Raritan Computer DOMINION KSX II User's Manual
Contents
1. 96 File Server Setup File Server ISO Images Only sess 98 Connecting to Virtual Media eiie ctii Iob aed adda dae Ida cad qiie e DER Ua S Md dik ada FERES dees 100 Local Drives oce iiber bed Ei Ioan usb EE 100 Conditions when Read Write is Not Available 101 CD ROM DVD ROWM ISO Images sse aaa aidaa rai nnns 101 Disconnecting Virtual Media erii ida rete Marea ated ette Re RD R pad o EORR LEUR ed aeger ua 103 Chapter 6 USB Profiles 104 Guide 104 CIM GOm Pati itty e L 105 Ayailable USB Profiles 4 rete te onte etai n tpa ee a ER eo Dea De ds od ea uid 105 Selecting Profiles fora KYM POr essor Ee teased exu ci Roger E 111 Mouse Modes when Using the Mac OS X USB Profile with a DCIM VUSB 112 Chapter 7 User Management 113 MSGS TR 113 User Cio oM BC RR 114 Relationship Between Users and Groups ssssssssseseeeennenen 114 Adding a New User Group sssssssssssseeeeeeeeenneenen nennen there nnne nnne nennen 114 Modifying an Existing User Group nennen 119 Raritan Contents MIS OVS croi unn UIN NIU IA DINI IM GIC 120 User EISE ung ieu UD HN NEIN MEE IUNII III 120 Adding a NOW TVUSOr esencia Ede teca errare deese aa aen ana SUBE ta Peu me E Ease 121 Modifying an Existing USET Jue oet rh rte tutu ide ete mere con2. sse 283 Minimum System Requifements coiere insien 284 Environmental Regq iremlents sissa ortos eria eei bacc et etre areae Ea peu Br ren Ea iaa aaa iai 286 Emergency ConnectiVIby csi 1 5 9 99 22 20 Hanc ataa a E abo aka aaa adaa are MS iaaa SEU Re E Ene dient 286 Electrical Specifi catons ART 287 Remote CONNECTION essin iiaa iaaa akaa e aa arada adaa aada iaasa iddaa ikani aera 287 KVM Propero Suijs eanan iaa ana aaa aai aaa ad ara ok e DR SEU MEER Pe aiaa aaa 287 CABE a E a a aaa adaa aaa aana atda aTa ak 287 Target Server Connection Distance and Video Resolution 289 Distances for Serial Devices iie iei reete aed dd eia Pase dla eid ae ege po LED R Fade Le ER iiaei adera 289 Network Speed Settings erinteni raisin eei Ebo tected euge be apad ak e o aaa ERAI Pe aiaa aaa 290 MrehIeb i T EE 291 KSX lll Serial RJ 45 PINUS reiini aaaea aiaa aariaa a aaa iadaa aiaa eters 292 DB9F Nulling Serial Adapter Pinouts eeessesssesesssesesesseeeeene entretien 292 DB9M Nulling Serial Adapter Pinouts sssessseseeseeseseeeeeeeene entrent 293 DB25F Nulling Serial Adapter Pinouts esssssesssesseeeeee enne 293 DB25M Nulling Serial Adapter Pinouts esssseseseeeeeenee enne 294 Appendix B Updating the LDAP LDAPS Schema 295 Returning User Group Informatio irssi ekaia te rn tac nee ei etc t pha eeu 295
3. 30 o m f i Log Out Idle Users F e 191 Chapter 9 Security Management Strong Passwords Strong passwords provide more secure local authentication for the system Using strong passwords you can specify the format of valid KSX Il local passwords such as minimum and maximum length required characters and password history retention Strong passwords require user created passwords to have a minimum of 8 characters with at least one alphabetical character and one nonalphabetical character punctuation character or number In addition the first four characters of the password and the user name cannot match When selected strong password rules are enforced Users with passwords not meeting strong password criteria will automatically be required to change their password on their next login When deselected only the standard format validation is enforced When selected the following fields are enabled and required Field Minimum length of strong password Maximum length of strong password Enforce at least one lower case character Enforce at least one upper case character Enforce at least one numeric character Enforce at least one printable special character Number of restricted passwords based on history Description Passwords must be at least 8 characters long The default is 8 but it can be up to 63 The default is 8 minimum and 16 the is the default maximum When checked at l
4. eeeceeeesseseeneennnne een 323 DU SB XPIOIIOS E A E EE ue DICEN UII IDE II E E EET 324 PYG Networking eee PE 326 Remote ACCESS ee tre esi peste ees ecu Aaa a aa aa a ENE 327 Ethernet and IP Networking iiec dieee setae rna dazs 329 SONOS ntes ti riter tese Perse tese a scan p rst a fessa e LA aed 333 Blade SEVE NR PE 334 WASTER mesie whee ec tate Seca e A 336 Local PO NP REDE 338 POWER CONTO NNNM 340 felle CC X 341 SS CUIILY cere gaua a ea E E E E Aa anhepeantesees 342 Smart Cards and CAC Authentication ee 344 Managabihty e 345 Miscellateoll8 s necs A EE 346 What is KSX II The KSX II is a second generation digital KVM Keyboard Video Mouse switch that enables IT administrators to access and control 8 16 32 or 64 servers over the network with BIOS level functionality The KSX II is completely hardware and OS independent users can troubleshoot and reconfigure servers even when servers are down At the rack the KSX II provides the same functionality convenience space savings and cost savings as traditional analog KVM switches However the KSX II also integrates the industry s highest performing KVM over IP technology allowing multiple administrators to access server KVM consoles from any networked workstation The KSX Il is completely hardware and OS independent users can troubleshoot and reconfigure servers even when servers are down How does
5. However as a workaround a USB2 hub can be attached to the USB port on the back of the device and a dual VM CIM can be attached to the hub Help for Choosing USB Profiles When you are connected to a KVM target server in VKC you can view information about USB profiles via the Help on USB Profiles command on the USB Profile menu v HP Proliant DL360 DL380 G4 HP SmartStart CD Generic Troubleshooting 1 Troubleshooting 2 Troubleshooting 3 Add Other Profiles gt Help on USB Profiles 311 Appendix C Informational Notes USB profile help appears in the USB Profile Help window For detailed information about specific USB profiles see Available USB Profiles on page 105 Raritan provides a standard selection of USB configuration profiles for a wide range of operating system and BIOS level server implementations These are intended to provide an optimal match between remote USB device and target server configurations The Generic profile meets the needs of most commonly deployed target server configurations Additional profiles are made available to meet the specific needs of other commonly deployed server configurations for example Linux MAC OS X There are also a number of profiles designated by platform name and BIOS revision that have been tailored to enhance the virtual media function compatibility with the target server for example when operating at the BIOS level Add Other Profiles
6. 122 Chapter 7 User Management Modifying an Existing User Bom To modify an existing user Open the User List page by choosing User Management User List Locate the user from among those listed on the User List page Click the user name The User page opens On the User page change the appropriate fields See Adding a New User for information about how to get access the User page To delete a user click Delete You are prompted to confirm the deletion Click OK Logging a User Off Force Logoff If you are an administrator you are able to log off another locally authenticated user who is logged on to the KSX Il 1 To log off a user Open the User List page by choosing User Management User List or click the Connected User link in the left panel of the page Locate the user from among those listed on the User List page and select the checkbox next to their name Click the Force User Logoff button Click OK on the Logoff User dialog to forcefully log the user off The page at https 192 168 59 248 says 5 Do you really want to logoff the selected users Cancel A confirmation message is displayed to indicate that the user was logged off This message contains the date and time the log off occurred Click OK to close the message Raritan Chapter 7 User Management Authentication Settings Authentication is the process of verifying that a user is who he says he i
7. 6 Click OK Note Several administrative functions are available within MPC and from the KSX II Local Console These functions are available only to members of the default Admin group Note Both IPv4 and IPv6 addresses are supported Home gt User Management gt Group z Group Group Name NE Permissions Port Permissions ox Cancel 4 M a 2 alt ahit am ano a a f Setting Permissions for an Individual Group gt To set permissions for an individual user group 1 Locate the group from among the groups listed Individual groups can be identified by the in the Group Name 2 Click the Group Name The Group page opens 115 116 Chapter 7 User Management 3 Select the appropriate permissions 4 Click OK Permissions Note See Alternate RADIUS Authentication Settings for information on additional settings if you are using Alternate RADIUS Authentication Important Selecting the User Management checkbox allows the members of the group to change the permissions of all users Permission Device Access While Under CC SG Management Device Settings Diagnostics Maintenance Modem Access PC Share Security User including their own Carefully consider granting these permissions Description Allows users and user groups with this permission to directly access the KSX II using an IP address when Local Access is enabled for the device in CC SG The d
8. Chapter 5 Virtual Media Note You cannot access a remote ISO image via virtual media using an IPv6 address due to technical limitations of third party software used by the by the KX KSX or KX101 G2 device Note If you are connecting to a Windows 2003 server and attempt to load an ISO image from the server you may receive an error stating Virtual Media mounting on port failed Unable to connect to the file server or incorrect File Server username and password If this occurs disable Microsoft Network Server Digitally Sign Communications File Server Setup f IP Address Host Name Enter name of the host name or IP Address of shared drive containing iso image Image Path Enter path to iso image on shared drive Do not include host name or IP Address in the path 4 Selected Host Name IPAddress Image Path Save Cancel M TI m IJ LEM C ee wos acean uat MB dD Raritan ii Chapter 5 Virtual Media Connecting to Virtual Media 100 Local Drives This option mounts an entire drive which means the entire disk drive is mounted virtually onto the target server Use this option for hard drives and external drives only It does not include network drives CD ROM or DVD ROM drives This is the only option for which Read Write is available Note KVM target servers running certain versions of the Windows operat
9. File Download Security Warning b Click Save The Save As dialog appears c Navigate to the desired directory and click Save 4 Email this file as directed by Raritan Technical Support Z Raritan x Chapter 12 Sis Raritan Command Line Interface CLI In This Chapter OVEIMIOW ER 227 Accessing the KSX M Using GL 1e ect tesa icai tha cerent 228 SSH Connection to the KSX ll iarciet etie dk ctae rtt ntes 228 Telnet Connection to the KSX ll 229 Local Serial Port Connection to the KSX ll sss 229 LOOGING ON EE 230 Navigation of the CL aiii ecd aiaei niaan iaia 232 Initial Configuration Using CLl irwinii aiandist fett des 234 GEL PEONIDIS etia tuxtes du geen aa A A sagen au sseesbeneretsh edere E 235 GUI C oOmimabdls sod eettes actumee eee a edet eue coena une so ER edenda den 235 Target Connections and the CLI ssia anisini dessaan 236 Administering the KSX II Console Server Configuration Commands 237 GONPQUMINGINGTWOMK E 237 226 Chapter 12 Command Line Interface CLI Overview The KSX II Serial Console supports all serial devices such as e Servers including Windows Server 2003 when using the Emergency Management Console EMS Special Administration Console or SAC with BIOS redirection in the server BIOS e Routers e Layer 2 switches e Firewalls e Rack PDUs power strips e Other user equipment The KSX II allows an administrator or user to access
10. cer tern e tei eranc ec nel sea Dep EE Ra epe ADR ER RA n XR pe uu 220 Ping Host te 222 Trace Route to Host Page depen eri ree eri IG d DEN Rag uu Ru da tud exe ERU Ux Xue adu 223 Device DiAQnOSUCS e 224 Chapter 12 Command Line Interface CLI 226 VSI Me c I 227 Accessing the KSX II Using CLI essent nnne nennen 228 SSH Connection to the KSX ll nnns trennen 228 SSH Access from a Windows PO sssssssssssssssees eene nennen nennen 228 SSH Access from a UNIX Linux Workstation ssssssseeeeeneenes 228 Telnet Connection to the KSX ll cc oct erosa ene de Ex reg ek exea tex tuba RR DM cuo YR RES 229 leet 229 Accessing Telnet from a Windows PC ssssssssssseseseeeeee nennen 229 Local Serial Port Connection to the KSX ll enne nnne 229 etsi 230 Logging ao 230 MEE Ee gurges 232 Completion of Commands s c oar pepe eene eec np Ne ENEN EAEN XR uer Ru gU E 232 CLI Syntax Tips dnd ShorteUls iren nee rire exte erae eiue e a ER RUE exuere duc E 233 Common Commands for All Command Line Interface Levels ssssusss 233 Initial Configuration Using OLI ecc denn itn rre be ederet Pe peer sex ease YR BUR tu xp Rea ue 234 Se
11. e The Calibrate Color command calibrates the video to enhance the colors being displayed In addition you can manually adjust the settings using the Video Settings command gt To refresh the video settings do one of the following e Choose Video gt Refresh Screen or click the Refresh Screen button Ez in the toolbar Auto Sense Video Settings The Auto sense Video Settings command forces a re sensing of the video settings resolution refresh rate and redraws the video screen gt To automatically detect the video settings do the following e Choose Video gt Auto sense Video Settings or click the Auto Sense IE Video Settings button amp 4 in the toolbar A message stating that the auto adjustment is in progress appears zie Raritan i 64 Chapter 3 Working with Target Servers Calibrating Color Use the Calibrate Color command to optimize the color levels hue brightness saturation of the transmitted video images The color settings are on a target server basis Note The Calibrate Color command applies to the current connection only Note The KX Il 101 does support color calibration gt To calibrate the color do the following e Choose Video gt Calibrate Color or click the Calibrate Color button oe in the toolbar The target device screen updates its color calibration Adjusting Video Settings Use the Video Settings command to manually adjust the video settings gt To change the
12. 313 Changing the Default Password 28 Changing the Keyboard Layout Code Sun Targets 35 Changing the Maximum Refresh Rate 68 Checking Your Browser for AES Encryption e 195 197 Choosing USB Profiles 54 CIM Compatibility e 105 CIMs 313 Cisco ACS 5 x for RADIUS Authentication 131 CLI Commands 227 235 CLI Prompts 235 CLI Syntax Tips and Shortcuts 233 Client Dial Up Networking Configuration 259 Command Line Interface CLI 37 226 Common Commands for All Command Line Interface Levels 233 Completion of Commands 232 Computer Interface Modules CIMs 105 275 Conditions when Read Write is Not Available 100 101 Configuring Blade Chassis 161 Configuring Date Time Settings 148 Configuring Direct Port Access via Telnet IP Address or SSH 32 144 Configuring Event Management Destinations 152 Configuring Event Management Settings 150 152 Configuring IP Access Control 199 Configuring KSX II Local Port Settings 183 Configuring Modem Settings 147 Configuring Network 237 Configuring Ports 155 Configuring USB Profiles Port Page 111 170 181 Connect Commands 239 Connect Key Examples 184 248 Connecting to a KVM Target Server 51 54 Connecting to Virtual Media 100 Connection Information 57 Connection Properties 55 347 Index Connectivity 287 291 Create User Groups and Users 35 Creating a New Attribute 296 D D KVM
13. Dominion KSX II provides multiple choices for remote access These include Internet LAN WAN or dial up modem That means servers can be accessed both in and out of band so remote access to mission critical target servers is always available even if the network is down Which ports need to be open on the corporate firewall for a secure console session using Dominion KSX II Port 443 for https port 5000 Discover and Telnet port 23 this is optional and does not open by default optionally port 80 http for user sessions For units running software version 2 2 or higher port 51000 or other port between 1024 65536 On software releases PRIOR to firmware 2 2 2 0Bx or 2 1 x either port 23 or a user designated port between 2000 and 2400 When using SSH port 22 needs to be open How do get access to the operating system of the KSX II Dominion KSX II is a secure device Therefore NO access is possible to the operating system have a few serial devices located a distance away from my server closet and the Dominion KSX Il Can I connect these devices to my Raritan switch Yes See Distances for Serial Devices on page 289 for more information How do upgrade the software on my Dominion KSX II Use the Firmware Upgrade page to upgrade the firmware for your KSX II unit and all attached D2CIM VUSB This page is available in the KSX II Remote Console only Are updates to Dominion KSX II software free Yes Currently all so
14. Managed by CommandCenter Secure Gateway Stop CC SG Management is successful The device is no longer under CC SG Management mode ui Raritan Chapter 11 Sis Raritan Diagnostics The Diagnostics pages are used for troubleshooting and are intended primarily for the administrator of the KSX II device All of the Diagnostics pages except Device Diagnostics run standard networking commands and the information that is displayed is the output of those commands The Diagnostics menu options help you debug and configure the network settings The Device Diagnostics option is intended for use in conjunction with Raritan Technical Support In This Chapter Network Interface Page seen 220 Network Statistics Page sssssssssssseeeeeeeneen nnn 220 Ping Host Page ssssssssssesseseesse enne entente nnns nnns 222 Trace Route to Host Page ssssssssssssee enne 223 Device Diagnostics essssssssssssssseseseeeenee nennen 224 219 Chapter 11 Diagnostics Network Interface Page The KSX II provides information about the status of your network interface To view information about your network interface Choose Diagnostics Network Interface The Network Interface page opens The following information is displayed Network Interface Refresh Whether the Ethernet interface is up or down Whether the gateway is pingable or not The
15. Raritan In LUN Copyright O 2011 Raritan Inc DKSXII v2 3 5 0E E March 2011 255 62 4030 00 This document contains proprietary information that is protected by copyright All rights reserved No part of this document may be photocopied reproduced or translated into another language without express prior written consent of Raritan Inc Copyright 2011 Raritan Inc All third party software and hardware mentioned in this document are registered trademarks or trademarks of and are the property of their respective holders FCC Information This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a commercial installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications Operation of this equipment in a residential environment may cause harmful interference VCCI Information Japan CORES PRLBRESERRSAEMABRS VCCI DEK CX 24722AAIBSRISINAEIEC d CORE KER CHEATS CBR WMSe5SRCTCEPHVET o 38V XI BLIBKENSCEPHVET Raritan is not responsible for damage to this product resulting from accident disaster misuse abuse non Raritan modification of the product or other events outside of Raritan s reasonable contr
16. Raritan Appendix B Updating the LDAP LDAPS Schema IMPORTANT The procedures in this chapter should be attempted only by experienced users In This Chapter Returning User Group Information ssesesseseeeese 295 Setting the Registry to Permit Write Operations to the Schema 296 Creating a New Attribute iii insania 296 Adding Attributes to the Class 1 centia eite tita eter naiess 297 Updating the Schema Cache sssssssseeeeenee 299 Editing rciusergroup Attributes for User Members 299 Returning User Group Information zie Raritan Use the information in this section to return User Group information and assist with authorization once authentication is successful From LDAP LDAPS When an LDAP LDAPS authentication is successful the KSX II determines the permissions for a given user based on the permissions of the user s group Your remote LDAP server can provide these user group names by returning an attribute named as follows rciusergroup attribute type string This may require a schema extension on your LDAP LDAPS server Consult your authentication server administrator to enable this attribute In addition for Microsoft Active Directory the standard LDAP memberOf is used From Microsoft Active Directory Note This should be attempted only by an experienced Active Directory administrator Returning u
17. The Timeout is recorded in seconds and default timeout is 1 second but can be changed as required Raritan Sis Raritan Chapter 7 User Management The timeout is the length of time the KSX II waits for a response from the RADIUS server before sending another authentication request The default number of retries is 3 Retries This is the number of times the KSX II will send an authentication request to the RADIUS server Choose the Global Authentication Type from among the options in the drop down list PAP With PAP passwords are sent as plain text PAP is not interactive The user name and password are sent as one data package once a connection is established rather than the server sending a login prompt and waiting for a response 129 130 Chapter 7 User Management CHAP With CHAP authentication can be requested by the server at any time CHAP provides more security than PAP Home gt User Management gt Authentication Settings Authentication Settings Local Authentication LDAP RADIUS LDAP 7 RADIUS Primary RADIUS Server Shared Secret Authentication Port 1812 Accounting Port 1813 Timeout in seconds 1 Retries 3 Secondary RADIUS Server Shared Secret Authentication Port 1812 Accounting Port 1813 Timeout in seconds 1 Retries 3 Global Authenticatio
18. Udp 233 packets received mene ata into n a ew FETU LL LEN ahem Interfaces Produces a page similar to the one displayed here Kernel Interface table Iface MTU Met PRX OK PX ERR RX DRP PX OVR TX OK TX ERR TX DRP TX OVR Flg ethl 1500 0 13828 0 0 0 9680 0 O O BMNRU lo 16436 0 196 000196000 LRU ute s alie neh V eae Aeneae s AN enim nants a P dise EAR 5 Raritan Chapter 11 Diagnostics Route Produces a page similar to the one displayed here Home gt Diagnostics gt Network Statistics Network Statistics ions route hi Result Kernel IP routing table Destination Catevay Cenmask Flags MSS Window irtt Iface 192 168 59 0 255 255 255 0 U O O O ethl default 192 168 59 126 0 0 0 0 UG 0 O O ethl tmn tih atte LL adeft a Met mts natn tem a dite 3 Click Refresh The relevant information is displayed in the Result field Ping Host Page Ping is a network tool used to test whether a particular host or IP address is reachable across an IP network Using the Ping Host page you can determine if a target server or another KSX II is accessible gt To ping the host 1 Choose Diagnostics gt Ping Host The Ping Host page opens Home gt Diagnostics gt Ping Host Ping Host Hostname or IP Address fis2 168 59 97 Result 192 168 59 97 is alive ham Y s a antici eI Oo apto EPA MA a af Af hs ams UT Raritan 2 3 Chapter 11 Diagnostics Type either the h
19. When I select the Send Break option from the Emulator menu in Raritan Console on my KSX Il it does not send a break to my Sun server What could be wrong and how can address it If the SUN machine does not respond to the break signal verify that the line KEYBOARD_ABORT disable is commented out in the etc default kbd file on the Sun machine If this line is not commented Out it will disable a keyboard abort sequence comment out this line to enable the sequence How can I consolidate the sites where have a Dominion KSX Il installed Raritan s CommandCenter is designed specifically to provide centralized management It is the ideal solution if you are looking to consolidate management of devices such as Dominion KSX II and other Raritan network based products Is the Ethernet port on the KSX II device 10 100 1000 Mbps auto sensing The KSX II supports two 10 100 1000 speed Ethernet interfaces with configurable speed and duplex settings either auto detected or manually set Does Dominion KSX Il support RS422 and RS485 No Currently Dominion KSX II supports only asynchronous RS232 also commonly called serial even though serial is a broad term that covers more than RS232 RS 422 and RS485 are used in industrial automation and other markets Dominion KSX II is currently designed for connection to serially managed servers and other devices typically found in the data center and server rooms This includes serially con
20. f Password Enter the password used to access the blade chassis Required for auto discovery mode If you want the KSX II to auto discover the chassis blades select the Blade Auto Discovery checkbox and then click the Discover Blades on Chassis Now button Once the blades are discovered they will be displayed on the page Change the blade chassis name if needed If the chassis is already named that information automatically populates this field If it is not already named the KSX II assigns the chassis a name The default naming convention for the blade chassis by the KSX II is Blade Chassis Portit If operating in Manual mode indicate the blades that are installed in the blade chassis by checking the Installed checkbox next to each slot that has a blade installed Alternatively use the Select All checkbox If needed change the blade server names If operating in Auto discovery mode the Installed box will display the slots containing blades during discovery In the Blade Chassis Managed Links section of the page you are able to configure the connection to a blade chassis web browser interface if one is available Click the Blade Chassis Managed Links icon M Hindo Chassis Managed Linka to expand the section on the page The first URL link is intended for use to connect to the blade chassis Administration Module GUI Note Access to the URL links entered in this section of the page is governed by the blade chassis port p
21. 1 Upload the certificate to the KSX II by clicking the Upload button 25 S Raritan Security Banner zie Raritan Chapter 9 Security Management Note The CSR and the private key file are a matched set and should be treated accordingly If the signed certificate is not matched with the private key used to generate the original CSR the certificate will not be useful This applies to uploading and downloading the CSR and private key files Certificate Signing Request CSR Certificate Upload The following CSR is pending SSL Certificate File countryNeme US Bro StateOrProvinceName DC mae localityName Washington Upload organizationName ACME Corp Upload organizationalUnitName Marketing Dept commonName John Doe emailAddress johndceGacme com Download Delete After completing these three steps the KSX II has its own certificate that is used for identifying the card to its clients Important If you destroy the CSR on the KSX II there is no way to get it back In case you deleted it by mistake you have to repeat the three steps as described above To avoid this use the download function so you will have a copy of the CSR and its private key KSX II provides you with the ability to add a security banner to the KSX II login process This feature requires users to either accept or decline a security agreement before they can access the KSX II The information provided in a security banner will be displayed in
22. Add them before classpath DsocksProxyHost amp lt socks proxy ip addr amp gt DsocksProxyPort amp lt socks proxy port amp gt The parameters should look as follows Raritan Chapter 3 Working with Target Servers start javaw Xmn128M Xmx512M XX MaxHeapFreeRatio 70 XX MinHeapFreeRatio 50 Dsun java2d noddraw true DsocksProxyHost 192 168 99 99 DsocksProxyPort 1080 classpath sdeploy jar sFoxtrot jar jaws jar sMpc jar com raritan rrc ui RRCApplication 1 Virtual KVM Client VKC zie Raritan Please note this client is used by various Raritan products As such references to other products may appear in this section of help Overview Whenever you access a target server using the Remote Console a Virtual KVM Client VKC window opens There is one Virtual KVM Client for each target server connected These windows can be accessed via the Windows task bar Virtual KVM Client windows can be minimized maximized and moved around your computer desktop Note Refreshing your HTML browser closes the Virtual KVM Client connection so exercise caution Note If you are using Firefox 3 0 3 you may experience problems launching the application If this occurs clear the browser cache and launch the application again Connecting to a KVM Target Server gt Toconnect to a KVM target server 1 From the KSX II Remote Console click the Port Access tab to open it The Port Access page opens 2 Cl
23. In This Chapter WMG ACES E E E DI LL LDIS LOS DID IDIOT 36 Proxy Server Configuration for use with MPC VKC and AKC 50 Virtual KVM Glient MK eir otra red read EI aandaa 51 Active KVM Client AIKG 2 1 etre bert ertet ree nei Cla cerne n bcasta 80 Multi Platform Glient MBPQ iiie et tiat niaaa 82 Raritan Serial Console HSC iuis dicee ese tracta aa aaa 83 Interfaces There are several interfaces in the KSX II providing you with easy access any time anywhere The following table identifies these interfaces and their use of target server access and administration locally and remotely Local Remote User interface Access Admin Access Admin KSX II Local Console Y d KSX Il Remote Console v Virtual KVM Client VKC Active KVM Client AKC Multi Platform Client MPC Raritan Serial Console RSC Command Line Interface T d Y CLI NINE SSISSN SIS Raritan di Raritan Chapter 3 Working with Target Servers The following sections of the user guide contain information about using specific interfaces to connect to the KSX Il and manage targets e KSXII Local Console Interface KSX II Devices see KSX II Local Console KSX Il Devices on page 37 e KSX Il Remote Console Interface on page 38 e Virtual KVM Client VKC on page 51 e Active KVM Client AKC on page 80 e Multi Platform Client MPC on page 82 e Raritan Serial Console RSC on page 83 e Comman
24. None Use this option if you do not want an auto IP configuration and prefer to set the IP address yourself static IP This is the default and recommended option If None is selected for the IP auto configuration the following Network Basic Settings fields are enabled Global Unique IP Address Prefix Length and Gateway IP Address allowing you to manually set the IP configuration Router Discovery Use this option to automatically assign IPv6 addresses that have Global or Unique Local significance beyond that of the Link Local which only applies to a directly connected subnet Select Obtain DNS Server Address Automatically if DHCP is selected and Obtain DNS Server Address is enabled When Obtain DNS Server Address Automatically the DNS information provided by the DHCP server will be used If Use the Following DNS Server Addresses is selected regardless of whether DHCP is selected or not the addresses entered in this section will be used to connect to the DNS server Enter the following information if the Following DNS Server Addresses option is selected These addresses are the primary and secondary DNS addresses that will be used if the primary DNS server connection is lost due to an outage a b Primary DNS Server IP Address Secondary DNS Server IP Address 7 When finished click OK 138 Raritan Z Raritan Chapter 8 Device Management See LAN Interface Settings on page 139 for information in confi
25. b URL Enter the URL to the interface See Blade Chassis Sample URL Formats on page 180 for sample configurations for the Dell PowerEdge 1855 1955 c Username Enter the username used to access the interface d Password Enter the password used to access the interface Note Leave the username and password fields blank for DRAC ILO and RSA web applications or the connection will fail zie Raritan n 168 Chapter 8 Device Management 5 6 e The Username Field and Password Field which are both optional contain the labels that are expected to be associated with the username and password entries It is in these fields you should enter the field names for the username and password fields used on the login screen for the web application You can view the HTML source of the login screen to find the field names not the field labels See Tips for Adding a Web Browser Interface on page 172 for tips on adding a web browser interface USB profiles do not apply to Dell chassis Click OK to save the configuration IBM Blade Chassis Configuration See Supported Blade Chassis Models on page 175 Supported CIMs for Blade Chassis and Required and Recommended Blade Chassis Configurations on page 179 for important additional information when configuring the blade chassis 1 Connect the blade chassis to the KSX II See Step 3 Connect the Equipment for details Select Device Settings Port Configuration to open t
26. environmental conditions and user expectations The following table summarizes the maximum target server distance for various video resolutions and refresh rates Video resolution Refresh rate Maximum distance 1600x1200 60 50 ft 15 m 1280x1024 60 100 ft 30 m 1024x768 60 150 ft 45 m Note Due to the multiplicity of server manufacturers and types OS versions video drivers and so forth and the subjective nature of video quality Raritan cannot guarantee performance across all distances in all environments See the Supported Video Resolutions on page 280 for the video resolutions supported by the KSX Il Distances for Serial Devices zie Raritan Following are the standard distances for serial devices Baud rate feet 2400 400 ft 4800 200 ft 9600 100 ft 19200 50 ft 38400 25 ft 57600 16 ft 115200 8 ft 289 Appendix A Specifications Network Speed Settings KSX Il network speed setting Network switch port setting 290 Auto 1000 Full 100 Full 100 Half 10 Full 10 Half Auto 1000 Full 100 Full 100 Half 10 Full No No No Communica Communicat Communica tion ion tion No Communica tion No Communica tion No No No Communica Communica Communicat tion tion ion No No No Communica Communica Communicat tion tion ion Legend Does not function as expected Supported Functions not recommended NOT supported by Ethernet specific
27. 100 Mbps Half Yellow LED blinks 100 Mbps Full Yellow LED blinks 1000 Mbps Full gigabit Green LED blinks Half duplex provides for communication in both directions but only one direction at a time not simultaneously Full duplex allows communication in both directions simultaneously Note Occasionally there are problems running at 10 Mbps in either half or full duplex If you are experiencing problems try another speed and duplex setting See Network Speed Settings on page 290 for more information 3 Select the Enable Automatic Failover checkbox to allow the KSX II to automatically recover its network connection using a second network port if the active network port fails Note Because a failover port is not activated until after a failover has actually occurred Raritan recommends that you not monitor the port or monitor it only after a failover occurs When this option is enabled the following two fields are used Ping Interval seconds Ping interval determines how often the KSX II checks the status of the network path to the designated gateway The default ping interval is 30 seconds Timeout seconds Timeout determines how long a designated gateway remains unreachable via the network connection before a fail over occurs Note The ping interval and timeout can be configured to best meet the local network conditions The timeout should be set to allow for at least two or more ping requests t
28. 280 289 336 Target Server Requirements 284 Target Settings 160 TCP and UDP Ports Used 281 Telnet Connection to the KSX II 229 Terminology 9 Tips for Adding a Web Browser Interface 164 166 168 170 171 172 Tool Options 76 Toolbar 51 Trace Route to Host Page 223 Turning Outlets On Off and Cycling Power 87 U Universal Virtual Media 323 Updating the LDAP LDAPS Schema 295 Updating the Schema Cache 299 Upgrade History 215 Upgrading CIMs 105 212 Upgrading Firmware 212 USB Ports and Profiles 311 USB Profile Management 210 211 USB Profiles 54 104 181 324 User Authentication Process 134 User Blocking 189 193 User Group List 114 User Groups 113 User List 120 Z Raritan Index User Management 113 Users 120 Using Screenshot from Target 67 Using the KSX II Local Console 241 Using Virtual Media 96 Using Virtual Media via VKC and AKC in a Windows Environment 95 V Video Properties 63 View Options 79 Virtual KVM Client VKC 37 39 44 51 80 97 104 Virtual KVM Client Version Not Known from CC SG Proxy Mode 315 Virtual Media 5 73 90 314 Virtual Media Connection Failures Using High Speed for Virtual Media Connections 314 Virtual Media Not Refreshed After Files Added 314 VKC and MPC Smart Card Connections to Fedora Servers 310 VKC Virtual Media 73 VM CIMs and DL360 USB Ports 311 WwW Window
29. 39 Germany Monday Friday 8 30 a m 5 30 p m GMT 1 CET Phone 49 20 17 47 98 0 Email rg support raritan com gt Melbourne Australia Monday Friday 9 00 a m 6 p m local time Phone 61 3 9866 6887 gt Taiwan Monday Friday 9 a m 6 p m GMT 5 Standard 4 Daylight Phone 886 2 8919 1333 Email support apac raritan com
30. 5 Click OK to close the Power On confirmation dialog The outlet will be turned on and its state will be displayed as on Microsoft Internet Explorer gt To turn an outlet off 1 Click Off 2 Click OK on the Power Off dialog Microsoft Internet Explorer Port Outlet 9 wil be powered cff Do you want to continue Expo sj 3 Click OK on the Power Off confirmation dialog The outlet will be turned off and its state will be displayed as off Microsoft Internet Explorer gt To cycle the power of an outlet 1 Click the Cycle button The Power Cycle Port dialog opens The page at https 192 168 59 173 says X gt Power Cycle Port testport 5 Do you want to continue Cancel Raritan Raritan Chapter 4 Rack PDU Power Strip Outlet Control 2 Click OK The outlet will then cycle note that this may take a few seconds The page at https 192 168 59 173 says fx A Power Cycle was successfully performed on Port testport 5 3 Once the cycling is complete the dialog will open Click OK to close the dialog 89 Chapter 5 Sis Raritan Virtual Media In This Chapter OVEIWIOW seis 91 Prerequisites for Using Virtual Media 94 Using Virtual Media via VKC and AKC in a Windows Environment 95 Using Virtual Media iit tei c epi ertet died beca taux redd edad 96 File Server Setup File Server ISO Images O
31. AKC e Multiplatform Client MPC e Raritan Serial Console RSC See the KVM and Serial Client Guide for additional information on the client applications Also see the Working with Target Servers on page 36 section of this guide which contains information on using the clients with the KSX II Note MPC and VKC require the Java Runtime Environment JRE AKC is NET based Raritan Virtual Media Product Features Raritan Chapter 1 Introduction All KSX II models support virtual media The benefits of virtual media mounting of remote drives media on the target server to support software installation and diagnostics are now available in all of the KSX II models Virtual media sessions can be secured by using 128 bit and 256 bit AES or RC4 encryption Each KSX II comes equipped with virtual media to enable remote management tasks using the widest variety of CD DVD USB internal and remote drives and images Unlike other solutions the KSX II supports virtual media access of hard drives and remotely mounted images for added flexibility and productivity The new D2CIM VUSB and D2CIM DVUSB CIMs computer interface module support virtual media sessions to KVM target servers supporting the USB 2 0 interface This new CIM also supports Absolute Mouse Synchronization as well as remote firmware updates Note The black connector on the DVUSB CIM is used for keyboard and mouse The gray connector is used for
32. Address 4 The IP address for the KSX II User Name 1 The user name entered at the login screen Acct Session ID 44 Session ID for accounting x 5E Raritan Chapter 7 User Management Attribute Data Log out Accounting Request 4 Acct Status 40 Stop 2 Stops the accounting NAS Port Type 61 VIRTUAL 5 for network connections NAS Port 5 Always 0 NAS IP Address 4 The IP address for the KSX II User Name 1 The user name entered at the login screen Acct Session ID 44 Session ID for accounting Raritan Chapter 7 User Management User Authentication Process Remote authentication follows the process specified in the flowchart below User logs in s Remote C No lt Authentication gt s Enabled p Is Remote E Authentication Server gt gt ja No reachable No Yes zx Ts User authenticated p Is User authenticated in local database in remote database Yes Yes v User allowed No y User denied s 3is Raritan Chapter 7 User Management Changing a Password gt To change your password 1 Choose User Management gt Change Password The Change Password page opens Type your current password in the Old Password field Type a new password in the New Password field Retype the new password in the Confirm New Password field Passwords can be up to 64 characters in length and can consist o
33. Advanced Management Module Restrictions e Virtual CD ROM and disk drives cannot be used simultaneously BIOS Lenovo ThinkPad T61 and X61 boot from virtual media Use this profile to boot the T61 and X61 series laptops from virtual media Restrictions e USB bus speed limited to full speed 12 MBit s BIOS Mac Use this profile for Mac BIOS Restrictions e Absolute mouse synchronization not supported e Virtual CD ROM and disk drives cannot be used simultaneously The generic USB profile resembles the behavior of the original KX2 release Use this for Windows 2000 operating system Windows XP operating system Windows Vista operating system and later Restrictions e None HP Proliant DL360 DL380 G4 HP SmartStart CD Use this profile for the HP Proliant DL360 DL380 G4 series server when installing OS using HP SmartStart CD Restrictions e USB bus speed limited to full speed 12 MBit s e Absolute mouse synchronization not supported HP Proliant DL360 DL380 G4 Windows 2003 Server Installation Raritan USB profile Installation Linux MAC OS X 10 4 9 and later RUBY Industrial Mainboard AwardBIOS Supermicro Mainboard Phoenix AwardBIOS Z Raritan Chapter 6 USB Profiles Description Use this profile for the HP Proliant DL360 DL380 G4 series server when installing Windows 2003 Server without the help of HP SmartStart CD Restrictions e USB bus
34. Blade BladeChassisAdmin and BladeChassisURL 43 44 Chapter 3 Working with Target Servers Availability The Availability can be Idle Connected Busy or Unavailable Blade servers will have an availability of either shared or exclusive when a connection to that blade is in place Click View by Port View by Group or View by Search to switch between views Click the Port Name of the target server you want to access The Port Action Menu appears See Port Action Menu on page 44 for details on available menu options Choose the desired menu command from the Port Action Menu To change the display sort order Click the column heading by which you want to sort The list of KVM target servers is sorted by that column Port Action Menu When you click a Port Name in the Port Access list the Port Action menu appears Choose the desired menu option for that port to execute it Note that only currently available options depending on the port s status and availability will be listed in the Port Action menu Connect Creates a new connection to the target server For the KSX II Remote Console a new Virtual KVM Client see Virtual KVM Client VKC on page 51 page appears For the KSX II Local Console the display switches to the target server and switches away from the local user interface On the local port the KSX II Local Console interface must be visible in order to perform the switch Hot key switching is also avail
35. BladeCenter Model S T and HT are handled using the IBM Other selection Are the Paragon Blade CIMs used No the Paragon Il Blade CIM will not work with the KSX II Which CIM should use It depends on the type of KVM ports on the specific make and model of the blade server you are using The following CIMs are supported DCIM PS2 DCIM USBG2 D2CIM VUSB and D2CIM DVUSB What types of access and control are available The KSX II provides automated amp secure KVM access 1 at the rack 2 remotely over IP 3 via CommandCenter and 4 by modem Do I have to use hotkeys to switch between blades Some blade servers require you to use hotkeys to switch between blades With the KSX Il you don t have to use these hotkeys Just click on the name of the blade server and the KSX II will automatically switch to that blade without the explicit use of the hotkey Can access the blade server s management module Yes you can define the URL of the management module and access it from the KSX II or from CC SG If configured one click access is available How many blade servers can connect to a KSX II For performance and reliability reasons you can connect up to 8 blade chassis to a KX II regardless of model or up to 4 for a KSX II Raritan Appendix D FAQs For KX II s Raritan recommends connecting up to two times the number of remote connections supported by the device For example with a KX2 216 with two rem
36. CLI After reviewing the following Navigation of the CLI on page 232 section perform the Initial Configuration tasks Welcome 192 168 59 202 login admin Passwd Device Type Device Name YongKSX2 Dominion KSX2 Model DKSX2 188 SN AE17950009 IP Address 192 168 59 202 Idle Timeout Omin IP Address 192 168 59 202 Idle Timeout Omin Port Port Port POrt Port No Name Type Status Availability 1 Dominion KSX2 Portl Not Available down idle 2 Dominion KSX2 Port3 Not Available down idle 3 Dominion KSX2 Port4 Not Available down idle 4 Dominion KSX2 Port5 Not Available down idle 5 YongFedora7 VM up idle 6 Yong Laptop XP Not Available down idle 7 Dominion KSX2 Port8 Not Available down idle 8 Serial Port 1 Serial up idle 9 Serial Port 2 Serial up idle 10 Serial Port 3 Serial up idle 11 Serial Port 4 Serial up idle 12 Serial Port 5 Serial up idle 13 Serial Port 6 Serial up idle 14 Serial Port 7 Serial up idle 15 Serial Port 8 Serial up idle Current Time Tue Dec 04 13 22 17 2007 admin FW Version 1 0 0 5 6321 231 Chapter 12 Command Line Interface CLI Password login as Janet Authentication successful Serial WAC Welcome to the KSX II Model KSX2 UnitName KSX II EA00008 IP Address 192 168 51 194 UserIdletimeout 99min FirmwareVersion 3 0 0 5 1 Port Port No Name 1 Porti 3 Porta Ja
37. Card reader Combo USB reader for SIM sized cards Integrated Dell Latitude D620 PCMCIA PCMCIA Vendor SCM Microsystems Actividentity Activldentity Gemalto Dell Cherry GmbH Omnikey O2Micro Activldentity SCM Microsystems Model SCR331 Activldentity USB Reader v2 0 Activldentity USB Reader v3 0 GemPC USB SW USB Smart Card Reader Keyboard G83 6744 SmartBoard 6121 OZ776 Actividentity PCMCIA Reader SCR243 Verified Verified on local and remote Verified on local and remote Verified on local and remote Verified on local and remote Verified on local and remote Verified on local and remote Verified on local and remote Remote only Remote only Remote only Note SCM Microsystems SCR331 smart card readers must be using SCM Microsystems firmware v5 25 Unsupported Smart Card Readers 283 284 Appendix A Specifications This table contains a list of readers that Raritan has tested and found not to work with the Raritan device therefore they are unsupported If a smart card reader does not appear in the supported smart card readers table or in the unsupported smart card readers table Raritan cannot guarantee it will function with the device Type Vendor Model Notes USB Keyboard Card HP ED707A Nointerrupt endpoint reader Combo not compatible with Microsoft driver USB Keyboard Card SCM SCR338 Proprietary card reader Combo Microsystems re
38. Dell PowerEdge 1855 1955 Disable the iKVM GUI screensaver An authorize dialog will appear preventing iKVM from working correctly if this is not done Exit the iKVM GUI menu before attaching Dell s chassis to a Raritan CIM iKVM may not work correctly if this is not done Configure the iKVM GUI Main menu to select target blades by Slot not by Name iKVM may not work correctly if this is not done Do not designate any slots for scan operations in the iKVM GUI Setup Scan menu iKVM may not work correctly otherwise Do not designate any slots for broadcast keyboard mouse operations in the iKVM GUI Setup Broadcast menu iKVM may not work correctly otherwise Designate a single key sequence to invoke the iKVM GUI This key sequence must also be identified during KSX II port configuration Otherwise indiscriminate iKVM operation may occur as a result of client key entry Ensure that Front Panel USB Video Enabled is not selected during iKVM configuration via the Dell CMC GUI Otherwise connections made at the front of chassis will take precedence over the KSX II connection at the rear preventing proper iKVM operation A message will be displayed stating User has been disabled as front panel is currently active Ensure that Allow access to CMC CLI from iKVM is not selected during iKVM configuration via the Dell CMC GUI To avoid having the iKVM GUI display upon connecting to the blade chassis set the Screen Delay Time to 8
39. Download Server Certificate Validation on page 146 for configuration information on using AKC Note If you are using direct port access with AKC you must open a new browser window or browser tab for each target you want to access If you try to access another target by entering the DPA URL into the same browser window or browser tab you are currently accessing a target from you will not be able to connect and may receive an error Raritan Z Raritan Chapter 3 Working with Target Servers AKC Supported NET Framework Operating Systems and Browsers NET Framework AKC requires Windows NET version 3 5 and will work with both 3 5 and 4 0 installed Operating Systems AKC is compatible with the following platforms running NET Framework 3 5 e Windows XP operating system e Windows Vista operating system up to 64 bit e Windows 7 operating system up to 64 bit Note You must be using Windows 7 if WINDOWS PC FIPs is turned on and you are accessing a target using AKC and a smartcard Since NET is required to run AKC if you do not have NET installed or you have an unsupported version of NET installed you will receive a message instructing you to check the NET version Browser e Internet Explorer 6 or later If you attempt to open AKC from a browser other than IE 6 or later you will receive an error message instructing you to check your browser and to switch to Internet Explorer 81 Chapter 3 Working w
40. From EDAP EDAPS 352 erectis tere rores ores ets Cesta d Wiens Leste end Naida ta Seas Da ted ep Lr sed DE tees 295 From Microsoft Active DIreCtory i redii cerit ated La tad atanan Ens gab Lea s d Das ee agde 295 Raritan Contents Setting the Registry to Permit Write Operations to the Schema ssssssssss 296 Creating New igi 296 Adding Attributes to the ClaSS ect teet peret terret eene EM reser be e ape ea R23 SEE bea Pea ne E rea deck 297 Updating the Schema Gaclig u eosdebet dresden n i i gi 299 Editing rciusergroup Attributes for User Members sssessseeeeennnns 299 Appendix C Informational Notes 303 eu 303 DAN El cei EIE 303 AES 256 Prerequisites and Supported Configurations for Java sesssss 303 Java Runtime Environment JBE eiii ceo eee taeda aiiai ddd dA aidaa atadik 304 IPv6 Support NO GS 2 22i eni E Doct act Erde did der ated or ue bas aaa eR e DEED A Fa SR RAD LEUTE Hd ag pere 305 cy seri c H 306 Non US ies E asaan daaa daa aaa tied niaaa 306 Macintosh Key D0 ard EE 309 Dell Chassis Cable Lengths and Video Resolutions sse 309 brem 310 Resolving Fedora Gore FOCus 11 rioris tec iei cree ase aia d eee e Lo NDA aa aiaa Ea FUR Ra ataia 310 Mouse Pointer Synchronization Fedora 310 VKC and MP
41. G2 DCIM USB DCIM USB G2 ut DCIM PS2 DCIM USB DCIM USB G2 J DCIM PS2 Serial device support does not d require a CIM D2CIM VUSB ra Y Legend e VM Virtual Media D2CIM VUSB only e AM Absolute Mouse Synchronization D2CIM VUSB only e M Intelligent Mouse Mode e SM Standard Mouse Mode v Supported The DCIM USB G2 provides a small slide switch on the back of the CIM Move the switch to P for PC based USB KVM target servers move the switch to S for Sun USB KVM target servers A new switch position takes effect only after the CIM is power cycled To power cycle the CIM remove the USB connector from the target server and plug it back in a few seconds later Z Raritan Appendix A Specifications Supported Browsers KSX II supports the following browsers e Internet Explorer 6 7 and 8 e Firefox 1 5 2 0 and 3 0 up to build 3 0 10 e Safari Computer Interface Modules CIMs Part Line item UPC code Weight Product Shipping Shipping number description dimensions weight dimensions WxDxH WxDxH D2CIM VUS KSX II 78581333200 0 21bs 1 3 x 3 0 x 0 6 0 2 Ibs 7 2 x 9 x 0 6 B Computer 4 Interface Module USB port with virtual media DCIM SUN KSXII 78581333854 0 2lbs 1 3 x 3 0 x 0 6 0 2 Ibs 7 2 x 9 x 0 6 Computer 9 Interface Module Sun port HD15 video zie Raritan xd Appendix A Specifications Supported Paragon CIMS and Configurations The KSX II supports the P2CIM APS
42. Inthe Target Settings section select 720x400 Compensation if you are experiencing display issues when the target is using this resolution 2 Select Use international keyboard for scan code set 3 if connecting to the target with a DCIM PS2 and require the use of scan code set 3 with an international keyboard Raritan Z Raritan Chapter 8 Device Management Configuring Blade Chassis In addition to standard servers and rack PDUs power strips you can control blade chassis that are plugged into a Dominion device port Up to eight blade chassis can be managed at a given time As with standard servers blade chassis are autodetected once they are connected When a blade server chassis is detected a default name is assigned to it and it is displayed on the Port Access page along with standard target servers and rack PDUs see Port Access Page The blade chassis is displayed in an expandable hierarchical list on the Port Access page with the blade chassis at the root of the hierarchy and the individual blades labeled and displayed below the root Use the Expand Arrow icon next to the root chassis to display the individual blades Note To view the blade chassis in a hierarchal order blade chassis subtypes must be configured for the blade server chassis With the exception of HP blade chassis generic IBM and Dell blade chassis are configured on the Port page The port connected to the blade chassis must be configu
43. KVM ports not ports configured as blade chassis A port may only be a member of a single group Ports connected to integrated KVM modules in a blade chassis are configured as blade chassis subtypes These ports are eligible to be included in port groups When KSX II ports are connected to integrated KVM modules in a blade chassis and not to individual blades the ports are configured as blade chassis subtypes These ports are not eligible to be included in port groups and will not appear in the Select Port for Group Available list If a standard KVM port has been included in a port group and then is subsequently repurposed for use as a blade chassis subtype it must first be removed from the port group Port Groups are restored using the Backup and Restore option see Backup and Restore on page 208 Port Group Management 4 Port Group Name b HPServer1 F b tgroup Add Delete Select All Deselect All temet mw T1 BEN eye ae aute n Miah n Atem i at a r Nd SA AP ien ra A nin gt To add a port group 1 Click Device Settings Port Group Management to open the Port Group Management page 2 Click the Add button to open the Port Group page 173 zie Raritan 174 Chapter 8 Device Management Enter a Port Group Name The port group name is not case sensitive and can contain up to 32 characters Select the Blade Server Group checkbox If you want to designate that these ports
44. KVM Client VKC and Active KVM Client AKC See your Microsoft help for additional information on these features and how to use them Following is a list virtual media types users can access via VKC and AKC when running in a Windows environment The features are broken down by client and the virtual media features that are accessible to each Windows user role Windows XP If you are running VKC and AKC in a Windows XP environment users must have Administrator privileges to access any virtual media type other than CD ROM connections ISOs and ISO images Windows Vista and Windows 7 If you are running VKC and AKC in a Windows Vista or Windows 7 environment and UAC is enabled the following virtual media types can be accessed depending on the user s Windows role Client Administrator Standard User AKC and Access to Access to ee Fixed drives and fixed e Removable drives drive partitions e CD DVD drives e Removable drives e ISO images e CD DVD drives e SO images e Remote ISO images e Remote ISO images 95 Chapter 5 Virtual Media Using Virtual Media With the KSX II virtual media feature you can mount up to two drives of different types These drives are accessible for the duration of the KVM session For example you can mount a specific CD ROM use it and then disconnect it when you are done The CD ROM virtual media channel will remain open however so that you can virtually mount another CD ROM These vi
45. LAN port that is currently active To refresh this information Click the Refresh button Result Link state autonegotiation on 100 Mbps full duplex link ok eth0 BROADCAST MULTICAST UP LOWER UP mtu 1500 qdisc pfifo fast glen 1000 link ether 00 0d 5d ca b1 f8 brd ff ff ff ff ff ff inet 192 168 51 101 24 brd 192 168 51 255 scope global eth0 LAN 1 is active 4 e aem dom e am ant r Network Statistics Page 220 The KSX II provides statistics about your network interface gt 1 To view statistics about your network interface Choose Diagnostics gt Network Statistics The Network Statistics page opens Choose the appropriate option from the Options drop down list Raritan Chapter 11 Diagnostics Statistics Produces a page similar to the one displayed here Home gt Diagnostics gt Nebwo amp Statutior Network Statistics Ip 803 total packets received 0 forvarded 0 incoming packets discarded 8802 incoming packets delivered 8522 requests sent out Icmp 0 ICMP messages received O input ICMP message failed ICMP input histogram 0 ICMP messages sent 0 ICMP messages failed ICMP output histogram Tep 6 active connections openings 49 passive connection openings failed connection attempts 15 connection resets received 1 connections established 7942 segments received 304 segments send out 0 seguents retransmited 0 bad segments received O resets sent
46. Local Console 241 KSX II Devices 37 KSX II Local Console Factory Reset 255 KSX II Local Console Interface 242 KSX II Local Console Local Port Settings 248 251 252 KSX II Local Console Support Languages 281 KSX II Overview 2 KSX II Remote Console Interface 37 38 KSX II Serial RJ 45 Pinouts 292 KSX II to KSX II Guidelines 277 KSX II to Paragon II Guidelines 278 KVM Properties 287 L LAN Interface Settings 31 139 Launching MPC from a Web Browser 82 Launching the KSX Il Remote Console 38 Left Panel 41 Linux Settings Red Hat 4 17 Local Console Smart Card Access 75 243 Local Console USB Profile Options 244 Local Drives 100 Local Port 338 Local Port Administration 252 Local Port Requirements 284 Local Serial Port Connection to the KSX II 229 Logging a User Off Force Logoff e 122 Logging On 230 Logging Out 49 Login Limitations 189 190 Low Bandwidth KVM Settings 258 5 Raritan Index Macintosh Keyboard 309 Maintenance 205 Maintenance Features Local Remote Console 205 Make Linux Settings Permanent 18 Make UNIX Settings Permanent 19 Managability 345 Manage Favorites Page 47 Managing Favorites 42 46 Minimum System Requirements 243 284 Miscellaneous 346 Modem Configuration 8 257 Modifying an Existing User 122 Modifying an Existing User Group 119 Modifying and Removing Keyboard Macros 6
47. Maintenance gt USB Profile Management Logout Profile successfully uploaded USB Profile File Browse Selected Profile Dell Dimension 1 Custom Profile for Dell Dimensionin Profile Key Force full speed is ON Order HD interface first Mass Storage second CDROM and removable drive cannot be used simultaneously Deleting an active profile may be disruptive to sessions in progress Delete gt To upload a custom profile to your KSX II 1 Click the Browse button A Choose File dialog appears 2 Navigate to and select the appropriate custom profile file and click Open The file selected is listed in the USB Profile File field 3 Click Upload The custom profile will be uploaded and displayed in the Profile table is 5E Raritan Raritan Chapter 10 Maintenance Note If an error or warning is displayed during the upload process for example overwriting an existing custom profile you may continue with the upload by clicking Upload or cancel it by clicking on Cancel gt To delete a custom profile to your KSX II 1 Check the box corresponding to the row of the table containing the custom profile to be deleted 2 Click Delete The custom profile will be deleted and removed from the Profile table As noted you may delete a custom profile from the system while it is still designated as an active profile Doing so will terminate any virtual media sessions that were in place Handli
