Мы предполагаем, что вам понравилась эта презентация. Чтобы скачать ее, порекомендуйте, пожалуйста, эту презентацию своим друзьям в любой соц. сети. Кнопочки находятся чуть ниже. Спасибо.
Идет загрузка презентации. Пожалуйста, подождите
Презентация была опубликована
2 года назад
© 2007 APC-MGE corporation. InfraStruXure Central 4.1
© 2007 APC-MGE corporation. What Is InfraStruXure Central? InfraStruXure Central is a comprehensive management and monitoring solution for APC, NetBotz, and Non-APC SNMP devices. InfraStruXure Central enables centralized management of APC devices: Configuration (WallBotz and RackBotz Only) Monitoring Reporting Graphing/Trending Private Network Video Surveillance Long term data storage
© 2007 APC-MGE corporation. ISX Central Overview Acts as a centralized repository for critical power, cooling, and environmental data, as well as camera image data. Server-based allows the user to access, control, and configure the NetBotz system through a Web interface Rack-mountable 1 U (ISX Central Standard) or 2 U (ISX Central Enterprise)
© 2007 APC-MGE corporation. ISX CentralOverview How ISX Central Servers Work ISX Central Console Applet ISX Central Console Application http or https ISX Central Standard or Enterprise NetBotz 320/420/500 Devices
© 2007 APC-MGE corporation. Current APC Management Platform Landscape Light Integration Different Hardware Different Consoles InfraStruXure Central 4.1 Graphing and trending Surveillance Data warehouse Mass configuration SSL encryption Support of all APC devices Cameras Environmental Security NetBotz Cameras CCTV Cameras Environmentals NetBotz Sensors Dry contact Light third party Third Party NCPI NetBotz APC PDU APC CRACs InfraStruXure Manager APC UPS Deep Power Management APC only Deep Cooling Management APC only Data Center Build-out tools APC RPDU
© 2007 APC-MGE corporation. How do I Do BMS and RMS support today? APC InfraStruXure Manager with 25 node license key APC InfraStruXure Central v4.1 The Bundle AP9490 for both, Standard edition AP9495 for both, Enterprise edition This option available for customers who require RMS support, BMS support, Mass configuration or Mass firmware updates of APC devices
© 2007 APC-MGE corporation. InfraStruXure ® Central 4. x Key Features Connected Devices can be split into groups Dynamic Groupsbased on discovery Static Groupsbased on administrator selection Three different views of connected Devices Map Viewview appliances based on location maps Table Viewshows detailed status of each appliance Alerts View shows appliance alerts and conditions Allows for mass configuration of NetBotz Devices Ability to graph and report environmental conditions
© 2007 APC-MGE corporation. InfraStruXure Central 4.1 Standard Both systems ship with Rapid rails to optimize installs into APC racks. Customers will need to purchase Versa rails in order to mount in 3 rd -party racks. InfraStruXure Central Standard Edition Hardware: - 1 U rack mount 1U form factor Single 2.8GHz Pentium 4 (64-bit) 2GB RAM Single, 250GB SATA HDD - Dual 10/100/1000 Ethernet - Single Power Supply 1177 BTU) Includes license for 25 nodes (devices) Maximum number of managed devices: maximum number of devices Botz in surveillance mode
© 2007 APC-MGE corporation. InfraStruXure Central 4.1- Enterprise InfraStruXure Central Enterprise Edition Hardware: - 2U rack mount - Dual 3.0 GHz Xeon Processor (64 bit) - 4GB RAM - 1.2TB of storage in RAID 5 array (1TB usable) - 5 SCSI drives (300GB each) - 5 hot plug SCSI drives - Dual 10/100/1000 Ethernet - Dual hot-swappable Power Supplies 2388 BTU) Includes license for 25 nodes (devices) Maximum number of managed devices: maximum number of devices Botz in surveillance mode The key differences between the Standard and Enterprise systems are: Redundant disks Redundant power Larger disk space for more historical data
