![Aten CC2000 3.0 [176/353] Authentication services](/img/pdf.png)
Aten CC2000 3.0 [176/353] Authentication services
![Aten CC2000 3.0 [176/353] Authentication services](/views2/1977513/page176/bgb0.png)
CC2000 User Manual
162
Authentication Services
The CC2000 provides an internal Username / Password authentication service.
In addition, the CC2000 supports the following third party external
authentication servers: Active Directory, Kerberos, LDAP, RADIUS,
TACACS+, Windows NT Domain, MOTP* and Dual Authentication.
Note: 1. Authentication refers to determining the authenticity of the person
logging in; authorization refers to assigning permission to use the
device’s various functions.
2. These external servers provide authentication services only – they do
not provide authorization services. Authorization is provided through
the CC2000 management system.
3. The CC2000 supports Mobile One-Time Password (MOTP) servers
that can be used as 3rd party authentication servers to improve
security. For more information, see MOTP Settings, page 316, or visit
our web site: www.aten.com/CC2000-OTP
By adding an external authentication server to the CC2000 management
system (see page 163 for details), when you add a user account, you can select
the external authentication server from the list of authentication servers.
Note: For LDAP and Active Directory there is an additional authentication
method in which the user attempting to log in does not have an account
on the CC2000. In this case, the CC2000 checks the external server to
see if it contains an account with the username and password of the user
attempting to log in. If it does, the CC2000 checks to see if the user
belongs to a group that corresponds to a CC2000 domain group. If it
does, the CC2000 lets the user log in and assigns him the access rights
of the group. See Domain Groups tab, page 160, for details.
The Authentication Services submenu is shown below:
Содержание
- Cc2000 1
- Online registration 2
- Telephone support 2
- User information 2
- User notice 2
- Important note about software version 3
- Package contents 3
- Product information 3
- Chapter 1 4
- Chapter 2 4
- Contents 4
- Introduction 4
- Server installation and utilities 4
- Browser operation 5
- Chapter 3 5
- Chapter 4 5
- Chapter 5 5
- Dashboard and basic operation 5
- Device management 5
- Chapter 6 7
- User accounts 7
- Chapter 7 8
- System 8
- Chapter 8 9
- Appendix authentication key utility 10
- Appendix technical information 10
- Appendix the cc2000 utility 10
- Appendix external authentication services 11
- Appendix sso html sample codes 11
- About this manual 12
- Appendix d external authentication services discusses the use of authentication via external third party services it also provides examples of configuring openldap for cc2000 authentication and configuring radius for cc2000 authentication in a linux environment 13
- Appendix e sso html sample codes provides sample codes for the single sign on function 13
- Aten regularly updates its product documentation for new features and fixes for an up to date cc2000 documentation visit 13
- Conventions 13
- Http www aten com global en 13
- Read this manual thoroughly and follow the installation and operation procedures carefully to prevent any damage to the unit or connected devices 13
- This manual uses the following conventions 13
- This page intentionally left blank 14
- Chapter 1 15
- Introduction 15
- Overview 15
- Features 17
- Hardware requirements 19
- Operating system requirements 19
- Requirements 19
- Server requirements 19
- Systems that the cc2000 server will be installed on should meet the following requirements 19
- Client requirements 20
- Hardware requirements 20
- Operating systems 20
- All aten altusen ip products must be at a firmware level that contains the cc management function and the cc management function must be enabled download and install the latest version of the relevant firmware from our website if necessary for details on upgrading the firmware see update restore on page 128 21
- Browsers 21
- Device requirements 21
- For a list of supported devices refer to the aten website 21
- Note 1 devices must be configured to communicate on the same port that as the cc2000 s device port see device port page 17 21
- Supported browsers for users logging into the cc2000 include the following 21
- Licenses 22
- Secondaries 23
- This page intentionally left blank 24
- Chapter 2 25
- Overview 25
- Server installation and utilities 25
- Switching to cc2000 v3 25
- Stop cc2000 service 26
- Before you begin 28
- Starting the installation 28
- Windows version installation 28
- In the configuration dialog box fill in the fields according to the information provided in the table below 31
- Post installation check 34
- Before you begin 35
- Linux version installation 35
- Installing 36
- Post installation check 37
- Post installation setup 38
- Uninstalling from a linux system 39