48. Management Module in the BladeCenter T chassis are separate components The front of the Management Module only features the LEDs for displaying status All Ethernet and KVM connections are fed through to the rear to the LAN and KVM modules The KVM module is a hot swap module at the rear of the chassis providing two PS 2 connectors for keyboard and mouse a systems status panel and a HD 15 video connector Source IBM BladeCenter Products and Technology IBM BladeCenter HT The BladeCenter HT chassis ships standard with one Advanced Management Module This module provides the ability to manage the chassis as well as providing the local KVM function Source IBM BladeCenter Products and Technology Recommended CIM s e DCIM USBG2 e D2CIM DVUSB e DCIM PS2 e DCIM USBG2 Note In order to support Auto discovery IBM BladeCenter Models H and E must use AMM with firmware version BPET36K or later Note In the case of IBM Blade Center Models E and H the KSX II only supports auto discovery for AMM 1 as the acting primary management module Raritan Z Raritan Chapter 8 Device Management Required and Recommended Blade Chassis Configurations This table contains information on limitations and constraints that apply to configuring blade chassis to work with the KSX II Raritan recommends that all of the information below is followed Blade chassis Required recommended action Dell PowerEdge M1000e
49. Managers the Syslog and the audit log These events are categorized and for each event you can determine whether you want the event sent to one or several destinations zie Raritan Chapter 8 Device Management Configuring Event Management Settings SNMP Configuration Simple Network Management Protocol SNMP is a protocol governing network management and the monitoring of network devices and their functions KSX II offers SNMP Agent support through Event Management gt To configure SNMP enable SNMP logging 1 Choose Device Settings Event Management Settings The Event Management Settings page opens SNMP Logging Enabled Name Shan KSX2 Contact Location Agent Community String Type Read Only w Destination IP Hostname Port Community 192 168 52 65 162 public 162 public 162 public 162 public 162 public Click here to view the Dominion KSX2 SNMP MIB SysLog Configuration y Enable Syslog Forwarding IP Address Host Name Baa a VL WINE VENE YS e TUE e a 192 168 52 65 OK Reset To Defaults ncel a eun s E 2 Choose the Enable SNMP Logging option This enables the remaining SNMP fields 3 In the Name Contact and Location fields type the SNMP agent s name that is the device s name as it appears in the KSX II Console interface a contact name related to this device and where the Dominion device is physically located
50. No to close the alert without overwriting the macro Export Keyboard Macros to x Save in Desktop Ma iE al cj H mnl My Documents CI Mv Computer C Mv Network Places c cvs Folders File name Files of type XML Files xml v Save Cancel Building a Keyboard Macro gt To build a macro 1 Click Keyboard gt Keyboard Macros The Keyboard Macros dialog appears Click Add The Add Keyboard Macro dialog appears Type a name for the macro in the Keyboard Macro Name field This name appears in the Keyboard menu after it is created 4 From the Hot Key Combination field select a keyboard combination from the drop down list This allows you to execute the macro with a predefined keystroke Optional 5 Inthe Keys to Press drop down list select each key you would like to use to emulate the keystrokes that is used to perform the command Select the keys in the order by which they are to be pressed After each selection select Add Key As each key is selected it appears in the Macro Sequence field and a Release Key command is automatically added after each selection 6 Touse the Send Text to Target function for the macro click the Construct Macro from Text button 7 Forexample create a macro to close a window by selecting Left Ctrl Esc This appears in the Macro Sequence box as follows Raritan Chapter 3 Working with Target Servers Press Left Ctrl Release Left C
51. Performance group to open the Performance Options dialog e Under Custom options deselect the following checkboxes Animation options Animate controls and elements inside windows Animate windows when minimizing and maximizing Fade options Fade or slide menus into view Fade or slide ToolTips into view Fade out menu items after clicking Click OK and Close the Control Panel To configure KVM target servers running Windows 7 operating system Configure the mouse settings a Choose Start Control Panel Hardware and Sound Mouse b Click the Pointer Options tab c Inthe Motion group 15 16 Chapter 2 Installation and Configuration 2 Disable animation and fade effects a Select Control Panel System and Security b Select System and then select Advanced system settings from the left navigation panel The System Properties dialog appears c Click the Advanced tab d Click the Settings button in the Performance group to open the Performance Options dialog e Under Custom options deselect the following checkboxes Animation options Animate controls and elements inside windows Animate windows when minimizing and maximizing Fade options Fade or slide menus into view Fade or slide ToolTips into view Fade out menu items after clicking 3 Click OK and Close the Control Panel Windows 2000 Settings gt To configure KVM target servers running Microsoft Windows 2000 operating syste
52. Port section select one or more USB profiles from the Available list 181 Chapter 8 Device Management Shift Click and drag to select several continuous profiles Ctrl Click to select several discontinuous profiles Select USB Profiles for Port USB Profiles Preferred Profile for Port Available Selected BIOS Dell PowerEdge 1750 Generic BIOS IBM Thinkcentre Lenovo 3 Linux Mac OS X 10 4 9 and later RUBY Industrial Mainboard amp wardBIO _ Supermicro Mainboard Phoenix Awar v Profile Description Select any profile above to show its description Mete a olde ma om a a a S Lh A6 a sen Ane a olin on LAN etme ta 2 Click Add The selected profiles appear in the Selected list These are the profiles that can be used for the KVM target server connected to the port gt To specify a preferred USB profile 1 After selecting the available profiles for a port choose one from the Preferred Profile for Port menu The default is Generic The selected profile will be used when connecting to the KVM target server You can change to any other USB profile as necessary gt To remove selected USB profiles 1 Inthe Select USB Profiles for Port section select one or more profiles from the Selected list Shift Click and drag to select several continuous profiles Ctrl Click to select several discontinuous profiles Ne Raritan Chapter 8 Device Management 2 Click R
53. Powerstrip Initially when you open the Powerstrip page the power strips that are currently connected to the KSX II are displayed in the Powerstrip drop down Additionally information relating to the currently selected power strip is displayed If no power strips are connected to the KSX II a message stating No powerstrips found will be displayed in the Powerstrip Device section of the page Operation completed successfully Powerstrip Device Powerstrip rk power W Refresh Chapter 4 Rack PDU Power Strip Outlet Control Name Model Temperature Current amp mps MaxAmps Voltage PowerlniWatt Powerin A rk power PCRS 29 C 0A 1 8v SW 0 VA Name Control Associations ae x WE rl Outlet 1 on On off cyce Dominion Port9 j Outlet 2 on on ofr cycie 4 Outlet 3 on On J off cycate Outlet 4 on on _off Cyce Outlet 5 on On off Cycle Dominion Port2 Outlet 6 on on ott _cyete Outlet 7 on On oft Cycle Outlet 8 on _on ofr cvete 1 mons Ms s des all em Sade ir oe M s Turning Outlets On Off and Cycling Power zie Raritan To turn an outlet on 1 Click the Power menu to access the Powerstrip page From the Powerstrip drop down select the PX rack PDU power strip you want to turn on Click Refresh to view the power controls Click On 87 88 Chapter 4 Rack PDU Power Strip Outlet Control
54. SC Daemon When the pcsc daemon resource manager in framework is restarted restart the browser and MPC too Environmental Requirements Operating Temperature 0 C 40 C 32 F 104 F Humidity 20 85 RH Altitude N A Vibration 5 55 5 HZ 0 38mm 1 minutes per cycle 30 minutes for each axis X Y Z Shock N A Non Operating Temperature 0 C 50 C 32 F 122 F Humidity 10 90 RH Altitude N A Vibration 5 55 5 HZ 0 38mm 1 minutes per cycle 30 minutes for each axis X Y Z Shock N A Emergency Connectivity Connection Description Optional modem For emergency remote access if the network connectivity has failed Target device Simplified RJ45 based CAT 5 cable scheme connectivity serial port adapters are available from Raritan Local access Local Access for crash cart applications ai Raritan Appendix A Specifications See Connectivity on page 291 for a list of necessary KSX Il hardware adapters and or cables for connecting the KSX II to common Vendor Model combinations Electrical Specifications Parameter Value Input Nominal Frequencies 50 60 Hz Nominal Voltage Range 100 240 VAC Maximum Current AC 0 6A max RMS AC Operating Range 100 to 240 VAC 10 47 to 63 Hz Remote Connection Remote Details connection Network 10BASE T 100BASE T and 1000BASE T Gigabit Ethernet Protocols TCP IP UDP SNTP HTTP HTTPS RADIUS LDAP LDAPS KVM Properties e Keyboard US
55. Startup Run Type Telnet in the Open text box Click OK The Telnet page opens YS ON gt N At the prompt enter the following command Microsoft Telnet gt open IP address gt where IP address is the KSX II IP address 5 Press the Enter key The following message appears Connecting To IP address The login as prompt appears Local Serial Port Connection to the KSX Il zie Raritan The local serial port of the KSX Il must be connected to the COM port of a computer system a terminal or some other serial capable device using a null modem cable with DB 9F null on both ends If your KSX II s terminal port uses an RJ45 jack a special cable CRLVR is used with an ASCSDB9F connector on the client machine The CRLVR may also be used if RJ45 RJ45 connection to local port is established that is if you connect the local port of a KSX II device as a serial target to another KSX II 229 Chapter 12 Command Line Interface CLI Logging On 230 Port Settings Ensure that the port settings serial communication parameters are configured as follows Data bits 8 Parity None Stop bits 1 Flow Control None Bits per second 9600 To log in enter the user name admin as shown Log in as admin The Password prompt appears Enter the default password raritan The welcome message displays You are now logged on as an administrator Raritan Sis Raritan Chapter 12 Command Line Interface
56. Target Server Ports 25 DB25F Nulling Serial Adapter Pinouts 293 DB25M Nulling Serial Adapter Pinouts 294 DB9F Nulling Serial Adapter Pinouts 292 DB9M Nulling Serial Adapter Pinouts 293 Default Login Information 12 Dell Blade Chassis Configuration 164 Dell Chassis Cable Lengths and Video Resolutions 164 309 Dell OptiPlex and Dimension Computers 314 Desktop Background 13 Device Diagnostics 224 Device Information 207 Device Management 136 Device Services 141 Diagnostics 219 Disconnecting KVM Target Servers 54 Disconnecting Virtual Media 97 103 Discovering Devices on the KSX II Subnet 48 Discovering Devices on the Local Subnet 47 Distances for Serial Devices 289 320 336 E E Rack PDU Power Strip 25 Editing rciusergroup Attributes for User Members 299 Electrical Specifications 287 Emergency Connectivity e 286 Enabling Direct Port Access via URL 32 80 143 144 Enabling FIPS 140 2 196 198 Enabling Serial Console Access 142 Enabling SSH 141 Enabling Telnet 141 229 Enabling the AKC Download Server Certificate Validation 80 146 Encryption amp Share 195 Entering the Discovery Port 142 Environmental Requirements 286 Ethernet and IP Networking 329 Event Management 149 External Product Overview 7 348 F F Serial Target Ports 27 FAQs 316 Favorites List Page 47 48 Fedora 310 File Server Setup File Serv
57. To view the Local CD DVD Drive or Local or Remote ISO Image in this folder select Tools Folder Options View and deselect Hide empty drives in the Computer folder Note You cannot access a remote ISO image via virtual media using an IPv6 address due to technical limitations of third party software used by the KSX II Z Raritan Chapter 5 Virtual Media Disconnecting Virtual Media Raritan gt To disconnect the virtual media drives e For local drives choose Virtual Media gt Disconnect Drive e For CD ROM DVD ROM and ISO images choose Virtual Media gt Disconnect CD ROM ISO Image Note In addition to disconnecting the virtual media using the Disconnect command simply closing the KVM connection closes the virtual media as well 103 Chapter 6 USB Profiles In This Chapter COVGIMI OW O 104 CIM Compatibility HP 105 Available USB Profiles iiri coti crea eoa tera rnt y e rad Y ped aar Io aoa na qa 105 Selecting Profiles for a KVM Port ssssssseeeennennne 111 Overview To broaden the KSX II s compatibility with different KVM target servers Raritan provides a standard selection of USB configuration profiles for a wide range of operating system and BIOS level server implementations The Generic default USB profile meets the needs of the vast majority of deployed KVM target server configurations Additional profiles are provided to meet the specific needs of oth
58. Type 1 e USB bus speed limited to full speed 12 MBit s e Virtual CD ROM and disk drives cannot be used simultaneously WARNING USB enumeration will trigger whenever virtual media is connected or disconnected Troubleshooting Profile 2 e Keyboard and Mouse Type 2 first e Mass Storage e USB bus speed limited to full speed 12 MBit s e Virtual CD ROM and disk drives cannot be used simultaneously WARNING USB enumeration will trigger whenever virtual media is connected or disconnected Troubleshooting Profile 3 e Mass Storage first e Keyboard and Mouse Type 2 e USB bus speed limited to full speed 12 MBit s Z Raritan Chapter 6 USB Profiles USB profile Description e Virtual CD ROM and disk drives cannot be used simultaneously WARNING USB enumeration will trigger whenever virtual media is connected or disconnected Use Full Speed for Virtual Use Full Speed for virtual media CIM Media CIM This profile resembles the behavior of the original KX2 release with Full Speed for virtual media CIM option checked Useful for BIOS that cannot handle High Speed USB devices Restrictions e USB bus speed limited to full speed 12 MBit s Selecting Profiles for a KVM Port The KSX II comes with a set of USB profiles that you can assign to a KVM port based on the characteristics of the KVM target server it connects to You assign USB profiles to a KVM port in the Device Settings gt Port Configurat
59. Working with Target Servers Help Options About Raritan Virtual KVM Client This menu command provides version information about the Virtual KVM Client in case you require assistance from Raritan Technical Support gt To obtain version information 1 Choose Help gt About Raritan Virtual KVM Client 2 Use the Copy to Clipboard button to copy the information contained in the dialog to a clipboard file so it can be accessed later when dealing with support if needed Active KVM Client AKC Please note this client is used by various Raritan products As such references to other products may appear in this section of help Overview AKC is based on Microsoft Windows NET technology and allows users to run the client in Windows environments without the use of the Java Runtime Environment JRE which is required to run Raritan s Virtual KVM and Multi Platform clients AKC also works with CC SG AKC and VKC share similar features with the exception of the following e Minimum system requirements e Supported operating systems and browsers e Keyboard macros created in AKC cannot be used in VKC See the Virtual KVM Client VKC on page 51 section for information on using the available features of the application If there is a difference between how AKC functions as compared to VKC it is noted in the topic Also see Enabling Direct Port Access see Enabling Direct Port Access via URL on page 143 and Enabling the AKC
60. You will be prompted to confirm the factory reset because all network settings will be permanently lost 2 Click OK button proceed Upon completion the KSX II device is automatically restarted 255 Chapter 13 KSX II Local Console Resetting the KSX II Using the Reset Button On the back panel of the device there is a Reset button It is recessed to prevent accidental resets you will need a pointed object to press this button The actions that are performed when the Reset button is pressed are defined in the graphical user interface See Encryption amp Share Note It is recommended that you save the audit log prior to performing a factory reset The audit log is deleted when a factory reset is performed and the reset event is not logged on the audit log For more information about saving the audit log see Audit Log on page 206 To reset the device Power off the KSX II Use a pointed object to press and hold the Reset button o m gt m While continuing to hold the Reset button power the KSX Il device back on 4 Continue holding the Reset button for 10 seconds Once the device has been reset two short beeps signal its completion di Raritan Chapter 14 Modem Configuration In This Chapter Certified Modems for UNIX Linux and MPC 257 Low Bandwidth KVM Settings siirsi ekaniis 258 Client Dial Up Networking Configuration sees 259 Windows 2000 Dial Up Networking Configu
61. ZIP files carefully before upgrading 3 Copy the firmware update file to a local PC before uploading Do not load the file from a network drive 4 Choose Maintenance Firmware Upgrade The Firmware Upgrade page opens Firmware Upgrade Show Latest Firmware Firmware File O Review CIM Version Information 5 Click the Browse button to navigate to the directory where you unzipped the upgrade file 6 Select the Review CIM Version Information checkbox if you would like information displayed about the versions of the CIMs in use 7 Click Upload from the Firmware Upgrade page Information about the upgrade and version numbers is displayed if you opted to review CIM information that information is displayed as well Note At this point connected users are logged off and new login attempts are blocked zie Raritan em Chapter 10 Maintenance 8 Click Upgrade and wait for the upgrade to complete Status information and progress bars are displayed during the upgrade Upon completion of the upgrade the device reboots 1 beep sounds to signal the reboot Firmware Upgrade in Progress CIMs on Device Shan KSX2 are being upgraded It may take up to 2 minutes to upgrade the selected CIMs Do not turn off the unit or remove CIMs until the upgrade is complete Progress 0 of 1 CIMs upgraded 9 As prompted close the browser and wait approximately 5 minutes before logging on to the KSX II aga
62. a Restricted Service Agreement dialog after users access KSX II using their login credentials The security banner heading and wording can be customized or the default text can be used Additionally the security banner can be configured to require that a user accepts the security agreement before they are able to access the KSX II or it can just be displayed following the login process If the accept or decline feature is enabled the user s selection is logged in the audit log To configure a security banner Click Security gt Banner to open the Banner page Select Display Restricted Service Banner to enable the feature ons M If you want to require users to acknowledge the banner prior to continuing the login process select Require Acceptance of Restricted Service Banner In order to acknowledge the banner users will select a checkbox If you do not enable this setting the security banner will only be displayed after the user logs in and will not require users acknowledge it 203 Chapter 9 Security Management 4 f needed change the banner title This information will be displayed to users as part of the banner Up to 64 characters can be used 5 Editthe information in the Restricted Services Banner Message text box Up to 6000 characters can be entered or uploaded from a text file To do this do one of the following a Editthe text by manually typing in the text box Click OK b Upload the information from txt fi
63. are attached to blades housed in a blade chassis for example HP c3000 or Dell PowerEdge 1855 select the Blade Server Group checkbox Note This is especially important to CC SG users who want HP blades to be organized on a chassis basis although each blade has its own connection to a port on the KSX II Click on a port in the Available box in the Select Ports for Group section Click Add to add the port to the group The port will be moved to the Selected box Click OK to add the port group Port Group Port Group Hame HPServer1 Blade Server Group Select Ports for Group Available Selected Dominion KX2 Porta Add gt lt Remove OK Cancel To edit port group information On the Port Group Management page click on the link of the port group you want to edit The Port Group page opens Edit the information as needed Click OK to save the changes Z Raritan Chapter 8 Device Management gt To delete a port group 1 Click on the Port Group Management page select the checkbox of the port group you want to delete Click the Delete button Click OK on the warning message Supported Blade Chassis Models This table contains the blade chassis models that are supported by the KSX II and the corresponding profiles that should be selected per chassis model when configuring them in the KSX II application A list of these models can be selected on the Po
64. are used as a network address Choose the Policy from the drop down list Click Append The rule is added to the bottom of the rules list gt To insert a rule 1 Type a rule A rule is required when using the Insert command 2 Typethe IP address and subnet mask in the IPv4 Mask or IPv6 Prefix Length field Choose the Policy from the drop down list Click Insert If the rule you just typed equals an existing rule the new rule is placed ahead of the exiting rule and all rules are moved down in the list Tip The rule numbers allow you to have more control over the order in which the rules are created gt To replace a rule 1 Specify the rule you want to replace 2 Type the IP address and subnet mask in the IPv4 Mask or IPv6 Prefix Length field Choose the Policy from the drop down list Click Replace Your new rule replaces the original rule with the same rule gt To delete a rule 1 Specify the rule you want to delete 2 Click Delete 2 Z Raritan Chapter 9 Security Management 3 You are prompted to confirm the deletion Click OK Home gt Security gt IP Access Control IP Access Control Enable IP Access Control Default policy ACCEPT Rule IPv4Mask or IPv6 Prefix Length Policy 1 192 168 59 192 32 ACCEPT 2 192 158 61 0 24 ACCEPT 3 255 255 0 04 6 ACCEPT Append Insert Replace Delete ACCEPT vi OK Reset To Defaults Cancel SSL Cer
65. be authenticated against the local user database or the remote authentication server LDAP LDAPS or RADIUS configured on the KSX Il They will not be authenticated against the CC SG user database For additional information about CC SG authentication see the CommandCenter Secure Gateway User Guide Administrator Guide or Deployment Guide which can be downloaded from the Support section of the Raritan website http www raritan com Supported Protocols To simplify management of usernames and passwords the KSX II provides the ability to forward authentication requests to an external authentication server Two external authentication protocols are supported LDAP LDAPS and RADIUS Note on Microsoft Active Directory Microsoft Active Directory uses the LDAP LDAPS protocol natively and can function as an LDAP LDAPS server and authentication source for the KSX Il If it has the IAS Internet Authorization Server component a Microsoft Active Directory server can also serve as a RADIUS authentication source Raritan Z Raritan Chapter 2 Installation and Configuration Create User Groups and Users As part of the initial configuration you must define user groups and users in order for users to access the KSX Il The KSX II uses system supplied default user groups and allows you to create groups and specify the appropriate permissions to suit your needs User names and passwords are required to gain access to the KSX I
66. be connected per target server to multiple power strips Does remote power control require any special server configuration Some servers ship with default BIOS settings such that the server does not automatically restart after losing and regaining power For these Servers see the server s documentation to change this setting What type of rack PDUs power strips does the KSX Il support To take advantage of the KSX II s integrated power control user interface and more importantly integrated security use Raritan s Remote Power Control RPC power strips or Dominion PX power strips A CAT5 cable is used to connect the PDU port on the KSX II to a PX or RPC unit The Dominion PX is an intelligent power distribution unit that allows you to reboot remote servers and other network devices and monitor power in the data center through Raritan s KVM switches and Secure Console Servers e S Raritan Scalability Raritan Appendix D FAQs How do I connect multiple KSX Il devices together into one solution Multiple KSX II devices do not need to be physically connected together Instead each KSX II device connects to the network They automatically work together as a single solution if deployed with Raritan s optional CommandCenter Secure Gateway CC SG management unit CC SG acts as a single access point for remote access and management CC SG offers a significant set of convenient tools such as consolidated configuratio
67. by the KSX II remotely CIMs Dongles that connect to each target server Available for all of the supported Operating Systems Refer to Supported CIMs for information about the CIMs supported by the KSX II Serial Adapter Adapters that connect serial cables Target Servers KVM Target Servers servers with video cards and user interfaces for example Windows Linux Solaris and so forth connected remotely via the KSX Il Refer to Supported Operating Systems and CIMs Target Servers for a list of the supported Operating Systems and CIMs Serial Targets Servers routers and switches that have a Raritan Diagram key Chapter 1 Introduction serial port connected remotely via KSX II Routers Package Contents Dominion PX Rack PDU Power Strip Raritan rack PDUs accessed remotely via the KSX II Each KSX II ships as a fully configured stand alone product in a standard 1U 19 rackmount chassis Each KSX II device ships with the following contents Amount included 1 zie Raritan Item Dominion KSX II device Dominion KSX II Quick Setup Guide Rackmount Kit AC Power Cord Cat5 Network Cable Cat5 Network Crossover Cable Set of 4 Rubber Feet for desktop use Application Note Warranty Card Phone Line Cable Loopback Adapter 11 Chapter2 Installation and Configuration In This Chapter M H 12 Detfault EoginInformiation i ui ke tine deinen Le
68. card reader by your Linux target you may need to update the CCID driver version to 1 3 8 or above and update the driver configuration file Info plist Operating system CCID requirements RHEL 5 ccid 1 3 8 1 el5 SuSE 11 pcsc ccid 1 3 8 3 12 Fedora Core 10 ccid 1 3 8 1 fc10 i386 Remote Client Requirements The basic requirements for interoperability at the remote client are e The IFD smart card reader Handler must be a PC SC compliant device driver e The ICC smart card Resource Manager must be available and be PC SC compliant e The JRE 1 6 x with smart card API must be available for use by the Raritan client application Linux Clients If you are using a Linux client the following requirements must be met to use smart card readers with the KSX II Note User login to client on smart card insertion may take longer when 1 or more KVM sessions are actively in place to targets As the login process to these targets is also under way e PC SC Requirements Operating system Required PC SC RHEL 5 pcsc lite 1 4 4 0 1 e15 SuSE 11 pcsc lite 1 4 102 1 24 285 Appendix A Specifications Fedora Core 10 pcsc lite 1 4 102 3 fc10 i386 e Create a Java Library Link A soft link must be created to the libpcsclite so after upgrading RHEL 4 RHEL 5 and FC 10 For example In s usr lib libpcsclite so 1 usr lib libpcsclite so assuming installing the package places the libraries in usr lib or user local lib e PC
69. checkbox next to the device name IP address 2 Click Add Tip Use the Select All and Deselect All buttons to quickly select all or deselect all devices in the remote console subnet gt To access a discovered device e Click the device name or IP address for that device A new browser opens to that device Note Both IPv4 and IPv6 addresses are supported Discovering Devices on the KSX II Subnet This option discovers devices on the device subnet which is the subnet of the KSX II device IP address itself You can access these devices directly from this the Subnet page or add them to your list of favorites See Favorites List Page on page 47 This feature allows multiple KSX II devices to interoperate and scale automatically The KSX II Remote Console automatically discovers the KSX II devices and any other Raritan device in the subnet of the KSX II gt To discover devices on the device subnet 1 Choose Manage gt Discover Devices KSX Il Subnet The Discover Devices KSX II Subnet page appears 2 Click Refresh The list of devices on the local subnet is refreshed gt To add devices to your Favorites List 1 Select the checkbox next to the device name IP address 2 Click Add Tip Use the Select All and Deselect All buttons to quickly select all or deselect all devices in the KSX II device subnet gt To access a discovered device e Click the device name or IP address for that device A new browser
70. client based systems e Windows 7 e Windows XP operating system e Windows Vista Windows 2000 Dial Up Networking Configuration 1 Choose Start Programs Accessories Communications Network and Dial Up Connections 259 zie Raritan Chapter 14 Modem Configuration 2 Double click the Make New Connection icon when the Network and Dial Up Connections window appears Network and Dial up Connections ryttwock conmections for this computer and weed to help you create 4 new correction To create a new connection chek Make New Connection To open a connection click its icon Select an Rem to view itt description 3 Click Next and follow the steps in the Network Connection Wizard dialog to create custom dial up network profiles E Raritan Chapter 14 Modem Configuration 4 Click the Dial up to private network radio button and click Next Network Connection Type You can choose the type of network connection you want to create based on your network configuration and your networking needs Dial up to private network Connect using my phone line modem or ISDN C Dial up to the Internet Connect to the Intemet using my phone Ine modem or ISDN C Connect to a private network through the Internet Fiet p A Naa AUR NUM Sermon orghrii pO fue Helme C Accept incoming connections Let other computers connect to mine by phone Ine the Intemet or direct cable C Connect directly to anot
71. configurations Keyboard Mouse CD ROM and Removable Drive but will not be able to make use of profiles optimized for particular target configurations Given this existing VM CIMs should be upgraded with latest firmware in order to access USB profiles Until existing VM CIMs are upgraded they will be able to provide functionality equivalent to the Generic profile VM CIM firmware is automatically upgraded during a KSX II firmware upgrade but VM CIMs that have not had their firmware upgraded can be upgraded as described in Upgrading CIMs on page 212 See Computer Interface Modules CIM Specifications see Computer Interface Modules CIMs on page 275 for additional information Available USB Profiles Raritan The current release of the KSX II comes with the selection of USB profiles described in the following table New profiles are included with each firmware upgrade provided by Raritan As new profiles are added they will be documented in the help USB profile Description BIOS Dell PowerEdge Dell PowerEdge 1950 2950 2970 6950 R200 1950 2950 2970 6950 R200 BIOS Use either this profile or Generic profile for Dell PowerEdge 1950 2950 2970 6950 R200 BIOS Restrictions e None BIOS Dell OptiPlex Dell OptiPlex BIOS Access Keyboard Keyboard Only Only Use this profile to have keyboard functionality for the Dell OptiPlex BIOS when using D2CIM VUSB When using the new D2CIM DVUSB use Generic profil
72. corresponding authentication credentials must be previously created on the blade chassis a Switch Hot Key Sequence Select the hot key sequence that will be used to switch from KVM to the blade server The Switch Hot Key Sequence must match the sequence used by the KVM module in the blade chassis b Maximum Number of Slots The default maximum number of slots available on the blade chassis is automatically entered c Administrative Module Primary IP Address Host Name Enter the primary IP address for the blade chassis Required for auto discovery mode d Port Number The default port number for the blade chassis is 22 Change the port number if applicable Required for auto discovery mode e Username Enter the username used to access the blade chassis Required for auto discovery mode f Password Enter the password used to access the blade chassis Required for auto discovery mode If you want the KSX II to auto discover the chassis blades select the Blade Auto Discovery checkbox and then click the Discover Blades on Chassis Now button Once the blades are discovered they will be displayed on the page Change the blade chassis name if needed If the chassis is already named that information automatically populates this field If it is not already named the KSX II assigns the chassis a name The default naming convention for the blade chassis by the KSX II is Blade Chassis Porti If operating in Manual mode indic
73. displayed below the root Use the Expand Arrow icon next to the root chassis to display the individual blades Note To view the blade chassis in a hierarchal order blade chassis subtypes must be configured for the blade server chassis By default the View by Port tab will be displayed on the Port Access page The View by Group tab displays port groups and can be expandable to display ports that are assigned to the port group gt To use the Port Access page 1 Login to the Local Console The KVM target servers are initially sorted by Port Number You can change the display to sort on any of the columns Port Number Numbered from 1 to the total number of ports available for the KSX II device Port Name The name of the KSX II port Initially this is set to Dominion KX2 Port but you can change the name to something more descriptive When you click a Port Name link the Port Action Menu appears Note Do not use apostrophes for the Port CIM Name Status The status for standard servers is either up or down Type The type of server or CIM For blade chassis the type can be Blade Chassis Blade BladeChassisAdmin and BladeChassisURL Availability The Availability can be Idle Connected Busy or Unavailable Blade servers will have an availability of either shared or exclusive when a connection to that blade is in place 2 Click View by Port or View by Group to switch between views Raritan C
74. enter the field names for the username and password fields used on the login screen for the web application You can view the HTML source of the login screen to find the field names not the field labels See Tips for Adding a Web Browser Interface on page 172 for tips on adding a web browser interface USB profiles are not used by IBM Other configurations In the Target Settings section select 720x400 Compensation if you are experiencing display issues when the target is using this resolution Select Use international keyboard for scan code set 3 if connecting to the target with a DCIM PS2 and require the use of scan code set 3 with an international keyboard Click OK to save the configuration 171 Chapter 8 Device Management Tips for Adding a Web Browser Interface You can add a Web Browser Interface to create a connection to a device with an embedded web server A Web Browser interface can also be used to connect to any web application such as the web application associated with an RSA DRAC or ILO Processor card You must have DNS configured or URLs will not resolve You do not need to have DNS configured for IP addresses gt To add a web browser interface 1 The default name for a Web Browser Interface is provided If needed change the name in the Name field m Enter the URL or domain name for the web application in the URL field You must enter the URL at which the web application expects to read the us
75. function is only available on the KSX II 2 3 0 or later and the KX II 2 1 10 or later Sends a Ctrl Alt Del hot key combination to the target server Starts Single Cursor mode in which the local mouse pointer no longer appears onscreen Press Ctrl Alt O to exit this mode Note Not available in KX II 101 V2 Maximizes the screen real estate to view the target server desktop Increases or reduces the target video size so you can view the entire contents of the target server window without using the scroll bar Raritan Z Raritan Chapter 3 Working with Target Servers Switching Between KVM Target Servers With the KSX II you can access several KVM target servers The KSX II provides the ability to switch from one target server to another Note This feature is available in the KSX II Remote Console only gt 1 To switch between KVM target servers While already using a target server access the KSX II Port Access page Click the port name of the target you want to access The Port Action menu appears Choose Switch From in the Port Action menu The Virtual KVM Client window switches to the new target server you selected Power Controlling a Target Server Note These features are available only when you have made power associations To power cycle a KVM target server From the KSX II Remote Console click the Port Access tab The Port Access page opens Click the Port Name of the approp
76. is also supported from the Local Console See Local Console Smart Card Access on page 243 Card Reader Currently Mounted Connecting a Card Reader limits Virtual Media to one Mass Storage De Also if you intend on mounting Virtual Media a ae riesce Canning c RE Mount i Refresh List Remove Reinsert Card Un Mount 5 Raritan s 76 Chapter 3 Working with Target Servers Tool Options From the Tools menu you can specify certain options for use with the Virtual KVM Client including logging setting the keyboard type and defining hot keys for exiting Full Screen mode and Single Cursor mode Note The KX II 101 and KX II 101 V2 do not support single cursor mode gt To set the tools options 1 Choose Tools Options The Options dialog appears 2 Select the Enable Logging checkbox only if directed to by Technical Support This option creates a log file in your home directory 3 Choose the Keyboard Type from the drop down list if necessary The options include US International French France German Germany Japanese United Kingdom Korean Korea French Belgium Norwegian Norway Portuguese Portugal Danish Denmark Swedish Sweden German Switzerland Hungarian Hungary Spanish Spain Italian Italy Slovenian Translation French US Translation French US International Note In AKC the keyboard type defaults to the local client so this option does not a
77. ka bag 290 CONNECUVIY MM PIDE 291 KSX II Serial RJ 45 Pinouts ssssssssseeeeeeenn 292 Physical Specifications Part Line item UPC code Power Weight Product Shipping Shipping number description dimensions weight dimensions WxDxH WxDxH KSX2144 4KVMand4 78581365005 100 240 V 8 65lbs 1 75 x17 3 x 14 85lbs 22 x 16 6 x Serial Port KSX 4 50 60 Hz 11 4 6 5 Il with multiple 0 6A user network 27 Watts 3 9kg 44mm x 6 7 kg 559mm x access and 439mm x 422mm x local port 290mm 165mm virtual media 8KVMand8 78581365004 100 240 V 8 65lbs 1 75 x17 3 x 14 85lbs 22 x16 6 x Serial Port KSX 7 50 60 Hz 11 4 6 5 KSX2188 Il with multiple 0 6A user network 27 Watts 3 9kg 44mm x 6 7 kg 559mm x access and 439mm x 422mm x local port 290mm 165mm virtual media 270 zie Raritan Supported Operating Systems Clients Raritan Appendix A Specifications The following operating systems are supported on the Virtual KVM Client and Multi Platform Client MPC Client operating system Windows 7 Windows XP Windows 2008 Windows Vista Windows 2000 SP4 Server Windows 2003 Server Windows 2008 Server Red Hat Desktop 5 0 Red Hat Desktop 4 0 Open SUSE 10 11 Fedora 8 11 Mac OS Solaris Virtual media VM support on client Yes Yes Yes Yes Yes Yes Yes Yes Locally held ISO image Remote File Server mounting directly from KSX Il Yes Locally held ISO image Remote Fil
78. local authentication and authorization DHCP or fixed IP addressing Smart card CAC authentication SNMP and Syslog management IPv4 and IPv6 support Power control associated directly with servers to prevent mistakes Integration with Raritan s CommandCenter Secure Gateway CC SG management unit CC Unmanage feature to remove the device from CC SG control Raritan Chapter 1 Introduction External Product Overview The following diagram indicates the external components of the KSX II Note that the KSX II 144 will have 4 KVM ports and 4 serial ports as compared to the KSX II 188 used in the diagram which has 8 KVM ports and 8 serial ports Item Description USB port Remote indicator light LAN1 and LAN indicator lights Power indicator light Sis Raritan Chapter 1 Introduction g o O O O0 O O O O ee O Description AC power cord plug See Power Control on page 158 for additional information Power on off switch LAN 3 port Note The LAN 3 port is reserved for future use LAN1 and LAN 2 ports See Step 3 Connect the Equipment for additional information Admin port See Step 3 Connect the Equipment for additional information External modem port See Modem Configuration on page 257 for additional information Reset button See Resetting the KSX Il Using the Reset Button on page 256 for additional information Local port See Step 3 Connect the Equipment for addi
79. not click Open In IE 6 and higher IE is used as the default application to open files so you are prompted to open the file versus save the file To avoid this you must change the default application that is used to open files to WordPad 2 Todothis a Save the backup file The backup file is saved locally on your client machine with the name and location specified b Once saved locate the file and right click on it Select properties c Ingeneral tab click Change and select WordPad gt To restore your KSX Il WARNING Exercise caution when restoring your KSX II to an earlier version Usernames and password in place at the time of the backup will be restored If you do not remember the old administrative usernames and passwords you will be locked out of the KSX II In addition if you used a different IP address at the time of the backup that IP address will be restored as well If the configuration uses DHCP you may want to perform this operation only when you have access to the local port to check the IP address after the update 1 Choose the type of restore you want to run e Full Restore A complete restore of the entire system Generally used for traditional backup and restore purposes e Protected Restore Everything is restored except device specific information such as IP address name and so forth With this option you can setup one KSX II and copy the configuration to multiple KSX II devices e C
80. o o en o RA e EN 247 zie Raritan Chapter 13 KSX II Local Console The KVM and serial target servers are initially sorted by Port Number you can change the display to sort on any of the columns e Port Number Numbered from 1 to the total number of ports available for the KSX II e Port Name The name of the KSX II port Initially this is set to Dominion KSX II Port but you can change the name to something more descriptive When you click the Port Name link an Action Menu is opened e Port Type Serial KVM Power Strip or Not Available Note Do not use apostrophes for the Port CIM Name e Status The Status is either up or down gt To change the sort order lick the column heading you want to sort by The list of KVM target servers is sorted by that column Hot Keys and Connect Keys 248 Because the KSX II Local Console interface is completely replaced by the interface for the target server you are accessing a hot key is used to disconnect from a target and return to the local port GUI A connect key is used to connect to a target or switch between targets The Local Port hot key allows you to rapidly access the KSX II Local Console user interface when a target server is currently being viewed The default is to press the Scroll Lock key twice in rapid succession but you can designate another key combination available in the Local Port Settings page as the hot key See KSX
81. opens to that device Note Both IPv4 and IPv6 addresses are supported Raritan Raritan Chapter 3 Working with Target Servers Adding Deleting and Editing Favorites gt To add a device to your favorites list Choose Manage Add New Device to Favorites The Add New Favorite page appears Type a meaningful description Type the IP Address Host Name for the device Change the discovery Port if necessary Select the Product Type a2apr on Click OK The device is added to your list of favorites To edit a favorite From the Favorites List page select the checkbox next to the appropriate KSX II device Click the Edit button The Edit page appears Update the fields as necessary Description P Address Host Name Type the IP address of the KSX II device Port if necessary Product Type 4 Click OK gt To delete a favorite Important Exercise caution in the removal of favorites You are not prompted to confirm their deletion 1 Select the checkbox next to the appropriate KSX II device 2 Click the Delete button The favorite is removed from your list of favorites Note Both IPv4 and IPv6 addresses are supported Logging Out gt To quit the KSX Il Remote Console e Click Logout in the upper right hand corner of the page Note Logging out also closes any open Virtual KVM Client and serial client sessions 49 50 Chapter 3 Working with Target Servers Proxy S
82. ordo hor RR sod 215 FAS DOOUNNG RR TTL 215 CGI AAS seme ero A ageeeesvenersteh cedent uda fed 216 Maintenance Features Local Remote Console Use To Local Remote Audit Log View Dominion KSX II v4 Ta events sorted by date and time Device Information View information about VA d the Dominion KSX II and its CIMs Backup Restore Backup and restore the d KSX II configuration USB Profile Upload custom profiles d Management provided by Raritan tech support CIM Firmware Upgrade your CIMs using Fa Upgrade the firmware versions stored in the Dominion KSX Il memory Firmware Upgrade Upgrade your Dominion V4 KSX II firmware Factory Reset Perform a factory reset d Upgrade History View information about VA d the latest upgrade performed Reboot Reboot the KSX II d d zie Raritan 205 206 Chapter 10 Maintenance Audit Log A log is created of the KSX II system events 1 To view the audit log for your KSX Il Choose Maintenance Audit Log The Audit Log page opens The Audit Log page displays events by date and time most recent events listed first The Audit Log provides the following information Date The date and time that the event occurred based on a 24 hour clock Event The event name as listed in the Event Management page Description Detailed description of the event To save the audit log Note Saving the audit log is available only on the KSX Il Remote Conso
83. pointer no longer appears onscreen While in single mouse mode the Synchronize Mouse command is not available there is no need to synchronize a single mouse cursor Note VKC for the KX II 101 uses an icon set that differs from the icon set used in VKC for other Dominion KX products See VKC Toolbar for the KX II 101 for additional information gt To enter single mouse mode do the following 1 Choose Mouse gt Single Mouse Cursor Raritan Chapter 3 Working with Target Servers 2 Click the Single Double Mouse Cursor button N in the toolbar Single Cursor Mode You are about to enter Single Cursor mode While you are in this mode this software will have exclusive control over the mouse and keyboard To exit Single Cursor mode you must press Ctri Alt 0 eo no scroll bars gt To exit single mouse mode 1 Press Ctrl Alt O on your keyboard to exit single mouse mode VKC Virtual Media See the chapter on Virtual Media on page 90 for complete information about setting up and using virtual media zie Raritan g 74 Chapter 3 Working with Target Servers Smart Cards For a list of supported smart cards smart card readers and additional system requirements see Supported and Unsupported Smart Card Readers on page 283 When accessing a server remotely you will have the opportunity to select an attached smart card reader and mount it onto the server Smart card authentication is used with th
84. provides access to other profiles available on the system Profiles selected from this list will be added to the USB Profile Menu This includes a set of trouble shooting profiles intended to help identify configuration limitations The USB Profile Menu selections are configurable via the Console Device Settings Port Configuration page Should none of the standard USB profiles provided by Raritan meet your target server requirements Raritan Technical Support can work with you to arrive at a solution tailored for that target Raritan recommends that you do the following 1 Check the most recent release notes on the Raritan website www raritan com on the Firmware Upgrade page to see if a solution is already available for your configuration 2 If not please provide the following information when contacting Raritan Technical Support a Target server information manufacturer model BIOS manufacturer and version b The intended use e g redirecting an image to reload a server s operating system from CD di Raritan Appendix C Informational Notes Changing a USB Profile when Using a Smart Card Reader There may be certain circumstances under which you will need to change the USB profile for a target server For example you may need to change the connection speed to Use Full Speed for Virtual Media CIM when the target has problems with the High Speed USB connection speed When a profile is changed you may
85. receive a New Hardware Detected message and be required to log in to the target with administrative privileges to reinstall the USB driver This is only likely to occur the first few times the target sees the new settings for the USB device Afterward the target will select the driver correctly SUSE VESA Video Modes The SuSE X org configuration tool SaX2 generates video modes using modeline entries in the X org configuration file These video modes do not correspond exactly with VESA video mode timing even when a VESA monitor is selected The KSX II on the other hand relies on exact VESA mode timing for proper synchronization This disparity can result in black borders missing sections of the picture and noise gt To configure the SUSE video display 1 The generated configuration file etc X11 xorg conf includes a Monitor section with an option named UseModes For example UseModes Modes 0 2 Either comment out this line using or delete it completely 3 Restart the X server With this change the internal video mode timing from the X server will be used and will correspond exactly with the VESA video mode timing resulting in the proper video display on the KSX II CIMS Windows 3 Button Mouse on Linux Targets When using a 3 button mouse on a Windows client connecting to a Linux target the left mouse button may get mapped to the center button of the Windows client 3 button mouse zie Raritan 2n Appendi
86. script provided by Microsoft available on the Windows 2003 server installation CD These scripts are loaded onto your system with a Microsoft Windows 2003 installation ADSI Active Directory Service Interface acts as a low level editor for Active Directory allowing you to perform common administrative tasks such as adding deleting and moving objects with a directory service gt To edit the individual user attributes within the group rciusergroup 1 From the installation CD choose Support Tools 2 Double click SUPTOOLS MSI to install the support tools zie Raritan zd Appendix B Updating the LDAP LDAPS Schema 3 Goto the directory where the support tools were installed Run adsiedit msc The ADSI Edit window opens Donan ro ad 4i2nzmet mypc domandi Corfigurabon rc gcf j2remz configu kon Schema mra remt mp AND 4 Open the Domain ii Raritan Appendix B Updating the LDAP LDAPS Schema 5 Inthe left pane of the window select the CN Users folder 5 B Doman fcd sineret mmc m ad chica ator CH Adrinisirekar CN UsersDC mypc 0C nydoman C GD CC mypeC mpdomen 0C BA CH Cert Publishers CH Cert Publishers Qv Users OC mype 0C mdomain 0 8 03 cheeutn Gict Cretdnirs CH Crefidmirs C sUsers OC nypc 0C mydomain DC GB Ovecompicers CH CrelpdsePraxy Ci Users D C mypz DC nydame g Ch Comein Admre CV Users DC nypc DC mydomen d i CH Cemen Computers CN Users D Cm D C mydar D GI CH Cemen Control
87. speed limited to full speed 12 MBit s Generic Linux profile This is the generic Linux profile use it for Redhat Enterprise Linux SuSE Linux Enterprise Desktop and similar distributions Restrictions e Absolute mouse synchronization not supported Mac OS X version 10 4 9 and later This profile compensates the scaling of mouse coordinates introduced in recent versions of Mac OS X Select this if the remote and local mouse positions get out of sync near the desktop borders Restrictions e Virtual CD ROM and disk drives cannot be used simultaneously RUBY Industrial Mainboard AwardBIOS Use this profile for the RUBY 9715VG2A series industrial mainboards with Phoenix AwardBIOS v6 00PG Restrictions e USB bus speed limited to full speed 12 MBit s e Virtual CD ROM and disk drives cannot be used simultaneously Supermicro Mainboard Phoenix AwardBIOS Use this profile for the Supermicro series mainboards with Phoenix AwardBlOS 109 Chapter 6 USB Profiles USB profile Suse 9 2 Troubleshooting 1 Troubleshooting 2 Troubleshooting 3 110 Description Restrictions e Virtual CD ROM and disk drives cannot be used simultaneously SuSE Linux 9 2 Use this for SuSE Linux 9 2 distribution Restrictions e Absolute mouse synchronization not supported e USB bus speed limited to full speed 12 MBit s Troubleshooting Profile 1 e Mass Storage first e Keyboard and Mouse
88. the Latin letter O with Double Acute work only with JRE 1 6 There are several methods that can be used to set the keyboard language preference on Fedora Linux clients The following method must be used in order for the keys to be mapped correctly from the Virtual KVM Client and the Multi Platform Client MPC gt To set the keyboard language using System Settings 1 From the toolbar choose System Preferences Keyboard 2 Open the Layouts tab 3 Add or select the appropriate language 4 Click Close gt To set the keyboard language using the Keyboard Indicator Right click the Task Bar and choose Add to Panel 2 Inthe Add to Panel dialog right click the Keyboard Indicator and from the menu choose Open Keyboard Preferences 3 Inthe Keyboard Preferences dialog click the Layouts tab Add and remove languages as necessary Key Combinations and the Java Runtime Environment JRE Because of a limitation in the Java Runtime Environment JRE Fedora Linux and Solaris clients receive an invalid response from Alt Gr on UK English and US International language keyboards Fedora Linux and Solaris do not pick up events for the Alt Gr key combination for Java 1 5 Java 1 6 appears to improve on this although the keyPressed and keyReleased events for Alt Gr still identify it as an unknown key code Also a key pressed in combination with Alt Gr such as on the UK keyboard Alt Gr 4 which is the Euro sym
89. the key file Further the SSL Certificate from the CA and its private key are not included in the full restore of the backed up file The key cannot be exported from KSX II FIPS 140 2 Support Requirements The KSX II supports the use of FIPS 140 20 approved encryption algorithms This allows an SSL server and client to successfully negotiate the cipher suite used for the encrypted session when a client is configured for FIPS 140 2 only mode Following are the recommendations for using FIPS 140 2 with the KSX II KSX II e Setthe Encryption amp Share to Auto on the Security Settings page See Encryption amp Share Microsoft Client Raritan Chapter 9 Security Management e FIPS 140 2 should be enabled on the client computer and in Internet Explorer gt To enable FIPS 140 2 on a Windows client 1 Select Control Panel gt Administrative Tools gt Local Security Policy to open the Local Security Settings dialog 2 From the navigation tree select Select Local Policies gt Security Options 3 Enable System Cryptography Use FIPS compliant algorithms for encryption hashing and signing 4 Rebootthe client computer gt Toenable FIPS 140 2 in Internet Explorer 1 In Internet Explorer select Tools gt Internet Options and click on the Advanced tab Select the Use TLS 1 0 checkbox Restart the browser Configuring IP Access Control zie Raritan Using IP access control you can control acces
90. these client applications Important When the CIM connecting the blade chassis to the Dominion device is powered down or disconnected from the Dominion device all established connections to the blade chassis will be dropped When the CIM is reconnected or powered up you will need to re establish the connection s Important If you move a blade chassis from one Dominion device port to another Dominion device port interfaces that were added to the blade chassis node in CC SG will be lost in CC SG All other information will be retained Generic Blade Chassis Configuration The Generic Blade Chassis selection provides only a manual configuration mode of operation See Supported Blade Chassis Models on page 175 Supported CIMs for Blade Chassis and Required and Recommended Blade Chassis Configurations on page 179 for important additional information when configuring the blade chassis 1 Connect the blade chassis to the KSX II See Step 3 Connect the Equipment for details 2 Select Device Settings Port Configuration to open the Port Configuration page Raritan Z Raritan Chapter 8 Device Management On the Port Configuration page click on the name of the blade chassis you want to configure The Port page will open Select the Blade Chassis radio button The page will then display the necessary fields to configure a blade chassis Select Generic from the Blade Server Chassis Model drop down Configure the bla
91. this function Raritan recommends you do not have file icons or folder icons in the upper left corner of your desktop After autosensing the target video manually initiate mouse synchronization by clicking the Synchronize Mouse button on the toolbar This also applies when the resolution of the target changes if the mouse cursors start to desync from each other If intelligent mouse synchronization fails this mode will revert to standard mouse synchronization behavior 71 Chapter 3 Working with Target Servers Please note that mouse configurations will vary on different target operating systems Consult your OS guidelines for further details Also note that intelligent mouse synchronization does not work with UNIX targets Absolute Mouse Mode In this mode absolute coordinates are used to keep the client and target cursors in sync even when the target mouse is set to a different acceleration or speed This mode is supported on servers with USB ports and is the default mode for VM and dual VM targets gt To enter absolute mouse mode e Choose Mouse gt Absolute Note The absolute mouse setting requires a USB target system and is the recommended mouse setting for KX II 101 Note For KX II devices Absolute Mouse Synchronization is available for use with the virtual media enabled USB CIM D2CIM VUSB and D2CIM DVUSB only Single Mouse Cursor Single Mouse mode uses only the target server mouse cursor and the local mouse
92. to use the device s Login dialog and Port Access page This feature also provides the ability to enter a username and password directly and proceed to the target if the username and password is not contained in the URL The following is important URL information regarding direct port access If you are using VKC and direct port access e https IPaddress dpa asp username username amp password passwo rd amp port port number If you are using AKC and direct port access e https IPaddress dpa asp username username amp password passwo rd amp port port number amp client akc Where e Username and password are optional If they are not provided a login dialog will be displayed and after being authenticated the user will be directly connected to the target e The port may be a port number or port name If you are using a port name the name must be unique or an error is reported If the port is omitted altogether an error is reported e For blade chassis the port is designated port number slot number For example 1 2 for blade chassis connected to port 1 slot 2 e Client akc is optional unless you are using the AKC client If client akc is not included VKC is used as the client gt To enable direct port access 1 Choose Device Settings Device Services The Device Service Settings page opens 2 Select Enable Direct Port Access via URL if you would like users to have direct access to a target via the Dom
