APC 7900 - Enhanced Security Features for Switched Rack PDU

Switched Rack PDU

USER’S GUIDE

®

Secure Sockets Layer (SSL)/Transport Layer Security (TLS)

For secure Web communication, you enable Secure Sockets Layer (SSL) and Transport Layer Security (TLS) by selecting HTTPS (SSL/TLS) as the protocol mode to use for access to the Web interface of the Switched Rack PDU. Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS) is a Web protocol that encrypts and decrypts page requests from the user and pages that are returned by the web server to the user. Originally developed by Netscape, it has become an internet standard supported by most Web browsers.

The Switched Rack PDU supports SSL version 3.0 and TLS version 1.0. Most browsers let you select the version of SSL to enable.

When SSL is enabled, your browser displays the lock icon, usually at the bottom of the screen.

SSL uses a digital certificate to enable the browser to authenticate the server (in this case, the Switched Rack PDU). The browser verifies the following:

•The format of the server certificate is correct.

•The server certificate’s expiration date and time has not passed.

•The DNS name or IP address specified when a user logs on matches the common name in the server certificate.

•The server certificate is signed by a trusted certifying authority.

Each major browser manufacturer distributes CA root certificates of the commercial Certificate Authorities in the certificate store (cache) of its browser so that it can compare the signature on the server certificate to the signature on a CA root certificate.