- Uninstalling from a windows system 39
- Uninstalling the cc2000 39
- Preliminary steps 40
- Upgrading the cc2000 40
- Cc2000 redundant secondary servers 41
- Cc2000 secondary servers 41
- Before you begin 42
- Database migration utility 42
- Migrating the database 42
- Notes about the migration 45
- This page intentionally left blank 46
- Browser operation 47
- Chapter 3 47
- Logging in 47
- Dual authentication 49
- Logging in using motp or dual authentication 49
- Motp authentication 49
- Screen components 50
- The general interface of cc2000 and its components sections and items are shown below 50
- The interface 50
- The screen components are described in the table below 50
- Add favorites 52
- My favorites 52
- Remove favorites 53
- Recent 54
- Message box 55
- Chapter 4 59
- Dashboard and basic operation 59
- Overview 59
- Device status 60
- Events 61
- License 64
- This panel displays the number of used and available nodes an example is shown 64
- Basic operations 65
- Filter 65
- Search 66
- Edit further options 67
- Modifications on interactive display panel 67
- Table headings 67
- This page intentionally left blank 68
- Chapter 5 69
- Device management 69
- Overview 69
- Preliminary procedures 71
- Using vpn 71
- An explanation of the column headings is provided in the table below 72
- By devices general operations 72
- Device table column headings 72
- Introduction 72
- Device types that can be added and configured are found under the add drop down menu at the top of the main panel 73
- The device types and an explanation of their purposes are described in the following table 73
- If you wish to delete device s check the device s and click delete 75
- If you wish to edit a device check the device and click edit for the drop down menu 75
- More configuration options are available here click more for the drop down menu as shown 75
- Refer to adding device on page 62 for details on how to add a device 75
- Refer to editing devices on page 96 for details on how to edit a device 75
- Refer to more on page 105 for the option details within more 75
- Adding device 76
- Fill in the fields according to the information provided in the table below 78
- For cat5 kvm switches only the ports that have a kvm adapter cable attached and are online can be recognized and added to the device list this is because each adapter cable has its own independent identity and if it is not online there is no way for it to be recognized once a port has been added it will appear in the list even if it is off line 79
- If you have difficulty adding arm based pe series pdu refer to adding arm based pe series pdu on page 266for more details 79
- When you have finished click add to complete the procedure 79
- Adding aten pdu 80
- Fill in the fields according to the information provided in the table below 80
- This item refers to adding aten pdu s into the cc2000 management system 80
- When you have finished click next the properties page appears 81
- Devices page 107 82
- Fill in the fields according to the information provided in the table below 82
- Note after adding a device its ports are locked see locking unlocking 82
- When you have finished with this page click add 82
- Fill in the fields according to the information provided in the table below 84
- When you have finished with this page click next the connectivity page appears 84
- Fill in the fields according to the information in the table below 85
- When you have finished with this page click save the system will display a list for you to select which devices are to be added to the aten ecodc check and select the device s port s you wish to be associated with the aten ecodc 86
- Adding an apc pdu 87
- Fill in the fields according to the information provided in the table below 87
- This item refers to adding apc pdu into the cc2000 management system 87
- To add an apc pdu do the following 87
- Fill in the fields according to the information provided in the table below 88
- When you have finished with this page click next the properties page appears 88
- When you have finished click add to complete the procedure 89
- When you have finished with this page click next the connectivity page appears check to enable web ssh telnet sessions 89
- Adding a virtual host 90
- Fill in the fields according to the information provided in the table below 90
- This item refers to adding virtual host into the cc2000 management system 90
- Fill in the fields according to the information provided in the table below 91
- When you have finished with this page click next the properties page appears 91
- Fill in the fields according to the information in the table below 92
- When you have finished with this page click next the connectivity page appears 92
- When you have finished with this page click next the virtual server machine page appears 92
- Adding a blade chassis 94
- Fill in the fields according to the information provided in the table below 94
