Emerson Avocent Universal Management Gateway User Guide
Contents
1. 113 oed 113 Power OULeE ost evt UN 115 Sensors and Events ooo ELI 117 Senso t Respect te 117 mcs P c E 117 117 Temperature iint sees 117 RS CREER PEE 117 CPU disk usage Rr KK KK KS KK erri 118 AppehdiCeS etie ope E fin itso r EET 119 Appendix A Technical Specifications 119 Appendix B Installation Checklist 121 Appendix C Forgotten Password KK KK KK KA 123 Appendix D Booting from the Network cece eee s see KK KK KK KK KK KK KK 124 Appendix E Creating ar SP File n SA SSA den bi Sees op E Ve dut 125 Appendix F Troubleshooting SPS 126 Appendix Appliance Troubleshooting 127 EAN iir A err d 127 WAN performance 127 Bridge groups De MEH HHHHEEDD MR 128 Hardware 05 4 U ehe ya Ma ba n s cs a W n 128 Appendix H Troubleshooting From the Appliance Shell 129 Network related c eoi E BBE HHHH re rb EH nde od awe E 129 Appendix I IP Masquerading for 1 to 1 NAT 131 App2. 14 Verifying the Connections lines 14 Front and rear panel power status LEDs 14 Rear panel Ethernet connection LEDs 15 Rear panel autosensing dedicated IP port LEDs KK KK KK KK KK KK K KK KH 15 Configuring the Appliance lsa asas ask ee 15 Configuration Example Za W n 16 Using Telnet or SSH to access a serial target 18 Initial Appliance Setup KK KK KK RR 21 Connecting to Your Network 21 Assigning an IP Address ak ss KER KS SS KK KK KK KK KK KK KK KK KK KK KK KK KK KK KK KK KK KK KK KS 21 Connecting Locally or Through the Console Port 202 0220 ass SR SK KK KK KK KK KK KH 21 Setting Up Your Network 22 NM cee DD DD rr ee eee ene te 23 Port requirements Jll aS cece cece s s ess RR KK 24 Web User Interface __ 27 Avocent Universal Management Gateway Appliance Installer User Guide Web UI Overview HH HHHH HHHH 27 Using the 5 e Leo o e e oe e t e tus 28 Admilifole LS tegi dot he io MUS AE 29 Operatotirole n d
3. DM M MM NMk MNNHHEH 87 SISSE RE RENE gx 88 SUDDOIt dey SA SE Ee METEO EAE Bee A 88 et EA EU LM fpei voto 89 89 Firewall NANAN HHHH 90 aca EE 90 Defined networks 92 94 SOWVICES E he se oe BS aad gg 96 DN OD ts I heec Oe YE LA Lc NLT OE 98 Targets m 105 Service Processo e her d 106 Properties cxx a iore er s uw cre i ay il te ei ness SEM cree cue a adde cec 106 SICHERE ONERE DE TT TIU UU LEUTE 106 107 SOSSIONS EA 107 el pete teat act PERI 109 te SINEM etai BANE 110 SQQdddSS pppp p o c e a eaooooeeam _ ummaeao 110 Alert Destinations 4 E E es esee 110 a rarae dod ue t eve fco tess 110 KVM session optimization 110 Console MERE 112 112 Propenties 5200 O 112 onc cM 113 iv Avocent Universal Management Gateway Appliance Installer User Guide Current Voltage Power Consumption Energy Consumption
4. m alles up o ogri chraos 5 O For example Use the following command to create the public IP alias for the appliance to listen for incoming traffic lusr bin fwnat fwnat alias sh c add eth0 n ILOalias a 192 168 200 17 24 b 192 168 200 255 For more information see Firewall and NAT on page 90 132 Avocent Universal Management Gateway Appliance Installer User Guide Appendix J Firewall and NAT Configuration Scenarios Firewall and NAT scenario 1 Forwarding SNMP traps from an SP to an external receiver Scenario 1 Diagram Scenario 1 Diagram Descriptions Number Description To forward an SNMP trap 1 Add the SP to the appliance 2 Configure the SP to send traps to an external receiver server Forwarding an SNMP Trap PowerEdge 2950 root Admin Properties Power Management Alert Management Platform Events Traps Settings Email Alert Settings System Remote Access Set Platform Event Alert Destination 1 Batteries Fans Intrusion Hardware Performance Power Monitoring Select the values and click Apply Changes Power Supplies Temperatures Enter a valid SNMP Community String prior to using this feature Voltages Enable Destination v Destination IP Address 192 168 200 150 3 Onthe appliance from the sidebar of the Administration tab click Firewall and NAT Interfacesto set up the firewall interfaces Appendic
5. 2 Selectthe Current Voltage Power Consumption or Energy Consumption tab as desired 3 Click Reset Values Settings By selecting the Settings tab you can view and change the settings of Outlets PDU Phases Circuits and Environment To configure Outlets settings 1 Select a PDU to manage 2 Click on the Settings tab 3 Click Outlets 114 A Avocent Universal Management Gateway Appliance Installer User Guide 5 Select the outlets you want to configure and click Edit You can change the Post On Delay and Post Off Delay as well as the High Critical High Warning Current Low Warning and Low Critical thresholds Click Apply when finished To configure PDU settings cU LEE 5 Select a PDU to manage Click on the Settings tab Click PDU Select the PDUs you want to configure and click Edit You can configure Cold Start Delay as well as High Critical High Warning Low Warning and Low Critical thresholds and Estimated Power Factor Click Apply when finished To configure Phases settings 5 Select a PDU to manage Click on the Settings tab Click Phases Select the phases you want to configure and click Edit You can configure High Critical High Warning Low Warning and Low Critical thresholds Click Apply when finished To configure Circuits settings Jac 92 5 Select a PDU to manage Click on the Settings tab Click Circuits Select the circuits you want
6. Targets Port Configuration Network Settings 2 Usethe drop down menu under state to enable the interface 3 Enterthe IP address mask and broadcast address 4 Click Apply The IP address CIDR format is sometimes referred to as prefix notation for an IP mask combo The IP mask information required is the number of bits occupying the network portion of a subnet mask when displayed in binary notation The following table is an example CIDR Format Example Decimal Binary Prefix CIDR Example 0 0 11111111 00000000 00000000 00000000 10 1 2 3 8 172 18 1 4 16 255 255 0 0 11111111 11111111 00000000 00000000 255 255 255 0 11111111 11111111 11111111 00000000 24 192 168 1 10 24 LO 176 23 8 1 30 255 255 255 252 11111111 11111111 11111111 11111100 After assigning the virtual interface IP addresses new DHCP ranges can be created It is important to ensure that the DHCP range is appropriate for the IP assigned to the virtual interface but that the range does not contain that IP avoid potential for IP conflict The virtual IP should be assigned as the gateway for the new range To create dynamic DHCP ranges 1 Browseto Targets Port Configuration DHCP Settings 2 Under Dynamic Ranges click Add 3 Enterthe Subnet address the start and end range the subnet mask and the gateway 4 Click Apply The appliance will attempt to add any SP with an assigned IP address If the default user list contains valid SP crede
7. DEL Some SP settings are in an alternate BIOS lt ctrl D gt lt ctrl E gt lt F8 gt Some SP settings are in both the main and alternate BIOS e Ensure the SP is using the dedicated interface if the SP is physically connected to the appliance or the network e Ensure the SP is sharing or using side band with NIC1 if the SP will be logically managed e Ensure the username and password are correctly configured e Access the SP BIOS and reset the password to ensure accuracy of the credentials e Ensure the SP has an appropriate IP address assigned e Ensure the appliance and the SP are on or are accessible to the same network The network must match the IP address of the SP and the network must be able to route the SP to the network the appliance is connected to This can often be tested by using a ping from the appliance command shell e fyou cannot ping the SP the SP may only allow communication via IPMI If the username password and network routing are all correct the appliance will be able to communicate with IPMI only SPs DHCP works in request respond fashion The SP must request a DHCP address before the appliance can provide one Many SPs will retain their assigned DHCP IP address despite having been turned off or if the cable has been disconnected and re connected The best way to resolve this is to force the SP to use a static IP address save restart then reset itto while connected to the appliance This will
8. NOTE For a full list of supported resolutions see Video Resolution on page 136 e Virtual media capability accessed through USB ports Smartcard capability UMIQ module An Avocent UMIQ module is an adaptor that provides traditional VGA USB based KVM over IP support to the appliance The module digitizes an analog VGA signal and USB signals keyboard mouse mass storage CD DVD smartcard CAC and delivers them over IP This enables an at the rack experience for remote users no matter where they choose to be UMIQ v1 Module Administration 71 UMIQ v2 Module UMIQ Module Descriptions Number Description Module s RJ 45 connector The v1 module has one port used to connect to the appliance via a CAT 5 cable The v2 module has a second port which can be connected to a dedicated SP VGA connector for video DC power plug USB connector for keyboard and mouse The UMIQ module has an embedded Linux OS that boots when the UMIQ module has power The UMIQ module requires full USB bus power in order to properly operate The DC power plug is useful for servers that do not provide sufficient power for devices that lack USB interfaces or for provisioning stations where the IQ module would be moved quite regularly from one server to another As long as the UMIQ module has power from USB or DC it is considered to be at full power and it can maintain the secure IP connection with the appliance and KVM sessions with users If the UM
9. Serial PDUs connected to an autosense port will be automatically discovered Serial PDUs connected to a port with autosense disabled must be manually given a port class of Serial PDU Network IP PDUs connected to appliance ports will be automatically discovered if the DHCP and SNMP settings are in a default state Network PDUs can also be discovered from a remote LAN infrastructure using the SP management discovery range feature Network PDU Network PDUs can be added or discovered when physically connected to appliance ports or logically accessible via IP from the rest of the LAN network To add a network PDU 1 From the sidebar click Targets PDU Management then click the Network PDU tab 2 Enter the IP address community name string and use the drop down menu to select either RO Read Only or RW Read Write as the ComType 3 Click Apply NOTE A com type of RW is required to turn outlets on or off and to modify rack PDU settings You may need to change the SNMP com type within the rack PDU s native interface and within the appliance before control actions will be supported To delete a network PDU 1 From the sidebar click Targets PDU Management then click the SNMP Settings tab 2 From the Network PDU table check the box next to the network PDU you want to delete 3 Click Delete SNMP Settings Network PDUs can be discovered using the community information defined in PDU Management SNMP Settings By default
10. Under the Email Address heading enter the email address where the notifications will be sent 6 Click Apply Syslog You can configure as many as four syslog rules on the appliance Syslog rules can be assigned to as many as six syslog facility levels The syslog rules can forward alerts to external syslog servers Administration 87 or log files You can set up logging of messages for the following types of events e Events of interest from the appliance e Sensor alarms generated by sensors on SPs Messages can be sent to a user defined destination Message filtering levels Messages can be filtered according to their severity based on any or all of the levels from the following list e Emergency Alert e Critical Error e Warning e Notice Info Debug To configure syslog message filtering 1 Fromthe sidebar go to Monitoring From the drop down list choose the Facility 2 Under the Notification Rules heading check the boxes for the events for which you want to receive syslog alerts and click Apply 3 Fromthe sidebar go to Monitoring Notification Destinations and under the Syslog heading click Configure next to the rule you want to configure 4 Onthe Syslog Rules page under the Configure Syslog Rule enter the Destination The destination can be an IP address or a log file name The Tag field is optional and will filter messages that do not match the Tag string 5 6 Under the Faci
11. Underthe Bridge Group Configuration heading check the box next to the name of the bridge group you want to delete then click Delete Hosts An administrator can configure a table of host names IP addresses and host aliases for the local network To add a host 1 From the sidebar select Network Hosts 2 Click Add to add a new host 3 Enterthe IP address hostname and alias of the host you want to add then click Apply To delete a host 1 Fromthe sidebar select Network Hosts 2 Click on the name of the hostname you want to delete then click Delete Routes Proper routing will ensure that traffic flows from clients to the appliance and back The routing table in the appliance shows the networks that are connected as well as networks the appliance has been told about or have been learned dynamically If traffic is destined for a remote network but the appliance cannot find a specific route matching the destination network it will revert to sending the traffic to its default gateway This is why some traffic does not get sent or received as expected NOTE The appliance is specially designed for managing and providing access to device management consoles It is not supported as a general purpose router switch or packet filter Static routes to specific network destinations can improve the accuracy of the decisions made by the appliance about which interface to use when sending traffic NOTE It is important to ens
12. gt Service Processor HP DL370 G7 iLO3 Service Processor 0 10 207 16 SP Session gt Cisco R210 UCS C Service Processor 0 10 207 16 SP Session Dell 1950 DRAC5 Service Processor 0 192 168 2 Pix501 Firewall serial 24 PMLabCisco3748 serial 25 S S PMLabCisco5000 RSM serial 26 Serial Session PMLabCisco5000 SUP serial 27 Serial Session Dell 1950 VGA UMIQ 28 192 168 1 KVM Session Dell 1850 VGA UMlQ 29 192 168 1 KVM Session Dell2950 WinEMS serial 30 Serial S Dell_2950 DRAC5 Service Processor 31 192 168 1 SPS Dell_2950 VGA UMIQ 31 192 168 1 KVM Session 2U IBM VGA 32 192 168 1 KVM Session HP DL320 G4 iLO2 Service Processor 33 192 168 1 SP Session 2 DL320 VGA UMIQ 33 192 168 1 KVM Session gt Serial Console C PDU gt Power Outlet Web UI Descriptions Number Description Title bar Use the title bar to access the online help log out or change the current user s password Tab bar Use the tab bar to display and manage targets sensors events administration and alerts operations The contents of the sidebar vary depending on the tab bar and the window that is displayed Content area The information specified by the tab bar title bar and sidebar selections is displayed and changed in the content area E Sidebar The sidebar is used to display windows that specify settings or perform 3 Using the Sidebar The sidebar is used to display windows t
13. then click the Delete button After a few seconds the sessions screen will redisplay the open sessions minus the one you deleted Support From the sidebar click Support to configure diagnostic logging Y ou can create and save a log file that can be downloaded and sent to technical support The log file contains debug information necessary for appliance technical support To enable system monitoring 1 Click Support Check the box to enable system monitoring Setthe frequency in minutes and click Apply Be Or Ju Check the box to enable SP access monitoring Administration 89 5 Use the drop down menu to select the Log Detail Level 6 Click Apply To download the log file 1 Click Support 2 Click Download Log 3 Browse to the save location and click Save Security From the sidebar click Security to enable or disable the following network services Telnet ICMP SSH e HTTPS HTTP redirect Certificate The appliance by default has a certificate installed that controls the web services and allows access through HTTPS Third party certificates can also be imported and configured Importing a third party certificate replaces the default appliance certificate Contact Avocent professional services to delete third party certificates and restore the default certificate NOTE The third party certificate has to be in PKCS12 format To import a third party certificate 1 From the sidebar click
14. 5 Assign the desired IP values and click Apply Firewall Consult the following table to configure access to the appliance through a firewall Default Firewall Service Definitions Port Type Service Definition E KETE zy awvFrp Data zr FTP Firmware Update swvFTP Commande _ 22 7T Enenpted Sesion sw SSH SeakSesslon e 24 Avocent Universal Management Gateway Appliance Installer User Guide Port Service Definition Port requirements e Ports 443 843 and 8123 must be open to the appliance to support administration of the appliance using its web UI e Ports 2068 and 8080 must be open to support KVM sessions to a module e 22 must be open to support serial sessions and SSH CLI appliance administration e Ports 3211 3502 3871 must be open to support DSView software management of the appliance e Ports 502 6443 8011 8012 9002 and 47777 48117 must be open for full Trellis Real Time Infrastructure Optimization Platform support Default Firewall Rules Order Service Action Use case recommendation Needed for internal appliance communication Do not disable Needed for internal appliance communication Do not disable srv WEB UI Needed to access the appliance web UI set to DROP to disable web UI Needed to test troubleshoot network connectivity set to DROP if not srv PING Accept used srv FTP Data Needed to upgrade appliance firmware via t
15. Click Apply when finished Click the Data Buffering tab to configure data buffering settings Click Apply when finished Click the Alerts tab and then click Add to add an alerts string Click Apply when finished NOTE See the following table for a description of the CAS Data Buffering and Alerts parameters CAS Parameters Parameter Description CAS The number of the port The networking protocol that can be used to access the serial port target SSH Authorized users can use SSH to connect to the console of a connected device Telnet Authorized users can use Telnet to connect to the console of a connected device SSH Telnet Authorized users can use SSH and or Telnet to connect to the console of a connected device simultaneously Raw Authorized users can make a Raw Socket connection to the console of a connected device Default SSH Telnet Fora Telnet Raw session TCP port to redirect to a serial port For example telnet appliance IP gt 70XX TCP Port Alias For SSH session Interface name ttySxx or target device name For example ssh user interface or target name gt lt appliance IP gt 22 Default 70XX where XX is the serial port number Allow Session Only if When the DCD is OFF the appliance will not provide sessions for this serial port DCD is On Default Disabled allow access if DCD is OFF DTR Mode can be set to the following Always On DUR Meee Normal the DTR st
16. Fromthe sidebar click Targets SP Management then click the Service Processors tab 3 Click mport SPs 4 Browse to the location where the SP file is stored and click Open At the Import Targets dialog box click OK 5 Once you ve begun importing the list of SPs they will populate within the list of SPs 6 You can click Stop Importing to stop the remainder of the import process To edit an SP 1 Fromthe sidebar click Targets SP Management then click the Service Processors tab 2 Clickthe name of the SP you want to edit 3 Under the Modify SP tab you can edit the SP s name username password and depending on the profile type the KG cipher SoL data buffering and virtual KVM preference NOTE You can also edit the name of an SP from the Administration Targets screen 4 Click Apply 5 Under the SoL tab you can enable Serial over LAN and configure the baud rate channel package level limit and retry count 6 Click Apply Virtual KVM For some SPs the appliance supports both Java and ActiveX viewers By default the appliance will attempt to provide the user with the ActiveX vKVM option if supported for that SP type If ActiveX is not supported by the client browser the appliance will only provide a Java based 58 Avocent Universal Management Gateway Appliance Installer User Guide session If you wish to change the default vKVM option and if vKVM is supported by the SP from the Modify SP page select wheth
17. Management Gateway Appliance Installer User Guide The lease bindings tell you which IP addresses have been dynamically assigned to targets It displays the range start and end times MAC address hostname port number and target device type The lease bindings can only be cleared by deleting the dynamic range they were issued from and restarting the DHCP server Lease times are measured in days NOTE Only one range may operate on a private interface Advanced settings Within the appliance shell the etc dhcpd conf file can be edited to add DHCP scope options such as option 6 DNS server or option 15 DOMAIN name Discovery You can discover service processors from a variety of IP ranges within routed access of the appliance You can specify up to 20 IP address ranges either for automatic or manual discovery Discovered service processors are displayed in the SP Management list In order to discover a service processor the SP must have an IP address belonging to the discovery range and a username and password pre populated in the Default Users tab The SP must be a type supported by the appliance as listed in the firmware release notes Whether performing a discovery import or manually adding an SP the appliance will always perform a capabilities discovery to determine the licensed feature set of each SP in order to display session buttons or control capabilities appropriate for what the SP will support For example an HP iLO with
18. Target Access is the most permissive As long as either a user or a user s group has access the user will have target access The following table shows target access depending on a user s or group s access Group Target Access If User Has Access If Group Has Access Resulting Target Access Yes Yes Yes Ne we To add a managed target 1 From the Available column browse to the target s you want to manage and click the left arrow to add it to the managed targets 2 Click Apply To remove a managed target 1 From the Managed Targets column browse to the target s you want to remove and click the right arrow to remove it from the managed targets 2 Click Apply Group Target Rights After creating or modifying a group click new group name and then select the Target Rights tab to manage target rights Target rights are the most restrictive As long as both a user and a user s group has target rights the user will have target rights The following table shows target rights depending on a user s or group s rights Target Rights If User Has Rights If Group Has Rights Resulting Target Rights To manage target rights 1 Under Managed Targets click the target for which you want to manage rights 2 Check the appropriate box to either allow or deny general access rights 48 Avocent Universal Management Gateway Appliance Installer User Guide 3 Forserial targets use the drop down menu to select the
19. Targets Discovery then click the Log tab 2 Usethe drop down menus to filter by Method Credential and or Status 3 Click Filter NOTE Clicking Refresh resets all the filtering parameters 60 Avocent Universal Management Gateway Appliance Installer User Guide To perform advanced sorting and filtering the Discovery Log can be exported to a csv file by clicking Export An administrator can clear selected log entries on a single page by checking the desired boxes next to log entries then clicking Clear Selected The entire Discovery Log can be purged by clicking Clear All SP management A service processor SP can be connected to any numbered target port on the back of the appliance Service Processors that lack a dedicated interface are shared with NIC1 in what is called Side Band Side Band SPs can only be communicated with logically by the appliance via your network The SP will need to be assigned an IP that the appliance can communicate with Many SPs can be configured to either use the dedicated interface or share Side Band with NIC1 The appliance can communicate with the SP in either implementation via IP When SPs are physically connected to the appliance the IP of the SP is not accessible to your network OEM tools will not be able to communicate with the SP unless the appliance is placed in Bridge mode The SP manager prevents communication between its numbered target ports but the appliance does not The
20. a different network Network configuration changes made to ethO eth1 0 brO priv kvm spm and any other bridge groups and virtual private interfaces could affect the applicability of NAT and firewall rules All firewall rules that reference interface names or addresses that were replaced during the network configuration change should be edited within the NAT and or firewall rules to ensure proper network communication For example ethO eth1 must be replaced with brO or bondO where applicable NAT flow Traffic entering an interface incoming is translated according to a NAT rule before any filtering rules and before any routing decisions Traffic exiting an interface outgoing is translated according to a NAT rule after filter rules and routing decisions have been made NAT Flow NAT Flow Table Descriptions Number Description Incoming NAT on an inside interface Incoming NAT on an outside interface 100 Avocent Universal Management Gateway Appliance Installer User Guide Number Description Outgoing NAT on an inside interface 6e Outgoing NAT on an outside interface Firewall flow Traffic entering the appliance input is subject to filter rules after it has passed through NAT rules and routing decisions Traffic exiting the appliance output is subject to filter rules before routing decisions are made and NAT rules perform any translation Firewall Flow Firewall Flow Table Descriptions Nu
21. a workstation for analysis using tools such as WinSCP and Wireshark For example to capture from both the ethO and the priv interfaces tcpdump i eth0 w download networktrace1 cap and tcpdump i priv w Idownload networktrace2 cap WAN performance If KVM virtual media or firmware uploads are slow or fail across a network WAN many network routers that connect to WAN links Frame Relay ATM SONET or VPN often are set to fragment large IP packets into smaller chunks The maximum size of an IP packet is defined as MTU within all devices connecting to networks The appliance s MTU defaults to 1500 bytes and the appliance sends all traffic with the Don t Fragment bit enabled in the IP header An IP packet that doesn t want to be fragmented is discarded by a router that must fragment large packets before transmitting them across a WAN link To resolve this you can decrease the size of the appliance s MTU in the network settings which will generate smaller IP packets This will increase the total number of packets that get created but they will be small enough to cross the WAN link without being discarded and should improve the situation Don t do this unless you are sure that the appliance traffic is being discarded by the customer WAN router because of fragmentation 128 Avocent Universal Management Gateway Appliance Installer User Guide Bridge groups When creating a bridge group inside of the appliance there is a default settin
