APC AP7900 Files you create for SSL and SSH security

®

USER’S GUIDE

Switched Rack PDU

135

Authentication of the server (in this case, the Rack PDU) occurs each time

a connection is made from the browser to the server. The browser checks to

be sure that the server’s certificate is signed by a Certificate Authority

known to the browser. For this authentication to occur:

• Each Switched Rack PDU with SSL enabled must have a server

certificate on the Rack PDU itself.

• Any browser that is used to access the Rack PDU’s Web interface

must contain the CA root certificate that signed the server certificate.

If authentication fails, the browser prompts you on whether to continue

despite the fact that it cannot authenticate the server.

If your network does not require the authentication provided by digital

certificates, you can use the default certificate that the Rack PDU generates

automatically. The default certificate’s digital signature will not be

recognized by browsers, but a default certificate enables you to use SSL for

the encryption of transmitted user names, passwords, and data. (If you use

the default certificate, the browser prompts you to agree to unauthenticated

access before it logs you on to the Web interface of the Rack PDU.)

How SSH host keys are used. An SSH host key authenticates the identity

of the server (the Switched Rack PDU) each time an SSH client contacts

the Rack PDU. Each Switched Rack PDU with SSH enabled must have an

SSH host key on the Rack PDU itself.

Files you create for SSL and SSH security

Use the APC Security Wizard to create the following components of an SSL

and SSH security system:

• The server certificate for the Switched Rack PDU, if you want the

benefits of authentication that such a certificate provides.You can

create either of the following types of server certificate:

