131 | APC AP7900 guide

Switched Rack PDU

USER’S GUIDE

®

Method 3: Use the APC Security Wizard to create a certificate-signing

request to be signed by the root certificate of an external Certificate Authority and to create a server certificate. Use the APC Security Wizard to create a request (a .csr file) to send to a Certificate Authority. The Certificate Authority returns a signed certificate (a .crt file) based on information you submitted in your request. You then use the APC Security Wizard to create a server certificate (a .p15 file) that includes the signature from the root certificate returned by the Certificate Authority. Upload the server certificate to the Rack PDU.

You can also use Method 3 if your company or agency operates its own Certificate Authority, Use the APC Security Wizard in the same way, but use your own Certificate Authority in place of a

commercial Certificate Authority.

This method has the following advantages and disadvantages.

•Advantages:

–Before they are transmitted, the user name and password for Rack PDU access and all data to and from the Rack PDU are encrypted.

–You have the benefit of authentication by a Certificate Authority that already has a signed root certificate in the certificate cache of the browser. (The CA certificates of commercial Certificate Authorities are distributed as part of the browser software, and a Certificate Authority of your own company or agency has probably already loaded its CA certificate to the browser store of each user’s browser.) Therefore, you do not have to upload a root certificate to the browser of each user who needs access to the Rack PDU.

–The length of the public key (RSA key) that is used for setting up an SSL session is 1024 bits, providing more complex encryption and consequently a higher level of security than the public key used in Method 1. (This longer encryption key is also used in Method 2.)

