Configuration
Contents
1. Al i Users Consoles Devices Groups Tider Profiles Firmware pas iene Jobs ry ry Details H a Details Details Details Details z gt Details Details Users L 4 ACL H re Device Manual i i Group List List as H Notify Release le Notify Pose _ notes User _ Devices Group ACL Groups m Groups 1 1 1 neni a a Groups d Security y 7 i Punai Proxies Di KVM Rotate Viewer Dial Up Log Rotate Figure 4 1 AlterPath Manager Configuration Process Flow Configuration and Administration 87 First Time Configuration Wizard You must perform the First Time Configuration process see Configuration Flow Diagram using the Linux shell through the serial console interface Once completed you may perform the rest of the configuration process and all daily administration procedures through the AlterPath Manager web interface To configure all your devices with the AlterPath Manager using the web interface you must first configure the devices such as console servers or a KVM switch menu options Devices and Profiles and then configure the consoles or ports associated with the devices menu option Consoles The Firmware option is used to update firmware and to enable you to select from different versions2. retraces PAC0266 Documentation CD CD with complete documentation for all AlterPath Manager models as well as documentation for other products that can be used with the APM Product Installation Checklist Check Item Part Description Purpose Number PAC0381 Quick Start Guide A quick installation and configuration guide to get you started with your APM right away See below Power cable Main power cable for for country AlterPath Manager specific part E2000 2500 and 5000 numbers CABO0010 Power cable USA CAB0037 Power cable Europe CAB0056 Power cable UK CABO0055 Power cable Australia CAB0278 Power cable Japan CABO0036 Cable crossover Can be used with AUX DB 9 female to RJ 45 port ACS and TS serial 6 ft ports 22 APM Installation Configuration and User s Guide Rack Mounting the AlterPath Manager Check Item Part Description Purpose Number HARO550 Mounting Kit Hardware for rack Mounting brackets mounting the AlterPath Manager E2000 necessary screws for APM E2000 HAR0017 Mounting rail kit Hardware for rack HAR0018 Mounting brackets mounting the AlterPath screws for APM 2500 Manager 2500 Note The APM 2500 is furnished with the mounting brackets ears already attached to it E Mounting Kit Hardware for rack Mounting brackets mounting the AlterPath Manager 5000 with rails screws for APM 5000 CAB004
3. Note Gigabit Ethernet is available on the APM 2500 and APM 5000 only HP OpenView NNM Integration The HP OpenView Integration Module IM is a Cyclades product that links the AlterPath System to the HP OpenView systems management platform In order for the IM to work the AlterPath Manager must contain the NNM license See the AlterPath Integrater for HP OV NNM B 07 50 Integration Guide PAC0436 for details on this product Modem Card Configuration Note Modems are not supported on the APM 2500 or the APM 5000 The AlterPath Manager E2000 is equipped with modem dialing capability allowing complete out of band access to remote console server devices This section provides basic procedures for configuring the card through a command line interface Checking Your Modems The four modems are detected during bootup All modem devices present are included automatically in the modem pool To view which modems are in use or which ones are available use SSH to connect to the AlterPath Manager login as root and use the following commands check modem d s tty Advanced Configuration 281 Modem Card Configuration Where d disconnect s status tty If no tty is specified then the command applies to all modems To check what modems are available type in check_modem s Example root APM root check modem s ttyPSO Available ttyPS1 Available ttyPS2 Available ttyPS3 Available v To Exclude M
4. cceecceeseeeeeeeereeeteees 76 User s Profile Consoles Forms cssctvaccd scantusnen 79 User s Profile Devices FOrm ccccssccssessseecsscees 80 User s Profile Groups FOrm s sesssesssssessseesseseeseeesee 81 User s Profile Security Form s sesssesssesessseessesersseesee 82 Summary of Devices Forms ccceecceeseesteeeteeees 105 Device List Formari 107 Devices Detail Form cccc cc cccccccccesecsscseeseessseseesess 111 Types of Web Proxy isis aire esas 115 Dial Up F rM sac secstasscerdaerstuattinsecajsadrtuas AE ISES GAN 120 Features Unique to the KVM net Device Configuration eee ee er ern E e ere 125 OnSite Model Number Designations 6 127 Devices Details Form IPMI cccccccscceeesseeesees 128 PPP Connection Modes ccccscecsseceteceeeeeeeeeeneees 132 Table 4 10 Table 4 11 Table 4 12 Table 4 13 Table 4 14 Table 4 15 Table 4 16 Table 4 17 Table 4 18 Table 4 19 Table 4 20 Table 4 21 Table 4 22 Table 4 23 Table 4 24 Table 4 25 Table 4 26 Table 4 27 Table 4 28 Table 4 29 Table 4 30 Table 4 31 Table 4 32 Table 4 33 Table 4 34 Table 4 35 Table 4 36 Table 4 37 Table 4 38 Table 4 39 Modem Mode Choices ccccccccecccccccscecececececeeecees 133 PPP Settings ses cateeva Mace dened acre amerais 133 Health Monitor Pull down List Options 134 Summary of Console Wizard Forms cee
5. 19 After creating the user in the ACS or TS give it root privileges by editing etc passwd for the user by changing the UID and GID fields to 0 ACS Modem Configuration 313 A sample user with the fields changed to 0 is as follows edson fTEQb6zEnulEQ 0 0 Embedix User home edson bin sh 20 Change the ownership of the user s home directory to root as follows chown root home edson 21 Edit the file etc ssh sshd_config to remove the comment symbol in front of the line AuthorizedKeysFile etc ssh authorized_keys 314 AlterPath Manager Installation Configuration and User s Guide Appendix C DLS Activation Data Logging Session Activation The AlterPath Manager E2000 is available with a fixed capability of 256 activated Data Logging Sessions DLSs This is also equal to the maximum number of concurrent console connections The maximum number of managed consoles or the total number of configurable console connections for the APM E2000 is 4096 The APM 2500 and APM 5000 come with a standard base capacity of 64 activated DLSs and a capacity of 1024 managed consoles Caution Licenses except for factory default licenses must be reinstalled after you recreate the system partition or after you run the installimg command If you want to preserve your licenses before you recreate a system partition or before you run installimg you can edit the file etc files list and add you
6. 6 Click on the Delete button Click on the Save button to complete the procedure Deleting a Device Group You cannot delete a device group using the Device Group form To delete a device group select Groups from the menu and refer to Groups on page 193 in this chapter To Upload Firmware to a Console Device Using the Device Detail form you can configure the AlterPath Manager to upload firmware from its firmware repository to any ACS or TS device 1 From the Device Detail form Devices Device List gt Device Detail select the firmware you wish to upload from the Firmware Boot drop down list Note The Firmware Boot drop down list only appears in the Device Detail forms of the ACS the TS and the KVM net Click on the Save button Go back to the Device List form and select the device s that need to be uploaded by clicking the corresponding checkbox and then click Upload APM Installation Configuration and User s Guide Devices LOGOUT ces Groups Alarm Trigger Profiles Firmware Security Rules Info Reporting Device Firmware Bootcode Firmwarebootcode Configuration Saturn V_2 0 0 1a Aug 18 05 Alternate Boot 2 0 7 Apr 21 04 Figure 4 29 Device Firmware Upload 4 Select Upload firmware bootcode and or Upload configuration to select either a firmware upload a configuration upload or both 5 Click on the Submit button
7. Note For Health Monitoring to work with alarms you must create the alarm triggers See Configuring Alarms for Device Health Monitoring on page 160 The Device detail form for TS is similar to that of the ACS The Model dropdown box provides you with a list of TS models to select from 114 APM Installation Configuration and User s Guide Devices Proxies The AlterPath Manager includes a web proxy server so that connections to the native web interface of any supported device go through the AlterPath Manager This feature enables the AlterPath Manager to e Connect users through the AlterPath Manager to remote servers that it controls e g IBM Blade KVM net switches OnSite units ACS TS units and other servers in connection with any web interface e Provide a secure mechanism for AlterPath Manager clients to access remote servers e Configure remote AlterPath devices directly from the AlterPath Manager Proxy Types There are three types of proxy you can configure for a device Table 4 4 Types of Web Proxy Proxy Type Function Reverse Proxy Reverse proxy allows any web server to be viewed through the proxy agent The web server appears to the user as a subdirectory of the proxy server s document tree Advantages Target server does not need to have a routable IP address not accessible outside the AlterPath Manager user workstation and network does not need to know about the target web server
8. Note For console forms associated with the Blade Module see Blade Management Module on page 206 of this chapter The Consoles option allows you to perform the following console management procedures Table 4 23 Summary of Console Forms Action Form s Used Add a new console to Consoles List Add button gt Select connect to the AlterPath Console Type gt Console detail Manager and for user access Configure blade s as The Blade Management Module is a paid for part of the Blade option See Blade Management Module on Management Module page 206 for more detailed information 166 APM Installation Configuration and User s Guide Table 4 23 Summary of Console Forms Action Form s Used Select or change the authentication method for console access Assign the current console to any number of users Select the users to be notified of any alarms from the current console Edit a console Delete console Assign or remove console s from the console group Search sort and save list Console Detail form Authentication drop down list NOTE The AlterPath Manager authenticates users from the console or terminal server Console Detail form Access tab gt Console Access form Console Detail form Notify tab gt Console Notify form Consoles List form edit link under the Config column gt Console detail form Consoles List
9. Note With browsers other than Internet Explorer there are limitations with multiple users accessing the AlterPath Manager via the Web Management Interface on a single workstation If you plan to have more than one user simultaneously open APM Web access sessions from a single workstation you should use Internet Explorer User Interface Overview Table 3 1 User Interface Main Menu Menu Selection Description Alarms Consoles Devices select DEVICE from the Filter by pull down selector Consoles Devices select CONSOLE from the Filter by pull down selector Logs User s Profile The Alarms list form is the first form that you see or the default form when you log in Use this form to view alarms update the status of an alarm or close an alarm after resolving it List form to view a list of devices assigned to you From the list click on the device you wish to access For IPMI and Blade Module users the Consoles List form provides access to the IPMI as a device as well as the chassis blades and switches List form to view a list of consoles assigned to you From the list click on the console you wish to access For IPMI and Blade Module users the Consoles List form provides access to the IPMI SOL as well as the chassis blades and switches Use the Logs form to view the Access logs Events logs and Data Buffer logs for a particular console or devic
10. EDIT option The system displays the Detail form From the Detail form click the Log Rotate tab Choose one of the following radio buttons a Rotate by frequency Exception file size gt 2000 MBytes triggers auto rotation b Rotate by file size 1 2000 Mbytes 4 You can optionally select the checkbox to compress the log file after a rotation has taken place Configuration and Administration 181 Consoles 182 v To Add an IPMI Console from Console Detail Form 1 Open the Console List form Consoles Console List 2 From the Console List form click on the Add button 3 The system opens the Adding Console form 4 From the Adding Console form select IPMI as the console type 5 The system displays the IPMI Console Detail form 6 Complete the fields as necessary Use the Access Control List for Power to select users who can view the sensor display Note IPMI is a paid for option for AlterPath Manager users The feature is hidden from users who do not need it v To Activate PMI Copy the IPMI license file that you purchased from Cyclades into the following directory on your APM var apm licenses data APM B IPMI enc Caution Licenses except for factory default licenses must be reinstalled after you recreate the system partition or after you run the installimg command If you want to preserve your licenses before you recreate a system partition or before you
11. Enter Ethernet ethO IP address 192 168 48 162 Enter Ethernet ethO Subnet Mask 255 255 252 0 Ethernet ethl IP address S tatic N one or K eep current K s Enter Ethernet ethl IP address 10 10 10 2 Enter Ethernet ethl Subnet Mask 255 255 0 0 Configure Number of Configure Enter the Enter the Subinterf Enter Sub Enter Sub Configure Configure Enter the Enter the VLAN etho Ethernet Subinterfaces Y es N o or L ist N 1 Ethernet Subinterfaces already configured 0 Ethernet Subinterfaces Y es N o or L ist N y Ethernet number 0 1 0 Subinterface index 0 9999 1 ace eth0 1 IP address S tatic or N one S s interface eth0 1 IP address 1 1 1 1 interface eth0 1 Subnet Mask 255 0 0 0 more Ethernet Subinterfaces Y es N o or L ist N n Ethernet VLANs Y es N o or L ist N y Ethernet number 0 1 0 VLAN index 0 4094 2 2 IP address S tatic or N one S s Enter VLAN eth0O 2 IP address 3 3 3 3 Enter VLAN eth0 2 Subnet Mask 255 0 0 0 Configure more Ethernet VLANs Y es N o or L ist N n Ethernet Default Gateway C hange or K eep current K c Enter Ethernet Default Gateway none 192 168 48 1 At this point if the Ethernet default gateway is already configured the following option appears Note This script creates the configuration file etc network ifcfg eth lt index gt which has the same format as ifcfg etho a
12. In the following example the selected device is a KVM net switch and the configured connection type is SSH 146 APM Installation Configuration and User s Guide Devices ing Please wait eggl admin eggl admin SendBreak Disconnect Applet de mud jta Applet started Internet Figure 4 28 Connection to a Device If the type of device defined is IPMI when you connect via CLI to the device the system connects you to the BMC via ipmitool v To Delete a Device To delete or disconnect a device from the AlterPath Manager follow the steps below 1 From the Devices List form select any device you wish to delete by clicking on the checkbox adjacent to the Device name 2 Select the Delete button v To Delete a Device from a Group To delete a device from one or more groups follow the steps below 1 From the menu panel select Devices The system displays the Devices List form Configuration and Administration 147 Devices 148 2 Under the Config column of the Devices List form click on the Edit link of the device you wish to remove from a group The system displays the Device Detail form for the selected device From the Device Detail form click on Groups The system displays the Device Group form 5 From the Selected Groups view panel of the Console Group form select the group or groups from which you wish to remove the current device
13. Note The Upload firmware bootcode option appears even if the AlterPath Manager firmware repository is empty If you click on it you must wait for a while before a message appears to let you know that the firmware repository is empty KVM net Device Configuration When connected to a KVM net switch the Devices option also allows you to use the following KVM net forms Table 4 14 Forms Used to Configure KVM net Form Use this form to Device List View KVM net devices Create edit or delete a KVM net device Configuration and Administration 149 Devices Table 4 14 Forms Used to Configure KVM net Form Use this form to Device Detail Configure the currently selected KVM net device e g Model IP Address MAC Address etc Groups Assign the current KVM net switch to one or more groups Proxies Select the type of proxy ifa KVM web proxy is required KVM Viewer Configure the Idle Timeout and escape sequences for using the KVM Viewer v To Configure Escape Sequences and Idle Timeout A main component of the KVM net settings is defining the keyboard key sequences for users when using the AlterPath Viewer An escape sequence is a sequence of special characters used to send a command to a device or program In this case the escape sequence is sent to the KVM net application Typically an escape sequence is coupled with a special character The Console KVM Viewer form shows the default Idle T
14. AlterPath KVM net 16 or AlterPath KVM net 32 Typical Configuration of AlterPath Manager and KVM Introduction The configuration below shows the AlterPath Manager managing four KVM switches Two KVM net switches are accessed directly through IP The other two are physically cascaded to KVM net 2 KVM analog switches as well as KVM Expanders are normally used as cascaded units since they cost less than KVM net switches AlterPath Manager Ethernet KVM net 2 KVM net 1 KVM Analog KVM Analog Server Server Server Server Server Server Server Server Server Figure 1 7 Configuration Example of APM and KVM net Each secondary KVM switch may have one or two connections to a primary KVM net switch while a primary KVM net switch may have one or more secondary switches connected 17 OnSite Support In the diagram if KVM net 2 is a 16 port device and the two analog switches are also 16 port devices then KVM net 2 will have 44 ports available to the user 32 ports from the two analog switches and 12 ports from KVM net 2 The four ports in KVM net 2 are used to connect to the slave units Regular users only see the ports to which they can connect Authentication authorization and access accounting logging function in the same manner as they do for serial console ports Health Monitoring consists
15. LOGOUT Users Consoles Devices Groups Profiles Firmware Security Rules _ info Reporting Alarm Trigger t Expression Notify he Priority Status Health Monitor HeaLth_MoNiToR OK yi Severe Enable Health Modem HeaLth_MoDeM NOK Y y Severe Disable O Hat halt si yf severe Enable O Reboot reboot Y Y E nfo Enable O Shutdown H shutdown h Y Y Waming Enable O Shutdown R shutdown r Y y Waming Enable O Signal 15 signal 15 Y y Severe Enable O AutoShutDown init 0 i y Severe Enable O System Halt The system is going down for system halt NOW Y Y severe Enable O Breakin Attempt Login incorrect Y Waming Enable Figure 4 34 Alarm Trigger List Form For an explanation of each fieldname refer to the Form Fields and Elements of the Alarm Trigger Definition form next form section To view or edit the configuration of an alarm trigger click on the alarm trigger name To Create an Alarm Trigger Use the Alarm Trigger Detail form to define triggers to generate user notifications and alarms To create an alarm trigger follows the steps below 1 From the menu select Alarm Trigger The system displays the Alarm Trigger List form 2 From the Alarm Trigger List form click on the Add button The system displays the Alarm Trigger Detail form APM Installation Configuration and User s Guide Alarm Trigger LOGOUT O Access V Admin admin connected to 192 168 48 162 Alarm Trigger
16. Note The AlterPath Manager Ethernet bonding implementation is not limited to two Ethernet interfaces but only one interface in the bond will be active at any given time Note DHCP for bond interfacing is not supported APM Installation Configuration and User s Guide Ethernet Bonding Example Ethernet Bonding Configuration The following is an example of how to set up Ethernet Bonding The bond0 Bonding IP address should match the APM s primary Ethernet IP address The IP address used in this example is 192 168 10 2 Note The example shown is a branch of SETNETWORK or a branch of the Initial Configuration Wizard root APM gregg root setnetwork Show current configuration Y es or N o N y eth0 192 168 10 2 255 255 252 0 DHCP eth1 NONE Enable Ethernet Bonding Y es or N o N y Configure Ethernet Bonding devices Y es N o or L ist N 1 Number of ethernet bonds already configured 0 Configure Ethernet Bonding devices Y es N o or L ist N y Enter the Ethernet numbers for bond0 0 to 1 separated by spaces 0 1 Enter the primary ethernet number for bond0 0 1 or none none 0 Status checking interval for bondo ms 100 Delay on enabling a slave for bondoO ms 300 Delay on disabling a slave for bondo ms 300 Bonding bondO IP address S tatic or N one S Enter Bonding bondO IP address 192 168 10 2 Enter Bonding bondO Subnet Mask 255 255 0 0 M
17. Procedures To Bracket Mount an APM sce cotccccenseziecteadeccascensscentaacntaeavteeuatiaacain 24 To Rail Mount an APM 2500 or 5000 00 ceccecceeseeseceteeeeeeeeeeeeseens 24 To Conn etthe APM Cabl szecinrri nnsa ai 25 To Configure the COM Port Connection and Log IN eee 31 To Enable ActiveX on Internet Explorer s ssssesssseseesessseesseserssresse 32 To Enable ActiveX on Netscape 7 X s sesessssessesessseesseserssressesrrssresse 33 To Enable ActiveX on Netscape 8 X sssessssessesessseesseserssressesrrssresse 34 To activate the Blade Module cscs csccssuce deserts etens caveeeticns ens 41 To Access the APM Web Application cccceccecsceesseceteceeeeeeeeeeseees 44 To Respond to an alarm acs Sin osc sa ectcaeccuetacsiachedoedchda an daeees deere 48 To View the Alarms Detail Form cccccsceseceeeeeeeceeteeeeeeeeeeeeneees 50 To View Alarm or Console Logs i 2 cdiseactentinadaieaawe 52 To Assign or Re assign a Ticket to a User ssesossssessesessseesseserssresee 52 To Access Consoles or Devices ccscccsseceseceseceeceeescecsseenseeeeneeeatees 53 To View the Consoles ist cncssiecieteaiennatean ema aaiien 56 To Connect toa Console ipriisiiensonoisisasyo rniran a ania 57 To View the Consoles Notify FOrm ccccecceesceeseeseeceteeeeeeeseeeeneees 61 To View the Consoles Groups Form 1 a s csad si cscds taesscetsiacsscertiest 62 To Access the Web Control Paget s s2hais1ss nstaneciacausien
18. Table 4 38 Security Rule List Column Descriptions Column Name Definition Rule Name Description Status Permission The name of the rule and if applicable the source IPs allowed for this rule A brief description of the rule and if applicable the interfaces and the date time allowed for this rule States if the rule is Enabled or Disabled if applicable lists all authorized actions for the current rule States whether the rule is to Allow or Deny 226 APM Installation Configuration and User s Guide Security Rules r Profiles Firmware LOGOUT Security Rules BELOA oO Rule Name Description Status Permission ADMIN RULE ADMIN RULE Enabled Allow All Source ATF All Date Time System DEFAULT RULE DEFAULT RULE Enabled Allow All Source AIT All Date Time ConnectToDeviceCLI ConsoleReadWrite KVMReadWrite PowerControl O Novice beginner Enabled Allow All Source etho Mon 08 00 17 00 ConnectToDeviceGUl etht Tue 12 00 20 00 ConsoleGul Wed 08 00 17 00 HPNNM Thu 12 00 20 00 Fri 08 00 17 00 a Search Add Delete Figure 4 74 Security Rules List Form v To Add or Edit a Security Rule To add or edit a security rule perform the following steps 1 From the menu select Security Rule The system displays the Security Rule list form see previous page 2 Select the Add button to add or select an existing rule to edit The s
19. This invokes a pop up menu with the following options Table 5 2 Console Applet Window Menu Options Menu Option Use this option to Copy Copy text from the applet window or another source Paste Paste text to the applet window Disconnect Close the applet window and disconnect your SSH session Send Break Cause an OK prompt to appear on the applet screen The copy and paste feature follows the standard Windows GUI convention of clicking the mouse dragging it over the text to be copied releasing the mouse to capture the entire text and then positioning your cursor to the desired destination as you select the Paste option Note Linux browsers do not support the Copy and Paste feature Connecting Directly to Ports It is possible to connect to console ports using the AlterPath Manager as a security proxy v To Connect from a Windows SSH Client 1 Using a Windows SSH client such as Putty select SSH for the protocol Advanced Configuration 259 Working from a CLI 2 In the Host Name or IP address field type the connection parameters in the following format lt user name gt lt console name gt lt IP address of APM gt Figure 5 1 shows a PuTTY configuration window with a sample SSH configuration setup that uses the APM as a security proxy X PuTTY Configuration Category Session a Basic options for your PuTTY session Logging Specify your connection by h
20. s Guide Devices Note If you need to change the prefix of the console names type in the new prefix in the Console Prefix field and then click on the Console Prefix button The system applies the new prefix to all console names 10 From the resulting form modify any settings as needed and then click on the Page 2 2 tab to continue the same form s Alarm Trigger Profiles Firmware Security Rules Info Reporting Edit any settings for the consoles for this console server or press Advanced to edit other console settings Consoles 1 2 Consoles 2 2 IPDU Outlets Console Notify Data Buffer Status Advanced Jupiter _01 er o OnDemand m advanced Jupiter 02 mm T E eovanced M i 0 OnDemand il C adranced Jupiter 04 mem o OnDemand advanced Jupiter_05 mem o OnDemand advanced Jupiter_06 T o OnDemand advanced _ Console Prefix lt Back Next gt Figure 4 23 Edit Console Settings Form Page 2 11 From the resulting form modify any settings as needed and then click on the IPDU Outlets button if necessary 12 Proceed to the Confirm Console Edits form Configuration and Administration 141 Devices Locout help about Access W Admin admin connected to 192 168 48 162 Users Consoles i Groups AlarmTrigger Profiles Firmware Security Rules Info Reporting This screen confirms your previous edits
21. setauth the following messages will be displayed Configuration changed x Execute saveconf to save the new values in flash x WARNING It may be required to restart the sshd daemon root APM 2500 root Open LDAP v To Configure Open LDAP Note This procedure can either be invoked through the First Time Configuration Wizard or from the set auth command 1 Choose the ldap authentication method at the following prompt local radius tacacs ldap kerberos nis active_ directory local ldap 2 Enter the name or IP address of the LDAP server at the prompt Enter the LDAP server lt LDAP_server_name gt 3 Enter the server s LDAP base at the prompt ex dc cyclades dc com ou person o cyclades dc lt first_ part domain _name gt dc lt second part domain name gt 99 66 Note The second part of the domain name is usually com etc net org If the procedure was invoked from setauth the following messages will be displayed Configuration changed x Execute saveconf to save the new values in flash x WARNING It may be required to restart the sshd daemon root APM 2500 root Advanced Configuration 293 Disabling HTTP to use only HTTPS Disabling HTTP to use only HTTPS The AlterPath Manager is configured to allow both HTTP and HTTPS access For greater security you can disable HTTP access to allow only HTTPS v To Disable HTTP to Use
22. tab gt Status drop down box gt Enable 7 Log onto the WMI of the redundant APM as admin and select System tab gt Cluster Settings gt Heartbeat tab gt Status drop down box gt Enable 8 Reboot the primary APM and then reboot the secondary APM This is necessary to activate the heartbeat configuration Caution Rebooting the primary and redundant APM will start up the synchronization The heartbeat redundancy data synchronization and failover support will not be activated until synchronization completes 9 Check the status of the synchronization by logging onto the console of either APM and entering the command etc init d drbd status After the synchronization completes the heartbeat and network RAID signals will start up and the fault tolerant configuration will be active Configuration and Administration 253 Redundant Fault Tolerant Configuration 254 APM Installation Configuration and User s Guide Chapter 5 Advanced Configuration This chapter presents some procedures for configuring the AlterPath Manager E2000 2500 and 5000 through the Command Line Interface CLI First Time Configuration aside Cyclades recommends the use of the CLI only for advanced admin users who are proficient with CLI and would like more control over the configuration features of the AlterPath Manager This chapter is organized as follows Working from a CLI Page 256
23. 13 Click the Upload button near the bottom of the form and wait for the upload to take place Note If you create an admin user with access restricted to a PM device only and such a user subsequently logs onto the APM and uploads the PM device the parent device will also be uploaded This happens even if the parent device is specifically not checked in the upload menu Redundant Fault Tolerant Configuration 240 Note This feature is not supported on the APM E2000 Heartbeat Redundancy Data Synchronization and Failover support provides the ability to back up and restore an APM 2500 or APM 5000 system with little or no downtime in the event of a failure of a primary APM By using the heartbeat protocol in conjunction with network RAID a redundant APM automatically takes over device and console management in the event of a failure of the primary APM or its Ethernet connection A heartbeat signal between a primary and secondary APM verifies that the primary APM is up and running If the heartbeat signal is not received from the primary APM for a predetermined interval 5 seconds by default the primary APM is assumed to be down and the redundant APM takes over When the primary APM is brought back up the secondary APM fails back and synchronizes data with the primary APM APM Installation Configuration and User s Guide Redundant Fault Tolerant Configuration Physical Setup of Fault Tolerant APMs Figu
24. 6 Select Enable ActiveX in the Web Features box 7 Click the OK button 8 Enter the IP address of your APM in the URL entry field of your Netscape browser Notice the shield icon shown in Figure 2 7 36 APM Installation Configuration and User s Guide Pre Configuration Requirements Shield icon URL entry field Cyclades AlterPath Manager Netscape Browser Go Bookmarks Tools Help GAC 779 File Edit View Personal E b 2 Cyclades AlterPath Manager Ea E A Netscape com E Inside Netscape ZE http 192 168 48 162 4 Webmail max Netscape 8 Product Info Welcome to AlterPath Manager Successful log out username password Figure 2 7 9 Click on the Shield Icon A Trust Settings dialog box appears Installation Jok M 4 2 Location of Shield Icon and URL Entry Field 37 Pre Configuration Requirements 38 Site Controls for 192 168 48 162 h Trust Settings Advanced Trust Rating This site has not been verified by a trusted partner Browser Setting a I Trust This Site Y N Enable maximum site functionality T m Not Sure eee Balance Functionality and security I Don t Trust This Site Enable maximum browser security Rendering Engine If this page appears to be displayed incorrectly try changing the setting og Firefox og Internet Explorer Manage Trust Settings Figure 2 8 Trust Settings Dialog Box 10 Cli
25. Before you power on the AlterPath Manager connect one end of a DB 9 to DB 9 Null Modem cable or equivalent to the console port of the AlterPath Manager 2 Connect the other end of the cable to a terminal or a computer s serial port 3 Using the terminal or a terminal emulation program installed on a computer start a session with the following settings 9600 BPS 8 data bits No parity 1 stop bit ANSI emulation 4 Power on the APM Boot information will scroll up on the screen for a short time until the system is ready for initial configuration input data Welcome to Cyclades APM Since this is the first time you are booting your APM you need to answer some basic configuration questions Once this is done the other APM configuration parameters can be set through its Web Management Interface WMI Press any key to continue 5 Press any key to run the First Time Configuration Wizard You will be asked to enter the following parameters e Enter a password for root and re type the password Enter a password for admin and re type the password Configuration and Administration 89 First Time Configuration Wizard 90 e Select a time zone e Enter a new system date and time format is MM DD YY Note You must type a date even if it is the same as the date displayed in order to change the time e Enter the time if you did not select the default date format is HH MM e Select Y es
26. CLI Commands Page 258 Copying and Pasting Text within Page 259 the Console Applet Window Connecting Directly to Ports Page 259 Sample Command Line Interface Page 261 Console Session Hot Keys Page 263 Set Commands Page 264 Re defining the Interrupt Key Page 274 To Change the Number of Page 275 Consoles per Page To Change the ACS TS Admin Page 277 Name Ethernet Bonding Page 278 Ethernet Port Configuration Page 281 HP OpenView NNM Integration Page 281 Modem Card Configuration Page 281 Serial Card Configuration Page 283 Working from a CLI Configuring Dial Out and Dial Page 285 Back Modem Dial Back for ACS Page 286 Changing the Ports to be Proxied Page 288 Creating the krb5 keytab for Page 290 Kerberos Authentication Firmware Page 294 Backing Up User Data Page 296 Managing Log Files Page 297 System Recovery Guidelines Page 297 Changing the Database Page 300 Configuration Restoring Your Configuration Page 301 Working from a CLI 256 The AlterPath Manager allows you to use a command line interface CLI as an alternative to the web interface You can use a terminal or terminal emulator on a local workstation to connect to the APM s console port You may also use a Linux or Windows based secure shell SSH client The same restrictions to the web management interface apply to the CLI Note Throughout this manual the term CLI refers to the command line interface provided by the APM s cons
27. Designed to prevent admin users from locking themselves out the check box is available only to admin users For Admin use only NOTE In case the admin user is locked out when this check box is selected the admin user can edit the script file var apm bin apm_unlock_admin sh from the Linux shell through the Serial Console Interface Local Password Check box to indicate that local authentication applies to the user If this box is checked the Set Password button becomes active Set Password Button that launches a password setup dialog box Full Name User s full name Email User s email This is the same field name used by the system for event notification Department User s department Location User s Location Phone User s phone number Mobile User s mobile phone number Pager User s pager number Web Access 77 User s Profile Table 3 11 User s Profile Details Form Element Definition Status Indicates whether the user s access is enabled or disabled GUI Theme A pull down field that lets the user select a choice of colors for the APM WMI Save Button to save the user s configuration changes v To Change Your Password To change your password perform the following steps 1 From the User s Profile Details form click on the Set Password button A password dialog box will be launched From the password dialog box enter the new password twice Click on the d
28. Humidity non condensing non condensing non condensing Software Specifications Feature AlterPath E2000 AlterPath 2500 AlterPath 5000 Operating Linux 2 4 x embedded Linux 2 6 x embedded Linux 2 6 x embedded system Users and Unlimited Unlimited Unlimited administrators Managed 2048 2048 2048 devices Managed 4096 fixed 1024 to 8192 licensed 1024 to 32768 licensed consoles Data logging 256 fixed 64 to 512 licensed 64 to 2048 licensed Concurrent 256 fixed 64 to 512 licensed 64 to 2048 licensed serial console sessions Support for KVM net Support for OnSite Support for TS Support for ACS AlterPath Integrator for HP OpenView Heartbeat Failover Data sync Supported web browsers Java runtime plug ins Yes SW 1 1 0 and above Yes Yes Yes Yes Internet Explorer 6 0 Mozilla 1 02 Netscape 7 x x gt 1 Netscape 8 x 1 4 2 or greater Yes SW 1 1 0 and above Yes Yes Yes Yes Yes Internet Explorer 6 0 Mozilla 1 02 Netscape 7 x x gt 1 Netscape 8 x 1 4 2 or greater Yes SW 1 1 0 and above Yes Yes Yes Yes Yes Internet Explorer 6 0 Mozilla 1 02 Netscape 7 x x gt 1 Netscape 8 x 1 4 2 or greater 308 AlterPath Manager Installation Configuration and User s Guide Appendix B ACS Modem Configuration The AlterPath Manager allows you to automatically dial out to remote console servers such as the AlterPath Consold
29. RS 232 RS 232 RS 232 Figure 2 1 Private Network Diagram Installation 27 Safety Considerations When Rack Mounting Single Network Diagram The diagram below depicts how the AlterPath Manager AlterPath Manager may be set up in a single network structure AlterPath Manager Me Public LAN Workstation Web User Interface Cat 5 Cat 5 Cat 5 RS 232 RS 232 Figure 2 2 Single Network Diagram Safety Considerations When Rack Mounting When rack mounting the AlterPath Manager consider the following Operating temperature The manufacturer s recommended operating temperature for the AlterPath Manager is 50 to 95 F 10 C to 35 C 28 APM Installation Configuration and User s Guide Safety Considerations When Rack Mounting Elevated operating ambient temperature If you install the AlterPath Manager in a closed or multi rack assembly the operating ambient temperature of the rack environment may be greater than the room ambient temperature Ensure that you install the equipment in an environment compatible with the manufacturer s maximum rated ambient temperature Reduced air flow Ensure that the amount of airflow required for safe operation is not compromised Mechanical loading Ensure that the equipment is mounted or loaded evenly to prevent a potentially hazardous condition Circuit loading Ensure that the connection of the equipment to the supply circuit and the effe
30. View or CLI a Select the VIEW button and you will see a read only view of the Device Detail or Console Detail form which is the default of a series of tabbed forms LOGOUT O Consoles Devices BM Details Notify Groups Proxies Dial Up Log Rotate Device Name Jupiter Type Ts Modet Location Fremont Admin Name root Admin Password IP Mode MAC Address IP Address 192 168 48 164 Netmask 255 255 252 0 Default Gateway 192 168 48 1 DNS 192 168 44 21 Connection Domain cyclades com Base Port 7001 Status Health Monitor Auto Upload Firmware Boot Figure 3 7 Access Device Detail Form The tabs include e Details 54 APM Installation Configuration and User s Guide Web Access for Users e Notify e Groups e Proxies e Dial Up e Log Rotate All the forms are read only forms b Select the CLI button and a CLI viewer will be launched Connected to 192 168 48 162 ssh root Jupiter root SendBreak Disconnect Figure 3 8 Device CLI Viewer Consoles Selecting Consoles from the menu brings up the Consoles List form which allows you to e View detailed information about the consoles assigned to you e Connect to your target console Web Access 55 Web Access for Users 56 To connect to a target console means that depending on the type of configured device and console selecting a console from the Console List form may e Open a command line c
31. expiry_date 2005 09 23 expiry_time 00 00 info null VALID true FEATURE DLS Name APM_B_DLS_256 version 1 0 1 type standard feature DLS device APM Figure 2 9 Feature Window You can also log on to the CLI on the serial console port as root or as admin and run the following command sysinfo Valid licenses end with the string VALID true An example screen display follows Installation 39 Pre Configuration Requirements System Model APM e2000 Boot Version 1 0 2 Sep 10 2002 Kernel Version 2 4 25 Config Version Viet 40 OS Version V_1 4 0 Nov 28 2005 APM Version V_1 4 0 10 13 2005 APM Database V_1 4 0 2005 11 07 CPU 0 Celeron Coppermine 847 431MHz 1690 82 bogomips RAM 515736 kB 335140 kB free Licenses FEATURE IBMBLADEMODULE Name APM B IBMBLADEMODULE version 1 0 1 type null feature IBMBLADEMODULE dev ice APM owner paulo customer_id gregg expiry date 2005 12 28 expiry time 00 00 info null VALID true FEATURE IPMI Name APM B IPMI version 1 0 1 type null feature IPMI device APM owner paulo customer_id gregg expiry date 2005 12 28 expiry time 00 00 info null VALID true FEATURE DLS Name APM B DLS 256 version 1 0 1 type standard feature DLS device APM owner Cyclades Corporation customer_id cyclades expiry date 9999 01 31 expiry _time 00 00 info e2000 base license VALID true FEATURE NNM Name APM B NNM version 1 0 1 type null feat
32. synchronization if either one becomes unavailable after adding a new server to the KVM net Controls screen brightness and contrast Switches from the currently connected server to the next server that you are authorized to access Switches from the currently connected server to the previous server APM Installation Configuration and User s Guide Devices Table 4 15 Device KVM Viewer Form Element Definition Port Info Displays any information about the current port Back Button to return to the previous form Reset Button to reset the input fields of the current form Save Button to save the configuration to Flash Save amp List Cascade Displays the Cascade List form which Save amp Create Consoles Save amp Auto Discover shows a list of cascaded KVM devices if configured Button to initiate the Console Wizard Button to initiate the Device Discovery Wizard 4 From the KVM Viewer form make the necessary changes and then click on Save v To Cascade a Secondary KVM to a Primary KVM The Devices Detail form for a KVM allows you to add a secondary KVM to be cascaded or connected to a primary KVM switch Please refer to the KVM User Manual or the KVM net User for more detailed information about cascading To connect a Secondary KVM to a Primary KVM switch follow the steps below 1 From the menu select Devices The system displays the Device List form 2 From the D
33. 1 From the menu panel select Consoles The system displays the Console List form 2 Under the Config column of the Console List form click on the edit link of the Console you wish to remove from a group Configuration and Administration 179 Consoles 180 The system displays the Console Detail form 1 From the Console Detail form click on the Groups tab The system displays the Console Group form 3 From the Selected Groups view panel of the Console Group form select the group or groups from which you wish to remove the current console Click on the Delete button Click on Save to complete the procedure Deleting a Console Group You cannot delete a console group from the Console Group form To delete a console group or any group you must select Groups from the Admin menu See Groups on page 193 in this chapter To Connect to a Console To connect to a console using Secure Shell SSH follow the following step Note This does not apply to KVM consoles 1 From the Console List form select the console you wish to connect to by selecting the console name Configuring Outlets The Outlets tab allows you to associate the outlets on an IPDU to a console port On a KVM the IPDU is connected to the KVM device s AUX port and outlets can be individually assigned to specific KVM ports On an ACS or TS device the IPDU is connected directly to the s
34. 180 Eog R tate NOW Siennas iaa i a ian 181 IS GUS soriana ae e iE TEE eae 183 User List TO erea oer e e e a EAT 184 Deleting a User Group sssssssssesssssessseeseesessseessesrrsstessesressressesse 192 Eocal Password varenn eon a aa e a a 192 GOUD S orae oea a a E E A E a a A akties 193 Firmware yeiinsarinenniee iana ani ap gaa aaea iada 197 Firmware Eist Form ois ieai nar aaa aian Aa AEE Kaeni 197 Firmware Detail Form sesessessesesssssesseseesesseseesessersesseseesesseseese 200 Backing Up User Data sosssnseeseessssessesrsssresseserssressessrssressessresessres 202 Backup and Restore Scenarios sssssseesessseessesersseesseseresressessessees 203 System Recovery Guidelines s ssssssessessseseossesseesrosseesresresseesreseesressee 203 APM Database Transaction Support sssssssssssessesseeseesseesreseessee 204 Changing the Default Configuration ssssssesessessesessseseesessesee 204 Infos REPON cinner a a e 204 Info Reporting Details sccdmitecdatiekec encase car etcne 206 vi Blade Management Module cocisiicisausy eG cetoncesiaiee holes antes 206 Forms Used to Configure the Blade Module 00 0 eee 207 PIC VICCS hata ET ised va acceded Maueaiy cents td aotearoa aad 210 PLOXIGS ocns de tue ei ae arpo eb at Sade ea te Ala oad as 214 Two Methods of Blade Configuration 0 cceccceccseceseeeeeeeeeeesees 217 Running the Blade Wizard 0 ccceceecceesceceteceseeeeeeeeeeesseenteenees 217 Configuring the Blade
35. 23 Figure 3 24 Figure 3 25 Figure 3 26 Figure 3 27 Figure 4 1 Figure 4 2 Figure 4 3 Figure 4 4 Figure 4 5 Figure 4 6 Figure 4 7 Figure 4 8 Figure 4 9 Figure 4 10 Figure 4 11 Figure 4 12 Figure 4 13 Figure 4 14 Figure 4 15 Figure 4 16 KVM Viewer Launch Initialization Window 63 KVM Console List Control Page ceceeceeeseeeeeeees 64 KVM net Web Control Page eee cesceesseesteceteeeees 65 IPMI Sensors TOP cad chats oaacedeavatestuinn ee sacumtaveiaes 66 Log Selection Form f 5cctisis eax chaiecae Ss eeceadsshectiaasoaneeis 68 Acc ssi Logs POT 2 science caiman ene RE ys 69 Byent Logs Or ies nenets strn a 70 Data Buffer Log Form s ssssssessesessssessessrssressessresees 71 PM Device Viewer Detail Form cccceeeeeteeee 72 PM Device Outlet Control Form ceceeeeteeees 75 User s Profile Details Form ccecceeseeeeeeereeeteees 76 User s Profile Consoles Form ccccccseeeeeeeteeeteees 79 User s Profile Devices F Orinis 3scaecasyancesncesenteceiions 80 User s Profile Groups Form seseseessesessssesseseeseessee 81 User s Profile Security Form esseseeseseseeseeseresesee 82 AlterPath Manager Configuration Process Flow 87 Admin Menu Bar Selections ccccesceeeseeeseeteees 99 Logging in as A CIMIMD ocd oases necemtveredadel erence sone eatclenneed 100 Basic Functional Fields of a Typical Form 101 Consol
36. Consoles per Page You can change or configure the number of consoles that you can view for each page By default the number of consoles or lines per page is set to 512 If you want to change this setting go to To Change the Number of Consoles per Page on page 275 To Add a Serial Console This procedure uses the serial console as an example of adding a new console While there are variations to the Console Detail form based on the console type to be configured there is a standard procedure for adding a console To add a console follow the steps below 1 From the menu select Consoles The system displays the Consoles List form 2 From the Consoles List form click on the Add button Configuration and Administration 169 Consoles The system displays the Creating New Console form LOGOUT TEE Select Console type om Figure 4 41 Creating New Console Form 3 From the Creating New Console form select the type of console you wish to add The system displays the Console Detail form LOGOUT Groups Alarm Trigger Profiles Firmwar e Security Rules Info Reporting Details Users Notify Groups Outlets Log Rotate Console Name Mars 4 Device Name Mars Port 4 Profile Name defaut M Description OnSiteSerial Location Fremont Machine Type Machine Name OS Type OS Version Connection ssh v Status OnDemand Authentication none v NNM Selection ie Name Re
37. Delete a User from a Group 1 From the menu panel select Users The system displays the Users List form 2 From the Users List form click on the user name you wish to remove from a group The system displays the User Detail form for the selected user 3 From the User Detail form click on the Groups tab The system displays the User Group form Configuration and Administration 191 Users 192 4 From the Selected Groups view panel of the User Group form select the group or groups from which you wish to remove the current user Click on the Delete button Click on the Save button to end the procedure Deleting a User Group You cannot delete a user group from the User Group form See Groups on page 193 of this chapter Local Password You can set up users to have local authentication by setting the Local Password and defining the user name and password A local password is used if the authentication setting for the AlterPath Manager is Local The local password is also used as a backup when server based authentication is being used In this case if the authentication server is unavailable due to network problems then the system can use the local password It is therefore advisable that you set a local password for some users even when server based authentication is being used v To Configure the Local Password To set up local authentication for a user follow the followin
38. Form Table 4 2 Device List Form Element Definition checkbox adjacent to Checkbox to select the device to add or upload each device name firmware refer to the buttons below the form to enable these commands Device Device name Click on the device name to connect to the console server or device Click on the column title Device to change the sort order Type The type of device i e TS ACS KVM net or IPM Configuration and Administration 107 Devices Table 4 2 Device List Form Element Definition Config The device configuration Click on Edit to display the Device Detail form for selected device record or line Upload This column indicates if the device requires a firmware or configuration upload If required then select the checkbox adjacent to the device name and click on the Upload button NOTE The AlterPath Manager supports firmware and configuration upgrades for the following products ACS and TS Firmware and configuration KVM Firmware and configuration OnSite Configuration only Firmware The firmware version for this device Log Device log buffer Click on Log to view the logs for this device Status Status of the device Enabled Disabled or OnDemand OnDemand means that the device is enabled only upon user connection Filter By A drop down box that lets you select a filter element from a list of one or more After you select the filter element
39. Forward Proxy A forward proxy acts as a gateway for a client s without ARP browser sending HTTP requests on the client s behalf to the Internet The proxy protects your inside network by hiding the client s actual IP address and using its own instead When the outside HTTP server receives the request it sees the request or address as originating from the proxy server not from the actual client Configuration and Administration 115 Devices Table 4 4 Types of Web Proxy Proxy Type Function Forward Proxy using Proxy ARP is the technique in which one host ARP Address answers ARP requests intended for another Resolution Protocol machine By assuming its identity the router accepts responsibility for routing packets to the intended destination Proxy ARP can help machines on a subnet reach remote subnets without configuring routing or a default gateway Warning When you assign Forward Proxy using ARP or Forward Proxy without ARP all ports of the proxied device are reachable from the workstation from which the user is logged in It is important that all console ports are configured with an authentication type other than None The constraints that are set for all proxies rely on IP addresses only Any user from a workstation where there is another user logged into the AlterPath Manager will have access as long as the device does not require authentication to all devices that are being proxied for
40. KVM viewer is launching will pop up The KVM viewer will be launched momentarily 62 APM Installation Configuration and User s Guide Web Access for Users Web Access https 192 168 48 162 Launching AlterPath Viewer Microsoft Internet Explorer BAE Launching KYM RDP AlterPath Viewer Please wait Figure 3 13 K VM Viewer Launch Initialization Window After the KVM viewer appears the launch window is replaced in the background by a console list control window 2 After the KVM viewer appears bring the console list control window to the foreground 3 Click on the console name that corresponds to the console displayed in the KVM viewer window Note Every time a KVM viewer is launched from the APM a new console is displayed in the console list control window 63 64 Web Access for Users Z hitps 192 168 48 162 javascript window kvmPlusPopUpWin Microsoft Inter EBX Console Name IP User ID mykvmnetplus_01 1 mykvmplus_06_rdp 2 Saturn_01 1 B internet Figure 3 14 K VM Console List Control Page A web control page window similar to the window shown in Figure 3 15 appears APM Installation Configuration and User s Guide Web Access for Users https 192 168 48 162 javascript window kvmPlusPopUpWin Microsoft Inter Console Name Port User Name Permission Power Management Brightness Contrast Status IP User ID Console mykvmnetp
41. Name System Halt Trigger Expression The system is going down for system halt NOWI Notify YM Create Alarm yy Priority Severe w Status Enable Figure 4 35 Alarm Trigger Detail Form Table 4 18 Alarm Trigger Detail Form Element Definition Alarm Trigger Name Name of the trigger Selecting a trigger name invokes the Alarm Trigger Detail form for that trigger Trigger Expression String used to generate a trigger Notify Yes or No Indicates if system needs to notify Create Alarm Priority Status Back Save i e send an email to the user Yes or No Indicates if system needs to send an alarm to the user Indicates the priority or severity level of the alarm Enable or disable a trigger Button to return to the previous page or form Button to save your trigger entry Configuration and Administration 159 Alarm Trigger Table 4 18 Alarm Trigger Detail Form Element Definition Reset Button to reset the form to create a new trigger entry 3 Complete the fields as necessary 4 Click the Save button to complete the procedure v To Delete an Alarm Trigger 1 From the main Alarm Trigger form select the triggers to be deleted by clicking the check boxes to the left of each Alarm Trigger name 2 Click the Delete button Configuring Alarms for Device Health Monitoring To enable the Device Health Monitoring feature of the AlterPath Manager you m
