (1-8)
8 Remote port (8:1): 1, 2, 3, 4, 5, 6, 7, 8
Change remote port number (1-8)
9 Clear memory log buffer
10 Reset the power to outlet #
11 Turn off the power to outlet #
12 Turn on the power to outlet #
43
LOCAL CONSOLE OPERATION
5.9 Virtual Network Computer (VNC) Configuration
To access the Virtual Network Computer (VNC) Configuration Menu (below), call up
the Main menu by hitting the appropriate hot key combination (the default is Scroll
Lock +Scroll Lock) and selecting Virtual Network Computer:
1
2
3
4
5
Virtual Network Computer (VNC)
VNC server port number:
5900
VNC Bandwidth goal:
Medium
Network bandwidth used:
0.2 Kbps
Max resolution (expected):
Auto
VNC Escape key:
SCROLL LOCK
VNC Configuration Menu
1 VNC server port number: 5900
Normally this is 5900, which is the default port for the first VNC display on a VNC
server. It is easy to specify a different port number from the VNC client: just append
it after the host name with a colon (target:123 for example).
2 VNC Bandwidth goal: Min, Medium, Max
This influences the trade-off between speed and compression. On the ‘Min’ setting,
the maximum amount of video compression is performed but that consumes some
time. In the ‘Max’ mode, the video is not compressed at all: it's just set as quickly as
possible. ‘Max’ mode is useful on a local area networks. Of course ‘Medium’ is a
compromise that does some compression.
We recommend ‘Max’ for local area networks (10 megabits and above), and ‘Min’
for links with less than 256Kbits/s bandwidth. Everything else should be used with
‘Medium’.
3 Network bandwidth used: 0.2 Kbps (This is a read only value.)
4 Max resolution (expected)
The initial size of the VNC client window is controlled here. Most users will want to
leave this control at ‘auto’ which picks the highest resolution the Kaveman has ever
observed from the server.
5 VNC Escape key:
The VNC escape key cannot be changed from the local console. You must use the
web interface instead. This key is used to ‘escape’ normal operation and get into the
menu system. Over a VNC connection, the same key (again pressed twice quickly) is
used to pull up a small menu of useful functions while online. The default keyboard
exit key is SCROLL_LOCK.
44
C H A P T E R
6
BROWSER-BASED OPERATION
6.0 Overview of Web Menu Items
6.1 Network Configuration
6.2 Users and Passwords
6.3 Setting the Date and Time
6.4 Security Policy Configuration
6.5 Local Console Security
6.6 Monitoring
6.7 Error Conditions to Monitor
6.8 Introduction to Serial Port
Functions
6.9 Serial Ports 1 and 2
6.10 Serial port configuration
6.11 Local User / VNC Server
Configuration
45
OPERATION OVER THE INTERNET
6.0 Overview of Web Menu Items
Accessing the Target Computer
Enter the Kaveman IP address into the address bar in your browser. When you have
connected to the unit, you will arrive at the Kaveman Home Page.
Address
http://292.168.2.73/
KAVEMAN UNIT HOMEPAGE ITEMS
Host Status
See Chapter 4, Remote Access
Control Host
See Chapter 4, Remote Access
Power Control
See Chapter 7, Power Control
Setup and Configuration
Network setup
Users and passwords
Set date and time
Security policy
Monitoring policy
RS-232 serial ports
Local user/VNC configuration
Chapter 6, Browser Based Operation
46
OPERATION OVER THE INTERNET
6.1 Network Configuration
Addressing and Routing
On this screen, you can configure the network details for the Kaveman. If you are reading this
over the network (you are), then these values are probably pretty close to what you want..
IP Address
192.168.1.70
Change
Subnet Mask
255.255.255.0
Change
Default Gateway
192.168.1.1
Change
Please note: When you make changes to any of the above, your changes will take effect after
the next reset or power-cycle. If you want the new values to be in effect immediately, click on
the button "Commit IP config changes" below. Since the web page you are currently reading
was at the old network address, you may get an error after pressing this button and your
browser will probably take a long time to timeout. This is to be expected if you are changing
the IP address or other details to new values.
Changing the Machine Name
This simple text string identifies this
machine. To change the machine name, type
in a new name up to 15 characters long.
DV6 Demo
Change
Sample Machine Name (Max 15 Characters)
Accessing the Ethernet Address
(MAC Address)
This is the hardware address of the Ethernet
interface on this Kaveman. It is assigned by
the factory to uniquely identify this unit and it
cannot be changed. You may need this
number to configure other software on your
network, such as DHCP servers, hubs or
monitoring software.
00:01:b2:80:00:07
Sample Ethernet (MAC) Address
47
OPERATION OVER THE INTERNET
6.2 Users and Passwords
Changing the Master Account
Password
The master (or root) password can be
changed here. The user name for the master
account cannot be changed: The system will
accept either `root' or `administrator' as the
name of this account.
Change
You are only able to change the password for
the master account, not the username.
Defining Usernames and
Passwords for User Accounts
Here you may define user names and
passwords for up to five regular users. You
must enable the account in order to permit
logins.
Below, find a step-by-step example of how to
define a new user.
Define usernames and passwords
Step 1: Defining the Username
a) Select the Username that you would like to
define from the Users and Passwords table.
b) User1Name is currently set to "User1".
This value is a text string up to 15 characters
long. The default value is "User1".
c) Type in new user name and press change.
User 1
Change
Enter new value then change.
48
OPERATION OVER THE INTERNET
6.2 Users and Passwords
Step 2: Changing User's
Passwords
You will see the current password. This value
is a secret password up to 15 characters
long. Enter twice to confirm value. The
default value is "[none/empty]".
Change
Enter a password with up to 15 characters
Step 3: Setting User
Permissions (Flags)
Not only is the administrator responsible for
assigning user's passwords and names, in
the flags section the administrator chooses
how much authority to give the user.
0: Disabled
Change
0: Disabled
1: Normal
2: View Only
There are three display values: 0: Disabled;
1: Normal; 2: View Only.
Normal
Normal means the user can log in and use
Kaveman with full privileges.
Enable users by changing this value to
Normal or View Only
View Only
View only means the user can watch what
the server is doing but cannot send keyboard
and mouse commands.
Disabled
In the disabled mode Kaveman will not
accept the log in name or user ID.
To enable the new username, you must
change the value to Normal or View Only.
49
OPERATION OVER THE INTERNET
6.3 Setting the Date and Time
Introduction
Date and time is stored internally in UTC (Coordinated Universal Time, sometimes called GMT
or Zulu time). When times are shown in logs or over the web, a time zone offset is applied to
convert that time into local time. No provision is made for daylight savings time.
Synchronizing the Time/Date
With Your Computer
If the computer you are using to view this
page knows the correct time, just press the
button labeled “Set date, time and time
zone” to set the time and zone of the
Kaveman to the same time as your browser.
