Home > ADDER > Extender > ADDERnet Manual

ADDERnet Manual

Add to Favourites
    Download as PDF Print this page Share this page

    Have a look at the manual ADDERnet Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 78 ADDER manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    View all the pages
    Page
    of 49
    Add page 41 to Favourites
    image text
    Enable zoom 
    							gettingstarted
welcome
rter
inormation
40
te
manager
te
connector
Appendix 1 - What are Secure Tickets?
The ADDER.NET application has been created to achieve a 
sensible balance between usability, flexibility and security. It 
needs to provide a quick and easy method for registered users 
to access a wide range of host computers while maintaining 
complete enterprise-level security. One of the unique solutions 
employed to make this possible is the system of Secure Tickets. 
On request, ADDER.NET will issue a time-restricted access 
permission to an eligible user, which permits KVM connection 
to a specific host. ADDER.NET also maintains a complete log of 
access attempts so that an audit trail is always available.     
HostPC
KVM-over -IP
evice
d
ADDER.NET
User
1
23
4
5
AccessLog
HostPC
ADMIT
ONE
ADMITONE
1 The user’s VNC Viewer 
requests access to a 
specific host computer. 
2 ADDER.NET sends 
a secure ticket back 
to the user giving 
timed access to the 
host computer.
3 User’s VNC viewer uses 
the ticket to automatically 
authenticate to the KVM-over-
IP appliance.
4 A VNC session is 
established that 
provides access to 
the requested host 
computer. 
5 All activities are 
fully logged within 
ADDER.NET
    Add page 42 to Favourites
    image text
    Enable zoom 
    							gettingstarted
welcome
rter
inormation
41
te
manager
te
connector
Appendix 2 - What are S3 connections?
ADDER.NET allows an alternative mechanism, called S3, to 
be used for authenticating to devices. Using S3, ADDER.NET 
contacts the device to inform it directly that the connection is 
authorised and then passes matching credentials to the client’s 
VNC viewer. The credentials time-out after a few seconds. This 
has the following advantages:
•	 Unlike	tickets,	which	(if	the	device’s	clock	can	be	set	into	
the past) can be re-used by an attacker, stale credentials can 
never be used.
•	 Where	there	are	clock	synchronisation	problems,	devices	can	
become inaccessible with all tickets being reported as out 
of date. As this method is independent of clock setting, it is 
immune to problems of this type.
However using S3 does require all firmware and software to be 
up-to-date. All of the following are necessary:-
•	 ADDER.NET	1.7	or	later	must	be	used.
•	 The	devices	must	have	firmware	that	supports	S3,	as	listed	
below:
S3 support within Adder units
Device type First S3 version
AdderLink IP Gold v2.1
AdderView CATxIP 5000  v1.11
 Notes:
 It is recommended that S3 is always used when managing 
the above devices. 
 Connections can still be made with other devices, however, 
tickets will always be used in place of S3.
•	 Client	PCs	must	have	ADDER.NET	v1.7	or	later	VNC-URI	
Client	software.	The	ADDER.NET	v1.6	(and	earlier)	VNC-URI	
Client software will not work. It typically connects to the 
device but without authentication so the user is prompted 
for a password.
•	 The	configuration	parameter	Use S3 within ADDER.NET 
must be switched on. This is disabled by default due to an 
incompatibility	with	v1.6	client-side	software.
Host
PC
KVM-over -IP
evice
d
ADDER.NET
User
1
2
3 4
5
6
AccessLog
HostPC
S3
cr edentials
S3
cr edentials
1 The user’s VNC 
Viewer requests 
access to a 
specific host 
computer. 
3 ADDER.NET sends 
S3 credentials back 
to the user giving 
timed access to the 
host computer.
4 User’s VNC viewer uses 
the ticket to automatically 
authenticate to the KVM-
over-IP appliance.
5 A VNC session is 
established that 
provides access to 
the requested host 
computer. 
6 All activities are 
fully logged within 
ADDER.NET 
2 Connection 
authorisation is 
sent directly to 
the device.
    Add page 43 to Favourites
    image text
    Enable zoom 
    							gettingstarted
welcome
rter
inormation
42
te
manager
te
connector
Appendix 3 - Backing up and restoring
ADDER.NET performs an automatic daily database backup procedure and also\
 
allows you to create additional backups on demand. You can restore any a\
utomatic 
backup from the last seven days using a straightforward selection proces\
s.
To access the backup and restore controls
1 On the ADDER.NET Manager menu bar, place your mouse pointer over 
Tools and then choose Backup & Restore from the drop down list: 
Backups
ADDER.NET copies its database every day, immediately after midnight. The\
 