22. cause the SP to request an address from the appliance and the appliance can now discover the SP e Ifthe SP is accessible and the username password is correct verify that IPMI or Telnet SSH as appropriate is enabled in the SP or is assigned to the appropriate NIC interface Validate the required SP communication protocol and firmware version in the appliance release notes Appendices 127 Appendix G Appliance Troubleshooting LAN performance If you re experiencing issues between the appliance and the network issue the ethtool eth0 or ethtool eth1 command to determine if the appliance is communicating with the network switch at half duplex This can happen if the network switch is not set to auto negotiate speed and duplex the appliance only supports auto When a network switch is static and the appliance is auto the two will not be able to communicate with matching duplex leading to poor network peformance To resolve this have the network administrator set the network switch port to auto negotiate speed and duplex To assist in troubleshooting issues related to connectivity sessions time outs or other network related problems a network traffic packet capture may be performed At the appliance shell execute the tcpdump command on one interface at a time that lies within the communication path between the user appliance and the appliance target Save the output of the tcpdump to the download directory then copy the output file to
23. connect a terminal or workstation to the CLI Setup port Terminal settings are 9600 8 N and 1 with no flow control and ANSI emulation 22 Avocent Universal Management Gateway Appliance Installer User Guide NOTE For instructions on assigning an IP address using the CLI see the Universal Management Gateway Appliance Command Reference Guide The GB1 ethO port on the appliance is configured as a DHCP client If your network is set up for DHCP you must first find the IP address assigned to the appliance by looking at the DHCP leases on the network DHCP server Then use a supported web browser to navigate to https lt appliance IP to connect to the appliance NOTE Adobe Flash Player and Oracle Java Runtime are required for full product support to client PCs accessing the appliance See the release notes for a list of supported web browsers If your network is not set up for DHCP the GB2 eth1 port has a default IP address of 192 168 1 10 You can assign your PC connected to eth1 an IP address of 192 168 1 10 and then browse to the appliance using the default IP address To assign the IP address using the VGA console 1 Login to the appliance using admin as both the default username and password 2 Underthe Administration tab click Network Settings For more information on Network Modes see Defined networks on page 92 NOTE Changes to the network mode should be performed before targets are configured Changing
24. disable autosense select Serial PDU as the port class and choose the appropriate connection pinout type Avocent or Cisco c Click Apply To change a serial PDU password 1 Select Targets PDU Management Serial Login 2 Enterthe new password and click Apply Administration 69 Asset Location Asset tracking enables a user to determine the specific location of a device within a rack and also track the movement of devices into and out of the rack The Avocent Universal Management Gateway appliance can perform asset tracking using an external appliance such as the Data Cabinet Intelligence Module DCIM along with Remote Frequency Identification RFID tags RFID tags are placed on devices before they are installed in the rack The asset tracking appliance then monitors those devices and can relay their placement and status to a connected server or device Multiple asset tracking appliances can be added to the Avocent Universal Management Gateway appliance To enable asset tracking 1 Log into the Avocent Universal Management Gateway appliance web UI as an administrator 2 Under the Administration tab click Targets Asset Location from the sidebar 3 Enter the IP address and name for the asset tracking appliance then click Add The asset tracking data will display under the Asset Location heading To delete an asset tracking appliance 1 Under the Administration tab click Asset Location from the sidebar 2 Check t
25. download 0 4kbps upload e Continuous mouse circles movement on screen 30 pkts sec avg 212kbps download 246kbps upload 112 Avocent Universal Management Gateway Appliance Installer User Guide e Rapidly opening and closing full screen windows 30 70 pkts sec avg 2 5mbps download 230kbps upload KVM window resolution 1024x768 60hz Ubuntu Desktop e Zero screen movement 0 pkts sec avg 1 3kbps download 1 0kbps upload e Continuous mouse circles movement on screen 30 pkts sec avg 470kbps download 245kbps upload e Rapidly opening and closing full screen windows 40 50 pkts sec avg 750kbps download 180kbps upload Serial Console Available serial targets can be viewed under the Targets tab To view available serial targets 1 From the sidebar click Serial Console and then click on a target to view properties and logs 2 Click Connectto open a serial session with the target 3 Click Properties to view the target s properties 4 Click Logsto view the target s log files You can also download and clear log files from this screen PDU Each PDU and its associated outlets are listed under the Targets tab From the sidebar click a PDU to view and or modify its configuration settings For read only information on the PDU circuits and outlets view the following tabs Properties Outlets Overview Current Voltage Power Consumption Energy Consumption and Environment To modify configuration of outlet
26. flagged to change the password at next login In all cases passwords will be checked to ensure they are not comprised of palindromes or repeated strings Password Policy Settings Setting Description Passwords can be as short as one character and may contain any character Passwords None AR pne can be immediately re used Password expiration is set to never by default Passwords must contain at least four characters at least one of which must be a Weak number When a user changes a password it must be different from the old password Passwords are set to expire after one year by default Passwords are set to expire after 90 days by default Passwords must contain at least 16 characters including one special character one Strong number and one capital letter When a user changes a password it must be different from the old password Passwords are set to expire after 30 days by default Passwords must contain at least eight characters including one number and one capital Medium letter When a user changes a password it must be different from the old password Preemption Levels The preemption level of users determines whether they may interrupt or disconnect another user s KVM session with a target device Administrators and user administrators may specify the preemption level for user accounts or user defined user groups By default the preemption level active for the user is the highest assigned value of all of
27. illuminated If a port is statically set to one of the two modes the corresponding LED will be the only one illuminated Autosensing Port Network and serial mode The autosensing ports can operate in network or serial mode Each major mode has sub modes called port classes The network port class is for network or SP connections The port will autosense network targets but will need to be manually configured for SP connected targets The serial port class is for console connections or PDU connections By default the serial port class will autosense to a console connection and will need to be manually configured for a Power Distribution Unit PDU connection The ports will autosense and switch to the appropriate mode depending on the target attached to the appliance When a port is in network mode the green LED will be illuminated The appliance will provide an IP address to the network device attached to it It is only intended to be connected to the device to be managed or accessed The appliance will not function as a traditional network switch or common network access firewall It is a special purpose appliance intended for target device access and management CAUTION Since the appliance issues IP addresses using DHCP they could conflict with a production DHCP infrastructure Proper VLAN segmentation must be assigned on the network to avoid this conflict Product Overview IP addresses can also be assigned statically to SPs
28. or create additional groups with custom permissions and access rights Administrators can add delete or modify permissions and access rights for users from any group at any time Administration 45 For example if an administrator configures the appliance to restrict user access to a target the administrator can assign users to groups that are authorized for specific target access The administrator can also authorize groups for power management and data buffer management This document and the software refer to users whose accounts are configured on remote authentication servers as remote users Remote users do not need local accounts LDAP authentication services allow group configuration If a remote user is configured as a member of a remote group the authentication server provides the group name to the appliance when it authenticates the user A local group by the same name must also be configured on the appliance If an authentication server authenticates a remote user but does not return a group then the remote user is by default assigned to the user group Managing user groups Administrators can create custom user groups that contain any users Permissions and access for custom user groups will be determined by the top level user group permissions To add or modify a user group 1 From the sidebar click Users Groups 2 Click Add to create a new user group The Create User Group screen appears Enter the new user group n
29. session access and check the box es to kill a multi session or for multiple session notification 4 Click Apply Manage Target Settings If you allow Manage Target Settings rights you have rights to the following Targets Tab PDU lt PDU gt Power Consumption Targets Tab PDU lt PDU gt Energy Consumption Targets Tab PDU lt PDU gt Environment Targets Tab PDU lt PDU gt Settings Targets Tab PDU lt PDU gt Properties Targets Tab PDU lt PDU gt Outlets Lock Targets Tab PDU lt PDU gt Outlets Unlock Targets Tab PDU lt PDU gt Outlets Saved Status Targets Tab PDU lt PDU gt Current Targets Tab PDU lt PDU gt Voltage Targets Tab Power Outlet Properties Settings Targets Tab Power Outlet Properties Lock Targets Tab Power Outlet Properties Unlock Targets Tab Service Processor SP System Power Targets Tab Service Processor SP System Enclosure Targets Tab Service Processor SP System Time Targets Tab Service Processor SP Logs Clear Log Targets Tab Service Processor lt SP gt Alerts View Logs If you allow View Logs rights you have rights to the following Targets Tab Service Processor SP Logs Download Log Targets Tab Serial Console Logs Targets Tab Service Processor SP Sessions SoL Session History Targets Tab Service Processor SP Sessions SEL Admini
30. the network mode after adding and configuring targets may interrupt their communication and they may need to be added again and reconfigured in order to work again 3 Clickthe entry for the desired interface in the table and change the method to Static 4 Assign the desired IP values and click Apply Setting Up Your Network The appliance uses IP addresses to uniquely identify itself to IP based target devices It supports both Dynamic Host Configuration Protocol DHCP and static IP addressing As a network infrastructure device its IPs should be static or use DHCP reservations to ensure the appliance is always available via a consistent address GB 1 ethO on the appliance is a DHCP client intended only to facilitate initial network access but should be made static before being put into production environments An IP address can be obtained via DHCP or a static IP can be assigned using the VGA console or CLI Setup port Initial Appliance Setup 23 NOTE If using DHCP you must first find the IP address assigned to the appliance by looking at the DHCP leases on the network DHCP server Enter https lt appliance IP in your browser to connect to the appliance To assign the IP address 1 Loginto the appliance via its console port using admin as both the username and password 2 Clickthe Administration button 3 Clickthe Network Settings folder 4 Clickthe 1 ethO entry in the table and change the method to Static
31. the user groups to which the user belongs Preemption levels range from 1 6 with 6 being the highest level For example a user or a user group with a preemption level of 6 may preempt other level 6 users or user groups as well as those with a level 1 2 3 4 or 5 setting Administration 41 User and User Group Preemption Preemption Level The default level for the admin account Only available to admins 5 The default level for the factory operator account Only available to operators and administrators Description The preemption levels may be used in the following ways User preemption level This is the preemption level assigned to a user by an administrator If this value is larger than the highest preemption level of the user group to which the user belongs the value will be used as the effective user preemption level Group preemption level This is the preemption level assigned to user groups to which the user belongs If the user is assigned to multiple user groups with different preemption levels this will be the preemption level ofthe user group with the highest level For example if a user belongs to the appliance administrators level 6 and users level 1 user groups this value will be defined as 6 If this value is larger than the highest preemption level of the user the value will be used as the effective user preemption level An appliance administrator or power user may also specify a local user in
32. to configure and click Edit You can configure High Critical High Warning Low Warning and Low Critical thresholds Click Apply when finished To configure Environment settings 1 2 3 Select a PDU to manage Click on the Settings tab Click Environment Targets 115 4 Selectthe sensors you want to configure and click Edit You can configure a sensor s Name and Unit as well as its High Critical High Warning Low Warning and Low Critical thresholds 5 Click Apply when finished Power Outlet Available outlet targets can be viewed under the Targets tab To view available serial targets 1 From the sidebar click Power Outlet and then click on a target to view properties overview and settings You can also turn an outlet on off or cycle power by clicking the buttons at the top of the page 2 Click Properties to view the outlet s ID name and status You can also lock or unlock an outlet from this page A locked outlet cannot be turned on off or cycled 3 Click Overview to view the outlet number ref current amps voltage volts power watts AppPower volt amps power factor energy and alarm state 4 Click Settingsto view and if supported configure ID name post on post off delays maximum current high warning and high critical thresholds low warning and low critical thresholds for the outlet 116 Avocent Universal Management Gateway Appliance Installer User Guide Sensors and Events Sens
33. to edit 3 Make your changes or Click Delete to delete the interface 4 Click Apply NOTE A user cannot enable an interface if an IP address is empty DHCP Settings From the sidebar click Targets Port Configuration DHCP Settings to view or change the default DHCP server settings The appliance DHCP server is required to issue IP addresses to UMIQ adapters and can be used to issue IP addresses to SPs A dynamic range is required to issue DHCP addresses incrementally or based on MAC address reservations The DHCP server can only operate on appliance private interface ports To configure DHCP settings 1 Click Targets Port Configuration DHCP Settings 2 Check the box to enable or disable the DHCP server NOTE If using the DHCP relay option new firewall rules will need to be created for the interface that will receive the DHCP request to permit FORWARD traffic to the external DHCP server host and back again 3 DHCP leases are defined in days default is 30 4 Dynamicranges can be added or deleted by clicking Add or Delete Within each dynamic range the gateway field defines the range association with a virtual interface 5 DHCP reservations are created by clicking Add or Delete in the Assignment by MAC Address heading The hostname is a name for the reservation The MAC Address is the layer2 physical address of the target network card The Fixed Address is the IP address to be issued 54 Avocent Universal
34. top to bottom traffic is compared to the entries of the NAT policy looking for a pattern match nterface This is the interface where traffic will be inspected for traffic pattern matching and also the interface where the NAT will be performed The source host network listed here is inspected for traffic pattern matching Destination The destination host network listed here is inspected for traffic pattern matching Service The service listed here is inspected for traffic pattern matching i The action to be performed on the traffic that matches the pattern for this rule This rule will apply to traffic matching the chosen connection status type Not needed The traffic is associated with no known connection New The traffic has started a new connection or otherwise associated with a Connection connection which has not seen packets in both directions Status Established The traffic is associated with a connection which has seen packets in both directions Related The traffic is starting a new connection but is associated with an existing connection such as an FTP data transfer or an ICMP error Rule State Defines whether the rule state is active or not To add a Firewall Policy 1 From the sidebar click Firewall and NAT then click the Policy tab 2 Inthe Firewall Setup Section under the Add a Firewall Policy heading use the drop down menu to select Input Output or Forward under Direction 3 Enter valid name
35. Apply Or Click Delete to delete the policy Targets When logging into the appliance the Targets tab is the default view The Targets tab view consists of a sidebar and the Targets table NOTE The actions in this section can be performed by first clicking Targets in the tab bar Targets Tab Display Type are C gt Appliance IS IP Address v E3Senice Processor 14 17 8D 192 168 200 167 or 492 168 200 187 Bl 1A 17 BD_192 168 200 154 Bl 417 80 162 168 200 158 Bl 417 80 162 168 200 167 v Buma oser le 192 188 10 101 AA47 BD 02 158 200 158 a 492 188 200 188 1 17 _192 168 200154 Processor owere 192 168 200 154 Bil AP 5000 DCP OSPF2 le 1216810100 sera le 40216810103 lose Bl osera esra Osprs le 192 168 10 104 OSPF4 le 182 188 10 102 loses 000 192 168 10105 v Ba Serial Console DX 1a 17 tdP40_1_2 Povere 40 PDUport3 OUTLET2 1a 17 bd p 39 da4T bdP40 13 cutie ere 40 PDUport3 0UTLET3 v E3Power oute 17 ower 40 PDUport OUTLET7 meme mes 4 PDUDo OUTLET 1a 17 bdP40 1 10 Dm 1a t7 bdPA40 1 3 De oues out 40 pOUpot OUTLET erra ost so Poupar OUTED 1 17 40 40_1_10 owere 40 PDUpart3 OUTLET10 1 17 0 40_1_5 1a 17 bdP40_1_6 1 17 00 40 1 7 1 17 0040 1 8 12 17 59940_1_9 da4T bdP40 1 0 re 40
36. Avocent Universal Management Gateway Appliance Installer User Guide 9 EMERSON Network Power For important safety information visit www emersonnetworkpower com ComplianceRegulatorylInfo Emerson Emerson Network Power and the Emerson Network Power logo are trademarks or service marks of Emerson Electric Co Avocent the Avocent logo Cyclades DSView and Trellis are trademarks or service marks of Avocent Corporation Liebert is a trademark or registered trademark of Liebert Corp All other marks are the property of their respective owners This document may contain confidential and or proprietary information of Avocent Corporation and its receipt or possession does not convey any right to reproduce disclose its contents or to manufacture or sell anything that it may describe Reproduction disclosure or use without specific authorization from Avocent Corporation is strictly prohibited 2014 Avocent Corporation All rights reserved NOTE This document supports versions up to and including release 2 8 TABLEOFCONTENTS OF CONTENTS Product Overview 1 Features and Benefits yx s nawa Me ak ek anan a deka baka k nika bak Ban kabe kwla h ka EW zl 1 Secure ACCESS BN UH 1 Autosense UH HBHRHHIRERRERRERRHHHHHHHHHHHHHHHHHHHHHHHHH BB 22200 1 Web user interface Ul KK KK HH 3 VGA and USB conne
37. IQ module loses power but is still connected to the appliance the UMIQ module will request the appliance send standby power via the UTP cable to prevent the UMIQ module from going offline The UMIQ module running on standby power cannot support KVM sessions but it can maintain its connection to the appliance The UMIQ v2 module can maintain the bridge between its two ports ensuring that the SP is always accessible The appliance will use the DC connector for all of its power needs and the USB plug will just be used for data exchange The appliance draws 5v at 0 5a from either DC or USB When connecting an autosense port to a UMIQ module a straight UTP cable should be used The UMIQ v1 module has a single RJ 45 port intended to be connected to the appliance The UMIQ v2 module has two RJ 45 ports either one can be connected to the appliance and the other can be connected to a dedicated service processor port on the server The cable length can be up to 100 meters long 72 Avocent Universal Management Gateway Appliance Installer User Guide WARNING Never connect a network switch hub firewall router between the appliance and a UMIQ module The appliance sends electricity that will damage anything that is not a UMIQ module UMIQ Module LED Patterns LED Pattern Description Power LED is on when the UMIQ module is operating with USB Constant ON power in a normal operating state Pow LED During the upgrade the UMIQ module will bli
38. Output Buzzer Beacon and Door Lock 011 012 Digital Input Vibration Smoke Leak Door and Motion TH1 TH2 1 Wire Temperature Humidity and Dry Contacts The following table displays the data that can be collected Environmental Measurements Measurement Units Temperature Humidity Door Status Leak Status Motion Status Vibration Status Smoke Status Com Digital Input The COM digital input DI sensors view and monitor motion and smoke They can be connected to the DI1 DI2 ports on the back of the appliance COM Sensor Properties Property Description Default Value Sensor Sensor ID Read Only eee Belined Enabled Enable or Disable Enabled Name Name of the sensor Smoke Door Leak or Motion Sensor type can only be selected when the Type Smoke sensor is added Default Location The sensor s location or position To add enable or remove a COM digital input sensor 1 Click Administration Sensors COM Digital Input Enter the name of the sensor Select the port DI1 or DI2 Select the type of sensor and click Add Click the sensor name choose the normal status and click Enable e ss N To remove the sensor click the sensor name and click Remove 84 Avocent Universal Management Gateway Appliance Installer User Guide Digital inputs The digital inputs collect smoke leak and motion data They can be connected to the DI1 DI2 ports on the back of the appliance Digital Input P
39. P server you can enable power capping and configure thresholds for the SP server by clicking Configure NOTE Before enabling power capping consider the possible effect a lower clock rate will have on the applications hosted by the server Power capping can be enabled or disabled and assigned a power threshold watt value 110 Avocent Universal Management Gateway Appliance Installer User Guide The correction time is the number of milliseconds the SP server will wait before applying a corrective P state or clock rate to reduce power consumption below the threshold The sampling period is how often in seconds the SP server will query for current power consumption The exception action is the action the SP server will take when a threshold is exceeded and the options will vary from server to server Sensors Click on the Sensorstab to view the sensor information for the target device Click Refresh to refresh the sensors information Logs Click the Logs tab to download the SOL data buffering log or to clear all data log history The log files can be accessed or downloaded from the appliance shell in the directory Alert Destinations Click the Alert Destinations tab to enable and configure SNMP alert destinations for the target device From this screen you can change the community name and IP field for the alert NOTE The screen options will vary depending on the capabilities of the SP UMIQ Modules Available UMI
40. PDUport3 OUTLETS da47 bdPAD 1 5 40 PDUport3 OUTLETS 17 0 240 1 6 owere 40 PDUpor3 OUTLETS Targets Tab Descriptions Number Description From the sidebar you can access an appliance and its associated targets From the Targets table you can view information about the target and open a session to it The Targets table can be sorted according to column headers and the various column widths can be resized according to preference Customizations revert to default when the user logs out The targets can be viewed in three formats list view group view or type view depending on the selection made e The list view is a flat list of targets grouped under a parent appliance node Selecting the appliance list item shows a target summary screen e The type view shows all targets grouped by their target types The group view shows only the defined target groups and their contents Targets not in a group will not be visible Targets in more than one group will appear with each group The group view shows Target groups that have been created within the Administration tab 106 Avocent Universal Management Gateway Appliance Installer User Guide Status Descriptions Status Value Description No sessions are active Powered On Sockets are turned Unknown No status available NOTE If a filter is applied only those matching targets will be displayed Locked On One or more sockets are locked