Set date, time and time zone
Synchronize the date/time with your
computer
Current time
This section indicates when the page was
sent. For example:
Wed, 15 Aug 2004 10:23:16 -400
Example of current time
Time zone offset (from UTC)
This is the number of minutes the unit is
offset from UTC (Coordinated Universal Time,
sometimes called GMT or Zulu time). Most
time zones are on one-hour boundaries. If
you take the UTC time (the time in
Greenwich, sic) and add this (signed) value to
it, you should get your current local time.
-240 minutes
Change
Offset the time zone from UTC
50
OPERATION OVER THE INTERNET
6.4 Security Policy Configuration
Overall Policy
You may choose one of the following three security policy
buttons to configure this unit for common situations. Once
this has been done, you may further fine tune other
security settings, including local settings.
NOTE: When you press any of the security policy buttons,
some of the changes will not take effect immediately. You
should select "Reset web server" once all of the values
are to your liking.
Relaxed Security (Default)
Default relaxed security
This is the factory default. It requires passwords (where
defined) but allows those passwords to be transmitted "in
the clear" over the network. This means network sniffers
can see the passwords needed to access the Kaveman.
This is the only mode that leaves the telnet server
enabled.
You might need to use this mode if your browser does not
support encryption.
Internal LAN with Snoopers
Internal LAN with snoopers
The is the recommended setting for most office networks.
It requires all connections to use encryption. Passwords
are not visible to network sniffers but the unit does not try
to conceal its presence on the network.
For Use on the Public Internet
For use on the public Internet
The is the recommended setting if the unit is outside of a
firewall and is visible to the public Internet. Non-standard
values are used for web server TCP/IP ports (8888 for
HTTP, 4444 for HTTPS), but you should change them from
these default values. This mode also enables two
proprietary features of the Kaveman: Turtle mode and
Stealth mode.
51
OPERATION OVER THE INTERNET
6.4 Security Policy Configuration
Turtle Mode
Stealth Mode
This optional mode enables the Kaveman to
shut-down when it feels that its security may
be under attack. For example, if more than
five password failures are detected in a
certain time frame, the Kaveman will shut
down and disconnect itself from the network.
The only way to recover operation of the
Kaveman is to login from the local control
port (the keyboard connected to the ‘thru’
connector) and give the appropriate reset
command. Remote access to the Kaveman
is completely locked out. The operation of
the attached server is not affected. Clearly,
turtle mode opens the Kaveman to denial-ofservice attacks which could be rather
annoying to legitimate users. Therefore, this
mode is not enabled by default. There is an
optional Turtle timeout duration (in hours)
that by default is set to 24 hours.
In Stealth mode, a Digital V6 exclusive
feature, the Kaveman deliberately violates
certain TCP/IP protocol standards in order to
conceal its presence on the network. For
example, it will not respond to any ICMP
PING requests. A TCP/IP connection request
(or UDP packet) to any unused port will go
unanswered and will not solicit the normal
“connection refused” response. The goal is
to make the Kaveman invisible to a “port
scan” attack, by acting as if it was not there.
For optimum security, the web server port
number should be changed from the default
as well (user configurable).
Operation of the Kaveman by legitimate
users who know both the IP address and web
server port number will be as normal.
However, outsiders who might be searching
for the Kaveman will not be able to detect it
on the network unless they correctly guess
both the IP address and port number.
Turtle Mode
0: Disabled
Change
0: Disabled
1: Enabled
0: Disabled
Turtle reset timeout
24 hours
Stealth Mode
Change
0: Disabled
1: Enabled
Change
Enable or Disable Turtle Mode and Set the
Reset Timeout
Enable or Disable Stealth Mode
52
OPERATION OVER THE INTERNET
6.4 Security Policy Configuration
Encryption Required
Require encryption (HTTPS). This takes effect
immediately.
In order for this feature to function you have
to install a valid server certificate and key
provided by a trusted source into the device.
The certificate and key must be of the PEM
format and the name of the files should be
server-cert.crt and server-cert.key.
0: Optional
Change
0: Optional
1: Required
Require encryption
To install the certificate and key, you must
access the "manage flash file system"
through the device’s web browser and upload
the certificate and key through the browser.
A hard reset should be performed to allow
the device to load the new certificate and key
and delete also any old ones in the system.
For further details, see the chapter on
Managing Flash File System.
If you are using a browser, you must have the
Sun Java Plug-in 1.4.0 or higher installed.
SSL is not available through VNC.
Setting idle logout time
Idle logout time is set in minutes. To change,
enter new number of minutes.
30
Change
Set idle logout time
53
OPERATION OVER THE INTERNET
6.4 Security Policy Configuration
Changing HTTP/HTTPS port
number
To change, enter a new HTTP port number.
442
Change
Change HTTP/HTTPS number
Changing the Telnet server port
number
To change, enter a new Telnet server port
number.
442
Change
Change telnet server port number
Java viewer port number (clear)
To change, enter a new java viewer port
number.
442
Change
Change java viewer port number
Java viewer port number (SSL)
To change, enter a new java viewer port
number.
442
Change
Change java viewer port number
54
OPERATION OVER THE INTERNET
6.5 Local Console Security
There are a number of controls provided for the local console as well. The master
password may always be used to change any settings of the system from the local
console. You may restrict regular users as follows:
Local Console Passwords
You can set a password for the local
console. This does not affect the
passwords used for remote access.
For instructions on creating remote
access usernames and passwords, see
page 42.
0: No passwords
Change
0: No passwords
1: Require passwords
2: Disable access
Set passwords for local console access
Local user exclude
Explanation of settings:
0: Share access - local user can type
when the remote user is connected and
also controlling the same machine.
1: No keyboard - local keyboard is locked
out when remote user connects
2: Blank screen+keyboard - local
keyboard is locked out and the screen is
blacked out so a local user cannot see
the screen when a remote user is
connected.
0: Share access
Change
0: Share access
1: No keyboard
2: Blank screen+keyboard
Exclude the local user when remote user is
connected
55
OPERATION OVER THE INTERNET
6.6 Monitoring
Introduction to Monitoring
The Kaveman may be configured here to detect certain common failure modes. Once
enabled, the Kaveman will continuously monitor for a failure and if it occurs will log the event.
It can also be configured to send out an email to alert you of the problem. For completely
autonomous monitoring, it is also possible to reset the power to the controlled computer.
Configuring Alert Actions
You can configure what you would like the unit to do when an error condition occurs. All error
conditions are added to the log when they happen (with a time stamp) regardless of whether
email is enabled.
Setting alert email addresses
This is the email address used in outgoing
email when the monitoring function detects a
failure.
kaveman@digitalv6.com
Change
Enter destination email address
SMTP relay/destination (IP
address)
Set the SMTP relay/destination is the IP
address (numeric) for the SMTP server to use
to send the mail. This server must be willing
to relay to the above email address, or else
be the mail server for that domain. You may
disable email by setting this to 0.0.0.0.
