HMX Manager Installer/User Guide
Contents
1. Start time of the session Duration of the session Logged in username User station Transmitter Target computer Active Media Session status NOTE Itis not possible to restrict the types of media available during an active media session A connection will enable all media sessions Video Audio Keyboard Mouse and vMedia All active media sessions To view a summary of all active sessions 1 Ds Click the Units tab The Units All window will open Click Active Sessions in the side navigation bar The Active Media Sessions window opens displaying a list of all the current active media sessions Performing a forced log out To disconnect an active media session 1 2 Click the Units tab The Units All window will open Click Active Sessions in the side navigation bar The Active Media Sessions window will open A list is displayed of all the current active media sessions Click to select the checkbox to the left of the sessions To disconnect all sessions click the checkbox to the left of the Start Time field at the top of the list Chapter 4 Managing Units 39 NOTE If you do not have permission to disconnect an active session you will not be able to select its checkbox or the checkbox at the top of the list 4 Click Disconnect 40 Avocent HMX Manager Installer User Guide 41 E tSessionsandConnectiong tt Unit Sessions and Connections This chapter describes how to view and manage unit session2. User Group Access Rights Access rights indicate whether a user is allowed to perform certain actions on a unit in the HMX Manager system You may assign access control rights from a user group perspective You select a user group specify the units for which rights will be assigned then indicate the permission to perform the action none allow deny or inherit for each unit That procedure is described in this section There are other ways to assign access rights e From a user perspective e From a unit perspective e From a unit group perspective To display user group access rights 1 Click the Users tab 2 Click Groups in the top navigation bar Built In will automatically be selected in the side navigation bar and the User Groups Built in window will open To display the User Groups User Defined window click User Defined in the side navigation bar 3 Click on a user group name The User Group Properties window will open 4 Click Effective Rights in the side navigation bar and then click All Units Target Devices or Appliances The Target Devices Effective Rights window or Appliance Effective Rights window will open Columns indicate the available actions for the unit e Black check mark the user has been granted access for this right e Gray check mark a group to which the user belongs has been granted access for this right e Black X the user has been denied access for this right Chapter 9 User Groups 95
3. On the TACACS server that will be used as an external authentication service add the HMX Manager server as a TACACS client Make a note of the configured shared secret and the available authentication type s on the TACACS server From the HMX Manager Explorer Click the Users tab Click Authentication Services in the top navigation bar The User Authentication Services window will open Click Add The Add Authentication Service Wizard will appear Click Next The Provide Authentication Service Name and Type window will open a Type a 1 64 character name for the TACACS authentication service b Select TACACS from the Type menu c Click Next The Specify TACACS Connection Settings window will open a Type the address of the TACACS host or type the DNS host name in the Server Address field b Type the number of the port from 1 65535 connecting to the TACACS host in the Port Number field The default port is 49 c Click Next The Establish Connection with Authentication Service window will open briefly If the external authentication service is contacted successfully the Specify TACACS Authentication Settings window will open a Select the authentication type from the Authentication Type menu Make sure it is one of the available authentication types noted in step 1 PAP Password Authentication Protocol CHAP Challenge Handshake Authentication Protocol default MS CHAP Microsoft Challenge Handshake Authen
4. Chapter 7 Authentication Services 75 For complete information about what is needed on the RSA server see the RSA Secured Partner Solutions Directory on the RSA web site rsasecurity com To add an RSA SecurlD external authentication service 1 On the RSA server that will be used as an external authentication service add the HMX ManagerHMX ManagerHMX ManagerHMX ManagerHMX ManagerHMX Manager server as an RSA Agent Host From the HMX Manager Explorer click the Users tab Click Authentication Services in the top navigation bar The User Authentication Services window will open Click Add The Add Authentication Service Wizard will appear Click Next The Provide Authentication Service Name and Type window will open a In the Name field type a 1 64 character name for the RSA authentication service b Select RSA SecurID from the Type menu c Click Next The Specify RSA SecurID Connection Settings window will open Type the 1 512 character path to the sdconf rec file or browse to the file location This file is created by the RSA Authentication Manager but is located on the HMX Manager client machine Then click Next The sdconf rec file will be uploaded from the HMX Manager client to the server This file will be used as the initial RSA configuration file for all HMX Manager servers If some HMX ManagerHMX Manager servers require a different configuration a different sdconf rec file must be configured Additionally som
5. To add a department or location 1 2 Click the Units tab To add a department click Departments in the top navigation bar The Departments window opens or To add a location click Zocations in the top navigation bar The Locations window opens Click Add The Add Department or Add Location window will open Type a name and then click Add The Departments or Locations window will open To delete a department or location Click the Units tab To delete a department click Departments in the top navigation bar The Departments window opens or To delete a location click Zocations in the top navigation bar The Locations window opens Click to select the checkbox to the left of one or more departments locations To delete all departments locations in the page click to select the checkbox to the left of the Name field at the top of the list Click Delete A confirmation dialog box will appear Confirm or cancel the deletion To change the name of a department or location Click the Units tab The Units All window will open To change the name of a department click Departments in the top navigation bar The Departments window opens Or To change the name of a location click Locations in the top navigation bar The Locations window opens Click the name of a department location The Department Location Name window will open Type a new character name 1 64 characters Click Save and then clic
6. VERSION 6 X INSTALLER USER GUIDE Avocent HMX Manager Version 6 X Installer User Guide Emerson Emerson Network Power and the Emerson Network Power logo are trademarks or service marks of Emerson Electric Co Avocent the Avocent logo and DSView are trademarks or service marks of Avocent Corporation or its affiliates in the U S and other countries All other marks are the property of their respective owners This document may contain confidential and or proprietary information of Avocent Corporation and its receipt or possession does not convey any right to reproduce disclose its contents or to manufacture or sell anything that it may describe Reproduction disclosure or use without specific authorization from Avocent Corporation is strictly prohibited 2013 Avocent Corporation All rights reserved NOTE This document supports versions up to and including release 6 X 590 1104 501B TABLE OF CONTENTS LE OF CONTENTS Product Overview 55s cere kaka kak kak kak kann eee acest ae E narea 1 Introduction 2 2 0 2 AZ JJA HHHH HH eee ees 1 Features and benefits LAL LSS LESS eee 1 System Components 20 sis ccc ccc cece ee eee haa d iriiria L w n a dana a aa aa dwa al u aka danan 2 Upgrading the HMX Manager 2 2 00 00 2020 cece EEE SEES SEES SA ASK KK KK KK KK KK KK KK KK KK KK KK KH 2 Safety Z A A eee eee 3 Installation and Setup occ ccc ec cc cc ccc ec ec ccc ce ce ccecec
7. Click the checkbox to the left of the username s To delete all users on the page click the checkbox to the left of User Name at the top of the list Click Delete A confirmation dialog box will appear Confirm or cancel the deletion Unlocking User Accounts If lock out settings have been specified for the HMX Manager internal authentication service and a user exceeds these settings the user will not be allowed to attempt another log in until a certain amount of time has passed Users that have been locked out will appear with a lock next to their name in the User Accounts window and Locked will appear in the Status column User administrators or administrators may manually unlock the user accounts To unlock one or more user accounts 1 2 3 Click the Users tab In a User Accounts window click the checkbox to the left of the username s Click Unlock Chapter 8 Managing User Accounts 83 Resetting a User Account Password An HMX Manager administrator or user administrator may reset a user s password When a password is reset the user will be required to login by typing password as their password then enter and verify a new password for their account the next time they start an HMX Manager session To reset a user account password 1 Click the Users tab Click the checkbox to the left of the user s to reset the password Click Reset Password A confirmation dialog box will appear Pe od Confirm or canc
8. No Yes Yes No Yes Chapter 9 User Groups 91 Built In User Group Operation Server User Appliance Administrator Administrator Administrator Aucie Usare All event related operation Change your own password In addition to the built in user groups the HMX Manager supports user defined user groups See Grouping Units on page 47 Add change delete user accounts and user defined Yes Yes No No user groups es e js js o Adding User defined User Groups If you are using HMX Manager internal authentication you may add your own custom user defined user groups and then add other users that use internal authentication as members External user defined user groups on external authentication servers may be added but their membership is not controlled by the HMX Manager software NOTE You must have Avocent HMX Manager administrator or user administrator rights to add user defined user groups HMX Manager internal RADIUS LDAP Windows NT or Active Directory authentication services To add a user defined user group 1 Click the Users tab Click Groups in the top navigation bar Click User Defined in the side navigation bar The User Groups User Defined window will open 2 Click Add The Add User Group wizard will appear 3 The Select Authentication Service window will open This window lists all authentication services that may be used to authenticate the user group when the user logs in See Authentication Ser
9. ObjectClass group This search is recursive and finds nested groups This search may be slow depending on the number of groups and levels of nesting Or Enable Use an Active Directory Global Catalog to have the AD service access the global catalog for the specified domain name The search includes the TokenGroups attribute of the ObjectClass user This search is faster but only retrieves the nested groups SIDs subsequent calls must be made to find the group name and specific SIDs or Enable Use Windows 2003 Universal Group Caching if you wish to have the AD service access the domain controller for the specified domain name The search includes the TokenGroups attribute of the ObjectClass user This search is faster but only retrieves the nested groups SIDs subsequent calls must be made to find the group name and specific SIDs The Windows 2003 Universal Group Caching feature must be enabled in the Windows 2003 AD server i Click Allow users and groups from newly discovered trusted forests to allow logins by users that belong to the authentication service forest or its discovered trusted forests If enabled the HMX Manager will discover all trusted forests in the Active Directory service j Click Next If you selected Use SSL in Certificate based Trust Mode go to step 6 If you selected Do Not Use SSL or Use SSL in Trust All Mode go to step 8 The HMX Manager server will try to find a server that has a trusted certificate cha
10. children an arrow will be displayed next to its name e To display a list of groups in the global root group click Global Root The first global unit group listed will automatically be selected Click on the arrow next to a group to expand it and display subgroup names e To display a list of groups in the personal root group click Personal Root The first personal unit group listed will automatically be selected Click on the arrow next to a group to expand it and display subgroup names You may customize the number of items per page that appear in this window To display a list of unit groups in a Units View window NOTE When you create a unit group you may indicate whether it and any of its child unit groups will be displayed in the side navigation bar 1 Click the Units tab 2 Click Groups in the side navigation bar The Groups Global Root window will open e Ifa unit group has subgroups children an arrow will be displayed next to its name When a selected group has subgroups the window will display either the immediate children of the unit group or all descendents of the unit group depending on the Show group descendants setting e Ifa unit group does not have subgroups a document icon will be displayed next to its name in the side navigation bar When you click on a unit group in the side navigation bar that has a document icon that is it has no subgroups a window will open listing the units in the group This
11. of the person you wish to designate as the sender of the notification c Inthe Subject field type a subject heading up to 64 characters for the notification d Click Next 98 Avocent HMX Manager Installer User Guide 2 The Select Events to Trigger Email Notification window will open To add one or more events select the event s from the Available Events list then click Add The event s will be moved to the Events To Notify list To remove one or more events select the event s from the Events To Notify list then click Remove The event s will be moved to the Available Events list Click Next The Select Unit Groups to Trigger Email Notification window will open e To add one or more unit groups select the unit group s from the Available Unit Groups list then click Add The unit group s will be moved to the Selected Unit Groups list e To remove one or more unit groups select the unit group s from the Selected Unit Groups list then click Remove The unit group s will be moved to the Available Unit Groups list Click Next The Completed Successful window will open Click Finish To change an email notification 1 2 6 Click Email Notifications in the side navigation bar The Email Notifications window will open Click on the email subject of the notification you wish to change The Email Notification Properties window will appear To change the notification information a In the Send
12. Change unit properties Custom operations defined in plug ins may also be listed in the Operations menu A given action will be available only if at least one of the selected units supports the action If a selected unit does not support the operation it will be reported as such in the results window When one of these multiple unit operations is initiated and confirmed if needed a system task is created that will perform the operation on each unit The Multiple Unit Operation window will open indicating the operation has been submitted This window contains a link that directs the user to the Operations Results window for the task To initiate and view results from multiple unit operations from a Units View window 1 Ina Units View window initiate the multiple unit operation as described in the procedures referenced above If prompted confirm the operation 2 The Multiple Unit Operation window will open indicating the operation has been submitted If you do not want to view the results of the operation click Close and skip the rest of this procedure To view the results of the operation click Click here to view results 3 The Operations Results window will open listing all multiple unit operations and any unit tasks that have been initiated The entry for each operation includes e Name of the operation When the operation started e When the operation finished blank if not yet complete 24 Avocent HMX Manager Ins
13. Chapter 4 Managing Units 31 To view information about individual user stations or transmitters click on a specific unit listed in the Units All window The Unit Overview window opens When the Unit Overview window opens the following information is displayed e For Managed Units user stations and transmitters Name Type EID MPN Address MAC address and status of the managed units and the tools that can be used to reboot and upgrade firmware The available tasks depend on the type of managed unit e For Authorized Target Computers Display Name Type Address and MAC address The Unit Overview window also enables you to change the name of a unit reboot a unit or upgrade the firmware of a unit See Managing firmware upgrades on page 34 for more information on upgrading your firmware To change the name of a unit 1 Click the Units tab A list of all units managed by the HMX Manager appliance is displayed 2 Click the unit name you wish to change The Unit Overview window will open 3 Type anew name for the managed unit NOTE You cannot change the unit type 4 Click Save and then click Close Changing unit properties The HMX Manager appliance enables you to manage the department and location properties as well as the primary contact details for each unit To change the properties of a unit 1 Click the Units tab A list of all units managed by the HMX Manager appliance is displayed Click the unit name you wish
14. Customize link To define custom fields 4 NOTE You must have Software Administrator or Appliance Administrator access to define custom fields Click the Units tab Click Custom Field Labels in the side navigation bar The Unit Custom Field Labels window will open For each custom field type the 1 64 character name for the first custom field label The first and second level custom fields for units will appear under this heading in the side navigation bar all other custom fields will not appear in the side navigation bar but may be displayed in the content area by clicking Customize and adding the field Click Save The Custom Field Labels name will continue to appear in the side navigation bar until you associate the custom label with a unit To associate a custom label with a unit 1 2 In a Units View window click on a unit The Unit Overview window will open Click Properties in the side navigation bar and then click Custom Fields The Unit Custom Fields window will open In each field type the 1 64 character name to associate with the corresponding label You may also leave the field blank Click Save and then click Close The Appliance All window will open The side navigation bar will include the names of the defined and associated custom fields 50 Avocent HMX Manager Installer User Guide Unit Groups Unit groups may be used to organize units You may create nested unit groups unit groups within unit
15. Eka y k NERA 82 Unlocking User Accounts 0 200 002 LALES eee KK KK KK KK KG 82 Resetting a User Account Password jLL LALE L LSS EEE cence eee eee eee es 83 Changing User Account Properties LL 0000 ccc EEL eee KK KK 83 r Oe ae e ree ebe A Ade oi did sy chee he eee ee 83 SOPA password sits dace unis y VE Nend NAy no kene tala E e Mia E 84 User account restrictions and expiration settings uL LALES 0000 ccc SEKS KK RAKR 84 User group membership ALL L LAL A SAL eee eee eee teens 85 AAQKESS Jt SPR OSSOS OSL BOHR SSA e SSN Med BNI 2A Sad ROE ORSON al OLE SER RSI akena BASRA SIP O Y k DF ei 85 Ph ne Gonde t2 y n ac a a k kblk l aa aa ek k aa aa l b n k b ka a k ae ai d ka A La 85 EMQUNCONLACE tics bhi alo eaa kl RA eh OG e NA Ta a zan e k 2 86 User NOLES 3 PASA naa en a CA S W es a RONA e A 72AN A a TV ANS EER 86 Custom field Proper aT a e l l l yada de d in d Sgn a Wn ea sh Sad A WO eG eo oe du di os Nia 86 User Ay Q A EIES AEEA E E E EE E HRH Sante EA kes Nhe nnn 86 User GROWS oe es cane eRe dk 3h Sones a dose snc HHHH HHHH EMDDDRDy ADMDM Wmu DE E 89 Built in User Groups 2 2 00 2002 ccc c cece nce e EEE EEE EEE EEE EEE EE EEE EEE EEE EEE KE E E E E E E E E E KK KK KK KK KK KK KK KK KK R 90 Adding User defined User Groups LLL ALLE LALES ELSA SEES E EKSE KK KK KK KK KK KK KK KK R 91 Deleting User defined User Groups 002002
16. Manager will approve the server and then the certificate before transmitting data This SSL method provides maximum security and automatically sets the Port Number field to a default port number of 636 Click Save to save your changes If you selected Use SSL in Certificate based Trust Mode the Certificates heading will appear in the side navigation bar Go to step 8 If you selected Do Not Use SSL or Use SSL in Trust All Mode go to step 15 Click Certificates The Authentication Service Certificate Management LDAP window will open and list all servers that belong to the domain A status of Trusted indicates the certificate is trusted based on the certificate policy Untrusted indicates the certificate cannot be trusted To register certificates click the checkbox to the left of the server IP address es To select all server IP addresses on the page click the checkbox to the left of the IP Address heading Click Register to register the certificates The Accept SSL Certificate window will appear Click Save to store the certificate values to the HMX ManagerHMX ManagerHMX ManagerHMX ManagerHMX Manager database on the host The Certificate Management window will open if only one certificate was selected If more than one certificate was selected each will appear in order in subsequent Accept SSL Certificate windows To unregister one or more certificates check the checkbox to the left of the server IP address es To s
17. Search DN value must be separated by a comma b Type the object class The default value is group c Type the member attribute The default value is member d Type the username member attribute only the username not the full LDAP object DN The user s group membership will be located using this attribute in addition to the member attribute This attribute is primarily used with NIS like schemas e Click Next The Select Browsing Method window will open Click Browse Anonymously to browse users on the external LDAP authentication server Or Click Browse with user credentials to browse users on the external LDAP authentication based on credentials configured on the server If this option is selected do the following a Type a log in ID in the User Name field in one of two forms a fully qualified distinguished name or the username of an account in the base user DN b Type the password for the LDAP user account in the Password field c Click Next The Establish Connection with Authentication Service window will open briefly If the external authentication service is added successfully the Completed Successful window will open Click Finish The User Authentication Services window will open with the new service listed To change connection settings for the LDAP external authentication service 1 2 Click the Users tab Click Authentication Services in the top navigation bar The User Authentication Services
18. The HMX Manager appliance is configured as hub by default When an HMX Manager appliance is registered as spoke server into another HMX Manager appliance all the data in the spoke is deleted and overwritten with the data from the hub This process is called initial load Once the initial load is completed both HMX Manager appliances have the same information Incremental updates The incremental updates are done by the pull and push tasks which are executed every period of time by default 1 minute by each spoke The push task takes care of sending all the changes to the hub while the pull task retrieves changes from the hub If communication between the hub and a spoke is broken changes are queued in both sides Upon communication being reestablished the push and pull tasks send and retrieve all the changes made since the last time the replication was successful To register an HMX Manager appliance as a spoke server NOTE Because the spoke database gets deleted in this operation Avocent recommends making a backup copy of the spoke database first g95 SS ON SON re 29 9 Chapter 2 Installation and Setup 17 Click the System tab Click HMX Manager in the top navigation bar The side navigation bar will include the name of the server to which you are logged in Click Tools in the side navigation bar Click the Register as Spoke Server icon The Register Spoke Server Wizard will appear Click Next Type the hub s IP addres
19. The spoke server certificate information will be updated on the hub server Click Close The Spoke Servers window will open To specify email properties p IS Click the System tab Click HMX Manager in the top navigation bar Click Email in the side navigation bar The Server Email Server Properties window will open Type a new address for the SMTP server that sends email notifications as a domain name or an IP address in standard dot notation XXX XXX XXX XXX If your SMTP server requires login credentials select Login required to access SMTP server and type a username and password then confirm the password Click Save to store HMX Manager email property information in the HMX Manager database on the host 12 Avocent HMX Manager Installer User Guide Unit status polling To use unit status polling 1 2 3 7 Click the System tab Click HMX Manager in the top navigation bar Click Unit Status Polling in the side navigation bar The Server Unit Status Polling Properties window will open Select Enable unit status polling Type the number of seconds to wait between polling cycles from 30 999 seconds The default is 900 seconds 15 minutes A smaller value results in greater accuracy Type the number of managed appliances that may simultaneously be polled to obtain status information from 1 25 units The default is 5 A larger number results in faster speed Click Save to store unit status informati