41. Q modules can be viewed under the Targets tab From the sidebar click ona UMIQ module to view its settings Click Connect to open a KVM session with the selected UMIQ module To view available UMIQ modules 1 From the sidebar click UMIQ and then click on a target to view its status and the power status 2 Click Connect to open a KVM session with the target KVM session optimization The UMIQ module performs analog to digital video conversion and the session quality will be subject to cleanliness of the video signal coming from the server A poor quality session will exhibit blocky video and extremely slow mouse response Targets 111 To improve session performance 1 Inthe KVM viewer click Tools Automatic Video Adjustmentto calibrate the A D converter to the video signal coming from the server video card 2 Toidentify a KVM session that is slow due to unclean video signals click Too s Manual Video Adjustment A clean video signal will create 0 Pkts Sec on the performance monitor when there is not any activity on the target server NOTE Adjusting the screen resolution and screen refresh rate can have a significant effect on the cleanliness of the video signal and the speed of the resulting KVM session For best results try different combinations of these two settings followed by an auto video adjustment to improve the session speed The amount of video input plays a big role in the speed of KVM sessions Lower screen r
42. RS 485 environment sensor 1 Click Administration Sensors RS 485 Environment Sensor Use the drop down menus to select the Type and Address for the sensor Enter the name for the sensor and if applicable the humidity name Click Add Check the box to enable the sensor and click Apply a To remove the sensor click the sensor name and click Remove PDU Temperature Sensors Delta The appliance provides a delta calculation between two temperature sensors attached to a PDU This delta can be useful for determining temperature differences between a hot aisle and a cold aisle or the top of the rack or the bottom of the rack To add sensors for a delta calculation 1 Fromthe sidebar click Sensors PDU Temperature Sensors Delta 2 Entera name for the delta 3 Usethe drop down menu to select either Fahrenheit or Celsius as the unit of temperature 4 Fromthe PDU field select the first PDU in the delta and click the Sensor 1 button 5 From the PDU field select the second PDU in the delta and click the Sensor 2 button 6 Click Apply The delta appears in the PDU Temperature Sensors Delta table To view the delta calculation click the Sensors tab then click Delta The delta appears in the PDU Temperature Sensors Delta table 86 Avocent amp Universal Management Gateway Appliance Installer User Guide To delete a delta calculation 1 Fromthe sidebar click Sensors PDU Temperature Sensors Delta 2 Check the
43. SP Management screen displays all Service Processors SPs connected to the appliance From this screen you can add delete and manage SP settings An SP can be manually added to the appliance if the appliance has IP access to the SP and has a corresponding profile to support the SP type The username password must be provided in the Add SP Wizard Common credentials can be pre populated in the Default Users tab The profile you choose needs to match the SP as closely as possible SPs that use IPMI will use the KG Hex format and Cipher settings to implement a symmetric IPMI 2 0 encryption key to encrypt the UDP based IPMI traffic To ensure all of the SPs capabilities are available to the appliance make sure the SPs enable IPMI over LAN in their configuration Because IPMI is sometimes customized support for non standard implementations will vary NOTE Appliance support for each SP is dependent upon SP firmware capabilities See the appliance firmware release notes for a complete list of SP types and supported SP firmware versions SPs and SP versions that are not listed as supported may have some level of support if manually added to the appliance using the IPMI_ 2 0 or generic SP profiles The appliance firmware and release notes can be found at http www avocent com update Administration 61 You can also add multiple SPs at once by creating a custom file containing the IP address port username password and SP type of the SPs you wan
44. Security Under Third Party Certificate Import enter and confirm the Certificate and key passphrase Click Import Browse to the certificate location and click Open pr oo qe Click Apply and restart the appliance 90 Avocent Universal Management Gateway Appliance Installer User Guide Third party Certificate Targets Sensors Events Administration Logged in as admin 2 Authentication Administration Security v Targets SSH Reboot Shutdown L Port Configuration L SP Management Enable Telnet SSH Port 22 UMG Active Certificate List L Serial Management L Management L Target Groups L DSView Dam Serial Number Common Name Organization Expires L Firmware 5955689 8891967 Root Certificate Emerson Network Power 02 02 33 7 USB Devices v Power Distribution Liu Third Party Certificate Import v Sensors L COM Digital Input Certificate and key passphrase OneWire Digital Input Confirm passphrase OneWire Environment Sensor L RS 485 Environment Sensor v Monitoring _ Notification Destinations LJ Sessions Support _ Security L Firewall and NAT Firewall and NAT The firewall and NAT feature enables an administrator to configure the rules governing traffic filtering IP forwarding and address translation within the appliance NOTE The appliance is specially designed for managing and providi
45. This could be achieved through a simple NAT or IP forward policy rule allowing the management tool access to the SP In addition a firewall filter rule would prevent users from exploiting the NAT forward rule used by the management tool The following criteria should be used to make the determination between a NAT rule or an IP forward rule for providing bypass access to private hosts An IP forward rule requires that the private IP network subnet is unique with regard to other production networks and even other appliance private networks If two appliances have the exact same IP network associated with their private ports hosts an external host would be unable to properly make a routing decision between the appliances when trying to send traffic to a private host behind one of them The benefit of a NAT rule is thatthe same IP network subnet can be repeated for private ports hosts on multiple appliances without the same routing conflict The appliance supports two forms of NAT 1 to 1 NAT IP masquerading and port address translation PAT NAT overload For successful end to end communication leveraging an IP forward policy rule the private host must treat the nearest appliance IP as its gateway and all external hosts must have routes static or dynamic that reference the private network subnet and nearest appliance IP Administration 99 NOTE In this context the nearest IP is the one belonging to the same network or the closest routable IP on
46. Under the Sharing heading you can enable and select the level of sharing Options include Automatic Exclusive and Stealth e Automatic is a sharing option that will automatically allow another user to share the console session A user trying to access a console session that is already in use will not be prompted to share they will automatically be logged into the session Exclusive is a private sharing option that does not allow sharing by other users e Stealth is a sharing option that starts a Video Viewer window session but you will only be able to view what occurs on the target without controlling the keyboard or mouse The user who is currently active will not be notified that access is being shared and no request to authorize sharing will be made If the user s preemption level is higher than or equal to yours the stealth connection may not be permitted When you attempt to connect to a session already in use by another user a dialog box states the target is not available for viewing along with the name of the current user s Atthis point you may request to share access to the target preempt the user or use stealth mode if it has been enabled Sharea connection When you are prompted to share a connection and you click Share with the other user When sharing a target all users may monitor and take control it if no other user is active When you click OK the primary user who is active will receive a request to allow sharing u
47. access the snmpd daemon on the appliance to add the appliance to an environment as a monitored device To configure the appliance as a monitored device 1 Connectto the console interface of the appliance using Putty Login as admin From the presented menu select shell Edit the snmpd conf file which is located in the etc snmp folder Restart the snmpd deamon by typing usr bin restartsnmpsvr N You can now add the appliance to the desired monitoring tools 136 Avocent Universal Management Gateway Appliance Installer User Guide Appendix L Video Resolution The following table lists the video resolutions supported in the UMIQ module s EDID Supported Video Resolution Video Standard Standard Standard Widescreen Widescreen Widescreen Resolution Standard Widescreen 1024 x 1280 x 1600 x 1280 x 800 1680 x 1920 x 768 1024 1200 1050 1080 640 x 400 60 Hz 768 x 576 60 Hz 768x576 x T 72 Hz 800x500 x 60 Hz 800x600 7 56 Hz 800x600 60 Hz 800x600 3 72 Hz 800 x 600 75 Hz 832x624 F 7 3 75 Hz 853x480 3 60 Hz 896x672 60 Hz Appendices 137 Vide Standard Standard Standard Widescreen Widescreen Widescreen Standard Widescreen 1024 x 1280 x 1600 x 1940 x 800 1680
48. access to target sessions or target control For more information see Targets on page 105 Sensors The Sensors tab is only visible on a Avocent Universal Management Gateway 4000 or 6000 appliance From this tab you can view read only information regarding temperature humidity dry contact smoke motion leak and other supported environmental data For more information see Sensors and Events on page 117 Events The Events tab contains the event and alert logs for the appliance The data shown on this tab is read only except for the ability to clear event and alert entries For more information see Sensors and Events on page 117 Administration The Administration tab contains all the necessary configuration and control settings to administer and operate the appliance and its targets The only configuration parameters not accessible from this tab are relevant to the Trellis Real Time Infrastructure Optimization Platform s data collection and monitoring capability That behavior is fully controlled within the Trellis platform See the following section for more information Administration When logging in as an Administrator you will have access to the Administration tab From this tab you can configure and manage the appliance and its associated targets NOTE The actions in this section can be performed by first clicking the Administration tab Administration Tab Overview gets Events Appliance Settings Administrat
49. agement then click the Firmware Repository tab The page displays all the firmware stored in either the local or remote repository 62 5 Avocent Universal Management Gateway Appliance Installer User Guide Click Add to add new firmware to the repository Use the drop down menu to store the firmware locally on the appliance or remotely via the network share Use the drop down menu to select the firmware profile and enter a firmware version or comment as desired Click Upload then browse to where the firmware is stored and click Open to upload it To delete SP firmware from the repository 2 From the sidebar of the Administration tab click Targets SP Management then click the Firmware Repository tab The page displays all the firmware stored in either the local or remote repository Check the box next to the firmware you want to delete and click Delete To view or upgrade firmware for supported SPs From the sidebar of the Administration tab click Targets SP Management then click the Firmware Upgrade tab A list of connected SPs appear with the SP s name IP address type current firmware version supported firmware version upgrade status and last result You can sort SPs by profile by using the Profile drop down menu and then clicking Apply You can refresh the page by clicking Refresh To upgrade an SP s firmware check the box next to the SP and click Upgrade On the Upgrade screen check the box if yo
50. ame and use the drop down menu to define the user group role User Power User or Admin or Click the name of a group to modify The Modify Group screen appears Use the drop down menu to change the user group role 3 Define the pre emption level 4 Check the box to enable the session time out and enter the number of minutes for the time out in the field 5 To add users to the group move users from the Available Users box on the left to the box on the right by selecting the name and clicking the Add button You can remove any users from the group by selecting them from the box on the left and clicking the Remove button 6 Click Add Appliance Administrator group Members of the Appliance Administrator group have full administrative privileges that cannot be changed the same access and configuration authorizations as the default admin user 46 Avocent Universal Management Gateway Appliance Installer User Guide Administrators can configure ports add users and manage power devices connected to the appliance NOTE The only configuration allowed for the Appliance Administrator group is adding or deleting members To view admin Appliance Access Rights 1 From the sidebar click Users Groups The Group screen is displayed showing the three default user groups along with any groups that have been created 2 Clickon Appliance Admin under the Group Name heading The content area will display the Members screen listi
51. and the appliance can scan IP ranges to discover them When a portis in serial mode the amber LED will be illuminated The appliance will assign the console port class by default and auto detect whether to apply the Avocent or Cisco soft pinout The speed flow control parity and data size are all predefined for connectivity to standard RS 232 server consoles but can be modified on a per port basis In addition to console mode a supported Avocent PDU can be connected to and managed from the appliance Web user interface Ul Users and administrators can perform most tasks through the web UI accessed with HTTPS The web UI runs in Microsoft Internet Explorer amp and Mozilla Firefox amp browsers on any supported computer that has network access to the appliance An administrator can use the web UI to create user accounts authorize groups and configure security and ports Authorized users can access connected devices through the web UI to troubleshoot maintain cycle power or to reboot connected devices and change their password For more information on the web UI see Chapter 3 VGA and USB connections Standard VGA and USB connections can be used to attach an LCD tray These ports are located on the front of the appliance The VGA console port can be used for launching sessions to targets or for performing NetBoot firmware recoveries The USB ports are used for connecting USB keyboard mouse smart card reader CD DVD or mass storage
52. appliance import a list of service processors you must create a file containing the SPs Each line of the file must be the following format IP Port Username Password Profile Repeat this format for each SP to be added to the list See SP File Format on page 125 for the syntax descriptions Colons must be used to separate the parameters If a colon is used in either the username or password you must put the entire username or password in quotes The following is an example of a valid SP file this is an example of a valid SP file 192 168 200 154 0 root calvin drac5 192 168 10 130 0 admin pass word ilo2 SP File Format Parameter Description Used to create a comment if desired If you add a comment you must type as the first character on the line with the comment The IP address of the SP target Dynamic Properties Descriptions Port Description Is the SSH port open and listening for connections Is the Telnet port open and listening for connections 80 Is there a web interface to this SP HTTP Is there a secure web interface to this SP HTTPS SSL Supported SPs SP Type SP Type SP Type kms i TT me 126 Avocent Universal Management Gateway Appliance Installer User Guide Appendix F Troubleshooting SPs If you cannot discover or manually add an SP try the following e Verify the SP is enabled in the BIOS ofthe server Some SP settings are stored in the main BIOS F2 or
53. are from the web UI can take from 90 minutes to two hours During this time the appliance will appear to be offline If the session times out during the upgrade the upgrade will be canceled For this reason it is recommended you first disable the session time out before upgrading the firmware To disable the session time out 1 From the sidebar click Users 2 Click on the user performing the upgrade 3 Uncheckthe Session Times Out box 4 Click Apply To upgrade firmware 1 From the sidebar click Firmware then click Upgrade 2 Browsetothe tmp directory where you saved the downloaded firmware Click OK in the confirmation box 3 A progress bar shows the status of the upgrade The appliance will reboot as it processes the update When booting the appliance in the future both the old and new firmware will appear on the startup screen The appliance will boot from the image defined on the startup page of the web UI Backing up firmware An administrator can create a backup image of the appliance s firmware and configuration During image creation no changes should be made to the configuration Upon completion the appliance will reboot The backup image will reside inside the appliance but must be downloaded before it can be used See Booting from the Network on page 124 for Netboot restoration steps To back up the appliance firmware 1 Under Image Management enter an Image name 2 Click Create Backup Image and
54. assigned to either ethO or eth1 For best results when placing an appliance in Failover mode or creating a Bridge group the operator should perform the configuration changes via the VGA console or the serial Setup port to avoid losing communication access to the appliance All firewall rules that reference interfaces replaced during the network configuration change should be edited to ensure proper network communication when operating the appliance in the new mode i e ethO eth1 must be replaced with bondO where applicable NOTE The default IP addresses for the appliance are GB1 eth0 DHCP GB2 eth1 192 168 1 10 Normal In Normal mode the public interfaces and the public target ports are separated by a firewall GB 1 and GB2 function independent of each other and can assume individual IP addresses Only a single gateway can be defined for the appliance but static routes are helpful for enabling the appliance to communicate with various subnets from either interface For example An appliance with GB1 connected to a 192 168 200 x 24 network with a gateway of 192 168 200 1 GB2 is connected to a 10 1 0 x 24 network with a gateway of 10 1 0 1 If the default gateway for the appliance is set to GB 1 ethO then the appliance will not be able to communicate 34 Avocent Universal Management Gateway Appliance Installer User Guide with other 10 x x x networks via the gateway assigned to GB2 A static route can be added to the applian
55. atus will depend on the existence of a CAS session Off Interval when the a CAS session is closed the DTR will stay down during this 64 Avocent Universal Management Gateway Appliance Installer User Guide Parameter Description interval Default Normal DTR Off Interval by Mode Interval in milliseconds Default 100 Enables the suppression of the LF character after the CR character Line Feed Suppression rez Default Disabled Null After CR Enables the suppression of the NULL character after the CR character Suppression Default Disabled GE The interval the port waits to send data to a remote client in milliseconds Transmission Interval Default 20 Sequence used to send a break signal to the serial port Not available for Raw Break Sequence E Default break Interval for the break signal in milliseconds Not available for Raw Break Interval Default 500 Enables the notification to multi session users when new user logs in or a user logs Log In Out Multi Session Notification out Not available for Raw Default Disabled When the input data matches one input string configured in Auto Answer the output Enable Auto Answer string will be transmitted to the serial port Default Disabled The target name will be discovered based on the console or login prompt and will be Enable Auto Discovery associated with this serial port Default Disabled Enable Auto Speed The speed of the se
56. ault settings are Speed 9600 Parity None Data 8 Stop bits 1 Flow Control None 4 Click Apply Network Settings From the sidebar click Targets Port Configuration Network Settings to view or change the default network virtual interface communication settings To configure virtual interface network mode settings 1 Click Targets Port Configuration Network Settings 2 Usethe drop down menu to enable or disable the network interface 3 Enterthe IP address broadcast address and MTU in the appropriate fields 4 Click Apply NOTE IP addresses CIDR format will utilize a standard decimal notation address 192 168 0 1 with the subnet mask represented by the number of network bits in the mask 255 0 0 0 2 8 255 255 0 0 2 16 255 255 255 0 24 To create a custom interface 1 Click Targets Port Configuration Network Settings Under the Custom Interfaces heading enter the name for the private interface Enter the broadcast address Click Aad me e dui Administration 53 NOTE If DHCP is desired the IP address of the virtual interface should correspond to a dynamic range on the DHCP settings page Newly created interfaces will not issue DHCP addresses until the DHCP service is restarted To edit or delete a virtual interface 1 Click Targets Port Configuration Network Settings 2 Underthe Modify a Virtual Interface heading check the box next to the private interface you want
57. bled data logging 3 Click the Logs tab then click Download Logs or The log files can be accessed or downloaded from the appliance shell in the directory log DB Serial PDU ports Autosensing ports can discover attached serial PDUS or if autosensing is disabled be configured for serial PDU mode See Port configuration on page 50 to configure a port To configure a serial PDU port 1 Click Targets Serial Management 2 Underthe Serial PDU Ports tab click the checkbox for each port you want to configure 3 Clickthe Edit button a Use the drop down list to select the PDU type b Checkthe box to enable speed auto detection c Configure the polling rate d Enter the power cycle interval e Use the drop down menus to enable or disable Syslog Buzzer and SW Overcurrent Protection 4 Click Apply Serial rack PDU When connecting an appliance s autosensing port to a Cyclades PM10 20 or Avocent PM PDU a straight CAT5 CATE6 cable should be connected to the In Console port of the PM PDU 66 Avocent amp Universal Management Gateway Appliance Installer User Guide CAS profile From the CAS profile page you can configure the serial console features including the host name auto discovery auto speed and auto time out To configure the CAS profile 1 From the sidebar click Targets Serial Management 2 Clickthe CAS Profile tab 3 Under the Settings heading enter the auto discovery timeout and probe timeout i
58. box next to the delta you want to delete then click Delete Monitoring The appliance will monitor and generate notifications for a variety of events You can configure the appliance to store or send the notifications to various destinations for immediate use or for analysis later All events are automatically added to the event summary tab and cannot be turned off When configured appliance sensor data can trigger syslog or email alerts for any event Digital Output DO relays are for events on the back of the appliance only They can toggle a relay to enable a fan or alarm Email You can configure the appliance to send alerts to an email address To configure email alerts 1 From the sidebar go to Appliance Settings Email Settings and enter the SMTP server IP address port number sender username and password for the email server NOTE It is recommended you create an email account for the appliance This will be the account from which the notification emails will be sent 2 Click Apply 3 Fromthe sidebar go to Network Settings to ensure the host name of the appliance is the fully qualified domain name Emails sent from the appliance will have a sender address of notification appliance FQDN gt 4 Fromthe sidebar go to Monitoring Under the Notification Rules heading check the boxes for the events for which you want to receive email alerts 5 Fromthe sidebar go to Monitoring Notification Destinations
59. ce indicating that 10 1 0 1 should be used to communicate with all 10 x x x subnets Failover In Failover mode the GB1 and GB2 interfaces are both activated and each has a unique MAC address but they share a common bond0 virtual interface Only a single MAC exists for the shared 0 interface and only a single IP can be assigned to bondO When data needs to be sent from the appliance only GB 1 will send it using the bondO MAC IP When traffic is sent to the bondO only GB1 will receive it since only GB1 is responding to ARP requests using the bondO MAC If GB1 is disconnected then GB2 assumes control of the bond0 for all data exchange To configure a network device 1 From the sidebar click Network Settings 2 Enterthe hostname the hostname will be used for e mail notifications as the sender address Use the drop down list to select Normal or Failover for the mode Enter the primary and secondary DNS addresses in the appropriate fields Enter the domain name Use the drop down lists to select the IPv4 and IPv6 default gateways B5 o9 Click the name of the interface to modify it a Underthe IPv4 heading enter the MTU address netmask broadcast and gateway in the appropriate fields Use the drop down list to select either DHCP or static for method b Under the IPv6 heading enter the address netmask and gateway in the appropriate fields Use the drop down list to select either DHCP or sta
60. click OK NOTE The appliance can only store one image at a time To delete an image Check the box next to the image you want to delete and click Delete Image 82 Avocent Universal Management Gateway Appliance Installer User Guide USB Devices From the sidebar click USB Devicesto view the name type information and status of any connected USB devices You can also enable or disable all USB ports on the appliance as well as eject any devices so that they can be shut down properly To mount a USB Mass Storage device 1 Click USB Devices 2 Check the box next to the device and click Start When the status of the device has changed to Do not remove the device will be mounted on media usbhd port1 4 directory To unmount a USB Mass Storage device 1 Click USB Devices 2 Check the box next to the device and click Stop When the status of the device has changed to Safe to remove it is safe to remove the device Sensors Sensor ports are located on the back of the appliance and are used to collect data from supported sensors Sensors are not automatically detected and must be manually added and enabled To view the status on the sensors click Sensors NOTE Some appliance models do not include sensor ports Sensor Ports INN O as BB BB BB Sensor Ports Number Name Type SNSR COM2 485 Temperature Humidity and Water Administration 83 Number Name Type 002 Digital