© 2007 APC-MGE corporation. NetBotz Standard vs. NetBotz Enterprise FeatureStandardEnterprise Pre-Loaded ApplianceYes Rack-Mount DesignYes Physical Size1 U2 U Drive TypesIDESCSI Available Storage250 GB1 TB Hardware Based RAIDNoYes Processor TypePentium 4Xeon RAM1 GB4 GB Network Adapters(2) 10/100/1000 Hot-Pluggable DrivesNoYes Redundant Power SupplyNoYes Hot-Swappable Power SuppliesNoYes Standard Appliances Licensed25 Differences are highlighted in blue
© 2007 APC-MGE corporation. InfraStruXure Central 4. x – Software Architecture InfraStruXure Central Software Architecture: All data (sensors and images) stored in file system data repository Postgres SQL used to store topology data and headers/pointers to info in the data repository All communications to the appliances flows through the Apache/Tomcat software stacks via port 80 or port 443 (Ports are configurable) InfraStruXure Central periodically polls all devices and retrieves current sensor readings and stores the information in data repository InfraStruXure Central monitors all Devices for online/offline states APC Devices are configured to send (via HTTP Post) alerts to InfraStruXure Central Linux OS (64 Bit) (Based on 2.6 Kernel) Apache Web Server Postgres SQL Database Tomcat (Java Servlet Server) InfraStruXure Central Java Applications (Servlets) OpenSSL Open SourceNetBotz Source File System Data Repository (local or remote) Spring Framework (Java)
© 2007 APC-MGE corporation. Communication Modes Overview LAN Mode Default mode when appliances are added to ISX Central in a normal LAN/network environment Bi-directional communicationISX Central can initiate communications to appliances and vice versa Post-Only Mode Special mode initiated by the appliance if there is a firewall between the appliance and the ISX Central and only the ISX Central has a public IP Address Uni-directional communicationonly NetBotz Appliances can initiate communication to ISX Central
© 2007 APC-MGE corporation. InfraStruXure Central – Post Only Mode Corporate Network InfraStruXure Central Internet Intranet Remote Network NetBotz Device
© 2007 APC-MGE corporation. InfraStruXure Central – Node Licensing Device Licensing: A node = IP address Cameras no longer count as a node Ships with 25 nodes, can be expanded to , 100, 500, and 1000 node keys SNMP, IPMI and DCAL (APC proprietary protocol) devices that are directly managed by InfraStruXureC now count as nodes NetBotz appliances with Advanced Device Crawlers (monitoring up to 48 devices) count as one node on InfraStruXure
© 2007 APC-MGE corporation. InfraStruXure Central – Node Licensing 25 nodes ships on ISX Central Standard and Enterprise Additional Node Licenses scalability of up to 1025 devices -25 Node License AP Node License AP Node License AP Node License AP951000
© 2007 APC-MGE corporation. InfraStruXure Central – Performance & Planning Maximum Appliances per InfraStruXure Central The following are the maximum number of recommended devices for InfraStruXure Central Standard and Enterprise. These maximum configurations can only be achieved in optimized low load environments. APC and Non-APC SNMP Devices NetBotz Surveillance Devices InfraStruXure Central Standard InfraStruXure Central Enterprise Note: The throughput difference between Standard and Enterprise is quite different. If Surveillance is going to be used, APC highly recommends InfraStruXure Central Enterprise.