- This item refers to adding blade chassis into the cc2000 management system 94
- When you have finished with this page click next the properties page appears 94
- Fill in the fields according to the information provided in the table below 95
- Fill in the fields according to the information in the table below 96
- The maximum number of slots field is for information purposes and can t be configured on supported chassis it can only be set on generic chassis 96
- When you have finished with this page click next the connectivity page appears 96
- For each blade you can specify its department location and type and provide a brief description 97
- For the blade switching hotkey this information is filled in automatically with the details of the assigned model 97
- When you have finished click save to complete the procedure 97
- When you have finished with this page click next the blade page appears 97
- When finished click next for the properties page 99
- Fill in the fields according to the information provided in the table below 100
- When finished click next for the connectivity page 100
- Fill in the fields according to the information in the table below 101
- For operations in the drop down menu of the operation column refer to operation on page 109 102
- When finished click save to complete the procedure 102
- Adding a generic device 103
- Fill in the fields according to the information provided in the table below 103
- Note see generic device page 60 for an explanation of generic devices 103
- This item refers to adding generic device into the cc2000 management system 103
- Adding a group device 104
- This item refers to adding group device into the cc2000 management system 104
- When you have finished click add to complete the procedure 104
- A port can belong to any number of group devices when a port is made part of a group device it retains the locked unlocked status of the original physical port if you lock or unlock any of these ports all the ports including the original physical port change to the new locked unlocked status 105
- Fill in the fields according to the information provided in the table below 105
- Note 1 refer back to group device page 61 for an explanation of the differences between aggregate and group devices 105
- When you have finished click add to complete the procedure 105
- Click next and a table will appear with the results use the radio buttons to select the types of devices to be displayed in the table aten devices aten pdus or other servers or devices 107
- Fill in the fields according to the information provided in the table below 107
- Search by ip 107
- The search by ip window is shown below 107
- This item refers to adding devices into the cc2000 management system using the search by ip option 107
- Check the checkbox of the device or server you would like to add and click add 108
- Fill in the properties fields and click add 108
- The description column reveals one of three results 108
- Editing devices 110
- Additional nic1 specify the network protocol s for this nic 114
- Additional nic2 specify the network protocol s for this nic 114
- Additional nic3 specify the network protocol s for this nic 114
- Kvm settings select the access rights refer to the table below 114
- Power via pdu check uncheck to enable disable 114
- Primary nic specify the network protocol s for this nic 114
- Serial settings select the network protocol s and the access rights full access and broadcast full access and view only 114
- Additional nic1 specify the network protocol s for this nic 115
- Additional nic2 specify the network protocol s for this nic 115
- Additional nic3 specify the network protocol s for this nic 115
- Blade chassis aggregate device 115
- Check to set the access rights for the user or group 115
- Kvm settings select the access rights refer to the table below 115
- Primary nic specify the network protocol s for this nic 115
- The options for blade chassis aggregate device is shown below 115
- Deleting devices 118
- Operation 123
- Cc kvm viewer 125
- Control panel functions 125
- The control panel functions are described in the table below 125
- The control panel of the cc kvm viewer is hidden in the upper default or lower center of the screen and becomes visible when you mouse over it the panel consists of three rows an icon row at the top and two text rows below it 125
- You can right click your mouse in the text row area to bring up a menu style version of the toolbar 125
- Control panel functions 128
- Snviewer 128
- The control panel functions are described below and in the following sections 128
- The snviewer provides a control panel that is hidden at the center top of the screen and becomes visible when your mouse moves over it the panel consists of three rows an icon row at the top and two text rows below it 128
- Control panel functions 130