42. Only HTTPS on page 294 of Chapter 5 Advanced Configuration for the procedure on how to configure the encrypted version AlterPath Manager Web Interface Admin Mode Once you have completed the First Time Configuration procedure you may login to the AlterPath Manager web interface and use the system in Admin Mode The Admin menu panel contains the following selections LOGOUT admin Enabl gregg Enable xpert Enable Users Consoles Devices Groups Alarm Trigger Profiles Firmware Security Rules Info Reporting Jobs Figure 4 2 Admin Menu Bar Selections Configuring the AlterPath Manager requires using the menu in a certain order To facilitate the configuration process the menu choices are discussed in the following order e Devices e Alarm Triggers e Profiles Firmware e Consoles e Users e Groups Info Reporting e Security Rules Configuration and Administration 99 AlterPath Manager Web Interface Admin Mode v To Log Into the APM Web Interface 1 Type admin or the name of another user with administrator privileges in the username field Type the password for the admin user in the password field Press Enter Welcome to AlterPath Manager Figure 4 3 Logging in as Admin 4 Select the Login button Upon successful login the Users List form appears Note When the AlterPath Manager launches your application screens for th
43. Only HTTPS 1 Edit the file usr conf httpd std conf 2 Comment out the listen directive Listen 80 3 To make the configuration effective restart tomcat and apache by first stopping tomcat followed by apache and then starting apache followed by tomcat etc init d tomcat stop etc init d apache stop etc init d apache start etc init d tomeat start 4 Use the saveconf command to save the configuration Note If you disable HTTP you must still type https in the browser URL input field to access the APM using the WMI There is no automatic redirection to HT TPs Firmware v To Add Firmware Firmware files tgz are normally downloaded from the web and copied into the AlterPath Manager using Secure Copy SCP To add or import new firmware follow this procedure 1 From the web www cyclades com download the firmware to the server you use to store your firmware Connect to the AlterPath Manager from your server using SSH Use the scp command to copy the firmware to the AlterPath Manager from your server 294 APM Installation Configuration and User s Guide Firmware Example sep v214 tgz root lt ip address gt usr fw 4 From the WMI open the Firmware List form and click the Import button The system should add the new firmware on the Firmware List form The system also updates the Firmware Boot drop down list in the Device Definition form v To Upgrade the APM Firmware
44. Set the Network Boot Utility sssssssseessssessseeseeseesee 266 setcons Set Console Connection ssessessssssessesseesesseesseseessee 267 setdatetime Set System Timezone Date and Time 268 setethernet Set Ethernet Speed and Duplexing 268 setnames Set Host Domain Names Nameserver 66 270 setnetwork Set Ethernet Subinterfaces 0 cc eee eeeeeeseeeeee 271 setntp Set Network Time ProtSocol Server ee eeeeeeceeeeeeeee 273 APM Installation Configuration and User s Guide Contents setserial Examine the Serial Port Parameters 000 273 setsmtp Set the Email Server s IP Address cieeeeeseeseeeee 273 date Set the Date and Tame po saa ssealtdsssanzececteadonne waepniesandentee 273 Changing the Escape Sequence cccs dssvicesstesces teense cata tract taceesQaiees 273 Re defining the Interrupt Key 0 0 ceceesceeseeeteeeeeeeeeeeeeeenseeees 274 Ethernet Bonding iichonct den lecdecda anne uaa E 278 Example Ethernet Bonding Configuration 0 0 0 0 ceeeeeseeeeeeeeeees 279 Configuration of DHCP Client in APM oo ee eecceseceeceteeneeeeeeneees 280 Example DHCP Configuration 00 cccccccsceseceeeeeeeceeeeeseeeseeeees 280 Ethernet Port Configuration 1s 4 is chisel nie eaeindacdieda tradectdetalaaes 281 HP OpenView NNM Integration 0 0 ceeeccceesceeeteceeeeeeeeeseeneenees 281 Modem Card Confisuration 2icsisasceetst ce ninsta eaa
45. To add or import new firmware follow this procedure From the web www cyclades com download the firmware to your computer Using the Linux shell on the serial console interface use the SSH sep command to copy the firmware to AlterPath Manager Example sep v214 tgz root lt ip address gt usr fw Open the Firmware List form and click the Import button The system will add the new firmware to the Firmware List form The system also updates the Firmware Boot pull down list in the Device Details form APM Installation Configuration and User s Guide Firmware v To Delete Firmware 1 From the menu panel select Firmware 2 From the Firmware List form select the checkmark box of the firmware you wish to delete 3 Select the Delete button v To Upload Firmware to Console Devices 1 From the Device Details form Device List gt edit button select the firmware you wish to upload from the Firmware Boot pull down lis Click the Save button t Go back to the Device List form and select the device s that need to be uploaded and then click the Upload button 4 Select Upload firmware bootcode and or Upload configuration y have the choice to select either firmware or configuration or both ou Note When uploading KVM net or KVM net Plus firmware you should check the Configuration checkbox as well as the Firmware bootcode ch
46. Users Form 2 From the resulting form select a user from the Select User to Console Access view panel In the selection box USER is the default list which contains all users The plus sign is also used to indicate all defined groups 3 Select the Add button The system transfers the selected user to the Selected Users view panel on the right 4 To select another user repeat steps 1 and 2 You can also use the Shift key to select multiple users 5 Click on Save to complete the procedure v To Select Users to be Notified Use the Console Notify form to assign one or more users to whom the system can send all notifications email or alarm pertaining to the current console 1 From the Console Detail form Consoles Console List gt Console Detail click on the Notify tab The system displays the KVM Console Notify form Configuration and Administration 177 Consoles 178 LOGOUT help about Access WY Admin admin connected to 192 168 48 162 ie SSS els La Gas Se ee Select user to console notification Selected users admin gregg Figure 4 46 KVM Console Notify Form 2 From the resulting form select a user from the Select User to Notify view panel In the selection box USER is the default list which contains all users The plus sign is also used to indicate all defined groups 3 Select the Add button The system tra
47. a CLI setnames Set Host Domain Names Nameserver root APM gregg root setnames Enter the System s Hostname max 30 characters APM gregg Accounting APM Enter the System s Domain Name max 60 chars localdomain lt domain_name gt Enter the Primary Nameserver s IP address none 192 168 44 21 Enter the Secondary Nameserver s IP address none Configuration changed xxx Execute saveconf to save the new values in flash Caution All network settings should be changed through the appropriate set scripts To ensure the name server is correctly set use setnames and run saveconf to save the new values in flash You can verify that the domain name server is configured correctly on your APM by entering the following command from the console nslookup lt your APM IP address gt or nslookup lt your APM host and domain name gt The console display will appear something like the following root APM gregg root nslookup 192 168 48 162 Name backup cyclades com Address 192 168 44 21 Name APM gregg cyclades com Address 192 168 48 162 270 APM Installation Configuration and User s Guide Working from a CLI setnetwork Set Ethernet Subinterfaces root APM gregg root setnetwork Show current configuration Y es or N o N n Enable Et Ethernet hernet Bonding Y es or N o N n eth0 IP address S tatic D HCP N one or K eep current K s
48. addr 10 10 10 2 Bcast 10 10 255 255 Mask 255 255 0 0 UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 632 errors 0 dropped 0 overruns 0 frame 0 TX packets 622 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 1000 RX bytes 38288 37 3 Kb TX bytes 42288 41 2 Kb Interrupt 11 Base address 0xc400 Memory e5021000 e5021038 Link encap Local Loopback inet addr 127 0 0 1 Mask 255 0 0 0 UP LOOPBACK RUNNING MTU 16436 Metric 1 RX packets 113528 errors 0 dropped 0 overruns 0 frame 0 TX packets 113528 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 0 RX bytes 15268713 14 5 Mb TX bytes 15268713 14 5 Mb The numbers following the HWaddr subheading for each Ethernet controller installed ethO and eth by default is the MAC address for the controller Data Logging Session Activation 321 Data Logging Session Activation 322 AlterPath Manager Installation Configuration and User s Guide Glossary 3DES Triple Data Encryption Standard an encrypting algorithm cipher that encrypts data three times using a unique key each time to prevent unauthorized viewers from viewing or changing it 3DES encryption is one of the security features provided by Cyclades products to support data center security policies authentication Controlling access by requiring users to enter names and passwords Anyone accessing Cyclades products and connected devices must log in by entering a usern
49. an APM and an OnSite The following configuration diagram shows an example of an APM connected to an OnSite with KVM servers and console servers One server can be accessed through both types of connection AlterPath Manager Ethernet OnSite LTT I Serial Ports KVM Ports Server _ L Server Server Server Server Server Server Figure 1 8 Example of an OnSite accessed by an APM Introduction 19 OnSite Support 20 APM Installation Configuration and User s Guide Chapter 2 AlterPath Manager Installation This section discusses the procedures and requirements for installing the AlterPath Manager E2000 2500 and 5000 The section is organized as follows Product Installation Checklist Page 21 Rack Mounting the AlterPath Page 23 Manager Deploying the AlterPath Manager Page 25 Safety Considerations When Rack Page 28 Mounting Pre Configuration Requirements Page 30 IPMI and Blade Module Options Page 38 Product Installation Checklist Rack Mounting and Connecting AlterPath Manager to the Network Pre Configuration Requirements Preparing Console for Initial Configuration Product Installation Checklist Your AlterPath Manager E2000 2500 or 5000 is shipped with the components as described by the following table Check Item Part Description Purpose Number
50. an admin user can create 14 blades and 4 switches All blades provide authorized users with CLI KVM IP virtual media and power options For security Blade users are controlled by the Access Control List ACL which is configured through the Security Rule option of the web interface Note The Blade Management Module is a paid for option for AlterPath Manager users and is hidden from users who do not need it Backup Restore and Replicate User Data Introduction This feature allows users to create a backup of the AlterPath Manager configuration data and log files The backup includes data from the compact flash configuration data from the database and log data from the console buffer files This feature also enables users to copy console log files to a server for further analysis and archiving 13 Key Features Change and Configuration Management Change and Configuration Management feature of the AlterPath Manager is designed such that any number of change management procedures can be configured through the AlterPath Manager rather than through the target devices or software Initializing new console servers e Setting the serial ports e Upgrading firmware All change management configuration is performed by the administrator Exhaustive Reporting Because the AlterPath Manager consolidates all its logs and maintains its own databases it provides in depth reporting capabilities to suit the reporting needs of u
51. and User s Guide Restoring Your Configuration You can change the default configuration values from the properties file var apm apm properties Table 5 5 Default Configuration Values from the apm properties File Property Name Default If you change the Property default property value Value ensure that db apm apmdb The system creates a corresponding database db apm user apm The system creates a corresponding database user db apm pw apmdb The system creates a corresponding database db apm max_connections 20 max connections in my cnf file is set to greater or equal to db apm max_connections value db apm min_ connections 10 db apm host localhost the new host is available on the network Restoring Your Configuration If during a configuration upgrade the system displays an error or failed message you can check the log file var log conf V_ version number log and decide whether to restore the original configuration For example if you are upgrading your configuration from V_ 1 2 1 to 1 3 0 then the log file to check is var log conf V_1 3 0 log To restore the previous configuration restconf config tgz old Advanced Configuration 301 Restoring Your Configuration v To Install SSL Certificates This section explains how to add or import your own SSL certificate to the AlterPath Manager instead of using the Cyclades default SSL certificate A certificate for the HTTP sec
52. and selections Pressing Finish will save these changes Page 1 2 Page 2 2 IPDU Outlets Console Port Profile Connection Authentication Jupiter_01 1 Jupiter_02 2 Jupiter_03 3 Jupiter_04 4 Jupiter_05 5 Jupiter_06 6 Figure 4 24 Confirm Console Edits Form Page 1 13 Check your console settings from the Confirm Edits form the Page 2 2 tab included If information is incorrect select the Back button and repeat steps 10 and 11 Otherwise select the Finish button Device Discovery Auto Discover The Device Discovery feature enables the AlterPath Manager to recognize the current configuration of a Cyclades AlterPath TS ACS or KVM net and through the use of a wizard autopopulate the console parameters based on the existing device configuration settings Warning Consoles with the same names will cause the wizard to fail Since the ACS was designed to accept multiple ports with the same name in the event that the wizard fails due to ports sharing the same name you have two options 1 Fix the configuration problem in the ACS and then run the Device Discovery wizard again 2 Create consoles through the console wizard and then upload the configuration to ACS to overwrite the old one 142 APM Installation Configuration and User s Guide Devices Configuration Requirements For the Auto Discover button to work you must complete the required fields which are highlighted in red in the Dev
53. assign ticket to another individual user Status Dropdown box to select the status of the ticket Messages The system generated message s pertaining to the alarm Notes Text entry box for entering notes or comments about the current ticket or alarm Back Button to return to the Alarms List form Save Button to save your entries Reset Button to reset the form to its original or default values 51 Alarms v To View Alarm or Console Logs You can view the console log for a particular alarm or ticket from the Alarms List form To view the console log follow the step below 1 From the Alarms List form under the Console Log column heading select the corresponding view link for the console log you wish to view The system displays the Logs form LOGOUT Alarms Consoles Devices User s Profile Select console or device and time interval to view the logs Console Device Jupiter 01 B Date from 2005 09 13 Date to 2005 09 15 Figure 3 5 Logs Form v To Assign or Re assign a Ticket to a User To assign or re assign a ticket follow these steps 1 From the Alarms List form select an alarm or ticket to open the Alarm Detail or Ticket Information form The system opens the Alarms Detail form 2 From the Ticket Information form select a user from the Assigned Users dropdown list box 3 Ifapplicable select the status from the Status dropdown list box 52 APM Installation Configurat
54. below 1 From the menu panel select Devices The system displays the Device List form 2 From the Device List form click on Add located at the bottom of the form The system displays the Select Device Type form Select Device Device Types 4 Figure 4 9 Select Device Type Form 3 From the Select Device Type form select from the type of device TS ACS KVM net OnSite or IPMI you wish to add and then click on the Submit button The system displays the Device Detail form based on the selected device type The example below shows the Devices Detail form for the device type ACS 110 APM Installation Configuration and User s Guide Devices CO c EEE LOGOUT Alarm Trigger Profiles Firmware Security Rules Info Reporting Details Users ACL Notify Groups Proxies KVM Viewer Dial Up Log Rotate Device Name Model Admin Name IP Mode IP Address Default Gateway Connection Status Health Monitor Firmware Boot Satum Type KvMnet KVM neti6 Location Fremont root Admin Password Set Password static M MAC Address pI 192 168 48 161 Netmask 255 255 252 0 192 168 48 1 DNS 192 168 44 21 ssh M Domain cyclades com OnDemand Auto Upload o day M V_2 0 0 1a Aug 18 05 Alternate Boot 2 0 7 Apr 21 04 lt Back Reset Save Save amp List Cascade Save amp Create Consoles Save amp Auto Discover
55. by listing them as follows modem pool out only ttyPS1 ttyPS3 e Configure timeout to wait for a dial back call from an ACS modem pool dial in timeout 30 If a timeout value is not provided the AlterPath Manager will wait for 60 seconds Define the time in seconds in which the AlterPath Manager should wait before allocating the modems for dial in after receiving a confirmation from an ACS that it will call the AlterPath Manager back modem pool on_hook_time 4 For external modems From the ACS edit the file etc inittab and etc pslave conf to e Remove the control of Portslave over it and add mgetty For PCMCIA modem From the ACS copy the file etc ppp options ttySn to etc ppp options ttyS n 1 Where n is the number of the last serial interface of your ACS i e 1 for ACSI 8 for ACS8 etc For PCMCIA modems no further configuration is required just insert the modem card and mgetty will open the modem port and wait for the ring Advanced Configuration 287 Changing the Ports to be Proxied Changing the Ports to be Proxied When Forward Proxy with or without ARP is enabled for a device the default proxied ports are 80 and 443 To change the opened ports perform the following steps 1 Edit the property proxyserver ports in the var apm apm properties file 2 Separate the port numbers using commas There should be no spaces in this line Example proxyserver p
56. cccceeseeesseesteeeteeeteeeees 199 To View and Access Firmware Information cccccessceeteeeeeeees 201 To Upgrade the AlterPath Manager Firmware ceseeceeeeeeeeeeees 201 To Respond to the Warning Message c ccccceeseesseeeeceeeeeeteeenseenee 204 To Activate the Blade Modul nuccsncontccwatiidtasiieans 207 Lo Addor Beit the Wasi c 5 dvsacaslsccssincteerseniaaashsadaatsaviocas lias anluaes 210 To Select a Group to Access the Chassis cccceesceesseesteeeteeeeeeeees 213 To Configure the Chassis Switch caso csccs neta eiatis tated alsa 215 To Add Blade or Switches cc ccjinskeadancssseecadsantacashts aai 224 To Edit a Blade or S Wite Wiss cc fess epsccaec ss bdecseseoacea Ness tu chse Seaseo ve icosseaeets 224 To Add or Edit a Security Rule 2 i iccinscsamaisidesdokoiis aes 227 To Configure Conditions for Accepting Source Pages 06 228 To Delete a Security Rule esssesesseeseesseesreseesseesresrssseessessrssressesses 235 xxi Xxii To Configure a PM Device aac Nolita a Setaatcece ene uses cane 238 To Set Up a Fault Tolerant APM Configuration eeeeeeeeeeeees 247 To Upgrade Firmware on Redundant APMS eseeceeseeeereeeeees 252 To Log Into the Serial Console Port ceececccececeeeseeeseeeeteeeteeeees 256 To Do a Windows SSH Login ecececccececcesseeeneecesecetecsseeenseeeaeenes 257 To Do a Linux or UNIX SSH Logit ssis3isetcinieacteatainiedeativiatete
57. considerations for setting up a modem on an ACS for communication between an ACS and the AlterPath Manager Covers special considerations for adding DLS activation Defines terms used in this book xxiv APM Installation Configuration and User s Guide Document Organization Typographic and Other Conventions The following table describes the typographic conventions used in Cyclades manuals Table P 1 Typographic Conventions Typeface Meaning Example Links Hypertext links or URLs Go to http www cyclades com Emphasis Titles emphasized or new words or terms See the A terPath Manager Quick Start Filename or Command Names of commands files and directories Edit the pslave conf onscreen computer output file What you type in an example compared to what the computer displays APM ifconfig etho User input The following table describes other terms and conventions Table P 2 Other Terms and Conventions Term or Convention Meaning Examples Hot keys e When hot keys are shown a Ctrl k p entered while plus appears between two keys that must be pressed at the same time and a space appears between two keys that must be pressed sequentially the user is connected to a KVM port brings up an IPDU power management screen Ctrl and k must be pressed at the same time followed by p Ctrl Shift i entered while the user is connected to a serial port brings up the IPMI power man
58. d disconnect s Status tty If no tty is specified then the command applies to all modems To check what modems are available type in check modem s Example root APM root check modem s ttyPSO Available ttyPS1 Available ttyPS2 Available ttyPS3 Available Viewing the Latest Status of Each Modem The modems in the modem pool are allocated in a round robin sequence to ensure all modems are exercised to the same degree If a modem fails to dial out the system will allocate the next modem in the modem pool The var log modem_status file contains the result of the last attempted usage of a modem Containing the modem date time and status it is created the first time a connection is attempted Example root APM root cat var log modem status ttyPSO 2004 04 12 09 40 12 Dial out to acs48failed ttyPS1 2004 04 12 09 42 35 Connected to acs32 ttyPS2 2004 04 12 09 32 23 Connected to acs32 ttyPS3 2004 04 12 09 35 00 Dial out to acs48 failed NO DIAL TONE APM Installation Configuration and User s Guide Configuring Dial Out and Dial Back v To Define Different Scripts for Each tty Device The modem chat scripts are located in etc ppp and are used by pppd to initialize the modem and to dial out The file etc ppp chat init is the default script used for modem initialization and etc ppp chat connect is the default script for modem dial out 1 To define an init script for a specific port
59. defaults for all the consoles Connection Protocol telnet w Status OnDemand LOGOUT Users Consoles i Groups Alarm Trigger Profiles Firmware SecurityRules Info Reporting Jobs Select the users to be notified and who can use the consoles Groups Select user to console access Selected users admin n gregg USER ica Ge Figure 4 68 Blade Wizard User Access amp Notification Form Configuration and Administration 219 Blade Management Module LOGOUT Users Consoles icl Groups AlarmTrigger Profiles Firmware SecurityRules Info Reporting Jobs Below is a list of all consoles that have not been configured for this console server Select the one s you wish to configure using the wizard O Configure Console Name Blade_Center_01 Blade_Center_02 Blade_Center_03 Blade_Center_04 Blade_Center_05 Blade_Center_06 Blade_Center_07 Blade_Center_08 Blade_Center_09 Blade_Center_10 Blade_Center_11 Blade_Center_12 Blade_Center_13 Blade_Center_14 Blade_Center_SW1 LOGOUT PRE Devices MO Edit any settings for the consoles for this console server or press Advanced to edit other console settings Page 1 2 Page 2 2 Blade Switch Connection Blade_Center_03 telnet Blade_Center_05 telnet ov Blade_Center_SW1 telnet Console
60. down list allowing you to select either On Demand to enable the PM or Disabled The name of the controlling device K VM net OnSite ACS or TS to which the PM device is connected This is either port 1 or an incremented number for each cascaded device on a KVM net or OnSite or the serial port number of an ACS or a TS to which the PM device is connected If set to 0 the alarm will occur when default current threshold of the PM is exceeded You can set this to an alternate threshold below the default threshold if you wish If selected automatically shuts off an outlet if the current at that outlet exceeds the current limit 73 Power Management 74 Table 3 10 IPDU Viewer Details Form Element Definition Buzzer If selected sounds a buzzer if the alarm threshold is exceeded Syslog If selected allows PM device alarm events to be logged Back Button that allows you to go back to the previous form without saving any configuration parameters Get Information This button is used to update information displayed in the IPDUs Info and the Outlets forms since they are not updated in real time v To View PM Device Parameters 1 Select Access tab gt Consoles Devices gt Devices pull down list 2 Click on the PM device that you wish to view or edit You will see a VIEW button and a CLI button appear just below the device name 3 Click the
61. fire resistance electomagnetic capability electrical safety and manufacturing component characteristics among other attributes NIS Network Information Service An industry standard directory protocol used for authentication specifically in Sun legacy systems OOBI Out of band Infrastructure Provides secure alternate paths to connect to and manage IP production infrastructure remotely Components include console servers KVM switches IPDUs and service processor managers Enables lights out data centers where computers can be monitored preventively maintained and restored to operation without site visits by technicians Out of band A type of access to assets that is either separate from or independent of the normal production network Used for remote monitoring and control even when the managed assets lose connection to the production network Typically out of band access is through an RS 233 or Ethernet console a power reset circuit ora KVM port RSC Remote System Control Sun s remote out of band management technology on certain Sun servers that includes an independent RSC card and software Enables the remote administrator to run diagnostic tests view diagnostic and error messages reboot the server and display environmental status information from a remote console even if the server s operating system goes offline The RSC firmware runs independently of the host server and uses standby power drawn from it
62. form Delete button Console Detail form Groups tab gt Console Groups Consoles List form If you choose not to use the Console Wizard Devices Device List gt Device Detail then you can add consoles attached to the added device using the Consoles List and Console Detail forms Note After adding a console you must upload the configuration to the device before the console can become active To prevent multiple uploads it is advisable to add many consoles and then do one upload for the device to enable all the consoles that were added Note See Difference between Auto Upload and Manual Upload on page 131 of this chapter Configuration and Administration 167 Consoles 168 Data buffering data logging and event notification are valid definitions only for consoles with permanent connections i e data status is enabled Limitation of Remote Authentications in ACS Console Access To upload configurations and firmware you must configure the ACS device to use root as the admin user However access to an ACS console as root through the AlterPath Manager is currently not possible if the ACS serial port is configured to use any remote only or remote down local authentication Note In this case remote means any of remote nis Tacacs Plus Radius ldap etc There are two scenarios that you can use to work around this limitation 1 Ifyou want root as well as other
63. full path of each license file name you enter into this file For example if the name of the license file you are adding is APM _B_IPMI enc you should enter the full path name var apm licenses data APM B IPMI enc Be sure to follow up with the saveconf command It is also a good idea to save a copy of each license file on a server that can be accessed by your APM just to be extra safe If at any time you run defconf the file etc files list will revert back to its original state and you will need to reinstall your license Backing Up User Data Using CLI you can back up and restore the configuration and data files of the AlterPath Manager to a local or a remote destination This feature allows you to backup and restore either independently or altogether the following data types Table 5 4 Data Types You Can Backup and Restore Data Type Definition System Configuration Data related to the AlterPath Manager host settings such as IP Address Authentication Type and Host Name Configuration Data Data related to the configuration of consoles users and so forth which are stored in the database Data Buffers The ASCII data collected from the consoles 296 APM Installation Configuration and User s Guide Managing Log Files Backup and Restore Scenarios For illustration purposes there are two scenarios in which you can perform the backup e Replicating data to a hot spare machine Yo
64. g Netscape 8 x To view serial console ports you will need to install Java plug ins Java plug ins are located at http www sun com v To Enable ActiveX on Internet Explorer 1 Open an Internet Explorer session 2 Click on Tools gt Internet Options gt Security tab gt Custom Level button APM Installation Configuration and User s Guide Pre Configuration Requirements 3 Make sure you enable the selections shown as enabled in Figure 2 3 Options to Enable for ActiveX ActiveX controls and plug ins iW Automatic prompting For Activex controls Disable 0 Enable G Binary and script behaviors Q Administrator approved Disable Enable B 9 Download signed Activex controls Disable Enable 3 Prompt iW Download unsigned Activex controls Disable Enable Prompt i Initialize and script ActiveX controls not marked as safe Disable Enable Prompt i Run Activex controls and plug ins Administrator approved Disable Enable Prompt iW Script ActiveX controls marked safe For scripting Disable Enable Prompt Figure 2 3 Options to Enable for ActiveX v To Enable ActiveX on Netscape 7 x Note This applies to Netscape 7 x where x gt 1 1 Go to the following path using Windows Explorer C Program Files Netscape Netscape defaults pref Installation 33 Pre Configuration Requirements Note This path can vary if Netscape 7 x was i
65. how the parameters are entered into the system First Time Configuration Wizard An Example The First Time Configuration sample session shown below shows the portion of the command line data where the user configuration begins This is commenced by the heading Welcome to Cyclades APM Before the Welcome heading appears the system will prompt you for the following Caution Be sure you answer n to the following questions Configuration and Administration 93 First Time Configuration Wizard Note In the following examples items shown in bold type represent user input Do you want to re create hard disk partitions y n n Do you want to re create the System file system y n n Do you want to re create the Console Log file system y n n Do you want to re create the Configuration file system y n n The screen scrolls to the Welcome heading Welcome to Cyclades APM Since this is the first time you are booting your APM you need to answer some basic configuration questions Once this is done the other APM configuration parameters can be set through its Web Management Interface WMI Press any key to continue Press any key to get to the password entry prompts Note Passwords are not displayed on the console screen when they are typed You must now set a password for root the system administrative account WARNING this is a very powerful account an
66. in many Cyclades products allows the use of existing cabling infrastructure in the data center A means of operating a computer by typing a text command at an on screen prompt and hitting the Enter or Return key to issue the APM Installation Configuration and User s Guide command The computer then processes the command displays whatever output is appropriate and presents another prompt for the next command Typical commands are to run a program enter a text editor list files and change directories This mode of interaction is common for instance in the traditional DOS and UNIX operating systems Command line interface An interface that allows users to use text commands that tell computers to perform actions compared to using a GUI Through a CLI individual commands can be given to the computer one at a time using a keyboard Alternately users can save a series of frequently used commands in a file called a script Being able to create and run scripts to automate repetitive tasks is one of the reasons many administrators prefer using a CLI Most computer operating systems have both GUI and CLI modes Cyclades products run the Linux operating system and most Cyclades products provide CLI access CLI access is achieved through several different means For one example if a remote administrator uses Telnet to access an AlterPath OnSite the administrator can then tell the OnSite to perform actions using the CLI by typing command
67. not configured correctly users with security rules that have host domainname filtering with deny permission will still be denied access to the APM because the security rule can not be verified If the rule is Allow the rule is ignored and the next allow rule is considered All successful DNS reverse lookup entries are cached for about 30 minutes and all unsuccessful DNS reverse lookup entries are APM Installation Configuration and User s Guide Security Rules cached for about 15 minutes If a user has a security rule with deny and the DNS lookup of source was not verified the user will be denied access to the APM for 15 minutes In this case the user must wait for 15 minutes before attempting to sign on again to the APM Security Rules Network Intf The Network Intf Local Area Network Interfaces form allows you to define the interfaces to which a user is either allowed to connect or denied access This feature is designed for situations where multiple network or LAN segments are used or defined LOGOUT Network Interface Allow Select Net Intf Conditions Selected Net Intf Conditions ALL INTERFACE ALLOWED Figure 4 77 Security Rule Network Interface Form Table 4 40 Security Rules Network Intf Element Function Network Interface tab Tab to select the current form Configuration and Administration 231 Security Rules Table 4 40 Security Rules Network Intf Ele
68. now fully support blade configuration The Consoles List form shows one console name for each blade or switch For each blade the AlterPath Manager provides serial console KVM power and virtual media connections and for each switch CLI and web connections All users access rights to blades and switches and the types of action they are allowed to do are defined in the Security Rules forms Table 4 35 Blade Module Summary of Console Forms Form Name Use this form to Consoles List Details tabbed form Access tabbed form Notify tabbed form Group tabbed form View list of blades switches add edit or delete blades switches View or edit blade configuration details e g connection type log rotation etc Select user s to access the current blade or switch Select user s to be notified of an alarm regarding the current blade Select blade groups To create a new group go to the Groups tab 222 APM Installation Configuration and User s Guide Blade Management Module Consoles List Form The Consoles List form displays all the blades configured and supported by the AlterPath Manager The form allows you to e Connect to a blade server or switch When you move your cursor over the blade or switch name a pop up window displays options to provide you the following connection types Table 4 36 Blade or Switch Connection Types Connection Type Applies to Use this connec
69. of firmware or to view information about a particular firmware Once you have configured the consoles you can define users and assign them to access the target consoles menu option Users and define the triggers that will create alarms and send email notifications menu option Alarm Trigger to users First Time Configuration Wizard 88 Before you run First Time Configuration check to ensure that your system is set up properly If you are using a PC ensure that HyperTerminal is installed on your Windows operating system If you are using the UNIX operating system use Kermit or Minicom Ensure that you have a NIC card installed in your PC to provide an Ethernet port and allow network access Refer to Chapter 2 AlterPath Manager Installation for procedures on how to prepare for First Time Configuration The first time configuration process is designed to e Establish user as root the superuser for the serial console interface e Establish user as Admin the superuser for the AlterPath Manager web user interface and the command line interface CLI e Initialize your system and user settings to ensure full connectivity and functionality of the AlterPath Manager APM Installation Configuration and User s Guide First Time Configuration Wizard First Time Configuration requires that you e Connect to the serial console e Log in as root v To Use the First Time Configuration Wizard 1
70. of periodic checking as defined in the Device Detail form It will connect to the KVM net interface and login to the unit to ensure that the IP is valid including the username and password Errors are reported by email to the admin user and an alarm generated AlterPath Manager Features Unsupported by KVM net When using the KVM net logs are available only for access to KVM consoles The Logs form defaults to Access Logs and Event Logs Data Buffering is inactive Alarms are generated only for KVM net Health Monitoring events The Alarm list form is the same as for serial console alarms but without the data buffer link OnSite Support 18 The AlterPath Manager supports the AlterPath OnSite The OnSite is a single compact and powerful AlterPath product that has both serial and KVM ports The OnSite can be accessed through a terminal through the ethernet through a modem or through your AlterPath Manager The AlterPath Manager allows you serial port console access to any computer whose serial port is connected to and configured on an associated OnSite The AlterPath Manager also allows you KVM port access to any computer whose KVM port is connected to and configured on an associated OnSite The AlterPath Manager can even provide both types of access to a single computer if both types of access are configured on the associated OnSite APM Installation Configuration and User s Guide OnSite Support Example Configuration of
71. or N o for Enable Ethernet Bonding see example on page 96 for no and example on page 279 for yes e Select S tatic D HCP N one or K eep for the Ethernet 0 eth0 IP address Enter the eth0 IP address if you selected static Note When you are connecting to a public network see Figure 2 2 Single Network Diagram on page 28 Eth0 can be configured with 2 IP addresses as long as both addresses conform to the subnet and address range of the public LAN e Enter the ethO subnet mask address e Select S tatic N one or K eep for the eth IP address Enter the eth IP address if you selected static Note When you are connecting to a private network see Figure 2 1 Private Network Diagram on page 27 Eth0 the primary Ethernet port is connected to the public LAN The Eth0 address and subnet must conform to the public LAN s subnet and address range Eth1 the secondary Ethernet port is connected to the private LAN with its own subnet and address range e Enter the secondary Ethernet subnet mask address Configure Ethernet subinterfaces Y es N o or L ist e Configure Ethernet VLANs Y es N o or L ist Enter Ethernet default gateway Set Ethernet eth0 speed duplex APM Installation Configuration and User s Guide First Time Configuration Wizard e Choose the correct operation mode from the following 1 Auto negotiation 2 10 Mbps full duplex 3 10 Mbps half duplex 4 1
72. run installimg you can edit the file etc files list and add your license file name to the list of files Be sure to use the full path of each license file name you enter into this file For example if the name of the license file you are adding is APM _B_IPMI enc you should enter the full path name var apm licenses data APM B IPMI enc Be sure to follow up with the saveconf command It is also a good idea to save a copy of each license file on a server that can be accessed by your APM just to be extra safe APM Installation Configuration and User s Guide Users If at any time you run defconf the file etc files list will revert back to its original state and you will need to reinstall your license Users The Users option provides forms that enable the following user management tasks Table 4 26 Summary of User Forms Action Form s Used Add a new user User list Add button gt User detail Authorize the currentuser User detail Access tab gt User Access to access one or more form consoles View or edit user User list username link gt User detail information Set or change a user User detail Set Password button password Define user as an User detail Admin User checkbox administrator Assign a user to one or User detail Groups tab gt User Groups more groups form Delete a user User list Delete butto
73. service telnet flags REUSE socket _type stream wait no user root server usr kerberos sbin telnetd bind 127 0 0 1 log_on failure USERID 3 Verify that etc protocols has the following entries tcp 6 TCP transmission control protocol udp 17 UDP user datagram protocol 276 APM Installation Configuration and User s Guide Working from a CLI 4 Ifyou are going to use PAM support add the pts devices in the file etc securetty as shown below ttyso pts 0 pts 1 pts 2 pts 3 pts 4 pts 5 5 Enter the command saveconf 6 To complete the procedure restart xinetd with the following command etc init d xinetd restart Note xinetd services will be available after reboot since this script is already included in the startup procedure v To Change the ACS TS Admin Name If you want to use another admin name other than root for ACS or TS devices perform the following steps 1 Create a new user in the device Example adduser myadmin 2 Edit the files etc passwd and etc group by setting the userid and groupid of the new user to zero 0 and setting the home directory to root Example etc passwd myadmin dM7VcWSPBOGI 0 0 Embedix User root bin sh etc group teste x 0 Each time a connection is made to the ACS or TS device or any of its consoles the system uses the admin user name and password that is set in Advanced Configuration 277 Ethernet
74. the form will become active The default settings for Fail Over Time Message Period and Dead Ping Timeout can remain as they are Select the Configured State drop down box and set it to Primary Select the Authentication drop down box and choose CRC MD5 or SHAI Enter a password in the Shared Secrets Key field This password must be the same when you enter it in the Shared Secrets Key field for the redundant APM Enter an IP address in the Service IP field This is an IP address for the APM web service It must be a static address and it must be the same IP address used when configuring the Service IP for the redundant APM Fill in the Ping Nodes List field with IP addresses to ping in order to detect when primary APM has lost connectivity to the network It is recommended that this field includes the default gateway IP address and the router IP address Be sure to separate the IP addresses with commas and no spaces Enter an alias in the Node Name field for the primary APM in the column for the current system Enter the IP address for the primary APM in the IP Address field in the column for the current system Enter an alias in the Node Name field for the redundant APM in the column for the mated system Enter the IP address for the redundant APM in the IP Address field in the column for the mated system You should be abl
75. the result of submitting a Certificate Signing Request see the certreq subcommand to that CA Which type of import is intended is indicated by the value of the alias option If the alias exists in the database and identifies an entry with a private key then it is assumed you want to import a certificate reply Keytool checks whether the public key in the certificate reply matches the public key stored with the alias and exits if they are different If the alias identifies the other type of keystore entry the certificate will not be imported If the alias does not exist then it will be created and associated with the imported certificate Be sure to check a certificate very carefully before importing it as a trusted certificate View it first using the printcert subcommand or the import subcommand without the noprompt option and make sure that the displayed certificate fingerprint s match the expected ones For example suppose someone sends or emails you a certificate and you put it in a file named tmp cert Before you consider adding the certificate to your list of trusted certificates you can execute a printcert subcommand to view its fingerprints as in keytool printcert file tmp cert Owner CN 11 OU 11 O 11 L 11 S 11 C 11 Issuer CN 11 OU 11 O 11 L 11 S 11 C 11 Serial Number 59092b34 Valid from Thu JUL 01 18 01 13 PDT 2004 until Wed SEP 08 17 01 13 PST 2004
76. trigger Key Features text based on how the trigger was configured by the administrator it will do the following Send an email to a user list e Create a prioritized alarm entry in the Alarm database e Write a log message to the AlterPath Manager logging system to acknowledge the trigger Other Alarm Features Notes Allows you to add notes to an alarm to indicate what action you have taken These notes can be useful for future reference to similar issues Reports Allows you to generate a report to show what actions were taken by whom and how long it took to fix the issue Modem Support for Remote Sites Using point to point protocol PPP the AlterPath Manager E2000 is equipped with modem dialing capability to allow complete out of band access to remote console server devices Moreover users have the choice to use PPP as the primary mode of connection or only as a backup connection in the event that the network fails Note Modems are not supported on the APM 2500 or the APM 5000 Dial Back Support for ACS The AlterPath Manager E2000 provides options for integrated modems to automatically dial to remote locations when the network fails In the absence of network connectivity the dial back feature enables the AlterPath Manager to initiate a call to a remote AlterPath ACS unit and then have the ACS dial back the connection using a predefined number One Time Password support for ACS The One Time Password O
77. v To Delete a Group Note You cannot delete the following system generated default groups Device Console and User To delete a group follow the steps below 1 3 From the menu select Groups The system displays the Groups List form From the Groups List form click on the checkbox of the group that you wish to delete Click on the Delete button v To Assign a Security Rule to a User Group Note The User group includes an additional tab Security which allows you to assign one or more security rules to the current user group 1 2 Select the security rule from the Select security rule box and then click on the Add tab Click on the Save button Configuration and Administration 195 Groups LOGOUT curity Rules Info Reporting General Security Select security rules Selected security rules Novice Figure 4 57 New User Group Security Form 196 APM Installation Configuration and User s Guide Firmware Firmware AlterPath Manager contains a firmware repository and supports firmware upgrades for the TS the ACS and the KVM net Each time a new firmware is released for the ACS and TS Cyclades will release a package for AlterPath Manager to import The package contains firmware boot code release notes user manual and dependency file The dependency file is used to ensure you do not load the firmware to t
78. with its own Ethernet switches the management network is physically separate from the public network Because any AlterPath Manager user who needs to access serial or KVM console ports must pass through the AlterPath Manager this is the most secure way to deploy the AlterPath Manager see Figure 2 1 Single Network Topology In a single network topology the AlterPath Manager is connected to only one network and the AlterPath Manager management functions are contained in the same network While it may appear that the workstation has direct access to the TS and ACS boxes if users attempt to access them they will be denied because the AlterPath Manager is already controlling access to the ports Ina single network configuration a Virtual Local Area Network VLAN configuration is recommended see Figure 2 2 Caution When referring to the connection diagrams below Eth0 and Eth are marked as Eth and Eth2 respectively on the actual hardware When configuring the software be sure to configure these as Eth0O and Eth1 Refer to the rear view illustrations starting on page 2 in the Introduction chapter APM Installation Configuration and User s Guide Deploying the AlterPath Manager Private Network Diagram The diagram below depicts how the AlterPath Manager AlterPath Manager may be set up in a private network structure Workstation Public LAN Web User Interface ra EthO Private LAN RS 232 RS 232
79. 00 Mbps full duplex 5 100 Mbps half duplex 6 1000 Mbps full duplex 7 1000 Mbps half duplex Note Gigabit Ethernet 1000 MBps speed is available on the APM 2500 and APM 5000 only e Set Ethernet ethl speed duplex e Enter the system s hostname max 30 characters e Enter the system s domain name max 60 chars Enter the primary nameserver s IP address Enter the secondary nameserver s IP address Enter the NTP server e Enter the E mail SMTP server Enter an authentication method local RADIUS TACACS LDAP Kerberos NIS Active Directory Note After you select an authentication service type you will be prompted with questions that are specific to that type of authentication For example if you select RADIUS you will be prompted for the RADIUS server name and the RADIUS secret Once you have finished with the last parameter the configuration will automatically be saved to flash memory Configuration and Administration 91 First Time Configuration Wizard v To Change Individual Parameters Note If you make changes to any of the foregoing configuration steps you can adjust most configuration parameters by running one of the following commands as required 1 Choose the appropriate command from the list below e setauth e setboot e setdatetime setdhcp e setethernet sethosts e setnames e setnetwork setntp e setserial e setsmtp e date When
80. 048 Each DLS activation is assigned to a single MAC Ethernet hardware address and cannot be transferred to another AlterPath Manager Obtaining Expanded DLS Activation You can purchase expanded DLS activation from your Cyclades sales team or from Cyclades partners Cyclades customer service will need the MAC Ethernet hardware address of Eth0 the first Ethernet controller in your APM to generate the license file which will activate your new features To Install Expanded DLS Activation 1 Log onto your APM as root using the serial console interface 2 Examine the contents of the following the var apm licenses data directory Note At least one file should already be in this directory This file should be named APM _B_DLS enc This is a base license file indicated by the B AlterPath Manager Installation Configuration and User s Guide Data Logging Session Activation in the file name Only one base file is allowed in the var apm licenses data directory 3 Copy any new license files into this directory Note If you have more than one feature activation FA license file for DLS activation you must be sure all the license files are included in the var apm licenses data directory For example if you purchase a license to expand from 128 to 512 DLSs you directory will contain the following files prior to the new expansion APM B DLS 64 enc APM FA DLS 64 128 enc Whe
81. 1 Cable 4 foot DB 9 Cable for connection female to DB 9 from the APM console female null modem port to a serial terminal cable for APM E2000 CAB0286 Cable 6 foot DB 9 Cable for connection female to DB 9 female null modem for APM 2500 and APM 5000 from the APM console port to a serial terminal Rack Mounting the AlterPath Manager Installation For the AlterPath Manager E2000 2500 and 5000 two brackets and the necessary mounting screws are supplied For the AlterPath Manager 2500 and 5000 a set of sliding rails are also provided the small ear brackets are already attached 23 Rack Mounting the AlterPath Manager v To Bracket Mount an APM 24 1 Attach the mounting brackets to the sides of the APM E2000 towards the front of the box Use a screwdriver to firmly tighten the mounting brackets already attached to the APM 2500 and APM 5000 Mount the APM securely to the vertical bars of the rack Screws should go in through the front of the brackets into the outside front of the vertical bars Be sure to locate the APM so the brackets line up correctly with the holes Be sure the right and left brackets are at the same height v To Rail Mount an APM 2500 or 5000 1 Remove the inner rails from the rail assemblies Slide each inner rail out until it stops Then depress the exposed locking tab to unlock the inner rail and slide it out the rest of the way Attach the inner rails to the sides o
82. 12 512 8192 APM B DLS 1024 1024 16384 APM B DLS 1536 1536 24576 APM B DLS 2048 2048 32768 316 AlterPath Manager Installation Configuration and User s Guide Data Logging Session Activation DLS Activation Conversion For the APM 2500 and 5000 DLS capacity can be expanded and additional capacity can be purchased from Cyclades This is an activation conversion Activation conversion options are shown in the following table Table C 2 Activation Conversion Options Conversion Number From To AlterPath 2500 APM FA DLS 64 128 64 128 APM FA DLS 64 256 64 256 APM FA DLS 64 512 64 512 APM FA DLS 128 256 128 256 APM FA DLS 128 512 128 512 APM FA DLS 256 512 256 512 AlterPath 5000 APM FA DLS 64 128 64 128 APM FA DLS 64 256 64 256 APM FA DLS 64 512 64 512 APM FA DLS 64 1024 64 1024 APM FA DLS 64 1536 64 1536 APM FA DLS 64 2048 64 2048 APM FA DLS 128 256 128 256 APM FA DLS 128 512 128 512 APM FA DLS 128 1024 128 1024 APM FA DLS 128 1536 128 1536 APM FA DLS 128 2048 128 2048 Data Logging Session Activation 317 Data Logging Session Activation 318 Table C 2 Activation Conversion Options Conversion Number From To APM FA DLS 256 512 256 512 APM FA DLS 256 1024 256 1024 APM FA DLS 256 1536 256 1536 APM FA DLS 256 2048 256 2048 APM FA DLS 512 1024 512 1024 APM FA DLS 512 1536 512 1536 APM FA DLS 512 2048 512 2048 APM FA DLS 1024 1536 1024 1536 APM FA DLS 1024 2048 1024 2048 APM FA DLS 1536 2048 1024 2
