APC AP9606 manual Security, Authentication

Page 68

Security

Authentication

Authentication

The Management Card controls access by providing basic

versus encryption

authentication through user names, passwords, and IP addresses, but

 

provides no type of encryption. These basic security features are

 

sufficient for most environments, in which sensitive data is not being

 

transferred. To ensure that data and communication between the

 

Management Card and the client interfaces, such as Telnet and the

 

Web browser, cannot be captured, you can provide a greater level of

 

security by enabling MD5 authentication (described below) for the Web

 

interface.

MD5

The Web interface option for MD5 authentication enables a higher level

authentication

of access security than the basic HTTP authentication scheme. The

(Web interface)

MD5 scheme is similar to CHAP and PAP remote access protocols.

 

Enabling MD5 implements the following security features:

 

• The Web server requests a user name and a password phrase

 

(distinct from the password). The user name and password

 

phrase are not transmitted over the network, as they are in

 

basic authentication. Instead, a Java login applet combines the

 

user name, password phrase, and a unique session challenge

 

number to calculate an MD5 hash number. Only the hash num-

 

ber is returned to the server to verify that the user has the cor-

 

rect login information; MD5 authentication does not reveal the

 

login information.

 

• In addition to the login authentication, each form post for config-

 

uration or control operations is authenticated with a unique chal-

 

lenge and hash response.

 

• After the authentication login, subsequent page access is

 

restricted by IP addresses and a hidden session cookie. (You

 

must have cookies enabled in your browser.) Pages are trans-

 

mitted in their plain-text form, with no encryption.

 

If you use MD5 authentication, which is available only for the Web

 

interface, disable the less secure interfaces, including Telnet, FTP, and

 

SNMP. For SNMP, you can disable write-only access so that read

 

access and trap facilities are still available. For additional information on

 

MD5 authentication, see RFC document #1321 at the Web site of the

 

Internet Engineering Task Force. For CHAP, see RFC document #1994.

Firewalls

Although MD5 authentication provides a much higher level of security

 

than the plain-text access methods, complete protection from security

 

breaches is almost impossible to achieve. Well-configured firewalls are

 

an essential element in an overall security scheme.

 