resulting backup files are named DB-Mon.ldif to DB-Sun.ldif respective\
ly.  
Additional backups can be made at any time by providing a destination fi\
le 
name at ‘Save current database to’ and clicking the ‘Save’ b\
utton. The database 
file name can be any valid file name. As such it is possible to save\
 files on 
different disks and on remote systems. 
For example:
name.ldif saves a file in the backup directory of the 
ADDER.NET server.
\documents
ame.ldif saves file in the specified directory on server.
\\computer\directory
ame.ldif saves file on a remote computer in specified 
directory.
ADDER.NET does not maintain a list of manual backup files, it just pro\
vides 
access to the default backups directory. As such, the last two examples \
above 
are not directly accessible for the restore function and would need to b\
e 
manually copied into the backups directory before they could be used.
To enable a complete recovery of the server, it is also necessary to tak\
e a backup 
of the server’s cryptographic keys. This is the complete contents of \
the directory 
keys directory (typically \\Program files\adder.net\keys\). The\
 cryptographic keys 
do not change after installation so they do not require regular backing \
up. 
Note that with these keys, it would be possible to control all of the de\
vices 
that have been acquired by the ADDER.NET server. You may wish to take 
considerably greater care to ensure that these files do not fall into \
the wrong 
hands, than you would take with the database backups.
continued
    Add page 44 to Favourites
    image text
    Enable zoom 
    							gettingstarted
welcome
rter
inormation
43
te
manager
te
connector
Restore
The restore section of the page lists all the database backup files lo\
cated within 
in the ‘backups’ directory. Files located within sub-directories o\
f the backup 
directory are not shown in the page. 
To restore a file, click the Restore button to the left of the file \
name. Note: 
The restore action will overwrite the active database and can potentiall\
y cause 
problems (see ‘Potential loss of admin access’ right). You will be asked to 
confirm the action.
To delete a file, click the check-box to the right of the file name \
and then click 
the ‘Go’ button (with Delete visible in the selection box). You \
will be asked to 
confirm the action (which cannot be undone). 
Disaster Recovery
To have all of the files necessary to recover your server to its curre\
nt state you 
need: 
•	 The	original	installer	application.	
•	 The	database	file	(typically	C:\program	files\adder.net\db.ldif).	It	is	always	
called db.ldif, the directory may vary if you installed in a non-default\
 