192.168.1.70
Change
Set SMTP relay/destination
56
OPERATION OVER THE INTERNET
6.6 Monitoring
Message format
You can choose the type of email message to
send in the event of a failure. The default
message length is normal; the short format
is appropriate for messages sent to cellular
phones and pagers that have a limited
display.
0: Normal
Change
0: Normal
1: Short
Message format display
Enabling email alerts
This control must be enabled before any
email will be sent. You can use this to turn
off email without losing your other settings.
0: No
Change
0: No
1: Yes
Enable/disable email alerts
Enabling power-cycling of host
if alert happens
You can enable the Kaveman to reset the
controlled computer automatically (via power
cycle) when an error condition occurs.
0: No
Change
0: No
1: Yes
Please note: This option carries a certain risk
to it, since there is a possibility of false
positives with all the failure tests.
Enable/disable power cycling
57
OPERATION OVER THE INTERNET
6.7 Error Conditions to Monitor
Alert if no video
Enabling alert if no video will cause a
notification if no graphics or text video signal
is coming from controlled computer.
Please note that power saving screen-savers
(DPMS) may trigger this falsely.
0: No
Change
0: No
1: Yes
To enable, select 1: Yes. To disable, select 0:
No.
Select Yes or No to enable or disable error
conditions to monitor
Alert if text (blue screen)
Alert if turtle shell active
Alert if text (blue screen) occurs when the
machine is rebooting (BIOS screen) or
displays the “blue screen of death”. Can be
useful for detecting self-initiated reboots.
Alert if turtle shell active occurs if Turtle
mode is activated by too many bad login
attempts over a certain period.
To enable, select 1: Yes. To disable, select 0:
No.
To enable, select 1: Yes. To disable, select 0:
No.
Alert if no NumLock toggle
Alert if host power lost
If this is enabled, then the Kaveman will
simulate the NumLock key being pressed
regularly (every few seconds). If at any time,
the NumLock light does not toggle in
response to a NumLock key press, then the
software on the controlled computer is
assumed to have crashed and this error
condition will be active.
The alert is activated when the power supply
fails to the controlled computer.
To enable, select 1: Yes. To disable, select 0:
No.
To enable, select 1: Yes. To disable, select 0:
No.
58
OPERATION OVER THE INTERNET
6.7 Error Conditions to Monitor
Designating an ICMP Ping
The address designated for the “ICMP Ping
this address” function should be an IP
address that will be pinged continuously. If
more than half of the packets are lost during
a short interval, then the error condition is
triggered. This IP address does not need
have to be the controlled computer, but
might be a border router or other important
component of your network.
(disabled)
Change
Designate an ICMP Ping
To enable, enter an IP address to ping. To
disable, use 0.0.0.0.
HTTP Ping
HTTP IP Address
(disabled)
This should be an IP address of a web (HTTP)
server. The server will be asked to get the
root page. If nothing is returned (zero length)
or the connection fails, then this error
condition is considered active.
Change
HTTP Port Number
To disable, use 0.0.0.0.
(disabled)
Change
Designate an HTTP Ping
Alert if power is reset
If the Kaveman is reset or powered off for
any reason, then this condition is activated
when power is restored.
0: No
Change
0: No
1: Yes
Alert if my Ethernet link down
Monitors if the Ethernet link signal to
Kaveman is lost.
Set other alert conditions
There can be some difficulty sending email if
this condition occurs, since the Kaveman is
off the net in this situation. The event is still
logged, however.
To enable, select 1: Yes. To disable, select 0:
No.
59
OPERATION OVER THE INTERNET
6.8 Introduction to Serial Port Functions
The Kaveman has two serial ports. Each may be used for four different purposes:
1. Kaveman Log - Output log from Kaveman to serial port.
2. Telnet - Allows remote telnet user to connect to serial device.
3. Watchdog - Detects and logs the presence of string (or absence).
4. Power Control - Connect to a serial device to turn off/on power to the controlled
device.
1 Kaveman Log - Output log from the Kaveman serial port.
The following is an example of format of the log output:
"@ Tue, 14 Aug 2001 15:34:37 -400 INFO:
System startup. (Previously up at: Tue, 14 Aug 2001 15:32:32 -400)
@ Tue, 14 Aug 2001 15:34:22 -400 INFO:
Random words are 76/160 (47%) ones (passed test)."
The Kaveman log can also be read from the web interface.
2 Telnet - Allows remote telnet user to connect to serial device. The user must
connect the serial cable to the serial device, configure the serial port and start
"Telnet" to the device through Kaveman. Kaveman is transparent in this mode and
allows a bi-directional link.
3 Watch dog - Detects and logs the presence or absence of a string Watchdog
pattern (string): Each line of input (to the Kaveman) will be matched against this
simple string. Only lines that contain this string will be logged in Watchdog mode. If
this field is empty, then all lines will be logged.
Watchdog mode: Choose what to do with lines that match the pattern. See
monitoring section to configure what happens with the alert.
Watchdog timeout: Period of time during which a matching string must be seen,
before an error condition is considered to have occurred. Used only with Watchdog
mode "Alert if missing".
4 Power Control - Connect to a serial device to turn off/on power to the controlled
device.
For further instructions, see Chapter 7, Power Control.
60
OPERATION OVER THE INTERNET
6.9 Serial Ports 1 and 2
Port 1 (DB-9 Female)
This port has all the signals of a typical RS-232 serial port (see Figure 6b Port 1). This port
can be fully configured from the web interface in the serial interface configuration menu.
Configuration
To configure the serial port choose the desired baud rate, parity, data bits, stop bits, and
hardware flow control configuration.
Baud Rate
Data Bits
Parity
Stop Bits
Hardware
Flow
300 bps
7 Bits
Odd
1 Stop bit
None
2400 bps
8 Bits
Even
2 Stop Bits
CTS/ RTS
4800 bps
None
9600 bps
Mark
19200 bps
Space
38400 bps
56000 bps
115200 bps
Figure 6a
Port Configuration
1
6
2
7
3
8
4
9
5
DCD
DTR
TXD
CTS
RXD
RTS
DSR
DCD
GND
Figure 6b
DB9 Female Serial Port 1
61
OPERATION OVER THE INTERNET
6.9 Serial Ports 1 and 2
Port 2 (8-pin mini din)
Port 2 is an RS-232 port with minimum handshaking support (see Figure 6c, 8-Pin Mini Din
Serial Port 2). Port 2 also has an added capability to control serial protocol capable power
bars.
Port 2 has the same menu options as Port 1. The user must configure each port separately.
Each port can be configured for different functions. When both ports are configured for the
same functions then the outputs of each port are identical. For example if each port is set to
Telnet function and a telnet command is sent to Kaveman then both ports will output the
same command. Port 1 and Port2 can operate at different baud rates.
