Home > Tripp Lite > Switch > Tripp Lite 0 Idades Manual

Tripp Lite 0 Idades Manual

    Download as PDF Print this page Share this page

    Have a look at the manual Tripp Lite 0 Idades Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 7 Tripp Lite manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    							141
    Chapter 8: Power and Environment
    8.2.3 Configuring powered computers to monitor a Managed UPS 
    Once you have added a Managed UPS, each server that is drawing power thr\
    ough the UPS should be setup to monitor the 
    UPS status as a Slave. This is done by installing the NUT package on eac\
    h server, and setting up upsmon to connect to the 
    Console Server.
    Refer to the NUT documentation for details on how this is done, specifi\
    cally sections 13.5 to 13.10. 
    http://eu1.networkupstools.org/doc/2.2.0/INSTALL.html
    An example upsmon.conf entry might look like:
    •  MONITOR [email protected] 1 username password Slave
    • managedups is the UPS Name of the Managed UPS
    • 192.168.0.1 is the IP address of the Console Server
    • 1 indicates the server has a single power supply attached to this UPS
    • username is the Username of the Managed UPS
    • password is the Password of the Manager UPS  
    						
    							142
    Chapter 8: Power and Environment
    8.2.4 UPS alerts 
    You can now set UPS alerts using Alerts & Logging: Alerts (refer to Chapter 7)
    8.2.5 UPS status 
    You can monitor the current status of all your Managed or Monitored UPS’\
    s, whether they are on the network or connected 
    serially or via USB:
    • Select the Status: UPS Status menu and a table with the summary status of all connected UPS hardware \
    will be 
    displayed
    • Click on any particular UPS System name in the table and you will be presented with a more detailed graphi\
    cal 
    information on the select UPS System 
    • Click on any particular All Data for any UPS System in the table for more status and configuration inf\
    ormation on the 
    select UPS System 
    • Select UPS Logs and you will be presented with the log table of the load, battery charge\
     level, temperature and other 
    status information from all the Managed and Monitored UPS systems. This \
    information will be logged for all UPS’s which 
    were configured with Log Status checked. The information is also prese\
    nted graphically  
    						
    							143
    Chapter 8: Power and Environment
    8.2.6 Overview of Network UPS Tools (NUT) 
    Network UPS Tools (NUT) is a group of open source programs that provide a common in\
    terface for monitoring and 
    administering UPS hardware; and ensuring safe shutdowns of the systems w\
    hich are connected.
    NUT can be configured using the Management Console as described above,\
     or you can configure the tools and manage the 
    UPS’s directly from the command line. This section provides an overvi\
    ew of NUT. You can find full documentation at http://www.
    networkupstools.org/doc. 
    NUT is built on a networked model with a layered scheme of drivers, serv\
    er and clients. 
    1. The driver programs talk directly to the UPS equipment and run on the same host as\
     the NUT network server upsd. Drivers 
    are provided for a wide assortment of equipment from most of the popular\
     UPS vendors and they understand the specific 
    language of each UPS and map it back to a compatibility layer. This means both an expensive "smart" protocol UPS and a 
    simple "power strip" model can be handled transparently.
    2. The NUT network server program upsd is responsible for passing status data from the drivers to the client p\
    rograms via 
    the network. upsd can cache the status from multiple UPS’s and can then serve this sta\
    tus data to many clients. upsd 
    also contains access control features to limit the abilities of the clie\
    nts (so only authorized hosts may monitor or control 
    the UPS hardware).
    3. There are a number of NUT clients that connect to upsd to check on the status of the UPS hardware and do things based 
    on the status. These clients can run on the same host as the NUT server \
    or they can communicate with the NUT server 
    over the network (enabling them to monitor any UPS anywhere). 
     The upsmon client enables servers that draw power through the UPS (i.e. Slaves of\
     the UPS) to shutdown gracefully when 
    the battery power reaches critical. Additionally, one server is designated the Master of the UPS, and is responsible for\
     