© 2007 APC-MGE corporation. InfraStruXure Central – Performance & Planning FPS = frames per second Resolution = camera resolution or picture size Appliance Alerting = a notification from a NetBotz appliance that a threshold was breeched may include text, possibly pictures, possibly audio Surveillance Clips = pictures sent to InfraStruXure Central as a result of detected motion. Surveillance clips do NOT generate alerts. Surveillance clips record video (and audio) until the motion stops (recorded at the InfraStruXure Central only). Pictures Per Alert = defines the number of pictures captures per alert
© 2007 APC-MGE corporation. InfraStruXure Central – Performance & Planning InfraStruXure Central performance is greatly affected by the following factors: Network throughput (10Mb vs 100Mb, vs 1Gb) Number of appliances managed by InfraStruXure Central Camera Frame Rate Camera Resolution Alerting Frequency Alerting Overlap Pictures per Alert Surveillance Activity Surveillance Overlap Number of active consoles
© 2007 APC-MGE corporation. InfraStruXure Central – Performance & Planning For the NetBotz version 2 appliances, APC recommends the following camera capture settings for alerting and/or surveillance: Option 1: -Resolution = 640 x 480 -Frames per Second = 1 or 2 Option 2: -Resolution = 320 x 240 -Frames per Second = 4 or 5 For alerting capture, NetBotz recommends not capturing more than 25 seconds of video per alert. If more than 25 seconds of video is required, then it may be more appropriate to utilize surveillance instead of camera motion or door switch alerts. Optimize what initiates camera motion and surveillance activity by properly configuring camera masking, sensitivity, and area of motion. Essentially tuning the camera to only capture video when something interesting is happening. Audio recording does not affect InfraStruXure Central to a large degree, but it does place an additional load on the appliance so only enable when necessary.
© 2007 APC-MGE corporation. InfraStruXure Central Data Polling Data Polling Overview for Managed and Monitored Devices InfraStruXure Central polls each device periodically to gather sensor readings (default is 10 minutes). For managed and monitored devices all historical sensor readings and current sensor readings are returned since the last poll request. Only reading changes are returned. For example if humidity has been holding steady at 42% for the past 15 minutes and the InfraStruXure Central is polling every 15 minutes; then no sensor information is returned and no new data is stored in the InfraStruXure Central database. Therefore amount of data returned per appliance is completely variable. If the environment your devices are located in static, then very little data will be returned. If the environment your devices are located in is dynamic, then more data will be returned. Each data point that changes results in 50 bytes of data being sent and stored in the repository Tests indicate that version 2 appliances in a typical office setting have about 1900 changes per day to their various standard sensors. These 1900 changes per day equate to about 94 KB of data per day (or 3MB per month) per device.
© 2007 APC-MGE corporation. InfraStruXure Central – Performance & Planning Alert Throughput (Standard & Enterprise) The maximum number of alerts a InfraStruXure Central can handle is variable depending on the contents of the alerts. Text alerts Picture alerts (picture qty, size of pictures, etc.) InfraStruXure Central can handle a maximum of 150 alerts per minute sustained (9000 alerts per hour) Assuming the alerts are picture alerts containing 15 pictures captured at 640x480 resolution Note: An alert is about 400bytes of text data plus pictures, audio and graphs.
