Avocent 5224 User guide

MergePoint™
5224/5240
User Guide
For Technical Support:
www.avocent.com/support
Avocent Corporation
4991 Corporate Drive
Huntsville, Alabama 35805-6201
USA
Tel: +1 256 430 4000
Fax: +1 256 430 4031
Avocent Asia Pacific
Singapore Branch Office
100 Tras Street, #15-01
Amara Corporate Tower
Singapore 079027
Tel: +656 227 3773
Fax: +656 223 9155
Avocent International Ltd.
Avocent House, Shannon Free Zone
Shannon, County Clare, Ireland
Tel: +353 61 715 292
Fax: +353 61 471 871
Avocent Germany
Gottlieb-Daimler-Straße 2-4
D-33803 Steinhagen
Germany
Tel: +49 5204 9134 0
Fax: +49 5204 9134 99
Avocent Canada
20 Mural Street, Unit 5
Richmond Hill, Ontario
L4B 1K3 Canada
Tel: +1 877 992 9239
Fax: +1 877 524 2985
590-675-501A
USA Notification
Warning: Changes or modifications to this unit not expressly approved by the party responsible for compliance
could void the user’s authority to operate the equipment.
Note: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful
interference when the equipment is operated in a commercial environment. This equipment generates, uses and
can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may
cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to
cause harmful interference in which case the user will be required to correct the interference at his own expense.
Canadian Notification
This class A digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe A est conforme à la norme NMB-003 du Canada.
Safety and EMC Approvals and Markings
FCC Class A; EN55022 Class A/CISPR 22 Class A; EN55024/CISPR 24 (EN61000-4-2, EN61000-4-3,
EN61000-4-4, EN61000-4-5, EN 61000-4-6, EN 61000-4-11); EN60950/IEC60950-Compliant; CSA Listed
(USA and Canada); CE Marking (Europe)
MergePoint™ 5224/5240
Service Processor Manager
User Guide
Avocent, the Avocent logo, The Power of Being There, Cyclades,
DSView and MergePoint are trademarks or registered trademarks of
Avocent Corporation or its affiliates. All other marks are the property of
their respective owners.
© 2007 Avocent Corporation. All rights reserved. 590-675-501A
Instructions
This symbol is intended to alert the user to the presence of important operating and maintenance
(servicing) instructions in the literature accompanying the appliance.
Dangerous Voltage
This symbol is intended to alert the user to the presence of uninsulated dangerous voltage within the
product’s enclosure that may be of sufficient magnitude to constitute a risk of electric shock to persons.
Power On
This symbol indicates the principal on/off switch is in the on position.
Power Off
This symbol indicates the principal on/off switch is in the off position.
Protective Grounding Terminal
This symbol indicates a terminal which must be connected to earth ground prior to making any other
connections to the equipment.
iii
T A B L E O F C ON T E N T S
Table of Contents
List of Figures ................................................................................................................ vii
List of Tables ................................................................................................................... ix
Chapter 1: Introduction ................................................................................................... 1
Supported Target Devices.................................................................................................................. 2
MergePoint 5224/5240 SP Manager’s Advantages for Target Device Management ....................... 2
Web Manager..................................................................................................................................... 4
Types of Users.................................................................................................................................... 4
SP console management option .................................................................................................. 5
Device console (SoL) management option ................................................................................. 6
Event log (SEL) management option .......................................................................................... 6
Access to native features on a target device............................................................................... 7
DirectCommand requirements.................................................................................................... 7
Native IP requirements ............................................................................................................... 8
Power management options........................................................................................................ 9
Reset commands........................................................................................................................ 10
Sensor management options ..................................................................................................... 10
Authentication .................................................................................................................................. 13
Security Profiles’ Effects on Users’ Actions.................................................................................... 14
Options for Accessing the MergePoint 5224/5240 SP Manager, Managing User Passwords and
Managing IPDU Power Outlets and Target Devices ............................................................... 15
Command Line Access Through Console Logins ............................................................................ 15
Accessing the MergePoint 5224/5240 SP Manager Console .......................................................... 16
User Shell (rmenush) ....................................................................................................................... 16
SP Shell (spshell) ............................................................................................................................. 17
Using SSH Management Commands ............................................................................................... 17
ssh command line format .......................................................................................................... 18
Management commands for use with the ssh command........................................................... 18
Dial-in Access .................................................................................................................................. 19
Power Management Options ........................................................................................................... 19
Information Users Need................................................................................................................... 20
iv
MergePoint 5224/5240 Service Processor Manager User Guide
Chapter 2: Accessing the MergePoint 5224/5240 Appliance and Target Devices ... 21
Accessing the MergePoint 5224/5240 SP Manager’s Console ....................................................... 21
Accessing Management Features From the User Shell Menu......................................................... 22
Accessing the Console of a Target Device....................................................................................... 24
Creating an SSH Tunnel .................................................................................................................. 25
Creating a VPN Tunnel.................................................................................................................... 27
Routing requirements for VPN connections ............................................................................. 28
Summary of VPN-related requirements for native IP access ................................................... 29
Creating IPSec VPN connections ............................................................................................. 30
Creating PPTP VPN connections............................................................................................. 31
Accessing native features of an SP when a VPN tunnel exists ................................................. 32
Obtaining and Using One Time Passwords for Dial-ins ................................................................. 33
Chapter 3: Web Manager for All Users......................................................................... 35
Prerequisites for Using the Web Manager ...................................................................................... 36
Requirements for Java Plug-In Availability .................................................................................... 36
Logging Into the Web Manager for Regular Users ......................................................................... 37
Features of Regular Users’ Windows .............................................................................................. 39
Using the Target Devices Screen..................................................................................................... 39
Accessing a Service Processor’s Console ....................................................................................... 40
Accessing a Target Device’s Console.............................................................................................. 41
Managing Power Through a Service Processor.............................................................................. 41
Viewing Sensor Data ....................................................................................................................... 42
Viewing and Clearing Event Logs ................................................................................................... 44
Accessing Native Features on a Target Device ............................................................................... 45
Managing Native IP.................................................................................................................. 46
Managing DirectCommand connections .................................................................................. 47
Creating VPN connections for Native IP access ...................................................................... 49
Accessing the MergePoint 5224/5240 SP Manager Console (Web Manager)................................ 51
Managing Power Outlets on a Connected IPDU ............................................................................ 52
Using the Outlets Manager tab to power up and down and check power status ..................... 53
Viewing IPDU information....................................................................................................... 56
Using the Software Upgrade screen to view the IPDU’s current software version................. 57
Configuring Your Password ............................................................................................................ 58
Appendices..................................................................................................................... 59
Table of Contents
v
Appendix A: MindTerm Applet Reference ....................................................................................... 59
Appendix B: Technical Support ....................................................................................................... 66
Index................................................................................................................................ 67
vi
MergePoint 5224/5240 Service Processor Manager User Guide
vii
LIST OF FIGU RES
List of Figures
Figure 1.1: Secure Path to a Connected SP ...................................................................................... 3
Figure 1.2: Example Graph for Readings From a Fan Sensor ....................................................... 11
Figure 2.1: Device Access Menu ..................................................................................................... 23
Figure 2.2: MergePoint 5224/5240 Appliance VPN Example Using IPSec ................................... 27
Figure 3.1: Web Manager Login Screen ......................................................................................... 38
Figure 3.2: User Options on the Web Manager .............................................................................. 39
Figure 3.3: Target Devices Web Manager Screen .......................................................................... 40
Figure 3.4: Device Console Example .............................................................................................. 41
Figure 3.5: Example of Unformatted Sensor Data.......................................................................... 42
Figure 3.6: Sensor Plotter Page ...................................................................................................... 43
Figure 3.7: Example Event Log Web Manager Screen ................................................................... 44
Figure 3.8: Example HP iLO Native Web Interface........................................................................ 46
Figure 3.9: Direct Command: Connected and Go to DirectCommand Interface ........................... 48
Figure 3.10: DirectCommand Connection List ............................................................................... 48
Figure 3.11: Appliance Console Login Screen................................................................................ 51
Figure 3.12: User Menu When Connected to the Console .............................................................. 52
Figure 3.13: AUX Port Not Configured Error Message ................................................................. 53
Figure 3.14: IPDU Tabs .................................................................................................................. 53
Figure 3.15: IPDU Access Failed Message from Outlets Manager................................................ 54
Figure 3.16: Access - IPDU - Outlets Manager Screen .................................................................. 54
Figure 3.17: Outlets Manager Outlets State Close-up .................................................................... 55
Figure 3.18: View IPDU Info Screen .............................................................................................. 56
Figure 3.19: IPDU Software Upgrade Screen on the Web Manager.............................................. 57
Figure 3.20: Password Screen......................................................................................................... 58
Figure A.1: Root Log into MindTerm Running an SSH Console Session ....................................... 60
Figure A.2: Terminal Menu ............................................................................................................. 61
viii
MergePoint 5224/5240 Service Processor Manager User Guide
ix
LIST OF TABLES
List of Tables
Table 1.1: Supported Target Device Types and Management Options ............................................. 5
Table 1.2: SP Console Power Management Options ........................................................................ 5
Table 1.3: Device Console (SoL) Management Options ................................................................... 6
Table 1.4: Event Log (SEL) Management Options............................................................................ 6
Table 1.5: Native IP Management Options ....................................................................................... 8
Table 1.6: Power Management Options ............................................................................................ 9
Table 1.7: Possible Power Management Command Effects.............................................................. 9
Table 1.8: Reset Options.................................................................................................................. 10
Table 1.9: Sensor Graph Parameters .............................................................................................. 11
Table 1.10: Sensor Management Options........................................................................................ 13
Table 1.11: Services and Other Functions Controlled by Security Profiles ................................... 14
Table 1.12: User Shell Default Menu Options ................................................................................ 16
Table 3.1: Supported Browser and JRE Versions ........................................................................... 36
Table 3.2: Differences Between Accessing Native IP and DirectCommand from the
Web Manager ................................................................................................................. 45
Table 3.3: Information on the View IPDU Info Screen ................................................................... 56
Table 3.4: IPDU Information Under Unit Information ................................................................... 56
Table A.1: Console Session Terminal Menu Options ...................................................................... 61
Table A.2: Hotkeys Available During Console Sessions ................................................................. 65
x
MergePoint 5224/5240 Service Processor Manager User Guide
1
CHAPTER
1
Introduction
All users and administrators need the introductory information in the sections listed below for
understanding how to use the MergePoint service processor (SP) manager:
•
Supported Target Devices on page 2
•
MergePoint 5224/5240 SP Manager’s Advantages for Target Device Management on page 2
•
Web Manager on page 4
•
Web Manager on page 4
•
Types of Users on page 4
•
Authentication on page 13
•
Security Profiles’ Effects on Users’ Actions on page 14
•
Options for Accessing the MergePoint 5224/5240 SP Manager, Managing User Passwords and
Managing IPDU Power Outlets and Target Devices on page 15
•
Command Line Access Through Console Logins on page 15
•
Accessing the MergePoint 5224/5240 SP Manager Console on page 16
•
User Shell (rmenush) on page 16
•
SP Shell (spshell) on page 17
•
Using SSH Management Commands on page 17
•
Dial-in Access on page 19
•
Power Management Options on page 19
•
Information Users Need on page 20
2
MergePoint 5224/5240 Service Processor Manager User Guide
Supported Target Devices
A target device managed by the MergePoint 5224/5240 SP manager can be one of the following:
•
An SP on a server. SPs are out-of-band management controllers that many vendors include in
their servers.
•
A server or other type of device that does not have an SP but that provides access to its
command line through a dedicated Ethernet port. This type of device includes servers that
redirect their serial console output to dedicated Ethernet ports (which provide a type of access
generally referred to as serial over LAN or SoL).
•
A device with a dedicated Ethernet port that supports management access via Telnet, SSH,
SNMP or by means of the MergePoint 5224/5240 SP manager’s native IP access capability.
NOTE: The terms target device and connected device are used in this guide when referring to an SP, server or
other connected device, unless otherwise stated.
MergePoint 5224/5240 SP Manager’s Advantages for Target
Device Management
The MergePoint 5224/5240 SP manager, also called the appliance, controls access to
server-management services that are provided by direct connected SPs and to other types of
services that may be provided by other connected devices without SPs. Connected and configured
devices are referred to as target devices.
A MergePoint 5224/5240 SP manager may be managed and target devices may be accessed
through DSView 3 management software, as described in the document Managing MergePoint
5224/5240 Service Processor Managers Using DSView 3 Management Software. Alternately, a
standalone MergePoint 5224/5240 SP manager may be managed and its target devices may be
accessed using the Web Manager or console connections.
When managed as a standalone, the MergePoint 5224/5240 SP manager provides a single source
for authentication, authorization-checking and management for multiple types of SPs. When
managed using DSView 3 management software, the DSView 3 software acts as the single source.
Whichever way users access the MergePoint 5224/5240 SP manager, users can manage multiple
servers with SPs from a single point without having to learn how to use multiple SP-management
interfaces. For example, power management is provided by most SPs but each SP has its own
interface and its own commands for power management. The MergePoint 5224/5240 SP manager
allows an authorized user to manage power on multiple servers with SPs from multiple vendors
using a single interface and a single set of power commands.
The security features provided by the MergePoint 5224/5240 SP manager work together to create a
secure path between a user and a managed server or target device.
