Home > Tripp Lite > Switch > Tripp Lite 0 Idades Manual

Tripp Lite 0 Idades Manual

    Download as PDF Print this page Share this page

    Have a look at the manual Tripp Lite 0 Idades Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 7 Tripp Lite manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    							91
    Chapter 6: Secure SSH Tunneling & SDT Connector
    6.1 Configuring for SDT Tunneling to Hosts 
    To set up the Console Server to SDT access a network attached host, the host and the permitted services that are to be used 
    in accessing that host need to be configured on the gateway, and User access privileges need to be specified:
    • Add the new host and the permitted services using the Serial & Network: Network Hosts menu as detailed in Network 
    Hosts (Chapter 4.4). Only these permitted services will be forwarded by SDT to the host. All other services (TCP/UDP ports) 
    will be blocked. 
    Note: Following are some of the TCP Ports used by SDT in the Console Server: 
    22   SSH (All SDT Tunneled connections)
    23  Telnet on local LAN (forwarded inside tunnel)
    80 HTTP on local LAN (forwarded inside tunnel) 
    3389  RDP on local LAN (forwarded inside tunnel) 
    5900  VNC on local LAN (forwarded inside tunnel) 
    73XX  RDP over serial from local LAN – where XX is the serial port number (\
    i.e. 7301to 7348)
    79XX  VNC over serial from local LAN – where XX is the serial port number
    • Add the new Users using Serial & Network: Users & Groups menu as detailed in Network Hosts (Chapter 4.4). Users 
    can be authorized to access the Console Server ports and specified net\
    work-attached hosts. To simplify configuration, 
    the Administrator can first set up Groups with group access permissions, then Users can be classified as member\
    s of 
    particular Groups.  
    						
    							92
    Chapter 6: Secure SSH Tunneling & SDT Connector
    6.2 SDT Connector Configuration 
    The SDT Connector client works with all Console Servers. Each of these remote Console Ser\
    vers has an embedded OpenSSH 
    based server. This server can be configured to port forward connections from the SDT Connector client to hosts on their 
    local network, as detailed in the previous chapter. The SDT Connector can also be pre-configured with the access tools and 
    applications that will be available when access to a particular host has\
     been established. 
    SDT Connector can connect to the Console Server using an alternate OoB access. It can\
     also be configured to access the 
    Console Server itself and to access devices connected to serial ports on\
     the Console Server.
    6.2.1  SDT Connector client installation
    • The SDT Connector set up program (SDTConnector Setup-1.n.exe or sdtcon-1.n.tar.gz) is included on the CD supplied 
    with your Console Server
    • Run the set-up program:
     
    Note: For Windows clients, the SDTConnectorSetup-1.n.exe application will install the SDT Connector 1.n.exe and the 
    config file defaults.xml. If a config file already exists on the Windows computer, then it will not be overwritten. To remove an 
    earlier config file, run the regedit command, search for “SDT Connector” and then remove the directory\
     with this name. 
    For Linux and other Unix clients, SDTConnector.tar.gz application will install the sdtcon-1.n.jar and the config file defaults.xml
    Once the installer completes, you will have a working SDT Connector clie\
    nt installed on your machine and an icon on your desktop: 
     
    • Click the SDT Connector icon on your desktop to start the client
    Note: SDT Connector is a Java application so it must have a Java Runtime Env\
    ironment (JRE) installed. This can be freely 
    downloaded from http://java.sun.com/j2se/ . It will install on Windows 2000, XP, 2003, Vista computers and on most Linux 
    platforms. Solaris platforms are also supported however they must have F\
    irefox installed. SDT Connector can run on any 
    system with Java 1.4.2 and above installed, but it assumes the web brows\
    er is Firefox, and that xterm -e Telnet opens a Telnet 
    window
    To operate SDT Connector, add the new gateways to the client software by entering the access det\
    ails for each Console Server 
    (refer to Section 6.2.2). Then let the client auto-configure with al\
    l host and serial port connections from each Console Server 
    (refer Section 6.2.3). Now point-and-click to connect to the Hosts and serial devices (ref\
    er to Section 6.2.4) 
    Alternately you can manually add network connected hosts (refer Section 6.2.5) as well as manually configure new services 
    to be used when accessing the Console Server and the hosts (refer Section 6.2.6). Manually configure clients to run on the 
    computer that will use the service to connect to the hosts and serial po\
    rt devices (refer to Section 6.2.7 and 6.2.9). SDT 
    Connector can also be set up to make an out-of-band connection to the Console Server (refer to Section 6.2.9)  
    						
    							93
    6.2.2 Configuring a new gateway in the SDT Connector client
    To create a secure SSH tunnel to a new Console Server:
    • Click the New Gateway   icon or select the File: New Gateway menu option
     