location. 
•	 The	cryptographic	keys,	these	are	all	the	files	in	the	keys	directory	(typically	
C:\program files\adder.net\keys).  
To fully recover an ADDER.NET installation, the following steps are nece\
ssary: 
1 Install ADDER.NET 
2 Stop ADDER.NET 
3 Replace the complete keys directory with the backed-up keys directory. 
4 Copy the backed-up database file into the backups directory. 
5 Start ADDER.NET 
6	 Login	as	admin	
7 Use the Backup & Restore page to select and recover the main database fi\
le. 
Potential loss of admin access
The process of restoring an old database involves completely replacing t\
he 
database, including the user information. It follows that if the user ex\
ecuting this 
operation is not a user in the historic database, they will become logge\
d out.
Should anyone restore to a database for which they have forgotten the ad\
min 
user passwords, it may be very difficult for them to gain access to th\
e system 
again. 
It is possible to recover from this by re-installing with an empty datab\
ase and 
then restore to another version. However re-establishing access to a his\
toric 
back-up where the corresponding admin user passwords have been lost is 
difficult. It is possible, but it requires editing the back-up file \
- contact Technical 
Support for details.
    Add page 45 to Favourites
    image text
    Enable zoom 
    							gettingstarted
welcome
rter
inormation
44
te
manager
te
connector
Appendix 4 - Firmware upgrades
ADDER.NET allows you to remotely upgrade the firmware of any suitable \
KVM-
over-IP device under its management. To use this feature, you need to ob\
tain the 
relevant firmware update files for the device(s).
To upgrade the firmware of a device
1 Obtain the firmware update file(s) for the device(s) to be upgra\
ded (valid 
upgrades consist of a .bin binary file accompanied by a .sfd Signed Firmware 
Definition file). Contact Technical Support for details.
2 Place the file(s) into the ADDER.NET firmware directory (typicall\
y C:\program 
files\adder.net\firmware).
 Note: Files may be directly in this directory, or any sub-directory of i\
t which 
has ‘firmware’ in its name. The directories may be nested to any\
 depth 
provided all the directories have ‘firmware’ in their names. Oth\
er directories 
are ignored.
3 Once all of the firmware files are stored, restart the ADDER.NET ser\
ver (the 
definition files are only read at start-up).
4 On the ADDER.NET Manager menu bar, place your mouse pointer over 
Tools and then choose Firmware Upgrades from the drop down list:
 The page will list all the available upgrades (listed by device type an\
d version 
number) that are applicable to the devices registered within the databa\
se.
5 Select the required upgrade(s). The page will display information abou\
t the 
upgrade and will also list all of the registered devices to which this u\
pgrade 
is applicable. If an upgrade is not applicable to a device, that device \
will not 
be shown in the list. This may be because the current firmware in the \
device 
is incompatible with the upgrade. For example, it is usually unacceptabl\
e to 
load an older version of firmware into a device.
6	 Choose	the	device(s)	that	you	wish	to	upgrade	using	the	selection	boxes	at	
the right-hand end of the table and click the Go button. The ‘Select \
All’ box 
will select all the displayed devices. ADDER.NET will proceed to upgrade\
 the 
devices as a background task, allowing normal operation to take place.
 Upgrade progress will be displayed in the second table. To refresh the p\
age, 
click the refresh link at the top of this table. Such manual refreshes a\
llow 
you to instigate further upgrades without the risk of a page refresh res\
etting 
the page. 
 Any issues with upgrades are reported as alerts. Once an upgrade is 
completed, the progress entry is removed from the second table and an al\
ert 
(success) is reported (see alerts page).
 Note: There is no way to cancel an upgrade once it is started.
Select the appropriate upgrade file here
Choose the device(s) of the selected type that you wish to upgrade
Click the Go button to commence the upgrade process
Click this link to refresh the page in order to view progress
    Add page 46 to Favourites
    image text
    Enable zoom 
    							gettingstarted
welcome
rter
inormation
45
te
manager
te
connector
Appendix 5 - Configuring firewalls
If a Windows Firewall is enabled (with a default configuration) on t\
he 
system running ADDER.NET, you will need to carry out the following 
procedure to open special ports and scopes within the firewall to allo\
w 
all ADDER.NET traffic to pass.
For each port that you add to the firewall, you will need to determine\
 