61. ction Each BGP appliance maintains a separate TCP session with other BGP appliances to which it is connected An Autonomous System AS is a group of IT networks run by one or more network operators with a single clearly defined routing policy When exchanging routing information each AS is identified by a unique number The 16 bit number range is from 0 to 65535 From 64512 to 65535 is reserved for private use Exterior routing protocols such as BGP are used to exchange routing information between Autonomous Systems An AS will normally use some interior gateway protocol to exchange routing information on its internal networks The network value is in CIDR format of an IP address netmask for example 10 12 1 0 24 The configured network will be announced to all its neighbors To configure BGP 1 Fromthe sidebar click Network Settings BGP 2 Check the box to enable BGP NOTE When BGP is enabled or disabled an alert will be sent to the alert manager 3 Enterthe AS number and appliance ID then click Apply The appliance ID should be an IP address but it can be any arbitrary 32 bit number 4 To add a network enter the address for the network then click Add 5 Toeditan existing network check the box next to the network under the Modify a BGP network heading When finished click Apply 6 Todelete a network check the box next to the network then click Delete 7 To add a neighbor peer enter its IP address and remote AS numbe
62. ctions KK KK KK k 3 DOM RE ERN r 3 IPv4 and IPv6 support 4 e gt gt gt gt gt AA APAAO r mB Pn 4 Data logging notifications alarms and data buffering 4 Power management 222 2 200 22 4 5 LE 4 Control of virtual media and smart card capable appliances 5 Flexible users and groups KK KK KK KK eee e KK KK KK KK KK KK KK KK KK KK KK KK KK KK KK 5 DSView management software plug in saa saa SES SK SK SK KK KK nee 5 lnstalation REEL 7 Supplied with the Appliance 7 Rack and Wall Mounting 7 Rack Mmounting RARE RR UU x 7 Rack mount safety considerations _ 4 8 Wall mounting HHHH esses essel oE EDE eaaa naaran 8 Cabling installation maintenance and safety tips 9 Connecting the Hardware _ 4 11 Appliance connectors 11 Connecting targets My y DBBDBBDBBDBBDBBBBBDBBBBDBBBBBBBDBDBDBDBDBDBDHNBDBHDNHNMBBMDMIMM W 12 Turning On the Appliance
63. d by a Nationally Recognized Testing Laboratory NRTL Connecting the Hardware Appliance connectors The following figure shows the connectors on the front of the appliance Front of the Appliance Connectors on the Appliance Front Number Description The following figure shows the rear connectors on the appliance 12 Avocent Universal Management Gateway Appliance Installer User Guide Rear of the Appliance HENEEEEEREREREEEERERERREREEERREEEREREEREEREREERERERERERERERREREEREREREREE n Connectors on the Appliance Rear Number Description Power supplies Power Indication LED GB2 eth1 10 100M 1G Ethernet port Can be connected to a second network or used for failover a ewm Di Autosensing ports On the Avocent Universal Management Gateway 4000 and 6000 appliances 5 all ports are autosensing On the Avocent Universal Management Gateway 2000 appliance the eight ports on the left are autosensing and the other 32 are dedicated Connecting targets Service processor Use a UTP cable to connect a service processor to either an autosensing or a dedicated port on the appliance See Port configuration on page 50 for more information on how to set up service processors Serial Use a UTP cable and a DB 9 or DB 25 console adaptor as needed to connect a serial target to an autosensing port on the appliance The appliance supports both the Avocent and Cisco serial port pinout con
64. d kr te tr fe A tots SAAS ten Bs gg Ie 29 29 XM N T A 29 Targets AE 30 K A EA RIEA ELE POPE 30 Events cora SETA A cA RAE RAM 30 Administration HHHH 30 Administration 3 rA DIRMI RM Eb Kn de bbe I KA da RON A al We VER LIMEN 31 Appliance Settings KK KK KK KH 31 Shine Dr EM ERE EE 32 all Mc 32 Email Settings NNN 32 Defaults HM 32 Network Settings 33 Network modes 2 33 Bridge Group Configuration 34 a a 36 Uc cc 36 OSPEand BGB ps AA 37 Network Share bti s oki aede cre to RE 39 UT MM EET 39 User role group HHHHHHHHHHHHHHH HHHH HH HHHH EI RHHHHHH 39 Users group MD a HH HRH HHHH HHHH HH HHHH 40 Password Policy i tovt ERE EDU e bd KE ue dr tg Lb o rud 40 PreemptiontiEevels tute mates Loa ctos ve 40 41 Authentication bye A en bir Dan eS bli 42 User Target Access 2 oui plo E ne Ie sa dos e WA h EKE aed WAM lind 44 User nv t ase Lo ve eiue dee d 44 Groups x clc ed ute bet A o d cue a UN AL 44 gt gt erereeANXEeEe elle TET 50 B i eec REEL DD a N e NN 50 Port configuratlo
65. ded to access the appliance web UI set to DROP to disable the web Accept Needed for Trellis platform software management and monitoring support set to DROP if not using Trellis platform software Poem m DN dC DN naza pe arana NIE NE s UMG Accept 26 Avocent Universal Management Gateway Appliance Installer User Guide Order Service Action Use case recommendation EE Service 8 NEBII Ul srv UMG Needed only by the local host for the VGA console Don t change this DROP Service 8 default for any reason srv UMG Needed only by the local host for the VGA console Don t change this DROP Service 9 default for any reason srv UMG Needed for direct serial port access using Telnet set to DROP in not 1 Accept Service 10 using Telnet srv UMG Services Accept Set to DROP 8 UMG DROP Don t change this default for any reason Service 12 39 sre Me DROP Don change this default for any reason Service 13 40 srv Velocity Only needed if monitoring BACnet over IP devices for the Trellis BACNet P platform set to DROP if not using the Trellis platform Only needed if monitoring Modbus over IP devices for the Trellis platform set to DROP if not using the Trellis platform Needed to support DNS resolution set to DROP to block DNS support srv KVM Needed to support KVM sessions to UMIQ modules set to DROP to 48 Accept session disable KVM support srv KVM Needed to supp
66. devices VGA Console Hotkeys Key Combination Operation Alt Tab Toggle to next view in a cyclic list Alt F1 View web Ul Alt F2 View User Shell Alt Esc Close current view and session NOTE Press ALT F1 during the appliance boot progress screen to display verbose output CLI setup port The serial setup port provides access to the CLI and Shell The appliance does not support root access to the Bash Shell The CLI is intended for managing and configuring the appliance 4 Avocent Universal Management Gateway Appliance Installer User Guide IPv4 and IPv6 support The appliance supports dual stack IPv4 and IPv6 protocols The administrator can use the web UI or CLI to configure support for IPv4 and or IPv6 addresses The following list describes the IPv4 and IPv6 support provided in the appliance DHCP e DSView software integration e Ethernet interfaces GB1 ethO and GB2 GB2 eth1 firewall IP tables HTTPS e Linux kernel Remote authentication AD and LDAP servers e SSHand Telnet access e Syslog server NOTE Remote authentication NFS NIS and IPSec are not supported with IPv6 Security The Security settings allow administrators to determine which network services are enabled on the appliance Data logging notifications alarms and data buffering An administrator can set up data logging notifications and alarms to alert administrators of problems with email and syslog messages An ad
67. ding upon the routing within the environment and the appliance it may be important to perform the NAT setup as traffic arrives pre routing or as the traffic exits post routing NAT Setup Definitions Parameter Definition Direction Direction of traffic flowing into out of the interface performing NAT From top to bottom traffic is compared to the entries of the NAT policy looking for a orden pattern match This is the interface where traffic will be inspected for traffic pattern matching and interface also the interface where the NAT will be performed Source The source host network listed here is inspected for traffic pattern matching Destination The destination host network listed here is inspected for traffic pattern matching Service The service listed here is inspected for traffic pattern matching The host interface address to replace the source value shown in the traffic that matches this NAT policy pattern If the destination address is not intended to be translated then type any in this field Translated source The host interface address to replace the destination value shown in the traffic that matches this NAT policy pattern If the destination address is not intended to be translated then type any in this field Translated destination The destination service TCP UDP port to replace the value shown in the traffic that matches this NAT policy pattern If the destination port is not intended to be trans
68. drop down menu e Select the EDID Video Resolution from the drop down menu f Check the box if you want to enable Video Noise Control 6 For Session Preemption a Check the box if you want to allow preemption b Inthe Preemption Timeout field enter the amount of time from 1 to 120 seconds that a prompt will be displayed to inform you that your session is going to be preempted c Check the box if you want to enable PPP 78 Avocent Universal Management Gateway Appliance Installer User Guide 7 For Virtual Media a Checkthe box es to enable virtual media lock to KVM session or allow reserved sessions b From the drop down menu select the Virtual Media Access Mode 8 Select the checkbox to enable Smart Card access 9 Click Apply EDIDs The appliance can store monitor EDIDs extended display identification data on connected UMIQ modules When a UMIQ module is connected to a target server the server will read the EDID from the UMIQ module and display video according to the resolutions defined within the EDID You can modify the EDID stored in the UMIQ module by selecting one of the pre defined EDIDs or you can create a custom EDID based upon alist or imported from an EDID file The UMIQ module EDID options are e Standard Standard 1024 x 768 Standard 1280 x 1024 e Standard 1600 x 1200 e Widescreen e Widescreen 1280 x 800 e Widescreen 1680 x 1050 e Custom Custom EDIDs The custom option allows the ap
69. e Installer User Guide Installation Before installing your Avocent Universal Management Gateway appliance refer to the following list to ensure you have all items that shipped with it as well as other items necessary for proper installation Supplied with the Appliance e Appliance Quick Installation Guide QIG e Avocent Universal Management Gateway Appliance Mounting Bracket Quick Installation Guide QIG Power Cords e RJ 45 to DB 9F cross adaptor e Mounting brackets and screws e Safety and Regulatory Statements Guide Rack and Wall Mounting You can mount the appliance in a rack or cabinet or using the optional wall mounting kit you can mount it on a wall Rack mounting To rack mount the appliance 1 Remove the four black screws from each side of the Avocent Universal Management Gateway appliance Position each bracket so it is not covering the side vents of the appliance Secure the mounting brackets to the appliance using the eight chrome screws supplied with the appliance 2 Loosely attach the two slide rail brackets to the front of the rack using the appropriate screws for your rack 3 From the rear of the rack slide the appliance into the same U position where the slide rails are mounted Ensure that both slide rails are securely inserted into the appliance bracket Tighten the rack screws for both the appliance bracket and the slide rails 8 Avocent Universal Management Gateway Appliance In
70. e appliance in the same way as sessions to all other SPs Discovery log The discovery log displays the results of SP add and SP discovery processes on the appliance The log chronologically displays the status of the add discovery steps and will automatically update as status changes occur To view the discovery log from the Administration tab click Targets Discovery then click the Log tab Discovery Log Definitions Type Description Filter Options Method Defines whether the SP was discovered manually added or imported Credential Defines whether default credentials were used or manually supplied Defines whether the SP is being discovered was successfully discovered or an error occurred during the discovery process Comment Definitions Target Added The SP was successfully added Sores No SP is found Not An SP has been found but the appliance is unable to communicate with it This is likely due communicating to IPMI being disabled on the SP See Discovery on page 54 dk ala The SP is not supported or valid credentials were not found from the Default Users list For a single page of the Discovery Log an administrator can filter the results using the Method Credential and Status drop down menus The columns can be sorted in ascending descending order by clicking on the column header The refresh button will reset to default the filter and sort options To filter the discovery log 1 From the sidebar click
71. e field then click the Right Arrow to move it to the Include field 92 Avocent Universal Management Gateway Appliance Installer User Guide 3 Clickthe Left Arrow to move the interface back to the Available field if desired 4 Repeatas desired for each interface under either the Outside or Inside headings 5 Click Apply To create IP aliases for 1 to 1 NAT 1 Fromthe appliance s Linux shell type cd then type usr bin fwnatdirectory 2 Thefwnat alias sh script can be used to create IP aliases on the ethO eth 1 bondO bridge group interfaces NOTE Created IP aliases will appear on the Interfaces tab within the firewall Syntax for the script is fwnat alias h c lt add del mod gt i lt eth0 eth1 gt n lt ifname gt a lt cidr formated IP b broadcast address gt m lt cidr formated IP gt lt broadcast address gt For example fwnat alias sh c add i ethO n dracb a 192 168 200 195 24 b 192 168 200 255 Script Syntax Commands Descriptions Command Description Displays the command syntax Command to add delete or modify an IP alias interface H Alias for ethO eth1 bondO bridge group b meses Defined networks A network definition denotes a range of IPs through the CIDR formatted IP address The subnet address ID is the appropriate value for the IP address field combined with the subnet mask in prefix notation Defining a network and associating it with an interface
72. e insufficient licenses to discover or add targets you will receive a low license warning Targets in excess of the available licenses will be ignored Port configuration An autosense port can operate in either serial or network mode Ports configured for network mode will be assigned to a virtual interface that provides the IP communication with connected devices Administration 51 The appliance contains three preconfigured virtual interfaces named priv kvm and spm They have unique names and IP addresses but all share a common MAC address By default only the priv virtual interface is enabled and all ports in network mode are assigned to it There is a single active DHCP range associated with the IP assigned to priv An administrator can create additional virtual interfaces to further separate or group IP devices by various types For example Dell SPs could be grouped within a single subnet behind a virtual interface named Dell and IBM SPs could be grouped within a different subnet behind a virtual interface named IBM Devices that are physically connected to the appliance are secured and prevented from intercommunication with other devices regardless of their virtual interface assignment This prevents an operator who is authorized to access one device from gaining unauthorized access to the other connected devices The appliance can support up to 64 SP PDU targets per each of its 40 ports Multiple SP PDU targets per port ca
73. e reviewed prior to installing or maintaining your cables e Dress the cables neatly with cable ties using low to moderate pressure Do not overtighten ties e fbending the cable is necessary make it gradual with no bend sharper than a one inch radius Allowing the cable to be sharply bent or kinked can permanently damage the cable s interior e Cross connect cables where necessary using rated punch blocks patch panels and components Do not splice or bridge cable at any point e Keep UTP cable as far away as possible from potential sources of EMI such as electrical cables transformers and light fixtures Do not tie cables to electrical conduits or lay cables on electrical fixtures e Always test every installed segment with a cable tester Toning alone is not an acceptable test e Always install jacks so as to prevent dust and other contaminants from settling on the contacts The contacts of the jack should face up on the flush mounted plates or left right down on surface mount boxes e Always leave extra slack on the cables neatly coiled in the ceiling or nearest concealed location Leave at least five feet at the work outlet side and 10 feet at the patch panel side e Choose either 568A or 568B wiring standard before beginning Wire all jacks and patch panels for the same wiring scheme Don t mix 568A and 568B wiring in the same installation e This product is not intended to be connected directly or indirectly by any means whatsoe
74. e serial number Technical support will supply a key that will reset the appliance to the factory default with default accounts 124 Avocent Universal Management Gateway Appliance Installer User Guide Appendix D Booting from the Network If you re experiencing issues with your appliance you can perform a Netboot Recovery and load new factory default appliance firmware or restore a previously saved backup image file to the appliance The Netboot Recovery file can be obtained from Avocent Technical Support and it must be placed onto an FTP server in order for the Netboot Recovery process to function A backup image file can also be supplied as the Netboot Recovery file on the FTP server To perform a Netboot Recovery 1 Turn on or reboot the appliance 2 Select Netboot Recovery 3 Enter udhcpc to request a DHCP address for the appliance via GB1 ethO or If a static IP needs to be assigned to either GB 1 ethO or GB2 eth1 enter the following command gt ifconfig eth x IP address gt route add default gw gateway ip eth lt x gt 4 Afterthe appliance has been assigned an IP and optional gateway the firmware can be downloaded by entering the following command gt nboot ftp lt username gt lt password gt lt ftp server gt lt path filename gt Appendices 125 Appendix E Creating an SP File In order to have the
75. el of the appliance supports KVM connections click Targets KVM Management to view KVM connections The following fields are displayed in the Active Sessions window e Session Mode Displays the type of session Options are normal and exclusive Normal is an interactive session that may be shared with other users Exclusive is a private session that does not allow sharing by other users e Type Session type which may be KVM virtual media or serial name ofthe target User User who initiated the session which may be a user a local port user or a user with local user account e Duration Current length of the console session e Client IP address of the client computer connected to the session e EID Displays the unique electronic ID embedded in the module To view or terminate active sessions 1 Click Active Sessions 2 Select the box es next to the session s you wish to terminate Click Terminate Default settings KVM default settings are global settings that will apply to new UMIQ modules These settings have no effect on existing UMIQ modules However you can apply the default settings to existing UMIQ modules by performing a factory reset Administration 75 General Under the General heading you have the option to delete offline modules or automatically upgrade modules By default both settings are disabled For more information see Upgrading UMIQ modules on page 73 Sharing
76. endix J Firewall and NAT Configuration Scenarios 132 Appendix SNMP Configuration ern 135 Appendix L Video Resolution 136 The Avocent Universal Management Gateway appliance serves as a single point for secure local and remote access and administration of target devices The Avocent Universal Management Gateway appliance supports secure remote data center management and out of band management of IT assets from any location worldwide It provides keyboard video and mouse KVM capabilities and can also remotely perform server management tasks including power control and console access on managed target devices Multiple administrators can be logged into the appliance at the same time and can use the web user interface UI the command line interface CLI or DSView 4 management software to access and configure the appliance NOTE All instances of DSView software in this document refer to DSView software version 4 or higher The Avocent Universal Management Gateway appliance combines KVM over IP Service Processor Management SPM and access and serial console management access It gives you flexible target device management control and secure remote access from anywhere at anytime Features and Benefits Secure access You can securely access the appliance through the following local analog console port and re
77. ensive access to attached devices Consider the following security parameters and default values and how they align with your organizational security policies The Avocent Universal Management Gateway appliance ships with the following default settings e DHCP SSH v2 and HTTPS are enabled e Allautosensing ports are enabled e Ethernet and CLI Setup ports are enabled following are default user accounts within the appliance Default User Accounts Username Role Password admin admin aamin operator power user operator user user user e Shell access is permitted for admin roles only NOTE Avocent strongly recommends you change the default passwords after initial setup and create individual user accounts For information on changing passwords see Adding a user on page 41 Connecting to Your Network Connect a UTP cable from the primary network port to your network For redundancy connect both network ports and configure the fail over network mode For more information see Defined networks on page 92 Assigning an IP Address An IP address can be obtained via DHCP or a static IP address can be assigned Connecting Locally or Through the Console Port You can configure and manage the appliance via the network from a supported web browser via the VGA console from an LCD tray or KVM switch or via the CLI Setup port using a serial cable and terminal emulation software Use the provided RJ 45 to DB9F adapter to
78. epresent any IP regardless of the device NOTE Creation of hosts is useful for individual IP differentiation but not required for all types of NAT and firewall rules Hosts Tab Administration gt Firewall and NAT Policy Interfaces Hosts Networks Services Administration 95 Add a User Defined Host AddA Host IPv4 Address 0 0 0 0 Network Interface Name priv UMG Defined Hosts IPv4 Address 192 168 10 101 192 168 10 100 192 168 10 103 192 168 10 102 192 168 10 104 192 168 10 105 Host Name OSPF1 OSPF2 OSPF3 OSPF4 OSPF5 APM5000 DCP Network Interface Name priv priv priv priv priv priv User Defined Hosts Delete Apply Cancel L Host Name IPv4 Address Network Interface Name Sample Host 192 168 0 10 To add a host 1 Fromthe sidebar select Network Hosts 2 Click Add to add a new host priv 3 Enter a name to represent the host an IPv4 Address and the physical or virtual interface which can communicate with this host Then click Apply The new host definition will appear in the User Defined Hosts table NOTE The network interface must be one listed on the Interfaces tab To delete a host 1 Fromthe sidebar select Firewall and NAT Hosts 2 Click on the name of the host you want to delete then click Delete 96 Avocent Universal Management Gateway Appliance Installer User Guide Services Service de
79. er Java or ActiveX is the preferred viewer You can then open a session by selecting the SP from the Targets tab by clicking the Sessions tab and clicking Virtual KVM Media NOTE Microsoft Internet Explorer is the only browser that supports ActiveX vKVM Preference Modify SP IP 10 207 16 47 Name DellM620 iIDRAC7_10 207 16 47 Profile idrac7 Privilege Administrator User Name root Password Confirm Password KG Hex format 0000000000000000000000000000 SoL Data buffering Virtual KVM Preference Native Java Native ActiveX To remove an SP 1 Fromthe sidebar click Targets SP Management then click the Service Processors tab 2 Inthe SP list select the SP s you want to remove and click Delete Generic service processors The appliance can provide access to a generic IP based management console on any device or to an unsupported SP The device is manually added as an SP using the generic profile NOTE Credentials are not required to add a generic SP The appliance will perform a capability discovery to find a management console listening on TCP port 22 SSH 23 telnet 80 HTTP 443 HTTPS After the generic SP has been added it will appear on the main Targets tab and the available session buttons will be activated to the appropriate capabilities discovered on the device Administration 59 NOTE Sessions to generic SPs will proxy through th
80. es 133 NOTE Use eth0 for outside and priv for inside Setting Up Firewall Interfaces Interfaces Interface Setup Outside i f Public Available Include bondO eth1 T Cancel Inside i f Private Available Include spm priv Apply 4 Click Networksto add a network definition that will encompass the IP of the SP that was added Enter a definition name associated interface name and network address Click Apply when done 134 Avocent Universal Management Gateway Appliance Installer User Guide Adding a Network Definition ene mereces Hosts nemor Add A Network Definition Cancel Apply Name PrivNet Interface Name IP Address CIDR Format 192 168 10 0 24 5 Click Policy to add an outbound NAT Policy by entering the following information Click Apply when done NAT Policy Parameters Column Direction Order Interface Source Destination Service Translated Source Translated Destination Translated Service Rule State Parameter any any 6 From the Policy tab create a firewall policy with the following settings Firewall Policy Parameters Column Parameter Rule State Destination Interface Direction Order Source Connection Status 7 Click Apply when done any any 8 From the SP test sending traps and validate the successful configuration Appendices 135 Appendix K SNMP Configuration An administrator can
81. es a target session is active e NoLEDs illuminated denotes no activity Rear panel autosensing dedicated IP port LEDs The rear panel of the appliance features two LEDs green or amber fboth LEDs are illuminated autosensing is enabled e The green LED illuminates when there is a KVM or SP connection e The amber LED illuminates when there is a serial connection Configuring the Appliance The appliance may be accessed through the CLI or the console or Ethernet ports All terminal commands are accessed through a terminal or PC running terminal emulation software NOTE To configure using DSView software see the DSView 4 Management Software Installer User Guide To configure using the appliance s web UI see Administration on page 31 To configure using Telnet or SSH see the appliance Command Reference Guide To connect a terminal to the appliance 1 Using a null modem cable connect a terminal or a PC that is running terminal emulation software to the console port on the front panel of the appliance An RJ 45 to DB9 female cross adaptor is provided 16 Avocent Universal Management Gateway Appliance Installer User Guide The terminal settings are 9600 bits per second bps 8 bits 1 stop bit no parity and no flow control 2 Turnon the appliance When the appliance completes initialization the terminal will display the login banner plus the login prompt Configuration Example The following graphic and table i
