Security Profile, Pre-defined security profiles | Avocent ACS 5000

39

5	Configuring the Console Server in
	Wizard Mode

Step 1: Security Profile

A security profile consists of a set of parameters that can be configured in order to have more control over the services active at any time.

Pre-defined security profiles

There are three pre-defined security profiles:

•Secure - Authentication to access serial ports is required and SSH root access is not allowed.

NOTE: SSH root access is enabled when the security profile is set to Moderate or Open. If a Secured security profile is selected, you must switch to a Custom security profile and enable the allow root access option.

•Moderate - The Moderate profile is the recommended security level. This profile enables sshv1, sshv2, HTTP, HTTPS, Telnet, SSH and Raw connections to the serial ports. In addition, ICMP and HTTP redirection to HTTPS are enabled. Authentication to access the serial ports is not required.

•Open - The Open profile enables all services such as Telnet, sshv1, sshv2, HTTP, HTTPS, SNMP, RPC, ICMP, SSH and Raw connections to the serial ports. Authentication to access serial ports is not required.

Default security profile

See the following tables for the list of enabled services when the Default security profile is used.

Custom security profile

The Custom security profile opens up a dialog box to allow custom configuration of individual protocols or services.

NOTE: By default, a number of protocols and services are enabled in the Custom profile; however, they are configurable to a user’s requirements.

