Choosing a method for your system, Advantages | APC AP7900 manual

Switched Rack PDU

USER’S GUIDE

®

Choosing a method for your system

Using the Secure Sockets Layer (SSL) protocol, you can choose any of the following methods for using digital certificates.

Method 1: Use the auto-generated default certificate. When you enable SSL, you must reboot the Rack PDU. During rebooting, if no server certificate exists on the Rack PDU, the Rack PDU generates a default server certificate that is self-signed but that you cannot configure.

This method has the following advantages and disadvantages:

•Advantages:

–Before they are transmitted, the user name and password for Rack PDU access and all data to and from the Rack PDU are encrypted.

–You can use this default server certificate to provide encryption- based security while you are setting up either of the other two digital certificate options, or you can continue to use it for the benefits of encryption that SSL provides.

•Disadvantages:

–The Rack PDU takes up to 5 minutes to create this certificate, and the Web interface is not available during that time. (This delay occurs the first time you log on after you enable SSL.)

–This method does not include the browser-based authentication provided by a CA certificate (a certificate signed by a Certificate Authority) as Methods 2 and 3 provide. There is no CA Certificate cached in the browser. Therefore, whenever you log on to the Rack PDU, the browser generates a security alert, indicating that a certificate signed by a trusted authority is not available and asking if you want to proceed.

–The default server certificate on the Rack PDU has the Rack PDU’s serial number in place of a valid common name (the DNS name or the IP address of the Rack PDU). Therefore, although the Rack