© 2007 APC-MGE corporation. InfraStruXure Central – Performance & Planning Surveillance Throughput for InfraStruXure Central Local Storage InfraStruXure Central can sustain a maximum of incoming surveillance frames (Regardless of resolution and SSL; Assumes Gigabit connection and local repository): InfraStruXure Central Standard Max frame rate = 250 FPS InfraStruXure Central Enterprise Max frame rate = 500 FPS The max FPS can be divided among as many or as few NetBotz cameras (not appliances). InfraStruXure Central Standard Example: 62 cameras at 640x480 at 4 frames per second. 125 cameras at 640x480 at 2 frame per second InfraStruXure Central Enterprise Example: 125 cameras at 640x480 at 4 frames per second. 250 cameras at 640x480 at 2 frame per second
© 2007 APC-MGE corporation. InfraStruXure 4.1 Distributed Architecture InfraStruXure Central NAS NAS* V1 Pod sharing with a NetBotz 500* InfraStruXure Central Dual posts for disaster recovery* * BotzWare 2.6 needed for 420 NAS support, dual surveillance posts, and V1 pod sharing Java console (v 1.5.0_06) NAS
© 2007 APC-MGE corporation. ISX Central – Possible IP Connections ISX-C Console HTTP or HTTPS SNMP Manager SNMP HTTP or HTTPS NetBotz Appliance SMTP Svr DNS DNS Svr NFS NAS/SAN CIFS NAS/SAN NetBotz Appliance HTTP or HTTPS
© 2007 APC-MGE corporation. Data Repository And Types NAS: Network Attached Storage examples: File server, NAS appliance, etc. NAS Storage uses the following protocols most commonly : CIFS: -CIFS: Common Internet File System, this protocol is the successor to SMB. CIFS implements all of SMBs features with more stringent security, fault tolerance, and increased performance. - CIFS are commonly used to connect Windows PCs and Windows to UNIX/Linux servers/clients. NFS: - Network File System, similar to SMB & CIFS, NFS is another protocol that enables the file system on a remote system to be accessible on the local system. - NFS is more common in the UNIX world allowing UNIX/Linux servers to share files/folders more easily. Warning Local NAS must have gigabyte connection. NFS is 50% slower than CIFS
© 2007 APC-MGE corporation. Hardware Level Examples for Distributed Storage Different levels of NAS Hardware Hardware examples for Basic NAS - Desktop class hardware - Entry Level Server - IDE / SATA Drives Hardware Examples For Premium NAS - Medium to high end servers - Containing SCSI / Fiber Drives NetBotz recommends premium NAS for solutions involving surveillance
© 2007 APC-MGE corporation. InfraStruXure Central – Performance & Planning NAS Surveillance Throughput for InfraStruXure Central With NAS Storage InfraStruXure Central standard can sustain a maximum of incoming surveillance frames when using NAS storage Local250FPS NFS Basic125FPS NFS Premium200FPS CIFS Basic125FPS CIFS Premium350FPS InfraStruXure Central Enterprise can sustain a maximum of incoming surveillance frames when using NAS storage Local500FPS NFS Basic125FPS NFS Premium275FPS CIFS Basic125FPS CIFS Premium500FPS Note: Assumes gigabyte connection from InfraStruXure Central to NAS
© 2007 APC-MGE corporation. InfraStruXure Central – Performance & Planning DayWeekMonth3 Months 6 Months 1 Year2 Years3 Years 1 94KB.6MB2.8MB8.3MB16.6MB33.1MB66.2MB99.4MB 10.9MB6.4MB27.6MB82.8MB165.6MB331.2MB662.4MB993.6MB MB9.7MB41.1MB124.2MB248.4MB496.8MB993.6MB1.5GB MB16.1MB69.0MB207.0MB414.0MB828.0MB1.6GB2.4GB MB32.2MB138.0MB414.0MB828.0MB1.6GB3.2GB4.9GB MB64.4MB276.0MB828.0MB1.6GB3.2GB6.5GB9.7GB MB96.6MB414.0MB1.2GB2.4GB4.9GB9.7GB14.6GB MB128.8MB552.0MB1.6GB3.2GB6.5GB12.9GB19.4GB MB161.0MB690.0MB2.0GB4.0GB8.1GB16.2GB24.3GB MB322.0MB1.3GB4.0GB8.1GB16.2GB32.3GB48.5GB Disk Space Consumption for Sensor Reading Data Only
© 2007 APC-MGE corporation. InfraStruXure Central – Performance & Planning Disk-space Consumption for Alerts and Sensor Data Assumptions: Version 2 Appliances 3 text alerts per day per appliance 3 picture alerts per day per appliance (15 640x480 pictures, no audio) Number of AppliancesDayWeekMonth 3 Months 6 Months1 Year2 Years3 Years 1 2.3MB16.3MB70.1MB210.2MB420.4MB840.7MB1.6GB2.5GB MB163.5MB700.6MB2.1GB4.1GB8.2GB16.4GB24.6GB MB245.2MB1050.9MB3.1GB6.2GB12.3GB24.6GB36.9MB MB408.7GB1.7GB5.1GB10.3GB20.5GB41.1GB61.6GB MB817.4MB3.4GB10.3GB20.5GB41.1GB82.1GB123.2GB MB1.6GB6.8GB20.5GB41.1GB82.1GB164.2GB246.3GB MB2.4GB10.3GB30.8GB61.6GB123.2GB246.3GB369.5GB MB3.2GB13.7GB41.8GB82.1GB164.2GB 328.4GB492.6GB MB4.0GB17.1GB51.3GB102.6GB205.3GB410.5GB615.8GB GB8.0GB34.2GB102.6GB205.3GB410.5GB821.0GB1231.5GB