Chapter 1: Introduction
3
Figure 1.1 is a conceptual illustration of a secure path between a remote user and an SP through the
MergePoint 5224/5240 SP manager. A remote user is shown, but users may also be locally located,
on the same LAN. In Figure 1.1, the remote user accesses the MergePoint 5224/5240 SP manager
through a network connection to the public Ethernet port. Users may also dial into the MergePoint
5224/5240 SP manager through an optional external modem or PC modem card.
Remote User Workstation
Key
Secure path
Route/Optional Firewall/DSView
3 Management Software Server
MergePoint 5224/5240
SP Manager
SP’s Dedicated
Ethernet Port
Public Network Ethernet Port
Private Network Ethernet Port
Server
Figure 1.1: Secure Path to a Connected SP
In Figure 1.1, the dedicated Ethernet port of an SP is separate from the server’s Ethernet ports. The
SP’s dedicated Ethernet port is connected to one of the SP manager’s private Ethernet ports.
The IP address of the public Ethernet port is the only publicly defined IP address used for
out-of-band management of all connected SPs, which reduces the deployment costs for the SPs.
Each target device is configured with a private designated IP address and, at the administrator’s
discretion, each target device may also have a virtual IP address. If virtual addresses are defined,
users may be allowed to see a target device’s virtual IP address but not to see the target device’s
privately defined IP address.
After the user selects the desired management action, the MergePoint 5224/5240 SP manager then
creates a secure connection between the user and the SP, acting as a proxy on behalf of the user.
While the user is performing any SP management action, the connection between the MergePoint
5224/5240 SP manager and the SP is kept separate and protected from the connection between the
user and the MergePoint 5224/5240 SP manager. Nothing that happens on the private network is
exposed to the public network. Depending on the mode of access (either by browser or by SSH),
either HTTPS or SSH is always being used to protect communications that are transported on the
public network between the user and the MergePoint 5224/5240 SP manager.
4
MergePoint 5224/5240 Service Processor Manager User Guide
Web Manager
The Web Manager may be used when the MergePoint 5224/5240 SP manager is managed as a
standalone. If the MergePoint 5224/5240 SP manager is managed through DSView 3 management
software, access to the Web Manager is usually disabled.
When the Web Manager is enabled, both authorized and administrative users can launch the Web
Manager from a supported browser using HTTP or HTTPS. Authorized users can use the Web
Manager to perform management actions on target devices, manage power on devices plugged into
optional Intelligent Power Distribution Units (IPDUs) and change their own passwords. Only
administrative users have access to the MergePoint 5224/5240 SP manager screens used for
configuring users or target devices.
See Chapter 3 for information about using the Web Manager that is required for authorized and
administrative users.
Browser access to the Web Manager is achieved in one of the following ways:
•
Through the Ethernet port
•
Through dialing into one of the modem or PC phone card types described in Dial-in Access on
page 19
Types of Users
Two predefined administrators are root and admin, and they cannot be deleted. Either root or admin
can add regular user accounts and can authorize users to access management features on target
devices. Any regular users added to the admin group become administrative users able to perform
MergePoint 5224/5240 SP manager administration as described in the MergePoint 5224/5240
Service Processor Manager Installer and Administrator Guide. The default password for root and
admin is cyclades and should be changed immediately to prevent unauthorized access.
The admin user (and any optionally added administrative users) can do the following:
•
Access the Web Manager and use any of its functions
•
Access the MergePoint 5224/5240 SP manager’s console and use the unrestricted shell
•
Invoke the MergePoint 5224/5240 SP manager configuration utility, cli
•
Invoke any Linux commands available to the non-root user
•
Invoke any Linux commands available to the root user by using the sudo command
The root user can do the following:
•
Access the MergePoint 5224/5240 SP manager’s console and use the unrestricted shell
•
Invoke the MergePoint 5224/5240 SP manager configuration utility, cli
•
Invoke any Linux commands available to the root user
The root user cannot access the Web Manager.
Chapter 1: Introduction
5
Only one administrative user can be connected to the MergePoint 5224/5240 SP manager at a time.
Regular users may be authorized for access to management features available on the connected SPs
or other types of target devices.
NOTE: The administrator may create and enable a custom security profile that has the override authorization
feature set, which causes all authenticated users to have all access to all target devices. For details, see Security
Profiles’ Effects on Users’ Actions on page 14.
Table 1.1 shows which management options are available on the supported SP types and on
supported devices without SPs.
Table 1.1: Supported Target Device Types and Management Options
SP
Console
Target
Device
Console/
SoL
Power
Event
Logs
Sensors
NativeIP and
DirectCommand
ALOM
Y
Y
Y
Y
Y
N
Device
N
Y
N
N
N
Y
DRAC
Y
Y
Y
Y
N
Y
iLO
Y
Y
Y
Y
N
Y
IPMI 1.5
Y
N
Y
Y
Y
N
IPMI 2.0
Y
Y
Y
Y
Y
N
RSA II
Y
Y
Y
Y
Y
Y
Supported Service
Processors/
Devices
NOTE: When a target device does not have an SP, Target Device Console, native IP and DirectCommand are
the only management options available by default. The target device types may be customized to make other
management features available.
SP console management option
Table 1.2 shows the SP console management option names and command names used either when
you are logged into the Web Manager, when you have selected a target devices from the spshell
menu on the MergePoint 5224/5240 SP manager console or when you are entering the ssh
command on a remote workstation. All options give access to the SP console and are only available
for managed servers with SPs.
Table 1.2: SP Console Power Management Options
Method
Option or Command Name
Web Manager
SP Console
6
MergePoint 5224/5240 Service Processor Manager User Guide
Table 1.2: SP Console Power Management Options (Continued)
Method
Option or Command Name
spshell menu in the MergePoint 5224/5240 SP
manager console
Access the service processor’s console
ssh command
spconsole
Device console (SoL) management option
Table 1.3 shows the device console management (SoL) option names and command names used
when you are logged into the Web Manager, when you have selected a target device from the
spshell menu on the MergePoint 5224/5240 SP manager console and when you are entering the ssh
command on a remote workstation.
Table 1.3: Device Console (SoL) Management Options
Method
Option or Command Name
Web Manager
SoL Console
spshell menu in the MergePoint 5224/5240 SP
manager console
Access the device’s console via SoL
ssh command
devconsole
Event log (SEL) management option
Events are messages logged when system management events are detected. The events can be
logged either by the SP or by the server. Table 1.3 shows the event log management option names
and command names used when you are logged into the Web Manager, when you have selected a
target device from the spshell menu on the MergePoint 5224/5240 SP manager console and when
you are entering the ssh command on a remote workstation. These options display the system event
log (SEL) menu from the server where the SP resides. The user can view or clear event logs
directly on the SP using the ssh command. All options are only available for managed servers with
SPs.
Table 1.4: Event Log (SEL) Management Options
Method
Option or Command Name Action
Web Manager
Event Log
Brings up a screen with the event log
management options
• View event log
• Clear event log
Chapter 1: Introduction
7
Table 1.4: Event Log (SEL) Management Options (Continued)
Method
Option or Command Name Action
spshell menu in the MergePoint 5224/
5240 SP manager console
Manage the event log
Brings up a menu with the event log
management options
• View event log
• Clear event log
ssh command
sel
clearsel
•
•
Displays the event log
Clears the event log
Access to native features on a target device
Both Native IP and DirectCommand management options provide native access to target devices
and enable an authorized user to connect directly either to the web management interface of a target
device or to the command line of a device that redirects console output to a dedicated Ethernet port.
When users are configured for target device management actions, the same permission authorizes
the user for both Native IP and DirectCommand.
The authorized user obtains authenticated access to a target device’s native features such as native
applications, integrated web servers and other proprietary interfaces that are available over IP.
Native applications are proprietary SP management applications provided by some server vendors,
such as HP InSight Manager, IBM Director and Dell Open Manage. Access to a native application
usually requires the application to be installed on the user’s workstation. Some management
applications reside on the SP itself.
Access to native functions on some SPs is through a proprietary web interface on the SP. HP iLO,
Dell DRAC and IBM RSA II SPs have a local web server running and provide a web interface that
allows administrators remote access for provisioning, monitoring and managing the server. The
web interface is accessed through a specific port number. The monitoring and management features
supported by some SPs through native web interfaces include access to the server’s serial or
graphical user interface, power control, access to sensor data and server event logs, SNMP agents
and virtual media.
DirectCommand requirements
The DirectCommand option is available only through the Web Manager. DirectCommand creates a
Java applet that runs in the background to start a secure SSH tunnel and to connect to the native
web interface on the target device. Therefore, the Java Runtime Environment must be installed on
the user’s workstation. The JRE is also a requirement for Web Manager access.
The Web Manager allows the administrator to configure up to 20 ports and associate them with
other services that may also be invoked by DirectCommand. As described in the troubleshooting
appendix in the installer and administrator guide, the administrator must take care to ensure that
local applications are not using the same TCP ports that are used by DirectConnect.
8
MergePoint 5224/5240 Service Processor Manager User Guide
Native IP requirements
Native IP access requires a pre-existing secure tunnel between the user’s workstation and the
MergePoint 5224/5240 SP manager. Table 1.5 shows the native IP parameters and command
names available when you are logged into the Web Manager, when you have selected a target
device from the spshell menu on the MergePoint 5224/5240 SP manager console and when you are
entering the ssh command on a remote workstation.
Table 1.5: Native IP Management Options
Method
Parameter or Command Name
Web Manager
Native IP
spshell menu in the MergePoint 5224/5240 SP manager
console
•
•
ssh command
• nativeipon
• nativeipoff
Enable native IP
Disable native IP
After an authenticated and authorized user establishes a secure tunnel and selects the Native IP
option, the user can bring up a native web interface or launch a native web management application
from where it resides on the user's workstation or from the SP’s console.
Native IP access depends on the following being true:
•
The SP must provide the desired native management functionality. For example, SPs using
IPMI protocols do not provide native web access.
•
The user is authorized to access the Native IP option on an SP.
•
The user has created a secure tunnel to the MergePoint 5224/5240 SP manager. An SSH tunnel
gives access to native web applications only while a VPN tunnel gives access to both native
web and native management applications.
Tasks for creating secure tunnels and obtaining native IP access
See Chapter 2 for creating information on creating secure tunnels and obtaining Native IP access.
Chapter 1: Introduction
9
Power management options
Table 1.6 shows the power management option names and command names used when you are
logged into the Web Manager, when you have selected a target device from the spshell menu on the
MergePoint 5224/5240 SP manager console and when you are entering the ssh command on a
remote workstation. The power management options are only available for managed servers with
SPs.
Table 1.6: Power Management Options
Method
Option or Command Name Action
Web Manager
•
•
•
•
spshell menu in the
MergePoint 5224/5240 SP
manager console
Manage power
Brings up a menu of power management options
• Turn power on
• Turn power off
• Turn power off then on
• Get power status
ssh command
power
Power management options are performed using
the following power management commands
• poweron
• poweroff
• powercycle
• powerstatus
Power On
Power Off
Power Cycle
Power Status
•
•
•
•
Turn power on
Turn power off
Power cycle
Check power status
The effects of the SP power management commands differ from one vendor’s SP to another. Table
1.8 describes the options. If an SP provides more than one of the options shown, the hard power
option is performed.
Table 1.7: Possible Power Management Command Effects
Power Command
Option
Power off
•
•
Power cycle (turn power off, •
then on again, to reboot
•
the server)
Hard power off: remove the power
Soft power off: shut down the operating system before removing the power
Hard power cycle: remove the power, wait several seconds and then turn the
power on again (to reboot the server)
Soft power cycle: shut down the operating system, wait several seconds and
then turn power on again
See Power Management Options on page 19 for an overview of all the types of power management
that users can perform.
10
MergePoint 5224/5240 Service Processor Manager User Guide
Reset commands
Table 1.8 shows the reset options available when you are logged into the Web Manager, when you
have selected a target device from the spshell menu on the MergePoint 5224/5240 SP manager
console and when you are entering the ssh command on a remote workstation. The reset
management options are only available for managed servers with SPs.
Table 1.8: Reset Options
Method
Command or Option
Web Manager
Reset
spshell menu in the MergePoint 5224/5240 SP
manager console
reset
ssh command
reset
The effects of the reset command differ from one vendor’s SP to another and sometimes between
firmware versions from the same vendor. In addition, some SPs have more than one type of reset,
as described in the following list:
•
Warm reset (or warm boot): only the server’s operating system is restarted
•
Cold boot: the server is fully restarted (the same effect as issuing a Power cycle command)
If an SP has more than one type of reset option, the MergePoint 5224/5240 SP manager Reset
command performs the highest level of reset: the cold boot option if available.
If the administrator is configuring an SP that provides multiple reset options, the administrator can
customize an associated SP management script to cause the reset command to perform one of the
lower levels of reset available on the SP. Customizing SP management scripts is described in the
MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide.
Sensor management options
An authorized user or administrative user can view graphical displays of sensor data collected from
servers by their SPs. These users can also modify graph display settings through the Web Manager
or the user shell menu or by using the ssh command with the sensor commands.
Figure 1.2 shows an example graph. The sensor value in a graph’s heading varies with the type of
data being measured and the type of SP. The example fan sensor reading in Figure 1.2 has a
heading Time Vs. % because the sensor is measuring the percentage of total possible fan speed.