Note: Port 2 does not support hardware flow control.
8
7
6
4
3
5
2
1: RTS
2: RXD
3: CTS
4: GND
5: TXD
6: GND
7: RELAY RET
8: RELAY CONTROL
1
Figure 6c
8-Pin Mini Din Serial Port 2
62
OPERATION OVER THE INTERNET
6.10 Serial port configuration
Setting Serial Port Function
To set the serial port function select 0:
KaVeMan Log;1: Telnet;2: Watchdog; or 3:
Power control (see explanation on page 54).
Note: The secondary serial port does not
support hardware flow control.
0: KaVeMan Log
Change
0: KaVeMan Log
1: Telnet
2: Watchdog
3: Power control
Set serial port function
Watchdog pattern (string)
Each line of input (to the Kaveman) will be
matched against this simple string. Only lines
that contain this string will be logged in
Watchdog mode. If this field is empty, then
all lines will be logged.
Change
Set watchdog pattern string
Watchdog mode
Use this function to choose what to do with
lines that match the pattern.
Your options are to Log lines, Alert if found or
Alert if missing.
For more information on configuring what
happens when there is an alert, see the
introduction to monitoring on page 50.
0: Log lines
Change
0: Log lines
1: Alert if found
2: Alert if missing
Set watchdog mode
63
OPERATION OVER THE INTERNET
6.10 Serial port configuration
Setting the Watchdog timeout
Period of time during which a matching string
must be seen, before an error condition is
considered to have occurred. Used only with
Watchdog mode "Alert if missing".
20 minutes
Change
Set watchdog timeout
Baud rate, data bits, parity and stop bits
0: 300
0:
1:
2:
3:
4:
5:
6:
7:
Change
300
2400
4800
9600
19200
38400
56k
115.2K
0:
1:
2:
3:
4:
Change
0: 7 bits
1: 8 bits
Baud Rates for Ports 1 and 2
2: None
0: 7 bits
Change
Odd
Even
None
Mark
Space
Parity for Ports 1 and 2
Data Bits for Ports 1 and 2
0: 1 stop bit
Change
0: 1 stop bit
1: 2 stop bits
Stop Bits for Ports 1 and 2
64
OPERATION OVER THE INTERNET
6.11 Local User / VNC Server Configuration
VNC server port number
Normally this is 5900, which is the default
port for the first VNC display on a VNC server.
It is easy to specify a different port number
from the VNC client: just append it after the
host name with a colon (target:123 for
example).
Change
5900
VNC server port number
VNC Bandwidth goal
This influences the trade-off between speed
and compression. On the ‘Min’ setting, the
maximum amount of video compression is
performed but that consumes some time. In
the ‘Max’ mode, the video is not compressed
at all: it's just sent as quickly as possible.
‘Medium’ is a compromise that does some
compression.
0: Min
0: Min
1: Medium
2: Max
We recommend ‘Max’ for local area networks
(10 megabits and above) and ‘Min’ for links
with less than 256Kbits/s bandwidth.
Everything else should be used with
‘Medium’.
Max resolution (expected)
The initial size of the VNC client window is
controlled here. Most users will want to leave
this control at `auto' which picks the highest
resolution the Kaveman has ever observed
from the server.
Change
Bandwidth goal
0: Auto
Change
0: Auto
1: 640x400
2: 640x480
3: 720x400
4: 800x600
5: 1024x768
6: 1280x1024
Max resolution expected (default Auto)
65
OPERATION OVER THE INTERNET
6.11 Local User / VNC Server Configuration
Mouse threshold and
acceleration
These two values determine the speed of the
local mouse. When the mouse is moved
faster than "threshold", it's movement will be
accelerated by "acceleration" factor. None of
this has any impact on remote users via VNC
or Java viewer.
Mouse threshold
2
Change
Mouse acceleration
4
Change
Adjust mouse speed settings
Keyboard Exit Key
This key is used to ‘escape’ normal operation
and get into the menu system. On the local
port, this key (when pressed twice quickly)
will start a menu system that allows the user
to configure the Kaveman. Over a VNC
connection, the same key (again pressed
twice quickly) is used to pull up a small menu
of useful functions while online.
The first press of the key is never sent to the
host if the second press comes quickly
enough. If the key is pressed once, then it
goes to host normally. It is not possible to
use a key combination, like Ctrl-Alt-F1.
The default keyboard exit key is
SCROLL_LOCK.
There are numerous options to choose from.
66
C H A P T E R
POWER
7
CONTROL
7.0 Installation
7.1 Remote Power Control
67
POWER CONTROL
7.0 Installation
Introduction to Power Control
on and off using Kaveman's user-friendly
GUI.
It is possible to remotely control the
power of up to eight devices using the
Kaveman PWR series. Simply plug the
devices into to a power control strip and
then you can cycle power or turn devices
The power control functions can be
accessed from either of Kaveman's
remote clients - an Internet browser or
VNC (Virtual Network Computing) Viewer.
Figure 7a
Power Control Connection Diagram
68
POWER CONTROL
7.0 Installation
Connecting the devices
1. Follow Quick Connection Instructions
on page 8 of the User’s Manual.
2. Turn off power on all servers or other
devices you intend to connect to the
power control strip.
3. Plug in devices to the outlets on the
power control strip.
4. Plug in power control strip.
5. Turn on power control strip.
6. Turn on devices.
Serial port settings
1. Go to the Kaveman home page by typing in the IP address of the unit into the
address bar of your browser.
2. Select RS-232 serial ports from the
Setup and Configuration menu.
3. Find the Serial Port Mode menu item
under the Port 1 (DB-9 female) section.
4. Change the mode of Port 1 to Power
Control.
5. Scroll down to the Baud rate, data bits,
parity and stop bits section.
6. Change the baud rate to 9600.
Testing
1. Test power control. For instructions on
how to operate the power control, see the
next section.
Special Note:
We recommend that you connect the
local console computer to Outlet
(Channel) 1 (see diagram). The reason is
because you are able to control the
power to the device plugged into outlet
one from Kaveman’s Java Viewer. See the
next section for instructions on how to
remotely control power.
The settings should be:
Baud rate: 9600
Data bits: 8 bits
Parity: None
Stop bits: 2
Hardware flow control should be set to
None.
69
POWER CONTROL
7.1 Remote power control
Controlling power from the Kaveman homepage
This page allows you to completely control the power module attached to the
Kaveman. You can power off, on, or reset (turn off and on) any of the attached devices
plugged into the power control strip.
To access the power control menu, go to the Kaveman home page by typing in the IP
address of your Kaveman unit. Look for the Power Control section on the Kaveman
home page:
Power Control
Click here to power control the current attached devices on Kaveman.
When you click on “Click here to power control” you will encounter the menu below.
Click corresponding link below to power reset, power on, or power off appropriate
machine.