    shutting down the UPS itself when all Slaves have shut down. Typically, the Master of the UPS is the one connected to the 
    UPS via serial or USB cable.
     upsmon can monitor multiple UPS’s, so high-end servers which receive power \
    from multiple UPS’s simultaneously won't 
    initiate a shutdown until the total power situation across all source UP\
    S’s becomes critical.
     There also the two status/logging clients, upsc and upslog. The upsc client provides a quick way to poll the status of a 
    UPS. It can be used inside shell scripts and other programs that need UP\
    S status information. upslog is a background 
    service that periodically polls the status of a UPS, writing it to a fi\
    le.
     All these clients run on the Console Server (for Management Console pre\
    sentations) but they also are run remotely (on 
    locally powered servers and remote monitoring systems).
    This layered NUT architecture enables: 
    • Multiple architecture support: NUT can manage serial and USB-connected models with the same common interface. 
    SNMP equipment can also be monitored (although at this stage this is st\
    ill pre-release with experimental drivers and this 
    feature will be added to the embedded UPS tools in future release). 
    • Multiple clients monitoring one UPS: Multiple systems may monitor a sing\
    le UPS using only their network connections. 
    There’s a wide selection of client programs which support monitoring \
    UPS hardware via NUT (Big Sister, Cacti, Nagios, 
    Windows and more). Refer to www.networkupstools.org/client-projects.)
    So NUT supports the more complex power architectures found in data cente\
    rs, computer rooms and NOCs where many UPS’s 
    from many vendors power many systems with many clients and each of the l\
    arger UPS’s power multiple devices and many of 
    these devices are themselves dual powered.   
    						
    							144
    Chapter 8: Power and Environment
    8.3 Environmental Monitoring
    The Environmental Monitoring Device (EMD), model B090-EMD, can be conn\
    ected to any Console Server serial port and 
    each Console Server can support multiple EMD’s. Each EMD has one temp\
    erature and one humidity sensor and one general 
    purpose status sensor which can be connected to a smoke detector, water detector, vibration or open-door sensor. 
    The B095-004/003 Console Server models also each has an internal tempera\
    ture sensor.
    Using the Management Console, Administrators can view the ambient temper\
    ature and humidity and set the EMD to 
    automatically send alarms progressively from warning levels to critical \
    alerts.   
    						
    							145
    Chapter 8: Power and Environment
    8.3.1 Connecting the EMD 
    The Environmental Monitoring Sensor (EMD) connects to any serial port \
    on the Console Server via a special EMD Adapter and 
    standard CAT5 cable. The EMD is powered over this serial connection and communicate\
    s using a custom handshake protocol. 
    It is not an RS232 device and should not be connected without the adapte\
    r: 
    • Plug the RJ plug on the EMD Adapter (model B090-EMD-ADP) into RJ45 Port on the EMD  
     (model B090-EMD). Then connect the Console Server serial port to the R\
    J45 port of the  
     EMD Adapter using the provided UTP cable. If the 6 foot (2 meter) UTP \
    cable provided with  
     the EMD is not long enough it can be replaced with a standard Cat5 UTP c\
    able up to 33 feet  
     (10meters) in length (Tripp Lite N002 series cables)
      
    • Screw the bare wires on any smoke detector, water detector, vibration sensor, open-door  
     sensor or general purpose open/close status sensors into the terminals o\
    n the EMD:
      o B090-WLS  Console Server Water Leak Sensor
     o B090-DCS  Console Server Door Contact Sensor
     o B090-VS  Console Server Vibration Sensor
     o B090-SD-110  Console Server Smoke Detector - 110V
     o B090-SD-220  Console Server Smoke Detector - 220V
    The EMD can be used only with a Console Server and cannot be connected t\
    o standard RS232 serial ports on other 
    appliances. 
    • Select Environmental as the Device Type in the Serial & Network: Serial Port menu for the port to which the EMD is 
    to be attached. No particular Common Settings are required. 
    • Click Apply
    • Select the Serial & Network: Environmental menu. This will display all the EMD connections that have already been \
    configured
    • Click Add   
    						
    							146
    Chapter 8: Power and Environment
    • Enter a Name and Description for the EMD and select pre-configured serial port that the EMD will b\
    e Connected Via
    • Provide L abels for each of the two alarms
    • Check Log Status and specify the Log Rate (minutes between samples) if you wish the status from this EMD to be \
    logged. These logs can be views from the Status: Environmental Status screen
    • Click Apply
    8.3.2 Environmental alerts 
    You can now set temperature, humidity and probe status alerts using Alerts & Logging: Alerts (refer to Chapter 7)
    8.3.3 Environmental status 
    You can monitor the current status of all of EMDs and their probes
    • Select the Status: Environmental Status menu and a table with the summary status of all connected EMD hardware \
    will 
    be displayed
    • Click on View Log or select the Environmental Logs menu and you will be presented with a table and graphical plot of 
    the log history of the select EMD    
    						