127

Image 130

APC AP7900 manual Choosing a method for your system, Advantages

Contents

Contents Data Menu Web Interface Only File Transfers Introduction Features of the Switched Rack PDUProduct Description Initial setup Access priority for logging on Access ProceduresOverview Types of user accounts Switched Rack PDU How to Recover From a Lost Password Switched Rack PDU Upgrading Firmware through a Serial Connection Switched Rack PDU Single-phase Three-phase Front Panel Function See Link-RX/TX 10/100 LED Link-RX/TX 10/100 LED Condition Description Status LED Load indicator LEDCurrent Overload threshold Resetting the network timer Watchdog FeaturesNetwork interface watchdog mechanism How to Log On Control Console Remote access to the control console Local access to the control console Main Screen Example main screen Information and status fields Main screen information fields Main screen status fields Control Console Menus Menu structure Main menu Device Manager option Network option System option Web Interface Supported Web browsers URL address formats Summary Status Quick status tab Navigation Menu Events menu Data menu Network menu System menu Selecting a menu to perform a task To do the following, see Data Menu Web Interface Only Control Administrator and Device Manager access Help menu Links menu Device and Outlet Management Menus How to Configure and Control Outlet GroupsOutlet group terminology Purpose and benefits of outlet groups System requirements for outlet groups Rules for configuring outlet groups How to create a local outlet group Web interface How to enable outlet groupsParameter Description How to create multiple global outlet groups Web interface How to edit or delete an outlet group Typical outlet group configurations Switched Rack PDU Verify your setup and configuration for global outlet groups Outlet Settings for Outlets and Outlet Groups How to initiate a control action Power On Delay. † Value for Power On Delay.†For Reboot Duration.† Option Description How to configure outlet settings and outlet name Setting Description Switched Rack PDU Switched Rack PDU Settings Configure Load Thresholds How to configure Device Settings Power Supply Status control console only Scheduling Outlet Actions Web Interface Only On Delay . †Actions you can schedule Power Off Delay.† How to schedule an outlet event How to edit, disable, enable, or delete an outlet event Introduction Event-Related MenusMenu options Switched Rack PDU Event Log Web interface Logged eventsControl console How to use FTP or SCP to retrieve a log file Secure CoPy SCP Ftpget event.txt or Ftpget data.txt Event Actions Web Interface Only See Event log action Severity levels Event log action Snmp traps action Syslog actionEmail action Event Recipients Trap Receiver settingsIdentified by the Receiver NMS IP/Domain Name setting Definition Mail Feature Smtp DNS servers Smtp settingsEmail Recipients Switched Rack PDU Smtp Event List How to Configure Individual EventsDetailed Event Action Configuration Code Description Severity Data Menu Web Interface Only Log Option Configuration Option Network Menu TCP/IP DNS Option Settings TCP/IP Switched Rack PDU Switched Rack PDU DNS Ping utility control console only FTP Server Telnet/SSH Switched Rack PDU If you are using SSH version 2, expect a noticeable delay Telnet SSH Server Configuration Configuration During that time Console, choose Advanced SSH Configuration and then Host Key Setting Definition See Smtp settings and E-mail Feature Syslog Severe is mapped to Critical Informational is mapped to Info Web/SSL Web/SSL/TLS in the control console Switched Rack PDU Web/SSL Network Configuration Name and Password settings Http//159.215.12.1145000 SSL/TSL Server Configuration Advanced SSL/TLS Configuration Organization O and Organizational Unit OU The name WAP ISX Protocol control console only System Menu Radius Readonly , by default, for Read Only User Device , by default, for Device Manager UserUser Manager Outlet User Manager 100 Radius Timeout Radius Setting Definition AccessAccess setting to Local Only or Radius then Local Primary Server Example Radius users file Example Radius users file with VSAs Identification Date & Time 106 Tools Action Definition About System Links Web interfaceModem not supported APC’s Web Site , Testdrive Demo , and Remote Monitoring 109 Boot Mode Dhcp & Bootp boot process See Switched Rack PDU settings Dhcp Configuration Settings Switched Rack PDU settings 113 Dhcp response options APC Cookie. Tag 1, Len 4, Data 1APC Boot Mode Transition. Tag 2, Len 1, Data 1/2 116 Summary of access methods Security FeaturesPlanning and implementing security features Security Access Description Snmp Changing default user names and passwords immediately Web Server Authentication versus Encryption User names, passwords, community names SnmpPort assignments 121 Encryption Secure SHell SSH and Secure CoPy SCP 123 Secure Sockets Layer SSL/Transport Layer Security TLS See also and Signing Request Creating and Installing Digital Certificates Purpose Choosing a method for your system Advantages 128 129 Disadvantage 131 132 Firewalls Authentication Using the APC Security WizardOverview Files you create for SSL and SSH security 136 Create a Root Certificate & Server Certificates Summary Procedure 139 140 Scp cert.p15 apc@156.205.6.185\sec\cert.p15 Create a Server Certificate and Signing Request 143 144 145 Create an SSH Host Key Load the host key to the Rack PDU. Perform these steps Purpose and Requirements APC Device IP Configuration WizardPurpose configure basic TCP/IP settings System requirements Automated installation Install the WizardManual installation Use the Wizard Configure the basic TCP/IP settings remotelyLaunch the Wizard Select Remotely over the network, and click Next Configure or reconfigure the TCP/IP settings locally Select Locally through the serial port, and click Next Summary of the procedure How to Export Configuration SettingsRetrieving and Exporting the .ini File Contents of the .ini file Detailed procedures NTPEnable=enabled Ftp put filename.ini Upload Event and Error Messages Event and its error messages Messages in config.ini Errors generated by overridden values Using the APC Device IP Configuration Wizard File Transfers Upgrading Firmware Methods and Tools Firmware files Switched Rack PDUBenefits of upgrading firmware Obtain the latest firmware version 164 Firmware file transfer methods Use FTP or SCP to upgrade one Rack PDU Apchw02aos264.bin Apchw02app266.bin How to upgrade multiple Rack PDUs Ftp open 150.250.6.10 Use Xmodem to upgrade one Rack PDU See Release Notes ini File Utility, version 169 Last Transfer Result codes Verifying Upgrades and UpdatesCode Description Warranty limitations Warranty and ServiceLimited warranty Product Information Obtaining service General policy Life-Support PolicyExamples of life-support devices Bootp Index Dhcp Error messages Keywords SCP Smtp TCP/IP Up Time APC Worldwide Customer Support Copyright