83. 257 To Connect from a Windows SSH Client cc eeeceeceeeseeseeeteeees 259 To Connect SSH from a Linux or UNIX System ee eeeeeeeees 260 To Change the Number of Lines in the SSH Applet ee 274 To Change the Session Timeout 235 55 0 jaatescnscesdstctce cel talyedssaeactueves 275 To Change the Number of Consoles per Page eeceeeesceeseeeteeees 275 To Fale Telnetani caida tet aa cate eet at ale atl E 275 To Change the ACS TS Admin Name ccccccccesccsseseeeeeteeesseeees 277 To Exclude Modems from the Modem Pool eecceeseeeteeeeeeeees 282 To Define Different Scripts for Each tty Device 00 eeeeeeeeeeeees 285 To Configure Active Directory esessessesessssessesrrssressessessressessesses 292 To Configure Open LDAP s ssssssessssessssessessssressesresrsssresseserssressessess 293 To Disable HTTP to Use Only HTTPS ac 2suncssuentsiatiaues 294 ToAdd Firmware ia aia E E EEA E 294 To Upgrade the APM Firmware ssessssessesessssessesessssessessessressessessees 295 To Recover a Root Password sssessesseesssseseesesseseessesersesseseesesseeees 299 To Install SSL Cerificate se 3 atesks hae Secaes tas Scecunna used s cteluees encan tite 302 To Delete your Default Certificate 33 c ncsscadeeticts tvaedant caiaecces 302 To Obtain and Install a New SSL Certificate 0 eee eeeeeeteeeee 303 To Configure the PCMCIA Modem cccecccesseceseceseeeeeeeeeeeeseeees 309 To Configure the Extern
84. 4 44 illustrates enabling an RDP Only connection Configuration and Administration 175 Consoles LOGOUT evices roups r rofiles Firmware Info Reporting Jobs Details Users ACL Notify Groups Outlets Console Name Neptune _02 Device Name Neptune Port Description Machine Type f Machine Name OS Type OS Version Location l Status OnDemand RDP IP Address 192 168 hs RDP Server Port 3389 RDP Status Enable H NNM Selection ae Name Figure 4 44 Configuring or Editing an RDP Only Console When configuring an RDP Only connection you must configure the RDP IP Address the RDP Service Port default 3389 and you must select RDP Only from the Port pull down field Caution Be sure to turn off your web browser s popup blocker before attempting to make an RDP connection An RDP connection will fail if you have your browser s popup blocker turned on v To Select Users to Access the Console Use the Console Users form to assign and authorize one or more users to access the current console 1 From the Console Detail form Consoles Console List gt Console Detail click on the Users tab The system displays the Console Users form 176 APM Installation Configuration and User s Guide Consoles LOGOUT are Security Rules Info Reporting Allowed users via console groups xpert via CONSOLE Figure 4 45 KVM Console
85. 51 Portugal 68 zone tab Enter the number corresponding to your choice 48 Configuration and Administration 95 First Time Configuration Wizard Since this is the first time you are booting your APM you need to configure the date the time the Ethernet settings and the authentication protocol Current system date and time is Thu Aug 18 08 21 56 PDT 2005 Press ENTER to accept it or specify new ones Enter date in MM DD YYYY format 08 18 2005 Enter time in HH MM format 15 23 Thu Aug 18 15 23 00 PDT 2005 Enable Ethernet Bonding Y es or N o N n Ethernet ethO IP address S tatic D HCP or N one S s Enter Ethernet ethO IP address 192 168 48 162 Enter Ethernet ethO Subnet Mask 255 255 252 0 Ethernet ethl IP address S tatic or N one S s Enter Ethernet ethl IP address 10 10 10 2 Enter Ethernet ethl Subnet Mask 255 255 0 0 Configure Ethernet Subinterfaces Y es N o or L ist N n Configure Ethernet VLANs Y es N o or L ist N n Enter Ethernet Default Gateway none 192 168 48 1 Current Ethernet eth0 speed duplex settings AUTO Change Ethernet ethO speed duplex Y es or N o N n Current Ethernet ethl speed duplex settings AUTO Change Ethernet ethl speed duplex Y es or N o N n Enter the System s Hostname max 30 characters APM APM gregg Enter the System s Domain Name max 60 chars localdomain cyclades com Enter the Primary Nameserver s IP address none 192 168 44 21 En
86. 60 173 175 176 Recovery system 203 298 Redundancy 240 Reliable earthing Rack mounting 29 Restoring database configuration 301 S Screen features general 46 Screens Console List Access Mode 55 Event Logs 70 firmware 106 Firmware List 197 Info Reporting 204 Profile List 163 User List 184 User Profile Access Mode 75 Set Commands 264 setauth 265 setboot 266 335 setcons 267 setdatetime 268 setethernet 268 setnames 270 setnetwork 271 setntp 273 setserial 273 setsmtp 273 Single Network Diagram 28 Single Network Topology 26 Single point security gateway 5 Support technical xxix Switch or blade viewing 58 System recovery 203 298 T Technical Specifications 307 Technical support xxix Technical training xxviii 336 AlterPath Manager Installation Configuration and User s Guide Telnet 275 enable 275 Ticket 52 Time 268 273 set 268 Time and date setting 268 273 Time zone 268 Training xxviii Typographic Conventions xxv U Upgrading firmware xxix User Interface overview 43 User List screen 184 User Management 183 User Profile Access Mode 75 W Web Browser Requirements 32 Wizard configuration 88
87. 66 setcons Set Console Connection Page 267 setdatetime Set System Timezone Date and Time Page 268 setethernet Set Ethernet Speed and Duplexing Page 268 setnames Set Host Domain Names Nameserver Page 270 setnetwork Set Ethernet Subinterfaces Page 271 setntp Set Network Time ProtSocol Server Page 273 setserial Examine the Serial Port Parameters Page 273 setsmtp Set the Email Server s IP Address Page 273 date Set the Date and Time Page 273 Example sessions of each of the set commands follow 264 APM Installation Configuration and User s Guide Working from a CLI setauth Set Authentication root APM gregg data setauth Your configuration will be overwritten by the default files Are you sure you want to continue y n n y Continuing setauth Choose the desirable authentication method local radius tacacs ldap kerberos nis active directory local Configuration changed x Execute saveconf to save the new values in flash WARNING It may be required to restart the sshd daemon root APM gregg data Note If you select Radius as the authentication method the system will prompt you for other Radius servers to be configured thus allowing you to configure more than one Radius Server Advanced Configuration 265 Working from a CLI setboot Set the Network Boot Utility root APM gregg root setboot Manager Network Boot Configuration Utility Current Statu
88. 7 Netmask 255 255 252 0 Default Gateway 192 168 481 DNS 192 168 44 21 Connection Configuration and Administration 211 Blade Management Module 212 3 Complete or modify the Details tabbed form as defined by the following table Table 4 32 BladeModule Devices Details Form Element Definition Device Name Type Location Status Admin Name Admin Password IP Mode Mac Address The symbolic name linked to the chassis This is a required field IBM Blade Center is the only supported type of device or chassis Physical location of the device or chassis Dropdown list box to select Enable connection between the AlterPath Manager and the device is ALWAYS established Disable no connection is established and all child consoles follow this configuration OnDemand connection is established only upon user s request The admin username superuser of the device This is a required field Button to invoke a dialog box used to define the Admin s password This password is used to access the IBM Blade Center port but NOT to change the password You must enter the SAME password that is registered in the blade server Dropdown list box Select int_dhcp if APM AlterPath Manager is the DHCP server for this device or static if using a static IP See Configuring Your DHCP Server on page 129 in this chapter Specify the MAC a
89. AlterPath Manager E2000 2500 and 5000 Installation Configuration and User s Guide Software Version 1 4 0 cyclades Cyclades Corporation 3541 Gateway Boulevard Fremont CA 94538 USA 1 888 CYCLADES 292 5233 1 510 771 6100 1 510 771 6200 fax http www cyclades com Release Date December 2005 Part Number PAC0380 2005 Cyclades Corporation This document contains proprietary information of Cyclades Corporation and is not to be disclosed or used except in accordance with applicable contracts or agreements Information in this document is subject to change without notice All trademarks trade names logos and service marks referenced herein even when not specifically marked as such belong to their respective companies and are not to be considered unprotected by law The following are registered or registration pending trademarks of Cyclades Corporation Cyclades and AlterPath ActiveX Microsoft Microsoft Internet Explorer Windows and Windows NT are registered trademarks of Microsoft Corporation in the United States and other countries AIX is a registered trademark of International Business Machines Corporation in the United States and other countries FreeBSD is a registered trademark of the FreeBSD Foundation HP UX is a registered trademark of the Hewlett Packard Corporation Linux is a registered trademark of Linus Torvalds in the United States and other countries Mozilla and Mozilla Firefox are tr
90. AlterPath Manager Web Interface Admin Mode Verifying Error Messages To verify an error message you can view the form or screen in question by clicking on the error message This feature allows you to verify or check the error message against the form ERRORS FOUND Click here to return to INPUT FORM e Console Server Name invalid Can contain alpha numeric characters no reserved characters eg 7 or 2 Figure 4 6 Device Configuration Error Message Clicking the error message generates the form in error Details Users Notify Groups Proxies DialUp Log Rotate Device Name Pesa Type 1s Model Ts10 v Location Fremont Admin Name froot Admin Password IP Mode static m MAC Address IP Address j10 1010 3 Netmask 255 255 0 0 Default Gateway DNS Connection ssh Domain Base Port root Status OnDemand Health Monitor never Auto Upload o Firmware Boot none none lt Back Reset Save _ Save amp Create Consoles Save amp Auto Discover Figure 4 7 Form in Error 104 APM Installation Configuration and User s Guide Devices Devices Note For Device forms associated with the Blade Module see Blade Management Module on page 206 The Devices option allows you to perform device management operations as summarized by the table below Table 4 1 Summary of Devices Forms Form Function Form s Used Add a
91. Bonding the device page This is true regardless whether the connection is for an upload or for a console session or which user is logged into the AlterPath Manager If you configure any of the consoles of a device to do remote authentication ensure that the admin user name and password configured for the device can be authenticated by the remote service Setting any of the consoles of a device to do remote authentication does not mean that the device itself will do remote authentication If you need to for example when the device needs a configuration upload or when the device console is opened change the etc pam conf file of the device accordingly Ethernet Bonding 278 Note Ethernet bonding cannot be implemented on an APM 2500 or an APM 5000 in a private network configuration since the APM 2500 and the APM 5000 will not support expansion cards Ethernet bonding is a method of providing redundancy to an Ethernet connection When Ethernet bonding is enabled the primary Ethernet port operates under normal circumstances If the primary Ethernet port fails a backup or redundant Ethernet port takes over This is called a failover condition e g the primary Ethernet port fails over to the secondary Ethernet port A different interface becomes active if and only if the active interface fails After a failover has occurred the primary interface becomes active once again after the failover condition has been corrected
92. Certificate Fingerprints MD5 11 81 AD 92 C8 E5 0H A2 01 2E D4 7A D7 5F 07 6F SHA1 20 B6 17 FA EF E5 55 8A D0 71 1F E8 D6 9D C0 37 1 Advanced Configuration 305 Restoring Your Configuration 306 Then call or contact the person who sent the certificate and compare the fingerprint s that you see with the ones that they show Only if the fingerprints are equal is it guaranteed that the certificate has not been replaced in transit with somebody else s for example an attacker s certificate If such an attack took place and you did not check the certificate before you imported it you would end up trusting anything the attacker has signed for example a JAR file with malicious class files inside Note It is not required that you execute a printcert subcommand prior to importing a certificate since before adding a certificate to the list of trusted certificates in the keystore the import subcommand prints out the certificate information and prompts you to verify it You then have the option of aborting the import operation This is only the case if you invoke the import subcommand without the noprompt option If the noprompt option is given then there is no interaction with the user If you are satisfied that the certificate is valid then you can add it to your key store as follows keytool import alias tomcat file lt jcert cer gt This creates a trusted certificate entry in the keys
93. Console Name Neptune _02 Device Name Neptune Port 2 v Description Machine Type Machine Name OS Type OS Version Location Status OnDemand RDP IP Address 192 168 49 58 RDP Server Port 3389 RDP Status Enable NNM Selection jame KVM net KVM net Plus or OnSite KVM Console Details Note The RDP connection fields discussed in the following table apply only to the KVM net version 2 0 0 or greater and the KVM net Plus Table 4 25 KVM net and KVM net Plus Console RDP Connection Fields Field Meaning Port Drop down field for selecting the physical KVM port number of the console This field also has an RDP Only selection that allows you to configure an RDP port without associating it with a physical KVM port RDP IP Address The field for entering the IP address of the RDP server to be associated with this port If a physical KVM port is specified in the Port field then an RDP in band connection and a regular KVM out of band connection can be made to this port Configuration and Administration 173 Consoles 174 Table 4 25 KVM net and KVM net Plus Console RDP Connection Fields Field Meaning RDP Server Port This field contains the RDP viewer port number associated with this console The default of 3389 can be used in most cases RDP Status Drop down field used to enable or disable the ability to make the RDP connection When you configure a KVM net or KVM net Plus con
94. Edit the file opt tomcat apm WEB INF web xml 2 Locate and edit the line lt session timeout gt 60 lt session timeout gt 3 To make the change effective reboot or restart tomcat as follows etc init d tomeat stop etc init d tomeat start v To Change the Number of Consoles per Page The default number of consoles that you can view from the Consoles List form is set to 512 Edit the var apm apm properties file 4 Goto the apm consolesperpage 512 line 5 Change the 512 in the line to the value desired v To Enable Telnet Telnet is available in the AlterPath Manager but disabled by default to avoid security problems To enable Telnet follow the steps below 1 Edit etc services and add the following line telnet 23 udp 2 Select either step a below to enable the PAM version of telnet or select step b below to enable the Kerberized version of telnet Do not enable both Advanced Configuration 275 Working from a CLI a Edit etc xinetd conf and remove the symbols to from the following section of the file to enable the PAM version of telnet Telnetd with PAM support service telnet flags REUSE socket _type stream wait no user root server usr sbin in telnetd log_on_ failure USERID disable no b Edit etc xinetd conf and remove the symbols to from the following section of the file to enable the Kerberized version of telnet Kerberized telnetd
95. Figure 4 10 Device Detail Form 4 Complete the Detail form as necessary using the table below as a guide Note In all the forms the required fields are printed in red Table 4 3 Devices Detail Form Element Definition Details Currently selected tab User ACL Tab to assign or re assign users or user groups to a device Notify Tab to assign users to be notified about events Groups Tab to assign or re assign user to a user group Proxies Tab to assign a web proxy type to access the web interface of the current device KVM Viewer Tab to set up timeouts and hot keys for KVM viewer KVM net and OnSite only Dial Up Tab to set dial up parameters Configuration and Administration 111 Devices Table 4 3 Devices Detail Form Element Definition Log Rotate Tab to display the Log Rotation form used to set log rotation by configurable size or by selected time interval available for ACS and TS devices and consoles as well as KVM devices Device Name The symbolic name linked to the console server device Type Fixed field for type of device e g ACS KVM etc Model Drop down list box to select the model of the current device Location Physical location of the device Admin Name The admin username superuser of the device Note If you plan to upload firmware to a KVM cet with a current firmware version of 2 0 0 or earlier you must the Admin Name field to root for the upload to w
96. Guide Contents Difference between Auto Upload and Manual Upload 131 Modem Dialing Capability for Remote Access to Devices 131 Modem Management via Command Line Interface 133 Console Wizard one cisceecsSsasncetesedote Mia pkes iii aiee aiaia 134 Summary of Console Wizard Forms cccccesseeeseeeseeeeeeeenees 135 Device Discovery Auto Discover cccessceseeseeeeeceetseenteenteeeees 142 Multiple Auto Discover saul askstss asus 5 tuatatugnteell alone matte 145 Deleting a Device Group cise ies faicasatceNeueccuestea cise seacss teas eee 148 KVM net Device Configuration cccccccccesceeeeeeeeeeteeeeeenteeeees 149 Alarm OCCT ise bate mesta kab aie pea alan aia eteineelin Rolain tea lsiatys 156 Alarm Trigger Management x cscccaiideecssiye ctscterp eel adereeanss 157 Configuring Alarms for Device Health Monitoring 160 Using the Logical AND in the Alarm Trigger Expression 161 How Health Monitoring Works 0 cceccccceceseceeeeeeeeeeeeeteeneees 163 User Notification kissalar pina en eaa aan aeaa aere atat 163 Profiles onanan a ward Was Gaerne 163 CONSOLES arona geeen a eel ea A rE e E AE 166 Changing the Number of Consoles per Page eeeeseeeeeees 169 Console Type KVM coast nal ios ane has RET RARE 173 Deleting a Console Group ao cca soscetecoacsarcoseiecasslanccoatpetneeasaeiats 180 Configuring Outlets oo dssinc Ave cep taeher aes as aan meaeaadaak
97. LI For emergency access situations the AlterPath Manager can provide you with a command line interface by making a regular Secure Shell connection to the AlterPath Manager CLI is one of two user interfaces the other is the web interface available to AlterPath Manager users The CLI is also used for First Time Configuration and system recovery procedures Interoperability Integration and Compatibility Introduction APM E2000 2500 and 5000 Database Compatibility Each AlterPath Manager model can migrate backup and restore its database to or from any other AlterPath Manager model Interoperability with Routers and Ethernet Switches The built in Ethernet ports on the AlterPath 2500 and AlterPath 5000 fully compatible with the following leading manufacturer s routers and Ethernet switches e Cisco e Juniper Nortel The following features are supported by the built in Ethernet ports e 10 100 Base T Ethernet full and half duplex e Gigabit Ethernet full and half duplex e Autosensing e Fully compatible configurability e 10 100 1000 Megabit auto sense e Fixed 10 Megabit e Fixed 100 Megabit e Fixed 1000 Megabit Gigabit 15 Key Features Note Gigabit Ethernet is available on the APM 2500 and APM 5000 only Interoperability with Cyclades Devices The APM firmware 1 4 0 interoperates with the latest versions of the AlterPath Console Server the AlterPath KVM net the AlterPath Terminal Server and t
98. Prefix lt Back Next gt Figure 4 70 Blade Wizard Edit Configuration Form Page 1 220 APM Installation Configuration and User s Guide Blade Management Module LOGOUT Consoles eic Groups Alarm Trigger Profiles Firmware SecurityRules Info Reporting Jobs Edit any settings for the consoles for this console server or press Advanced to edit other console settings Page 1 2 Page 2 2 Console Notify Access Status Advanced OnDemand advanced OnDemand advanced Blade_Center_03 Blade_Center_05 E J Blade_Center_SW1 m i Console Prefix lt Back Next gt Fini J cance Figure 4 71 Blade Wizard Edit Configuration Form Page 2 LOGOUT Users Consoles icl OE This screen confirms your previous edits and selections Pressing Finish will save these changes Page 1 2 Page 2 2 Blade Switch Port Connection Blade_Center_03 F Blade_Center_05 5 Blade_Center_SW1 Finish Figure 4 72 Blade Wizard Configuration Confirmation From the Confirmation form you can click the Page 2 2 tab if necessary Finally click on Finish to complete the configuration process Configuration and Administration 221 Blade Management Module Configuring the Blades and Switches The blades and switches are configured from the Consoles forms in the same way you would configure consoles The forms are the same except that they
99. R I ANS ee Se 243 APM Synchronization Form cceeeeseeeeeseeeeenees 247 PuTTY Configuration of APM as a Security Proxy 260 Feature Window full content scrolled 320 xiii xiv AlterPath Manager Installation Configuration and User s Guide Tables Table P 1 Table P 2 Table P 3 Table P 4 Table 3 1 Table 3 2 Table 3 3 Table 3 4 Table 3 5 Table 3 6 Table 3 7 Table 3 8 Table 3 9 Table 3 10 Table 3 11 Table 3 12 Table 3 13 Table 3 14 Table 3 15 Table 4 1 Table 4 2 Table 4 3 Table 4 4 Table 4 5 Table 4 6 Table 4 7 Table 4 8 Table 4 9 Typographic Conventions ccccesseceseceeeeeeeeeeeees XXV Other Terms and Conventions ccceeceeeeeeerees XXV Naming conventions a0chv saccenaeeindines xxvi Linux SC ESO AK alas asi fos es Saeckceos toe toca ee xxvii User Interface Main Menu cccccsseceseeeseeeeeeeeeees 44 Alarms Erst Formiassa teenie dat tk cand oak tee 49 Alarms Detail Form cc tect sarscadeees aces witardicmesaneies 51 IBM Blade Device and Console Connect Options 58 Consoles Details FOr cccecccescsecccessessssseseeeees 59 Log Types hinnan e ae a EE ES RES 67 Log Selection Form sesca eats ease cari are ik oda aes ee 68 Access Logs Form ss ceccsndecetedesoeetedbeineetavea oanteeaanteg 70 Event Logs FORM ads Shs ou otc tne carat Silat dts 71 IPDU Viewer Details didos tnroiiinoiiraniige ninda T2 User s Profile Details Form
100. REDUNDANT APM in the configuration Authentication Drop down menu to select CRC default no Shared Secret Key Service IP Status Ping Nodes List Node Name authentication MD5 or SHA1 A password common to the primary APM and the redundant APM IP address assigned to the APM web service The same IP address must be assigned for this field on the primary and on the redundant APM Drop down box to either Enable or Disable the heartbeat redundancy failover feature This must be enabled or you cannot edit any of the other fields under the System tab A list of IP addresses to ping in order to detect when primary APM has lost connectivity to the network Be sure to separate the IP addresses with commas and no spaces It is recommended that this field includes the default gateway IP address and the router IP address The aliases of the APMs you are configuring There are two fields one field is for the current system and the other field is for the mated system The current system is the primary system when you are configuring the primary system and it is the redundant system when you are configuring the redundant system Note Compare these fields in Figure 4 84 and Figure 4 85 Configuration and Administration 245 Redundant Fault Tolerant Configuration Table 4 45 Heartbeat Form Fields and Meanings Element Meaning and Configuration IP Address The IP addresses of the APM
101. TP support in the AlterPath Manager enables One Time Password authentication when the APM E2000 connects to an ACS via modem The OTP authentication method uses passwords each of which are only valid once The one time passwords are calculated by means of a secret passphrase which is encrypted and stored in the APM database The APM Installation Configuration and User s Guide Key Features OTP method of authentication prevents passwords from being intercepted over a phone line and reused even if the phone line is tapped OTP authentication during dialup is transparent to the user the user does not notice the authentication Multiport Ethernet The AlterPath Manager E2000 supports up to two multiport PCI Ethernet cards for secure networks that use multiple network segments This enables the AlterPath Manager to physically separate devices and connect to multiple network segments Note Additional Ethernet cards are not supported on the APM 2500 or the APM 5000 The Ethernet cards are detected by the configuration wizard during boot time The Ethernet hardware has commands to control the link speed and duplexing supported on each interface Enhanced Ethernet Port Configuration Introduction There is a script called setethernet that is invoked automatically along with the other initial APM configuration the first time the APM is run The setethernet script can also be run by the administrator manually from the co
102. The RSC card on some servers include a battery Advanced Configuration 329 that provides approximately 30 minutes of power to RSC in case of a power failure RSA Remote Supervisor Adapter IBM s Security Service processor Shell 330 Ethernet based management console on a server which provides out of band management through an interface between the server s administrator and an internal BMC that enables the management features Management features include serial console emulation using telnet or IPMI KVM over IP power control sensor and log information from the server hardware and virtual media Examples of vendors and the service processor technologies they support are shown in the following table Table G 1 Service Processor Technology by Vendor Vendor Protocol HP iLO Integrated Lights Out Riloe PCMCIA Sun RSC Remote System Control ALOM Dell DRAC PCMCIA Intel PCMCIA IBM RSA Remote Supervisor Adapter Blade Center A command interpreter on UNIX based operating systems like the Linux operating system that controls most Cyclades products At the time this is being written Microsoft has announced an upcoming release of a Microsoft shell A shell typically is accessed in a terminal window where the shell presents a prompt For example admin OnSite home admin is the prompt that appears when a user logs into an OnSite as admin and is in the home admin directory Users tell the operating s
103. The checksum file generated by md5sum is compared with a checksum file that was generated on the original target file and stored with it prior to the target file s transmission If the two checksum files match it is nearly a certainty that the target file was transferred correctly Consolidation Provides controlled access to basic management features on multiple Ethernet based servers that have embedded service processors using only one Internet address When managed separately each service processor needs its own IP address Managing multiple servers with multiple IP address is both expensive and time consuming without consolidation Decryption Decoding of data that has been encrypted using an encryption method Device From the AlterPath Manager s point of view a device is a product that the APM is designed to control directly through an Ethernet port This includes the KVM net ACS TS and the OnSite Any of the individual ports on one of these devices which is designed to connect to a server or workstation is a console Encryption Translation of data into a secret format using a series of mathematical functions so that only the recipient can decode it Designed to protect unauthorized viewing or modification of data even when the encrypted data is travelling over unsecure media such as the Internet See 3DES and SSH As an example a remote terminal session using secure shell SSH usually encrypts data using 3DES or bett
104. UI web interface If the AlterPath Manager goes down you will still have direct access to ports and consoles but you will need to redefine the devices Configuration and Administration 203 Info Reporting APM Database Transaction Support The AlterPath Manager commits all successful database transactions to the AlterPath Manager database To ensure data integrity the AlterPath Manager will roll back any failed database transaction in the event that There are concurrent users updating the same record at the same time or e A system fault caused the database transaction to fail When multiple users who are logged in as admin update the same record simultaneously the system will generate a warning message to one of the users This record has been updated by another user The changes you made will not be saved Please reload and edit again v To Respond to the Warning Message When you receive the above warning message you must perform the following steps 1 Click on the Reload button located at the bottom of the screen The system displays the form that you were updating 2 Verify the information to determine if you still need to update the form If you need to update the form then proceed to re update the form and then click on the Save button Optimistic locking is a mechanism to lock objects in multi user systems to preserve integrity of changes so that one person s changes do not accidently g
105. Upgrades Cyclades offers periodic firmware upgrades for the AlterPath Manager E2000 AlterPath Manager 2500 and the AlterPath manager 5000 These upgrades are available free of charge to current Cyclades customers Visit http www cyclades com support downloads php to download the latest firmware See To Upgrade the APM Firmware on page 295 for instructions on upgrading the firmware on your AlterPath Manager Cyclades Technical Support Cyclades offers free technical support To find out how to contact the support center in your region go to http www cyclades com support technical_support php Before You Begin XxixX Additional Resources XXX APM Installation Configuration and User s Guide Chapter 1 Introduction The AlterPath Manager E2000 2500 and 5000 are a family of feature rich out of band OOB managers designed to provide out of band infrastructure OOBI users and administrators a centralized and convenient way to remotely access target devices and perform all their system fault management work from a single user interface Through an easy and convenient web user interface the regular user of the APM E2000 APM 2500 and APM 5000 can easily view and access consoles view consolidated logs and reports and respond to triggers alarms and other system issues that may arise Through the same web interface in Admin Mode or through CLI the system administrator can configure and manage the APM and all its
106. VIEW button The Editing IPDUs Device PM device details form appears Note The editable PM device parameters will be greyed out when this form is first displayed 4 Ifyou want to view any parameters on the Details Groups IPDUs or Outlets control status forms click on the Get Information button at the bottom of any of the Editing IPDUs Device forms Note None of these parameters can be changed and saved by a regular user but outlet status can be changed between on off or toggle or between locked and unlocked This is done from the PM Device Outlet Control Form APM Installation Configuration and User s Guide User s Profile LOGOUT IPDUs Info Details Groups Outlets Outlet Outlet Name Status ee IPDU 1 a OONN FRIDE el ii 1 pm6_outlet01 Q oO o9 o6 og oO 2 pm8_outlet02 Q oO o9 o og oF 3 pm8_outlet03 Q o9 09 o o8 o0 4 pmB_outlet04 Q 09 o9 o og o0 5 pm8_outlet05 Q oO 09 o og o0 6 pm _outlet06 Q 09 o9 o og o8 7 pm8_outlet07 Q amp Oo 09 o o8 o0 8 pm8_outlet08 6 o9 09 o o o0 Figure 3 22 PM Device Outlet Control Form Get Information For any outlet to which you have access you can power on power off toggle lock or unlock After you check the appropriate box es click on the Execute Operations button User s Profile Web Access The User s Profile forms allow you to view your profile or cont
107. You may also view your user profile with regards to blade access from the User s Profile option of the menu Security form Consoles Detail Form Use the Consoles Detail form to view specific information about a particular console You can invoke this form from either the Alarms List form or the Consoles List form If you have admin privileges you also use this form to select user s to notify of the alarm and select user s to have access to the current console The sample forms in this section use a TS console as an example APM Installation Configuration and User s Guide Web Access for Users LOGOUT Alarms Logs User s Profile Details Groups Outlets Console Name mykvmplus_02_rdp Device Name Port 2 Description Machine Type Machine Name OS Type OS Version Location Status RDP IP Address 192 168 49 62 RDP Server Port 3389 RDP Status NNM Selection Name Figure 3 10 Consoles Detail Form Table 3 5 Consoles Details Form Field Meaning Details Tab to display the Console Detail form Notify Tab to tell you if you are on the notification list Groups Tab to tell you if any groups are assigned to the console Outlets Tab to view power management information Log Rotate Tab to view log rotation settings Console Name Name ofthe target console Device Name Name of the device used by the console Web Access 59 Web Access for Users Table 3 5 Consoles Details Form Fiel
108. You may upgrade the AlterPath Manager firmware by downloading the upgraded software from the web to the AlterPath Manager Note After you upgrade the APM firmware you should clear the cache of your web browser and then restart your web browser This will ensure that the browser will not attempt to use a previously opened session or attempt to use any cached static resources 1 From the Cyclades website www cyclades com download and copy the firmware to the server you want to use to store firmware for the AlterPath Manager The firmware is composed of two files e all tgz all tgz md5sum 2 From your firmware server copy the two files to the AlterPath Manager tmp directory as follows scp all tgz root APM IP tmp scp all tgz md5sum root APM IP tmp 3 Login to the AlterPath Manager console as root and then change the directory to tmp as follows ssh root APM IP cd tmp 4 Install the new software to compact flash as follows installimg all all tgz reboot Advanced Configuration 295 Backing Up User Data Caution Licenses except for factory default licenses must be reinstalled after you recreate the system partition or after you run the installimg command If you want to preserve your licenses before you recreate a system partition or before you run installimg you can edit the file etc files list and add your license file name to the list of files Be sure to use the
109. act information and modify a limited number of fields The system allows you to view only your own profile 75 User s Profile 76 LOGOUT Devices Groups Security User name Admin user No Local Password Set Password Gregg Aronson Email gregg aronsan cyclades remnants Mobile Status Figure 3 23 User s Profile Details Form Table 3 11 User s Profile Details Form Element Definition Details Default tab displays the User s Profile Detail form Consoles Tab displays the selected consoles assigned to the current user and the consoles accessed by the user through group association Devices Tab displays the selected devices assigned to the current user and the devices accessed by the user through group association Groups Tab to display the User s Profile Group form which shows all groups to which the current user belongs Security Tab to display the security rule or rules assigned to the current user The built in security rules are DEFAULT RULE and ADMIN RULE APM Installation Configuration and User s Guide User s Profile Table 3 11 User s Profile Details Form Element Definition User Name The user name used to log into the AlterPath Manager Admin User If YES indicates that the user has Admin privileges and also belongs to the Admin user group Security Rule Check box to indicate that a security rule has been assigned to the user
110. action data generated on the console All three logs are available for the specified console To access each log select the appropriate log type from the title bar As with consoles and alarms you can only view the logs of systems to which you have authorized access When you select Logs from the menu panel the primary form shown below will prompt you for a range of dates from which to retrieve your logs 67 Logs Select console or device and time interval to view the logs Console Device Jupiter 01 M Date from 2005 09 13 jal Date to 2005 09 15 J Figure 3 17 Log Selection Form Table 3 7 Log Selection Form Element Definition Console Device Drop down list to select a console or device that will be the basis of the log s to be retrieved Date From Drop down list to select the starting date of the log s to be viewed Date To Drop down list to select the end date of the log s to be viewed Retrieve Button to download the requested log s and display the Log forms v To View the Logs To view the logs available for a specified console to which you have authorized access perform the following steps 1 Select Logs from the menu The system brings up the main Console Logs form 68 APM Installation Configuration and User s Guide Logs 2 From the Console drop down list select the console from which you want to view the logs Note You can only view or access the logs
111. ade ta a a eed iaia 11 Device Discovery ccncu tie a ae R a a 11 SUpPpOrt TOL IK V MMe ty cass eck wi e B aE REE E S 11 Support for KVM net Plus sic ecsscstceaeccstthertstescssatvesessstenia aaron 11 KVM net FW Upgrade Support ccccceecccceseceeeceeeeeeteeceteeeeeenseees 12 S pport for NSH seire eie a a RA 12 S pport for IPM i aane era a E Ta 12 Support for HP OpenView NNM ccccccccsseeeseceeeeeeseeeteeeeeeeteeeees 13 Device Console and User Group Management ccceeeeeees 13 Blade Mod le ata coc coe eas iare a a a eset MOR eeanos 13 Backup Restore and Replicate User Data e eee eceeceeeceeeteeeeees 13 Change and Configuration Management eeceecceeeeeeeeteeeeeenee 14 Exhaustive Reporting 2 scuccca cote coiencauersuneanneaeccausstuerssaoedsucdeeneedeey 14 Fault Tolerant Configuration Support cceeecsceesseceteceeeeeeeeeeeees 14 Simple and Easy Web User Interface 0 00 0 eeccesceeeesseeeteeeteeeees 14 Command Line Interface CL is cccessi ctceadessiiecusceasiieatasvn ainehe 15 Interoperability Integration and Compatibility oe eee 15 APM E2000 2500 and 5000 Database Compatibility 15 Interoperability with Routers and Ethernet Switches 15 Interoperability with Cyclades Devices 000 ceeeeeseeeteeneeeteeerees 16 Interoperability and Compatibility with Modem Vendors 16 Power Management Support icy s lt k 000ysg0iceacsSeedsesd aanidbarve stan
112. ademarks of the Mozilla Foundation Sun Sun Microsystems Java J2SE Solaris are trademarks or registered trademarks of Sun Microsystems Inc in the United States and other countries UNIX is a registered trademark of The Open Group in the United States and other countries Cisco and Cisco Systems are registered trademarks of Cisco Systems Inc Juniper Networks is a registered trademark of Juniper Networks Inc Nortel is a registered trademark of Nortel Networks Inc U S Robotics is a registered trademark of U S Robotics Corporation Hayes and the Hayes logo are trademarks of Hayes Microcomputers All rights reserved This document may not in whole or part be copied photocopied reproduced translated or converted to any electronic or machine readable form without the prior written consent of Cyclades Corporation Contents Before You Begin iii cesicveeectnccstctessssssenecccecexeneentes xxiii Audiences en meann enn ON a at ae a n a xxiii Document Organization ssesssssesseeseessessreseesseesresrtssresresresseesseseess xxiii Typographic and Other Conventions ccccesseeeseeeseeeseeeteeeteeeees XXV Linux Shell Syntax seieren innia a a iaa xxvii Additional RGSOULCES o ineno naar i a xxviii Cyclades Technical Training Available ccc eeeeseeeeeeees xxviii Cyclades Firmware Upgrades ssssneesessseeseesesseessessrserssressessessees XX X Cyclades Technical Support ss sssssessessessseeseeseesseesse
113. admin users to have access to the ACS via the APM Configure ACS consoles for remote local or local remote access local radius radius local local TacacsPlus TacacsPlus local are the options available in this case This allows firmware upgrades and configuration upgrades It also allows console access by root and other users with access 2 Ifyou want to configure remote only authentication or remote down local authentication where remote can be any of the authentication protocols Configure the ACS device and consoles using root as the admin user Then upload the configuration and firmware if necessary as root Root is able to upload configuration and firmware to the ACS but cannot access the ACS via the APM Next configure the ACS device as the remote user The remote user can access the ACS via the APM To View the Console List To view the Console List form perform the following steps 1 From the menu panel select Consoles The system displays the Consoles List form APM Installation Configuration and User s Guide Consoles Filter by CONSOLE Search for Figure 4 40 Consoles List Form From the Consoles List form you can add edit or delete a console by selecting the appropriate button or link Note For console forms associated with the Blade Management Module see Blade Management Module on page 206 of this chapter Changing the Number of
114. agement utility The Ctr1 key and the Shift and i keys must be pressed at the same time Before You Begin XXV Document Organization Table P 2 Other Terms and Conventions Term or Convention Meaning Examples Navigation shortcuts Shortcuts use the greater Go to Configuration gt K VM gt than symbol gt to indicate General gt IP Users in Expert how to navigate to Web mode Manager forms Table P 3 Naming conventions Name Convention Administrator Also referred to as the Admin User The system administrator of the AlterPath Manager who has the authority to configure and manage the AlterPath Manager APM AlterPath Manager Synonymous with E2000 2500 or 5000 APM is often used in the Command Line Interface Form The form is the largest area as well as the basic unit of the web graphical user interface it contains the user selection or input fields for each selected item in the menu Form Names The form names of the application s GUI do not necessarily appear on the actual window Because some forms do not have titles these names are used to distinguish each form as well as to reflect the form function The most commonly used form names are List forms and Detail forms The configuration forms of the AlterPath Manager i e Devices Consoles Users Alarm Trigger use the two types of forms Examples Console List form Console Detail form Regular User Refers to one who uses the AlterPa
115. al Modem ccceecceecseceseceeeceeeeeeeeeneeeees 309 To Install Expanded DLS Activation eceeeeceseceteeteeeeeeeeeeeeeaes 318 AlterPath Manager Installation Configuration and User s Guide Before You Begin The AlterPath Manager serves as the command and control center for the AlterPath system of products It provides consolidation of control added security and flexibility to very large server and server management configurations This manual provides the information needed for you or your system administrator to install configure administer and operate the AlterPath E2000 and 2500 and 5000 as well as to guide you in the operation of these products Note This manual frequently refers to the AlterPath Manager E2000 2500 and 5000 as AlterPath Manager or as APM If a reference is being made to a specific model of AlterPath Manager references such as AlterPath Manager E2000 and AlterPath Manager 2500 or AlterPath Manager 5000 are used Audience This document is designed for system administrators and regular users of the AlterPath Manager E2000 2500 and 5000 Users are expected to have basic knowledge of using a graphical user interface such as MicroSoft Windows Document Organization The document contains the following chapters Chapter Number and Title Description 1 Introduction Provides an overview of the features of the AlterPath Manager along with necessary prer
116. al modem is attached 13 In the first line of this section change i j to 0 0 0 0 0 0 0 0 14 Remove the backslash from the end of the line that reads idle I maxconnect T V AlterPath Manager Installation Configuration and User s Guide The section should now appear as follows Sxx pppopt 0 0 0 0 0 0 0 0 novj proxyarp modem asyncmap 000A0000 noipx noccp mtu t mru t netmask m idle I maxconnect T ms dns 192 168 160 5 ms dns 0 0 0 0 plugin usr lib libpsr so 4 15 Edit the file etc ppp pap secrets When the file is opened for the first time it should look something like this Secrets for authentication using PAP client server secret IP addresses mary marypasswd 16 Add the following line n The file should now look something like this Secrets for authentication using PAP client server secret IP addresses mary marypasswd wu This configures the modem to accept any password 17 Ensure that the filename etc ppp pap secrets is listed in etc config_files If not edit etc config_files and add the following line to the end of the file etc ppp pap secrets 18 If for any reason you are enabling syslog ng on the ACS or TS it is not advisable to use root as the Admin Username for this device Instead create a user in the ACS or TS whose name will be the APM Admin Username for that device
117. ame and password The usernames and passwords entered during login attempts are checked against a database that lists all the valid usernames along with the encrypted passwords Access is denied if the username or password is not valid The password database being checked can reside either locally on the device being accessed or on an authentication server on the network If an authentication method is selected that relies on a server the corresponding authentication server must be already installed and configured in order for authentication to work Using one or more of the many types of popular authentication methods can reduce administrator workload when an administrator needs to add modify of delete user accounts ALOM Advanced Lights Out Manager ASIC Remote out of band management technology on certain Sun servers that includes an independent system controller service processor and firmware Provides remote monitoring logging alerting and basic control of the server in a lights out environment Application Specific Integrated Circuit Pronounced ay sik A type of chip used for applications that provide a specific function such as an ASIC chips that serves as a BMC Baseboard Management Controller BMC On some servers an internal processor separate from the main system that operates even if the main processor is not operable sits on the server s motherboard or on the chassis of a blade server Monitors on boar
118. and lt Back Reset Create Create Device amp Outlets Create Device amp Autodiscover Get Information Figure 4 81 IPDU Create Device Details Form 5 6 Give the IPDU device a name Select a PM model number from the Model pull down list The model number must match the model of the PM connected to the managed AlterPath device Select the connection type from the Connection pull down list The choices are ssh ssh _ telnet and telnet Be sure On Demand is selected in the Status pull down list unless you want this feature disabled Be sure the Connected to pull down list shows the device associated with the PM you are configuring Note Select None if the PM is connected directly to the AUX port on the APM E2000 the APM 2500 does not have an AUX port available Configuration and Administration 239 Redundant Fault Tolerant Configuration 10 Save the PM configuration by clicking one of the following buttons a Create b Create Device amp Outlets c Create Device amp Autodiscover 11 If you have not uploaded the PM device during the previous step select Admin tab gt Devices menu The devices list appears The PM device and possibly the device to which it is attached will have indications in the Upload columns indicating that an upload is required 12 Click on the checkbox next to the listed devices requiring uploads
119. and User s Guide Users The system displays the User Detail form 3 From the User Detail form click on the Devices tab The system displays the User Device form are Security Rules Info Reporting Select device to user access Selected devices DEVICE Figure 4 51 User Devices Form 4 From the resulting form select from the Select Device to User Access view panel the console you wish to assign to the user In the selection box the plus sign is used to indicate defined groups The Device or DEVICE group is the default device group Click on the Add button The system transfers the selected group to the Selected Devices view panel on the right To select another device repeat steps 4 and 5 You can also use the Shift key to select multiple groups 7 Click on Save to complete the procedure v To Select User Groups for a User The User Group form allows you to assign a user to one or more user groups The user group however must already exist to be able to assign a user to the user group Otherwise select Groups from the menu to create a user group Configuration and Administration 189 Users 190 To assign a user to one or more groups follow the steps below 1 From the menu select Users The system displays the Users List form 2 From the Users List form select the user to whom you wish to assign one or more groups The syst
120. arms The Alarms List form is the default form of the AlterPath Manager Web Interface in Access mode An alarm is a brief message alerting you of a possible problem that requires an action When AlterPath Manager detects an alarm it sends the alarm along with a ticket number to the user s Alarms List form As a user you should see only those alarms assigned to you by your administrator If the trigger for the alarm has been configured to send an email then you should also receive an email notification regarding the alarm Each alarm or ticket in the list includes a timestamp a priority level and a status Alarm Logs 48 The AlterPath Manager not only stores each alarm in a database but also maintains a log for each alarm There are two ways in which you can view alarm logs e From the Alarms List form e From the Logs form Logs gt select console gt Event Logs To Respond to an alarm Since no two issues are exactly the same you have several ways to respond to an alarm depending on its nature and severity A typical procedure for responding to an alarm is as follows 1 Accept the ticket or assignment 2 Reassign the ticket or assignment to another user and optionally add notes about the ticket Once assigned the user working on the ticket can perform any of the following procedures to resolve the alarm or complete the ticket e View the Console log and other related logs e Edit information ticket by cha
121. ase since it already exists in the NIS server This is due to the way NIS centralizes and distributes user account information into common local files For more detailed information refer to the NIS Configuration on page 288 Configuring Active Directory To use Active Directory as your authentication method select active directory See To Configure Active Directory on page 292 Limitation of TACACS Plus in ACS Console Access Beware that access to an ACS console through the AlterPath Manager is currently not possible if the ACS serial port is configured to use TACACS Plus authentication Hostname Configuration Must Follow RFC Standard When configuring the hostname the name must comply with RFC 608 which states that the hostname is a string composed of Up to 48 characters e Alphabetical A Z e Digits 0 9 and the minus sign e No blank or space characters allowed e No distinction between upper and lower case letters e First character is a letter e Last character is not a minus sign Any deviation from this standard may cause the web browser to disable APM cookies and prevent the user from logging into the AlterPath Manager web application Configuration and Administration 97 First Time Configuration Wizard Multiport Ethernet Card Configuration The AlterPath Manager supports up to two multiport Ethernet cards to allow connection to network segments The First Time Configuration Wizard will dete
122. assword support for ACS Page 8 Multiport Ethernet Page 9 Enhanced Ethernet Port Page 9 Configuration Ethernet Bonding Page 10 DHCP Option for APM Network Page 10 Setup Health Monitoring Page 10 Console Wizard Page 11 Device Discovery Page 11 Support for KVM net Page 11 Support for KVM net Plus Page 11 KVM net FW Upgrade Support Page 12 Support for OnSite Page 12 Support for IPMI Page 12 Device Console and User Group Page 13 Management 4 APM Installation Configuration and User s Guide Key Features Blade Module Page 13 Backup Restore and Replicate User Page 13 Data Change and Configuration Page 14 Management Exhaustive Reporting Page 14 Simple and Easy Web User Interface Page 14 Fault Tolerant Configuration Page 14 Support Command Line Interface CLI Page 15 Interoperability Integration and Page 15 Compatibility Power Management Support Page 16 Single Point Security Gateway The AlterPath Manager has been designed such that communication between users and the management network must pass through a single point of access the AlterPath Manager to optimize security and enforce adherence to your corporate security policy A single secure access point reduces management overhead for managing console servers The multiple authentication options available ensure compatibility with existing infrastructure Centralized Authentication Introduction Centralized authentication saves you or the ad