- Note to launch webclient viewer when clicking kvm viewer see 130
- Page 140 130
- The webclient viewer provides access to the devices ports directly on the browser without requiring windows or java client app installation its control panel is explained below 130
- Webclient viewer 130
- Clicking web access opens a browser session for the device server on your desktop just as if you had opened your browser and logged into from the url bar an example is shown below 131
- Web access 131
- Dell idrac 8 example 135
- Hp ilo 5 example 136
- All the operations are the same as the device by devices general operations on page 58 except that configurations are at the port level and it includes a launch viewer option 137
- If you select a device in by device the lower screen will list all the ports of the device 137
- If you want to launch viewers to see the screen of the port check the port and click launch viewer the system will open the viewer in a new window java or winclient 137
- Launch viewer 137
- Port column headings 137
- Refer to operation on page 109 for more information 137
- Selecting by port will list all ports in the system 137
- Properties system macro 138
- Click edit port settings to edit port attributes an example is shown 139
- Port settings 139
- The meanings of the attribute headings are described in the table below 139
- To configure the settings refer to the device s user manual to obtain the necessary information 139
- Unsupported devices 140
- The status column shows the firmware upgrade status of the device 142
- The table here shows the aten and redfish enabled devices that have recently firmware upgraded 142
- This submenu allows you to manage firmware and back up files 142
- Update restore 142
- Firmware upgrade 143
- Firmware repository 146
- Backup configuration 148
- Restore configuration 149
- Device port alias 151
- Preferences 151
- Serial ports broadcast 153
- Advanced 155
- General 155
- Default access rights 156
- System broadcast 156
- Device sync 158
- Chapter 6 159
- Overview 159
- User accounts 159
- Enter the required information in the appropriate fields a description of each of the fields is given in the table below 161
- Click the user type tab to show a list of user types an example is shown 167
- System user types 167
- The cc2000 supports six system user types and are predefined in the system the roles assigned to members of these user types are fixed and cannot be changed 167
- The custom user type category provides you with the convenience and flexibility of assigning various combinations of roles that best suit your installation s requirements 167
- The roles performed by members of the system category are fixed the roles associated with each type are summarized in the table below 167
- There are system and customer user types where the category column helps you identify which is which 167
- User types 167
- Auditor 168
- Click add for a pop up window as shown 168
- Custom user types 168
- Follow the steps below to create a custom user type 168
- Note 1 the differences between super administrators and system administrators are as follows 168
- You can create custom user types with any combination of roles assigned to them to suit your requirements 168
- Groups 170
- Groups tab 170
- Domain groups tab 174
- Authentication services 176
- Add authentication services 177
- Active directory 178
- An explanation of the information required for each of the servers is provided below 178
- Enter information on the page refer to server information on page 164 for the information fields 178
- Enter the server ip domain and click connect to test the connection 178
- Select the security connection and browse method using the corresponding drop down menu click save 178
- Server information 178
- Kerberos 179
- Get the information for the domain name from the service administrator for example settings see nt domain settings example page 308 181
- Radius and tacacs 181
- Windows nt domain 181
- Motp mobile one time password 182
- Dual authentication 183
- If you want to purchase a motp server contact changing information technology inc https www changingtec com en 183
- Note the motp server is for one time password otp token authentication only if you want to adopt the otp function you need to install a motp server first 183
- Dual authentication requires you to log in by entering the username and password of a user in the cc2000 server followed by the motp authentication 184
- If you want to purchase a motp server contact changing information technology inc https www changingtec com en 184
- Note 1 the motp server is for one time password otp token authentication only if you want to adopt the otp function you need to install a motp server first 184
- Alternatively you can move your cursor over the server and click the pencil icon 185
- Cc2000 authentication 185
- Check the server and click edit 185