Examples of other possible values for sensor_value are Volts, Degrees Centigrade and
Degrees Fahrenheit.
For procedures for monitoring sensors, see To view a server’s sensor data from an SP (Web
Manager): on page 43.
Chapter 1: Introduction
11
Graph Area
Graph Heading
Sensors List
Display Graph Button
Figure 1.2: Example Graph for Readings From a Fan Sensor
Table 1.9 shows graph features that can be modified. An error message appears if you enter a value
that is greater than or lower than the supported range of values.
Table 1.9: Sensor Graph Parameters
Field/Menu
Use
Default
Allowed Values
y-Axis Boxes
Specify a different number of rows.
10
1-55
x-Axis Boxes
Specify a different number of columns.
Each graph cell represents the interval
between readings.
300
1-999
Min Y Value
Specify a different minimum sensor value to be plotted Varies with the
type of sensor
on the x axis. The only valid keys are numeric keys,
period (.) and hyphen (-).
Varies with the
type of sensor
Max Y Value
Specify a different maximum sensor value to be
plotted on the y axis. The only valid keys are numeric
keys, period (.) and hyphen (-).
Varies with the
type of sensor
Varies with the
type of sensor
12
MergePoint 5224/5240 Service Processor Manager User Guide
Table 1.9: Sensor Graph Parameters (Continued)
Field/Menu
Use
Mean Y Value
Varies with the
Specify a different mean value to use as a basis for
type of sensor
comparison with the actual detected value. The only
valid keys are numeric keys, period (.) and hyphen (-).
In line graphs, the Mean Temp is indicated by a black
horizontal line. In bar graphs, the colors of the bars
indicate the following:
• Blue – Less than the mean Y value.
• Red – Greater than mean Y value.
• Black – Equal to the mean Y value.
Varies with the
type of sensor
Time Interval
Specify a different frequency in seconds for fetching
sensor data. The only valid keys are numeric keys.
5
5-300
Graph Type
Choose another graph type.
Line Graph
Line Graph or Bar
Graph
Grid Line Color
Choose another color for the lines.
•
white
•
•
•
•
•
•
•
•
•
•
•
light gray
• yellow
• green
• cyan
• gray
• darkgray
• lightgray
• magenta
• orange
• pink
• white
Graph BG Color Select the background color.
Default
Allowed Values
yellow
green
cyan
gray
darkgray
lightgray
magenta
orange
pink
white
Table 1.10 shows the sensor management options available when you are logged into the Web
Manager, when you have selected a target device from the spshell menu on the MergePoint 5224/
5240 SP manager console and when you are entering the ssh command on a remote workstation.
The sensor options display unformatted sensor data collected from the server by its SP. The page
that appears provides a button that when clicked displays graphs of data from individual sensors.
Chapter 1: Introduction
13
The sensor management options are only available for managed servers with SPs.
Table 1.10: Sensor Management Options
Method
Command or Option
Web Manager
Sensors
spshell menu in the MergePoint 5224/5240 SP
manager console
sensors
ssh command
sensors
Authentication
Anyone accessing the MergePoint 5224/5240 SP manager must log in by entering a username and
password. Controlling access by requiring users to enter names and passwords is called
authentication. The usernames and passwords entered during login attempts are checked against a
database. Access is denied if the username or password is not valid.
The password database being checked can reside either locally (on the MergePoint 5224/5240 SP
manager) or on an authentication server on the network.
The user is required to enter a username and password in the following cases:
•
When logging into the MergePoint 5224/5240 SP manager.
The authentication method chosen for the MergePoint 5224/5240 SP manager is used for all
access through Telnet, SSH or the Web Manager. By default, logins to the MergePoint 5224/
5240 SP manager use local authentication.
•
When accessing an SP or other target device.
Users may be required to enter different usernames and passwords when accessing the MergePoint
5224/5240 SP manager than when accessing a target device.
14
MergePoint 5224/5240 Service Processor Manager User Guide
Security Profiles’ Effects on Users’ Actions
When the MergePoint 5224/5240 SP manager is being managed without DSView 3 management
software, the administrator needs to select a security profile based on the security requirements of
the organization.
NOTE: All of the features and procedures described in this guide work when the Moderate security profile is
in effect.
Table 1.11: Services and Other Functions Controlled by Security Profiles
Service
Other Functions That May Be Allowed/Disallowed
FTP
N/A
HTTP, HTTPS
Redirect HTTP automatically to HTTPS
ICMP
N/A
IPSec
N/A
PPTP
N/A
RPC
N/A
SNMP v1, v2c, v3
N/A
SSH v1, SSH v2
Allow root login using SSH
Assign an alternate port to SSH
Telnet
Allow Telnet to MergePoint 5224/5240 SP manager
Services may also be turned on and off independently from the security profile. For more details,
see the MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide.
In addition to turning services on and off, an administrator may select the security profile option to
override authorizations, which enables access based on authentication only.
NOTE: If you are prevented from using a service you need to use, such as FTP or SNMP, talk with the
administrator to find out if the service can be enabled or if another way of performing a necessary task is
available that is consistent with your site’s security policies.
16
MergePoint 5224/5240 Service Processor Manager User Guide
When a user connects to any console using the Web Manager, a window running a MindTerm
applet appears with an encrypted SSH connection between the user’s workstation and the console.
MindTerm is an SSH client that includes an integrated xterm/vt100 terminal emulator and runs as a
Java applet within a browser window.
To use MindTerm, the user’s browser must have a Java plug-in enabled, as described in
Requirements for Java Plug-In Availability on page 36.
See MindTerm Applet Reference on page 59 for details about use and configuration and about
hotkeys that can be used during console sessions through the Web Manager.
Accessing the MergePoint 5224/5240 SP Manager Console
Administrators and authorized users can access the MergePoint 5224/5240 SP manager console, in
the following ways:
•
Through the DSView 3 management software, if it is being used to manage the SP manager.
•
By local logins through the console port: Local administrators or authorized users can access
the command line by logging in through the console port. This requires the user or
administrator to have physical access to a terminal or workstation that is connected to the
MergePoint 5224/5240 SP manager’s console port. The user or administrator logs in through a
terminal or through a terminal emulation program running on a connected workstation.
•
By using SSH: Remote administrators and authorized users can access the MergePoint 5224/
5240 SP manager’s command line through an SSH connection between the user’s workstation
and the MergePoint 5224/5240 SP manager. See Using SSH Management Commands on
page 17.
•
By clicking Appliance - Connect on the Web Manager: After logging into the Web Manager,
any type of user can access the console by clicking Appliance in the left menu and then
clicking the Connect button.
The following sections describe the menus available to regular users and administrative users
after they log into the MergePoint 5224/5240 SP manager console.
User Shell (rmenush)
The default login shell for non-administrative users is /usr/bin/rmenush. After logging in as
described in Accessing the MergePoint 5224/5240 SP Manager’s Console on page 21, regular
users see the menu options described in the following table. See Accessing Management Features
From the User Shell Menu on page 22 for more details.
Table 1.12: User Shell Default Menu Options
Menu Option
Function
Access devices
Executes spshell to display a list of devices the user can access. See SP Shell
(spshell) on page 17.
Chapter 1: Introduction
17
Table 1.12: User Shell Default Menu Options (Continued)
Menu Option
Function
Change password
Allows the user to set a new password.
Logout
Logs the user out of the MergePoint 5224/5240 SP manager’s console.
NOTE: An administrator may modify the menu options and commands shown in Table 1.12 so that you may be
presented with a different menu of choices.
SP Shell (spshell)
When you select Access devices from the login menu shown in Table 1.12, the MergePoint 5224/
5240 SP manager shell, /usr/bin/spshell, displays a list of target devices you are authorized to
access, as shown in the following example.
Select a device
-rack1_dev2_compaq_proliant_ilo
rack1_dev1_ibm_e306_rsa
au_rack1_dev1_ilo
Exit
An administrative user can access a similar list of all target devices by entering /usr/bin/spshell on
the command line. A submenu lists the management actions available to the user. See Accessing
Management Features From the User Shell Menu on page 22 for more details.
Using SSH Management Commands
Both SSH v1 and SSH v2 services are supported on the MergePoint 5224/5240 SP manager. The
administrator may disable either version; if only one version of SSH is enabled, authorized users
can use only a client running the same version.
If SSH is enabled, authorized users can use ssh in the following ways:
•
For accessing the MergePoint 5224/5240 SP manager console using an SSH client or the ssh
command, then connecting through the MergePoint 5224/5240 SP manager to perform
management actions. See Accessing the MergePoint 5224/5240 SP Manager’s Console on
page 21.
•
Using the ssh command with special management commands to perform management actions
without having to log into the MergePoint 5224/5240 SP manager first. See Management
commands for use with the ssh command on page 18. See Accessing Management Features
From the User Shell Menu on page 22 and Accessing the Console of a Target Device on
page 24.
18
MergePoint 5224/5240 Service Processor Manager User Guide
ssh command line format
The general format of the ssh command line is shown in the following example.
% ssh -t username:[devicename]@SPmanager_IPaddress_or_DNS_name [command]
where:
The -t option is required to launch an interactive session.
The username is the account name of the authorized user.
The devicename is the name/alias that was assigned to the target device by the MergePoint 5224/
5240 SP manager administrator (used only when accessing a target device).
NOTE: To access the MergePoint 5224/5240 SP manager console, omit the target device name.
The SPmanager_IP_or_DNS_name is the IP address of the MergePoint 5224/5240 SP manager or
its DNS name.
The command is one of the MergePoint 5224/5240 SP manager-specific management commands
described in Management commands for use with the ssh command on page 18.
For details, see Access to native features on a target device on page 7.
Management commands for use with the ssh command
Users can perform management actions directly on a target device by using the ssh command along
with one of the following MergePoint 5224/5240 SP manager-specific management commands:
•
spconsole
•
devconsole
•
poweron, poweroff, powercycle, powerstatus
•
reset
•
sensors
•
sel, clearsel
•
native_ip_on, native_ip_off
DirectCommand is not available when using ssh. For details about the management actions
performed by the commands, see Using SSH Management Commands on page 17.
The following example command line allows an authorized user whose username is fred to turn on
the power for a server whose alias is configured on the MergePoint 5224/5240 SP manager as drac,
when the IP address of the MergePoint 5224/5240 SP manager is 192.168.29.22:
% ssh -t fred:drac@192.168.29.22 poweron
This next example shows how the root user could invoke the rmenush command when logging into
the MergePoint 5224/5240 SP manager to bring up the user login shell menu:
Chapter 1: Introduction
19
% ssh -t root:@192.168.44.111 rmenush
Dial-in Access
Authorized users can dial into the MergePoint 5224/5240 SP manager through either of the
following types of optional modems and phone cards:
•
An external modem connected to the AUX port
•
A modem, GSM or CDMA PCMCIA card inserted into one of the front PC slots
The MergePoint 5224/5240 SP manager can be accessed using PPP when the following
prerequisites are completed:
•
The modem or phone card has been configured on the MergePoint 5224/5240 SP manager for
PPP or Autodetect and for optional callback
•
The PPP application at the remote caller’s end has been configured for dialing into the
MergePoint 5224/5240 SP manager and optionally for callback from the MergePoint 5224/
5240 SP manager
•
The user account has been configured for PPP access and the user knows the PPP username
and password configured by the MergePoint 5224/5240 SP manager administrator
The MergePoint 5224/5240 SP manager can be accessed from a terminal emulation program on the
user’s workstation if the modem or phone card is configured for Login or autodetect. The one-time
password authentication method can be configured for login access to PC modem or phone cards.
Power Management Options
The MergePoint 5224/5240 SP manager provides the following two types of power management
options for administrators and authorized users:
•
IPDU power management
Allows the user to manage power for any type of AC device that may be plugged into a
Cyclades PM IPDU, when the IPDU is connected to the MergePoint 5224/5240 SP manager
AUX port.
For details about the Web Manager-IPDU screen that is used to manage power outlets and for
links to procedures, see Managing Power Outlets on a Connected IPDU on page 52.
•
SP power management
Allows the user to manage power for a server whose SP is connected to the MergePoint 5224/
5240 SP manager when the SP provides power management capabilities. See Power
management options on page 9 for details about power management of connected servers that
have SPs.
20
MergePoint 5224/5240 Service Processor Manager User Guide
Information Users Need
Users need to obtain the following information from the MergePoint 5224/5240 SP
manager administrator:
•
The user’s name and password.
•
The names of target devices that the user is authorized to manage and the management actions
that the user may perform.
•
Information about services that are enabled or disabled on the MergePoint 5224/5240 SP
manager. For example, the administrator may have configured the MergePoint 5224/5240 SP
manager so that HTTP or SSH v1 are disabled.
•
A list of any IPDU power outlets the user is authorized to manage.
•
For native IP users using PPTP VPN connections, the PPTP password, which may be different
from the password used to access the MergePoint 5224/5240 SP manager.
•
For native IP users using IPSec VPN connections, authentication information for either shared
secret or RSA key authentication.