    							147
    Chapter 9: Authentication
    The Tripp Lite Console Server is a dedicated Linux computer, and it embodies popular and proven Linux software modules for 
    secure network access (OpenSSH) and communications (OpenSSL) and sophisticated user authentication (PAM, RADIUS, 
    TACACS+,  Kerberos and LDAP). 
    • This chapter details how the Administrator can use the Management Consol\
    e to establish remote AAA authentication for 
    all connections to the Console Server and attached serial and network ho\
    st devices
    • This chapter also covers establishing a secure link to the Management Co\
    nsole using HTTPS and using OpenSSL and 
    OpenSSH to establish a secure Administration connection to the Console Server\
    9.1  Authentication Configuration
    Authentication can be performed locally, or remotely using an LDAP, Radius or TACACS+ authentication server. The default 
    authentication method for the Console Server is Local. 
    Any authentication method that is configured will be used for authenti\
    cation of any user attempting to log in through Telnet, 
    SSH or the Web Manager to the Console Server and any connected serial port or networ\
    k host devices. 
    The Console Server can be configured to the default (Local) or an alternate authentication method (TACACS, RADIUS 
    Kerberos or LDAP) with the option of a selected order in which local and remote authent\
    ication is to be used:
    Local TACACS /RADIUS/LDAP/Kerberos: Tries local authentication first, falling back to remote if local fails\
    TACACS /RADIUS/LDAP/Kerberos Local: Tries remote authentication first, falling back to local if remote fail\
    s
    TACACS /RADIUS/LDAP/Kerberos Down Local: Tries remote authentication first, falling back to local if the remote \
    authentication returns an error condition (e.g. the remote authenticati\
    on server is down or inaccessible)
    9.1.1  Local authentication 
    • Select Serial and Network: Authentication and check Local   
    • Click Apply   
    						
    							148
    Chapter 9: Authentication
    9.1.2 TACACS authentication 
    Perform the following procedure to configure the TACACS+ authentication method to be used whenever the Console Server or 
    any of its serial ports or hosts is accessed:
    • Select Serial and Network: Authentication and check TACAS or LocalTACACS or TACACSLocal or TACACSDownLocal  
    • Enter the Server Address (IP or host name) of the remote Authentication/Authorization server. Multiple remote servers 
    may be specified in a comma-separated list. Each server is tried in su\
    ccession. 
    • In addition to multiple remote servers, you can also enter for separate \
    lists of Authentication/Authorization servers and 
    Accounting servers. If no Accounting servers are specified, the Authen\
    tication/Authorization servers are used instead.
    • Enter the Server Password 
     When Ignore Privilege Level is enabled, the priv-lvl setting for all of the users defined on the TACACS AAA server will be 
    ignored 
    Note: The console server normally interprets a user with a TACACS priv-lvl of 12 or above as an admin user. There is also a 
    special privilege level where a user with a priv-lvl of 15 is also given access to all configured serial ports. When the Ignore 
    Privilege Level option is enabled (i.e., checked in the user interface), there are no \
    escalations of privileges based on the  
    priv-lvl value from the TACACS server. 
    Also note that if the only privilege level configured for one or more \
    TACACS users is the priv-lvl (e.g., no specific port access 
    or group memberships set) level, you will revoke access to the console \
    server for those users with whom this level is enabled. 
    Users will not be a member of any group, even if the Retrieve Remote gro\
    ups option in the Authentication menu is enabled.
    • Click Apply. TACAS+ remote authentication will now be used for all user access to Cons\
    ole Server and serially or network 
    attached devices
    TACACS+ The Terminal Access Controller Access Control System (TACACS+) security protocol is a recent protocol developed 
    by Cisco. It provides detailed accounting information and flexible adm\
    inistrative control over the authentication 
    and authorization processes. TACACS+ allows for a single access control server (the TACACS+ daemon) to 
    provide authentication, authorization, and accounting services independe\
    ntly. Each service can be tied into its 
    own database to take advantage of other services available on that serve\
    r or on the network, depending on the 
    capabilities of the daemon. There is a draft RFC detailing this protocol\
    . Further information on configuring remote 
    TACACS+ servers can be found at the following sites:
     http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml
     http://www.cisco.com/en/US/products/sw/secursw/ps4911/products_user_guide_chapter0\
    9186a00800eb6d6.html
     http://cio.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_\
    cr/secur_c/scprt2/sctplus.htm  
    						