© 2007 APC-MGE corporation. InfraStruXure Central – Performance & Planning # Cams 1 Day 1 Week 1 Mnth 2 Mnth 3 Mnth 4 Mnth 5 Mnth 6 Mnth 7 Mnth 8 Mnth 9 Mnth 10 Mnth 11 Mnth 12 Mnth Surveillance Disk Space Consumption (GB) Assumptions: Version 2 appliances Low Activity Scenario (1 hour of video recording per day) 640x480 at 2 FPS No Audio
© 2007 APC-MGE corporation. InfraStruXure Central – Performance & Planning Total Disk-space Consumption The amount of disk space consumed per year is an aggregate of the following: Polled data (sensor readings) Alert data (including pictures and audio) bytes of text data - plus pictures data if applicable - plus audio data if applicable Surveillance data (pictures and audio) - Picture data - plus audio data if applicable
© 2007 APC-MGE corporation. InfraStruXure Central – Performance & Planning Multiple InfraStruXure Centrals Obviously if there are more NetBotz appliances than a single InfraStruXure Central can manage, then multiple InfraStruXure Central systems will have to be deployed.
© 2007 APC-MGE corporation. Console ViewsOverview Map View
© 2007 APC-MGE corporation. Console ViewsOverview Map View Hierarchy of groupsshows groups within groups Groups
© 2007 APC-MGE corporation. Console ViewsOverview Map View Roll-Over Helpshows details of the appliance
© 2007 APC-MGE corporation. Console ViewsOverview Map View Right click on the device to view status. Data sets available for easy navigation
© 2007 APC-MGE corporation. Console ViewsOverview Map View Double-clicking appliance shows advanced view
© 2007 APC-MGE corporation. Console ViewsOverview Table View View selected group in table format Reorder table by columns Configure which columns are shown
© 2007 APC-MGE corporation. Console ViewsOverview Table View Double-clicking appliance shows advanced view
© 2007 APC-MGE corporation. Console ViewsOverview Alerts View Summary of alerts from appliance based on date View details of each alert Listen to audio (if applicable) Unresolved alerts have red background Ability to delete multiple alerts at once
© 2007 APC-MGE corporation. Console ViewsOverview Alerts ViewDetailed View Details of alert with graphs and pictures
© 2007 APC-MGE corporation. Console ViewsOverview Graph and Report View Graph internal and external sensor readings Graph same type sensors on same graph
© 2007 APC-MGE corporation. Console ViewsOverview Graph and Report View (cont.) Zoom into graph Save graph as.jpeg or.bmp file or export data as text file
© 2007 APC-MGE corporation. Console ViewsOverview Graph and Report View (cont.) Reports (table format) on all sensors, applications, and alerts Export report data as a text file
© 2007 APC-MGE corporation. InfraStruXure ® Central 4. x Surveillance Add-On Application for ISX Central Allows the user to license specific cameras in surveillance mode Allows user to view multiple cameras simultaneously in the live camera view Captures video for as long as motion occurs All captured video is only stored in ISX Central and NOT store in the individual Appliances
© 2007 APC-MGE corporation. InfraStruXure ® Central 4. x Surveillance Camera Motion Standard with Standalone Appliances and ISX Central Only captures video for a finite amount of time/frames once motion is detected Does not capture again until motion stops and then is detected again Surveillance Add-On Application for ISX Central only Captures video for as long as motion occurs Navigation of historical clips Simultaneous viewing of multiple cameras Camera Motion vs. Surveillance
© 2007 APC-MGE corporation. Questions? Q U E S T I O N S ?