Channel 1
Channel 2
Channel 3
Channel 4
Channel 5
Channel 6
Channel 7
Channel 8
Reset
Reset
Reset
Reset
Reset
Reset
Reset
Reset
Off
Off
Off
Off
Off
Off
Off
Off
On
On
On
On
On
On
On
On
Figure 7b
Power Control Menu
70
POWER CONTROL
7.1 Remote power control
Controlling power from the Java Viewer
You may also control the power of the device connected to outlet one on the power
control strip via the Java Viewer. To control the power of the device connected to
outlet one on the power control strip, you must:
1. Log on to the Kaveman unit.
2. Take control of the host in the existing or in a new browser window.
3. Call up power control menu (see Figure 7c, Java Viewer Power Control Options).
4. Select appropriate command (cycle power, turn power off, turn power on, kill
power all).
Figure 7c
Power Control Commands in Java Viewer
71
C H A P T E R
FLASH
FILE
8
SYSTEM
8.0 Firmware upgrades
8.1 Certificates/keys
72
FLASH FILE SYSTEM
8.0 Firmware upgrades
Introduction to firmware upgrades
You can find the most recent version of
the Kaveman firmware at
http://www.digitalv6.com/support/firmw
are/index.html. Firmware upgrades and
release notes are in zipped format. Each
zip file will contain a flash file (extension
.frm) and release notes.
How to Upload
Please take note of your color
calibration values prior to uploading the
firmware. You may have to reset them.
1. Open the local OSD of the Kaveman
(the default hotkey combination is Scroll
Lock Scroll Lock). Write down calibration
values under "Debug - factory only".
2. Open the Kaveman homepage and
find the Comprehensive Menu Tree. You
must take note of the calibration offset
numbers for R, G, and B.
Version information that the new
firmware has been successfully loaded
If you have problems:
- When you try to upload the firmware,
you may receive a message that the file
is not found. Some versions of Internet
Explorer cannot upload the firmware
image (or any other file) if any part of
the part of the file path contains a
space. This is a problem, for example, if
the file Image.frm is stored as C:\My
Document\Image.frm. The solution is to
use Netscape, or move the file to be
uploaded into another directory that
does not contain spaces in its file path.
- Uploading invalid or corrupt files may
render your unit inoperable. If this
occurs, remember that the boot ROM
can be used to recover via TFTP.
To upload:
1. Go to the Kaveman homepage>
Operation> Manage Flash File System.
2. The file to be loaded must have a
suitable extension. Firmware needs to
have the '.frm' extension, for example.
3. After you have uploaded the firmware,
you must turn off the power to the
Kaveman (by unplugging the Kaveman).
Wait 10 seconds and then reapply
power.
4. Confirm under the local OSD under
73
FLASH FILE SYSTEM
8.1 Certificates/keys
Kaveman provides security on several
levels, one is SSL encryption. In order
for this feature to function, you need to
install a valid server certificate and key
into Kaveman. You can purchase certificates and keys from many sources.
SSL with a Browser
If you are using a browser, you must
have the Sun Java Plug-in 1.4.0 or higher installed in order to take advantage of
SSL encryption. The Java plugin is at:
http://java.sun.com/products/plugin/in
dex.html
SSL with a Browser
SSL is not available through VNC.
How to Upload
Please take note of your color
calibration values prior to uploading the
certificates. You may have to reset
them.
1. Open the local OSD of the Kaveman
(the default hotkey combination is Scroll
Lock Scroll Lock). Write down calibration
values under "Debug - factory only".
2. Open the Kaveman homepage and
find the Comprehensive Menu Tree. You
must take note of the calibration offset
numbers for R, G, and B.
To upload:
1. Go to the Kaveman homepage>
Operation> Manage Flash File System.
2. The file to be loaded must have a
suitable extension. The certificate and
key must be of the PEM format and the
name of the files should be server-
cert.crt and server-cert.key.
3. After you have uploaded the
certificate, you must turn off the power
to the Kaveman (by unplugging the
Kaveman). Wait 10 seconds and then
reapply power.
4. Confirm under the Kaveman
homepage under Manage Flash File
System that the new certificate has
been successfully loaded
If you have problems:
- When you try to upload the certificate,
you may receive a message that the file
is not found. Some versions of Internet
Explorer cannot upload a certificate (or
any other file) if any part of the part of
the file path contains a space. This is a
problem, for example, if the file servercert.crt is stored as C:\My
Document\server-cert.crt. The solution
is to use Netscape, or move the file to
be uploaded into another directory that
does not contain spaces in its file path.
- Uploading invalid or corrupt files may
render your unit inoperable. If this
occurs, remember that the boot ROM
can be used to recover via TFTP.
Internet resources
A place to get official certificates
(among other places):
http://www.thawte.com/
For a description on how to install
certificates in IE:
http://www.microsoft.com/windows/ie/
using/howto/digitalcert/using.asp
74
C H A P T E R
9
TROUBLESHOOTING
9.0 Video
9.1 Keyboard and Mouse
9.2 Network-related and other
75
TROUBLESHOOTING
9.0 Video
How do I maximize the video quality?
1. Use the highest quality, shortest VGA cables possible. If you see any "ghosts" or "shadows"
to the right of sharp edges, then your video cables are causing problems and poor quality
video is being delivered to the Kaveman 8.
2. From VNC, use the "optimize video" command. This tunes the video settings to what is
currently coming from the computer. Changing the video cables will affect this tuning. This
tuning operation is performed automatically whenever the video mode changes, so
performing this operation manually may not help.
3. Reduce vertical refresh rate to no higher than 60Hz. There is no benefit to using a higher
refresh rate with the Kaveman. If there is a human using the computer locally, and they are
using a CRT display (as apposed to LCD) they should be consulted to check if a lower refresh
rate is acceptable to them ergonomically.
4. Use the minimum resolution needed for your application. Lower resolutions (and lower
refresh rates) use lower-frequency electrical signals and therefore stress the performance of
your cables and video card less.
I am not seeing any local video. What should I do?
1. Check physical connections between Kaveman unit and local monitor.
2. Reduce vertical refresh rate to 60Hz and resolution to no higher than 1024 x 768.
2. Disable all energy saving modes and screen savers.
3. Update the driver of your video card. It may be introducing spurious noise.
The remote video is scrambled. What should I do?
1 - Update to the newest firmware www.digitalv6.com/support/firmware/index.html.
2 - Test out the different resolutions/refresh rates on the target servers.
The video colours are off. What should I do?
1 - Go into the "Debug Setting" under the local setting OR "Debug Comprehensive Menu Tree".
Take note of the calibration value. Check that calibration value against the one that was
provided to you along with the Kaveman to see if they are the same.
2 - In the same menu, use the calibration option to customize the colour specific to your
server by adjusting the value of it. Make sure you have the taken note of the original numbers
in case you need to revert to the original settings.
The video is sluggish. What should I do?