93. used to access the target device e Data In Second Data rate in e Data Out Second Data rate out e Connect Time The duration of the connect time e FPS The frames per second transmitted for video e Horizontal Resolution The screen resolution horizontally e Vertical Resolution The screen resolution vertically e Refresh Rate How often the screen is refreshed e Protocol Version RFB protocol version gt To copy this information e Click Copy to Clipboard The information is available to be pasted into the program of your choice Keyboard Options Keyboard Macros Keyboard macros ensure that keystroke combinations intended for the target server are sent to and interpreted only by the target server Otherwise they might be interpreted by the computer on which the Virtual KVM Client is running your client PC Macros are stored on the client PC and are PC specific Therefore if you use another PC you cannot see your macros In addition if another person uses your PC and logs in under a different name that user will see your macros since they are computer wide Keyboard macros created in the Virtual KVM Client are available in Multi Platform Client MPC and vice versa However keyboard macros created in Active KVM Client AKC cannot be used in VKC or MPC and vice versa Note KX Il 101 does not support AKC 57 58 Chapter 3 Working with Target Servers Import Export Keyboard Macros Macr
94. video settings 1 Choose Video gt Video Settings or click the Video Settings button in the toolbar to open the Video Settings dialog 2 Adjust the following settings as required As you adjust the settings the effects are immediately visible a Noise Filter The device can filter out the electrical interference of video output from graphics cards This feature optimizes picture quality and reduces bandwidth Higher settings transmit variant pixels only if a large color variation exists in comparison to the neighboring pixels However setting the threshold too high can result in the unintentional filtering of desired screen changes Lower settings transmit most pixel changes Setting this threshold too low can result in higher bandwidth use b PLL Settings Clock Controls how quickly video pixels are displayed across the video screen Changes made to clock settings cause the video image to stretch or shrink horizontally Odd number settings are recommended Under most circumstances this setting should not be changed because the autodetect is usually quite accurate Phase Phase values range from 0 to 31 and will wrap around Stop at the phase value that produces the best video image for the active target server Raritan Chapter 3 Working with Target Servers c Brightness Use this setting to adjust the brightness of the target server display d Brightness Red Controls the brightness of the target server displ
95. woo Z Raritan Chapter 1 Introduction KSX Il Help The KSX II help provides information on how to install set up and configure the KSX II It also includes information on accessing target servers and power strips using virtual media managing users and security and maintaining and diagnosing the KSX II A PDF version of the help can be downloaded from the Raritan Firmware and Documentation page http www raritan com support firmware and documentation on the Raritan website Raritan recommends that you refer to the Raritan website for the most up to date user guides available To use online help Active Content must be enabled in your browser If you are using Internet Explorer 7 you must enable Scriplets Consult your browser help for information on enabling these features Related Documentation The KSX II help is accompanied by a KSX II Device Quick Setup Guide which can be found on the Haritan Firmware and Documentation page http www raritan com support firmware and documentation of Raritan s website Installation requirements and instructions for client applications used with the KSX II can be found in the KVM and Serial Access Clients Guide also found on the Raritan website Where applicable specific client functions used with the KSX II are included in the help KSX Il Client Applications The following client applications can be used with the KSX II e Virtual KVM Client VKC e Active KVM Client
96. 0Hz 800x600 100Hz 832x624 75 1Hz 1024x768 60Hz 1024x768 85 1024x768 75Hz 1024x768 90Hz 1024x768 100Hz 1152x864 60Hz 1152x864 70Hz 1152x864 75Hz 1152x864 85Hz 1152x870 75 1Hz 1152x900 66Hz 1152x900 76Hz 1280x720 60Hz 1280x960 60Hz 1280x960 85Hz 1280x1024 60Hz 1280x1024 75Hz 1280x1024 85Hz 1360x768 60Hz 1366x768 60Hz 1368x768 60Hz 1400x1050 60Hz 1440x900 60Hz 1600x1200 60Hz Raritan Appendix A Specifications Resolutions 1024x768 70 1680x1050 60Hz 1024x768 72 1920x1080 60Hz Note Composite Sync and Sync on Green video require an additional adapter Note Some resolutions may not be available by default If you do not see a resolution plug in the monitor first remove the monitor and then plug in the CIM Note If the 1440x900 and 1680x1050 resolutions are not displayed but are supported by the target server s graphics adapter card a DDC 1440 or DDC 1680 adapter may be required KSX Il Local Console Support Languages The KSX II Local Console supports the following language keyboards US English UK English German French Japanese Korean Simplified Chinese and Traditional Chinese Note Keyboard use for Chinese Japanese and Korean is for display only local language input is not supported at this time for KSX II Local Console functions TCP and UDP Ports Used Raritan 281 Appendix A Specifications Port HTTP Port 80 HTTPS Port 443 KSX II Raritan KVM
97. 1 162 Chapter 8 Device Management The use of hot key sequences to switch KVM access to a blade chassis is also supported For blade chassis that allow users to select a hot key sequence those options will be provided on the Port Configuration page For blade chassis that come with predefined hot key sequences those sequences will be prepopulated on the Port Configuration page once the blade chassis is selected For example the default hot key sequence to switch KVM access to an IBM BladeCenter H is NumLock NumLock SlotNumber so this hot key sequence is applied by default when IBM BladeCenter H is selected during the configuration See your blade chassis documentation for hot key sequence information You are able to configure the connection to a blade chassis web browser interface if one is available At the chassis level up to four links can be defined The first link is reserved for connection to the blade chassis administrative module GUI For example this link may be used by technical support to quickly verify a chassis configuration Blade chassis can be managed from the Virtual KVM Client VKC the Active KVM Client AKC Raritan s Multi Platform Client MPC and CC SG Managing blade severs via VKC AKC and MPC is the same as managing standard target servers See Working with Target Servers and the CC SG Administrators Guide for more information Any changes made to the blade chassis configuration in will be propagated to
98. 2 gt To return to the KSX Il Local Console from the target server e Press the hot key twice rapidly the default hot key is Scroll Lock The video display switches from the target server interface to the KSX II Local Console interface Raritan 251 Chapter 13 KSX II Local Console Local Port Administration The KSX II can be managed by either the KSX Il Local Console or the KSX II Remote Console Note that the KSX II Local Console also provides access to e Factory Reset e Local Port Settings Note Only users with administrative privileges can access these functions KSX II Local Console Local Port Settings From the Local Port Settings page you can customize many settings for the KSX II Local Console including keyboard local port hot key video switching delay power save mode local user interface resolution settings and local user authentication Note This feature is available only on the KSX Il Local Console gt To configure the local port settings 1 Choose Device Settings Local Port Settings The Local Port Settings page opens 2 Choose the appropriate keyboard type from among the options in the drop down list US US International United Kingdom French France German Germany JIS Japanese Industry Standard Simplified Chinese Traditional Chinese Dubeolsik Hangul Korean German Switzerland Norwegian Norway Swedish Sweden Danish
99. 2 Mouse Modes when Using the Mac OS X USB Profile with a DCIM VUSB 112 181 Mouse Options 68 Mouse Pointer Synchronization 69 Mouse Pointer Synchronization Fedora 310 Mouse Settings 13 Moving Between Ports of the KSX II 315 Multi Platform Client MPC 37 82 N Name Command 238 Naming Target Servers 31 Navigation of the CLI 231 232 Network Basic Settings 137 Network Interface Page 220 Network Settings 23 31 136 139 288 Network Speed Settings 140 290 Network Statistics Page 220 Non US Keyboards 306 Note on Microsoft Active Directory 34 Note to CC SG Users 34 O Opening RSC from the Remote Console 83 Operating System Mouse and Video Settings 14 Overview 12 51 80 86 91 104 227 241 303 P Package Contents 11 Permissions 115 116 Physical Specifications 270 349 Index Ping Host Page 222 Port Access Page 43 Port Access Page Local Console Server Display 246 Port Action Menu 44 247 Port Group Management 188 Port Keywords 186 Port Permissions 115 117 Port Settings 230 Port Sharing Using CLI 237 Ports Used 287 Power Control 8 158 340 Power Controlling a Target Server 53 Prerequisites for Using AKC 82 Prerequisites for Using Virtual Media 94 96 Product Features 5 Proxy Server Configuration for use with MPC VKC and AKC 50 R Rack PDU Power Strip Outlet Control 86 RADIUS Com
100. 2DUAL and P2CIM AUSBDUAL CIMs which provide two RJ45 connections to different KVM switches Support of these CIMs provides a second path to access the target in the event that one of the KVM switches is blocked or fails Paragon CIM Supports Does not support P2CIM APS2DUAL Servers with IBM e Virtual media PS 2 type keyboard Smart cards and mouse ports Absolute M e Automatic skew bsolute Mouse mode compensation when the CIMs are e Use with blade connected to chassis Paragon ll not froma e Cascaded KVM KSX II configurations e Intelligent Mouse mode e Standard Mouse mode P2CIM AUSBDUAL Servers with USB or e Virtual media Sun USB type keyboard and mouse ports e Absolute Mouse mode e Smart cards e Automatic skew compensation when Use with blade the CIMs are chassis connected to e Cascaded KVM Paragon Il not from a configurations KSX II e Intelligent Mouse mode e Standard Mouse mode T Raritan Z Raritan Appendix A Specifications KSX II to KSX II Guidelines The following system configuration guidelines should be followed when you are using Paragon CIMs in a KSX II to KSX II configuration Concurrent Access Both KSX II KVM switches should be configured with the same policy for concurrent access to targets either both PC Share or both Private If Private access to targets is required both KVM switches must be configured accordingly e From Security gt
101. Absolute Mouse Mode 72 Accessing a Target Server 251 Accessing Telnet from a Windows PC 229 Accessing the KSX II Using CLI 228 Accessing Virtual Media on a Windows 2000 Server Using a D2CIM VUSB 314 Active KVM Client AKC 37 80 Adding a New User 121 Adding a New User Group 114 121 Adding Attributes to the Class 297 Adding Deleting and Editing Favorites 49 Adjusting Video Settings 64 Administering the KSX II Console Server Configuration Commands 237 AES 256 Prerequisites and Supported Configurations for Java 303 AKC Supported NET Framework Operating Systems and Browsers 81 Apple Macintosh Settings 22 Assigning a Name to the PX 159 Assigning an IP Address 29 Associating KVM and Serial Target Servers to Outlets Port Page 159 Audit Log 206 255 256 Authentication Settings 123 Auto Sense Video Settings 63 Available Resolutions 245 Available USB Profiles 105 312 324 B B Network Port 24 Backup and Restore 173 208 Blade Chassis Sample URL Formats 166 167 169 171 180 Blade Servers 334 Building a Keyboard Macro 60 C C Local User Port Local Video Display and Keyboard and Local Admin Port 24 Calibrating Color 64 CC Unmanage 216 CC SG 315 CD ROM DVD ROWM ISO Images 97 101 5 Raritan Certified Modems for UNIX Linux and MPC e 257 Changing a Password 135 Changing a USB Profile when Using a Smart Card Reader
102. B e Mouse USB e Video VGA Ports Used Port Description HTTP Port 80 All requests received by KSX II via HTTP port 80 are automatically forwarded to HTTPS for complete security The KSX II responds to Port 80 for user convenience relieving users from having to explicitly type https in the URL field to access the KSX II but while still preserving complete security 287 zie Raritan 288 Appendix A Specifications Port HTTPS Port 443 KSX II Raritan KVM over IP Protocol Configurable Port 5000 SNTP Time Server on Configurable UDP Port 123 Optional LDAP LDAPS on Configurable Ports 389 and 636 Optional RADIUS on Configurable Port 1812 Optional RADIUS Accounting on Configurable Port 1813 SYSLOG on Configurable UDP Port 514 SNMP Default UDP Ports Optional SSH Description This port is used for the actual KVM over IP communication from the KSX II device to the KVM client on the user s desktop It cannot be changed This port is used to discover other KX devices and for communication between Raritan devices and systems including CC SG and MPC By default this is set to Port 5000 but you may configure it to use any TCP port of your choice except 80 and 443 For details on how to configure this setting refer to Network Settings on page 136 The KSX II offers the optional capability to synchronize its internal clock to a central time server This function requires th
103. BM BladeCenter H with Advanced Management Raritan Chapter 6 USB Profiles Description BIOS Generic Use this profile when Generic OS profile does not work on the BIOS WARNING USB enumeration will trigger whenever virtual media is connected or disconnected Restrictions e USB bus speed limited to full speed 12 MBit s e Absolute mouse synchronization not supported e Virtual CD ROM and disk drives cannot be used simultaneously HP Proliant DL145 PhoenixBIOS Use this profile for HP Proliant DL145 PhoenixBlOS during OS installation Restrictions e USB bus speed limited to full speed 12 MBit s BIOS HP Compaq DC7100 DC7600 Use this profile to boot the HP Compaq DC7100 DC7600 series desktops from virtual media Restrictions e Virtual CD ROM and disk drives cannot be used simultaneously IBM Thinkcentre Lenovo BIOS Use this profile for the IBM Thinkcentre Lenovo system board model 828841U during BIOS operations Restrictions e USB bus speed limited to full speed 12 MBit s e Virtual CD ROM and disk drives cannot be used simultaneously Use this profile to enable virtual media functionality when D2CIM VUSB or 107 108 Chapter 6 USB Profiles USB profile Module BIOS Lenovo ThinkPad T61 amp X61 BIOS Mac Generic HP Proliant DL360 DL380 G4 HP SmartStart CD HP Proliant DL360 DL380 G4 Windows 2003 Server Description D2CIM DVUSB is connected to the
104. C Smart Card Connections to Fedora Servers 310 Resolving Issues with Firefox Freezing when Using Fedora sesssssss 310 U SB Ports and PrEOfIes cct sternit rre a Rea uar n ni n 311 VM CIMs and DL360 USB POTIS occi oh enano i nai dei nt rn a ea fr 311 Help tor Choosing USB Profiles gic uci acta tet idet edu 311 Changing a USB Profile when Using a Smart Card Reader useussss 313 SUSE VESA Video MOCQesS rtis ttes et n Rte eR YR pec na n EE an c Lada nne ventas 313 elc E 313 Windows 3 Button Mouse on Linux Targets 313 VINE Ie EE N A E da epa alane 314 Dell OptiPlex and Dimension Computers essen entente 314 Accessing Virtual Media on a Windows 2000 Server Using a D2CIM VUSB 314 Virtual Media Not Refreshed After Files Added 314 Target BIOS Boot Time with Virtual Media 314 Virtual Media Connection Failures Using High Speed for Virtual Media Connections 314 CC S errr EU T EM 315 Virtual KVM Client Version Not Known from CC SG Proxy Mode susss 315 Single Mouse Mode Connecting to a KSX II Target Under CC SG Control Via VKC ASI re dai op ERE ED E DEN 315 Moving Between Ports of the KSX ll eese enne enne nennen 315 zie Raritan s Contents Appendix D FAQs 316 General QUESTIONS RET V A w 316 icf Tab aee I MR RT RE 318 Universal Virtua
105. CC SG management If you are managing the KSX II through CC SG and connectivity between CC SG and the KSX II is lost after the specified timeout interval typically 10 minutes you are able to end the CC SG management session from the KSX II console Note You must have the appropriate permissions to end CC SG management of the KSX II Additionally the Stop CC SG Management option will not be provided unless you are currently using CC SG to manage the KSX II gt To stop CC SG management of a KSX II 1 Click Maintenance gt Stop CC SG Management A message indicating that the device is being managed by CC SG will be displayed An option to remove the device from CC SG management will also be displayed Managed by CommandCenter Secure Gateway This device is being managed by CommandCenter Secure Gateway 192 168 59 246 Do you want to remove it from CommandCenter Management 2 Click Yes to begin the processing of removing the device from CC SG management A confirmation message will then displayed asking you to confirm that you want the remove the device from CC SG management Managed by CommandCenter Secure Gateway Confirming remove of the device from CommandCenter 192 168 59 246 Management Do you really want to remove this device from CommandCenter Management 217 Chapter 10 Maintenance 3 Click Yes to remove the device CC SG management Once CC SG management has ended a confirmation will be displayed
106. CIM PS2 and require the use of scan code set 3 with an international keyboard Click OK to save the configuration Dell Blade Chassis Configuration See Supported Blade Chassis Models on page 175 Supported CIMs for Blade Chassis and Required and Recommended Blade Chassis Configurations on page 179 for important additional information when configuring the blade chassis See Dell Chassis Cable Lengths and Video Resolutions on page 309 for information on cable lengths and video resolutions when using Dell chassis with the KSX II 1 Connect the blade chassis to the KSX II See Step 3 Connect the Equipment for details Select Device Settings Port Configuration to open the Port Configuration page On the Port Configuration page click on the name of the blade chassis you want to configure The Port page will open Select the Blade Chassis radio button The page will then display the necessary fields to configure a blade chassis Select the Dell blade chassis model from the Blade Server Chassis Model drop down Raritan 5 Raritan Chapter 8 Device Management To configure a Dell PowerEdge M1000e If you selected Dell PowerEdge M1000e auto discovery is available Configure the blade chassis as applicable Prior to configuring a blade chassis that can be auto discovered it must be configured to enable SSH connections on the designated port number see Device Services Additionally a user account with the
107. Caps Lock Press Caps Lock key twice quickly Double Click Left Alt key Press the left Alt key twice quickly Double Click Left Shift key Press the left Shift key twice quickly Double Click Left Ctrl key Press the left Ctrl key twice quickly Select the Local Port Connect key Use a connect key sequence to connect to a target and switch to another target You can then use the hot key to disconnect from the target and return to the local port GUI The connect key works for both standard servers and blade chassis Once the local port connect key is created it will appear in the Navigation panel of the GUI so you can use it as a reference See Connect Key Examples on page 248 for examples of connect key sequences Set the Video Switching Delay from between 0 5 seconds if necessary Generally 0 is used unless more time is needed certain monitors require more time to switch the video If you would like to use the power save feature Raritan Raritan 8 Chapter 8 Device Management a Select the Power Save Mode checkbox b Set the amount of time in minutes in which Power Save Mode will be initiated Choose the resolution for the KSX II Local Console from the drop down list The browser will be restarted when this change is made 800x600 1024x768 1280x1024 9 Choose the refresh rate from the drop down list The browser will be restarted when this change is made 60 Hz 75 Hz 10 Choose the type of loca
108. Conscle Ract EBG Active Directory Schema Is serviceConnecbonPoint Structural Active Bg Classes Eg servicelnstance Structural Active Servi C atrbutes BS zirpleSecurit Object Auxiliary Active The s E site Structural Active Site B3 siteLink Structural Active Site L Wa citeLinl Bridge Structural Active Site L 8 stesCentainer Structural Active Sites mi storage Structural Active Store Ei subnet Structural Active Subn W3 cubnetContaner Structural Active Subn mi subSchema Structural Active SubS Bp top Abstract Active Top Wi bustecDomain Structural Active Trust Wi typelibrary Structural Active New Window From Here Refresh W3 volume Active volun w Help 3 Choose Properties from the menu The user Properties dialog appears Click the Attributes tab to open it Click Add Raritan Appendix B Updating the LDAP LDAPS Schema 6 Choose rciusergroup from the Select Schema Object list Select Schema Object alx x 7 Click OK in the Select Schema Object dialog 8 Click OK in the User Properties dialog Updating the Schema Cache gt To update the schema cache 1 Right click Active Directory Schema in the left pane of the window and select Reload the Schema 2 Minimize the Active Directory Schema MMC Microsoft Management Console console Editing rciusergroup Attributes for User Members To run the Active Directory script on a Windows 2003 server use the
109. Denmark Belgian Belgium S ZE Raritan 5 Raritan Chapter 13 KSX II Local Console Note Keyboard use for Chinese Japanese and Korean is for display only Local language input is not supported at this time for KSX II Local Console functions Choose the local port hotkey The local port hotkey is used to return to the KSX II Local Console interface when a target server interface is being viewed The default is to Double Click Scroll Lock but you can select any key combination from the drop down list Hot key Take this action Double Click Scroll Lock Press Scroll Lock key twice quickly Double Click Num Lock Press Num Lock key twice quickly Double Click Caps Lock Press Caps Lock key twice quickly Double Click Left Alt key Press the left Alt key twice quickly Double Click Left Shift key Press the left Shift key twice quickly Double Click Left Ctrl key Press the left Ctrl key twice quickly Set the Video Switching Delay from between 0 5 seconds if necessary Generally 0 is used unless more time is needed certain monitors require more time to switch the video If you would like to use the power save feature a Select the Power Save Mode checkbox b Setthe amount of time in minutes in which Power Save Mode will be initiated Choose the resolution for the KSX II Local Console from the drop down list 800x600 1024x768 1280x1024 Choose the refresh rate from the drop down list 60 Hz 75 Hz Choose t
110. Favorites List Manage your list of favorite devices Discover Devices Local Subnet Discover Raritan devices on the client PC s local subnet Discover Devices KSX Il Subnet Discover the Raritan devices on the KSX II device subnet Add New Device to Favorites Add edit and delete devices from your list of Favorites Favorites List Page From the Favorites List page you can add edit and delete devices from your list of favorites gt To open the Favorites List page e Choose Manage gt Favorites List The Favorites List page opens Discovering Devices on the Local Subnet This option discovers the devices on your local subnet which is the subnet where the KSX II Remote Console is running These devices can be accessed directly from this page or you can add them to your list of favorites See Favorites List Page on page 47 gt To discover devices on the local subnet 1 Choose Manage Discover Devices Local Subnet The Discover Devices Local Subnet page appears 2 Choose the appropriate discovery port To use the default discovery port select the Use Default Port 5000 checkbox To use a different discovery port Deselect the Use Default Port 5000 checkbox Type the port number in the Discover on Port field 47 Chapter 3 Working with Target Servers c Click Save 3 Click Refresh The list of devices on the local subnet is refreshed gt To add devices to your Favorites List 1 Select the
111. I The Command Line Interface prompt indicates the current command level The root portion of the prompt is the login name For a direct admin serial port connection with a terminal emulation application Admin Port is the root portion of a command For TELNET SSH admin is the root portion of the command admin config network The table below lists and describes all available CLI commands Command Description config Port configuration command Switch to the Configuration menu connect Connect to a port diagnostics Switch to diagnostic commands menu help Display an overview of the CLI syntax history Display the current session s command line history interface Configure the KSX II network interface listports List accessible ports logout Logout of the current CLI session name Display or change a device name and or the hostname quit Return to previous command userlist List users 235 Chapter 12 Command Line Interface CLI Security Issues Elements to consider when addressing security for console servers e Encrypting the data traffic sent between the operator console and the KSX II device e Providing authentication and authorization for users e Security profile The KSX II supports each of these elements however they must be configured prior to general use Target Connections and the CLI The purpose of the KSX II is to let authorized users establish connections to various targete
112. Il Local Console Local Port Settings on page 252 for more information Connect Key Examples Standard servers Connect key action Key sequence example Access a port from Access port 5 from the local port GUI the local port GUI e Press Left ALT gt Press and Release 5 gt Release Left ALT Switch between Switch from target port 5 to port 11 ports e Press Left ALT gt Press and Release 1 gt Press and Release 1 Release Left ALT Disconnect from a Disconnect from target port 11 and return to the target and return to local port GUI the page from which you Raritan Standard servers Connect key action the local port GUI Blade chassis Connect key action Access a port from the local port GUI Switch between ports Disconnect from a target and return to the local port GUI Supported Keyboard Languages zie Raritan Chapter 13 KSX II Local Console Key sequence example connected to target e Double Click Scroll Lock Key sequence example Access port 5 slot 2 e Press Left ALT gt Press and Release 5 gt Press and Release Press and Release 2 Release Left ALT Switch from target port 5 slot 2 to port 5 slot 11 e Press Left ALT gt Press and Release 5 gt Press and Release Press and Release 1 Press and Release 1 Release Left ALT Disconnect from target port 5 slot 11 and return to the local port GUI the page from which you connected to target e Doub
113. Internet Explorer as an administrator To do this click the Start Menu locate IE right click it and select Run as Administrator Raritan Chapter 5 Virtual Media Target Server Raritan KVM target servers must support USB connected drives KVM target servers running the Windows 2000 operating system must have all of the recent patches installed USB 2 0 ports are both faster and preferred If you plan to access file server ISO images identify those file servers and images through the KSX II Remote Console File Server Setup page See File Server Setup File Server ISO Images Only on page 98 Note ISO9660 format is the standard supported by Raritan However other CD ROM extensions may also work Open a KVM session with the appropriate target server a Open the Port Access page from the KSX II Remote Console b Connect to the target server from the Port Access page Click the Port Name for the appropriate server Choose the Connect command from the Port Action menu The target server opens in a Virtual KVM Client see Virtual KVM Client VKC on page 51 window Connect to the virtual media For Select this VM option Local drives Connect Drive Local CD DVD drives Connect CD ROM ISO Image see CD ROM DVD ROM ISO Images on page 101 ISO Images Connect CD ROM ISO Image File Server ISO Images Connect CD ROM ISO Image Upon completion of your tasks disconnect the virtual media See Disco
114. KSX II s internal authentication capabilities be used all sensitive information such as usernames and passwords are stored in an encrypted format Literally no one including Raritan technical support or Product Engineering departments can retrieve those usernames and passwords Does the KSX Il support strong password Raritan Raritan Appendix D FAQs Yes the KSX II has administrator configurable strong password checking to ensure that user created passwords meet corporate and or government standards and are resistant to brute force hacking If the KSX Il Encryption Mode is set to Auto what level of encryption is achieved The KSX II has the ability to support AES 256 For this to happen Java unlimited strength policy files have to be loaded on the client machine Once this is enabled the encryption level that is auto negotiated when the mode is set to AUTO is as Browser Encryption Level Internet Explorer 6 AES 128 7 and 8 Firefox 1 5 2 03 x AES 256 Safari 2 0 4 AES 256 Does the KSX II support a configurable security banner Yes For government military and other security conscious customers requiring a security message before user login the KSX II can display a user configurable banner message and optionally require acceptance 343 Appendix D FAQs Smart Cards and CAC Authentication Does the KSX Il support smart card and CAC authentication Yes smart cards and DoD Common Access Card CAC a
115. Language sseeeee 35 Chapter 3 Working with Target Servers 36 Dre m 36 KSX Il Local Console KSX I DeviGes icio terreni tena ra cernere 37 KSX II Remote Console Interface oiii eite aiana tena tr cetur i 38 Proxy Server Configuration for use with MPC VKC and AKC ssssseeeee 50 Virtual KVMIClierit VI amp C accio nier it rara tp tae reta erede lead dads ea Kadrina taliana neste et eee 51 OV CIVIC We MP 51 Connecting to a KVM Target Server cccecceceeeeeeeeeeeeeeeeeneeeseaeeeeaaeseeeeeseeeeeeaaeseeaeeseeeees 51 Hec 51 Switching Between KVM Target Servers ssssssssssssssseseeeeenee nennen 53 Power Controlling a Target Server aciei ace iii aaan sr anti Eu as 53 Disconnecting KVM Target Servers iiic ae eaaa rp ER a qp ru as 54 Choosing USB Profiles 2 din cate ea sian trs Erro terme doe esc d dA TEE CO E RET Eae 54 Gonnectior Properties 2 2 ettet etes atr detener x Rete ne ne Ec ud Ek ae ata eSa 55 Connection InforlfiallQn accus ciacceii coactus c vei cedet no t cde to d ca da n dd e Rae dn 57 aereis csias a a ade aaaeaii da 57 iii 5 Raritan Contents Video Properties 3 ne e ER Eid iei daana ute EE HE en MERE ae EE TRE RE LEE E LEE HU qe Md vee 63 MITT eji o LT CRI eee ae ers 68 VAG Virtual Media oci oae nura n
116. Local No reset action is taken Resets Note When using the P2CIM AUSBDUAL or P2CIM APS2DUAL to attach a target to two KSX Ils if Private access to the targets is required both KVM switches must have Private set as their PC Share Mode See Supported Paragon CIMS and Configurations on page 276 for additional information on using Paragon CIMs with the KSX II Checking Your Browser for AES Encryption The KSX II supports AES 256 If you do not know if your browser uses AES check with the browser manufacturer or navigate to the https www fortify net ssicheck html website using the browser with the encryption method you want to check This website detects your browser s encryption method and displays a report Note Internet Explorer 6 does not support AES 128 or 256 bit encryption AES 256 Prerequisites and Supported Configurations AES 256 bit encryption is supported on the following web browsers only e Firefox 2 0 0 x and 3 0 x and higher e Internet Explorer 7 and 8 In addition to browser support AES 256 bit encryption requires the installation of Java Cryptography Extension JCE Unlimited Strength Jurisdiction Policy Files Jurisdiction files for various JREs are available at the other downloads section of the following link e JRE1 6 http java sun com javase downloads index_jdk5 jsp zie Raritan bd Chapter 9 Security Management 198 Enabling FIPS 140 2 For government and other high security
117. Managed Links section of the page you are able to configure the connection to a blade chassis web browser interface if one is available Click the Blade Chassis Managed Links icon M eae bae to expand the section on the page The first URL link is intended for use to connect to the blade chassis Administration Module GUI Note Access to the URL links entered in this section of the page is governed by the blade chassis port permissions a Active To activate the link once it is configured select the Active checkbox Leave the checkbox deselected to keep the link inactive Entering information into the link fields and saving can still be done even if Active is not selected Once Active is selected the URL field is required The username password username field and password field are optional depending on whether single sign on is desired or not b URL Enter the URL to the interface See Blade Chassis Sample URL Formats on page 180 for sample configurations for the IBM BladeCenter c Username Enter the username used to access the interface d Password Enter the password used to access the interface Note Leave the username and password fields blank for DRAC ILO and RSA web applications or the connection will fail e The Username Field and Password Field which are both optional contain the labels that are expected to be associated with the username and password entries It is in these fields you should
118. Policy Required Access Policies Access Services Default Network Access gt Authorization 131 Chapter 7 User Management Returning User Group Information via RADIUS When a RADIUS authentication attempt succeeds the KSX II determines the permissions for a given user based on the permissions of the user s group Your remote RADIUS server can provide these user group names by returning an attribute implemented as a RADIUS FILTER ID The FILTER ID should be formatted as follows Raritan G GROUP NAME where GROUP NAME is a string denoting the name of the group to which the user belongs Raritan G GROUP NAME D Dial Back Number where GROUP NAME is a string denoting the name of the group to which the user belongs and Dial Back Number is the number associated with the user account that the KSX Il modem will use to dial back to the user account RADIUS Communication Exchange Specifications The KSX II sends the following RADIUS attributes to your RADIUS server Attribute Data Log in Access Request 1 NAS Port Type 61 VIRTUAL 5 for network connections NAS IP Address 4 The IP address for the KSX II User Name 1 The user name entered at the login screen Acct Session ID 44 Session ID for accounting User Password 2 The encrypted password Accounting Request 4 Acct Status 40 Start 1 Starts the accounting NAS Port Type 61 VIRTUAL 5 for network connections NAS Port 5 Always 0 NAS IP
119. Security Settings gt Encryption amp Share set PC Share Mode to Private This guarantees that concurrent access to targets is prohibited for all targets by all user groups The KSX II allows for more granular control of concurrent access to targets on a per user group basis This is done by setting the user group s PC Share permissions However this is only enforced within the boundary of a KSX Il User Group PC Share permissions must not be relied on if Privacy must be guaranteed when using the P2CIM APS2DUAL or P2CIM AUSBDUAL with the KSX II CIM Name Updates The P2CIM APS2 and P2CIM AUSB names are stored within the CIM s memory There are two memory locations provided to accommodate the Paragon naming convention 12 characters and the KSX II naming convention 32 characters When first connected to a KSX II the Paragon name will be retrieved from memory and written into the CIM memory location used by KSX II Subsequent queries for the CIM name or updates to the CIM name from the KSX II will be made to the memory location used by the KSX II Updates will not be made by the KSX II to the memory location used by Paragon Il When the CIM name is updated by one KSX Il the other KSX II will detect and retrieve the updated name on the next attempt to connect to that target Until that time the name will not be updated on the other KSX II Port Status and Availability The port status displayed on the KSX II Port Acces
120. Set Ehternet Mod auto 10hdx 10fdx 100hdx 100fdx 1000fdx Interface Command Example The following command enables the interface number 1 sets the IP address mask and gateway addresses and sets the mode to auto detect Admin gt Config gt Network gt interface ipauto none ip 192 16 151 12 mask 255 255 255 0 gw 192 168 51 12 mode auto Note Both IPv4 and IPv6 addresses are supported Name Command The name command is used to configure the network name The syntax of the name is name devicename lt devicename gt hostname lt hostname gt Device name configuration devicename lt devicename gt Device Nam hostname lt hostname gt Preferred host name DHCP only Name Command Example The following command sets the network name Admin gt Config gt Network gt name devicename My KSX2 d Raritan Chapter 12 Command Line Interface CLI 5 Raritan Connect Commands The connect commands provide a means to access ports and their history Command connect clearhistory clientlist close gethistory getwrite help history powerstatus powertoggle quit return sendbreak writelock writeunlock Description Connect to a port The port sub menu reached using escape key sequence Clear history buffer for this port Only available to users who have Write access Display all users on the port Close this target connection Display the his
121. Specifications Supported indicate available Supported However PC Share Idle Timeout which is configured on the Paragon Il is not supported Both users will have concurrent keyboard and mouse control The Paragon Il uses Green to indicate available This will also be true if another user is already accessing the target Not supported This mode cannot be used when connecting the CIM to a Paragon II and the KSX II The Paragon Il uses Yellow to indicate it is in P View mode e CIM names updated from the KSX II are stored and retrieved from the CIM memory location corresponding to the KSX Il naming convention e CIM name updates do not propagate between the Paragon II and the KSX II 279 280 Appendix A Specifications Supported Video Resolutions Ensure that each target server s video resolution and refresh rate are supported by the KSX II and that the signal is noninterlaced Video resolution and cable length are important factors in the ability to obtain mouse synchronization See Target Server Connection Distance and Video Resolution on page 289 The KSX II supports these resolutions Resolutions 640x350 70Hz 640x350 85Hz 640x400 56Hz 640x400 84Hz 640x400 85Hz 640x480 60Hz 640x480 66 6Hz 640x480 72Hz 640x480 75Hz 640x480 85Hz 720x400 70Hz 720x400 84Hz 720x400 85Hz 800x600 56Hz 800x600 60Hz 800x600 70Hz 800x600 72Hz 800x600 75Hz 800x600 85Hz 800x600 9
122. To delete a rule 1 Specify the rule number you want to delete 2 Click Delete 3 When prompted to confirm the deletion click OK Important ACL rules are evaluated in the order in which they are listed For instance in the example shown here if the two ACL rules were reversed Dominion would accept no communication at all Rule 1 Starting IP 192 168 50 1 Ending IP 192 168 55 255 Action ACCEPT Rule 2 Starting IP 0 0 0 0 Ending IP 255 255 255 255 Action DROP Tip The rule numbers allow you to have more control over the order in which the rules are created Modifying an Existing User Group Note All permissions are enabled and cannot be changed for the Admin group gt To modify an existing user group 1 From the Group page change the appropriate fields and set the appropriate permissions 2 Setthe Permissions for the group Select the checkboxes before the permissions you want to assign to all of the users belonging to this group See Setting Permissions 3 Setthe Port Permissions Specify the server ports that can be accessed by users belonging to this group and the type of access See Setting Port Permissions 119 Chapter 7 User Management 4 Setthe IP ACL optional This feature limits access to the KSX II device by specifying IP addresses See Group Based IP ACL Access Control List 5 Click OK gt To delete a user group Important If you delete a group with us
123. Type your user name and password Raritan ZE Raritan 5 Click OK to log on Chapter 3 Working with Target Servers 85 Chapter 4 Overview Z Raritan Rack PDU Power Strip Outlet Control In This Chapter II T Mr 86 Turning Outlets On Off and Cycling Power sssssssss 87 The KSX II allows you to control Raritan PX and RPC series rack PDU power strip outlets Once a PX or RPC series is setup and then attached to the KSX II the rack PDU and its outlets can be controlled from the Powerstrip page in the KSX II interface This page is accessed by clicking on the Power menu at the top of the page The Powerstrip page will display rack PDUs attached to the KSX II for which the user has been granted appropriate port access permissions Note For information on setting up a PX see the Dominion PX User Guide From the Powerstrip page you are able to turn the outlets on and off as well as cycle their power You are also able to view the following power strip and outlet information e Powerstrip Device Information Name Model Temperature Current Amps Maximum Amps Voltage Power in Watts Power in Volts Ampere e Outlet Display Information Name Named assigned to the outlet when it was configured State On or Off status of the outlet Control Turn outlets on or off or cycle their power Association The ports associated with the outlet 86 Home gt
124. able from the local port Note This option is not available from the KSX Il Remote Console for an available port if all connections are busy Switch From Switches from an existing connection to the selected port KVM target server This menu item is available only for KVM targets This option is visible only when a Virtual KVM Client is opened Note This menu item is not available on the KSX II Local Console Disconnect Disconnects this port and closes the Virtual KVM Client page for this target server This menu item is available only when the port status is up and connected or up and busy Note This menu item is not available on the KSX II Local Console The only way to disconnect from the switched target in the Local Console is to use the hot key Raritan Sis Raritan Chapter 3 Working with Target Servers Power On Powers on the target server through the associated outlet This option is visible only when there are one or more power associations to the target Power Off Powers off the target server through the associated outlets This option is visible only when there are one or more power associations to the target when the target power is on port status is up and when user has permission to operate this service Power Cycle Power cycles the target server through the associated outlets This option is visible only when there are one or more power associations to the target and when the user has pe
125. ader implementation not CCID compliant USB Token Aladdin eToken Proprietary PRO implementation Minimum System Requirements Local Port Requirements The basic interoperability requirement for local port attachment to the KSX II is e All devices smart card reader or token that are locally attached must be USB CCID compliant Target Server Requirements When using smart card readers the basic requirements for interoperability at the target server are e The IFD smart card reader Handler must be a standard USB CCID device driver comparable to the generic Microsoft USB CCID driver e AD2CIM DVUSB Dual VM CIM is required and must be using firmware version 3AGE or later e Blade chassis server connections where a CIM per blade is used are supported e Blade chassis server connections where a CIM per chassis is used is only supported for IBM BladeCenter models H and E with auto discovery enabled Windows XP Targets Raritan Raritan Appendix A Specifications Windows XP operating system targets must be running Windows XP SP3 in order to use smart cards with the KSX II If you are working with NET 3 5 in a Windows XP environment on the target server you must be using SP1 Linux Targets If you are using a Linux target the following requirements must be met to use smart card readers with the KSX II e CCID Requirements If the Raritan D2CIM DVUSB VM CCID is not recognized as a smart
126. and delete IP access control rules on a group level basis Y IP ACL Rule Starting IP Ending IP Action qf L a E Append Insert Replace Delete acceer v 4 f s Lok Cancel PP f ye M hoo as aar gt T as ttem as Memes annm PI pts goon To add append rules Type the starting IP address in the Starting IP field Type the ending IP address in the Ending IP field o N gt N Choose the action from the available options Accept IP addresses set to Accept are allowed access to the KSX II device Drop IP addresses set to Drop are denied access to the KSX II device B Click Append The rule is added to the bottom of the rules list Repeat steps 1 through 4 for each rule you want to enter v To insert a rule Enter a rule number A rule number is required when using the Insert command Enter the Starting IP and Ending IP fields Choose the action from the Action drop down list Raritan zie Raritan Chapter 7 User Management 4 Click Insert If the rule number you just typed equals an existing rule number the new rule is placed ahead of the exiting rule and all rules are moved down in the list gt To replace a rule 1 Specify the rule number you want to replace 2 Type the Starting IP and Ending IP fields 3 Choose the Action from the drop down list 4 Click Replace Your new rule replaces the original rule with the same rule number gt
127. aritan Chapter 14 Modem Configuration 6 Typea name to identify this particular connection in the ISP Name field and click Next New Connection Wizard Connection Name What is the name of the service that provides your Internet connection Been O O O ZE Raritan BH Chapter 14 Modem Configuration 7 Type the phone number for the connection in the Phone number field and click Next New Connection Wizard Phone Number to Dial What is your ISP s phone number 8 Type your ISP information Type the user name and password in the appropriate fields and retype the password to confirm it i Raritan Chapter 14 Modem Configuration 9 Select the checkbox before the appropriate option below the fields and click Next New Connection Wizard Internet Account Information You will need an account name and password to sign in to your Internet account Type an ISP account name and password then write down this information and store it in a safe place If you have forgotten an existing account name or password contact your ISP User name admin Password 999999 Confirm password eccccce C Use this account name and password when anyone connects to the Internet from this computer C Make this the default Internet connection 10 Click Finish 11 Click Dial to connect to the remote machine when the Dial dialog appears A dialog indicating that you connected successful
128. as 7888 Once this is done connection to the target can be done by using ssh 1 login KSX II device IP address p 7888 Raritan Chapter 2 Installation and Configuration 3 Click OK to save this information Direct Port Access IP Address SSH Port Telnet Port OK Reset To Defaults Cancel Oe ee ae aet s m S eee ein Once you have created the direct port access it can be connected in a client application such as PuTTY Following is an example of how the direct port access information would appear in PuTTY Note that PuTTY is not the only client application that can be used It is used here for sample purposes only Sis Raritan Chapter 2 Installation and Configuration Note to CC SG Users Note to CC SG Users If you are using the KSX II in a CC SG configuration perform the installation steps and when finished consult the CommandCenter Secure Gateway User Guide Administrator Guide or Deployment Guide to proceed all found on Raritan s website www raritan com under Support Note The remainder of this help applies primarily to deploying the KSX II device s without the integration functionality of CC SG Remote Authentication Note to CC SG Users When the KSX II is controlled by CommandCenter Secure Gateway CC SG authenticates users and groups except for local users requiring Local port access When CC SG is controlling the KSX II Local port users will
129. ate the blades that are installed in the blade chassis by checking the Installed checkbox next to each slot that has a blade installed Alternatively use the Select All checkbox If needed change the blade server names If operating in Auto discovery mode the Installed box will display the slots containing blades during discovery In the Blade Chassis Managed Links section of the page you are able to configure the connection to a blade chassis web browser interface if one is available Click the Blade Chassis Managed Links icon M ee to expand the section on the page 165 166 Chapter 8 Device Management The first URL link is intended for use to connect to the blade chassis Administration Module GUI Note Access to the URL links entered in this section of the page is governed by the blade chassis port permissions a Active To activate the link once it is configured select the Active checkbox Leave the checkbox deselected to keep the link inactive Entering information into the link fields and saving can still be done even if Active is not selected Once Active is selected the URL field is required The username password username field and password field are optional depending on whether single sign on is desired or not b URL Enter the URL to the interface See Blade Chassis Sample URL Formats on page 180 for sample configurations for the Dell M1000e c Username Enter the username used to acce
130. ation product will Raritan 10 Half No Communicat ion No Communicat ion No Communicat ion Connectivity Raritan Appendix A Specifications EE communicate but collisions will occur Per Ethernet specification these should be no communication however note that the KSX II behavior deviates from expected behavior Note For reliable network communication configure the KSX II and the LAN switch to the same LAN Interface Speed and Duplex For example configure both the KSX Il and LAN Switch to Autodetect recommended or set both to a fixed speed duplex such as 100MB S Full The following table lists the necessary KSX II hardware adapters and or cables for connecting the KSX II to common vendor model combinations Vendor Checkpoint Cisco Cisco Cisco Hewlett Packard Silicon Graphics Sun Device Console connector Firewall DB9M PIX Firewall Catalyst RJ 45 Router DB25F UNIX Server DB9M Origin SPARCStation DB25F Serial connection ASCSDB9F adapter and a CAT 5 cable CRLVR 15 rollover cable or CRLVR 1 adapter cable and a CAT5 cable CRLVR 1 cable for connecting a terminal port RJ 45 Connector type of KSX Il 48 models that have this connector to another KSX II ASCSDB25M adapter and a CAT 5 cable ASCSDB9F adapter and a CAT 5 cable ASCSDB25M adapter and a 291 292 Appendix A Specifications Vendor Device Console Serial c
131. ation and Configuration Step 1 Configure KVM Target Servers KVM target servers are the computers that will be accessed and controlled via the KSX II Before installing the KSX II configure all KVM target servers to ensure optimum performance This configuration applies only to KVM target servers not to the client workstations remote PCs used to access the KSX II remotely See Terminology for additional information Desktop Background For optimal bandwidth efficiency and video performance KVM target servers running graphical user interfaces such as Windows Linux X Windows Solaris and KDE require configuration The desktop background need not be completely solid but desktop backgrounds featuring photos or complex gradients might degrade performance Mouse Settings The KSX II operates in several mouse modes e Absolute Mouse Mode D2CIM VUSB only e Intelligent Mouse Mode do not use an animated mouse e Standard Mouse Mode Mouse parameters do not have to be altered for Absolute Mouse Synchronization but D2CIM VUSB or D2CIM DVUSB is required for this mode For both the Standard and Intelligent mouse modes mouse parameters must be set to specific values which are described here Mouse configurations will vary on different target operating systems Consult your OS documentation for additional detail Intelligent mouse mode generally works well on most Windows platforms Intelligent mouse mode may produce unpredic
132. ation services LDAP LDAPS RADIUS or Active Directory authentication attempts at the Local Console also are authenticated against the external authentication service Note You can also specify no authentication for Local Console access this option is recommended only for secure environments gt To use the KSX II Local Console 1 Connect a keyboard mouse and video display to the local ports at the back of the KSX II 2 Start the KSX Il The KSX Il Local Console interface displays is S Raritan Chapter 13 KSX II Local Console Local Console Smart Card Access Raritan To use a smart card to access a server at the Local Console plug a USB smart card reader into the KSX II using one of the USB ports located on the KSX II Once a smart card reader is plugged in or unplugged from the KSX II the KSX II autodetects it For a list of supported smart cards and additional system requirements see Supported and Unsupported Smart Card Readers on page 283 and Minimum System Requirements on page 284 When mounted onto the target server the card reader and smart card will cause the server to behave as if they had been directly attached Removal of the smart card or smart card reader will cause the user session to be locked or you will be logged out depending on how the card removal policy has been setup on the target server OS When the KVM session is terminated either because it has been closed or because you switch t
133. ature disabled default Raritan Chapter 8 Device Management 3 Click OK Configuring Modem Settings gt Toconfigure modem settings 1 Click Device Settings Modem Settings to open the Modem Settings page Check Enable Modem if needed Enter the PPP server IP address The internet address assigned to the KSX II when a connection is established via dial up Required 4 Enter the PPP client IP address The internet address the KSX II assigns to remove the client when a connection is established via dial up Required Note The PPP server IP address and PPP Client IP address must be different and cannot conflict with the network addresses used by the server or the client 5 Check Enable Modem Dialback if needed Note If dial back is enabled each user accessing the KSX II via modem must have a call back number defined in their profile Otherwise dial up will reject the call for that user 6 Click OK to commit your changes or click Reset to Defaults to return the settings to their defaults Modem Settings Enable Modem PPP Server IP Address 10142 PPP Client IP Address 10143 Enable Modem Dialback Reset To Defaults zie Raritan id 148 Chapter 8 Device Management Configuring Date Time Settings Use the Date Time Settings page to specify the date and time for the KSX Il There are two ways to do this Manually set the date and time Synchronize the date an
134. avorites e Backup Restore e Firmware Upgrade e Upgrade Report e SSL Certificates Note If you are using Internet Explorer 7 you may run into permission issues when trying to connect to a target server To avoid this do the following 1 In Internet Explorer click Tools Internet Options to open the Internet Options dialog 2 In the Temporary Internet files section click the Settings button The Settings dialog opens 3 In the Check for newer versions of stored pages section select Automatically 4 Click OK to apply the settings Launching the KSX II Remote Console Important Regardless of the browser used you must allow pop ups from the device s IP address to launch the KSX Il Remote Console S Raritan Chapter 3 Working with Target Servers Depending on your browser and security settings you may see various security and certificate warnings It is necessary to accept these warnings to launch the KSX II Remote Console You can reduce the number of warning messages during subsequent log ins by checking the following options on the security and certificate warning messages In the future do not show this warning Always trust content from this publisher To launch the KSX Il Remote Console Log in to any workstation with network connectivity to your KSX II and Java Runtime Environment installed JRE is available on the Java website htip java sun com Launch a supported web browser
135. ay for the red signal e Brightness Green Controls the brightness of the green signal f Brightness Blue Controls the brightness of the blue signal g Contrast Red Controls the red signal contrast h Contrast Green Controls the green signal i Contrast Blue Controls the blue signal If the video image looks extremely blurry or unfocused the settings for clock and phase can be adjusted until a better image appears on the active target server Warning Exercise caution when changing the Clock and Phase settings Doing so may result in lost or distorted video and you may not be able to return to the previous state Contact Raritan Technical Support before making any changes j Horizontal Offset Controls the horizontal positioning of the target server display on your monitor k Vertical Offset Controls the vertical positioning of the target server display on your monitor 3 Select Automatic Color Calibration to enable this feature 4 Select the video sensing mode Best possible video mode The device will perform the full Auto Sense process when switching targets or target resolutions Selecting this option calibrates the video for the best image quality Quick sense video mode With this option the device will use a quick video Auto Sense in order to show the target s video sooner This option is especially useful for entering a target server s BIOS configuration right after a reboot 5 Click OK to ap
136. ba e Pv6 is not supported for use with virtual media when using Samba 305 306 Appendix C Informational Notes Keyboards Non US Keyboards French Keyboard Caret Symbol Linux Clients Only The Virtual KVM Client and the Multi Platform Client MPC do not process the key combination of Alt Gr 9 as the caret symbol when using French keyboards with Linux clients gt To obtain the caret symbol From a French keyboard press the key to the right of the P key then immediately press the space bar Alternatively create a macro consisting of the following commands 1 Press Right Alt 2 Press 9 3 Release 9 4 Release Right Alt Note These procedures do not apply to the circumflex accent above vowels In all cases the key to the right of the P key works on French keyboards to create the circumflex accent when used in combination with another character Accent Symbol Windows XP Operating System Clients Only From the Virtual KVM Client and the Multi Platform Client the key combination of Alt Gr 7 results in the accented character displaying twice when using French keyboards with Windows XP clients Note This does not occur with Linux clients Numeric Keypad From the Virtual KVM Client and the Multi Platform Client the numeric keypad symbols display as follows when using a French keyboard Numeric keypad symbol Displays as Raritan 5 Raritan Appendix C Informat
137. back of the KSX II 3 Attach an AC power cord to the target server and an available rack PDU outlet 25 Chapter 2 Installation and Configuration 4 Connect the rack PDU to an AC power source 5 Power on the KSX II device Important When using CC SG the power ports should be inactive before attaching rack PDUs that were swapped between the power ports If this is not done there is a possibility that the number of power outlets will not be correctly detected especially after swapping 8 and 20 outlet rack PDU models Diagram key Q KSX II Q PX serial port KSX II Power Cat5 cable Ctrl 1 Port or Power Ctrl 2 Port Q Z Raritan 5 Raritan F Serial Target Ports Chapter 2 Installation and Configuration To connect a serial target to the KSX II use a Cat5 cable with an appropriate serial adapter The following table lists the necessary KSX II hardware adapters and or cables for connecting the KSX II to common vendor model combinations Vendor Device Checkpoint Firewall Cisco PIX Firewall Cisco Catalyst Cisco Router Hewlett UNIX Server Packard Silicon Origin Graphics Sun SPARCStation Sun Netra T1 Sun Cobalt Various Windows NT Console connector DB9M RJ 45 DB25F DB9M DB25F RJ 45 DB9M Serial connection ASCSDB9F adapter and a CAT 5 cable CRLVR 15 rollover cable or CRLVR 1 adapter cable and a CAT5 cable CRLVR 1 cable for connecting a ter