© 2007 APC-MGE corporation. InfraStruXure ® Central 4. x Installation – Initial Network Configuration
© 2007 APC-MGE corporation. InstallationInfraStruXure ® Central 4. x Applications Place the ISX Central Installer CD-Rom in the drive of the system used to configure and manage the ISX Central (customers system) Windows systemsthe ISX Central Installer will start automatically Linux or Solaris systemsrun install.bin from the sub- directory on the CD
© 2007 APC-MGE corporation. InstallationNetBotz Applications The InstallAnywhere window appears indicating that the software is preparing to install
© 2007 APC-MGE corporation. InstallationISX Central Applications The Welcome screen appearsselect Next to continue
© 2007 APC-MGE corporation. InstallationISX Central Applications The Important note screen appears to exit all ISX central application. Click Next to continue
© 2007 APC-MGE corporation. InstallationNetBotz Applications The License Agreement window appears Click I Accept the terms of the License Agreement Click Next
© 2007 APC-MGE corporation. InstallationNetBotz Applications The Choose Install Set window appears Choose Typical to install the Serial Configuration Utility and ISX Central Control Console Application Click Next to continue
© 2007 APC-MGE corporation. InstallationNetBotz Applications The Choose Install Folder window appears prompts you to choose an installation location Click Next to continue
© 2007 APC-MGE corporation. InstallationNetBotz Applications The Pre-Installation Summary window appears confirming the installation information Click Install to continue
© 2007 APC-MGE corporation. InstallationNetBotz Applications The Installation window appears indicating the progress of the installation
© 2007 APC-MGE corporation. InstallationNetBotz Applications The Install Complete window appears Click Done to finish the installation and close the ISX Central Installer
© 2007 APC-MGE corporation. InstallationInitial Network Configuration Initial Network Configuration Complete before physical installation, by performing the following procedure: 1. Ensure that the power cord and the Ethernet cord of the ISX Central are connected 2. Connect one end of a null modem cable to the ISX Central and the other end to your laptop computer Null modem cable ISX Central (Enterprise version shown) Laptop computer
© 2007 APC-MGE corporation. InstallationInitial Network Configuration Initial Network Configuration (cont.) 3. Start the NetBotz Serial Configuration Utility (Start Programs ISX Central Help and Tools ISX Central Serial Configuration Utility)
© 2007 APC-MGE corporation. InstallationInitial Network Configuration Initial Network Configuration (cont.) 4. When the ISX Central has finished starting up select the Next button to continue. Note: The device may take up to 2 minutes to fully start up.
© 2007 APC-MGE corporation. InstallationInitial Network Configuration Initial Network Configuration (cont.) 5. The serial configuration will search for NetBotz appliances attached to your computer through the serial port Select Next Select appropriate port/appliance
© 2007 APC-MGE corporation. InstallationInitial Network Configuration Initial Network Configuration (cont.) 6. You will be prompted for a password in the Root Password windowenter the default password apc and select OK
© 2007 APC-MGE corporation. InstallationInitial Network Configuration Initial Network Configuration (cont.) 7. Select the radio button for Configure using these settings and enter the IP Address, Subnet Mask, and Default Gateway for the device
© 2007 APC-MGE corporation. InstallationInitial Network Configuration Initial Network Configuration (cont.) 8. Configure the DNS information for the device by completing the information under DNS Settings 9. Select Next to continue
© 2007 APC-MGE corporation. InstallationInitial Network Configuration Initial Network Configuration (cont.) 10. Enter ISX Central hostname and Click OK to continue.
© 2007 APC-MGE corporation. InstallationInitial Network Configuration Initial Network Configuration (cont.) 11. Shutdown ISX Central to save network settings.
© 2007 APC-MGE corporation. InstallationInitial Network Configuration Initial Network Configuration (cont.) 11. The final screen displays the configured network settings select Back to make any changes to the information or Finish to exit the utility
© 2007 APC-MGE corporation. Using LDAP With ISXC
© 2007 APC-MGE corporation. What is LDAP? Lightweight Directory Access Protocol Active Directory is an Implementation of LDAP LDAP servers manage users, user groups, resource access, and in some cases name resolution.
© 2007 APC-MGE corporation. Why Use LDAP with ISXC? Users do not need to memorize additional passwords Administrators do not have to maintain user accounts on ISXC Password policy is based on company standard.
