CommandCenter® Secure Gateway – giải pháp quản lý tập trung cho Data Center

Support for Dominion KX II

CC-SG supports access to servers and other IT equipment connected to Dominion KX II. KX II provides virtual media and Absolute Mouse Synchronization™ technology. CC-SG provides discovery, management, upgrades and many other management capabilities of KX II devices.

CC-SG provides seamless integration of access through different Dominion products such as environments with mixed Dominion KX and Dominion KX II devices.

Support for Dominion SX

CC-SG supports access to serial devices connected to Dominion SX.

You get centralized management of multiple SX units along with other Raritan access devices.

Virtualization: Integration of VMware

CC-SG provides streamlined setup of single sign-on access to your virtualized environment, the ability to issue virtual power commands to virtual machines and virtual hosts and a topology view with one-click connections. CC-SG integrates with VMware environments and can support features like connectivity to VirtualCenter software, ESX servers and VMotion™ functionality.

You get consolidated access, power control and auditing of both physical and virtual servers.

Connectivity to virtual machines is always available even when these are moved from one virtual host to another.

Support for Access to Blade Servers Connected to Dominion KX II Devices

CC-SG supports access of blade servers connected to Raritan Dominion KX II switches. Supported blade models include most Dell, HP and IBM blade servers.

You can access all connected nodes from a single client, including blade servers, non-blades, IP tools, service processors, PDUs, virtualized systems and devices connected to Raritan’s KVM solutions.

Support for Raritan’s Dominion PX

CC-SG can discover and add Dominion PX “smart” power strips located on the IP network. The CC-SG will automatically identify the firmware version, serial number and how many outlets are available on the PX. Once added to the CC-SG as a network-managed device, the Dominion PX allows access to the administrative interface via a single sign-on. Additionally, Dominion PX outlets are available for configuration and association to existing CC-SG nodes (servers).

Note: The option of CC-SG integration to the PX through physical connectivity to Dominion devices via a power Computer Interface Module (CIM) or power cable is still available and supported.

You enjoy comprehensive centralized access and management.

Your control of PX units can be independent of KVM or serial switches.

Access to In-Band Application and Embedded Service Processors

Telnet is supported as an in-band serial console interface.

RDP, one of the most commonly used in-band console interfaces, can be used in either console or remote user modes. The RDP console allows the IT administrator to be the only RDP user on the server while the session lasts. All RDP remote console user sessions will terminate on an RDP console login. Additionally, the RDP interface can be adjusted to the desired color depth.

Service accounts can be created and stored on the CC-SG with an MD5 two-way encrypted password. Service accounts can be employed on all in-band interfaces to allow for use with remote or local authentication. Changing the service account password applies to all CC-SG interfaces using that service account. Alternatively, creating specific passwords for each interface is still available.

You have the ability to connect to serial targets using Telnet protocol.

You’ll add flexibility by using RDP.

You’ll reduce the configuration time required to reflect password changes.

Robust Security

Low security profile, Linux®-based appliance architecture.

A powerful policy management tool allows access and control based on a broad range of user customizable criteria, including time of day, physical location, application, operating system, department and function.

Available 128-bit and 256-bit AES encryption for end-to-end node access activity through AES-enabled Dominion devices.

Support for a broad range of authentication protocols, including LDAP, Active Directory®, RADIUS and TACACS+ in addition to local authentication and authorization capabilities.

Ability to import user groups from Active Directory.

Support for Second Factor Authentication with SecureID® on RADIUS servers.

IP-based access control lists (ACLs), which grant or restrict user access by IP address.

Proxy mode for secure access to devices through firewalls/VPNs.

Strong user password authentication, SAS 70 compliance for configurable amounts of failed login attempts and user ID lockout parameters.

 CC-SG is a powerful, hardened secure access platform that delivers peace-of-mind to IT managers who need to provide access to vital corporate resources.

Neighborhood Configuration

Architecture allows a collection of up to 10 CC-SG units to be deployed and work together to serve the IT infrastructure access and control needs of the enterprise. The units in a neighborhood may consist of hardware and/or virtual appliances. All units in a neighborhood must be running the same firmware version.

Scalability: you can add more

CC-SGs as your environment grows.

Performance is enhanced through the distribution of resources across CC-SGs.

Regionalization:

• It allows local authentication for local access.
• CC-SG provides around-the-clock global operations – so you can avoid failures across regions.

Departmentalization/local administrative autonomy:

• CC-SG permits you to access network partitioning.
• You can segment by access tools, Raritan device type, user type, etc.

You may deploy CC-SG units across different subnets.