- Make the configuration choices you desire refer to the table below for an explanation of the fields 185
- With regard to the cc2000 s internal authentication services there are some configuration settings you can make to the password policy function all user accounts must follow the requirements you set here to configure the cc2000 s password policy do the following 185
- A confirmation message will pop up click yes to delete the user s 186
- Authentication server the server cannot be deleted 186
- Delete an authentication server 186
- If a user account has been created on the cc2000 that uses an external 186
- Note 1 you can delete all deleteable servers by checking the box at the top of the column 186
- To delete an authentication server check the server s and click delete 186
- When you have finished click save 186
- Chapter 7 187
- Overview 187
- System 187
- General 188
- Into them directly 188
- Note changes to other servers on the installation can only be made by logging 188
- System info 188
- The default page is general and looks similar to the one above 188
- The meanings of each fields are described in the table below 188
- The system info submenu offers three tab menu choices general time and server ips the default system info page is general as shown below 188
- This page allows you to configure the cc2000 server s settings 188
- Server ips 190
- Notification 191
- Snmp traps 193
- Syslog 194
- Advanced 195
- Snmp agent 199
- Snmp manager 201
- Access protection 203
- Security 203
- Certificate 206
- At the bottom left of the page click update for the following page 207
- Changing a self signed certificate 207
- Changing a self signed certificate allows you to provide additional information in the certificate that wasn t generated in the installation certificate the way to change a self signed ssl certificate is to create a new one to create a new self signed certificate do the following 207
- Check the create a new self signed ssl server certificate checkbox and fill in the fields according to the information in the table below 207
- A message appears asking you to wait while the database gets updated with the new information after a moment the web page closes at this point you are brought back to the beginning of the login sequence where you must go through the procedure of accepting the security certificate and logging in 208
- When you have finished filling in the fields click apply 208
- Disclaimer 211
- License 212
- Select license from the system menu a page similar to the one below appears 212
- The cc2000 license controls the number of nodes permitted on the cc2000 server installation the default license that comes with your purchase is a demo license for one primary no secondaries that allows 16 nodes to add anything more secondary servers and additional nodes a purchased license and license upgrade is required 212
- The page items contained are described in the table below 212
- Task manager 217
- Deleting a task 232
- Editing a task 232
- Run now 232
- Replicate database 233
- Installing xterm 234
- Vmrc plugin 234
- Vmware settings 234
- Primary secondary servers 235
- Redundant servers 235
- The definitions of the server table headings are explained below 235
- The interactive display panel provides a table listing the cc2000 servers along with some corresponding basic information a green online status means that the server is currently accessible a red offline status means that it is currently inaccessible 235
- The redundant servers menu offers two tab menu choices primary secondary servers and advanced as displayed below 235
- To view the properties of each server check the checkbox of the server you want to view and click view properties 236
- View properties 236
- Advanced 240
- This page intentionally left blank 242
- Chapter 8 243
- Overview 243
- System logs 244
- Options 247
- Device logs 250
- Options 251
- Serial console history 253
- Options 256
- Snmp traps 257
- Options 258
- Reports 260
- User access activity 260
- Device access 261
- Fill in the fields from the main panel to build and display either a pie or bar chart or both according to the parameters set when pie is selected for chart the device access page looks similar to the one below 261
- The device access page provides statistics for device access 261
- The meanings of each fields are described in the table below 261
- The meanings of each fields are described in the table below 262
- Fill in the fields from the main panel to build and display either a pie or bar chart or both according to the parameters set the port access page looks similar to the one below 263
- Port access 263
- The meanings of each fields are described in the table below 263
- The port access page provides the statistics for port access 263
- Asset statistics 264
- The asset statistics page displays all the assets that have been added to the cc2000 installation shown in two charts all aten device statistics by model and all device statistics by category 264