© 2007 APC-MGE corporation. Before You Begin Customer must have a LDAP search account Customer must know the hostname of the LDAP server Customer must know the search base of the users and user groups they wish to have login access
© 2007 APC-MGE corporation. Steps To Bind ISXC to LDAP Provide search user account and search base so that ISXC can access the LDAP server Explore the LDAP tree adding user groups and users as needed through the provided ISXC interface Assign LDAP users and groups device group access on ISXC
© 2007 APC-MGE corporation. Adding an LDAP Server to ISXC
© 2007 APC-MGE corporation. Configuring the Bind
© 2007 APC-MGE corporation. The Bind User The Bind User DN must be explicitly typed out in perfect syntax. The bind user DN MUST HAVE permission to search the search base with the users and groups that ISXC will user Experience shows that people rarely input the right syntax the first time.
© 2007 APC-MGE corporation. Bind DN Syntax Example Bind User DN: cn=John Smith, ou=AMS, dc=defaultcorp, dc=com (cn) stands for Canonical Name: It is the long name for the user and sometimes a built in container group in active directory (ou) stands for organizational unit: Most Directories created by users in active directory are organizational units (dc) stands for domain component: Normally this is used to specify the domain portion of the BIND DN. In active directory it is required, while in other LDAP implantations it can be optional. Commas must be escaped with \ The bind DN starts with the canonical name of the user, then the organizational unit if applicable, and finally with the domain components if needed. On Active Directory a container folder does not have the little are work in the folder icon, while a Organizational Unit Does
© 2007 APC-MGE corporation. Is it an OU or a CN?
© 2007 APC-MGE corporation. Determining the BIND DN The BIND DN is NOT the login name 2003.aus-lab.netbotz.com is the DC portion Users would normally be the OU, but on Active directory it is a CN as it is a built in container. (See previous slide) directory search is the user name or canonical name (CN)
© 2007 APC-MGE corporation. Final Bind DN cn=directory search, cn=Users, dc=2003, dc=aus- lab, dc=netbotz, dc=com
© 2007 APC-MGE corporation. Search Base The search base specifies the top level folder of ISXCs LDAP access. ALL USERS and USER GROUPS that ISXC authenticates with must be in the search base. If a user is a member of a Group that is in the search base, but the user is not in the search base, login will be denied. Users and User Groups within the search base will not be allowed to login to ISXC unless they are explicitly added later in the configuration. Being in the search base only allows an ISXC administrator to add the user or group, it does not grant automatic access.
© 2007 APC-MGE corporation. Active Directory Search Base In this example the administrator chooses to allow login only from users/groups in the AMS Organizational Unit Search base is : ou=AMS, ou=Corp, dc=2003, dc=aus-lab, dc=netbotz, dc=com
© 2007 APC-MGE corporation. Complete Configuration
© 2007 APC-MGE corporation. Adding Users and Groups When the bind is successful Users and Groups can be added through the GUI tool On the User/Group Configuration screen, only ISXC Admin privileges can be given. All other privileges must be added per device group You must click on a folder in the left pain for users and groups to appear in the center. Users and Groups are displayed by their Canonical name, not by login.
© 2007 APC-MGE corporation. User/Group Browser
© 2007 APC-MGE corporation. Granting Per Device Group Permissions to LDAP Users
© 2007 APC-MGE corporation. LDAP Behavior When Directory Server is Down, users cannot log in LDAP users cannot change their password (Through ISXC) Users will login with their login IDs, not their canonical names LDAP users can be added and deleted from ISXC without interrupting current connections If a LDAP ID has the same username as an ISXC local ID, then the ISXC local ID is preferred. A local administration account must remain on ISXC (ISXC will not let you delete this local account) ISXC NEVER modifies any data within the directory server, and does not process any permissions data other than group membership and account id/password authentication Official tested support for Open LDAP and Active Directory only, but L3 will attempt to make any LDAP compliant system work.