20. click Finish Adding units on an IP subnet This procedure is valid for transmitters and user stations To add a unit from a subnet 1 ve 8 In a Units All window containing managed units click Add The Add Unit Wizard Welcome Window will open Click Next The Select Add Unit Procedure window will open Click Discover units on an IP subnet address and then click Next The Enter Subnet Address Window will open Type the IP address in standard dot notation xxx xxx xxx xxx and click Next The HMX Manager appliance searches for managed units within the IP subnet address range When the search is completed the Select Units to Add window will open listing the results To add one or more managed units select the managed units in the Units Found list then click Add The managed units will be moved to the Units to Add list To remove one or more managed units select the managed units in the Units to Add list then click Remove The managed units will be moved to the Units Found list Click Next The Completed Successfully window will open To exit the Add Unit Wizard click Finish The Unit Overview Window To view a summary of all units managed by the HMX Manager appliance click the Units tab The Units All window will open showing all the units that are managed by the HMX Manager appliance To view a list that contains only transmitters or only user stations select the appropriate option in the side navigation bar
21. eae cae eee tee tot de kee See ieee en eee ee 18 Units View Windows 200 2 ee ees 21 Types of Units View Windows 20 20 20020 ELLES EEE ESSA EEE SEES KK KK KK KK KK KK KK KK anaana 21 Showing and Hiding Units LALES LEE LSS ESASA SEES ESASA eee eee 22 Units View Windows Fields LL 0002 cece ESLA eee 22 Multiple Unit Operations from a Units View Window 2 2 20020020000 02 cce eee cece e eee 23 Unit Overview Windows 0 220 202 ccc cee EEE SEES EEE EEE KESR e KK KK KK KK KK KK KK KK KK KK KK KK KK KK KK 24 Unit Status Window LL L ASAS eee ESAS ESSA KK KK KK KK KK KK KK KK KK KK KK KK KK KK KK KG 24 Managing Units _ 202 2 cece aa cece ec eceecececcececeececececeeeeceees 27 Using the Units Tab in the Explorer Window 20 2002002002002 0000 eee cc cece ESASA KK 27 iii Avocent HMX Manager Installer User Guide Deleting units vee eo e P EKN EEEEEEEEEHEHH HHHH Se Ae ee be tetas Se 27 Ease of Installation sise e a M B D080B8B323 gt 3P gt p D D3DPDP33D3BD3 D gt 3ZZD NMBNEME RNN 2BPQnJMM I MDENEMEII IuEEEE EE EN ENE E EN DODNMEDEOEDEAODaAEAMM N 22 The Units All Window LL LALE ELLA LSS anaana 000 eee 27 Adding units via the Add Unit Wizard 2 2 02 00 2000 c cece cece eee eee eee 28 Adding units from a range of IP addresses 2 2 22 20020 ccc cece eee eee eee eee eee 29 Adding units on an IP subnet 1 0 2 ccc cece ee cence
22. navigation bar The User Authentication Services window will open Click Internal The side navigation bar will change to include Internal at the top and below the name the information you may define Click Account Policies The Authentication Service User Account Policies Internal window will open Specify the password policies for the authentication service a Type a number from 1 64 in the Minimum Password Length field or click the arrows to select a number b Check the Passwords Expire checkbox to require a user to change the password after a certain number of days Specify a number from 1 365 in the Maximum Expiration days field or select a number c Select Passwords must contain both alpha and numeric characters if new passwords must contain at least one letter and one number d Select Passwords must contain both lower and upper case characters if new passwords must contain at least one uppercase and one lowercase letter Specify the lockout policy for the authentication service To assign a specific number of user login attempts check the Lockout users after invalid login attempts checkbox then continue with step a If you leave this checkbox unchecked unlimited user login attempts will be allowed Skip to the last step a Type the number of allowable user login failures from 1 25 in the Maximum Login Failures field or select it from the menu 7 Chapter 7 Authentication Services 59 b To permit
23. or if using DHCP ensure that the IP addresses are assigned with unlimited lease times There is no restriction on how LAN port 2 can be configured It is also possible to configure DNS on the HMX Manager appliance if it is required for administrator access through a web browser NOTE If DHCP is selected the HMX Manager appliance must be rebooted for the change to take effect 5 Type 3 to set the time and date a Select the appropriate timezone Determine the offset in hours between your local time and Coordinated Universal Time UTC A negative offset indicates that the time zone is west of UTC and a positive offset indicates that the time zone is east of UTC For example Eastern Standard Time would be 5 b Input the year month day hour minute and seconds The year requires four digits while the rest of the digits can be either one or two digits 6 Type 0 and press Enter to exit Launching the HMX Manager Appliance Web Interface The HMX Manager appliance operates using default Internet Explorer settings In the event that the default Internet Explorer settings have been altered SSL and Javascript must be enabled to successfully access the HMX Manager appliance To launch the HMX Manager Appliance web interface 1 Launch Microsoft Internet Explorer 2 Inthe address field of the browser enter the IP address assigned to the HMX Manager appliance LAN port 1 Use https xxx xx xx xx as the format NOTE If DNS is ena
24. power cord in any product configuration e Test AC outlets at the target computer and monitor for proper polarity and grounding e Use only with grounded outlets NOTE The AC inlet is the main power disconnect Observe the following general safety precautions when setting up and using Avocent equipment e Follow all cautions and instructions marked on the equipment e Follow all cautions and instructions in the installation documentation or on any cautionary cards shipped with the product e Do not push objects through the openings in the equipment Dangerous voltages may be present Objects with conductive properties can cause fire electric shock or damage to the equipment e Do not make mechanical or electrical modifications to the equipment e Do not block or cover openings on the equipment e Choose a location that avoids excessive heat direct sunlight dust or chemical exposure all of which can cause the product to fail For example do not place an Avocent product near a radiator or heat register which can cause overheating Ensure that the voltage and frequency of the power source match the voltage and frequency on the label on the equipment e AC power supplies have grounding type 3 wire power cords Make sure the power cords are plugged into single phase power systems that have a neutral ground e Do not use household extension power cords with Avocent equipment because household extension cords are not designed for use
25. sub domain See To add an Active Directory external authentication service on page 59 for an explanation of the valid forms In the Group Container field specify the name of the container to search for user groups This will limit the search scope to that container The name may be entered in several forms optionally including a sub domain See 7o add an Active Directory external authentication service on page 59 for an explanation of the valid forms Specify a Secure Socket Layer SSL Encryption mode e Click Do Not Use SSL to have authentication performed using unencrypted clear text instead of SSL encryption This method is the least secure e Click Use SSL in Trust All Mode to use SSL encryption for data transmission All server certificates will be trusted and automatically accepted by the HMX Manager for transmitting data This SSL method provides medium security This encryption mode is not recommended for wide area networks WANs e Click Use SSL in Certificate based Trust Mode to use SSL encryption for data transmission The HMX Manager will approve the server and then the certificate before transmitting data This SSL method provides maximum security Click Use Kerberos for User Authentication to use the Kerberos protocol for authentication requests including the browsing If enabled you must use DES encryption types for this account If an account was created prior to Active Directory the user s password must be change
26. subfolder sun myusers The User Container field may be entered as Example 1 no sub domain sun myusers Example 2 no sub domain ou myusers ou sun If users are contained in a sub domain such as mktg sunrise mycompany com valid forms are Example 1 with sub domain mktg sunrise mycompany com sun myusers Example 2 with sub domain and no container specified mktg sunrise mycompany com Example 3 with sub domain ou myusers ou sun dc mktg dc sunrise dc mycompany dc com c Inthe Group Container field specify the name of the container to search for user groups This will limit the search scope to that container The name may be entered in several forms optionally including a sub domain Valid forms are explained in step 5b above d Inthe Username Type menu select the type of username Each choice in the menu contains an example A Full Windows 2000 username is specified as username domain A Partial Windows 2000 username is specified as username A Full Pre Windows 2000 username is specified as domain username A Partial Pre Windows 2000 username is specified as username This option may only be configured for new authentication servers it cannot be modified Existing authentication servers are set to the Partial Windows 2000 Username type for compatibility e Specify a Secure Socket Layer SSL encryption mode e Click Do Not Use SSL to have authentication performed using unencrypte
27. that is used by the HMX Email 3 wage Manager to send email notifications Enables disables unit status polling for the HMX Manager server and specifies the delay between polling cycles and the number of managed appliances that will be concurrently polled Spoke Servers Enables you to manage the HMX Manager spoke servers in your system Target Computer Polling Server certificates HMX Manager administrators manage server certificates Security alerts The HMX Manager uses SSL Secure Sockets Layer to securely communicate between the HMX Manager hub server and HMX Manager clients SSL provides secure authentication using certificates which is data that identifies the PC with which communication will occur A certificate is typically verified by another certificate from a trusted certificate authority NOTE When the Fast Switch option is enabled security protocols will be disabled and data will not be encrypted 10 Avocent HMX Manager Installer User Guide When the HMX Manager is initially installed it generates a self signed certificate for use with HMX Manager clients To replace this an HMX Manager administrator may create a Certificate Signing Request CSR to submit to a trusted third party Certificate Authority CA for signature The administrator may then replace the generated certificate with the new one If the generated certificate is not replaced the web browser will prompt a user whether to trust the generated cer
28. the left of one or more sites departments locations To delete all sites departments locations in the page click the checkbox to the left of Name at the top of the list Click Delete A confirmation dialog box will appear Confirm or cancel the deletion To change the name of a site department or location Click the Units tab To change the name of a site click Sites in the top navigation bar The Sites window will open To change the name of a department click Departments in the top navigation bar The Departments window will open To change the name of a location click Locations in the top navigation bar The Locations window will open Click on the name of a site department location The Site Department Location Name window will open Type a new 1 64 character name Click Save and then click Close The Sites Departments or Locations window will open To associate or change the association of an existing unit to a site department or location 1 2 Click the Units tab Click one of the links listed in 2 in the side navigation bar to display the corresponding window for the units you wish to associate change or remove the association Table 6 1 Links for Managing Sites Departments or Location Associations Link Window Changes Site Associations For Alink under Target Devices Target devices only Alink under Appliances Appliances Managed appliances only Click on the name of a unit The Unit Overview window
29. using the Customize link To group units by site department or location you first create a site department location then associate units with it Sites departments locations that contain units to which a user does not have access rights will not appear in the side navigation bar The site department location must also have at least one unit associated with it to be displayed in the side navigation bar To add a site department or location 1 Click the Units tab 2 To add a site click Sites in the top navigation bar The Sites window will open To add a department click Departments in the top navigation bar The Departments window will open To add a location click Locations in the top navigation bar The Locations window will open 3 Click Add The Add Site Add Department or Add Location window will open 4 Type aname then click Add The Sites Departments or Locations window will open A site department or location will not be listed in the side navigation bar until a unit has been associated with it 48 Avocent HMX Manager Installer User Guide To delete a site department or location 1 2 Click the Units tab To delete a site click Sites in the top navigation bar The Sites window will open To delete a department click Departments in the top navigation bar The Departments window will open To delete a location click Locations in the top navigation bar The Locations window will open Click the checkbox to
30. window can include the same fields as other Units View windows See Units View Windows Fields on page 22 When you customize this window you may also enable disable the display of descendants When enabled and a unit group is selected in a side navigation bar the window will display all descendants of the group When disabled only the immediate children of the selected group will be displayed To display information about a unit group 1 Click the Units tab Click Groups in the top navigation bar Click the group container or the parent group of the unit group you want to display information about Click on the unit group name Mi eS The side navigation bar will contain information links about the selected unit group e Click Name in the side navigation bar to display the unit group name e Click Members in the side navigation bar to display the unit group members e Click Groups to display a list of groups that are members of the unit group e Click Units to display a list of units that are members of the unit group e Click Access Rights in the side navigation bar to display the unit group access rights 6 Click Close Chapter 6 Grouping Units 53 Adding or deleting a unit group To add a unit group 1 2 3 Click the Units tab Click Groups in the top navigation bar The Unit Groups window will open Click the checkbox next to the group container Global Root or Personal Root or the group name that you wan
31. window will open Chapter 10 Events and Event Logs 99 Click the checkbox to the left of the notification s to be tested To select all notifications on the page click the checkbox to the left of Email Subject at the top of the list Click Test You will be prompted to confirm the test Confirm or cancel the test To delete an email notification 3 4 Click Email Notifications in the side navigation bar The Email Notifications window will appear Click the checkbox to the left of the notifications to delete To select all notifications on the page click the checkbox to the left of Email Subject at the top of the list Click Delete You will be prompted to confirm the deletion Confirm or cancel the deletion Changing the Event Log Retention Period By default an event log is retained for seven days one week You may specify a retention period of up to 365 days one year NOTE Event log information is stored in the HMX Manager database and is replicated Increasing the event log retention time may impact the performance of the HMX Manager system To change the event log retention period R 9 Click the Reports tab Click Log Configuration in the side navigation bar The Event Log Retention Time window will open Type a number of days from 1 365 in the Days field or select it using the menu Click Save 100 Avocent HMX Manager Installer User Guide 101 APPENDICES Appendix A Technical
32. 0 02000 c cece eee ESSA EKE SK KK KK KK KK eee 93 User Group Properties 2 0 0 200 LL cece cece EEE SEES EEE EEE SEES EE EEE EEE KE KK KK KK KK KK KK KK KK KK KK KK KK KK KH 93 Changing User Group Members j j Las sS 0000 cece nce ESAS ESASA EEE KS EKE KK KK KK KK KK KK KK KK 93 User Group Access Rights 0 0 00 00 0 0000 c cece eee eee 94 Events and Event Logs o oo occ cece cece cece cece cence ka Kak aA KK KAK KK KK KK KH 97 Email Notifications i tpt 2 BEER Nt NS i Paleo RE lela DIRE M_ M i iM i NM a EINEN nHnHnH HNH ENENHHJHHHJJMM RZ QZ 97 Changing the Event Log Retention Period 20 00 00 000000000 c cece nce eee EEE ee KAKE KK ASA 99 v Avocent HMX Manager Installer User Guide Appendix A Technical Support 2 2 0 0 0 an kn Appendix B Technical Specifications e cece eee cece eee eee E uctoverview 2 at Product Overview Introduction The Avocent HMX Manager is a secure web browser based centralized enterprise management solution that allows users to remotely manage and monitor multiple HMX extender systems The HMX extender system which includes a transmitter and a user station provides users with a full computer desktop experience from anywhere on the corporate TCP IP network while maintaining the computers securely housed in a corporate data center The addition of the HMX Manager appliance allows the user stations and transmitters that compris
33. 8 Avocent HMX Manager Installer User Guide 79 BEME ding User Account i ati tt Managing User Accounts This chapter describes how to manage user accounts The HMX Manager allows you to Add change and delete user accounts Unlock user accounts Specify user account restrictions Change user group membership Display user and user group access rights to target devices and managed appliances Add and delete user defined user groups Display assign and remove user group members from built in or user defined user groups User Accounts Windows User accounts are displayed and managed through User Accounts windows To display the User Accounts window 1 2 2 Click the Users tab The User Accounts All window will open To display the names of users in a built in or user defined user group click the group name link under User Accounts in the side navigation bar The User Accounts window for that group will open listing all the users in the group To select a user click on a username in a User Accounts window Customizing the User Accounts window The User Name field is usually displayed in the User Accounts window One of the icons in Table 8 1 will appear to the left of the usernames and represent the status of each HMX Manager user 80 Avocent HMX Manager Installer User Guide Table 8 1 User Status Icons icon Authentication Status Method Enabled The user can log in and use the HMX Manager software
34. 9 20 Avocent HMX Manager Installer User Guide 21 E te view Windows 42 ati tt Units View Windows Units View windows display list of units that have been added to the HMX Manager database A user must have unit view access rights to open Units View windows Also units will not display if they are hidden Each Units View window contains one or more information fields Units are displayed in a table format with column headings Click the checkbox to the left of each unit name to select deselect the unit for an operation To select all the units on a page click the checkbox at the left of all the column headings at the top of the list To deselect items that were previously selected click the checkbox again If the list of units spans more than one page units on subsequent pages will not be selected Click Customize to specify how many units appear on a Units View page Types of Units View Windows There are four types of Units View windows which are accessed by clicking tabs and side navigation bar links Any Units View window that contains managed appliances may also be viewed using the topology feature which displays a hierarchical structure e All Appliances The Appliances All window lists all managed appliances e Appliance Type Appliance Type windows list all managed appliances of a particular type The Appliance Type links in the side navigation bar are listed under Appliances All An appliance type will onl
35. Face with a internal Disabled The user cannot log in to the HMX Manager software See User red X account restrictions and expiration settings on page 84 Locked The user account has been locked the user cannot log in to the HMX Padlock internal Manager because the maximum number of log in failures has been exceeded See Authentication Services on page 57 and Unlocking User Accounts on page 82 Question External Suspicious The user account exists but the external authentication server no mark longer contains the account Expired The user account is configured with an expiration date which has passed Expired user accounts remain in the system until deleted See User account restrictions and expiration settings on page 84 Face with a clock The following fields may be displayed in the User Accounts window Use the Customize link to add or remove fields in the display Full Name Another name for a user For example a user may have a username of Sunrisel and a full name defined as Mary Jones See Username on page 83 Status User account status Enabled Disabled Locked Suspicious or Expired One of the user status icons in Table 8 1 will appear to the left of the username When a User Accounts window contains this column values are not displayed for external users users validated with external authentication services Authentication Server Name of the internal or external authentication server See Authentication S
36. Properties window will open Change any of the following network settings e Type a new computer name to use as the spoke server e Type a new address in standard dot notation xxx xxx xxx xxx for the spoke server e Type a new port number for the spoke server Click Save and then click Close The Spoke Servers window will open To delete a spoke server 1 2 On the hub server click the System tab Click HMX Manager in the top navigation bar The side navigation bar will include the name of the server to which you are logged in Chapter 2 Installation and Setup 15 3 Click Properties in the side navigation bar and then click Spoke Servers The Spoke Servers window will open 4 Click the checkbox to the left of the spoke servers you wish to delete To delete all spoke servers click the checkbox to the left of Name at the top of the list 5 Click Delete A confirmation dialog box will appear 6 Confirm or cancel the deletion NOTE When a spoke server is deleted it is no longer allowed to communicate with the hub server Only spoke servers that are no longer active should be deleted If a spoke server is still active it may be re registered using the Register Spoke Server wizard Promoting spoke servers Promoting a spoke server to be a hub server is usually done only if the current hub server is no longer operational and will not be brought back into service For less severe problems with a hub server the backup a
37. R A 50 DN AM ALL EE AE EN EE AS S I EET EE E EEA 51 Adding or deleting a unit group ALL LL SLA LAL SAS ASAS eect KK KK KK KK KH 53 Table of Contents iv Changing the unit group properties J J cc LAL Ea LEE EEE EEE EE EEE EE EE SES EE EE SE SEE ee SES KK KK KK KK KK KK KK KK KK K6 53 Authentication Services a8a iatan anaana annaran nennen 57 Supported Authentication Services 0 200 000 0000 ccc vce ees 57 HMX Manager internal authentication service 0 00 eee 58 Active Directory external authentication service JLL LL cece cece eee ESASA EEE SEK KK KK KK 59 Windows NT external authentication Service j 000000 e cece ee SEE EEE SEES eee eee 64 LDAP external authentication service 2 2 ccc eee eens 66 RADIUS external authentication service 0 0000 ccc eee eens 70 TACACS external authentication service j cece ccc cece cece cece cece eee SEKE E KK KK KK KK KK KK KK KK R 71 RSA SecurID external authentication service 0 200 020 0cc cece cece eee e EEE EEE EEE EEE EEE EEE EEE KEK KE 74 User Authentication Services Window 00 00200000c ccc eve cee cee eee eee eee eee 76 Managing User Accounts l lsa cece KK KK eee ees 79 User Accounts Windows 2 20 20 00000 cence eee ESR KK KK KK KK KK KK KK KK KK eee eee 79 Adding User ACCOUNES n opensa eee Y U 80 Deleting User ACCOUNES 3512 23 54 2A2 ese eiaa bak na 2332I 42 ak ee VARAN ARE E
38. SESSIONS gt y b i yk Vu ya k B dak Ala Waaa all yd nan dan n na al ey s feed Ae daa dale es Waaa Qal 38 All GCtive media SESSIONS P2023 bo he i os sin a ddd iiii d I HHHHHHH CREE 38 Performing a forced LOG FOUk eos kxlz a nn ne aane azi pad aa hed nad enn Aa a Van nan h n dak QE sad ni Ayan AA ab 38 Unit Sessions and Connections kk kk kk 41 Force and Follow Modes 20 20 20 0200000 ccc ESSA EE SEES EE EEE SEKE KK SK KK KK KK KK KK KK KK KK KK KH 4 Regular Follow Mod 220 ved ho nn she xeren te hod been a wees a ae a a ote Sua nas ee bgdoan cake es 41 View Only Mode iin ses tte aE ANG hl dad hla na dated Ba beets aed ducer HB 42 Multi video Follow Mode 22 22 0200 SAS EEE EEE ESSA EEE EA SEA eee KK KK KK KK KK KK KK KK KK KIR 42 FOPCE MOGE Ez uy eyaz Sana BAR ok zi ANO 2505y BA bA DA DAN DAD WA D N VAYA SO oat At te dl CSS 43 ZAZA r EE AE EE EEE A EEEE E E EE E E 43 AlkactHive SCSSIONS oor nai aed aa n e bi she E eas A E A E nee 43 Active sessions on a target device 2 2 2 2 ccc cece eect KK KK KH 44 Grouping Units nice ccadcn cceschene tensed ss ale anadan os epee Alles KK KK KK KK SO 47 Site Department and Location Groups J J LELE ELLE LELE ELLE E ee cence ence eee cece ee EEE KK KK KK KK KK KK KH 47 CUSIOIPICIOS seoa gA a woowS S5 5w S aaaSwnv _ erbeboeae 49 Unit GROUPS te Bot ___ rmr r gt r r hd mm NS E
39. Support Our Technical Support staff is ready to assist you with any installation or operational issues you encounter with your Avocent product If an issue should develop follow the steps below for the fastest possible service To resolve an issue 1 Check the pertinent section of this manual to see if the issue can be resolved by following the procedures outlined 2 Visit www avocent com support and use one of the following resources Search the knowledge base or use the online service request Or Select Technical Support Contacts to find the Avocent Technical Support location nearest you 102 APPENDICES Appendix B Technical Specifications Table B 1 HMX Manager Appliance Technical Specifications Network Connection Number Ethernet 10BaseT 100BaseT GigE Mehene TT TT TTTTT TT PW Ber T DT USA UL FCC Canada cUL Germany GS European Union Safety and EMC Approvals and Markings CE Japan VCCI Russia GOST Korea KCC and Australia C Tick NOTE Safety certifications and EMC certifications for this product are obtained under one or more of the following designations CMN Certification Model Number MPN Manufacturer s Part Number or Sales Level Model designation The designation that is referenced in the EMC and or safety reports and certificates are printed on the label applied to this product A N EMERSON Network Power For Technical Support http www avocent com suppo