Seamless Backup Configuration

“Cluster” configuration provides appliance redundancy through primary and secondary CC-SG deployments on different subnets and/or geographical locations.

Note that the CC-SG virtual appliance cannot be included in a cluster. Raritan supports the VMware High Availability feature for failover of a virtual appliance.

You get instant, seamless failover if the primary unit fails.

Web Browser Access to CC-SG

CC-SG supports Web browser access to either an IP address or host name. A single sign-on via the Web browser interface is available in some applications that can accept automatic username and password entries but do not require additional entry fields like session ID. Access to the Dominion PX Web interface and Dell RAC4 administrative UI are two examples of Web browser interfaces that support single sign-on.

It provides centralized and audited access to any Web server-equipped device such as power strips, embedded service processors and Web-based proprietary IT applications.

Auditing and Audit Trail Reporting

The CC-SG administrator can sort the audit trail report based on categories. For example, the administrator can choose to view only authentication messages for remediation purposes, security messages for monitoring purposes or virtualization messages for virtual machine-related activity tracking. The administrator can choose to view only tasks of embedded- or access-related audit messages. Additionally, the administrator can use a wild card search to find specific audit messages.

Node auditing requires users belonging to a group selected by the CC-SG administrator to enter free text audit information whenever accessing any interface. This information can be viewed in both the audit trail report and the node audit tab.

CC-SG permits granular audit trail sorting for specific purposes like remediation, security and debugging.

It gives you the ability to capture activity reported by system users such as contractors and temporary workers.

Remote Monitoring and Capacity Planning Tools

CC-SG provides a variety of tools to monitor real-time and over-time performance of CC-SG. Once activated, these tools can capture or display information such as CPU, memory, hard disk space, etc.

Using the real-time data capture tool, customers can view information in a graphic format and create e-mail alerts based on thresholds they set. With the over-time data evaluation tool, customers can see their CC-SG performance graphed over time.

CC-SG allows secure, remote monitoring tools that can be activated by customers to monitor their CC-SG hardware performance and alert them when action may be required on their part.

GUI and User Experience Improvements

During its life cycle, several improvements have been introduced to the CC-SG to provide a better user experience. For example, CC-SG administrators can require acknowledgment before any power operation takes place, such as powering off a server. Additionally, the node profile was enhanced to include a tab structure that is more useful to users and includes more useful information.

The continued improvement of the CC-SG UI helps enhance the user experience for Raritan customers.

HP iLO2 Support

CC-SG supports single sign-on console access to HP servers equipped with iLO2 processors. In addition, CC-SG provides remote power on/off/cycle and graceful shutdown capabilities to these HP servers.

CC-SG increases productivity in environments where servers with iLO2 are deployed along with CC-SG.

Virtual Media

CC-SG supports control of virtual media access policies. Three options of authorization are available for virtual media: deny, control and view only. Virtual media is available for OOB nodes connected through a virtual media CIM to a Dominion KX II device managed by the CC-SG. Virtual media can be mounted on a client system or on a remote network drive equipped with a USB connection.

This feature makes it easy to re-image (apply a new OS), boot or upgrade the device remotely.

WS-API Support

An optional WS-API is available for use with CC-SG.

This allows access of CC-SG, connected nodes and other CC-SG functions from your own customized client application

Synchronize Data with Power IQ®

CC-SG pulls data from Power IQ for easy, convenient data synchronization.

Ensure that CC-SG and Power IQ have common infrastructure data.

Save time by not duplicating data entry tasks. Node, interface, device, port and other information is easily synchronized.

Data Import/Export

CC-SG includes a very comprehensive import/export capability. CSV files can be imported to help expedite the process of configuring devices, nodes, users, associations and PDUs. Import/export files include:

• Import and export of categories and elements
• Import and export of user groups and users
• Import and export of nodes and interfaces
• Import and export of devices and ports
• Power IQ import and export file

By maintaining information in a spreadsheet of IT infrastructure profiles, administrators can easily manipulate data and save it as a .csv file for importing into CC-SG, saving time.

Administrators can leverage the data already in CC-SG, easily export data from CC-SG to create a master file, make any necessary changes, then return it to CC-SG or use it in other applications.

Share data between CC-SG and Power IQ.

DRAC 6 Support

In addition to the long-existing support for DRAC 4 and 5, CC-SG now provides access to Dell Remote Access Controller 6. Access to the controller is available through the following interfaces:

• Telnet
• SSH
• Web Browser
• IPMI Power

Organizations with Dell servers who have migrated from DRAC 4 or 5 to DRAC 6 can conveniently access them through CC-SG.

Customers who need standard KVM access to some servers and access through DRAC to others can conveniently manage all resources through a single CC-SG client.