123. at statistics s tep t udp ul raw w Before You Begin xxvii Additional Resources Typeface Table P 4 Linux Shell Syntax Meaning Example lt text gt Spacing and Separators Text enclosed in greater add user lt username gt than or less than symbols or angle brackets is variable text that is to be substituted in a specific command line Lists will not normally jane 1 2 john 3 4 The format of this field is have spaces between the items but will have commas hyphens or semicolons as separators lt outlet number gt lt outlet start gt lt outlet ends lt outlet number gt lt outlet start gt lt outlet end gt lt username gt lt outlet list gt lt username gt lt outlet list gt Where lt outlet list gt s format is Additional Resources Cyclades Technical Training Available xxviii Cyclades offers a suite of technical courses to increase your knowledge of the AlterPath Manager e AlterPath Manager I Accessing and Monitoring Your out of band Infrastructure e AlterPath Manager II Configuring and Administering Your out of band infrastructure To learn more about Cyclades Technical Training Center and offerings please visit our website at www cyclades com training call us at 1 888 292 5233 or send an email to training cyclades com APM Installation Configuration and User s Guide Additional Resources Cyclades Firmware
124. ath Manager E2000 can dial out to the remote ACS unit and authenticate with the ACS Once authenticated the ACS drops the line and dials out to a pre defined number Simultaneously the AlterPath Manager sets its modems into a state where it is ready to receive a call The system allows all remote sites to call back to the same number and support multiple simultaneous call back connections to the AlterPath Manager When the AlterPath Manager receives the dial back call the authentication is repeated Upon successful authentication the system establishes a PPP session and opens the console connection APM Installation Configuration and User s Guide Devices Call back connections are included in the log messages Note For dial back to work you must configure it from the web interface and the CLI v To Configure Dial Up Dial Back Note Modems are currently supported on the APM E2000 only To configure Dial Up or Dial Back follow the steps below 1 Go to Devices gt Dial Up The system displays the Device Dial Up form LOGOUT Users Consoles ic O Details Users ACL Notify Groups Proxies Dial Up Log Rotate Modem Mode Network Backup PPP Phone 510 555 1234 ji Dialback Mode Enable v PPP Device IP PPP Local IP l Automatic PPP IP PPP Auth Method PaP PPP User PPP Password Set Password Enable OTP Figure 4 12 Device Dial Up Form Configuration and Administrat
125. atures The diagram below shows the general features of the AlterPath Manager Web Management Interface WMI The sample form is for illustration only it is not the first form that you see when you log in as a regular user Access tab indicates that user interface is for regular users Menu bar showing Consoles Devices Firmware version info as the selected menu choice Logout tab Online hel P Username and primary IP address Alarms Logs User s Profile Name ji Location Jupiter 04 Serial Jupiter OnDemand Jupiter 02 Serial Jupiter OnDemand Jupiter 03 Serial Jupiter OnDemand Jupiter 04 Serial Jupiter OnDemand Mars 4 Serial Mars fremont OnDemand Mars 4 Mars fremont OnDemand saturn 1 Saturn OnDemand Saturn_2 Saturn OnDemand Filter by CONSOLE v Search for Search User view or data input form Panel to manage list Figure 3 2 Console Devices Menu The menu bar highlights the currently selected menu option Your user name and IP address appears on the upper right hand corner of the screen 46 APM Installation Configuration and User s Guide User Interface Overview The Admin tab not visible in the example above is visible only to users with admin rights Be sure to select the Logout button on the top right hand corner after you finish your session Sorting a List Form by Column Field Name Most list forms provide sort search and filter functions A
126. atus OnDemand Health Monitor er Auto Upload o Figure 4 16 Device Details Form 2 From the Device Details form complete the following required fields for using the Console Wizard e Device Name 136 APM Installation Configuration and User s Guide Devices e Admin Name IP address for IP mode int_dhcp or static e Netmask for IP mode static e Base Port e MAC address for IP Mode int dhcp or ext_dhcp Select the Save Create Consoles button to invoke the Console Wizard The Console Wizard begins with a warning message to notify you of any data to be overwritten and the choices you have before going ahead with the wizard Warning This wizard will create console entries for each port on this device Any existing entries configured in the manager or in the remote device will be overwritten Before overwriting you will have the option to modify the entries and delete some of the consoles if they are not required You can abort this wizard at any time without making any changes Press the Next button to continue Figure 4 17 Console Wizard Warning Message Note Use the Back Next and Cancel buttons to navigate through the forms Pressing the Next button saves your current form settings 4 Select the Next button The system brings up the Defaults form which allows you to set the default profile connection protocol default i
127. ault tolerance Bar for search and other form specific actions Figure 4 4 Basic Functional Fields of a Typical Form The first form to appear when you select an option from the menu panel is called the primary form The Users List form for example is the primary form of the menu option Users user management Configuration and Administration 101 AlterPath Manager Web Interface Admin Mode Relocating Online Help The system administrator has the capability to relocate the online help file for example to make sure there is access to online help even if the network is down v To Relocate the Online Help File 1 Open the online help manual and save the file to a local server 2 Log onto the console as root and edit the file var apm apm properties 3 Go to the following line online help url http www cyclades com online help apm lt apm_model gt lt sw_version gt 4 Modify this line to reference the new location of the online help file Sorting Filtering and Saving a List Form An underscored column heading on any of the list forms indicates that the list may be sorted based on that column heading For example you can sort the previously shown User List form by Username Department Location or Status by clicking on the heading Where there are several underscored headings on a list an arrow appears adjacent to the heading on which the sort is based The position of the arrowhead indicates the sort orde
128. ave the symbol in front of each one 7 Change all autoppp to sxx autoppp where xx is the number of the serial port to which the external modem is attached ACS Modem Configuration 311 312 8 In the first line of this section change i j to 0 0 0 0 0 0 0 0 9 Remove the backslash from end of the line that reads mtu t mru t The section should now appear as follows SXX autoppp 0 0 0 0 0 0 0 0 novj proxyarp modem asyncmap 000A0000 noipx noccp login auth require pap refuse chap mtu st mru t ms dns 192 168 160 5 ms dns 0 0 0 0 plugin usr lib libpsr so Fe 10 Go to the all pppopt section of the etc portslave pslave conf file The all pppopt section will appear as follows when the file is first opened all pppopt i j novj proxyarp modem asyncmap 000A0000 noipx noccp mtu t mru t netmask m idle I maxconnect T ms dns 192 168 160 5 ms dns 0 0 0 0 plugin usr lib libpsr so HH HH 11 Remove the symbols from the beginning of the first 4 lines in this section Optionally you can remove the two remaining lines that begin with ms dns 192 168 160 5 ms dns 0 0 0 0 and plugin usr lib libpsr so Note If you do not remove these two lines leave the symbol in front of each one 12 Change all pppopt to sxx pppopt where xx is the number of the serial port to which the extern
129. aximum number of bond devices already configured 1 Etho used by a bond device Ethl used by a bond device Configure Bonding Subinterfaces Y es N o or L ist N Configure Bonding VLANs Y es N o or L ist N Ethernet Default Gateway C hange or K eep current K Configuration changed x Execute saveconf to save the new values in flash Do you want to make these changes effective now y n y Reconfiguring network interfaces Configuring eth0 speed duplex Configuring ethl speed duplex done If the primary Ethernet address is in the bond it must be static Advanced Configuration 279 Configuration of DHCP Client in APM Configuration of DHCP Client in APM Note You cannot use DHCP if you are including Eth0 as part of an Ethernet bond When you configure the network either through the First Time Configuration Wizard or through the CLI setnetwork command you now have the option to use DHCP Dynamic Host Configuration Protocol to configure Eth0 DHCP allows the APM to obtain its own IP address from the DNS server If there is no DNS server or if the DNS server cannot be accessed a default IP address of 192 168 1 20 will be assigned to Eth0 Eth0 is the only Ethernet port that can be configured to use DHCP Example DHCP Configuration Note The example shown is a branch of SETNETWORK or a branch of the Initial Configuration Wizard Enable Ethernet Bonding Y es
130. bmit the CSR and some personal data to the CA You can request this service by selecting from a list of CAs at the following URL pki page org The service is not free Before sending the certificate the CA will analyze your request for policy approval 8 Upon receipt install the certificate Once the CSR is approved the CA sends a certificate e g jcertfile cer to the origin and stores a copy on a directory server If you are satisfied that the certificate is valid then you can import the certificate to your keystore using the import subcommand keytool import alias tomcat file lt jcert cer gt You will be prompted for the password root APM gregg licenses keytool import alias tomcat file lt jcert cer gt Enter keystore password changeit 9 Save your configuration Enter the command saveconf The certification becomes effective in the next reboot 304 APM Installation Configuration and User s Guide Restoring Your Configuration More About Importing Certificates There are many sources of information regarding certificate management on the web The information below has been excerpted and modified from the keytool document which you can access from the following web site https java sun com j2se 1 4 2 docs tooldocs windows keytool html You import a certificate for two reasons 1 To add it to the list of trusted certificates or 2 To importa certificate reply received from a CA as
131. ces its own client side software to access the servers management features through the service processor In some cases management software is imbedded in the service processor and is presented either as a web interface or as a command line interface accessed using SSH or Telnet or as both a web interface and command line interface In other cases the management software is installed in a client workstation and accesses the management features of the service processor using an IP based protocol such as IPMI Each type of software only manages one server does not scale does not address the need for consolidated access control multi user access data logging and event detection encyrption and other needs The lt ProductName gt Change variable definition addresses these needs and provides a single interface to access basic features of multiple vendors service processors APM Installation Configuration and User s Guide NEBS Network Equipment Building Systems Compliance Means that equipment has been tested and proven to meet the NEBS requirements commonly adhered to by several telecommunications carriers The requirements are in place to ensure that telecommunications equipment poses no risk or safety hazard to people nearby equipment or to the physical location where the equipment operates and that equipment is reliable and dependable during both normal and abnormal conditions Tests address heat release surface temperature
132. ch as temperature voltage fans power supplies and more To view IPMI Sensors perform the following procedure 1 From the Consoles List form select an IPMI console to view 2 From the Console Detail form click on the Sensor button The system displays the IPMI Sensors form LOGOUT Consoles Devices Groups Alarm Trigger Profiles Firmware Security Rules Info Reporting IPMI sensors Valts na 1 127 1 245 Volts na 1 176 1 294 Volts na 1 696 1 872 Valts na 1 696 1 872 Volts ha 2 363 2 597 Volts na 3 129 3 420 Volts na 3 106 3 431 Volts na 4 732 5 200 Volts na 4 738 S175 Volts na 11 346 12 462 Volts na 11 352 12 474 Volts na 13 310 11 070 Volts na 2 606 3 642 degrees C na 0 000 50 000 degrees C na 0 000 35 000 degrees C na na na 50 000 66 Back Get Sensor_ Refresh every 15 sec Figure 3 16 IPMI Sensors form APM Installation Configuration and User s Guide Logs Logs Web Access The Logs option of the menu allows you to select and view three types of logs pertaining to the console assigned to you Table 3 6 Log Types Log Type Definition Access Log Logs that provide logging information i e who accessed the console when and for how long etc about a particular console Events Log Logs that provide information about notifications and alarms who handled the alarm what action was taken etc triggered by a particular console Data Buffer This is a log of all trans
133. checks the same configuration in conjunction with Health Monitoring You can establish PPP connection using any of the following methods e Clicking on a console or device from the web interface e Starting a SSH session to the AlterPath Manager and entering the username as follows lt username gt lt console name gt e Uploading device configuration Configuration and Administration 131 Devices Modem Mode There are three modes of PPP connection Table 4 9 PPP Connection Modes Connection Mode Definition Disabled This is the default mode Primary Network Select this to establish a PPP connection whenever a user connects to a device or console The modem connection remains as long as there is a console port open Network Backup Select this to use Ethernet to connect to a device In the event that the device becomes unreachable via Ethernet the AlterPath Manager establishes a PPP connection as a backup network whenever a device console access is requested Health Monitoring and PPP Settings The AlterPath Manager uses the same PPP settings to enable Health Monitoring The Health Monitoring feature is not affected regardless of whether the Mode selected is Primary Network or Network Backup Actions Not Recommended While Using PPP Do not change the Device IP or the Device Name including deleting or disabling it while running PPP as this will cause a disconnection if no upload is in progress Any
134. city at the time of initial purchase For details about DLS capacity refer to Appendix C DLS Activation The LCD control panel power on reset and power off buttons are shown in Figure 1 3 Press and hold for 1 second to power on the system Press and hold for 4 seconds to reset the a Breten LCD panel Press and hold for 10 seconds to shut down the system Figure 1 3 APM 2500 Front View The port connections power switch and power connector of the APM 2500 are shown in Figure 1 4 2 APM Installation Configuration and User s Guide Key Features AC connector Figure 1 4 APM 2500 Back View Console Press and hold for 1 second to power on the system Press and hold for 4 seconds to reset the serie AlterPath Ancor S LCD panel Press and hold for 10 seconds to shut down the system Figure 1 5 APM 5000 Front View A HH a as USB Etho Eth1 connectors Console Figure 1 6 APM 5000 Back View Key Features The key features of AlterPath Manager E2000 2500 and 5000 are Single Point Security Gateway Page 5 Centralized Authentication Page 5 Introduction 3 Key Features Consolidated Views and Console Page 6 Access Access Control List ACL for Page 6 Devices Centralized Data Logging System Page 6 Log File Compression and Rotation Page 7 Other Alarm Features Page 8 Modem Support for Remote Sites Page 8 Dial Back Support for ACS Page 8 One Time P
135. ck on the I Trust This Site button ActiveX is enabled and you have marked your APM s IP address as a trusted site IPMI and Blade Module Options The AlterPath Manager can optionally provide the following paid for features IPMI e Blade Module You can purchase the IPMI and Blade Module options from your Cyclades sales team or Cyclades partners Cyclades customer service will need the MAC Ethernet hardware address of Eth0 the first Ethernet controller in your APM to generate the license file which will activate your new features To find your MAC address see Verifying your MAC Address on page 40 APM Installation Configuration and User s Guide Pre Configuration Requirements Verifying your Current IPMI and Blade Capability Log on to the Web User Interface and click on the About link in the upper left corner of the display A window that shows IPMI blade and any other licenses and their status appears LOGOUT Alarms Consoles Devices Logs User s Profile System Model APM Boot Version 1 0 2 Sep 10 2002 Kernel Version 2 4 25 Config Version V_1 4 0 OS Version V_1 4 0 Aug 31 2005 APM Version V_1 4 0 03 16 2004 APM Database V_1 4 0 2005 03 17 CPU Celeron Coppermine 847 434MHz 1690 82 bogomips RAM 515736 kB 343092 kB free Licenses FEATURE IPM Name APM_B_IPMI version 1 0 1 type standard feature IPMI device APM owner apm customer _id gregg
136. copy etc ppp chat init as etc ppp chat init lt tty device gt Where lt tty device gt is the port where you want to apply the script For example if etc ppp chat init ttyPS0O is present then the system uses this file instead of etc ppp chat init to initialize ttyPSO 2 To define a connect script for a specific port copy etc ppp chat connect as etc ppp chat connect lt tty device gt For example if etc ppp chat connect ttyPS0 is present then the system uses this file instead of etc ppp chat connect to dial out through ttyPSO 3 Add the new file names in etc files list 4 Enter saveconf to save your configuration Configuring Dial Out and Dial Back To enable device or console access through dial out or dial back you must configure the following Note For a complete list of all configuration requirements for Dial Out and Dial Back see Dial Up and Dial Back on page 118 Chapter 4 AlterPath Manager Web Administration For ACS Devices Using CLI create a new user and password from the ACS using the commands e adduser lt ppp_user gt e passwd lt ppp_user gt Advanced Configuration 285 Modem Dial Back for ACS Modem Dial Back for ACS 286 The dial back feature which is configurable from the web interface is designed to enable the AlterPath Manager to automatically dial to a remote ACS unit should the network fail and enable t
137. ct any multiport Ethernet card that is installed in the AlterPath Manager and will prompt you for network information If you are using this feature be ready to provide the network IP addresses Note To configure Ethernet speed and duplex settings go to setethernet Set Ethernet Speed and Duplexing on page 268 Once the First Time Configuration is complete you may connect to the web interface to begin web configuration v To Begin Web Configuration 1 Type the URL in the one of the following formats in your web browser e non encrypted http nnn nnn nnn nnn e encrypted https nnn nnn nnn nnn Where nnn nnn nnn nnn is the IP address of either the first or second Ethernet interface that you defined during the First Time Configuration 2 When the Login screen appears enter admin as the username and then enter the admin password as specified during the First Time Configuration The admin user is by default the manager of the AlterPath Manager web interface and runs the application in admin mode This designation cannot be revoked Disabling HTTP to Use Only HTTPS The AlterPath Manager is configured to allow both HTTP and HTTPS access You can however disable HTTP access by commenting out its configuration in the AlterPath Manager unit by using the command line 98 APM Installation Configuration and User s Guide AlterPath Manager Web Interface Admin Mode Note See To Disable HTTP to Use
138. ct that overloading of circuits might have on overcurrent protection and supply wiring Check the equipment nameplate ratings to address this concern Reliable earthing Maintain reliable earthing of rack mounted equipment by inspecting supply connections other than direct connections to the branch circuit such as power strips or extension cords Installation 29 Pre Configuration Requirements Pre Configuration Requirements Before configuring AlterPath Manager ensure that you have a local system with the following system set up and information ready 30 Requirement Description HyperTerminal Kermit or Minicom IP Addresses NIC Card If you are using a PC ensure that HyperTerminal is installed on your Windows operating system If you are using the UNIX operating system use Kermit or Minicom NOTE You must have root access on your local UNIX machine in order to use the serial port Have the IP Mask addresses of the following ready All console servers Gateway DNS Optional addresses NTP SMTP only necessary if alarms feature is being used and is sending e mail notifications regarding alarm conditions Ensure that you have a NIC card installed in your PC to provide an Ethernet port and allow network access Note To complete the configuration process go to First Time Configuration Wizard on page 88 in Chapter 4 Note Chapter 3 User Level Web Access is des
139. curity Rule Authorized Actions Form 234 APM Installation Configuration and User s Guide Power Management Support The list of valid actions to select from are as follows Table 4 42 Security Rule Actions Authorized Action Use this action to ConnectToDeviceCLI Allow user access to CLI configuration interface ConnectToDeviceGUI Allow user access to web configuration interface ConsoleGUI Allow web access to console ConsoleReadWrite Allow Read and Write access to console HPNNM Allow HP OpenView server to view a console using HP Network Node Manager KVMReadWrite Allow READ WRITE access to a KVM IP interface PowerControl Allow user to perform power control operations System Allow system access User VirtualMedia Allow user access to blades v To Delete a Security Rule To delete a security rule perform the following steps 1 From the main menu select Security Rules 2 From the Security Rules List form check mark the Security Rule that you wish to delete 3 Click on the Delete button Power Management Support To configure Power management support you must first configure a power management PM device that is connected to a KVM net OnSite or ACS TS device managed by the APM Then you configure outlets on the PM and Configuration and Administration 235 Power Management Support 236 associate the outlets with consoles Figure 4 80 shows an example of an administrative PM details
140. d Meaning Port Profile Name Description Machine Type Machine Name OS Type OS Version Location Status RDP IP Address RDP Server Port RDP Status Drop down field for selecting the physical KVM port number of the console This field also has an RDP Only selection that allows you to configure an RDP port without associating it with a physical KVM port Note RDP only works on KVM net version 2 0 0 or higher and on KVM net Plus User profile type not in KVM or IPMI console A brief description of the console Type of target system Other applicable system name Operating system used by the console Version of operating system Physical location of the console Status of the target console Enable Disable On Demand The field for entering the IP address of the RDP server to be associated with this port Ifa physical KVM port is specified in the Port field then an RDP in band connection and a regular KVM out of band connection can be made to this port This field contains the RDP viewer port number associated with this console The default of 3389 can be used in most cases Drop down field used to enable or disable the ability to make the RDP connection 60 APM Installation Configuration and User s Guide Web Access for Users Table 3 5 Consoles Details Form Field Meaning Back Button to return to the previous page or form Caution Be sure to turn
141. d 2005 09 16 16 45 10 Jupiter_11 console deleted 2005 09 16 16 45 10 Jupiter_12 console deleted 2005 09 16 16 45 10 _Jupiter_13 console deleted 2005 09 16 16 45 10 _Jupiter_14 console deleted 2005 09 16 16 45 10 _Jupiter_15 console deleted 2005 09 16 16 45 10 _Jupiter_16 console deleted 2005 09 16 16 45 10 Jupiter_17 console deleted 2005 09 16 16 45 10 Jupiter_18 console deleted 2005 09 16 16 45 10 Jupiter_19 console deleted 2005 09 16 16 45 10 Jupiter_20 console deleted 2005 09 16 16 45 10 Jupiter_21 console deleted 2005 09 16 16 45 10 Jupiter_22 console deleted 2005 09 16 16 45 10 Jupiter_23 console deleted Figure 4 61 Info Reporting Detail List Blade Management Module 206 The Blade Module is an optional paid for plug in feature that enables the AlterPath Manager to provide console management of chassis blades and switches Once configured the module allows authorized users to remotely manage the blades by providing access to the remote console and remote disk of a blade server All blades provide authorized users with Command Line Interface CLI KVM IP virtual media and power options Like most devices supported by the AlterPath Manager alarm notification continuous logging group and user management are integrated into the module For security blade users are controlled by the Control Access List ACL which is configured through the Security Rules settings APM Installation Configuration and User s Gui
142. d instrumentation Provides remote reset or power cycle capabilities Enables remote access to BIOS configuration or operating system console information and in some cases provides KVM control of the server Includes a communication protocol that brings the information and control to administrators BIOS basic input output system baud rate CAT5 CLI 324 Pronounced bye ose Instructions in the onboard flash memory that start up boot a computer without the need to access programs from a disk Sometimes used for the name of the memory chip where the start up instructions reside BIOS access is available even during disk failures Administrators often need to access the BIOS while troubleshooting for example to temporarily change the location from which the system boots How to access the BIOS varies from one manufacturer to the other Pronounced bawd rate When configuring terminal or modem settings on serial ports and console port connections on AlterPath devices the specified baud rate must match the baud rate of the connected devices Options range from 2400 921600 Kbps 9600 is the most common baud rate for devices An Ethernet cable standard defined by the Electronic Industries Association and Telecommunications Industry Association commonly known as EIA TIA CATS is the fifth generation of twisted pair Ethernet cabling and the most popular of all twisted pair cables in use today The support for CATS cabling
143. d as such it s advisable that its password is chosen with care and kept within the reach of system administrators only New password Re enter new password Password changed You must now set a password for admin the administrative account for the Web Management Interface WMI WARNING this is a very powerful account and as such it s advisable that its password is chosen with care and kept within the reach of system administrators only New password Re enter new password Password changed 94 APM Installation Configuration and User s Guide First Time Configuration Wizard After configuring your root and admin passwords you are prompted to enter your time zone Please choose the time zone where this machine is located 1 Africa 18 Eire 35 Jamaica 52 ROC 2 America 19 Etc 36 Japan 53 ROK 3 Antarctica 20 Europe 37 Kwajalein 54 Singapore 4 Arctic 21 Factory 38 Libya 55 Systemv 5 Asia 22 GB 39 MET 56 Turkey 6 Atlantic 23 GB Eire 40 MST 57 UCT 7 Australia 24 GMT 41 MST7MDT 58 US 8 Brazil 25 GMT 0 42 Mexico 59 UTC 9 CET 26 GMT 0O 43 Mideast 60 Universal 10 CST6CDT 27 GMTO 44 NZ 61 W SU 11 Canada 28 Greenwich 45 NZ CHAT 62 WET 12 Chile 29 HST 46 Navajo 63 Zulu 13 Cuba 30 Hongkong 47 PRC 64 is03166 tab 14 EET 31 Iceland 48 PST8PDT 65 posix 15 EST 32 Indian 49 Pacific 66 posixrules 16 ESTS5SEDT 33 Iran 50 Poland 67 right 17 Egypt 34 Israel
144. d basenmesseaees 16 KVM net Support snositi dyn hee aati 17 Typical Configuration of AlterPath Manager and KVM 17 AlterPath Manager Features Unsupported by KVM net 18 OnSite Support acacia Sinn EE RE a A a R a a 18 Example Configuration of an APM and an OnSite eee 19 Chapter 2 AlterPath Manager Installation 21 Product Installation Checklist eseesseeseseeseesesseseesssseesessesersesseseesesees 21 Rack Mounting the AlterPath Manager cece eeeeseereeeeeeseceseeeeees 23 Deploying the AlterPath Manager s ssssseseesessesesseseesesseseesesseressesee 25 Private Network Topology cc skticzsncadicecatanseesandwes cts ralenduixsanda eters 25 Single Network Topology seessssssessesessessssessesersseessessessressessessresseese 26 Private Network Diagram sssessessssessessssssessessrssressessrssressessrssresses 2T Single Network Diagram sossssesseseesessssesseserssressessrssressessessressesse 28 APM Installation Configuration and User s Guide Contents Safety Considerations When Rack Mounting 1 0 0 ceceeeeseeeeeeeeeeee 28 Pre Configuration Requirements lt 2 c satsas citing tie atennes 30 Web Browser Requirements ges hestedoct saan cavandwernczctedesdncsantee say 32 IPMI and Blade Module Options 20 0 0 ceecceecceeseeesseeeteceteeeeeeeenees 38 Verifying your Current IPMI and Blade Capability 0 0 eee 39 Verifying your MAC Address cecccecsce
145. ddress if the selected IP mode is int_dhcp APM Installation Configuration and User s Guide Blade Management Module Table 4 32 BladeModule Devices Details Form Element Definition IP Address The IP address of the device for IP mode int dhcp or static Netmask As indicated in dotted notation Default Gateway As indicated in dotted notation DNS As indicated in dotted notation Connection Select telnet or ssh Back Button to return to the previous page Reset Button to reset the form Save Button to save your configuration Save amp Create Blades Button to activate the Blade Wizard 4 Click on the Save button and proceed to the next tab as necessary v To Select a Group to Access the Chassis The Groups tabbed form allows you to specify one or more groups to access the currently selected chassis To configure Groups perform the following steps 1 From the menu go to Devices click on the Add button or the edit link gt Details gt Groups The system displays the Device Groups form Configuration and Administration 213 Blade Management Module LOGOUT s Info Reporting Jobs Details Users ACL Proxies Switch 1 Switch 2 Switch 3 Switch 4 Log Rotate Select groups for the device Selected groups DEVICE lt Back Reset Save Save amp Create Blades Figure 4 64 Blade Device Groups Form 2 Se
146. de Blade Management Module The Blade Module also comes with a Blade Wizard which enables the admin user to configure up to 14 blades and 4 switches for each chassis There is no limit to the number of chassis that the Blade Module can support v To Activate the Blade Module 1 Log onto your APM through the serial console interface as root 2 Copy your Blade Module license file using the following command and directory path cp var apm licenses data APM B IBMBLADEMODULE enc 3 Run the following command etc init d tomcat restart Forms Used to Configure the Blade Module The Blade Module in Admin mode comprises the following forms Table 4 31 Summary of Blade Module Forms Menu Option Forms and their Functions Devices Devices List View list of chassis add edit or delete chassis view logs Device Details Edit chassis configuration details set or change admin password run blade wizard Groups Select the group s to access the chassis Proxies Select the type of web proxy to use when accessing the Blade Center Management Module Switch 1 Configure a switch for the chassis Switch 2 Configure a second switch for the chassis Switch 3 Configure a third switch for the chassis Switch 4 Configure a fourth switch for the chassis Configuration and Administration 207 Blade Management Module Table 4 31 Summary of Blade Module Forms Menu Option Forms and their Function
147. device change during an upload will prevent your upload from being saved Configuring the Modem Dialing Capability To configure the modem dialing capability follow the steps below 1 From the Dial Up form Devices gt Add gt Dial Up form select the Modem Mode 132 APM Installation Configuration and User s Guide Devices Modem Mode provides three choices Table 4 10 Modem Mode Choices Option Use this option if you want to use PPP Primary As the primary mode of connection Network Network Backup Only when the network fails Disable Default value If you select this then you don t need to do this procedure 2 From the Status field of the Devices Detail form select On Demand 3 Complete the PPP settings as follows Table 4 11 PPP Settings PPP Setting Definition PPP Device IP Optional IP address for the current device PPP Local IP Optional Local IP address for using PPP PPP Phone Required The complete PPP phone number PPP Auth Select the authentication method PAP or Method CHAP PPP User Username of the modem user PPP Password Password of the modem user 4 Click on Save to complete the procedure Modem Management via Command Line Interface Depending on the customer order your APM unit may or may not come with internal modems There are three commonly used command line procedures for managing modems e Checking your modems Excluding modems fro
148. displays the User List form APM Installation Configuration and User s Guide Users 2 From the User List form click on the Add button The system displays the User Detail form Details Consoles Devices User name Full Name Department Phone Pager GUI Theme Groups LOGOUT Security Admin user NO Local Password Set Password Sarah Ashley Email l Orange Location Mobile Status Enable See Figure 4 49 User Detail Form 3 Complete the User Detail form as necessary Table 4 27 Users Detail Form Element Definition Details Tab to display the User Detail form currently displayed Consoles Tab to assign one or more consoles to the current user Devices Tab to assign one or more devices to the current user Groups Tab to assign or re assign the current user to one or more user groups Security Tab to assign one or more security rules to the current user Username As indicated Configuration and Administration 185 Users 186 Table 4 27 Users Detail Form Element Definition Admin User Checkbox to indicate if the user is an admin and to authorize user access to the web application in admin mode Security Rule This check box appears only if you are in Local Password Set Password Full Name Email Department Location Phone Mobile Pager Status edit mode and a Security Rule can be assigned to the user group o
149. e The User s Profile form displays the profile of only the user currently logged in Use the User Profile to view or modify your own user information view your own security rule or change select a new color scheme for your WMI v To Access the APM Web Application To open the AlterPath Manager web application perform the following steps 1 Type in the following URL in your web browser s URL address field https lt nnn nnn nnn nnn gt APM Installation Configuration and User s Guide User Interface Overview Where nnn nnn nnn nnn is the IP address provided to you by your AlterPath Manager administrator The IP address works for both encrypted https and non encrypted http versions Cyclades recommends that you use the encrypted version Note See To Disable HTTP to Use Only HTTPS on page 294 Chapter 5 for the procedure on how to configure the encrypted version 2 When the Login screen appears enter your user name and password as provided by your system administrator Welcome to AlterPath Manager Figure 3 1 APM Login Screen 3 Select the Login button Upon successful login the Alarms List form appears Note When the AlterPath Manager launches your application screens for the first time the process will be slow Once the screens are stored into your cache subsequent retrieval of screens should be fast Web Access 45 User Interface Overview General Screen Fe
150. e User column heading Date and time when the session started To sort by Session Start click on the Session Start column heading Down arrow indicates that the list is in descending order up arrow in ascending order Date and time when the session ended The user s action or the system action generated by the user To sort by Action click on the Action column heading Connection type used by the session The source IP address used Button to view the next page Button to return to the previous page Configuration and Administration 205 Blade Management Module Info Reporting Details To view a more detailed information about a particular user from a detail line select from under the User column the particular user you wish to view When you select a user from the Info Reporting List form the system displays the following detail list LOGOUT EEN Info Reporting Date Time Information 2005 09 16 16 36 58 groupname Satum 1 actionattempted KVM 2005 09 16 16 45 10 Jupiter Device configuration uploaded 2005 09 16 16 45 10 Jupiter_03 console deleted 2005 09 16 16 45 10 Jupiter_04 console deleted 2005 09 16 16 45 10 Jupiter _05 console deleted 2005 09 16 16 45 10 Jupiter _06 console deleted 2005 09 16 16 45 10 Jupiter_07 console deleted 2005 09 16 16 45 10 Jupiter _08 console deleted 2005 09 16 16 45 10 Jupiter_09 console deleted 2005 09 16 16 45 10 Jupiter_10 console delete
151. e 135 Forms Used to Configure KVM net cece 149 Device KVM Viewer Formic associa 152 Pre existing Alarm Trigger Entries cceee 156 Forms Used to Configure Alarms ccceceees 157 Alarm Trigger Detail Form ee ceeeeeeseereeeeeeeees 159 Health Monitor Frequency Selections c0 161 Alarm Trigger Setup Fields csscesssersosnorserserss 162 Summary of Profiles Forms ccceeeeseesseeeteeees 164 Profiles Detail Porm ci2cctgs Gos cage ieee nares 165 Summary of Console Forms c ceccceesceesseeeteeees 166 Consoles Details FOrm c ccccecceeccecccceeseesssseseesees 171 KVM net and KVM net Plus Console RDP Connection I C E E AE sauseseaeuiaastasdeneenas 173 Summary of User Forms cccecccesccesseeeseeetseenseeees 183 Users Detail ako a1 cee ee erry ee ee te een rene 185 Firmware Detail FOr siiicsssavpncsdesd shiners miodendoeiaveastys 200 APM Data Ty pesecnatesccctsatesacctvs du atccavaccchmtecenatentecs 202 Info Reporting List Form cee eeeeseeseeeeeeeeeeees 205 Summary of Blade Module Forms ceseeeeeee 207 BladeModule Devices Details Form 00008 212 Blade Module Device Switch 1 Form 0 215 Summary of Blade Wizard Forms eceeeeeenee 217 Blade Module Summary of Console Forms 222 Blade or Switch Connection Types c ceseeeee 223 Summary of Security Rule Forms 0 0 0 eeeeeeeeeeee 225 Secu
152. e Detail form Devices Device List gt Device Detail 2 From the IPMI Device Detail form click on the Save Create Console button The system launches the Console Wizard APM Installation Configuration and User s Guide Devices 3 Follow the system instructions and enter all relevant information as needed Note You may change the default console name which is the same as the device name 4 Once you have saved the Console configuration the system returns you to the Device Detail form Using the IPMI Console Detail Form to Add a Console See To Add an IPMI Console from Console Detail Form on page 182 of this chapter v To View Sensors or Logs from the BMC To view the sensors and logs from the BMC 1 From the IPMI Device Detail form click on the Display Sensors Logs button The system displays a form containing two tabs e Sensors tabbed form default displays the current values of all sensors This form refreshes every 15 seconds e Logs tabbed form displays all logs read from the BMC You may clear the log database by clicking on the Clear button but be careful because this command will erase all logs from the BMC database and it cannot be undone Configuring Your DHCP Server A DHCP server is built into the AlterPath Manager You can use your company s DHCP server or the AlterPath Manager as your DHCP server If you are not using a DHCP server the
153. e KVM Device Viewer form Alarm Trigger Profiles Firmware Security Rules Info Reporting Details Users Groups Proxies KVM Viewer Dial Up Log Rotate Idle Timeout 0 Escape Sequence ak Escape Sequences Quit Power Management MouseKeyboard Sync Video Control Switch Next Switch Previous Port Info lt Back Reset Save Save amp List Cascade Save amp Create Consoles Save amp Auto Discover Figure 4 31 KVM Device Viewer Form Configuration and Administration 151 Devices 152 Table 4 15 Device KVM Viewer Form Element Definition Details Tab that links to the Device Detail form Groups Tab that links to the Device Group form KVM Viewer Tab that links to the KVM Viewer form Idle Timeout Escape Sequence Escape Sequences Quit Power Management Mouse Keyboard Sync Video Control Switch Next Switch Previous currently displayed The time in seconds it takes before the KVM viewer switches to idle mode after a period of inactivity Default value 3 The special character keyboard key to be used by the user to send a system command when using the KVM viewer or OSD The primary escape sequence or key is combined with the various escape sequences that follow Default value K Closes the session to a port and takes you back to the KVM net Main Menu Initiates a power control session Resets the keyboard and mouse
154. e List Form Sorted by Console 006 103 Device Configuration Error Message eeeeeee 104 Form ET OF iiss cee aass deo AeA ene 104 Devices List Morice acct states a caltveisst coats 107 Select Device Type F Oriticsssaespactnuiscaseneticoatacn 110 Device Detail FOr cccans pases oatneedyrnee dave aacoovaees 111 Device Proxies FOrm ic i3 ccsisisjca hives detiaidactes 117 Device Dial Up Porm scandent 119 Dial Up Form with One Time Password Setup 123 KVM net Device Detail Form eeeeeeeeeeeeee 125 Device Detail Form for the AlterPath OnSite 126 Device Details Poriigsiss ccsschscedn tinned 136 AlterPath Manager Installation Configuration and User s Guide Figures Figure 4 17 Figure 4 18 Figure 4 19 Figure 4 20 Figure 4 21 Figure 4 22 Figure 4 23 Figure 4 24 Figure 4 25 Figure 4 26 Figure 4 27 Figure 4 28 Figure 4 29 Figure 4 30 Figure 4 31 Figure 4 32 Figure 4 33 Figure 4 34 Figure 4 35 Figure 4 36 Figure 4 37 Figure 4 38 Figure 4 39 Figure 4 40 Figure 4 41 Figure 4 42 Figure 4 43 Figure 4 44 Figure 4 45 Figure 4 46 Console Wizard Warning Message ccsceesees 137 Console Wizard Defaults Form ccceeeeseeeneee 138 Console Wizard Access Form ccccesceeseeeeteeeeees 138 Console Wizard Notification Form ccsceeee 139 Unconfigured Consoles List ccceesceesseeeteeeteeeees 140 Edit Console Sett
155. e One Time Password See One Time ACS only Password Configuration on page 122 3 Click on Save to save 4 Ifyou are configuring for dial back ensure that you have fulfilled the other requirements outlined in the next section Other Requirements for Dial Out Dial Back To enable device or console access through dial out or dial back you must configure the following From the AlterPath Manager 1 Go to the web interface Console Detail Form e Status Be sure to select OnDemand for this field 2 From the Dial Up form provide the following parameter values e PPP User The user that you have configured in the APM as the admin user for the ACS e PPP Password e PPP Auth Method Select PAP or CHAP Note If the PPP User is not configured in the APM then the main user is used for dial out and dial back From the ACS 1 Using a serial console or a telnet or ssh connection create a new user and password for the ACS using the commands e adduser lt ppp user gt Configuration and Administration 121 Devices e passwd lt ppp user gt Note See the section Changing the Ports to be Proxied on page 288 in Chapter 5 Advanced Configuration Other Requirements for Dial Back ACS Only Currently the dial back feature works for ACS only To set an ACS device for dial back you must also configure the following From the AlterPath Manager 1 Using the seria
156. e Server ACS or Terminal Server Series TS if the network connection is lost In the remote console server you can connect an external modem to a serial port or use a PCMCIA modem in the case of the ACS This section explains the procedure for configuring either modem v To Configure the PCMCIA Modem 1 Edit the file etc ppp pap secrets When the file is opened for the first time it should look something like this Secrets for authentication using PAP client server secret IP addresses mary marypasswd 2 Add the following line wu The file should now look something like this Secrets for authentication using PAP Client server secret IP addresses mary marypasswd wu This configures the modem to accept any password v To Configure the External Modem To configure your external modem perform the following steps Caution Ensure that you do not configure the console where the modem is attached otherwise any upload process on the console will overwrite your configuration Open the file etc portslave pslave conf in an editor such as VI 2 Go to the all initchat section of the file The all initchat section of the etc portslave pslave conf file appears as follows the first time the file is opened all initchat TIMEOUT 10 uw da 1 dATZ OK r n ATZ OK r n TIMEOUT 10 ATMO OK r n TIMEOUT 3600 RING STATUS Incom
157. e enables the AlterPath Manager to recognize the current configuration of a Cyclades TS ACS or KVM net and through the use of a wizard auto populate the console parameters based on the values used by the Cyclades TS ACS or KVM net For users who already have TS ACS and or KVM net units deployed in their network Device Discovery eradicates the time consuming task of re defining each console port manually Support for KVM net Among other console types the AlterPath Manager supports viewing of Keyboard Video Mouse based consoles through the use of an AlterPath KVM net installed in the network The user connects through a client software over an IP connection and the KVM net switch routes the application to one of its ports to connect the user application to the KVM ports of a target server The KVM net supports physical cascading of units to provide more ports The admin user configures the cascading through the AlterPath Manager The KVN net version 2 0 0 and above features the capability to connect to RDP servers via an in band connection The RDP capability can be configured and controlled from the APM Note AlterPath Manager is compatible with AlterPath KVM net version 1 1 0 and above Support for KVM net Plus The APM supports the KVM net Plus The KVM net Plus supports all the features of the KVM net Additionally the KVM net Plus features a web Introduction 11 Key Features control page that replaces the OSD fo
158. e first time the process tends to be slow The system needs to build all the web pages in the AlterPath Manager Once the screens are stored retrieving them should be fast Note The rest of the procedures in this chapter assume that you are already logged in 100 APM Installation Configuration and User s Guide AlterPath Manager Web Interface Admin Mode Parts of the Web Management Interface Before proceeding to the web configuration process familiarize yourself with the graphical user interface Shown below are the basic features of the AlterPath Manager Web Management Interface in Admin Mode The form example shows the Users List form the first form to appear in the web interface Basic features are similar in all WMI forms System tab APM 2500 and Access tab 5000 only User name amp allows admin dmin tab primary IP user to view WM Sddross About as a regular ip View and data Bese input form Logout tab system info link Online help link p Armm LOGOUT evices files Firmware Securi les Info Reporting Jobs Location Phone Username RE ny Department Main menu amp admin defaults to z a xpert Users on s Admin login Status Enable Enable Enable Admin icon indicates admin level user Filter by USER YL Search for Delete Note The system tab is for heartbeat redundancy data synch and failover support APM f
159. e mouse and keyboard actions normally used to perform this task on just one device To Start a Multiple Auto Discover Session 1 Go to the Device List form 2 Click on the check box to the left of any device in the list on which you wish to launch an Auto Discover session 3 Click on the Auto Discover button shown in Figure 4 26 we Security Rules Info Reporting Jobs ik OnDemand Filterby DEVICE Search for Bearch Add Delete Uptoad Auto Discover Figure 4 26 Selecting Devices for Multiple Auto Discover The system displays a Warning page similar to that shown in Figure 4 17 Console Wizard Warning Message which alerts you to the fact that Configuration and Administration 145 Devices existing consoles will be overwritten if you follow through with the configuration 4 Continue from here as you would if you were running Auto Discover on just one device v To Connect to a Device To connect to a device follow the steps below 1 From the Device List form click on the device name to which you wish to connect A series of buttons will appear below the device name 2 Select the CLI button Iwe Upload Firmware Status IPMI OK OnDemand TS OK OnDemand OnSite Required OnDemand IPDU OK OnDemand IPDU OK OnDemand KVMnet OK V_2 0 0 1a Aug 18 05 OnDemand Filter bys DEVICE Search for Figure 4 27 Selecting the CLI Option for a Device
160. e processors Kerberos Network authentication protocol designed to provide strong authentication for client server applications by using secret key cryptography KVM switch Enables use of only one keyboard video monitor and mouse to run multiple servers Reduces expenses by eliminating the cost of acquiring powering cabling cooling managing and finding data center space for one keyboard monitor and mouse for every server Servers are connected to KVM ports on Cyclades AlterPath KVM switches using AlterPath KVM terminators on the Advanced Configuration 327 server end and up to 500 feet of CATS cable AlterPath KVM switches provide authentication and other security features and allow only authorized users to access a restricted set of connected servers See also KVM analog switch and KVM Over IP switch KVM analog switch KVM over IP LDAP A KVM switch that requires a local user connection to gain access to the servers that are connected to the switch Supports remote access over a LAN or WAN or telephone line using the TCP IP protocols and a web browser Enables operations over long distances Cyclades AlterPath KVM IP switches are one component of the out of band infrastructure Lightweight Directory Access Protocol A set of open protocols for accessing directories of information Management console See service processor Management software 328 Each server company that offers a service processor produ
161. e to leave the default settings as they are in the form under the Synchronization tab Select the Admin tab gt Alarm Trigger Click on Resources Take Over and select Enable from the drop down field Click on Take Over and select Enable from the drop down field Configuration and Administration 249 Redundant Fault Tolerant Configuration 250 Configuration of the Redundant APM 21 22 23 24 25 26 27 28 29 30 31 32 Log onto the WMI of the redundant APM as admin and select System tab gt Cluster Settings gt Heartbeat tab Select the Status drop down box and select Enable The rest of the fields in the form will become active The default settings for Fail Over Time Message Period and Dead Ping Timeout can remain as they are Select the Configured State drop down box and set it to Redundant Select the Authentication drop down box and choose CRC MD5 or SHAI Enter a password in the Shared Secrets Key field This password must be the same as when you entered it in the Shared Secrets Key field for the primary APM Step 10 Enter an IP address in the Service IP field This is an IP address for the APM web service It must be a static address and it must be the same IP address used when you configured the Service IP for the pri
162. eature activation option from Cyclades to up to 512 DLSs for the APM 2500 and up to 2048 DLSs for the APM 5000 The APM 2500 and the APM 5000 are also available at the time of purchase with additional installable DLS activation Each line of the logfile contains a timestamp a feature which prevents tampering and provides a tool for analysis and audit trail tracking Each time you or any user connects to a DLS enabled port the APM adds a timestamp to the log file The user identification timestamp is recorded in the data buffer and logged separately on the APM access log database Log File Compression and Rotation Introduction The system logger automatically saves the current log file after a certain point in time and then creates a new file to collect a new set of console data The file rotation is seamless with no data loss as the system copies from one file to another The administrator has the option to move the saved log file s to another server for archiving Prioritized Triggers amp Alarms Note Alarm triggers work only with serial and IPMI consoles The APM E2000 2500 5000 event handling feature enables the system to identify possible issues and alert the user As the APM sends a message to the hard disk for storing and consolidation it also scans the message for triggers A trigger is a text string pre defined by the administrator which the system uses to detect a trigger text from messages When the APM detects a
163. eckbox even if the current configuration had previously been uploaded Otherwise you will get an indication in the device list that a configuration upload is required Caution When uploading KVM net or KVM net Plus firmware if any components are missing from the tgz file the firmware upload attempt will fail 5 Click the Submit button Note The Upload firmware bootcode option appears even if the AlterP ath Manager firmware repository is empty If you click on it you must wait for a while before a message appears to let you know that the firmware repository is empty Configuration and Administration 199 Firmware Firmware Detail Form Use the Firmware Detail form to e View firmware details e Add comments regarding a firmware e Assign a status to a firmware e Access Manuals and Release Notes LOGOUT Users Se TCM Firmware PES eee ee Mec Model KVMinet16 KVMinet32 FW Version V_2 0 0 1a Aug 18 05 Release Date 2005 08 19 Boot Code Version Alternate Boot 2 0 7 HW Revision Apr 21 04 Manual Version KVM net manual Manual FW Dependency Release Notes Comments TECCCCOCOCOCECEEEEEEECECCCCECOCOOLCCECCCCC Rec amp res minimum of 32MB of RAM in KVMNET16 and KVNNET32 It also requires current KVMNET firmware to be at least Status Enable Figure 4 59 Firmware Detail Form The table below defines all the fields in the Firmware Detail form Table 4 28 F