131

Image 134

APC AP7900 manual 131

Contents

Contents Data Menu Web Interface Only File Transfers Product Description Features of the Switched Rack PDUIntroduction Initial setup Overview Access ProceduresAccess priority for logging on Types of user accounts Switched Rack PDU How to Recover From a Lost Password Switched Rack PDU Upgrading Firmware through a Serial Connection Switched Rack PDU Single-phase Three-phase Front Panel Function See Link-RX/TX 10/100 LED Link-RX/TX 10/100 LED Condition Description Current Overload threshold Load indicator LEDStatus LED Network interface watchdog mechanism Watchdog FeaturesResetting the network timer How to Log On Control Console Remote access to the control console Local access to the control console Main Screen Example main screen Information and status fields Main screen information fields Main screen status fields Control Console Menus Menu structure Main menu Device Manager option Network option System option Web Interface Supported Web browsers URL address formats Summary Status Quick status tab Navigation Menu Events menu Data menu Network menu System menu Selecting a menu to perform a task To do the following, see Data Menu Web Interface Only Control Administrator and Device Manager access Help menu Links menu Outlet group terminology How to Configure and Control Outlet GroupsDevice and Outlet Management Menus Purpose and benefits of outlet groups System requirements for outlet groups Rules for configuring outlet groups Parameter Description How to enable outlet groupsHow to create a local outlet group Web interface How to create multiple global outlet groups Web interface How to edit or delete an outlet group Typical outlet group configurations Switched Rack PDU Verify your setup and configuration for global outlet groups Outlet Settings for Outlets and Outlet Groups How to initiate a control action Power On Delay. † Value for Power On Delay.†For Reboot Duration.† Option Description How to configure outlet settings and outlet name Setting Description Switched Rack PDU Switched Rack PDU Settings Configure Load Thresholds How to configure Device Settings Power Supply Status control console only Actions you can schedule On Delay . †Scheduling Outlet Actions Web Interface Only Power Off Delay.† How to schedule an outlet event How to edit, disable, enable, or delete an outlet event Menu options Event-Related MenusIntroduction Switched Rack PDU Event Log Control console Logged eventsWeb interface How to use FTP or SCP to retrieve a log file Secure CoPy SCP Ftpget event.txt or Ftpget data.txt Event Actions Web Interface Only See Event log action Severity levels Event log action Email action Syslog actionSnmp traps action Event Recipients Trap Receiver settingsIdentified by the Receiver NMS IP/Domain Name setting Definition Mail Feature Smtp Email Recipients Smtp settingsDNS servers Switched Rack PDU Smtp Event List How to Configure Individual EventsDetailed Event Action Configuration Code Description Severity Data Menu Web Interface Only Log Option Configuration Option Network Menu TCP/IP DNS Option Settings TCP/IP Switched Rack PDU Switched Rack PDU DNS Ping utility control console only FTP Server Telnet/SSH Switched Rack PDU If you are using SSH version 2, expect a noticeable delay Telnet SSH Server Configuration Configuration During that time Console, choose Advanced SSH Configuration and then Host Key Setting Definition See Smtp settings and E-mail Feature Syslog Severe is mapped to Critical Informational is mapped to Info Web/SSL Web/SSL/TLS in the control console Switched Rack PDU Web/SSL Network Configuration Name and Password settings Http//159.215.12.1145000 SSL/TSL Server Configuration Advanced SSL/TLS Configuration Organization O and Organizational Unit OU The name WAP ISX Protocol control console only System Menu Radius User Manager Device , by default, for Device Manager UserReadonly , by default, for Read Only User Outlet User Manager 100 Radius Timeout Radius Setting Definition AccessAccess setting to Local Only or Radius then Local Primary Server Example Radius users file Example Radius users file with VSAs Identification Date & Time 106 Tools Action Definition About System Links Web interfaceModem not supported APC’s Web Site , Testdrive Demo , and Remote Monitoring 109 Boot Mode Dhcp & Bootp boot process See Switched Rack PDU settings Dhcp Configuration Settings Switched Rack PDU settings 113 Dhcp response options APC Cookie. Tag 1, Len 4, Data 1APC Boot Mode Transition. Tag 2, Len 1, Data 1/2 116 Summary of access methods Security FeaturesPlanning and implementing security features Security Access Description Snmp Changing default user names and passwords immediately Web Server Port assignments User names, passwords, community names SnmpAuthentication versus Encryption 121 Encryption Secure SHell SSH and Secure CoPy SCP 123 Secure Sockets Layer SSL/Transport Layer Security TLS See also and Signing Request Creating and Installing Digital Certificates Purpose Choosing a method for your system Advantages 128 129 Disadvantage 131 132 Firewalls Overview Using the APC Security WizardAuthentication Files you create for SSL and SSH security 136 Create a Root Certificate & Server Certificates Summary Procedure 139 140 Scp cert.p15 apc@156.205.6.185\sec\cert.p15 Create a Server Certificate and Signing Request 143 144 145 Create an SSH Host Key Load the host key to the Rack PDU. Perform these steps Purpose and Requirements APC Device IP Configuration WizardPurpose configure basic TCP/IP settings System requirements Manual installation Install the WizardAutomated installation Launch the Wizard Configure the basic TCP/IP settings remotelyUse the Wizard Select Remotely over the network, and click Next Configure or reconfigure the TCP/IP settings locally Select Locally through the serial port, and click Next Retrieving and Exporting the .ini File How to Export Configuration SettingsSummary of the procedure Contents of the .ini file Detailed procedures NTPEnable=enabled Ftp put filename.ini Upload Event and Error Messages Event and its error messages Messages in config.ini Errors generated by overridden values Using the APC Device IP Configuration Wizard File Transfers Benefits of upgrading firmware Firmware files Switched Rack PDUUpgrading Firmware Methods and Tools Obtain the latest firmware version 164 Firmware file transfer methods Use FTP or SCP to upgrade one Rack PDU Apchw02aos264.bin Apchw02app266.bin How to upgrade multiple Rack PDUs Ftp open 150.250.6.10 Use Xmodem to upgrade one Rack PDU See Release Notes ini File Utility, version 169 Code Description Verifying Upgrades and UpdatesLast Transfer Result codes Warranty limitations Warranty and ServiceLimited warranty Product Information Obtaining service Examples of life-support devices Life-Support PolicyGeneral policy Bootp Index Dhcp Error messages Keywords SCP Smtp TCP/IP Up Time APC Worldwide Customer Support Copyright