82. esolutions will be faster than higher screen resolutions Decreasing the color depth and the screen scaling will also decrease the amount of KVM session data being transported and will increase session speed Ifthe above optimization options are ineffective at improving session speeds the Video Noise Control setting can be enabled which will increase session speed by ignoring small video changes The only negative to this setting is that it can increase the appearance of video blocks Also take note of the other settings that can be configured for KVM targets globally or individually The following information is an example of what is possible but not guaranteed since every target and every network will be different You will also note that some of the metrics are not entirely analogous i e FPS vs Pkts Sec Also the bandwidth usage does not reflect the quality fluidity of the session the KVM session was much smoother and better than the VKVM Appliance KVM session in a 100mbps LAN environment window resolution 1280x1024 70hz Windows Server e Zero screen movement 0 pkts sec avg 0 7kbps download 0 5kbps upload e Continuous mouse circles movement on screen 35 pkts sec avg 216kbps download 247kbps upload e Rapidly opening and closing full screen windows 35 100 pkts sec 2 9mbps download 257kbps upload KVM window resolution 1024x768 70hz Windows Server e Zero screen movement 0 pkts sec avg 0 9kbps
83. faces Hosts Networks Services Interface Setup Outside i f Public Available Include eth1 Inside Private Available Include spm priv eth eth1 Outside Firewall Interface Information Interface MAC Address IP address 00 0 86 1 17 10 207 0 87 Inside Firewall Interface Information Interface MAC Address IP address priv ec 9e cd 05 00 da 192 168 10 1 24 From the Interfaces tab you designate interfaces as either inside or outside with respect to how they will be used within NAT and firewall rules Interfaces designated as Inside are private and interfaces designated as Outside are public Be sure to designate at least one interface as Outside and one interface as Inside before trying to reference those interfaces within a NAT or firewall rule When network mode changes or interface name changes occur this table must be updated to ensure the proper interface is designated as Inside or Outside Also ensure that IP addresses are correctly resolved in the tables at the bottom of the screen If IP addresses are not correct move them from the included list to the available list and back again to refresh the data within the table To move an interface 1 From the sidebar click Firewall and NAT then click the Interfaces tab 2 Under the Outside i f Public or the Inside i f Private heading click an interface you want to move from the Availabl
84. figuration The port will autosense the pinout To connect serial devices and PDUs Make sure the crossover cable used to connect a device has the same pinout type that is configured in the software for the port either Avocent or Cisco 1 Make sure the devices to be connected are turned off Installation 13 2 UseaUTP crossover cable to connect the devices to the appliance using an adaptor if necessary NOTE To comply with EMC requirements use shielded cables for all port connections WARNING Do not turn on the power on the connected devices until after the appliance is turned on To daisy chain PDUS to the appliance NOTE This procedure assumes you have one PDU connected to a port on the appliance 1 Connectone end of a UTP cable with RJ 45 connectors to the OUT port of the connected PDU 2 Connectthe other end of the cable to the IN port ofthe chained PDU Repeat both steps until you have connected the desired number of PDUs NOTE For performance reasons do not connect more than 128 outlets per serial port See Port configuration on page 50 for more information on how to set up serial targets KVM If your appliance supports KVM connections use a UTP cable and a UMIQ module to connect a KVM target to an autosensing port on the appliance 14 Avocent amp Universal Management Gateway Appliance Installer User Guide UMIQ Module Configuration CPPS PSOE ee O The UMIQ v1 module has a sin
85. finitions represent programs and network traffic by their TCP UDP port number or port range Service definitions are essential for network address translation of ports PAT where a single outside IP and unique ports are used to represent unique inside IP ports For example if two unsupported rack PDUs were connected to private appliance ports had private inside IP addresses assigned to them and each had a web management console then two NAT rules could allow outside administrators to access the rack PDU web management interfaces Each NAT rule would use a unique service definition to represent the TCP port of the rack PDU web management interfaces on the public outside IP of the appliance For example a service definition of 8080 would translate to 80 for the first rack PDU and 8081 would translate to 80 for the second rack PDU The IP protocol supports 65 535 ports and the Internet Assigned Numbers Authority 1 has a registry of common well known TCP and UDP ports that represent various programs and services This registry should be consulted to determine which ports are used by the applications or traffic for which you want to create NAT and firewall rules Some applications do not register all of their ports with IANA and will typically include port usage lists with their product documentation By default the appliance has several well known ports port ranges defined as system services Many of these services are included in the default appl
86. from 0 65 535 5 Click Apply The new service definition will be displayed in the user defined service definition table To modify or delete a user defined service definition 1 Fromthe sidebar click Firewall NAT then click the Services tab 98 Avocent Universal Management Gateway Appliance Installer User Guide 2 Inthe User Defined Services table check the box next to the service you want to modify or delete 3 Make your changes and click Apply Or Click Delete to delete the service definition Policy An administrator can control the flow of IP traffic in out and through the appliance with a NAT and or firewall policy An administrator can create policies that will allow an external host or server to communicate directly with IP devices hosts that are securely connected to the private ports of the appliance NAT or forward policy will allow traffic to bypass the normal authentication and permission securities built into the appliance It is recommended that such a security bypass only be implemented for select few situations For example an SP management tool HP SIM residing on the production network could be allowed to directly communicate with SPs iLO connected to the private ports of the appliance for the purpose of monitoring configuration and firmware updates But user sessions would not be permitted to bypass the appliance s securities and SP interaction would be governed by appliance based permissions
87. g to Enable STP STP Spanning Tree Protocol is a network switch methodology for eliminating switching loops caused by redundant network connections STP requires network switches to send out a BPDU bridging protocol data unit which is essentially an ID that identifies the sending switch All switches receive these BPDUS across all connections to that switch and compare it to their own BPDU If the same BPDU comes in on more than one connection the switch determines one of those connections to be redundant and it will disable that link This can happen if you connect two appliance ports to a network switch and place both of the appliance ports into a single bridge group Most enterprise network switches have a feature called BPDU guard which is intended to be enabled on ports that are not supposed to be connected to other network switches Cisco Nexus switches enable this feature by default on all interfaces If you connect an appliance to a switch with the BPDU guard active then you must disable STP if you plan to create a bridge group on that appliance If you don t disable STP the network switch will disable its connection to the appliance when a bridge group is created It will do this because the appliance will send out its own BPDU when the STP option is enabled Hardware The appliance has a boot menu option to help you troubleshoot hardware issues Choosing to boot the appliance to its hardware diagnostics mode can quickly help you ide
88. gle RJ 45 port to connect to the appliance The UMIQ v2 module has two RJ 45 ports You can connect either one to the appliance and the other to a dedicated service processor port on the server The cable length can be up to 100 meters long See KVM management on page 69 for more information about KVM targets Turning On the Appliance The appliance is supplied with dual power supplies To turn on the appliance 1 Plugthe power cables into the appliance and into a power source 2 Turnon the connected devices Verifying the Connections Front and rear panel power status LEDs The front panel of appliance has a dual color general status LED that may illuminate Installation 15 The LED illuminates green when the appliance is turned on and operating normally e The LED blinks green when the appliance is booting e The LED illuminates amber if a fault condition occurs such as power supply failure elevated ambient temperature or fan failure The LED will continue to illuminate amber as long as the failure persists The LED blinks amber when the appliance is shutting down Once the LED is off it is safe to unplug the power cords Rear panel Ethernet connection LEDs On the appliance the rear panel features two LEDs where the green LED indicates Ethernet connection status The solid green LED denotes an Ethernet link has been established The blinking green LED denotes Ethernet activity The solid amber LED denot
89. grade the appliance performs a soft reset which terminates all UMIQ module sessions A target device experiencing an UMIQ module firmware update may not display or may display as disconnected The target device will appear normally when the Flash update is completed UMIQ modules are automatically updated when the appliance is updated To update your appliance firmware see Firmware on page 80 If issues occur during the normal upgrade process UMIQ modules may also be force upgraded when needed NOTE Check www avocent com for firmware upgrade files To upgrade the UMIQ module firmware 1 From the sidebar click Targets KVM Management to open the module screen 2 Selectthe checkbox next to the UMIQ module you wish to upgrade and click Upgrade CAUTION Disconnecting an UMIQ module during a firmware update or cycling power to the target device will render the module inoperable and require the IQ module to be returned to the factory for repair 74 Avocent Universal Management Gateway Appliance Installer User Guide Factory reset After the module has been configured you can return it to the factory default settings To factory reset UMIQ modules 1 From the sidebar click Targets KVM Management to open the Appliance UMIQ screen 2 Selectthe checkbox next to the UMIQ module you wish to delete and click Factory Reset NOTE Performing a factory reset will remove all custom settings Active sessions If your mod
90. hat specify settings or perform operations The contents of the sidebar varies depending on the tab and top navigation bar selections and the window that is displayed Web User Interface 29 Example Sidebar Targets Sensors Events Administration Display Type Y Y Appliance v 3 UMIQ Bl 0 AstaroFirewall Bl 1 DL320_VGA DHCP E 0520 Laptop Bi Dei 1850 vcA Bleu 1950 vGA 2950 VGA Bl MPU4032_VGA v Serial Console Bl 15 7b do p 15 Bl 15 75 45 23 Bl 15 75 db p 25 15 7b db p 26 Bl 15 75 45 27 15 7b do p 30 15 7b db p 35 15 7b db p 36 Bl 15 7b do p 38 15 7b db p 39 15 70 db p 9 Admin role By default Admins have access to all the tabs of the web Ul Admins can access the Targets Sensors Events and Administration tabs of the Ul By default the login and password for Admins is admin Operator role Operators can access the Targets Sensors and Events tabs of the UI By default the login and password for Operators is operator User role Users can access the Targets and Sensor tabs of the Ul By default the login and password for Users is user Tabs The tabs are the major navigation areas of the web UI Only certain actions can be performed in certain tabs 30 Avocent Universal Management Gateway Appliance Installer User Guide Targets The information shown in the Targets tab is primarily read only and is intended to facilitate user
91. he box next to the appliance you want to delete then click Delete Selected RFID tag RFID tags are used to identify devices within the rack The asset tracking appliance will recognize when any tagged device is added or removed from the rack Attach an RFID tag to each server or device consistent location The tag should be placed on the side of the device facing the reader in the middle of the highest RU zone When the RFID readers are turned on they have an LED that marks the middle of the RU The tags should be kept between five and 15 millimeters from the surface of the reader KVM management The Avocent Universal Management Gateway Appliance combines analog and digital technology to provide flexible centralized control of data center servers and virtual media and to facilitate the OA amp M operations activation and maintenance of remote branch offices where trained operators may be unavailable KVM over IP gives you flexible target device management control and secure remote access from anywhere at anytime 70 Avocent Universal Management Gateway Appliance Installer User Guide The KVM over IP functionality of the appliance provides enterprise customers with the following features and options e Keyboard video and mouse KVM capabilites configurable for analog local or digital remote connectivity e Enhanced video resolution support up to 1600 x 1200 or 1680 x 1050 wide screen native from target to remote
92. he web UI set to DROP otherwise srv FTP Needed to upgrade appliance firmware via the web Ul set to DROP Accept Commands otherwise srv SSH Accept Needed to launch serial session or to manage the appliance via SSH Serial Session srv Telnet Option to manage the appliance via Telnet set to DROP if not using Accept Session Telnet srv DHCPD DROP Don t change this default unless using DHCP Relay feature srv DHCPD DROP Don t change this default unless using DHCP Relay feature SAN ALE Not needed for current appliance features set to DROP Services Initial Appliance Setup 25 Order Service Action Use case recommendation srv SNMP Accept if centrally monitoring the appliance using a central SNMP srv External Only needed if centrally logging the appliance using a central Syslog Syslog server srv SNMP Traps N Only needed if monitoring SNMP devices for the Trellis platform or managing NetPDUs Needed to access the appliance web UI set to DROP to disable the web Ul Needed to access appliance targets with DSView software set to DROP to disable DSView software support srv Adobe Flex srv DSView proxy srv DSView plug in srv Data logging DSView srv Discovery ACE Needed to discover the appliance with the DSView software set to protocol P DROP to disable DSView software support srv DRIP Needed on private ports to discover and manage UMIQ modules
93. hen select the Target Access tab to manage targets for that user Managed targets are displayed in the column on the left Available targets are displayed in the column on the right If a filter is applied only the targets matching the filter name will be displayed If groups are defined you can choose to display targets by group To add a managed target 1 From the Available column browse to the target s you want to manage and click the left arrow to add it to the managed targets 2 Click Apply To remove a managed target 1 From the Managed Targets column browse to the target s you want to remove and click the right arrow to remove it from the managed targets 2 Click Apply User Target Rights After creating or modifying a user and assigning that user target access select the username and then click the Target Rights tab to manage target rights To manage target rights 1 Under Managed Targets click the target for which you want to manage rights 2 Check the appropriate box to either allow or deny general access rights 3 Forserial targets use the drop down menu to select the session access and check the box es to kill a multi session or for multiple session notification 4 Click Apply Groups User groups are given access and authorizations either by default or as assigned by an administrator Administrators can alter the permissions and access rights of users belonging to the Power User or User groups
94. iance firewall policy in order to support the various features provided by the appliance NOTE Creation of service definitions is necessary for granularity but not required for all types of NAT and firewall rules Administration 97 Services Tab Administration gt Firewall and NAT SSH Reboot Shutdown Add A Service Definition Appl cancel Service Name Service Protocol Service Address Starting Service Port Ending Service Port zcr ll System Services Service Name Service Protocol Service Address Starting Service Port Ending Service Port srv PING icmp any srv FTP Data tcp any srv FTP Comman tcp any Ssrv SSH Serial Se tcp any srv Telnet Session tcp any srv DHCPD udp any s rv TFTP Services tcp any sre UMG Web UI tcp any srv SNMP udp any srv SNMP Traps udp any s v External syslog tcp any srv Web Ul tcp any srv Adobe Flex tcp any srv DS View proxy tcp any Srv KVM session tcp srv Discovery prot To create a service definition 1 Fromthe sidebar click Firewall and NAT then click the Services tab 2 Inthe Service Name field enter a name to be used for the service NOTE A service name can be between 3 40 alphanumeric characters 3 Inthe Service Address field enter a valid subnet ID for the service in CIDR format For example 192 168 10 0 24 4 Enterthe starting and ending ports for the IP protocol NOTE Valid entries are
95. in the on position Service Processors Available service processors and their associated target devices can be viewed under the Targets tab From the sidebar click on a service processor to view and or modify its configuration settings Properties Click the Properties tab to view general information and the FRU information for a service processor System From the system tab you may view the power status and the status of the indicator LED if available on managed target devices manage power turn the LED on and off remotely and view and control the time setting To view and control the power status 1 Clickan SP name 2 Click the System tab The system information window appears and displays the current power status of the target device 3 From the drop down list select the desired power action 4 Click Apply Targets 107 To view and control the SP s indicator LED 1 Click an SP name 2 Click the Systemtab The system information window appears and the current chassis LED status of the target device is displayed under the Enclosure heading 3 To change the indicator status of the target device complete any of the following steps To turn the LED on and leave the LED flashing for a specified number of seconds check the button next to Indicator Blink then enter the number of seconds in the Seconds field or To turn the LED on and leave the LED flashing check the button next to Indicator On or To
96. inally plugged in you will get an alert if one of the power cords becomes unplugged If only one power cord is plugged in initially you will not receive an alert 118 Avocent Universal Management Gateway Appliance Installer User Guide CPU and disk usage CPU and disk usage are system alerts Appendices Appendix A Technical Specifications Technical Specifications Category Value Autosensing Ports 8 or 40 RJ 45 Number Connectors 1 U rack mountable 20 inches x 17 09 inches x 1 7 inches 14 2 pounds o m c U 0 a 1 Serial RJ 45 9 3 gt 5 Q o Local Port Number Type 1 DB 15 Network Connection Number 2 ype 10 100 1000 Ethernet RJ 45 USB Device Port Number 4 ype USB 2 0 Power Specifications AC Input 150240 VAC Range Frequency AC Input Ola 5 5 2 9 E 120 Avocent Universal Management Gateway Appliance Installer User Guide Category Value Ra LLL Ambient Atmospheric Condition Ratings 0 50 Celsius Humidity 20 85 percent non condensing ERA and Safety certifications and EMC certifications for this product are obtained under one or more of Standards the following designations Certification Model Number MPN Manufacturer s Part Number or Sales Level Model designation The designation that is referenced in the EMC and or safety reports and certificates are printed on the label applied to thi
97. ion Appliance Settings faul L Defaults Reboot Shutdown v Network Settings Hosts Appliance Settings Routes Rou Model UMG 4000 L OSPF Serial Number 0380274189 BGP Firmware Version 2 0 4 1 rdist v L Groups L Authentication v C3 Targets L Port Configuration SP Management Serial Management Location KVM Management Target Groups 17 DSView 7 Startup Other Info L Firmware Help URL loa socer comis Y Lj Login Sensors L COM Digital Input Power Supply 1 OFF OneWire Digital Input Power Supply 2 ON Power Supply Status L OneWire Environment Sensor 7 RS 485 Environment Sensor Email Settings v C3 Monitoring Server L Notification Destinations Port Sessions Support Security Password L Firewall and NAT User Name Appliance Settings From the sidebar click Appliance Settings to view the appliance model serial number firmware version and power supply status You can enter or edit contact location and help file settings as well as configure email settings 32 Avocent Universal Management Gateway Appliance Installer User Guide You can use the buttons at the top of the screen to reboot shut down or launch an SSH session to the appliance WARNING Always execute the shutdown command through the web UI CLI
98. is an efficient way of using a single NAT or firewall rule to apply to any and all host IPs residing within an IP range NOTE Creation of network definitions is useful for grouping hosts within a range of IPs but is not required for all types of NAT and firewall rules For example a host which has an IP address of 192 168 0 2 and a subnet mask of 255 255 255 0 would belong to the 192 168 0 0 network Representing a subnet mask in prefix notation is an efficient way of designating which part of the network address is the subnet ID and which part Administration 93 represents all possible hosts within the subnet The best way to designate an IP range of 192 168 0 1 254 within a network definition on the appliance would be using the CIDR formatted address of 192 168 0 0 24 This process effectively assigns a name to a range of IPs or an entire network The NAT and firewall rules rely on definition names exclusively Networks Tab Administration gt Firewall and NAT SSH Reboot Shutdown Interfaces Hosts Networks Services Add A Network Definition Apply cance L Name Interface Name IP Address CIDR Format Defined Networks Apply Delete Cancel Interface Name IP Address CIDR Format Sample kvm To add a network definition 192 0 2 0 24 1 From the sidebar click Firewall and NAT then click the Networks tab 2 In
99. ities A trusted industry leader in smart infrastructure technologies Emerson Network Power provides innovative data center infrastructure management solutions that bridge the gap between IT and facility management and deliver efficiency and uncompromised availability regardless of capacity demands Our solutions are supported globally by local Emerson Network Power service technicians Learn more about Emerson Network Power products and services at www EmersonNetworkPower com 590 1071 501F EMERSON CONSIDER IT SOLVED
100. lated then type any in this field Translated service To add a NAT Policy 1 From the sidebar click Firewall and NAT then click the Policy tab 2 Inthe NAT Setup section under the Add a NAT Policy heading you can add a NAT policy by use the drop down menu to select either Outgoing or Incoming under Direction 3 Enter valid names for the following Interface Source Destination Service Translated Source Translated Destination and Translated Service NOTE Valid names must be between 3 and 40 alphanumeric characters 4 Usethe drop down menu to either activate or deactivate the Rule State 5 Click Apply The new NAT Policy will appear under the Defined NAT Policies heading Administration 103 To modify or delete a NAT Policy 1 From the sidebar click Firewall and NAT then click the Policy tab 2 Under the Defined NAT Policies heading check the box next to the policy you want to edit or delete 3 Make inline changes to the row you want to edit and click Apply Or Click Delete to delete the policy Firewall setup By default the appliance is pre populated with system defined firewall policy rules that support appliance features An administrator can create additional firewall policy rules to either relax or strengthen the appliance s default security state Firewall Setup Definitions Parameter Definition Direction Direction of traffic flowing into out of the interface performing NAT Order From
101. le ttyS 1 TCP port alias for example 7001 and the hostname of the appliance or its IP address To use a Telnet client enter the information in the dialog boxes of the client or To use Telnet in a shell enter the following command telnet hostname IP address login username targetname device name or telnet hostname IP_address TCP_Port_Alias login username To close a Telnet session Enter the Telnet hotkey defined for the client The default is Ctrl q to quit Installation 19 To use SSH to connect to a target through a serial port For this procedure you need the username configured to access the serial port the target name for example 14 35 60 p 1 TCP port alias for example 7001 device name for example ttyS 1 and the hostname ofthe appliance or IP address To use an SSH client enter the information in the dialog boxes of the client or To use SSHin a shell enter the following command ssh 1 username target name hostname IP address or ssh 1 username device name hostname IP address or ssh l username TCP_Port_Alias hostname IP address To close an SSH session Atthe beginning of a line enter the hotkey defined for the SSH client followed by a period The default is 20 Avocent Universal Management Gateway Appliance Installer User Guide Initial Appliance Setup The Avocent Universal Management Gateway appliance provides ext