124

Image 127

APC AP7900 manual Secure Sockets Layer SSL/Transport Layer Security TLS

Contents

Contents Data Menu Web Interface Only File Transfers Introduction Features of the Switched Rack PDUProduct Description Initial setup Access priority for logging on Access ProceduresOverview Types of user accounts Switched Rack PDU How to Recover From a Lost Password Switched Rack PDU Upgrading Firmware through a Serial Connection Switched Rack PDU Front Panel Single-phase Three-phase See Link-RX/TX 10/100 LED Function Condition Description Link-RX/TX 10/100 LED Status LED Load indicator LEDCurrent Overload threshold Resetting the network timer Watchdog FeaturesNetwork interface watchdog mechanism Control Console How to Log On Remote access to the control console Local access to the control console Example main screen Main Screen Main screen information fields Information and status fields Main screen status fields Menu structure Control Console Menus Device Manager option Main menu System option Network option Web Interface Supported Web browsers URL address formats Status Summary Quick status tab Events menu Data menu Network menu System menu Navigation Menu To do the following, see Data Menu Web Interface Only Selecting a menu to perform a task Help menu Control Administrator and Device Manager access Links menu Device and Outlet Management Menus How to Configure and Control Outlet GroupsOutlet group terminology Purpose and benefits of outlet groups System requirements for outlet groups Rules for configuring outlet groups How to create a local outlet group Web interface How to enable outlet groupsParameter Description How to edit or delete an outlet group How to create multiple global outlet groups Web interface Typical outlet group configurations Switched Rack PDU Verify your setup and configuration for global outlet groups How to initiate a control action Outlet Settings for Outlets and Outlet Groups Option Description Value for Power On Delay.†For Reboot Duration.† Power On Delay. † Setting Description How to configure outlet settings and outlet name Switched Rack PDU Configure Load Thresholds Switched Rack PDU Settings How to configure Device Settings Power Supply Status control console only Scheduling Outlet Actions Web Interface Only On Delay . †Actions you can schedule Power Off Delay.† How to schedule an outlet event How to edit, disable, enable, or delete an outlet event Introduction Event-Related MenusMenu options Switched Rack PDU Event Log Web interface Logged eventsControl console How to use FTP or SCP to retrieve a log file Secure CoPy SCP Ftpget event.txt or Ftpget data.txt See Event log action Event Actions Web Interface Only Event log action Severity levels Snmp traps action Syslog actionEmail action Definition Trap Receiver settingsIdentified by the Receiver NMS IP/Domain Name setting Event Recipients Smtp Mail Feature DNS servers Smtp settingsEmail Recipients Switched Rack PDU Smtp Code Description Severity How to Configure Individual EventsDetailed Event Action Configuration Event List Log Option Data Menu Web Interface Only Configuration Option Network Menu TCP/IP DNS TCP/IP Option Settings Switched Rack PDU Switched Rack PDU DNS FTP Server Ping utility control console only Telnet/SSH Switched Rack PDU If you are using SSH version 2, expect a noticeable delay Telnet SSH Server Configuration During that time Configuration Setting Definition Console, choose Advanced SSH Configuration and then Host Key See Smtp settings and E-mail Feature Syslog Severe is mapped to Critical Informational is mapped to Info Web/SSL Web/SSL/TLS in the control console Switched Rack PDU Web/SSL Network Configuration Http//159.215.12.1145000 Name and Password settings SSL/TSL Server Configuration Advanced SSL/TLS Configuration Organization O and Organizational Unit OU The name ISX Protocol control console only WAP System Menu Radius Readonly , by default, for Read Only User Device , by default, for Device Manager UserUser Manager Outlet User Manager 100 Radius Primary Server Radius Setting Definition AccessAccess setting to Local Only or Radius then Local Timeout Example Radius users file Example Radius users file with VSAs Date & Time Identification 106 Action Definition Tools APC’s Web Site , Testdrive Demo , and Remote Monitoring Links Web interfaceModem not supported About System 109 Boot Mode See Switched Rack PDU settings Dhcp & Bootp boot process Switched Rack PDU settings Dhcp Configuration Settings 113 APC Cookie. Tag 1, Len 4, Data 1APC Dhcp response options Boot Mode Transition. Tag 2, Len 1, Data 1/2 116 Security Access Description Security FeaturesPlanning and implementing security features Summary of access methods Snmp Web Server Changing default user names and passwords immediately Authentication versus Encryption User names, passwords, community names SnmpPort assignments 121 Secure SHell SSH and Secure CoPy SCP Encryption 123 Secure Sockets Layer SSL/Transport Layer Security TLS See also and Signing Request Purpose Creating and Installing Digital Certificates Advantages Choosing a method for your system 128 129 Disadvantage 131 132 Firewalls Authentication Using the APC Security WizardOverview Files you create for SSL and SSH security 136 Summary Create a Root Certificate & Server Certificates Procedure 139 140 Scp cert.p15 apc@156.205.6.185\sec\cert.p15 Create a Server Certificate and Signing Request 143 144 145 Create an SSH Host Key Load the host key to the Rack PDU. Perform these steps System requirements APC Device IP Configuration WizardPurpose configure basic TCP/IP settings Purpose and Requirements Automated installation Install the WizardManual installation Use the Wizard Configure the basic TCP/IP settings remotelyLaunch the Wizard Select Remotely over the network, and click Next Select Locally through the serial port, and click Next Configure or reconfigure the TCP/IP settings locally Summary of the procedure How to Export Configuration SettingsRetrieving and Exporting the .ini File Contents of the .ini file Detailed procedures NTPEnable=enabled Ftp put filename.ini Event and its error messages Upload Event and Error Messages Errors generated by overridden values Messages in config.ini Using the APC Device IP Configuration Wizard File Transfers Upgrading Firmware Methods and Tools Firmware files Switched Rack PDUBenefits of upgrading firmware Obtain the latest firmware version 164 Firmware file transfer methods Apchw02aos264.bin Apchw02app266.bin Use FTP or SCP to upgrade one Rack PDU Ftp open 150.250.6.10 How to upgrade multiple Rack PDUs See Release Notes ini File Utility, version Use Xmodem to upgrade one Rack PDU 169 Last Transfer Result codes Verifying Upgrades and UpdatesCode Description Product Information Warranty and ServiceLimited warranty Warranty limitations Obtaining service General policy Life-Support PolicyExamples of life-support devices Index Bootp Dhcp Error messages Keywords SCP Smtp TCP/IP Up Time APC Worldwide Customer Support Copyright