138. bol will only generate a keyTyped followed by a keyReleased event for that value without a keyPressed event Java 1 6 improves upon this by filling in the keyPressed event as well d Z Raritan Appendix C Informational Notes Macintosh Keyboard When a Macintosh is used as the client the following keys on the Mac keyboard are not captured by the Java Runtime Environment JRE F9 F10 F11 F14 F15 Volume Up Volume Down Mute Eject As a result the Virtual KVM Client and the Multi Platform Client MPC are unable to process these keys from a Mac client s keyboard Dell Chassis Cable Lengths and Video Resolutions Z Raritan In order to maintain video quality Raritan recommends using the following cable lengths and video resolutions when you are connecting to Dell blade chassis from the KSX II Cable length 50 ft 50 ft 30 ft Video resolution 1024x768x60 1280x1024x60 1600x1200x60 309 Appendix C Informational Notes Fedora Resolving Fedora Core Focus Using the Multi Platform Client MPC occasionally there is an inability to log in to a KSX II device or to access KVM target servers Windows SUSE and so forth In addition the Ctrl Alt M key combination may not bring up the Keyboard Shortcut menu This situation occurs with the following client configuration Fedora Core 6 and Firefox 1 5 or 2 0 Through testing it has been determined that installation of libXp resolves wi
139. bsolute Mouse mode for better mouse performance Z Raritan Chapter 7 User Groups Z Raritan User Management In This Chapter BETREUER 113 SII GR RUE 120 Authentication Settlnds iii 22i eiae erred trib eer HERE te Ca e E ERr dades 123 Changing PassWoOId p e iarciet aaaea a PER Ter baa ez 135 The KSX II stores an internal list of all user and group names to determine access authorization and permissions This information is stored internally in an encrypted format There are several forms of authentication and this one is known as local authentication All users have to be authenticated If the KSX II is configured for LDAP LDAPS or RADIUS that authentication is processed first followed by local authentication Every KSX II is delivered with three default user groups These groups cannot be deleted User Description Admin Users that are members of this group have full administrative privileges The original factory default user is a member of this group and has the complete set of system privileges In addition the Admin user must be a member of the Admin group Unknown This is the default group for users who are authenticated externally using LDAP LDAPS or RADIUS or who are unknown to the system If the external LDAP LDAPS or RADIUS server does not identify a valid user group the Unknown group is used In addition any newly created user is automatically put in this group until assigned to another grou
140. can be done using telnet KSX II device IP address 7770 Direct Port Access via SSH Port Configure the SSH TCP port as 7888 Once this is done connection to the target can be done by using ssh 1 lt login gt KSX II device IP address gt p 7888 m Z Raritan Chapter 8 Device Management 3 Click OK to save this information Direct Port Access IP Address SSH Port Telnet Port OK Reset To Defaults Cancel Oe ee ae aet s m nin Once you have created the direct port access it can be connected in a client application such as PuTTY Following is an example of how the direct port access information would appear in PuTTY Note that PuTTY is not the only client application that can be used It is used here for sample purposes only zie Raritan m 146 Chapter 8 Device Management Enabling the AKC Download Server Certificate Validation If you are using the AKC client you can choose to use the Enable AKC Download Server Certificate Validation feature or opt not to use this feature Option 1 Do Not Enable AKC Download Server Certificate Validation default setting If you do not enable AKC Download Server Certificate Validation all Dominion device users and CC SG Bookmark and Access Client users must e Ensure the cookies from the IP address of the device that is being accessed are not currently being blocked e Windows Vista Windows 7 and Windo
141. ccept the options in order to open MPC Note If you are using Firefox 3 0 3 you may experience problems launching the application If this occurs clear the browser cache and launch the application again Raritan Serial Console RSC Opening RSC from the Remote Console gt To open the Raritan Serial Console RSC from the Remote Console 1 Select the Port Access tab Port Access Click on the individual port name to see allowable operations 0 of 1 Remote KVM channels currently in use Port Name Dominion_KSX2_Port8 Not Available down idle 3 Cisco 2501 Serial up idle 10 SP 2 Serial up idle 1 Serial Port 3 Serial up ide 4 LKSX2 Poi vailable lo idle 1 Dominion KSX2 Port Not Available down idle 12 Serial Port 4 Serial up idle 13 SP 5 Serial up idle 4 OW Serial Port 6 Serial up idle 15 Serial Port 7 Serial up idle 16 Serial Port 8 Serial up idle sn AN an a AR Anh ADA tthe O 9 2 Click the name of the serial port you want to access for the RSC zie Raritan M 84 Chapter 3 Working with Target Servers Note A security pop up screen appears only if you used https to connect to the RSC If you re using Dominion DSX a Click Yes A Warning Security pop up screen appears Click Yes to access the Raritan Serial Console from the Port page Note If you click Always you will not
142. ccess enabling up to eight remote users to simultaneously log into one KSX Il and concurrently view and control the same target server through the device Click the drop down list to select one of the following options Private No PC share This is the default mode Each target server can be accessed exclusively by only one user at a time PC Share KVM target servers can be accessed by up to eight users administrator or non administrator at one time Each remote user has equal keyboard and mouse control however note that uneven control will occur if one user does not stop typing or moving the mouse If needed select VM Share Mode This option is enabled only when PC Share mode is enabled When selected this option permits the sharing of virtual media among multiple users that is several users can access the same virtual media session The default is disabled If needed select Local Device Reset Mode This option specifies which actions are taken when the hardware Reset button at the back of the device is depressed For more information see Resetting the KSX II Using the Reset Button Choose one of the following options Raritan Chapter 9 Security Management Local device reset Description mode Enable Local Factory Returns the KSX II device to the factory Reset default defaults Enable Local Admin Resets the local administrator password only Password Reset The password is reset to raritan Disable All
143. ce Fette nue de Rec 122 Logging a User Off Force LOoGOff iuc oa doch tre pneu re Fee ere ende ettet dando gen 122 Authentication Settings cas rene reote eme ea degere etr te vas tbe hauda eade rx adu ER rea disce 123 Implementing LDAP LDAPS Remote Authentication sse 124 Returning User Group Information from Active Directory Server 127 Implementing RADIUS Remote Authentication essen 128 Returning User Group Information via RADIUS sse 132 RADIUS Communication Exchange Specifications 132 User Authentication PIOCOSS 2 2 cerea eg etra e nue usta idea pese bronce daa 134 Ghangitng a PassWord unos Pete Rd dete tento de pete Decks de teneatur e Fata rd dg 135 Chapter 8 Device Management 136 Network Settings Erie Lect DERI ERE cR POI EE ie eia DERE RE aa Malinda 136 Network Basic Settings eiie ter oed Leti I eei x dis lain Maced isda Exo Esp RU I Deka shad eae 137 LAN Interface Settings iiit rice eee ce teri Eos aee Gh di aa a EE ba Pen EXER ees 139 DEVICE SCIVICES dE ES 141 iege M cere 141 Enabling SOA e 141 HTTP and Ai TPS Port Settings ccc eh t aeaieie 142 Entering theJDIscoVery POLL oss cote este nete leere desk etae ges anta dete die una dee 142 Enabling Serial Console ACCESS aec eite nter nien metas dena ra nde ek de na dex 142 Enabling Direct Port Access Via U RE iiec
144. cess clients To be clear if the name of a server via the KSX II onscreen display is changed this updates all remote clients and external management servers in real time Sometimes I see shadows on the local port user interface Why does that occur This shadow ghosting effect may occur with LCD monitors that have been on for long periods The LCD properties and the electrical static charge can produce these effects when the screen is on for a long time 339 Appendix D FAQs Power Control Does the power supply used by the KSX Il automatically detect voltage settings Yes The KSX Il s power supply can be used in AC voltage ranges from 100 240 volts at 50 60 Hz What type of power control capabilities does the KSX II offer Raritan s Remote Power Control power strips can be connected to the KSX II to provide power control of the KVM target servers After a simple one time configuration step just right click the server name to power on off or recycle a hung server Note that a hard reboot provides the physical equivalent of unplugging the server from the AC power line and reinserting the plug Does the KSX Il support servers with multiple power supplies What if each power supply is connected to a different rack PDU power strip Yes The KSX II can be easily configured to support multiple power supplies connected to multiple power strips Two 2 power strips can be connected to a KSX II device Four power supplies can
145. ch a KSX II group configuration the KSX II automatically assigns the group of Unknown to users who authenticate successfully If you use a dialback number you must enter the following case sensitive string msRADIUSCallbackNumber Based on recommendations from Microsoft Global Groups with user accounts should be used not Domain Local Groups Implementing RADIUS Remote Authentication Remote Authentication Dial in User Service RADIUS is an AAA authentication authorization and accounting protocol for network access applications gt 1 To use the RADIUS authentication protocol Click User Management gt Authentication Settings to open the Authentication Settings page Click the RADIUS radio button to enable the RADIUS section of the page Click the EGER icon to expand the RADIUS section of the page In the Primary Radius Server and Secondary Radius Server fields type the IP address of your primary and optional secondary remote authentication servers respectively up to 256 characters In the Shared Secret fields type the server secret used for authentication up to 128 characters The shared secret is a character string that must be known by both the KSX Il and the RADIUS server to allow them to communicate securely It is essentially a password The Authentication Port default is port is 1812 but can be changed as required The Accounting Port default port is 1813 but can be changed as required
146. control and manage multiple serial devices You can use the Command Line Interface CLI to configure the KSX II or to connect to target devices The RS 232 interface may operate at all standard rates from 1200 bps to 115 2 kbps The default settings are 9600 bps 8 data bits no parity bit one stop bit and no flow control The following figures describe an overview of the CLI commands See CLI Commands on page 235 for a list of all the commands which include definitions and links to the sections in this chapter that give examples of these commands CLI Command Overview Configuring a Network Inteface Command The following common commands can be used from all levels of the CLI to the preceding figure top history log off quit show and help Z Raritan xd 228 Chapter 12 Command Line Interface CLI Accessing the KSX II Using CLI Access the KSX II by using one of the following methods e Telnet via IP connection e SSH Secure Shell via IP connection e Local Port via RS 232 serial interface A number of SSH Telnet clients are available and can be obtained from the following locations e Putty hitp www chiark greenend org uk sgtatham putty http www chiark greenend org uk sgtatham putty e SSH Client from ssh com www ssh com http www ssh com e Applet SSH Client www netspace org ssh http www netspace org ssh e OpenSSH Client www openssh org http www openssh org SSH Connection to
147. cryption of electronic data 128 is the key length When AES 128 is specified be certain that your browser supports it otherwise you will not be able to connect See Checking Your Browser for AES Encryption on page 197 for more information The Advanced Encryption Standard AES is 195 196 Chapter 9 Security Management Encryption mode Description a National Institute of Standards and Technology specification for the encryption of electronic data 256 is the key length When AES 256 is specified be certain that your browser supports it otherwise you will not be able to connect See Checking Your Browser for AES Encryption on page 197 for more information Note MPC will always negotiate to the highest encryption and will match the Encryption Mode setting if not set to Auto Note If you are running Windows XP operating system with Service Pack 2 Internet Explorer 7 cannot connect remotely to the KSX II using AES 128 encryption Apply Encryption Mode to KVM and Virtual Media When selected this option applies the selected encryption mode to both KVM and virtual media After authentication KVM and virtual media data is also transferred with 128 bit encryption For government and other high security environments enable FIPS 140 2 Mode by selecting the Enable FIPS 140 2 checkbox See Enabling FIPS 140 2 on page 198 for information on enabling FIPS 140 2 PC Share Mode Determines global concurrent remote KVM a
148. ctet String replUpToDateVector Octet String repsFrom Octet String repsTo ctet String revision Integer rid Integer Unicode lt Not Seb 128299285248088608 lt Not Seb Not Set lt Not Seb 0x01 0x00 0x00 0x00 Ox lt Not Seb lt Not Set lt Not Seb lt Not Seb lt Not Seb lt Not Set Administrator 8 Click Edit The String Attribute Editor dialog appears 9 Type the user group created in the KSX II in the Edit Attribute field Click OK String Attribute Editor 302 Raritan Appendix C Overview Java zie Raritan Informational Notes In This Chapter ET DYAN EA ASEAN EEEE EE E Ie c III I code ae Reece cece ces IRL MI ALIM E 303 Javgeccnumcilil Ie a N 303 Py S pDoTLINOLeS acri eiecti agi rete obti detta ME XE De Ligue ned dae 305 Keyb0ardS m 306 Dell Chassis Cable Lengths and Video Resolutions 309 OOO labs RC RETE RETE TETTE TEE 310 USB Ports and Profiles riti s eio nri aa cad dtd n aat red ctas 311 SUSE VESA Video Modes 0 cccccccceeeeeeececeseesceeeeeeeceseeseuauaueeeeeeeeeuees 313 e rc 313 Vintual Media RM 314 CS MNT 315 This section includes important notes on KSX II usage Future updates will be documented and available online through the Help link in the KSX II Remote Console interface AES 256 Prerequisites and Supported Configurations for Java Applications P
149. cunt some eade exon he degener cente nde ntn du sath e deg a ade ek dre una dann 195 Enabling FIPS 140 2 tonc rente tooth dup ete necem a tende tag des deea N 198 zie Raritan y Contents vi Configuring IP Access Control iiie eei ere ie ia ab ee ER ded Aid FU ge Hd aes 199 SoL GertifiGales 2 aena e HEP eee De ole I ed e Pe ie labo QU ad Used daa heeds 201 SECUMLY aile ETE TEL D DL US 203 Chapter 10 Maintenance 205 Maintenance Features Local Remote Console ssssssssseeennennenn 205 PUG Eo G iris sect cece 206 Device IMONMALON wes civecscecavacsedtivesseucevaceuttevdacedvarsesat E RENAE S E SEA N ENRERE NE 207 Backup and Restore saitei cete eaea iaa COL seed a aiaa aa aa Mica aaan DER Cue Pa a Det d at 208 USB Profile Management eee Docet ainaani aaa aaraa aaa aaa aaa aaa iaaa E 210 Handling Conflicts in Profile Names seessssssseseseseneeenenee nennen 211 Wpgrading CIMS ep Lc E 212 Upgrading Finttiware uices cnt eo EE RIE e aerae atten here t eee ue ue idan aa aaa a aaa a Ie Peta dn Ea exu 212 Upgrade PISTON RC DC 215 FREDO OLIN G T x Y 215 eres MMAN AGS PEE EU 216 Stopping CC SG Manageirient ioo iita E reete lasers eret a tee Eo Yer eoa ER uae ae ERE Euh 217 Chapter 11 Diagnostics 219 Network Interface Pate err trente desc ee der tapete Ea a pex ampio de cune Xa od 220 Network Statistics Page
150. d What happens if don t choose the correct USB profile Not choosing the right USB profile for a KVM target server can prevent a mass storage device mouse or keyboard from working optimally or working at all Do always need to set a USB profile when I use virtual media No in many cases the default USB Profile is sufficient when using virtual media at the OS level or operating at the BIOS level without accessing virtual media What profiles are available See Available USB Profiles on page 105 How do I know which USB profile is best for a given target server The Generic profile is best for the vast majority of target servers If this profile does not work with a given KVM target server you can choose the appropriate USB profile in Available USB Profiles on page 105 Select the profile that best matches your target server What is the purpose of a BIOS profile A BIOS profile has been tailored to match the requirements of a particular server s BIOS that does not implement the full USB specification The profile enables use of keyboard mouse and virtual media at the BIOS level overcoming the restrictions or limitations of the BIOS Raritan Appendix D FAQs Do I need a special CIM to use USB profiles You must use a D2CIM VUSB or D2CIM DVUSB with updated firmware Will Raritan provide USB profiles for other target server configurations Raritan will provide new USB profiles to suit customer needs As the
151. d one belonging to your remote client workstation and the other belonging to the target server When the mouse pointer lies within the Virtual KVM Client target server window mouse movements and clicks are directly transmitted to the connected target server While in motion the client mouse pointer slightly leads the target mouse pointer due to mouse acceleration settings On fast LAN connections you can disable the Virtual KVM Client mouse pointer and view only the target server s pointer You can toggle between these two modes single mouse and dual mouse Mouse Synchronization Tips Be sure to follow these steps when configuring mouse synchronization 1 Verify that the selected video resolution and refresh rate are among those supported by the device The Virtual KVM Client Connection Info dialog displays the actual values that the device is seeing 2 For KX II devices verify that the cable length is within the specified limits for the selected video resolution 3 Verify that the mouse and video have been properly configured during the installation process 4 Force an auto sense by clicking the Virtual KVM Client auto sense button 5 If that does not improve the mouse synchronization for Linux UNIX and Solaris KVM target servers a Open a terminal window b Enterthe xset mouse 1 1 command c Close the terminal window 6 Click the Virtual KVM Client mouse synchronization button xx zie Raritan i 70 C
152. d Line Interface CLI on page 226 KSX II Local Console KSX Il Devices When you are located at the server rack the KSX II provides standard KVM management and administration via the KSX Il Local Console The KSX II Local Console provides a direct KVM analog connection to your connected servers the performance is exactly as if you were directly connected to the server s keyboard mouse and video ports Additionally the KSX II provides terminal emulation when accessing serial targets There are many similarities among the KSX Il Local Console and the KSX II Remote Console graphical user interfaces Where there are differences they are noted in the help 37 Chapter 3 Working with Target Servers KSX Il Remote Console Interface The KSX II Remote Console is a browser based graphical user interface that allows you to log in to KVM target servers and serial targets connected to the KSX II and to remotely administer the KSX II The KSX II Remote Console provides a digital connection to your connected KVM target servers When you log into a KVM target server using the KSX II Remote Console a Virtual KVM Client window opens There are many similarities among the KSX Il Local Console and the KSX II Remote Console graphical user interfaces and where there are differences they are noted in the user manual The following options are available in the KSX II Remote Console but not the KSX II Local Console e Virtual Media e F
153. d devices using the connect command Before connecting to a target the terminal emulation and escape sequence must be configured When a target is disconnected the appropriate disconnect message appears The KSX II also provides the ability to share ports among users Setting Emulation on a Target gt To set emulation on the target e Ensure that the encoding in use on the host matches the encoding configured for the target device that is if the character set setting on a Sun Solaris server is set to SO8859 1 the target device should also be set to ISO8859 1 Note ISO9660 format is the standard supported by Raritan However other CD ROM extensions may also work e Ensure that the terminal emulation on the target host connected to the KSX II serial port is set to VT100 VT220 VT320 or ANSI On most UNIX systems export TERM vt100 or vt220 vt320 ansi sets the preferred terminal emulation type on the UNIX target device that is if the terminal type setting on a HP UX server is set to VT100 the Access Client should also be set to VT100 The setting for terminal emulation on the KSX II is a property associated with the port settings for a particular target device Ensure that the settings for terminal emulation in the client software such as Telnet or SSH client are capable of supporting the target device sd Raritan Chapter 12 Command Line Interface CLI Port Sharing Using CLI It is possible for acces
154. d readers refresh the list of smart card readers attached to the target and detach smart card readers You are also able to remove or reinsert a smart card This function can be used to provide notification to a target server OS that requires a removal reinsertion in order to display the appropriate login dialog Using this function allows the notification to be sent to a single target without affecting other active KVM sessions gt To mount a smart card reader 1 Click the Smart Card menu and then select Smart Card Reader Alternatively click the Smart Card button ez in the toolbar 2 Select the smart card reader from the Select Smart Card Reader dialog 3 Click Mount Raritan Chapter 3 Working with Target Servers 4 Aprogress dialog will open Check the Mount selected card reader automatically on connection to targets checkbox to mount the smart card reader automatically the next time you connect to a target Click OK to begin the mounting process gt To update the smart card in the Select Smart Card Reader dialog e Click Refresh List if a new smart card reader has been attached to the client PC gt To send smart card remove and reinsert notifications to the target e Select the smart card reader that is currently mounted and click the Remove Reinsert button gt To unmount a smart card reader e Select the smart card reader to be unmounted and click the Unmount button Smart card reader mounting
155. d time with a Network Time Protocol NTP server To set the date and time Choose Device Settings Date Time The Date Time Settings page opens Choose your time zone from the Time Zone drop down list To adjust for daylight savings time check the Adjust for daylight savings time checkbox Choose the method you would like to use to set the date and time User Specified Time Choose this option to input the date and time manually For the User Specified Time option enter the date and time For the time use the hh mm format using a 24 hour clock a Synchronize with NTP Server Choose this option to synchronize the date and time with the Network Time Protocol NTP Server For the Synchronize with NTP Server option a Enter the IP address of the Primary Time server b Enter the IP address of the Secondary Time server Optional Raritan Chapter 8 Device Management 6 Click OK Home gt Device Settings gt Date Time Settings Date Time Settings Time Zone GMT 05 00 US Eastern v Adjust for daylight savings time User Specified Time Date Month Day Year May w os 208 Time Hour Minute 1 0 18 O Synchronize with HTP Server Primary Time server Secondary Time server OK Reset To Defaults Cancel Event Management The KSX II Event Management feature allows you enable and disable the distribution of system events to SNMP
156. de chassis as applicable a Switch Hot Key Sequence Define the hot key sequence that will be used to switch from KVM to the blade chassis The Switch Hot Key Sequence must match the sequence used by the KVM module in the blade chassis b Administrative Module Primary IP Address Host Name Not applicable c Maximum Number of Slots Enter the default maximum number of slots available on the blade chassis d Port Number The default port number for the blade chassis is 22 Not applicable e Username Not applicable f Password Not applicable Change the blade chassis name if needed Indicate the blades that are installed in the blade chassis by checking the Installed checkbox next to each slot that has a blade installed Alternatively use the Select All checkbox If needed change the blade server names In the Blade Chassis Managed Links section of the page you are able to configure the connection to a blade chassis web browser interface if one is available Click the Blade Chassis Managed Links icon M to expand the section on the page The first URL link is intended for use to connect to the blade chassis Administration Module GUI Note Access to the URL links entered in this section of the page is governed by the blade chassis port permissions a Active To activate the link once it is configured select the Active checkbox Leave the checkbox deselected to keep the link inactive Entering informat
157. device screen r 024x768x70 Issue the boot command to reboot the server You can also contact your Raritan representative to purchase a video output adapter If you have Sun 13W3 with composite Use this video output adapter APSSUN II Guardian converter sync output Sun HD15 with composite sync output 1396C converter to convert from HD15 to 13W3 and an APSSUN II Guardian converter to support composite sync Sun HD15 with separate sync APKMSUN Guardian converter output Note Some of the standard Sun background screens may not center precisely on certain Sun servers with dark borders Use another background or place a light colored icon in the upper left hand corner Mouse Settings 1 2 To configure the mouse settings Sun Solaris 10 1 Choose Launcher Application Manager Desktop Controls opens Choose Mouse Style Manager The Style Manager Mouse dialog appears Set the Acceleration slider to 1 0 Raritan Z Raritan Chapter 2 Installation and Configuration 4 Setthe Threshold slider to 1 0 5 Click OK Accessing the Command Line 1 Right click 2 Choose Tools Terminal A terminal window opens It is best to be at the root to issue commands Video Settings POST Sun systems have two different resolution settings a POST resolution and a GUI resolution Run these commands from the command line Note 1024x768x75 is used as an example here substitute the resolution a
158. discovery port Step 3 Connect the Equipment Connect the KSX II to the power supply network local PC local video display keyboard and mouse KVM target servers and serial targets A AC Power gt To connect the power supply 1 Attach the included AC power cord to the KSX II and plug into an AC power outlet Raritan x 24 Chapter 2 Installation and Configuration B Network Port The KSX II provides two Ethernet ports for failover purposes not for load balancing By default only LAN1 is active and the automatic failover is disabled When enabled if the KSX II internal network interface or the network switch to which it is connected becomes unavailable LAN2 will be enabled using the same IP address Note Because a failover port is not activated until after a failover has actually occurred Raritan recommends that you either not monitor the failover port or monitor it only after a failover occurs gt To connect the network 1 Connect a standard Ethernet cable included from the network port labeled LAN1 to an Ethernet switch hub or router 2 To make use of the optional KSX Il Ethernet failover capabilities Connect a standard Ethernet cable from the network port labeled LAN to an Ethernet switch hub or router Enable Automatic Failover on the Network Configuration page Note Use both network ports only if you want to use one as a failover port C Local User Port Local V
159. e Notice e Optiplex 210L 280 745 GX620 requires D2CIM DVUSB with Generic profile to support virtual media 105 106 Chapter 6 USB Profiles USB profile BIOS DellPowerEdge Keyboard Only BIOS ASUS P4C800 Motherboard Description Restrictions e USB bus speed limited to full speed 12 MBit s e No virtual media support Dell PowerEdge BIOS Access Keyboard Only Use this profile to have keyboard functionality for the Dell PowerEdge BIOS when using D2CIM VUSB When using the new D2CIM DVUSB use Generic profile Notice e PowerEdge 650 1650 1750 2600 2650 BIOS do not support USB CD ROM and disk drives as a bootable device e PowerEdge 750 850 860 1850 2850 8C1425 BIOS requires D2CIM DVUSB with Generic profile to support virtual media e Use BIOS Dell PowerEdge 1950 2950 2970 6950 R200 or Generic profile for PowerEdge 1950 2950 2970 6950 R200 when operating in the BIOS Restrictions e USB bus speed limited to full speed 12 MBit s e Absolute mouse synchronization not supported e No virtual media support Use this profile to access BIOS and boot from Virtual Media on Asus P4C800 based systems Restrictions e USB bus speed limited to full speed 12 MBit s e Virtual CD ROM and disk drives cannot be used simultaneously Raritan USB profile BIOS Generic BIOS HP Proliant DL145 BIOS HP Compaq DC7100 DC7600 BIOS IBM ThinkCentre Lenovo I
160. e available None Static IP This option requires that you manually specify the network parameters This is the recommended option because the KSX II is an infrastructure device and its IP address should not change DHCP Dynamic Host Configuration Protocol is used by networked computers clients to obtain unique IP addresses and other parameters from a DHCP server With this option network parameters are assigned by the DHCP server If DHCP is used enter the Preferred host name DHCP only Up to 63 characters 4 If IPv6 is to be used enter or select the appropriate IPv6 specific network settings in the IPv6 section a b Select the IPv6 checkbox to activate the fields in the section Enter a Global Unique IP Address This is the IP address assigned to the KSX Il Enter the Prefix Length This is the number of bits used in the IPv6 address Enter the Gateway IP Address 29 Chapter 2 Installation and Configuration e Link Local IP Address This address is automatically assigned to the device It is used for neighbor discovery or when no routers are present Read Only f Zone ID This identifies the device with which the address is associated Read Only g Select the IP Auto Configuration The following options are available None Use this option if you do not want an auto IP configuration and prefer to set the IP address yourself static IP This is the default and recommended option If None
161. e KSX II Reset button is pressed WARNING If you select an encryption mode that is not supported by your browser you will not be able to access the KSX II from your browser 1 Choose one of the options from the Encryption Mode drop down list When an encryption mode is selected a warning appears stating that if your browser does not support the selected mode you will not be able to connect to the KSX Il The warning states When the Encryption Mode is specified please ensure that your browser supports this encryption mode otherwise you will not be able to connect to the KSX II Encryption mode Description Auto RC4 AES 128 AES 256 Raritan This is the recommended option The KSX II autonegotiates to the highest level of encryption possible You must select Auto in order for the device and client to successfully negotiate the use of FIPS compliant algorithms Secures user names passwords and KVM data including video transmissions using the RSA RC4 encryption method This is a 128 bit Secure Sockets Layer SSL protocol that provides a private communications channel between the KSX II device and the Remote PC during initial connection authentication If you enable FIPS 140 2 mode and RC4 has been selected you will receive an error message RC4 is not available while in FIPS 140 2 mode The Advanced Encryption Standard AES is a National Institute of Standards and Technology specification for the en
162. e Port Access page with the blade chassis at the root of the hierarchy and the individual blades labeled and displayed below the root Use the Expand Arrow icon next to the root chassis to display the individual blades Note To view the blade chassis in a hierarchal order blade chassis subtypes must be configured for the blade server chassis By default the View by Port tab will be displayed on the Port Access page The View by Group tab displays port groups and can be expandable to display ports that are assigned to the port group The View by Search tab allows you to search by port name The search feature supports the use of an asterisk as a wildcard and full and partial names gt To use the Port Access page 1 From the KSX Il Remote Console click the Port Access tab The Port Access page opens 2 The KVM target servers are initially sorted by Port Number You can change the display to sort on any of the columns Port Number Numbered from 1 to the total number of ports available for the KSX II device Port Name The name of the KSX II port Initially this is set to Dominion KSX2 Port but you can change the name to something more descriptive When you click a Port Name link the Port Action Menu appears Note Do not use apostrophes for the Port CIM Name Status The status for standard servers is either up or down Type The type of server or CIM For blade chassis the type can be Blade Chassis
163. e Server mounting directly from KSX Il Yes Locally held ISO image Remote File Server mounting directly from KSX Il Yes Locally held ISO image Remote File Server mounting directly from KSX Il No No The JRE plug in is available for the Windows 32 bit and 64 bit operating systems MPC and VKC can be launched only from a 32 bit browser or 64 bit IE7 or IE8 browser Following are the Java 32 bit and 64 bit Windows operating system requirements Mode 32 bit mode Operating system Windows x64 Windows XP Browser e Internet Explorer 6 0 SP1 or 7 0 IE 8 e Firefox 1 06 3 271 Appendix A Specifications Mode Operating system Browser Windows Server 2003 e Internet Explorer 6 0 SP1 IE 7 IE 8 e Firefox 1 06 3 Windows Vista e Internet Explorer 7 0 or 8 0 Windows 7 e Internet Explorer 7 0 or 8 0 e Firefox 1 06 3 Windows x64 Windows XP 64bit OS 32bit browsers 64 bit mode Windows XP e Internet Explorer 6 0 SP1 7 0 or 8 0 e Firefox 1 06 3 64bit mode 64bit browsers Professional Windows XP Tablet Windows Vista Windows Server 2003 Windows Server 2008 Windows 7 e Internet Explorer 7 0 or 8 0 Supported Operating Systems and CIMs KVM Target Servers In addition to the new D2CIMs most Dominion CIMs are supported The following table displays the supported target server operating systems CIMs virtual media and mouse modes Note D2CIM VUSB is not supported on S
164. e blade specific security features such as per blade access permissions and hot key blocking that eliminates un authorized access zie Raritan 9s 336 Appendix D FAQs Installation Besides the device itself what do need to order from Raritan to install the KSX II Each server that connects to the KSX Il requires a Dominion Computer Interface Module CIM a serial cable adapter and an adapter that connects directly to the keyboard video and mouse ports of the server What kind of Cat5 cabling should be used in my installation Each server that connects to the KSX Il requires a Dominion Computer Interface Module CIM a serial cable adapter and an adapter that connects directly to the keyboard video and mouse ports of the server What types of servers can be connected to the KSX II The KSX II is completely vendor independent Any server with standard compliant keyboard video and mouse ports can be connected How do I connect servers to the KSX II See Connecting to a KVM Target Server How far can my servers be from the KSX II See Distances for Serial Devices on page 289 and Target Server Connection Distance and Video Resolution on page 289 For the new D2CIM VUSB and D2CIM DVUSB CIMs that support virtual media and Absolute Mouse Synchronization a 100 30 m foot range is recommended Some operating systems lock up when I disconnect a keyboard or mouse during operation What prevents servers connected t
165. e is in use that is supported by the KSX II See Supported Video Resolutions on page 280 for more information Note If you change the video resolution you must log out of the target server and log back in for the video settings to take effect Make Linux Settings Permanent Note These steps may vary slightly depending on the specific version of Linux in use o N r N To make your settings permanent in Linux prompt Choose System Menu gt Preferences gt Personal gt Sessions Click the Session Options tab Select the Prompt on log off checkbox and click OK This option prompts you to save your current session when you log out Upon logging out select the Save current setup option from the dialog Click OK Z Raritan Z Raritan Chapter 2 Installation and Configuration Tip If you do not want to be prompted upon log out follow these procedures instead To make your settings permanent in Linux no prompt Choose Desktop gt Control Center gt System gt Sessions Click the Session Options tab Deselect the Prompt on the log off checkbox Ron Select the Automatically save changes to the session checkbox and click OK This option automatically saves your current session when you log out Make UNIX Settings Permanent Note These steps may vary slightly depending on the type of UNIX for example Solaris IBM AIX and the specific version in use 1 Choose Style Manager Star
166. e must match Raritan KSX II virtual media is supported only on IBM BladeCenter Models H and E This requires the use of the D2CIM DVUSB The black D2CIM DVUSB Low Speed USB connector is attached to the Administrative Management Module AMM at the rear of the unit The gray D2CIM DVUSB High Speed USB connector is attached to the Media Tray MT at the front of the unit This will require a USB extension cable Note All IBM BladeCenters that use AMM must use AMM firmware version BPET36K or later to work with the KSX II Note In the case of IBM Blade Center Models E and H the KSX II only supports auto discovery for AMM 1 as the acting primary management module Blade Chassis Sample URL Formats This table contains sample URL formats for blade chassis being configured in the KSX II Blade chassis Dell M1000e Dell 1855 Sample URL format URL https 192 168 60 44 cgi bin webcgi login Username root Username Field user Password calvin Password Field password URL https 192 168 60 33 Forms f login Raritan zie Raritan Chapter 8 Device Management Blade chassis Sample URL format e Username root e Username Field TEXT USER NAME e Password calvin e Password Field TEXT PASSWORD IBM e http 192 168 84 217 private welcome ssi BladeCenter E or H Configuring USB Profiles Port Page You choose the available USB profiles for a port in the Select USB Profiles for Port section of the Port pa
167. e omes eiue Cea e rad aa gere 12 Getting Stared EP 13 Overview This section provides a brief overview of the installation process Each step is further detailed in the remaining sections of this chapter gt To install and configure the KSX Il e Step 1 Configure KVM Target Servers on page 13 e Step 2 Configure Network Firewall Settings on page 22 e Step 3 Connect the Equipment on page 22 e Step 4 Configure the KSX Il on page 28 e Step 5 Optional Configure Keyboard Language on page 35 You will need to know the default IP address username and password for initial configuration See Default Login Information on page 12 Default Login Information Default Value User name The default user name is admin This user has administrative privileges Password The default password is raritan Passwords are case sensitive and must be entered in the exact case combination in which they were created For example the default password raritan must be entered entirely in lowercase letters The first time you start the KSX Il you are required to change the default password IP address The KSX II ships with the default IP address of 192 168 0 192 Important For backup and business continuity purposes it is strongly recommended that you create a backup administrator user name and password and keep that information in a secure location 12 zie Raritan Getting Started Raritan Chapter 2 Install
168. e target server it is not used to log into the device Therefore changes to smart card PIN and credentials do not require updates to device accounts When mounted onto the target server the card reader and smart card will cause the server to behave as if they had been directly attached Removal of the smart card or smart card reader will cause the user session to be locked or you will be logged out depending on how the card removal policy has been setup on the target server OS When the KVM session is terminated either because it has been closed or because you switch to a new target the smart card reader will be automatically unmounted from the target server When PC Share mode is enabled on the device multiple users can share access to a target server However when a smart card reader is connected to a target the device will enforce privacy regardless of the PC Share mode setting In addition if you join a shared session on a target server the smart card reader mounting will be disabled until exclusive access to the target server becomes available After a KVM session is established to the target server a Smart Card menu and button are available in the Virtual KVM Client VKC Active KVM Client AKC and Multi Platform Client MPC Once the menu is opened or the Smart Card button is selected the smart card readers that have been detected as attached to the remote client are displayed From this dialog you can attach additional smart car
169. e those associations so that you can power on power off and power cycle the server from the Port page See E Power Strip of this guide for information on the physical connections between the KSX II and Dominion PX Target Settings 720x400 Compensation Port 1 Ls Type PCIM 2 amp Name KX local aa Power Strip Name Outlet Name None v v None v J None X v g None X v A Use international keyboard for scan code set 3 OK Cancel dene uent FO 2g f Raritan Raritan Chapter 8 Device Management Assigning a Name to the PX The Port page opens when you select a port on the Port Configuration page The port appears on this page when connected to a Raritan remote rack PDU power strip The Type and the Name fields are prepopulated Use this page to name the rack PDU and its outlets all names can be up to 32 alphanumeric characters and can include special characters Note When a rack PDU is associated to a target server port the outlet name is replaced by the target server name even if you assigned another name to the outlet Note CommandCenter Service Gateway does not recognize rack PDU names containing spaces gt To name the rack PDU and outlets 1 Change the Name of the rack PDU to something you will remember 2 Change the Outlet Name if desired Outlet names default to Outlet 3 3 Click OK Associating KVM and Se
170. e use of UDP Port 123 the standard for SNTP but can also be configured to use any port of your designation If the KSX II is configured to remotely authenticate user logins via the LDAP LDAPS protocol ports 389 and 636 will be used but the system can also be configured to use any port of your designation If the KSX II is configured to remotely authenticate user logins via the RADIUS protocol either port 1812 or 1813 will be used but the system can also be configured to use any port of your designation If the KSX II is configured to remotely authenticate user logins via the RADIUS protocol and also employs RADIUS accounting for event logging port 1813 or an additional port of your designation will be used to transfer log notifications If the KSX II is configured to send messages to a Syslog server then the indicated port s will be used for communication uses UDP Port 514 Port 161 is used for inbound outbound read write SNMP access and port 162 is used for outbound traffic for SNMP traps Secure Shell SSH port can be configured The default is port 22 Raritan Appendix A Specifications Port Description Telnet Telnet port can be configured but is not recommended The default port is 23 Target Server Connection Distance and Video Resolution The maximum supported distance is a function of many factors including the type quality of Cat5 cable server type and manufacturer video driver and monitor
171. e wrong parameters Press Enter to execute the command Press Tab to complete a command For example Admin Port gt Conf The system then displays the Admin Port Config prompt Common Commands for All Command Line Interface Levels Following are the commands that are available at all CLI levels These commands also help navigate through the CLI Commands Description top Return to the top level of the CLI hierarchy or the username prompt history Display the last 200 commands the user entered into the KSX II CLI help Display an overview of the CLI syntax quit Places the user back one level logout Logs out the user session Raritan 233 234 Chapter 12 Command Line Interface CLI Initial Configuration Using CLI Note These steps which use the CLI are optional since the same configuration can be done via KVM See Getting Started for more information KSX II devices come from the factory with default factory settings When you first power up and connect to the device you must set the following basic parameters so the device can be accessed securely from the network 1 Reset the administrator password All KSX II devices are shipped with the same default password Therefore to avoid security breaches it is imperative that you change the admin password from raritan to one customized for the administrators who will manage the KSX II device 2 Assign the IP address subnet mask and gat
172. eactivated when the number of failed login attempts has exceeded the maximum login attempts set in the Security Settings page Refer to Security Settings on page 189 for more information gt To add anew user 1 Open the User page by choosing User Management gt Add New User or clicking the Add button on the User List page Type a unique name in the Username field up to 16 characters Type the person s full name in the Full Name field up to 64 characters 4 Type a password in the Password field and retype the password in the Confirm Password field up to 64 characters 5 lf there is a dialback number type it in the Dialback Number field Dialback numbers cannot contain any of the following characters or the log on will fail when it is attempted double quote single quote Semicolon dollar sign amp and sign pipe symbol 6 Choose the group from the User Group drop down list The list contains all groups you have created in addition to the system supplied default groups lt Unknown gt default setting Admin Individual Group If you do not want to associate this user with an existing User Group select Individual Group from the drop down list For more information about permissions for an Individual Group refer to Setting Permissions for an Individual Group on page 115 7 To activate the new user select the Active checkbox The default is activated enabled 8 Click OK 121
173. east one lower case character is required in the password When checked at least one upper case character is required in the password When checked at least one numeric character is required in the password When checked at least one special character printable is required in the password This field represents the password history depth That is the number of prior passwords that cannot be repeated The range is 1 12 and the default is 5 Raritan Chapter 9 Security Management Strong Passwords 7 Enable Strong Passwords Minimum length of strong password e Maximum length of strong password e J Enforce at least one lower case character J Enforce at least one upper case character J Enforce at least one numeric character J Enforce at least one printable special character Number of restricted passwords based on history 5 am cot ma rr Lan NASA IA User Blocking The User Blocking options specify the criteria by which users are blocked from accessing the system after the specified number of unsuccessful login attempts The three options are mutually exclusive Option Description Disabled The default option Users are not blocked regardless of the number of times they fail authentication zie Raritan nm 194 Chapter 9 Security Management Option Timer Lockout Deactivate User ID Description Users are denied access to the system for the specified amount of ti
174. ecure LDAP Port 636 m Enable LDAPS Server Certificate Validation Root CA Certificate File Browse 2 Upload Note Reboot device after certificate file is uploaded i Test LDAP Server Access Raritan zie Raritan Chapter 7 User Management 18 The KSX II provides you with the ability to test the LDAP configuration from the Authentication Settings page due to the complexity sometimes encountered with successfully configuring the LDAP server and KSX II for remote authentication To test the LDAP configuration enter the login name and password in the Login for testing field and the Password for testing field respectively This is the username and password you entered to access the KSX Il and that the LDAP server will use to authenticate you Click Test 19 Once the test is completed a message will be displayed that lets you know the test was successful or if the test failed a detailed error message will be displayed It will display successful result or detail error message in failure case It also can display group information retrieved from remote LDAP server for the test user in case of success Test LDAP Server Access Login for testing Password for testing m ad F gpP Returning User Group Information from Active Directory Server The KSX II supports user authentication to Active Directory AD without requiring that users be defined locally on the KSX II This allows Active Directory u
175. emove The selected profiles appear in the Available list These profiles are no longer available for a KVM target server connected to this port gt To apply a profile selection to multiple ports 1 Inthe Apply Selected Profiles to Other Ports section select the Apply checkbox for each KVM port you want to apply the current set of selected USB profiles to Apply Selected Profiles to Other Ports i Apply Port Number Port Name Selected USB Profiles Oo 3 vm cim 1 Generic Troubleshooting 1 Troubleshooting 2 Troubleshooting 3 i 5 vm cim 2 CIM firmware upgrade required 15 charles cim vm cim 3 Generic Troubleshooting 1 Troubleshooting 2 Troubleshooting 3 4 Cok _ Setectan Deselectan Cancel DR j To select all KVM ports click Select All To deselect all KVM ports click Deselect All Configuring KSX II Local Port Settings From the Local Port Settings page you can customize many settings for the KSX II Local Console including keyboard hot keys video switching delay power save mode local user interface resolution settings and local user authentication Further you can change a USB profile from the local port gt To configure the local port settings Note Some changes you make to the settings on the Local Port Settings page will restart the browser you are working in If a browser restart will occur when a setting is changed it is noted in the steps provider he
176. enabled can generate SNMP notification events traps or can be logged to syslog or audit log Use the Event Management Destinations page to select which system events to track and where to send this information Note SNMP traps will only be generated if the SNMP Logging Enabled option is checked Syslog events will only be generated if the Enable Syslog Forwarding option is checked Both of these options are in the Event Management Settings page See Event Management Settings see Configuring Event Management Settings on page 150 gt To select events and their destinations 1 Choose Device Settings gt Event Management Destinations The Event Management Destinations page opens Home gt Device Settings gt Event Management Destination i Event Management Destinations i Note SNMP traps will only be generated if the SNMP Logging Enabled option is checked Similarly Sysiog events will only be generate Syslog Forwarding option is checked These options can be found on the Event Management Settings page on the Device Settings k Category Event ET Syslog Audi v B v 7 Sjeen Sarg u em E rz E Powerstrip Outlet Status Changed m 2 a Network Parameter Changed wy 2 ivl Port Status Changed e al C2 Network Faiure 4 Ethernet Failover e v ica t M Iz ivl FactoryReset E v e Begin CC Contro v v Ee End CC Control v v af Device Lipdate Started Iz v v Device Update C
177. enabled in the Security Settings page Optional e You must choose the correct USB profile for the KVM target server you are connecting to Client PC e Certain virtual media options require administrative privileges on the client PC for example drive redirection of complete drives Note If you are using Microsoft Vista or Windows 7 disable User Account Control or select Run as Administrator when starting Internet Explorer To do this click the Start Menu locate IE right click and select Run as Administrator Target Server e KVM target servers must support USB connected drives e KVM target servers running Windows 2000 must have all of the recent patches installed e USB 2 0 ports are both faster and preferred Raritan Chapter 5 Virtual Media Using Virtual Media via VKC and AKC in a Windows Environment Raritan Windows XP operating system administrator and standard user privileges vary from those of the Windows Vista operating system and the Windows 7 operating system When enabled in Vista or Windows 7 User Access Control UAC provides the lowest level of rights and privileges a user needs for an application For example a Run as Administrator option is provided for Internet Explorer for Administrator level tasks otherwise these are not be accessible even though the user has an Administrator login Both of these features affect the types of virtual media that can be accessed by users via Virtual
178. environments enabling FIPS 140 2 mode may be desirable The KSX Il uses an embedded FIPS 140 2 validated cryptographic module running on a Linux platform per FIPS 140 2 Implementation Guidance section G 5 guidelines Once this mode is enabled the private key used to generate the SSL certificates must be internally generated it cannot be downloaded or exported gt To enable FIPS 140 2 1 Access the Security Settings page 2 Enable FIPS 140 2 Mode by selecting the Enable FIPS 140 2 checkbox in the Encryption amp Share section of the Security Settings page You will utilize FIPS 140 2 approved algorithms for external communications once in FIPS 140 2 mode The FIPS cryptographic module is used for encryption of KVM session traffic consisting of video keyboard mouse virtual media and smart card data 3 Reboot the KSX Il Required Once FIPS mode is activated FIPS Mode Enabled will be displayed in the Device Information section in the left panel of the screen For additional security you can also create a new Certificate Signing Request once FIPS mode is activated This will be created using the required key ciphers Upload the certificate after it is signed or create a self signed certificate The SSL Certificate status will updated from Not FIPS Mode Compliant to FIPS Mode Compliant When FIPS mode is activated key files cannot be downloaded or uploaded The most recently created CSR will be associated internally with
179. er ISO Images Only 97 98 FIPS 140 2 Support Requirements 198 French Keyboard 306 From LDAP LDAPS 295 From Microsoft Active Directory 295 G General Questions 316 Generic Blade Chassis Configuration 162 Getting Started 13 Group Based IP ACL Access Control List 115 118 H Handling Conflicts in Profile Names 211 Hardware 5 Help for Choosing USB Profiles 311 Help Options 80 Hot Keys and Connect Keys 248 HP Blade Chassis Configuration Port Group Management 173 175 188 HTTP and HTTPS Port Settings 142 282 IBM AIX 5 3 Settings 22 IBM Blade Chassis Configuration 168 Implementing LDAP LDAPS Remote Authentication 123 124 Implementing RADIUS Remote Authentication 123 128 Import Export Keyboard Macros 58 Informational Notes 303 Initial Configuration Using CLI 234 Installation 336 Installation and Configuration 12 Intelligent Mouse Mode 13 71 Interface and Navigation 40 Interface Command 238 Interfaces 36 Introduction e 1 IPv6 Command 240 IPv6 Networking 326 IPv6 Support Notes 305 Raritan J Java 303 Java Runtime Environment JRE 304 K Key Combinations and the Java Runtime Environment JRE 308 Keyboard Language Preference Fedora Linux Clients 307 Keyboard Macros 57 Keyboard Options 57 Keyboards 306 KSX II Client Applications 4 KSX II Console Layout 40 KSX II Help 4 KSX II
180. er commonly deployed server configurations for example Linux and Mac OS X There are also a number of profiles designated by platform name and BIOS revision to enhance virtual media function compatibility with the target server for example when operating at the BIOS level USB profiles are configured on the Device Settings Port Configuration gt Port page of the KSX Il Remote and Local Consoles A device administrator can configure the port with the profiles that best meet the needs of the user and the target server configuration A user connecting to a KVM target server chooses among these preselected profiles in the Virtual KVM Client see Virtual KVM Client VKC on page 51 depending on the operational state of the KVM target server For example if the server is running and the user wants to use the Windows operating system it would be best to use the Generic profile But if the user wants to change settings in the BIOS menu or boot from a virtual media drive depending on the target server model a BIOS profile may be more appropriate Should none of the standard USB profiles provided by Raritan work with a given KVM target please contact Raritan Technical Support for assistance zie Raritan id CIM Compatibility Chapter 6 USB Profiles In order to make use of USB profiles you must use a D2CIM VUSB or D2CIM DVUSB with updated firmware A VM CIM that has not had its firmware upgraded will support a broad range of
181. er using the PC Share feature In order to access KSX Il from a client what hardware software or network configuration is required Because the KSX II is completely web accessible it doesn t require installation of proprietary software on clients used for access The browser does have to be Java enabled though The KSX II can be accessed through major web browsers including Internet Explorer Mozilla and Firefox The KSX Il can now be accessed on Windows Linux Sun Solaris and Macintosh desktops via Raritan s Java based Multi Platform Client MPC RSC and the new Virtual KVM Client When using an SSH client the customer has to provide an SSH client In some operating systems like Linux an SSH client is included in the distribution Also OpenSSH org has an SSH client The KSX II administrators can also perform remote management set passwords and security rename servers change IP address and so forth using a convenient browser based interface What is the file size of the Virtual KVM Client applet that is used to access the KSX II How long does it take to retrieve The Virtual KVM Client applet used to access the KSX II is approximately 500KB in size The following chart describes the approximate time required to retrieve the KSX II s applet at different network speeds Speed Description Time 100Mbps Theoretical 100Mbit network speed 0 05 seconds 327 328 Appendix D FAQs Speed Description Time 60Mbps Likely