40. The_ User Policies Open_Source_Policy aspx HMX Manager software The HMX Manager software resides on the HMX Manager server hub or spoke and provides a web gateway and services for managing units appliances and target devices using a web browser The gateway allows for web browser access Administrators and users may connect to the HMX Manager server from HMX Manager software clients and use the HMX Manager Explorer windows to communicate with the system HMX Manager server The HMX Manager server contains the HMX Manager software The server provides a centralized database for storing configuration user unit and system information It also provides services for authentication access control and logging events You may configure one or more spoke backup servers in addition to the hub server The hub server is responsible for maintaining the master copy of the database in an HMX Manager software system Only one server in an HMX Manager software system may be configured as the hub server Spoke servers perform database replication with the hub server The hub server acts as the coordinator for database replication between itself and all of the other spoke servers in an HMX Manager software system A hub server and a spoke server both offer the same HMX Manager software functionality to a user The distinction of hub or spoke refers only to the database replication role that the server plays and not the functionality that the server provi
41. To field enter or remove the email addresses of persons you want to notify Separate multiple addresses with a comma This field has a limit of 1024 characters b In the From field change the email address up to 64 characters of the person you wish to designate as the sender of the notification c Inthe Subject field change the subject heading up to 64 characters for the notification To change the events To add one or more events select the event s from the Available Events list then click Add The events will be moved to the Events To Notify list To remove one or more events select the event s from the Events To Notify list then click Remove The events will be moved to the Available Events list To change the unit groups e To add one or more unit groups select the unit group s from the Available Unit Groups list then click Add The unit group s will be moved to the Selected Unit Groups list e To remove one or more unit groups select the unit group s from the Selected Unit Groups list then click Remove The unit group s will be moved to the Available Unit Groups list Click Save and then click Close The Email Notifications window will open To test an email notification Once an email notification has been created you may send a test message to ensure that the notification is delivered to the specified recipients 1 Click Email Notifications in the side navigation bar The Email Notifications
42. able or disable a checkbox in the Access Rights table for each access right e Allow the access right is allowed for members of the user group Deny the access right is denied for members of the user group e Inherit the access right is inherited from the unit group s to which the selected unit unit group belongs When Inherit is selected the Allow and Deny checkboxes will become gray and unchangeable and indicate the inherited value If the inherited settings indicated both Allow and Deny the inherited value is Deny which takes precedence To disable the inherit functionality uncheck the Inherit checkbox e If none of the checkboxes are checked the access right is neither allowed nor denied Repeat the preceding step for other units unit groups 10 Click Save and then click Close 96 Avocent HMX Manager Installer User Guide 97 BEME e and Even Loge 2 Events and Event Logs When an enabled defined event occurs in the HMX Manager software system it is saved in the event log You may display the event log content view details about an individual event log entry or delete an event log entry You may have an email notification sent to one or more addresses when an event occurs You may change the event log s retention period and export the event log s content NOTE You must be a member of the HMX Manager software administrator or auditor user group to access event configuration and display windows Email Notif
43. added a type that was not previously defined it will appear under Target Devices in the side navigation bar To change the name of a managed appliance from the Unit Overview window 1 Under Unit Settings Summary click on the name of an appliance The Unit Overview window will open 2 Type a name for the managed appliance You cannot change the type 3 Click Save and then click Close The Units View window will open Unit Status Window To use the Unit Status window 1 Click the Units tab then click Unit Status in the side navigation bar 2 The Unit Status window opens Chapter 3 Units View Windows 25 You can filter what units are displayed by selecting a status from the Filter menu Each unit status is color coded The default filtered status is Active Status which displays only currently active units You can select how often the Unit Status is updated by selecting a time from the Interval menu You can view the Unit Overview window by double clicking the unit name or right clicking the unit name and selecting Show Unit Overview 26 Avocent HMX Manager Installer User Guide 27 BE ana Une 20 Managing Units This chapter describes how to manage unit properties and settings access rights and local account settings and how to view unit asset and usage reports Using the Units Tab in the Explorer Window From the Units tab in the HMX Manager Explorer you can manage user operations such as adding and dele
44. ager administrator user group member in the HMX Manager If a user had Admin rights in the HMX Manager software for all nodes in the tree except for the Topology node the user will be added as a member and inherit the access rights of an appliance administrator user group member in the HMX Manager If a user had any other type rights in the HMX Manager software the user will be added as a member of the user group in the HMX Manager Access rights are set for units to which the user has access as follows e A user with Admin rights to a target device in the HMX Manager software will be assigned the Configure Unit Settings and Control Target Device Power access rights in the HMX Manager e A user with User rights to a switch in the HMX Manager software will not be assigned any access rights in the HMX Manager e A user with Admin rights to a switch in the HMX Manager software will be assigned the Reboot Appliance Flash Upgrade Appliance and Configure Appliance Settings access rights in theHMX Manager Cascade switch types in the HMX Manager software database cannot be determined during the import process and are added as Generic x lt n gt switches based on the number of found switch channels After importing the HMX Manager software database and running the Migrate HMX Manager Units task you may run the Resync Wizard on individual appliances digital switches and switches to specify switch types and merge multiuser switches The HMX Ma
45. all units managed by the HMX Manager appliance is displayed 2 Click the appropriate user station name The Unit Overview window opens 3 On the side navigation bar select Unit Settings and then Modes The Unit Auto Login Operating Mode Settings window opens 4 In the Unit Operating Mode section choose Extender or Desktop 5 Click Save and then click Close Share Mode Share Mode allows multiple users up to eight user stations per transmitter to share the audio and video of a target computer over the network and arbitrate for control of that computer To set the transmitter to shared mode 1 Click the Units tab A list of all units managed by the HMX Manager appliance is displayed 2 Select the transmitter you want to configure for Share Mode 3 On the side navigation bar select Unit Settings and then Modes The Unit Shared Mode window opens The Shared Mode drop down list indicates what mode the transmitter is currently in 4 Select Shared from the drop down list 5 Click Save and then Close After the HMX manager processes the request the screen is refreshed with the mode set to Shared The transmitter is now in Share Mode and will accept multiple connections 34 Avocent HMX Manager Installer User Guide NOTE This feature requires the user station to be in Desktop Mode See Setting the Operating Mode for a user station on page 33 Managing firmware upgrades To upgrade the firmware on a single unit NOTE You ca
46. ansmitters e Target Computers Click Target Computers in the side navigation bar to see a list of all target computers in the system e Active Sessions Click Active Sessions in the side navigation bar to view a list of all the users that are accessing user stations and which transmitters are being accessed by which users The Active Sessions window also displays start times and session duration An active session starts when a connection is made between a transmitter and a user station NOTE An authorized pair is a pairing of a transmitter and a target computer that has been accepted by the administrator an unauthorized pair has not been accepted by the administrator as a desired pairing An unauthorized pairing can occur after initial discovery of a device pair or if the transmitter was inserted into the wrong target computer Adding units via the Add Unit Wizard Before you can manage units in the HMX Manager appliance you must first add them to the HMX Manager appliance database You can add units to the HMX Manager appliance database by clicking on Add in the Units Chapter 4 Managing Units 29 All window The Add Unit Wizard will appear allowing you to e Add a single unit e Discover units within an IP address range e Discover units on an IP subnet address Adding a single appliance This procedure is valid for transmitters and user stations NOTE A unit can only be added to the HMX Manager appliance database if it is tu
47. archy Example Y Global Root gt Alpha 1 gt Beta gt Delta Y Gamma _ 2 Lab j 3 Operations Unassigned r 4 Y Personal Root ProjectA ProjectB l 5 gt ProjectC 6 Table 6 3 Unit Group Hierarchy Example Descriptions Number Description Number Description Global unit group Unassigned has all units that are not assigned to a group it cannot have subgroups Global unit group Alpha has one or more subgroups Global Unit group Gamma has two Personal unit group ProjectB has no subgroups subgroups These unit groups do not have subgroups in a Units view Group Personal unit group ProjectC has one or more window a documenticon will appear subgroups to the left In the example four unit groups have been created in the global root group and each of those four unit groups contain groups The unit group Gamma has been selected and indicates it has two subgroups Lab and Operations The Unassigned global group will contain any units that are not assigned to another global unit group Three personal unit groups have been created The ProjectA and ProjectB unit groups do not have subgroups The ProjectC unit group has one or more subgroups To display a list of unit groups in the Unit Groups window 1 Click the Units tab 52 Avocent HMX Manager Installer User Guide 2 Click Groups in the top navigation bar The Unit Groups window will open If a unit group has subgroups
48. ation Leave at least five feet at the work outlet side and 10 feet at the patch panel side e Choose either 568A or 568B wiring standard before beginning Wire all jacks and patch panels for the same wiring scheme Do not mix 568A and 568B wiring in the same installation e Always obey all local and national fire and building codes Be sure to firestop all cables that penetrate a firewall Use plenum rated cable where it is required E ciationandSetup i t t i S Installation and Setup The following sections will help you install and set up your HMX Manager appliance Helpful topics in this chapter include the following e Installing the Appliance below Launching the HMX Manager Appliance Web Interface on page 7 e Replication on page 15 Next Steps on page 18 Installing the Appliance Rack mounting the HMX Manager appliance Rack mount safety considerations e Elevated Ambient Temperature If installed in a closed rack assembly the operating temperature of the rack environment may be greater than room ambient Use care not to exceed the rated maximum ambient temperature of the switch e Reduced Air Flow Installation of the equipment in a rack should be such that the amount of airflow required for safe operation of the equipment is not compromised e Mechanical Loading Mounting of the equipment in the rack should be such that a hazardous condition does not exist due to uneven mechanical loading e Circuit Ove
49. ation Services window The type is displayed as Active Directory Trusted Forest The Enabled column displays a value of Yes or No If the value is Yes the users and groups of the the authentication service are considered when the HMX Manager server attempts to authenticate and authorize a user if the value is No the authentication service is ignored If the same username exists in multiple authentication services you can use the Enabled status to control which authentication service will be used to find a user To enable or disable an authentication service 1 Click the User tab then click Authentication Services to open the User Authentication Services window 2 Select the checkbox next to the authentication service you want to enable or disable 3 To enable the trusted forest click Enable or To disable the trusted forest service click Disable NOTE Allnew authentication services are enabled by default with the exception of new trusted forests which are disabled by default Chapter 7 Authentication Services 77 To refresh trusted forests NOTE Refresh Trusted Forests is only applicable for Active Directory services for which discovering trusted forests was enabled 1 Click the User tab then click Authentication Services to open the User Authentication Services window 2 Select the checkbox next to the primary AD authentication service 3 Click Refresh Trusted Forests New trusted forests are displayed in the list 7
50. bled the address is the fully qualified host name assigned to the HMX Manager appliance 3 Press Enter The HMX Manager appliance login screen appears 4 Enter the login username and password The first time you access the HMX Manager appliance enter admin as the username and Admin as the password For security reasons you should change the default admin password The admin account is authorized to perform all configuration and access all managed devices and cannot be removed or renamed Click Login and the HMX Manager Explorer window appears The HMX Manager Explorer window Once a user has been logged in and authenticated the Explorer window is displayed From the Explorer window you can view access and manage units and users via the HMX Manager appliance 8 Avocent HMX Manager Installer User Guide Figure 2 1 Explorer Window Areas Tj Ane er b n n 2 apes Apphances HIYEQEVOO Maretak nee bat Laplwae fe Ct ln fete Tok e HMX Manager 3 0 0 o AWA AVA ATA b e Supt Stee Dopiarete Lacabara Ouse BIG LT Sae epetewes joe CESIS BI Gannant manc _ A erse neve aaa j yora OTONGS vw Table 2 1 Explorer Windows Area Descriptions Letter Description A Top option bar Use the top option bar to log out of a software session or to access online help The name of the logged in user is displayed on the left side of the top option bar B Tab bar Use the tab bar
51. ccessful window will open Click Finish The User Authentication Services window will open with the new service listed To change settings for the RADIUS external authentication service 1 2 Click the Users tab Click Authentication Services in the top navigation bar The User Authentication Services window will open Click the name of the RADIUS service The side navigation bar will change to include the name of the RADIUS service at the top and below the name the information you may define Click Connection in the side navigation bar The Authentication Service Connection Settings RADIUS window will open a Type a 1 64 character name for the RADIUS authentication service b Type the address of the RADIUS host in dot notation format xxx xxx xxx xxx or type the DNS host name in the Server Address field c Type the number of the port from 1 65535 for connecting to the RADIUS host in the Port Number field The default is port 1812 d Click Save To change the authentication type and or shared secret click Settings in the side navigation bar The Authentication Service Authentication Settings RADIUS window will open a Select the authentication type from the Authentication Type menu PAP Password Authentication Protocol CHAP Challenge Handshake Authentication Protocol default MS CHAP Microsoft Challenge Handshake Authentication Protocol MS CHAP v2 Microsoft Challenge Handshake Authentication Protocol V
52. ck Save and then click Close The window will open containing the Visibility column The Visibility column will display Hide for each unit 5 Click Hide for each unit The display of the selected unit will be tumed off in the Units View window if Show hidden items was not selected in the Units View Customization window If Show hidden items was selected the hidden unit will appear with a transparent icon To hide multiple units with one operation 1 2 In a Units View window click the checkbox next to the units you want to hide from display To select all units on the page click the checkbox to the left of Name at the top of the list Click Operations then select Hide Units from the drop down menu To show hidden units 1 2 In a Units View window click Customize The Units View Customization window will open Click Visibility in the Available Fields column and then click Add Visibility will be moved to the Fields to Show column Click Show hidden items Click Save and then click Close The Units View window will open containing the hidden items and the Visibility column Hidden items will have a transparent icon and the Visibility field will contain Show Click Show in the Visibility column for the unit s you want to display The unit will be made visible the icon will no longer be transparent and the Visibility field will change to Hide Units View Windows Fields The following fields may appear in Units Vi
53. ct RADIUS from the Type menu c Click Next The Specify RADIUS Connection Settings window will open a Type the address of the RADIUS host in dot notation format xxx xxx xxx xxx or type the DNS host name in the Server Address field b Type the number of the port from 1 65535 for connecting to the RADIUS host in the Port Number field The default is port 1812 c Click Next The Establish Connection with Authentication Service window will open briefly If the external authentication service is contacted successfully the Specify RADIUS Authentication Settings window will open a Select the authentication type from the Authentication Type menu Make sure it is one of the available authentication types noted in step 1 PAP Password Authentication Protocol CHAP Challenge Handshake Authentication Protocol default MS CHAP Microsoft Challenge Handshake Authentication Protocol MS CHAP v2 Microsoft Challenge Handshake Authentication Protocol Version 2 b In the Shared Secret field type the shared secret that was configured on the RADIUS server in step 1 which is a password protected field Microsoft s implementation allows up to 128 ASCII characters for the shared secret other servers may have a different limit c Re enter the shared secret in the Confirm Shared Secret field 8 9 Chapter 7 Authentication Services d Click Next If the external authentication service is added successfully the Completed Su
54. ctory authentication server Or Click Browse with User Credentials to browse users on the external Active Directory authentication based on credentials configured on the server If this option is selected do the following a Type the username for an Active Directory account that has browse rights in the User Name field The log in ID must be entered in case sensitive text if the Active Directory server is set up to use Kerberos b Type the password for an Active Directory account that has browse rights in the Password field NOTE The HMX Manager server verifies that the new credentials are valid for the AD service If the credentials are invalid an error message is displayed Click Save and then click Close The User Authentication Services dialog box will appear Windows NT external authentication service To add a Windows NT external authentication service 1 2 Click the Users tab Click Authentication Services in the top navigation bar The User Authentication Services window will open Click Add The Add Authentication Service Wizard will appear Click Next The Provide Authentication Service Name and Type window will open a Type a name for the external authentication service b Select Windows NT Domain from the menu c Click Next The Specify Windows NT Connection Settings window will open Type the Windows NT domain name you wish to add in the Domain Name field and then click Next 8 Chapter 7 Authen
55. d after this setting is changed In addition the Active Directory server addresses must be resolvable to their host names via DNS When this is not checked the LDAP protocol will be used Chapter 7 Authentication Services 63 11 Click Enable Chasing of Referrals to allow the Active Directory server to refer HMX Manager clients to additional directory servers 12 Specify the search mode Enable Use Recursion to search groups if you wish to have the AD service access the domain controller for the specified domain name This search includes the Member attribute of ObjectClass group This search is recursive and finds nested groups This search may be slow depending on the number of groups and levels of nesting Or Enable Use an Active Directory Global Catalog to have the AD service access the global catalog for the specified domain name The search includes the TokenGroups attribute of the ObjectClass user This search is faster but only retrieves the nested groups SIDs subsequent calls must be made to find the group name and specific SIDs Or Enable Use Windows 2003 Universal Group Caching if you wish to have the AD service access the domain controller for the specified domain name The search includes the TokenGroups attribute of the ObjectClass user This search is faster but only retrieves the nested groups SIDs subsequent calls must be made to find the group name and specific SIDs The Windows 2003 Universal Group Cach
56. d clear text instead of SSL encryption This method is the least secure e Click Use SSL in Trust All Mode to use SSL encryption for data transmission All server certificates will be trusted and automatically accepted by the Avocent HMX Manager for transmitting data This SSL method provides medium security This encryption mode is not recommended for wide area networks WANs e Click Use SSL in Certificate based Trust Mode to use SSL encryption for data transmission The HMX Manager will approve the server and then the certificate before transmitting data This SSL method provides maximum security f Click Use Kerberos for User Authentication to use the Kerberos protocol for authentication requests including the browsing If enabled you must use DES encryption types for this account If an account was created prior to Active Directory the user s password must be changed after this setting is changed In addition the Active Directory server addresses must be resolvable to their host names via DNS When this is not checked the LDAP protocol will be used g Click Enable Chasing of Referrals to allow the Active Directory server to refer HMX Manager clients to additional directory servers Chapter 7 Authentication Services 61 h Specify the search mode Enable Use Recursion to search groups if you wish to have the AD service access the domain controller for the specified domain name This search includes the Member attribute of
57. des Adding one or more spoke servers to an HMX Manager software system provides redundancy After the hub server and optional spoke server s are configured you may create and configure the type of access levels for users within your network environment You may also set up event logs to record full details of user access and other events HMX Manager software client An HMX Manager software client is a computer with a web browser that can access the HMX Manager software installed on the HMX Manager server Upgrading the HMX Manager When upgrading to a newer version of the HMX Manager all HMX Manager servers should be upgraded at the same time The HMX Manager hub server should be upgraded first followed by each spoke server Before upgrading a replication should be performed then a backup immediately before and after upgrading the HMX Manager see Backing up and Restoring Hub Servers Manually on page 12 Chapter 1 Product Overview 3 The firmware for the appliances may also need to be upgraded in order to support new functionality in the HMX Manager The HMX Manager should work with the existing firmware revisions but in cases where new functionality is not supported until the firmware is upgraded the HMX Manager will indicate this in the graphical user interface GUI Safety precautions To avoid potentially a fatal shock hazard and possible damage to equipment please observe the following precautions e Do not use a 2 wire
58. dtview in the Address field of the Register Spoke Server Wizard c Click Next The Operation in Progress window will open briefly followed by the Accept Hub Server Certificate window Click Next The Type in Hub Server Administrator Credentials window will open Click Next Type the name of a user with HMX Manager administrator privileges on the hub server Type a password for the user Click Next The Operation In Progress window will open The configuration of the spoke server will be saved to the database of the hub server and the spoke server s certificates will be installed on the hub server The Completed Successful window will open when the spoke server has been added Click Finish To change spoke server network properties NOTE Spoke server network settings may need to be changed by HMX Manager administrators when network settings are changed and the hub server did not automatically detect the changes When changing the network settings ensure that a port mismatch does not occur between the hub server and the spoke server 6 On the hub server click the System tab Click HMX Manager in the top navigation bar The side navigation bar will include the name of the server to which you are logged in Click Properties in the side navigation bar and then click Spoke Servers The Spoke Servers window will open Click on the name of the spoke server whose network properties you wish to change The Spoke Server Network