21
CHAPTER
2
Accessing the MergePoint 5224/
5240 Appliance and Target Devices
The following topics describe how to access the MergePoint 5224/5240 SP manager and
target devices:
•
Accessing the MergePoint 5224/5240 SP Manager’s Console on page 21
•
Accessing Management Features From the User Shell Menu on page 22
•
Accessing the Console of a Target Device on page 24
•
Creating an SSH Tunnel on page 25
•
Creating a VPN Tunnel on page 27
•
Obtaining and Using One Time Passwords for Dial-ins on page 33
NOTE: Chapter 3 describes using the Web Manager to manage target devices. This chapter contains
procedures that must be performed on the command line.
Accessing the MergePoint 5224/5240 SP Manager’s Console
As described under User Shell (rmenush) on page 16 and SP Shell (spshell) on page 17, authorized
users who connect to the MergePoint 5224/5240 SP manager’s console are presented with a menu
of choices. From the initial menu, users can bring up a list of target devices that they are authorized
to access and then access a submenu of management actions they can perform on the selected
target device.
This section describes how to access the MergePoint 5224/5240 SP manager’s console using SSH.
The following procedure requires the listed prerequisites to be met:
•
The user must know the IP address of the MergePoint 5224/5240 SP manager.
•
The user must have a username and password for the MergePoint 5224/5240 SP manager.
•
The user’s workstation must be running an SSH client and either has an SSH application such
as PuTTY or access to the command line.
•
If using the ssh command, the user must know the correct format, which is described in ssh
command line format on page 18.
22
MergePoint 5224/5240 Service Processor Manager User Guide
To access the MergePoint 5224/5240 SP manager console:
1.
If you are using a terminal or terminal emulation program installed on a workstation that is
physically connected to the console port of the MergePoint 5224/5240 SP manager, start the
terminal session with the following factory-default console port settings.
Serial Speed: 9600 bps
Parity: None
Flow Control: None
Data Length: 8 bits
Stop Bits: 1
ANSI emulation
2.
In an SSH application or in an ssh command line, enter the username and the MergePoint
5224/5240 SP manager IP address or DNS name.
The following example shows entering an ssh command with francisco as the username and
192.168.44.111 as the IP address.
% ssh francisco@192.168.44.111
3.
Log in when prompted.
After authentication and login, a shell prompt appears for administrative users (root, admin or
other users who are members of the admin group). For authorized non-administrative users, the
user shell menu appears.
Accessing Management Features From the User Shell Menu
After logging in as described in Accessing the MergePoint 5224/5240 SP Manager’s Console on
page 21, non-administrative users see a menu like the one shown in the following example.
-Access Devices
Change Password
Logout
Administrative users can get to the same menu either by entering the rmenush command on the ssh
command line or by entering /usr/bin/rmenush on the command line after login. You can move
from one item to another on the menu and submenus by using the keyboard arrow keys. A line (-)
appears next to the selected item.
As described in User Shell Default Menu Options on page 16, if a regular user selects Access
Devices, a menu appears with a list of target devices that the user is authorized to access, as shown
in Figure 2.1.
Chapter 2: Accessing the MergePoint 5224/5240 Appliance and Target Devices
23
Figure 2.1: Device Access Menu
After a target device is selected, pressing the Enter or Return key brings up the list of actions the
user is authorized to perform on the target device.
Not all listed actions are supported for all SPs. The following example shows the SP action menu
for an rsa-type SP.
rsa
Access the service processor's console
Access the device's console via SoL
Manage power
Reset
Manage the event log
Enable native IP
Disable native IP
Exit
Back
24
MergePoint 5224/5240 Service Processor Manager User Guide
Accessing the Console of a Target Device
Chapter 3 tells how to access an SP or device console through the Web Manager. Any type of
authorized user can access the console of a connected SP, server or other type of supported device
using one of the two additional methods listed below:
•
Connecting to the MergePoint 5224/5240 SP manager’s console and accessing the SP console
or the device console
•
Invoking the ssh command along with either the spconsole or devconsole command
See Management commands for use with the ssh command on page 18 for the format of the ssh
command line when a device management command is used, if desired.
The prerequisites for using the ssh command line to access a device console are shown in the
following list:
•
The user has access to the ssh command on the command line of the remote workstation
•
The user is authorized to access the console of a device or SP
•
The user knows the alias of the target device that allows console access
•
The user knows know the IP address or DNS name of the MergePoint 5224/5240 SP manager
To use an ssh command to connect directly to a device’s or SP’s console:
1.
To connect directly to a device’s console, enter the ssh command with the
devconsole command.
The following format example shows entering ssh with the -t option, the username francisco,
the alias rsa_au, the MergePoint 5224/5240 SP manager IP address 192.168.44.111 and the
devconsole command.
% ssh -t francisco:rsa_au@192.168.44.111 devconsole
2.
To connect directly to an SP’s console, use the ssh command with the spconsole command.
The following example shows entering ssh with the -t option, the username francisco, the IP
address 192.168.44.111 with the spconsole command.
% ssh -t francisco:rsa_au@192.168.44.111 spconsole
3.
When the login prompt appears, log into the console using the username and password
configured for the device or SP.
To use the MergePoint 5224/5240 SP manager console menus to access
management options:
1.
Log into the MergePoint 5224/5240 SP manager console. If you have connected to the
MergePoint 5224/5240 SP manager console as a regular user, the user shell menu displays.
2.
If you are a regular user, use the arrow keys on your keyboard to navigate to the Access
Devices option on the menu and press Enter or Return.
Chapter 2: Accessing the MergePoint 5224/5240 Appliance and Target Devices
25
3.
If you have connected to the MergePoint 5224/5240 SP manager console as an administrative
or root user, type /usr/bin/spshell on the command line.
4.
Select the name of the target device to access.
5.
Press Enter or Return. A list of actions displays.
6.
Select the desired action from the menu that displays.
7.
If you have selected either Access the service processor’s console or Access the device's
console when the console login prompt appears, log into the console.
To exit from a console session:
Perform one of the two following steps to exit from the console of an SP, server or device before
closing the terminal window:
•
On the command line of the terminal, type the exit command
[root@rdqailo /]# exit
-or•
Enter the hotkey combination Ctrl+e+c.
The terminal window closes.
Creating an SSH Tunnel
As an alternative to using DirectCommand through the Web Manager, an authorized user can
access a native web application after creating an SSH tunnel using local port forwarding. An
arbitrarily chosen TCP port number on the user’s host is forwarded to the IP address of a target
device managed by the MergePoint 5224/5240 SP manager.
The prerequisites are shown in the following list:
•
The user’s workstation must be running an appropriate SSH client.
•
The authentication type configured for the target device must be the same as the authentication
method configured for the MergePoint 5224/5240 SP manager.
•
The user must be authorized for native IP access to the target device.
After the user creates the SSH tunnel and the user is authenticated, the user can launch a browser
that runs the native web application on the target device.
PuTTY on Windows and OpenSSH on Linux are some of the SSH clients available for creating an
SSH tunnel. The feature works with SSH protocol v1 and v2. See http://www.openssh.com tor
additional clients.
Common port numbers are: HTTP 80 and HTTPS 443
Our examples use port 443 for HTTPS for a target device whose IP address is 10.10.1.181.
The example local TCP port number used is 8080. You can select a random number over 1000.
26
MergePoint 5224/5240 Service Processor Manager User Guide
To use OpenSSH on a Linux workstation to create an SSH tunnel:
1.
If the workstation is running SSH v2, enter the following command line.
$ ssh -l username -f -N -L 8080:10.10.1.181:443
SPmanager_IPaddress_or_DNS_name
2.
If the workstation is running SSH v1, enter the following command line.
$ ssh -1 -l username -L 8080:10.10.1.181:443 \
SPmanager_IPaddress_or_DNS_name
3.
Enter your username and password when prompted.
To use PuTTY on a Windows PC to create an SSH tunnel to a target device:
1.
Open PuTTY.
2.
In the Category pane, select Tunnels under Connection - SSH.
3.
In the main pane, perform the following steps in the Port Forwarding section.
a.
Type the number of the local TCP port to forward in the Source port field. This example
uses 8080. You can select a random number over 1000.
b.
In the Destination field, type the IP address of the target device. Follow it with a colon
then the port number of the service you want to access through the SSH tunnel.
c.
Click Add.
4.
In the Category pane, select Session.
5.
Enter the IP address or DNS-managed name of the MergePoint 5224/5240 SP manager in the
Host Name (or IP address) field.
6.
Select SSH as the protocol.
7.
Click Open.
8.
Enter your username and password when prompted.
To bring up a native web application after an SSH tunnel exists:
1.
Bring up a browser.
2.
In the location bar enter http://localhost:portnumber where portnumber is the TCP port
number you specified for forwarding when you created the tunnel.
http://localhost:8080
In this step, use the local port number you specified for forwarding. In the examples, we
used 8080.
3.
The native web application appears in the browser.
Chapter 2: Accessing the MergePoint 5224/5240 Appliance and Target Devices
27
Creating a VPN Tunnel
The authorized user creates a VPN tunnel using either IPSec or PPTP. A user authorized for native
IP can access native IP functionality through the Web Manager or through using ssh management
commands after creating a tunnel using either IPSec or PPTP.
Figure 2.2 shows an illustration of a single user’s workstation running IPSec on the right end and
the MergePoint 5224/5240 SP manager on the left end, with a router and the Internet between the
MergePoint 5224/5240 SP manager and the user’s workstation.
Internet
Workstation
and IPSec Gateway
Router
Figure 2.2: MergePoint 5224/5240 Appliance VPN Example Using IPSec
Typically, the user configures a named VPN connection profile (or shortcut) on the user’s
workstation, using either IPSec or PPTP. The name on the user’s end for a preconfigured VPN
connection profile might be the name of the MergePoint 5224/5240 SP manager. The name on the
MergePoint 5224/5240 SP manager end for a VPN connection profile might simply be the name
and location of the user.
NOTE: Most systems, including the MergePoint 5224/5240 SP manager, refer to configuring a VPN connection,
but until the connection is actually made, what is informally called a VPN connection is actually a named
connection profile or connection shortcut, which stores the information the computer needs in order to establish
the connection.
The prerequisites for creating a VPN connection are shown in the following list:
•
The user on the remote workstation and the MergePoint 5224/5240 SP manager administrator
have configured VPN connection profiles from both sides to support the VPN connection. See
Creating a VPN Tunnel on page 27 for more details.
•
The user has created a VPN tunnel between the user’s workstation and the MergePoint 5224/
5240 SP manager.
•
The user has logged into the MergePoint 5224/5240 SP manager, either through the Web
Manager or through the command line and has been authenticated.
28
MergePoint 5224/5240 Service Processor Manager User Guide
An authorized user can enable native IP access in one of the following two ways:
•
If the authorized user is connected to the MergePoint 5224/5240 SP manager’s console, the
user can select the Enable native IP option that appears in the spshell menu for the selected SP.
•
If the authorized user is logged into the Web Manager, the user can choose Enable Native IP
for the desired target device on the Target devices screen.
The VPN connection must remain active for the duration of the native IP session.
CAUTION: To prevent unauthorized users from accessing the native IP features of the target device, when you
are finished, always disable any native IP sessions and then close the VPN connection.
Routing requirements for VPN connections
All routing requirements assume the user’s workstation and the MergePoint 5224/5240 SP manager
can exchange packets.
IPSec VPN routing requirements
If a route is necessary for the MergePoint 5224/5240 SP manager and the user’s workstation to
exchange packets, a route can be specified by setting one or both of the Right and Left nexthop
parameters to the IP address of a host route and selecting Add and route as the boot action. This
should be configured by the MergePoint 5224/5240 SP manager’s administrator and the
configuration should be shared with the user. Once packets can be exchanged between the
MergePoint 5224/5240 SP manager and the user’s workstation, IPSec automatically creates the
routes needed to get packets flowing through an IPSec VPN tunnel, so neither the user nor the
administrator need to create routes to support IPSec VPN tunnels to target devices.
PPTP VPN routing requirements
If a network or host route is needed to enable communications between the user’s workstation and
the MergePoint 5224/5240 SP manager, the user must manually add the route on the user’s
workstation before creating the PPTP VPN tunnel.
In addition, the user must manually create a static route after the PPTP connection is established to
inform the workstation that the target device to be contacted is at the other end of the point-to-point
link. The route must include the PPTP address assigned to the MergePoint 5224/5240 SP manager,
which the user can discover by running the ifconfig or ipconfig command.
The following example shows the PPTP interface IP address output from the ipconfig command on
an Windows NT operating system when PPTP has assigned an IP address of 192.168.2.1.
C:\> ipconfig
...
PPP adapter MergePoint5224/5240_PPTP_VPN
...
IP Address.. . . . . . . . . : 192.168.2.1
Chapter 2: Accessing the MergePoint 5224/5240 Appliance and Target Devices
29
...
If the user needs to communicate with target devices on two separate private subnets, the user must
create a route to each private subnet or to each target device.
For example, to communicate with all target devices on a private subnet whose IP address is
192.168.4.0, when the network mask is 255.255.255.0 and the PPTP-assigned IP address for the
MergePoint 5224/5240 SP manager is 192.168.2.1, the following route would be needed:
route add -net 192.168.4.0 mask 255.255.255.0 via 192.168.2.1
If additional target devices must be accessed on additional private subnets, additional routes must
be created to each of the subnets.