164. econdary 1d Consistent ns 92041488 nr 92957432 dw 92965160 dr 92034520 al 17 bm 23520 10 0 pe 0 ua 0 ap 0 1 cs Connected st Primary Secondary 1d Consistent ns 51083528 nr 51081528 dw 51088952 dr 51094120 al 13 bm 12936 10 0 pe 0 ua 0 ap 0 root APM SW root Fault tolerance is now enabled v To Upgrade Firmware on Redundant APMs 1 Log onto the WMI of the primary APM as admin and select System tab gt Cluster Settings gt Heartbeat tab gt Status drop down box gt Disable 2 Log onto the WMI of the redundant APM as admin and select System tab gt Cluster Settings gt Heartbeat tab gt Status drop down box gt Disable 3 Reboot both APMs The heartbeat and network RAID signals will now be stopped When the APMs reboot they will be running as individual APMs 4 After the APMs reboot upgrade the firmware on each APM See To Upgrade the APM Firmware on page 295 Caution You can mix APM hardware platforms but you must be sure the APM 5000 has APM 5000 firmware and the APM 2500 has APM 2500 firmware Both APMs must have firmware of the same build number and date 5 Reboot the primary APM and then reboot the secondary APM 252 APM Installation Configuration and User s Guide Redundant Fault Tolerant Configuration 6 Log onto the WMI of the primary APM as admin and select System tab gt Cluster Settings gt Heartbeat
165. ecurity Rule List View list of security rules add edit or delete a security rule General Enable or disable the current security rule Source IP Define the source IP addresses allowed or not allowed VLAN Subnet Define the VLANs subnets allowed or not allowed Date Time Define the date and time in which system access is allowed or not allowed Authorization Select the types of action allowable for the current security rule Info Reporting List Detail Note In Access Mode a regular user can only view an individual blade switch detail information from the Devices List form but can not perform any add delete or edit functions See Chapter 3 User Level Web Access for Configuration and Administration 209 Blade Management Module more detailed information about the BladeManager web interface in Access Mode Devices The Devices List form allows you to perform the following Connect to the Blade Management Module Web GUI through a web proxy of the native web interface or by telnet access or whatever default session type is configured from the Devices Detail form Access add edit forms Details Groups Proxies Switch 1 through 4 to add edit chassis Delete a blade chassis Run the Blade Wizard to automatically create and configure the blades switches for the currently selected chassis View chassis access log v To Add or Edit the Chassis 1 210 From the menu se
166. ed to be filled in as these parameters will automatically be detected The APM does this by reading a list of PPP device IPs and PPP local IPs in its database It will then search starting from 10 0 0 1 until it finds 2 free IP addresses If the PPP Device IP and PPP Local IP fields have already been filled in the Automatic PPP IP check box will toggle these fields as filled in when unchecked and as filled in with a grayed out Auto when checked Configuration and Administration 123 Devices Fill in the PPP Phone field with the phone number on which the ACS modem is installed Fill in the PPP User field with a user name This is normally the admin user name Note If you fill in the name of a user not already configured on the APM the user will automatically be configured as the PPP user You will not need to configure this user separately unless you want the PPP user to be ona notification list 4 Click the PPP Password box This generates a dialog box in which you enter the PPP user s password and then confirm it Check the Enable OTP check box This causes the following items to become visible OTP User field OTP Passphrase button Auto Refresh check box and Random Passphrase check box You can either enter a new OTP user in the OTP User field or leave it as skey the default user name You will either need to fill in
167. edit form IPDUs Info Outlets IPDU PM8 10A OnDemand T Get Information lt Back Reset Save Save amp Create Outlets Save amp Auto Discover Figure 4 80 IPDU Details Form Table 4 43 IPDU Device Details Element Definition Details Opening tab that is the default when you either create or edit a power management device Users Tab that opens the PM device user access form Groups Tab that opens the PM device groups access form IPDUs Info Tab that opens a display of data read back from the PM device after you click on the Get Information button This tab does not appear when you are creating a PM device APM Installation Configuration and User s Guide Power Management Support Table 4 43 IPDU Device Details Element Definition Outlets Device Name Type Vendor Model Connection Status Connected to Port Alarm threshold Over current protection Tab that opens the outlets control form From here you can select individual outlets regardless of whether or not they are assigned to a KVM port and turn them on or off cycle them or lock or unlock them either individually or in selected groups You can also view the current status of each outlet from this form after clicking on the Get Information button This tab does not appear when you are creating a PM device A name you can give to the PM device to help you remember where it is and wha
168. ees 315 Data Logging Session Activation ccccccecsceesseceseceeeeeeeeeeeeeeeeees 315 Additional DLS at Time of Purchase s sssnsnesnesseossesseeseesseesreseessee 315 DLS Activation Conversion lt iciyi5 sesvicaisi pate iemeasveniins 317 Obtaining Expanded DLS Activation s s ssssssseseesessesessrsersesseseese 318 Verifying Your Current DLS Activation ssssessesseeessseseesessesesese 319 Verifying your MAC addresses 0 cccccescceescessceceseceteeeeeeenseeenseens 321 Glossary pesse a anana auare adraia aas 323 NGG EE E E E EE 333 APM Installation Configuration and User s Guide Figures Figure 1 1 Figure 1 2 Figure 1 3 Figure 1 4 Figure 1 5 Figure 1 6 Figure 1 7 Figure 1 8 Figure 2 1 Figure 2 2 Figure 2 3 Figure 2 4 Figure 2 5 Figure 2 6 Figure 2 7 Figure 2 8 Figure 2 9 Figure 3 1 Figure 3 2 Figure 3 3 Figure 3 4 Figure 3 5 Figure 3 6 Figure 3 7 Figure 3 8 Figure 3 9 Figure 3 10 Figure 3 11 Figure 3 12 APM E2000 Front View cccccssccccesssseeceessseeeeeeees 1 APM E2000 Back View ccccsccccccessssceceessececeessees 2 APM 2500 Front VieW ccccccccesssccecesssececeessseeeeesnes 2 APM 2500 Back View sessesssessseseessesressesrrssssrresssesess 3 APM 5000 Front VieW ccccccccesssscccesssseeceesssceeeesnes 3 APM 5000 Back View sensesssssssesesssesrrssesrrssssrresssrsess 3 Configuration Example of APM and KVM net 17 E
169. em displays the User Detail form 3 From the User Detail form click on the Groups tab The system displays the User Groups form LOGOUT Details Consoles Devices Groups Security Select groups for the user Selected groups fuser Save Figure 4 52 User Groups Form 4 From the resulting form select from the Select Groups for the User view panel the group you wish to assign to the user 5 Select the Add button The system transfers the selected group to the Selected Groups view panel on the right 6 To select another user group repeat steps 4 and 5 You can also use the Shift key to select multiple user groups 7 Click on Save to complete the procedure APM Installation Configuration and User s Guide Users v To Set a User s Security Rule The Security tab selects the User s Security Rule which allows you to assign or delete a security rule of a user group to which the current user belongs You can assign a security rule to a user or a user group LOGOUT Select security rules Selected security rules ADMIN RULE DEFAULT RULE NNM_PROFILE Novice Figure 4 53 User Security Rule Form v To Delete a User To delete one or more users from the User List follow the steps below 1 From the User List form click the check box to the left of the username that you wish to delete 2 Click on the Delete button v To
170. equisite information for understanding the rest of the information in this guide Document Organization Chapter Number and Title Description 2 AlterPath Manager Installation 3 User Level Web Access 4 Configuration and Administration 5 Advanced Configuration Appendix A Technical Specifications Appendix B ACS Modem Configuration Appendix C DLS Activation Glossary Explains the procedure for installing the AlterPath Manager and preparing it for web configuration and access Explains the standard user interface This chapter is particularly designed for regular users as distinguished from system administrators of the AlterPath Manager It highlights such procedures as connecting to a console dealing with alarms and other system tracking and management procedures Explains to the system administrator how to configure the system features and enable users to perform the various fault management procedures such as connecting to a console responding to an alert and more Configuration settings include user access alarm triggers device management firmware control as well as running the configuration wizards Covers first time configuration Explains the serial console interface Linux shell and the command line interface CLI functionality as well as some advanced setup procedures Lists hardware software electrical and environmental specifications and requirements Covers special
171. er algorithms DRAC Dell Remote Assistant Cards Dell s solution 326 APM Installation Configuration and User s Guide GUI Graphical user interface pronounced GOO ee A computer interface that allows users to tell computers to perform actions by clicking on graphical elements such as icons choosing options from menus and typing in text fields on forms displayed on the computer screen Many Cyclades products provide GUI access through the Web Manager iLO Integrated Lights Out HP s proprietary service processor Even though HP is a major supporter of IPMI HP also provides iLO because it provides many more functions than IPMI The iLO processor resides on the motherboard As long as power is available to the server even if the server is off iLO is active When the dedicated Ethernet port is plugged into the network iLO uses DHCP iLO has a web interface and a telnet interface When the server is off only the web interface works IPDU Intelligent power distribution unit Cyclades supports a family of AlterPath PM IPDUs IPMI Intelligent Platform Management Interface An open standards service processor currently adopted by every major server platform vendor Its main benefit over other service processors is that it is installed on servers from many vendors providing one interface and protocol for all servers Its main disadvantage is that it does not always provide as much functionality as the proprietary servic
172. erial console port The outlets on the IPDU are accessed and controlled through the console port using the IPDU s command line interface Note The IPDU is currently not supported on the OnSite through the APM APM Installation Configuration and User s Guide Consoles Log Rotate Now Either periodically or when the log file reaches a specified size the system creates a backup rotation file and then creates a new file to collect a new set of console data The file rotation is seamless with no data loss as the system copies from one file to another As administrator you have the options to manually compress and rotate the log file archive it and then open a new file to accept new logs Note This does not apply to KVM consoles v To Initiate Log Rotate Manual Operation To initiate the logrotation perform the following steps 1 From the appropriate list form click on the console name or device name and then click the EDIT option The system displays the Detail form From the Detail form click the Log Rotate tab Click on the Rotate Log NOW button v To Set Log Rotation in Auto Mode You can also set the log rotation to be automatically performed on a daily weekly or monthly basis To set the system to automatically initiate log rotation on a regular basis perform the following steps 1 From the appropriate list form click on the console name or device name and then click the
173. eseeeteeeees 178 xi Figure 4 47 Figure 4 48 Figure 4 49 Figure 4 50 Figure 4 51 Figure 4 52 Figure 4 53 Figure 4 54 Figure 4 55 Figure 4 56 Figure 4 57 Figure 4 58 Figure 4 59 Figure 4 60 Figure 4 61 Figure 4 62 Figure 4 63 Figure 4 64 Figure 4 65 Figure 4 66 Figure 4 67 Figure 4 68 Figure 4 69 Figure 4 70 Figure 4 71 Figure 4 72 Figure 4 73 Figure 4 74 Figure 4 75 Figure 4 76 Figure 4 77 KVM Console Groups Form cccccesseeteeteeeeees 179 Users Tist Formian aa a a eh 184 User Detail Form peer rere etree onan n 185 User Consoles FOrm ss sessseessesessseesseserssressessrssees 188 User Devices Fotis inecnn annn a a 189 User Groups Formi nero taon a n 190 User Security Rule Fortis sistssscesssstseceserssectiensvaiadts 191 Groups List FOrM s ssesessseessesessssessesresesssesseserssresse 193 Adding Group FOrm cc cccsscsssccsecsssecssstcsssscseees 194 New User Group General Form cccccessceeteeees 194 New User Group Security Form cceeeeeeeees 196 Firmware List Form 43 18 ascatdawex haves dice tades 198 Firmware Detail FOntesciis ces udsyeneeacs 200 Info Reporting List Form c cc eeceeeceeeeeeereeeneees 205 Info Reporting Detail List scscccacseviieacecnse aie 206 Selecting Blade Center from Devices List 211 Blade Device Details Pottcie ccdcitasresiadmssaties 211 Blade Device Groups Form ccccesseeeteee
174. esseceseceeeeeeneenseeneenseeenaees 40 Chapter 3 User Level Web ACCESS 00 008 43 User Interface Overview aint msteitnts ii dierenspaslindiscn nein ins 43 General Screen Features secs wei Haars tv aeoasteeeied edn aes 46 Sorting a List Form by Column Field Name c cesses 47 Search and Filter Functions scccsscssscssecssssccssnsssccsnsesseneeees 47 Onlin Helpon a E a a S 47 TAT aa CEE AEE A SE 48 Alarm bop Snaar a a a iaa 48 Alarms List Formanin tacea A EEE N ATIRE 49 WebAccess TOR USES re a ia A E E EEEE 53 Consoles DEVICES u irn i Bee Re E a E te hee 53 Consoles aien enea e e a A anes a ates 55 Multiple Users and Read Write Access ccccccesseeeteceteeeeeeesees 58 Viewing an IBM Blade Center Blade or Switch 0 0 58 Consoles Detail Form ciessiseetisecgi toes ters sain ete edertoaseaneanwass 58 KVM net Plus Web Control Page cssi2c8 vince eaeeastu asa taniess 62 PM i Saat lactacin te cette Mela 8 cerns a Lee ie alan Te Sigh oe ae 2 acs cat 66 EOFS nea a eeu saa vos Tana cae at eat aeons AO eg 67 Access Logseeoniin moeda n AO A e tel A 69 Eyent Logs 5 i zeae anae de dete aa ewe Veale on aeS 70 Data BUFLE ess senbor leaves leavers EE EAE E AAT O RARER 71 Power Management sesssesesseessssssessseresseeesstessrseresseessseesseesseesseresseee 72 User s Prone cars tis feces Gaal oad Naa aie ach aie ead aa aes 75 Viewing the User s Profile Consoles Form c ccccceseeeeteeeees 78 V
175. et overwritten by another It offers reduced concurrency higher performance and avoids deadlocks Changing the Default Configuration This configuration procedure is for advanced users only To change the default database configuration of the AlterPath Manager please refer to Chapter 5 Advanced Configuration Info Reporting Info Reporting is a list that summarizes all console access information by users and administrators 204 APM Installation Configuration and User s Guide Info Reporting Groups Alarm Trigger Session Start LOGOUT SCCM eR ee Info Reporting Session End Action Coopers Source IP Type 2005 09 26 06 03 34 2005 09 26 06 03 20 2005 09 26 05 50 07 2005 09 26 05 49 50 2005 09 26 05 49 36 2005 09 26 05 49 23 2005 09 26 05 49 09 2005 09 26 05 48 56 2005 09 26 05 48 42 2005 09 26 05 33 29 2005 09 26 05 33 15 2005 09 26 05 33 01 logged in 192 168 49 58 logged in 192 168 49 58 logged in 192 168 49 58 logged in 192 168 49 58 logged in 192 168 49 58 logged in 192 168 49 58 logged in 192 168 49 58 logged in 192 168 49 58 logged in 192 168 49 58 logged in 192 168 49 58 logged in 192 168 49 58 logged in 192 168 49 58 Figure 4 60 Info Reporting List Form Table 4 30 Info Reporting List Form Element Definition User Session Start Session End Action Connect Type Source IP Next gt gt lt lt Back Name of session user To sort by User click on th
176. eter settings and Outlets configures all the outlets on the device Save amp Button that saves the current PM parameter settings and Autodiscover interrogates the device controlling the PM if it can be detected for existing outlet configurations Get Information This button is used to update information displayed in the IPDUs Info and the Outlets forms since they are not updated in real time v To Configure a PM Device 1 Ifyou have not already done so configure the device on which the AlterPath PM is connected For a KVM net or an OnSite the PM should be physically connected to the AUX port For an ACS or a TS the PM should be physically connected to one of the serial console ports Use a straight through serial not console cable 2 Ifyou have not already configured the consoles for this device configure them now For a KVM net or an OnSite be sure to include the KVM ports for which you want to assign AlterPath PM outlets For an ACS or a TS be sure to include the serial port to which the PM is attached 238 APM Installation Configuration and User s Guide Power Management Support 3 From the Admin tab select Devices gt Add button Select IPDU from the Device Types pull down list and click the Select button The IPDU create device details form appears Info Reporting Satum Power Type PoU Cyclades Modet PM8 15A M Status OnDem
177. evice List form select the Edit column of the KVM device you wish to configure The system displays the Device Detail form 3 From the Device Detail form click on the Save amp List Cascade button Configuration and Administration 153 Devices The system displays the Device Cascade List form Parent name Name t Config User Port Useri Port Number Ports Saturn pms dit 1 0 8 Add Delete Done Figure 4 32 Device Cascade List Form For a definition of the column fields refer to the Field Definition table of the Cascade Detail form next step 4 To configure a new device for cascading click the Add button Or to edit an existing cascaded device click on the edit link that corresponds to that device The system displays the Device Cascade Detail form 154 APM Installation Configuration and User s Guide Devices Details Device Name Moon User 2 Port 7 Number of ports 16 LOGOUT Parent Name Saturn v User 1 Port v Figure 4 33 Device Cascade Detail Form 5 Complete the dialog box as follows Element Definition Device Name Parent Name Number of Ports Port Connected to User 2 Port Connected to User 1 Name of the secondary device or KVM switch The name of the primary KVM switch to which you are connecting the secondary device or KVM switch Number of ports contained in the device t
178. evice and console For example a serial console will establish a text based session a KVM console will launch the KVM viewer and an IPMI console will launch the SSH applet and connect to the IPMI SOL console Console configuration Select this to view the Console Detail form which includes the secondary form Console Notify Console Access and Console Group for the particular console record The Alarm Trigger name Click on the name to view the Alarm Trigger Detail form User assigned to the alarm Status of the alarm Select this to navigate to the Data Buffer log pertaining to the console v To View the Alarms Detail Form The Alarms Detail form contains detailed information about the ticket as generated by an alarm It allows you to re assign the ticket update the status and enter notes regarding the alarm or ticket To view the ticket information for an alarm follow the steps below 1 Click on the ticket number shown in Figure 3 3 Alarms List Form The form brings up the Alarms Detail form 50 APM Installation Configuration and User s Guide Alarms Web Access Edit info about ticket 1 admin tatus Assign The system is going down for system halt NOW Figure 3 4 Alarms Detail or Ticket Info Form Table 3 3 Alarms Detail Form Element Definition Assigned Users Dropdown box that lists all the assigned users for the current alarm Select a user to assign or re
179. f the APM 2500 or APM 5000 When the inner rails are correctly positioned the tabs will be to the rear of the APM and the front three holes in the inner rails will line up with the holes in the sides of the APM Attach the outer rails to the rack using the end brackets Be sure the open end of each outer rail is located towards the front of the rack a The shorter end brackets mount onto the front of the outer rails Use the two round screw holes in each front end bracket to mount it in a fixed position to its respective outer rail b The longer end brackets mount onto the rear of the outer rails The long slots in each rear end bracket can be adjusted to fit the bracket and outer rail assembly to the exact length of the rack Slide the APM 2500 or 5000 into the front of the rack so the inner rails engage into the outer rails Refer to Safety Considerations When Rack Mounting on page 28 of this chapter to ensure safety Plug the power cable into the AlterPath Manager box Insert the female end of the black power cable into the power socket on the console server and the three prong end into a wall outlet APM Installation Configuration and User s Guide Deploying the AlterPath Manager Note To help prevent electric shock plug the AlterPath Manager into a properly grounded power source The cable is equipped with a 3 prong plug to help ensure proper grounding Do not use adapter plugs or remove the grounding prong fr
180. f the DNS server cannot be accessed the default IP address of 192 168 1 20 will be assigned to Eth0 Eth0 is the only Ethernet port that can be configured to use DHCP Of course as always you can configure Eth0 with a static IP address if you wish Health Monitoring 10 This feature allows the AlterPath Manager to monitor on a periodic basis the consoles that are running on specified device to generate log files and to send an alarm notifications to specified users Health Monitoring is designed to ensure that in the event of a network failure remote sites are available and working properly An integral part of Health Monitoring is the Health Modem feature which monitors any modems that are being used to connect to a device either as a primary connection or as a backup Like Health Monitoring this feature has its own alarm trigger which the administrator can configure to generate log files and send alarm notifications to users APM Installation Configuration and User s Guide Key Features Console Wizard The console wizard allows you to define the consoles connected to a device by automatically defining the consoles using default and customized values The wizard configures the selected console s and applies them to the device The console wizard is designed to work with all types of devices including KVM net units and secondary units that are connected to the KVM net units Device Discovery The Device Discovery featur
181. f this user Checkbox to enable local authentication for the user NOTE Even if you are using another server authentication e g LDAP RADIUS it is advisable that you activate the password for local authentication in the event that your authentication server fails Button to display the password dialog box for setting the user password The full name of the user As indicated This field is also used by the Alarm Trigger to notify the user of any event or issue relating to consoles and other system areas delegated to the user The department to which the user belongs The physical location of the user or department The phone number of the user As indicated As indicated Status of the user Select Enable or Disable APM Installation Configuration and User s Guide Users Table 4 27 Users Detail Form Element Definition GUI Theme Drop down list to select GUI colors There is a choice of colors orange default blue gray and green The WMI takes on the color assigned to the user who is currently logged onto the APM Back Button to return to the previous page or form Save Button to save the configuration 4 Click on Save to complete the procedure v To Select Consoles for a User The User Console form allows you to assign one or more consoles for the current user To assign consoles to a user follow the steps below 1 From the menu select Users The sys
182. figuration return to the Devices List form 2 Place the mouse pointer over a device for which you configured a proxy setting A small box with the choices CLI and WEB will appear 3 Select WEB This will launch a browser window that displays the web pages of the selected device Configuration and Administration 117 Devices 118 Disabling the Proxy Setting Proxy type to none enabled will prevent any admin user from accessing the selected device s web user interface Direct Access To enable the AlterPath Manager to forward any http s data from any client workstation to the target web server such as the IBM Blade Center Management Module select the checkbox for Allow Direct Access Warning Allowing direct access provides no protection to the device or the web user interface Configuring Ports to be Proxied When Forward Proxy with or without ARP is enabled for a device the default proxied ports are 80 and 443 To change the opened ports see Changing the Ports to be Proxied on page 288 Dial Up and Dial Back Note Modems are supported on the APM E2000 only The Dial Up form allows you to configure the current device for dial up connection to the network The same form is also used to configure the device for dial back Currently the Dial Back feature only applies to ACS devices When an ACS unit is configured for dial back the AlterP
183. finition Devices Select devices for user access Add Delete Selected devices Tab or button to select the current form List box from which to select a possible list of user devices assignable to the current user Button to add a selected user device left list box to the Selected devices list box Button to delete a selected user device right list box and return it to the Select device for user access list box The list box that shows the device s assigned to the current user Viewing the User s Profile Groups Form The User s Profile Groups form displays the groups to which you belong To view the User s Profile Groups form 80 APM Installation Configuration and User s Guide User s Profile From the User s Profile Detail form click on the Groups tab The system displays the User s Profile Groups form Select groups for the user LOGOUT Selected groups Figure 3 26 User s Profile Groups Form Table 3 14 User s Profile Groups Form Element Definition Groups Select groups for the user Add Delete Selected Groups Tab or button to select the current form List box from which to select a possible list of user groups assignable to the current user Button to add a selected user group left list box to the Selected groups list box Button to delete a selected user group right list box and return it to
184. g Nodes List Node Name IP Address Redundant Fault Tolerant Configuration 5 seconds Message Period 5 seconds Configured State CRC v Shared Secret Key 192 168 51 1 Status 1 seconds PRIMARY v Enable v 192 168 45 1 192 168 458 196 Enter list of ips to ping separated by commas Current System Mated System APM APM_S 192 168 49 11 192 168 49 12 Figure 4 84 Detailed View APM Heartbeat Form for Primary Fail Over Time Dead Ping Time Out Authentication Service IP Ping Nodes List Node Name IP Address 1 seconds REDUNDANT Ld Enable v 5 seconds Message Period 5 seconds Configured State eRe w Shared Secret Key 192 168 51 1 Status 192 168 48 1 192 168 48 196 Enter list of ips to ping separated by commas Current System Mated System APM_S APM 192 168 49 12 192 168 49 11 Figure 4 85 Detailed View APM Heartbeat Form for Redundant Configuration and Administration 243 Redundant Fault Tolerant Configuration 244 Table 4 44 Definitions Used in Fault Tolerant APMs Term Definition Primary system Redundant system Current system Mated system The primary system is the system that runs under normal conditions Ideally this is always the case The redundant system is the syste
185. g steps 1 From the Users List form select the user for whom you will set a password The system will bring up the definition form for that user 2 Ifa password has not been set up from the User Details form select set password System brings up the Password dialog box 3 From the password dialog box enter the password twice and then click the Submit button From the User Details form click on the Local Password check box From the User Details form click the Save button APM Installation Configuration and User s Guide Groups Groups The Groups option allows you to create new groups of users consoles or devices as well as to edit or delete these groups The AlterPath Manager has three default groups e Device e Console e User The system does not allow you to edit or delete these groups You can edit and delete only those groups that you have created While you can assign devices consoles and users to groups using their respective menu options Devices Consoles and Users it is only through the Groups menu option that you can create groups LOGOUT s ri irmware Security Rules _ Info Reporting Description Default device group Default console group Console Default user group User Pros Device Advanced Pros Console Filterby All Group Types Searchifor Figure 4 54 Groups List Form v To Create a Group To create a new group foll
186. g the secure shell SCP program Backing Up Log Files to a Remote Server You can copy rotated logs to another server that is more suited for holding large amounts of log data using the following command line syntax save rotated log user host file flush now Where flush deletes the current rotated logs now forces an immediate log rotation The destination file is mandatory and must be the first argument The order of the options flush and now does not matter the system will perform the actions in the same order save flush rotate regardless of the options given If you supply user host the logs are transferred to a remote machine under the privileges of the specified user If you do not supply user the system will assume that the current user is the remote one For remote destination ensure that the remote machine is prepared to accept connections to ssh service on port 22 If only the file name is supplied the system will copy the logs locally You can include path names as part of the file name System Recovery Guidelines 298 In the event that the AlterPath Manager goes down the system will check the integrity of the file system during the restart If a problem is found then the system will attempt to repair any damage that may have occurred When performing a recovery procedure if there is too much damage you have the option to stop the booting process and take recovery actions through t
187. ge 4 Complete the rest of the tabbed forms as necessary v To Edit a Blade or Switch To edit a blade or switch 1 Select Consoles from the menu 2 From the Consoles List form select the blade or switch you wish to edit and then select the edit link 3 Complete the rest of the tabbed forms as necessary Note For more detailed information on how to use the Console Details Access Notify and Groups forms see Consoles on page 166 of this chapter 224 APM Installation Configuration and User s Guide Security Rules Security Rules A security rule defines a set of rules or conditions regarding a user s access permissions and limits for accessing the AlterPath Manager and its features The Security Rules feature allows the administrator to centrally create rules for as many user authorization levels as necessary Each time a user requests a page the system checks the security rule Security rules deal with source filtering network interface restriction time and date restrictions and authorization rules that are applied to each user You can apply security rules to users and user groups The Default rule is the rule of the default group User The conditions you configure in the Default rule are automatically applied to all users except Admin users This rule cannot be deleted Note To configure users and user groups go to Users gt Groups The Defaul
188. gs out When disconnected no data buffer or alarm is available 130 APM Installation Configuration and User s Guide Devices Difference between Auto Upload and Manual Upload From the AlterPath Manager interface there are two ways in which you can upload your device configuration to the console server s e Auto Upload e Manual Upload When the Auto Upload box is checked from the Device Definition form every time you make a change to a Device or Console parameter or the Device Default Gateway the change is automatically uploaded to the console server after you select Save from the form With Manual Upload i e the Auto Upload in the Device Definition form is unchecked and you upload by selecting Upload from the Device List form all changes are cached into the AlterPath Manager until you select the Upload button While automatic uploading saves you from having to open the Device List form and clicking the Upload button be aware that configuring in automatic mode can lead to slow system response due to excessive uploading Modem Dialing Capability for Remote Access to Devices The AlterPath Manager E2000 has modem dialing capability to enable complete out of band access to remote console server devices The protocol used to dial out is PPP To use this feature you must set the Status to OnDemand from the Device Detail form and configure the appropriate PPP settings The AlterPath Manager
189. hat you may need to access and manage your devices are e Consoles List form e Console Detail form e Firmware form e Profiles form Because target consoles are part of your devices it is often necessary to work with device and console management forms together Also you may need to refer to the Firmware form for any information you might need pertaining to device firmware When new ACS or TS firmware is imported through the AlterPath Manager the new firmware is added to the database and is reflected in the Firmware List form and in the Firmware Boot dropdown list in the lower left region of the ACS or TS Device Details form 106 APM Installation Configuration and User s Guide Devices Device List Form The Devices List form which is the default devices form allows you to view a list of devices that are configured in the AlterPath Manager From this form you can add modify or delete devices LOGOUT Profiles Firmware Security Rules Info Reporting Jobs Upload Firmware Status Required V _2 3 1 Jul 14 2005 Required V_2 3 1 Jul 14 2005 Required V_2 3 1 Jul 14 2005 Required V_2 3 1 Jul 14 2005 Required V_2 3 1 Jul 14 2005 Required V_2 3 1 Jul 14 2005 gD E OnDemand OnDemand OnDemand OnDemand OnDemand OnDemand Filter by DEVICE Search for Ii Search Add Delete Upload I Auto Discover Figure 4 8 Devices List
190. he ACS to dial back the connection Required CLI configuration This dial back feature is configured mostly from the web interface Admin Mode Devices gt Dial Up There are however three parameters that you must configure from the CLI e From the ACS create a user by using the Linux command and syntax adduser lt ppp user gt Note This must be the same PPP user configured in the AlterPath Manager Dial Up form e Also from the ACS set the password for the ppp_user in the ACS using the command and syntax passwd lt ppp_ user gt Note This must be the same PPP password configured in the AlterPath Manager Dial Up form e From the AlterPath Manager go to var apm apm properties file and add the APM phone number in the parameter dial apm_phone_number lt phone number gt Note The AlterPath Manager allows only one phone number for this parameter so that there is a hunt group configured to point to only one phone number Optional CLI Configuration The following parameters with examples are OPTIONAL From the AlterPath Manager edit the file var apm apm properties to e Define the PPP idle timeout in seconds ppp idle 600 APM Installation Configuration and User s Guide Modem Dial Back for ACS e Exclude modems from the modem pool by listing the modems to be excluded modem pool exclude ttyPS2 ttyPS3 e Select modems that will never be used for dial in
191. he AlterPath OnSite Interoperability and Compatibility with Modem Vendors The AlterPath Manager E2000 s serial port s work with the following external modem manufacturers products that provide encryption within the modem setup process e Hayes e Motorola e US Robotics The AlterPath Manager supports dial out and dial back capability through the following e PCI modem e built in serial card required to connect external modems supporting encryption Note The APM 2500 and the APM 5000 do not have AUX ports and they currently do not support any modems Power Management Support The AlterPath Manager supports AlterPath Power Management PM devices that are connected to devices managed by the APM This feature allows you to create new Intelligent Power Distribution Units PDUs and manage IPDUs through the APM The APM also allows you to control the outlets of any IPDU and associate IPDU outlets with specific consoles on a device managed by the APM 16 APM Installation Configuration and User s Guide KVM net Support KVM net Support The AlterPath KVM net is a Cyclades stand alone networking device similar in concept to a console server The user connects through a program over an IP connection and the KVM net switch routes the application to one of its ports to connect directly to the keyboard video and mouse ports of a target server In the network you can install a KVM net with 16 or 32 KVM ports i e
192. he Health Monitoring System ceesceeeeeeeeees 134 To Run the Console Wizard ccccscccssecesecesseeeseeceseceeeeeeeesaeeeaeenes 136 To Run the Device Discovery Wizard ccccccsseceseceseceeseeeteeenseenes 143 To Connect toa Devic a eden ede aati Sa a 146 Fo Del te a IDC VICE ea Nea e scant a a sev a i 147 To Delete a Device from a Group snes a idainnna een 147 To Upload Firmware to a Console Device ccceecceeeeeeeseeeteeeeeees 148 To Configure Escape Sequences and Idle Timeout eee 150 To Cascade a Secondary KVM to a Primary KVM ce eeeeeeeeeees 153 To View the Alarm Trigger List Form ssss csecsscccdeasseiesendeecd eecasesseeesss 157 To Create an Alarm POO 23 14 5251 nc dendocsance ssatdsasnetslaubentmuranae 158 To Delete an Alarm Ti G0 et cusace corte uistenieastaasecnccaancau bercartuncsce 160 To Configure the Health Monitoring Alarm Trigger 162 To Adda New Pirotile sccisyacge sete seattle tuneen an a 164 To Modify a POP Cc neznieneniernnnennnn nonn ua aa 166 To View the Console List so ct0 neasrecn i Acesclatecdst eateries nchataas 168 To Add a Serial Console sy30 dscns eienne ea ee 169 To Select Users to Access the Console ccccecccecesecesecseeeeteeenseeees 176 To Select Users to be NOt ed 5 22 scodesedo sc ads cova seacastenc tags ds Saaresvedeetvaers 177 To Assign the Console to a Group cccccescesceesceesceesseceeeeeseeesaeenes 178 To Delete a Console from a Group
193. he Serial Port Parameters root APM gregg root setserial dev ttyso dev ttyS0O UART 16550A Port Ox03f8 IRQ 4 setsmtp Set the Email Server s IP Address root APM gregg root setsmtp Enter the email SMTP server smtp lt your domain com Configuration changed x Execute saveconf to save the new values in flash date Set the Date and Time Note Date format is JMMDDhhmm CC YY SS root APM gregg root date 083122552005 Wed Aug 31 22 55 00 PDT 2005 Changing the Escape Sequence There are two ways to change the escape sequence e Locally From the console session use option Ece refer to the table of help above for e to change the escape sequence It applies only to the current console session Once you log off the escape sequence is deleted e Globally Change file var apm bin con as below To make it permanent you must include this file in etc files list and then run saveconf original line in var apm bin con exec var apm bin console Mlocalhost 1 USR 1 Advanced Configuration 273 Working from a CLI 274 modify this line to have e lt escape seq gt Note In this example esc seq Az exec var apm bin console Mlocalhost e Az 1SUSR 1 The result of this change in the console session is as follows arnaldo hp arnaldol arnaldo hp arnaldo ssh ladmin acs8 02 192 168 47 86 Password Console on demand please wait Enter A
194. he serial console as follows 1 Rebuild system partition 2 Rebuild database 3 Rebuild data log partition The rest of the configuration process is done through the GUI web interface APM Installation Configuration and User s Guide Root Password Recovery If the AlterPath Manager goes down you will still have direct access to ports and consoles but you will need to redefine the devices Root Password Recovery In the event of a forgotten or mistyped the root password the APM s main system administrator e g the root user will need create a new password The root user is the only user who has this capability v To Recover a Root Password Caution This is a security issue This procedure can be performed by anyone with physical access to the APM s serial console port The only way to prevent an unauthorized person from gaining full administrative access to the APM is to restrict physical access to the APM 1 Be sure there is a console terminal set up and connected to the APM s console port See To Log Into the Serial Console Port on page 256 if you need to set this up 2 While you are close enough to the console keyboard to have physical access reset the APM See the section Connectivity and Capacity on page for illustrations of locations of reset buttons on the different APM models The APM will start to reboot after a few seconds 3 Be ready at the console terminal When the following
195. he wrong device or perform invalid upgrade operations The Firmware form provides a management tool for you to Import firmware updates e Keep track of firmware updates e Document any comments regarding the particular firmware e Access manuals and release notes Firmware Management consists of two forms e Firmware List form Firmware Detail form Any firmware that you add to the Firmware List form is also reflected in the Firmware Boot pull down list that appears in the Device Detail form The next time you create a new device the system will prompt you to upload the new firmware as necessary The last part of this section provides instructions on how to upgrade the AlterPath Manager firmware Firmware List Form You use the Firmware List form to open the Firmware Definition form and to add or delete firmware Configuration and Administration 197 Firmware 198 help admin connected to 8 162 Access WY Admin about Users Consoles Devices FW Version Boot Version Release Manual Version Model Status V_2 0 0 1a Aug 18 05 Alternate Boot 2 0 7 Apr 21 04 2005 08 19 KVM net manual KVM net16 KVM net32 Enable Figure 4 58 Firmware List Form For an explanation of each form field refer to Table 4 28 on page 200 v To Add Firmware Note Firmware files tgz are normally downloaded from the web and copied into the AlterPath Manager via Secure Copy SCP
196. his console server Select the console s to be configured by the wizard Edits any settings for consoles connected to this console server Confirms your previous edits and selections Select Finish to save configuration or select Back to re edit Indicates the percentage complete and displays any messages or errors This page is shown if you did not check Auto Upload in the Device Details form Configuration and Administration 135 Devices Table 4 13 Summary of Console Wizard Forms Wizard Form Function Console Creation Finish This page is shown if you did not select Auto Upload from the Device Details form v To Run the Console Wizard To Run the Console Wizard follow the steps below 1 From the Device List form select the device you wish to configure and then select Edit to modify an existing device or select Add to configure a new device a Ifyou are configuring a new device you selected Add the system displays a pull down box that lets you select device types Select the type of device that you want b Click the Select button The system displays the Device Details form LOGOUT Details Users Notify Groups Proxies KVM Viewer Log Rotate Mars Type Onsite LONSA41 ia Location Fremont admin Admin Password static M MAC Address f 192 168 48 199 Netmask 255 255 252 0 192 168 481 DNS faziea ssh Domain A 7001 St
197. ialog box s internal Set Password button Viewing the User s Profile Consoles Form The User s Profile Consoles form displays the Consoles to which you have access Click on the Consoles tab The system displays the User s Profile Consoles form 78 APM Installation Configuration and User s Guide User s Profile LOGOUT Devices Groups Security Select console to user access Selected consoles Figure 3 24 User s Profile Consoles Form Table 3 12 User s Profile Consoles Form Element Definition Consoles Tab or button to select the current form Select consoles for user List box from which to select a possible list of access user consoles assignable to the current user Add Button to add a selected user console left list box to the Selected consoles list box Delete Button to delete a selected user console right list box and return it to the Select console for user access list box Selected consoles The list box that shows the console s assigned to the current user Viewing the User s Profile Devices Form The User s Profile Devices form displays the groups to which you belong To view the User s Profile Devices form Web Access 79 User s Profile Select device to user access LOGOUT Security Selected devices Figure 3 25 User s Profile Devices Form Table 3 13 User s Profile Devices Form Field De
198. ice Definition form e IP Address Netmask or MAC Address Admin Username Admin Password v To Run the Device Discovery Wizard To run the Device Discovery Wizard follow the steps below 1 Log in as admin or as a user with an admin profile to the AlterPath Manager From the menu select Devices From the Devices List form select the Add button to configure the ACS TS or KVM net From the resulting Device definition form if you are using static IP mode complete the input fields with particular attention to the following e Device Name e Type and Model must match e Enter the Admin Name and Admin Password from the configured device IP Address and Netmask from the configured device e Select Static from the IP Mode pull down box e Place a check mark in the Auto Upload box If you are using internal DHCP mode select IP Mode as int_dhcp and include the ACS TS KVM net or OnSite MAC Address To start the Console Wizard select the Save amp Auto Discover button The system displays the Warning page shown in Figure 4 17 Console Wizard Warning Message which alerts you to the fact that existing consoles will be overwritten if you follow through with the configuration Note The ACS with SW version 2 3 1 and later is shipped with all ports disabled by default Auto Discover will not find ports that are disabled and Configuration and Administration 143 De
199. ickdccsckauecctl ade eden ghene 179 To Connect to a Consol Gsstisscckas jac cased tehcaeebiicn tats ienncabieccuete diane clued 180 AlterPath Manager Installation Configuration and User s Guide Procedures To Initiate Log Rotate Manual Operation 0 ccccscesseeeteeeeeeeees 181 To Set Log Rotation in Auto Mode wu ccc ceecceesceeseeeeteceeeeeeeenseenes 181 To Add an IPMI Console from Console Detail Form 04 182 Fo Activate PMI e a a a a tatelnin aces estate 182 OA AWS Cia aonya el ences ecg weet a 184 To Select Consoles tor a User e c7 voce Ga edie Nees 187 To Select DEVICES for a WSC eitsctsncinvisdsnesccdsuuecas hee na airian 188 To Select User Groups for a USer 3 0ccsssieckdscctescoresviatssccsssisataseestanes 189 To Seta Users Security R lessceruisssienrarnreni eree 191 To Delete Ai Usern dai ir S E RAES ET E ES 191 To Delete a User from a Group sssssssseessessssseesessresseesreseesseseesese 191 To Configure the Local Password c cccccesscceseceeeceeseeeseeeeteeeteeeees 192 Te Create a Group cries een E EE K nes 193 To Add Members to a Group cccccesccssscsssseeseecsseceseceeceeeaeecnseceeenees 195 To Delete a GOUD 24 fips ia an aa a a a A a Aa 195 To Assign a Security Rule to a User Group ss ssesesssessesssesrsseesee 195 ToAdd Firmware osii sanded st snaee one E E E E O A EAS 198 To Delete FimMWaTe ninnisin e e a e ai 199 To Upload Firmware to Console Devices
200. iewing the User s Profile Devices Form ccceeceeseeeseeeees 79 Viewing the User s Profile Groups Form ccceeeeeeseeereeeeees 80 Viewing the User s Profile Security Form 200 0 ceeeeeseeeeeeeeeee 82 ll Chapter 4 Configuration and Administration 85 Operational Mod s sync csts diveslesu ss ce sigres si Bdesis Cocalo Nsudeunt cy ares sissies ses 86 Configuration Process FloW saya haere eae ane 87 First Time Configuration Wizard ssiscssseaiusseisiatslech aeliacadnoes 88 First Time Configuration Wizard An Example s ssssesesessesseeeese 93 Setting the Authentication Method ssssssssssssesseesesssesseessesessee 96 Configuring Active Directory ss sesessessesessssessessresressessessressesse 97 Limitation of TACACS Plus in ACS Console Access 97 Hostname Configuration Must Follow RFC Standard 97 Multiport Ethernet Card Configuration essseseeeseesesseseesesseseesee 98 Disabling HTTP to Use Only HTTPS o ee e ee ceeeeeeeneeereeeeeeeees 98 AlterPath Manager Web Interface Admin Mode ce seeeeseeneeeeees 99 Parts of the Web Management Interface cece eeeeeceeeteeeteeeees 101 Relocating Online Help va c5s 5 cots oaccesuncsgeadsegoeteeuastueeceioaceeareaiare 102 Sorting Filtering and Saving a List Form ce eeeeeereeeeees 102 Using the Form Input Fields 302 sacs ceseadesseusse duct battens saaretentsers 103 Verifying Error Messages l
201. igned for regular users who will use or operate the application after the AlterPath Manager administrator has completed the configuration procedures discussed in Chapter 4 APM Installation Configuration and User s Guide Pre Configuration Requirements Installation Note For a list of internet browsers and Cyclades device firmware versions supported by the AlterPath Manager refer to Appendix A Technical Specifications To Configure the COM Port Connection and Log In The console port is used for the initial configuration also known as First Time Configuration in this document which is performed using the Console Interface via serial console connection First Time Configuration establishes the superusers for the Console Interface hardware configuration and the web interface AlterPath Manager connectivity and system settings is also set up during First Time Configuration Configuration through the web interface is discussed in the chapter Configuration and Administration Before using the terminal make sure it is configured as follows 1 Select an available COM port In HyperTerminal Start gt Program gt Accessories gt Communications gt Hyper Terminal select File gt Properties and click the Connect To tab Select the available COM port number from the Connection dropdown 2 Configure COM port Click the Configure button Your PC considered here to be a dumb terminal shou
202. ile user a regular user granted administrative profile rights can have access regular user mode access or admin access to one or more devices as well as to one or more consoles if that user has been granted such access by the administrator in the user s access control list In addition when the admin profile user creates a device the admin profile user also has access to all the device s consoles If the Blade Module is enabled the Console List form also shows the console name for each supported blade server Right clicking a console name enables the user to select KVM VM or CLI or to power on or power off based on the user s access rights defined in the Security Rule Centralized Data Logging System The APM E2000 2500 5000 captures all console log messages and writes them to its internal hard disk drive This provides a secure and permanent storage of important console log information Data logging will work with 6 APM Installation Configuration and User s Guide Key Features permanently connected devices on Console Servers Terminal Servers and OnSite serial ports The console log capacity is 20GB which is about 80MB for each of the APM E2000 s 256 maximum possible concurrent data logging sessions The secure online offline storage ensures availability of all important console messages The APM 2500 and APM 5000 have a base Data Logging Session DLS capacity of 64 This capacity can be expanded through a DLS f
203. ils Form Field Meaning Description Brief description of the console Location Physical location of the console Machine Type Type of machine connected to the console Machine Name Name of machine connected to the console OS Type Type of operating system OS Version Version of operating system Connection Drop down list Method used to establish a console connection ssh telnet or raw data Status Drop down list Enable Disable OnDemand Authentication Drop down list to select the type of NNM Selection Name Remote Data Buffer authentication for the AlterPath Manager to access the console port Network Node Management name to be used if you are configuring this port to be monitored by an HP OpenView server The size of the remote data buffer in bytes Filling in this field enables remote data isabl O tO disable logging by ACS TS Back Button to revert to the last page or form Save Button to save the configuration 4 Complete the Console Detail form as necessary 5 Click on Save to complete the procedure 172 APM Installation Configuration and User s Guide Consoles Console Type KVM Selecting KVM as the Console Type displays the Console Detail form below The Console Detail form for KVM allows you to configure the KVM ports for a KVM net switch or KVM ports for an OnSite switch LOGOUT s Info Reporting Jobs Details Users ACL Notify Groups Outlets
204. imeout and escape sequences that are pre configured in the KVM program You can however change any of these values Idle Timeout refers to the time in minutes it takes the system to timeout or drop the connection after it remains idle To configure the aforementioned settings for the KVM viewer follow the steps below 1 From the menu select Devices The system displays the Device List form 2 From the Device List form select the Edit column of the KVM device you wish to configure The system displays the KVM Device Details form 150 APM Installation Configuration and User s Guide Devices p recoss Y amn EES TE o C Details Users ACL Notify Groups Proxies KVM Viewer DialUp Log Rotate Device Name Saturn Type KvMnet Modet KVMneti6 Location Fremont Admin Name root Admin Password Set Password IP Mode static E MAC Address DOOL IP Address 192 168 48 16 Netmask 255 255 252 0 Default Gateway 192 168 481 DNS 192 168 44 21 Connection ssh m Domain cyclades com Status OnDemand Auto Upload o Health Monitor gaily Firmware Boot _2 0 0 1a Aug 18 05 Alternate Boot 2 0 7 Apr 21 04 lt Back Reset Save Save amp List Cascade Save amp Create Consoles Save amp Auto Discover Figure 4 30 KVM Device Details Form 3 From the Device Detail form click on the KVM Viewer tab The system displays th