59. e Click User Browsing in the side navigation bar The Authentication Service User Browsing LDAP window will open Click Browse Anonymously to browse users on the external LDAP authentication server Or 70 Avocent HMX Manager Installer User Guide Click Browse with User Credentials to browse users on the extemal LDAP authentication based on credentials configured on the server If this option is selected do the following a Type a log in ID in the User Name field in one of two forms a fully qualified distinguished name or the username of an account in the base user DN b Type the password for the LDAP user account in the Password field Click Save and then click Close The User Authentication Services dialog box will appear RADIUS external authentication service To add a RADIUS external authentication service 1 On the RADIUS server that will be used as an extemal authentication service add the HMX Manager server as a RADIUS client Make a note of the configured shared secret and the available authentication type s on the RADIUS server From the HMX Manager Explorer Click the Users tab Click Authentication Services in the top navigation bar The User Authentication Services window will open Click Add The Add Authentication Service Wizard will appear Click Next The Provide Authentication Service Name and Type window will open a Type a 1 64 character name for the RADIUS authentication service b Sele
60. e Gray X a group to which the user belongs has been denied access for this right e No check mark no access has been granted or denied for this right The access rights display may contain information that appears invalid Click Close when you are finished The User Accounts All window will open To add or remove user group access rights 9 Click the Users tab Click Groups in the top navigation bar Built In will automatically be selected in the side navigation bar and the User Groups Built in window will open To display the User Groups User Defined window click User Defined in the side navigation bar Click on a user group name Click Access Rights in the side navigation bar The User Group Access Rights window will open To add or remove a unit or unit group from the Unit and Unit Groups list click Edit List The User Group Access Rights Unit Selection window will open e To add one or more units unit groups select the units groups in the Available list then click Add The units unit groups will be moved to the List to Update list e To remove one or more units unit groups select the units groups in the List to Update list then click Remove The units unit groups will be moved to the Available list Click OK The User Group Access Rights window will display the current list of units unit groups To add remove access rights for a unit unit group select a unit or unit group from the Unit and Unit Groups list then en
61. e a gateway in standard dot notation XXX XXX XXX XXX c Click Next The Add Discovered Unit window will open Select the discovered unit from the list then click Next The Completed Successfully window will open To exit the Add Unit Wizard click Finish Adding units from a range of IP addresses This procedure is valid for transmitters and user stations 30 Avocent HMX Manager Installer User Guide To add a unit from a range of IP addresses 1 In a Units All window containing managed units click Add The Add Unit Wizard Welcome Window will open Click Next The Select Add Unit Procedure window will open Click Discover units within an IP address range and then click Next The Enter IP Address Range window will open a Type the IP address in standard dot notation xxx xxx xxx xxx from which to begin and end the search b Click Next The HMX Manager appliance will search for managed units within the IP address range When the search is completed the Select Units to Add window will open listing the results To add one or more managed units select the managed units in the Units Found list then click Add The managed units will be moved to the Units to Add list To remove one or more managed units select the managed units in the Units to Add list then click Remove The managed units will be moved to the Units Found list Click Next The Completed Successfully window will open To exit the Add Unit Wizard
62. e any information you wish Oy oe Click Save and then click Close Custom field properties You may specify any information you wish in the six custom fields Custom field properties may be changed only for internal authentication users To change the custom fields 1 Click the Users tab Click on a username Click Custom Fields in the side navigation bar The User Custom Fields window will open Type information in the fields OE ce d hy Click Save and then click Close User Access Rights Access rights indicate whether a user is allowed to perform certain actions on a unit in the HMX Manager system You may assign access control rights from a user perspective You select a user account specify the units for which rights will be assigned then indicate the permission to perform the action none allow deny or inherit for each unit That procedure is described in this section There are other ways to assign access rights Chapter 8 Managing User Accounts 87 From a user group perspective From a unit perspective From a unit group perspective To display a user s access rights 4 Click the Users tab Click on a username The User Name window will open Click Effective Rights in the side navigation bar and then click All Units Target Devices or Appliances The Target Device Effective Rights or Appliance Effective Rights window will open Columns indicate the available actions for the unit e Blac
63. e installations may require an advanced option file sdopts rec for load balancing You may specify these files using the procedure to change settings for the RSA SecurID external authentication service The Establish Connection with Authentication Service window will open briefly If the external authentication service is added successfully the Completed Successful window will open Click Finish The User Authentication Services window will open with the new service listed After the service is added one or more RSA user accounts must be added to the HMX Manager software NOTE The node secret file for the server will not be created until the first RSA user logs into the HMX Manager software To change settings for the RSA SecurlD external authentication service Click the Users tab Click Authentication Services in the top navigation bar The User Authentication Services window will open Click on the name of the SecurID service Click Connection in the side navigation bar The Authentication Service Connection Settings window will open To change the name of the service a Type a 1 64 character name in the Service Name field b Click Save 76 Avocent HMX Manager Installer User Guide c If that is the only change you are entering click Close Otherwise continue with the next steps 6 To clear the RSA SecurID node secret for one or more HMX Manager servers a Click the checkbox to the left of the server name To sel
64. e that not all items are displayed You may filter the list by using the Filter button and the adjacent text field If you are using an Active Directory Server you can choose the filter method Click Filter in HMX Manager Server legacy to use a traditional filtering method Or Click Filter in Active Directory Server to use a modified filtering method that only provides matches to the filter string based on the common name CN of the group This filter uses LDAP search syntax This method passes the filter to the AD server allowing the AD server to return the matches which provides faster results than the legacy filter method Select one or more external authentication service groups from the list Select a role for the user group s Click Finish TACACS external authentication services To add a TACACS user group 1 Click the Users tab Click Groups in the top navigation bar Click User Defined in the side navigation bar The User Groups User Defined window will open Click Add The Add User Group wizard will appear The Select Authentication Service window will open This window lists all authentication services that may be used to authenticate the user group when the user logs in Select an appropriate TACACS authentication service from the list Click Next If the TACACS service you selected is configured to use the privilege level attribute method the Specify External Group Name window will open and display a lis
65. e the HMX system to operate in Desktop Mode This mode allows a user to log in to any HMX user station and the system will connect automatically to the transmitter that has been assigned to that user Through Desktop Mode the HMX Manager appliance allows administrators to remotely manage and monitor the networks of user stations and transmitters that comprise the HMX system NOTE There are several types of HMX user stations and transmitters but not all of them can communicate across platforms For example the HMX 1050 user station can only communicate with its corresponding HMIQDI transmitter However the HMX 1070 and 2050 user stations and their corresponding transmitters can communicate across both platforms For more information on HMX user stations and transmitters see the HMX System Installer User Guide Features and benefits Web based access and control As a web browser based management solution the HMX Manager appliance provides the operations administration and maintenance interface for the HMX system It also manages authentication authorization initiation and removal of media sessions between the user station and transmitter The HMX Manager appliance provides a centralized database for storing configuration user unit and system information allowing administrators to add remove delete and change settings for managed appliances and users In addition the HMX Manager enables authentication access control logging events and monit
66. ececeseceeeeees 5 Installing the Appliance 00 2 20 2002 Essa SEE EEL EZEL cece ccc ence cece eee eee EEE EEE EEE KK EEE KAK KAKA AS 5 Rack mounting the HMX Manager appliance 000222222 EEE EEE eee eee ence eee eee eee 5 Connecting the HMX Manager appliance 2 2 EEE EEE EE eee nee eee EE EE SES ranan rannan 2 Configuring Network Settings LSS ESAS SAS SEA eee eee KK KRG 6 Launching the HMX Manager Appliance Web Interface LLLL LALES AASE 7 The HMX Manager Explorer window J J uca EE EE EEE EEE EEE EEE EE SE SEE EE KS KK KK KK KK KK KK KK KK KK R 7 Configuring HMX Manager Servers 20 LL Ea EEE ESA EEE EEE SEES eee KK KK KK KK KK KK KH 9 xwaz _ a 97 DKK B B_ n _YMMMRRMRMRPoaoaR R aRaR BER e AEDAM MADFFBK KbDbKXbMKbMN NNN 9 sac aw D HRH EU EH HH a re a aaa a Kan 9 ED N D N E A Nace ec aa ats ai Spee Age A is esnancete cra E DD 11 Unit status ZU HHHH 12 Backing up and Restoring Hub Servers Manually L La EEE EEE EEE EEE KAKA ee 12 Spoke Servers HHHH Dr 12 REDUCQUHON N NN RHRHRHHRH HHH EEE E E HEE EET 13 PP WWW B N MD DB r r r rr eee te te en Ie te ect esate Ao sees 16 Incremental updates J cc sulu ussa saceendeeoeesu soot eeedesecdevacsencacestectcetesseecsceeenteea 16 Modify Push and Pull task periods of time 2 2 2 2 LELE LESS A eee 18 Fast Switch Enable 0 20 2 00 00 0022 0 ccc cece ee eee 18 Ne ny osetia DD
67. ect all HMX Manager servers on the page click the checkbox to the left of Server at the top of the list b Click Clear Node Secret A confirmation dialog box will appear c Confirm or cancel the operation 7 To update the RSA configuration files used by one or more HMX Manager servers to communicate with the RSA Authentication Manager software a Click the checkbox to the left of the server name To select all HMX Manager servers on the page click the checkbox to the left of Server at the top of the list b Click Update The Update RSA Configuration File window will open c To change the sdconf rec configuration file enter the path in the sdconf rec field or browse to the location d To specify the advanced option sdopts rec file for manual load balancing enter the path in the sdopts rec field or browse to the location e Click Save and then click Close The Service may need to be restarted when the RSA configuration is updated User Authentication Services Window Once added the authentication services are listed in the User Authentication Services window To view the window click the User tab then click Authentication Services The authentication service name type enabled status and host name are displayed in the list If Allow users and groups from newly discovered trusted forests is enabled for an AD service the discovered forests are displayed as a subset of the primary authentication service in the User Authentic
68. ectory external authentication service NOTE When adding an Active Directory external authentication service you can allow trusted forests to be discovered A forest is a group of domains and a forest may have a trusted relationship with other forests In some configurations a user may belong to one forest but be assigned to groups in another forest The HMX Manager server needs access to both forests to authenticate and authorize this user To add an Active Directory external authentication service Click the Users tab Click Authentication Services in the top navigation bar The User Authentication Services window will open Click Add The Add Authentication Service Wizard will appear Click Next The Provide Authentication Service Name and Type window will open a Type a name for the external authentication service b Select Active Directory from the menu c Click Next The Specify Active Directory Connection Settings window will open a Type the Active Directory domain name for the domain you wish to add in the AD Domain Name field 60 Avocent HMX Manager Installer User Guide b In the User Container field specify the name of the container to search for user accounts This will limit the search scope to that container The name may be entered in several forms optionally including a sub domain Valid forms are explained below by example Assume an Active Directory domain name of sunrise mycompany com with users in
69. ed only for internal authentication users To change a user password or force a new password 1 aoe ON Click the Users tab In a User Accounts window click on a username The User Name window will open Click Password in the side navigation bar The User Password window will open Type the new password for the user and verify the new password Click Save and then click Close User account restrictions and expiration settings Account restriction and expiration settings may be changed only for internal authentication users To change user account restrictions and expiration settings 1 PY oN Click the Users tab Click on a username The User Name window will open Click Restrictions in the side navigation bar The User Account Restrictions window will open To change account restrictions To prevent the user from logging into the HMX Manager software enable the Disable user account checkbox Users with open sessions will remain logged in To re enable the user account uncheck the Disable user account checkbox e To designate the account as a service account enable the Service Account checkbox A service account cannot be used to log in to the HMX Manager software NOTE Aservice account may only be created if you are using the HMX Manager internal authentication service To change account expiration settings To prevent a user s password from expiring enable the Never radio button e To specify an expi
70. eee EE EE SEES EE SEES EE E SES KK KK KK KK KK KK KK KK KK KK KK KH 30 The Unit Overview Window LLL LALES eve eee KK KK KK KK KK KK KK KK KH 30 Changing unit properties yk iW VANA Ney ek a les 2r lao A di be Wa WAA EE DIV N E E AA na e 31 Configuring network settings for a transmitter or user station 2 02 00020 c cece eee eee eee eee eee 31 Enabling Auto Login Mode for a user station 0 0000 0000000 c ccc cece cece eee 32 Viewing version information ALL LALES even eee EE EA SEKS KK KK KK KK KK KK KK KK KHK KK KH 32 Rebooting a unit o Z Z2Z2JAADADL P gt NANAH HH HRHRHHHHRHRHRHRIE HHHH 33 Setting the Operating Mode for a user station l a LALES L LSA cece eee eee 33 SNe Moden ssaa dela oo ANs Bee Nak Poe oae baad aa eA sae hdez one voles be Shas 33 Managing firmware upgrades 2 2 22 00000 c cece KK KK KK KK KK KK KK eee eens 34 Viewing changing target computer overview information 000200ee cece eee cece eee eeeeeeeee 34 Managing user access to target computers 2 2 0 LAL ALS S SE SES ee SEK KS KK KK KK KK KK KK KK KK KS 34 Changing target computer properties l l ALL L LSa LELE ESSA EEE ESASA ESAS EEE SES SEK SEK KK SK KK KK KK KK KK 35 Departments and Locations Windows 00 00200 000 00 eee eee eee KK KK KK KK KK KK 35 Importing HMX Manager databases l a 0 002222 SEE EE EE EE EEE EE cece ee eee EE SE SEK KE KK KK KK KK KK KK K 37 AGlIVE MEUIG
71. efined user group Accounting and the spoke server s administrator adds username JohnDoe to the Accounting user group both names will be added and replicated In most other instances where the changes are mutually exclusive or some other conflict occurs the most recent change will be the only change accepted and replicated For example if the hub server s administrator associates a unit with the Miami site and the spoke server s administrator associates the same unit with the Chicago site the change that was made closest to the time of replication that is the most recent change will be accepted and replicated This emphasizes the importance of ensuring the hub and spoke servers clocks are synchronized The exception to the last change rule is when one of the actions deletes an item in that case the deletion is accepted and replicated regardless of timing For example if a unit was deleted on the hub server and then the contact information for the same unit was changed on the spoke server a minute later the unit will be deleted when the replication task is run On a spoke server you may enable a replication task property that forces the spoke server to retrieve a snapshot of the hub database rather than synchronizing changes back and forth The snapshot is a copy of the hub at the time of the operation This feature is not normally used it is intended to help recover a system when replication has failed Initial load NOTE
72. el the reset Changing User Account Properties If you have HMX Manager administrator or user administrator privileges you may change the following account properties for a user e The user login name and full name e The certificate associated with the user e The SSH key associated with the user e Login password e Account login restrictions and expiration settings e The user groups to which the user is assigned Home and business addresses e Home business mobile and pager phone numbers e Primary email address and up to five additional email addresses e Notes you wish to add about the user Up to six custom fields Some properties may be changed only if the user account will be using the HMX Manager internal authentication service See Authentication Services on page 57 Username The username information that you may specify for a user includes e User Name The name that the HMX Manager uses to log in and identify the user e Full Name The actual name of the user For example you may use Engr10 as the username and Jonathan Z Smith as the full name to identify the person associated with the username To change the name of a user 1 Click the Users tab 84 Avocent HMX Manager Installer User Guide Oi oe ee Click on a username The User Name window will open Type the username for the user Type the full name of the user Click Save and then click Close User password A user s password may be chang
73. elect all server IP addresses on the page click the checkbox to the left of the IP Address heading Click Unregister to unregister the certificates A confirmation message box will appear Confirm or cancel the operation Click Close The User Authentication Services window will open To change user schema settings for the LDAP external authentication service 1 2 Click the Users tab Click Authentication Services in the top navigation bar The User Authentication Services window will open DK n Chapter 7 Authentication Services 69 Click the name of the LDAP service The side navigation bar will change to include the name of the LDAP service at the top and below the name the information you may define Click Schema in the side navigation bar Users will automatically be selected and the Authentication Service User Schema LDAP window will open Type the Base distinguished name DN from which to begin searches This is a required field unless the Directory Service has been configured to allow anonymous search Each Search DN value must be separated by a comma Type the key attribute The default value is common name cn Type the object class The default value is person Type the full name attribute for the user The default value is surname sn Click Save and then click Close The User Authentication Services dialog box will appear To change group schema settings for the LDAP external authentication serv
74. em may be added to the following two types of user groups Built In The HMX Manager is delivered with six predefined user groups Appliance Administrators Auditors HMX Manager administrators Everyone User Administrators and Users All users are automatically included in the Everyone user group when they are added to the HMX Manager system Users may be added to any of the other user groups The privileges that a user has to perform tasks on the HMX Manager system is dependent on the built in user group to which the user is a member User defined You may also define custom groups based on any criteria you wish For example you may want to define groups based on user administrators with read only access software developers at a specific location global network infrastructure personnel based on job title and so on Built in user groups appear in the User Groups Built in window and user defined user groups appear in the User Groups User Defined window The windows may also display the following fields Use the Customize link to add or remove fields in the display Authentication Server Name of the authentication server assigned to the user See Authentication Services on page 57 Role Role of a user defined user group which may be None User Auditor Appliance Administrator User Administrator or HMX Manager Administrator The role column for a built in user group or a user defined user group with a role of None will be empty Ty
75. ensure that the time setting on the HMX Manager client PC is within the Valid from to dates and that the Issued to and Issued by fields exactly match Invalid to from dates typically occur when the HMX Manager is installed on a server that is set to an invalid time When an HMX Manager client that is set to a valid time connects to the HMX Manager server that is set to an invalid time the following warning will appear in the Security Alert dialog box The security certificate date is invalid To create a CSR 1 Click the System tab 2 Click HMX Manager in the top navigation bar 3 Click Certificate in the side navigation bar The HMX Manager Server Certificate Properties window will open 4 Click Get CSR A File Download dialog box will appear 5 Click Open The CSR is downloaded and displays in the configured text editor Or Click Save The Save As dialog box will appear Select a directory and filename and click Save to save the CSR 6 T Chapter 2 Installation and Setup 11 Submit the CSR generated request to a CA to obtain a signed server certificate Update the HMX Manager server to use the certificate created by the CA Managing hub and spoke server certificates When a spoke server is registered with a hub server a certificate trust relationship is established between the two servers Certificate information must match on the hub server and the spoke servers for communication to take place between the se
76. ersion 2 b In the Shared Secret field type the shared secret which is a password protected field Microsoft s implementation allows up to 128 ASCII characters for the shared secret other servers may have a different limit c Re enter the shared secret in the Confirm Shared Secret field d Click Save Click Close The User Authentication Services dialog box will appear TACACS external authentication service HMX Manager supports TACACS external authentication Once the TACACS authentication service is added you may map TACACS users to the HMX Manager database by using the Add User Account wizard The username added in the HMX Manager should match the username configured in the TACACS server For more information about adding users see Adding User Accounts on page 80 71 You may choose to associate users with internal HMX Manager groups to control group level access rights Or you may choose to map users to external TACACS groups and control group level access rights using the 72 Avocent HMX Manager Installer User Guide TACACS service There are two types of external TACACS groups that can be used the TACACS standard privilege level attribute or a custom group name attribute To map users to external TACACS groups use the HMX Manager Add User Group wizard and specify the group type For more information see Adding User defined User Groups on page 91 To add a TACACS external authentication service 1 8
77. ervices on page 57 Business Address Business address defined in the user s properties See Address on page 85 Business Mobile Business mobile phone number defined in the user s properties See Phone contact on page 85 Business Phone Business phone number defined in the user s properties See Phone contact on page 85 Default E Mail Default email account defined in the user s properties See Email contact on page 86 E Mail 1 E Mail 5 Up to five additional email accounts defined in the user s properties See Email contact on page 86 Custom Field 1 Custom Field 6 Custom fields for the user If you have specified text for a custom field that text will display when you display the field See Custom field properties on page 86 When a User Accounts window contains this column values are not displayed for external users users validated with external authentication services Home Address Home address defined in the user s properties See Address on page 85 Home Phone Home phone number defined in the user s properties See Phone contact on page 85 Mobile Phone Mobile phone number defined in the user s properties See Phone contact on page 85 Pager Pager number defined in the user s properties See Phone contact on page 85 Adding User Accounts The following information is configured when a user account is created Chapter 8 Managing User Accounts 81 Whether the user will be authenticated us
78. ests are re directed to the configured external authentication server The HMX Manager obtains external group membership and external user information when a user logs in Ifa user s group membership changes or the user is deleted externally the HMX Manager will not see these changes until the next time the user logs in Authentication services may be managed only by HMX Manager administrators and user administrators To display configured authentication services 1 Click the Users tab 58 Avocent HMX Manager Installer User Guide 2 Click Authentication Services in the top navigation bar The User Authentication Services window will open The User Authentication Services window may be customized by using the Customize link To remove authentication services NOTE The internal authentication service cannot be removed Click the Users tab Click Authentication Services in the top navigation bar The User Authentication Services window will open Check the checkbox to the left of the authentication service s to delete To delete all external authentication services on the page check the checkbox to the left of Name at the top of the list Click Delete A confirmation dialog box will appear Confirm or cancel the deletion HMX Manager internal authentication service To change the HMX Manager internal authentication service account policies 1 2 Click the Users tab Click Authentication Services in the top