To communicate with three target devices on a virtual network whose IP address is 172.20.0.0,
whose network mask is 255.255.0.0 via the MergePoint 5224/5240 SP manager and PPTP has
assigned to the MergePoint 5224/5240 SP manager the IP address 192.168.2.1, the user would need
to configure a route like the one shown in the following example:
route add -net 172.20.0.0 mask 255.255.0.0 via 192.168.2.1
If a virtual network is configured, the user needs to only add a single network route to the virtual
network. Check with the MergePoint 5224/5240 SP manager’s administrator about which routes
you need to configure to connect to the target devices for which you are authorized.
Creating a default route on the user’s workstation to the MergePoint 5224/5240 SP manager is not
a viable approach. The route would cause the loss of DNS and other local services (such as Internet
and mail service) for the user’s workstation.
Summary of VPN-related requirements for native IP access
The following list summarizes the requirements for configuring a VPN connection:
•
Obtain from the MergePoint 5224/5240 SP manager’s administrator the values used in creating
the VPN connection profile on the MergePoint 5224/5240 SP manager end and use these
values to configure the connection profile on the user’s end. Obtain the PPTP password if
PPTP is being used. If IPSec is being used, the user may obtain the relevant portion of the
MergePoint 5224/5240 SP manager’s ipsec.conf file and insert it into the ipsec.conf file on the
user’s workstation.
•
Before attempting to access the native IP feature on the MergePoint 5224/5240 SP manager,
the user must start the VPN connection from the user’s workstation.
The MergePoint 5224/5240 SP manager listens for the connection attempt from the IP addresses
specified in its connection profiles and grants the access.
NOTE: The VPN connection must remain active for the duration of the native IP session.
30
MergePoint 5224/5240 Service Processor Manager User Guide
Creating IPSec VPN connections
For an IPSec VPN connection, the following authentication information is required:
•
Username and password
•
Connection keys or certificates
The ESP and AH authentication protocols (also called encapsulation methods) are supported. RSA
Public Keys and Shared Secret are also supported.
If the RSA public key authentication method is chosen, the generated keys are different on each
end. When Shared Secret is used, the secret is shared on both ends.
The MergePoint 5224/5240 SP manager administrator needs to give the user a copy of the
configuration parameters used to configure the IPsec connection profiles on the MergePoint 5224/
5240 SP manager, usually by providing a copy of the relevant portions of the ipsec.conf file, which
the user can insert into the ipsec.conf file on the user’s workstation.
To create an IPSec VPN tunnel:
The authorized user must perform the following actions to enable the IPSec client running on the
user’s workstation to bring up the VPN tunnel that enables access to native IP features on
target devices.
1.
2.
Make sure your workstation can exchange packets with the MergePoint 5224/5240 SP
manager.
a.
Test whether your workstation can access the MergePoint 5224/5240 SP manager by
entering the MergePoint 5224/5240 SP manager’s public IP address in a browser to try to
bring up the Web Manager.
b.
If a network or host route is needed to enable communications with the MergePoint 5224/
5240 SP manager, configure the route.
Create an IPSec VPN connection profile on your workstation, using the values supplied by the
MergePoint 5224/5240 SP manager administrator.
If the MergePoint 5224/5240 SP manager’s administrator sends the relevant portions of the
ipsec.conf file from the MergePoint 5224/5240 SP manager’s IPSec configuration, use it to
replace the same section in your workstation’s ipsec.conf file.
3.
Bring up the IPSec VPN tunnel.
Depending on the platform and IPSec client being used, you may use a GUI to create the IPSec
VPN connection or execute the ipsec auto -up command.
4.
Enable native IP access as described in the following procedure.
Chapter 2: Accessing the MergePoint 5224/5240 Appliance and Target Devices
31
To enable native IP access through an IPSec VPN tunnel:
NOTE: The MergePoint 5224/5240 SP manager’s administrator must provide the appropriate IP address for this
procedure, which is not the same as the public IP address assigned to the MergePoint 5224/5240 SP manager’s
public interface. The IP address is either the appliance side IP address configured for the private subnet where
the target device resides or a virtual IP address configured for the MergePoint 5224/5240 SP manager.
1.
Create a VPN tunnel. See To create an IPSec VPN tunnel: on page 30 or To create a PPTP
VPN tunnel: on page 31 if needed.
2.
To enable native IP access through a browser, perform the following steps.
3.
a.
Enter the private IP address or virtual IP address assigned to the MergePoint 5224/5240
SP manager in a browser.
b.
Log into the MergePoint 5224/5240 SP manager.
c.
Select Target devices in the Web Manager’s left menu.
d.
Find the entry for the desired target device and click Enable Native IP access.
To enable native IP access using the ssh command, perform the following steps.
a.
Enter the ssh command with the following syntax: ssh -t username:@privateIP.
The following command line example uses user AllSPs and a virtual IP address of
172.20.0.1.
% ssh -t AllSPs:@172.20.0.1
b.
Select Access Devices from the menu.
c.
Select the target device from the target devices menu.
d.
Select Enable native IP from the list of management actions.
Creating PPTP VPN connections
An authorized user can create PPTP VPN connections on Linux, Windows or Macintosh
operating systems.
To create a PPTP VPN tunnel:
1.
2.
Configure a PPTP VPN connection profile with the following information obtained from the
MergePoint 5224/5240 SP manager administrator:
•
The IP address assigned to the MergePoint 5224/5240 SP manager’s public interface.
•
The PPTP username and password assigned to the user.
Create the PPTP VPN connection.
To enable native IP access through a PPTP VPN tunnel:
1.
After creating a PPTP VPN tunnel, enter the ifconfig or ipconfig command on your
workstation to discover the PPTP address assigned from the MergePoint 5224/5240 SP
manager’s IP address pool in the PPTP connection.
32
MergePoint 5224/5240 Service Processor Manager User Guide
2.
Set up one of the following types of static routes to enable VPN connections:
•
A network route to the private subnet where the target device resides via the
PPTP-assigned address for the MergePoint 5224/5240 SP manager.
•
If a virtual network is configured, a network route to the virtual network where the target
device resides via the PPTP-assigned address for the MergePoint 5224/5240 SP manager.
•
A host route to each target device, using the real or virtual IP address assigned to the
target device.
3.
Enter the PPTP address either in a browser or with ssh on the command line to access the
MergePoint 5224/5240 SP manager.
4.
Access the target device and enable native IP access.
See To access a native web application (Web Manager): or To access a native management
application that resides on your workstation: on page 32.
Accessing native features of an SP when a VPN tunnel exists
The following procedures describe how to access native features on an SP after either a PPTP,
IPSec or SSH tunnel exists.
To access a native web application (Web Manager):
1.
Enter the private or virtual IP address of the MergePoint 5224/5240 SP manager in a browser.
The Web Manager appears.
2.
Log into the Web Manager.
3.
Select Access - Target devices.
4.
Click the Enable link next to Native IP.
5.
Click the Go to native web interface link that appears.
To access a native web application (from a remote browser):
On your workstation, enter the IP address of the target device in a browser’s location field. The
native web application appears.
To access a native web application (using the ssh command):
On the command line of your workstation, enter the ssh command with the name/alias of the target
device along with the IP address of the MergePoint 5224/5240 SP manager. The native web
application appears.
For example, the following ssh command line gives the user named allSPs access to a target device
called sp2 using the MergePoint 5224/5240 SP manager’s virtual IP address 172.20.0.1.
% ssh -t allSPs:sp2@172.20.0.1
To access a native management application that resides on your workstation:
Bring up the management application on your workstation.
Chapter 2: Accessing the MergePoint 5224/5240 Appliance and Target Devices
33
To access a native management application (from an SP):
If the management application resides on an SP and is an executable that can be invoked on the
command line, do one of the following to access the SP’s console and launch the
management application:
•
To use ssh to get to the SP’s console to launch the management application, do the
following steps.
a.
Enter ssh with the spconsole command on the command line of your workstation in the
following format.
% ssh
b.
-t allSPs:sp2@172.20.0.1 spconsole
Bring up the management application from the SP’s command line.
-or•
To use the Web Manager, perform the following steps:
a.
Log into the Web Manager on the MergePoint 5224/5240 SP manager.
b.
Select Access - Target Devices, and find the entry for the target device to access on
the screen.
c.
Select the SPConsole link.
d.
Log into the SP if prompted.
e.
Bring up the management application from the SP’s command line.
Obtaining and Using One Time Passwords for Dial-ins
This section is for users authorized to dial into the MergePoint 5224/5240 SP manager through an
external modem, PC modem or phone card when the one time password (OTP) authentication
method is configured for logins to that target device. With OTP authentication, you supply a
different password every time you dial-in, so no one who discovers the password used for one
session can use that password later to access your account. An OTP is a group of six English words
that are entered all on the same line at the prompt.
When you dial into the MergePoint 5224/5240 SP manager and enter a username, the system
provides a challenge string starting with otp-md5, which tells opiekey to use the MD5 algorithm,
followed by a sequence number and a key and waits for a response.The key includes the first two
letters of the hostname and a pseudo random number. In the following example, the sequence
number is 499 and the seed is on93564.
login: username
otp-md5 499 on93564
Response:
The user copies the challenge and pastes it into the command line on a non-networked workstation.
The opiekey program then prompts the user for the user’s secret pass phrase.
34
MergePoint 5224/5240 Service Processor Manager User Guide
Each OTP user needs a local user account on the MergePoint 5224/5240 SP manager, must be
registered with the OTP system and must be able to obtain the OTP username, OTP secret pass
phrase and OTP passwords needed for logins. The following procedure is for users who have the
opiekey program running on a non-networked workstation, who know the secret pass phrase and
are able to generate their own passwords.
To generate an OTP when prompted at dial-in:
1.
Dial into the MergePoint 5224/5240 SP manager through an external modem, a PC modem or
phone card that has been configured to use OTP authentication.
2.
Obtain an OTP by performing the following steps.
a.
Copy the challenge into a window on a non-networked workstation where the opiekey
program is installed, as shown in the following example.
% otp-md5 499 on93564
b.
3.
Enter your secret pass phrase when prompted. The opiekey program generates a six
word OTP.
Copy the OTP password to the window where the login program is waiting with the
Response prompt.
35
CHAPTER
3
Web Manager for All Users
The following sections describe how all types of users (authorized and administrative) can use the
Web Manager to access the MergePoint 5224/5240 appliance, manage connected SPs and other
devices, manage power outlets on any connected IPDUs and manage their own passwords:
•
Prerequisites for Using the Web Manager on page 36
•
Requirements for Java Plug-In Availability on page 36
•
Logging Into the Web Manager for Regular Users on page 37
•
Features of Regular Users’ Windows on page 39
•
Using the Target Devices Screen on page 39
•
Accessing a Service Processor’s Console on page 40
•
Accessing a Target Device’s Console on page 41
•
Managing Power Through a Service Processor on page 41
•
Viewing Sensor Data on page 42
•
Viewing and Clearing Event Logs on page 44
•
Accessing Native Features on a Target Device on page 45
•
Accessing the MergePoint 5224/5240 SP Manager Console (Web Manager) on page 51
•
Managing Power Outlets on a Connected IPDU on page 52
•
Configuring Your Password on page 58
36
MergePoint 5224/5240 Service Processor Manager User Guide
Prerequisites for Using the Web Manager
This section describes the required browsers, preparation and browser plug-ins needed for different
types of access.The prerequisites described in this section must be complete before anyone can
access the Web Manager. If you have questions about any of the following prerequisites, contact
your site’s system or network administrator:
•
The IP address of the MergePoint 5224/5240 appliance must be known. Entering the IP
address of the MergePoint 5224/5240 appliance into the address field of one of the supported
browsers listed in Table 3.1 is the first step required to access the Web Manager.
When DHCP is enabled, a target device’s IP address may or may not be fixed. When the
address is not fixed, anyone wanting to access the MergePoint 5224/5240 appliance must find
out the currently assigned IP address each time. If DHCP is enabled and you do not know how
to find out the current IP address of the MergePoint 5224/5240 appliance, contact your system
administrator for help.
•
A user account must be defined on the Web Manager. By default, the admin user has an
account on the Web Manager. Any administrator can add regular user accounts to access target
devices using the Web Manager.
For accessing the Web Manager, you can use any type of workstation that has access to the network
where the MergePoint 5224/5240 Service Processor Manager is installed and any browser (such as
Internet Explorer 5.5 or above, Netscape 6.0 or above, Mozilla or Firefox) with a Java 2 plug-in.
Table 3.1: Supported Browser and JRE Versions
Browser
Version
JRE Version
Firefox
1.0.7
JRE 1.5.0_01
Internet Explorer
6.0
JRE 1.5.0_02
Mozilla
1.7
JRE 1.5.0_01
Netscape
7.1
JRE 1.5.0_02
Requirements for Java Plug-In Availability
The Web Manager launches Java applets in the following situations:
•
When establishing console access to the MergePoint 5224/5240 appliance and to SPs and other
target devices.
•
When establishing an SSH tunnel to a target device when a user enables the
DirectCommand feature.
•
When displaying sensor data.
Chapter 3: Web Manager for All Users
37
The Java applets rely on the Java plug-in being installed on the workstation and registered with the
browser being used.
Installing the Java 2 Runtime Environment (J2RE) Standard Edition software automatically installs
the needed Java plug-in. After you download and install the JRE software, you then must make sure
the Java plug-in is registered with the browser. See the http://java.sun.com website for
more information.