182. ering the Dominion KSX Il itself No Unlike other products in its category Dominion KSX Il offers modem access to administer the box AND get to the target servers Is a modem standard on any Dominion KSX Il models Yes a built in modem is standard on KSX II models What level of control does Dominion KSX II have over attached target servers The remote user has direct command line access and total control of target devices for maintenance administration troubleshooting and even rebooting User rights are only restricted by their log in privileges on Dominion KSX II and the server itself Why do I need to use a serial adapter to connect to some servers While EIA published a standard for RS232 on DB25 and DB9 connectors there is no standard for RS232 on RJ45 Also some manufacturers have chosen not to follow the pin out assignments of the EIA on DB25 and DB9 connectors Is the Dominion KSX II device SUN break safe 319 320 Appendix D FAQs All Dominion KSX II units are SUN break safe for use with SUN Solaris have lost my Admin password to the Dominion KSX Il Is there a back door or secret password There is no back door password The only option is to restore the unit to its factory default settings and create the administrator user name and password again A hardware reset function to restore the unit to factory default facility is provided What remote access connection methods can KSX II accommodate
183. ermissions a Active To activate the link once it is configured select the Active checkbox Leave the checkbox deselected to keep the link inactive Entering information into the link fields and saving can still be done even if Active is not selected Once Active is selected the URL field is required The username password username field and password field are optional depending on whether single sign on is desired or not b URL Enter the URL to the interface See Blade Chassis Sample URL Formats on page 180 for sample configurations for the IBM BladeCenter c Username Enter the username used to access the interface d Password Enter the password used to access the interface 169 170 Chapter 8 Device Management Note Leave the username and password fields blank for DRAC ILO and RSA web applications or the connection will fail e The Username Field and Password Field which are both optional contain the labels that are expected to be associated with the username and password entries It is in these fields you should enter the field names for the username and password fields used on the login screen for the web application You can view the HTML source of the login screen to find the field names not the field labels See Tips for Adding a Web Browser Interface on page 172 for tips on adding a web browser interface If applicable define the USB profile for the blade chassis or select an existing USB pro
184. ername and password Follow these examples for correct formats http s 192 168 1 1 login asp http s www example com cgi login Hhttp s example com home html 3 Enter the username and password that will allow access to this interface Optional 4 f username and password were entered in the Username Field and Password Field type the field names for the username and password fields that are used in the login screen for the web application You must view the HTML source of the login screen to find the field names not the field labels Tip for locating field names e Inthe HTML source code for the login page of the web application search for the field s label such as Username and Password e When you find the field label look in the adjacent code for a tag that looks like this name user The word in quotes is the field name id S Raritan Chapter 8 Device Management HP Blade Chassis Configuration Port Group Management The KSX II supports the aggregation of ports connected to certain types of blades into a group representing the blade chassis Specifically HP BladeServer blades and Dell PowerEdge 1855 1955 blades when the Dell PowerEdge 1855 1955 is connected from each individual blade to a port on the KSX Il The chassis is identified by a Port Group Name and the group is designated as a Blade Server Group on the Port Group Management page Port Groups consist solely of ports configured as standard
185. ers CN Comain Controllers CN Users D Comp D Cm y dor ils G3cn cemen Guests CN 0omah Guests CNSUsers DC mypc DC my demsin Program Data Gi cu cemen Users CN 0omah Users CN Users D ms pe Dm domain Hn H Systen i Ql cn Encerpees admire CH Enkerpetzo admire Ce sers CIC mypc DC e mydom amp EE RUE n icn aroao Poley Creator Ow group CN Group Policy Creator Owners CH Users De mypc E scheme 2 32 4enemt mpem 23 C Meses user CheGuest Che Lees DC anipe De mden in Dco Cicneeebsere cesireup CNeHebServicesGreup CN Users D Came D Cem doe Bemetutegt user Chhedirbegt Chu isers OC mype OC e mydemar Decon Benaras and 145 Serves group CNeRAS and 185 Servers Ol Users D Cemupe DC mur Gicneschems admins group CheSchema Admins C Ned Int s DC emp DC enden GHcues PPCRT EEGHSRD user CMeS FPCRT 35EP3520 C had ker s C e mypr DC end G3icneTeinercierts CMe Tenant herts Cle Lene DC mme DC my demsin E 6 Locate the user name whose properties you want to adjust in the right pane Right click the user name and select Properties Sis Raritan m Appendix B Updating the LDAP LDAPS Schema 7 Click the Attribute Editor tab if it is not already open Choose rciusergroup from the Attributes list CN Administrator Properties proxy amp ddresses Unicode String pwdLastSet Large Integer queryPolicyBL Distinguished rciusergroup Case Insensiti registered amp ddress Octet String replPropertyMetaData O
186. ers in it the users are automatically assigned to the unknown user group Tip To determine the users belonging to a particular group sort the User List by User Group 1 Choose a group from among those listed by checking the checkbox to the left of the Group Name Click Delete When prompted to confirm the deletion click OK Users Users must be granted user names and passwords to gain access to the KSX Il This information is used to authenticate users attempting to access your KSX Il User List The User List page displays a list of all users including their user name full name and user group The list can be sorted on any of the columns by clicking on the column name From the User List page you can also add modify or delete users gt To view the list of users e Choose User Management gt User List The User List page opens Home gt User Management gt Users Lego User List 4 Username full Name User Group Add Delete Force User Loqgoff Hn 5E Raritan Raritan Chapter 7 User Management Adding a New User It is a good idea to define user groups before creating KSX II users because when you add a user you must assign that user to an existing user group Refer to Adding a New User Group on page 114 for more information From the User page you can add new users modify user information and reactivate users that have been deactivated Note A user name can be d
187. ersion installed Besides the initial setting of the KSX II s IP address everything about the solution can be completely set up over the network In fact using a crossover Ethernet cable and the KSX II s default IP address you can even configure the initial settings via web browser Can backup and restore the KSX II s configuration Yes the KSX II s device and user configurations can be completely backed up for later restoration in the event of a catastrophe The KSX II s backup and restore functionality can be used remotely over the network or via the Remote Console What auditing or logging does the KSX II offer For complete accountability the KSX II logs all major user and system events with a date and time stamp For instance reported events include but are not limited to user login user log off user access of a particular server unsuccessful login configuration changes and so forth Can the KSX Il integrate with Syslog Yes In addition to the KSX II s own internal logging capabilities the KSX Il can send all logged events to a centralized Syslog server Can the KSX Il integrate with SNMP Yes In addition to the KSX II s own internal logging capabilities the KSX II can send SNMP traps to SNMP management systems like HP OpenView and Raritan s CC NOC Can the KSX II s internal clock be synchronized with a timeserver Yes the KSX II supports the industry standard NTP protocol for synchronization with eit
188. erver Control must be assigned to the group if VM and power control access will also be granted VM access Option Description Deny Virtual media permission is denied altogether for the port Read Only Virtual media access is limited to read access only Read Write Complete access read write to virtual media Power control access Option Description Deny Deny power control to the target server Access Full permission to power control on a target server For blade chassis the port access permission will control access to the URLs that have been configured for that blade chassis The options are Deny or Control In addition each blade housed within the chassis has its own independent Port Permissions setting 117 118 Chapter 7 User Management Group Based IP ACL Access Control List Important Exercise caution when using group based IP access control It is possible to be locked out of your KSX II if your IP address is within a range that has been denied access This feature limits access to the KSX Il device by users in the selected group to specific IP addresses This feature applies only to users belonging to a specific group unlike the IP Access Control List feature that applies to all access attempts to the device is processed first and takes priority Important The IP address 127 0 0 1 is used by the KSX II Local Port and cannot be blocked Use the IP ACL section of the Group page to add insert replace
189. erver Configuration for use with MPC VKC and AKC When the use of a Proxy Server is required a SOCKS proxy must also be provided and configured on the remote client PC Note If the installed proxy server is only capable of the HTTP proxy protocol you cannot connect 1 To configure the SOCKS proxy On the client select Control Panel gt Internet Options On the Connections tab click LAN settings The Local Area Network LAN Settings dialog opens Select Use a proxy server for your LAN Click Advanced The Proxy Settings dialog opens Configure the proxy servers for all protocols IMPORTANT Do not select Use the same proxy server for all protocols Note The default port for a SOCKS proxy 1080 is different from HTTP proxy 3126 Click OK at each dialog to apply the settings Next configure the proxies for Java applets by selecting Control Panel Java On the General tab click Network Settings The Network Settings dialog opens Select Use Proxy Server Click Advanced The Advanced Network Settings dialog opens Configure the proxy servers for all protocols IMPORTANT Do not select Use the same proxy server for all protocols Note The default port for a SOCKS proxy 1080 is different from HTTP proxy 3128 If you are using standalone MPC you must also do the following Open the start bat file in MPC directory with a text editor Insert the following parameters to the command line
190. ese instances setting the KSX II LAN Interface Speed amp Duplex field to 100 Mbps Full Duplex or whatever option is appropriate to your network addresses the issue See the Network Settings on page 136 page for more information Raritan 5 Raritan Chapter 2 Installation and Configuration Naming Target Servers gt To name the target servers 1 Connect all of the target servers if you have not already done so See Step 3 Connect the Equipment for a description of connecting the equipment 2 Using the KSX II Local Console choose Device Settings gt Port Configuration The Port Configuration page opens 3 Click the Port Name of the target server you want to rename The Port Page opens 4 Assign a name to identify the server connected to that port The name can be up to 32 characters and alphanumeric and special characters are allowed 5 Click OK Valid Special Characters for Target Names Character Description Character Description Exclamation point Semi colon Double quote Equal sign Pound sign gt Greater than sign Dollar sign Question mark Percent sign At sign amp Ampersand Left bracket Left parenthesis Backward slash Right parenthesis Right bracket Asterisk Caret Plus sign Underscore Comma Grave accent Dash Left brace Period Pipe sign Forward slash Right brace lt Less than sign Tilde Colon 31 Chapter 2 Installation and Configurati
191. et Under CC SG Control Via VKC Using Firefox 315 Smart Card Readers 283 Smart Cards 74 Smart Cards and CAC Authentication 344 Software 6 Special Sun Key Combinations 250 Specifications 25 270 SSH Access from a UNIX Linux Workstation 228 SSH Access from a Windows PC 228 SSH Connection to the KSX II 228 SSL Certificates 201 Standard Mouse Mode 70 Step 1 Configure KVM Target Servers 12 13 Step 2 Configure Network Firewall Settings 12 22 Step 3 Connect the Equipment 23 Step 4 Configure the KSX II 12 28 Step 5 Optional Configure Keyboard Language 12 35 Stopping CC SG Management 217 Strong Passwords 135 189 192 Sun Solaris Settings 19 Supported and Unsupported Smart Card Readers 74 243 283 344 Raritan Supported Blade Chassis Models 162 164 168 175 Supported Browsers 275 Supported CIMs for Blade Chassis 176 Supported Keyboard Languages 249 Supported Operating Systems Clients 271 Supported Operating Systems and CIMs KVM Target Servers 25 272 317 Supported Paragon CIMS and Configurations 197 276 Supported Protocols 34 Supported Video Resolutions 18 22 280 289 SUSE Linux 10 1 Settings 18 SUSE VESA Video Modes 313 Switching Between KVM Target Servers 53 T Target BIOS Boot Time with Virtual Media 314 Target Connections and the CLI 236 Target Server Connection Distance and Video Resolution
192. eting the fields in the RADIUS section of the Authentication Settings page 6 Click OK to save gt To return to factory defaults e Click the Reset to Defaults button 123 zie Raritan 124 Chapter 7 User Management Implementing LDAP LDAPS Remote Authentication Lightweight Directory Access Protocol LDAP LDAPS is a networking protocol for querying and modifying directory services running over TCP IP A client starts an LDAP session by connecting to an LDAP LDAPS server through the default TCP port is 389 The client then sends operation requests to the server and the server sends responses in turn Reminder Microsoft Active Directory functions natively as an LDAP LDAPS authentication server gt To use the LDAP authentication protocol 1 Click User Management Authentication Settings to open the Authentication Settings page 2 Select the LDAP radio button to enable the LDAP section of the page 3 Click the icon to expand the LDAP section of the page Server Configuration 4 Inthe Primary LDAP Server field type the IP address or DNS name of your LDAP LDAPS remote authentication server up to 256 characters When the Enable Secure LDAP option is selected and the Enable LDAPS Server Certificate Validation option is selected the DNS name must be used to match the CN of LDAP server certificate 5 Inthe Secondary LDAP Server field type the IP address or DNS name of your backup LDAP LDAPS server u
193. evel of security operations Click OK 141 Chapter 8 Device Management HTTP and HTTPS Port Settings You are able to configure HTTP and or HTTPS ports used by the KSX II For example if you are using the default HTTP port 80 for another purpose changing the port will ensure the device does not attempt to use it gt To change the HTTP and or HTTPS port settings 1 Choose Device Settings Device Services The Device Service Settings page opens Enter the new ports in the HTTP Port and or HTTPS Port fields Click OK Entering the Discovery Port The KSX II discovery occurs over a single configurable TCP Port The default is Port 5000 but you can configure it to use any TCP port except 80 and 443 To access the KSX II from beyond a firewall your firewall settings must enable two way communication through the default Port 5000 or a non default port configured here gt To enable the discovery port 1 Choose Device Settings gt Device Services The Device Service Settings page opens Enter the Discovery Port Click OK Enabling Serial Console Access gt To enable serial console access 1 Choose Device Settings gt Device Services The Device Service Settings page opens Select Enable Serial Console Access Select the baud rate of the device Click OK us 3is Raritan Chapter 8 Device Management Enabling Direct Port Access via URL Direct port access allows users to bypass having
194. evice can be accessed from the Local Console Remote Console MPC VKC and AKC When a device is accessed directly while it is under CC SG management access and connection activity is logged on the KSX II User authentication is performed based on KSX Il authentication settings Note The Admin user group has this permission by default Network settings date time settings port configuration channel names power associations event management SNMP Syslog virtual media file server setup Network interface status network statistics ping host trace route to host KSX II diagnostics Backup and restore database firmware upgrade factory reset reboot Permission to use the modem to connect to the KSX II device Simultaneous access to the same target by multiple users SSL certificate security settings VM Share PC Share IP ACL User and group management remote Raritan Raritan Chapter 7 User Management Permission Description Management authentication LDAP LDAPS RADIUS login settings Port Permissions For each server port you can specify the access type the group has as well as the type of port access to the virtual media and the power control Please note that the default setting for all permissions is Deny Port access Option Description Deny Denied access completely View View the video but not interact with the connected target server Control Control the connected target s
195. eway IP address to allow remote access Setting Parameters To set parameters you must be logged on with administrative privileges At the top level you will see the Username gt prompt which for the initial configuration is admin Enter the top command to return to the top menu level Note If you have logged on with a different user name that user name will appear instead of admin Setting Network Parameters Network parameters are configured using the interface command admin Config Network interface ipauto none ip 192 168 151 12 mask 255 255 255 0 gw192 168 151 1 mode auto When the command is accepted the device automatically drops the connection You must reconnect to the device using the new IP address and the user name and password you created in the resetting factory default password section Important If the password is forgotten the KSX II will need to be reset to the factory default from the Reset button on the back of the KSX Il The initial configuration tasks will need to be performed again if this is done Raritan CLI Prompts CLI Commands Raritan Chapter 12 Command Line Interface CLI The KSX II now has the basic configuration and can be accessed remotely via SSH GUI or locally using the local serial port The administrator needs to configure the users and groups services security and serial ports to which the serial targets are attached to the KSX I
196. f English alphanumeric characters and special characters Click OK You will receive confirmation that the password was successfully changed Click OK Note If strong passwords are in use this page displays information about the format required for the passwords For more information about passwords and strong passwords see Strong Passwords on page 192 Home gt User Management gt Change Password Change Password Old Password Hew Password Confirm Hew Password OK Cancel 135 zie Raritan Chapter 8 Device Management In This Chapter Network Settllgs inii ui DU atid Rd eee 136 DEVICE SCIVICES m E 141 Configuring Modem Settings ssssssseseeeeee 147 Configuring Date Time Settings ssssseseeeeee 148 Event Management 35 nd ecce e aedi ME Ue Aladin 149 Contiguring dole 155 Port KeyWOFds niniin te roe eben aaa adie Pria MARO ELE a ERE Md aiaa 186 Port Group Managemiernt ioca echt te attese ber tesa ai andietan edu Ste Kodex 188 Network Settings Use the Network Settings page to customize the network configuration for example the IP address discovery port and LAN interface parameters for your KSX II There are two options available to set up your IP configuration e None default This is the recommended option static IP Since the KSX Il is part of your network infrastructure you most likely do not want i
197. file Click the USB Profiles Select USB Profiles for Port icon siesta hol hal or the Apply Select Profiles to Other Ports icon MI Apply Selected Profiles to Other Ports to expand these sections of the page See Configuring USB Profiles Port Page on page 181 Click OK to save the configuration To configure a IBM BladeCenter Other If you selected IBM BladeCenter Other auto discovery is not available Configure the blade chassis as applicable a Switch Hot Key Sequence Select the hot key sequence that will be used to switch from KVM to the blade server b Administrative Module Primary IP Address Host Name Enter the primary IP address for the blade chassis Not applicable c Maximum Number of Slots Enter the default maximum number of slots available on the blade chassis d Port Number The default port number for the blade chassis is 22 Not applicable e Username Not applicable f Password Not applicable Change the blade chassis name if needed Indicate the blades that are installed in the blade chassis by checking the Installed checkbox next to each slot that has a blade installed Alternatively use the Select All checkbox If needed change the blade server names If it is not already named the KSX II assigns a name to the blade server The default blade server naming convention is Blade Chassis Porti Slot Raritan Z Raritan 4 Chapter 8 Device Management In the Blade Chassis
198. ftware upgrades are free Does Dominion KSX II require any additional client software Raritan Z Raritan Appendix D FAQs No Dominion KSX II is truly Plug and Play making installation quick and set up easy It is not necessary to buy any additional client software or hardware In addition no special networking equipment or design is necessary What is the name of the terminal emulation package included with Dominion KSX II Raritan Serial Console What Authentication mechanisms does the Dominion KSX II support Local database RADIUS LDAP S Active Directory Does Dominion KSX II support SNMP Yes Dominion KSX II supports SNMP traps via the Raritan Enterprise MIB Does Dominion KSX II support syslog Yes Dominion KSX II supports syslog to primary and secondary servers Can I log every keystroke of a session input from user and response from a server device with a server Yes KSX Il supports client side logging Does Dominion KSX II support Telnet Yes Dominion KSX II supports enabling of the telnet daemon on the Dominion KSX II unit Because telnet sends all information in the clear enabling telnet is at the customers own discretion and telnet is disabled by default when the unit ships from the factory Raritan strongly suggests the use of SSH as a safer alternative to telnet since all data is encrypted including the login sequence Can I send an intentional break signal to the Sun So
199. ge The USB profiles chosen in the Port page become the profiles available to the user in VKC when connecting to a KVM target server from the port The default is the Windows 2000 operating system Windows XP operating system Windows Vista operating system profile For information about USB profiles see USB Profiles on page 104 Note To set USB profiles for a port you must have a VM CIM or Dual VM CIM connected with firmware compatible with the current firmware version of the KSX Il See Upgrading CIMs The profiles available to assign to a port appear in the Available list on the left The profiles selected for use with a port appear in the Selected list on the right When you select a profile in either list a description of the profile and its use appears in the Profile Description field In addition to selecting a set of profiles to make available for a KVM port you can also specify the preferred profile for the port and apply the settings set for one port other KVM ports Note See Mouse Modes when Using the Mac OS X USB Profile with a DCIM VUSB on page 112 for information on using the Mac OS X USB profile if you are using a DCIM VUSB or DCIM DVUSB gt To open the Port page 1 Choose Device Settings Port Configuration The Port Configuration page opens 2 Click the Port Name for the KVM port you want to edit The Port page opens P To select the USB profiles for a KVM port 1 Inthe Select USB Profiles for
200. guring this section of the Network Settings page Note In some environments the default LAN Interface Speed amp Duplex setting Autodetect autonegotiator does not properly set the network parameters which results in network issues In these instances setting the KSX II LAN Interface Speed amp Duplex field to 100 Mbps Full Duplex or whatever option is appropriate to your network addresses the issue See the Network Settings on page 136 page for more information Device Name se kx2 232 IPv4 Address IP Address Subnet Mask 192 168 51 55 255 255 255 0 Default Gateway Preferred DHCP Host Name 192 163 51 126 IP Auto Configuration DHCP ve IPv6 Address Global Unique IP Address Prefix Length Gateway IP Address Link Local IP Address Zone Ip WA 1 IP Auto Configuration None Obtain DNS Server Address Automatically Use the Following DUS Server Addresses Primary DNS Server IP Address 192 168 59 7 Secondary DUS Server IP Address 192168 51 10 OK Reset To Defaults Cancel mtt ne as ats ade Lact n a pM Y Ae PA Ir IA ae ee S L8 LAN Interface Settings 1 The current parameter settings are identified in the Current LAN interface parameters field 2 Choose the LAN Interface Speed amp Duplex from the following options 139 Chapter 8 Device Management Autodetect default option 10 Mbps Half Both LEDs blink 10 Mbps Full Both LEDs blink
201. h and limit video output offering an optimal balance between video quality and system responsiveness for any bandwidth The parameters in the Properties dialog can be optimized to suit your needs for different operating environments Connection properties are saved across subsequent connections to generation 2 devices once they are set and saved gt To set the connection properties 1 Choose Connection gt Properties or click the Connection Properties button A in the toolbar The Properties dialog appears Properties Connection Speed 1G Ethernet v Color Depth 15 bit RGB Color Smoothing C gt Low OK Cancel Apply Note KX Il 101 does not support 1G Ethernet 2 Choose the Connection Speed from the drop down list The device can automatically detect available bandwidth and not limit bandwidth use However you can also adjust this usage according to bandwidth limitations Auto 1G Ethernet 100 Mb Ethernet 10 Mb Ethernet 1 5 Mb MAX DSL T1 1Mb Fast DSL T1 512 Kb Medium DSL T1 384 Kb Slow DSL T1 55 Chapter 3 Working with Target Servers 256 Kb Cable 128 Kb Dual ISDN 56 kb ISP Modem 33 kb Fast Modem 24 kb Slow Modem Note that these settings are an optimization for specific conditions rather than an exact speed The client and server always attempt to deliver video as quickly as possible on the network regardless of the current net
202. hapter 13 KSX II Local Console KSX II Local Console Factory Reset Note This feature is available only on the KSX Il Local Console The KSX II offers several types of reset modes from the Local Console user interface Note It is recommended that you save the audit log prior to performing a factory reset The audit log is deleted when a factory reset is performed and the reset event is not logged in the audit log For more information about saving the audit log see Audit Log on page 206 gt To perform a factory reset 1 Choose Maintenance Factory Reset The Factory Reset page opens 2 Choose the appropriate reset option from the following options e Full Factory Reset Removes the entire configuration and resets the device completely to the factory defaults Note that any management associations with CommandCenter will be broken Because of the complete nature of this reset you will be prompted to confirm the factory reset e Network Parameter Reset Resets the network parameters of the device back to the default values click Device Settings Network Settings to access this information P auto configuration IP address Subnet mask Gateway IP address Primary DNS server IP address Secondary DNS server IP address Discovery port Bandwidth limit LAN interface speed amp duplex Enable automatic failover Ping interval seconds Timeout seconds 1 Click Reset to continue
203. hapter 13 KSX II Local Console n addition to the Port Number Port Name Status Type and Availability a Group column is also displayed on the View by Group tab This column contains the port groups that are available 3 Click the Port Name of the target server you want to access The Port Action Menu appears See Port Action Menu on page 44 for details on available menu options 4 Choose the desired menu command from the Port Action Menu gt To change the display sort order e Click the column heading by which you want to sort The list of KVM target servers is sorted by that column Server Display After you login to the KSX Il Local Console the Port Access page opens This page lists all of the KSX II ports KVM target servers and serial servers and their status and availability Port Access Click on the individual port name to see allowable operations 0 of 1 Remote KVM channels currently in use 4 Port Number Port Name Port Type Status Availability Win Target VM up idle Dominion KSX2 Port2 Not Available down idle Dominion KSX2 Port3 Not Available KSX G2 Admin VM Dominion KSX2 PortS Not Available Dominion KSX2 Port amp Not Available Dominion KSX2 Port Not Available Dominion KSX2 Port8 Not Available Cisco 2501 Serial SP 2 Serial Serial Port 3 Serial Serial Port 4 Serial SP 5 Serial Serial Port 6 Serial Serial Port 7 Serial 16 Serial Port 8 Serial up idle i2 e el
204. hapter 3 Working with Target Servers Additional Notes for Intelligent Mouse Mode e Be sure that there are no icons or applications in the upper left section of the screen since that is where the synchronization routine takes place e Donotuse an animated mouse e Disable active desktop on KVM target servers Synchronize Mouse In dual mouse mode the Synchronize Mouse command forces realignment of the target server mouse pointer with Virtual KVM Client mouse pointer gt To synchronize the mouse do one of the following e Choose Mouse gt Synchronize Mouse or click the Synchronize Mouse button in the toolbar Note This option is available only in Standard and Intelligent mouse modes Standard Mouse Mode Standard Mouse mode uses a standard mouse synchronization algorithm using relative mouse positions Standard Mouse mode requires that mouse acceleration is disabled and other mouse parameters are set correctly in order for the client and server mouse to stay synchronized gt To enter Standard Mouse mode e Choose Mouse gt Standard Raritan Z Raritan Chapter 3 Working with Target Servers Intelligent Mouse Mode In Intelligent Mouse mode the device can detect the target mouse settings and synchronize the mouse cursors accordingly allowing mouse acceleration on the target Intelligent mouse mode is the default for non VM targets In this mode the mouse cursor does a dance in the top left corner
205. he Port Configuration page On the Port Configuration page click on the name of the blade chassis you want to configure The Port page will open Select the Blade Chassis radio button The page will then display the necessary fields to configure a blade chassis Select the IBM blade chassis model from the Blade Server Chassis Model drop down To configure a IBM BladeCenter H and E If you selected IBM BladeCenter H or E auto discovery is available Configure the blade chassis as applicable Prior to configuring a blade chassis that can be auto discovered it must be configured to enable SSH connections on the designated port number see Device Services Additionally a user account with the corresponding authentication credentials must be previously created on the blade chassis The KSX II only supports auto discovery for AMM 1 a Switch Hot Key Sequence Predefined b Maximum Number of Slots The default maximum number of slots available on the blade chassis is automatically entered c Administrative Module Primary IP Address Host Name Enter the primary IP address for the blade chassis Required for auto discovery mode Raritan Z Raritan Chapter 8 Device Management d Port Number The default port number for the blade chassis is 22 Change the port number if applicable Required for auto discovery mode e Username Enter the username used to access the blade chassis Required for auto discovery mode
206. he import Alternatively click Rename to rename the macro and import it f Rename is selected the Rename Macro dialog appears Enter a new name for the macro in the field and click OK The dialog closes and the process proceeds If the name that is entered is a duplicate of a macro an alert appears and you are required to enter another name for the macro b Ifduring the import process the number of allowed imported macros is exceeded a dialog appears Click OK to attempt to continue importing macros or click Cancel to stop the import process The macros are then imported If a macro is imported that contains a hot key that already exists the hot key for the imported macro is discarded gt To export macros 1 Choose Tools gt Export Macros to open the Select Keyboard Macros to Export dialog Select Keyboard Macros to Export Y Minimi All wind inimize indows Deselect All 2 Select the macros to be exported by checking their corresponding checkbox or using the Select All or Deselect All options 59 zie Raritan 60 Chapter 3 Working with Target Servers 3 Click Ok The Export Keyboard Macro A dialog from which to locate and select the macro file appears By default the macro exists on your desktop 4 Select the folder to save the macro file to enter a name for the file and click Save If the macro already exists you receive an alert message Select Yes to overwrite the existing macro or
207. he statuses of the ports being used by the KSX II When displayed Always Always Always Always Always When the KSX II is being managed by CC SG Always Always Always Always Always Always Always 41 42 Chapter 3 Working with Target Servers Information Connected Users Online Help User Guide Favorite Devices FIPS Mode Description When displayed The users identified by Always their username and IP address who are currently connected to the KSX II Links to online help Always See Managing Favorites Always on page 46 FIPS Mode EnabledSSL When FIPS is enabled Certificate FIPS Mode Compliant Raritan Z Raritan Chapter 3 Working with Target Servers Port Access Page After successfully logging on to the KSX II Remote Console the Port Access page appears This page lists all of the KSX II ports the connected KVM target servers and their status and availability The Port Access page provides access to the KVM target servers connected to the KSX II KVM target servers are servers that you want to control through the KSX II device They are connected to the KSX II ports at the back of the device Note For each connection to a KVM target server a new Virtual KVM Client window opens Also displayed on the Port Access page are blade chassis that have been configured in the KSX II The blade chassis is displayed in an expandable hierarchical list on th
208. he type of local user authentication Local LDAP RADIUS This is the recommended option For more information about authentication see Remote Authentication on page 34 None There is no authentication for Local Console access This option is recommended for secure environments only Select the Ignore CC managed mode on local port checkbox if you would like local user access to the KSX Il even when the device is under CC SG management 253 Chapter 13 KSX II Local Console Note If you initially choose not to ignore CC Manage mode on the local port but later want local port access you will have to remove the device from under CC SG management from within CC SG 254 You will then be able to check this checkbox 10 Click OK Note Some changes to the Local Port Settings will restart the browser iV Enable Standard Local Port Local Port Settings Keyboard Type us X Local Port Hotkey Local Port Connectkey Double Click Scroll Lock X Disabled X Video Switching Delay in secs 0 Power Save Mode Power Save Mode Timeout in minutes 10 Resolution 1024x768 Refresh Rate Hz 60Hz v Local User Authentication Local LDAP RADIUS None 7 Ignore CC managed mode on local port ATE WEE Y c7 OK Reset To Defaults Cancel M on gt To reset back to defaults e Click Reset to Defaults Raritan Z Raritan C
209. hen the target is experiencing USB protocol errors caused by signal degradation due to additional connectors and cables for example a connection to a blade server via a dongle Raritan CC SG Raritan Appendix C Informational Notes Virtual KVM Client Version Not Known from CC SG Proxy Mode When the Virtual KVM Client is launched from CommandCenter Secure Gateway CC SG in proxy mode the Virtual KVM Client version is unknown In the About Raritan Virtual KVM Client dialog the version is displayed as Version Unknown Single Mouse Mode Connecting to a KSX Il Target Under CC SG Control Via VKC Using Firefox When using Firefox to connect to a KSX II target under CC SG control using DCIM PS2 or DCIM USBG2 if you change to Single Mouse Mode in the Virtual KVM Client the VKC window will no longer be the focus window and the mouse will not respond If this occurs left click on the mouse or press Alt Tab to return the focus to the VKC window Moving Between Ports of the KSX II If you move a between ports of the same KSX Il and resume management within one minute CC SG may display an error message If you resume management the display will be updated 315 Appendix D General Questions Z Raritan FAQs In This Chapter General Questions eseee e e emen nnne nnne nnns 316 Serial ACG688S onem ees e a a a A a a Bee pH n peso sp Rr 318 Universal Virtual Media
210. her a corporate timeserver or with any public timeserver assuming that outbound NTP requests are allowed through the corporate firewall zie Raritan P 346 Appendix D FAQs Miscellaneous What is the KSX II s default IP address 192 168 0 192 What is the KSX II s default user name and password The KSX II s default user name is admin and the default password is raritan all lower case However for the highest level of security the KSX II forces the administrator to change the KSX II default administrative user name and password when the unit is first booted up I changed and subsequently forgot the KSX II s administrative password can you retrieve it for me The KSX II contains a hardware reset button that can be used to factory reset the device which will reset the administrative password on the device am logged into the KSX II using Firefox and opened another Firefox browser am automatically logged into the same KSX II with the second Firefox browser Is this right Yes this is correct behavior and is the direct result of how browsers and cookies function am logged into the KSX II using Firefox and attempt to log into another KSX II using another Firefox browser session from the same client am logged off of both KSX Ils is this correct behavior Yes to access two different KSX II devices either close the first session or use another client PC Raritan Index A A AC Power 23
211. her computer Connect using my serial parallel or infrared port F 5 Select the checkbox before the modem that you want to use to connect to the KSX II and then click Next Network Connection Wizard Select a Device This is the device that wil be used to make the connection You have more than one dial up device on your computer Select the devices to use in this connection T Iniiaced Modem Port SERIAL1 0 v E Modem Lucent Win Modem COM3 6 Type the area code and phone number you wish to dial in the appropriate fields zie Raritan id Chapter 14 Modem Configuration 7 Click the Country region code drop down arrow and select the country or region from the list Network Connection Wizard Phone Number to Dial You must specify the phone number of connect to 8 Click Next The Connection Availability dialog appears 9 Click the Only for myself radio button in the Connection Availability dialog Network Connection Wizard Connection Availability You may make the new connection available to all users or just yourself ix Raritan Chapter 14 Modem Configuration 10 Click Next The Network Connection has been created 11 Type the name of the Dial up connection 12 Click Finish 13 Click Dial to connect to the remote machine when the Dial dialog appears A dialog indicating that a successful connection has been established will appear Consult the W
212. ick the Port Name of the target you want to access The Port Action menu appears 3 Click Connect A Virtual KVM Client window opens to the target server connected to that port Toolbar Button Button Description Name Connection Opens the Modify Connection Properties dialog Ney Properties from which you can manually adjust bandwidth options such as connection speed color depth and so forth 51 52 Chapter 3 Working with Target Servers Button ae al zo ta l E bs E E Button Name Video Settings Color Calibration Target Screenshot Synchronize Mouse Refresh Screen Auto sense Video Settings Smart Card Send Ctrl Alt Del Single Cursor Mode Full Screen Mode Scaling Description Opens the Video Settings dialog allowing you to manually adjust video conversion parameters Adjusts color settings to reduce excess color noise Same as choosing Video gt Color Calibrate Note Not available in KX II 101 V2 Click to take a screenshot of the target server and save it to a file of your choosing Dual mouse mode forces the realignment of the target server mouse pointer with the mouse pointer Note Not available in KX II 101 V2 Forces a refresh of the video screen Forces a refresh of the video settings resolution refresh rate Opens a dialog that allows you to select from a list of smart card readers connected to a client PC Note This
213. ideo Display and Keyboard and Local Admin Port For convenient access to KVM target servers and serial devices while at the rack use the KSX II Local Access port While the local port is required for installation and setup it is optional for subsequent use The local port provides the KSX Il Local Console graphical user interface for administration and target server access gt To connect the Local User port e Attach a multi sync VGA monitor keyboard and mouse to the respective Local User ports using a USB keyboard and mouse Connection Description Monitor Attach a standard multi sync VGA monitor to the HD15 female video port Keyboard Attach a standard USB keyboard to one of the USB Type A female ports Mouse Attach a standard USB mouse to one of the USB Type A female ports Z Raritan Z Raritan Chapter 2 Installation and Configuration You can use the Local Admin port to connect the KSX II directly to a workstation to manage your serial targets and configure the system with a terminal emulation program such as HyperTerminal The Local Admin port requires the use of a standard null modem cable Note When Local Authorization and Authentication is set to None logging in to serial admin console requires username input D KVM Target Server Ports The KSX II uses standard UTP cabling Cat5 5e 6 to connect to each target server Refer to Specifications on page 270 for additional information gt To c
214. ike to delete Click the Delete button A warning message will be displayed Click OK in the warning message 187 Chapter 8 Device Management Port Group Management This function is specific to HP blade chassis configuration See HP Blade Chassis Configuration Port Group Management on page 173 i Raritan Chapter 9 Security Management In This Chapter SECUIiLY SOUINGS EL E 189 Configuring IP Access Control 2 cedit enters 199 SOL CertifiGales idee atas a aaa QOEM c Re Ria REPRE ou ETS 201 Security Banner c RR EE 203 Security Settings From the Security Settings page you can specify login limitations user blocking password rules and encryption and share settings Raritan SSL certificates are used for public and private key exchanges and provide an additional level of security Raritan web server certificates are self signed Java applet certificates are signed by a VeriSign certificate Encryption guarantees that your information is safe from eavesdropping and these certificates ensure that you can trust that the entity is Raritan Inc gt To configure the security settings 1 Choose Security gt Security Settings The Security Settings page opens 2 Update the Login Limitations on page 190 settings as appropriate 3 Update the Strong Passwords on page 192 settings as appropriate Update the User Blocking on page 193 settings as appropriate Update the Encrypt
215. iles selected for use with a port appear in the Profile In Use field gt To apply a USB profile to a local console port 1 Inthe Port Name field select the port you want to apply the USB profile to 2 Inthe Select Profile To Use field select the profile to use from among those available for the port d Z Raritan Chapter 13 KSX II Local Console 3 Click OK The USB profile will be applied to the local port and will appear in the Profile In Use field USB Profile Options Port Name Select Profile To Use No Port Selected Mac O5 X 10 4 9 and later HP Proliant DL360 DL 380 G4 Windows 2003 Server meae A T ical Ms p I p mtt Available Resolutions The KSX II Local Console provides the following resolutions to support various monitors e 800x600 e 1024x768 e 1280x1024 Each of these resolutions supports a refresh rate of 60Hz and 75Hz Sis Raritan dud 246 Chapter 13 KSX II Local Console Port Access Page Local Console Server Display After you login to the KSX Il Local Console the Port Access page opens This page lists all of the KSX II ports the connected KVM target servers and their status and availability Also displayed on the Port Access page are blade chassis that have been configured in the KSX II The blade chassis is displayed in an expandable hierarchical list on the Port Access page with the blade chassis at the root of the hierarchy and the individual blades labeled and
216. implified Dubeolsik Hangul JIS Keyboard French AZERTY layout keyboard German keyboard QWERTZ layout Belgian Norwegian Danish Swedish Hungarian Slovenian Italian Spanish Portuguese The following key combinations for Sun Microsystems server s special keys operate on the local port These special are available from the Keyboard menu when you connect to a Sun target server Sun key Again Props Local port key combination Ctrl Alt F2 Ctrl Alt F3 Raritan Sun key Undo Stop A Front Copy Open Find Cut Paste Mute Compose Vol Vol Stop Power Accessing a Target Server gt To access a target server Chapter 13 KSX II Local Console Local port key combination Ctrl Alt F4 Break a Ctrl Alt F5 Ctrl Alt F6 Ctrl Alt F7 Ctrl Alt F9 Ctrl Alt F10 Ctrl Alt F8 Ctrl Alt F12 Ctrl Alt KPAD Ctrl Alt KPAD Ctrl Alt KPAD No key combination No key combination 1 Click the Port Name of the target you want to access The Port Action Menu is displayed 2 Choose Connect from the Port Action menu The video display switches to the target server interface Returning to the KSX II Local Console Interface Important The KSX Il Local Console default hot key is to press the Scroll Lock key twice rapidly This key combination can be changed in the Local Port Settings page See KSX Local Console Local Port Settings on page 25
217. in Firmware Upgrade in Progress Upgrade of CIM s on device Shan KSX2 has completed You will now be redirected to the Port Access page ox Progress CIM Upgrade Finished Successfully Port Name Type Result B Blade Chassis Port3 DUAL VMCIM Successful d Raritan Chapter 10 Maintenance Upgrade History The KSX II provides information about upgrades performed on the KSX II and attached CIMS gt To view the upgrade history e Choose Maintenance gt Upgrade History The Upgrade History page opens Home gt Upgrade History Logout Upgrade History i User IP Start Time End Time RR Biasi CIM s Result ersion Version i ioe as admin 192 168 59 105 ern 22 2007 Sori 22 2007 1 0 0 1 6127 10 0 26178 show Successful det ua admin 192 168 59 124 oeeo 10 2007 DEfberi0 207 40 ggg 10 0 1 6127 show Successtu f E dos tats Ad soirs incen e i a SAI natch Pon tA SRR nt ls AMA s nme s M te Bn en M e ntn ae aen ostensis ih usd Information is provided about the KSX II upgrade s that have been run the final status of the upgrade the start and end times and the previous and current firmware versions Information is also provided about the CIMS which can be obtained by clicking the show link for an upgrade The CIM information provided is e Port The port where the CIM is connected e Name The name of the CIM e Type The type of CIM e Previous Version Previous version of the CIM e Upg
218. indows 2000 Dial up Networking Help if you receive any error messages Windows Vista Dial Up Networking Configuration 1 Click Start and then click Network The Network window opens 2 Select Network and Sharing Center at the top of the window The Network and Sharing Center window opens Select Set up a Connection or Network Select Set up a dial up connection The Set up a dial up connection dialog appears Enter the dial up number Enter your username and password Note In order to access the KSX II the username and password cannot use a backslash 7 Click Connect fi 23 FE Type the information from your Internet service provider ISP Dial up phone number Dialing Rules User name Password Show characters V Remember this password Connection name e E Allow other people to use this connection This option allows anyone with access to this computer to use this connection I don t have an ISP Sis Raritan ae Chapter 14 Modem Configuration Windows XP Dial Up Networking Configuration 1 Choose Start Programs Accessories Communications New Connection Wizard 2 Click Next and follow the steps in the New Connection Wizard to create custom dial up network profiles 3 Click the Connect to the Internet radio button and click Next New Connection Wizard Network Connection Type What do you want to do Oc et Connect to the Internet so you can b
219. ing VM CIMs are upgraded they will be able to provide functionality equivalent to the Generic profile Note Only D2CIM VUSB can be upgraded from this page gt To upgrade CIMs using the KSX Il memory 1 Choose Maintenance CIM Firmware Upgrade The CIM Upgrade from page opens The Port number Name Type Current CIM Version and Upgrade CIM Version are displayed for easy identification of the CIMs 2 Check the Selected checkbox for each CIM you want to upgrade Tip Use the Select All and Deselect All buttons to quickly select all or deselect all of the CIMs Click the Upgrade button You are prompted to confirm the upgrade Click OK to continue the upgrade Progress bars are displayed during the upgrade Upgrading takes approximately 2 minutes or less per CIM Upgrading Firmware 212 Use the Firmware Upgrade page to upgrade the firmware for your KSX II and all attached CIMs This page is available in the KSX Il Remote Console only Important Do not turn off your KSX Il or disconnect CIMs while the upgrade is in progress doing so will likely result in damage to the device or CIMs Raritan Chapter 10 Maintenance gt To upgrade your KSX II 1 Locate the appropriate Raritan firmware distribution file RFP found on the Raritan Firmware Upgrades webpage http www raritan com support firmwareupgrades and download the file 2 Unzip the file Read all instructions included in the firmware
220. ing system may not accept new mass storage connections after an NTFS formatted partition for example the local C drive has been redirected to them If this occurs close the Remote Console and reconnect before redirecting another virtual media device If other users are connected to the same target server they must also close their connections to the target server Note In the KX II 2 3 0 and above when you mount an external drive such as a floppy drive the LED light on the drive will remain on because the device is checking the drive every 500 milliseconds to verify the drive is still mounted gt To access a drive on the client computer 1 From the Virtual KVM Client choose Virtual Media gt Connect Drive The Map Virtual Media Drive dialog appears 2 Choose the drive from the Local Drive drop down list 3 If you want Read and Write capabilities select the Read Write checkbox This option is disabled for nonremovable drives See the Conditions when Read Write is Not Available on page 101 for more information When checked you will be able to read or write to the connected USB disk Raritan Chapter 5 Virtual Media WARNING Enabling Read Write access can be dangerous Simultaneous access to the same drive from more than one entity can result in data corruption If you do not require Write access leave this option unselected 4 Click Connect The media will be mounted on the target server
221. ing the overall usability of the connection Select Video gt Video Settings The Noise Filter should be set to 7 the highest value At this setting less bandwidth will be used for target screen changes resulting in improved local and remote mouse synchronization Note Setting the color depth to low and the noise filter to high will cause a degradation in how the video is displayed However this tradeoff is offset by the overall improved usability due to better mouse synchronization and video update Smoothing Auto color calibration Quick sense video mode Select Connections gt Properties Set Smoothing to high This will improve the appearance of target video by reducing the video noise that is displayed Select Video gt Auto sense Video Settings Deselect the Automatic Color Calibration checkbox to disable the option Select Video gt Video Settings to open the Settings dialog Raritan Chapter 14 Modem Configuration Setting To achieve optimum performance Select the Quick sense video mode radio to enable this option Client Dial Up Networking Configuration Configuring Microsoft Windows Dial Up Networking for use with KSX II allows configuration of a PC to reside on the same PPP network as the KSX II After the dial up connection is established connecting to a KSX II is achieved by pointing the web browser to the PPP Server IP Modem installation guidelines are provided for the following
222. ings and configuration for your KSX II In addition to using backup and restore for business continuity purposes you can use this feature as a time saving mechanism For instance you can quickly provide access to your team from another KSX Il by backing up the user configuration settings from the KSX II in use and restoring those configurations to the new KSX II You can also set up one KSX II and copy its configuration to multiple KSX II devices gt To access the Backup Restore page e Choose Maintenance gt Backup Restore The Backup Restore page opens Backup Restore Full Restore Protected Restore Custom Restore User and Group Restore Device Settings Restore Backup Cancel S amanea Note Backups are always complete system backups Restores can be complete or partial depending on your selection Restore File 8A 4 t gt If you are using Firefox or Internet Explorer 5 or lower to backup your KSX II 1 Click Backup A File Download dialog appears Click Save A Save As dialog appears Choose the location specify a file name and click Save A Download Complete dialog appears 4 Click Close The backup file is saved locally on your client machine with the name and location specified Raritan Chapter 10 Maintenance gt If you are using Internet Explorer 6 or higher to backup your KSX II 1 Click Backup A File Download dialog appears that contains an Open button Do
223. inion device by passing in the necessary parameters in the URL 3 Click OK zie Raritan Chapter 8 Device Management Configuring Direct Port Access via Telnet IP Address or SSH The information in this topic is specific to enabling direct port access for serial targets Use the Enable Direct Port Access via URL option on the Device Services page to enable direct port access for a KVM serial port connect to the KSX Il See Enabling Direct Port Access via URL on page 143 gt To configure direct port access 1 Choose Device Settings Device Services The Device Service Settings page opens 2 Type the IP address and ports used for SSH and Telnet in the appropriate fields for each serial target Note that leaving all three fields blank will disable direct port access for the serial target To enable direct port access you must do one of the following Enable global Telnet or SSH access Input a valid IP address or TCP port in at least one of the three fields Important It is not recommended that more than one of these fields is populated Below are examples of Telnet and IP Direct Port access via IP alias address Configure the IP alias address 192 168 1 59 for a serial target Once this is done connection to the target through Telnet can be done using telnet 192 168 1 59 Direct Port access via Telnet port Configure the Telnet TCP Port as 7770 Once this is done connection to the target
224. ion amp Share settings as appropriate Click OK zie Raritan iui Chapter 9 Security Management gt To reset back to defaults e Click Reset to Defaults Login Limitations User Blocking Enable Single Login Limitation Disabled 7 Enable Password Aging Timer Lockout Password Aging Interval days Attempts leo 3 Log Out Idle Users ans Time 5 Idle Timeout minutes 7 m ii 30 Deactivate User ID Failed Attempts 3 Strong Passwords Encryption amp Share Enable Strong Passwords Encryption Mode Auto Minimum length of strong password T 8 Y Apply Encryption Mode to KVM and Virtual Media Forced in FIPS 140 2 Mode Maximum length of strong password r7 Enable FIPS 140 2 Mode Changes are activated on reboot only 16 Current FIPS status Inactive Enforce at least one lower case character PC Share Mode Private X Enforce at least one upper case character VM Share Mode J Enforce at least one numeric character Local Device Reset Mode Enforce at least one printable special character Enable Local Factory Reset Number of restricted passwords based on history s OK Reset To Defaults Cancel re Oe OO td A HR t d i06 tt iti ee IURI ine I o EE ERECTAE Ce a Se a ee et ee ae a aT are Login Limitations Using login limitations you can specify restrictions for single login password aging and the logging out idle users Limitatio
225. ion gt Port page in either the KSX Il Remote or Local Console It is the administrator that designates the profiles that are most likely to be needed for a specific target These profiles are then available for selection via MPC AKC and VKC If a profile has not been made available you can access any of the available profiles by selecting USB Profile Other Profiles Assigning USB profiles to a KVM port makes those profiles available to a user when connected to a KVM target server If required the user can select a USB profile from the USB Profile menu in VKC AKC or MPC For information about assigning USB profiles to a KVM port see Configuring USB Profiles Port Page on page 181 zie Raritan n 112 Chapter 6 USB Profiles Mouse Modes when Using the Mac OS X USB Profile with a DCIM VUSB If you are using a DCIM VUSB using a Mac OS X USB profile and running Mac OS X 10 4 9 or later when you reboot you must be in Single Mouse mode to use the mouse at the Boot menu 1 To configure the mouse to work at the Boot menu Reboot the Mac and press the Option key during the reboot to open the Boot menu The mouse will not respond at this point Select Intelligent Mouse mode and then select Single Mouse mode The mouse will respond Note Mouse speed may be slow while in Single Mouse mode Once you are out of the Boot menu and have booted to the operating system exit Single Mouse mode and switch back to A
226. ion into the link fields and saving can still be done even if Active is not selected Once Active is selected the URL field is required The username password username field and password field are optional depending on whether single sign on is desired or not b URL Enter the URL to the interface Required 163 164 Chapter 8 Device Management 10 11 13 c Username Enter the username used to access the interface Optional d Password Enter the password used to access the interface Optional Note Leave the username and password fields blank for DRAC ILO and RSA web applications or the connection will fail e The Username Field and Password Field which are both optional contain the labels that are expected to be associated with the username and password entries It is in these fields you should enter the field names for the username and password fields used on the login screen for the web application You can view the HTML source of the login screen to find the field names not the field labels See Tips for Adding a Web Browser Interface on page 172 for tips on adding a web browser interface Optional USB profile information does not apply to a generic configuration In the Target Settings section select 720x400 Compensation if you are experiencing display issues when the target is using this resolution Select Use international keyboard for scan code set 3 if connecting to the target with a D