    • Enter the IP or DNS Address of the Console Server and the SSH port that will be used (typically 22)
    Note: If SDT Connector is connecting to a remote Console Server through the public Internet or\
     routed network, you will need to:
    • Determine the public IP address of the Console Server (or of the router/ firewall that connects the \
    Console Server to the 
    Internet) as assigned by the ISP. One way to find the public IP address is to access http://checkip.dy\
    ndns.org/ or http://
    www.whatismyip.com/ from a computer on the same network as the Console Serv\
    er and note the reported IP address 
    • Set port forwarding for TCP port 22 through any firewall/NAT/router that is located between SDT Connector and the 
    Console Server so that it points to the Console Server. http://www.portforward.com has port forwarding instructions for a 
    range of routers. Also you can use the Open Port Check tool from http://\
    www.canyouseeme.org to check if port forwarding 
    through local firewall/NAT/router devices has been properly configured
    • Enter the Username and Password of a user on the gateway that has been enabled to connect via SSH and/or create 
    SSH port redirections
     
    • Optionally, you can enter a Descriptive Name to display instead of the IP or DNS address, and any Notes or 
    a Description of this gateway (such as its firmware version, site location or anyt\
    hing special about its network 
    configuration). 
    • Click OK and an icon for the new gateway will now appear in the SDT Connector home page 
    Note: For an SDT Connector user to access a Console Server (and then access specific hosts or s\
    erial devices connected to 
    that Console Server), that user must first be set up on the Console S\
    erver, and must be authorized to access the specific ports 
    / hosts (refer to Chapter 5). Only these permitted services will be forwarded through by SDT to the Host. All other services 
    (TCP/UDP ports) will be blocked. 
    Chapter 6: Secure SSH Tunneling & SDT Connector  
    						
    							94
    6.2.3 Auto-configure SDT Connector client with the user’s access privileges 
    Each user on the Console Server has an access profile. This has been c\
    onfigured with the specific connected hosts and serial 
    port devices the user has authority to access, and a specific set of t\
    he enabled services for each of them. This configuration 
    can be auto-uploaded into the SDT Connector client:
     
    • Click on the new gateway icon and select Retrieve Hosts. This will:
      o configure access to network-connected Hosts that the user is authorize\
    d to access and set up (for each of these    
        Hosts) the services (e.g. HTTPS, IPMI2.0) and the related IP ports being redirected  
     o configure access to the Console Server itself  (this is shown as a Local Services host) 
      o configure access with the enabled services for the serial port devices\
     connected to the Console Server
     
    Note: The Retrieve Hosts function will auto-configure all classes of user \
    (i.e. they can be members of user or admin or some 
    other group or no group). SDT Connector will, however, not auto-configure the root (and it is recommended that this account 
    is only used for initial config and for adding an initial admin account to the Console Server)
    Chapter 6: Secure SSH Tunneling & SDT Connector  
    						
    							95
    6.2.4 Make an SDT connection through the gateway to a host
    • Simply point at the host to be accessed and click on the service to be used in accessing that host. The SSH tunnel to 
    the gateway is then automatically established, the appropriate ports red\
    irected through to the host, and the appropriate 
    local client application is launched pointing at the local endpoint of t\
    he redirection:
     
    Note: The SDT Connector client can be configured with an unlimited number \
    of Gateways. Each Gateway can be configured 
    to port forward to an unlimited number of locally networked Hosts. Simil\
    arly there is no limit on the number of SDT Connector 
    clients who can be configured to access the one Gateway. There are also no limits on the number of Host connections that an 
    SDT Connector client can concurrently have open through the one Gateway \
    tunnel. 
    However, there is a limit on the number of SDT Connector SSH tunnels that can be open at one time on a particular Gateway. 
    The B096-016 / B096-032 / B096-048 Console Server Management Switch and \
    B092-016 Console Server with PowerAlert 
    each support at least 50 such concurrent connections. So for a site with\
     a B096-016 gateway you can have, at any time, 
    up to 50 users securely controlling an unlimited number of network attac\
    hed computers, power devices and other appliances 
    (routers, etc) at that site.
    Chapter 6: Secure SSH Tunneling & SDT Connector  
    						
    							96
    6.2.5 Manually adding hosts to the SDT Connector gateway 
    For each gateway, you can manually specify the network connected hosts that will be acce\
    ssed through that Console Server; 
    and for each host, specify the services that will used in communicating \
    with the host
    • Select the newly added gateway and click the Host icon  to create a host that will be accessible via this gateway. 
    (Alternatively select File: New Host)
    Chapter 6: Secure SSH Tunneling & SDT Connector
     
    • Enter the IP or DNS Host Address of the host (if this is a DNS address, it must be resolvable by the ga\
    teway)
    • Select which Services are to be used when accessing the new host. A range of service options \
    are pre-configured in the 
    default SDT Connector client (RDP, VNC, HTTP, HTTPS, Dell RAC, VMWare etc). However if you wish to add new services to 
    the range then proceed to the next section (Adding a new service) then return here
    • Optionally, you can enter a Descriptive Name for the host to be displayed instead of the IP or DNS address, as well \
    as 
    any Notes or a Description of this host (such as its operating system/release, or anything specia\
    l about its configuration)  
    • Click OK  
    						