the scope that will be applied to it. Windows offers three choices: Any 
computer (i.e. no restriction - the default setting), My network (local 
subnet) or Custom list. The latter is the most secure method as it restricts 
passage of traffic to a defined set of IP addresses that encompass t\
he 
systems of your users and the devices used.
CAUTION: Great care should be taken when adding ports to a 
firewall as each one could potentially open a point of attack from 
exterior sources. For this reason, it is advisable to use the custom 
list scope in order to limit access to particular IP addresses. 
To open ports within a Windows firewall 
1 Go to Start Menu > Control Panel or Start Menu > Settings > 
Control Panel 
2 Start Windows Firewall. Depending on the version, it may be 
necessary to click on Change Settings. 
3 Select the Exceptions tab. In this tab, you need to add a total of five 
new ports, each using the following procedure: 
4 Click the Add port... button. 
5 Fill in Name and Port number (as listed in the table opposite). 
6	 Select	either	TCP or UDP (as listed in the table opposite). 
7 Click on Change scope... 
8 In Change Scope panel, select the appropriate scope, either: Any 
computer (i.e. no restriction), My network (local subnet) or Custom 
list.
 If you select Custom list, use the address field to enter a list of IP 
addresses, subnets or both, separated by commas in order to define 
the allowable range of systems and devices.   
9	 Click	the	OK	button	(in	the	Change	Scope	panel).	
10   Click the OK button (in the Add Port panel).
11  Repeat steps 4 to 10 for each port listed in the table opposite. 
12  When all ports are complete, click the OK button in the Windows 
Firewall Settings panel to exit. 
Five ports that need to be added
Name  Port Number  Protocol For  Reason
HTTP 80 *  TCP Users  Unencrypted web access
HTTPS 443 *  TCP Users  Encrypted web access
NTP 123  UDP Devices  Device clock synchronisation
syslog 514  UDP Devices  Device status (if in-use) information
KVMVIP 1132  TCP Devices  Devices connecting to ADDER.NET
* If ADDER.NET has been installed using non-standard ports, then the por\
ts actually in use, 
rather than 80 and 443 need to be opened.
    Add page 47 to Favourites
    image text
    Enable zoom 
    							gettingstarted
welcome
rter
inormation
46
te
manager
te
connector
Appendix 6 - Console server connections
Certain devices (such as specialist servers, ethernet switches, etc.),\
 use secure  
RS-232 serial links for the purposes of configuration and reporting. K\
VM-over-IP 
switches such as the AdderView CATxIP 5000 can support up to sixteen ser\
ial 
connections using Serial CAM modules. 
In order to maintain security, ADDER.NET uses the SSH (Secure SHell) protocol 
whenever it makes connections to devices via serial links. When config\
uring 
AdderView CATxIP 5000 units for use with serial console links (and cont\
rol 
by ADDER.NET) ensure that the SSH protocol is enabled and Telnet is disabled 
for each serial port used. You can find details on how to do this with\
in the 
AdderView CATxIP 5000 user guide. Locate the section entitled Console server 
configuration and follow it through to the Console server port configuration 
page (where each port can be individually configured).
To solve connection problems
In certain cases, you may find that connections to Serial CAMs fail due to them 
slightly exceeding the default timeout period of 15 seconds. If you expe\
rience 
such failures, extend the timeout period as follows:
1 On the ADDER.NET Manager menu bar, place your mouse pointer over 
Tools and then choose Configure ADDER.NET from the drop down list.
2 Change the S3 Timeout option to 20000 (20 seconds).
AdderView CATxIP 5000 Console Server Configuration pageAdderView CATxIP 5000 Console Server Port Configuration page
Ensure that the SSH protocol is enabled and Telnet is disabled for each serial port that is used in conjunction with ADDER.NET.
    Add page 48 to Favourites
    image text
    Enable zoom 
    							gettingstarted
welcome
rter
inormation
47
te
manager
te
connector
Index
A
Active Directory
import  31
import options  32
setting  30
synchronisation  33
Add device
manually  10
Admin access
loss of  43
Advanced Control
hardware manager  12
Alerts  30
Auto-configuration  35
B
Backing up  42
Backup & Restore  30
Base DN  31
Browser requirements  5
C
Configuration  30
of power control device  14
Configure Workstation  30
Connection	browser		36
Connection	Search		36
Connector		36
intro  3
preferences  38
Console	server	connections		46
D
Device auto-configuration  35
Device Browser  8
Device cluster
add new  15
manage  17
Search  17
Device	Manager		9,11
Devices
adding  7
Device Search  13
Distinguished Name  31
F
Favourites list
adding to  37
Firewalls
configuring  45
Firmware revisions
minimums  5
Firmware Upgrades  30,44
G
Glossary of terms  2
H
Hardware Manager  12
Host groups  22
add new  22
manage  23,24
search  24
Hosts  18
add new  18
manage  20
search  21
using  37
I
Installation  4
K
Key authority certificate  4
L
LDAP  31
LDAPS  31
Licence  30
Logging on  5
Logs  30
using  34
M
Manager
intro  3
page	layout		6
using		6
P
Ping  11
Power control
in	the	Connector		36
Power control device
adding  10
configuration  14
R
Restoring backups  42
S
S3
enabling  30
explanation  41
Scan network  8
Secure Tickets
what are they?  40
Security  2
Security key authority certifi-
cate  4
Serial	CAMs		46
SSH	protocol		36,46
SSL  31
T
Tools  30
Troubleshooting		39
U
User Groups
search		29
User groups
add new  27
manage		29
Users  25
add new  25
manage		26
search  27
V
VNC-URI client
installing  4
    Add page 49 to Favourites
    image text
    Enable zoom 
    							gettingstarted
welcome
rter
inormation
48
te
manager
te
connector
© 2011 Adder Technology Limited
All trademarks are acknowledged.
Release 1.10d
September 2011
Part	No.	ADD0076
Adder Technology Limited,
Technology House,
Trafalgar Way, Bar Hill,
Cambridge, CB23 8SQ,
United Kingdom
Tel:	+44	(0)1954	780044
Fax:	+44	(0)1954	780081
Adder Corporation,
350R Merrimac Street,
Newburyport,
MA	01950,
United States of America
Tel:	+1-888-932-3337
Fax: +1-888-275-1117
www.ctxd.com Documentation by:
Adder Asia Pacific
6	New	Industrial	Road,	
Hoe Huat Industrial Building
#07-01, 
Singapore	536199
Tel:	+65	6288	5767
Fax:	+65	6284	1150
    All ADDER manuals Comments (0)

    Related Manuals for ADDERnet Manual