Contents

Main Contents Introduction Control Console Web Interface Device and Outlet Management Menus Data Menu (Web Interface Only) Network Menu System Menu Boot Mode Security How to Export Configuration Settings File Transfers Index Product Information Introduction Product Description Features of the Switched Rack PDU Initial setup Access Procedures Access priority for logging on Types of user accounts Page How to Recover From a Lost Password Page Upgrading Firmware through a Serial Connection Page Page Page Link-RX/TX (10/100) LED This LED indicates the network status. Status LED This LED indicates the network status of the Rack PDU. Load indicator LED The load indicator LED identifies overload and warning conditions for the displayed phase or bank. APC Worldwide Customer Support Wat ch do g F eatures Network interface watchdog mechanism Resetting the network timer Control Console How to Log On Remote access to the control console Telnet for basic access. SSH for high-security access. Local access to the control console Main Screen Example main screen The main screen that is displayed when you log on to the control console of a Rack PDU: Information and status fields Main screen information fields. Main screen status fields. Control Console Menus Menu structure Main menu Device Manager option Network option System option Web Inter face How to Log On Supported Web browsers URL address formats Summary Page Status Quick status tab Navigation Menu Selecting a menu to perform a task Help menu Links menu Device and Outlet Management Menus How to Configure and Control Outlet Groups Outlet group terminology Purpose and benefits of outlet groups System requirements for outlet groups Rules for configuring outlet groups How to enable outlet groups Enable creation of outlet groups. Enable support for global outlet groups (linked groups). How to create a local outlet group (Web interface) How to create multiple global outlet groups (Web interface) How to edit or delete an outlet group Typical outlet group configurations Page Verify your setup and configuration for global outlet groups Outlet Settings for Outlets and Outlet Groups How to initiate a control action Web i nter face. Control Console. Control actions you can select. How to configure outlet settings and outlet name Settings that you can configure. both the Web interface and control console unless otherwise indicated: Web I nterfa ce. Control Console. Switched Rack PDU Settings Configure Load Thresholds Web i nter face. Control console. How to configure Device Settings Web i nter face. Control console. Power Supply Status (control console only) Scheduling Outlet Actions (Web Interface Only) Actions you can schedule Page How to schedule an outlet event How to edit, disable, enable, or delete an outlet event Event-Related Menus Page Event Log Logged events Web interface Control console How to use FTP or SCP to retrieve a log file Secure CoPy (SCP). File Transfer Protocol (FTP). Page Event Actions (Web Interface Only) Severity levels Event log action Syslog action SNMP traps action Email action Event Recipients Trap Receiver settings E-mail Feature DNS servers SMTP settings Email Recipients Page Page How to Configure Individual Events Event List page Detailed Event Action Configuration page Data Menu (Web Interface Only) Log Option Configuration Option Network Menu Page Option Settings TCP/IP Current TCP/IP settings fields. Boot mode setting. Advanced settings. Page DNS Configure Domain Name System Settings fields. Send DNS Query (Web interface). Ping utility (control console only) FTP Se rv er Telnet/SSH Page Page Page Page Page SNMP Email See SMTP settings and E-mail Feature. Syslog Syslog settings. Syslog test (Web interface). message to the Syslog servers configured in the Syslog Server section. Syslog message format. Web/SSL (Web/SSL/TLS in the control console) Page Page Page Page Page Page WAP ISX Protocol (control console only) System Menu Page Option Settings User Manager Use this option to define access values shared by the control console and Web interface. Outlet User Manager Web i nter face. Control console. select Manage Outlet Users from the User Manager menu. RADIUS Configuring the Rack PDU. Configuring the RADIUS server. Page Identification Date & Time Set Manually. Synchronize with Network Time Protocol (NTP) Server . Too ls Use this option to perform the following actions. Links (Web interface) Modem (not supported) About System Page Boot Mode DHCP & BOOTP boot process DHCP Configuration Settings Switched Rack PDU settings Page DHCP response options Vendor Specific Information (opt ion 43). Page TCP/IP options. Miscellaneous options. Security Security Features Planning and implementing security features Summary of access methods Serial control console. Remote control console. SNMP. File transfer protocols. Web S erve r. RADIUS. Changing default user names and passwords immediately Port assignments User names, passwords, community names (SNMP) Authentication versus Encryption Page Encryption Secure SHell (SSH) and Secure CoPy (SCP) Page Secure Sockets Layer (SSL)/Transport Layer Security (TLS) Page Creating and Installing Digital Certificates Purpose Choosing a method for your system Method 1: Use the auto-generated default certificate. Page Method 2: Use the APC Security Wizard to create a CA certificate and a server certificate. Page Page Page Page Using the APC Security Wizard Overview Authentication How certificates are used. How SSH host keys are used. Files you create for SSL and SSH security Page Create a Root Certificate & Server Certificates Create the CA root certificate. Load the CA root certificate to your browser . Create an SSL Server User Certificate. Load the server certificate to the Rack PDU. Create a Server Certificate and Signing Request Create the Certificate Signing Request (CSR). Page Import the signed certificate. Load the server certificate to the Rack PDU. Create an SSH Host Key Create the host key. Load the host key to the Rack PDU. APC Device IP Configuration Wizard Purpose and Requirements Purpose: configure basic TCP/IP settings System requirements Install the Wizard Use the Wizard Launch the Wizard Configure the basic TCP/IP settings remotely Prepare to configure the settings. Run the Wizard to perform the configuration. Configure or reconfigure the TCP/IP settings locally How to Export Configuration Settin gs Retrieving and Exporting the .ini File Summary of the procedure Contents of the .ini file Detailed procedures Retrieving. Customizing. Exporting the file to a single Rack PDU. Exporting the file to multiple Rack PDUs. The Upload Event and Error Messages The event and its error messages Messages in config.ini Errors generated by overridden values Using the APC Device IP Configuration Wizard File Transfers Upgrading Firmware: Methods and Tools Benefits of upgrading firmware Firmware files (Switched Rack PDU) Obtain the latest firmware version Automated upgrade tool for Microsoft Windows systems. Manual upgrades, primarily for Linux systems. Firmware file transfer methods Use FTP or SCP to upgrade one Rack PDU Instructions for using FTP . Instructions for using SCP . How to upgrade multiple Rack PDUs Export configuration settings. Use FTP or SCP to upgrade multiple Rack PDUs. Use XMODEM to upgrade one Rack PDU Page Verifying Upgrades and Updates Last Transfer Result codes Product Information Warranty and Service Limited warranty Warranty limitations Obtaining service Life-Support Policy General policy Examples of life-support devices Index A B C D E F G H I K L M N O P R S Page T U V W APC Worldwide Customer Support Copyright 990-1368D-001 04/2005