102. lity heading use the arrows to select the local facilities 7 Underthe Severity heading use the arrows to select the severity 8 Click Apply Digital Output The digital outputs are remote controlled relay ports These ports labeled DO1 DO2 on the back of the appliance can be used to open or close an electric circuit that can drive sirens lights and locks 88 Avocent Universal Management Gateway Appliance Installer User Guide To configure Digital Output notifications 1 Fromthe sidebar go to Monitoring Under the Notification Rules heading check the boxes for the events for which you want to trigger a digital output relay 2 Click Apply NOTE Digital Output DO relays are for events on the back of the appliance only 3 Fromthe sidebar go to Monitoring Notification Destinations and enter the Digital Output name and location for Digital Output 1 and Digital Output 2 4 Click Apply NOTE Once the digital output relay has been triggered use the override to reset it Sessions The appliance allows multiple users to log in and run sessions simultaneously The sessions screen allows you to view all active sessions and delete any unwanted sessions Click Sessions to view all open sessions on the appliance To delete a session 1 Fromthe sidebar click Sessions The sessions screen appears and lists all appliance and target sessions to the appliance 2 Selectthe checkbox next to the session you want to delete
103. llustrate a typical appliance configuration Installation 17 Typical Avocent Universal Management Gateway Appliance Configuration Avocent Typical Avocent Universal Management Gateway Appliance Configuration Descriptions Number Description Number Description 18 Avocent Universal Management Gateway Appliance Installer User Guide Number Description Number Description Ethernet connection External sensors connection USB media Autosensing ports for serial or service 15 processor targets i DB9 com port PC for local configuration Remote authentication Target server VGA USB igurati Pire 18 USB connection keyboard mouse or media M9 console port LCD tray for local configuration and access Using Telnet or SSH to access a serial target Ethernet connection Local Area Network LAN e UMIa module for KV connection E An authorized user can use a Telnet or SSH client to make a connection directly to the console of a serial target if all of the following are true The Telnet or SSH e protocol is enabled for network service in the security profile e protocol is configured for the port client is available and it is enabled on the computer from which the connection is made To use Telnet to connect to a target through a serial port For this procedure you need the username configured to access the serial port the target name for example 14 35 60 p 1 device name for examp
104. m er N pDPrHRHRE EEaEIaAR R PX AA6_RY Xa HHERERRaRaRaRH HHHH 50 SP management SK KS KK SK KS KK KK KK KK KK KK KK KK KK RR 60 Firmware upgrade and repository aska kaka kk kk kk KK KK KK KK KK KK KK KK KK KK KK KK KK KK KK KK KK KK KK RIKA 61 Serial management sas SE SS SEK AK KK SK KK KK KK KK KK KK KK KK KK KK KK KK KRA 62 PDU management 66 Asset Location 2 eL ra bm r vm 69 prac eU 69 KVMimanagemeit xL DE eR RAS 69 Table of Contents iii Target gops con eO re sa Ao eens cares ae 79 SLAC eode eite oL ttti uuo heit E LI nr t GA td e eae 4 80 Bi LD W2 v cce x cade a nete et dA pd go 80 Backing p firWare xo cse bese t e p naaHHEHHEHNHEEE EJ J 81 USBIDOV CE SN cs c MeL Lecce ica RUIT e eth a E Ee onte te A ir 82 Iac D 82 Com Digital Input sesso eere Rem KK KK KK KRA 83 DIGItAIIN DUIS SA 84 Environment ceto eI A EE mi 84 RS 485 environment sensor ak a cece e RR RR RR RR 85 PDU Temperature Sensors Delta 85 Moriltonng ds oet ever edo roca Eth OPUS LADD tI SERA IE 86 tage 86 Sa MICE 86 Digital Output
105. mber Description Input filter on an inside interface Input filter on an outside interface FARE Output filter on an inside interface EE Output filter on an outside interface Firewall and NAT flow Traffic flowing through the appliance which is expected to be both translated and filtered will require both NAT and firewall rules designed to match the traffic patterns appropriately Translation Administration 101 happens before filtering when traffic is entering the appliance and filtering happens before translation when traffic is exiting the appliance For example if input traffic passes through an incoming NAT rule which has translated the destination address then the only way for the filter rule to match a destination address is to have the filter rule match the pattern of the translated destination address and not the original destination address of the traffic This is because the address was translated before it could be filtered Firewall and NAT Flow Firewall and NAT Flow Descriptions Number Description fees e 102 Avocent Universal Management Gateway Appliance Installer User Guide Description Incoming on an inside interface before input filter on the same inside interface Incoming NAT on an outside interface before input filter on the same outside interface NAT setup An administrator can add and configure NAT policies to perform address translations Depen
106. ministrator can also store buffered data locally Messages about the appliance and connected servers or devices can also be sent to syslog servers Power management The Avocent Universal Management Gateway appliance enables users who are authorized for rack power distribution units PDU and service processor SP power management to turn power on turn power off and reset servers via their embedded SP devices plugged into a connected rack PDU Auto discovery An administrator can enable auto discovery to find the hostname of a target connected to a port Auto discovery s default probe and answer strings have a broad range An administrator can Product Overview 5 configure site specific probe and answer strings Auto discovery can also be configured through the DSView software Supported SPs The appliance supports rack and blade server SPs from the following vendors Dell HP IBM Cisco Fujitsu Oracle Sun and additional IPMI implementations For a complete list of SPs supported by your appliance visit www avocent com updates to see the release notes that match your appliance firmware version Control of virtual media and smart card capable appliances The Avocent Universal Management Gateway appliance allows you to view move or copy data located on virtual media to and from any target device Manage remote systems more efficiently by allowing operating system installation operating system recovery hard drive reco
107. mote digital IP options e LAN WAN IP network connection e Serial target device connection An authorized user can make a Telnet SSH v1 SSH v2 or raw connection to a target device For Telnet or SSH to be used for serial target device connections the Telnet or SSH service must be configured in the Security Profile that is in effect e Console connection An administrator can log in either from a local terminal or from a computer with a terminal emulation program that is connected to the console port and can use the CLI Autosense The Avocent Universal Management Gateway 2000 appliance has eight autosensing ports that can be used for either service processor SP or serial connectivity and management It has an additional 32 RJ 45 ports which are intended solely for SP connectivity and management The 2 AvocentQ Universal Management Gateway Appliance Installer User Guide Avocent Universal Management Gateway 4000 and 6000 appliances have 40 autosensing ports that can be used for service processor SP or serial connectivity and management Ports that support autosensing are designated on the back of the appliance with a small turquoise line next to the port number Ports indicate which mode of operation is currently active with a green or amber connection LED By default all ports capable of autosensing are in automode It is recommended to leave the port set to autosense This is indicated by having both the green and amber LEDs
108. mote group authorizations for the LDAP authentication method Any authentication method configured for the appliance is used for authentication of any user who attempts to log in through Telnet SSH or the web UI To configure authentication settings 1 Fromthe sidebar click Users Authentication 2 Fromthe Settings tab use the drop down menu to select the password strength then use the arrow buttons to select the authentication order NOTE Password strength is a global setting 3 Click Apply Authentication servers When using an authentication server you must configure its IP address and in most cases other parameters before it can be used The following authentication servers require configuration LDAP and DSView software servers To configure an LDAP authentication server 1 Click Administration Users Authentication Select LDAP from the Not Used column and move it to the Methods Used column Click Apply Select the LDAP tab Bep qe 5 Administration 43 Enter the following information a The IP address of the authentication server b The Base Distinguished Name which is the LDAP path to the location of the user accounts c Usethe drop down menu to select Off for SSL Mode d Enter the Bind Distinguished Name which is the service account the appliance will use to communicate with the LDAP server e Enter the Bind Password which is the password of the service account f Enterthe PAM A
109. must be unique to the appliance The network value is in CIDR format of an IP address netmask for example 10 12 1 0 24 To configure OSPF 1 Fromthe sidebar click Network Settings OSPF 2 Check the box to enable OSPF NOTE When OSPF is enabled or disabled an alert will be sent to the alert manager 3 Enterthe appliance ID then click Apply The appliance ID should be an IP address but it can be any arbitrary 32 bit number The appliance ID must be unique within the entire OSPF domain 4 Usethe drop down menus to set the Interfaces to either Active or Passive OSPF will not speak to any interface set to Passive 5 To add a network enter the address for the network and its area then click Add 38 Avocent Universal Management Gateway Appliance Installer User Guide 6 Toeditan existing network check the box next to the network under the Modify an OSPF Network heading When finished click Apply 7 Todelete a network check the box next to the network then click Delete BGP BGP is one of the key protocols used to achieve internet connection redundancy BGP appliances use TCP protocol on port 179 to communicate with each other BGP sends only incremental updates containing the routing entries that have changed since the last update BGP peers are established by manual configuration between appliances to create a TCP session on port 179 Every 30 seconds a BGP speaker will send keep alive messages to maintain the conne
110. n be achieved by connecting to a blade chassis or by connecting to an unmanaged layer 2 switch which has targets connected WARNING Do not connect a UMIQ module to anything other than a direct connection to an appliance port Putting a layer 2 switch in between a UMIQ module and the appliance can damage or destroy the switch Port assignment From the sidebar click Targets Port Configuration to view or change the mode and serial or network settings of each port To view or change port settings 1 Click Targets Port Configuration 2 Selectthe port and click Port Configuration 3 Tooverride the autosense settings see the following table Port Configuration Options Setting Description Connection Type Changes the serial pinout from Avocent to Cisco and Sun Interface Name Assigns the physical port to a virtual interface Port Class Toggles between serial console or serial PDU 52 AvocentG Universal Management Gateway Appliance Installer User Guide Serial Settings From the sidebar click Targets Port Configuration Serial Settings to view or change the default serial interface communication settings To configure serial mode settings 1 Forserial devices connected to a port click Targets Port Configuration Serial Settings 2 Selectthe port and click Serial Port Setting 3 Usethe drop down menus to select the state speed parity data size stopbits flow and the serial pinout type NOTE The def
111. n number of seconds 4 To add auto answer input and output string click Add Enter a new string in the Input String or Output String fields and click Apply or To delete an auto input and output string select the checkbox next to the string you want to delete Click Delete 5 Tochange the default auto discovery time out or probe time out perform the following steps a Select Settings b Enter anew value in the Auto Discovery Timeout and Probe Timeout fields c Selecta speed from the Default Speed on Auto Discovery Failure drop down list and Probe Speed List d Click Save 6 To add anew probe or match string or delete an existing string perform the following steps a add a string click Add enter a new string in the New Probe String or New Match String field and click Save b Todelete a string select the checkbox for the string and click Delete 7 Click Apply PDU management Connected power devices can be used for remote power management The appliance enables users who are authorized for power management to turn power on turn power off and reset devices that are plugged into a connected PDU The following table displays the types of PDUs supported the communication protocols used and the ports that can be connected Administration 67 Type Protocol Ports Avocent PM PDU PM10 20 1000 2000 3000 Any autosense port Liebert MPH MPX MPH2 MPX2 27 appliance port or Remote via LAN infrastructure
112. ne Interface Serial over LAN SOL SOL History Browser AutoLogin Browser manual login Command Line Interface SSH AutoLogin SSH manual login Telnet manual login When a user initiates an SP Access session the appliance will open a small TCP port range to facilitate communication between the client and the SP The client PC will open a pop up browser window and will connect to the IP of the appliance using one of the ports allocated for the session If the session type being launched is a SP Access Browser session the appliance will FWD the traffic from the client pop up window to the Service Processor and the user will be presented with the login prompt for the SP browser UI If the session being launched is an SP Access Browser auto login session the appliance will utilize the stored service credentials and will log into the browser UI of the SP before forwarding the client browser to the signed in UI session of the SP If the session type being launched is an SP Access vKVM vMedia session the appliance will follow all of the same steps included with the SP Access Browser auto login session with the addition of launching the Java vKVM viewer of the SP and passing the session back to the client PC To start a session click a button for the session type you want If a user doesn t have permission to launch a particular session type or if the SP does not support the session type then the corresponding button for that session ty
113. ng access to device management consoles It is not supported as a general purpose router switch or packet filter The firewall and NAT features are built from a series of named definitions for networks hosts interfaces and services Before you can configure the firewall and NAT policies you must define the objects that will be used within the policy rules It is best to start by defining the interfaces then defining the networks that will be referenced by your policy rules before finally defining the hosts and services Each of these are described in the next sections The appliance will already have knowledge of various hosts networks and interfaces these objects will be created atthe time they are defined or discovered by the appliance For example upon connecting a UMIQ module to the appliance a host definition will be created matching the name assigned to the UMIQ module target Interfaces By default all physical and virtual interfaces defined within the appliance will be listed on the Interfaces tab You can access the Interfaces tab by clicking Firewall and NAT from the sidebar Administration 91 New virtual interfaces can be made for use with private ports by clicking Administration Targets Port Configuration Network Settings For more information on creating an interface see Port configuration on page 50 Interfaces Tab Administration gt Firewall and NAT SSH Reboot Shutdown Policy Inter
114. ng all members belonging to the admin group default member is admin Power User group Members of the Power User group have access restricted to tasks for managing only the appliance Power users have no access to the ports or power management options and share all of the appliance access rights as admin except for configure user accounts and shell access which are permanently disabled for this group User group Members of the user group have access to target devices unless they are restricted by an administrator but have no access rights for the appliance Administrators can add appliance access rights and permissions and can add users to custom user groups to add permissions and access rights as needed By default all selections on the Target Access and Target Rights screens will be disabled NOTE You can rename custom groups as desired The role of the group not the name determines the access and rights levels NOTE Target Access is the most permissive and Target Rights are the most restrictive Group Target Access After creating or modifying a group click new group name and then select the Target Access tab to manage targets for that group Managed targets are displayed in the column on the left Available targets are displayed in the column on the right If a filter is applied only the targets matching the filter name will be displayed If groups are defined you can choose to display targets by group Administration 47
115. nk an LED at a rate of 2 9 Hz with a 5096 duty cycle The UMIQ module is using standby power provided via ethernet cable from the appliance Insufficient power is provided This may happen before the UMIQ module is enumerated by the USB host the target server Active LED illuminated when there is an active KVM session Active LED er Continuous single blinks Used for identifying a UMIQ module Enabled Disabled within the ive rapid appliance web UI The Active LED periodically blinks to indicate that the UMIQ module has been associated with the appliance i e it has been discovered by the appliance Continuous single blinks slow r with the has failed Peminuous single blinks Alternating LED blinks at a fast rate indicate when a firmware upgrade LEDs Devices From the sidebar click Administration Targets KVM Management to view each connected UMIQ module Each column can be sorted as desired You can view the following information for each module e Port The appliance port where the module is connected During the initial connection or a factory reset the port number is 99 until the appliance autosenses the correct port number Name The target name assigned to the UMIQ module Clicking this name will enable you to modify individual module settings NOTE To rename a target see Targets on page 50 PAddress The IP address assigned to the module via the appliance DHCP
116. nless Automatic has been enabled If the user confirms you will be given target access e Preempta user s connection When you are prompted to preempt the user s session and you click Preempt the other user the user requesting access to the target will be connected and existing user s will lose their connection to the target The existing user s will be notified that their sessions have been preempted To display a list of users sharing their port or channel select View Connected Users in the Video Viewer window Users in stealth mode are excluded from this display 76 Avocent Universal Management Gateway Appliance Installer User Guide Encryption level In the Encryption Level area specify an encryption level for the keyboard mouse video and virtual media S3DES SSL Triple DES encryption e 128 Bit SSL 128 bit encryption which used an ARCFOUR RC4 SSL cipher AES AES encryption At least one encryption level must be specified for the keyboard and mouse When you specify more than one SSL encryption type the appliance negotiates the strongest algorithm that is supported by both sides The strongest algorithm is AES followed by 128 bit 3DES and DES Session settings Under the Session Settings heading you can configure the Input Control Timeout enable and configure the session timeout set the keyboard language set the EDID video resolution and enable video noise control NOTE If a user connects to a target wi
117. ntials the appliance will be able to leverage the accounts list to find matching credentials If the appliance is able to successfully log in the SP will appear within the targets list To add edit credentials in the default users list 1 Browseto Targets SP Management Default Users 56 Avocent Universal Management Gateway Appliance Installer User Guide 2 Click Add to add a new user or Click the username to edit the user 3 Add or edit the username and password 4 Addor edit the description as desired 5 Click Apply Logical discovery The appliance supports creation of up to 20 discovery queues that can be leveraged to discover SPs on the network The discovery ranges define a start stop IPv4 address that the appliance will scan looking for SPs The discovery can be run as Manual run once or Automatic runs according to defined minute interval If the appliance can identify the SP type and log in using credentials from the default user list the SPs will be added to the list of targets If the appliance cannot identify or log in to the SP nothing will be added and you will need to either manually add it or use the Import SP feature To discover service processors 1 Inthe navigation menu click Targets SP Management Discovery 2 Click Add Range to open the Modify Search Range screen 3 Enter the name for the search then enter the IP addresses for the range in the From and To fields 4 Use the drop do
118. ntify if it has bad memory To identify other types of hardware problems issue the following shell commands using an appliance that boots properly Shell Hardware Diagnostic Commands Type Command cat sys devices platform dcima hwmon 2560 fan cat sys devices platform dcima hwmon 2560 temp Power Supply issues cat sys devices platform dcima hwmon 2560 voltage If the diagnostic test reveals a hardware failure contact Avocent Technical Support Firmware bugs can be resolved through a clean load of firmware via the NetBoot menu or USB boot procedure Appendices 129 Appendix H Troubleshooting From the Appliance Shell The appliance shell is a powerful tool for advanced troubleshooting and debugging The following commands are examples of various ways to troubleshoot for performance and potential network related issues Network related Example 1 Network related issues can sometimes be difficult to diagnose and troubleshoot An appliance that seems to communicate on the network without issue yet provides slow performing sessions KVM could be suffering from a half duplex issue ethtool To troubleshoot speed and duplex negotiation issues the ethtool command may be useful ethtool interface netstat Use the netstat command to identify where network traffic is flowing netstat in iostat Use the iostat command to show CPU load hdd and memory load This is useful to help identify if a bad memory module
119. o manage power while connected to devices The appliance has three default users admin operator and user and three pre defined user roles appliance administrator power user and user User role group A user role defines the view and what the user can do within the web UI and CLI regarding appliance settings and administration User Roles User Description User Target access only Power View appliance information reboot appliance disconnect user sessions target access target User power operations and view data logs Appliance All user and administrator functions including upgrading the appliance configuring appliance Admin settings and target access The Appliance Admin role is the only one with shell access 40 Avocent Universal Management Gateway Appliance Installer User Guide Users group A user account must be defined for each user on the appliance or on an authentication server Only an admin can add and configure other user accounts Each local user account is assigned to one or more ofthe user groups CAUTION Change the default passwords before you put the appliance into operation Password Policy The default username and password for the appliance is admin and admin An administrator may configure global password rules to all user accounts The maximum length of a password is 64 characters When the password policy is increased from a lower level to a higher one all local user accounts will be
120. operating system You can load the Last Known Good Configuration which is the most recent system settings that worked correctly To configure boot configuration 1 Click Startup 2 Selectthe filename of the boot firmware 3 Click Apply then click Reboot Firmware The appliance supports the storage of two firmware images These images behave similar to different OSs on a dual boot system that combines the OS and configuration When upgrading the firmware from the DSView management software or the web UI the appliance will copy the active configuration into the new firmware image slot and combine them with the new firmware OS After installing the new image file the appliance will reboot to the second firmware image slot The configurations in image slot 1 and 2 are the same but all subsequent changes will only be made into the currently booted image If you experience issues with the new firmware image you can reboot to the older image As the firmware is upgraded the oldest image will be overwritten with the new firmware From the sidebar click Firmware to view the current firmware version upgrade to the latest version back up or delete the firmware To download the appliance firmware 1 From http Awww avocent com browse to the product updates section and find the firmware for your Avocent Universal Management Gateway appliance 2 Savethe new firmware to a tmp directory Administration 81 Upgrading the firmw
121. or DSView software under the Overview Tools node before turning the appliance off then on again This will ensure the reset doesn t occur while the file system in Flash is being accessed and it helps to avoid Flash memory corruptions SSH Click SSH to launch an SSH based CLI console session from your PC to the appliance From here you can access the Administration CLI target sessions and power actions as well as access the appliance Linux Shell Help File You can access the online help for the appliance by clicking the Help button in the top right of the screen If your client PCs do not have internet access you may download a PDF of the appliance user guide and host it on an internal web server To download the user guide go to the following address http pcs mktg avocent com Q Q content manual 590107 1501 b pdf Once you ve downloaded the user guide and hosted it on a server enter its path in the Help File URL field Email Settings The appliance can generate email alerts for events that occur on the appliance or its associated target devices Once an SMTP email server is configured alerts can be sent to as many as four email addresses See the Monitoring and Notification destination sections to configure alerts and their email recipients Defaults From the Defaults tab you can restore the appliance to its factory default settings You can also configure the date and time NTP server settings as well as setting the