Continued on next page

Web/SNMP Management SmartSlot Card User’s Guide

68

Image 68
Contents Title Thank You Contents Web/SNMP Management SmartSlot CardContents System Menu Events Menu Index American Power Conversion’s Web/SNMP Management SmartSlot Product DescriptionCard APC part number AP9606 is a web-based UPS Management Snmp Management SmartSlot Card, which is referred to asIntroduction Figure below identifies and describes the network management Through a Management CardInternal Management Features Password and User Name settings, see User Manager onFront Panel Watchdog Features Control Console IntroductionHow to Log See How to Recover from a Lost Password onControl Console Console, see Main Screen onHow to Recover from a Lost Password Main Screen Into the Control ConsoleUPS model and name field reports the status of the UPS Two fields identify when you logged in, by Date and TimeStatus field reports the Management Card status Control Console Menu Menus onWeb Interface You can use a supported Web browser to manage a UPS, anServer, Telnet, and Web on Netscape Navigator 3.0 or laterTion, see Email on Web InterfaceWeb interface, see Status Summary Page on Status Summary Menu Frame Device Manager Menus onUser-definable links on Being powered by the UPS AccessPages at the APC Web site Click on Links in the System menuNetwork Menu Option Settings Gateway plays, see The role of the Default GatewayResetting the network timer on page 13 for infor Network MenuDownload configuration files 0.0.0.0, by default Used to protect FTP accessSettings are 21 FTP, 23 Telnet, and 80 Web interface APC Web/SNMP Management Card utility CD ./docSetting Definition System Menu System Menu Web interfaceHhmmss format used by the Management Card For file transfers, do the followingDefine the file name in the Filename field, and click Apply Screen instructionsThree User Links, the URL address used by the APC logo, URL address used by the various Interactive Assistant linksDevice Manager Menus Environment Menu Options onDevice Manager Menus UPS Status OptionsStatus Field Definition Status for a Symmetra Power Array or Silcon DP300E seriesVoltage Load Power Output VoltageOutput FrequencyOutput Power PercentagePeak Output CurrentRemaining is shared by all UPS models Displayed above the UPS MenuUPS Diagnostics Options UPS Control Options Action DefinitionTest UPS Alarm options, see UPS Diagnostics Options on Table in Shutdown parameters onUPS Configuration Options Utility line settings on thisAlarm thresholds Symmetra Power Array on General settings onThreshold Definition Option to access the Return Battery Capacity setting Last Battery ReplacementAudible Alarm UPS NameModule Status Option Symmetra Power Array UPS PowerChute network shutdown Option For more information about PowerChute network shutdown, seeFollowing table describes the PowerChute network shutdown Snmp Management Card utility CDSee Probe settings below Environment Menu OptionsDescribed in How to Configure Individual Events Events MenuActions Web Interface only on Events MenuEvent Log FTP Or disabled for events with a specified severity level Event Actions Web Interface onlyEvents are recorded Assigned will still be loggedBy their specific IP addresses Recipients onEvent Recipients As described in Event Actions Web Interface only onTo which traps will be sent Snmp option in the Network menu See Email on the nextTing in Email recipients on Option. See Optimal Email Configuration Issues on Events Menu How to Configure Individual Events Example, to configure the UPS on battery event, as follows To log the event, and send traps to trap receivers 1Change the 2nd character to B Ents 1 and 2, change the 3rd character toManagement Card and Device Events Actions associated with an event, see Event Actions WebInterface only on System events in the table’s descriptionsEvents are generated by all UPS models Events Menu Events Menu Events Menu Environmental Monitoring SmartSlot Card events Security Features SecurityAuthentication SecurityInterface Security Access MethodsManagement Card TroubleshootingProblem Solution Troubleshooting Following table describes known Snmp problemsHow to Correct Communication Lost Problems Technical Support on page 74 for information about how toIf Problems Persist APC Worldwide Technical Support Persist on Warranty InformationProduct Information Product Information Life-Support PolicySpecifications Following table identifies the electrical specificationsFollowing table identifies the physical specifications Following table identifies the environmental specificationsAccept Changes option, 14 Access IndexIndex Device Manager menu optionsFTP Events, 23 24, 51, 53 Snmp UPS events, listed and described W. a p c c . c o m

AP9606 specifications

The APC AP9606 is a sophisticated environmental monitoring device designed to enhance the functionality and efficiency of data centers and critical IT environments. As part of APC’s suite of infrastructure solutions, the AP9606 is primarily aimed at monitoring conditions in rack-mounted and remote locations. By implementing advanced features and technologies, it ensures that environmental conditions remain optimal to prevent equipment failure and provide high availability for business operations.

One of the main features of the AP9606 is its ability to monitor and report various environmental factors including temperature, humidity, and other critical conditions. This real-time monitoring capability allows IT managers to react promptly to changing environmental variables which can significantly impact server and equipment performance. The device can be connected to a multitude of sensors, enabling users to customize their monitoring setups depending on specific requirements.

The AP9606 utilizes SNMP (Simple Network Management Protocol) for seamless integration with existing network management systems. This protocol allows easy communication between the device and other network elements, further enabling IT departments to consolidate and manage their infrastructure efficiently. Additionally, support for web-based interfaces gives users the flexibility to access real-time data from virtually anywhere, facilitating remote management capabilities which are crucial for businesses with multiple locations.

In terms of connectivity, the AP9606 is equipped with multiple ports, including an Ethernet port for network connection and optional serial ports for connecting with compatible devices. The inclusion of both wired and wireless options ensures that the device can adapt to various network environments, making it particularly versatile.

One of the standout characteristics of the APC AP9606 is its scalability. As businesses evolve, so do their monitoring needs. The AP9606 can be easily expanded with additional sensor modules, allowing businesses to grow their monitoring capabilities without needing entirely new systems. This flexibility makes it a cost-effective solution in the long run.

In summary, the APC AP9606 environmental monitoring device stands out due to its comprehensive monitoring features, robust connectivity options, and scalability. It is particularly well-suited for data centers and critical infrastructure environments where maintaining optimal conditions is essential. By investing in the AP9606, businesses can ensure they are proactively managing their IT assets, ultimately leading to improved operational performance and reduced risk of equipment failure.