79. evice must not be placed in the direct field of view Cabling installation maintenance and safety tips The following is a list of important safety considerations that should be reviewed prior to installing or maintaining your cables e Maintain the twists of the pairs all the way to the point of termination or no more that 1 2 inch untwisted Do not cut off more than linch of jacket while terminating e If bending the cable is necessary make it gradual with no bend sharper than a 1 inch radius Allowing the cable to be sharply bent or kinked can permanently damage the cable s interior e Dress the cables neatly with cable ties using low to moderate pressure Do not over tighten ties e Cross connect cables where necessary using rated punch blocks patch panels and components Do not splice or bridge cable at any point e Keep CAT 5 cable as far away as possible from potential sources of EMI such as electrical cables transformers and light fixtures Do not tie cables to electrical conduits or lay cables on electrical fixtures e Always test every installed segment with a cable tester Toning alone is not an acceptable test e Always install jacks so as to prevent dust and other contaminants from settling on the contacts The contacts of the jack should face up on the flush mounted plates or left right down on surface mount boxes e Always leave extra slack on the cables neatly coiled in the ceiling or nearest concealed loc
80. ew windows Name in HMX Manager Name of the unit as defined in the HMX Manager database Click on the name to display or change unit information Type Type of target device or managed appliance model Managed appliance types cannot be changed to assign a type to a target device Status Current activity level of a unit lists and describes the possible values Chapter 3 Units View Windows 23 Table 3 1 Unit Status Values Unit type Any unit Any unit Any unit Target devices Target devices Managed appliances Status and Icon Icon Description fide NA The unit is powered up with no connection nuses Je The unit has at least one active connection N A SeA The status of the unit was reported to the software but cannot be obtained for an unknown reason N A NoPower Je The target device is powered down Nodeva atrached The port does not have a target device attached topology view only The managed appliance did not provide status information This may occur for multiple reasons such as the appliance is not powered up or it is disconnected from the HMX Manager system Not Responding Multiple Unit Operations from a Units View Window From a Units View window you may delete one or more units or assign access rights for one or more units You may also use the Operations button menu to initiate certain actions on one or more units e Hiding units from view e Reboot e Show version e
81. ficate window will open c Click Save to store the certificate values to the HMX Manager database on the host or click Close if you do not wish to save the certificate values The Authentication Service Certificate Management window will open if only one certificate was selected If more than one certificate was selected each will appear in order in subsequent Accept SSL Certificate windows 64 Avocent HMX Manager Installer User Guide 17 To unregister certificates a To select one or more certificates click the checkbox to the left of the server IP addresses To unregister all certificates click the checkbox to the left of the IP Address heading b Click Unregister to unregister the certificates c A confirmation message box will appear Confirm or cancel the operation 18 Click Close The User Authentication Services window will open To change user browsing settings for the Active Directory external authentication service 1 2 6 Click the Users tab Click Authentication Services in the top navigation bar The User Authentication Services window will open Click the name of the AD service The side navigation bar will change to include the name of the AD service at the top and below the name the information you may define From the side navigation bar click User Browsing The Authentication Service User Browsing AD window will open Click Browse Anonymously to browse users on the external Active Dire
82. group to belong to any other unit group select Exclusive Click Save and then click Close To add or remove members in a unit group 4 5 6 7 NOTE Removing a unit group or unit member from a unit group does not delete the group unit from the HMX Manager system or any other group to which it belongs Click the Units tab Click Groups in the top navigation bar The Unit Groups window will open To add or remove a group member of the unit group click Members in the side navigation bar and then click Groups To add or remove a unit member of the unit group click Members in the side navigation bar and then click Units NOTE If you select a group container Global Root or Personal Root you can only add unit groups as members you cannot add units therefore when you click Members in the side navigation bar Groupsis the only choice You cannot add units or groups to the global unassigned unit group The Unit Group Members Units or Unit Group Members Groups window will open Click Assign The Assign Units to Unit Group window will open NOTE Once a unit is added to an exclusive unit group it cannot be added to any other groups If a unit is already a member of a non exclusive group and is then added to an exclusive group the unit is automatically removed from the non exclusive group To add one or more units to the unit group select the unit s from the Available Units list then click Add The units will be m
83. groups to organize units hierarchically Units may belong to multiple groups For example you may have a switch that belongs to two global groups and three personal groups There are two types of unit groups global and personal A global unit group can be viewed by any user logged into the HMX Manager software A personal unit group may only be viewed by the person who created it Up to 32 personal unit groups may be created by a user There are two top level system defined unit group containers global root and personal root These group containers cannot be deleted They can contain other unit groups but not individual units All global unit groups are descendents of global root All personal unit groups are descendents of personal root There is also a system defined unit group named Unassigned which is a descendent of the global root This unit group automatically contains all units that are not assigned to any other global unit groups This group cannot be deleted and you cannot add subgroups children to the Unassigned unit group Global unit groups may only be created modified or deleted by users with HMX Manager administrator user administrator or appliance administrator privileges The global root personal root and unassigned unit groups cannot be deleted Figure 6 1 Unit Groups Structure Global Root Personal Root System Defined System Defined Can change rights No rights associated with Can create subgroups personal g
84. guishedName of their LDAP object minus the group base DN specified in the HMX Manager software For example if you have an LDAP external authentication service with a group base DN of ou myldap c US the cn Admin Users ou Users o myldap c US group will have a HMX Manager equivalent of Admin Users Using the same example but with the cn Admin Users c Sunrise ou Users o myldap c US group the HMX Manager equivalent is Sunrise Admin Users Built in User Groups When a user account is added to the HMX Manager system the user may be assigned to any of the following built in user groups e Server administrators e Appliance administrators e User administrators e Auditors e Users Table 9 1 lists the operations allowed for the built in user groups Table 9 1 Built In User Group Allowed Operations Built In User Group Operation Server User Appliance Administrator Administrator Administrator Configure HMX Manager Yes system level settings Add change import and delete HMX Manager software Auditors Users zZ o o o o o o o Backup and restore the HMX Yes Manager database Register a spoke server Add change and delete units No Yes Yes Yes Yes Add change and delete unit groups Configure access rights Add change and delete sites departments and locations o Add change and delete external authentication services No No No No Yes Yes No Yes No No Yes No
85. h to be the leader and click Add The user station will move to the top row of the configuration table oN In the Receivers drop down list select a user station that will be a follower in the group and click Add 6 Repeat step 5 for each user station that will be part of the group NOTE Auser station group in Regular Follow Mode can have one leader and up to seven followers NOTE You can make any user station within the configuration table the leader by moving it to the top of the table using the arrow button at the bottom of the screen 7 When you ve added all the follower user stations click Save 42 Avocent HMX Manager Installer User Guide 8 9 Select the Target Groups tab and click New From the Transmitters drop down list select the transmitter that you want the user station group to follow and click Add The selected transmitter will move to the top row of the configuration table NOTE The selected transmitter must be set to Share Mode to work in Regular Follow Mode See Share Mode on page 33 NOTE Although the HMX Manager will allow you to add multiple transmitters to the Target Group configuration table the user station group will only follow the device listed in the first row of the table in Regular Follow Mode 10 Click Save View Only Mode View only mode allows the administrator to limit a user s capabilities to only viewing transmitter video sessions The user will no longer be able to use a keyboa
86. he Units tab A list of all units managed by the HMX Manager appliance is displayed Click the unit name for which you require information The Unit Overview window opens Under Unit Settings in the side navigation bar click Versions The Unit Version Information window will open containing the following information e Release The version release number e Application The application software version e Boot The boot software version Chapter 4 Managing Units 33 e FPGA The FPGA version Rebooting a unit To reboot a unit 1 Click the Units tab A list of all units managed by the HMX Manager appliance is displayed 2 Click the unit name for which you require information The Unit Overview window opens 3 Inthe Tools section click Reboot The unit reboots to apply any changes Setting the Operating Mode for a user station The HMX system can operate in two modes Desktop Mode and Extender Mode The operating mode of an HMxX system can be set through the user station Extender Mode is the default factory setting for an HMX system In Extender Mode a user station automatically discovers and connects to its corresponding transmitter on the network The HMX Manager appliance is not required as part of the system when in Extender Mode When in Desktop Mode an HMX system can be managed and administered through the HMX Manager appliance To change the operating mode for a user station 1 Click the Units tab A list of
87. ications The HMX Manager may be configured to send one or more users an email notification when an enabled event occurs e You may specify which events will trigger an email notification e You may also specify one or more unit groups an email notification will be sent only when a specified unit related event occurs on a unit that is a member of the specified unit group s If a specified event that is not tied to a unit occurs for example HMX Manager server started an email notification will be sent regardless of the any specified unit groups NOTE A mail server that supports Simple Mail Transfer Protocol SMTP must be configured to receive email event notifications Customizing the Email Notifications window The Email Subject column is always displayed in the Email Notifications window The display may include From Address and To Address fields Use the Customize link to add or remove fields in the display To configure an email notification 1 Click the Reports tab Click Email Notifications in the side navigation bar The Email Notifications window will open Click Add The Add Email Notification Wizard will appear Click Next S u w The Specify Email Properties window will open a Inthe Send To field type the email addresses of the persons you want to notify Separate multiple addresses with a comma This field has a limit of 1024 characters b In the From field type the email address up to 64 characters
88. ice 9 Click the Users tab Click Authentication Services in the top navigation bar The User Authentication Services window will open Click the name of the LDAP service The side navigation bar will change to include the name of the LDAP service at the top and below the name the information you may define Click Schema in the side navigation bar and then click Groups The Authentication Service Group Schema LDAP window will open Type the Base distinguished name DN from which to begin searches This is a required field unless the Directory Service has been configured to allow anonymous search Type the object class The default value is groupOfNames Type the members attribute The default value is member Type the username member attribute only the username not the full LDAP object DN The user s group membership will be located using this attribute in addition to the member attribute This attribute is primarily used with NIS like schemas Click Save and then click Close The User Authentication Services dialog box will appear To change user browsing settings for the LDAP external authentication service 1 2 Click the Users tab Click Authentication Services in the top navigation bar The User Authentication Services window will open Click the name of the LDAP service The side navigation bar will change to include the name of the LDAP service at the top and below the name the information you may defin
89. ill still run in the spoke but the requests are not accepted by the hub 1 2 In the hub HMX Manager click the System tab Click HMX Manager in the top navigation bar The side navigation bar will include the name of the server to which you are logged in Click Properties in the side navigation bar and then click Spoke Servers The Spoke Servers window will open Check the box of the spoke server registration to be deleted 18 Avocent HMX Manager Installer User Guide 5 Click the Delete button and confirm the operation The spoke server is no longer listed in the Spoke Server view Any change in the spoke database will not be replicated to the hub and any change in the hub or the other spokes will not be replicated to that spoke NOTE You can register the spoke with the hub again using the Register as Spoke Server wizard Modify Push and Pull task periods of time The Pull and Push tasks are executed during specific periods of time To change the default time values using the Database Replication Properties page 1 In the Spoke HMX Manager click on the System tab 2 Click HMX Manager in the top navigation bar The side navigation bar will include the name of the server to which you are logged in 3 Click DB Replication in the side navigation bar The Database Replication Properties page will open 4 Edit the time values 5 Click Save You must restart the server to allow the changes take effect NOTE These prope
90. in If no trusted certificate chain is found then the Accept Certificate window will open and list all servers that belong to the domain It will also list the reasons for rejection of the certificate chain Click Next to accept the certificate The Select Browsing Method window will open Click Browse Anonymously to browse users on the external Active Directory authentication server Or Click Browse with user credentials to browse users on the external Active Directory authentication based on credentials configured on the server If this option is selected do the following a Type the username for an Active Directory account that has browse rights in the User Name field The login ID must be entered in case sensitive text if the Active Directory server is set up to use Kerberos When using Kerberos the browse account cannot be specified in the Full Pre Windows 2000 Username form domain username If the username is in a sub domain of the Active Directory domain specified in step 3a then the username should be specified as lt username gt lt subdomain gt b Type the password for an Active Directory account that has browse rights in the Password field c Click Next 62 Avocent HMX Manager Installer User Guide 9 10 The Establish Connection with Authentication Service window will open briefly If the external authentication service is added successfully the Completed Successful window will open Click Finish The Use
91. ing feature must be enabled in the Windows 2003 AD server 13 Click Allow use of Users Groups from Trusted Forests to allow logins by users belonging to a forest that are assigned to groups in a different forest If enabled the HMX Manager will query all trusted forests in the Active Directory service to find the user and user groups to which the authenticated user belongs If you deselect Allow use of Users Groups from Trusted Forests any previously discovered trusted forests will be hidden from the User Authentication Services window and users belonging to trusted forests will not be permitted to log in 14 Click Save to save your changes e Ifyou selected Use SSL in Certificate based Trust Mode the Certificates heading will appear in the side navigation bar Go to step 13 e Ifyou selected Do Not Use SSL or Use SSL in Trust All Mode go to step 16 15 Click Certificates The Authentication Service Certificate Management AD window opens and list all servers in that domain A status of Trusted indicates the certificate is trusted based on the certificate policy Untrusted indicates the certificate cannot be trusted 16 To register certificates a To select one or more certificates click the checkbox to the left of the server IP addresses To select all certificates on the page click the checkbox to the left of the IP Address heading b Click Register above the IP Address list to register the certificates The Accept SSL Certi
92. ing the HMX Manager internal authentication or an extemal authentication server See Authentication Services on page 57 The user groups in which the user will be included Each user group contains specific access rights that allow a user to perform specific actions See User Groups on page 89 You must have HMX Manager administrator or user administrator nghts to add a user To add a user account 1 2 5 Click the Users tab Click Add The Add User Account Wizard will appear Click Next The Select Authentication Service window will open This window lists the HMX Manager internal service and all the external authentication services that have been added which may be used to authenticate users when they log in See Authentication Services on page 57 Select an authentication service and then click Next e Ifyou selected Internal go to step 4 e Ifyou selected any other authentication service go to step 5 The Type in User Credentials window will open a Type a username password and confirm the password of the user you are adding Usernames may contain up to 256 non case sensitive characters if a RADIUS external authentication service will be used the limit is 253 characters Usernames are case preserving For example if an account named JDoe is created it will be saved as JDoe in the HMX Manager server but a user may log in as JDoe jdoe JDOe and so on Passwords may contain 3 64 characters Passwords will never exp
93. ire unless User must change password at next login is selected in the Unit Password window or Passwords Expire information is specified in the Authentication Service User Account Policies window An HMX Manager administrator may specify a different minimum character length and change expiration criteria See Authentication Services on page 57 b To enable users to set their own passwords when they log in to the HMX Manager software click User must change password at next login c To designate the account as a service account select the Service Account checkbox A service account cannot be used to log in to the HMX Manager software A service account can be used to impersonate another user over the Web Services API or GUI Access API NOTE Aservice account may only be created if you selected the HMX Manager internal authentication service in step 3 d Click Next Go to step 6 The Specify User Name window will open If you selected RADIUS TACACS or RSA SecurlD in step 3 a Enable the Specify user on external authentication service radio button b Type the username that is configured on the RADIUS TACACS or RSA SecurlD server c Click Next 82 Avocent HMX Manager Installer User Guide T If you selected any other type of external authentication service in step 3 you may either specify the username or find the user on the external authentication service e To specify the user enable the Specify user on external authenticati
94. its sessions and target computers automatically refresh every 10 seconds Using keyboard commands In addition to using a mouse you can use keyboard commands to select and change items in windows Table 2 2 General Keyboard Commands Key Description Tab Transfers focus to the next control in the window including the calendar Shift Tab Transfers focus to the previous HTML control Configuring HMX Manager Servers This section describes how to configure HMX Manager server properties backup and restore hub servers and manage spoke servers This can be done from the System tab in the HMX Manager Explorer window It is recommended to configure your HMX Manager server before adding users and units Server properties To display server properties Click the System tab Click on HMX Manager in the top navigation bar and Identity will automatically be selected in the side navigation bar The Server Identification Properties window will open The top of the side navigation bar will indicate the name of the HMX Manager server Table 2 3 Server Properties Property Description Name of the HMX Manager server the server s role hub or spoke EID serialand MPN Identit TS Re geniy numbers and database and manager build versions The add on version is also indicated Network IP address and port used by clients to access the server using the HTTPS SSL protocol IP address of the SMTP Simple Mail Transfer Protocol server
95. k Close The Departments or Locations window will open To associate or change the association of an existing unit to a department or location jan Pe X Click the Units tab Click the name of a unit The Unit Overview window opens Click Properties in the side navigation bar From the drop down lists select the department and or location to associate with the unit If you do not wish to associate the unit with any site department or location choose the top empty item from the menu Click Save and then click Close Chapter 4 Managing Units 37 Importing HMX Manager databases The Import HMX Manager software database tool allows you to import an existing HMX Manager software database into the HMX Manager system When a database is imported users and user groups with unit access right will also be imported The following actions occur when an HMX Manager software database is imported into the HMX Manager system A global unit group is created in the system for each group found in the HMX Manager software database The HMX Manager does not provide Topology unit group nesting Unit group names added to the system are a concatenation of the hierarchical names found in the HMX Manager software including the truncation of names when necessary If a user had Admin rights in the HMX Manager software for all nodes in the tree including the Topology node the user will be added as a member and inherit the access rights of an HMX Man
96. k Group Authorization in the side navigation bar The Method field will display the group authorization method configured when the TACACS authentication service was added This field cannot be changed a In the Service field type the appropriate TACACS service If TACACS4 If TACACS4 privilege level attribute is the method the default value is shell custom attribute for group names is the method the default value is raccess b Ifthe TACACS service requires a protocol for authorization requests type the protocol in the Protocol field c Inthe Attribute Name field type the attribute name that the HMX Manager server will receive after an authorization request If TACACS4 If TACACS4 d Click Save 7 Click Close The privilege level attribute is the method the default value is priv lvl custom attribute for group names is the method the default value is group_ name User Authentication Services dialog box will appear RSA SecurlID external authentication service When an RSA SecurID extemal authentication service is added the HMX Manager obtains user authentication information and relays it to the RSA Authentication Manager The RSA Authentication Manager s validation results are then relayed to the user The HMX Manager also supports new PIN operations next tokencode operations RSA Authentication Manager Replica functionality and name locking The HMX Manager is the agent type Net OS A gent
97. k check mark The user has been granted access for this right e Gray check mark A group to which the user belongs has been granted access for this right e Black X The user has been denied access for this right e Gray X A group to which the user belongs has been denied access for this right e No check mark No access has been granted or denied for this right The access rights display for a target device may contain information that appears invalid Click Close when you are finished reviewing the access rights The User Accounts window will open Customizing Appliance and Target Device Access Rights windows The Name field is always displayed in the Target Device Access Rights and Appliance Access Rights windows The action fields may also be displayed Use the Customize link to add or remove fields in the display To add or remove access rights through a user account 1 ee od Click the Users tab Click on a username Click Access Rights in the side navigation bar The User Access Rights window will open To add or remove a unit or unit group from the Unit and Unit Groups list click Edit List The User Access Rights Unit Selection window will open e To add one or more units unit groups select the units groups in the Available list then click Add The units unit groups will be moved to the List to Update list e To remove one or more units unit groups select the units groups in the List to Update list then click Re