205. ing p I HANDSHAKE ATA TIMEOUT 60 CONNECT STATUS Connected p I HANDSHAKE Ht HHHHHHH H OH 3 Modify the all initchat section by removing all the symbols from the beginning of each line in the section 4 Change the first line of all initchat to sxx initchat where xx is the number of the serial port to which the external modem is attached 310 AlterPath Manager Installation Configuration and User s Guide The section should now appear as follows sxx initchat TIMEOUT 10 uw da 1 dATZ OK r n ATZ OK r n TIMEOUT 10 ATMO OK r n TIMEOUT 3600 RING STATUS Incoming p I HANDSHAKE ATA TIMEOUT 60 CONNECT STATUS Connected p I HANDSHAKE 5 Go to the all autoppp section of the etc portslave pslave conf file The all autoppp section will appear as follows when the file is first opened all autoppp i j novj proxyarp modem asyncmap 000A0000 noipx noccp login auth require pap refuse chap mtu t mru t ms dns 192 168 160 5 ms dns 0 0 0 0 plugin usr lib libpsr so H H H 6 Remove the symbols from the beginning of the first 4 lines in this section Optionally you can remove the two remaining lines that begin with ms dns 192 168 160 5 ms dns 0 0 0 0 and plugin usr lib libpsr so Note If you do not remove these two lines le
206. ing the primary and redundant APM will start up the synchronization The heartbeat redundancy data synchronization and failover support will not be activated until synchronization completes 37 Check the status of the synchronization by logging onto the console of either APM and entering the command etc init d drbd status A display similar to the following shows the synchronization progress root APM SW root etc init d drbd status drbd driver loaded OK device status version 0 7 13 api 77 proto 74 SVN Revision 1942 build by root hp 2005 11 16 10 15 30 0 cs SyncSource st Primary Secondary 1d Consistent ns 38354608 nr 92957432 dw 92965012 dr 38355456 al 17 bm 20242 10 0 pe 2105 ua 1917 ap 0 ss edhe es sync ed 41 7 52436 89876 M finish 0 59 04 speed 15 124 17 052 K sec 1 cs SyncSource st Primary Secondary 1d Consistent ns 37298944 nr 51081528 dw 51088628 dr 37317968 al 13 bm 12093 10 0 pe 2071 ua 2027 ap 0 gt sync ed 73 0 13469 49879 M finish 0 13 54 speed 16 504 16 636 K sec root APM_SW root Configuration and Administration 251 Redundant Fault Tolerant Configuration When the synchronization of the two APMs is complete the display be similar to the following root APM SW root etc init d drbd status drbd driver loaded OK device status version 0 7 13 api 77 proto 74 SVN Revision 1942 build by root hp 2005 11 16 10 15 30 0 cs Connected st Primary S
207. ings Form Page 1 0 0 eee 140 Edit Console Settings Form Page 2 ceeeeee 141 Confirm Console Edits Form Page 1 142 Adding Console Wizard cccccccccscceseeesseeteeeteeeees 144 Selecting Devices for Multiple Auto Discovet 145 Selecting the CLI Option for a Device eee 146 Connection to a DeViCe ecceeccessccessecsteceteeseeeeenees 147 Device Firmware Upload c cjs3 cistsaseneaionsacweientss 149 KVM Device Details Form ccccecceseeeeeeereeeeees 151 KVM Device Viewer Form cccccceseeseeeereeesees 151 Device Cascade List Forms a 0 i accxe ute wean 154 Device Cascade Detail Pony niiccinssstees getdecesses 155 Alarm Trigger List Orn 5 ccseedsesecctatssetstenrecss 158 Alarm Trigger Detail Form ceeeeeeseeseeeeeeeeeees 159 Health Monitor User Entry Field eee 161 Health Monitoring Alarm Trigger Detail Form 162 Profiles List Kor cccsaisnw dine denntenas da nadies 164 Profile Detail Form 13 assie esse eute oes tarsi ceceaters 165 Consoles List Form sc cccscnneianacnaatidr aes 169 Creating New Console Form ccccescceeseereeeneees 170 Console Detail Forint 8csss siisincudteniesitiectaastiedies 170 Enabling RDP on KVM net or KVM net Plus Console POE lt usatensechey accuses acct E A E wea se 175 Configuring or Editing an RDP Only Console 176 KVM Console Users Forming icc ies tasiceasin 177 KVM Console Notify Form ccccceeeesce
208. insecure networks based on the key distribution model It allows individuals communicating over a network to prove their identity to each other while also preventing eavesdropping or replay attacks It also detects modifications and prevents unauthorized reading How Kerberos Works On a kerberized network the Kerberos database contains principals and their keys for users their keys are derived from their passwords The Kerberos database also contains keys for all of the network services When a user on a kerberized network logs in to their workstation their principal is sent to the Key Distribution Center KDC as a request for a Ticket Granting Ticket TGT The login program sends the request so that it is transparent to the user or the kinit program sends it after the user logs in The KDC checks for the principal in its database If the principal is found the KDC creates a TGT encrypts it using the user s key and sends it back to the 290 APM Installation Configuration and User s Guide Creating the krb5 keytab for Kerberos Authentication user The login program or kinit decrypts the TGT using the user s key which it computes from the user s password The TGT which is set to expire after a certain period of time is stored in your credentials cache An expiration time is set so that a compromised TGT can only be used for a certain period of time usually eight hours unlike a compromised password which could be used un
209. ion and User s Guide Web Access for Users 4 If applicable type in your notes or comments in the Notes text entry box 5 Select Save to complete your entry Web Access for Users Consoles Devices Web Access Users can access consoles and devices when they have been granted permission to do so by the AlterPath Manager admin user Devices that can be accessed include ACS e TS e KVM net e OnSite Consoles that can be accessed include e Serial ports on the ACS TS and the OnSite e KVM ports on the KVM net and OnSite To Access Consoles or Devices 1 Log onto the WMI 2 Select Consoles Devices from the main menu You will see a list of consoles in the first column if you have been granted permission to access any consoles At the bottom of the form the filter by pull down menu shows CONSOLE 3 Select DEVICE from the filter by pull down menu You will see a list of devices in the first column if you have been granted permission to access any devices 4 Click on either a console or a device shown in the first column You will be shown two buttons VIEW and CLT 53 Web Access for Users LOGOUT a Consoles Devices E O Namet Ime Device Port Location Status Jupiter TS Jupiter Fremont Enable view a Satum KVMnet Satum Fremont Enable Filter bys DEVICE JySearch fore Search Figure 3 6 Selecting a Device
210. ion 119 Devices 2 Complete the form using the table below as a guide Table 4 5 Dial Up Form Element Definition Modem Mode Drop down box to select how you want your PPP connection to be used Disabled default value Primary Network uses a modem connection as the primary way to connect to a device The connection is dropped when the last user disconnects Network Backup uses a modem connection only if the network connection is unavailable PPP Phone If Modem Mode is enabled either as Primary or Network Backup then this field is required for PPP connection Enter the complete PPP phone number to establish PPP connection to a device or console via web interface CLI or SSH Dialback Mode Select whether to enable or disable dialback mode ACS only PPP Device IP If this is blank the device IP is used for PPP modem connection PPP Local IP If this field is blank the AlterPath Manager IP is used for PPP Automatic PPP IP Check box when selected PPP Device IP and PPP Local IP are automatically detected ACS and TS only PPP Auth Method Drop down box to select the authentication method PAP or CHAP PPP User The username of the modem or dialback user 120 APM Installation Configuration and User s Guide Devices Table 4 5 Dial Up Form Element Definition PPP Password The password to be used to authenticate the dial back user Enable OTP Check box to enabl
211. ion Hot Keys For your convenience the console session hot key commands viewable by pressing Ctrl Shift e c are summarized in the table below Each command must be preceded by Ctrl Shift e c abbreviated in the menu as Ec For example to send a broadcast message you must press Ctrl Shiftte and then c and then b Table 5 3 Console Applet Ec Command Set Command Action Command Action disconnect a attach read write b send broadcast message c toggle flow control d down a console e change escape sequence f force attach read write g group info i information dump 1 break sequence list letter el 10 send break per config file 11 9 letter send specific break sequence el one nine o re open the tty and log file p replay the last 60 lines r replay the last 20 lines s spy read only u show host status v show version info w who is on this console x show console baud info z suspend the connection lt cr gt ignore abort command print this message AR replay the last line ooo send character by octal code Off power off On power on Os power status To exit from the CLI press Ctrl underscore Advanced Configuration 263 Working from a CLI Set Commands The following set commands are available to enable you to manually and individually configure specific AlterPath Manager settings from the Linux shell setauth Set Authentication Page 265 setboot Set the Network Boot Utility Page 2
212. ion and Administration Copy the IPMI license file that you purchased from Cyclades into the following directory on your APM var apm licenses data APM B IPMI enc 127 Devices 128 The example below shows the Device Detail form for the device type IPMI The device configuration for IPMI is actually the configuration for the IPMI Baseboard Management Controller BMC that is embedded in the system The input fields and buttons for this form are also similar to the other Device Detail forms with the exception of the following Table 4 8 Devices Details Form IPMI Element Definition Authentication Dropdown box to select the authentication Information type Encryption Required Dropdown box to select the encryption type Group Membership The groupname to which the device belongs Power Control Enabled Power On Power Off Display Sensors Log Y N to enable disable power control Button to switch on the IPMI server Button to switch off the IPMI server Button to display a new form that contains two tabs for viewing sensors or logs from the BMC respectively When you configure an IPMI device the AlterPath Manager will allow you to create one console which uses the device name as a root and adds 01 There are two ways you can create this console e From the current IPMI Device Detail form e From the Console Detail form v To Use the IPMI Device Detail Form to Add a Console 1 Open the IPMI Devic
213. irmware Detail Form Element Function Model Model number of the device s supported by the firmware FW Version Firmware version Release Date Boot Code Version HW Revision Release date of the firmware Type of bootcode and version number Hardware tied to the firmware version 200 APM Installation Configuration and User s Guide Firmware Table 4 28 Firmware Detail Form Element Function Manual Version As indicated Manual A link that launches the PDF version of the manual FW Dependency As indicated Release Notes A link that launches a browser window with the release notes associated with the firmware Comments A scrollable field that contains notes of hardware and software dependencies Status Indicates Enable or Disable status v To View and Access Firmware Information 1 From the Firmware List form select the particular Firmware Version you wish to view The form brings up the Firmware Details form From the Firmware Details form you can do any of the following To access firmware documentation select Manual To access Release Notes for the current firmware select Release Notes Type in notes in the Comments input text box and then select Save to enter notes and comments about the current firmware 5 Ifneeded enter the status Enable or Disable of the firmware installation or update v To Upgrade the AlterPath Manager Firmware You ma
214. ith LDAP o c cc eeccescceeceeceeeseceteeseeeeeseeeaeens 292 Open LDAP cirin aa a a ake fan vidasts cans a Ea i aes 293 Disabling HTTP to use only HTTPS occ cecceseeeeeeeeeeeeteeeeeeees 294 BUI WAC sc 2eva sea Waa ghisece tna thers Eea Avan RAE a thats Ria read aa 294 Backing Up User Data iicee csis aie isttuele esata anaes 296 Backup and Restore Scenarios cecceeecceesceesceeeteceneeeeeeenseeesaeenes 297 vii viii Backup and Restore Commands ccccceesceeseeeseeetseesteeeteeeees 297 Managing Log Files cess ce ccunvacaiviysi i a e RAT a 297 Where Log Files are Archived 2 32 3 oscatniartssenetedan tadtse 297 Backing Up Log Files to a Remote Server sesesesessseseesessesee 298 System Recovery Guidelines s nssssessesseeseossessesrosseeseesressesreseesressee 298 Root Password Recovery e sesssesssesessssessesessseessessessressessessresseesresressee 299 Changing the Database Configuration 20 0 0 eeceeceseceteeteeneeeneeeneees 300 Restoring Your Configuration sssssessesessssessessrssressessessresseesresressee 301 More About Importing Certificates ecceeeeeseeseeeseeeeteeeees 305 Appendix A Technical Specifications 307 Hardware Specifications s 25 c cc seiseseeddsdeastundescsecepuescesedecetenasteasts 307 Software Specifications 24 c a5sc cunsusc avaasseeeluanani aan 308 Appendix B ACS Modem Configuration 309 Appendix C DLS Activation cceeeseseeeeeeee
215. kk WARNING changing system files directly is dangerous and may adversely affect your system s functionality Proceed with caution and only if you know what you are doing kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk Advanced Configuration 261 Working from a CLI The foregoing banner message displays briefly and then it is replaced by the following banner and prompt Please choose from one of the following options Ly CLI 2 Shell Prompt 3 Quit Option gt To select CLI enter 1 at the prompt as shown below to start the sequence Option gt 1 User admin AlterPath Manager V_1 4 0 RC1 10 10 2005 CLI admin Mgr gt man list console connects to a console consolelist lists all consoles you are allowed to access page prints all lines in a console s logfile searchlog prints lines in a console s logfile that match a pattern man lt command gt to get help text of lt command gt admin Mgr gt consolelist Jupiter 01 port 1 Jupiter 02 port 2 Jupiter 03 port 3 Jupiter 04 port 4 toshibaserver port 4 admin Mgr gt console toshibaserver Console on demand please wait MAX CONNECTIONS 256 Enter Ec for help Enter Ec to disconnect admin 7004 192 168 48 199 s password Authenticating Please wait Connected 262 APM Installation Configuration and User s Guide Working from a CLI Console Sess
216. l console interface edit the file var apm apm properties 2 Add the AlterPath Manager dial back number in the following parameter dial apm_phone_number lt phone number gt One Time Password Configuration Note Modems are currently supported on the APM E2000 only One Time Password is configured on the Dial Up form when you are either adding or editing an ACS configuration An example One Time Password setup form is shown in Figure 4 13 122 APM Installation Configuration and User s Guide Devices LOGOUT rofiles Firmware Security Rules Info Reporting Jobs Dial Up Log Rotate Network Backup 555 1234 Dialback Mode Enable PAP v Set Password 3 Set Passphrase wase Reset Sequence lt Back Reset Save Save amp Create Consoles Save amp Auto Discover Figure 4 13 Dial Up Form with One Time Password Setup To Enable the OTP Authentication for Dialup Caution It is strongly recommended that you do not attempt to upload firmware using a modem connection 1 Set the Modem Mode field to either Primary Network or Network Backup This enables the Enable OTP check box and causes the field labels PPP Phone PPP User and PPP Password to turn red indicating the requirement to fill in these fields Note If you check the Automatic PPP IP check box the PPP Device IP and PPP Local IP fields will not ne
217. lash flash config config tgz done setethernet Set Ethernet Speed and Duplexing Note Gigabit Ethernet is available on the APM 2500 and APM 5000 only 268 APM Installation Configuration and User s Guide Working from a CLI Note Ethernet and other expansion cards are not supported on the APM 2500 root APM gregg root setethernet Current Ethernet eth0 speed duplex settings AUTO Change Ethernet ethO speed duplex Y es or N o N Choose the correct operation mode 1 Auto negotiation 2 10 Mbps full duplex 3 10 Mbps half duplex 4 100 Mbps full duplex 5 100 Mbps half duplex 6 1000 Mbps full duplex 7 1000 Mbps half duplex Enter the number corresponding to your choice 1 1 Enabling auto negotiation for etho Current Ethernet ethl speed duplex settings AUTO Change Ethernet ethl speed duplex Y es or N o N Choose the correct operation mode 1 Auto negotiation 2 10 Mbps full duplex 3 10 Mbps half duplex 4 100 Mbps full duplex 5 100 Mbps half duplex 6 1000 Mbps full duplex 7 1000 Mbps half duplex Enter the number corresponding to your choice Enabling auto negotiation for ethl FL 2 Configuration changed xxx Execute saveconf to save the new values in flash Do you want to make these changes effective now Configuring eth0 speed duplex Configuring ethl speed duplex y n Y Y Advanced Configuration 269 Working from
218. ld be configured as follows e Serial Speed 9600 bps e Data Length 8 bits e Parity None e Stop Bits 1 stop bit e Flow Control none e ANSI emulation Power on the AlterPath Manager Click OK on the Properties window 31 Pre Configuration Requirements 32 You will see the AlterPath Manager booting on your screen After it finishes booting you should see the configuration screen Web Browser Requirements You will need a local Windows workstation running a web browser that supports the following e Activex e Java plug ins To view KVM console ports on your local Windows workstation you will need to run a web browser that has ActiveX enabled Windows browsers that support ActiveX include Microsoft Internet Explorer and Netscape 7 1 or greater and Netscape 8 x Caution Microsoft Internet Explorer update version SP2 does not have ActiveX enabled by default If you update Internet Explorer or if you implement a new installation of Internet Explorer you must be sure to enable ActiveX Caution Browsers other than Internet Explorer are known to have a limitation with logins by more than one user from a single workstation After the initial login session has started a subsequent login by a different user will force the previous user to be logged out This occurs either with more than one session with completely separate browser windows or with more than one session started in tabs within one browser e
219. le configuration done NOTE the new console parameters will be effective after the next reboot Advanced Configuration 267 Working from a CLI setdatetime Set System Timezone Date and Time root APM gregg root setdatetime Please choose the time zone where this machine is located 1 Africa 18 Eire 35 Jamaica 52 ROC 2 America 19 Etc 36 Japan 53 ROK 3 Antarctica 20 Europe 37 Kwajalein 54 Singapore 4 Arctic 21 Factory 38 Libya 55 Systemv 5 Asia 22 GB 39 MET 56 Turkey 6 Atlantic 23 GB Eire 40 MST 57 UCT 7 Australia 24 GMT 41 MST7MDT 58 US 8 Brazil 25 GMT 0 42 Mexico 59 UTC 9 CET 26 GMT 0 43 Mideast 60 Universal 10 CST6CDT 27 GMTO 44 NZ 61 W SU 11 Canada 28 Greenwich 45 NZ CHAT 62 WET 12 Chile 29 HST 46 Navajo 63 Zulu 13 Cuba 30 Hongkong 47 PRC 64 iso3166 tab 14 EET 31 Iceland 48 PST8PDT 65 posix 15 EST 32 Indian 49 Pacific 66 posixrules 16 ESTSEDT 33 Iran 50 Poland 67 right 17 Egypt 34 Israel 51 Portugal 68 zone tab Enter the number corresponding to your choice 48 Current system date and time is Wed Aug 31 20 03 15 PDT 2005 Press ENTER to accept it or specify new ones Enter date in MM DD YYYY format 08 31 2005 Enter time in HH MM format 20 07 Wed Aug 31 20 07 00 PDT 2005 Configuration changed xxx Execute saveconf to save the new values in flash root APM gregg root saveconf Saving configuration files to f
220. lect Devices The system displays the Devices List form Perform one of the following steps a Ifyou are adding a new chassis from the Devices List form select the Add button The Select Device Type form appears from this form select IBM Blade Center b If you are editing an existing chassis from the Device List form select the chassis you want to edit and then click on the edit link that corresponds with the Blade chassis you are editing APM Installation Configuration and User s Guide Blade Management Module LOGOUT Groups Alarm Trig Firmware arity Rules Info Blade_Center IBM Blade OK y Los Jupiter TS OK OnDemand mars OnSite OK OnDemand Saturn KyMnet OK OnDemand Yilins_ KYMnetPlus K Mnet PI OK OnDemand Figure 4 62 Selecting Blade Center from Devices List ilter by DEVICE Y Search for Search Add Delete Unload Auto Discover The system displays the Devices detail form LOGOUT Users Consoles Devices Groups Alarm Trigger Profiles Firmware Security Rules Info Reporting Jobs Details Users ACL Groups Proxies Switch 1 Switch 2 Switch3 Switch4 Log Rotate Device Name Blade Center Type IBM BladeCenter Location fremont Status Enable Admin Name USERID Admin Password Set Password IP Mode static MAC Address IP Address 192 168 49 4
221. lect int dhcp if the AlterPath Manager is the DHCP server for this device or static if using a static IP See Configuring Your DHCP Server on page 129 The MAC address is required if the IP mode is int_dhcp As indicated in dotted notation As indicated in dotted notation Button to return to the previous page Button to reset the form APM Installation Configuration and User s Guide Blade Management Module Table 4 33 Blade Module Device Switch 1 Form Element Definition Save Button to save your configuration Save amp Create Blades Button to activate the Blade Wizard 3 Click on Save to save your configuration 4 To configure another switch click on the next Switch tab form Two Methods of Blade Configuration Once the chassis has been defined and configured you can configure the blades and switches in two ways Through the Blade Wizard e Through the Consoles forms Running the Blade Wizard The Blade Wizard is designed to help you configure and automatically generate blades switches for the current chassis To activate the Blade Wizard click on the Save amp Create Blades button in any of the Device forms The series of forms comprising the Blade Wizard in sequential order are as follows Table 4 34 Summary of Blade Wizard Forms Form Name Function Warning Warns the users that existing entries for chassis blades in the AlterPa
222. lect or highlight from the left list box the device group that the current chassis supports Note Unless a device is configured for another group the Device group is the default group for all devices 3 Click on the Add button 4 Repeat steps 2 and 3 if you have another group to add Note To delete any entries from the Selected Groups box highlight the group you wish to delete and then click on the Delete button 5 Click on Save and proceed to the next tabbed form as necessary Proxies To create or configure a web proxy for a device see Proxies on page 115 214 APM Installation Configuration and User s Guide Blade Management Module v To Configure the Chassis Switch The switch tabbed form allows you to specify the parameters to access the switch management interface through Telnet or the web interface You can configure up to four chassis switches for the currently selected chassis To configure a switch perform the steps below 1 From the menu go to Devices click on the Add button or the edit link gt Details gt Groups gt Switch 1 The system displays the Device Switch 1 form LOGOUT Info Reporting Jobs Details Users ACL Notify Groups Proxies Switch 1 Switch 2 Switch 3 Switch 4 Log Rotate IP Address 192 168 49 49 Type IBM BladeCenter Admin Name USERID Admin Password Set Password Status Enable v Netmask 255 255 2520 IP M
223. lected security rules The list box that shows the Security Rule assigned to the current user Security rules via user The list box that shows the Security Rule groups assigned to a user group This can be the default USER group or any other defined user groups Web Access 83 User s Profile 84 APM Installation Configuration and User s Guide Chapter 4 Configuration and Administration This chapter presents the procedures for configuring the AlterPath Manager E2000 2500 or 5000 through the web interface Addressed to the E2000 2500 5000 administrator who must use the AlterPath Manager web interface in Admin Mode the chapter is organized as follows Operational Modes Page 86 Configuration Process Flow Page 86 First Time Configuration Wizard Page 88 AlterPath Manager Web Interface Page 99 Admin Mode Devices Page 105 Alarm Trigger Page 156 Profiles Page 163 Consoles Page 166 Users Page 183 Groups Page 193 Firmware Page 197 Backing Up User Data Page 202 System Recovery Guidelines Page 203 Info Reporting Page 204 Blade Management Module Page 206 Security Rules Page 225 Power Management Support Page 235 Operational Modes Operational Modes The AlterPath Manager provides two operating modes for configuration First Time Configuration Linux shell on the serial console e Admin Mode GUI based Before you can use the AlterPath Manager Web Management Interface WMI you must first run the First Ti
224. lus_01 control mykvinnetplus_01 1 admin KVMReadWrite PowerControl On Of Lock Unlock Cycle 200 0 255 96 0 255 OK PS 2Term 1 0 6 Reset Mouse and Keyboard Apply Settings Save Settings B internet Figure 3 15 K VM net Web Control Page The web control page allows viewing of the status of the port on which you are connected It also allows you to 1 Reset the mouse and keyboard associated with the console you are accessing Manage outlets associated with the console you are accessing Configure the video contrast and brightness associated with the console you are accessing Note A similar page will appear when you select the console of a KVM net but the parameters can be viewed but not changed Web Access 65 IPMI IPMI Users Baseboard 1 2V Baseboard 1 25V Baseboard 1 8V Baseboard 1 8VSB Baseboard 2 5V Baseboard 3 3V Baseboard 3 3AUX Baseboard 5 0V Baseboard 5VSB Baseboard 12V Baseboard 12VRM Baseboard 12V Baseboard VBAT Baseboard Temp Front Panel Temp Basebrd FanBoost IPMI is a paid for added feature of AlterPath Manager which is available only to IPMI users To View IPMI Sensors The IPMI Sensor form is used to view IPMI based servers IPMI Intelligent Platform Management Interface is the open standard for machine health and control including remote control The form allows you to monitor server physical health characteristics su
225. m that takes over if the primary system fails or the heartbeat signal is interrupted The current system is the primary system when you are configuring the primary system It is the redundant system when you are configuring the redundant system The mated system is the redundant system when you are configuring the primary system It is the primary system when you are configuring the remote system Note Most of the fields in the APM Heartbeat forms for the primary APM and for the redundant APM must be filled in identically Figure 4 84 and Figure 4 85 show which fields differ and how they differ when comparing the APM Heartbeat form for the primary APM to the APM Heartbeat form for the secondary APM Table 4 45 Heartbeat Form Fields and Meanings Element Meaning and Configuration Fail Over Time Message Period Dead Ping Time Out Time in seconds before a missing heartbeat signal is recognized as a failure of the primary APM default 5 seconds Time in seconds for a heartbeat signal to be sent and acknowledged default 1 second Time in seconds for an APM to consider a ping to have failed default 5 seconds APM Installation Configuration and User s Guide Redundant Fault Tolerant Configuration Table 4 45 Heartbeat Form Fields and Meanings Element Meaning and Configuration Configured Drop down menu to the APM you are currently State configuring either the PRIMARY or the
226. m the modem pool e Viewing the latest status of each modem Configuration and Administration 133 Devices 134 If you need to use any of these procedures please refer to Chapter 5 Advanced Configuration To Configure the Health Monitoring System The Device Health Monitoring feature enables the AlterPath Manager to monitor on a periodic basis the consoles that run on specified devices as well as to create log files and to send an alarm notification to specified users Users must have a valid email address as configured in the User Detail form Go to Users User List form gt User Detail form 1 From the Device Detail form select the frequency of monitoring from the Health Monitor pull down list box Your choices are Table 4 12 Health Monitor Pull down List Options Selection Definition Never System will never run Health Monitoring for this device default Daily System will run Health Monitoring at 2 am everyday Weekly System will run Health Monitoring at 3 am every Saturday Monthly System will run Health Monitoring at 4 am on the first of each month 2 To complete the procedure for configuring Device Health Monitoring you must complete an Alarm Trigger Detail form See Alarm Trigger on page 156 of this chapter Console Wizard The Save Create Consoles button is used to run the Console Wizard which allows you to configure those consoles connected to a device by follo
227. makieda scien 62 To View IPMI Sensors ssssessesseeseeseosseeseeseesseesesresseessesersseeseeseeseessee 66 To View the Lops opnan a ana a eal 68 To View PM Device Parameters acieceacccestepste ast catyaeteancantitestees 74 To Change Your Password sssnsesessseeseeseesseeseesresseesseserssesseesreseessee 78 To Use the First Time Configuration Wizard ccceseeeeereeeneees 89 To Change Individual Parametersss oc ssicieassciezisidkeanaieiatiitates 92 To Reset Configuration to Factory Settings cceceeseeeseeereeeneees 92 To Begin Web Configuration 2 3 se 4 s2ccgs baeders sastecescdeantpteseccaneteroottaesn 98 To Log Into the APM Web Interface ee eccceceseceseceeeeeeeeeneeeees 100 To Relocate the Online Help Piles s s2 c0ssatsaiactaiamie eatin 102 XX To Add a Devic E Bi eet ta ARES a ie ei aati E Gs 110 To Configure the Web Proxy x lt csscasndicceaiculiatenwecniiiadids 116 To Verify your Proxy Setting 25 Set st soles ec sacle a ert Baan atten 117 To Configure Dial Up Dial Back ee eeccececeteceteeeeeeeeseeeteenees 119 To Enable the OTP Authentication for Dialup cecceeeeeeteeeee 123 To Configure KVM Portsiccc5 sascwwdacaaienieenna coats 125 To Configure OnSite Ports caec2s 5 ctsensicesdaedinensachs ey daeteaioeeeie eesneusds 127 To Use the IPMI Device Detail Form to Add a Console 128 To View Sensors or Logs from the BMC ecceeseeeseeeseeeteeeeteeees 129 To Configure t
228. mary APM Step 11 Fill in the Ping Nodes List field with IP addresses to ping in order to detect when primary APM has lost connectivity to the network It is recommended that this field includes the default gateway IP address and the router IP address Be sure to separate the IP addresses with commas and no spaces Enter an alias in the Node Name field for the redundant APM in the column for the current system Enter the IP address for the redundant APM in the IP Address field in the column for the current system Enter an alias in the Node Name field for the primary APM in the column for the mated system Enter the IP address for the primary APM in the IP Address field in the column for the mated system You should be able to leave the default settings as they are in the form under the Synchronization tab APM Installation Configuration and User s Guide Redundant Fault Tolerant Configuration Caution All settings for time synchronization authentication and shared secrets must be identical entries for both APMs 33 Select the Admin tab gt Alarm Trigger 34 Click on Resources Take Over and select Enable from the drop down field 35 Click on Take Over and select Enable from the drop down field 36 Reboot the primary APM and then reboot the redundant APM This is necessary to activate the heartbeat configuration Caution Reboot
229. me Configuration wizard The admin user by default is the system administrator of the AlterPath Manager web interface and runs the application in Admin mode This designation cannot be revoked Unless a regular user has been configured to be an admin user as well through the User Detail form regular users can use the application only in Access mode Only an administrator or admin user can use the WMI in Admin Mode which allows them to assign admin roles to new users to add users consoles devices console servers alarms and other configuration procedures Note For information on how to use the system in Access mode refer to Chapter 3 User Level Web Access on page 43 Note Certain configuration procedures e g System Recovery Modem Card Configuration require the use of the Linux shell on the serial console by advanced users These procedures are discussed in Chapter 5 Advanced Configuration on page 255 86 APM Installation Configuration and User s Guide Configuration Process Flow Configuration Process Flow The entire configuration process through the serial console and through the WMI is as follows Connect to serial console i Perform First Time Configuration Was reboot successful Log on to AlterPath Manager as Admin Reset system to default factory settings
230. ment Function Permission The default rule Allow or Deny that applies to the current form and the entire security rule The permission is configured from the General tabbed form Select Net Intf List box that lists all LAN interfaces Select Conditions the LAN interface s that will be applied to the rule Add Button to select items from the Select Net Intf Conditions list box and add to the Selected LAN ITF Conditions list box Delete Button to remove any Selected Net Intf Conditions from the right list box Selected Net Intf List of selected Net Intf conditions that will be Conditions applied by the rule to the policy Back Button to return to the previous page Save Button to save your configuration Security Rule Date Time Configuration 232 The Date Time tabbed form allows you to specify the time in which the rule will allow or deny access to the system APM Installation Configuration and User s Guide Security Rules DayTime Permission Allow 74 4 Add Time Period Conditions Tue Wed Thu Sun Mon Fri CS Ce ES EE EE Eee e Add Start Time E End Time E Figure 4 78 Security Rule Day Time Form Table 4 41 Security Rules Date Time Form Element Function Day Time tab Tab title to select the current form Permission The rule Allow or Deny that applies to the entire security rule The default permission i
231. ministrator from using a password for each device e g TS ACS KVM net and thereby maintain a secure password You need only use your password once upon logging onto the AlterPath Manager For all users who access the console ports the AlterPath Manager provides the following authentication methods local database RADIUS TACACS LDAP Kerberos NIS and Active Directory Key Features Consolidated Views and Console Access From the AlterPath Manager web interface you can view a list of all consoles to which you have authorized access Information about each console includes console name port location description and status The Access Control List ACL which is defined by the administrator defines which user has access to which port For added security users cannot view consoles which they are not authorized to use Access Control List ACL for Devices Users have access to consoles administrators have access to consoles and console devices Device access for regular users is a feature that is new beginning with Software Version 1 4 0 Regular users can have access control of devices as well as access control of consoles at the discretion of the AlterPath Manager admin A regular user can have access to one or more devices as well as to one or more consoles if that user has been granted such access by the admin in the user s access control list The regular user will never have admin mode access An admin prof
232. mote Data Buffer 0 to disable D jipes Figure 4 42 Console Detail Form 170 APM Installation Configuration and User s Guide Consoles Table 4 24 Consoles Details Form Field Meaning Details User ACL Notify Groups Outlets Log Rotate Console Name Device Name Port Profile Name Tab to display the Console Detail form which is the currently displayed form Tab to display the form used to assign or authorize users to access the current console Tab to display the Console Notify form used to assign users to be notified when an alarm pertaining to the current console or device occurs Tab to display the Select Console Group form used to assign the current console to one or more console groups Tab to display the form used to assign outlets if an IPDU is assigned and connected to the console Tab to display the Log Rotation form used to set log rotation by configurable size or by selected time interval available for ACS and TS devices and consoles as well as KVM devices Name of the console Drop down list to select the device to which the current console is connected Port on the device to which the console is connected NOTE In the Blade Module if you are adding a switch console the Port number corresponds to the switch number go to Devices gt Switch 1 through 4 Name of port profile Configuration and Administration 171 Table 4 24 Consoles Deta
233. n Search sort and save list User list Note Regardless of the authentication type remote local or none or service any user who will use the AlterPath Manager application MUST be entered in the AlterPath Manager database in order to access the application Configuration and Administration 183 Users 184 User List form Use the User List form to view all AlterPath Manager system administrators and regular users The list includes information about each user e g Name Location Phone which you define in the User Detail form Any user who will use the AlterPath Manager application must be entered in the AlterPath Manager database in order to have access to the application regardless of whether you are using any other authentication services or not RADIUS users for example must still be registered in the AlterPath Manager database through the User Detail form Below is the Users List form TEE Access Y ann Y system x users Consoles Devices Groups Alarm Trigger Profiles Firmware Security Rules Info Reporting Jobs Username Department Location Phone Status a admin Enable gregg Enable amp xpert Enable Filter by USER Search for I Search Add Delete Figure 4 48 Users List Form For an explanation of field column refer to Table 4 27 To Add a User To add a new user perform the following steps 1 From the menu select Users The system
234. n underlined column name indicates that the list can be sorted by the column name The Console List form for example allows you to sort by Console Type Device Location or Status To sort by Location simply click the column name Location The arrow adjacent to the heading indicates that the list is sorted based on that heading The position of the arrowhead indicates the sort order A downward arrowhead indicates that the list is alphanumerically arranged in ascending order an upward arrowhead in descending order You can change the sort order by clicking on the heading or the arrow Search and Filter Functions When available you will find the Filter By and Search For fields at the bottom of a list form This allows you to search through a list form by selecting the search category i e Console group from the dropdown field and selecting and filling in the Search field The Search function has been improved You can now type the first critical characters of a search string and press Enter to view all items in a list that start with those characters The input field is retained until you click a menu item The view generated from the Filter By field is automatically saved Online Help You can always find the help link in the upper left corner of the WMI see Figure 3 2 when you are logged in to the WMI Click on this link to access online help Web Access 47 Alarms Al
235. n you copy your new license file into the var apm licenses data directory it must contain all of the following APM B DLS 64 enc APM FA DLS 64 128 enc APM FA DLS 128 256 enc Note Multiple FA feature activation license files must be named with sequential number ranges as shown in the foregoing example 4 Enable your license immediately by entering the command etc init d tomcat restart Verifying Your Current DLS Activation Log on to the Web User Interface and click on the About link in the lower left corner of the display A window similar to the following will appear Data Logging Session Activation 319 Data Logging Session Activation LOGOUT Consoles Devices Groups Alarm Trigger Profiles Firmware Security Rules Info Reporting Jobs System Model APM e2000 Boot Version 1 0 2 Sep 10 2002 Kernel Version 2 4 25 Config Version V_1 4 0 OS Version V_1 4 0 Nov 29 2005 APM Version V_1 4 0 10 13 2005 APM Database V_1 4 0 2005 11 07 CPU 0 Celeron Coppermine 847 439MHz 1690 82 bogomips RAM 515736 kB 86004 kB free Licenses FEATURE IPMI Name APM_B_IPMI version 1 0 1 type null feature IPMI device APM owner paulo customer_id gregg expiry_date 2005 12 28 expiry_time 00 00 info null VALID true FEATURE DLS Name APM_B_DLS_256 version 1 0 1 type standard feature DLS device APM owner Cyclades Corporation customer_id cyclades expiry_date 9999 01 31 ex
236. n you may use a static IP address Configuration and Administration 129 Devices The Device Definition window provides three IP modes in which to configure your DHCP server or static IP address The IP address that you use depends on what type of mode you use IP Mode When to use this mode int_dhep internal Select this mode if you are using the AlterPath Manager as your DHCP server You decide on what IP address you wish to use and then save the configuration in the Device Definition form ext_dhep external Select this mode if you already have a DHCP server in your LAN that you wish to use You will need to get from your System Administrator the IP address allocated for your company s DHCP server Static Select this if using a static IP address When using the static mode you or your LAN System Administrator must first connect to the console server using the serial console to enter the IP address You must then enter that same IP address in the AlterPath Manager through the Device Definition form Function of the Status Field The Status field of the Device Detail form indicates whether the connection between the AlterPath Manager and the device console is Enabled i e permanently connected Disabled no connection established or OnDemand OnDemand means that the connection is established only upon the user s request and disabled again when the last user on the console device lo
237. nager does not support user authentication against a NIS map and the local file etc passwd at the same time Either the user is present in the NIS map or in the passwd file but not both The AlterPath Manager will not even allow you to add a user in the local database if the user is already present in the NIS server The configuration below enables the system to authenticate NIS users and local users Authenticate the user first through the local database and if the user is not found use NIS passwd files compat shadow files compat group files compat passwd compat nis shadow compat nis group compat nis Authenticate the user first through NIS and if the user is not found use the local database Advanced Configuration 289 Creating the krb5 keytab for Kerberos Authentication passwd compat files shadow compat files group compat files passwd compat nis shadow_compat nis group compat nis Authenticate the user first through NIS and if the user is not found or the NIS server 1s down use the local database passwd compat UNAVAIL continue TRYAGAIN continue files shadow compat UNAVAIL continue TRYAGAIN continue files group compat UNAVAIL continue TRYAGAIN coninue file passwd compat nis shadow_compat nis group compat nis Creating the krb5 keytab for Kerberos Authentication The AlterPath Manager supports kerberized networks Kerberos is a computer network authentication protocol designed for
238. nd connection is established only upon user s request Health Monitor The frequency in which the Health Monitor operates to monitor the system Never Daily Weekly or Monthly Auto Upload Check Auto Upload if you want your configuration automatically uploaded when you save it See Difference between Auto Upload and Manual Upload on page 131 Configuration and Administration 113 Devices Table 4 3 Devices Detail Form Element Definition Firmware Boot Dropdown list to select any firmware or bootcode to upload You select the firmware to upload and then when you upload the configuration for the device you can select the checkbox to upload the firmware as well Available on KVM net KVM net Plus ACS and TS Note If you upload the firmware to a KVM net currently running FW version 2 0 0 or earlier you must configure the Admin Name for the device as root Back Button to return to the previous page Reset Button to reset the form Save Button to save all Device configuration entered in this form Save amp Create Button to initiate the Console Wizard and Consoles save the resulting settings Save amp Auto Discover Button to initiate the Device Discovery Wizard and save the resulting settings for the ACS TS or KVM net 5 Click on the Save button when done 6 Select Devices from the main menu panel to return to the Device List form and verify your entry
239. nd configure new devices i e ACS TS KVM net OnSite or IPMI Edit devices Delete devices Upload device firmware bootcode or configuration Configure device health monitor Configure Dial Up and enable PPP connection for out of band access to remote device ACS Run the Device Discovery Wizard Run the Console Wizard Configure KVM Viewer Device list form Add button gt Select Device Type form gt Device detail form Device list form Edit link gt Device detail form Device list form Delete button Device list form Upload button Device detail form Health Monitor input field Dial Up form Device detail form Save Auto Discover button Device Discovery form Save Create Console button KVM Viewer form Device detail form gt KVM Viewer form Configuration and Administration 105 Devices Table 4 1 Summary of Devices Forms Form Function Form s Used Search sort and save list Devices List form of devices Assign type of web Proxies form proxy to access a target device through the web Configure modem user Dial Up password and related parameters to enable dial up dial out functions Note The form names do not necessarily appear on the actual form Because some forms do not have titles these names are used to distinguish each form as well as to reflect the form function For example Devices List form Supporting forms t
240. nd ifcfg ethl OBS In this example index 0 0 1 and 0 9999 The third option K eep command gives you the option to skip to the next Ethernet interface without changing the configuration of the current interface Use Ctrl c to stop changing interfaces and keep all changes made If you do not exit with Ctrl c at the end the script will ask if you want to make the Advanced Configuration 271 Working from a CLI Ethernet Default Gateway C hange or K eep current K k Configuration changed xxx Execute saveconf to save the new values in flash Do you want to make these changes effective now y n y Reconfiguring network interfaces Added VLAN with VID 2 to IF eth0 Configuring eth0 speed duplex Configuring eth1l speed duplex done Shutting down dhcpd OK Starting dhcpd No interface configured for dhcpd dhcpd not started Stopping Tomcat OK Stopping sniff port daemon sniff port Starting sniff_port daemon sniff_port Starting Tomcat OK root APM gregg root changes effective now If you answer y the script automatically runs etc init d networking restart 272 APM Installation Configuration and User s Guide Working from a CLI setntp Set Network Time ProtSocol Server root APM gregg root setntp Enter the NTP server 192 168 48 164 Configuration changed x Execute saveconf to save the new values in flash setserial Examine t
241. net Device Detail Form The input fields and buttons of the KVM net Device Detail form are similar to that of the ACS or TS with the exception of the following Table 4 6 Features Unique to the KVM net Device Configuration Element Definition KVM Viewer Tab to display the configuration form for the KVM Viewer The resulting form is used to configure the Idle Timeout and the various escape sequences for operating the KVM Viewer Save List Cascade Button used to display the list of cascaded KVM devices and or to configure cascaded KVM devices v To Configure KVM Ports The procedure for configuring the KVM ports is the same as that of serial console ports 1 Go to Consoles gt Console List 2 From the Console List form select the Add button 3 From the Add Console form select KVM Configuration and Administration 125 Devices See the Consoles section of this chapter for more detailed information Assigning KVM Device Groups Use the Groups tabbed form to assign a KVM device to groups This form functions the same way as you would group users and consoles See also K VM net Device Configuration on page 149 this chapter OnSite Device Detail Form The example that follows shows the device detail form that is used to configure the OnSite LOGOUT Groups Proxies KVM Viewer Log Rotate Mars Type ONS441 Location Fremont o ladmin O Admin Password IP Mode s
242. nging the status and adding notes e Connect to the console e Run a console session e Ifproblem is fixed change the alarm status and close the ticket e Re assign the ticket to another user APM Installation Configuration and User s Guide Alarms Alarms List Form When you first log in to the AlterPath Manager as a regular user or select Alarms from the menu the Alarms List form is the first form that you will see Use this form to view the list of alarms to connect to a console and to view console logs To re assign the current ticket change the ticket status and add notes or comments use the Alarms Detail or Ticket Info Form on page 51 LOGOUT Date Time ne onfig Alarm Trigger 2005 09 16 17 18 28 Jupiter_01 ies Halt 2005 09 16 17 35 46 Jupiter 01 Shutdown R 2005 09 16 17 35 46 Jupiter_01 ies Reboot 2006 09 16 18 23 47 Jupiter 01 i Halt Figure 3 3 Alarms List Form Table 3 2 Alarms List Form Element Definition Ticket Ticket number assigned to an alarm The symbol above the ticket number indicates the severity level of the alarm Select the number to display the Alarm Detail form Web Access 49 Alarms Table 3 2 Alarms List Form Element Definition Console Console Config Alarm Trigger User Assigned Status Console Log Console from which the alarm originated Click on the console name to enable a console session according to the type of configured d
243. nnects to the port If the console name is an IPMI console clicking on the console name launches an SSH session and connects to the IPMI CLI Command Line Interface console Regardless of the type of console the AlterPath Manager handles the authentication 57 Web Access for Users 58 Multiple Users and Read Write Access Because the AlterPath Manager supports multiple connections to the same port this makes it possible for multiple users to view the same form Note however that only the first user to connect to that port can have full Read and Write R W access to the Console panel while the rest can have Read only R access Viewing an IBM Blade Center Blade or Switch Note This feature is available only to users of the optional Blade Module The AlterPath Manager allows you to view individual IBM blade centers from the Devices List form and individual blades and switches from the Consoles List form To view an IBM blade center blade or switch place the mouse cursor on the device name or the blade switch name and then left click the mouse to display the list of connect options Table 3 4 IBM Blade Device and Console Connect Options Console or Device Connect Options IBM Blade Center Device VIEW LOG CLI WEB Blade Console VIEW CLI VM KVM ON OFF Switch VIEW CLI WEB ON OFF Like all other consoles as a regular user you can only view those blade servers to which you have access
244. nsaen does 281 Checking Your Modems 3 lt cssssujasenendateuentocecdbeeascnccatincaueeranaanunecs 281 Viewing the Latest Status for Each Modem sssssssssssesesesseeeese 283 Serial Card Configuration ss sesssseseesseseeseessesesssressesrrssressessrssressesst 283 How to Detect Modems Connected to the Ports eee 283 Checking Your Modems 229 151 e5 d cscandokpakau seatduiaeds tnates da ancetice 284 Viewing the Latest Status of Each Modem ce ceeeeseeeeeneeerees 284 Configuring Dial Out and Dial Back 00 cece eceeceseceeeeeneeeeeeneees 285 OR POS DEVICES Ss sce ste conlecara tes o E erent tyson eed wae 285 Modem Dial Back for ACS iisiisasscsacesescdeasuastssesnts atavheseaesva avaivs 286 Required CLI configuration as z 4c22sccdssseo teesageesadh vatvdaernsdeas bitin tivvace 286 Optional CLI Configuration 2s c3sssessccarcteceasuiedactaesivntedartccanibtecetases 286 Forexternal modems euir 287 For PCMCIA modem veee ss Ssas sierot t trates tas tance tisak taie 287 Changing the Ports to be Proxied sssssssessesssseseeseeseesseessesessressessrs 288 NTS Contig tiation ienaa Goian ih Mace a a E E 288 NIS User Authentication sssseseeseseesessesesssesetsessesresesseseessseesessesee 289 Creating the krb5 keytab for Kerberos Authentication 0 0 00 290 How Kerberos Works staat oautecat mate atezicaiadenniedencen eu iamnaenes 290 Creating the krb5 keytab in the AlterPath Manager 0 ee 291 Active Directory w
245. nsfers the selected user to the Selected Users view panel on the right 4 To select another user repeat steps 1 and 2 You can also use the Shift key to select multiple users 5 Click on Save to complete the procedure To Assign the Console to a Group You can assign the current console to one or more groups using the Console Groups form To use this form however a console group must already exist To create a new group you must select Groups from the main menu To assign a console to a group follow the steps below 1 From the Console Detail form Consoles Console List gt Console Detail click on the Groups button The system displays the Console Groups form APM Installation Configuration and User s Guide Consoles Select console groups Selected groups Figure 4 47 KVM Console Groups Form 2 From the resulting form select a group from the Select Console Groups view panel Note As with USER and DEVICE CONSOLE is the default list which contains all consoles 3 Select the Add button The system transfers the selected group to the Selected Groups view panel on the right 4 To select another group repeat steps 1 and 2 You can also use the Shift key to select multiple groups 5 Click on Save to complete the procedure v To Delete a Console from a Group To delete a Console from one or more groups follow the steps below