1 - Update to the newest firmware www.digitalv6.com/support/firmware/index.html.
2 - Test out the different resolutions/refresh rates on the target servers.
The video is not updating.
1 - From the Java Viewer, push the "Disconnect" button then the "Connect" button.
2 - From the VNC viewer, close and reopen the VNC session.
76
TROUBLESHOOTING
9.0 Video
The mouse is always in the wrong position, by a small, fixed amount. This
persists even after a "mouse resync" operation.
1. There is a screen position error, so Kaveman's idea of the mouse position is offset by the
width of the black bars/or missing area.
When I connect to a Kaveman with the browser and open a session window, I get
black video and the Connect Disconnect options keep toggling. I am able to
connect locally, through VNC and via telnet. What do I do?
1. The problem could be a configuration issue. Check the "Java Viewer port number (clear)"
and "Java viewer port number (SSL)". These numbers must be different port numbers from
the web server whose default is 80 and 443. Reset the two ports to 19900 and 19901
respectively, which are the factory defaults.
There is a black bar to the left and/or top of my screen. Part of the image is cut
off, from the left or top edges of the screen.
1. This should not occur in any VESA-standard video mode. Switch to a typical video mode
(1024x768 at 60Hz, for example). However, some video cards do not generate VESA modes
precisely/correctly so this may not help.
2. If using a non-standard VESA mode, or a unknown video source, correct the position error
manually:
a) Start VNC and get into the VNC menu: Press Scroll-lock twice.
b) Use the arrow keys to move the screen around.
- if black bars: move left (or up) until the first non-black area touches the edge of the VNC
window.
- if cut-off screen: move the window right (or down) a whole bunch (the edge will smear).
Press ESC to quit the menu (which causes a redraw) and start the process over.
- press ESC at any time, to redraw the whole screen and check the result. The screen drawn
by VNC is only an approximation of what the new position will look like.
3. You can fine-tune the position by observing the remote mouse position relative to the VNC
local cursor (small box). When they are precisely aligned on top of each other, you should
have the optimal screen position. The new X,Y position will be remembered automatically on
this Kaveman. This process may need to be repeated for other video modes.
77
TROUBLESHOOTING
9.1 Keyboard and mouse
There is no keyboard or mouse signal.
1 - Disconnect and reconnect keyboard and mouse that are connected between the server
and Kaveman.
2 - Reset the server.
The remote keyboard is not responding or keyboard mapping is wrong.
1 - Remotely reset the keyboard and mouse either through Java or VNC menu.
The local keyboard is not responding or keyboard mapping is wrong.
1 - Locally reset the keyboard and mouse either through Java or VNC menu.
The hotkey combination for VNC/Java Viewer does not work.
1 - Remotely reset the keyboard and mouse either through Java or VNC menu.
2- Change the hotkey combination in the Kaveman web server. You can access the hot key
combination under the Local/VNC configuration menu under the “Keyboard Exit Key”
option.
The remote / local mouse works but the remote and local mouse out of sync by a
constant distance.
1 - Resynchronize the mouse.
2 - Realign the screen from either the Java or VNC interface. From the Java viewer, turn the
screen shift to “On”. Use the arrow keys to change the position of the screen until the mouse
is aligned. From the VNC Viewer, use the phase shift command.
The remote and local mouse are functioning in a non-linear motion.
1 - Verify that the video resolution and refresh rate are supported by Kaveman. If in doubt,
reduce vertical refresh rate to no higher than 75Hz and resolution to no higher than 1280 x
1024.
2 - Turn off and/or set to normal all operating system specific adjustments to mouse speed
and acceleration on the target.
3 - Verify that the mouse driver is up to date. Download the newest mouse driver if it is not
up to date.
78
TROUBLESHOOTING
8.2 Network-related and other
What should I do if I cannot log into Kaveman or cannot ping the address of
Kaveman?
1. There appears to be a problem with the assigned IP address.
- Go to Network Settings
- Verify the IP address
- Re-enter the IP address if necessary and (recommit the change)
- Confirm the validity of the IP addresses with your IT department
Why is VNC only showing portion of remote screen?
If you are looking at servers with different resolutions, when you switch to a higher resolution
server via a KVM switch you will not be able to see the entire remote. There are two
solutions to fix this problem:
1 - Change VNC server configuration - Max resolution (expected) from “Auto” to “Max”
(permanent fix, but uses more bandwidth)
2 - Reload VNC when changing to higher resolution image (not a permanent fix)
I am using Linux and/or FreeBSD and I cannot get VNC to work.
If you are using Linux and FreeBSD, use "vncviewer -bgr233" to initiate the VNC viewer with
the proper flag to get it to work in conjunction with Kaveman.
How do I reduce the steady-state network traffic generated by VNC?
1. Improve video quality first. Any video noise is sent over the network, so you can reduce the
resolution or refresh rate to reduce the noise.
2. Reduce resolution to 1024x768 or lower.
How do I reduce the overall network traffic generated by VNC?
1. Use a flat-colour desktop background, rather than a picture of your family or corporate
leader. This data must be sent every time the a window is moved, so it is best if it is a single
colour that will compress down to almost nothing.
2. Improve video quality so no analog noise is sent.
When I try to upload my firmware, I receive a message that the file is not found.
Some versions of Internet Explorer cannot upload the firmware image (or any other file) if
any part of the part of the file path contains a space. This is a problem, for example, if the
file Image.frm is stored as C:\My Document\Image.frm. The solution is to use Netscape, or
move the file to be uploaded into another directory that does not contain spaces in its file
path.
For additional technical support, visit www.digitalv6.com/support
79
A P P E N D I C E S
A Specifications
B Video Modes
C FCC Compliance
D Copyright Information
E Contacting Digital V6
F Warranty
80
APPENDIX A
Specifications
Hardware
Ethernet
- One 10/100BaseT connection
- Standard RJ-45 connector
- LEDs for link, 10/100 indicator, and network activity
VGA input
- Max resolution 1280 x 1024 at 75Hz.
- Supports all VESA graphics modes, and
text modes
- DDC2B compatible
VGA local output
- Copy of input video with OSD (On-Screen
Display) for setup
- Optional use, when no screen is present
locally
PS/2 Keyboard / Mouse
- Emulates standard PS/2 keyboard and 3button PS/2 mouse
- Connects directly to server
- Keep-alive feature means server is not
affected by power failure on the Kaveman -- it keeps emulating the mouse/keyboard
even if the main power to Kaveman is
removed.
Local PS/2 Keyboard / Mouse
- Allows local access to the controlled server
- Can be disabled or password protected to
limit access
- Used for initial setup of network address,
subnet mask, etc.
- Optional once system is deployed
- May be connected/removed without
affected server
Serial Port 1 (RS-232C)
- Standard baud rates up to 115,200 bps
- Can be used for multiple functions:
> Telnet access (console server mode).
Handy if connected to serial port of Unix
machines.