98. l open Click the checkbox to the left of the sessions To disconnect all sessions click the checkbox to the left of Duration at the top of the list If you do not have permission to disconnect an active session you will not be able to select its checkbox or the checkbox at the top of the list Click Disconnect A confirmation dialog box will appear Confirm or cancel the disconnect 46 Avocent HMX Manager Installer User Guide 47 GA ing Unite Grouping Units The HMX Manager Explorer automatically groups managed appliances by the type of appliance Target devices are automatically grouped based on the type to which they are assigned You may also add and change the following types of groups e Sites e Departments e Locations e Custom fields Custom fields allow a user to create groupings of units which are accessed by all HMX Manager users e Personal and global unit groups Global unit groups may be seen by all users personal unit groups are visible only to the user who created the group Site Department and Location Groups You may create one or more site department and location names and then associate units with them For example you could create sites names such as Austin and Sunrise department names such as Software Development and Human Resources or location names such as Lab Room 101 and System Administrator s Office Site Department and or Location columns may be included in a Units View window display
99. ll open Click Addresses in the side navigation bar The User Address Properties window will open Type the home address and business address of the user Click Save and then click Close Phone contact The phone contact may be changed only for internal authentication users To specify phone contact information for a user 1 Pe 2 Click the Users tab Click on a username The User Name window will open Click Telephones in the side navigation bar The User Telephone Properties window will open Type the home phone number business phone number mobile phone number mobile business phone number and or pager number of the user Click Save and then click Close 86 Avocent HMX Manager Installer User Guide Email contact Email contacts may be changed only for internal authentication users To specify email contact information for user 1 Click the Users tab 2 Ina User Accounts window click on a username The User Name window will open 3 Click E Mail Addresses in the side navigation bar The User E Mail Properties window will open 4 Type the primary email address of the user and up to five additional email addresses 5 Click Save and then click Close User notes User notes may be changed only for internal authentication users To specify notes about a user 1 Click the Users tab Click on a username The User Name window will open Click Notes in the side navigation bar The User Notes window will open Typ
100. move The units unit groups will be moved to the Available list Inherited users and user groups can only be removed from the first unit group that specified any access rights other than inherit Click OK The User Access Rights window will display the current list of units unit groups To add remove access rights for a unit unit group select a unit or unit group from the Unit and Unit Groups list then enable or disable a checkbox in the Access Rights table for each access right e Allow the access right is allowed for the user Deny the access right is denied for the user 88 Avocent HMX Manager Installer User Guide e Inherit the access right is inherited from the unit group s to which the selected unit unit group belongs When Jnherit is selected the Allow and Deny checkboxes will become gray and unchangeable and indicate the inherited value If the inherited settings indicated both Allow and Deny the inherited value is Deny which takes precedence To disable the inherit functionality uncheck the Inherit checkbox e If none of the checkboxes are checked the access right is neither allowed nor denied 7 Repeat the preceding step for other units unit groups 8 Click Save and then click Close NOTE Only user accounts with configuration rights will be allowed to change a user station s IP address from the on screen display OSD 89 Bn o Groups tt User Groups Users that have been added to the HMX Manager syst
101. n click Sessions in the side navigation bar then Active The Appliance Sessions window will open 3 To disconnect one or more sessions click the checkbox to the left of the sessions To disconnect all sessions on the page click the checkbox to the left of Start Date Time at the top of the list 4 Click Disconnect A confirmation dialog box will appear 5 Confirm or cancel the disconnect Active sessions on a target device To display information about active sessions on a target device In a Units View window containing target devices click on a target device Status field The Active Sessions window for that target device will open You may also display active session information for a target device by clicking on a target device name in a Units View window which will open the Unit Overview window Then click Active Sessions in the side navigation bar and the Active Sessions window for that target device will open The first method above saves a step Customizing a target device Active Sessions window The following fields are always displayed in the Active Sessions window e Duration Elapsed time since the session started in hours minutes seconds User Name of current user Chapter 5 Unit Sessions and Connections 45 To disconnect one or more target device active sessions 1 In a Units View window containing target devices click on a target device Status field The Active Sessions window for that target device wil
102. n the HMX Manager appliance database Click the name to display or change unit information 28 Avocent HMX Manager Installer User Guide e Type Type of unit or session Unit and session types cannot be changed e Status Current operating status of a unit The table below lists and describes the possible values in the status field Table 4 1 Unit Status Values Type Status and Icon Description Unit is turned on can be communicated with and is not associated with an active Managed Units media session ae Nar Managed Units Upgrading Unit firmware is being upgraded Heca CY meneennaaenan ane The units involved in the active session are not responding If an active session Active Session Not Responding does not respond for more than 20 minutes it will be deleted IP Address The IP address of a managed unit Department The name of the department to which a managed unit has been assigned e Location The name of the location to which a managed unit has been assigned e Revision The current firmware version that is installed on a managed unit Commonly used Units windows In the side navigation bar of the Units All window is a list of Units windows The most commonly accessed windows are e All Click Units in the side navigation bar to display the managed units The Units All window will re open You can click on a link in the side navigation bar to view a summary of all units all user stations or all tr
103. nager software Everyone user group cannot be imported into HMX Manager systems Before using the Import HMX Manager Software Database tool To import HMX Manager software databases 1 In the Units Tools window click the Import HMX Manager Database icon or link The Import HMX Manager Database Wizard will appear Use the Browse button to locate the zip backup file of the HMX Manager software database you created then click Next 38 Avocent HMX Manager Installer User Guide 4 The Import in Progress window will open displaying the current step being performed as the HMX Manager software database is importing Upon completion of the wizard an event will be recorded with the results of the import Click Finish The Units Tools window will open After running the Import HMX Manager Database tool Units requiring migration will contain Migration Needed in the Migration Status field of Units View windows Although the managed appliances have been imported from the HMX Manager software database into the HMX Manager system they are not yet compatible with the HMX Manager To complete the configuration and update the firmware on each type of managed appliance you must use the Migrate Units task Active media sessions An active media session is created when a user connects to a target computer by logging in through a user station The HMX Manager appliance enables you to monitor the following properties of an active media session
104. nd active session information for each target device All active sessions To display information about all active sessions 1 Click the Units tab 2 Click Active Sessions in the side navigation bar The Active Sessions window will open 3 To display information about a session click on the name in the Start Date Time column The Active Session Information window will open 44 Avocent HMX Manager Installer User Guide 4 Click Close to close the window and return to the Active Sessions window Viewing Active Sessions The Start Date Time field which indicates when the target device session was started is always displayed in the Active Sessions window The following fields are displayed in the Active Sessions window Use the Customize link to add or remove fields in the display e Duration Length of the HMX Manager session e User Name User who initiated the session which may be a user a local port user or a user with a local user account Receiver User station e Connected Target Computer Name of the target device being used for the session Transmitter Device connected to the user station Status Current state of the connection To disconnect an active session from an appliance window You must have the Reboot Appliance and Disconnect Sessions unit access right 1 Ina Units View window containing appliances click on the appliance name 2 Click Appliance Settings in the side navigation bar The
105. nd restore operations can be used If a spoke server must be promoted be sure to run the replication task if possible on all other spoke servers then on the spoke server being promoted immediately before the promotion This will prevent loss of data from the other spoke servers See Replication on page 15 for more information After the promotion of a spoke server to a hub if the server that was originally the hub becomes operational again it will have to register as a spoke server since a system can have only one hub server To promote a spoke server to be a hub server 1 On the spoke server click the System tab 2 Click HMX Manager in the top navigation bar The side navigation bar will include the name of the server to which you are logged in 3 Click Tools in the side navigation bar 4 Click the Promote to hub server icon The Promote Hub Server Wizard will appear 5 Follow the prompts and heed the cautionary wamings in the wizard The spoke server on which the wizard is running will become the hub server and the other spoke servers will be advised of the changed configuration Replication Replication is a task that synchronizes the hub and spoke server databases By default replication runs every 12 hours on each spoke server A spoke server s first replication occurs automatically when the spoke server is added to the HMX Manager system You may change the interval that the replication task runs on each spoke ser
106. nnot perform a firmware upgrade unless a firmware upgrade file has been added to the HMX Manager appliance repository Also upgrading the unit firmware requires the unit to reboot currently active sessions will be disconnected 1 Click the Units tab A list of all units managed by the HMX Manager appliance is displayed 2 Click the appropriate unit name The Unit Overview window will open 3 Inthe Tools section click the Upgrade Firmware icon The Upgrade Appliance Firmware wizard will launch 4 Click Next The Select Firmware Files window will open To add a firmware file to the update list select the file in the Available Firmware Files list then click Add The properties will be moved to the Firmware Files to Update list 5 Select the firmware file you wish to use Click Next The unit reboots to apply the new settings The Completed Successfully window will open 6 Click Finish During a firmware upgrade the unit status in the Units All window will be set to Upgrading The event log can also be used to monitor the status of a unit firmware update When the firmware update is complete the unit firmware revision field is updated and the unit reverts to the status Idle Viewing changing target computer overview information To view overview information for a target computer 1 Click the Units tab The Units All window will open 2 Select Target Computers from the side navigation bar A list of all the target computers tha
107. ntact details name telephone number To change the properties of a target computer 1 4 In the Target Computers All window click the name of the target computer to edit The Target Computer Overview window will open Click Properties on the side navigation bar The Target Computer Properties window opens This window displays the general properties of the target computer Edit the properties you wish to change Click Save Departments and Locations Windows The HMX Manager appliance provides a means to attach logical location identifiers to units making it easier for administrators to track and locate units within their organization The Departments window identifies units that have been assigned to a department while the Locations window identifies units that have been assigned to a location Access the Departments window by clicking the Units tab and then choosing Departments from the top navigation bar Access the Locations window by clicking the Units tab and then choosing Locations from the top navigation bar To group units by department or location you must create a department or location and then associate units with it Departments or locations that contain units to which a user does not have access rights will not appear in the side navigation bar The department or location must also have at least one unit associated with it to be displayed in the side navigation bar 36 Avocent HMX Manager Installer User Guide
108. on in the HMX Manager database on the host Backing up and Restoring Hub Servers Manually To manually backup or restore your hub server NOTE Manual backup and restore procedures require HMX Manager administrator privileges S oop w 5 Click the System tab Click HMX Manager in the top navigation menu Click Tools in the side navigation bar If you are manually backing up your hub server click the Backup System icon or If you are restoring a 3 0 0 or greater database backup click the Restore System icon Follow the wizard and pop up instructions Spoke Servers Information on the hub server is replicated on one or more spoke servers Information about each spoke server such as the IP address port number and certificate is stored in the hub server s database You may specify up to 15 HMX Manager servers as spoke servers NOTE HMX Manager versions of the spoke server and hub server must match in order to register a spoke server For example you may not register a spoke server running HMX Manager version 3 1 with a hub server running HMX Manager version 3 2 A spoke server may be created by converting a hub server To do this register the hub server as a spoke to another HMX Manager hub server The HMX Manager system data on the hub server being converted will be lost and the converted hub server will replicate the data of the new specified hub server You may also change the properties of a spoke server or rem
109. on in the side navigation bar The Authentication Service Connection Settings TACACS window will open a Type a 1 64 character name for the TACACS authentication service 74 Avocent HMX Manager Installer User Guide b Type the address of the TACACS host in dot notation format xxx xxx xxx xxx or type the DNS host name in the Server Address field c Type the number of the port from 1 65535 for connecting to the TACACS host in the Port Number field The de d Click Save fault is port 49 5 To change the authentication type and or shared secret click Settings in the side navigation bar The Authentication Service Authentication Settings TACACS window will open a Select the authentication type from the Authentication Type menu PAP Password Authentication Protocol CHAP Challenge Handshake Authentication Protocol default MS CHAP Microsoft Challenge Handshake Authentication Protocol b In the Shared Secret field type the shared secret which is a password protected field For the shared secret Microsoft s implementation allows up to 128 ASCII characters and Cisco s implementation allows up to NOTE If you change th c Re enter the d Click Save 32 ASCII characters other servers may have a different limit e authentication type you will be required to enter the shared secret shared secret in the Confirm Shared Secret field 6 To change the group authorization settings clic
110. on service radio button and type the name of the user Then click Next Usernames may contain up to 256 characters Usernames may or may not be case sensitive depending on the requirements of the external authentication server To find the user enable the Find user on external authentication service radio button The Select User from External Authentication Service window will open If the list of users contains more than 5000 entries a message will indicate that not all items are displayed You may filter the list by using the Filter button and the adjacent text field Specifying a username in the text field will return all valid matches If filtering on another item such as full name you must include a wildcard Select one or more users from the list then click Next Assign the user to user groups from the Available Groups list which includes all built in and user defined groups Select one or more groups and click Add The group names will move to the Member Of list and the new user s will be added to those groups Click Next Click Finish The user s have been added The HMX Manager obtains external group membership and external user information when a user logs in Ifa user s group membership changes or the user is deleted externally the HMX Manager will not see those changes until the next time that user logs in Deleting User Accounts To delete one or more user accounts 1 2 3 4 Click the Users tab
111. or remove user group members NOTE Members may only be assigned to or removed from user groups defined on the internal HMX Manager authentication service 1 Click the Users tab 94 Avocent HMX Manager Installer User Guide 2 Click Groups in the top navigation bar Built In will automatically be selected in the side navigation bar and the User Groups Built in window will open To display the User Groups User Defined window click User Defined in the side navigation bar Click on a user group name The User Group Properties window will open Click Members in the side navigation bar The User Group Members window will open Click Assign The Assign Users to User Group window will open ON eR GS To add one or more users to the user group select the user s in the Available Users list then click Add The users will be moved to the Members list 7 To remove one or more users from the user group select the user s in the Members list then click Remove The users will be moved to the Available Users list 8 Click Save and then click Close The User Group Members window will open 9 Click Close The User Groups Built In or User Groups User Defined window will open depending on which groups you were working with You may also add or remove a user from a built in or user defined user group by clicking on a username in a User Accounts window and changing its user group membership See Changing User Group Members on page 93
112. oring of target computers Security Secure Socket Layer SSL encryption is used to encrypt HMX Manager system data Users are authenticated using the HMX Manager internal database or one of the external authentication methods available See Supported Authentication Services on page 57 for more information For management functions the HMX Manager uses HTTPS Hypertext Transfer Protocol with SSL encryption to interact with the HMX system NOTE To access the HMX Manager through a firewall you must ensure that the firewall uses the default HTTPS port 443 NOTE When the Fast Switch option is enabled security protocols will be disabled and data will not be encrypted 2 Avocent HMX Manager Installer User Guide HMX extender system support The transmitter connects externally to the video audio and USB ports of the target computer and is attached directly to the target computer It captures compresses and encrypts the computer s media stream and transmits it to the user station over a standard TCP IP network The user station enables the desktop user s keyboard video mouse and audio devices to connect to the HMX system System Components The HMX Manager software system contains the following components NOTE This product contains certain free and or open source components To request an open source software kit for the open source components used in this product please complete a FOSS Request Form at http www avocent com x_For_
113. orization Settings window will open a In the Service field type the appropriate TACACS service If you selected the privilege level attribute method in step 8 the default value shell will appear in the field by default If you selected the group name custom attribute method in step 8 the default value raccess will appear in the field by default b Ifthe TACACS service requires a protocol for authorization requests type the protocol in the Protocol field c Inthe Attribute Name field type the attribute name that the HMX Manager server will receive after an authorization request If you selected the privilege level attribute method in step 8 the default value priv lvl will appear by default If you selected the group name custom attribute method in step 8 the default value group __ name will appear by default Click Next If the extemal authentication service is added successfully the Completed Successful window will open Click Finish The User Authentication Services window will open with the new service listed To change settings for the TACACS external authentication service 1 2 Click the Users tab Click Authentication Services in the top navigation bar The User Authentication Services window will open Click the name of the TACACS service The side navigation bar will change to include the name of the TACACS service at the top and below the name the information you may define Click Connecti
114. ove spoke servers from your system Chapter 2 Installation and Setup 13 To display a list of spoke servers NOTE The Spoke Servers window is only available on the hub server 1 Click the System tab 2 Click HMX Manager in the top navigation bar The side navigation bar will include the name of the server to which you are logged in 3 Click Properties in the side navigation bar and then click Spoke Servers The Spoke Servers window will open You may change the fields that display by using the Customize link Each spoke server in the list includes status Table 2 4 HMX Manager Spoke Server Status Status Cause Normal operation The hub and spoke servers are communicating with each other using Responding HTTPS The hub and spoke servers cannot communicate with each other using HTTPS This Not responding typically indicates a network communication error Ensure that network connectivity is occurring between the two servers n yeee Versions The versions of HMX Manager on the hub and spoke servers are not compatible Not Compatible PEE Do Not Certificates on the hub server and spoke servers do not match A server responded but it is not compatible with the HMX Manager software This typically occurs when communication is attempted with a server that does not contain the software or if either server contains an older version of the software Ensure that both servers are running the same HMX Manager version Invalid Se
115. oved to the Units to Assign list To remove one or more units already assigned to the unit group select the unit s from the Units to Assign list then click Remove The units will be moved to the Available Units list Click Save and then click Close The Unit Group Members window will open Click Close The Unit Groups window will open To add or remove access rights for one or more unit groups 1 Click the Units tab Chapter 6 Grouping Units 55 Click Groups in the top navigation bar The Unit Groups window will open Click the checkbox to the left of one or more unit groups then click Rights The Unit Group Access Rights window will open If you are setting access rights for one unit group you may click on the unit group name then click Access Rights in the side navigation bar to access the Unit Group Access Rights window To add or remove a user or user group from the User and User Groups list a Click Edit List The Unit Access Rights User Selection window will open To add one or more users or user groups select the user s or user group s from the Available list then click Add The users and or user groups will be moved to the List to Update List To remove one or more users or user groups select the user s or user group s from the List to Update list then click Remove The users and user groups will be moved to the Available list Inherited users and user groups can only be removed from the first uni
116. pe Type of user group which will be built in or user defined To display user groups 1 2 Click the Users tab Click Groups in the top navigation bar Built In will automatically be selected in the side navigation bar and the User Groups Built in window will open To display the user defined groups click User Defined in the side navigation bar The User Groups User Defined window will open Group naming in external authentication services Groups in Active Directory AD external authentication services are specified using a combination of their Active Directory folder and group name minus the group container specified in the HMX Manager software The group container defaults to the AD domain root if it is unspecified For example if you have an AD external authentication service for the sw eng mydomain com domain with no group container specified the Domain Users group in the sw eng mydomain com Users folder will have a HMX Manager equivalent of Users Domain Users Using the same example but with a group container of Users the HMX Manager equivalent is Domain Users 90 Avocent HMX Manager Installer User Guide Using the same example but with a group container of mydomain com the HMX ManagerHMX ManagerHMX ManagerHMX ManagerHMX ManagerHMX Manager equivalent is eng sw Users Domain Users Groups in LDAP extemal authentication services are specified using a modified distin