122. or hard drive is affecting performance iostat To perform in depth network traffic analysis the tcpdump command can be used to capture traffic to a file which can be imported into third party tools tcpdump w networkcapture cap It s possible to create elaborate scripts which can significantly aid in the troubleshooting process One example script is provided below which uses the netstat command to display established network connections sortable by activity The script can be created using VI and saved to the download directory The syntax for running the script is script name refresh interval rows displayed s r gt sent received bin sh QI e Da E L E E T monitorNETSTAT sh Use netstat to display tcp network usage by process pil M EE 130 Avocent Universal Management Gateway Appliance Installer User Guide Appendices 131 Appendix I IP Masquerading for 1 to 1 NAT To set up a 1 to 1 NAT you will first need to create a virtual public interface The virtual public interface will appear within the Firewall and NAT screens of the appliance Input usr bin fwnat fwnat alias sh Usage fwnat alias h lt add del mod gt i ethO eth1 gt n lt ifname gt a cidr formated IP b broadcast address gt Virtual Public Interface Syntax and Options Displays the command syntax Adds deletes or modifies an aliased interface
123. ors From the sensors tab you can view the name value time and location for an external sensor connected to the appliance In addition you can also view the type and alert for the digital inputs Events The appliance will generate notifications and alerts for a variety of events When an event occurs on the appliance it is saved in the event log If you are an Admin you can view or clear events by clicking on the Events Summary tab or view and clear alerts by clicking the Alerts Summary tab An operator can view events or alerts but cannot clear them Clearing an event removes it from the appliance log Multiple events may be selected in the list and cleared simultaneously The historical record of the event occurring will remain in the Events Summary tab Clearing an active alert will reset any associated digital output to its non active state Alert Default Thresholds Alert Default Threshold Temperature Front sensor Greater than 50 C Temperature Back Sensors Greater than 66 Fan Greater than 9896 Greater than 9096 Fan If a fan is not working or goes below a hard coded threshold you will get a fan alert Temperature If the temperature goes above a hard coded threshold you will get a temperature alert A front sensor for temperature is located on the front panel with two more on the rear panel Power A power supply sensor tells whether the power supply is off or on If both power cords are orig
124. ort KVM sessions to UMIQ modules set to DROP to 49 session disable KVM support DROP Needed to protect general packet relay not recommended to be changed Web User Interface Once you have connected the Avocent Universal Management Gateway appliance to a network you can access the appliance with its web user interface UI The web UI provides direct access to the appliance and its target devices via a graphical user interface NOTE For instructions on accessing the appliance via the command line interface or DSView software see the Avocent Universal Management Gateway Appliance Command Reference Guide or the DSView 4 Management Software Installer User Guide Web UI Overview To log into the web UI 1 Open a web browser to the address http lt appliance IP gt 2 Atthe login screen enter your username and password 3 After logging in you will see the Targets tab NOTE When using the VGA console you can choose alternate locales or keyboard types NOTE Adobe Flash Player and Oracle Java Runtime are required for full product support to client PCs accessing the appliance See the release notes for a list of supported web browsers 28 Avocent Universal Management Gateway Appliance Installer User Guide Web UI Avocent Universal Management Gateway LogOut Account Targets gt lian Display Type Appliance Name A Type Topology IPAddress Remote Access
125. out an advanced license does not support vKVM When added to the appliance the capability discovery will recognize the license in the iLO and will disable the session button CAUTION The appliance requires most SP types to have IPMI enabled in order to be discovered or managed Some SPs will have IPMI disabled by default for example iDRACT If the SP is physically connected behind the appliance and cannot be discovered or added due to an IPMI problem you may manually add the SP using the generic profile Then launch an SP Access browser session to the SP and correct the IPMI problem Then delete the generic SP and add it using the appropriate SP profile Physical discovery The appliance has a DHCP service active by default running on the priv virtual interface SPs physically connected to the appliance and configured as DHCP clients will be issued an IP and then queried for discovery A DHCP scope is by default assigned only to the priv virtual interface and associated physical ports The spm and kvm virtual interfaces do not have addresses assigned to them by default To assign DHCP ranges to the spm and kvm virtual interfaces to discover and Administration 55 manage certain classes of devices independently the virtual interface must first be assigned an IP The priv virtual interface is by default 192 168 10 1 24 To assign virtual interfaces IP addresses 1 Browseto the network settings page located at Administration
126. ower Sensors Logs Service Processor Start Sessions fosters ees Server Console Graphical Virtual KVM Media 1 17 _192 168 200 158 14 17 BD 192 168 200 167 gt Cj UMIQ gt Cj Serial Console Server Console CLI SoL SoL History Service Processor Web Browser AutoLogin I Browser Service Processor CLI SSH AutoLogin ssH _ gt Cil PDU Target Sessions gt Power Outlet Delete O Start Time Last Time Target To close an SP Access session 1 Fromthe Sessions page click the box next to the session you want to close 2 Click Delete Power Click the Powertab to view the power consumption information for the target device Click Refresh to refresh the power consumption information NOTE Check the appliance firmware release notes to determine if your SP type supports this feature Power capping Power capping is a process of reducing or limiting the power consumption allotted to a server Implementation of a power cap will vary from server to server and typically relies on assigning various processor P states or processor clocking limits Under the Power Capping heading you can view power information including status thresholds correction time and sampling period Fields that aren t supported by the SP server will be grayed out NOTE The default values are dependent on the SP type If supported by the S
127. pe is grayed out There are two ways to access the Sessions page From the Targets tab you can click Appliance then click the SP Session link under Remote Access Sessions Page Access Display B N Appliance Name Type Status IP Address Power Remote Access v Service Processor 1 17 _192 168 200 167 Service Proces Powered Off 192 168 200 1 Choose oe 1A 17 BD 192 168 200 154 1 17 _192 168 200 158 14 17 8D_192 168 200 167 C UMIQ OSPF1 Idle 192 168 10 101 SP Session 1 17 _192 168 200 158 Service Proces Powered On 192 168 200 1 Choose v 1 17 _192 168 200 154 Service Proces Error 192 168 200 1 Choose SP Session KVM Session gt Cj Serial Console OSPF2 Idle 192 168 10 100 gt Idle 192 168 10 103 Session gt Power Outlet OSPF4 UMIQ Idle 192 168 10 102 KVM Session OSPFS Idle 492 168 10 104 KVM Session 5000 UMIQ Idle 192 168 10 105 1a 17 bd p 39 serial Idle Suis Session Or you can click on an SP name from the sidebar then click the Sessions tab Targets 109 Sessions Access 2 Display Type Targets gt 1A 17 BD 192 168 200 154 SoftShutdown Cycle Power v Appliance Properties System SEL Sessions P
128. pliance to pass a custom EDID By selecting custom you can save an EDID file from a particular monitor and assign it to a UMIQ module You can also load a blank EDID all 0 to clear the DDC ESPROM on a UMIQ module This should prevent the operating system from reading a valid EDID from the module and makes all resolutions available NOTE For a list of all supported resolutions see Video Resolution on page 136 To configure EDID settings 1 Click KVM Management Default Settings Administration 79 2 Under the Session Settings heading use the drop down menu to select the desired resolution 3 Click Apply 4 fusing a custom setting click the Custom EDID tab 5 Select either File or List as the desired source a If you have selected File click Get File and choose the appropriate file b Ifyou have selected List update the resolution list with the desired resolution from the dropdown menus NOTE The default resolution will apply to all sessions and UMIQ modules 6 Click Apply UMIQ pass through When the UMIQ pass through is enabled KVM sessions will connect directly to the UMIQ module IP instead of connecting through the appliance IP This requires that firewall rule 512 be disabled and will allow IP forwarding routing from public networks to the appliance s private networks The pass through mode is disabled by default Rebooting or upgrading an appliance or restoring an appliance image dump will not affect the stat
129. ppropriate for the public network it is connected to or appropriate for the private ports on the appliance Third ensure that IPMI is enabled on the SP Fourth ensure that you know or change the SP log in credential to one that is or will be configured within the appliance Fifth access the Targets SP Management Default Users page and add a credential to the list matching the one configured in the SP Sixth physically connect the SP to a private appliance port if it is not already connected to another network Seventh if necessary create a discovery range for the network that contains the SP See Connecting targets on page 12 Rename target devices aliases to user human meaningful names For example hostname DNS name physical location name or other See Port configuration on page 50 Change the default account credentials create additional user accounts or add AD LDAP or DSView software as an authentication service Create user groups and assign target permissions See Power User group on page 46 Test launching a KVM vKVM vMedia serial SOL SSH browser session to each new target device Verify power on off cycle functionality for non production systems See Sessions on page 88 Create a system backup to preserve the appliance configuration in case of emergency See Firmware on page 80 Appendices 123 Appendix C Forgotten Password If locked out of all administrator accounts contact technical support with the applianc
130. r then click Add NOTE The default AS number is 64512 which is a private AS number You will need to modify it when using BGP to make sure it s unique in the network Administration 39 8 To edit an existing neighbor check the box next to the neighbor under the Modify a BGP neighbor heading When finished click Apply 9 Todelete a neighbor check the box next to the neighbor then click Delete Network Share The appliance supports the ability to upgrade multiple SPs through network share An administrator can configure the network share by clicking Network Settings Network Share from the Administration sidebar To configure a Samba client for network share 1 Fromthe sidebar of the Administration tab click Network Settings Network Share 2 Underthe Settings tab in the External Samba Server field enter the IP address or hostname ofthe Samba server 3 Inthe Share Path field enter the subdirectory that represents the network share NOTE The field may be left empty to represent the root directory 4 Inthe Domain Name field enter the name of the Windows domain name of the server 5 Enterthe username and password for the network share in the appropriate fields To view the contents of the root directory of the network share click the Contents tab Users Access to ports can be optionally restricted based on authorizations that an administrator can assign to custom user groups Groups can also be authorized t
131. ray to the VGA and USB ports on the front of the appliance to access the VGA console and configure IP and user settings Assign IP mask gateway From the sidebar of the web manager click Administration Network Settings Default credentials username admin password admin See Web User Interface on page 27 Select a networking mode normal failover bridge group See Bridge Group Configuration on page 34 Assign an IP address or addresses to the Eth BondO Bridge group named interface See Bridge Group Configuration on page 34 Verify network connectivity by browsing to https appliance IP Consult the Network Settings Routes page to ensure the IP network assigned to the priv interface is unique within your organization If it isn t access the Targets Port Configuration Network Settings page and change the IP addresses assigned to the virtual private interfaces to organizationally unique ones Be sure to create new DHCP dynamic ranges to match the virtual private interface IPs you changed SeeNetwork Settings on page 33 122 Avocent Universal Management Gateway Appliance Installer User Guide Number Installation Step P d connect KVM serial or PDU targets to the appliance See Connecting targets on page To connect SPs to the appliance First consult the appliance release notes for a list of supported SP types and firmware versions Second access the SP directly to ensure the SP is a DHCP client or has a static IP a
132. rial port will be discovered Detection Default Disabled Note Additional configuration operations for Auto Discovery and Speed Auto Detection are found on the CAS Profile tab Data Buffering Port The number of the port Status Enables or disables data buffering Default Disabled Displays the type of data buffering Local stores the data buffering file in the local Type file system Syslog sends the data to the syslog server facility 0 with severity info Default Local When enabled adds the time stamp to the data line for local data buffering Default Disabled 3 Includes special notification for logins and logouts in data buffering Login out Message Disabled Enabled stores data at all times Disabled stores data when a remote serial Serial Session Logging session is not opened Default Disabled Regular expression or ASCII patterns used to generate event notifications The appliance will try to match the data received from a serial target with the configured patterns When there is a match an alert is sent Default Empty Alert Strings Administration 65 Data logging If you enabled Serial Session Logging under the Data Buffering tab you will be able to download the logged data once a serial session to the enable port has been launched To download logged data 1 Click the Targets tab in the title bar 2 From the sidebar click Serial Console then click on the target on which you ena
133. roperties Property Description Default Value Sensor ID Read Only System Defined Value Enabled Enable or Disable Enabled To detect enable disable or edit a OneWire digital input sensor 1 Click Administration Sensors Digital Input 2 Click Detectto search for new sensors 3 Clickthe sensor number choose the type of sensor or update the normal status 4 Click Enable to enable or disable the sensor Environment Environment sensors collect temperature and humidity data They can be connected to the TH1 TH2 ports on the back of the appliance Environment Sensor Properties Property Description Default Value Enabled Enable or Disable Enabled Temperature or Humidity Read Only The serial number of the sensor Read Only Information from Sensor User defined location of the sensor To detect enable disable or edit an environment sensor 1 Click Administration Sensors Environment Sensor 2 Click Detectto search for new sensors 3 Click the sensor number and then click Enable or Disable to enable or disable the sensor Administration 85 RS 485 environment sensor RS 485 environment sensors collect temperature humidity and water data They can be connected to the SNSR COM2 ports on the back of the appliance RS 485 Environmental Sensor Properties Property Description Default Value Sensor ID Read Only System Defined Value Enabled Enable or Disable Enabled To add enable or remove an
134. s the PDU phases circuits or environment click the Settings tab Properties From the Properties tab you can view information about the PDU and power control all outlets as well as upgrade the PDU s firwmare reboot the PDU reset the overcurrent protection restore factory defaults and access the browser UI To manage a PDU 1 From the sidebar click the PDU you want to manage to open its Information page Targets 113 2 Click the Upgrade Reboot Reset HW Overcurrent Protection Restore Factory Defaults and Browser buttons as desired NOTE The power controls On Off and Cycle will be applied to all outlets of the PDU Outlets By selecting the Out ets tab you can view status number and name of outlets You can turn on turn off cycle lock or unlock selected outlet s To manage outlets 1 From the sidebar click on the PDU to manage its outlets 2 Click the Outlets tab 3 Check the box or boxes next to the name of the outlet or outlets you want to manage 4 Click the On Off Cycle Lock Unlock or Save Status button Overview By selecting the Overview tab you can view a PDU s name outlets current voltage power power factor energy and alarm Current Voltage Power Consumption Energy Consumption By selecting the Current Voltage Power Consumption or Energy Consumption tabs you can reset each s maximum minimum and average values To reset values 1 Select PDUs and or outlets to reset
135. s for the following Order Interface Source Destination and Service 104 Avocent Universal Management Gateway Appliance Installer User Guide NOTE Valid names must be between 3 and 40 alphanumeric characters 4 Usethe drop down menus to select the Action Connection Status and Rule State 5 Click Apply For each rule an action either ACCEPT DROP REJECT or LOG must be selected from the Policy drop down menu The selected action is performed on an IP packet that matches all the criteria specified in the rule If LOG is selected from the drop down menu it will create entries in syslog about the traffic matching this rule without performing a specific ACCEPT REJECT or DROP action In order to log and ACCEPT or log and REJECT DROP a second rule must follow the log rule with the same traffic pattern and the desired ACCEPT REJECT DROP action The administrator can configure a log level a log prefix and whether the TCP sequence TCP options and IP options are logged in the Log Options Section If REJECT is selected from the drop down menu an administrator can select an option from the Reject with pull down menu the packet is dropped and a reply packet of the selected type is sent To modify or delete a Firewall Policy 1 From the sidebar click Firewall and NAT then click the Policy Tab 2 Underthe User Defined Firewall Policies heading check the box next to the policy you want to edit or delete 3 Make your changes and click
136. s product Approvals and Markings Appendices 121 Appendix B Installation Checklist You can print and refer to the following checklist to assist you with installing the appliance and managed targets Appliance Connections Checklist Number Installation Step Rack mount or wall mount the appliance See Rack and Wall Mounting on page 7 Connect the redundant power cables to P1 and P2 100 240 volts See Connecting the Hardware on page 11 Connect at least GB1 to the management network Connect GB2 to the same management network if you intend to configure the two ports for failover GB2 can be connected to different networks if the appliance configured in normal mode See Setting Up Your Network on page 22 Connect the tan colored serial adapter DB9 RJ45 to a straight CAT5 6 cable Connect a laptop PC using this cable assembly to the Setup port on the front of the appliance Using a terminal emulation program such as Putty at 9600 baud access the appliance CLI to configure IP and user settings Turn off DHCP set system administration networkManagement networklnterfaces ethO dhcp false Assign IP set system administration networkManagement networkInterfaces eth0 addr lt 192 168 0 5 gt Assign mask set system administration networkManagement networkInterfaces eth0 Zi mask 255 255 255 0 Assign gateway set system administration networkManagement networkl nterfaces ethO0 gateway lt 192 168 0 1 gt Connect a crash cart LCD t
137. server NOTE UMIQ modules will be discovered by the appliance only after they are issued an IP address from the appliance DHCP server This means UMIQ modules cannot be used if the DHCP server is disabled or if the port connecting the UMIQ module to the appliance belongs to a bridge group EID Displays the unique electronic ID number embedded in the module e Status Displays whether the module is In Use Idle or Offline Administration 73 e Management Displays whether the module is Pre discovered Managed or Not Managed During the initial connection or during a factory reset as the module is being discovered the management status will change from Pre discovered to Managed e Appliance Power Displays if the appliance is providing power to the module Power Mode Displays the power status for the module Full means the module is getting power from the appliance and the target Partial means that the only power is from the appliance Module settings Clicking a module name will display its individual settings For a detailed explanation of the settings see Default settings on page 74 Check the box to enable or disable the Flash Locator LED When enabled the LED on the module will flash to help you locate it in the rack Upgrading UMIQ modules The UMIQ module Flash upgrade feature allows appliance administrators to update UMIQ modules with the latest firmware available After the Flash memory is reprogrammed with the up
138. set to protocol DROP to disable KVM support srv Security Needed to access manage the appliance with the DSView software protocol set to DROP to disable DSView software support o cc Accept Not needed for current appliance features set to DROP srv Trellis Needed for Trellis platform software management and monitoring Platform OHS support set to DROP if not using Trellis platform software Needed to access manage the appliance with DSView software set to DROP to disable DSView software support Needed to monitor the appliance with the DSView software set to DROP to disable DSView software support srv Trellis Needed for Trellis platform software management and monitoring Event support set to DROP if not using Trellis platform software DROP Don change this default for any reason Event 2 DROP Don change this default for any reason Service 1 E Mes DROP Don change this default for any reason Service 1 srv UMG Needed for Trellis platform software management and monitoring Service 2 support set to DROP if not using Trellis platform software srv UMG Service 4 srv UMG Needed for Trellis platform software management and monitoring Service 5 support set to DROP if not using Trellis platform software srv UMG Service 6 Accept Set to DROP srv UMG ean Needed to support KVM sessions to UMIQ modules set to DROP to Service 7 disable KVM support Accept Nee
139. staller User Guide Bracket Connections for Rack Mount Configuration Rack mount safety considerations Elevated Ambient Temperature If installed in a closed rack assembly the operating temperature of the rack environment may be greater than room ambient Use care not to exceed the rated maximum ambient temperature of the appliance Reduced Air Flow Installation of the equipment in a rack should be such that the amount of airflow required for safe operation of the equipment is not compromised Mechanical Loading Mounting of the equipment in the rack should be such that a hazardous condition is not achieved due to uneven mechanical loading Circuit Overloading Consideration should be given to the connection of the equipment to the supply circuit and the effect that overloading of circuits might have on overcurrent protection and supply wiring Consider equipment nameplate ratings for maximum current Reliable Earthing Reliable earthing of rack mounted equipment should be maintained Pay particular attention to supply connections other than direct connections to the branch circuit for example use of power strips Wall mounting NOTE The wall mounting kit is optional and is not included with the appliance it must be purchased separately For details on how to purchase the wall mounting kit contact your Avocent representative To wall mount the appliance 1 Using the slots on the bracket or the supplied template as a g
140. stration 49 Physical Receptacle Control If you allow Physical Receptacle Control rights you have rights to the following Targets Tab Power Outlet Power Outlet Properties On Targets Tab Power Outlet Power Outlet Properties Off e Targets Tab Power Outlet Power Outlet Properties Cycle e Targets Tab PDU lt PDU gt Outlets On e Targets Tab PDU lt PDU gt Outlets Off e Targets Tab PDU lt PDU gt Outlets Cycle Physical KVM If you allow Physical KVM rights you have rights to the following e Targets Tab Appliance Remote Access e Targets Tab KVM switch Connect Virtual KVM If you allow Virtual KVM rights you have rights to the following e Targets Tab Service Processor SP Sessions Virtual KVM Media Virtual Media If you allow Virtual Media rights you have rights to the following e Targets Tab KVM switch Physical Serial If you allow Physical Serial rights you have rights to the following e Targets Tab Appliance Remote Access e Targets Tab Serial Console serial device Connect Virtual Receptacle Control If you allow Virtual Receptacle Control rights you have rights to the following e Targets Tab Service Processor SP System Power View Environmental Data If you allow View Environmental Data rights you have rights to the following Targets Tab Power Outlet Overview 50 Avocent Uni
141. t to add Once SPs are added their information will be displayed within the table on the SP Management page NOTE Users that do not have Administrator access will only see devices to which they have access Default Users The appliance contains a list of default usernames and passwords that will be used when adding and discovering SPs You can add to or modify the credentials in this list The description can be used to identify an account You can also delete a default user by clicking the box next to it and clicking Delete To add or modify a default user 1 Fromthe sidebar click Targets SP Management Default Users 2 Click Add to add a new user Or Click a hyperlinked user name to modify that user 3 Enter or modify the username and password 4 Click Apply Access settings Access settings define the TCP ports that will be used when providing a remote user with an SP Access session i e VKVM vmedia browser SSH and telnet Multiple ports are dynamically allocated from this customizable range for each SP session The time out for these sessions can be configured For more information see Sessions on page 107 Firmware upgrade and repository For supported SPs an administrator can view and upgrade firmware as well as store firmware either locally on the appliance or remotely through the network share To add SP firmware to the repository 1 Fromthe sidebar of the Administration tab click Targets SP Man