> Watchdog mode. With appropriate server
software, the Kaveman will function as an
external watchdog which will kill the power
to reset failed software/hardware.
> Power control. When connected to a
power distribution system (smart power
bar) the serial port may be used to control
the power to multiple computers.
> Log monitor. Watches for a string sent
from the computer to indicate trouble.
Serial Port 2
- Can be directly connected to optional
power control module (Dataprobe)
- Same features as Serial Port 1. May be
used as second serial port with optional
adapter cable.
Reset
- Hardware reset button
Power
- 100-240 VAC 50/60 Hz 1A
- Standard IEC320 connector, detachable
power cord (provided)
Mechanical
- 1/3rd of a rack unit wide. An optional
shelf may be used to rack mount three
units in 1RU of space. Each unit is a fully
independent system.
- Dimensions: 5.7" W x 1.7" H x 16" D (plus
connectors)
- Aluminum sheet metal construction,
painted
81
APPENDIX A
Specifications
Internals
- Contains hardware random number
generator
- Flash-memory based firmware may be
field-upgraded over the web interface
- Dedicated 32-bit micro-processor
Software
Network Protocols
- HTTP/1.1 and HTTPS (secure) web
server used for control and setup
- VNC server (implements RFB 3.3
protocol with Hextile encoding)
- Requires one dedicated IP address
TCP/IP port numbers for all services
may be changed to confuse attackers
- SMTP is used to deliver email
notifications
- Does not require a DNS server (Domain
Name Server) so that it will continue to
operate in the face of this network
failure
System Software
- Specialized RTOS (Real Time OS)
- Proprietary software, with published
open-standard based interfaces
Public Keys / Encryption
- Supports X.509 certificates
- True hardware RNG (random number
generator) used to create session keys
and seed values
- 128-bit or 56-bit encryption for SSL v2.
- Supports RC4 and DES algorithms
- Compatible with both import and
export browsers
Special features
- Up to 10 unique password/users
- Stealth mode: prevents port scans and
other network probes
- Turtle mode: disabled self when
attacked; requires access to local
console to re-enable
- Idle timeout causes logout
- Multiple users can connect to same
system
- Compatible with most existing KVMs
Operating Environment - 0-40 Degrees C
Spec Temperature - 10-40 Degrees C
Storage Temperature - 40-75 Degrees C
System requirements
- Web browser: Internet Exploder 6+ with
java plug-in JRE 1.4.0
- Optional VNC viewer: supports version
3.3 of RFB protocol
- An SMTP server is required for email
notification feature
- Telnet client required for serial port
terminal server access
82
APPENDIX B
Video modes supported
Colour depth
320x200
320x200
320x200
320x200
320x200
320x240
320x240
320x240
320x240
320x240
320x240
320x240
400x300
400x300
400x300
400x300
400x300
512x384
512x384
512x384
512x384
512x384
512x768
640x350
640x350
640x350
640x350
640x350
640x350
640x350
640x400
640x400
640x400
640x400
640x400
640x480
640x480
640x480
640x480
640x480
640x480
640x480
640x480
640x480
640x480
Refresh rates
@100Hz
@60Hz
@75Hz
@85Hz
@90Hz
@100Hz
@160Hz
@200Hz
@60Hz
@75Hz
@85Hz
@90Hz
@100Hz
@60Hz
@75Hz
@85Hz
@90Hz
@100Hz
@60Hz
@75Hz
@85Hz
@90Hz
@60Hz
@100Hz
@160Hz
@200Hz
@60Hz
@75Hz
@85Hz
@90Hz
@100Hz
@60Hz
@75Hz
@85Hz
@90Hz
@100Hz
@120Hz
@140Hz
@150Hz
@160Hz
@200Hz
@60Hz
@70Hz
@72Hz
@75Hz
Colour depth
640x480
640x480
704x480
720x400
720x400
720x400
720x400
720x400
720x480
720x480
720x480
720x480
720x480
720x480
720x480
720x576
720x576
720x576
720x576
800x480
800x600
800x600
800x600
800x600
800x600
800x600
800x600
800x600
800x600
800x600
800x600
800x600
848x480
848x480
848x480
856x480
856x480
864x480
864x480
960x720
1024x600
1024x768
1024x768
1024x768
1024x768
Refresh rates
@85Hz
@90Hz
@60Hz
@160Hz
@200Hz
@70Hz
@75Hz
@85Hz
@100Hz
@59Hz
@60Hz
@72Hz
@75Hz
@85Hz
@90Hz
@100Hz
@59Hz
@60Hz
@75Hz
@60Hz
@100Hz
@120Hz
@140Hz
@160Hz
@56Hz
@60Hz
@70Hz
@72Hz
@75Hz
@85Hz
@90Hz
@47Hz
@60Hz
@75Hz
@88Hz
@60Hz
@60Hz
@60Hz
@75Hz
@60Hz
@60Hz
@100Hz
@120Hz
@43Hz
@60Hz
Colour depth
1024x768
1024x768
1024x768
1024x768
1024x768
1072x600
1152x864
1152x864
1152x864
1152x864
1152x864
1152x864
1152x864
1280x1024
1280x1024
1280x1024
1280x1024
1280x1024
1280x1024
1280x1024
1280x600
1280x720
1280x720
1280x720
1280x720
1280x768
1280x768
1280x768
1280x768
1280x800
1280x800
1280x800
1280x960
1280x960
1280x960
1280x960
1360x768
1400x1050
1536x864
1600x1000
1600x1200
1600x900
1920x1080
1920x1080
Refresh rates
@70Hz
@72Hz
@75Hz
@85Hz
@90Hz
@72Hz
@43Hz
@47Hz
@70Hz
@75Hz
@80Hz
@85Hz
@60Hz
@43Hz
@47Hz
@60Hz
@70Hz
@72Hz
@74Hz
@75Hz
@60Hz
@59Hz
@60Hz
@75Hz
@85Hz
@56Hz
@60Hz
@85Hz
@75Hz
@100Hz
@60Hz
@85Hz
@60Hz
@70Hz
@72Hz
@75Hz
@62Hz
@60Hz
@60Hz
@60Hz
@52Hz
@60Hz
@30Hz
@29Hz
83
APPENDIX C
FCC Compliance
Statement of FCC Compliance
This device complies with Part 15 of the
FCC Rules. Operation is subject to the
following two conditions: (1) this device
may not cause harmful interference and
(2) this device must accept any
interference received including
interference that may cause undesired
operation.
