Manuals / Avocent / Computer Equipment / Server

Avocent ACS 5000 manual Types of Users, Security, Authentication

Models: ACS 5000

1 161

Download 161 pages 20.5 Kb

Page 12

4Cyclades® ACS 5000 Installation/Administration/User Guide

•A web manager user account must be defined. The admin has an account by default, and can add regular-user accounts to grant access to the connected servers or devices using the web manager.

Types of Users

The console server supports the following user account types:

•The root user who can manage the console server and its connected devices. The root user performs the initial network configuration. Access privileges are full read/write and management.

•Users who are in an Admin group with administrative privileges. The admin user belongs to this group.

•Regular users who can access the connected devices through the serial ports they are authorized for. Regular users have limited access to the web manager features.

NOTE: It is strongly recommended that you change the default password avocent for the root and admin users before configuring the console server.

Security

The console server includes a set of security profiles that consists of predefined parameters to control access to the console server and its serial ports. This feature provides more control over the services that are active at any one time. As an additional security measure, all serial ports are disabled by default, allowing the administrator to enable and assign individual ports to users.

NOTE: The Default security profile parameters are the same as the Moderate profile.

Authentication

The console server supports a number of authentication methods to assist the administrator with user management. Authentication can be performed locally or with a remote server, such as RADIUS, TACACS+, LDAP or Kerberos. An authentication security fallback mechanism is also employed should the negotiation process with the authentication server fail. In such situations, the console server follows an alternate defined rule when the authentication server cannot authenticate the user.

The following table lists the supported authentication methods.