    							97
    6.2.6 Manually adding new services to the new hosts 
    To extend the range of services that can be used when accessing hosts wit\
    h SDT Connector: 
    • Select Edit: Preferences and click the Services tab. Click Add
    • Enter a Service Name and click Add
    • Under the General tab, enter the TCP Port that this service runs on (e.g. 80 for HTTP). Optionally, select the client to be 
    used to access the local endpoint of the redirection
     
    • Select which Client application is associated with the new service. A range of client appli\
    cation options are pre-configured 
    in the default SDT Connector (RDP client, VNC client, HTTP browser, HTTPS browser, Telnet client etc). However if you wish 
    to add new client applications to this range, then proceed to the next s\
    ection (Adding a new client) and then return here
     
    Chapter 6: Secure SSH Tunneling & SDT Connector
    • Click OK, then Close
    A service typically consists of a single SSH port redirection and a local client to access it. However it may cons\
    ist of several 
    redirections; some or all of which may have clients associated with them\
    .
    An example is the Dell RAC service. The first redirection is for the H\
    TTPS connection to the RAC server: it has a client 
    associated with it (web browser) that is launched immediately upon cli\
    cking the button for this service.
    The second redirection is for the VNC service that the user may choose t\
    o launch later from the RAC web console. It 
    automatically loads in a Java client served through the web browser, so it does not need a local client associated with it.  
    						
    							98
      
    • On the Add Service screen, you can click Add as many times as needed to add multiple new port redirections and 
    associated clients
    You may also specify Advanced port redirection options:
    • Enter the local address to bind to when creating the local endpoint of t\
    he redirection. It is not usually necessary to change 
    this from "localhost".
    • Enter a local TCP port to bind to when creating the local endpoint of the redirection. \
    If this is left blank, a random port will 
    be selected.
     
    Chapter 6: Secure SSH Tunneling & SDT Connector
    Note: SDT Connector can also tunnel UDP services. SDT Connector tunnels the UDP traffic through the TCP SSH 
    redirection, so in effect it is a tunnel within a tunnel.
    Enter the UDP port on which the service is running on the host. This wil\
    l also be the local UDP port that SDT Connector binds 
    as the local endpoint of the tunnel.
    Note that for UDP services, you still need to specify a TCP port under General. This will be an arbitrary TCP port that is not in 
    use on the gateway. An example of this is the SOL Proxy service. It redirects local UDP po\
    rt 623 to remote UDP port 623 over 
    the arbitrary TCP port 6667  
    						
    							99
    6.2.7 Adding a client program to be started for the new service 
    Clients are local applications that may be launched when a related servi\
    ce is clicked. To add to the pool of client programs: 
    • Select Edit: Preferences and click the Client tab. Click Add
    Chapter 6: Secure SSH Tunneling & SDT Connector
     
    • Enter a Name for the client. Enter the Path to the executable file for the client (or click Browse to locate the executable)
    • Enter a Command Line associated with launching the client application. SDT Connector typically launches a client 
    using command line arguments to point it to the local endpoint of the re\
    direction. There are three special keywords for 
    specifying the command line format. When launching the client, SDT Connector substitutes these keywords with the 
    appropriate values:
     %path% is path to the executable file, i.e. the previous field.
     %host% is the local address to which the local endpoint of the redirection is \
    bound, i.e. the Local Address field for the 
    Service redirection Advanced options.
     %port% is the local port to which the local endpoint of the redirection is bou\
    nd, i.e. the Local TCP Port field for the 
    Service redirection Advanced options. If this port is unspecified (i.\
    e. "Any"), the appropriate randomly selected port will be 
    substituted.
    For example, SDT Connector is preconfigured for Windows installations with a HTTP service client that will connect with 
    whichever local browser the local Windows user has configured as the default. Otherwise the default brows\
    er used is Firefox:  
    						
    							100
    Chapter 6: Secure SSH Tunneling & SDT Connector
    Also some clients are launched in a command line or terminal window. The Telnet client is an example of this:
     
    • Click OK
    6.2.8  Dial-in configuration
    If the client computer is dialing into Local/Console port on the Console\
     Server, you will need to set up a dial-in PPP link:
    • Configure the Console Server for dial-in access (following the steps \
    in the Configuring for Dial-In PPP Access section in 
    Chapter 5, Configuring Dial In Access)
    • Set up the PPP client software at the remote User computer (following t\
    he Set up the remote Client section in Chapter 5)
    Once you have a dial-in PPP connection established, you can then set up \
    the secure SSH tunnel from the remote Client 
    computer to the Console Server.  
    						
    All Tripp Lite manuals Comments (0)