142. terface preemption level thatis applied to users accessing target devices through the local interface Adding a user To add or modify a user 1 From the sidebar click Users 2 Click Add to create a new user The Create User screen appears Enter the new username and password and use the drop down menu to define the user role User Power User or Admin or Click the name of a user to modify that user The Modify User screen appears Enter a new password for the User and use the drop down menu to change the user role 3 Define the preemption level 4 Check the box if you want the password to be changed at the next login 42 Avocent Universal Management Gateway Appliance Installer User Guide 5 Checkthe box to enable the session time out and enter the number of minutes for the time out in the field 6 Checkthe box to have the password expire and then enter either the number of days before it expires or the date it expires 7 Checkthe boxto warn the user the password will expire and then enter the number of days before in the field 8 Checkthe boxto have the password expire if the account is inactive and enter the number of days the account must be inactive before it expires 9 Usethe arrows to put the user in a group For more information on groups see Groups on page 44 10 Click Apply Authentication Authentication can be performed locally through LDAP or a DSView server The appliance also supports re
143. th a higher screen resolution than the local computer the Video Viewer window will display a portion of the target screen with scroll bars for viewing the remainder of the screen The user may view the entire screen by adjusting the resolution on the target the local computer or both Session preemption Under the Session Preemption heading you can enable preemption and set the time out Virtual media Under the Virtual Media heading you can enable virtual media lock to KVM session allow reserved sessions and select the virtual media access mode e The locking option specifies whether a virtual media session is locked to the KVM session on the target When locking is enabled default and the KVM session is closed the virtual media session will also be closed When locking is disabled and the KVM session is closed the virtual media session will remain active e Allow reserved sessions ensures that a virtual media connection can only be accessed with your username and that no other user can create a KVM connection to that target When the associated KVM session is disconnected the virtual media session may be disconnected according to the Locked setting in the Virtual Media dialog box Administration 77 e The virtual media access mode allows you to set the access mode for mapped drives to read only or read write When the access mode is read only the user will not be able to write data to the mapped drive on the client server When
144. the Name field enter a name for the network definition 3 Inthe Interface Name field enter the name of the interface with an IP from or that has access to the network being defined The name must match one of the virtual or physical interfaces listed on the Interfaces tab NOTE The network and interface names each must be unique names between 3 and 40 alphanumeric characters 4 Inthe IP Address field enter a valid subnet ID for the network in CIDR format 5 Click Apply 94 Avocent Universal Management Gateway Appliance Installer User Guide To modify or delete a defined network 1 Fromthe sidebar click Firewall and NAT then click the Networks tab 2 Underthe Defined Networks heading check the box next to the network you wish to modify or delete 3 Make your changes and click Apply or Click Delete to delete the defined network Hosts Host definitions can be used in NAT and firewall rules for situations when an individual IP host needs to be referenced separately than other hosts that would be affiliated with a network definition or when multiple hosts need to be referenced uniquely with their own NAT or firewall rules This process is effectively assigning a name to an IP address and then using that name within the NAT and firewall rules By default the lists of hosts will be populated by SPs or UMIQ modules that have been connected to or discovered by the appliance You can create new host entries to r
145. the access mode is read write the user will be able to read and write data from to the mapped drive If the mapped drive is read only by design for example a CD ROM drive DVD ROM drive or ISO images the configured read write access mode will be ignored Setting the read only mode can be helpful when a read write drive such as a mass storage device or a USB removable media is mapped and you wish to prevent the user from writing data to it You can have one DVD drive and one mass storage device mapped concurrently A CD drive DVD drive or ISO disk image file is mapped as a virtual CD DVD drive Smart card You can connect a smart card reader to an available USB port on the client server and access an attached target on the appliance You can then launch a KVM session to open the Video Viewer To view or change the default settings 1 Click Default Settings 2 Uncheckthe box es if you want to automatically delete offline modules or automatically upgrade the modules 3 Forsharing select the box es for Enabled Automatic Exclusive or Stealth 4 Forencryption level use the drop down menus to select the encryption level for Video Keyboard Mouse and Virtual Media 5 Forsession settings Select the Input Control Timeout from 1 to 50 with 1 representing one tenth of a second 9 Check the box if you want to enable session timeout Set the Session Timeout minutes a Select the Keyboard Language from the
146. the appliance is pre populated with Liebert Rack PDU SNMP community defaults To add an SNMP community 1 From the sidebar click Targets PDU Management then click the SNMP Settings tab 68 Avocent Universal Management Gateway Appliance Installer User Guide 2 Enterthe community name string use the drop down menu to select either RO Read Only or RW Read Write as the ComType and enter a community description 3 Click Apply NOTE A com type of RW is required to turn outlets on or off and to modify rack PDU settings You may need to change the SNMP com type within the rack PDU s native interface and within the appliance before control actions will be supported To delete an SNMP community 1 From the sidebar click Targets PDU Management then click the SNMP Settings tab 2 From the SNMP Community table check the box next to the community you want to delete 3 Click Delete Serial PDUs Serial PDUs can be added when physically connected to appliance ports To add a serial PDU 1 Physically connect the serial console IN port of the Avocent PDU to an autosensing port on the appliance 2 The autosense port should automatically switch to serial mode and discover the serial PDU or If the port doesn t auto sense the PDU to manually enable serial mode click Targets Port Configuration a Check the box next to the port and click Port Configuration b Select the Serial radio button and use the drop down menus to
147. tic for method 8 Click Apply Bridge Group Configuration An administrator can choose network interfaces to bridge together into a logical bridge group This feature simplifies the creation deletion and maintenance of bridged interfaces You can bridge both physical and virtual interfaces and bridging supports user created interfaces as well as the pre defined ones A bridge group can be created for each virtual and physical interface defined on the appliance When a bridge group is created it will be assigned a Layer 3 IPv4 IPv6 address When interfaces are added to a bridge group a prompt will be displayed indicating that all IP addresses assigned to Administration 35 the interfaces will be lost and communication with devices accessible through the ports within the bridge group will occur via the bridge group s IP address Appliance interfaces placed into a bridge group will not support DHCP services to prevent conflict with other DHCP services on the network The appliance will also not support UMIQ modules connected to bridged interfaces The appliance is not intended to be a general purpose ethernet bridge The port bridging feature is intended to make devices which are physically connected to private interface ports accessible via the public network infrastructure In order to prevent a switching loop when multiple bridged interfaces are accidentally connected to the same network switch the Spanning Tree Protocol STP fea
148. time zone and daylight savings If you do not have access to an NTP server you can manually set the date and time NOTE You have to set the time on the appliance before enrolling it in the Trellis Real Time Infrastructure Optimization platform Administration 33 Network Settings Click Network Settings to configure the hostname DNS domain name IPv4 default gateway and IPv6 default gateway Network modes The appliance provides agentless remote access and control No special software or drivers are required on the attached servers or client The appliance has three physical network interfaces ethO eth1 privO Each interface has an individual MAC address and can be configured for normal or failover modes Only the public GB1 ethO and GB2 eth 1 are visible to the user interface The 40 private target ports are virtually configured to connect through the internal privO interface To configure individual ports see Port configuration on page 50 NOTE Changes to the appliance network mode will invalidate default firewall rules and can interrupt communication with the appliance See below for more information Placing the appliance into Failover mode or adding ethO or eth to a Bridge group will disable the IP addresses currently assigned to some all appliance interfaces New interfaces will be activated Failover bondO Bridge group group name By default the new interface will not inherit any former IPs
149. ttribute which is the user account attribute that will be used by the appliance to authenticate user credentials against the LDAP server NOTE The PAM Attribute is case sensitive LDAP Configuration Example Authentication Server 10 10 10 250 Base Distinguished Name dc operations dc emerson dc com SSL Mode On v Bind Distinguished Name serviceaccount Bind Password dod PAM Attribute sAMAccountName Cancel You must now create a user group or groups in the appliance that matches a user group or group names in the LDAP directory This will allow any user in that LDAP group to log in with uniquely assigned access permissions To assign LDAP user appliance target permissions 2 3 4 Click Users Groups and create a user group with the same name as a user security group from the LDAP directory Assign the group access to the desired targets Assign the desired permissions for the targets associated with this group Log out to test authentication with an LDAP user account To configure a DSView software authentication server 1 Select Users Authentication DS View 44 Avocent Universal Management Gateway Appliance Installer User Guide 2 Enter the IP address for the DSView server for authentication NOTE This forwards all authentication requests to the DSView server User Target Access After creating or modifying a user click the username and t
150. ture is enabled by default for all bridge groups If the appliance is connected to a network switch with an active Bridge Protocol Data Unit BPDU Guard the STP feature must be disabled for the bridge group NOTE Disabling STP will cause the appliance to store and forward ethernet frames between the ports of the bridge group without any switching loop prevention To create or edit a bridge group configuration 1 From the sidebar click Network Settings 2 Underthe Bridge Group Configuration heading click Add or Click on an existing bridge group to edit it Enter a name for the bridge group Ensure STP is enabled Use the drop down menu to enable the Bridge State o mt o From the list of available bridge interfaces select the interfaces you want to add to the group and click the right arrow 7 Underthe IPv4 heading enter the Maximum Transmission Unit MTU and use the drop down menu to select either DHCP or Static routing If using Static enter the Address Broadcast and Gateway or Under the IPv6 heading enter either DHCP or Static routing If using Static enter the Address and Gateway Click Apply 8 Back on the main Network Settings page change the IPv4 IPv6 default gateway to the name you assigned to the bridge group Click Apply 36 X Avocent amp Universal Management Gateway Appliance Installer User Guide To delete a bridge group configuration 1 From the sidebar click Network Settings 2
151. turn the LED off check the button next to Indicator Off 4 Click Apply The Indicator Status will reflect your changes To view and control the time setting 1 Click an SP name 2 Click the System tab 3 Select either synchronize with appliance or synchronize with client PC and click Apply SEL The SEL tab displays all of the System Event Log SEL entries returned from the service processor An administrator can filter all entries in the table by inputting a case sensitive text string and clicking Filter Click Clear All to remove all SEL information and click Refresh to refresh the page Sessions From the Sessions tab you can open sessions with an SP on the appliance as well as view a list of all sessions by all users to a target SP The Sessions page contains buttons based on the abilities ofthe SP and the permissions of the user viewing the page SP Access sessions allow direct browser vKVM connection from a remote client to SPs being managed by the appliance SP Access is supported for SPs that are both physically connected to the appliance and SPs that are logically managed by IP and not physically connected to the appliance The framework used to provide SP Access is built upon the basic principle of a reverse proxy and replaces the DirectCommand architecture 108 Avocent Universal Management Gateway Appliance Installer User Guide SP Access Session Types Session Button Graphical KVM Virtual KVM Media Command Li
152. u want to restore the default configuration for the SP after upgrading Use the drop down menu to select the firmware version stored in the repository for the upgrade Check the box to schedule an upgrade for a later time and enter the desired date and time for the upgrade Leave the box unchecked to perform an immediate upgrade Click Continue You will return to the Firmware Upgrade screen and the Upgrade Status for the SP you ve chosen to upgrade will change to In Progress Serial management Serial targets connected to an appliance are assigned a target name and associated with an internal tty serial interface The settings for these serial interfaces are split into two locations Port Configuration Serial Settings These settings govern tty interface communication speed parity flow control etc Administration 63 Serial Management Serial Console Ports These settings govern the handling of serial port data within the appliance NOTE To rename a target see Targets on page 50 Serial console ports Any autosensing port can be used to connect a serial target to the appliance The autosensing ports support either the Avocent or Cisco soft pinout modes To edit the CAS settings for one or more serial targets 1 Click Targets Serial Management Under the Serial Console Ports tab click the check box for each port you want to configure Click the Edit button Click the CAS tab to configure the CAS settings
153. uide mark the holes in the plywood wall where the brackets are to be fastened A minimum of two holes for each bracket Installation 9 should be marked Use a 3 16 inch drill bit to drill guide holes at the marked positions Using 1 4 inch by 1 inch hex lag screws not included with the wall mounting kit secure each bracket to the plywood wall using at least two screws for each bracket 2 Removethe two middle truss head screws from each side of the appliance It is important to remove only the middle two screws allowing the cover of the appliance to stay secured Align the holes in the appliance with the holes in the mounted brackets and using the thumb screws provided with the wall mounting kit secure it to the brackets with the slots facing up or down as illustrated Bracket Connections for Wall Mount Configuration Wall and 0U mounting safety considerations Wall mounting is permitted with an optional wall mounting kit sold separately If wall mounting or OU mounting in an equipment rack the appliance must be mounted so that its front face is facing sideways and not toward the floor or ceiling Cabling installation maintenance and safety tips WARNING To avoid potentially fatal shock hazard and possible damage to equipment please observe the following precautions 10 Avocent amp Universal Management Gateway Appliance Installer User Guide The following is a list of important safety considerations that should b
154. ure there is never a duplicated network address assigned to more than one interface within the appliance It is also important to change the default private network addresses within the appliance if they conflict with networks already present within your infrastructure Administration 37 To add static routes 1 Fromthe sidebar select Network Settings Routes Any existing static routes are listed with their Destination IP Mask Gateway Interface and Metric values shown 2 Enterthe destination IP gateway and netmask values in the appropriate fields then use the drop down menu to select the device interface 3 Click Add To delete a static route 1 From the sidebar select Network Settings Routes 2 Click on the name ofthe static route you want to delete then click Delete OSPF and BGP The appliance supports Open Shortest Path First OSPF and Border Gateway Protocol BGP routing standards and their associated configurations An administrator can add edit and delete OSPF and BGP networks OSPF In order to use OSPF an administrator must first configure the appliance ID interfaces and networks settings By default OSPF speaks to all interfaces on the appliance An administrator cannot add an interface but may change the status of an existing interface An administrator is able to add a network for the appliance to give and receive information from other OSPF nodes within the network When adding a network it
155. us of the pass through mode Performing a factory restore will reset the pass through mode to its default state To enable UMIQ pass through 1 Click KVM Management UMIQ Pass Through 2 Checkthe box to enable UMIQ pass through mode and click Apply 3 Click Firewall and NAT from the sidebar Select the box next to Forwarding Rule 512 and use the drop down menu to change the rule state to Not Active Click Apply 4 Create a static routing rule on the client PC or on an intermediary router to direct traffic to private appliance networks or Enable OSPF on the appliance to share routes to the private networks with your intermediary routers For more information see OSPF and BGP on page 37 Target groups From the sidebar click Targets Target Groups From this screen you can create group targets Click Add to create a new empty group or select an existing group and click Delete to delete that group 80 Avocent Universal Management Gateway Appliance Installer User Guide To modify a group 1 Click Targets Target Groups then click on the name of the group you want to modify 2 Selectone or more targets from the Available list on the right and click the left arrow to add them to the group contents NOTE A filter string may be used to narrow the target list 3 Click Apply Startup From the sidebar click Startup to display startup settings Boot configuration defines the location from which the appliance loads the
156. ver to interfaces of public telecommunications networks PSTN e Always obey all local and national fire and building codes Be sure to firestop all cables that penetrate a firewall Use plenum rated cable where it is required e Donotdisable the power grounding plug The grounding plug is an important safety feature e Plug the power cord into a grounded earthed outlet that is easily accessible at all times e Disconnect the power from the product by unplugging the power cord from either the electrical outlet or the product The AC inlet is the main disconnect for removing power to this product For products that have more than one AC inlet to remove power completely all AC line cords must be disconnected e This product has no user serviceable parts inside the product enclosure Do not open or remove product cover Installation 11 CAUTION This appliance contains an internal battery that is used for the real time clock This battery is not a field replaceable item and replacement should not be attempted by a user If real time clock errors occur and the battery is suspected visit http www avocent com support or contact the Avocent Technical Support location nearest you WARNING For Service Personnel Only There is a risk of explosion if the battery is replaced with an incorrect type Dispose of used batteries according to the manufacturer s instructions e This productis for use with other products that are Listed or Certifie
157. versal Management Gateway Appliance Installer User Guide e Targets Tab Service Processor SP Power e Targets Tab service Processor SP Sensors Access Service Processor If you allow Access Service Processor rights you have rights to the following e Targets Tab Appliance Remote Access e Targets Tab Service Processor SP Sessions SoL Session e Targets Tab Service Processor SP Sessions Telnet e Targets Tab Service Processor SP Sessions SSH e Targets Tab Service Processor SP Sessions SSH AutoLogin e Targets Tab Service Processor SP Sessions Browser Session e Targets Tab Service Processor SP Sessions Browser Session Auto Login Targets From the sidebar click the Targets folder to view a summary of the connected targets and their license information From this screen you can rename or delete a target or view a target s status To rename a target 1 Click and highlight the target name you wish to change 2 Overwrite the existing name with the desired name 3 Check the box next to the new target name and click the Rename button at the top of the table To delete a target 1 Check the box next to the target you wish to delete 2 Clickthe Delete button at the top of the table Licenses Under the licenses heading is a summary of the total SP licenses and the number of remaining licenses The number of license available vary by model If there ar
158. very or duplication BIOS updating and target device backup Smart cards such as the Common Access Card CAC can be used to store identification and authentication to enable access to computers networks and secure rooms or buildings Virtual media and smart card readers can be connected directly by using USB ports located on the appliance In addition virtual media and smart card readers may be connected to any remote workstation that is running the remote web UI or DSView management software and is connected to the appliance using an Ethernet connection Flexible users and groups An account can be defined for each user on the appliance or on an authentication server An administrator has an account by default and can add and configure other user accounts Access to ports can be optionally restricted based on authorizations an administrator can assign to custom user groups DSView management software plug in The DSView management software may be used with the appliance to allow IT administrators to remotely access monitor and control target devices on multiple platforms through a single web based user interface DSView software proxy and SSH Pass through features enable convenient and secure remote access for LAN and WAN clients For more information see the DSView 4 Management Software Plug In for the Avocent Universal Management Gateway Appliance Technical Bulletin 6 Avocent Universal Management Gateway Applianc
159. wn menu to either manually or automatically start the search 5 If you want to automatically discover devices on a timed interval you can enter an interval range from 10 minutes to 30 days Enter the time interval in dd hh mm days hours minutes format and click Apply 6 Click Search Range Start to begin the discovery process NOTE Rescanning the same IP range in an environment that is mostly static will consume appliance processing resources and increase network traffic unnecessarily Automatic discovery is only recommended for dynamic environments that undergo frequent change To manually add an SP 1 From the sidebar click Targets SP Management then click the Service Processors tab 2 Click Add SP 3 Enter the IP address and an alias name for the SP 5 6 7 8 9 Administration 57 If you want to supply a username and password for the SP uncheck the box and type in the desired credentials If you leave the box checked a username and password will be found from the default users list Use the drop down menu to select an appropriate SP profile Enter the KG in hex format optional Use the drop down menus to select the cipher and group name optional Check the box if you want to enable SoL data buffering SoL history Click Apply To import a list of SPs Create an SP file using the following format IP Port Username Password Profile For more information see Creating an SP File on page 125 2
160. x 1920 x 768 1024 1200 1050 1080 138 Avocent Universal Management Gateway Appliance Installer User Guide Vide Standard Standard Standard Widescreen Widescreen Widescreen KAY Nr Standard Widescreen 1024 x 1280 x 1600 x 1940 x 800 1680 x 1920 x 768 1024 1200 1050 1080 1280x960 1 E Q 75 Hz 1280 x 1024 j F x 60 Hz 1280 x 1024 x x Q 75 Hz 1360x768 x a 60 Hz X X X Xx E EN EEE EN EN EN EE i EN EE EN j 50 Hz 1400 x 1050 60 Hz 1400 x 1050 72 Hz 1400 x 1050 75 Hz 1400 x 1050 1440 x 900 1440x900 75 Hz 1600 x 900 EN X 60 Hz 1600 x 900 Q 75 Hz 1600 x 900 85 Hz 1600 x 1200 60 Hz 1680 x 1050 60 Hz 1920 x 1080 NOTE denotes the preferred default resolution 85 Hz 60 Hz 60 Hz Technical Support Site If you encounter any installation or operational issues with your product check the pertinent section of this manual to see if the issue can be resolved by following outlined procedures For additional assistance visit www avocent com support Avocent Community Support Site To search product knowledge content visit community emerson com networkpower support avocent About Emerson Network Power Emerson Network Power a business of Emerson NYSE EMR delivers software hardware and services that maximize availability capacity and efficiency for data centers healthcare and industrial facil
Download Pdf Manuals
Related Search