    							149
    Chapter 9: Authentication
    9.1.3 RADIUS authentication 
    Perform the following procedure to configure the RADIUS authentication \
    method to be used whenever the Console Server or 
    any of its serial ports or hosts is accessed:
    • Select Serial and Network: Authentication and check RADIUS or LocalRADIUS or RADIUSLocal or 
    RADIUSDownLocal  
    • Enter the Server Address (IP or host name) of the remote Authentication/ Authorization server. Multiple remote servers 
    may be specified in a comma-separated list. Each server is tried in su\
    ccession
    • In addition to multiple remote servers, you can also enter for separate \
    lists of Authentication/Authorization servers and 
    Accounting servers. If no Accounting servers are specified, the Authen\
    tication/Authorization servers are used instead
    • Enter the Server Password 
    • Click Apply. RADIUS remote authentication will now be used for all user access to C\
    onsole Server and serially or network 
    attached devices
    RADIUS   The Remote Authentication Dial-In User Service (RADIUS) protocol was d\
    eveloped by Livingston Enterprises as 
    an access server authentication and accounting protocol. The RADIUS serv\
    er can support a variety of methods to 
    authenticate a user. When it is provided with the username and original password given by t\
    he user, it can support 
    PPP, PAP or CHAP, UNIX login, and other authentication mechanisms. Further information on configuring remote 
    RADIUS servers can be found at the following sites:
     http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/d4fe\
    8248-eecd-49e4-88f6-
    9e304f97fefc.mspx
     http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800945cc.shtml
     http://www.freeradius.org/  
    						
    							150
    Chapter 9: Authentication
    9.1.4 LDAP authentication 
    With firmware version 3.11 and later, LDAP authentication now supports OpenLDAP servers using the Posix-style schema for 
    user and group definitions.
    Performing simple authentication against any LDAP server (AD or OpenLDAP\
    ) follow the common LDAP standards and 
    protocols. Extra steps are required in configuring extra user data (e\
    .g., groups, etc).
    The console server may be configured for authentication and authorizat\
    ion of group information from an LDAP server. This 
    group information can be stored in a number of different ways. Active Di\
    rectory has one method of storage, and OpenLDAP 
    has two methods:
    • Active Directory: Each entry for a user has multiple ‘memberOf’ attributes. Each ‘memberOf’ value is the full DN of the 
    group they belong to (the user entry will be of objectClass “user”\
    ).
    • OpenLDAP / Posix: Each entry for a user must have a ‘gidNumber’ attribute. Thi\
    s will be an integer value that functions 
    as the user’s primary group (e.g., mapping to the /etc/passwd file\
     within the group ID field). To determine the group, first 
    search for an entry in the directory that contains that group ID. Doing \
    this will also provide the group name (the users are 
    of objectClass “posixAccount” and the groups are of objectClass “\
    posixGroup”).
    • OpenLDAP / Posix: Each group entry in the group tree (of objectClass ‘posixGroup\
    ’) may have multiple ‘memberUid’ 
    attributes. These represent secondary groups (e.g., mapping to the /etc\
    /groups file). Each attribute contains a username.
    To accommodate these possibilities, the pam_ldap module has been modified to perform group queries for each of the thr\
    ee 
    styles. This allows for a ‘generic’ configuration and does not a\
    ffect how the LDAP directory is set up.
    There are only two parameters that need to be configured based upon a \
    user’s search: LDAP username and group 
    membership attributes.
    To clarify which parameters to use, the descriptions for these fields h\
    ave been updated to prompt the user for common or 
    likely attributes. For example, the two configuration fields below use the following des\
    criptions:
    LDAP Username Attribute: The LDAP attribute that corresponds to the login name of the user (comm\
    only ‘sAMAccountName’ 
    for Active Directory, and ‘uid’ for OpenLDAP). 
    LDAP Group Membership Attribute: The LDAP attribute that indicates group membership in a user record (co\
    mmonly 
    ‘memberOf’ for Active Directory, and unused for OpenLDAP). 
    Note: The libldap library is particular about ensuring SSL connections using certificates signed by a trusted CA. Setting up a 
    connection to an LDAP server using SSL requires extra attention.  
    						
    All Tripp Lite manuals Comments (0)