227. ional Notes Tilde Symbol From the Virtual KVM Client and the Multi Platform Client the key combination of Alt Gr 2 does not produce the tilde symbol when using a French keyboard gt To obtain the tilde symbol Create a macro consisting of the following commands e Press right Alt e Press2 e Release 2 e Release right Alt Keyboard Language Preference Fedora Linux Clients Because the Sun JRE on Linux has problems generating the correct KeyEvents for foreign language keyboards configured using System Preferences Raritan recommends that you configure foreign keyboards using the methods described in the following table Language Configuration method US Intl Default UK System Settings Control Center French Keyboard Indicator German Keyboard Indicator Hungarian System Settings Control Center Spanish System Settings Control Center Swiss German System Settings Control Center Norwegian Keyboard Indicator Swedish Keyboard Indicator Danish Keyboard Indicator Japanese System Settings Control Center Korean System Settings Control Center Slovenian System Settings Control Center Italian System Settings Control Center Portuguese System Settings Control Center 307 Appendix C Informational Notes Note The Keyboard Indicator should be used on Linux systems using Gnome as a desktop environment When using a Hungarian keyboard from a Linux client the Latin letter U with Double Acute and
228. ions 2 2 priore ree beo ea pad oerte bo qa eaaet aaae 244 Available Resolutions aiian creati oai andi Hara eade hh de Hass VR AE CR Fu a s eR asus 245 Port Access Page Local Console Server Display sessssssseeeeenee 246 SUIV 247 Hot Keys and Connect KOysS 4 cuadra dee te ndce erede Sh Lnd aaa iaai 248 Gonnect Key EXamlpl6eS x oe eiecti pete ert aai aad 248 Supported Keyboard Languages adea tte ti onde ede aee ete etu a nde etae da uude g en 249 Special Sun Key CombinatlOris 1 22 enne ances uate ete dustu pce eie pede baa nde etta Evan uo deci 250 Accessing a Targel SEVE eet eie tesa en tt desee ord cda eu Meade ntu dag ax rev n due ie redit 251 Returning to the KSX II Local Console Interface ssssesssssseseeeee enne 251 Local Port AdminiSlFatlGDi ss eus eost do ienee ade aaie e oua ra nde estt eeu ea cee 252 KSX Il Local Console Local Port Settings onerat tete tne 252 KSX IL Eocal Console Factory Reset ttr rnt tere oie daei 255 zie Raritan j Contents viii Resetting the KSX Il Using the Reset Button sssssssseseseeeeee enne enn 256 Chapter 14 Modem Configuration 257 Certified Modems for UNIX Linux and MPC sssssssn eene emen enne 257 Low Bandwidth KVM Setting S socer oc e rri cele uei sea Pepe b esa a S RR Nue Red E 258 Client Dial Up Networking Configuration
229. ip connected rack PDU VM Virtual media CIM D2CIM VUSB and D2CIM DVUSB Blade Chassis Blade chassis and the blades associated with that chassis displayed in a hierarchical order 2 Click the Port Name for the port you want to edit For KVM ports the Port page for KVM and blade chassis ports is opened For rack PDUs the Port page for rack PDUs power strips is opened From this page you can name the rack PDUs and their outlets Raritan Port Configuration 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 For serial ports the Port page for serial ports is opened KX local Dominion KSX2 Port2 KX8 Local Dominion KSX2 Port4 Blade Chassis Port3 Dominion KSX2 Porte Dominion KSX2 Port Dominion KSX2 Port Serial Port 1 Serial Port 2 Serial Port 3 Serial Port 4 Serial Port 5 Serial Port 6 Serial Port 7 Serial Port 8 Power Port 1 Power Port 2 Chapter 8 Device Management awe 7 Sis Raritan 157 158 Chapter 8 Device Management Power Control Power control is configured on the Port page The Port page opens when you select a port that is connected to a target server from the Port Configuration page From the Port page you can make power associations and change the port name to something more descriptive A server can have up to four 4 power associates and you can associate a different rack PDU power strip with each From this page you can defin
230. is selected for the IP auto configuration the following Network Basic Settings fields are enabled Global Unique IP Address Prefix Length and Gateway IP Address allowing you to manually set the IP configuration Router Discovery Use this option to automatically assign IPv6 addresses that have Global or Unique Local significance beyond that of the Link Local which only applies to a directly connected subnet 5 Select Obtain DNS Server Address Automatically if DHCP is selected and Obtain DNS Server Address is enabled When Obtain DNS Server Address Automatically the DNS information provided by the DHCP server will be used 6 If Use the Following DNS Server Addresses is selected regardless of whether DHCP is selected or not the addresses entered in this section will be used to connect to the DNS server Enter the following information if the Following DNS Server Addresses option is selected These addresses are the primary and secondary DNS addresses that will be used if the primary DNS server connection is lost due to an outage a Primary DNS Server IP Address b Secondary DNS Server IP Address 7 When finished click OK See LAN Interface Settings on page 139 for information in configuring this section of the Network Settings page Note In some environments the default LAN Interface Speed amp Duplex setting Autodetect autonegotiator does not properly set the network parameters which results in network issues In th
231. ith Target Servers Prerequisites for Using AKC In order to use AKC e Ensure the cookies from the IP address of the device that is being accessed are not currently being blocked e Windows Vista Windows 7 and Windows 2008 server users should ensure that the IP address of the device being accessed is included in their browser s Trusted Sites Zone and that Protected Mode is not on when accessing the device Enable AKC Download Server Certificate Validation If the device or CC SG administrator has enabled the Enable AKC Download Server Certificate Validation option e Administrators must upload a valid certificate to the device or generate a self signed certificate on the device The certificate must have a valid host designation e Each user must add the CA certificate or a copy of self signed certificate to the Trusted Root CA store in their browser When launching AKC from the CC SG Admin Client you must have JRE 1 6 0 10 or above Multi Platform Client MPC Raritan Multi Platform Client MPC is a graphical user interface for the Raritan product lines providing remote access to target servers connected to Raritan KVM over IP devices For details on using MPC see the KVM and Serial Access Clients Guide available on Raritan s website on the same page as the user guide Instructions on launching MPC are provided there Please note this client is used by various Raritan products As such references to other products
232. ity where the organization is located e State Province The state or province where the organization is located f Country ISO code The country where the organization is located This is the two letter ISO code e g DE for Germany or US for the U S g Challenge Password Some certification authorities require a challenge password to authorize later changes on the certificate e g revocation of the certificate The minimum length of this password is four characters h Confirm Challenge Password Confirmation of the Challenge Password i Email The email address of a contact person that is responsible for the KSX II and its security j Key length The length of the generated key in bits 1024 is the default k Select the Create a Self Signed Certificate checkbox if applicable 3 Click Create to generate the Certificate Signing Request CSR gt To download a CSR certificate 1 The CSR and the file containing the private key used when generating it can be downloaded by click the Download button Note The CSR and the private key file are a matched set and should be treated accordingly If the signed certificate is not matched with the private key used to generate the original CSR the certificate will not be useful This applies to uploading and downloading the CSR and private key files 2 Send the saved CSR to a CA for certification You will get the new certificate from the CA gt To upload a CSR
233. l This information is used to authenticate users attempting to access your KSX Il See User Management for details on adding and editing user groups and users Step 5 Optional Configure Keyboard Language Note This step is not required if you are using the US International language keyboard If you are using a non US language the keyboard has to be configured for the appropriate language In addition the keyboard language for the client machine and the KVM target servers has to match Consult the documentation for your operating system for additional information about changing the keyboard layout Changing the Keyboard Layout Code Sun Targets Use this procedure if you are using a DCIM SUSB and would like the keyboard layout changed to another language gt To change the keyboard layout code DCIM SUSB only 1 Opena Text Editor window on the Sun workstation 2 Check that the Num Lock key is active and press the left Ctrl key and the Del key on your keyboard The Caps Lock light starts to blink indicating that the CIM is in Layout Code Change mode The text window displays Raritan Computer Inc Current keyboard layout code 22h US5 UNIX 3 Type the layout code desired for example 31 for the Japanese keyboard Press Enter Shut down the device and power on once again The DCIM SUSB performs a reset power cycle 6 Verify that the characters are correct 35 Chapter 3 Working with Target Servers
234. l over or load balancing Yes The KSX II features dual gigabit Ethernet ports to provide redundant failover capabilities Should the primary Ethernet port or the switch router to which it is connected fail the KSX II will failover to the secondary network port with the same IP address ensuring that server operations are not disrupted Note that automatic failover must be enabled by the administrator How much bandwidth does the KSX II require The KSX II offers next generation KVM over IP technology the very best video compression available Raritan has received numerous technical awards confirming its high video quality transmissions and the low bandwidth utilization Raritan pioneered the KVM over IP functionality that allows users to tailor their video parameters to conserve network bandwidth For instance when connecting to the KSX II through a dial up modem connection video transmissions can be scaled to grayscale allowing users to be fully productive while ensuring high performance With that in mind the following data refers to the KSX II at its default video settings again these settings can be tailored to a specific environment They can be increased to provide even higher quality video color depth or decreased to optimize for low speed connections As a general rule a conservative estimate for bandwidth utilization at the KSX II s default settings is approximately 0 5Mbit second per active KVM user connected
235. l re E RR T 323 USB PROMS RECETTE 324 tisapt en llem LL 326 Remoto ACCS Se P TET TTE MEI 327 Ethernetand lP NePWOFKIBO 22 2 Seen dese Eo vl e dadas DE eias pes Des euo ee bd QE ue RETRO apa DE Cue POUR EARS 329 SelVelSuciteni UI DIM ILIUM IDEO DCUM EE EEEN ET EEE PAE 333 EEEE IA EEE E E EET EE A IL OIN EE EEEE EAEE E EE 334 MEU Eo a EEEE EEEE EES EET EER PA ATE ERA TANEN I A EEE PETET EEE UE 336 local POM EAE EA PEER E E T EES A AEE EEE AE EEEE EAE E EMEN 338 Power OTN O EEEE EE EERTE EE PATE ERA AEE I REEE EEEE ETE Ed 340 Scalable eea a c EP 341 SII M EUM 342 Smart Cards and CAC Authentication cccccccccccccccccccccccccccceceeeeeceeseeeseeeseeeseseseseseseseseseseseeeees 344 MENEE Et lin RR ERE 345 Miscellaneous crop DELLI Deut oL LOO iD ID OMIIL D DIDI PM DIL T DDR AE A 346 Index 347 Raritan Chapter 1 Sis Raritan Introduction In This Chapter KSXIMOVEMNVIGW Em 2 KSX IM Help MERETUR 4 KSX I Client Applications iei eren aankan 4 MEUM irn eE E E ELT EEN 5 Product Features rM 5 External Product Overview sssssssseseseeeeneeeneenn enne 7 Terminology eid crei a s cae Hac ee Meindl enna dE RATKA 9 Package Gontents 2 ine tiicttai echt eaaa e EP Dx tabou hte tede ddan c ad dele 11 Chapter 1 Introduction KSX Il Overview Raritan s Dominion KSX II is an enterprise class secure digital device that provides a single integrated solution for remo
236. l user authentication Local LDAP RADIUS This is the recommended option For more information about authentication see Remote Authentication on page 34 None There is no authentication for Local Console access This option is recommended for secure environments only Select the Ignore CC managed mode on local port checkbox if you would like local user access to the KSX Il even when the device is under CC SG management Note If you initially choose not to ignore CC Manage mode on the local port but later want local port access you will have to remove the device from under CC SG management from within CC SG You will then be able to check this checkbox 11 Click OK 185 Chapter 8 Device Management Port Keywords Port keywords work as a filter If a keyword is detected a corresponding message be logged in a local port log and a corresponding trap will be sent via SNMP if configured Defining keywords guarantees that only messages that contain those keywords are logged for the local port You can create port keywords and associate them with e Syslog e Audit log e SNMP traps gt To define keywords and associate them with a port 1 Choose Device Settings Port Keyword List Keyword The Port Keyword List page will open Home gt Device Settings gt Port Keyword List Port Keyword List Port Number Port Name panic Cisco 2501 Partial Cisco 2501 question Cisco 2501 If n
237. laris server when using SSH Yes Can I send an intentional break signal to the Sun Solaris server when using a web browser Yes using Raritan Serial Console Can I send an intentional break signal to the Sun Solaris server when using Telnet Yes Can get the buffered off line data from a serial port when using SSH Yes 321 Appendix D FAQs Can I get the buffered off line data from a serial port when using Telnet Yes Can I use KSX Il over a VPN connection Yes KSX II fits into most any network configuration utilizing TCP IP KSX Il uses standard Internet Protocol IP technologies from Layer 1 through Layer 4 Set up the VPN typically IPSec connection then start the web browser and enter the URL for the Dominion device The session to the Dominion runs transparently over the VPN tunnel Traffic can be easily tunneled through standard VPNs Can get the buffered off line data from a serial port when using a Java enabled web browser Yes Does Dominion KSX II support local direct port access for crash cart applications in a data center Yes What are the pin outs of the Dominion KSX II serial ports To provide maximum port density and to enable simple UTP Category 5 cabling The KSX II provides its serial connections via compact RJ 45 ports However no widely adopted industry standard exists for sending serial data over RJ 45 connections The following tables list the RJ 45 pinouts fo
238. le not on the Local Console 1 2 Click Save to File A Save File dialog appears Choose the desired file name and location and click Save The audit log is saved locally on your client machine with the name and location specified To page through the audit log Use the Older and Newer links Raritan Chapter 10 Maintenance Device Information zie Raritan The Device Information page provides detailed information about your KSX II device and the CIMs in use This information is helpful should you need to contact Raritan Technical Support gt To view information about your Dominion KSX Il and CIMs e Choose Maintenance gt Device Information The Device Information page opens The following information is provided about the KSX II e Model e Hardware Revision e Firmware Version e Serial Number e MAC Address The following information is provided about the CIMs in use e Port number e Name e Type of CIM Power Strip or VM e Firmware Version e Serial Number Device Information Model DKSX2 188 Hardware Revision 0x60 Firmware Version 2 3 0 5 50 Serial Number AE17500013 MAC Address 00 0d 5d 03 5d 0c CIM Information 4 Port Name Type Firmware Version Serial Num 3 Blade Chassis Port3 Dual VM 3A80 PQ204031 5 oa o do QU au aem ee gay td 207 Chapter 10 Maintenance Backup and Restore 208 From the Backup Restore page you can backup and restore the sett
239. le Click Scroll Lock The KSX II provides keyboard support for the languages listed in the following table Note You can use the keyboard for Chinese Japanese and Korean for display only local language input is not supported at this time for the KSX II Local Console functions For more information about non US keyboards see Informational Notes Note Raritan strongly recommends that you use system config keyboard to change languages if you are working in a Linux environment Language Regions Keyboard layout US English United States of America and US Keyboard layout most of English speaking countries for example Canada Australia and New Zealand 249 Chapter 13 KSX II Local Console Language US English International UK English Chinese Traditional Chinese Simplified Korean Japanese French German French Norwegian Danish Swedish Hungarian Slovenian Italian Spanish Portuguese Regions United States of America and most of English speaking countries for example Netherlands United Kingdom Hong Kong S A R Republic of China Taiwan Mainland of the People s Republic of China South Korea Japan France Germany and Austria Belgium Norway Denmark Sweden Hungary Slovenia Italy Spain and most Spanish speaking countries Portugal Special Sun Key Combinations 250 Keyboard layout US Keyboard layout UK layout keyboard Chinese Traditional Chinese S
240. le by selecting the Restricted Services Banner File radio button and using the Browse feature to locate and upload the file Click OK Once the file is uploaded the text from the file will appear in the Restricted Services Banner Message text box Note You cannot upload a text file from the local port Home gt Security gt Banner in Fann ALZA a nd OO eL WORT vi Display Restricted Service Banner E Ree Banner Tithe Restricted Service Agreement Restricted Service Banner Message Unauthorized access prohibited all access and activities not explicitiy authorized by management are unauthorized All activities are monitored and logged There is no privacy on this system Unauthorized access and activities or any criminal activity will be reported to appropriate authorities o Restricted Service Banner File OK Reset To Defaults Cancel oem abo irm a ae t i Z Raritan Chapter 10 Maintenance In This Chapter Maintenance Features Local Remote Console 205 Audit LOG TEE 206 Device Information iioii Cue eaiade mese ren aacigevage teh 207 Backup and Re6Store 3 oed apes re Ea aa daaa a 208 USB Profile Management sse 210 WOGFAdING ell TEES 212 Upgrading EI Wale uina scili nrd ia ui nia ch lead ssid andavadvaaeddaiedsaaved EREEREER 212 Upgrade History eia cete tt tette eetu te De etae Der Pub ee Roe aud
241. ly appears If you get any errors consult Windows XP Dial up Networking Help Note The maximum modem speed connecting to the KSX II is 33 600 bps as it is a Linux default limitation V m Raritan Appendix A Specifications In This Chapter Physical Specifications ics 2 ori ecce eren aara Phe Lore Ra das 270 Supported Operating Systems Clients sess 271 Supported Operating Systems and CIMs KVM Target Servers 272 Supported BroWSOts eitite iibi ea aie utri s gere aaa 275 Computer Interface Modules CIMS sene 275 Supported Paragon CIMS and Configurations ssussss 276 Supported Video Resolutions iria id eei ce dtr stars 280 KSX II Local Console Support Languages sssssssssss 281 TEP and UDP Ports Sed otc tit ura enuk 281 Smart Card Readers eese eene danaa aR 283 Environmental Requirements ssssssseeseeneneenes 286 Emergency Connectivity isnie osten eiui Sede eter enaa kt redu ER E dade 286 Electrical Specifications sinnser heit ettet et nace tnde sb da dace 287 Rermiote COnrnectlOrn ie censor ctae ine naa dr dua or dar er a rk 287 KYM aieo E 287 POMS USCG EE E E E EN EE E 287 Target Server Connection Distance and Video Resolution 289 Distances for Serial Devices ssssssssssssseeeeeee 289 Network Speed Settings interrete een haere oen
242. m 1 Configure the mouse settings a Choose Start gt Control Panel gt Mouse b Click the Motion tab Set the acceleration to None Set the mouse motion speed setting to exactly the middle speed Click OK 2 Disable transition effects Set the mouse motion speed setting to exactly the middle speed Disable the Enhanced pointer precision option Click OK a Select the Display option from the Control Panel b Click the Effects tab Raritan Chapter 2 Installation and Configuration Deselect the Use the following transition effect for menus and tooltips option 3 Click OK and close the Control Panel Linux Settings Red Hat 4 Note The following settings are optimized for Standard Mouse mode only gt To configure KVM target servers running Linux graphical user interface 1 Configure the mouse settings a e f Red Hat 5 users choose Main Menu Preferences Mouse Red Hat 4 users choose System Preferences Mouse The Mouse Preferences dialog appears Click on the Motion tab Within the Speed group set the Acceleration slider to the exact center Within the Speed group set the Sensitivity towards low Within the Drag amp Drop group set the Threshold towards small Close the Mouse Preferences dialog Note If these steps do not work issue the xset mouse 1 1 command as described in the Linux command line instructions 2 Configure the screen resol
243. may appear in this section of help Launching MPC from a Web Browser Important Regardless of the browser you use you must allow pop ups from the Dominion device s IP address in order to open MPC Important Only Mac 10 5 and 10 6 with an Intel processor can run JRE 1 6 and therefore be used as a client Mac 10 5 8 does not support MPC as a standalone client 1 To open MPC from a client running any supported browser type http IP ADDRESS mpc into the address line where IP ADDRESS is the IP address of your Raritan device MPC opens in a new window Raritan Chapter 3 Working with Target Servers Note The Alt Tab command toggles between windows only on the local system When MPC opens the Raritan devices that were automatically detected and which are found on your subnet are displayed in the Navigator in tree format 2 If your device is not listed by name in the navigator add it manually a Choose Connection New Profile The Add Connection window opens b In the Add Connection window type a device Description specify a Connection Type add the device IP address and click OK These specifications can be edited later 3 Inthe Navigator panel on the left of the page double click the icon that corresponds to your Raritan device to connect to it Note Depending on your browser and browser security settings you may see various security and certificate check and warning messages It is necessary to a
244. me after exceeding the specified number of unsuccessful login attempts When selected the following fields are enabled Attempts The number of unsuccessful login attempts after which the user will be locked out The valid range is 1 10 and the default is 3 attempts Lockout Time The amount of time for which the user will be locked out The valid range is 1 1440 minutes and the default is 5 minutes Note Users in the role of Administrator are exempt from the timer lockout settings When selected this option specifies that the user will be locked out of the system after the number of failed login attempts specified in the Failed Attempts field Failed Attempts The number of unsuccessful login attempts after which the user s User ID will be deactivated This field is enabled when the Deactivate User ID option is selected The valid range is 1 10 When a user ID is deactivated after the specified number of failed attempts the administrator must change the user password and activate the user account by selecting the Active checkbox on the User page User Blocking Disabled Timer Lockout Attempts 3 Lockout Time 5 5 Deactivate User ID Failed Attempts BN f Raritan Chapter 9 Security Management Encryption amp Share Using the Encryption amp Share settings you can specify the type of encryption used PC and VM share modes and the type of reset performed when th
245. menu is disabled on the client Includes one of the three KVM modules e DCIM PS2 e Analog KVM Ethernet switch module standard e Digital Access KVM switch module optional e KVM switch module standard on systems sold prior to April 2005 These switches provide a custom connector that allows two PS 2 and one video device to be connected to the system Source Dell PowerEdge 1855 User Guide One of two types of KVM modules may e DCIM PS2 be installed e Analog KVM switch module e Digital Access KVM switch module Both modules enable you to connect a PS 2 compatible keyboard mouse and video monitor to the system using a Raritan Blade chassis Dell PowerEdge M1000e HP BladeSystem c3000 HP BladeSystem c7000 IBM BladeCenter S IBM BladeCenter H Raritan Chapter 8 Device Management Connection method custom cable provided with the system Source Dell PowerEdge 1955 Owner s Manual The KVM Switch Module iKVM is Integrated with this chassis The iKVM is compatible with the following peripherals e USB keyboards USB pointing devices e VGA monitors with DDC support Recommended CIM s DCIM USBG2 Source Dell Chassis Management Controller Firmware Version 1 0 User Guide The HP c Class Blade SUV Cable enables you to perform blade chassis administration configuration and diagnostic procedures by connecting video and USB devices directly to the serve
246. minal port RJ 45 Connector type of KSX Il 48 models that have this connector to another KSX II ASCSDB25M adapter and a CAT 5 cable ASCSDB9F adapter and a CAT 5 cable ASCSDB25M adapter and a CAT 5 cable CRLVR 15 cable or CRLVR 1 adapter and a CAT5 cable ASCSDB9F adapter and a CAT 5 cable 27 Chapter 2 Installation and Configuration Go to the Support page on Raritan s website www raritan com to obtain a list of commonly used cables and adapters Step 4 Configure the KSX II The first time you power up the KSX II device there is some initial configuration that you need to perform through the KSX II Local Console e Change the default password e Assign the IP address e Name the KVM target servers Changing the Default Password The KSX II ships with a default password The first time you start the KSX II you are required to change that password gt Tochange the default password 1 Power on the KSX II using the power switch s at the back of the unit Wait for the KSX II unit to boot A beep signals that the boot is complete 2 Once the unit has booted the KSX II Local Console is visible on the monitor attached to the KSX II local port Type the default username admin and password raritan and click Login The Change Password screen is displayed Type your old password raritan in the Old Password field Type a new password in the New Password field and retype the new password i
247. munication Exchange Specifications 132 Raritan Serial Console RSC 37 83 Rebooting 215 Refreshing the Screen 63 Related Documentation 4 Relationship Between Users and Groups 114 Remote Access 327 Remote Authentication 34 185 253 Remote Client Requirements 285 Remote Connection 287 Required and Recommended Blade Chassis Configurations 162 164 168 178 Resetting the KSX II Using the Reset Button 8 256 Resolving Fedora Core Focus 310 Resolving Issues with Firefox Freezing when Using Fedora 310 Returning to the KSX II Local Console Interface 251 Returning User Group Information 295 Returning User Group Information from Active Directory Server 127 Returning User Group Information via RADIUS 132 Running a Keyboard Macro 62 S Scalability 341 350 Security 342 Security and Authentication 242 Security Banner 203 Security Issues 236 Security Management 189 Security Settings 94 96 121 189 Selecting Profiles for a KVM Port 111 Serial Access 318 Server Display 247 Servers 333 Setting CIM Keyboard Mouse Options 62 Setting Emulation on a Target 236 Setting Network Parameters 234 Setting Parameters 234 Setting Permissions for an Individual Group 115 121 Setting the Registry to Permit Write Operations to the Schema 296 Simultaneous Users 241 Single Mouse Cursor 72 Single Mouse Mode Connecting to a KSX II Targ
248. n consolidated firmware update and a single authentication and authorization database In addition CC SG enables sophisticated server sorting permissions and access If deployment of Raritan s CC SG management unit isn t an option multiple KSX II devices still interoperate and scale automatically The KSX II s remote user interface and the Multi Platform Client will automatically discover KSX II devices Non discovered KSX II devices can be accessed via a user created profile Can I connect an existing analog KVM switch to the KSX II Yes Analog KVM switches can be connected to one of the KSX II s server ports Simply use a D2CIM DVUSB or D2CIM VUSB and attach it to the user ports of the existing analog KVM switch Please Note that analog KVM switches vary in their specifications and Raritan cannot guarantee the interoperability of any particular third party analog KVM switch Contact Raritan technical support for further information 341 342 Appendix D FAQs Security Is the KSX Il FIPS 140 2 Certified The KX II 2 2 0 and later and the KSX II 2 3 0 and later provides users with the option to use an embedded FIPS 140 2 validated cryptographic module running on a Linux platform per FIPS 140 2 implementation guidelines This cryptographic module is used for encryption of KVM session traffic consisting of video keyboard mouse virtual media and smart card data What kind of encryption does the KSX Il use The KSX II use
249. n CC SG until a connection is attempted to the target port via the other KSX II s oob kvm interface KSX Il to Paragon II Guidelines The P2CIM APS2DUAL or P2CIM AUSBDUAL can be connected to a KSX II and Paragon II Concurrent Access Both the KSX Il and Paragon Il must be configured with the same policy for concurrent access to targets Paragon Il Mode description Supported operation mode Private A server or other device Supported on a specific channel port can be accessed exclusively by only one Both Paragon II and the KSX user at a time II must be set to Private The Private setting is applied on to KSX II device not per user group The Paragon II uses Red to indicate busy or Green to Raritan Z Raritan Paragon Il operation mode PC Share Public View Mode description A server or other device on a specific channel port can be selected and controlled by more than one user but only one user has keyboard and mouse control at any one time While one user is accessing a server or other device ona specific channel port other users can select that channel port and view the video output from that device However only the first user will have keyboard and mouse control until they disconnect or switch away CIM Name Updates e CIM names updated from Paragon II are stored and retrieved from the CIM memory location corresponding to the Paragon naming convention Appendix A
250. n Description Enable single login When selected only one login per user name is limitation allowed at any time When deselected a given user name password combination can be connected into the device from several client workstations simultaneously Enable password When selected all users are required to change aging their passwords periodically based on the number of days specified in Password Aging Interval field This field is enabled and required when the Enable Password Aging checkbox is selected Enter the number of days after which a password ids 3is Raritan Sis Raritan Limitation Log out idle users After 1 365 minutes Login Limitations Chapter 9 Security Management Description change is required The default is 60 days Select the Log off idle users checkbox to automatically disconnect users after the amount of time you specify in the After 1 365 minutes field If there is no activity from the keyboard or mouse all sessions and all resources are logged out If a virtual media session is in progress however the session does not timeout The After field is used to set the amount of time in minutes after which an idle user will be logged out This field is enabled when the Log Out Idle Users option is selected Up to 365 minutes can be entered as the field value 7 Enable Single Login Limitation 7 Enable Password Aging Password Aging Interval days 60 Idle Timeout minutes
251. n Type PAP ov OK Reset To Defaults Cancel Raritan Chapter 7 User Management Cisco ACS 5 x for RADIUS Authentication If you are using a Cisco ACS 5 x server after you have configured the KSX II for RADIUS authentication complete the following steps on the Cisco ACS 5 x server Note The following steps include the Cisco menus and menu items used to access each page Please refer to your Cisco documentation for the most up to date information on each step and more details on performing them Raritan Add the KSX II as a AAA Client Required Network Resources gt Network Device Group gt Network Device and AAA Clients Add edit users Required Network Resources gt Users and Identity Stores gt Internal Identity Stores gt Users Configure Default Network access to enable CHAP Protocol Optional Policies gt Access Services gt Default Network Access Create authorization policy rules to control access Required Policy Elements gt Authorization and Permissions gt Network Access gt Authorization Profiles Dictionary Type RADIUS IETF RADIUS Attribute Filter ID Attribute Type String Attribute Value Raritan G KVM Admin where KVM Admin is group name created locally on Dominion KVM Switch Case sensitive Configure Session Conditions Date and Time Required Policy Elements Session Conditions Date and Time Configure create the Network Access Authorization
252. n acceleration settings exclusive to the KSX II connection Windows XP 2000 and 2008 login pages revert to preset mouse parameters that differ from those suggested for optimal KSX II performance As a result mouse synchronization may not be optimal for these screens WARNING Proceed only if you are comfortable adjusting the registry on Windows KVM target servers You can obtain better KSX Il mouse synchronization at the login pages by using the Windows registry editor to change the following settings HKey USERSV DEFAULT Control Panel Mouse gt MouseSpeed 0 MouseThreshold 1 0 Mouse Threshold 2 0 Raritan 5 Raritan Chapter 2 Installation and Configuration Windows Vista Settings gt To configure KVM target servers running Windows Vista operating system Configure the mouse settings a Choose Start gt Settings gt Control Panel gt Mouse b Select Advanced system settings from the left navigation panel The System Properties dialog opens c Click the Pointer Options tab In the Motion group Set the mouse motion speed setting to exactly the middle speed Disable the Enhanced pointer precision option Click OK Disable animation and fade effects a Select the System option from the Control Panel b Select Performance Information then Tools Advanced Tools Adjust to adjust the appearance and performance of Windows c Click the Advanced tab Click the Settings button in the
253. n and off e Choose View gt View Toolbar Scaling Scaling your target window allows you to view the entire contents of the target server window This feature increases or reduces the size of the target video to fit the Virtual KVM Client window size and maintains the aspect ratio so that you see the entire target server desktop without using the scroll bar gt To toggle scaling on and off e Choose View gt Scaling Target Screen Resolution When you enter Full Screen mode the target s full screen is displayed and acquires the same resolution as the target server The hot key used for exiting this mode is specified in the Options dialog the default is Ctrl Alt M While in Full Screen mode moving your mouse to the top of the screen will display the Full Screen mode menu bar gt To enter full screen mode e Choose View gt Full Screen gt To exit full screen mode e Press the hot key configured in the Tools Options dialog The default is Ctrl Alt M For AKC select Connection Exit from the hidden menu bar which is accessed by hovering your mouse at the top of the screen Note KX Il 101 does not support AKC Alternatively if you want to access the target in full screen mode at all times you can make Full Screen mode the default gt To set Full Screen mode as the default mode 1 Click Tools gt Options to open the Options dialog 2 Select Enable Launch in Full Screen Mode and click OK 79 Chapter 3
254. n external server with an IPv6 address that want to use with my KSX II The KSX II can access external servers via their IPv6 addresses for example an SNMP Manager Syslog server or LDAP server Using the KSX II s dual stack architecture these external servers can be accessed via 1 an IPv4 address 2 IPv6 address or 3 hostname So the KSX II supports the mixed IPv4 IPv6 environment many customers will have Does the Dominion KX I support IPv6 No the Dominion KX does not support IPv6 addresses What if my network doesn t support IPv6 The KSX II s default networking is set at the factory for IPv4 only When you are ready to use IPv6 then follow the above instructions to enable IPv6 IPv4 dual stack operation Raritan Remote Access Raritan Appendix D FAQs Where can get more information on IPv6 See www ipv6 org for general information on IPv6 The KSX II User Guide describes the KSX II s support for IPv6 How many users can remotely access servers on each KSX II Up to 8 KVM users can share one KVM channel and up to 8 serial users can share 8 serial channels Can two people look at the same server at the same time Yes up to eight people can access and control any single server at the same time Can two people access the same server one remotely and one from the local port Yes the local port is completely independent of the remote ports The local port can access the same serv
255. n the Confirm New Password field Passwords can be up to 64 characters in length and can consist of English alphanumeric characters as well as special characters Click Apply You will receive confirmation that the password was successfully changed Click OK The Port Access page is displayed Note The default password can also be changed from the Raritan Multi Platform Client MPC For more information refer to Changing a Password Raritan Z Raritan Chapter 2 Installation and Configuration Assigning an IP Address These procedures describe how to assign an IP address on the Network Settings page For complete information about all of the fields and the operation of this page see Network Seitings gt To assign an IP address 1 Choose Device Settings gt Network The Network Settings page opens 2 Specify a meaningful Device Name for your KSX II device Up to 32 alphanumeric characters using valid special characters and no spaces 3 Inthe IPv4 section enter or select the appropriate IPv4 specific network settings a Enter the IP Address if needed The default IP address is 192 168 0 192 Enter the Subnet Mask The default subnet mask is 255 255 255 0 Enter the Default Gateway if None is selected from the IP Auto Configuration drop down Enter the Preferred DHCP Host Name if DHCP is selected from the IP Auto Configuration drop down Select the IP Auto Configuration The following options ar
256. nd refresh rate you are using gt To check current POST resolution e Run the following command as the root eeprom output device gt To change POST resolution 1 Run eeprom output device screen r1024x768x75 2 Log out or restart computer Video Settings GUI The GUI resolution can be checked and set using different commands depending on the video card in use Run these commands from the command line Note 1024x768x75 is used as an example here substitute the resolution and refresh rate you are using Card To check resolution To change resolution 32 bit usr sbin pgxconfig prconf 1 usr sbin pgxconfig res 1024x768x75 2 Log out or restart computer 64 bit s usr sbin m64config prconf 1 usr sbin m64config res 1024x768x75 2 Log out or restart computer 32 bit usr sbin fbconfig prconf 1 usr sbin foconfig res and 1024x768x75 64 bit 2 Log out or restart computer 21 Chapter 2 Installation and Configuration IBM AIX 5 3 Settings DN these steps to configure KVM target servers running IBM AIX gt To configure the mouse 1 Goto Launcher 2 Choose Style Manager 3 Click Mouse The Style Manager Mouse dialog appears 4 uL the sliders to set the Mouse acceleration to 1 0 and Threshold to 5 Click OK gt To configure the video 1 From the Launcher select Application Manager 2 Select System Admin 3 Choose Smit gt Devices gt Graphic Displays gt Select
257. ndow focusing issues with Fedora Core 6 Raritan has tested with libXp 1 0 0 8 386 rpm this resolved all of the keyboard focus and popup menu problems Note libXp is also required for the SeaMonkey formerly Mozilla browser to work with the Java plug in Mouse Pointer Synchronization Fedora When connected in dual mouse mode to a target server running Fedora 7 If the target and local mouse pointers lose synchronization changing the mouse mode from or to Intelligent or Standard may improve synchronization Single mouse mode may also provide for better control gt Toresynchronize the mouse cursors e Use the Synchronize Mouse option from the Virtual KVM Client VKC and MPC Smart Card Connections to Fedora Servers If you are using a smart card to connect to a Fedora server via MPC or VKC upgrade the pcsc lite library to 1 4 102 3 or above Resolving Issues with Firefox Freezing when Using Fedora If you are accessing Firefox and are using a Fedora server Firefox may freeze when it is opening To resolve this issue install the libnpjp2 so Java plug in on the server in Raritan Appendix C Informational Notes USB Ports and Profiles Raritan VM CIMs and DL360 USB Ports HP DL360 servers have one USB port on the back of the device and another on the front of the device With the DL360 both ports cannot be used at the same time Therefore a dual VM CIM cannot be used on DL360 servers
258. nectivity to the KSX ll servers can be configured and managed at BIOS level wirelessly Can the KSX II be used over the WAN Internet or just over the corporate LAN Whether via a fast corporate LAN the less predictable WAN Internet cable modem or dial up modem the KSX II s KVM over IP technology can accommodate the connection How many TCP ports must be open on my firewall in order to enable network access to the KSX II Are these ports configurable Only one The KSX II protects network security by only requiring access to a single TCP port to operate This port is completely configurable for additional security Note that of course to use the KSX II s optional web browser capability the standard HTTPS port 443 must also be open Can the KSX Il be used with CITRIX The KSX II may work with remote access products like CITRIX if configured appropriately but Raritan cannot guarantee it will work with acceptable performance Products like CITRIX utilize video redirection technologies similar in concept to digital KVM switches so that two KVM over IP technologies are being used simultaneously Does the KSX Il require an external authentication server to operate No the KSX Il is a completely self sufficient After assigning an IP address to a KSX Il it is ready to use with web browser and authentication capabilities completely built in zie Raritan n Appendix D FAQs 332 If an external authentication server
259. neration local port enhanced support for serial ports and so forth How do I migrate from the Dominion KSX I to the KSX II In general customers can continue to use their existing switches for many years As their data centers expand customers can purchase and use the new KSX II models Raritan s centralized management unit CommandCenter Secure Gateway and the Multi Platform Client MPC both support KSX I and KSX II switches seamlessly What CIMs are supported for the KSX Il switch Refer to Supported Operating Systems and CIMs KVM Target Servers on page 272 Can the KSX Il be rack mounted Yes The KSX II ships standard with 19 rack mount brackets It can also be reverse rack mounted so the server ports face forward How large is the KSX II The KSX II is only 1U high fits in a standard 19 rack mount and is only 11 4 29 cm deep zie Raritan zu Appendix D FAQs Serial Access 318 My Dominion KSX II has just been configured with a network address and I can successfully ping the IP but when I try to access it using a web browser the message reads Page cannot be found or server error contact System Administrator Check your web browser settings and confirm that a proxy server is being used If so click the Bypass local addresses or configure KSX IP in the exception list checkbox Next make sure the web browser has 128 bit cipher strength From the Help menu click About to find this information
260. net U U Current Time Wed Port Port No Name 2 Port2 U 4 Port4 U Sep 20 16 05 50 2006 Navigation of the CLI 232 Before using the CLI it is important to understand CLI navigation and syntax There are also some keystroke combinations that simplify CLI use Completion of Commands The CLI supports the completion of partially entered commands After entering the first few characters of an entry press the Tab key If the characters form a unique match the CLI will complete the entry e f no match is found the CLI displays the valid entries for that level e f multiple matches are found the CLI displays all valid entries Enter additional text to make the entry unique and press the Tab key to complete the entry Raritan Chapter 12 Command Line Interface CLI CLI Tips Syntax Tips and Shortcuts Commands are listed in alphabetical order Commands are not case sensitive Parameter names are single word without underscore Commands without arguments default to show current settings for the command Typing a question mark after a command produces help for that command A pipe symbol indicates a choice within an optional or required set of keywords or arguments Shortcuts Press the Up arrow key to display the last entry Press Backspace to delete the last character typed Press Ctrl C to terminate a command or cancel a command if you typed th
261. ng Conflicts in Profile Names A naming conflict between custom and standard USB profiles may occur when a firmware upgrade is performed This may occur if a custom profile that has been created and incorporated into the list of standard profiles has the same name as a new USB profile that is downloaded as part of the firmware upgrade Should this occur the preexisting custom profile will be tagged as old For example if a custom profile called GenericUSBProfile5 has been created and a profile with the same name is downloaded during a firmware upgrade the existing file will then be called old GenericUSBProfile5 You can delete the existing profile if needed See USB Profile Management on page 210 for more information 211 Chapter 10 Maintenance Upgrading CIMs Use this procedure to upgrade CIMs using the firmware versions stored in the memory of your KSX II device In general all CIMs are upgraded when you upgrade the device firmware using the Firmware Upgrade page In order to make use of USB profiles you must use a D2CIM VUSB or D2CIM DVUSB with updated firmware A VM CIM that has not had its firmware upgraded will support a broad range of configurations Windows Keyboard Mouse CD ROM and Removable Device but will not be able to make use of profiles optimized for particular target configurations Given this existing VM CIMs should be upgraded with the latest firmware in order to access USB profiles Until exist
262. nly 98 Connecting to Virtual Media 2 niente tacente tta nennt etas 100 Disconnecting Virtual Medias icici 1222 rtriet teret namia 103 90 Overview Raritan Chapter 5 Virtual Media Virtual media extends KVM capabilities by enabling KVM target servers to remotely access media from a client PC and network file servers With this feature media mounted on a client PC and network file servers is essentially mounted virtually by the target server The target server can then read from and write to that media as if it were physically connected to the target server itself In addition to data file support via virtual media files are supported by virtual media via a USB connection Virtual media can include internal and USB mounted CD and DVD drives USB mass storage devices PC hard drives and ISO images disk images Note ISO9660 is the standard supported by Raritan However other ISO standards can be used Virtual media provides the ability to perform additional tasks remotely such as e Transferring files e Running diagnostics e Installing or patching applications e Complete installation of the operating system This expanded KVM control eliminates most trips to the data center saving time and money thereby making virtual media very powerful 91 92 Chapter 5 Virtual Media Raritan Diagram key Desktop PC 2 KSX II 3 CIM 4 Target se
263. nnecting Virtual Media on page 103 97 Chapter 5 Virtual Media File Server Setup File Server ISO Images Only Note This feature is only required when using virtual media to access file server ISO images ISO9660 format is the standard supported by Raritan However other CD ROM extensions may also work Note SMB CIFS support is required on the file server Use the Remote Console File Server Setup page to designate the files server s and image paths that you want to access using virtual media File server ISO images specified here are available for selection in the Remote Server ISO Image Hostname and Image drop down lists in the Map Virtual Media CD ISO Image dialog See CD ROM DVD ROM ISO Images 1 98 To designate file server ISO images for virtual media access Choose Virtual Media from the Remote Console The File Server Setup page opens Check the Selected checkbox for all media that you want accessible as virtual media Enter information about the file server ISO images that you want to access P Address Host Name Host name or IP address of the file server Image Path Full path name of the location of the ISO image For example sharename0 path0 image0 iso sharename1 path1 image1 iso and so on Note The host name cannot exceed 232 characters in length Click Save All media specified here are now available for selection in the Map Virtual Media CD ISO Image dialog Raritan
264. np rnt nassaan Ek en unes 143 Configuring Direct Port Access via Telnet IP Address or SSH n se 144 Enabling the AKC Download Server Certificate Validation ssesssss 146 Configuring Modem Settings ioc th ra ceret ortho oerte tret ure ena Fede eek aea eta d eva Una nde et area reden 147 Configuring Date Time Settlrgs i tiroteo inda nnde oce ete pede bra nde ela Evan e depen 148 Event ManagemeNt r cect a tcc sind vas nee tetuer pa due evoca td gue Reha du sath e dex tend eit dre Med 149 Configuring Event Management Settings essen enne 150 Configuring Event Management Destinations ssssssssseeeeee 152 aro titel afar Maior ME ER 155 POW SE COMO MD TD 158 Target Seting ELT 160 Configuring Blade Chassis sse enne nennen nnne enne 161 Configuring USB Profiles Port Page sssssseseeeeeeeneen nens 181 Configuring KSX II Local Port Settings sssssssseseeeee eee 183 Port KGVWOFOSo scenes ott LL tL LEES 186 Port Group Manage meN DTE 188 Chapter9 Security Management 189 ST Te S I1 RAT DU VAT RIDERE TEE EET D 189 LOG IER TER TIOTIS 5t cem eae nene tate eed vea desea ak deee ionge etta dr nudes 190 Strong PasSWOFOS uerenh ot onde sete teen ode ge esas Cauda reus aee aa g hera ira nde exta Rea e d gen 192 User BIOCKIhg odere ance Seton detta deserat uade dae ade eaaa etta uu de pd 193 Encryption amp SLIBEO
265. o a new target the smart card reader will be automatically unmounted from the target server gt To mount a smart card reader onto a target via the KSX II Local console 1 Plug a USB smart card reader into the KSX II using one of the USB ports located on the device Once attached the smart card reader will be detected by the KSX Il From the Local Console click Tools Select the smart card reader from the Card Readers Detected list Select None from the list if you do not want a smart card reader mounted 4 Click OK Once the smart card reader is added a message will appear on the page indicating you have completed the operation successfully A status of either Selected or Not Selected will appear in the left panel of the page under Card Reader 243 Chapter 13 KSX II Local Console gt To update the Card Readers Detected list e Click Refresh if anew smart card has been mounted The Card Readers Detected list will be refreshed to reflect the newly added smart card reader Select Card Reader Card Readers Detected USB SmartCard Reader Gemplus EH mum mum Local Console USB Profile Options From the USB Profile Options section of the Tools page you can choose from the available USB profiles for a local port The ports that can be assigned profiles are displayed in the Port Name field and the profiles that are available for a port appear in the Select Profile To Use field after the port is selected The prof
266. o be transmitted and responses returned For example if a high rate of failover is observed due to high network utilization the timeout should be extended to 3 or 4 times the ping interval Select the Bandwidth Click OK to apply the LAN settings dis 5E Raritan Device Services 5 Raritan Chapter 8 Device Management The Device Services page allows you to configure the following functions Enabling Telnet Enabling SSH access Configuring HTTP and HTTPs port settings Enabling Serial Console Access Configuring the discovery port access Enabling direct port access Enabling the AKC Download Server Certificate Validation feature if you are using AKC Enabling Telnet If you wish to use Telnet to access the KSX II first access the KSX II from the CLI or a browser 1 2 3 To enable Telnet Select Device Settings Device Services and then select the Enable TELNET Access checkbox Enter the Telnet port Click OK Once Telnet access is enabled you can use it to access the KSX Il and set up the remaining parameters Enabling SSH Enable SSH access to allow administrators to access the KSX II via the SSH v2 application 1 To enable SSH access Choose Device Settings Device Services The Device Service Settings page opens Select Enable SSH Access Enter the SSH Port information The standard SSH TCP port number is 22 but the port number can be changed to provide a higher l
267. o keywords have been created yet the page will contain the message There are no port keywords defined If port keywords do exist they will be listed on the Port Keyword List page n Raritan sis Raritan Chapter 8 Device Management 2 Define a keyword for the first time by clicking the Add button on the Port Keyword List page The Add Keyword page will then open Follow steps 3 5 to create new keywords Home gt Device Settings gt Port Keyword List gt Keyword Add Keyword Keyword Ports Available Selected 9 Cisco 2501 10 SP 2 11 Serial Port 3 12 Serial Port 4 14 Serial Port 6 Cancel Type a keyword in the Keyword field and then click the Add button The keyword will be added to the page directly under the Keyword field and will appear on the Port Keyword List page once OK is selected Add additional keywords by following the same steps if needed In the Ports section of the page in the Available selection box click the port or ports you want to associate with that keyword and click Add The port associated with the keyword will then be moved to the Selected selection box Continue adding ports as needed Click OK To remove ports from the selected list On the Add Keyword page click the port in the Selected selection box and then click Remove To delete keywords On the Port Keyword List page check the checkbox of the keyword you would l
268. o the KSX Il from locking up when I switch away from them Each Dominion computer interface module DCIM dongle acts as a virtual keyboard and mouse to the server to which it is connected This technology is called KME keyboard mouse emulation Raritan s KME technology is data center grade battle tested and far more reliable than that found in lower end KVM switches it incorporates more than 15 years of experience and has been deployed to millions of servers worldwide Are there any agents that must be installed on servers connected to the KSX II Servers connected to the KSX II do not require any software agents to be installed because the KSX II connects directly via hardware to servers keyboard video and mouse ports How many servers can be connected to each KSX II device Raritan Sis Raritan Appendix D FAQs The KSX II models range from 4 to 8 server ports in a 1U chassis This is the industry s highest digital KVM switch port density What happens if disconnect a server from the KSX Il and reconnect it to another KSX II device or connect it to a different port on the same KSX II device The KSX II will automatically update the server port names when servers are moved from port to port This automatic update does not just affect the local access port but propagates to all remote clients and the optional CommandCenter Secure Gateway management device Both serial and KVM ports can be moved without encounte
269. of the screen and calculates the acceleration For this mode to work properly certain conditions must be met gt To enter intelligent mouse mode e Choose Mouse gt Intelligent Intelligent Mouse Synchronization Conditions The Intelligent Mouse Synchronization command available on the Mouse menu automatically synchronizes mouse cursors during moments of inactivity For this to work properly however the following conditions must be met e The active desktop should be disabled on the target e No windows should appear in the top left corner of the target page e There should not be an animated background in the top left corner of the target page e The target mouse cursor shape should be normal and not animated e The target mouse speeds should not be set to very slow or very high values e Advanced mouse properties such as Enhanced pointer precision or Snap mouse to default button in dialogs should be disabled e Choose Best Possible Video Mode in the Video Settings window e The edges of the target video should be clearly visible that is a black border should be visible between the target desktop and the remote KVM console window when you scroll to an edge of the target video image e When using the intelligent mouse synchronization function having a file icon or folder icon located in the upper left corner of your desktop may cause the function not to work properly To be sure to avoid any problems with
270. ol or not arising under normal operating conditions U Lus jt LISTED Contents Chapter 1 Introduction 1 KSX IRe mu M 2 Md mp 4 Related DocurrientatlOr uacua eodein ona ratur nun b d nnd a uid a i a e a 4 eere ugue 4 Vitaal e aak 5 iiseteHrilcf T 5 TARO rite MA 5 SIOUE 1 M Q 6 External Product Overview nascente con tne dtt dee nda e nd ext nid nd d Ra cod V deed 7 Ium ER 9 Package GOorntenls edo edd rette pcdcs i tette ba o diaeta edle edet tradere reddas 11 Chapter2 Installation and Configuration 12 II MC 12 Default Eogin InformatlQna serit necem te rcr Fi mire n Eck aen su E a Fe D xa ao EH a 12 MSGOTHING STAM O P iced 13 Step 1 Configure KVM Target Servers ssssssssssssssesesee entree 13 Step 2 Configure Network Firewall Settings sssseeeeeene 22 Step 3 Connect the Equipmient uicit eerte tene neri erai ace det need RD Era 23 Step 4 Configure the KSX ll tierna deae ene pete ted e khe aeS Lene 28 Valid Special Characters for Target Names ssssssssseseeeeenen nnne 31 Step 5 Optional Configure Keyboard
271. ompleted 2 4 E M LM Np Rem al Acus si em non e casco T Heec ccc M 3 System events are categorized by Device Operation Device Management Security User Activity and User Group Administration 2 Check the checkboxes for those event line items you want to enable or disable and where you want to send the information Tip Enable or disable entire categories by checking or clearing the category line checkboxes respectively 3 Click OK gt To reset to factory defaults Click the Reset To Defaults button bis 5E Raritan Raritan SNMP Trap Configuration Chapter 8 Device Management SNMP provides the ability to send traps or notifications to advise an administrator when one or more conditions have been met The following table lists the KSX II SNMP traps Trap name cimConnected cimDisconnected cimUpdateCompleted cimUpdateStarted configBackup configRestore deviceUpdateFailed deviceUpgradeCompleted deviceUpgradeStarted ethernetFailover factoryReset firmwareFileDiscarded firmwareUpdateF ailed firmwareValidationFailed groupAdded groupDeleted groupModified ipConflictDetected ipConflictResolved networkFailure Description A CIM is plugged into to the KSX II port A CIM is either unplugged from the KSX Il port or powered off CIM firmware update process completed CIM firmware update process started The device configuration has been backed up The device configura