117. r Authentication Services window will open with the new service listed NOTE If the authentication service has trusted forests the settings configured for the authentication service in the Add Authentication Service Wizard will be applied to the discovered trusted forests However the settings for each trusted forest can later be changed in the Authentication Service Connection Settings window See User Authentication Services Window on page 76 for more information about trusted forests To change settings for the Active Directory external authentication service 1 2 10 Click the Users tab Click Authentication Services in the top navigation bar The User Authentication Services window will open Click the name of the Active Directory AD service The side navigation bar will change to include the name of the AD service at the top and below the name the information you may define Click Connection in the side navigation bar The Authentication Service Connection Settings AD window will open Type a name in the Service Name field to change the name of the service that appears in the Name column of the User Authentication Services window Type the domain name of the Active Directory service in the AD Domain Name field In the User Container field specify the name of the container to search for user accounts This will limit the search scope to that container The name may be entered in several forms optionally including a
118. r stations are connected using standard UTP cables NOTE The transmitters and user stations must be connected to LAN port 1 However you can access the HMX Manager appliance using the browser on a computer connected to either LAN port 1 or LAN port 2 Configuring Network Settings To assign an IP address to the HMX Manager appliance you must establish a connection to the serial menu first then use the options on the serial console menu to configure the network settings for each of the LAN ports on the HMX Manager appliance NOTE If you are connecting to only one LAN only LAN port 1 needs to be configured To configure the network settings of the HMX Manager appliance 1 Connect a terminal or a computer that is running a terminal emulation program to the serial port on the back panel of the HMX Manager appliance 2 Start a session with the following port settings Serial speed 9600 bps Data length 8 data bits Parity None Stop Bits 1 Flow Control None 3 Once a connection is established a serial console menu appears 4 Type 2 to configure any of the following network settings Set eth speed Choose using DHCP or defining an IP address Type subnet mask Type gateway IP address Select default gateway Define primary DNS and secondary DNS Chapter 2 Installation and Setup 7 NOTE The IP address on LAN port 1 must not change during operation of the appliance Always configure LAN port 1 with a static IP address
119. ration date enable the End of radio button Then click the button to the right of the adjacent field and a calendar will be displayed Select the date when the user account will expire When a user account expires it remains in the HMX Manager system until the account is deleted Click Save and then click Close Chapter 8 Managing User Accounts 85 User group membership See User Groups on page 89 To change the group membership of a user 1 Faia a ad 6 Click the Users tab Click on a username The User Name window will open Click User Groups in the side navigation bar The User Group Membership window will open To add a user to one or more groups select the group s in the Available Groups list then click Add The columns will be moved to the Member Of list To remove the user from one or more groups select the group s in the Member Of list then click Remove The groups will be moved to the Available Groups list Click Save and then click Close The HMX Manager obtains external group membership and external user information when a user logs in Ifa user s group membership changes or the user is deleted externally the HMX Manager will not see those changes until the next time that user logs in Address The user address may be changed only for internal authentication users To specify address information for a user 1 Ge N Na Click the Users tab Click on a username The User Name window wi
120. rd mouse or USB port on the server with the attached transmitter The user can only establish a video connection to a transmitter displayed on the OSD and view it The list of transmitters displayed on the OSD is determined by the user s access rights To enable view only mode 1 2 3 Click the Users tab Select a user and check the box for view only mode Click Save Multi video Follow Mode To create a user station group and designate targets for Multi video Follow Mode 1 2 3 4 n Click the Units tab Select Follow Mode from the side navigation bar Select the UserStation Groups tab and click New In the Receivers drop down list select the user station that you wish to be the leader and click Add The user station will move to the top of the configuration table In the Receivers drop down list select a user station that will be a follower in the group and click Add Repeat step 5 for each user station that will be part of the group NOTE You can make any user station within the configuration table the leader by moving it to the top of the table using the arrow button at the bottom of the screen 10 11 Click the Multi video Mode checkbox Click Save Select the Target Groups tab and click New From the Transmitters drop down list select the transmitter that you want the lead user station to follow and click Add From the Transmitters drop down list select the transmitter that you want the user
121. rloading Consideration should be given to the connection of the equipment to the supply circuit and the effect that overloading of circuits might have on overcurrent protection and supply wiring Consider equipment nameplate ratings for maximum current e Reliable Farthing Reliable earthing of rack mounted equipment should be maintained Pay particular attention to supply connections other than direct connections to the branch circuit for example use of power strips NOTE The HMX Manager appliance may be rack mounted in a 1U configuration Connecting the HMX Manager appliance A typical HMX Manager configuration includes the appliance transmitters and user stations connected to the local area network LAN A terminal or a computer running a terminal emulation program is connected to the serial port for configuring basic network settings The HMX Manager appliance transmitters and user stations as well as user accounts are then configured from the browser interface to the HMX Manager appliance 6 Avocent HMX Manager Installer User Guide To connect the HMX Manager appliance 1 Attach one end of the supplied power cord into the back panel of the HMX Manager appliance and attach the other end to an appropriate AC power source The HMX Manager appliance has a power control button on the front panel 2 Connect the LAN Port 1 Ethernet port on the back panel of the HMX Manager appliance to the LAN to which the transmitters and use
122. rned on and attached to the network To add a single unit that already has an IP address 1 6 In a Units All window containing managed units click Add The Add Unit Wizard Welcome Window will open Click Next The Select Add Unit Procedure window will open Click Add a single unit then click Next The Select Unit Type window will open Select a unit from the product list then click Next The Select Address Configuration of Unit window will open Select Yes the lt Managed Unit Type gt does have an address and type the address of the unit Click Next The Search Results window will open The name and MAC address of the discovered unit will be displayed Click Next The Completed Successfully window will open To exit the Add Unit Wizard click Finish To add a single unit that does not have an IP address 1 In a Units All window containing managed units click Add The Add Unit Wizard Welcome Window will open Click Next The Select Add Unit Procedure window will open Click Add a single unit then click Next The Select Unit Type window will open Select a unit from the product list then click Next The Select Address Configuration of Unit window will open Select No the lt Managed Unit Type gt does not have an address and click Next The Configure Unit Network Settingswindow will open a Type the IP address and subnet mask in standard dot notation xxx xxx xxx xxx for the managed unit b Optionally typ
123. roups Can add groups as children Can create subgroups but not units Can add groups as children but not units Unassigned User Defined l User Defined System Defined Global Groups Personal Groups Can change rights Can change rights No rights associated with Cannot create subgroups Can create subgroups personal groups Cannot add units as members Can add units as members Can create subgroups Ifa unit is not assigned to any Can add units as members other global group it automatically becomes a member of this group Table 6 2 Unit Groups Features Group Type Can change rights Can have subgroups Can add units as members System Defined Global Root No can only add groups Unassigned User Defined Global Groups mooo p Personal Groups Chapter 6 Grouping Units 51 Unit group hierarchy There are two primary ways to view unit groups e Unit Groups window clicking the Units tab and then Groups in the top navigation bar e Units View Groups window clicking the Units tab and then Groups in the side navigation bar Global groups that contain units the user cannot access will not be displayed unless there are descendent groups containing units the user is allowed to access All personal unit groups are displayed in the Unit Groups window even if they do not contain any units In Units View Groups windows groups will not be listed unless they have assigned units Figure 6 2 Unit Group Hier
124. rt 590 1104 501B
125. rties are only used by the spoke server Fast Switch Enable The Fast Switch Enable system option results in shorter connection times NOTE When the Fast Switch option is enabled security protocols will be disabled and data will not be encrypted To enable the Fast Switch Enable system option 1 Click the System tab 2 Click HMX Manager in the top navigation menu then click Fast Switch in the side navigation bar 3 Click the Fast Switch checkbox to enable or disable the option All appliances will be rebooted for the change to take effect NOTE Fast Switch Enable is disabled in the HMX Manager factory default settings NOTE When the HMX Manager discovers a new unit that you ve added to the system it will automatically enable or disable the Fast Switch Enable system option to match the current system settings Next Steps At this point only the administrator can log in to the HMX Manager Now the administrator may choose to add and manage units or set up additional user accounts Users can also add and manage units if they are assigned access rights by the administrator To add and manage units see e Units View Windows on page 21 e Managing Units on page 27 Chapter 2 Installation and Setup 19 e Unit Sessions and Connections on page 41 e Grouping Units on page 47 To configure authentication services and units see Authentication Services on page 57 e Managing User Accounts on page 79 e User Groups on page 8
126. rver or Versions Not Compatible To add a spoke server 1 Install the HMX Manager on the computer that will be used as a spoke server 2 Configure the computer as a spoke server To register a hub server as a spoke server Only HMX Manager administrators may access this procedure NOTE When registering a hub server as a spoke server on another HMX Manager system the information on the hub server being registered will be lost Its database will be updated to match the new hub server to which it is being registered 1 Click the System tab 2 Click HMX Manager in the top navigation bar The side navigation bar will include the name of the server to which you are logged in 3 Select Tools in the side navigation bar The Server Tools window will open 4 Click the Register as Spoke Server icon The Register Spoke Server Wizard will appear Click Next 5 The Type in Hub Server Address window will open 14 Avocent HMX Manager Installer User Guide 10 11 a Type the IP address of the hub server in standard dot notation xxx xxx xxx xxx or the domain name of the hub server b Type the port number for the hub server If the default hub server port value 443 is modified you must specify it when registering a spoke server so that register requests will be sent to the correct port on the hub server For example if the IP address of the hub server is 10 0 0 1 and the port number is changed to 444 type https 10 0 0 1 444
127. rvers If the spoke server certificate is subsequently changed a certificate mismatch will occur To update the certificate of a spoke server on the hub server Email NOTE Certificates may only be viewed by HMX Manager administrators and user administrators On the hub server click the System tab Click HMX Manager in the top navigation bar The name of the HMX Manager hub server will appear at the top of the side navigation bar and the Server Identification Properties window will open Click Spoke Servers in the side navigation bar The Spoke Servers window will open Click the name of the spoke server to be updated The Spoke Server Network Properties window will open Click Certificate in the side navigation bar The Spoke Server Certificate window will open displaying information about the spoke server certificate Actual Certificate and the certificate registered for this spoke server on the hub server Registered Certificate The window displays the certificate on the spoke server and the certificate registered on the hub server If the HMX Manager cannot obtain the certificate information from the spoke server a message will appear at the bottom of the Server Certificate Spoke Server window The message states Remote server is not responding Information displayed may not match remote side e If the certificate information does not match go to step 7 If the certificate information matches go to step 8 Click Update
128. s and connections in the HMX Manager software Force and Follow Modes Force Mode allows the HMX administrator to force a user login logout or a connection disconnection between a receiver and a transmitter from within the HMX Manager It can be used independently or in conjunction with Follow Mode to control a pre defined group of user stations Follow Mode allows the HMX administrator to force a list of receivers to connect to a list of transmitters Follow Mode adds two functions to the HMX Manager e In Regular Follow Mode the HMX administrator can force up to seven receivers to connect to the same transmitter that the lead receiver connects to In Multi video Follow Mode the HMX administrator can force each receiver in a list to connect to a corresponding transmitter once the lead receiver connects to the lead transmitter Regular Follow Mode In Regular Follow Mode the HMX administrator designates certain user stations and servers as leaders When a user station designated as a leader performs a switch HMX Manager will force other designated user stations to switch to the same transmitter as the leader To create a user station group and designate target devices for Regular Follow Mode 1 Click the Units tab 2 Select Follow Mode from the side navigation bar The Follow Mode Settings window will open 3 Select the UserStation Groups tab and click New 4 In the Receivers drop down list select the user station that you wis
129. s and port default is 443 and click Next On the Accept Hub Server Certificate Page click Next to accept the hub certificate Enter the hub administrator username and password and click Next Wait until the registration process ends In this step all the data in the spoke is deleted and overwritten with the data from the hub After the registration process is complete click Finish to exit the wizard To promote an HMX Manager from spoke to hub Once an HMX Manager has been registered as spoke of another HMX Manager Hub you can promote spokes to work as a hub The old hub will become a new spoke of the promoted HMX Manager In the spoke HMX Manager 1 2 8 Sb GOYA RI e Ua On the spoke server click the System tab Click HMX Manager in the top navigation bar The side navigation bar will include the name of the server to which you are logged in Click Tools in the side navigation bar Click the Promote to Hub Server icon The Promote to Hub Server Wizard will appear Click Next Click Next on the Confirm Server Promotion page Wait until the promotion process ends In this step the spoke is promoted to hub and sends request to all the other servers to become spokes Click Finish to exit the wizard and go to the Server Tools page To delete a spoke server registration using the Spoke Server view You can delete a spoke registration using the Spoke Server view If the spoke is deleted the pull and push tasks w
130. s in the top navigation bar The User Authentication Services window will open Click Add The Add Authentication Service Wizard will appear Click Next The Provide Authentication Service Name and Type window will open a Type aname for the external authentication service b Select LDAP from the Type menu c Click Next The Specify LDAP Connection Settings window will open a Type the address of the LDAP host in dot notation format xxx xxx xxx xxx or type the DNS host name in the Host Address field b Type the number of the port for connecting to the LDAP host in the Port Number field c Specify an SSL encryption mode e Click Do Not Use SSL to have authentication performed using unencrypted clear text instead of SSL encryption This method is the least secure and automatically sets the Port Number field to a default port number of 389 e Click Use SSL in Trust All Mode to use SSL encryption for data transmission All server certificates will be trusted and automatically accepted by the HMX Manager for transmitting data This SSL method provides medium security and automatically sets the Port Number field to a default port number of 636 This encryption mode is not recommended for wide area networks WANs e Click Use SSL in Certificate based Trust Mode to use SSL encryption for data transmission The HMX Manager will approve the server and then the certificate before transmitting data This SSL method provides maximum securit
131. station listed on the second row of the UserStation Groups configuration table to follow Chapter 5 Unit Sessions and Connections 43 12 Repeat step 11 row by row for every user station that you added in step 5 NOTE The transmitters in Multi video Follow mode can be set to private or share mode since only one receiver will connect to each transmitter 13 Click Save Force Mode Force Mode allows the administrator to force a user login or logout or a connection or disconnection between a receiver and a transmitter from within the HMX Manager NOTE You must force a login before you can force a connection To force a login logout 1 Click the Units tab 2 Select Force Login Logout in the side navigation bar 3 From the Username drop down list select the user 4 Click the checkbox next to the desired receiver Click Force Login or Force Logout 5 Repeat steps 3 and 4 for all users To force a connection or disconnection 1 Click the Units tab 2 Select Force Connections in the side navigation bar 3 From the Receiver drop down list select the lead user station 4 Click the checkbox next to the desired transmitter 5 Click Force Connection or Force Disconnection NOTE If at any time the leader logs out all user stations in the user station group will be logged out regardless of their mode or connection Active Sessions There are two types of active session displays all active sessions in your system a
132. t are managed by the HMX Manager appliance is displayed 3 Click the name of a target computer in the Target Computers All window The Target Computer Overview window will open To change overview information for a target computer 1 After opening the Target Computer Overview window type a name and a display name for the target computer 2 Type a name for the Authorized Transmitter 3 Click Save and then click Close Managing user access to target computers To manage user access to target computers 1 Click the Units tab The Units All window will open Chapter 4 Managing Units 35 Select Target Computers from the side navigation menu This displays a list of all target computers in the Target Computers All window Choose the appropriate target computer The Target Computer Overview window opens Select Users from the side navigation menu The Target Computer User Configuration window opens There are two list boxes in this window Non Associated Users and Associated Users Select the required user from the Non Associated Users list box and add to the Associated Users list box by clicking the Add button The target computer is now allocated to that user Click Save Changing target computer properties The HMX Manager appliance enables you to change the following properties for each target computer e Part Number e Serial Number e Model Number e Asset tag number Department e Location Primary co
133. t group that specified any access rights other than inherit e Click OK The Unit Access Rights window will display the current list of users and or user groups When a user or user group is added to the list the default access rights will be displayed To set access rights select a user or user group from the User and User Groups list then enable or disable a checkbox in the Access Rights table for each access right e Allow the access right is allowed for the user user group Deny the access right is denied for the user user group e Inherit the access right is inherited from the unit group s to which the selected user user group belongs When Inherit is selected the Allow and Deny checkboxes will become gray and unchangeable and indicate the inherited value If the inherited settings indicated both Allow and Deny the inherited value is Deny which takes precedence To disable the inherit functionality uncheck the Inherit checkbox If none of the checkboxes are checked the access right is neither allowed nor denied If the unit group contains both appliances and target devices all rights will be displayed and may be enabled even though they may not necessarily be valid for the unit Repeat the preceding steps to change access rights for other users or user groups Click Save and then click Close If a connection or power control action is enabled the appropriate link will appear in the Action column of Units Views windo
134. t of privilege levels 0 15 the higher the number the higher the level of access Select a privilege level from the list The HMX Manager server will assign a group name based on the privilege level you select For example if you choose level 7 the group name will be Privilege Level 7 Click Next Or If the TACACS service you selected is configured to use the group name custom attribute method the Specify External Group Name window will open and display a Name field Type the name for the external user group on the external authentication service The group name must correspond to one of the values configured in the TACACS service Click Next Select a role for the user group s then click Next Click Finish Chapter 9 User Groups 93 Deleting User defined User Groups You may delete any user defined user groups that have been created in the HMX Manager system You must have HMX Manager administrator or user administrator rights to delete user defined user groups To delete a user defined user group 1 Click the Users tab Click Groups in the top navigation bar Click User Defined in the side navigation bar The User Groups User Defined window will open 2 Click the checkbox to the left of the user group s to be deleted To delete all user groups listed in the window click the checkbox to the left of Name at the top of the list 3 Click Delete A confirmation dialog box will appear 4 Confirm or cancel the dele
135. t to be the parent of the new unit group Click Add The Add Unit Group window will open Type a 1 64 character name for the unit group The name must be unique within the parent group For example two groups can be named development but they cannot both be members of the unit group Huntsville This unique name restriction does not apply to personal unit groups that are owned by different users If you do not want the unit group or any of its child unit groups to appear in the side navigation bar enable the Do not display this unit group nor any child unit groups as unit views checkbox If you do not want the units in the unit group to belong to any other unit group select Exclusive If you want to add another unit group in the same hierarchy click Add New The Add Unit Group window opens Or If you do not want to add another group click Add Close The Unit Groups window opens To delete a unit group Hek WE e d u NOTE Deleting a unit group deletes the group only the units still exist in the HMX Manager system You cannot delete any system defined unit groups global root personal root and unassigned Click the Units tab Click Groups in the top navigation bar The Unit Groups window will open Click the checkbox next to the unit group to be deleted Click Delete A confirmation dialog box will appear Confirm or cancel the deletion Changing the unit group properties Access rights indicate
136. tab A list of all units managed by the HMX Manager appliance is displayed Click the unit name whose network settings you wish to change The Unit Overview window will open Click Network under Unit Settings in the side navigation bar The Unit Network Settings window will open e Type an address subnet and gateway in standard dot notation Kxx xxx XXX XXx e Enable or disable DHCP Click Save and then click Close Enabling Auto Login Mode for a user station Auto Login Mode enables you to configure a user station to grant any user access to the target computer paired with that user station without the need to enter a username or a password To enable or disable Auto Login Mode for a user station 1 2 3 Click the Units tab A list of all units managed by the HMX Manager appliance is displayed Click the user station name for which you require information The Unit Overview window opens Under Unit Settings in the side navigation bar click Modes The Unit Auto Login Operating Mode Settings window opens In the Unit Auto Login Mode section click the Enable Auto Login Mode checkbox to enable or disable auto login If Auto Login Mode is enabled select a target computer from the Auto Login Mode Target Computer list box This is the target computer that will be connected during the auto login process Click Save and then click Close Viewing version information To view version information for a unit 1 2 3 Click t
137. taller User Guide e Status or result of the operation You may also access this window at any time by clicking the Units tab then clicking Operation Results in the side navigation bar 4 To view the results for an individual operation click on the name The Operation Results window for that operation type will open indicating e Status Current status of the task e Summary Number of successful failed total unit operations for example the summary of an operation with a status of Rebooting the unit s might contain a 2 0 3 summary 2 successful 0 failed and 3 total units e Name of the operation e Type of unit When the operation started e How long the operation took e Status or result of the operation on the unit 5 Click Close Unit Overview Windows You may change the overview information for one target device from a Unit Overview window From a Units View window you can change the type or icon for several target devices in one operation This may be helpful when you want to assign the same values to several units To change overview information for a target device 1 Ina Units View window containing target devices click on the name of a target device The Unit Overview window will open 2 Enter a name for the target device 3 Enter a type for the target device 4 Select a new icon for the target device using the arrows 5 Click Save and then click Close The Units View window will open If you