246. nsole at any time The setethernet script allows the configuration of the Ethernet interface The following parameters can be set e Auto negotiation mode e lOMBps full duplex e l1OMBps half duplex e 1OOMBps full duplex e l1OOMBps half duplex e 1000MBps full duplex e 1000MBps half duplex Key Features Ethernet Bonding Ethernet bonding is a method of providing redundancy to an Ethernet connection When Ethernet bonding is enabled the primary Ethernet port operates under normal circumstances If the primary Ethernet port fails a backup or redundant Ethernet port takes over This is called a failover condition e g the primary Ethernet port fails over to the secondary Ethernet port A different interface becomes active if and only if the active interface fails After a failover has occurred the primary interface becomes active once again after the failover condition has been corrected Note Ethernet bonding cannot be implemented on an APM 2500 or an APM 5000 in a private network configuration since the APM 2500 and the APM 5000 will not support expansion cards DHCP Option for APM Network Setup When you configure the network either through the First Time Configuration Wizard or through the CLI setnetwork command you now have the option to use DHCP Dynamic Host Configuration Protocol to configure Eth0 DHCP allows the APM to obtain its own IP address from the DNS server If there is no DNS server or i
247. nstalled in a directory other than the default 2 Locate the file named activex js and edit it 3 In the editor change the following line from pref Security classID allowByDefault false to pref Security classID allowByDefault true 4 Save the file and exit the editor 5 Restart Netscape 7 x v To Enable ActiveX on Netscape 8 x 1 Open the Netscape 8 x Browser 2 On the pull down menu bar go to the Tools gt Options Netscape com Netscape Browser File Edit View Go Bookmarks Tools Help Web Search Ctrl k we S l Downloads Ctrl J eae 58 ZY Extensions Themes JavaScript Console DOM Inspector Ctrl Shift T Page Info La A Netscape com Cy Netscape prevented this site From Netscape Figure 2 4 Tools Pull down menu with Options Selected 3 Click on Options 34 APM Installation Configuration and User s Guide Pre Configuration Requirements Installation An Options window appears Options General Home Page Location s http home netscape com floc ns8 home http browser netscape cor Privacy Use Current Pages Use Bookmark Use Blank Page oP Fonts amp Colors Tab Browsing Select default Fonts and Colors for web pages Eonts amp Colors V Languages Site Control me montos Select default Languages and Character Encoding for web pages g Downl
248. nt happened Figure 3 19 Event Logs Form 70 APM Installation Configuration and User s Guide Logs Table 3 9 Event Logs Form Element Definition Date Time Ticket Pattern Action Date of the event Time of the event Ticket number associated with the event Trigger Expression Action taken to resolve event Data Buffer Use the Data Buffer browser to view the contents of the data buffer generated by a target console Ses SSS Tecra Proto Access Logs EventLogs Data Buffer I Console up Thu Sep 15 15 18 04 2005 spawn ssh I root 7001 10 10 10 10 2005 09 15 15 2005 09 15 0t 7001 10 10 10 10 s password 2005 09 15 6 Authenticating Please wait 18 14 Connected 2005 09 15 15 18 11 2005 09 15 15 18 11 18 1 1 Welcome to SuSE Linux 9 3 1586 Kernel 2 6 11 4 21 7 default ttyS1 15 13 00 52 on 0 Console down Thu Sep 15 15 32 53 2005 ot 7001 10 10 10 10 s password 3JAuthenticating Please wait 2005 09 15 31 2005 09 15 15 57 13 LoGout Figure 3 20 Data Buffer Log Form Note You can also access the Data Buffer log from the Alarms form Web Access 71 Power Management Power Management If you have been given access to one or more power management devices by your system administrator you will be able to access some of the PM control functions Figure 3 21 shows an example of a user PM device detail form Groups IPDUs Info Outlet
249. o be cascaded The secondary KVM port to be connected to the User 2 port of the primary KVM net The secondary KVM port to be connected to the User 1 port of the primary KVM net 6 Click on Save to complete the configuration Configuration and Administration 155 Alarm Trigger Alarm Trigger 156 Note Alarm triggers work only with serial and IPMI consoles An alarm trigger is a text string that you can create to generate any one or combination of the following e Email notification for users or administrators e Alarm There are three pre existing trigger entries Table 4 16 Pre existing Alarm Trigger Entries Alarm Trigger Default Expression Health Monitor HeaLth MoNiToR Health Modem HeaLth MoDeM Resources Take Over remote resource transition completed APM 2500 and APM 5000 OTP Alarm OTP CoNnEctioOn Take Over mach_down takeover complete for node APM 2500 and APM 5000 These alarm triggers are used in connection with the Health Monitor feature of the AlterPath Manager which includes the monitoring of any modems configured You can modify these alarm triggers but you cannot delete them For health monitoring triggers to work you must enable alarm triggers using the Alarm Trigger details form APM Installation Configuration and User s Guide Alarm Trigger Management Use the Alarm Trigger forms to perform the following Alarm Trigger management procedures Table 4 17 Form
250. oads Netscape should check to see if it is the default browser when Z Oo starting Check Now Form Fill Default Browser r Connection ee Set up Proxies For accessing the internet Connection Settings Advanced Figure 2 5 Netscape 8 Options Window 4 Click on Site Controls in the left column of the window The window that appears has the button to enable ActiveX 35 Pre Configuration Requirements Options Site Controls General Site List Trust Preferences amp Master Settings _ _ Web Features Privacy Y I Trust This Site O Allow unrequested pop up windows g T m Not Sure Open requely d pop ups in new tab SP g I Don t Trust This Site Allow images to be displayed Local Files Tab Browsing My Settings Filter V Y 192 168 458 161 Enable JavaScript VBScript Site Controls Y 192 168 48 162 Enable Java g admin isp netscape com Enable Activex ipl Downloads P4 Form Fill 63 Advanced ask com browser netscape com gmail google com i Rendering Engine google com Tf this page appears to be displayed incorrectly try changing the setting mail aol com O Firefox internet Explorer mail netscape com mailblocks com Microsoft com mail aim com DIQDIDIDIQDII GOO Figure 2 6 Site Controls Option Selection 5 Select Internet Explorer in the Rendering Engine box in the lower right of the window
251. ode static y MAC Address Default Gateway 192 168 48 1 DNS 192 168 44 21 lt Back Reset Save Save amp Create Blades Figure 4 65 Blade Device Switch 1 Form 2 Complete the Switch 1 form as necessary Table 4 33 Blade Module Device Switch 1 Form Element Definition IP Address The IP address of the switch which uses the IP mode int_dhcp or static Type The symbolic name linked to the chassis switch IBM Blade Center is the only supported type of chassis Configuration and Administration 215 Blade Management Module 216 Table 4 33 Blade Module Device Switch 1 Form Element Definition Admin Name Admin Password Status Netmask IP Mode MAC Address Default Gateway DNS Back Reset The admin username superuser of the device Button to invoke a dialog box used to define the Admin s password This password is used to access the IBM Blade Center port but NOT to change the password You must enter the SAME password registered in the blade server Pull down list box to select Enable connection between the AlterPath Manager and the device is ALWAYS established Disable no connection is established and all child consoles follow this configuration IMPORTANT The system will not allow you to add and configure a switch console unless you set this field to Enable As indicated in dotted notation Dropdown list box Se
252. odems from the Modem Pool If your configuration requires less than four modems then you must exclude the unnecessary modem s from the pool to prevent a dial up failure When you exclude modems be sure to run and save your configuration as follows 1 Using VI edit the following file vi var apm apm properties lt ENTER gt 2 Type in modem pool exclude ttyPs For example to exclude ttyPS2 and ttyPS3 type in modem pool exclude ttyPS2 ttyPS3 3 Once a modem has been excluded you must initialize the configuration by typing in etc init d modem pool restart Warning Be sure that no upload is in progress when you run this command otherwise all PPP connections will be disconnected The same is true when disconnecting a modem check_modem d lt tty gt 4 To save your configuration to flash type in savecon 5 Verify your new configuration by typing in check modem s 282 APM Installation Configuration and User s Guide Serial Card Configuration Viewing the Latest Status for Each Modem The modems in the modem pool are allocated in a round robin sequence to ensure all modems are exercised to the same degree If a modem fails to dial out the system will allocate the next modem in the modem pool The var log modem_status file contains the result of the last attempted usage of a modem Containing the modem date time and status it is created the first time a connection is attempted Example root APM r
253. of consoles to which you have authorized access 3 Select a range of dates from which to base your logs by selecting from the Date from and Date to drop down lists The system brings up the Logs Detail form Access Logs The Access Logs default log browser provide all access information e g who accessed the console access date action taken etc about your target console The name of the console port device to which the logs apply to is shown below the tab titles Access Logs EventLogs Data Buffer Date Time User ction Connection Status 2005 09 15 15 57 11 admin CLI from 192 168 4 S 2005 09 15 15 32 21 admin CLI from 192 168 4 S 2005 09 15 15 18 03 admin CLI from 192 168 4 S Figure 3 18 Access Logs Form Web Access 69 Logs Table 3 8 Access Logs Form Element Definition Date Date in which the event occurred Time Time of the event User User who connected to the console Action What the user did in response to the alarm Status Status of the console Enable Disable Connection Type of connection e g SSH Web IP address used Event Logs Use the Event Logs browser to view all events that occurred within a specified range of time on your target console Access Logs EventLogs Data Buffer Date Time Ticket atten Action 2005 09 15 16 46 23 1 Email sent to gregg at gre 2005 09 15 16 46 15 q al Event created 2005 09 15 16 46 15 al Eve
254. off your web browser s popup blocker before attempting to make an RDP connection An RDP connection will fail if you have your browser s popup blocker turned on v To View the Consoles Notify Form Web Access The Consoles Notify form shows the users who are notified when an alarm pertaining to the current console is generated To view the Consoles Notify form 1 From the Consoles Detail form click on the Notify tab The system displays the Consoles Notify form LOGOUT Outlets Log Rotate You are present in the notify list for this console Figure 3 11 Consoles Notify Form In the selection box a plus sign indicates a group as opposed to a user USER is the default list which contains all users 61 Web Access for Users v To View the Consoles Groups Form The Console Groups form shows the group s to which the current console belongs To view the Consoles Group form 1 From the Consoles Detail form click on the Groups tab The system displays the Consoles Group form Select console groups Selected groups Figure 3 12 Consoles Group Form KVM net Plus Web Control Page The KVM net Plus utilizes a web control page that replaces the OSD during KVM over IP sessions The web control page parameters can be viewed and edited from the APM v To Access the Web Control Page 1 Launch a KVM net Plus KVM viewer session from the APM A window indicating that the
255. ole Wizard Groups form as necessary 8 Select the Next button to display the Unconfigured Consoles form Configuration and Administration 139 Devices Alarm Trigger Profiles Firmware Security Rules Info Reporting Below is a list of all consoles that have not been configured for this console server Select the one s you wish to configure using the wizard Configure Console Name Jupiter_01 Jupiter_02 Jupiter_03 Jupiter_04 Jupiter_05 Jupiter _06 Jupiter_07 Jupiter_08 Jupiter_09 Jupiter 10 Jupiter 11 Jupiter 12 Jupiter 13 Jupiter 14 Jupiter 18 Jupiter 16 Jupiter_17 PSION Soy CSO CSCS SCS CSCS CSCS SCS SCS CSCS Jupiter 18 ee aco Figure 4 21 Unconfigured Consoles List 9 Select the unconfigured console s that you wish to configure and then select the Next button to display the Edit Console Settings form LOGOUT nected to 192 168 48 162 e Security Rules Info Reporting Edit any settings for the consoles for this console server or press Advanced to edit other console settings Consoles 1 2 Consoles 2 2 IPDU Outlets Console Port Profile Authentication Jupiter 01 default Jupiter _02 default Jupiter 03 defaut Jupiter _04 default Jupiter_05 default Jupiter_06 default Console Prefix lt Back Next gt Figure 4 22 Edit Console Settings Form Page 1 140 APM Installation Configuration and User
256. ole port This interface can also be accessed through an ssh connection to the APM s IP address There is also a CLI shell that provides access to ACS TS type consoles v To Log Into the Serial Console Port 1 Connect a terminal or a computer with a terminal emulator to the APM s serial console port using a null modem cable 2 Power on the APM and start the terminal or terminal emulator APM Installation Configuration and User s Guide Working from a CLI 3 When prompted log in v To Do a Windows SSH Login 1 Using an IP connection client such as PuTTY select SSH for the protocol setting 2 In the client s IP address window type the IP address of the APM A CLI screen will be launched 3 When prompted log onto the APM v To Do a Linux or UNIX SSH Login To connect to the AlterPath Manager from a Linux or UNIX shell prompt enter the following shell commands ssh 1 lt username gt lt IP_ address of APM gt lt password gt Note The P in ssh 1 is the alphabetical character 1 as in lemon If you are an admin user the system will display a menu You can either run the CLI shell from the menu or you can go directly to a Linux system prompt If you log in to the CLI as root you will only have access to the Linux system prompt but you will have all the normal privileges as any root user on any Linux system If you are a regular user you will get the CLI
257. om the General tabbed form Add Source Conditions This section allows you to define the Source IP that will be used as the conditions for applying it to the rule IP The IP address to be added to the Added Source IP Conditions list box Netmask The netmask to be added to the Added Source IP Conditions list Added Source IP List of source IP addresses to be applied to the Conditions rule Configuration and Administration 229 Security Rules 230 Table 4 39 Security Rules Source IP Element Function Start IP The starting IP address of a range of IP addresses End IP The ending IP address of a range of IP addresses Hostname Hostname of the workstation If the domainname is not entered then the domainname of the APM is used to filter the source Domain Domain name on which the workstation will connect from If the workstation belongs to subdomain and only domain filtering is entered all sub domains are allowed or denied access based on the rule permission Add Button to add to the conditions list the address address range or hostname domainname you just entered in the IP or Netmask field Delete Button to delete a selected IP address address range or hostname domainname from the adjacent Source IP Conditions list box Back Button to return to the previous page Save Button to save your configuration 3 Click on the Save button Warning If the domain name server is down or is
258. om the cable If you use an extension cable use a 3 wire cable with properly grounded plugs v To Connect the APM Cables 1 Connect the console cable Connect one end of this cable to the port labeled Console on the Alter Path Manager and connect the other end to your PC s available COM port 2 Install and launch HyperTerminal Kermit or Minicom if not already installed Note See To Configure the COM Port Connection and Log In on page 31 You can obtain the latest update to HyperTerminal from http www hilgraeve com htpe download html 3 Connect Switch or Hub to PC and the AlterPath Manager Your workstation and AlterPath Manager must be on the same physical LAN Connect one RJ 45 cable from the Ethernet 1 or 2 port of the AlterPath Manager to the hub and another from the hub to the worksta tion used to manage the servers Deploying the AlterPath Manager There are two typical ways or topologies in which the AlterPath Manager can be set up in a network or among networks e Private network e Single network Private Network Topology In a private network topology one ethernet port connects AlterPath Manager to the management network the other to the public network The Installation 25 Deploying the AlterPath Manager 26 management network comprises all fault management equipment i e TS ACS KVM net OnSite devices and infrastructure used to manage the public network Equipped
259. onfiguration and User s Guide System Recovery Guidelines Backup and Restore Scenarios For illustration purposes there are two scenarios in which you can perform the backup e Replicating data to a hot spare machine You back up the configuration data and data buffers and restore them to a second AlterPath Manager unit This method enables you to keep the network identity of each AlterPath Manager unit but maintain the same configuration for both units The second unit serves as a spare system e Replacing the existing AlterPath Manager You back up ALL data to an external server The AlterPath Manager is then replaced with a new unit to which all data is restored The new unit will have the same configuration as the original unit To use the Backup and Restore commands in the serial console interface please refer to Chapter 5 Advanced Configuration System Recovery Guidelines In the event that the AlterPath Manager goes down the system will check the integrity of the file system during the restart If a problem is found then the system will attempt to repair any damage that may have occurred When performing a recovery procedure if there is too much damage you have the option to stop the booting process and take recovery actions through the serial console as follows 1 Rebuild system partition 2 Rebuild database 3 Rebuild data log partition The rest of the configuration process is done through the G
260. onsole session for TS ACS or OnSite e Launch the KVM Viewer and connect you to a KVM port for KVM net or OnSite Optional Features For the following paid for options the Consoles menu also allows you to e Connect to an IPMI Serial Over Lan SOL console e View individual blades and switches of the chassis as part of the Blade Module To View the Consoles List The Consoles List form allows you to view the consoles to which you have authorized access To view the Consoles List form follow this step 1 From the Consoles form under the Config column select the view link adjacent to the console you wish to view The Consoles List form appears APM Installation Configuration and User s Guide Web Access for Users Web Access Jupiter OnDemand Jupiter 02 Serial Jupiter 2 OnDemand Saturn 1 KVM Saturn 1 Fremont OnDemand view kvm Filter byi CONSOLE Search for Figure 3 9 Consoles List Form To Connect to a Console To connect to a console 1 From the Console List form select the console you wish to connect to by selecting the console name Note If a modem is connected to a remote site you will experience a slight delay before connecting to a console The system normally connects you to a console through Secure Shell SSH In KVM net the listed console names are the KVM net ports Clicking on the console name launches the ActiveX application and co
261. oot cat var log modem status ttyPSO 2004 04 12 09 40 12 Dial out to acs48failed ttyPS1 2004 04 12 09 42 35 Connected to acs32 ttyPS2 2004 04 12 09 32 23 Connected to acs32 ttyPS3 2004 04 12 09 35 00 Dial out to acs48 failed NO DIAL TONE Serial Card Configuration The AlterPath Manager supports the use of a PCI based multi port serial cards The cards are used to connect the AlterPath Manager to external modems Up to eight serial devices are created if modems are connected to serial ports and the devices are names ttyPS0 ttyPS7 This section provides basic procedures for configuring the card through a command line interface How to Detect Modems Connected to the Ports Note Modems are currently supported on the APM E2000 only To detect a modem connected to a serial port ensure that the modem is powered ON during system boot of the AlterPath Manager If one or more modems are connected after the AlterPath Manager is running you must use the following command etc init d modem pool restart Warning This command will disconnect all modems that are in use Advanced Configuration 283 Serial Card Configuration 284 Checking Your Modems All modems that are powered ON are included automatically in the modem pool To view which modems are in use or which ones are available use SSH to connect to the AlterPath Manager login as root and use the following commands check modem d s tty Where
262. or N o N n Ethernet ethO IP address S tatic D HCP or N one S d Ethernet ethl IP address S tatic or N one S s Enter Ethernet ethl IP address 10 10 10 2 Enter Ethernet ethl Subnet Mask 255 255 0 0 Configure Ethernet Subinterfaces Y es N o or L ist N 1 Number of Ethernet Subinterfaces already configured 0 Configure Ethernet Subinterfaces Y es N o or L ist N n Configure Ethernet VLANs Y es N o or L ist N n Enter Ethernet Default Gateway none 192 168 48 1 If the Ethernet default gateway is already configured the following option appears Ethernet Default Gateway C hange or K eep current K k Configuration changed xxx Execute saveconf to save the new values in flash Do you want to make these changes effective now y n y 280 APM Installation Configuration and User s Guide Ethernet Port Configuration Ethernet Port Configuration The Ethernet hardware has commands to control the link speed and duplex supported on each interface There is a script named setethernet that is invoked automatically along with the other initial APM configuration the first time the APM is run see First Time Configuration Wizard on page 88 The setethernet script can also be run by the administrator manually from the console at any time Refer to setethernet Set Ethernet Speed and Duplexing on page 268 for details on configuring the Ethernet port
263. ork Admin Password Button to invoke a dialog box used to define the Admin s password This password is used to access the console server port but NOT to change the password You must enter the SAME password registered in the console server IP Mode Drop down list box Select int dhcp if the AlterPath Manager is the DHCP server for this device or ext_dhcp if DHCP is served by another server or Static if you are using a static IP address See Configuring Your DHCP Server on page 129 112 APM Installation Configuration and User s Guide Devices Table 4 3 Devices Detail Form Element Definition MAC Address The MAC address is required if the selected IP mode is int_dhcp IP Address The IP address of the device is required if the IP mode is int_dhcp or static Netmask As indicated in dotted notation Default Gateway As indicated in dotted notation DNS As indicated in dotted notation Connection Dropdown list box to select the connection protocol used between the AlterPath Manager and the console serial port ssh or telnet Domain Domain Name Base Port TCP port number allocated in the first serial port of the console server Status Dropdown list box to select Enable connection between the AlterPath Manager and the device console is ALWAYS established Disable no connection is established and all child consoles follow this configuration OnDema
264. orm appears 164 APM Installation Configuration and User s Guide Profiles Details port speed port data size port stop bits port parity port flow DCD sensitive break sequence Serial Enable Element Figure 4 39 Profile Detail Form Table 4 22 Profiles Detail Form Definition Profile Name Console Type Description Status Port Speed Port Data Size Port Stop Bits Port Parity Port Flow DCD Sensitive Port Break Sequence Port name Drop down list to select type of console supported Brief description of the profile Port status Enable or Disable Serial port baud rate Number of data bits 7 or 8 Number of stop bits 1 or 2 None even or odd Flow control none hardware or software How the console server responds to changes to DCD signal As indicated Configuration and Administration 165 Consoles Table 4 22 Profiles Detail Form Element Definition Back Save Reset Buttons for the indicated actions 2 Enter your port settings and other profile information in the provided fields 3 Click Save to complete the configuration v To Modify a Profile To edit a profile perform the following steps 1 From the Profile List form select the profile you wish to edit The Profile Detail form appears 2 From the Profiles Details form make your changes 3 Click Save to complete the configuration Consoles
265. orts 80 443 8080 NIS Configuration To use NIS authentication NIS is selected from the First Time Configuration script To further control NIS authentication edit the following configuration file as follows File to edit etc nsswitch conf Format lt database gt lt service gt lt actions gt lt service gt Where Parameter Definition lt database gt Available aliases ethers group hosts netgroup network passwd protocols publickey rpc services and shadow lt service gt Available nis use NIS version 2 dns use Domain Name Service and files use the local files lt actions gt this syntax has this format lt status gt lt action gt WHERE lt status gt SUCCESS NOTFOUND UNAVAIL or TRYAGAIN lt action gt RETURN or CONTINUE 288 APM Installation Configuration and User s Guide NIS Configuration What the status messages mean Status Meaning SUCCESS No error occurred and the desired value is returned The default action for this status is return NOT FOUND The lookup process works but the needed value was not found The default action for this status is continue UNAVAIL The service is permanently unavailable TRYAGAIN The service is temporarily unavailable NIS User Authentication To use NIS only to authenticate users change the lines about passwd shadow and group in the configuration file etc nsswitch conf as described below The AlterPath Ma
266. ost name or IP address Terminal i Eien Host Name or IP address Port Bell N gregg jupiter 1 192 168 48 162 22 S Features Protocol A Window O Raw O Tene ORlogin SSH S 4 ee Load save or delete a stored session N S DN 4 Translatio Saved Sessions x Selectio secure proxy A Colours S APM 163 H ost Name or IF address gregg jupiter 1 297 92 166 46 162 Connectigg Close window on exit O Always Never Only on clean exit Tunnels Figure 5 1 PuTTY Configuration of APM as a Security Proxy Cancel Open To Connect SSH from a Linux or UNIX System Using SSH on a Linux or UNIX system type in ssh lt user name gt lt console name gt lt IP address of APM gt This command opens a SSH connection to the AlterPath Manager checks the username and password checks the access control list to verify user access and then establishes the connection to the appropriate console After the connection is established you will be prompted to log in to the system connected to the console port APM Installation Configuration and User s Guide Working from a CLI Sample Command Line Interface An example of a command line interface as accessed by an admin follows Cyclades APM V_1 4 0 RC1 Oct 11 2005 Console kernel 2 4 25 APM Gregg login admin Password kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
267. ows the steps below 1 From the menu select Groups The system displays the Groups List form Figure 4 54 2 From the Groups List form click on the Add button Configuration and Administration 193 Groups The system displays the Adding Group form e SecurityRules Info Reporting Figure 4 55 Adding Group Form 3 From the resulting form select the group type you wish to create Device Console or User Based on your selection the system displays the Group Detail form The example below uses the Group General form for the Group Type User General Security Group Name beginner Description status Enable E Group Type User Selected members Figure 4 56 New User Group General Form 194 APM Installation Configuration and User s Guide Groups oe OT e Enter the Group Name Description and Status of the new group Select desired members from the Select group members list box Click on the Add button Click on the Save button to complete the procedure v To Add Members to a Group To add members to an existing group follow the steps below 1 2 4 From the menu select Groups From the resulting Groups List form select the type of group you want to configure From the resulting Group Details form choose from the left list box the members you wish to add to the group Click on the Save button
268. piry_time 00 00 info e2000 base license VALID true FEATURE NNM Name APM_B_NNM version 1 0 1 type null feature NNM device APM owner paulo customer_id gregg expiry_date 2005 12 28 expiry_time 00 00 info null VALID true HostName APM gregg cyclades com 320 Figure C 1 Feature Window full content scrolled You can also verify your current DLS Activation by logging onto your APM CLI as root and running the following command 1s var apm licenses data If DLS is activated the screen will display a file name similar to this APM B DLS 256 enc The foregoing file name indicates a DLS capacity of 256 logging sessions AlterPath Manager Installation Configuration and User s Guide Data Logging Session Activation Verifying your MAC addresses Log on to the CLI on the serial console port as root or as admin and run the following command ifconfig A display similar to the following will appear etho eth1 lo Link encap Ethernet HWaddr 00 90 FB 81 57 17 inet addr 192 168 48 162 Bcast 192 168 51 255 Mask 255 255 252 0 UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 9691587 errors 133 dropped 0 overruns 0 frame 133 TX packets 5726282 errors 0 dropped 0 overruns 0 carrier 0 collisions 1038728 txqueuelen 1000 RX bytes 685270715 653 5 Mb TX bytes 548308906 522 9 Mb Interrupt 10 Base address 0xc000 Memory e5020000 e5020038 Link encap Ethernet HWaddr 00 90 FB 01 8C D7 inet
269. press Enter and all items that match the filter element will be displayed Search For A field box that accepts a string After you enter the string into the field press Enter and all items that match the filter selection and the field entry will be displayed 108 APM Installation Configuration and User s Guide Devices Table 4 2 Device List Form Element Definition Add Button used to add new devices Delete Button used to delete any devices selected for deletion Upload Button used to upload the configuration or firmware to the selected device Supported Devices The AlterPath Manager supports the following types of devices e ACS e TS e KVM net and KVM net Plus OnSite e IPMI Optional e Chassis Optional See Blade Module section Caution For TS Users If you are using older versions of TS100 400 800 which may have less than 32 MB of RAM you MUST increase the RAM in the TS equipment Note For Device forms associated with the Blade Module see Blade Management Module on page 206 Note IPMI Activation JPM1 is a paid for option for AlterPath Manager users The feature is hidden from users who do not need it To activate IPMI Copy the IPMI license file that you purchased from Cyclades into the following directory on your APM var apm licenses data Configuration and Administration 109 Devices v To Add a Device To add any of these devices follow the steps
270. r A downward arrowhead indicates that the list is alpha numerically arranged in ascending order an upward arrowhead in descending order You can change the sort order by clicking on the heading or the arrow 102 APM Installation Configuration and User s Guide AlterPath Manager Web Interface Admin Mode LOGOUT s Info Reporting Jobs IPM 5 OnDemand Jupiter OnDemand Jupiter_02 Serial Jupiter OnDemand Saturn 1 KVM Saturn Fremont OnDemand Filter by CONSOLE v Search for Figure 4 5 Console List Form Sorted by Console The Console List form shown above is sorted by Console in ascending order You can also sort this form by Type Device Location and Status To filter your list by group use the Filter by pull down The list generated by selecting the Filter by pull down is automatically saved To search for a particular console use the Search for field Using the Form Input Fields When typing in data into any of the input fields note the following conventions Inthe web form as it appears on the screen all required fields are shown in red e With some exceptions fields cannot contain special or reserved characters If you enter an invalid character the system generates the message Fields cannot contain special characters e Only the following special characters are allowed LO SS ee COT 3 A lt gt f f Gi Configuration and Administration 103
271. r KVM over IP sessions The KVN net Plus also features the capability to connect to RDP servers via an in band connection The RDP capability can be configured and controlled from the APM KVM net FW Upgrade Support Starting with Version 1 4 0 the AlterPath Manager supports firmware upgrades for the KVM net The upgrade facility provides system compatibility checks copies the firmware checks the validity of the copy and reboots the system The firmware package incorporates KVM net firmware KVM over IP module firmware boot code microcode for the KVM switch microcode for the terminators and microcode for the KVM RP Support for OnSite The AlterPath OnSite is a compact device that has serial console ports like an ACS and KVM ports like a KVM net The AlterPath Manager supports viewing of ACS based consoles as well as Keyboard Video Mouse based consoles through the use of an AlterPath OnSite installed in the network Support for IPMI 12 The AlterPath Manager supports servers that are based on IPMI Intelligent Platform Management Interface the open standard for machine health and control including remote control IPMI defines common interfaces to the intelligent hardware that is used to monitor server physical health characteristics such as temperature voltage fans power supplies and more These monitoring capabilities provide AlterPath Manager users information that allow power control of servers recovery and asse
272. r license file name to the list of files Be sure to use the full path of each license file name you enter into this file For example if the name of the license file you are adding is APM FA DLS 64 128 enc you should enter the full path name var apm licenses data APM FA DLS 64 128 enc Be sure to follow up with the saveconf command It is also a good idea to save a copy of each license file on a server that can be accessed by your APM just to be extra safe If at any time you run defconf the file etc files list will revert back to its original state and you will need to reinstall your license Additional DLS at Time of Purchase Additional DLS activation can be included at the time of initial purchase or it can be added as a feature activation conversion Cyclades recommends you Data Logging Session Activation purchase the additional DLS activation with your APM There is a price benefit when you buy the DLS activation this way Initial purchase part numbers for the DLS activation options along with their corresponding managed console capacities are shown in the table that follows Table C 1 DLS Activations Available at Initial Purchase Max Number of Part Number DLSs Managed Consoles APM 2500 APM 2500 Base System 64 1024 APM B DLS 128 128 2048 APM B DLS 256 256 4096 APM B DLS 512 512 8192 APM 5000 APM 5000 Base System 64 1024 APM B DLS 128 128 2048 APM B DLS 256 256 4096 APM B DLS 5
273. r run Health Monitoring for this device default Daily System will run Health Monitoring at 2 am everyday Weekly System will run Health Monitoring at 3 am every Saturday Monthly System will run Health Monitoring at 4 am on the first of each month Once defined proceed to the Alarm Trigger Detail form to define the Health Monitoring Alarm Trigger Using the Logical AND in the Alarm Trigger Expression To create a logical AND in the alarm trigger expression use the period and asterisk Configuration and Administration 161 Alarm Trigger The alarm trigger is also capable of processing substrings OK for example is a substring of NOK Therefore both types of messages will cause alarms if OK is appended to the HeaLth_MoNiToR trigger string v To Configure the Health Monitoring Alarm Trigger 1 To configure an alarm trigger associated with Health Monitoring go to the Alarm Trigger Details form Alarm Trigger List gt Health Monitor LOGOUT E om trigger ET a eee Alarm Trigger Name Health Monitor Trigger Expression HeaLth_MoNiToR NOK Notify ym Create Alarm Y Priority Severe M Status Enable Figure 4 37 Health Monitoring Alarm Trigger Detail Form 2 From the Alarm Trigger Definition form complete the fields as follows Table 4 20 Alarm Trigger Setup Fields Element Definition Alarm Trigger Name Provide a name to be associated with this particular alarm trigger Trigger Expres
274. re 4 82 that follows shows a typical physical connection for a redundant APM configuration e Fors peng ai Eth1 Eth1 CAT 5 crossover cable ol Figure 4 82 Connecting 2 APMs in a Redundant Configuration Configuration and Administration 241 Redundant Fault Tolerant Configuration WMI Configuration of Fault Tolerant APMs Figure 4 83 shows the APM Heartbeat Configuration form LOGOUT Fail Over Time 5 AA Message Period 1 Dead Ping Time 5 E Configured State PRIMARY Out Authentication CRC m Shared Secret Key Service IP 192 168 51 1 Status Enable Ping Nodes List 192 168 48 1 192 168 458 196 Enter list of ips to ping separated by commas Current System Mated System Node Name APM APM_S IP Address 192 168 49 11 192 168 49 12 Figure 4 83 APM Heartbeat Configuration Form Figure 4 84 shows a detailed view of a filled in Heartbeat Configuration form for the primary APM in the configuration Figure 4 85 shows a detailed view of a filled in Heartbeat Configuration form for the redundant APM The two forms are filled out almost identically but observe the following fields in the two forms to see how they differ e Configured State e Node Name Current System Mated System e IP Address Current System Mated System 242 APM Installation Configuration and User s Guide Fail Over Time Dead Ping Time Out Authentication Service IP Pin
275. rity Rule List Column Descriptions 226 Security Rules Source IP cccccesceescesseeeteeeneeeees 229 AlterPath Manager Installation Configuration and User s Guide Tables Table 4 40 Table 4 41 Table 4 42 Table 4 43 Table 4 45 Table 4 44 Table 4 46 Table 5 1 Table 5 2 Table 5 3 Table 5 4 Table 5 5 Table 5 6 Table C 1 Table C 2 Table G 1 Security Rules Network Int ceeeeseeteeees 231 Security Rules Date Time Form eeeeeeeeteeeeees 233 Security Rule Actions Aces S cieui lacunae tence Sts 235 IPDU Device Details x2 iclostanncahoeitatyiines teatetvacas 236 Heartbeat Form Fields and Meanings 06 244 Definitions Used in Fault Tolerant APMs 244 Synchronization Form Fields and Meanings 247 CLI Specific Commands 25 040 cccciesescacsscsaiearseactesacsess 258 Console Applet Window Menu Options 4 259 Console Applet Ec Command Set 0 0 ce eeeeeeeeees 263 Data Types You Can Backup and Restore 296 Default Configuration Values from the apm properties Fle AE E A AAEE 301 Information for the openssl Command 303 DLS Activations Available at Initial Purchase 316 Activation Conversion Options c ccscceeseeeeeees 317 Service Processor Technology by Vendor 330 xvii xviii AlterPath Manager Installation Configuration and User s Guide
276. rs 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 0 RX bytes 15268713 14 5 Mb TX bytes 15268713 14 5 Mb Installation The numbers following the HWaddr subheading for each Ethernet controller installed ethO and eth by default is the MAC address for the controller v To activate the Blade Module 1 Log onto your APM through the serial console interface as root 2 Copy your Blade Module license using the full path as shown var apm licenses data APM B IBMBLADEMODULE enc 3 Run the command etc init d tomeat restart 41 Pre Configuration Requirements 42 APM Installation Configuration and User s Guide Chapter 3 User Level Web Access The web interface provides two modes for using the AlterPath Manager E2000 2500 and 5000 based on the type of user Access for operation by regular users and Admin for configuration by system administrators This chapter explains the procedures for operating the AlterPath Manager web interface in Access mode Addressed specifically to regular users this chapter is organized as follows User Interface Overview Page 43 Alarms Page 48 Consoles Page 55 Logs Page 67 Power Management Page 72 User s Profile Page 75 Note If you are an AlterPath Manager system administrator refer to Chapter 4 Configuration and Administration User Interface Overview The AlterPath Manager user interface provides you with four main menu options
277. s 5 Save your configuration Enter the command savecont v To Obtain and Install a New SSL Certificate 6 Enter OpenSSL command On a Linux computer you can generate a key using the Open SSL package through the command openssl req new nodes keyout private key out public csr If you use this command the following information is required Table 5 6 Information for the openssl Command Parameter Description Country Name 2 letter code AU State or Province Name full name Some State Locality Name e g city Organization Name e g company Internet Widgits Ltd Organizational Unit Name e g section The 2 letter country code The full name not the code of the state The name of your city Organization that you work for or want to obtain the certificate for Department or section where you work Advanced Configuration 303 Restoring Your Configuration Table 5 6 Information for the openssl Command Parameter Description Common Name e g your name or Name of the machine where the your server s hostname certificate must be installed Email Address Your email address or the administrator s You may skip the other requested information The command generates a Certificate Signing Request CSR which contains some personal or corporate information and its public key 7 Submit the CSR to the CA Once generated su
278. s Consoles Alarm Triggers Users Consoles List View list of blades switches add edit or delete blades switches Console Details View or edit blade configuration details e g connection type log rotation etc Access Select user s to access the current blade Notify Select user s to be notified of an alarm regarding the current blade Groups Select blade groups Alarm Trigger List View alarm trigger list add edit or delete an alarm trigger Alarm Detail View or configure a selected alarm trigger User List View list of users add edit or delete users Details View or configure a selected user Access Select blades and switches to which the current user can access Groups Select one or more groups to which a user can belong Security Select one or more security rules to apply to the current user 208 APM Installation Configuration and User s Guide Blade Management Module Table 4 31 Summary of Blade Module Forms Menu Option Forms and their Functions Groups Security Rule Info Reporting Group List View list of groups according to user blade or switch Chassis gt General Select group members for the selected chassis group Blade gt General Select group members for the selected blade group User gt General Select group members for the current user group Security Select security rule to be applied to the current user S
279. s Type PDU Modet PM8 10A Status Port Alarm threshold Over c Buzzer Get Information Figure 3 21 PM Device Viewer Detail Form Table 3 10 IPDU Viewer Details Form Element Definition Details Opening tab that is the default when you edit a power management device Groups Tab that opens the PM device groups access form for viewing IPDUs Info Tab that opens a display of data read back from the PM device after you click on the Get Information button 72 APM Installation Configuration and User s Guide Power Management Web Access Table 3 10 IPDU Viewer Details Form Element Definition Outlets Device Name Type Vendor Model Connection Status Connected to Port Alarm threshold Over current protection Tab that opens the outlets control form From here you can select individual outlets regardless of whether or not they are assigned to a KVM port and turn them on or off cycle them or lock or unlock them either individually or in selected groups You can also view the current status of each outlet from this form after clicking on the Get Information button A name you can give to the PM device to help you remember where it is and what it controls Fixed at IPDU Fixed at Cyclades The model and output current capacity of the PM device A pull down list allowing you to select either ssh ssh telnet or telnet A pull
280. s DISABLED Press lt ENTER gt if you wish to change it or Q lt ENTER gt to quit Enter Local IP Address lt IP_of APM gt Enter Server IP Address lt IP_of tftpboot gt Enter Kernel Filename lt kernel_ filename gt Enter InitRD Filename lt initRD_ filename gt WARNING make sure you re setting valid values for the network boot parameters or the network boot may not work Current Status ENABLED Local IP Address lt IP_of APM gt Server IP Address lt IP_of tftpboot gt Kernel Filename lt kernel_filename gt InitRD Filename lt initRD_filename gt Do you wish to save these parameters y N y Saving network boot configuration done NOTE the new network boot parameters will be effective after the next reboot 266 APM Installation Configuration and User s Guide Working from a CLI setcons Set Console Connection root APM gregg root setcons APM Console Configuration Utility Current Parameters 9600 8n1 vt100 Press lt ENTER gt if you wish to change it or Q lt ENTER gt to quit Enter Baud Rate in bps 9600 Enter Word Length 5 6 7 or 8 8 Enter Parity even odd or no no Enter Stop Bits 1 or 2 1 Enter Terminal Type vt100 WARNING make sure you re setting valid values for the console parameters or you may make your console inaccessible Current Parameters 9600 8n1 vt100 Do you wish to save these parameters y N y Saving conso
281. s configured from the General tabbed form Day Time Table The table represents the days of a week rows and the hours of a day columns Add Time Period Define below this title the time period Conditions conditions that applies to the default rule by clicking the appropriate boxes Sun Sat check boxes Select the day s to be applied to the default rule Start Time Specify a Start Time to be applied to the selected day s as part of the time conditions Configuration and Administration 233 Security Rules Table 4 41 Security Rules Date Time Form Element Function End Time Specify an End Time to be applied to the selected day s as part of the time conditions Add Button to add the day and time settings to the Added Time Period Conditions box and apply them to the rule Delete Button to delete the day and time settings from the Added Time Period Conditions box Added Time Period Title of the list entry box for applying the day Conditions and time conditions Security Rule Authorization Configuration The Authorization tabbed form allows you to define the authorized actions for the current rule If the rule chosen for a security rule is Allow then you must select at least one action from the Authorization form The left hand box lists all the possible actions The selected action s by selecting the Add button are listed in the right hand box LOGOUT Figure 4 79 Se
282. s 30 IPDU 235 IPMI Sensors 66 K Kermit 30 Key features 3 Centralized authentication 5 Centralized data logging 6 Change and configuration management 14 CLI 15 Log file compression and rotation 7 Prioritized triggers amp alarms 7 Single point security gateway 5 KVM net Plus 62 173 175 KVM net Plus web control page 62 KVM net Support 17 334 AlterPath Manager Installation Configuration and User s Guide L Log File Compression and Rotation 7 Log rotation 181 Logs 67 Access 69 Data buffer 71 Event 70 Logs Access Mode 68 Manual Upload device configuration 131 Mechanical loading 29 Minicom 30 Modifying a Profile 166 Multiple Auto Discover 145 N Name server 270 Navigation shortcuts xxvi Network boot 266 Network diagram 27 private 27 single 28 NIC card pre installation 30 Notify selecting users to be notified 177 NTP server 273 O One Time Password 122 Online Help 47 relocating 102 OnSite Support 18 Open LDAP 293 Operating temperature 28 Operational Modes 86 OTP 122 Index P PCMCIA Modem ACS 309 Power Management 72 235 Pre configuration 30 Pre installation 30 IP Addresses 30 NIC card 30 Prioritized Triggers amp Alarms 7 Private Network Diagram 27 Private Network Topology 25 Product Installation Checklist 21 Profile Definition screen adding a new profile 164 modifying a profile 166 Profile List screen 163 R Rack mounting Safety considerations 28 RDP
283. s Telnet and authentication type default is local for all consoles Configuration and Administration 137 Devices 138 LOGOUT Select the defaults for all the consoles Profile Name default a Connection Protocol ssh Authentication Type local b Status OnDemand Remote Data Buffer D imes Oto disable Figure 4 18 Console Wizard Defaults Form 5 Complete the above fields and then select the Next button when done The system brings up the User Access form LOGOUT Alarm Trigger Profiles Firmware Security Rules Info Reporting Select the users to be notified and who can use the consoles Access Groups Select user to console access Selected users lt Back Next gt Cancel Figure 4 19 Console Wizard Access Form USER is the default list which contains all users APM Installation Configuration and User s Guide Devices The system also adds a plus sign to any added user group that appears in the selection box 6 Follow the instructions for the User Access form and then click on the Notify tab to proceed to the User Notification form From the User Notification form select the user s you wish to be notified and then select the Groups tab to display the Groups form Jo EE ae Figure 4 20 Console Wizard Notification Form 7 Click the Groups tab and complete the Cons
284. s Used to Configure Alarms Form Function Form s Used Add a new trigger string Edit an alarm trigger Delete an alarm trigger Create an alarm for the trigger string and prioritize the alarm Create notification events email list Assign one or more user to receive an email or alarm Define or verify the email that is used when a user is notified of an event Alarm Trigger list form Add button gt Alarm Trigger detail form Alarm Trigger list form Alarm Trigger name gt Alarm Trigger detail form Alarm Trigger list form Delete button Alarm Trigger detail form Input fields Create Alarm and Priority Alarm Trigger detail form input field Notify Console Detail form Notify button Go to Consoles Console List gt Console Detail User List form gt User Detail form Note Users who use the application in Access Mode also have the capability to change their email address through the User s Profile form To View the Alarm Trigger List Form The Alarm Trigger List form allows you to view all the alarm triggers configured for the AlterPath Manager as well as to create edit and delete alarm triggers from the list To view the Alarm Trigger List form follow the steps below 1 From the menu select Alarm Trigger Configuration and Administration 157 Alarm Trigger 158 The system displays the Alarm Trigger List form
285. s and Switches eceeseeeceeeseeeteeeeeeeees 222 COs oles List HOT 43 cesses Cocca aia ieee seni eters 223 Sec rity RUNES cennere e E a a 225 S c rity R l Lasteisiecgsc resar a a a e aiai 226 Security Rules Network Intf ssssseseesessseessesesssessessrssressessesees 231 Security Rule Date Time Configuration ccecceeeeeseeeee 232 Security Rule Authorization Configuration 0 0 0 0 234 Power Management Support 265 sxcccsescees aceneense ae case 235 Redundant Fault Tolerant Configuration s sssssesseseesseessessresresees 240 Physical Setup of Fault Tolerant APMS ssssnnsessessseessesersseessesees 241 WMI Configuration of Fault Tolerant APMS 0 0 ee eeteeeeeeee 242 Configuration of the Primary APM cceeeeseeseereeeeeeeeeeeeeeees 248 Configuration of the Redundant APM ce eeceeseeeeeteeeeeeeees 250 Chapter 5 Advanced Configuration 255 Working from a CED narici atasgn ccew leases evaded aw a E 256 CET Commands i ame eres a EE eres ee een ere Re 258 Copying and Pasting Text within the Console Applet Window 259 Connecting Directly to Ports ssicycecisv ute esteaueeres nineteen 259 Sample Command ine Intertace cx icss caus sess eeehsseacd neta kas evsalode 261 Console Session Hot Keys ccs sisceis eee aee eee ieee 263 Set Commands arnari aasar aara land aa aeir Ii RT AE 264 setauth Set Authentication 0 0 cccccecssecsseceseceeceeeeeeseeeeseeeenes 265 setboot
286. s on the Linux shell s command line Do not be confused by the fact that some Cyclades products offer a management tool called the CLI which has the same name as the term used in general for any command line interface The Admin user can select CLI at a prompt after logging into the APM console a regular user logging into the APM console gets the CLI prompt by default The Cyclades CLI tool provides many commands and nested parameters in a format called the CLI parameter tree Client side management software See Management software Console This term is used to mean the serial console interface that is present on most Cyclades devices It is a physical serial port that interfaces with a serial terminal that can be used to interface with the device The serial console interface allows an administrator to have shell access to the device The administrator can use this interface for advanced configurations On the AlterPath Manager Console also is used to describe any of the ports on a device such as KVM ports on a KVM net device or an OnSite device or any of the serial ports on an ACS device a TS device or an OnSite device Advanced Configuration 325 Checksum An algorithm usually generated by a program to check the integrity of a target file or target packet of data that has been transferred across a network A very common checksum program is mdSsum that is run after a target file has been downloaded