© 2007 APC-MGE corporation. Trouble Shooting The most common problem with LDAP is a syntax error in the Bind DN. Make sure that the BIND DN has the bind users canonical name and not their login id Make sure that if the bind user is in an OU, that ou is specified and if it is in a container that cn is specified. Make sure commas are escaped out with \ (you can escape a \ with \\) Sometimes DNS and DCs are not the same especially in companies that have migrated from legacy X.500 implementations
© 2007 APC-MGE corporation. Trouble Shooting The Second most common problem with LDAP is lack of permission on the search user. If strange error messages appear try a normal LDAP user account, just to test to see if it is a permissions problem Try an admin level account if that doesnt work.
© 2007 APC-MGE corporation. Trouble Shooting If a customer has more than 50,000 users or groups in a singe OU and their client is crashing in the LDAP browser. There is a known issue about handling a massive amount of users and groups in the same OU. The client runs out of memory as we limit memory usage to 256MB The solution is to increase the amount of RAM the client can use. In c:\programs\(ISXC version) there is a file called InfraStruXure Central Console.lax Edit the line in this file that displays lax.nl.java.option.java.heap.size.max= to display lax.nl.java.option.java.heap.size.max= Restart Client
© 2007 APC-MGE corporation. Questions? Q U E S T I O N S ?
© 2005 Cisco Systems, Inc. All rights reserved.INTRO v2.19-1 Managing Your Network Environment Managing Cisco Devices.
Designing Network Management Services © 2004 Cisco Systems, Inc. All rights reserved. Designing the Network Management Architecture ARCH v1.24-1.
© 2007 APC-MGE corporation. APC NetBotz ® Rack Access PX - HID NetBotz Access Control Protecting IT Assets From Physical Threats Network appliance enabling.
© 2009 Avaya Inc. All rights reserved.1 Chapter Nine, VoiceMail Pro in SCN Module Four – Distributed VoiceMail Pro.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.23-1 Route Selection Using Policy Controls Applying Route-Maps as BGP Filters.
© 2009 Avaya Inc. All rights reserved.1 Chapter Three, VoiceMail Pro Advanced Functions Module One – Text to Speech.
© 2006 Cisco Systems, Inc. All rights reserved. SND v2.04-1 Configuring a Cisco IOS Firewall Configuring a Cisco IOS Firewall with the Cisco SDM Wizard.
© 2006 Cisco Systems, Inc. All rights reserved. CIPT1 v5.03-1 Deployment of Cisco Unified CallManager Release 5.0 Endpoints Configuring Cisco Unified CallManager.
© 2009 Avaya Inc. All rights reserved.1 Chapter Three, VoiceMail Pro Advanced Functions Module Three – TAPI.
© 2005, Cisco Systems, Inc. All rights reserved. IPS v5.04-1 Lesson 4 Using IPS Device Manager.
© 2006 Cisco Systems, Inc. All rights reserved. BSCI v3.07-1 Implementing Multicast IGMP and Layer 2 Issues.
© 2009 Avaya Inc. All rights reserved.1 Chapter Nine, VoiceMail Pro in SCN Module Three – Backup VoiceMail Pro.
© 2005 Cisco Systems, Inc. All rights reserved.INTRO v2.18-1 Operating and Configuring Cisco IOS Devices Configuring a Router.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.23-1 Route Selection Using Policy Controls Using Multihomed BGP Networks.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.25-1 Customer-to-Provider Connectivity with BGP Connecting a Multihomed Customer to Multiple Service.
© 2006 Cisco Systems, Inc. All rights reserved.CIPT2 v5.01-1 Monitor and Manage IP Telephony Introducing Cisco Unified CallManager Serviceability.
© 2006 Cisco Systems, Inc. All rights reserved. CIPT1 v5.02-1 Administration of Cisco Unified CallManager Release 5.0 Implementing Disaster Recovery.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.27-1 Optimizing BGP Scalability Implementing BGP Peer Groups.
DRAFTING and DIMENSIONING 98. A properly dimensioned drawing of a part is very important to the manufacturing outcome. With CATIA, it can be a very simple.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.01-1 Configuring CSA Installing and Configuring CSA MC.
Еще похожие презентации в нашем архиве:
© 2017 MyShared Inc. All rights reserved.