272. on Configuring Direct Port Access via Telnet IP Address or SSH The information in this topic is specific to enabling direct port access for serial targets Use the Enable Direct Port Access via URL option on the Device Services page to enable direct port access for a KVM serial port connect to the KSX Il See Enabling Direct Port Access via URL on page 143 gt To configure direct port access 1 Choose Device Settings Device Services The Device Service Settings page opens 2 Type the IP address and ports used for SSH and Telnet in the appropriate fields for each serial target Note that leaving all three fields blank will disable direct port access for the serial target To enable direct port access you must do one of the following Enable global Telnet or SSH access Input a valid IP address or TCP port in at least one of the three fields Important It is not recommended that more than one of these fields is populated Below are examples of Telnet and IP Direct Port access via IP alias address Configure the IP alias address 192 168 1 59 for a serial target Once this is done connection to the target through Telnet can be done using telnet 192 168 1 59 Direct Port access via Telnet port Configure the Telnet TCP Port as 7770 Once this is done connection to the target can be done using telnet KSX II device IP address 7770 Direct Port Access via SSH Port Configure the SSH TCP port
273. onnect a KVM target server to the KSX Il 1 Use the appropriate Computer Interface Module CIM Refer to Supported Operating Systems and CIMs KVM Target Servers on page 272 for more information about the CIMs to use with each operating system 2 Attach the HD15 video connector of your CIM to the video port of your KVM target server Ensure that your target server s video has already been configured to a supported resolution and refresh rate For Sun servers also ensure that your target server s video card has been set to output standard VGA H and V sync and not composite sync 3 Attach the keyboard mouse connector of your CIM to the corresponding ports on your target server Using a standard straight through UTP Cat5 5e 6 cable connect the CIM to an available server port on the back of your KSX II device Note The DCIM USB G2 provides a small slide switch on the back of the CIM Move the switch to P for PC based USB target servers Move the switch to S for Sun USB target servers A new switch position takes effect only after the CIM is power cycled To power cycle the CIM remove the USB connector from the target server and plug it back in a few seconds later E Rack PDU Power Strip gt To connect the Dominion PX to the KSX Il 1 Plug one end of a Cat5 cable into the Serial port on the front of the Dominion PX 2 Connect the other end of the Cat5 cable to either the Power Ctrl 1 or Power Ctrl 2 ports on the
274. onnector connection CAT 5 cable Sun Netra T1 RJ 45 CRLVR 15 cable or CRLVR 1 adapter and a CAT5 cable Sun Cobalt DB9M ASCSDB9F adapter anda Various Windows NT CAT 5 cable Go to the Support page on Raritan s website www raritan com to obtain a list of commonly used cables and adapters KSX Il Serial RJ 45 Pinouts To provide maximum port density and to enable simple UTP Category 5 cabling The KSX II provides its serial connections via compact RJ 45 ports However no widely adopted industry standard exists for sending serial data over RJ 45 connections The following tables list the RJ 45 pinouts for the RJ 45 connector RJ 45 PIN SIGNAL RTS DTR TxD GND DCD RxD DSR 8 CTS Joc A UON Go to the Raritan website www raritan com Support page to find the latest information about the KSX II serial pinouts RJ 45 DB9F Nulling Serial Adapter Pinouts RJ 45 female DB9 female 1 8 2 1 6 5E Raritan Raritan RJ 45 female c N OO A O Appendix A Specifications DB9 female 2 SHELL 5 3 4 7 DB9M Nulling Serial Adapter Pinouts RJ 45 female ON DOO A2 C DY DB9 male 8 1 6 DB25F Nulling Serial Adapter Pinouts RJ 45 female c N DOO A C N DB25 female 5 6 8 3 1 7 2 20 293 Appendix A Specifications 294 DB25M Nulling Serial Adapter Pinouts RJ 45 female DB25 male 5 6 8 3 1 7 2 20 oOo N DOO A C N
275. oose the ISO Image option Use this option when you want to access a disk image of a CD DVD or hard drive ISO format is the only format supported b Click the Browse button c Navigate to the path containing the disk image you want to use and click Open The path is populated in the Image Path field d Click Connect 4 Forremote ISO images on a file server a Choose the Remote Server ISO Image option b Choose Hostname and Image from the drop down list The file servers and image paths available are those that you configured using the File Server Setup page Only items you configured using the File Server Setup page will be in the drop down list C File Server Username User name required for access to the file server The name can include the domain name such as mydomain username d File Server Password Password required for access to the file server field is masked as you type e Click Connect The media will be mounted on the target server virtually You can access the media just like any other drive Note If you are working with files on a Linux target use the Linux Sync command after the files are copied using virtual media in order to view the copied files Files may not appear until a sync is performed Note If you are using the Windows 7 operating system Removable Disk is not displayed by default in the Window s My Computer folder when you mount a Local CD DVD Drive or Local or Remote ISO Image
276. ors and should be purchased by customers who wish to utilize virtual media at the BIOS level The D2CIM DVUSB is also required for smart card authentication The D2CIM VUSB has a single USB connector and is for customers who will use virtual media at the OS level Both support virtual media sessions to target servers supporting the USB 2 0 interface Available in economical 32 and 64 quantity CIM packages these CIMs support Absolute Mouse Synchronization as well as remote firmware update Is virtual media secure Yes Virtual media sessions are secured using AES or RC4 encryption 323 324 Appendix D FAQs USB Profiles What is a USB profile Certain servers require a specifically configured USB interface for USB based services such as virtual media The USB Profile tailors the KSX Is USB interface to the server to accommodate these server specific characteristics Why would I use a USB profile USB Profiles are most often required at the BIOS level where there may not be full support for the USB specification when accessing virtual media drives However profiles are sometimes used at the operating system level for example for mouse synchronization for Mac and Linux servers How is a USB profile used Individual or groups of ports can be configured by the administrator to use a specific USB profile in the KSX II s Port Configuration pages A USB profile can also be selected in the KSX II client when require
277. ort or specify another port The default Secure LDAP Port is 636 Either use the default port or specify another port This field is only used when the Enable Secure LDAP checkbox is selected Select the Enable LDAPS Server Certificate Validation checkbox to use the previously uploaded root CA certificate file to validate the certificate provided by the server If you do not want to use the previously uploaded root CA certificate file leave this checkbox deselected Disabling this function is the equivalent of accepting a certificate that has been signed by an unknown certifying authority This checkbox is only available when the Enable Secure LDAP checkbox has been enabled Note When the Enable LDAPS Server Certificate Validation option is selected in addition to using the Root CA certificate for validation the server hostname must match the common name provided in the server certificate If needed upload the Root CA Certificate File This field is enabled when the Enable Secure LDAP option is selected Consult your authentication server administrator to get the CA certificate file in Base64 encoded X 509 format for the LDAP LDAPS server Use the Browse button to navigate to the certificate file If you are replacing a certificate for the LDAP LDAPS server with a new certificate you must reboot the KSX II in order for the new certificate to take effect LDAP Secure LDAP Enable Secure LDAP Port et 389 1 S
278. os exported from Active KVM Client AKC cannot be imported into Multi Platform Client MPC or Virtual KVM Client VKC Macros exported from MPC or VKC cannot be imported into AKC Note KX Il 101 does not support AKC 1 To import macros Choose Keyboard Import Keyboard Macros to open the Import Macros dialog Browse to the folder location of the macro file Click on the macro file and click Open to import the macro a Iftoo many macros are found in the file an error message is displayed and the import terminates once OK is selected b Ifthe import fails an error dialog appears and a message regarding why the import failed is displayed Select OK to continue the import without importing the macros that cannot be imported Select the macros to be imported by checking their corresponding checkbox or using the Select All or Deselect All options Click OK to begin the import a Ifa duplicate macro is found the Import Macros dialog appears Do one of the following Raritan Chapter 3 Working with Target Servers Click Yes to replace the existing macro with the imported version Click Yes to All to replace the currently selected and any other duplicate macros that are found Click No to keep the original macro and proceed to the next macro Click No to All keep the original macro and proceed to the next macro Any other duplicates that are found are skipped as well Click Cancel to stop t
279. ostname or IP address into the Hostname or IP Address field Click Ping The results of the ping are displayed in the Result field Trace Route to Host Page Trace route is a network tool used to determine the route taken to the provided hostname or IP address 1 To trace the route to the host Choose Diagnostics Trace Route to Host The Trace Route to Host page opens Type either the IP address or host name into the IP Address Host Name field Note The host name cannot exceed 232 characters in length Choose the maximum hops from the drop down list 5 to 50 in increments of 5 Click Trace Route The trace route command is executed for the given hostname or IP address and the maximum hops The output of trace route is displayed in the Result field 5 Raritan Maximum Hops 10 i Result ee OF adi am a map gn ram p n Home gt Diagnostics gt Trace Route to Host Trace Route to Host IP Address Host ame 4 92 168 59 173 iTrace Route traceroute started wait for 2mins traceroute to 192 168 59 173 192 168 59 173 10 hops max 40 byte packets 1 192 168 59 173 192 168 59 173 0 497 ms 0 308 ms 0 323 ms ae ee V Ua tn a eS 223 Chapter 11 Diagnostics Device Diagnostics Note This page is for use by Raritan field engineers or when you are directed by Raritan Technical Support Device Diagnostics downloads the diagnostics information from KSX II to the clien
280. ote channels we recommend connecting up to 4 blade server chassis You can of course connect individual servers to the remaining server ports I m an SMB customer with a few KSX II s Must use your CC SG management station No you don t have to SMB customers are not required to use CC SG to use the new blade features I m an enterprise customer using CC SG Can I access blade servers via CC SG Yes Once blade servers are configured on the KSX Il the CC SG user can access them via KVM connections In addition the blade servers are organized by chassis as well as CC SG custom views What if want in band or embedded KVM access Yes in band and embedded access to blade servers can be configured within CC SG I m running VMware on some of my blade servers Is this supported Yes with CC SG you can display and access virtual machines running on blade servers Is virtual media supported We support VM on IBM BladeCenter Model H and E with the D2CIM DVUSB Is Absolute Mouse Synchronization supported Servers with internal KVM switches inside the blade chassis typically do not support absolute mouse technology For HP Blade and some Dell blade servers the CIM is connected to each blade so absolute mouse is supported if the underlying OS running on the blade does Is blade access secure Yes blade access uses all of the standard KSX II security features such as 128 bit or 256 bit encryption In addition there ar
281. ou may also choose not to associate specific users with groups In this case you can classify the user as Individual Upon successful authentication the device uses group information to determine the user s permissions such as which server ports are accessible whether rebooting the device is allowed and other features Adding a New User Group gt To add anew user group 1 Open the Group page by selecting User Management gt Add New User Group or clicking the Add button from the User Group List page Raritan zie Raritan Chapter 7 User Management The Group page is organized into the following categories Group Permissions Port Permissions and IP ACL 2 Type a descriptive name for the new user group into the Group Name field up to 64 characters 3 Setthe permissions for the group Select the checkboxes before the permissions you want to assign to all of the users belonging to this group See Permissions on page 116 4 Setthe port permissions Specify the server ports that can be accessed by users belonging to this group and the type of access See Port Permissions on page 117 5 Setthe IP ACL This feature limits access to the KSX II device by specifying IP addresses It applies only to users belonging to a specific group unlike the IP Access Control list feature that applies to all access attempts to the device and takes priority See Group Based IP ACL Access Control List on page 118
282. over IP Protocol Configurable Port 5000 SNTP Time Server on Configurable UDP Port 123 LDAP LDAPS on Configurable Ports 389 or 636 RADIUS on Configurable Port 1812 RADIUS Accounting on Configurable Port 1813 SYSLOG on Configurable UDP Port 514 SNMP Default UDP Ports TCP Port 21 282 Description This port can be configured as needed See HTTP and HTTPS Port Settings on page 142 By default all requests received by the KSX II via HTTP port 80 are automatically forwarded to HTTPS for complete security The KSX II responds to Port 80 for user convenience relieving users from having to explicitly type in the URL field to access the KSX Il while still preserving complete security This port can be configured as needed See HTTP and HTTPS Port Settings on page 142 By default this port is used for multiple purposes including the web server for the HTML client the download of client software MPC VKC onto the client s host and the transfer of KVM and virtual media data streams to the client This port is used to discover other Dominion devices and for communication between Raritan devices and systems including CC SG By default this is set to Port 5000 but you may configure it to use any TCP port not currently in use For details on how to configure this setting see Network Settings The KSX II offers the optional capability to synchronize its internal clock to a central time server This function
283. ownloads iaj 3 Hn e C Miscellaneous 3 HTMLbackground jpg File name Server Screenshot Files of type JPEG image files hd Save Cancel V m zie Raritan 67 68 Chapter 3 Working with Target Servers Changing the Maximum Refresh Rate If the video card you are using on the target uses custom software and you are accessing the target through MPC or VKC you may need to change the maximum refresh rate of the monitor in order for the refresh rate to take effect on the target gt To adjust the monitor refresh rate 1 In Windows select Display Properties gt Settings gt Advanced to open the Plug and Play dialog Click on the Monitor tab Set the Screen refresh rate Click OK and then OK again to apply the setting Mouse Options When controlling a target server the Remote Console displays two mouse cursors one belonging to your client workstation and the other belonging to the target server You can operate in either single mouse mode or dual mouse mode When in dual mouse mode and provided the option is properly configured the mouse cursors align When there are two mouse cursors the device offers several mouse modes e Absolute Mouse Synchronization e Intelligent Mouse Mode e Standard Mouse Mode Raritan Chapter 3 Working with Target Servers Mouse Pointer Synchronization When remotely viewing a target server that uses a mouse two mouse cursors are displaye
284. ows on a Windows target server Modifying and Removing Keyboard Macros To modify a macro Choose Keyboard Keyboard Macros The Keyboard Macros dialog appears Choose the macro from among those listed Click Modify The Add Edit Macro dialog appears Make your changes Click OK cw c Im v To remove a macro Choose Keyboard Keyboard Macros The Keyboard Macros dialog appears 2 Choose the macro from among those listed 3 Click Remove The macro is deleted Hot key combinations that coincide with blade chassis switching key sequences will not be sent to blades housed in those chassis Setting CIM Keyboard Mouse Options gt To access the DCIM USBG2 setup menu 1 Putthe mouse focus on a window such as Note Pad Windows operating system or an equivalent 2 Select Set CIM Keyboard Mouse options This is the equivalent of sending the Left Control and Num Lock to the target The CIM setup menu options are then displayed Raritan Chapter 3 Working with Target Servers 3 Setthe language and mouse settings 4 Exitthe menu to return to normal CIM functionality Video Properties Refreshing the Screen The Refresh Screen command forces a refresh of the video screen Video settings can be refreshed automatically in several ways e The Refresh Screen command forces a refresh of the video screen e The Auto sense Video Settings command automatically detects the target server s video settings
285. p Individual An individual group is essentially a group of one Group That is the specific user is in its own group not affiliated with other real groups Individual groups can be identified by the in the Group Name The individual group allows a user account to have the same rights as a group Up to 254 user groups can be created in the KSX Il 113 114 Chapter 7 User Management User Group List User groups are used with local and remote authentication via RADIUS or LDAP LDAPS It is a good idea to define user groups before creating individual users since when you add a user you must assign that user to an existing user group The User Group List page displays a list of all user groups which can be sorted in ascending or descending order by clicking on the Group Name column heading From the User Group List page you can also add modify or delete user groups gt To list the user groups e Choose User Management gt User Group List The User Group List page opens Home User Managemest gt Groups User Group List 4 Group Name re a unten nandi eee ee ee e aN Ao sd Relationship Between Users and Groups Users belong to a group and groups have privileges Organizing the various users of your KSX II into groups saves time by allowing you to manage permissions for all users in a group at once instead of managing permissions on a user by user basis Y
286. p to 256 characters When the Enable Secure LDAP option is selected the DNS name must be used Note that the remaining fields share the same settings with the Primary LDAP Server field Optional Type of External LDAP Server Select the external LDAP LDAPS server Choose from among the options available Generic LDAP Server Microsoft Active Directory Active Directory is an implementation of LDAP LDAPS directory services by Microsoft for use in Windows environments 8 Type the name of the Active Directory Domain if you selected Microsoft Active Directory For example acme com Consult your Active Directive Administrator for a specific domain name Raritan Sis Raritan 9 Chapter 7 User Management In the User Search DN field enter the Distinguished Name of where in the LDAP database you want to begin searching for user information Up to 64 characters can be used An example base search value might be cn Users dc raritan dc com Consult your authentication server administrator for the appropriate values to enter into these fields Enter the Distinguished Name of the Administrative User in the DN of Administrative User field up to 64 characters Complete this field if your LDAP server only allows administrators to search user information using the Administrative User role Consult your authentication server administrator for the appropriate values to type into this field An example DN of Administrative U
287. ply the settings and close the dialog Click Apply to apply the settings without closing the dialog zie Raritan Chapter 3 Working with Target Servers Note Some Sun background screens such as screens with very dark borders may not center precisely on certain Sun servers Use a different background or place a lighter colored icon in the upper left corner of the screen Video Settings Noise Filter Noise Fiter PLL Settings Clock Phase Color Settings Brightness Red 4 gt gt Brightness Green Brightness Blue Contrast Red gt A v w v Contrast Green Contrast Blue lt gt lt gt Horizontal Offset Vertical Offset 4 Automatic Color Calibration Video Sensing Best possible video mode Quick sense video mode j Z Raritan Chapter 3 Working with Target Servers Using Screenshot from Target You are able to take a screenshot of a target server using the Screenshot from Target server command If needed save this screenshot to a file location of your choosing as a bitmap JPEG or PNG file gt To take a screenshot of the target server 1 Select Video Screenshot from Target or click the Screenshot from m Target button be on the toolbar 2 Inthe Save dialog choose the location to save the file name the file and select a file format from the Files of type drop down 3 Click Save to save the screenshot Save in f My D
288. pply Note The KX II 101 does not support AKC Raritan Raritan 9 Chapter 3 Working with Target Servers Exit Full Screen Mode Hotkey When you enter Full Screen mode the display of the target server becomes full screen and acquires the same resolution as the target server This is the hot key used for exiting this mode Exit Single Cursor Mode Hotkey When you enter single cursor mode only the target server mouse cursor is visible This is the hot key used to exit single cursor mode and bring back the client mouse cursor Click OK Client Launch Settings Select the Client Launch Settings tab a Toconfigure the target window settings Select Standard sized to target Resolution to open the window using the target s current resolution If the target resolution is greater than the client resolution the target window covers as much screen area as possible and scroll bars are added if needed Select Full Screen to open the window in full screen mode a To configure the monitor on which the target viewer is launched Select Monitor Client Was Launched from if you want the target viewer to be launched using the same display as the application that is being used on the client for example a web browser or applet Use Select From Detected Monitors to select from a list of target monitors that are currently detected by the application If a previously selected monitor is no longer detected Cur
289. practical 100Mbit network speed 0 08 seconds 10Mbps Theoretical 10Mbit network speed 4 seconds 6Mbps Likely practical 10Mbit network speed 8 seconds 512Kbps Cable modem download speed 8 seconds typical How do access servers connected to the KSX II if the network ever becomes unavailable The KSX II offers an internal modem port With this modem servers can still be remotely accessed in the event of a network emergency Furthermore the KSX II s local ports always allow access to servers from the rack regardless of the network condition Do you have a non Windows client Yes The Virtual KVM Client Raritan Serial Console RSC and the Multi Platform Client MPC allow non Windows users to connect to KVM target servers through the KSX II switches MPC can be run via web browsers and standalone Sometimes during a Virtual KVM Client session the Alt key appears to get stuck What should do This usually occurs in situations when the Alt key is held and not released For instance continuing to press the Alt key while pressing the space bar might cause the focus to change from the target server to the client PC The local operating system then interprets this key combination and consequently triggers the action for this key combination in the active window the client PC Raritan Appendix D FAQs Ethernet and IP Networking Raritan Does the KSX Il offer dual gigabit Ethernet ports to provide redundant fai
290. r blade DCIM USBG2 D2CIM VUSB D2CIM DVUSB for standard KVM port operation without a KVM option Source HP Proliant BL480c Server Blade Maintenance and Service Guide The HP c Class Blade SUV Cable e DCIM USBG2 enables you to perform server blade D2CIM VUSB administration configuration and diagnostic procedures by connecting video and USB devices directly to the server blade Source HP ProLiant BL480c Server Blade Maintenance and Service Guide D2CIM DVUSB for standard KVM port operation The Advanced Management Module e DCIM USBG2 AMM provides system management functions and keyboard video mouse KVM multiplexing for all blade chassis The AMM connections include a serial port video connection remote management port Ethernet and two USB v2 0 ports for a keyboard and mouse Source Implementing the IBM BladeCenter S Chassis The BladeCenter H chassis ships e DCIM USBG2 standard with one Advanced e D2CIM DVUSB 177 Chapter 8 Device Management 178 Blade chassis Connection method Management Module Source IBM BladeCenter Products and Technology IBM BladeCenter E The current model BladeCenter E chassis 8677 3Rx ships standard with one Advanced Management Module Source IBM BladeCenter Products and Technology IBM BladeCenter T The BladeCenter T chassis ships standard with one Advanced Management Module In contrast to the standard BladeCenter chassis the KVM module and the
291. r the RJ 45 connector RJ 45 PIN SIGNAL RTS DTR TxD GND DCD RxD DSR CTS c N OO A C N x Raritan Appendix D FAQs Go to the Raritan website www raritan com Support page to find the latest information about the KSX II serial pinouts RJ 45 The Dominion KSX Il uses the web browser to access serial devices What are the advantages of Java enabled web browser access For many Solaris Unix Linux system administrators the de facto standard for accessing serial hosts is SSH However the SSH clients available for Unix Linux do not support Apple Macintosh Additionally Java enabled browsers are available on many platforms including PDAs and handheld PCs The easy point and click access offered by Dominion KSX II allows administrators secure access from any Java enabled web browser Universal Virtual Media Z Raritan What KSX Il models support virtual media All of the KSX II models support virtual media It is available standalone and through Raritan s CommandCenter Secure Gateway Raritan s centralized management unit What types of virtual media does the KSX II support The KSX II supports the following types of media internal and USB connected CD DVD drives USB mass storage devices PC hard drives and ISO images What is required for virtual media A KSX II virtual media CIM is required There are two of these CIMs the D2CIM VUSB and the new D2CIM DVUSB The D2CIM DVUSB has dual USB connect
292. rade Version Current version of the CIM e Result The result of the upgrade success or fail Rebooting The Reboot page provides a safe and controlled way to reboot your KSX Il This is the recommended method for rebooting Important All KVM and serial connections will be closed and all users will be logged off zie Raritan 2 Chapter 10 Maintenance CC Unmanage 216 gt To reboot your KSX Il 1 Choose Maintenance Reboot The Reboot page opens Home gt Maintenance gt Reboot Reboot Reboot This may take up to two minutes 2 Click Reboot You are prompted to confirm the action Click Yes to proceed with the reboot Home gt Maintenance gt Reboot Rebooting the system will logoff all users Do you want to proceed with the reboot This may take up to two minutes When a KSX II device is under CommandCenter Secure Gateway control and you attempt to access the device directly using the KSX II Remote Console the following message appears after entry of a valid user name and password Managed by Command Center Secure Gateway This device is being managed by Command Center Secure Gateway CC SG 192 168 61 129 Direct Login is disabled at this time Raritan zie Raritan Chapter 10 Maintenance Stopping CC SG Management While the KSX II is under CC SG management if you try to access the device directly you are notified that it the device is under
293. ration 259 Windows Vista Dial Up Networking Configuration 263 Windows XP Dial Up Networking Configuration ss 264 Certified Modems for UNIX Linux and MPC Raritan Following is a list of modems that are certified to work for UNIX Linux and MPC e US Robotics Courier 56K Business Modem Model 3453B e Zoom Fax Modem 56Kx Dualmode Model 2949 e Zoom 56k v 92 v 90 Modem Model 3049 e US Robotics v 92 56k Fax Modem Model 5686 e US Robotics 56k SportSter Modem 257 258 Chapter 14 Modem Configuration Low Bandwidth KVM Settings Following are the settings that Raritan recommends in order to achieve optimum performance when using KVM over low bandwidth speeds typical of DSL connections This information applies to both virtual KVM and MPC Setting Connection speed Color depth Noise filter To achieve optimum performance Select Connections Properties Set the Connection Speed to a value that best matches the client to server connection This ranges from 384 Kb for lower DSL speeds to gt 1MB Select Connections gt Properties Reduce the Color Depth as far as possible The lower this is set the better the video refresh response on the target will be The impact is noticeable when opening and moving folders on the target desktop Specifically the display is updated much quicker improv
294. re Z Raritan 1 Choose Device Settings gt Local Port Settings The Local Port Settings page opens 2 Select the checkbox next to the Enable Standard Local Port to enable it Deselect the checkbox to disable it By default the standard local port is enabled but can be disabled as needed The browser will be restarted when this change is made 3 Choose the appropriate keyboard type from among the options in the drop down list The browser will be restarted when this change is made US US International United Kingdom French France 183 184 Chapter 8 Device Management German Germany JIS Japanese Industry Standard Simplified Chinese Traditional Chinese Dubeolsik Hangul Korean German Switzerland Portuguese Portugal Norwegian Norway Swedish Sweden Danish Denmark Belgian Belgium Note Keyboard use for Chinese Japanese and Korean is for display only Local language input is not supported at this time for KSX II Local Console functions Choose the local port hotkey The local port hotkey is used to return to the KSX II Local Console interface when a target server interface is being viewed The default is to Double Click Scroll Lock but you can select any key combination from the drop down list Hot key Take this action Double Click Scroll Lock Press Scroll Lock key twice quickly Double Click Num Lock Press Num Lock key twice quickly Double Click
295. receive the security page for future access The Raritan Serial Console window appears If you re using Dominion KSX or KX Click Connect to start connecting to the target port for RSC and the Raritan Serial Console window appears The Raritan Serial Console window appears Note Download the standalone Raritan Serial Console from the Raritan website www raritan com on the Support page 1 3 To open RSC from the Windows desktop Double click the shortcut or use the Start menu to open the standalone RSC The Raritan Serial Console Login connection properties window appears Enter the device s IP address account information and the desired target port Click Start RSC opens with a connection to the port Note If you experience unrecognized characters or blurry pages in the RSC window due to localization support try changing the font to Courier New Click Emulator Settings Display and select Courier New for Terminal Font Properties or GUI Font Properties Note When RSC connects to a serial target hitting Ctrl or Ctrl 1 does not cause information to be sent However hitting the Ctrl Shift To or the Ctrl Shift will cause information to be sent To open RSC on Sun Solaris Open a terminal window and change to the directory where you installed the RSC Type start sh and press Enter to open RSC Double click the desired device to establish a connection
296. red with the blade chassis model The specific information you are able to configure for a blade server will depend on the brand of blade server you are working with For specific information on each of these supported blade chassis see their corresponding topics in this section of the help The following blade chassis are supported e BM BladeCenter Models E and H e Dell PowerEdge 1855 1955 and M1000e A Generic option allows you to configure a blade chassis that is not included in the above list HP BladeSystem c3000 and c7000 are supported via individual connections from the Dominion device to each blade The ports are grouped together into a chassis representation using the Port Group Management feature Note Dell PowerEdge 1855 1955 blades also provide the ability to connect from each individual blade to a port on the Dominion device When connected in that manner they can also be grouped to create blade server groups Two modes of operation are provided for blade chassis manual configuration and auto discovery depending on the blade chassis capabilities If a blade chassis is configured for auto discovery the Dominion device tracks and updates the following e When a new blade server is added to the chassis e When an existing blade server is removed from the chassis Note In the case of IBM Blade Center Models E and H the KSX II only supports auto discovery for AMM 1 as the acting primary management module 16
297. rently Selected Monitor Not Detected is displayed Click OK Keyboard Limitations Slovenian Keyboards The key does not work on Slovenian keyboards due to a JRE limitation Language Configuration on Linux Because the Sun JRE on Linux has problems generating the correct Key Events for foreign language keyboards configured using System Preferences Raritan recommends that you configure foreign keyboards using the methods described in the following table Language Configuration method US Intl Default French Keyboard Indicator German System Settings Control Center 77 Chapter 3 Working with Target Servers Language Configuration method Japanese System Settings Control Center UK System Settings Control Center Korean System Settings Control Center Belgian Keyboard Indicator Norwegian Keyboard Indicator Danish Keyboard Indicator Swedish Keyboard Indicator Hungarian System Settings Control Center Spanish System Settings Control Center Italian System Settings Control Center Control Center Slovenian System Settings Portuguese System Settings Control Center Note The Keyboard Indicator should be used on Linux systems using Gnome as a desktop environment Raritan 5 Raritan Chapter 3 Working with Target Servers View Options View Toolbar You can use the Virtual KVM client with or without the toolbar display gt To toggle the display of the toolbar o
298. requires the use of UDP Port 123 the standard for SNTP but can also be configured to use any port of your designation Optional If the KSX II is configured to remotely authenticate user logons via the LDAP LDAPS protocol ports 389 or 636 will be used but the system can also be configured to use any port of your designation Optional If the KSX II is configured to remotely authenticate user logons via the RADIUS protocol either port 1812 will be used but the system can also be configured to use any port of your designation Optional If the KSX II is configured to remotely authenticate user logons via the RADIUS protocol and also employs RADIUS accounting for event logging port 1813 or an additional port of your designation will be used to transfer log notifications If the KSX Il is configured to send messages to a Syslog server then the indicated port s will be used for communication uses UDP Port 514 Port 161 is used for inbound outbound read write SNMP access and port 162 is used for outbound traffic for SNMP traps Optional Port 21 is used for the KSX Il command line interface when you are working with Raritan Technical Support Raritan Smart Card Readers Appendix A Specifications zie Raritan Supported and Unsupported Smart Card Readers External USB smart card readers are supported Supported Smart Card Readers Type USB USB USB USB USB Keyboard Card reader Combo USB Keyboard
299. rerequisites Supported Standalone Requires installation Yes MPC of Java Cryptography Extension JCE Unlimited Strength Jurisdiction Policy Files 4 Standalone Requires installation Yes RSC of Java Cryptography Extension JCE Unlimited Strength Jurisdiction Policy Files 4 303 Appendix C Informational Notes Applications Prerequisites Supported MPC Applet Requires installation of Java Browser Supported Cryptography Firefox Yes Extension JCE 2 0 0 7 Unlimited Strength Jurisdiction Policy Firefox 3 0 x Yes Files Internet No Explorer 6 Internet Yes Explorer 7 Internet Yes Explorer 8 HTML access Requires installation client of Java Browser Supported Cryptography Firefox Yes Extension JCE 2 0 0 7 Unlimited Strength Jurisdiction Policy Firefox 3 0 x Yes Files Internet No Explorer 6 Internet Yes Explorer 7 Internet Yes Explorer 8 Jurisdiction files for various JREs are available in the Other Downloads on the Java Sun site JRE Link JRE1 6 n addition IE6 does not support AES 128 http java sun com javase downloads index jsp Java Runtime Environment JRE Important It is recommended that you disable Java caching and clear the Java cache Please refer to your Java documentation for more information Raritan Appendix C Informational Notes The KSX II Remote Console and MPC require JRE to function Java Runtime Environment JRE version 1 6 x or higher are suppo
300. respectively n Z Raritan Chapter 8 Device Management B Type the Agent Community String the device s string An SNMP community is the group that devices and management stations running SNMP belong to It helps define where information is sent The community name is used to identify the group The SNMP device or agent may belong to more than one SNMP community e Specify whether the community is Read Only or Read Write using the Type drop down list D Configure up to five SNMP managers by specifying their Destination IP Port and Community Click the Click here to view the Dominion SNMP MIB link to access the SNMP Management Information Base 8 Click OK N Syslog Configuration gt To configure the Syslog enable Syslog forwarding Choose the Enable Syslog Forwarding option to log the device s messages to a remote Syslog server Type the IP Address of your Syslog server in the IP Address field Click OK SysLog Configuration 7 Enable Syslog Forwarding IP Address Host Name 192 168 52 65 Maa A OK Reset To Defaults Cancel LAM z gee oss IP ya Nu gt To reset to factory defaults e Click the Reset To Defaults button Note Both IPv4 and IPv6 addresses are supported Note IPv6 addresses cannot exceed 80 characters in length for the host name zie Raritan id Chapter 8 Device Management Configuring Event Management Destinations System events if
301. rial Target Servers to Outlets Port Page A server can have up to four power plugs and you can associate a different rack PDU power strip with each From the Port page you can define those associations so that you can power on power off and power cycle the server The KVM and serial Port pages are different from each other with the exception of the Name and Port Association sections Since the Power Association sections are the same the steps below apply to both KVM and serial target servers gt To make power associations associate rack PDU outlets to target servers Note When a rack PDU is associated to a target server port the outlet name is replaced by the target server name even if you assigned another name to the outlet 1 Choose the rack PDU from the Power Strip Name drop down list 2 Forthat rack PDU choose the outlet from the Outlet Name drop down list Repeat steps 1 and 2 for all desired power associations Click OK A confirmation message is displayed 159 160 Chapter 8 Device Management gt Toremove a rack PDU association 1 Select the appropriate rack PDU from the Power Strip Name drop down list 2 Forthat rack PDU select the appropriate outlet from the Outlet Name drop down list From the Outlet Name drop down list select None Click OK The rack PDU outlet association is removed and a confirmation message is displayed Target Settings gt To define target settings 1
302. riate target server The Port Action menu appears Choose Power Cycle A confirmation message appears To power on a target server From the KSX II Remote Console click the Port Access tab The Port Access page opens Click the port name of the appropriate target server The Port Action menu appears Choose Power On A confirmation message appears To power off a target server From the KSX II Remote Console click the Port Access tab to open it The Port Access page opens Click the port name of the appropriate target server The Port Action menu appears Choose Power Off A confirmation message appears 53 54 Chapter 3 Working with Target Servers Disconnecting KVM Target Servers Note This item is not available on the KSX II Local Console The only way to disconnect from the switched target in the Local Console is to use the hot key gt To disconnect a target server 1 Click the port name of the target you want to disconnect The Port Action menu appears 2 Choose Disconnect Tip You can also close the Virtual KVM Client window by selecting Connection gt Exit from the Virtual KVM menu Choosing USB Profiles When you connect to a KVM target server for the first time as described in Connecting to a KVM Target Server on page 51 the preferred USB profile for the port is automatically used If you have connected to the target server previously using a different profile the USB profile f
303. ring problems However once disconnected the name of a KVM will be retained but the name for a serial port will not be 337 338 Appendix D FAQs Local Port Can I access my servers directly from the rack Yes At the rack the KSX II functions just like a traditional KVM switch allowing control of up to 16 servers using a single keyboard monitor and mouse When I am using the local port do I prevent other users from accessing servers remotely No The local port has a completely independent access path to the servers This means a user can access servers locally at the rack without compromising the number of users that access the rack remotely at the same time Can use a USB keyboard or mouse at the local port Yes The KSX II offers a USB keyboard and mouse ports on the local port Note that the USB ports are USB v1 1 and support keyboards and mice only not USB devices such as scanners or printers Is there an Onscreen Display OSD for local at the rack access Yes but the KSX Il s at the rack access goes way beyond conventional OSDs Featuring the industry s first browser based interface for at the rack access the KSX II s local port uses the same interface for local and remote access Moreover most administrative functions are available at the rack How do select between servers while using the local port The local port displays the connected servers using the same user interface as the remote clien
304. ritan Appendix D FAQs Does the KSX Il depend on a Windows server to operate No The KSX II is completely independent Even if a user chooses to configure the KSX II to authenticate against an Active Directory server if that Active Directory server becomes unavailable the KSX II s own authentication will be activated and fully functional Do I need to install a web server such as Microsoft Internet Information Services IIS in order to use the KSX II s web browser capability No The KSX Il is a completely self sufficient device After assigning an IP address to the KSX Il it s ready to use since it comes with web browser and authentication capabilities completely built in What software do have to install in order to access the KSX II from a particular workstation None The KSX II can be accessed completely via a web browser However there is an optional installed client provided on Raritan s website www raritan com which is required for modem connections A Java based client is now available for non Windows users 333 334 Appendix D FAQs Blade Servers Can I connect blade servers to the KSX II Yes The KSX II supports popular blade server models from the leading blade server manufacturers HP IBM and Dell Which blade servers are supported The following models are supported e Dell PowerEdge 1855 1955 and M1000e e HP BladeSystem c3000 and c7000 e IBM BladeCenter H and E Note IBM
305. rmission to operate this service 45 Chapter 3 Working with Target Servers Managing Favorites A Favorites feature is provided so you can organize and quickly access the devices you use frequently The Favorite Devices section is located in the lower left side sidebar of the Port Access page and provides the ability to Create and manage a list of favorite devices Quickly access frequently used devices List your favorites either by Device Name IP Address or DNS hostname Discover KSX II devices on its subnet before and after login Retrieve discovered KSX II devices from the connected KX device after login To access a favorite KSX Il device Click the device name listed beneath Favorite Devices A new browser opens to that device To display favorites by name Click Display by Name To display favorites by IP Address Click Display by IP To display favorites by the host name Click Display by Host Name Favorite Devices 46 NewJersey_RemoteOffice Sydney_RemoteOffice Manage Display By Name Display By Host Name Display By IP mia v 4 T Des 4999 TU a m E S I ANS x RA RS di Raritan 5 Raritan Chapter 3 Working with Target Servers Note Both IPv4 and IPv6 addresses are supported Manage Favorites Page gt To open the Manage Favorites page e Click the Manage button in the left panel The Manage Favorites page appears and contains the following Use To
306. ro maa th nai a sro au caa PD cron a aea aiv 73 INEO 74 MO ONO PUONS m 76 MIS WSOPTIOMS ces sisnect sit T depen 79 FEID OPT OMS ec sncstestenn ccgree asetceedivanidic aeaa a sath ay deck Ei 80 Active KVM Chent AKG m A 80 ecu 80 AKC Supported NET Framework Operating Systems and Browsers 81 Prerequisites tor USING eict 82 Multi Plattonn Cle mti MPC a vices cas etude nahe endocrine sth dan nates cae eade kt eeu na sevens 82 Launching MPC from a Web Browser ssssssssessssssesss entente enne 82 Raritan Serial Console SG ace nde aeaaee nte the read ek te rn fase 83 Opening RSC from the Remote Console sssssssssesseee eene 83 Chapter 4 Rack PDU Power Strip Outlet Control 86 e nul m HO 86 Turning Outlets On Off and Cycling Power sess 87 Chapter 5 Virtual Media 90 uci 91 Prerequisites for Using Virtual Media sesssssssssseseseeseeeeeeenennn entente nennen 94 Using Virtual Media via VKC and AKC in a Windows Environment sees 95 Using Virtual Mediassa
307. rom the last connection is used You are alerted to the use of a profile other than the preferred profile by a warning similar to the following The currently active profile lt HP Proliant DL360 DL380 G4 Windows 2003 Server Installation gt is different than the designated preferred profile lt Generic gt for this target After you have connected to a target server you can change the USB profile as necessary By default the profiles that appear under the USB Profile menu in the VKC are those that you are most likely to use These profiles have been preselected by the administrator for use with the connected target server based on your operational requirements However all profiles are available to be selected via the Other Profiles option on the USB Profile menu gt Tochoose a USB profile 1 Connect to a KVM target server as described in Connecting to a KVM Target Server on page 51 2 In VKC choose a USB profile from the USB Profile menu The name of the profile indicates the operating system or server with which it should be used See USB Profiles on page 104 for details on USB profiles Raritan zie Raritan Chapter 3 Working with Target Servers Connection Properties The dynamic video compression algorithms maintain KVM console usability under varying bandwidth constraints The devices optimize KVM output not only for LAN use but also for WAN use These devices can also control color dept
308. rom the IP Auto Configuration drop down Enter the Preferred DHCP Host Name if DHCP is selected from the IP Auto Configuration drop down Select the IP Auto Configuration The following options are available None Static IP This option requires that you manually specify the network parameters This is the recommended option because the KSX II is an infrastructure device and its IP address should not change DHCP Dynamic Host Configuration Protocol is used by networked computers clients to obtain unique IP addresses and other parameters from a DHCP server With this option network parameters are assigned by the DHCP server If DHCP is used enter the Preferred host name DHCP only Up to 63 characters 4 If IPv6 is to be used enter or select the appropriate IPv6 specific network settings in the IPv6 section a b Select the IPv6 checkbox to activate the fields in the section Enter a Global Unique IP Address This is the IP address assigned to the KSX Il Enter the Prefix Length This is the number of bits used in the IPv6 address Enter the Gateway IP Address 137 Chapter 8 Device Management Link Local IP Address This address is automatically assigned to the device It is used for neighbor discovery or when no routers are present Read Only Zone ID This identifies the device with which the address is associated Read Only Select the IP Auto Configuration The following options are available
309. rowse the Web and read email Connect to the network at my workplace Connect to a business network using dial up or VPN so you can work from home a field office or another location Set up a home or small office network Connect to an existing home or small office network or set up a new one Set up an advanced connection Connect directly to another computer using your serial parallel or infrared port or set up this computer so that other computers can connect to il e Z Raritan Chapter 14 Modem Configuration 4 Click the Set up my connection manually radio button and click Next New Connection Wizard Getting Ready The wizard is preparing to set up your Internet connection S Raritan Chapter 14 Modem Configuration 5 Click the Connect using a dial up modem radio button and click Next New Connection Wizard Internet Connection How do you want to connect to the Internet g a dial up modem This type of connection uses a modem and a regular or ISDN phone line C Connect using a broadband connection that requires a user name and password This is a high speed connection using either a DSL or cable modem Y our ISP may refer to this type of connection as PPPoE Connect using a broadband connection that is always on This is a high speed connection using either a cable modem DSL or LAN connection It is always active and doesn t require you to sign in 266 3is R
310. rt Configuration page from the Blade Server Chassis Model drop down which appears when the Blade Chassis radio button is selected For details on how to configure each blade chassis model see their corresponding topics in this section of the help Blade chassis model KSX II Profile Dell PowerEdge Dell PowerEdge 1855 1955 1855 1955 Dell PowerEdge M1000e Dell PowerEdge M1000e IBM BladeCenter S IBM Other IBM BladeCenter H IBM BladeCenter H IBM BladeCenter T IBM Other IBM BladeCenter HT IBM Other IBM BladeCenter E IBM BladeCenter E HP Configure using Port Group Management functions See HP Blade Chassis Configuration Port Group Management on page 173 zie Raritan Hm Chapter 8 Device Management 176 Supported CIMs for Blade Chassis The following CIMs are supported for blade chassis being managed through the KSX II e DCIM PS2 e DCIM USBG2 e D2CIM VUSB e D2CIM DVUSB Following is a table containing supported CIMs for each blade chassis model that the KSX II supports Blade chassis Generic Dell PowerEdge 1855 Dell PowerEdge 1955 Connection method Recommended CIM s If a D2CIM VUSB or D2CIM DVUSBis DCIM USBG2 used when connecting to a blade chassis configured as Generic you will be able to select the USB profiles from the Port Configuration page and the client s USB Profile menu However virtual media is not supported for generic blade chassis and the Virtual Media
311. rted The KSX II Remote Console checks the Java version If the version is incorrect or outdated you will be prompted to download a compatible version Note In order for multi language keyboards to work in the KSX ll Remote Console Virtual KVM Client install the multi language version of Java Runtime Environment JRE IPv6 Support Notes Raritan Java Java 1 6 supports IPv6 for the following e Solaris 8 and higher e Linux kernel 2 1 2 and higher RedHat 6 1 and higher Java 5 0 and above supports the IPv6 for the following e Solaris 8 and higher e Linux kernel 2 1 2 and higher kernel 2 4 0 and higher recommended for better IPv6 support e Windows XP SP1 and Windows 2003 Windows Vista operating systems The following IPv6 configurations are not supported by Java e J2SE 1 4 does not support IPv6 on Microsoft Windows Linux e tis recommended that Linux kernel 2 4 0 or higher is used when using IPv6 e An IPv6 enabled kernel will need to be installed or the kernel will need to be rebuilt with IPv6 options enabled e Several network utilities will also need to be installed for Linux when using IPv6 For detailed information refer to http www bieringer de linux IPv6 IPv6 HOWTO IPv6 HOWTO html Windows e Windows XP and Windows 2003 users will need to install the Microsoft IPV6 service pack to enable IPV6 Mac Leopard e IPv6 is not supported in KSX II version 2 0 20 for Mac Leopard Sam
312. rtual media channels remain open until the KVM session is closed gt To use virtual media 1 Connect attach the media to the client or network file server that you want to access from the target server This need not be the first step but it must be done prior to attempting to access this media 2 Verify that the appropriate prerequisites are met See Prerequisites for Using Virtual Media on page 94 3 The following conditions must be met in order to use virtual media KSX II e For users requiring access to virtual media KSX Il permissions must be set to allow access to the relevant ports as well as virtual media access VM Access port permission for those ports Port permissions are set at the group level refer to Setting Port Permissions in the device user guide for more information e AUSB connection must exist between the KSX II device and the target server e f you want to use PC Share Security Settings on page 189 must also be enabled in the Security Settings page Optional e You must choose the correct USB profile for the KVM target server you are connecting to Client PC Certain virtual media options require administrative privileges on the client PC for example drive redirection of complete drives Note If you are using Microsoft Vista turn User Account Control off Control Panel User Accounts User Account Control turn off If you would prefer not to change Vista account permissions run
313. rver zie Raritan Chapter 5 Virtual Media CD DVD drive USB mass storage device PC hard drive Remote file server ISO images 93 Chapter 5 Virtual Media Prerequisites for Using Virtual Media With the virtual media feature you can mount up to two drives of different types that are supported by the USB profile currently applied to the target These drives are accessible for the duration of the KVM session For example you can mount a specific CD ROM use it and then disconnect it when you are done The CD ROM virtual media channel will remain open however so that you can virtually mount another CD ROM These virtual media channels remain open until the KVM session is closed as long as the USB profile supports it To use virtual media connect attach the media to the client or network file server that you want to access from the target server This need not be the first step but it must be done prior to attempting to access this media The following conditions must be met in order to use virtual media Dominion Device e For users requiring access to virtual media the device permissions must be set to allow access to the relevant ports as well as virtual media access VM Access port permission for those ports Port permissions are set at the group level e AUSB connection must exist between the device and the target server e f you want to use PC Share Security Settings on page 189 must also be
314. s Once a user is authenticated the user s group is used to determine his system and port permissions The user s assigned privileges determine what type of access is allowed This is called authorization When the KSX II is configured for remote authentication the external authentication server is used primarily for the purposes of authentication not authorization From the Authentication Settings page you can configure the type of authentication used for access to your KSX II Note When remote authentication LDAP LDAPS or RADIUS is selected if the user is not found the local authentication database will also be checked gt Toconfigure authentication 1 Choose User Management Authentication Settings The Authentication Settings page opens 2 Choose the option for the authentication protocol you want to use Local Authentication LDAP LDAPS or RADIUS Choosing the LDAP option enables the remaining LDAP fields selecting the RADIUS option enables the remaining RADIUS fields If you choose Local Authentication proceed to step 6 If you choose LDAP LDAPS read the section entitled Implementing LDAP Remote Authentication see Implementing LDAP LDAPS Remote Authentication on page 124 for information about completing the fields in the LDAP section of the Authentication Settings page 5 If you choose RADIUS read the section entitled Implementing RADIUS Remote Authentication on page 128 for information about compl
315. s 2000 Dial Up Networking Configuration 259 Windows 2000 Settings 16 Windows 3 Button Mouse on Linux Targets 313 Windows Vista Dial Up Networking Configuration 263 Windows Vista Settings 15 Windows XP Dial Up Networking Configuration 264 Windows XP Windows 2003 and Windows 2008 Settings 14 Working with Target Servers 4 36 351 Raritan gt U S Canada Latin America Monday Friday 8 a m 6 p m ET Phone 800 724 8090 or 732 764 8886 For CommandCenter NOC Press 6 then Press 1 For CommandCenter Secure Gateway Press 6 then Press 2 Fax 732 764 8887 Email for CommandCenter NOC tech ccnoc raritan com Email for all other products tech raritan com gt China Beijing Monday Friday 9 a m 6 p m local time Phone 86 10 88091890 Shanghai Monday Friday 9 a m 6 p m local time Phone 86 21 5425 2499 GuangZhou Monday Friday 9 a m 6 p m local time Phone 86 20 8755 5561 gt India Monday Friday 9 a m 6 p m local time Phone 91 124 410 7881 gt Japan Monday Friday 9 30 a m 5 30 p m local time Phone 81 3 3523 5991 Email support japan raritan com gt Europe Europe Monday Friday 8 30 a m 5 p m GMT 1 CET Phone 31 10 2844040 Email tech europe raritan com United Kingdom Monday Friday 8 30 a m to 5 p m GMT Phone 44 0 20 7090 1390 France Monday Friday 8 30 a m 5 p m GMT 1 CET Phone 33 1 47 56 20
316. s client users to share ports with other authenticated and authorized users regardless of whether they are access client users RSC or SSH Telnet users Port sharing is used for training or for troubleshooting applications e Users are notified in real time if they have Write access or Read Only access at any point during the port sharing session e Users who have Write permissions can request Write access to a port Administering the KSX Il Console Server Configuration Commands Note CLI commands are the same for SSH Telnet and Local Port access sessions The Network command can be accessed in the Configuration menu for the KSX Il Configuring Network zie Raritan The network menu commands are used to configure the KSX II network adapter Commands Description interface Configure the KSX II device network interface name Network name configuration ipv6 Set get IPv6 network parameters 237 Chapter 12 Command Line Interface CLI Interface Command The Interface command is used to configure the KSX Il network interface The syntax of the interface command is interface ipauto lt none dhcp gt ip lt ipaddress gt mask lt subnetmask gt gw lt ipaddress gt mode lt mode gt Set Get ethernet parameters ipauto lt none dhcp gt IP auto configuration none dhcp ip lt ipaddress gt IP Address mask lt subnetmask gt Subnet Mask gw lt ipaddress gt Gateway IP Address mode lt mode gt