287. s you are configuring There are two fields one field is for the current system and the other field is for the mated system The current system is the primary system when you are configuring the primary system and it is the redundant system when you are configuring the redundant system Note Compare these fields in Figure 4 84 and Figure 4 85 246 APM Installation Configuration and User s Guide Redundant Fault Tolerant Configuration LOGOUT Figure 4 86 APM Synchronization Form Table 4 46 Synchronization Form Fields and Meanings Element Meaning and Configuration Synchronization The default is 700000 KB second This is the maximum Speed speed allowed for this field Note The APM 2500 and the APM 5000 synchronize using network RAID and DRBD Distributed Replicated Block Device This enables replication of data from the primary system to the redundant system in real time Port Number Leave this at 7791 v To Set Up a Fault Tolerant APM Configuration Note This feature is not supported on the APM E2000 1 Be sure both APM systems are upgraded with the same APM 1 4 0 GA release refer to To Upgrade the APM Firmware on page 295 Configuration and Administration 247 Redundant Fault Tolerant Configuration Caution You can mix APM hardware platforms but you must be sure the APM 5000 has APM 5000 firmware and the APM 2500 has APM 2500 firmware Both APMs must have firmware of the
288. same build number and date 2 From the primary APM s console run the backup command on the primary APM system and back up the database refer to Backup and Restore Scenarios on page 297 a Performa backup conf example backup conf root 192 168 48 100 backup conf b Perform a backup log example backup log root 192 168 48 100 backup log 3 From the redundant APM s console run the restore command on the remote APM system and restore the database a Performa restore conf example restore conf root 192 168 48 100 backup conf b Performa restore log example restore log root 192 168 48 100 backup log Your primary APM and redundant APM now have matching firmware and databases 4 Physically configure two APMs with Eth0 ports on a common LAN The IP addresses of the APMs must be static Figure 4 82 shows the physical configuration of the APMs 5 Connect the Eth ports on both APMs with a Cat 5 Ethernet crossover cable This is the heartbeat and network RAID signal cable Configuration of the Primary APM 6 Log onto the WMI of the Primary APM as admin and select System tab gt Cluster Settings gt Heartbeat tab 7 Select the Status drop down box and select Enable 248 APM Installation Configuration and User s Guide Redundant Fault Tolerant Configuration 10 11 12 13 14 15 16 17 18 19 20 The rest of the fields in
289. screen appears the line that says APM will be highlighted Press the Down Arrow key twice so that APM Emergency Mode is highlighted Note You need to press the Down Arrow key within 1 second or the APM will start to boot in normal mode and you will need to press the RESET button again If you press the Down Arrow key at least once within 1 second the screen will pause and you will have time to highlight the APM Emergency Mode line Advanced Configuration 299 Changing the Database Configuration GRUB version 0 91 639K lower 522176K upper memory APM APM Network Boot APM Emergency Mode A Use the and v keys to select which entry is highlighted Press enter to boot the selected OS e to edit the commands before booting or c for a command line The highlighted entry will be booted automatically in 1 seconds 4 Press the Enter key The APM will continue to boot and a command prompt will appear You will already be the root user 5 Enter the following command at the prompt passwd 6 Enter the same password each of the two times you are prompted to do so Be sure to save the configuration by entering the following command saveconf 8 Enter the following command to reboot the APM reboot 9 Allow the APM to reboot normally Changing the Database Configuration Note This configuration procedure is for advanced users only 300 APM Installation Configuration
290. sers and managers Fault Tolerant Configuration Support Heartbeat Redundancy Data Synchronization and Failover support provides a means to set up a fault tolerant APM configuration A fault tolerant configuration has the ability to automatically back up and restore an APM 2500 or APM 5000 system with little or no downtime in the event of a failure of a primary APM By using the heartbeat protocol in conjunction with network RAID or RSYNC a redundant APM automatically takes over control of the managed devices in the event of a failure of the primary APM or its Ethernet connection After the initial problem with the primary APM is corrected the redundant APM fails back to the primary APM After the failback between both APMs is complete the primary APM resumes control of the managed devices Simple and Easy Web User Interface The AlterPath Manager provides a convenient and user friendly web user interface for the regular user and the administrator Hyperlinks enable you to access consoles view data logs and other information even faster From one single interface you can achieve just about everything you need to manage your network s consoles 14 APM Installation Configuration and User s Guide Key Features As a user you can only view and access those consoles you are assigned This customization adds security to the system since users cannot view or access any console that does not concern them Command Line Interface C
291. serssressessessees XX X Chapter 1 INtroduction cccccceeeeeeseeeeeeeeeeeeeeeees 1 Connectivity and Capacity essssessessesseessessreseesseesessresresseeseesressresseses 1 Key Features oarn a ON E A ER a E 3 Single Point Security Gateway cssccssscssrcssecesssccssnsssccescsescceees 5 Centralized Authenticapion cites Siacue til saa aa teceianeeedhns aes 5 Consolidated Views and Console Access c cecccceseeeeeeeteeeteeeteens 6 Access Control List ACL for Devices 0 cccceccccceesseeesseeeesseeeenes 6 Centralized Data Logging System sieijcnrntdencasenedeacnancans 6 Log File Compression and Rotation cccccccecsseceseceeeeeeeeeteeeseeees 7 Prioritized Triggers amp Alarms s sessseesseeseesessseessesessressessrsrrssresse T Other Alarm Features ach 2 esterase cat cdbetapeee ash souter atuceacensceebec ahuedtnga et 8 Modem Support for Remote Sites 2 0 0 ccccceesceeseeceteeeeeeeeeeeeeees 8 Dial Back Support for ACS ccccccsssccssssssccssstsscsssssessasssnecsssssacees 8 One Time Password support for ACS ccceeecceesseceseceeeeeeseeeeeesseenes 8 Multiport Ether et isata cael ETA ate 9 Enhanced Ethernet Port Configuration sssssssesssessessessrossessreseesseese 9 Ethemet Bonding 4 8 cel csetsstis vie eiaa e E Ga aa 10 DHCP Option for APM Network Setup ceeeeeesceesseeeteeeteeeees 10 Health Monitoring sisi ivesoctteicdt acts eeii a ai 10 Console Wizard a msee enoi i ccendeck c
292. shell alone without a menu or system prompt This will give you access primarily to serial ACS TS consoles configured on the APM Advanced Configuration 257 Working from a CLI If you are an admin user you will get a menu that gives you the following choices Please choose from one of the following options Ty CLI 2 Shell Prompt 3 Quit Option gt CLI Commands A list of commonly used CLI commands for operating the AlterPath Manager are as follows Table 5 1 CLI Specific Commands Command Use this command to man list man lt command name gt consolelist console lt console name gt or console lt device name gt page lt console name gt searchlog List the available commands Get a definition of and syntax help for a command List all consoles allocated to you as defined in the access control list This command also lists the devices in your ACL Connect to the specified console or device Display the content of the data buffer file for the specified console Search the data log files for alarms 258 APM Installation Configuration and User s Guide Working from a CLI Copying and Pasting Text within the Console Applet Window The APM allows you to copy and paste text within your console Java applet window to facilitate any command line configuration of a device and other similar operations To use the copy amp paste feature right click your mouse
293. sion Type in HeaLth_ MoNiTOR NOTE To effectively filter the alarm trigger to generate only messages relating to failure it is recommended that the Trigger Expression be restricted to HeaLth MoNiToR NOK see explanation next section 162 APM Installation Configuration and User s Guide Profiles Table 4 20 Alarm Trigger Setup Fields Element Definition Notify Select Yes if you want users to receive email notifications regarding the alarm Create Alarm Select Yes if you want alarms to be generated based on the trigger expression Priority Select a priority to be associated with the alarm Status Select Enable to enable this particular alarm trigger How Health Monitoring Works Based on the aforementioned configuration settings the program gets from the database a list of devices to check The monitoring results are ultimately stored in a log file using the following line format for each device Device Name IP Device IP Phone Number Date Time Result Status Each line is a syslog message generated by Health Monitoring and contains the string identifier HeaLth MoNiToR which is used by the alarm trigger Moreover the Result Status field will have two leading strings e OK indicates that the device is okay e NOK indicates a problem It is for this reason that the trigger expression needs to be restricted further to HeaLth MoNiToR NOK in order for users to get messages that onl
294. sole there is an option to configure an RDP connection You must The RDP IP Address field must be a static IP address e Set the RDP Status drop down to Enable In most cases you can leave the RDP Server Port number setting at 3389 default Figure 4 43 illustrates enabling RDP on the server connected to KVM port 2 When an attempt to connect to the port KVM port 2 in this case is made the console viewer will attempt to launch the RDP viewer first by default If the RDP connection is already in use or cannot be made a regular KVM connection will be attempted on KVM port 2 APM Installation Configuration and User s Guide Consoles LOGOUT Users Devices Groups Alarm Trigger Profiles Firmware Security Rules Info Reporting Jobs Details Users ACL Notify Groups Outlets Console Name Neptune _02 Device Name Neptune Port 2 v Description Machine Type Machine Name OS Type OS Version Location Status OnDemand ee RDP IP Address 192 168 49 58 a Roe Server Port 3389 ae o ist _ Namib _ ROP Status Figure 4 43 Enabling RDP on KVM net or KVM net Plus Console Port You can also configure a port as RDP Only This allows the KVM net Plus to connect exclusively to an RDP server over the Ethernet in band For this type of configuration a physical KVM port connection is not necessary Figure
295. st screen Access Mode 55 Console Management 166 Console Menu Access mode 46 Console port 31 Conventions in this book xxv commands xxv emphasis xxv filenames xxv hot keys xxv links xxv navigation shortcuts xxvi user input xxv Creating an alarm trigger 158 Cyclades technical training xxviii D Data Buffer 71 Data Logging Session 315 Data Synchronization 240 Database Configuration 300 Date 268 273 set 268 date 273 Date and time setting 268 273 Deleting a Device 147 Deleting an alarm trigger 160 Deleting firmware 199 Deploying the APM 17 device 142 Device Discovery 142 Device management Deleting a device 147 Uploading device configuration 131 DHCP 280 Discovery 142 DLS 315 Activation conversion 317 Additional capacity 315 DLS activation 315 Domain name 270 Dynamic host configuration protocol 280 E Email server 273 Enable telnet 275 Ethernet Bonding 278 Ethernet Port Configuration 268 Ethernet subinterfaces 271 Event Logs 70 Examine the Serial Port Parameters 273 External Modem ACS 309 F Failover 240 Fault tolerance 240 Firmware Detail screen 200 Firmware List screen 197 deleting or adding 199 Firmware Management 197 294 Firmware screen 106 Firmware upgrades xxix First Time Configuration 86 First Time Configuration Wizard 88 H Heartbeat 240 Host name 270 Hot keys xxv Console session 263 HP OpenView NNM 281 HyperTerminal 30 Info Reporting Main screen 204 IP Addresse
296. t lt cssasiesjeesdeceeskiveeaydseduiasaseracntausesteigeas 104 DEVICES fo icessled atu iner earan ea r ltt es Waath cia tonal cakes 105 Device List MOT pacistietclos 52 seca Veit ales e a a ada dae Seca esses c teats 107 Suppoited DEVICES asin 2 accilanineiiacenip ae EEEE RO EN 109 PrOXIES pes tg cock Gre tate sc atue Re eatesaseak aaa Chant a iede emacs Sa Ai 115 Proxy Typ s aneurin wine avec ble ite ea eerie Ae 115 Disabling the Prony arin a A dearer teases 118 Dirett ACCESS te ce3cchscssinsesck yeni a a aa aE 118 Configuring Ports to be Proxied s sosssessesessssessessrssesssessresessees 118 Dial Up and Dial Back ssssessssessesessssessessrssressessrssresseesresessseeseeseese 118 Other Requirements for Dial Out Dial Back c ee 121 Other Requirements for Dial Back ACS Only e ee 122 One Time Password Configuration cccccccecsceesseeeteceeeeeeeeeesees 122 KVM net Device Detail Form scciiccssiiaccssaisaicaraaredatsavsdenstabeedecsaes 124 Assigning KVM Device Groups cccceecceeseeeteceseceeeeenseeeneees 126 Onsite Device Detail Form waive Secs a eae ee ista 126 IPMI Device Detail Pom 255234 ilacaaieta vec vreste es soak oveseaeesats 127 Using the IPMI Console Detail Form to Add a Console 129 Configuring Your DACP Server cois6 saseseatiad cau naacdiceieues 129 Function of the Status Field c cccc c cuescaspesssedeccveaessovacdetesenestaass 130 APM Installation Configuration and User s
297. t Rule already allows users to log on You may change it to block connections by default and then allow the valid users If the chosen rule is Allow you must select at least one action from the Authorized Actions tab Security rule management is composed of the following forms Table 4 37 Summary of Security Rule Forms Form Title Use this form to Security Rules List Default security rules form View a list of available rules along with the description status and permission settings of each rule Main selection form Enter the security rule name description status Enabled or Disabled and permission Allow or Deny Source Filtering Enter the client workstation IP addresses host and or domain name from which you may allow deny a user to connect Network Interface Enter the network interfaces and subnets to which you may allow a user to connect Configuration and Administration 225 Security Rules Table 4 37 Summary of Security Rule Forms Form Title Use this form to Day Time Enter the date and time in which the user can access the system Authorized Actions Define the specific authorized action e g Connect to a console connect to a KVM net Connect to the web management interface etc for this rule Security Rule List The Security Rule List form displays a list of all Security Rules that you can assign to a user or user group The list contains four columns
298. t it controls Fixed at IPDU Fixed at Cyclades The model and output current capacity of the PM device A pull down list allowing you to select either ssh ssh telnet or telnet A pull down list allowing you to select either On Demand to enable the PM or Disabled The name of the controlling device K VM net OnSite ACS or TS to which the PM device is connected This is either port 1 or an incriminated number for each daisy chained device on a KVM net or OnSite or the serial port number of an ACS or a TS to which the PM device is connected If set to 0 the alarm will occur when default current threshold of the PM is exceeded You can set this to an alternate threshold below the default threshold if you wish If selected automatically shuts off an outlet if the current at that outlet exceeds the current limit Configuration and Administration 237 Power Management Support Table 4 43 IPDU Device Details Element Definition Buzzer If selected sounds a buzzer if the alarm threshold is exceeded Syslog If selected allows PM device alarm events to be logged Back Button that allows you to go back to the previous form without saving any configuration parameters Reset Button that allows you to revert back to the previously saved parameters Save Button that saves the current PM parameter settings Save amp Create Button that saves the current PM param
299. t tracking The AlterPath Manager allows multiple concurrent IPMI CLI Command Line Interface sessions The number of sessions allowed matches the number of DLSs activated see Centralized Data Logging System on page 6 Note IPMI is a paid for option for AlterPath Manager users The feature is enabled only for users who have purchased the option APM Installation Configuration and User s Guide Key Features Support for HP OpenView NNM With the optional HP OpenView NNM Integration the administrator can access remote systems using both in band and out of band techniques from a common HP OpenView network node manager NNM view Device Console and User Group Management Devices consoles and users can be grouped to further simplify the organization and management of these system components The administrator may create update and delete any of the groups at anytime through the web management interface Users can view only those groups to which they belong or have access Blade Module The AlterPath Manager supports blade management that is the IBM Blade Center through the plugged in Blade Module Blade configuration and management is available through the web interface or CLI The Blade Module once enabled supports the number of chassis equal to the number of DLS activations installed on your APM up to 2048 chassis and up to 32768 blades switches just like any device or console Using the Blade Wizard
300. tatic m MAC Address C T J IP Address 192 168 48 199 Netmask 255 255 252 0 Default Gateway 192168481 DNS 192 168 44 21 Connection ssh M Domain Base Port root Status OnDemand Health Monitor never Auto Upload o Figure 4 15 Device Detail Form for the AlterPath OnSite Be sure to select the model you select matches the model number of your OnSite OnSite model numbers and their meanings are shown in Table 4 7 126 APM Installation Configuration and User s Guide Devices Table 4 7 OnSite Model Number Designations Model Number No Serial Ports No KVM Ports Users ONS441 4 4 1 ONS481 4 8 1 ONS841 8 4 1 ONS881 8 8 1 ONS442 4 4 2 ONS482 4 8 2 ONS842 8 4 2 ONS882 8 8 2 Since the OnSite has both KVM ports and Serial ports you can choose either type of port to configure and then direct the configuration to the OnSite device v To Configure OnSite Ports 1 2 3 4 Go to Consoles gt Console List From the Console List form select the Add button From the Add Console form choose either KVM or Serial From the Console Detail form click Device Name and choose your OnSite device See the Consoles section of this chapter for more details IPMI Device Detail Form Note IPMI Activation JPM1 is a paid for option for AlterPath Manager users The feature is hidden from users who do not need it To activate IPMI Configurat
301. teeeeees 214 Blade Device Switch 1 Form cceceeseeseeteeeeees 215 Blade Wizard Warning Message ccsceeeeeeeees 218 Blade Wizard Connection Method Form 219 Blade Wizard User Access amp Notification Form 219 Blade Wizard Console Switch Selection 220 Blade Wizard Edit Configuration Form Page 1 220 Blade Wizard Edit Configuration Form Page 2 221 Blade Wizard Configuration Confirmation 221 Blade Server Console List ccasnwiniuietiiass 224 Security Rules List Rorn icccscscectesseacsse scares evel seve 227 Security Rules General Form ccecceseesseeeteeees 228 Security Rule Source Filtering Form 0 229 Security Rule Network Interface Form 231 AlterPath Manager Installation Configuration and User s Guide Figures Figure 4 78 Figure 4 79 Figure 4 80 Figure 4 81 Figure 4 82 Figure 4 83 Figure 4 84 Figure 4 85 Figure 4 86 Figure 5 1 Figure C 1 Security Rule Day Time Form cecceeseeteees 233 Security Rule Authorized Actions Form 234 IPDU D tails POG gecstesues Sacdeoet ec thc etet ean ets 236 IPDU Create Device Details Form e cesses 239 Connecting 2 APMs in a Redundant Configuration 241 APM Heartbeat Configuration Form c008 242 Detailed View APM Heartbeat Form for Primary 243 Detailed View APM Heartbeat Form for Redundant Si
302. tem displays the Users List form 2 From the Users List form select the user to whom you wish to assign console access The system displays the User Detail form 3 From the User Detail form click on the Consoles tab The system displays the User Console form Configuration and Administration 187 Users 188 LOGOUT are Security Rules _ Info Reporting Groups Security Select console to user access Selected consoles consoLE Figure 4 50 User Consoles Form 4 From the resulting form select from the Select Console to User Access view panel the console you wish to assign to the user In the selection box the plus sign is used to indicate defined groups The Console or CONSOLE group is the default console group Click on the Add button The system transfers the selected group to the Selected Consoles view panel on the right To select another console repeat steps 4 and 5 You can also use the Shift key to select multiple groups 7 Click on Save to complete the procedure v To Select Devices for a User The User Device form allows you to assign one or more consoles for the current user To assign devices to a user follow the steps below 1 From the menu select Users The system displays the Users List form From the Users List form select the user to whom you wish to assign device access APM Installation Configuration
303. ter the Secondary Nameserver s IP address none Enter the NTP server Enter the email SMTP server smtp cyclades com Choose the desirable authentication method local radius tacacs ldap kerberos nis active directory local Saving configuration files to flash flash config config tgz done Removing init config flag done At this point the First Time Configuration Wizard has completed its job Some system and configuration status messages scroll up the screen until the login prompt appears Setting the Authentication Method The sample First Time Configuration selects local as the Authentication Method to use to authenticate a user Depending on the type of authentication service that you select the wizard will prompt for questions relating to the authentication service of your choice For example if you select RADIUS the system will prompt you for the RADIUS server name and the secret Selecting TACACS will prompt you 96 APM Installation Configuration and User s Guide First Time Configuration Wizard for the TACACS server IP address the shared secret and the available service system If you select NIS the system will prompt you for the NIS Domain Name and the NIS Server For the NIS Domain Name the system will accept localdomain or you may leave the field blank Note If you use NIS Authentication and the NIS server fails APM will not allow you to add the user in the local datab
304. th Manager application as a regular user i e the web management interface is on Access mode not Admin mode even though the user may be a system administrator Select To select is the same as to click your mouse xxvi APM Installation Configuration and User s Guide Linux Shell Syntax Linux Shell Syntax While this manual is primarily designed for using the E2000 2500 and 5000 web interface some special features show you how to configure the AlterPath Manager using the Serial Console Interface The Serial Console configuration is discussed in Chapter 5 Advanced Configuration of the manual The typographical conventions used for showing the syntax for these commands are as follows Table P 4 Linux Shell Syntax Typeface Meaning Example Brackets Ellipses Vertical Line or Pipe Indicate that the parameter inside them is optional The command will still be accepted if the parameter is not defined When the text inside the brackets starts with a dash and or indicates a list of characters the parameter can be one of the letters listed within the brackets Indicate that the latest parameter can be repeated as many times as needed Usually this is used to describe a list of subjects One of the parameters separated by this character should be used in the command iptables ADC chain rule specification options ls OPTION FILE netst
305. th Manager or chassis device will be overwritten Connection Method Sets the default connection protocol for the blades or switches User Access These three tabbed forms define who can access Notification amp Groups the blades switches the user s to be notified the authorized group s Configuration and Administration 217 Blade Management Module Table 4 34 Summary of Blade Wizard Forms Form Name Function Console blade switch Allows you to select each blade switch to be selection configured from the list of unconfigured blades switches Edit Configuration Allows you to edit any of the configured blades switches This form provides advanced configuration options Confirmation Prompts you to review and confirm the configuration Completion Message to indicate successful completion The Blade Wizard forms follow Warning This wizard will create blades switches entries for each blade switch on this chassis Any existing entries configured in the manager or in the chassis device will be overwritten Before overwriting you will have the option to modify the entries and delete some of the blades switches if they are not required You can abort this wizard at any time without making any changes Press the Next button to continue Figure 4 66 Blade Wizard Warning Message 218 APM Installation Configuration and User s Guide Blade Management Module LOGOUT Users Consoles i O Select the
306. that user Warning Reverse Proxy does NOT work with Java applets and Active X applications Consequently the AlterPath Manager web interface cannot support the following connections e Serial console connection to the ACS TS e Remote access to the IBM Blade devices e Use the KVM viewer to access KVM net console v To Configure the Web Proxy To create or configure a proxy for a device follow the steps below 1 Open the Device List form 2 Ifthe device is new click on the Add button If the Device already exists highlight the device and click on the Edit button 116 APM Installation Configuration and User s Guide Devices 3 From the Device Edit form select the Proxies tab The system displays the Device Proxies form Details Users Notify KVM Proxy Web Proxy m Forward without ARP lt Back Reset Save Save amp List Cascade Save amp Create Consoles Save amp Auto Discover Figure 4 11 Device Proxies Form 4 From the Device Proxies form select the type of web proxy you wish to assign for the current device Note If you select Forward Proxy then you must set your PC s default gateway and the device s default gateway to the IP addresses of the AlterPath Manager if your PC and the device are in different networks 5 Click on Save to complete the procedure v To Verify your Proxy Setting 1 To verify your con
307. the OTP Passphrase field or check the Random Passphrase check box Enable Auto Refresh This will refresh the OTP sequence by resetting the sequence number to 499 automatically when you dial in and there are fewer than 20 one time passwords remaining If you do not check this box the sequence needs to be refreshed manually by clicking the Reset Sequence button and then doing an upload Note Checking the Auto Refresh box disables the Reset Sequence button 9 If you want OTP to trigger alarms enable the OTP alarm trigger from the Alarm Trigger menu KVM net Device Detail Form The example below shows the Device Detail form that is used to configure the device type KVM net 124 APM Installation Configuration and User s Guide Devices LOGOUT Details Users ACL Notify Groups Proxies KVM Viewer Dial Up Log Rotate Device Name Satum Type KvMnet Modet Kvmnetie w Location Fremont Admin Name root Admin Password IP Mode static M MAC Address IP Address 192 168 48 161 Netmask 255 255 252 0 Default Gateway 192 168 48 1 DNS 192 168 44 21 Connection ssh Domain cyclades com Status OnDemand Auto Upload o Health Monitor daily M Firmware Boot V_2 0 0 1a Aug 18 05 Alternate Boot 2 0 7 Apr 21 04 lt Back Reset Save Save amp List Cascade Save amp Create Consoles Save amp Auto Discover Figure 4 14 KVM
308. the Select groups for the user list box The list box that shows the group s assigned to the current user Web Access 81 User s Profile Viewing the User s Profile Security Form The Security form shows the current security rule assigned to you as well as any other rules to which you have access A security rule defines a user s access control to a device as well as through which user group that rule is assigned For Blade Module users the Security Rule includes access to blades and switches To view the Security form From the menu select User s Profile gt Details form gt Security tab The system displays the User s Profile Security form LOGOUT Select security rules Security rules via user groups Figure 3 27 User s Profile Security Form Table 3 15 User s Profile Security Form Element Definition Security Tab or button to select the current form Select security rules List box from which to select a possible list of security rules assigned to the current user Add Button to add a selected security rule left list box to the Selected security rule list box 82 APM Installation Configuration and User s Guide User s Profile Table 3 15 User s Profile Security Form Element Definition Delete Button to delete a selected security rule right list box and return it to the Select security rule list box Se
309. til changed The user will not have to re enter their password until the TGT expires or they logout and login again When the user needs access to a network service the client uses the TGT to request a ticket from the Ticket Granting Service 7GS which runs on the KDC The TGS issues a ticket for the desired service which is then used to authenticate the user Creating the krb5 keytab in the AlterPath Manager The AlterPath Manager automatically creates krb5 conf the file that holds information about KDC addresses and port numbers The user however must create the etc krb5 keytab file a binary file that holds the cryptographic keys to validate the Kerberos tickets received There are two different ways to get the etc krb5 keytab file into the AlterPath Manager Method 1 Using SCP copy the etc krb5 keytab file from the Kerberos Key Distribution Center KDC also known as the Kerberos Server Method 2 Connect to the Kerberos database by executing the command kadmin p lt principal gt This is an interactive program it will ask for the password for the principal used to connect to the Kerberos database After successful connection run ktadd command for each principal required in order to add its respective cryptographic keys of that principal to the keytab file Both the client host and the users supposed to be authenticated must have entries in the keytab file You can explicitly indicate
310. tion to Linux shell or Blade servers Launch a Linux shell or CLI CLI and switches session using either Telnet or SSH NOTE Power control is available through ec sequence KVM Blade servers Launch the remote console only applet session for KVM VM Blade servers Launch the remote console only applet and remote disk of the currently selected blade server ON Blade servers Power on the blade server only OFF Blade servers Power off the blade server only Web Switches only Launch the web application e Add edit or delete blades e Access the other blade switch console management forms Details Access Notify and Groups Configuration and Administration 223 Blade Management Module LOGOUT Name t Type Device Port Location Status Blade_Center_03 Blade Blade_Center 3 OnDemand e Eon eu vm evu on FF Blade_Center_05 Blade Blade_Center 5 OnDemand Blade_Center_SW1 Switch Blade_Center Swi OnDemand Figure 4 73 Blade Server Console List v To Add a Blade or Switch To add a blade or switch 1 Select Consoles from the menu 2 From the Consoles List form select the Add button 3 From the Select Console Type form select Blade or Switch Caution If you are adding a switch be sure that you have set the switch to Enable go to Chassis gt Switch in the Switch Device form otherwise you will receive an error messa
311. tore with the data from the file lt jcertfile cer gt and assigns the alias tomcat to the entry APM Installation Configuration and User s Guide Appendix A Technical Specifications Hardware Specifications Feature AlterPath E2000 AlterPath 2500 AlterPath 5000 CPU Intel Celeron 850MHz Intel Celeron 3 0GHz 2 x Intel Xeon 3 0GHz Memory 512MB RAM 2GB RAM 4GB RAM 256MB compact flash 256MB compact flash 512MB compact flash HDD 80GB SATA 160GB SATA 2 x 160GB SATA RAID 0 1 Interfaces 2 x 10 100 MB auto sense 2 x 10 100 1000 auto sense 2 x 10 100 1000 auto sense Ethernet Ethernet Ethernet Dimensions 1U 17x 14 5 x 1 75 in 1U 16 8 x 14x 1 75 in 2U 16 7 x 25 6 x 3 5 in WxDxH 43 18 x 36 25 x 4 45 cm 42 67 x 35 56 x 4 45 cm 42 418 x 65 024 x 8 89 cm PCI Slots 2 1 not currently supported 3 not currently supported LCD front No Yes Yes panel Modem Built in Support Power Supply 150W single 115 230V 260W single 115 230V 2x 500W hot swap autoranging autoranging redundant 115 230V autoranging Operating 50 F to 112 F 50 F to 95 F 10 C to 35 C 50 F to 95 F 10 C to 35 C Temperature 10 C to 44 C Operating 20 to 90 relative 5 to 90 relative 5 to 90 relative Humidity non condensing non condensing non condensing Storage 32 F to 158 F 0 C to 70 C 40 F to 158 F 40 F to 158 F Temperature 40 C to 70 C 40 C to 70 C Storage 5 to 95 relative 5 to 95 relative 5 to 95 relative
312. u back up the configuration data and data buffers and restore them to a second AlterPath Manager unit This method enables you to keep the network identity of each AlterPath Manager unit but maintain the same configuration for both units The second unit serves as a spare system e Replacing the existing AlterPath Manager You back up ALL data to an external server The AlterPath Manager is then replaced with a new unit to which all data is restored The new unit will have the same configuration as the original unit Backup and Restore Commands From the CLI at the Linux shell prompt the command lines for backup and restore are as follows backup log sysI tem conf iguration all user host file restore log sys tem conf iguration all user host file If you do not specify a user then the system uses the current username If you do not specify a host then the system creates a backup on the local host or executes a restore from the local host The backup restore operations use secure copy scp The file is saved as a tar file tgz Note You must reboot after you execute either the restore sys command or the restore all command Managing Log Files Where Log Files are Archived Once log files are rotated the system stores them in var log consoles rotated Advanced Configuration 297 System Recovery Guidelines You can back up these files to another server usin
313. ure NNM device APM owner paulo customer _id gregg expiry date 2005 12 28 expiry time 00 00 info null VALID true Verifying your MAC Address Log on to the CLI on the serial console port as root or as admin and run the following Linux system command ifconfig 40 APM Installation Configuration and User s Guide Pre Configuration Requirements A display similar to the following will appear etho eth1 lo Link encap Ethernet HWaddr 00 90 FB 81 57 17 inet addr 192 168 48 162 Bcast 192 168 51 255 Mask 255 255 252 0 UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 9691587 errors 133 dropped 0 overruns 0 frame 133 TX packets 5726282 errors 0 dropped 0 overruns 0 carrier 0 collisions 1038728 txqueuelen 1000 RX bytes 685270715 653 5 Mb TX bytes 548308906 522 9 Mb Interrupt 10 Base address 0xc000 Memory e5020000 e5020038 Link encap Ethernet HWaddr 00 90 FB 01 8C D7 inet addr 10 10 10 2 Bcast 10 10 255 255 Mask 255 255 0 0 UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 632 errors 0 dropped 0 overruns 0 frame 0 TX packets 622 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 1000 RX bytes 38288 37 3 Kb TX bytes 42288 41 2 Kb Interrupt 11 Base address 0xc400 Memory e5021000 e 5021038 Link encap Local Loopback inet addr 127 0 0 1 Mask 255 0 0 0 UP LOOPBACK RUNNING MTU 16436 Metric 1 RX packets 113528 errors 0 dropped 0 overruns 0 frame 0 TX packets 113528 erro
314. urity is created by a Certification Authority CA Using a public algorithm such as RSA or X509 certificates are commonly obtained by generating public and private keys Before you obtain a new certificate you need to delete your default certificate v To Delete your Default Certificate 1 Verify your default certificate Enter the command keytool list The console will for the password 2 Type in the password changeit as shown root 2500 QA root keytool list Enter keystore password changeit The console will show a display similar to the following Keystore type jks Keystore provider SUN Your keystore contains 1 entry tomcat Nov 30 2005 keyEntry Certificate fingerprint MD5 B4 9A 56 ED 69 3C D5 0F 67 B0 D2 F7 87 F1 74 9C 3 Delete the default certificate Enter the command keytool delete alias tomcat The console will prompt you for the password After you enter the password the display will appear as follows root 2500 QA root keytool delete alias tomcat Enter keystore password changeit 302 APM Installation Configuration and User s Guide Restoring Your Configuration 4 Verify that the certificate was deleted Enter the command keytool list After you enter the password the console terminal will display root 2500 QA root keytool list Enter keystore password changeit Keystore type jks Keystore provider SUN Your keystore contains 0 entrie
315. users from a single location without having to work directly on a target device or server console Note Anyone who uses the APM application in Access mode is referred to as a user regardless of whether that user is a system administrator or not An administrator is anyone who has the exclusive authority to configure and administer the APM and its users Connectivity and Capacity The E2000 allows you to configure 2048 devices 4096 console ports and maintain 256 Data Logging Sessions DLS or simultaneous connections to consoles and devices You can perform firmware upgrades on 256 separate console management devices The E2000 supports up to 256 simultaneously connected users and it allows multi user access to each port Figure 1 1 APM E2000 Front View The port connections power connection and power switch of the E2000 are shown in Figure 1 2 Connectivity and Capacity Caution On the APM hardware Eth0 is labeled Eth1 and Eth1 is labeled as Eth2 USB port 1 Power switch AUX serial port Expansion slots Eth1 Etho Reset AC USB port 2 Console port connector Figure 1 2 APM E2000 Back View The AlterPath 2500 and 5000 each have a base DLS or simultaneous connection capacity of 64 This can be upgraded to up to 512 DLS connections for an AlterPath 2500 and up to 2048 DLS connections for an AlterPath 5000 The APM 2500 and the APM 5000 are also available with additional DLS connection capa
316. ust also configure its alarm trigger s As discussed in the Device Management section this feature is designed to monitor devices on a periodic basis as well as to create log files and to send an alarm notification to specified users Users must have a valid email address as configured in the User Detail form Users User List gt User Detail to receive alarm notifications Configuration Requirement Device Detail Form For Health Monitoring to work you must define the frequency of monitoring from the Health Monitor user entry field of the Device Detail form Devices Device List gt Device Detail as shown below 160 APM Installation Configuration and User s Guide Alarm Trigger LOGOUT KVM Viewer Dial Up Log Rotate Satum Wine KVM net16 Location Fremoni Admin Name admin i dmin Password IP Mode static M IP Address 192 168 48 161 etmask 255 255 252 0 Default Gateway 192 168 48 1 192 168 44 21 Connection ssh M cyclades com OnDemand Auto Upload o Firmware Boot V_2 0 0 1a A Nans Alternate Boot 2 0 7 Apr 21 04 Health Monitor daily w lt Back Reset Save Save amp List Cascade Save amp Create Consoles Save amp Auto Discover Figure 4 36 Health Monitor User Entry Field The available choices from the Health Monitoring drop down list are Table 4 19 Health Monitor Frequency Selections Selection Definition Never System will neve
317. vices therefore will not find any ports on a new ACS as shipped from the factory If this is the case and you are configuring an ACS using the Save amp Auto Discover button you will see the message No Console Found You will need to do one of the following Manually enable some console ports by directly logging on to the ACS you are configuring in order to allow the auto discover feature to discover those console ports Or Select the Save amp Create Consoles button on the APM device configuration wizard 6 Select the Next button The following adding console wizard form appears with the Access tab opened TE cece EG ee Select the users to be notified and who can use the consoles Figure 4 25 Adding Console Wizard 7 Select the appropriate user s from the Select user to console access box and click the Add button 144 APM Installation Configuration and User s Guide Devices The selected user name s will be moved into the Selected users box 8 Select the Notify tab and select the appropriate user s to be notified by email when alarm events occur Click the Add button 9 Select the Groups tab and select the appropriate group s to be associated with this console Click the Add button Multiple Auto Discover Multiple Auto Discover allows you to launch Auto Discover sessions on multiple devices with th
318. which file to be used as keytab by using the k option For example Advanced Configuration 291 Active Directory with LDAP ktadd k etc krb5 keytab host apm somedomain ktadd k etc krb5 keytab nestor ktadd k etc krb5 keytab guest If the desirable principal was not yet added to the Kerberos database they should be added with addprinc command before executing ktadd For example addprinc randkey host apm somedomain addprinc nestor addprinc guest Active Directory with LDAP 292 v To Configure Active Directory Note This procedure can either be invoked through the First Time Configuration Wizard or from the set auth command 1 Choose the active directory authentication method at the following prompt local radius tacacs ldap kerberos nis active directory local active directory Enter the Active Directory server lt authserver gt Enter the distinguished name of the search base ex dce cyclades dc com de lt first part domain name gt dc lt second part domain name gt Note The second part of the domain name is usually com net org etc 4 Enter the common name to bind to the server ex cn Administrator cn Users dc cyclades dc com lt user gt lt authserver gt 5 Enter the password to bind with APM Installation Configuration and User s Guide Open LDAP 6 Re enter the password If the procedure was invoked from
319. wing the wizard s prompts options and default values The wizard automatically configures the console s and applies them to the device If you use the wizard to define a new device which has no consoles defined then all the consoles listed will be checked and the console names generated automatically in the form lt device name gt _nnn where nnn port number APM Installation Configuration and User s Guide Devices If you use the wizard to edit a device which already has consoles defined then it will detect and list the consoles but keep them unchecked You can then decide which console should be checked and have the configuration overridden Summary of Console Wizard Forms The console wizard is composed of a series of configuration pages or forms Once the wizard is activated the forms will appear in the following order Table 4 13 Summary of Console Wizard Forms Wizard Form Function Warning Defaults Access Notify Groups Console Selection Edit Consoles Confirmation Upload Progress This page warns you about any data to be overwritten and the choices you have before proceeding with the wizard Sets the profile connection protocol and authentication type Select the users who can access the consoles Selects the users to who will be notified in the case of an event Select the groups to which the console s belong Lists all consoles that have not been configured for t
320. xample of an OnSite accessed by an APM 19 Private Network Diagram ccccesceeeceeeseeeteeeeteees 27 Single Network Diagram ss sessessseessesessseessesrrseessee 28 Options to Enable for ActiveX sssesseesseesseseseseesee 33 Tools Pull down menu with Options Selected 34 Netscape 8 Options Window cccsceseeseeeteeeeees 35 Site Controls Option Selection cccceeeeeeeeeee 36 Location of Shield Icon and URL Entry Field 37 Trust Settings Dialog BOX ceeeeecceesseesteeeteeeteeeeees 38 Feature Window ecantessnie lane ieee 39 APM Login Sreehari oio i A ERTS 45 Console Devices Menlirs c iscccustetcecewesers ties 46 Alarms Eist POT a sues sete sre nananana tais 49 Alarms Detail or Ticket Info Form ceeee 51 Logs Formisano a te uecteaeaee 52 Selecting a Device View or CLP cc cccccasesagsives 54 Access Device Detail Form ssssssesesssssessseeseesersseesse 54 Device CLI Viewer ssesseesessseesseseesseessesrrssressesrrssees 55 Consoles List Form enrisnnesse iinan iii ai 57 Consoles Detail Form sssssessesessssessessrsseessessresresseeseese 59 Consoles Notify FOrm s seesessseessessesseessessresresseesesse 61 Consoles Group FOrm ccccecssecsseceeeeeeeeeeseeseenees 62 Figure 3 13 Figure 3 14 Figure 3 15 Figure 3 16 Figure 3 17 Figure 3 18 Figure 3 19 Figure 3 20 Figure 3 21 Figure 3 22 Figure 3
321. y relate to failure and not be bombarded by a large amount of unnecessary messages User Notification For Health Monitor notification to work properly you must add users to the Notify Users list associated with the device Profiles The Profiles option allows you to configure the port profile for a target console Port profiles define a standard set of parameters that are common to many consoles such as port speed data bits and stop bits Configuration and Administration 163 Profiles There is a default profile and there are other profiles which the Device Discovery feature can generate You may want to define your own profile before adding consoles because it is more convenient but you may also edit individual consoles to use a different profile at a later time Table 4 21 Summary of Profiles Forms Action Form s Used Add a new profile Profile list form Add button gt Profile detail form Edit a profile Profile list form name link gt Profile detail form Delete a profile Profile list form Delete button The Profiles List form is shown below re Security Rules Info Reporting Description Status default port configuration Enable O 200 8 none 1 i autogenerated profile Enable Figure 4 38 Profiles List Form v To Add a New Profile To add a new profile perform the following steps 1 From the Profile List form select the Add button The Profile Detail f
322. y upgrade the AlterPath Manager firmware by downloading the upgraded software from the web to the AlterPath Manager 1 From the Cyclades website www cyclades com download and copy the firmware to the AlterPath Manager via Secure Copy SCP The firmware is composed of two files e AlterPath Manager _v140 tgz Configuration and Administration 201 Backing Up User Data e AlterPath Manager_v140 md5sum tgz Copy the two files to the AlterPath Manager tmp directory as follows scp E2000 v140 tgz root E2000 IP tmp Enter scp E2000 v140 md5sum tgz Enter 2 Login to the AlterPath Manager as root and then change the directory to tmp as follows ssh root E2000 IP cd tmp 3 Install the new software to compact flash as follows installimg all all tgz reboot Backing Up User Data Using the serial console interface you can back up and restore the configuration and data files of the AlterPath Manager to a local or a remote destination This feature allows you to backup and restore either independently or altogether the following data types Table 4 29 APM Data Types Data Type Definition System Configuration Data related to the AlterPath Manager host settings such as IP Address Authentication Type and Host Name Configuration Data Data related to the configuration of consoles users and so forth which are stored in the database Data Buffers The ASCII data collected from the consoles 202 APM Installation C
323. you are finished updating any of the configurations that use the preceding commands enter the command saveconf More detailed information on the preceding commands is available under Set Commands on page 264 v To Reset Configuration to Factory Settings If you wish you can reset the configuration to its factory default settings and start over To reset the configuration follow these steps 1 Log in to the management console as root 2 Type in defconf and press Enter 3 Type in reboot and press Enter 92 APM Installation Configuration and User s Guide First Time Configuration Wizard An Example follows APM gregg login root Password kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk WARNING changing system files directly is dangerous and may adversely affect your system s functionality Proceed with caution and only if you know what you are doing kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk root APM_gregg root defconf WARNING this will erase all of your current configuration and restore the system s factory default configuration This action is irreversible Are you sure you wish to continue y N y Restoring default configuration done The new configuration will take effect after the next boot root APM_gregg root reboot Refer to the sample First Time Configuration Wizard example in the following section to view
324. ystem displays the Security Rules General form Configuration and Administration 227 Security Rules LOGOUT TLT SecurityRules EOS Description DEFAULT RULE Allow Source Filtering Network Interface DayTime Authorized Actions ConnectToDeviceCL ConsoleReadWrite KVMReadWrite PowerControl ALL SOURCE ALLOWED ALL INTERFACE ALLOWED ALL DAY TIME ALLOWED Figure 4 75 Security Rules General Form 3 From the Security Rule General form enter the rule name required a brief description of the rule its status Enabled or Disabled and the rule to be applied to the entire rule Allow or Deny 4 Click on the Save button v To Configure Conditions for Accepting Source Pages 1 Click on the Source IP tab to configure the conditions for accepting source pages for the current rule The system displays the Security Rule Source IP form 228 APM Installation Configuration and User s Guide Security Rules LOGOUT Added Source Conditions Permission Allow iP Netmask Start IP ALL SOURCE ALLOWED End IP Figure 4 76 Security Rule Source Filtering Form 2 Complete or modify the form as needed Table 4 39 Security Rules Source IP Element Function Source Filtering tab Title of the current tabbed form Permission The default rule Allow or Deny that applies to the entire security rule The default permission is configured fr
325. ystem to perform actions by APM Installation Configuration and User s Guide typing commands in the shell which interprets the commands and performs the specified actions Web Manager Cyclades web management interface WMI which runs in supported browsers Advanced Configuration 331 332 APM Installation Configuration and User s Guide Index A Access Control Lists configuring consoles 187 configuring devices 188 consoles 78 devices 79 Access Logs 69 Access mode 43 101 ACS Modem Configuration 309 Activation DLS 315 Active Directory 292 ActiveX on Internet Explorer 32 ActiveX on Netscape 7 x 33 ActiveX on Netscape 8 x 34 Adding a New Profile 164 Adding firmware 199 Admin mode 86 98 99 101 Alarm list form 49 Responding to 48 Alarm Logs 48 Alarm Trigger List screen deleting an alarm trigger 160 Alarm trigger creating 158 Authentication setting 265 auto 142 Auto Discover 142 Auto Upload and Manual Upload 131 Auto Upload device configuration 131 B Backing Up User Data 202 Blade or switch viewing 58 C Centralized authentication 5 Centralized Data Logging 6 Change and Configuration Management 14 Circuit loading 29 CLI Commands 258 COM port connection 31 Command Line Interface CLI 15 Configuration wizard 88 Connectivity and Capacity 1 Console setting 267 Console access deleting a user 191 Console Definition screen selecting users to be notified 177 Console Li
326. z for help Enter Az to disconnect Re defining the Interrupt Key The key sequence Ctrl c in the file var apm bin apmrun sh has been changed to Cirl Shift hyphen that is _ to prevent the system from directing this command to any application running on the foreground rather than to the console server Unlike c the latter is not a valid key combination for most servers including Sun and should enable you to interrupt the console server as necessary If however you need to re define the command you may do so from the var apm bin apmrun sh file below the commented line shown Redefine CTRL C here Customize it as you wish stty intr _ v To Change the Number of Lines in the SSH Applet Note By default the number of lines used by the memory buffer when a user scrolls the window is set to 1000 lines Terminal buffer 1000 You may change this value to suit your needs Be aware however that specifying values greater than 1000 can degrade scroll performance 1 Edit the file opt tomcat apm applet conf APM Installation Configuration and User s Guide Working from a CLI 2 Locate the line and edit as follows Terminal buffer number of lines 3 Type in saveconf to save your configuration 4 Close and reopen the applet window to make the change effective v To Change the Session Timeout The default session timeout value is 60 minutes To change this value follow the steps below 1
Download Pdf Manuals
Related Search
Configuration configuration configuration manager configuration manager console configuration meaning configuration editor configuration management system configuration tool configuration synonym configuration management software configuration manager properties configuration management tools configuration manager remote control configuration item configuration manager tools configuration settings configuration manager trace log tool configuration wizard configuration management plan configuration office configuration manager windows 11 configuration editor equalizer configuration manager client configuration manager sql server configuration manager console windows 11 configuration management database