Logging Into the Web Manager for Regular Users
Both authorized users and MergePoint 5224/5240 appliance administrators can access the Web
Manager from a browser using HTTP or HTTPS over the Internet or through a dial-in or callback
PPP connection.
After being authenticated during login, authorized users can use the Web Manager to log into target
devices, manage power and change their own passwords, but they cannot use the Web Manager for
configuring users or target devices. Any number of regular users can connect to the Web Manager
at the same time.
MergePoint 5224/5240 appliance administrators can perform additional user and target device
configuration tasks through the Web Manager. See the MergePoint 5224/5240 Service Processor
Manager Installer and Administrator Guide for details.
Figure 3.1 shows the login screen for the Web Manager that appears when the MergePoint 5224/
5240 appliance IP address is entered in a Microsoft Internet Explorer browser.
38
MergePoint 5224/5240 Service Processor Manager User Guide
Figure 3.1: Web Manager Login Screen
See Power Management Options on page 19 for more about how to use the Web Manager and
Prerequisites for Using the Web Manager on page 36 for the required browsers, preparation and
browser plug-ins needed for different types of access.
To log into the Web Manager:
This procedure assumes you have a valid username and password and that your workstation has a
network connection or a PPP connection to the MergePoint 5224/5240 appliance.
1.
Enter the IP address of the MergePoint 5224/5240 appliance in a supported browser. See Table
3.1 on page 36 for a list of supported browsers, if needed. The Web Manager login
screen appears.
2.
Enter your username and password.
3.
Click the Login button.
Chapter 3: Web Manager for All Users
39
Features of Regular Users’ Windows
Figure 3.2 shows features of the Web Manager that appear when regular users log in.
Logout Button and MergePoint 5224/5240 SP Manager Information
Screen Area
Left Menu
Help Button
Figure 3.2: User Options on the Web Manager
A menu of options appears on the left. The fields, buttons and menus in the screen area in the
middle differ according to which option is selected.
MergePoint 5224/5240 appliance administrators see the same list of options shown in Figure 3.2
under the administrator’s Access tab. The Access tab is one of multiple tabs that are available on
the Web Manager whenever an administrator logs in. Administrators can refer to the MergePoint
5224/5240 Service Processor Manager Installer and Administrator Guide for more details.
Using the Target Devices Screen
The Target devices screen lists device groups and individual target devices that are not in groups
for every target device the user is authorized to access. Clicking the plus (+) sign next to the name
of a group expands the list of target device entries. Clicking a minus (-) sign hides the list of target
device entries.
The entry for each target device has the following:
40
MergePoint 5224/5240 Service Processor Manager User Guide
•
Links to the management features the user is allowed to access on that target device
•
The name (alias) assigned to the target device
•
A real IP address (if a virtual IP address is not assigned to the target device)
•
A virtual IP address (if one is assigned to the target device)
•
A description of the target device
Target Device
Entry
Management Action Links
Figure 3.3: Target Devices Web Manager Screen
Links to management actions are active only when the current user is authorized to use them and
when they are supported for associated selected target device.
Accessing a Service Processor’s Console
Clicking the Service Processor Console link on the Target devices screen gives you access to the
command line of the SP. A window running a MindTerm Java applet appears.
To connect to an SP’s console (Web Manager):
1.
Log into the Web Manager.
2.
Select the SP Console link from the Action pull-down menu associated with the SP whose
console you wish to access. A MindTerm window displays with an SSH connection to the
target device.
3.
If authentication is enabled for the SP, log in as prompted.
Chapter 3: Web Manager for All Users
41
Accessing a Target Device’s Console
Clicking the Device Console link on the Target devices screen launches a terminal window running
a Java applet and creates a console connection with the target device. Figure 3.4 shows an example
terminal window with a connection to the console of a Compaq Proliant server with an iLO
type SP.
Figure 3.4: Device Console Example
To connect to a device’s SoL console (Web Manager):
1.
Log into the Web Manager.
2.
Select the Sol Console link from the Action pull-down menu associated with the target device
whose console you wish to access. A MindTerm window displays with an SSH connection to
the device.
3.
If authentication is enabled for the device, log in as prompted.
Managing Power Through a Service Processor
Clicking the Power button on the Target devices screen gives you access to a menu of power
management options that are available on the SP.
If an SP supports both a hard power off and a soft power off option, the Turn power off and Power
cycle buttons perform the hard power option. If an SP has more than one type of reset option, the
Reset command on the Target devices screen performs the highest level of reset, which is the cold
boot option (if available). See Table 1.8 on page 10 for more information.
Clicking the Check power status button brings up a dialog box that shows the server’s power status.
42
MergePoint 5224/5240 Service Processor Manager User Guide
To manage a server’s power through its SP (Web Manager):
1.
Log into the Web Manager.
2.
Select the Power link from the Action pull-down menu associated with the target device for
which you want to manage power.
3.
To power up the server, click the Power on link.
4.
To power down the server, click the Power off link.
5.
To reboot the server, click the Power cycle link.
6.
To check the power status of the server, click the Power status link.
7.
To reset a server from an SP, click the Reset link.
Viewing Sensor Data
Clicking the Sensors button on the Target devices screen displays the SP’s sensor plotting page.
Figure 3.5 shows the Sensors screen that displays unformatted data.
View Sensor Plotter Button
Figure 3.5: Example of Unformatted Sensor Data
Clicking the View sensor plotter button in Figure 3.5 brings up a screen allowing you to view data
from individual sensors on the server.
The sensor plotter page is shown in Figure 3.6 in the default graph format. Click the radio button
next to the desired sensor and click Display Graph to display the data from the selected sensor in
the graph area.
Chapter 3: Web Manager for All Users
43
Users can bring up multiple instances of the sensor plotter page and view different sensors in
different graphs at the same time. The graph displays a new reading at a specified interval. The
default, which is user-configurable, is five seconds.
Sensors List
Graph Area
Display Graph Button
Figure 3.6: Sensor Plotter Page
To view a server’s sensor data from an SP (Web Manager):
1.
Log into the Web Manager.
2.
Click the Sensors link associated with the server whose sensors you wish to view. A MindTerm
Java applet appears showing unformatted sensor data.
3.
Click the View sensor plotter button. A list of sensors appears on the left with the main graph
area empty.
4.
Click the radio button next to the name of the sensor you wish to view.
5.
Click the Display Graph button. A graph of data from the selected sensor displays in the
default graph format.
44
MergePoint 5224/5240 Service Processor Manager User Guide
Viewing and Clearing Event Logs
Clicking the Event Log button on the Target devices screen displays the system event log (SEL)
menu from the server where the SP resides. Event messages are sent by the SP when system
management events are detected. The events may be being logged either by the SP or by the server.
The Clear event log button appears at the top of the screen, as shown in Figure 3.7.
Clear Event Log Button
Figure 3.7: Example Event Log Web Manager Screen
To view or clear event logs:
1.
Click the Event Log button on the Target devices screen. The SEL menu from the server where
the SP resides appears.
2.
View the log, if desired.
3.
Click the Clear event log button to clear the log, if desired.
4.
Close the screen by clicking the X in the upper right.
Chapter 3: Web Manager for All Users
45
Accessing Native Features on a Target Device
As mentioned in Access to native features on a target device on page 7, the Native IP and
DirectCommand privilege authorizes users for both Native IP and DirectCommand actions. If the
user is not authorized, the Action pull-down menu for a device on the Web Manager Target
devices screen does not list either Native IP or DirectCommand. Some differences between Native
IP and DirectCommand options that appear for authorized users are described in the following table
with links to sections that provide more details. (Continued)
Table 3.2: Differences Between Accessing Native IP and DirectCommand from the Web Manager
Native IP
DirectCommand
The Action pull-down menu for a target device initially
The Action pull-down menu for a target device
displays Native IP Enable only if a secure tunnel exists displays DirectCommand Enable.
between the user’s workstation and the MergePoint
5224/5240 SP manager. See To enable access to
Native IP on a target device (Web Manager): on
page 46 for more details.
If a secure tunnel does not exist, the Action pull-down
menu displays Native IP: Unavailable.
Clicking the Native IP Enable link has the
following effects:
• Enables Native IP and makes the Disable
link active.
• Causes the Go to native web interface link
to appear.
The authorized user can then do one of the
following actions:
• Click the Go to native web interface link to launch a
browser that brings up the native web application
on the target device.
-or• Launch an SP management application from the
user’s remote workstation.
See Managing Native IP on page 46 for more details.
Clicking the DirectCommand Enable has the
following effects:
• Enables DirectConnect and makes the Disable
link active.
• Launches a Java applet that creates a secure SSH
tunnel and manages the DirectConnect connection.
• Causes a Go to Direct Command Interface link
becomes active on the Action menu.
• Causes the DirectCommand Connected link to
appear in the upper right of the Web Manager
under the IP address.
• The SP or device’s web interface comes up in a
separate window, with a login prompt if login
is required.
Clicking the DirectCommand Disable link closes the
window and causes the DirectCommand Connected
link to change to DirectCommand: Idle. See Managing
DirectCommand connections on page 47 for
more details.
46
MergePoint 5224/5240 Service Processor Manager User Guide
Managing Native IP
Tasks for creating secure tunnels and obtaining native IP access on page 8 describes tasks for
creating the secure tunnel that must exist between the user’s workstation and the MergePoint 5224/
5240 SP manager before an authorized user can enable Native IP and the Go to native web interface
can be active. Figure 3.8 shows an example of a HP iLO web interface as it might appear after an
authorized user has the needed tunnel and clicks the Go to native web interface link.
Figure 3.8: Example HP iLO Native Web Interface
CAUTION: When finished with management tasks performed using native IP, the authorized user should always
click the Disable link. Leaving native IP enabled creates a security risk.
To enable access to Native IP on a target device (Web Manager):
1.
Create a secure tunnel between your workstation to the MergePoint 5224/5240 appliance. See
Tasks for creating secure tunnels and obtaining native IP access on page 8 for overview and
Creating VPN connections for Native IP access on page 49 for how to create a VPN tunnel.
2.
If the VPN connection is made using IPSec, enter the IP address that is assigned to the public
interface into a browser to bring up the Web Manager.
Chapter 3: Web Manager for All Users
3.
47
If the VPN connection is made using PPTP, discover and use the IP address that is assigned on
your workstation to the PPTP interface.
a.
If your workstation has a Windows operating system, enter the ipconfig command on the
workstation’s command line.
-orIf your workstation has a UNIX-based operating system, enter the ifconfig command on
the workstation’s command line.
b.
In the command output, locate the IP address assigned to the connection.
c.
Enter the PPTP IP address in a browser to bring up the Web Manager.
4.
Log into the Web Manager as an authorized user and select the Target devices menu option.
5.
On the Action pull-down menu for the target device on which you want native IP access, click
the Native IP Enable link.
The Go to native web interface link becomes active.
6.
Perform one of the following actions, as desired:
•
Click the Go to native web interface link to bring up the native web application.
-or-
•
7.
From your local workstation, launch a previously installed SP management application for
the server, if desired.
When you are done, always click the Disable link as a security precaution.
Managing DirectCommand connections
After a DirectCommand connection is created during a Web Manager session, the Java applet that
creates the secure tunnel between the user and the MergePoint 5224/5240 SP manager and that
manages DirectCommand connections stays loaded until the Web Manage login session is ended,
even if all DirectCommand connections are closed.
The Web Manager provides two ways to manage DirectCommand connections, which are listed
below and described in this section:
•
Through the Direct Command connection list
•
Through the Go to Direct Command Interface link
As mentioned in Accessing Native Features on a Target Device on page 45, the first time a user
creates a DirectCommand connection by clicking the DirectCommand Enable link in the Action
pull-down menu, a DirectCommand Connected link appears in the upper right of the Web Manager
under the IP Address and a Go to DirectCommand Interface link becomes active in the Action
pull-down menu, as shown in Figure 3.9 on page 48.
48
MergePoint 5224/5240 Service Processor Manager User Guide
Figure 3.9: Direct Command: Connected and Go to DirectCommand Interface
DirectCommand connection link
Users can see information about and manage all currently active DirectCommand connections by
clicking the DirectCommand Connected link, which brings up the dialog shown in Figure 3.10.
Figure 3.10: DirectCommand Connection List
Chapter 3: Web Manager for All Users
49
Go to DirectCommand Interface link
After all DirectCommand connections are terminated, the following occur:
•
The DirectCommand Connected link changes to Direct Command: Idle.
•
The Go to DirectCommand Interface link persists in the Action pull-down menu, and the SSH
tunnel between the user and the MergePoint 5224/5240 SP manager remains active. The user
can select the Go to DirectCommand Interface link to from the Action pull-down menu to
create a new DirectCommand connection without having to relaunch the Java applet.
To use DirectCommand to gain native web access to a target device
(Web Manager):
1.
Log into the Web Manager as an authorized user.
2.
The first time during a Web Manager login session, click the DirectCommand Enable link in
the Action pull-down menu for the target device on which you want DirectCommand access. A
Java applet launches a window and connects to the device’s native web interface.
3.
When you are done, always click the Disable link in the target device’s pull-down menu as a
security precaution.
4.
To disconnect from any DirectCommand connections, click Direct Command: Connected. The
dialog displays listing the currently active DirectCommand connections.
5.
Select the desired connection from the list, and then click Disconnect.
6.
To reconnect later in the same Web Manager login session, click the Go to DirectCommand
Interface from the target device’s Action pull-down menu.