- The port access page looks similar to the one below 264
- Options 265
- Default color tab click to return all colors back to their default settings 266
- Appendix a 267
- Definitions 267
- Grant of rights 267
- License agreement 267
- Technical information 267
- Limited warranty 268
- Export regulations 269
- Limitation of liability 269
- Miscellaneous 270
- Termination 270
- Any error messages displayed at the time the error occurred 271
- Any other information you feel may be of help 271
- For online technical support including troubleshooting documentation and software updates http eservice aten com 271
- For telephone support see telephone support page ii 271
- International 271
- North america 271
- Product model number serial number and date of purchase 271
- Technical support 271
- The sequence of operations that led up to the error 271
- Usb authentication key specifications 271
- When you contact us please have the following information ready beforehand 271
- Your computer configuration including operating system revision level expansion cards and software 271
- Device anms settings 272
- Supported aten altusen products 272
- Firewalls 274
- Cc2000 proxy function 275
- Language supported 276
- Name description and range parameters 276
- Note unless otherwise specified all field entries can be inputted in any 276
- The following table lists the parameters and defaults for names descriptions and ranges found in the cc2000 management system 276
- Overview 279
- Trusted certificates 279
- Adding arm based pe series pdu 280
- Troubleshooting 282
- Installing openjdk 8 287
- Windows 287
- Examples 290
- Importing the files 290
- Openssl req new newkey rsa 1024 days 3653 nodes x509 keyout ca key out ca cer config openssl cnf 290
- Openssl req new newkey rsa 1024 days 3653 nodes x509 keyout ca key out ca cer config openssl cnf subj c ca st bc l richmond o aten international ou aten cn aten emailaddress eservice aten com tw 290
- Openssl req new newkey rsa 1024 days 3653 nodes x509 keyout ca key out ca cer config openssl cnf subj c yourcountry st yourstateorprovince l yourlocationorcity o yourorganiztion ou yourorganizationalunit cn yourcommonname emailaddress name yourcompany com 290
- Self signed private certificates 290
- Appendix b 291
- Overview 291
- The cc2000 utility 291
- System settings 292
- Clicking the restore tab brings up a dialog box that looks similar to the one below 293
- Restore 293
- The dialog box is divided into three panels as described in the table below 293
- The view licenses tab lets you view the licenses that are related to the cc2000 package to view a license click its radio button 294
- View license 294
- Appendix c 295
- Authentication key utility 295
- Key status information 295
- Key utilities 295
- Overview 295
- Key firmware upgrade 296
- Starting the upgrade 296
- Upgrade succeeded 299
- Key license upgrade 300
- Overview 300
- Online upgrade 301
- After the upgrade has succeeded the dealer distributor receives an e mail from altusen informing him that the upgrade has been completed online for example 305
- Upgrade succeeded 305
- Offline upgrade 306
- Offline upgrade failure 312
- Order expiration 313
- This page intentionally left blank 314
- Appendix d 315
- Approved services 315
- External authentication services 315
- Ldap ldaps openldap setting example 315
- Overview 315
- Active directory settings example 317
- Radius settings example 318
- Tacacs settings example 320
- Nt domain settings example 322
- Example 1 323
- Ldap group authorization setting examples 323
- Example 2 325
- Active directory group authorization setting example 328
- Motp settings 330
- Motp vm server setup 330
- Motp server initialization 332
- Enter the account name admin and password admin 333
- Step 1 ip setting 333
- Motp server setting 336
- Motp authentication services on cc2000 346
- Setting up motp authentication service 346
- Creating user account s for motp authentication service 348
- Logging into cc2000 349
- Appendix e 351
- Overview 351
- Sso html sample codes 351
Похожие устройства
- Aten CC2000 3.0 Краткое руководство по установке
- Aten RCMMS Руководство пользователя
- Aten CCKM Руководство пользователя
- Aten CCKM Краткое руководство по установке
- Aten CCVSR Краткое руководство по установке
- Aten CCVSR Руководство пользователя
- Aten RCMHD101U Руководство пользователя
- Aten RCMA200SA Руководство пользователя
- Aten RCMDVI50T Руководство пользователя
- Aten RCMDVI00BT Руководство пользователя
- Aten RCMDVI40BT Руководство пользователя
- Aten RCMDP101U Руководство пользователя
- Aten RCMDVI40AT Схема
- Aten RCMDVI40AT Руководство пользователя
- Aten RCMVGA101 Руководство пользователя
- Aten RCMDVI00AT Схема
- Aten RCMDVI00AT Руководство пользователя
- Aten RCMDVI101 Руководство пользователя
- Aten KA7171AK Руководство пользователя
- Aten CS231TK Руководство пользователя