Image 12

Avocent ACS 5000 manual Types of Users, Security, Authentication

Contents

Cyclades ACS FCC Warning Statement Canadian DOC NoticeCyclades ACS Symbols Used B L E of C on T E N T S Configuring the Console Server in Wizard Mode Vii Network Menu and FormsAppendix a Technical Specifications 143 Connectors on the Console Server OverviewAccessing the Console Server and Connected Devices ACS 5000 Console Server Connectors Number DescriptionPrerequisites for Using the Web Manager Web ManagerAuthentication Types of UsersSecurity Authentication Methods Supported Authentication Type DefinitionServices not supporting IPv6 IPv6Packet Filtering Structure of IP filteringAdd rule and edit rule options ChainRule Add Rule and Edit Rule Option Definitions Filter OptionsNumeric protocol options TCP protocol optionsUDP protocol options Icmp protocol optionsNotifications, Alarms and Data Buffering Example of using facility numbersSyslog servers Prerequisites for logging to syslog serversConsole Server and Power Management Configuring access to connected devicesCommon Administrator Tasks for Configuring Software Managing Users of Connected DevicesAdditional requirements for Server Technology IPDUs Conventions used to identify outletsConfiguring power management Configuring ports for power management by authorized usersOptions for managing power Power management through the web managerHostname Discovery Cyclades ACS 5000 Installation/Administration/User Guide Important Pre-installation Requirements Basic Installation ProceduresMounting the console server Making an Ethernet connection To rack mount the console serverTo connect devices to serial ports To connect to the console port Console server serial port pin-out informationTo use the wiz command to configure network parameters Turning on the console server and the connected devicesTo turn on the console server To turn on connected devicesTo configure for IPv4 protocol To configure for IPv6 protocol Selecting a security profile using the web manager Other Methods of Accessing the Web Manager Adding users and configuring ports using the web managerTo use a dynamic IP address to access the web manager Selecting a security profileConnecting PDUs To use the default IP address to access the web managerConnecting third-party IPDUs To daisy-chain PDUs to the console server Using the Web Manager Features of Regular User FormsTo log into the web manager Form area Port access requirements ConnectConnect to the console server Connect to serial portsConnection protocols for serial ports Ipdu Power Management Outlets ManagerOutlets Group Ctrl View Ipdu infoBulb PadlockPDU Power Factor Form Heading Description ExampleTo change your password Common Features of Administrator Forms Administrator Web Manager ButtonsButton name Use Try changes Click the try changes buttonOverview of Administrative Modes Wizard modeLogging Into the Web Manager Expert mode Example of Web Manager Form in Wizard ModeExample of Web Manager Form in Expert Mode Cyclades ACS 5000 Installation/Administration/User Guide Default security profile Security ProfilePre-defined security profiles Custom security profileHttp Serial port settings and security profiles To select or configure a security profileNetwork Settings To configure the network settingsPort Profile Port Profile Setup Options Parameter OptionsAccess To set parameters for all serial portsParameter Options To add a user To change a password Data BufferingTo delete a user Wizard Data Buffering Field Names and Definitions Field name To configure data buffering System LogTo add a syslog server To delete a syslog serverCyclades ACS 5000 Installation/Administration/User Guide Configuring the Console Server in Expert Mode Overview of menus and formsExpert Mode Screen Elements Number Description Connecting to the console server Connecting to devices connected to the serial portsApplications Menu and Forms ConnectIpdu Power Management Applications Ipdu Power Mgmt Outlets ManagerTo connect to a device through a serial port Expert Outlets Manager Icons Description ButtonPurpose OFFTo view status, lock, unlock, rename or cycle power outlets Avocent PM PDU information displayedThird-party Ipdu information displayed Applications Ipdu Power Mgmt. Outlets Group Ctrl Applications Ipdu Power Mgmt. View IPDUs InfoExpert Ouatlet Groups Ctrl Information Form Heading PM20i/30A Applications Ipdu Power Mgmt. Configuration To view and reset Ipdu informationIpdu Power Mgmt Configuration Description Shown Element Type Applications Ipdu Power Mgmt. Software Upgrade To upgrade software on a Cyclades PM Ipdu ExpertTo upgrade software on non-Cyclades IPDUs To download Cyclades Ipdu softwareExpert Applications PMD Configuration Applications PMD Configuration- GeneralApplications PMD Configuration- Outlet Groups To upgrade software on a Avocent PM PDUApplications PMD Configuration Users Management To configure an outlet groupTo authorize a user for Ipdu power management To delete an outlet groupOutlet entry conventions Prefix GroupExpert Applications Terminal Profile Menu To create a menu for a local server terminalClick apply changes Host Settings Expert Network Menu Descriptions Menu SelectionGeneral host settings DNS ServiceDisabling and enabling IPv4 or IPv6 protocols Disabling IPv4IPv4 settings Disabling/Enabling IPv6IPv6 settings IPv6 Ethernet interfaces IPv6 serial interfacesIPv6 PPP interfaces Other interfacesTo configure host settings Expert from the General form To configure IPv4 protocolTo configure IPv6 protocol Syslog VPN Connections MYCOMPANYDOMAIN-VPNTo configure VPN Click on apply changesDescription To configure Snmp Example, 193.168.44.0/24Firewall Configuration Edit button Delete buttonAdd button Edit Rules buttonInverted checkboxes Target pull-down menu optionsSource or destination IP and mask ProtocolNumeric protocol fields TCP protocol fieldsUDP protocol fields Expert TCP Options Fields Field/Menu OptionIcmp protocol fields Input interface, output interface and fragmentsLOG target Firewall configuration procedures Reject targetTo add a chain To edit a chainTo add a rule To edit a ruleHost Table Static RoutesTo define the console server’s IP address and hostname To configure static routes Expert Field or Menu Name DefinitionCyclades ACS 5000 Installation/Administration/User Guide Security Menu and Forms Users and GroupsAdding a User Adding a GroupTo delete a user or group Expert Add User Dialog Field Names and DefinitionsTo change a user’s password Active Ports SessionsTo add a group To modify a groupTo view, kill or refresh active user sessions TTYConfiguring authentication for console server logins To configure the console servers login authentication methodTo configure a Radius authentication server Group authorization on RadiusTo configure a TACACS+ authentication server Group authorization on TACACS+ To configure an Ldap authentication serverTo configure Ldap authentication Group Authorization on LdapTo configure a Kerberos authentication server Go to Security Authentication Kerberos in Expert mode To configure a NIS authentication server Security ProfilesCustom security profile Serial port settings and security profiles Security certificates Certificate for Http securityUser configured digital certificate Certificate on sshTo enable or disable serial ports Physical Ports103 To select one or more serial portsConsole Access Server CAS profile connection protocols General formConnection profiles Ports Menu and Forms Terminal Server TS profile connection protocolsBidirectional Telnet protocol Modem and power management connection protocols Connection Protocols for Modems or IPDUs Protocol NameCyclades ACS 5000 Installation/Administration/User Guide Click apply changes To configure a power management protocol for an Ipdu To associate an alias to a serial port Access To configure user access to serial portsAccess Form Menu and Fields FieldDescription Authentication methods and fallback mechanism To configure a serial port login authentication method Data BufferingMode Local Destination Data Buffering Form Fields Field Name DefinitionTo configure data buffering for serial ports Field Name DefinitionMulti User Expert Multi User Form Fields Field Name DefinitionPower Management Expert Power Management Form Fields Field Name To configure a serial port for Ipdu power management To configure a serial port for Ipmi power management Other10 Other Form Fields Field Name Definition TCP PortTo configure terminal server connection options Virtual Ports 11 New/Modify Port Dialog Box Fields Field Name DefinitionTo cluster console servers or modify cluster configuration To assign names to slave ports in the clusterPorts Status Ports StatisticsExpert Ports Hostname Discovery 14 Expert Ports Hostname Discovery FieldsCyclades ACS 5000 Installation/Administration/User Guide System Information 129System Information Form InformationParameters Notifications To view system informationInformation Parameters Email Notifications Entry Notifications Form Fields Field Name DefinitionEmail Notifications Dialog Box Fields Field Name Definition Pager notifications entry Snmp trap notifications entry Untitled dropdown fieldCold Start Serial ports alarm notification To configure a trigger for serial port alarm notificationTime/Date To set the time and date manuallyTo configure time and date using an NTP server Setting up a customized timezone configurationTo create a custom timezone selection To use the custom option to set daylight savings timeBoot Configuration Boot Configuration Form Fields Field Name DefinitionTo configure the console server boot Select Flash or Network from the Unit boot from menuBackup Configuration Go to Administration Backup Config in Expert modeUpgrade Firmware To upgrade the console server firmwareReboot To reboot the console serverOnline Help To configure the local online help path Appendix a Technical Specifications 143Environmental Hardware Temperature Elevated operating ambient temperatureTemperatur Erhöhte Umgebungstemperatur im betriebSafety precautions for operating the console server Mechanical loadingSicherer mechanischer Aufbau Circuit overloadingAppendices Electrostatic Discharge ESD Precautions Working inside the console serverReplacing the battery Austausch der Batterie Remplacement de la batterieArbeiten am Cyclades ACS Vorsichtsmassnahmen gegen Elektrostatische Entladung ESDBaterìa FCC warning statementCanadian DOC notice To resolve an issue Appendix C Technical SupportCyclades ACS 5000 Installation/Administration/User Guide For Technical Support