Creating VPN connections for Native IP access
The rules for bringing up the Web Manager for Native IP access through the Target devices screen
differ between IPSec and PPTP VPN connections as indicated in the following list:
•
If the VPN connection is being made using IPSec, the authorized user may use the MergePoint
5224/5240 appliance’s IP address to bring up the Web Manager first and go to the Target
device screen before making the VPN connection. After subsequently making the VPN
connection, the user can reload the form to see the Enable Native IP link active.
•
If the VPN connection is made using PPTP, the VPN connection must be made before the Web
Manager can be launched, because the Web Manager must be launched using the PPTP
IP address.
The user obtains the IP address assigned to the PPTP interface by entering the ifconfig or
ipconfig command on the workstation’s command line (which command to use depends on the
operating system). In the command output, the IP address assigned to the connection appears
in the lines following the words PPP adapter, as shown in the following.
C:\> ipconfig
...
50
MergePoint 5224/5240 Service Processor Manager User Guide
PPP adapter MergePoint5224/5240_PPTP_VPN
...
IP Address. . . . . . . . . . : 172.0.0.0.100
...
The user then enters the PPTP IP address in a browser to bring up the Web Manager and enable
native IP access.
See Tasks for creating secure tunnels and obtaining native IP access on page 8 for more details.
The following procedures assume the following prerequisites:
•
You are running Windows NT on your remote workstation. Use this procedure as an example if
configuring a PPTP VPN connection profile on another type of operating system.
•
The MergePoint 5224/5240 appliance administrator has done all of the following:
•
Authorized your MergePoint 5224/5240 appliance user account for PPTP access
•
Provided you with the PPTP password if it is different from your MergePoint 5224/5240
appliance password
•
Enabled the PPTP service
•
Configured the MergePoint 5224/5240 appliance for VPN PPTP connections
•
Provided you with an IP address that was assigned while configuring VPN PPTP access
on the MergePoint 5224/5240 appliance
To create a PPTP VPN connection profile on Windows:
1.
Login in as an administrator on Windows NT.
2.
From the start menu, select My Network Places --view network connections - Create a new
connection. The New Connection Wizard appears.
3.
Click the Next button.
4.
On the next dialog that appears, click the radio button next to Connect to the network at
my workplace.
5.
Click the Next button.
6.
On the next dialog that appears, click the radio button next to Virtual Private
Network connection.
7.
Click the Next button.
8.
On the next dialog that appears, enter a name for the connection.
9.
Click the Next button.
10. If the Public Network dialog appears, click the radio button next to Do not dial the
initial connection.
11. Enter an IP address for the VPN Server Selection on the next dialog that appears.
Chapter 3: Web Manager for All Users
51
NOTE: The IP address is the one assigned to the public interface of the MergePoint 5224/5240 appliance.
12. Click the Next button.
13. Click the Finish button.
Accessing the MergePoint 5224/5240 SP Manager Console
(Web Manager)
Selecting the Appliance option on the Web Manager menu, then clicking the Connect button brings
up a window running a MindTerm Java applet with an SSH connection to the MergePoint 5224/
5240 appliance, as shown in Figure 3.11.
Figure 3.11: Appliance Console Login Screen
Regular users by default are not able to access the shell and they cannot do anything on the console
that they could not do from the Web Manager menu options. Users are encouraged to use the Web
Manager options instead of going through the Web Manager to use the console.
After authentication, the regular user sees the two following choices to access target devices or
change the user’s password, which are similar to the Web Manager menu options.
52
MergePoint 5224/5240 Service Processor Manager User Guide
Figure 3.12: User Menu When Connected to the Console
For information about what the administrative user can do on the MergePoint 5224/5240 appliance
console, see the MergePoint 5224/5240 Service Processor Manager Installer and
Administrator Guide.
To access the MergePoint 5224/5240 appliance’s console (Web Manager):
1.
Log into the Web Manager.
2.
Select the Appliance option in the left menu.
3.
Click Connect. A terminal window displays and establishes a console connection to the
MergePoint 5224/5240 appliance.
4.
Enter the password, if prompted. A menu of options displays for the regular user. For an
administrative user a shell prompt appears.
Managing Power Outlets on a Connected IPDU
Clicking the IPDU option on the Access menu brings up the message shown in Figure 3.13 if the
AUX port has not been configured for IPDU power management. Contact the MergePoint 5224/
5240 appliance administrator for help if you see this message.
Chapter 3: Web Manager for All Users
53
Figure 3.13: AUX Port Not Configured Error Message
Clicking the IPDU option on the Access menu when the AUX port has been configured for IPDU
power management brings up the Outlets Manager, the View IPDUs Info and the Software
Upgrade tabs, as shown in Figure 3.14. For more information, see Using the Outlets Manager tab
to power up and down and check power status on page 53 and Viewing IPDU information on
page 56.
NOTE: Only an administrative user can edit the Software Upgrade screen.
Figure 3.14: IPDU Tabs
Using the Outlets Manager tab to power up and down and check
power status
If a regular user clicks the Outlets Manager tab under the Access - IPDU menu option, the message
shown in Figure 3.15 appears if the user is not authorized to manage power on any outlets or if the
MergePoint 5224/5240 appliance cannot detect an IPDU connected to the AUX port. Contact the
MergePoint 5224/5240 appliance administrator for help if you receive this message.
54
MergePoint 5224/5240 Service Processor Manager User Guide
Figure 3.15: IPDU Access Failed Message from Outlets Manager
If a regular user clicks the Outlets Manager tab under the Access - IPDU menu option, the screen
displays a list of all the outlets the user is authorized to manage. If an administrative user clicks
Outlets Manager under the Access - IPDU menu option, all the power outlets on all connected
IPDUs are listed, as shown in Figure 3.16.
Figure 3.16: Access - IPDU - Outlets Manager Screen
Both regular users authorized for IPDU power management and administrative users can do the
following for any of the listed outlets:
•
Cycle power
•
Lock outlets in the on or off state to prevent accidental changes
•
Unlock the outlets
•
Turn power off
•
Turn power on
•
Save any changes made to the outlets state
Chapter 3: Web Manager for All Users
55
The name that appears on the screen is either the default s1, which is the port number of the AUX
port or an administrator-defined name. A yellow bulb indicates that the outlet’s power is on. A gray
bulb indicates that the outlet’s power is off. An open padlock indicates that the outlet is unlocked.
A closed padlock indicates a locked outlet. An orange Cycle button is active next to each outlet that
is on; the Cycle button is grayed when the outlet is off. The Save outlets state button allows the user
to save any changes made on this screen.
Figure 3.17: Outlets Manager Outlets State Close-up
To manage power outlets on a connected IPDU:
1.
Log into the Web Manager.
2.
Click the IPDU left menu option. The IPDU screen displays with the Outlets Manager
screen active.
3.
To switch an outlet on or off, click the adjacent light bulb.
4.
To lock or unlock an outlet, click the adjacent padlock.
5.
To cycle power, click the adjacent Cycle button.
6.
To save the state of the outlet(s), click Save Outlets State.
56
MergePoint 5224/5240 Service Processor Manager User Guide
Viewing IPDU information
When a regular user or administrative user selects Access - IPDU - View IPDU Info, the View
IPDU Info screen appears.
Figure 3.18: View IPDU Info Screen
The following table shows the information displayed on the View IPDU Info screen for each IPDU.
Table 3.3: Information on the View IPDU Info Screen
Field
Description
Name
Administrator-configured name or the default (s1), which is assigned to the
AUX port.
Number of units
The number of IPDUs connected to the port. The first IPDU is referred to as the
master. Any other IPDUs daisy-chained off the first IPDU are referred to as slaves.
Number of outlets
Total number of outlets on all connected IPDUs.
Buzzer
Whether a buzzer has been configured to sound when a specified alarm threshold
is exceeded.
Syslog
Whether syslogging has been configured for messages from this IPDU.
Over current protection
Whether over current protection is enabled (to prevent outlets from being turned on
if the current on the IPDU exceeds the specified threshold).
You can view the following information underneath the name of each IPDU (under
Unit Information).
Table 3.4: IPDU Information Under Unit Information
Field
Description
Model
IPDU model number
Chapter 3: Web Manager for All Users
57
Table 3.4: IPDU Information Under Unit Information (Continued)
Field
Description
Software Version
IPDU firmware version
Alarm Threshold
Number of amperes that triggers an alarm or syslog message if it is reached
Current
Current level on the IPDU
Maximum Detected
Maximum current detected
Temperature
Temperature on the IPDU (only available on selected models that have
temperature sensors)
Maximum Detected
Maximum temperature detected
To view IPDUs information:
1.
Log into the Web Manager.
2.
Click the IPDU option in the left menu. The IPDU screen displays.
3.
Click the View IPDU Info tab.
4.
If desired, clear the Maximum Detected value displayed for current by clicking the Clear max
detected current button.
5.
If desired, clear the Maximum Detected value displayed for temperature by clicking the Clear
max detected temperature button.
Using the Software Upgrade screen to view the IPDU’s current
software version
An administrative user can upgrade software on a connected IPDU from this screen. Regular users
can use this screen only to view the software version.
Figure 3.19: IPDU Software Upgrade Screen on the Web Manager
58
MergePoint 5224/5240 Service Processor Manager User Guide
Configuring Your Password
Clicking the Password option on the Web Manager left menu brings up the Changing password for
user <username> screen, as shown in Figure 3.20.
Figure 3.20: Password Screen
NOTE: Your password cannot exceed 30 characters.
To change your password:
1.
Log into the Web Manager.
2.
Click the Password option in the left menu. The Password screen appears.
3.
Enter the new password in the Password field.
4.
Enter the password again in the Retype password field.
5.
Click the Set Password button to save the changes in memory.
59
APP ENDICE S
Appendices
Appendix A: MindTerm Applet Reference
MindTerm is an SSH client that includes an integrated xterm/vt100 terminal emulator and that runs
as a Java applet within a browser window. When a user connects to any console using the Web
Manager, a window running a MindTerm applet appears with an encrypted SSH connection
between the user’s workstation and the console.
Java plug-in requirements for MindTerm
To use MindTerm, the user’s browser must have a Java plug-in enabled, as described in
Requirements for Java Plug-In Availability on page 36.
Customizing MindTerm
MindTerm saves session settings in a folder that it creates in the user’s home folder on the user’s
workstation. For example, in a Windows system, the folder is created in C:\Documents and
Settings\username\mindterm.
Actions you can perform with the terminal window are listed below:
•
Resize the window.
•
Edit text with options that include: copy, paste, select all, find and clear screen.
•
Change the background and foreground colors.
•
Save the contents of the terminal window and buffer to a file.
NOTE: You can make use of this option if you want to print the window’s contents, by saving the file and then
printing it from another application.
•
Re-use saved settings like the scroll buffer size.
Example MindTerm window
Figure A.1 shows an example window that appears when the root user is connected to the console
of an SP with an alias of rdqailo. The same terminal window appears whether the connection is
being made to the console of an MergePoint 5224/5240 appliance, an SP, a server or another type
of device.
60
MergePoint 5224/5240 Service Processor Manager User Guide
MindTerm home: C:\Documents and Settings\username\mindterm\
Figure A.1: Root Log into MindTerm Running an SSH Console Session
MindTerm terminal menu options
As is shown in first line of the screen output shown in Figure A.1, you can bring up the terminal
menu by pressing Ctrl and the right mouse button at the same time: Ctrl+mouse right-click. Figure
A.2 shows the terminal menu that displays if you enter Ctrl+mouse right-click and then drag the
cursor to pull down the File menu options.
Appendices
Figure A.2: Terminal Menu
Table A.1: Console Session Terminal Menu Options
1st-level Option
2nd-level Option
Description
File
Save Settings (Ctrl+Shift+s)
Saves current settings to a user-selected file.
Capture to File (Ctrl+Shift+c)
Starts capturing terminal output to a file, or if this
menu option is selected when output is currently
being captured, stops capturing.
Send ASCII File
Sends the contents of a selected file to the
terminal as input, as if the contents were being
typed on the keyboard.
Close (Ctrl+Shift+c)
Closes the current window.
NOTE: If you close a window without logging out,
you abort the SSH connection abnormally. The
recommended procedure is to log out in the shell
before closing or exiting the MindTerm window.
61
62
MergePoint 5224/5240 Service Processor Manager User Guide
Table A.1: Console Session Terminal Menu Options (Continued)
1st-level Option
2nd-level Option
Description
File (continued)
Exit (Ctrl+Shift+x)
Closes the window without logging out.
Closing windows without logging out aborts the
SSH connection. Enter the exit command in the
terminal before using this option.
Edit
Settings
Copy (Ctrl+Insert)
Copies selected text to the clipboard. Select text
by clicking and holding down the left mouse button
and then dragging the mouse over the area to
select, releasing the mouse when the desired area
is selected.
Paste (Shift+Insert)
Pastes the clipboard’s contents to the screen as
input, as if the contents were being typed on
the keyboard.
Copy & Paste
Copies selected text and pastes it.
Select All (Ctrl+Shift+a)
Selects all contents in the scrollback buffer and in
the terminal.
Find (Ctrl+Shift+f)
Displays the Find dialog box, which can be used to
search the scrollback buffer and the currently
displayed text for strings.
Clear Screen
Clears the screen and positions the cursor at the
top left corner.