138. thentication Services window Type the name of the Windows NT domain in the Domain Name field Click Save and then click Close The User Authentication Services window will open To change user browsing settings for Windows NT external authentication services Click the Users tab Click Authentication Services in the top navigation bar The User Authentication Services window will open Click the name of the Windows NT service The side navigation bar will change to include the name of the Windows NT service at the top and below the name the information you may define Click User Browsing in the side navigation bar The Authentication Service User Browsing NT window will open Click Browse Anonymously to anonymously browse users on the external Windows NT authentication server Or Click Browse with User Credentials to browse users on the external Windows NT authentication based on credentials configured If this option is selected do the following a Type the username for an NT domain account that has browse rights in the User Name field 66 Avocent HMX Manager Installer User Guide 6 b Type the password for an NT domain account that has browse rights in the Password field Click Save and then click Close The User Authentication Services dialog box will appear LDAP external authentication service To add an LDAP external authentication service 1 2 Click the Users tab Click Authentication Service
139. tication Protocol b In the Shared Secret field type the shared secret configured on the TACACS server in step 1 which is a password protected field For the shared secret Microsoft s implementation allows up to 128 ASCII characters and Cisco s implementation allows up to 32 ASCII characters other servers may have a different limit NOTE If you change the authentication type you will be required to enter the shared secret c Re enter the shared secret in the Confirm Shared Secret field d Click Next The Specify TACACS Group Authorization Method window will open 10 11 Chapter 7 Authentication Services 73 a Click the corresponding radio button to choose one of the following options to manage group authorization e HMX Manager internal groups Choose this option if you plan to associate TACACS users with HMX Manager internal user groups e TACACS privilege level attribute Choose this option if you plan to associate TACACS users with extemal TACACS groups using the privilege level attribute e TACACS custom attribute for group names Choose this option if you plan to associate TACACS users with external TACACS groups using the custom group names attribute b Click Next If you selected HMX Manager internal groups and the external authentication service was added successfully the Completed Successful window will open Or If you selected any other option the Specify TACACS Server Group Auth
140. tication Services 65 The Select Browsing Method window will open Click Browse Anonymously to browse users on the external Windows NT authentication server Or Click Browse with user credentials to browse users on the external Windows NT authentication based on credentials configured on the server If this option is selected do the following a Type the username for a Windows NT account that has browse rights in the User Name field b Type the password for a Windows NT account that has browse rights in the Password field c Click Next The Establish Connection with Authentication Service window will briefly appear If the extemal authentication service is added successfully the Completed Successful window will open Click Finish The User Authentication Services window will open with the new service listed To change connection settings for the Windows NT external authentication service 1 2 Click the Users tab Click Authentication Services in the top navigation bar The User Authentication Services window will open Click the name of the Windows NT service The side navigation bar will change to include the name of the service at the top and below the name the information you may define Click Connection in the side navigation bar The Authentication Service Connection Settings NT window will open Type a name in the Service Name field to change the name of the service that appears in the Name column of the User Au
141. tificate when an HMX Manager client session is started Three tests are performed on a certificate each time an HMX Manager client connects to the HMX Manager hub server e Does the client web browser trust the certificate issuer e Has the certificate expired e Does the name on the HMX Manager server certificate match the name the HMX Manager client used to access the HMX Manager server A Security Alert dialog box will appear if the answer to any of the three questions is No To prevent the Security Alert message box from appearing when you connect to the HMX Manager hub server all three questions must be answered Yes When a Security Alert dialog box appears you have the following choices e Ifyou click Yes a connection will be made with the HMX Manager hub server and the HMX Manager login window will appear but the Security Alert dialog box will continue to appear each time you connect to the hub server e Ifyou click No a connection will not be made with the HMX Manager hub server e Ifyou click View Certificate you may install the certificate see below To correct certificate security alerts for client and hub server connections 1 From the HMX Manager client open a client session The Security Alert dialog box will appear 2 Click View Certificate The Certificate dialog box will appear 3 Click amp nstall Certificate See the Internet Explorer documentation for more information 4 Once the certificate is installed
142. ting units changing unit properties and upgrading your firmware When you click the Units tab the Units All window displays NOTE In the HMX Manager Explorer the term units refers to transmitters and or user stations Deleting units To delete a unit 1 Ina Units All window click to select the checkbox next to the unit name you want to delete To delete all units on the page click to select the checkbox to the left of the Name field at the top of the list 2 Click Delete The unit s is immediately removed from the HMX Manager appliance database and disappears from the list Ease of Installation The Ease of Installation feature removes the need to manually update transmitters and receivers via the local serial port allowing parameters to be configured from within the HMX Manager To change device parameters 1 Click the Units tab Select the device to be configured 2 Select Properties in the side navigation bar then select Device Configuration The Device Configuration window will open listing all configurable options for the unit 3 Make the desired changes in the settings Select Save then Close The Units All Window The Units All window displays the list of units added to the HMX Manager appliance database You can use the checkbox to the left of each unit name to select deselect the unit for an operation The following fields will appear in Units All window e Name Name of the unit as defined i
143. tion User Group Properties To display the properties of a built in user group 1 Click the Users tab Click Groups in the top navigation bar Built In will automatically be selected in the side navigation bar and the User Groups Built in window will open 2 Click on a user group name The User Group Properties window will open The display includes read only properties for each group name and type 3 Click Close when you are finished The User Groups Built in window will open To display or change the properties of a user defined user group 1 Click the Users tab Click Groups in the top navigation bar Click User Defined in the side navigation bar The User Groups User Defined window will open 2 Click on a user group name The User Group Properties window will open 3 To change the name of the user group type a new 1 256 character name in the Name field NOTE If the user group belongs to a TACACS service that uses the privilege level attribute method the Name field will be disabled 4 To change the role of the user group select a role from the menu If you do not wish to assign a role to the user group select None 5 Click Save and then click Close The User Groups User Defined window will open Changing User Group Members When users are created they may be assigned to one or more built in or user defined user groups You may add or remove users to or from the built in and user defined user groups To add
144. to change The Unit Overview window will open Select Properties from the side navigation bar oe UN The Unit Properties window will open This window displays all the general properties of the unit Edit the properties you wish to change NOTE Part Number MPN Serial Number EID and model type are read only values These values are read from a unit during discovery and cannot be changed 5 Click Save and then click Close Configuring network settings for a transmitter or user station The administrator can use the HMX Manager appliance to change a unit s IP address subnet mask default gateway and DHCP status These changes can be done from the Unit Settings menu available in the side navigation bar of the Unit Overview window Once you have implemented the changes the unit will reboot 32 Avocent HMX Manager Installer User Guide All configuration options under the Unit Settings menu in the side navigation window involve live communication with a transmitter or user station The transmitter or user station must be turned on discovered and added for the HMX Manager appliance to display its properties If the HMX Manager appliance cannot communicate with a transmitter or user station it will display the following communication error An error was encountered communicating with the Unit Please check the unit s network settings and connectivity To change the network settings of a managed unit 1 2 3 Click the Units
145. to display and manage units user accounts system settings and reports c Top navigation bar The options in the top navigation bar vary depending on the active tab in the tab bar Topics relevant to each selection display in the side navigation bar D Side navigation bar Use the side navigation bar to select system information to display or edit in the contenarea changed in the content area Content area The information specified by the tab bar top navigation bar and side navigation bar selections is displayed and Using the side navigation bar Use the side navigation bar to display windows or perform operations The contents of the side navigation bar vary depending on the tab and top navigation bar options that are in use The arrows displayed in the side navigation bar indicate where sub options are available You can display these items by clicking the main link Where no arrow is displayed clicking the link brings you directly to the option you have selected Displaying pages Multiple page windows contain menu options that may be used to navigate from one display to another You can click the Select All checkbox to select all items on a page Enabling this checkbox selects all the items Chapter 2 Installation and Setup 9 listed on a page regardless of whether the entire page is visible However for multi page displays items listed on other pages will not be included in the selection All screens that show lists un
146. user logins after a certain period of time check the Automatically unlock users after the lockout period checkbox Specify the lockout period in minutes by typing a number from 1 1 440 in the Maximum Lockout Period minutes field or choose a value from the menu 1 440 minutes is equivalent to 24 hours If you leave this checkbox unchecked locked user accounts must be manually unlocked by an HMX Manager administrator or user administrator See Unlocking User Accounts on page 82 Click Save and then click Close The User Authentication Services window will open To change custom field labels for user accounts that use internal authentication 1 Ds 5 6 Click the Users tab Click Authentication Services in the top navigation bar The User Authentication Services window will open Click Internal The side navigation bar will change to include Internal at the top and below the name information you may define Click Custom Field Labels in the side navigation bar The Authentication Service User Account Custom Field Labels Internal window will open Type the text that you wish to appear in each of the six custom field labels Click Save and then click Close The User Authentication Services window will open By default the custom field labels do not display in the User Accounts All window but they may be added to the display or added to the default display by an administrator using the Customize link Active Dir
147. ver or you may initiate an immediate replication During replication the spoke server sends all of its database changes since the last replication to the hub server The hub server then incorporates those changes and sends all of its database changes since the last replication to the spoke server excluding the changes that spoke server just sent to the hub server If an item is added on a spoke server and another item with the same name but perhaps with different configuration parameters is added on the hub server then after replication both items will appear on both the hub and spoke servers with a tilde and a number added to one of the names The administrator should handle 16 Avocent HMX Manager Installer User Guide the issue appropriately in some cases the duplicate item may need to be renamed in others the duplicate item should be deleted When different changes are made to one existing item two outcomes are possible For example assume an item is added and configured on the hub server and is then replicated to the spoke server Later an administrator changes something about the item on the spoke server Another administrator then changes something about the item on the hub server When the replication task runs two things may happen In a few instances where no conflict occurs both changes will be incorporated and replicated For example if the hub server s administrator adds username JaneDoe to the existing user d
148. vices on page 57 Click on the name of an authentication service and then click Next e If you selected Internal as the authentication service go to step 4 e Ifyou selected any other type of authentication service go to step 5 NOTE If you are adding a group to the TACACS authentication service see TACACS external authentication services on page 92 for more information 4 The Type in Internal Group Name window will open Type the name for the new user group you wish to create User defined user group names may contain up to 256 characters User defined user group names are case preserving Go to step 6 5 The Specify External Group window opens Complete one of the following steps then click Next e Click Specify a group on external authentication service and type the name of the group in the field User group names may contain up to 256 non case sensitive characters User group names are case preserving if the user group on the external authentication server is case sensitive See Group naming in external authentication services on page 89 92 Avocent HMX Manager Installer User Guide 6 T Click Import the external group Everyone to consider any user on the external authentication server as a member of this user group Click Find a group on external authentication service to choose from the list of groups on the external authentication service If the list of groups contains more than 5000 entries a message will indicat
149. which users and user groups may access units in the HMX Manager system Access rights also indicate which actions are allowed You can assign access rights from a unit group perspective as described in this section Using this method selected users and members of selected user groups are allowed or prohibited from initiating certain actions on all units in the unit group Access rights for a unit group default to inherit if they are not explicitly granted to a user or user group For example if you create unit group A and subgroup B by default any access rights you assign to group A will be propagated to group B 54 Avocent HMX Manager Installer User Guide To change unit group properties 1 2 3 4 6 7 Click the Units tab Click Groups in the top navigation bar The Unit Groups window will open Click on the name of a unit group The Unit Group Name window will open Type a new 1 64 character name in the Group field The name must be unique within the parent group For example two groups can be named development but they cannot both be members of the unit group Huntsville This unique name restriction does not apply to personal unit groups that are owned by different users If you do not want the unit group or any of its child unit groups to appear in the side navigation bar enable the Do not display this unit group nor any child unit groups as unit views checkbox If you do not want the units in the unit
150. will open Click Properties in the side navigation bar then click Location From the menus select the site department and or location to associate with the unit If you do not wish to associate the unit with any site department or location choose the top empty item from the menu Click Save and then click Close Chapter 6 Grouping Units 49 To display the units associated with a site department or location 3 Click the Units tab To display units associated with a site click Sites in the side navigation bar The Units in Site window will open with a list of units associated with the first alphabetically listed site To display units associated with a department click Departments in the side navigation bar The Units in Departments window will open with a list of units associated with the first alphabetically listed department To display units associated with a location click Locations in the side navigation bar The Units in Location window will open with a list of units associated with the first alphabetically listed location Click on a site department location link in the side navigation bar to display another entry in the unit list Custom Fields Ten custom fields are available To use the custom fields first change the default labels on the fields Custom Field 1 Custom Field 2 and Custom Field 3 and then associate a custom label with a unit The custom fields may be displayed in Units View windows using the
151. window will open Click the name of the LDAP service The side navigation bar will change to include the name of the LDAP service at the top and below the name the information you may define Click Connection in the side navigation bar The Authentication Service Connection Settings LDAP window will open 68 Avocent HMX Manager Installer User Guide Type a name in the Service Name field to change the name of the service that appears in the Name column of the User Authentication Services window Type the address of the LDAP host in dot notation format xxx xxx xxx xxx in the Host Address field Type the number of the port you wish to use for connecting to the LDAP host in the Port Number field Specify a Secure Socket Layer SSL Encryption mode e Click Do Not Use SSL to have authentication performed using unencrypted clear text instead of SSL encryption This method is the least secure and automatically sets the Port Number field to a default port number of 389 e Click Use SSL in Trust All Mode to use SSL encryption for data transmission All server certificates will be trusted and automatically accepted by the HMX Manager for transmitting data This SSL method provides medium security and automatically sets the Port Number field to a default port number of 636 This encryption mode is not recommended for wide area networks WANs e Click Use SSL in Certificate based Trust Mode to use SSL encryption for data transmission The HMX
152. with computer systems and do not have overload protection Ensure that air flow is sufficient to prevent extreme operating temperatures Provide a minimum space of 6 inches 15 cm in front and back for adequate airflow e Keep power and interface cables clear of foot traffic Route cables inside walls under the floor through the ceiling or in protective channels or raceways e Route interface cables away from motors and other sources of magnetic or radio frequency interference e Stay within specified cable length limitations e Leave enough space in front and back of the equipment to allow access for servicing 4 Avocent HMX Manager Installer User Guide When installing Avocent equipment in a rack or cabinet observe the following precautions e Ensure that the floor s surface is level Load equipment starting at the bottom first and fill the rack or cabinet from the bottom to the top Exercise caution to ensure that the rack or cabinet does not tip during installation and use an anti tilt bar When using a desk or table observe the following precautions e Choose a desk or table sturdy enough to hold the equipment e Place the equipment so that at least 50 of the equipment is inside the table or desk s leg support area to avoid tipping of the table or desk e This device is not intended for use in the direct field of view at visual display workplaces To avoid incommoding reflexions at visual display workplaces this d
153. ws containing that group or units in that group 56 Avocent HMX Manager Installer User Guide 57 GA nenticationServices ttt Authentication Services Users must be authenticated before they may access or perform any tasks in the HMX Manager system When users log in they will be prompted for a username and password The HMX Manager will look up the login determine the authentication service to use and forward the login credentials to the appropriate authentication service for verification All authentication is performed over an HTTPS SSL encrypted link Some web browsers may store password information see your web browser documentation Supported Authentication Services The HMX Manager is delivered with the an internal authentication service which verifies a log in and password against user account information stored in the database on the HMX Manager server The HMX Manager also supports the following external authentication services e Microsoft Active Directory IBM SecureWay Directory Server Novell LDAP Services e Sun Solaris R9 LDAP Directory Server e Sun ONE LDAP Directory Server e Microsoft Windows NT domain e Cisco Secure ACS 3 3 for Windows 2000 2003 server e Microsoft IAS for Windows 2000 2003 server e FreeRADIUS for Red Hat RHL3 e Cisco Secure ACS 3 3 for Windows 2000 2003 server RSA SecurID Uses LDAP V3 If the HMX Manager server is configured for external authentication login requ
154. y and automatically sets the Port Number field to a default port number of 636 d Click Enable Chasing of Referrals if you wish to allow the LDAP server to refer HMX Manager clients to additional directory servers e Click Next If you selected Use SSL in Certificate based Trust Mode go to step 6 If you selected Do Not Use SSL or Use SSL in Trust All Mode go to step 10 The HMX Manager server will try to find a server that has a trusted certificate chain If no trusted certificate chain is found then the Accept Certificate window will open and list all servers that belong to the domain It will also list the reasons for rejection of the certificate chain Click Next to accept the certificate 11 12 Chapter 7 Authentication Services 67 The Specify LDAP User Schema window will open a Type the Base distinguished name DN from which to begin searches This is a required field unless the Directory Service has been configured to allow anonymous search Each Search DN value must be separated by a comma b Type the key attribute The default value is common name cn c Type the object class The default value is person d Type the full name attribute The default value is surname sn e Click Next The Specify LDAP Group Schema window will open a Type the Base distinguished name DN from which to begin searches This is a required field unless the Directory Service has been configured to allow anonymous search Each
155. y be listed in the side navigation bar if an appliance of that type has been added to the HMX Manager database and the user has access to it e Target Devices If target device types have been created their links in the side navigation bar are listed under Target Devices All e Mixed Views Mixed view windows may contain managed appliances target devices or both Several links in the side navigation bar will open mixed view Units View windows e Recently Accessed Units that the user has accessed most recently e Groups Units that have been assigned to a personal or global unit group e Sites Units that have been assigned to a site e Departments Units that have been assigned to a department e Locations Units that have been assigned to a location e Custom fields Units that have been assigned to custom groups These group names may also have custom field labels 22 Avocent HMX Manager Installer User Guide Showing and Hiding Units Hiding turns off the display of units in the window but does not remove the units from the HMX Manager system To hide a unit 1 Ina Units View window click Customize The Units View Customization window will open 2 Click Visibility in the Available Fields column and then click Add Visibility will be moved to the Fields to Show column 3 Enable the Show hidden items checkbox if you wish to display hidden units in the Units View Customization window with a transparent icon 4 Cli
Download Pdf Manuals
Related Search
Related Contents
Orion 13032 User's Manual Massive Table lamp 43219/30/10 Hyperion 1300g Quick Start Guide in Spanish ANLEITUNG Krystal Touch of NY DL3800ABPAS Installation Guide : Free Download, Borrow, and Streaming : Internet Archive Manuale videocitofono esterno VTO2000A UniVista Installation Guide manual técnico del manejo de chiles en campo abierto elaborado MOEN TS514ORB Installation Guide ストリームキットで始まる お庭に小川のある生活- https://telegra.ph/DC-Voltage-Drop-Calculator-5fff4072-11-16
- https://telegra.ph/Calculat-Wire-Area-From-Voltage-Drop-1948d344-11-16
- https://telegra.ph/AC-Single-phase-Voltage-Drop-Calculator-ce722619-11-16
- https://telegra.ph/Concrete-Block-Calculator-d973317b-11-16
- https://telegra.ph/1-5-10-Concrete-Mix-Calculator-e7bee543-11-13
- https://telegra.ph/Footer-Concrete-Volume-Calculator-ff984c34-11-13
- https://telegra.ph/round-bar-weight-calculator-5bf8ceff-11-07
- https://telegra.ph/square-pipe-weight-calculator-48df24c3-11-07
- https://telegra.ph/Calculat-Wire-Area-From-Voltage-Drop-be0c8aab-11-18
- https://telegra.ph/Calculate-Length-from-Voltage-Drop-ee12495a-11-18