Image 47

Contents

Cyclades ACS Canadian DOC Notice FCC Warning Statement Cyclades ACS Symbols Used B L E of C on T E N T S Configuring the Console Server in Wizard Mode Network Menu and Forms Vii Appendix a Technical Specifications 143 Overview Connectors on the Console Server ACS 5000 Console Server Connectors Number Description Accessing the Console Server and Connected Devices Web Manager Prerequisites for Using the Web Manager Security AuthenticationTypes of Users Authentication Type Definition Authentication Methods Supported Structure of IP filtering Services not supporting IPv6IPv6 Packet Filtering Add Rule and Edit Rule Option Definitions Filter Options Add rule and edit rule optionsChain Rule Icmp protocol options Numeric protocol optionsTCP protocol options UDP protocol options Prerequisites for logging to syslog servers Notifications, Alarms and Data BufferingExample of using facility numbers Syslog servers Managing Users of Connected Devices Console Server and Power ManagementConfiguring access to connected devices Common Administrator Tasks for Configuring Software Conventions used to identify outlets Additional requirements for Server Technology IPDUs Configuring ports for power management by authorized users Configuring power management Hostname Discovery Options for managing powerPower management through the web manager Cyclades ACS 5000 Installation/Administration/User Guide Mounting the console server Important Pre-installation RequirementsBasic Installation Procedures To connect devices to serial ports Making an Ethernet connectionTo rack mount the console server Console server serial port pin-out information To connect to the console port To turn on connected devices To use the wiz command to configure network parametersTurning on the console server and the connected devices To turn on the console server To configure for IPv4 protocol To configure for IPv6 protocol Selecting a security profile using the web manager Selecting a security profile Other Methods of Accessing the Web ManagerAdding users and configuring ports using the web manager To use a dynamic IP address to access the web manager Connecting third-party IPDUs Connecting PDUsTo use the default IP address to access the web manager To daisy-chain PDUs to the console server To log into the web manager Using the Web ManagerFeatures of Regular User Forms Form area Connect to serial ports Port access requirementsConnect Connect to the console server Connection protocols for serial ports Outlets Manager Ipdu Power Management Padlock Outlets Group CtrlView Ipdu info Bulb Form Heading Description Example PDU Power Factor To change your password Administrator Web Manager Buttons Common Features of Administrator Forms Try changes Click the try changes button Button name Use Logging Into the Web Manager Overview of Administrative ModesWizard mode Example of Web Manager Form in Wizard Mode Expert mode Example of Web Manager Form in Expert Mode Cyclades ACS 5000 Installation/Administration/User Guide Custom security profile Default security profileSecurity Profile Pre-defined security profiles Http To select or configure a security profile Serial port settings and security profiles Port Profile Network SettingsTo configure the network settings Options Port Profile Setup Options Parameter Parameter Options AccessTo set parameters for all serial ports To add a user To delete a user To change a passwordData Buffering Wizard Data Buffering Field Names and Definitions Field name System Log To configure data buffering To delete a syslog server To add a syslog server Cyclades ACS 5000 Installation/Administration/User Guide Overview of menus and forms Configuring the Console Server in Expert Mode Expert Mode Screen Elements Number Description Connect Connecting to the console serverConnecting to devices connected to the serial ports Applications Menu and Forms To connect to a device through a serial port Ipdu Power ManagementApplications Ipdu Power Mgmt Outlets Manager OFF Expert Outlets Manager Icons Description ButtonPurpose Third-party Ipdu information displayed To view status, lock, unlock, rename or cycle power outletsAvocent PM PDU information displayed Expert Ouatlet Groups Ctrl Information Form Heading Applications Ipdu Power Mgmt. Outlets Group CtrlApplications Ipdu Power Mgmt. View IPDUs Info PM20i/30A To view and reset Ipdu information Applications Ipdu Power Mgmt. Configuration Ipdu Power Mgmt Configuration Description Shown Element Type To download Cyclades Ipdu software Applications Ipdu Power Mgmt. Software UpgradeTo upgrade software on a Cyclades PM Ipdu Expert To upgrade software on non-Cyclades IPDUs To upgrade software on a Avocent PM PDU Expert Applications PMD ConfigurationApplications PMD Configuration- General Applications PMD Configuration- Outlet Groups To delete an outlet group Applications PMD Configuration Users ManagementTo configure an outlet group To authorize a user for Ipdu power management Prefix Group Outlet entry conventions To create a menu for a local server terminal Expert Applications Terminal Profile Menu Click apply changes Expert Network Menu Descriptions Menu Selection Host Settings Disabling IPv4 General host settingsDNS Service Disabling and enabling IPv4 or IPv6 protocols Disabling/Enabling IPv6 IPv4 settings IPv6 settings Other interfaces IPv6 Ethernet interfacesIPv6 serial interfaces IPv6 PPP interfaces To configure IPv4 protocol To configure host settings Expert from the General form To configure IPv6 protocol Syslog MYCOMPANYDOMAIN-VPN VPN Connections Click on apply changes To configure VPN Description Example, 193.168.44.0/24 To configure Snmp Firewall Configuration Edit Rules button Edit buttonDelete button Add button Protocol Inverted checkboxesTarget pull-down menu options Source or destination IP and mask Expert TCP Options Fields Field/Menu Option Numeric protocol fieldsTCP protocol fields UDP protocol fields LOG target Icmp protocol fieldsInput interface, output interface and fragments To edit a chain Firewall configuration proceduresReject target To add a chain To edit a rule To add a rule To define the console server’s IP address and hostname Host TableStatic Routes Field or Menu Name Definition To configure static routes Expert Cyclades ACS 5000 Installation/Administration/User Guide Users and Groups Security Menu and Forms Expert Add User Dialog Field Names and Definitions Adding a UserAdding a Group To delete a user or group To modify a group To change a user’s passwordActive Ports Sessions To add a group TTY To view, kill or refresh active user sessions To configure the console servers login authentication method Configuring authentication for console server logins To configure a TACACS+ authentication server To configure a Radius authentication serverGroup authorization on Radius To configure an Ldap authentication server Group authorization on TACACS+ To configure a Kerberos authentication server To configure Ldap authenticationGroup Authorization on Ldap Go to Security Authentication Kerberos in Expert mode Security Profiles To configure a NIS authentication server Custom security profile Serial port settings and security profiles Certificate for Http security Security certificates Certificate on ssh User configured digital certificate To select one or more serial ports To enable or disable serial portsPhysical Ports 103 Connection profiles Console Access Server CAS profile connection protocolsGeneral form Terminal Server TS profile connection protocols Ports Menu and Forms Bidirectional Telnet protocol Connection Protocols for Modems or IPDUs Protocol Name Modem and power management connection protocols Cyclades ACS 5000 Installation/Administration/User Guide Click apply changes To configure a power management protocol for an Ipdu To associate an alias to a serial port Access Form Menu and Fields FieldDescription AccessTo configure user access to serial ports Authentication methods and fallback mechanism Data Buffering To configure a serial port login authentication method Data Buffering Form Fields Field Name Definition Mode Local Destination Field Name Definition To configure data buffering for serial ports Expert Multi User Form Fields Field Name Definition Multi User Power Management Expert Power Management Form Fields Field Name To configure a serial port for Ipdu power management Other To configure a serial port for Ipmi power management TCP Port 10 Other Form Fields Field Name Definition To configure terminal server connection options 11 New/Modify Port Dialog Box Fields Field Name Definition Virtual Ports To assign names to slave ports in the cluster To cluster console servers or modify cluster configuration Ports Statistics Ports Status 14 Expert Ports Hostname Discovery Fields Expert Ports Hostname Discovery Cyclades ACS 5000 Installation/Administration/User Guide System Information Form InformationParameters System Information129 Information Parameters NotificationsTo view system information Email Notifications Dialog Box Fields Field Name Definition Email Notifications EntryNotifications Form Fields Field Name Definition Pager notifications entry Untitled dropdown field Snmp trap notifications entry Cold Start To set the time and date manually Serial ports alarm notificationTo configure a trigger for serial port alarm notification Time/Date To use the custom option to set daylight savings time To configure time and date using an NTP serverSetting up a customized timezone configuration To create a custom timezone selection Boot Configuration Form Fields Field Name Definition Boot Configuration Select Flash or Network from the Unit boot from menu To configure the console server boot Go to Administration Backup Config in Expert mode Backup Configuration To upgrade the console server firmware Upgrade Firmware Online Help RebootTo reboot the console server To configure the local online help path Environmental Appendix a Technical Specifications143 Hardware Erhöhte Umgebungstemperatur im betrieb TemperatureElevated operating ambient temperature Temperatur Circuit overloading Safety precautions for operating the console serverMechanical loading Sicherer mechanischer Aufbau Appendices Working inside the console server Electrostatic Discharge ESD Precautions Vorsichtsmassnahmen gegen Elektrostatische Entladung ESD Replacing the battery Austausch der BatterieRemplacement de la batterie Arbeiten am Cyclades ACS Canadian DOC notice BaterìaFCC warning statement Appendix C Technical Support To resolve an issue Cyclades ACS 5000 Installation/Administration/User Guide For Technical Support