Clear Scrollback
Clears the contents of the scrollback buffer.
VT Reset
Resets terminal settings to the defaults.
Connection
Displays a dialog box for setting SSH preferences.
General:
• Server
• Username
• Authentication
Proxy:
• Proxy type
• Server
• Port
• Authentication
• Username
• Password
Appendices
Table A.1: Console Session Terminal Menu Options (Continued)
1st-level Option
2nd-level Option
Description
Settings
(continued)
Connection (continued)
Security
• Protocol
• Host key type
• Cipher
• Mac
• Compression
Features
• X11 forward
• Local display
• Send keep-alive
• Interval
Terminal (Ctrl+Shift+t)
Displays a dialog box for setting
terminal characteristics.
General:
• Terminal type
• Columns
• Rows
• Encoding
• Font
• Size
• Scrollback buffer
• Scrollback buffer position
Colors
• Foreground color
• Background color
• Cursor color
Misc
• Paste button
• Select delimiter (characters for click-selection)
VT 1
• Enable Passthrough Print
• Copy <cr><nl> line ends
• Copy on select
• Reverse Video
• Auto Wraparound
• Reverse Wraparound
• Insert mode
• Auto Linefeed
• Scroll to Bottom On Key Press
63
64
MergePoint 5224/5240 Service Processor Manager User Guide
Table A.1: Console Session Terminal Menu Options (Continued)
1st-level Option
2nd-level Option
Settings
(continued)
Description
VT 2
• Scroll to Bottom On Tty Output
• Visible Cursor
• Local Echo
• Visual Bell
• Map <CTRL>+<SPC> to ^@
• Local PgUp/PgDown
• Use ASCII for line draw
• Backspace sends: del, bs, erase
• Delete sends: del, bs, erase
Auto Save Settings
Enables and disables the automatic saving of
settings. When this option is enabled [default],
settings are saved automatically whenever you
disconnect from a server or exit the terminal.
When this option is disabled, you must explicitly
save settings to a file in order to preserve them.
Tunnels
Setup
Displays a dialog box listing any previously
configured tunnels. Clicking the Add button
displays a dialog box for configuring a tunnel.
Type
• Local
• Remote
Bind address
• localhost
• all (0.0.0.0)
• ip
Bind port
Dest. address
Dest. port
Plugin
• None
• ftp
Help
About MindTerm
Displays a dialog box with information about the
Mind Term build date, version, platform you
are running.
Using hotkeys during console sessions
MindTerm hotkeys have two components: an escape sequence and a command key. The escape
sequence for all the console session hotkeys is Ctrl+e+c (shown as ^Ec). As shown in Figure A.1,
Appendices
65
the applet displays hotkey combinations that you can use to get help (^Ec?) or disconnect (^Ec.).
The following table shows all the available hotkeys, which are entered after the escape sequence.
Table A.2: Hotkeys Available During Console Sessions
Key
Action
Key
Action
.
Disconnect
a
Attach read/write
b
Send broadcast message
c
Toggle flow control
d
Down a console
e
Change escape sequence
f
Force attach read/write
g
Group info
i
Information dump
l?
Break sequence list
10
Send break per config file
l1-9
Send specific break sequence
o
(Re)open the tty and log file
p
Replay the last sixty (60) lines
r
Replay the last twenty (20) lines
s
Spy read-only
u
Show host status
v
Show version info
w
Who is on this console?
x
Show console baud info
z
Suspend the connection
Enter
Ignore/Abort command
?
Print this message
^R
Replay the last line
\too
Send character by octal code
For example, to send a broadcast message, you would enter Ctrl+e+c b and to tell the applet to
abort, you would enter Ctrl+e+c Enter on a Windows keyboard. To exit the session, press Ctrl+_.
66
MergePoint 5224/5240 Service Processor Manager User Guide
Appendix B: Technical Support
Our Technical Support staff is ready to assist you with any installation or operating issues you
encounter with your Avocent product. If an issue should develop, follow the steps below for the
fastest possible service.
To resolve an issue:
1.
Check the pertinent section of this manual to see if the issue can be resolved by following the
procedures outlined.
2.
Check our web site at www.avocent.com/support to search the knowledge base or use the
online service request.
3.
Call the Avocent Technical Support location nearest you.
67
INDE X
Index
A
B
AC devices 19
browsers
Add and route IPSec VPN option 28
accessing a native web application 25
admin user
from a remote browser 32
capabilities 4
through an SSH tunnel 26
administrative users
through the Web Manager 32
accessing the SP manager 4
accessing the Web Manager
creating 4
methods for 4
defined 4
through 37
administrators 16, 37
enabling native IP access through 31, 50
AH authentication protocol 30
MindTerm applet running in 16
ALOM device type and management features 5
authenticated users 5
prerequisites for console access and for sensor
data display 37
authentication
supported 36
using
overview 13
HTTPS for secure access through 3
the SP manager as the single source for 2
the IPSec IP address 46
authentication methods
using to
requirement for SSH tunnels 25
authentication servers 13
bring up a native web application 45
authorizations
test packet exchange between user
workstation and MergePoint 5224/
5240 SP manager 30
the SP manager as a single source for 2
types 5
authorized users
accessing the SP manager console 16
accessing the Web Manager 4, 37
autodetect modem and phone card configuration
option 19
AUX ports with IPDUs connected 19
C
callback
accessing the Web Manager through 37
configuring at the remote caller’s end 19
Caution about disabling native IP access 28
CDMA PCMCIA card 19
clearsel SSH management command 18
68
MergePoint 5224/5240 Service Processor Manager User Guide
commands
DEVCONSOLE 5
cycli 4
devconsole SSH management command 18
ifconfig 28, 31, 47
device management
ipconfig 28, 31, 47
actions 17
ssh 15
commands 15, 17
ssh management commands
devices
clearsel 18
accessing 36
devconsole 18
authorizing access to ??–5
native_ip_off 18
list for authorized users 16
native_ip_on 18
list in spshell menu 17
powercycle 18
management features 5
poweroff 18
See target devices
poweron 18
Web Manager screen 39
reset 18
DHCP effects on IP address 36
sel 18
dial-ins
example 3
spconsole 18
sudo 4
for accessing the Web Manager 37
telnet 13
options 19
connected devices 36
See target devices
DirectCommand 18, 25, 45
DRAC device type
and management features 5
console
and native web application access 7
access by the admin user 4
logout through user menu 17
port 16
three ways to access 16
DSView management software 2
E
encrypted communications 15
custom security profile with the override
authorizations feature set 5
ESP authentication protocol 30
Cyclades PM IPDUs
Ethernet ports of connected devices, illustrated 3
accessing through Web Manager 4
external modems 3
power management options through 19
F
cycli utility, who can use 4
FTP
D
enabling in a security profile 14
dedicated Ethernet ports 2, 3
when it is not available 14
Dell DRAC 7
Index
G
69
IPMI protocols 8
GSM PCMCIA card 19
IPSec
client on user’s workstation 30
H
service in security profiles 14
host route 28
VPN
HP iLO 7
authentication information required 30
HTTP
making connections 27
routing requirements 28
availability as an access method 20
port number to access 25
security profiles’ control of availability 14
using for Web Manager access 37
HTTPS
port number to access 25
security profiles’ control of availability 14
J
Java plug-in required for MindTerm 16
L
LAN 3
using for Web Manager access 37
Linux command line, availability to different user
types 4
using to protect communications 3
local port forwarding for SSH tunnel creation 25
login shell 16
I
IBM RSA II 7
logins
authentication requirements for 13
ICMP 14
ifconfig command 28, 31, 47
MergePoint 5224/5240 SP manager, supported
access methods 15
iLO devices
Web Manager prerequisites 36
native Web access on 7
supported management features 5
information users need 20
Internet access to the MergePoint 5224/5240 SP
manager 15
M
management
actions 3
features
IP addresses 3
availability on target device types 5
ipconfig command 28, 31, 47
configuring access to 4
IPDUs
user authorizations for 5
accessing through Web Manager 4
power management option 19
power outlets a user is authorized to manage 20
Web Manager screen 19
IPMI device types and management features 5
MergePoint 5224/5240 SP manager as a single
point for 2
services on SPs 2
managing power 4, 37
Index
PPTP
71
security features, introduction 2
assigned MergePoint 5224/5240 SP manager IP
address 29
security profiles
password 29
SEL
service 14
VPN
connections 27
disabling when done 20
routing requirements 28
prerequisites
user introduction 14
options for viewing 6
sel SSH management command 18
sensors
monitoring overview 10
sensors SSH device management command 18
serial over LAN 2
for creating a VPN tunnel 27
server-management services 2
for creating PPTP VPN tunnels 50
servers 2
for dialing-in using PPP 19
service processors
for using the Web Manager 36
private Ethernet ports 3
private network 3
private subnets
configuring PPTP VPN to communicate with
more than one 29
routing to 29
proxied communications 3
public network 3
R
See SPs
services
when unavailable 14
shared secret 30
single source 2
SNMP
agents 7
in security profiles 14
using to access events 2
what to do if access unavailable 14
regular user accounts 4
reset SSH management command 18
root user responsibilities 4
routing requirements for VPN connections 28
RPC 14
RSA II device type
and management features 5
RSA public keys 30
SoL 2
spconsole device management command
accessing a native management application 33
spconsole SSH management command 18
SPs
defined 2
dedicated Ethernet ports on 3
management commands 15
power management 19
S
secure connection 3
types of user authorizations for 5
72
MergePoint 5224/5240 Service Processor Manager User Guide
system event log
spshell
See SEL 6
list of devices 16–17
submenu
management commands 17
T
device console management command 6
target devices 2
native IP management commands 8
TCP port number for creating an SSH tunnel 25
power management command 9
Technical support 66
reset command 10
Telnet 2, 14
SEL management command 6
telnet command 13
sensor management command 12
terminal emulator 19
SP console management command 5
tunnels
required for native IP access to a device 8
SSH 3
tasks for creating 8
example of a disabled service 20
in MindTerm 16
requirement for managed devices 2
service controlled by security profiles 14
using to protected communications on public
network 3
U
username for authentication 13
users
types and authorizations, defined 4
account types 4
SSH clients
accounts 36
accessing the MergePoint 5224/5240 SP
manager console 16
authorized 37
default shell 16
connecting to the MergePoint 5224/5240 SP
manager 15
for different platforms 25
ssh command
on the MergePoint 5224/5240 SP manager 15
management commands 18
ssh management commands
sensors 18
SSH tunnel
creating 25
requirement for native IP access to a device 8
static route 28
sudo command 4
information they need 20
/usr/bin/rmenush login shell introduction 16
/usr/bin/spshell shell 17
V
virtual IP addresses, introduction 3
virtual media 7
virtual network, creating a network route to during
PPTP VPN tunnel creation 32
VPN connections
configuring a profile 29
duration requirements 28
making using IPSec or PPTP 27
Index
73
regular users
VPN tunnel
accessing native SP/device features through 32
features 39
creating with IPsec 30
option for accessing the MergePoint 5224/
5240 SP manager, connected devices
and power 15
requirement for native IP access to a device 8
W
who can access 37
Web Manager
introduction 4
accessing the MergePoint 5224/5240 SP
manager console through 16
web server providing native web access to a
connected SP 7
Windows NT operating system 28
X
authentication requirements 13
prerequisites for using 36
xterm/vt100 terminal emulator 16
74
MergePoint 5224/5240 Service Processor Manager User Guide
USA Notification
Warning: Changes or modifications to this unit not expressly approved by the party responsible for compliance
could void the user’s authority to operate the equipment.
Note: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful
interference when the equipment is operated in a commercial environment. This equipment generates, uses and
can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may
cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to
cause harmful interference in which case the user will be required to correct the interference at his own expense.
Canadian Notification
This class A digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe A est conforme à la norme NMB-003 du Canada.
Safety and EMC Approvals and Markings
FCC Class B, EN 55022 Class B, EN 61000-3-2/-3-3, CISPR 22 Class B, EN 55024/CISPR 24, (EN 61000-42, EN 61000-4-3, EN 61000-4-4, EN 61000-4-5, EN 61000-4-6, EN 61000-4-8, EN 61000-4-11), EN 60950/
IEC 60950-Compliant, UL Listed (USA), CUL Listed (Canada), TUV Certified (Germany), CE Marking (Europe)
MergePoint™
5224/5240
User Guide
For Technical Support:
www.avocent.com/support
Avocent Corporation
4991 Corporate Drive
Huntsville, Alabama 35805-6201
USA
Tel: +1 256 430 4000
Fax: +1 256 430 4031
Avocent Asia Pacific
Singapore Branch Office
100 Tras Street, #15-01
Amara Corporate Tower
Singapore 079027
Tel: +656 227 3773
Fax: +656 223 9155
Avocent International Ltd.
Avocent House, Shannon Free Zone
Shannon, County Clare, Ireland
Tel: +353 61 715 292
Fax: +353 61 471 871
Avocent Germany
Gottlieb-Daimler-Straße 2-4
D-33803 Steinhagen
Germany
Tel: +49 5204 9134 0
Fax: +49 5204 9134 99
Avocent Canada
20 Mural Street, Unit 5
Richmond Hill, Ontario
L4B 1K3 Canada
Tel: +1 877 992 9239
Fax: +1 877 524 2985
590-675-501A