317. s industry standard and extremely secure 128 bit RC4 128 bit AES or 256bit AES encryption both in its SSL communications as well as its own data stream Literally no data is transmitted between remote clients and KSX II that is not completely secured by encryption Does the KSX Il support AES encryption as recommended by the US Government s NIST and FIPs standards The KSX II utilizes the Advanced Encryption Standard AES encryption for added security AES is a US government approved cryptographic algorithm that is recommended by the National Institute of Standards and Technology NIST in the FIPS Standard 197 Does the KSX II allow encryption of video data Or does it only encrypt keyboard and mouse data Unlike competing solutions which only encrypt keyboard and mouse data the KSX II does not compromise security it allows encryption of keyboard mouse and video data How does the KSX Il integrate with external authentication servers such as Active Directory RADIUS or LDAP S Through a very simple configuration the KSX II can be set to forward all authentication requests to an external server such as LDAP S Active Directory or RADIUS For each authenticated user the KSX II receives from the authentication server the user group to which that user belongs The KSX II then determines the user s access permissions depending on the user group to which he or she belongs How are usernames and passwords stored Should the
318. s page as either Up or Down is updated to show whether the CIM is powered up and connected to the KSX II port The port availability as displayed on the KSX II Port Access page as Idle Busy or Connected is only updated to reflect activity on a target that has been initiated from that same KSX II 277 278 Appendix A Specifications If a connection to the target is in place from the other KSX Il the availability is checked when a connection is attempted Access is denied or allowed consistent with the PC Share policy in place for the KSX II Until that time the availability is not be updated on the other KSX II If access is denied because the target is busy a notification is displayed Working from CC SG Operations initiated from CC SG are based on the Status Availability and CIM name reported by the managed KSX II When the target is connected to two managed KSX Ils and the devices are added to CC SG two nodes will be created Each node will have its own oob kvm interface associated with it Alternatively a single node can be configured with an oob kvm interface from each KSX II If the KSX Ils are configured for Private mode when a second connection is attempted the user is notified that they cannot connect and access is denied When a port name change is initiated via the CC SG Port Profile pane the changed name is pushed to the managed KSX II The corresponding port name of the other KSX II will not be updated i
319. s to your KSX Il By setting a global Access Control List ACL you are ensuring that your device does not respond to packets being sent from disallowed IP addresses The IP access control is global affecting the KSX II as a whole but you can also control access to your device at the group level See Group Based IP ACL Access Control List for more information about group level control Important IP address 127 0 0 1 is used by the KSX II local port When creating an IP Access Control list 127 0 0 1 should not be within the range of IP addresses that are blocked or you will not have access to the KSX II local port gt To use IP access control 1 Open the IP Access Control page by selecting Security IP Access Control The IP Access Control page opens 2 Select the Enable IP Access Control checkbox to enable IP access control and the remaining fields on the page 3 Choose the Default Policy This is the action taken for IP addresses that are not within the ranges you specify Accept IP addresses are allowed access to the KSX II device Drop IP addresses are denied access to the KSX II device Note Both IPv4 and IPv6 addresses are supported 199 Chapter 9 Security Management gt To add append rules 1 Type the IP address and subnet mask in the IPv4 Mask or IPv6 Prefix Length field Note The IP adaress should be entered using CIDR Classless Inter Domain Routing notation in which the first 24 bits
320. se profiles become available they will be included in firmware upgrades Raritan a Appendix D FAQs IPv6 Networking 326 What is IPv6 IPv6 is the acronym for Internet Protocol Version 6 IPv6 is the next generation IP protocol which will replace the current IP Version 4 IPv4 protocol IPv6 addresses a number of problems in IPv4 such as the limited number of IPv4 addresses It also improves IPv4 in areas such as routing and network auto configuration IPv6 is expected to gradually replace IPv4 with the two coexisting for a number of years IPv6 helps one of the largest headaches of an IP network from the administrator s point of view configuring and maintaining an IP network Why does the KSX II support IPv6 networking US government agencies and the Department of Defense are now mandated to purchase IPv6 compatible products In addition many enterprises and foreign countries such as China will be transitioning to IPv6 over the next several years What is dual stack and why is it required Dual stack is the ability to simultaneously support both IPv4 and IPv6 protocols Given the gradual transition from IPv4 to IPv6 dual stack is a fundamental requirement for IPv6 support How do enable IPv6 on the KSX II Use the Network Settings page available from the Device Settings menu in KSX Il Enable IPv6 addressing and choose manual or auto configuration You must also enable it in MPC What if have a
321. seconds Recommend that Timed and Displayed be selected during iKVM GUI Flag Setup This will allow you to visually confirm the connection to the desired blade slot Disable the iKVM GUI screensaver An Authorize dialog will appear if this is not done and will prevent the iKVM from operating correctly Exit the iKVM GUI menu before attaching Dell s chassis to a Raritan CIM iKVM may not work correctly if this is not done Configure the iKVM GUI Main menu to select target blades by Slot not by Name iKVM may not work correctly if this is not done 179 180 Chapter 8 Device Management Blade chassis IBM Dell Auto Discovery IBM KX2 Virtual Media Required recommended action Do not designate any slots for scan operations in the iKVM GUI Setup Scan menu or the iKVM may not work properly To avoid having the iKVM GUI display upon connecting to the blade chassis set the Screen Delay Time to 8 seconds Recommend that Timed and Displayed be selected during iKVM GUI Flag Setup This will allow you to visually confirm the connection to the desired blade slot It is recommended that Auto Discovery be enabled when applying blade level access permissions Otherwise set access permissions on a blade chassis wide basis Secure Shell SSH must be enabled on the blade chassis management module The SSH port configured on the blade chassis management module and the port number entered on the Port Configuration pag
322. ser accounts and passwords to be maintained exclusively on the AD server Authorization and AD user privileges are controlled and administered through the standard KSX II policies and user group privileges that are applied locally to AD user groups IMPORTANT If you are an existing Raritan Inc customer and have already configured the Active Directory server by changing the AD schema the KSX II still supports this configuration and you do not need to perform the following operations See Updating the LDAP Schema for information about updating the AD LDAP LDAPS schema gt To enable your AD server on the KSX II 1 Using the KSX II create special groups and assign proper permissions and privileges to these groups For example create groups such as KVM Admin and KVM Operator 2 On your Active Directory server create new groups with the same group names as in the previous step 3 On your AD server assign the KSX II users to the groups created in step 2 127 128 Chapter 7 User Management 4 From the KSX II enable and configure your AD server properly See Implementing LDAP LDAPS Remote Authentication Important Notes Group Name is case sensitive The KSX II provides the following default groups that cannot be changed or deleted Admin and lt Unknown gt Verify that your Active Directory server does not use the same group names If the group information returned from the Active Directory server does not mat
323. ser group information from Microsoft s Active Directory for Windows 2000 operating system server requires updating the LDAP LDAPS schema See your Microsoft documentation for details 1 Install the schema plug in for Active Directory See Microsoft Active Directory documentation for instructions 2 Run Active Directory Console and select Active Directory Schema 295 Appendix B Updating the LDAP LDAPS Schema Setting the Registry to Permit Write Operations to the Schema To allow a domain controller to write to the schema you must set a registry entry that permits schema updates gt To permit write operations to the schema 1 Right click the Active Directory Schema root node in the left pane of the window and then click Operations Master The Change Schema Master dialog appears Change Schema Master 321 xj The schema master manages modifications to the schema Only one server in the enterprise performs this role Current schema master online rci actai2nzmzt mppc mydomain com To transfer the schema master role to the targeted domain controller below click Change rci acidi2nzmzt mypc mydomain com 2 Select the Schema can be modified on this Domain Controller checkbox Optional 3 Click OK Creating a New Attribute gt To create new attributes for the rciusergroup class 1 Click the symbol before Active Directory Schema in the left pane of the window 2 Right click Attributes in
324. ser value might be cn Administrator cn Users dc testradius dc com Optional In the Dialback Query String field type the dialback query string Optional If you are using Microsoft Active Directory you must enter the following string msRADIUSCallbackNumber If you are not using Microsoft Active Directory use the attribute string defined for that LDAP server Note This string is case sensitive If you entered a Distinguished Name for the Administrative User you must enter the password that will be used to authenticate the Administrative User s DN against the remote authentication server Enter the password in the Secret Phrase field and again in the Confirm Secret Phrase field up to 128 characters Server Configuration Primary LDAP Server Secondary LDAP Server optional Type of External LDAP Server Generic LDAP Server Active Directory Domain User Search DN DN of Administrative User optional Secret Phrase of Administrative User Confirm Secret Phrase Dialback Query String Mid a mur di LDAP Secure LDAP 125 126 Chapter 7 User Management Select the Enable Secure LDAP checkbox if you would like to use SSL This will enable the Enable LDAPS Server Certificate Validation checkbox Secure Sockets Layer SSL is a cryptographic protocol that allows KSX II to communicate securely with the LDAP LDAPS server The default Port is 389 Either use the standard LDAP TCP p
325. ss the interface d Password Enter the password used to access the interface Note Leave the username and password fields blank for DRAC ILO and RSA web applications or the connection will fail e The Username Field and Password Field which are both optional contain the labels that are expected to be associated with the username and password entries It is in these fields you should enter the field names for the username and password fields used on the login screen for the web application You can view the HTML source of the login screen to find the field names not the field labels See Tips for Adding a Web Browser Interface on page 172 for tips on adding a web browser interface USB profiles do not apply to Dell chassis In the Target Settings section select 720x400 Compensation if you are experiencing display issues when the target is using this resolution Select Use international keyboard for scan code set 3 if connecting to the target with a DCIM PS2 and require the use of scan code set 3 with an international keyboard Click OK to save the configuration To configure a Dell PowerEdge 1855 1955 If you selected Dell 1855 1955 auto discovery is not available Configure the blade chassis as applicable a Switch Hot Key Sequence Select the hot key sequence that will be used to switch from KVM to the blade server Raritan Chapter 8 Device Management b Maximum Number of Slots The default maxim
326. ssesssssssesesseseses eene 259 Windows 2000 Dial Up Networking Configuration senes 259 Windows Vista Dial Up Networking Configuration sss 263 Windows XP Dial Up Networking Configuration ssssseeeseeeeeeenne nns 264 Appendix A Specifications 270 Physical SpeGcifICatiOris accru euo res ndr nent ndr eh nea ei eh Ee dainean anean aeina aiian 270 Supported Operating Systems Clients ssssssssssseseeeneeee enne 271 Supported Operating Systems and CIMs KVM Target Servers sssessssssss 272 Supported BrOWSEMS ite tette ru Roe Eae a REEE teed eee e eph x RHrR E eu ERN ax NR Cobra a YR AUR Edu ep age 275 Computer Interface Modules CIMSs esssssesssssesseeseseeeene entente entrant enne 275 Supported Paragon CIMS and Configurations sssssessseeeneeeneenes 276 KSX Il to KSX Il Guidelines 2r treno mtn e rnt tena nene etae 277 KSX Il to Paragon Il Guidelilnes ii repere teta pone tuere 278 Supported Video Resolutions iri nee aure eene Ree eene k epu rex tota dhs RR dur ape Re 280 KSX II Local Console Support Languages ssssesssssesssssesesee enne enne nnne 281 TOP and UDP Ports Used er te et etr n bn e eura teta RE ue XR cannes 281 Smart Card Readers uerit orca tcs meses p IeR vu Ue cea MEX EEA a a a FR AUR exuere ze 283 Supported and Unsupported Smart Card Readers
327. such as Internet Explorer or Firefox Type the following URL http IP ADDRESS where IP ADDRESS is the IP address assigned to your KSX II You can also use https the DNS name of the KSX II assigned by the administrator provided that a DNS server has been configured or just simply type the IP address in the browser KSX II always redirects the IP address from HTTP to HTTPS The Login page opens Type your user name and password If this is the first time logging in log in with the factory default user name admin and password raritan all lower case You will be prompted to change the default password Click Login Note If your administrator requires you read and or accept a security agreement in order to access the device a security banner will be displayed after you have entered your login credentials and clicked Login See Virtual KVM Client VKC on page 51 for information on the KSX II functions available via the Remote Console Raritan 39 40 Chapter 3 Working with Target Servers Interface and Navigation KSX Il Console Layout Both the KSX II Remote Console and the KSX II Local Console interfaces provide an HTML web based interface for configuration and administration as well as target server list and selection The options are organized into various tabs After successful login the Port Access page opens listing all ports along with their status and availability Three tabs are provided on
328. such as LDAP LDAPS Active Directory RADIUS and so forth is used the KSX II allows this as well and will even failover to its own internal authentication should the external authentication server become unavailable In this way the KSX II s design philosophy is optimized to provide ease of installation complete independence from any external server and maximum flexibility Can the KSX Il use DHCP DHCP addressing can be used however Raritan recommends fixed addressing since the KSX Il is an infrastructure device and can be accessed and administered more effectively with a fixed IP address I m having problems connecting to the KSX Il over my IP network What could be the problem The KSX II relies on your LAN WAN network Some possible problems include e Ethernet autonegotiation On some networks 10 100 autonegotiation does not work properly and the KSX Il unit must be set to 100MB full duplex or the appropriate choice for its network e Duplicate IP address If the IP address of the KSX Il is the same as another device network connectivity may be inconsistent e Port 5000 conflicts If another device is using port 5000 the KSX II default port must be changed or the other device must be changed When changing the IP address of the KSX Il or swapping in a new KSX Il sufficient time must be allowed for its IP and MAC addresses to be known throughout the Layer 2 and Layer 3 networks Raritan Servers Ra
329. t Connect to a server with a simple click of the mouse How do l ensure that only authorized users can access servers from the local port Users attempting to use the local port must pass the same level of authentication as those accessing remotely This means that e fthe is configured to interact with an external RADIUS LDAP LDAPS or Active Directory server users attempting to access the local port will authenticate against the same server e fthe external authentication servers are unavailable the fails over to its own internal authentication database The KSX II has its own standalone authentication enabling instant out of the box installation If use the local port to change the name of a connected server does this change propagate to remote access clients as well Does it propagate to the optional CommandCenter device Raritan Raritan Appendix D FAQs Yes The local port presentation is identical and completely in sync with remote access clients as well as Raritan s optional CommandCenter Secure Gateway management device To be clear if the name of a server viathe onscreen display is changed this updates all remote clients and external management servers in real time If use the KSX II s remote administration tools to change the name of a connected server does that change propagate to the local port as well Yes The local port presentation is identical and completely in sync with remote ac
330. t machine Two operations can be performed on this page Operation Description Diagnostics Scripts Execute a special script provided by Raritan Technical Support during a critical error debugging session The script is uploaded to the device and executed Once this script has been executed you can download the diagnostics messages through the Save to File button Device Diagnostic Log Download the snapshot of diagnostics messages from the KSX II to the client This encrypted file is then sent to Raritan Technical Support only Raritan can interpret this file Note This page is accessible only by users with administrative privileges gt Torun the KSX Il system diagnostics 1 Choose Diagnostics Device Diagnostics The Device Diagnostics page opens 2 To execute a diagnostics script file emailed to you from Raritan Technical Support a Retrieve the diagnostics file supplied by Raritan and unzip as necessary b Use the Browse button A Choose File dialog appears c Navigate to and select this diagnostics file d Click Open The file is displayed in the Script File field Diagnostics Scripts Script File C Documents and Setting Browse e Click Run Script 3is Raritan Chapter 11 Diagnostics f Send this file to Raritan Technical Support using step 4 3 Tocreate a diagnostics file to send to Raritan Technical Support a Click the Save to File button The File Download dialog appears
331. t n caa y kate read XYRe oa Y ERR aa Y GER 245 Port Access Page Local Console Server Display 246 futs BITE s AA 247 Hot Keys and Connect Keys creta terere ede Ri ta Dag 248 Supported Keyboard Languages sssssssseeeeeeennee 249 Special Sun Key Combinations sssssssseeeeeneee 250 Accessing a larget SerVOr usce reet entree ede tace RE ttu Ba den 251 Returning to the KSX II Local Console Interface 251 Local Port AdministratiOni ose on err rrr eno xr nnn 252 Resetting the KSX II Using the Reset Button sese 256 Overview The KSX II provides at the rack access and administration via its local port which features a browser based graphical user interface for quick convenient switching between servers The KSX II Local Console provides a direct analog connection to your connected servers the performance is as if you were directly connected to the server s keyboard mouse and video ports The KSX II Local Console provides the same administrative functionality as the KSX II Remote Console Using the KSX Il Local Console Z Raritan Simultaneous Users The KSX II Local Console provides an independent access path to the connected KVM target servers For serial connections the access path is shared Using the Local Console does not prevent other users from simultaneously connecting over the ne
332. table results when active desktop is set on the target For additional information on Intelligent mouse mode settings see Intelligent Mouse Mode on page 71 Servers with internal KVM switches inside the blade chassis typically do not support absolute mouse technology 13 14 Chapter 2 Installation and Configuration Operating System Mouse and Video Settings This section provides video mode and mouse information specific to the operating system in use on the target server Windows XP Windows 2003 and Windows 2008 Settings gt To configure KVM target servers running Windows XP Windows 2003 and Windows 2008 1 Configure the mouse settings a Choose Start gt Control Panel gt Mouse b Click the Pointer Options tab c Inthe Motion group Set the mouse motion speed setting to exactly the middle speed Disable the Enhance pointer precision option Disable the Snap To option Click OK 2 Disable transition effects a Select the Display option from the Control Panel b Click the Appearance tab Click the Effects button Deselect the Use the following transition effect for menus and tooltips option 3 Click OK and close the Control Panel Note For KVM target servers running Windows XP Windows 2000 or Windows 2008 you may wish to create a user name that will be used only for remote connections through the KSX II This will enable you to keep the target server s slow mouse pointer motio
333. te KVM keyboard video mouse server access and serial device management as well as power control from anywhere in the world from a web browser At the rack the KSX II provides control of all KVM server and serial targets from a single keyboard monitor and mouse Total access and control of all serial targets is also available from a single local serial port The integrated remote access capabilities of the KSX II provide full access and control of your servers from a web browser KSX II is easily installed using standard UTP Cat 5 5e 6 cabling Its advanced features include virtual media up to 256 bit encryption remote power control dual Ethernet LDAP RADIUS Active Directory Syslog integration and web management These features enable you to deliver higher uptime better productivity and bulletproof security any time from anywhere KSX II products can operate as standalone devices and do not rely on a central management device For larger data centers and enterprises multiple KSX II devices can be integrated into a single logical solution with other Raritan devices using Raritan s CommandCenter Secure Gateway CC SG management unit Raritan Chapter 1 Introduction Diagram key Cat5 cable 7 Remote virtual media USB drive s Computer Interface Rack PDU power strip Module CIM KSX II Local access Remote KVM and serial o IP LAN WAN devices Modem access e PSTN Remote network access SH
334. the Display Resolution and Refresh Rate 4 Select the video card in use Click List A list of display modes is presented Select a resolution and refresh rate supported by the KSX Il See Supported Video Resolutions on page 280 for more information Note If you change the video resolution you must log out of the target server and log back in for the video settings to take effect Apple Macintosh Settings For KVM target servers running an Apple Macintosh operating system the preferred method is to use the D2CIM VUSB and Absolute Mouse Synchronization Note USB Profile Mac OS X version 10 4 9 and later must be selected from the USB Profile menu or the Port Configuration page Step 2 Configure Network Firewall Settings To access KSX II through a network firewall via Multi Platform Client or through the Port Access page your firewall must allow communication on TCP Port 5000 or another port that you designate Raritan Chapter 2 Installation and Configuration To take advantage of the KSX Il The firewall must allow inbound communication on Web access capabilities Port 443 standard TCP port for HTTPS communication Automatic redirection of HTTP Port 80 standard TCP port for requests to HTTPS HTTP communication so the more common http XXX XXx XXX xxx can be used instead of https Xxx XXX XXX XXX See Network Settings on page 136 for additional information about designating another
335. the KSX II differ from remote control software When using the KSX II remotely the interface at first glance may seem similar to remote control software such as pcAnywhere Windows Terminal Services Remote Desktop VNC and so forth However because the KSX II is not a software but a hardware solution it s much more powerful Specifically 316 Appendix D FAQs e OS and hardware independent The KSX II can be used to manage servers running many popular operating systems including Intel Sun PowerPC running Windows Linux Solaris etc e State Independent Agentless The KSX II does not require the managed server s operating system to be up and running nor does it require any special software to be installed on the managed server e Out of Band Even if the managed server s own network connection is unavailable it can still be managed through the KSX II e BlOS Level Access Even if the server is hung at boot up requires booting to safe mode or requires system BIOS parameters to be altered the KSX II still works flawlessly to enable these configurations to be made e OS and hardware independent KSX Il can be used to manage servers running many popular operating systems including Intel Sun PowerPC running Windows Linux Solaris and so forth How do the new features of the KSX II compare to the KSX I The KSX II has many new and exciting features including virtual media dual gigabit Ethernet next ge
336. the KSX Il Use any SSH client that supports SSHv2 to connect to the KSX II You must enable SSH access from the Devices Services page Note For security reasons SSH V1 connections are not supported by the KSX II SSH Access from a Windows PC gt To open an SSH session from a Windows PC 1 Launch the SSH client software 2 Enter the IP address of the KSX II server For example 192 168 0 192 Choose SSH which uses the default configuration port 22 Click Open The 1ogin as prompt appears SSH Access from a UNIX Linux Workstation gt To open an SSH session from a UNIX Linux workstation and log in as the user admin enter the following command ssh 1l admin 192 168 30 222 The Password prompt appears Raritan Telnet Connection Chapter 12 Command Line Interface CLI to the KSX Il Due to the lack of security user name password and all traffic is in clear text on the wire Telnet access is disabled by default Enabling Telnet If you wish to use Telnet to access the KSX Il first access the KSX II from the CLI or a browser gt To enable Telnet 1 Select Device Settings gt Device Services and then select the Enable TELNET Access checkbox 2 Enter the Telnet port 3 Click OK Once Telnet access is enabled you can use it to access the KSX Il and set up the remaining parameters Accessing Telnet from a Windows PC To open a Telnet session from a Windows PC Choose
337. the left pane d Z Raritan 3 Click New and then choose Attribute When the warning message appears click Continue and the Create New Attribute dialog Create New Attribute 2 xl o uocis 9 Appendix B Updating the LDAP LDAPS Schema appears e Create a New Attribute Object Identification Common Name ficiuserroup LDAP Display Name cuemow Unique X500 Object ID 1361411274250 0 5 Description Rartan s LDAP attribute r Syntax and Range Syntax Case Insensitive String Minimum 1 Maximum 7 MultiValued Cancel Type rciusergroup in the Common Name field Type rciusergroup in the LDAP Display Name field Type 1 3 6 1 4 1 13742 50 in the Unique x5000 Object ID field Type a meaningful description in the Description field Click the Syntax drop down arrow and choose Case Insensitive String from the list Type 1 in the Minimum field 10 Type 24 in the Maximum field 11 Click OK to create the new attribute Adding Attributes to the Class 1 ZE Raritan To add attributes to the class Click Classes in the left pane of the window 297 Appendix B Updating the LDAP LDAPS Schema 298 Properties 2 Scroll to the user class in the right pane and right click it Ta Consolel Console Root Active Directory Schema rc gch4jznzmzEmypenm ydomgl COR Im s t File Action View Faverites Window Help e An re 3 B3
338. the page allowing you to view by port view by group or view by search You can sort by Port Number Port Name Status Up and Down and Availability Idle Connected Busy Unavailable and Connecting by clicking on the column heading See Port Access Page for more information Raritan Z Raritan Left Panel Chapter 3 Working with Target Servers The left panel of the KSX II interface contains the following information Note that some information is conditional and will only be displayed if you are a certain of user are using certain features and so on This conditional information is noted here Information Time amp Session User State Your IP Last Login Under CC SG Management Device Information Device Name IP Address Firmware Device Model Network Port States Description The date and time the current session started Username The current state of the application either idle or active If idle the application tracks and displays the time the session has been idle The IP address used to access the KSX II The last login date and time The IP address of the CC SG device managing the KSX Il Information specific to the KSX II you are using Name assigned to the device The IP address of the KSX Il If IPv6 is enabled the IPv6 address will also be listed Current version of firmware Model of the KSX II The name assigned to the current network T
339. tificates The KSX II uses the Secure Socket Layer SSL protocol for any encrypted network traffic between itself and a connected client When establishing a connection the KSX II has to identify itself to a client using a cryptographic certificate It is possible to generate a Certificate Signing Request CSR and install a certificate signed by the Certificate Authority CA on the KSX Il The CA verifies the identity of the originator of the CSR The CA then returns a certificate containing its signature to the originator The certificate bearing the signature of the well known CA is used to vouch for the identity of the presenter of the certificate gt To create and install a SSL certificate 1 Select Security gt SSL Certificate 2 Complete the following fields a Common name The network name of the KSX II once it is installed in the user s network usually the fully qualified domain name It is identical to the name that is used to access the KSX II with a web browser but without the prefix http In case the name given here and the actual network name differ the browser will pop up a security warning when the KSX II is accessed using HTTPS zie Raritan d Chapter 9 Security Management b Organizational unit This field is used for specifying to which department within an organization the KSX II belongs c Organization The name of the organization to which the KSX II belongs d Locality City The c
340. tion has been restored Device update has failed The KSX Il has completed update via an RFP file The KSX II has begun update via an RFP file An Ethernet failover was detected and restored on a new Ethernet interface The device has been reset to factory defaults Firmware file was discarded Firmware update failed Firmware validation failed A group has been added to the KSX II system A group has been deleted from the system A group has been modified An IP Address conflict was detected An IP Address conflict was resolved An Ethernet interface of the product can no longer communicate over the 153 Chapter 8 Device Management 154 Trap name networkParameterChanged passwordSettingsChanged portConnect portConnectionDenied portDisconnect portStatusChange powerNotification powerOutletNotification rebootCompleted rebootStarted securityViolation startCCManagement securityBannerChanged securityBannerAction setDateTime setPIPSMode bladeChassisCommkError stopCCManagement sxPortAlert userAdded Description network A change has been made to the network parameters Strong password settings have changed A previously authenticated user has begun a KVM session A connection to the target port was denied A user engaging in a KVM session closes the session properly The port has become unavailable The power outlet status notification 1 Active O Inac
341. tional information KVM ports See Step 3 Connect the Equipment for additional information Power Ctrl 1 and Power Ctrl 2 See Power Control on page 158 for additional information Serial ports See Step 3 Connect the Equipment for additional information Raritan Terminology Chapter 1 Introduction This manual uses the following terminology for the components of a typical KSX II configuration ZE Raritan 10 Chapter 1 Introduction Diagram key e 9 700 TCP IP IPv4 and or IPv6 KVM Keyboard Video Mouse UTP Cable Cat5 5e 6 KSX II Local Access Console Local User an optional user console consisting of a keyboard mouse and multi sync VGA monitor attached directly to the KSX II to control KVM target servers and serial targets locally directly at the rack not through the network A USB smart card reader can also be attached at the Local port to mount onto a target server Local Administrator use the Local Administrator port to connect the KSX II directly to a workstation to manage your serial targets and configure the system with a terminal emulation program such as HyperTerminal The Local Administrator port requires the use of a standard null modem cable Remote PC Networked computers used to access and control KVM target servers and serial targets connected to the KSX II Refer to Supported Operating Systems Clients for a list of the Operating Systems supported
342. tive Power strip device outlet status notification The KSX II has completed its reboot The KSX II has begun to reboot either through cycling power to the system or by a warm reboot from the OS Security violation The device has been put under CommandCenter Management The security banner has changed User Acceptance Rejection of Security Banner The device time and date have been set FIPS Mode status has been changed on the device A communications error with the blade chassis device connected to this port was detected The device has been removed from CommandCenter Management Logs keywords and sends out an event A user has been added to the system Raritan Configuring Ports Raritan Trap name userAuthenticationFailure userConnectionLost userDeleted userLogin userLogout userModified userPasswordChanged userSessionTimeout vmlmageConnected vmlmageDisconnected Chapter 8 Device Management Description A user attempted to log in without a correct username and or password A user with an active session has experienced an abnormal session termination A user account has been deleted A user has successfully logged into the KSX II and has been authenticated A user has successfully logged out of the KSX II properly A user account has been modified This event is triggered if the password of any user of the device is modified A user with an ac
343. tive session has experienced a session termination due to timeout User attempted to mount either a device or image on the target using Virtual Media For every attempt on device image mapping mounting this event is generated User attempted to unmount a device or image on the target using Virtual Media The Port Configuration page displays a list of the KSX II ports Ports connected to KVM target servers blades and standard servers and rack PDUs power strips are displayed in blue and can be edited For ports with no CIM connected or with a blank CIM name a default port name of Dominion KSX2 Porti is assigned where Port is the number of the KSX II physical port gt To access a port configuration 1 Choose Device Settings Port Configuration The Port Configuration Page opens This page is initially displayed in port number order but can be sorted on any of the fields by clicking on the column heading Port Number Numbered from 1 to the total number of ports available for the KSX II device 155 156 Chapter 8 Device Management Port Name The name assigned to the port A port name displayed in black indicates that you cannot change the name and that the port cannot be edited port names displayed in blue can be edited Note Do not use apostrophes for the Port CIM Name Port Type Port type Description DCIM Dominion CIM Not Available No CIM connected PCIM Paragon CIM PowerStrip Power str
344. to and using a server with very occasional spikes up to 2MBit second This is a very conservative estimate because bandwidth utilization will typically be even lower Bandwidth required by each video transmission depends on what task is being performed on the managed server The more the screen changes the more bandwidth is utilized The table below summarizes some use cases and the required bandwidth utilization at the KSX II s default settings on a 10Mbit s network Use case Required bandwidth Idle Windows Desktop 0 Mbps Move Cursor Around Desktop 0 18Mbps Move Static 400x600 Window Dialog 0 35Mbps 329 330 Appendix D FAQs Use case Idle Windows Desktop Navigate Start Menu Scroll an Entire Page of Text Run 3D Maze Screensaver Required bandwidth 0 Mbps 0 49Mbps 1 23Mbps 1 55Mbps Raritan Appendix D FAQs What is the slowest connection lowest bandwidth over which the KSX II can operate Shared 33Kbps or above is recommended for acceptable KSX II performance over a modem connection What is the speed of the KSX II s Ethernet interfaces The KSX II supports two 10 100 1000 speed Ethernet interfaces with configurable speed and duplex settings either auto detected or manually set Can I access the KSX Il over a wireless connection Yes The KSX II not only uses standard Ethernet but also very conservative bandwidth with very high quality video Thus if a wireless client has network con
345. tory buffer for this port Not available to users who only have Read Only permissions Get write access for the port Not available to users who only have Read Only permissions Display an overview of the commands Display the current session s command line history Quersy the Power Status port Not available to users who do not have power permission Toggle power on and off for the port Not available to users who do not have power permission Operational for power associated serial targets only Close this target connection Return to the target session Send a break to the connected target Not available to users who only have Read Only permissions Lock write access to this port Not available to users who only have Read Only permissions Unlock write access to this port Not available to users who only have Read Only permissions 239 Chapter 12 Command Line Interface CLI IPv6 Command Use the IPv6 command to set IPv6 network parameters and retrieve existing IPv6 parameters m Raritan Chapter 13 KSX Il Local Console In This Chapter UU r 241 Using the KSX lI Local Gorisole reirinta anaiai 241 KSX II Local Console Interface sse 242 Security and Authentication 242 Local Console Smart Card Access sssssssseeeee 243 Local Console USB Profile Options ssssseseeess 244 Available Resolutions 5 rr
346. trl Press Esc Release Esc 8 Review the Macro Sequence field to be sure the macro sequence is defined correctly a Toremove a step in the sequence select it and click Remove b Tochange the order of steps in the sequence click the step and then click the up or down arrow buttons to reorder them as needed 9 Click OK to save the macro Click Clear to clear all field and start over When you click OK the Keyboard Macros dialog appears and lists the new keyboard macro 10 Click Close to close the Keyboard Macros dialog The macro now appears on the Keyboard menu in the application Select the new macro on the menu to run it or use the keystrokes you assigned to the macro Keyboard Macros D e Minimize All Windows Run Macro Add Remove Modify Close Select a macro from the above list zie Raritan Si 62 Chapter 3 Working with Target Servers Running a Keyboard Macro Once you have created a keyboard macro execute it using the keyboard macro you assigned to it or by choosing it from the Keyboard menu Run a Macro from the Menu Bar When you create a macro it appears under the Keyboard menu Execute the keyboard macro by clicking on it in the Keyboard menu Run a Macro Using a Keyboard Combination If you assigned a keyboard combination to a macro when building it you can execute the macro by pressing its assigned keystrokes For example press the keys Ctrl Alt 0 simultaneously to minimize all wind
347. trolled power strips like Raritan s line of remote power control devices have a server serially managed device that is more than 300 feet from the KSX II how do I connect Raritan 5 Raritan Appendix D FAQs You will need to purchase a 3rd party RS232 to RS422 485 converter for each end two units total one at the Dominion end and one connected to the device Can I open multiple windows and tile to monitor multiple servers and other IT equipment Yes you may monitor and tile as many windows as there are serial ports on the Dominion KSX II manage many servers How do select a server to connect to From a browser a simple menu provides the user assigned name of each server Users simply click a server to open a pop up menu and select Connect from the menu in order to connect to its console port When using SSH telnet the user gets a list of ports they are authorized to connect with when they log on As a user do see all servers connected to a Dominion KSX II No Each user sees only a list of servers they are authorized to manage view The administrator of the Dominion KSX II sets up the access privileges to each server Does Dominion KSX II work with Raritan s CommandCenter Yes Dominion KSX II is deployable as part of an enterprise wide management solution with Raritan s CommandCenter Hundreds of Dominion KSX II units can be managed via CommandCenter Is the modem used only for administ
348. ts IP address to change frequently This option allows you to set the network parameters e DHCP With this option the IP address is automatically assigned by a DHCP server gt To change the network configuration 1 Choose Device Settings Network The Network Settings page opens Update the Network Basic Settings See Network Basic Settings Update the LAN Interface Settings See LAN Interface Settings Click OK to set these configurations If your changes require rebooting the device a reboot message appears gt To reset to factory defaults e Click Reset to Defaults Note Both IPv4 and IPv6 addresses are supported zie Raritan is Raritan Chapter 8 Device Management Network Basic Settings These procedures describe how to assign an IP address on the Network Settings page For complete information about all of the fields and the operation of this page see Network Seitings gt To assign an IP address 1 Choose Device Settings gt Network The Network Settings page opens 2 Specify a meaningful Device Name for your KSX II device Up to 32 alphanumeric characters using valid special characters and no spaces 3 Inthe IPv4 section enter or select the appropriate IPv4 specific network settings a Enter the IP Address if needed The default IP address is 192 168 0 192 Enter the Subnet Mask The default subnet mask is 255 255 255 0 Enter the Default Gateway if None is selected f
349. tting Parameters oer Roe t E pei dp iae Res x RUE ase aea Naa Kea EAN aa E 234 Setting Network Parameters 2 eia eiii ide etd Dota PER deba Mac e HR Ronnie De Fe DR Fou RA Rogue 234 CLI ion E 235 GIBESHIMEDOEEREER PO 235 SIC P eile Ghandi deeded a a aaa aiai 236 Raritan Contents Target Connections and the CL 2 22 3 yit Iu Suerte uoti te HaT Fea Ld EU re Rae Age aianei REEL a Ea adu 236 Setting Emulation ona E argelt iei i nior ted eth ie Electi etnies Fes De Fe Ds Tata ad aai 236 Port Sharing Sine Ce erm 237 Administering the KSX II Console Server Configuration Commands sess 237 Contouring NGTWONM MET T 237 Interface COMMA toco teret aaa ada ariane ete din xa deg 238 Name COMIN AN s nssr TTCTR 238 Irenheseriun omc n 239 PVG COMMMAN Gs aeaiee iai e dania inadi 240 Chapter 13 KSX II Local Console 241 OIA E EE ETE T a E E e EE ee ede 241 Using the KSX IlEocal Console diei dede et eed atre Her aiaia aani aa a a iaa aa 241 Simultaneous Users x tics eee aie MI eie Pisa oa ed Sein ERR SEM a eee 241 KSXlll Local Console Interface 2 1Ii aae Eb oq eed ete Herd Daead ctr ale RO RHEDE Ie Pe teas En ext 242 Security and AuthenticatiOH i2 ted iic adden Pisa Heed Qe ie dE Fond das I RR ERR nent 242 Local Console Smart Card ACCESS 2 51 Eb edu die rapa ki nln EUR MEER Ie Pr tain Eon exu 243 Local Console USB Profile Opt
350. tup The Style Manager Startup dialog appears 2 Onthe Logout Confirmation dialog select the On option This option prompts you to save your current session when you log out Sun Solaris Settings gt To configure KVM target servers running Sun Solaris 1 Setthe mouse acceleration value to exactly 1 and the threshold to exactly 1 This can be performed from The graphical user interface Mouse motion Acceleration Siow Fast Threshold sma C 1 arge The command line xset mouse at where ais the acceleration and tis the threshold 2 All KVM target servers must be configured to one of the display resolutions supported by the KSX Il The most popular supported resolutions for Sun machines are Display resolution Vertical refresh rate Aspect ratio 1600 x 1200 60 Hz 43 19 20 Chapter 2 Installation and Configuration 3 Display resolution Vertical refresh rate Aspect ratio 1280 x 1024 60 75 85 Hz 5 4 1152 x 864 75 Hz 4 3 1024 x 768 60 70 75 85 Hz 4 3 800 x 600 56 60 72 75 85 Hz 4 3 720 x 400 85 Hz 9 5 640 x 480 60 72 75 85 Hz 4 3 KVM target servers running the Solaris operating system must output VGA video H and V sync not composite sync To change your Sun video card output from composite sync to the nondefault VGA output Issue the Stop A command to drop to bootprom mode Issue the following command to change the output resolution setenv output
351. twork And even when remote users are connected to KSX II you can still simultaneously access your servers from the rack via the Local Console 241 Chapter 13 KSX II Local Console KSX II Local Console Interface When you are located at the server rack the KSX II provides standard KVM management and administration via the KSX Il Local Console The KSX II Local Console provides a direct KVM analog connection to your connected servers the performance is exactly as if you were directly connected to the server s keyboard mouse and video ports Additionally the KSX II provides terminal emulation when accessing serial targets There are many similarities among the KSX II Local Console and the KSX II Remote Console graphical user interfaces Where there are differences they are noted in the help The KSX II Local Console Factory Reset option is available in the KSX II Local Console but not the KSX II Remote Console Security and Authentication In order to use the KSX II Local Console you must first authenticate with a valid username and password The KSX II provides a fully integrated authentication and security scheme whether your access is via the network or the local port In either case the KSX II allows access only to those servers to which a user has access permissions See User Management for additional information on specifying server access and security settings If your KSX II has been configured for external authentic
352. um number of slots available on the blade chassis is automatically entered c Administrative Module Primary IP Address Host Name Not applicable d Port Number The default port number for the blade chassis is 22 Not applicable e Username Not applicable f Password Not applicable Change the blade chassis name if needed Indicate the blades that are installed in the blade chassis by checking the Installed checkbox next to each slot that has a blade installed Alternatively use the Select All checkbox If needed change the blade server names 4 Inthe Blade Chassis Managed Links section of the page you are able to configure the connection to a blade chassis web browser interface if one is available Click the Blade Chassis Managed Links icon M to expand the section on the page The first URL link is intended for use to connect to the blade chassis Administration Module GUI Note Access to the URL links entered in this section of the page is governed by the blade chassis port permissions a Active To activate the link once it is configured select the Active checkbox Leave the checkbox deselected to keep the link inactive Entering information into the link fields and saving can still be done even if Active is not selected Once Active is selected the URL field is required The username password username field and password field are optional depending on whether single sign on is desired or not
353. un Solaris targets s Raritan Appendix A Specifications Supported Operating system and Virtual Absolute Intelligent Standard Dominion CIMs amp serial devices where media mouse mouse mouse D2CIMs applicable mode mode mode e DCIM PS2 e Windows XP wu Va e DCIM PS2 operating system e DCIM USB e Windows 2000 operating system e DCIM USBG2 Windows 2000 Server e Windows 2003 Server e Windows Vista operating system e D2CIM VUSB e Windows XP d 4 Va operating system e Windows 2000 operating system e Windows 2000 Server e Windows 2003 Server e Windows Vista operating system Supported CIMs Mouse modes Target server Im Dominion DCIMs D2CIMs VM AM IM SM Windows XP operating system Windows 2000 operating system Windows 2000 Server v v v v Windows 2003 Server Windows Vista operating system Red Hat DCIM PS2 D2CIM VUSB Enterprise B excluding Red v v v Workstation 3 0 DCIM US Hat Enterprise 273 zie Raritan Appendix A Specifications Target server 4 0 and 5 0 SUSE Linux Professional 9 2 and 10 Fedora Core 3 and above Mac OS All Solaris OSs supported in Dominion KSX II IBM AIX HP UX Serial Devices 274 Supported CIMs Mouse modes DCIM USB G2 Workstation 3 0 DCIM PS2 DCIM USB D2CIM VUSB V4 4 DCIM USB G2 DCIM PS2 DCIM USB D2CIM VUSB 4 v DCIM USB G2 DCIM USB DCIM USB G2 DCIM SUN DCIM SUSB T d d DCIM USB
354. ustom Restore With this option you can select User and Group Restore Device Settings Restore or both User and Group Restore This option includes only user and group information This option does not restore the certificate and the private key files Use this option to quickly set up users on a different KSX Il Device Settings Restore This option includes only device settings such as power associations USB profiles blade chassis related configuration parameters and Port Group assignments Use this option to quickly copy the device information 1 Click Browse A Choose File dialog appears zie Raritan d Chapter 10 Maintenance 2 Navigate to and select the appropriate backup file and click Open The selected file is listed in the Restore File field 3 Click Restore The configuration based on the type of restore selected is restored USB Profile Management From the USB Profile Management page you can upload custom profiles provided by Raritan tech support These profiles are designed to address the needs of your target server s configuration in the event that the set of standard profiles does not already address them Raritan tech support will provide the custom profile and work with you to verify the solution for your target server s specific needs gt To access the USB Profile Management page e Choose gt Maintenance gt USB Profile Management The USB Profile Management page opens Home gt
355. uthentication to target servers is supported in release KX II 2 1 10 and later and KSX II 2 3 0 and later What KSX Il models support smart cards CAC All KSX Il models are supported The Dominion KX II 101 does not currently support smart cards and CAC Do enterprise and SMB customers use smart cards too Yes However the most aggressive deployment of smart cards is in the U S federal government What CIMs support smart cards CAC The D2CIM DVUSB is required This CIM must be upgraded with the release 2 1 10 and later of the firmware and KSX II 2 3 0 and later What firmware version is required The KX II release 2 1 10 and later or and KSX II 2 3 0 and later are required What smart card readers are supported The required reader standards are USB CCID and PC SC See Supported and Unsupported Smart Card Readers on page 283 Can smart card CAC authentication work on the local port and via Command Center Yes For the local port connect a compatible smart card reader to the USB port of the KSX II Are the Paragon smart card enabled UST and CIM used No the P2 EUST C and P2CIM AUSB C are not part of the KSX II solution i S Raritan Appendix D FAQs Managability Can the KSX Il be remotely managed and configured via web browser Yes the KSX II can be completely configured remotely via web browser Note that this does require that the workstation have an appropriate Java Runtime Environment JRE v
356. ution a b C Choose Main Menu System Settings Display The Display Settings dialog appears On the Settings tab select a Resolution supported by the KSX II Click OK Note Once connected to the target server in many Linux graphical environments the Ctrl Alt lt gt command will change the video resolution scrolling through all available resolutions that remain enabled in the XF86Config or etc X1 1 xorg conf depending on your X server distribution Note If you change the video resolution you must log out of the target server and log back in for the video settings to take effect Z Raritan 17 18 Chapter 2 Installation and Configuration SUSE Linux 10 1 Settings Note Do not attempt to synchronize the mouse at the SUSE Linux login prompt You must be connected to the target server to synchronize the mouse cursors To configure the mouse settings Choose Desktop Control Center The Desktop Preferences dialog appears Click Mouse The Mouse Preferences dialog appears Open the Motion tab Within the Speed group set the Acceleration slider to the exact center position Within the Speed group set the Sensitivity slider to low Within the Drag amp Drop group set the Threshold slider to small Click Close To configure the video Choose Desktop Preferences Graphics Card and Monitor The Card and Monitor Properties dialog appears Verify that a Resolution and Refresh Rat
357. virtual media Keep both plugs of the CIM connected to the device The device may not operate properly if both plugs are not connected to the target server Hardware e KVM and serial remote access over IP e 1U rack mountable brackets included e DKSX2 144 4 serial 4 KVM server ports e DKSX2 188 8 serial 8 KVM server ports e 1 KVM channel shareable by 8 users multiple serial users e UTP Cat5 5e 6 server cabling e Dual Ethernet ports 10 100 1000 LAN with failover e Field upgradeable e Local KVM port for in rack access One front and three back panel USB 2 0 ports for supported USB devices Fully concurrent with remote user access Local Graphical User Interface GUI for administration Both KVM and serial targets can be connected using KVM local port Chapter 1 Introduction Local serial port RS232 for CLI based administration and serial target access Integrated power control Dual dedicated power control ports LED indicators for network activity and remote KVM user status Hardware reset button Internal modem Centralized access security Software Virtual media with D2CIM VUSB and D2CIM DVUSB CIMs Absolute Mouse Synchronization with D2CIM VUSB CIM and D2CIM DVUSB CIMs Plug and Play Web based access and management Intuitive Graphical User Interface GUI 256 bit encryption of complete KVM signal including video and virtual media LDAP LDAPS Active Directory RADIUS or internal with
358. virtually You can access the media just like any other drive Conditions when Read Write is Not Available Virtual media Read Write is not available in the following situations e For all hard drives e When the drive is write protected e When the user does not have Read Write permission Port Permission Access is set to None or View Port Permission VM Access is set to Read Only or Deny CD ROM DVD ROWM ISO Images This option mounts CD ROM DVD ROM and ISO images Note ISO9660 format is the standard supported by Raritan However other CD ROM extensions may also work gt To access a CD ROM DVD ROM or ISO image 1 From the Virtual KVM Client choose Virtual Media gt Connect CD ROM ISO Image The Map Virtual Media CD ISO Image dialog appears Map Virtual Media CD 1S50 Image LPmachine Select a CD DVD drive or an ISO image to mount onto the target server Local CO DVD Drive o CD ROM C IS0 Image Image Path Browst C Remote Server ISO Image Hostname Image File Server Username File Server Password p EEE Ess Connect Cancel Z Raritan a Chapter 5 Virtual Media 102 2 Forinternal and external CD ROM or DVD ROM drives a Choose the Local CD DVD Drive option b Choose the drive from the Local CD DVD Drive drop down list All available internal and external CD and DVD drive names will be populated in the drop down list c Click Connect 3 ForlSO images a Ch
359. work speed and encoding setting But the system will be most responsive when the settings match the real world environment 3 Choose the Color Depth from the drop down list The device can dynamically adapt the color depth transmitted to remote users in order to maximize usability in all bandwidths 15 bit RGB Color 8 bit RGB Color 4 bit Color 4 bit Gray 3 bit Gray 2 bit Gray Black and White Important For most administrative tasks server monitoring reconfiguring and so on the full 24 bit or 32 bit color spectrum made available by most modern video graphics cards is not necessary Attempting to transmit such high color depths wastes network bandwidth 4 Use the slider to select the desired level of Smoothing 15 bit color mode only The level of smoothing determines how aggressively to blend screen regions with small color variation into a single smooth color Smoothing improves the appearance of target video by reducing displayed video noise 5 Click OK to set these properties Raritan Z Raritan Chapter 3 Working with Target Servers Connection Information gt To obtain information about your Virtual KVM Client connection e Choose Connection gt Info The Connection Info window opens The following information is displayed about the current connection e Device Name The name of the device e P Address The IP address of the device e Port The KVM communication TCP IP port
360. ws 2008 server users should ensure that the IP address of the device being accessed is included in their browser s Trusted Sites Zone and that Protected Mode is not on when accessing the device Option 2 Enable AKC Download Server Certificate Validation If you do enable AKC Download Server Certificate Validation e Administrators must upload a valid certificate to the device or generate a self signed certificate on the device The certificate must have a valid host designation e Each user must add the CA certificate or a copy of self signed certificate to the Trusted Root CA store in their browser gt To install the self signed certificate when using Windows Vista operating system and Windows 7 operating system 1 Include the KSX II IP address in the Trusted Site zone and ensure Protected Mode is off 2 Launch Internet Explorer using the KSX II IP address as the URL A Certificate Error message will be displayed Select View Certificates On the General tab click Install Certificate The certificate is then installed in the Trusted Root Certification Authorities store 5b After the certificate is installed the KSX II IP address can be removed from the Trusted Site zone gt To enable AKC download server certificate validation 1 Choose Device Settings gt Device Services The Device Service Settings page opens 2 Select the Enable AKC Download Server Certificate Validation checkbox or you can leave the fe
361. x C Informational Notes Virtual Media 314 Dell OptiPlex and Dimension Computers From certain Dell OptiPlex and Dimension computers it may not be possible to boot a target server from a redirected drive ISO image or to access the target server BIOS when a virtual media session is active unless the Use Full Speed for Virtual Media CIM option is enabled from the Port page Note ISO9660 format is the standard supported by Raritan However other CD ROM extensions may also work Accessing Virtual Media on a Windows 2000 Server Using a D2CIM VUSB A virtual media local drive cannot be accessed on a Windows 2000 server using a D2CIM VUSB Virtual Media Not Refreshed After Files Added After a virtual media drive has been mounted if you add a file s to that drive those files may not be immediately visible on the target server Disconnect and then reconnect the virtual media connection Target BIOS Boot Time with Virtual Media The BIOS for certain targets may take longer to boot if media is mounted virtually at the target gt To shorten the boot time 1 Close the Virtual KVM Client to completely release the virtual media drives 2 Restart the target Virtual Media Connection Failures Using High Speed for Virtual Media Connections Under certain circumstances it may be necessary to select the Use Full Speed for Virtual Media CIM when a target has problems with High Speed USB connections or w
Download Pdf Manuals
Related Search