Authentication | APC Battery Management System instruction

Battery Management System

USER’S GUIDE

®

Authentication

Authentication versus encryption

You can choose to use security features for the Battery Management System that control access by providing basic authentication through user names, passwords, and IP addresses, without using encryption. These basic security features are sufficient for most environments in which sensitive data are not being transferred.

To ensure that data and communication between the Battery Management System and the client interfaces, such as the control console and the Web interface, cannot be intercepted, you can provide a greater level of security by using one or more of the following encryption-based methods:

•For the Web interface, use the Secure Sockets Layer (SSL).

•To encrypt user names and passwords for control console access, use the Secure SHell (SSH) protocol.

•To encrypt user names, passwords, and data for the secure transfer of files, use the Secure CoPy (SCP) protocol.

For more information on these protocols for encryption- based security, see Secure SHell (SSH) and Secure CoPy (SCP) and Secure Sockets Layer (SSL).

114

Image 121

APC Battery Management System manual Authentication versus encryption

Contents

Contents Battery Management System Menu Data Logging Web interface Using the APC Security Wizard Alarms Index Introduction Features of the System System capacity Battery Management Capabilities Battery management features Network Connection Access Description Network Management FeaturesSupported network management applications Supported Web browsers Configuring TCP/IP settings Initial SetupGetting Started Useful terms Access Procedures Accessing the User InterfacesAccess priorities among the interfaces Access priority for logging on Web interface Keystrokes Actions Control console interface Battery Management System Snmp interface Account types and access Password-protected Accounts How to recover from a lost password Battery Management System Resetting the network timer Watchdog FeaturesNetwork interface watchdog mechanism Main Screen Battery ManagementGeneral system information Battery Manager III APP The version of the application APP Displaying data and alarms Battery System and Device Manager Menus Web interface Alarm Alarms reported Data causing the alarm Category Select Device Manager Select String Details Control console Web interface example Viewing details on alarms Category Details Diagnostics Interpreting alarm detailsProblem Charger alarms Management Controller alarms Battery Management System Configuration menu Temperature Configuration Calibration menu Modbus Select Modbus from the Battery System menuSelect Device Manager A spreadsheet .\doc\en\AP9920MBRegMap xx.xls Reset Charge Current Deviation Benchmark Reset Discharge Voltages Access Access Restrictions and Menu OptionsNetwork Menu Menu options TCP/IP Option Settings Battery Management System Battery Management System Battery Management System DNS Ping utility control console FTP Server Telnet/SSH Battery Management System Option Description Telnet SSH Server Configuration Key, and the SSH server is not accessible during that time ConfigurationSSH User Host Key File Apply Console, choose Advanced SSH Configuration and then Host Key Snmp Setting Definition Use the Email option to do the following Syslog Severe is mapped to Critical Informational is mapped to Info Battery Management System Web/SSL Battery Management System Web/SSL Network Configuration Http//171.215.12.1145000 Name and Password settings SSL Server Configuration SSL Server Certificate Advanced SSL Configuration SSL server is not available during that time System can take up to 5 minutes to create this certificate Organization O and Organizational Unit OU The name Parameter Description Battery Management System System Menu Purpose and access Radius Users, device for Device Manager users, and readonly for User ManagerRead-Only User Radius Timeout Radius Setting Definition AccessPrimary Server Primary Server Secret Administrator Device Manager Read-Only User Date & Time Identification Setting Definition OTE WIth Boot mode set to Dhcp & Bootp , its default TCP/IP to DefaultsTools Action Definition Battery Management System Xmodem Preferences Web interface Links Web interface Setting Definition User LinksAPC’s Web Site , Testdrive Demo , and APC Monitoring About System control console Overview Event-related Menus Menu options Logged events Event Log Accessing the log How to use FTP or SCP to retrieve log files Scp username@hostnameoripaddressdata txt./data.txt Ftpdel event.txt or Ftpdel data.txt Enabling and disabling event actions Actions Option Web interface onlySeverity levels of events Event Log action Related topics Email action Trap Receivers Recipients OptionNMS identified by the Receiver NMS IP/Domain Name Email Recipients Setting Description To AddressSend via Generation Email Test Email Option Requirements for using Smtp Setting Description Smtp Server Smtp settingsDNS servers From Address Options to configure individual events How to Configure Individual EventsEvent list access Event list format Event mask settings Bit number Action enabled or disabled for the event Settings for Bits 0 to Severity Event mask example Discharge cycle counter Event generation Severity Definition Severity levels defined Code Severity Description Management Card events Battery Management System Battery Management System Battery Management System events Battery Management System Description Data Logging Web interfaceDefine the Discharge and Charge Data Log intervals Configuration Boot Mode See Management Card settings Dhcp & Bootp boot process 103 Management Card settings Dhcp Configuration Settings 105 Dhcp response options Cookie Is settingAPC Cookie. Tag 1, Len 4, Data 1APC See Dhcp & Bootp boot process Boot Mode Transition. Tag 2, Len 1, Data 1/2 108 109 Planning and implementing security features Security FeaturesSummary of access methods Security Access Description Snmp Port assignments Changing default user names and passwords immediately User names, passwords, community names Snmp Authentication versus encryption Authentication Secure SHell SSH and Secure CoPy SCP Encryption 116 Secure Sockets Layer SSL 118 Purpose Creating and Installing Digital Certificates Advantages Choosing a method for your systemDisadvantages 121 122 Disadvantage 124 125 Firewalls Authentication Using the APC Security WizardOverview 128 Files you create for SSL and SSH security 130 Summary Create a Root Certificate & Server Certificates \Program Files\American Power Conversion\APC Security Wizard Procedure 133 134 135 Scp cert.p15 apc@156.205.6.185\sec\cert.p15 Create a Server Certificate and Signing Request 138 139 Cer or .crt file 141 Create an SSH Host Key 143 Scp cert.p15 apc@156.205.6.185\sec\hostkey.p15 Retrieving and Exporting the .ini file Summary of the procedure Contents of the .ini file Detailed procedures NTPEnable=enabled Ftp put filename.ini Event text Description Event and its error messages Errors generated by overridden values Messages in config.ini Using the Device IP Configuration Wizard Purpose and Requirements Purpose configure basic TCP/IP settingsSystem requirements Download the wizard Install the Wizard Use the Wizard Configure the basic TCP/IP settings remotelyLaunch the Wizard Select Remotely over the network, and click Next Select Locally through the serial port, and click Next Configure or reconfigure the TCP/IP settings locally File Transfers Firmware defined Upgrading FirmwareBenefits of upgrading firmware Obtain the latest firmware version See Firmware files Battery Management System Firmware files Battery Management System Firmware file transfer methods Apchw02aos264.bin Apchw02app260.bin \cd\apc Ftp put apchw02aos264.bin Ftp open 150.250.6.10 AOS module of apchw02aos264.bin 166 167 Last Transfer Result codes Verifying Upgrades and UpdatesCode Description Fault Alarm Criteria AlarmsFault Fault Criteria Situation/Condition Alarm Relay Status LEDs Alarm Relay and LED Operation Access problems Battery Management System Management Card TroubleshootingProblem Solution Management Card Browsers Query the MIB mconfigTrapReceiverTable OIDs to Snmp issues Battery Management System Management Card Limited warranty Warranty and ServiceWarranty limitations Product Information Obtaining service service contracts General policy Life-Support PolicyExamples of life-support devices Index About menu option Access Bootp Dhcp Facility Syslog setting File transfers 158 Management controller Smtp Snmp Telnet Xmodem APC Worldwide Customer Support Copyright