NOTE: This equipment has been tested
and found to comply with the limits for a
Class B digital device pursuant to Part
15 of the FCC Rules. These limits are
designed to provide reasonable
protection against harmful interference
in a residential installation. This
equipment generates, uses and can
radiate radio frequency energy and, if
not installed and used in accordance
with the instruction manual, may cause
harmful interference to radio
communications. However, there is no
guarantee that interference will not
occur in a particular installation. If this
equipment does cause harmful
interference to radio or television
reception, which can be determined by
turning the equipment off and on, the
user is encouraged to try to correct the
interference by one or more of the
following measures:
- Reorient or relocate the receiving
antenna
- Increase the separation between the
equipment and receiver
- Connect the equipment to an outlet on
a circuit different from that to which the
receiver is connected
- Consult the dealer or an experienced
technician for help.
Warning: Changes or modifications not
expressly approved by Digital V6 could
void the user's authority to operate the
equipment.
84
APPENDIX D
Copyright Information
Copyrights
This document and all related materials
are copyright of Digital V6 Inc. All rights
reserved. No part of this publication may
be reproduced or transmitted in any
form, by any means, electronic or
mechanical, including photocopy,
recording or any information storage or
retrieval system, without permission in
writing from the publisher.
Caveats
Information in this document is subject
to change without notice.
This product is sensitive to electrostatic
charge and should be handled by
persons with technical and mechanical
ability. The users assumes all risks if
this product is assembled or serviced by
someone other than authorized by
Digital V6 or Digital V6 dealers.
85
APPENDIX E
Contact Digital V6
Digital V6 aims to be a world-class
provider of revolutionary and elegant
technical solutions. By understanding the
needs of the marketplace and utilizing
experience and technical innovation, Digital
V6 will be the first mover in introducing new
and useful products.
Technical Support
1-905-513-3102
support@digitalv6.com
www.digitalv6.com/support/
Sales
Tel: 1-905-513-3107
E-mail: info@digitalv6.com
www.digitalv6.com/sales/
General Company Information
Tel: 1-905-513-3107
Fax: 1-905-513-3111
E-mail: info@digitalv6.com
Web site: www.digitalv6.com
Address:
Digital V6 Inc.
3993 14th Avenue,
Markham, Ontario CANADA
L3R 4Z6
86
APPENDIX F
Warranty
Digital V6 Corp. warrants, subject to the
conditions set forth below, to the original
purchaser of the hardware product that during
the specified warranty period should the
product be defective by improper workmanship
or material, Digital V6 will at its discretion
repair or replace the product upon receipt with
an equivalent.
CONDITIONS
Registration: The Registration Card must be
mailed to Digital V6 within thirty (30) days after
the date of original purchase.
State of Product: The unit must not have been
damaged by abuse, accident, misuse, neglect,
alteration, repair, disaster, improper installation
or improper testing. The serial number on the
unit must not have been altered or removed. If
the product is found to be otherwise defective
within its warranty period, Digital V6, at its
option, will replace or repair the product at no
charge.
RMA number: A Return Material Authorization
(RMA) number must be obtained from either
the company from whom you purchased it or to
Digital V6 Corp.
Proper Delivery: The unit must be shipped,
freight prepaid, or delivered in its original
package (or the equivalent) to the location as
indicated for product returns. Both the RMA and
serial number of the product must be clearly
identified on the package when shipped. The
repaired unit will be returned to customer
freight prepaid. Digital V6 will not be held liable
for damage or loss of the product in shipment.
All accessories that are enclosed with the unit
must be listed individually on the packing slip
for the shipping documentation. Digital V6 shall
have no liability for loss or damage to such
accessories if they are not listed. Defective
accessories should be returned to Digital V6 as
a separate repair item.
Proof of Date Purchase: A furnished proof of
original purchase must be provided to prove
that the product is in its specified warranty
period.
Digital V6 warrants the repaired or replaced
product to be free from defects in material and
workmanship for either ninety (90) days from
the return shipping date or the period of time
remaining on the original one (1) year warranty.
LIMITATIONS
No warranties for this product, expressed or
implied, shall extend to any person who
purchases the product in a used condition.
The liability of Digital V6 in respect of any
defective product will be limited to the repair or
replacement of such product. Digital V6 may
use new or remanufactured (equivalent-to-new
replacement parts) components. Defective
product will be sent in for repair or replacement
only.
Digital V6 makes no other representations or
warranties as to fitness for a particular
purpose, merchantability or otherwise in
respect of the product. No other
representations, warranties or conditions, shall
be implied by statute or otherwise.
Digital V6 shall not be responsible or liable for
any damages, including but not limited to the
loss of revenue or profit, arising from (i) the use
of product (ii) the loss of use of product (iii) the
result of any event, circumstance, action or
abuse beyond the control of Digital V6.
Under no circumstances shall Digital V6 be
liable for an amount greater than the actual
purchase price of the unit or for any special,
incidental or consequential damages sustained
in connection with said unity and Digital V6
neither assumes nor authorizes any
representative or other person to assume for it
any obligation or liability other than as is
expressly set forth herein.
87
APPENDIX G
SNMP
We have a working SNMP agent running in
Kaveman. The agent can respond to
queries from a Network Management
Station (ex. HP OpenView NNM) with the
current values of certain variables defined
in the MIB.
SNMP Configuration Menu
All SNMP Configuration can be accessed by
clicking the "SNMP Configuration" link
under "Setup and Configuration" menu on
the Kaveman home page, or by selecting
"SNMP Configuration" at the bottom of the
main OSD menu.
Menu Items
Here is a list of all of the parameters the
user must configure for SNMP. Their
default values appear in brackets:
System Location (Server-Room1)
System Contact (Admin)
System Name
(Kaveman)
Read Community Name (public)
Write Community Name (private)
Target IP Trap Address (10.0.0.2)
Target IP Trap Port (162)
Enable SNMP Authentication Traps (yes)
Enable SNMP Notifications (yes)
SysLocation, SysContact, SysName - the
location, contact and name for the unit
Read/Write Community - strings act as
passwords for users wishing to read and/or
write variables to the Kaveman. If a user
does not know these values, he will NOT be
able to use SNMP to query the Kaveman
Trap Destination - specifies the address
and port number of the trap receiving station
Enable SNMP Authentication Traps - specifies if special traps (call SNMP authentication traps) are sent out if there is a
attempted security breach. For example, if
someone used the wrong community name
to read a value from Kaveman agent.
Enable SNMP Notifications - specifies if
Kaveman specific notifications are sent
out. For example,if a bad login attempt is
made into the HTTP, VNC, or
Telnet servers in the Kaveman unit.
MIB File
To access the MIB file, log into the
Kaveman using your browser, click on
"SNMP Configuration" link. At the bottom of
the configuration paramenters, there is a
link entitled "See the Kaveman MIB".
By clicking on the link, you will see the MIB
text file "kaveman_mib.txt". You can then
perform a "File/Save as" in your browser
and save this file to disk.
MIB Variables
There are four groups of variables in the
MIB (3 for objects and 1 for traps). All of
the variables are read-only, except for the
KavemanName display string (the name of
the Kaveman), which is read-write.
Supported Versions of SNMP
We support SNMPv1 and SNMPv2c only.
88
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising