consoleworks getting started guide 5.3-0u0

Getting Started Guide

Table of Contents

Copyrights iiiCustomer Care ivConsoleWorks Overview 2Getting Started: Intended Audience 7Physical Setup 9Serial Connections 11Network Connection 13Requirements 14Virtual Infrastructure Network Connection 17Connection Tools 19Requirements 21Getting Started: Quick Start 23Adding Consoles 29Events 31Users 35About Profiles 37

Practice: Profiles and Privileges 39Console Connectors 41

Directory of Connectors 41Configuring Connectors 45Supported IP Ports 83


© Copyright 2020 TDi Technologies, Inc. Page • i


Page • ii © Copyright 2020 TDi Technologies, Inc.

This page is intentionally left blank.

CopyrightsInformation in this document is subject to change without notice. The software describedin this document is furnished under a license agreement or nondisclosure agreement. The softwaremay beused or copied only in accordance with the terms of those agreements. No part of this publicationmay bereproduced, stored in a retrieval system, or transmitted in any form or anymeans electronic or mechanical,including photocopying and recording for any purpose without the written permission of TDi Technologies, Inc.

ConsoleWorks® is a registered trademark of TDi Technologies, Inc.Adobe Reader is a registered trademark of Adobe Systems, Inc.Citrix, Xen, XenSource, XenServer, XenMotion are trademarks of Citrix Systems, Inc.Google is a registered trademark of Google, Inc.HP-UX is a registered trademark of Hewlett-Packard, Inc.IBM and AIX are registered trademarks of International Business Machines, Inc.OpenVMS is a registered trademark of Hewlett Packard Enterprise Development, LP.Intel is a registered trademark of Intel, Inc.Linux is a registered trademark of Linus Torvalds.Windows operating systems, PowerShell, and Internet Explorer are registered trademarks of Microsoft Corporation.Firefox is a registered trademark of the Mozilla Foundation.Novell is a registered trademark of Novell, Inc.Oracle, Java, and Solaris are registered trademarks of Oracle, Inc. .3Red Hat and CentOS are registered trademarks of Red Hat, Inc.SPARC is a registered trademark of SPARC International, Inc.SUSE is a registered trademark of SUSE LINUX Products, GmbH.UNIX is a registered trademark of The Open Group.VMware is a registered trademark of VMware, Inc.The ConsoleWorks JTE (Java Terminal Emulator) applet makes use of the open source Java Telnet Applet. TDi Technologies,Inc. claims no particular license to the applet excepting those rights given by the GNU Library General Public License.The SSL features of ConsoleWorks include OpenSSL software that is covered by terms and conditions of the OpenSSLorganization.Portions of the technology within ConsoleWorks are protected under US Patent number 6,505,245 and under US Patentnumber 8,260,751 and under US Patent number 8,732,829.

Publication Date: Tuesday, January 07, 2020 11:20 AM

ConsoleWorks

© Copyright 2020 TDi Technologies, Inc. Page • iii

Customer CareTo contact TDi Support:

Email: [email protected]: +1.800.695.1258Fax: +1.972.424.9181

Post: SupportTDi Technologies1600 10th StreetSuite BPlano, Texas, U.S.A. 75074

When requesting customer care, ensure that you have within easy reach an active Service Agreement and thefollowing information:

l Name and contact informationl Company namel Make andmodel of host running ConsoleWorksl Host operating system, version, and patch levell ConsoleWorks versionl Description of problem and steps to recreate

Demonstrations

To register for a free demonstration of ConsoleWorks, view company and product information, and obtaindocumentation and downloads, visit http://www.tditechnologies.com.

ConsoleWorks

Page • iv © Copyright 2020 TDi Technologies, Inc.

ConsoleWorks OverviewConsoleWorks is an enterprise-class solution that monitors andmanages computer and networkinfrastructure. It can be configured to watch and to record information from all parts of a networkedenvironment in real time. extracts key events and notifies support staff. It can, in response to theseevents, connect staff to the problem source and/or launch utilities to resolve issueswithout humanintervention.

Virtually all Information Technology (IT) devices and assets have a communication port, wired orwireless, through which console information is sent, such as boot or statusmessages.Without aConsoleWorks console connected, information is lost because of the impracticality of monitoring andresponding to decentralized or physically remote infrastructures common inmodern-day businesses.

ConsoleWorks ends data loss by bringing the once-discarded information to a single server. It maintainsa persistent connection to IT asset communication ports such as:

l serial console port

l service processor

l baseboardmanagement controller (BMC)

l management frontend

l router

l gateway

l industrial control devices

l chassismanagement system

Any source that sends text data from a port and allows connections through that same console port canbe seen byConsoleWorks. It parses and logs all communication to and from an asset. For example, aconsole can be set to monitor any text data sent via Syslog or SNMP traps. ConsoleWorks scans andcompares incoming, unsolicited text to a watchlist of important messages, declaring events when amatch ismade.

Getting Started Guide ConsoleWorks Overview

Page • 2 © Copyright 2020 TDi Technologies, Inc.

The following steps illustrate basic scenario of operation in ConsoleWorks:

1. The flow of information that makes up a computing infrastructure provides a constant streamof data about, for example, devices or assets.

2. ConsoleWorks parses the flow of information for patterns such asERROR, Nominal,Connection Refused, orConnected.

3. It logs all activity on themanaged infrastructure.

4. It scans the logs for patterns.

5. When an patternmatch occurs, ConsoleWorks declares (and logs) an eventwhich cansend out an alert.

6. ConsoleWorks initiates pre-configured automatic actions to fix the problem.

7. For more complex problems, it provides access to troubled assets for remediation

8. All remediation activity is logged and best practices can be saved for reference.

Where and How ConsoleWorks Is Used

Enterprise monitoring

l Sees all activity in the IT infrastructure. ConsoleWorkswatches for events in the foundationbelow the network stack, even below the operating system (OS), through to physical assets,and up through the higher layers and processes, including programs, applications,hypervisors, virtual machines.

l Maintains 24x7 coverage.

l Ensures all messages are reported and tracked.l Suppliesmillisecond response to issues.


ConsoleWorks Overview Getting Started Guide

Enterprise managing

l Delivers true real-time (in milliseconds) management

l Provides consolidated view into the health of networked infrastructure

l Enables remote communication through the Internet to any device’s privilegedcommunication port

l Offers ‘out-of-band’ availability to ‘down’ information sources:

l Gain access from anywhere at anytime to systems lacking an operational OS

l Execute privileged commands at the hardware level

l Access crash dump andmachine registers

l Boot or bootstrap devices

l Perform system configuration/reconfiguration

l Install firmware upgrades

l PerformOSmaintenance

l Backup systems in standalonemode

l Installs easily and quicklyl Supportsmultiple and customizable workflows

For logging

l Provides system history and audit trails for regulatory compliance, datamining, and post-issue forensics.

l Provides support documentation for SLAs.

l Generates reports by Event, User, Console, asset, or almost anyConsoleWorkscomponent, element, or part.

l Supports secure, tamper-evident logs.

l Provides secure, SSL/SSH encrypted communications.

l Enables secure accessmanaged byUser, role, asset, or activity.

l Owns the console port. ConsoleWorks protects this infrastructure opening while enablingquery, configuration, or adjustment of the data source, independent of the source’soperational state.

l Offers always-up configurations (Failover; Cold, Warm, and Hot Standby).



Sample List of Assets ConsoleWorks Monitors

Servers Clusters Nodes Networks

SANs Routers Hardware Software

Medical equipment Blood analyzers Radiation equipment Data loggers

Static control boards Time and attendance clocks PBX accounting sys-tems

LAN securitydevices

Management consoles and pro-cessors

Electronic key systems Badge access control Security alarms

Environmental monitoring units Remote power management con-soles

UPS managementdevices

Power meterdevices


ConsoleWorks Overview Getting Started Guide

Getting Started: Intended AudienceThe information these topics were developed under the following assumptions:

l Familiarity with the concepts, terminology, features, and functionality of the host operatingsystem and platform hosting the ConsoleWorks server.

l Knowledgeable about basic computer tasks, such asmanaging files, using amouse,operatingmenu commands, and usgin in a graphical user interface (GUI) environment.

l Familiarity with concepts, terminology, features, and functionality of a web browser. Forexample, you understand that to select a check boxmeans to click a check box and to clear acheck boxmeans to click the check box to remove the checkmark.

l Installed and started ConsoleWorks, have accessed it through a web browser, and isdisplayed on the screen.

Resources

ConsoleWorks is supported by guides, online help, a knowledgebase, a user’s forum, and technicalsupport.

Installation Guides

l ConsoleWorks Installation Guide (Microsoft®Windows®)

l ConsoleWorks Installation Guide (Linux®) l ConsoleWorks Installation Guide (Oracle® Solaris)l CWSSH CLI SetupGuide

User Guides

l ConsoleWorksGetting Started

l CWCLIent Reference

l CWScripts Reference

l SecureWindowsEvent Forwarder

l CWSSH CLI Command Reference

Release Notes

l ConsoleWorksRelease Notes


Getting Started: Intended Audience Getting Started Guide

Accessing Documentation Online

You can access some of these documents fromwithin ConsoleWorksHELP > Help Central and fromthe online help > Help. The online helpmay be accessed fromwithin ConsoleWorks by pressing F1.The latest version of help is also available as a stand-alone help system fromTDi Support([email protected]).

Visit the TDi Technologies website, www.tditechnologies.com, to access new products, the latestupgrades, and themost current information about ConsoleWorks.

Knowledge Base

A collection of helpful hints, how-tos, technical tips, tricks, and answers for frequently and not-so-frequently asked ConsoleWorks questions. Visit the Knowledge Base athttp://knowledgebase.tditechnologies.com/.

Community Source

A library of prototype and proof-of-concept applications that youmight find helpful for monitoring andmanaging your networked environment. Visit the Community Source programs library athttp://support.tditechnologies.com/community_source.

Contact TDi Support at [email protected] or 1.800.695.1258.

Getting Started Guide Getting Started: Intended Audience


Physical SetupThemost important physical configuration for a ConsoleWorks installation is the connection from theConsoleWorks server to the information sources in your infrastructure. The illustration below shows themajor components and the connection possibilities for a basic ConsoleWorks configuration.

Connect ConsoleWorks to your infrastructure using direct (cable or cable + terminal server) or indirect(network, Telnet, Syslog) methods.

Connector TypesThe protocols used to connect ConsoleWorks to an individual asset define that connection’s connectortype. ConsoleWorks provides connector types, each with its own characteristics, benefits, and costs.For more information about connectors, including when and why to use a certain type, see ConsoleConnector Field Definition Tables.

Examples of ConsoleWorks Connections


Physical Setup Getting Started Guide

Getting Started Guide Physical Setup



Serial ConnectionsDirect Serial ConnectionsTomake a direct serial connection, run a serial cable from the asset to a serial port on theConsoleWorks server.

The direct serial connection works best for small configurations in a single data center (because serialcable lengths limit location and geographical flexibility) or data centers with a known number of consoledevices and where expansion is not a current nor a future concern. The number of assets that can bemanaged by a single ConsoleWorks server is limited by the number of server serial ports available.

Serial Connection via a Terminal/Console/Device Server

In environments where assets connect to a terminal server (sometimes called a console server ordevice server) that connects to the network, connect ConsoleWorks to the LAN/WAN, and it routesthrough the terminal server to themanaged asset.

A serial connection through a terminal server is themost commonly usedmethod to connect system anddevice console ports across any distance greater than the length of a serial cable. If themanaged assetsare in different areas on a given floor, different floors within a building, different buildings, campuses,states, or even countries from the ConsoleWorks server, this connectionmethod can be used. Theflexibility of the network connection enables console port connections back to a single ConsoleWorksserver for centralized logging and problem remediation.

The terminal server portsmust be configured to support the speed and characteristics required by theconnected asset.


Serial Connections Getting Started Guide

Getting Started Guide Serial Connections



Network ConnectionIn environments where assets connect directly to the network, connect ConsoleWorks to the network aswell. This connectionmethod is the simplest to implement and configure. It does awaywith distancelimitations. It enablesmultiple data centers and geographically dispersed equipment to be easilymanaged by a central ConsoleWorks server.

Network Syslog ConnectionConsoleWorks can also use a network Syslog connection to watch for UNIX-style Syslogmessagesfrom themanaged assets. For this type of monitoring to succeed, themanaged systems and devicesmust forward their Syslogmessages to the ConsoleWorks server.

OnWindows systems, this forwarding is accomplished by theWindowsEvent Forwarder (WEF). Whenloaded on theWindows system, theWEF forwards in real time event, system, security, and applicationmessages to ConsoleWorks.

Network SNMP ConnectionConsoleWorks can also use a network SNMP connection to watch for SNMP-style messages frommanaged systems, devices, or other environmentsmonitored by an SNMP agent. ConsoleWorks doesno polling. For this type of monitoring to succeed, themanaged assetsmust forward their SNMPmessages to the ConsoleWorks server.

Virtual Infrastructure Network ConnectionIn environments where assets have been virtualized, connect ConsoleWorks directly to the physicalsystems hosting the virtualized assets or to the network that can access the virtualized assets.

ConsoleWorks canmanage virtual environments, includingmonitoring and administering hypervisorsand virtual machines of Citrix®, Xen®, and VMware® virtualization products.

Connection ToolsConsoleWorks enables you to access your entire managed enterprise through a single entry point.Typically, this point is a web browser, but it can also be one of the other available connection tools.

Web browser. Use this tool if your connectionmethod to ConsoleWorks uses the Internet or yourcompany’s intranet. You can useMicrosoft Internet Explorer® (IE), andMozilla Firefox®. Otherbrowsers are not supported.Within the web browser, ConsoleWorks enables connections tomanagedassets through a Java™ applet to emulate a serial terminal (similar to a VT100).

CWCLIent, a ConsoleWorks client application. Use this tool if you prefer a command-line interface(CLI) over a browser interface. CWCLIent is a Java-based VT100-class terminal emulator. It ships withand runs on the ConsoleWorks server.

CW SSH CLI, a secure advanced SSH server for ConsoleWorks power users.

(Windows)CWTProx, the default Telnet proxy for terminal emulators.


Network Connection Getting Started Guide

Third-party terminal emulators, such as xterm, Reflection®, or PowerTerm®.

RequirementsFor successful and efficient ConsoleWorks operations, ensure that your site meets the followingsupported software and recommended hardware capacities and configurations.

Supported Operating SystemsConsoleWorks runs on the following operating systems and hardware.

Operating System Hardware

Microsoft Windows Server 2008(64-bit)/2008 R2 Intel®, AMD

Oracle Solaris 10 UltraSPARC®

Red Hat® Enterprise Linux® Server 5.8–6.4 Intel, AMD

Novell® SUSE™ Linux Enterprise Server 11.x Intel, AMD

Supported Web BrowsersUse the following browsers to connect to ConsoleWorks:

l IE 11 or later

l Better performance is achieved with the later-version browsers.

l Firefox 45 or later

Recommended Hardware ConfigurationsTDi Technologies purpose-built ConsoleWorks to have a small ‘footprint’ and operate with as littleimpact on systems as possible. The following configurations are recommended for optimalperformance.

Operating System CONSOLES* CAPACITY**

Windows Server 200 2x quad-core x86 processor, 3GHz speed,3GB RAM

1000 2x quad-core, 3GHz speed, 12GB RAM

Linux 200 2x quad-core, 3GHz speed, 4GB RAM

1000 2x quad-core, 3GHzspeed, 12GB RAM

Solaris SPARC 200 1x UltraSPARC III processor, 600MHz speed, 2GB RAM

1000 2x UltraSPARC IV, 1.2GHz speed, 12GB RAM

Recommended Configuration

Getting Started Guide Requirements


Example: Actually, ConsoleWorks has no Console capacity limitations, but operating systems do;exceeding that which the operating system can handle can cause unpredictable resultsand is not recommended.

Display mode Resolution

XGA 1024 x 768 pixels


Requirements Getting Started Guide

Virtual Infrastructure Network ConnectionIn environments where assets have been virtualized, connect ConsoleWorks directly to the physicalsystems hosting the virtualized assets or to the network that can access the virtualized assets.

ConsoleWorks canmanage virtual environments, includingmonitoring and administering hypervisorsand virtual machines of Citrix®, Xen®, and VMware® virtualization products.


Virtual Infrastructure Network Connection Getting Started Guide

Getting Started Guide Virtual Infrastructure Network Connection



Connection ToolsConsoleWorks enables access to an entire managed enterprise through a single entry point. Typically,this point is a web browser, but it can also be one of the other available connection tools.

Web Browser

Use this tool if the connectionmethod to ConsoleWorks uses the Internet or an intranet. Within the webbrowser, ConsoleWorks enables connections tomanaged assets through a Java™ applet to emulate aserial terminal (similar to a VT100).

CWCLIent

A ConsoleWorks client application. Use this tool if you prefer a command-line interface (CLI) over abrowser interface. CWCLIent is a Java-based VT100-class terminal emulator. It ships with and runs onthe ConsoleWorks server. For information about CWCLIent, see CWCLient User Guide.

CW SSH CLI

A secure advanced SSH server for ConsoleWorks power users.

CWTProx

The default Telnet proxy for terminal emulators. For information about CWTProx. Third-party terminalemulators, such as xterm, Reflection®, or PowerTerm®.


Connection Tools Getting Started Guide

Getting Started Guide Connection Tools



RequirementsFor successful and efficient ConsoleWorks operations, ensure that your site meets the followingsupported software and recommended hardware capacities and configurations.

Supported Operating SystemsConsoleWorks runs on the following operating systems and platforms:

Operating System Hardware

Microsoft Windows Server 2008 (64-bit) / 2008 R2 Intel®, AMD

Oracle Solaris UltraSPARC®

Red Hat® Enterprise Linux® Server Intel, AMD

Novell® SUSE™ Linux Enterprise Server Intel, AMD

Supported Web Browsers

Use the following browsers to connect to ConsoleWorks :

l IE 11 or later

l Edge

l Firefox 57 or later

l Chrome 63 or later


Requirements Getting Started Guide

Recommended Hardware Configurations

ConsoleWorks is purpose-built to have a small footprint and operate with as little impact on systems aspossible. While ConsoleWorksworks efficiently onmore limited configurations, it is recommend thefollowing configurations or better for optimal performance.

Operating System Consoles* Capacity**

Windows Server 200 2x quad-core x86

3GHz

3GB RAM

1000 2x quad-core

3GHz

12GB RAM

Linux 200 2x quad-core

3GHz

4GB RAM

1000 2x quad-core

3GHz

12GB RAM

Solaris SPARC 200 1x UltraSPARC III

600MHz

2GB RAM

1000 2x UltraSPARC IV

1.2GHz

12GB RAM

*Maximum Console capacity: 5,000 consoles per ConsoleWorks invocation. Contact TDi Support for assistance con-figuring a high-efficiency workflow for managing more than 5,000 consoles.

**Disk capacity: Although ConsoleWorks does not need much operational disk space, it is recommends to configurea redundant storage solution to keep safe the data captured by ConsoleWorks.

Hardware Configuration Options



Getting Started: Quick StartLog inThe user must log in to ConsoleWorks to start a work session. The initial ConsoleWorks user isconsole_manager. The initial password isSetup. The password is case sensitive. Pop-up blockersmustbe off.

The ConsoleWorks User InterfaceConsoleWorks opens to a blankworkspace. Next time, if you close ConsoleWorkswith pages still open,it will open displaying those pages.

Managing WindowsWindows in ConsoleWorks contain pages for viewing, editing, and adding resource configurations. Thenumber ofWindows and pages allowed open are unrestricted. The user could find a situation with 10windowswith 3 pages each open on the workspace. To help quickly remove the clutter of unusedwindows, there are several options available on the iconmenu and with a right-click on the windowbutton bar (bottom of each window).

Tip: Menu also available by right-clicking on an empty spot in the workspace.

icon menu

Save All – Save any changes to pages in open windows.

Close All – Closes all open windows.

Close All But Active – Closes all windows except the window in focus (title bar is dark blue).

Bring a window to front – Select the window name on themenu.

Time Zone Selector

Click the Time Zone on the status bar (bottom of the page, center). For example, change UTC-06:00 toUTC-05:00. Consult your time zone reference for the appropriate UTC code.

Dashboard Selector

Right click the Dashboard selector in the top center of the ConsoleWorks page. A list of availableDashboard options shows. The options displayed depend on the User privileges configuration. Thisfeature requires a specific ConsoleWorks License.


Getting Started: Quick Start Getting Started Guide

Button Bar Menu

Save All – Save any changes to pages in open windows.

Close All – Closes all open windows.

Close All But Active – Closes all windows except the window in focus (title bar is dark blue).

Getting Started Guide Getting Started: Quick Start


Filtering Tables and Lists

When viewing tables or lists, use the Filter feature to narrow down visible records in a page.

Filter in two ways:

l By text in a column

l By a configurable script

Filter based on column text

Click . The filter fields open over the column headings.

Note: If only a refresh button is visible , the page cannot be filtered this page.

Choose a column to be filtered, and enter a name or partial name in a field over that column. The filtersare cumulative, filter bymore than one column.

Example: To see everything in a column that contains the number 2, enter a 2. To see everythingin that column that contains the number 2 and the letter B, enter 2B or b2. Neither entryorder nor letter casematters. When enter text, the list displays everything in the columnthat matches the entries.

For date entries, click . Select a date on the calendar.

Filter based on a configurable script

Click . A second row of filter fields open above the columnswith . Click .

The configurable filter script, <column> contains <anything>, displays over the column headings.

Configure the script to display only those items to see.

Click on the <column>, contains, or <anything> options and select the item added to the filter script inthe box. Configure the script from left to right, as each script element alters the options for the element toits right.

Successive filter scripts cannot have the same first two script elements. If they do, ConsoleWorks filtersaccording to the last (moving left to right) of the similarly configured filters.

For successive <column> contains <anything> filters, configuring the scripts as event containsWEFand event contains Console filters only for events with names containing Cons. On the other hand,event containsWEF and event does not contain Cons can be successive filter scripts. The items thatmatch the script’s criteria display.

To close the filter, click .



Window Controls

Control Description

Expand Extends window to the limits of the workspace.

If the Windows Overlap check box is clear, window sides extend until they encounter another window.

Contract Returns window to size it was prior to being expanded.

Minimize Shrinks window to a button and moves it to the bottom of the workspace.

Maximize Expands window to the limits of the workspace, and shrinks all other windows to buttons and moves themto the bottom of the workspace.

If you can’t see the buttons along the bottom of the workspace, use the window menu or right-click a clearworkspace to access the minimized windows.

Restore Resizes minimized or maximized window to its last non-minimized or non-maximized size*.

Restoring a maximized window also restores any windows minimized when the restored windowmaximized

* In a two-window layout, restoring a minimized window that was minimized when the other window wasmaximized causes the two windows to swap sizes: the minimized window is restored to maximum sizeand the maximized window is minimized.

Close Closes window.

Log in and Location Data

The icon at the top of the ConsoleWorksworkspace displays the following information:

l Date and time the current user most recently logged in prior to the current session.

l Failed log in count of the current user that have occurred since the last successful log in. Thiscount is cleared by the next successful log in.

l Whether the current log in differed from the last log in.

More about the User Interface

l Hover the cursor over amenu option or a window button to view a ToolTip.

l Right-clickmenu options, title bars, or a page to display amenuwith options specific to thatpage.

l Drag amenu option from themainmenu into an existing window or into an empty space inthe workspace to open a new window.

l Hover the cursor over the edge or corner of a window and a window handle () displays. Clickor drag it to resize the window.



Thoughts about Configuring ConsoleWorks

ConsoleWorks can be configured from several starting points and progress along different paths.However the following path is recommended:

l Decide which assets ConsoleWorks to watch, and then createConsoles for them.

l Decide what ConsoleWorkswatches for on these assets. Create events for incidents,messages, errors, and indicators. Group the events into scans, or load into ConsoleWorkspre-configured IEMs.

l Decide which events should be watched for on which consoles. Link them together soConsoleWorks canmonitor, manage, repair, and safeguard data from and about assets.

l Decide who should use ConsoleWorks. Create user accounts for them.

l Decide how much access to and control over managed assets and ConsoleWorks featuresand functions to allow. CreateProfiles that, when linked to a user, provide that user therights and privileges required.



Adding ConsolesA Console is an internal representation of an external system, application, device, information source,or other asset monitored andmanaged through ConsoleWorks. Everything to do with amanaged assetis accomplished through the Console.

To add a Console:

1. Navigate to CONSOLES > Add.

2. In theName field, enter a unique name for the Console.

3. Enter a nickname for the Console in theNickname field.

4. Enter a description of the Console in theDescription field.

5. In theConnector drop down, select a Connector type.

6. The Connection Details section opens.

7. Configure the Console connection details.

8. To ensure that only one user can connect to the Console with read/write capabilities (andothers only with read capabilities), select theExclusive Connect check box.

9. Complete the remaining connection details as appropriate.

10. ClickSave.

11. Click theConnect section.

A terminal emulation window openswith the specified connection enabled.

12. Click a connection type.

The connection types are described below.

Connection Description

Connect enables a READ/WRITE connection.

Monitor enables a READ-only connection.

Exclusive enables a READ/WRITE connection for you and a Read-Only connection for otherconnecting Users.

Controlled initiates a connection with restrictions on who can connect and controls on whatcommands others can/can’t use on the managed asset.

Remediate initiates a remediation session with a Read/Write connection, in which you can review pastremediation sessions, plus analyze, add, review, and revise best practices for dealing withthis and similar Events.


Adding Consoles Getting Started Guide

Getting Started Guide Adding Consoles



EventsAn Event is amessage or pattern of text that ConsoleWorkswatches for in the data streams ofmanaged assets.

Example: FATAL ERROR is a message from a system that is necessary to know about. Add toConsoleWorks the Event, FATAL ERROR. Further, add an Event that useswildcardsor regular expressions so that ConsoleWorks looks broadly for important patterns, suchas ERR*. (The asteriskmeans 0 to n characters in this position.)

By itself, an Event does not matter much to ConsoleWorks. Of course, ConsoleWorks captures itsoccurrence in the Console logs, giving a clear forensic trail of what happened and why; however,ConsoleWorks does not act upon an Event unless it is part of a watchlist, called aScan.

About Scans

The Scan is a list of Events that ConsoleWorks to look for while it parses the environment data streams.Scans can include other Scans, and ConsoleWorks looks for the Events from these nested Scanswhenrunning the top-level Scan.

About Intelligent Event Modules (IEMs)

The IEM is a ConsoleWorks file containing a collection of product-specific text patterns or messagesalready configured into ConsoleWorks Events. Each Event includes additional information, such as theproduct vendor explanation of themessage and recommended actions to fix a problem.

Add an Event from an IEM

1. On theADMIN: Server Management page, import the license for an IEM.

2. On theEVENTS: IEMs page, import the IEM.

3. On theEVENTS: Scans: Edit page, associate the IEMScanswith Consoles.


Events Getting Started Guide

Obtain and Install Licenses for IEMS

1. Before importing an IEM, install the license for that IEM.

Obtain a license key fromSales ([email protected]). Save it to an accessibledirectory on the ConsoleWorks server.

2. Open the Licenses pageADMIN > Server Management > Licenses.

3. The Licenses page opens.

4. ClickBrowse.

5. Locate and select the license file.

6. The path to the license key is in the License field.

7. Wait for the to turn into .

8. Click Import.

9. The license is loaded into ConsoleWorks.

If ConsoleWorks requires registration, follow the registration instructions in theConsoleWorksOnline Help (search: registration). Press F1.

Import an IEM

1. Open the Import IEM page.

2. On themainmenu, selectEVENTS > IEMs.

The Import IEM page displays.

3. In the IEM field, enter the path to the IEM file.

The path to the IEM is in the IEM field.

4. Wait for the to turn into . It can take a few moments.

5. Click Import IEM.

The Scans in the IEM are loaded into ConsoleWorks (though your server might take severalmoments to do it).

6. Review the Scans on theView Scans page.

7. On themainmenu, clickEVENTS > Scans > View.

The imported Scans display.

Getting Started Guide Events


Link Scans to Consoles

This procedure focuses on theMaster Scan because linking this Scan type is the easiest way to ensurefull coverage of your systems’ messages. This procedure can also be used to link any Scan to anyConsole.

TheMaster Scan references all the other Scans in the IEM.When you link thisMaster Scan to aConsole, you’re specifying that ConsoleWorks Scans the data stream of the represented asset forevery Event in the IEM.

1. On themainmenu, selectEVENTS > Scans > View.

TheView Scans page displays.

2. Select a Scan with the description,Master Scan.

3. ClickEdit.

The Edit <scan_name> page opens.

4. SelectCONSOLES.

5. ClickAdd.

TheAddConsoles selector opens.

6. Specify the Consoleswatched for the pattern in the selected Scan.

7. In theConsole column, select the a Console or Consoles.

8. Click >.

The selected Consoles are in theSelected Consoles column.

9. ClickOK.

10. ClickSave.

ConsoleWorks begins to Scan the data streams of the Consoles.


Events Getting Started Guide

Getting Started Guide Events



UsersAdding UsersTheUser account enables accessConsoleWorks. It requires a username and a password.

Default UserConsoleWorks comes equipped with one user account: CONSOLE_MANAGER. This account is a fullyprivileged administrator account, equivalent to root (UNIX) and administrator (Windows).

Tip: For the initial login to ConsoleWorks, use the User/Password pair,CONSOLE_MANAGER/Setup.

Add a User1. On theUSERS: Add page enter a unique name in theName field. On the same page, enter

a password in thePassword field.

2. In theName field, enter a unique name for the User account.

A name can contain up to 31 characters (A–Z, a–z, 0–9, and hyphens). Other characters,unless they have letter equivalents, appear as underscores. All letters appear in uppercaseafter clickingSave.

Example: The nameDheoLCTK-A appears asD_E_L_T_-A.

Note: A password can contain up to 63 characters andmust meet theminimumpassword requirements, found in the current page’s Password Rules sectionand on the SECURITY: Password Rules page.

3. Now that a User is added, a Profile needs to be associated with the User.


Users Getting Started Guide

Getting Started Guide Users



About ProfilesA Profile is a collection of Privileges. User account is associated with Profile that contains appropriateaccess Privileges and capabilities to operate within ConsoleWorks.

Associating Users and Profiles allows specified Users access to Profiles and Privileges so the User caninteract with assets, investigate and remedy events, or build a knowledge base fromConsole logs. Bymanaging themix of Privileges and Users among different Profiles, the administrator can control whatUsers can view and do in ConsoleWorks.

ConsoleWorks contains pre-configured collections of privileges. Each collection has a Tag.Whenassociating a Profile with a Tag, the Profile assumes the Tag's privileges.

More than one Profile can have similar permissions on the sameConsole. In this respect, theadministrator can ensure the selected Profiles are appropriate. The administrator can also clearinappropriate Profiles associated with Console Privileges.

ConsoleWorks has two built in default Profiles:

l CONSOLE_MANAGER – this is linked by default to the ADMIN_CONTROL_ACCESS Tagand to the default User, CONSOLE_MANAGER.

l DEFAULT – this has no pre-set configuration. The pre-configured collections containADMIN_ACCESS andCONSOLE_ACCESS Tags.

About ADMIN_ACCESS PrivilegesADMIN_ACCESS Tags provide system-level privileges that control an associated Profile’s interactionwith ConsoleWorks aswell as with Consoles, Events, Groups, Profiles, Scans, Severities, and Users.

ADMIN_ACCESS privileges control higher-level, administrative capabilities that enable an associatedUser to manage ConsoleWorks elements aswell as administer to the ConsoleWorks server.

To give a User these system-wide capabilities, link a Profile to the ADMIN_XXX_ACCESS Tags thatcomewith ConsoleWorks. Then, link the Profile to the User.

About CONSOLE_ACCESS PrivilegesCONSOLE_ACCESS Tags provide Console-level privileges that control an associated Profileinteraction with specific Consoles.

CONSOLE_ACCESS privileges control Console-specific access and actions by an associated User.While ConsoleWorks enables you to design a privilegemodel specific to your site’s needs,ConsoleWorks also providesCONSOLE_ACCESS privileges pre-configured into CONSOLE_XXX_ACCESS Tags for your convenience.

To give a User capabilities that focus on specific Consoles, link the Profile to one of the following Tags,then, link the Profile to the User:

l CONSOLE_CONTROL_ACCESSl CONSOLE_WRITE_ACCESS


About Profiles Getting Started Guide

l CONSOLE_ACK_ACCESSl CONSOLE_READ_ACCESS

TAG CAPABILITY*

ADMIN_VIEW_ACCESS View list and configuration data for all ConsoleWorks elements.

ADMIN_MODIFY_ACCESS All of ADMIN_VIEW_ACCESS's capabilities, plus:

Change configuration data for all ConsoleWorks elements.

ADMIN_CREATE_ACCESS All of ADMIN_MODIFY_ACCESS's capabilities, plus:

Add and remove all ConsoleWorks elements.

ADMIN_CONTROL_ACCESS All of ADMIN_CREATE_ACCESS's capabilities, plus:

Access to all normal operational, management, and securityfunctionality, including:

Configure and run reports.

View, acknowledge, and purge Events.

Import IEMs.

Back up the configuration database and restore configurationdatabase backups.

Register ConsoleWorks.

Send protected characters.

End all connections, including Exclusive Connects.

Configure the ConsoleWorks server, IP filters, externalauthentications, virtual machines’ serial ports, default Userpreferences, and other Users' passwords.

ADMIN_ARCH_ACCESS All of ADMIN_CONTROL_ACCESS's capabilities, plus:

Unlock locked Consoles.

Configure special server settings, such as IOQ and maximumthreading levels, display full Console names in logs, and delayConsole starts.

View host's system files.

Clear customized User preferences from the system defaults.

* These capabilities are presented in their default configuration. You can change the Tags to convey any privilegesavailable to you. For information on adding or removing privileges from Tags, see the ConsoleWorks Help (search:access rules).

Types of ADMIN_ACCESS Tags

Getting Started Guide About Profiles


Practice: Profiles and PrivilegesLink a Profile to a User

1. On themainmenu, select USERS > Profiles > Edit .

2. Click the Find Name button (...).

3. Click the Profile to link to a User.

4. ClickUSERS, then clickAdd.

5. Grant the privileges to the Users available in the current Profile.

6. In the User column, select theUsers, and click >.

7. ClickOK.

8. ClickSave.

Add a Profile and give it ADMIN_ACCESS privileges

1. On the USERS: Profiles: Add window Name field, enter a name for the Profile.

2. Select the TAGS section.

3. ClickAdd.

4. Specify the Tags linked to the Profile.

5. In the Tag column , select the appropriate Tags.

6. Click >.

7. ClickOK.

8. ClickSave.

The Profile now has the privilegeswith the selected Tags.


Practice: Profiles and Privileges Getting Started Guide

Add a Profile and give it CONSOLE_ACCESS privileges

1. To complete this task, link the Tag to the target Console and then link the Tag to a Profile.

2. In the USERS: Profiles: Add window Name field, enter a name for the Profile

3. Open theSECURITY: Tags: Add page.

4. Click (...).

5. Select the Tag that grants the capabilities to give the Profile for working with Consoles.

6. ClickCONSOLES > Add.

7. In the Available Consoles column, select the Consoles, and click >.

8. ClickOK.

9. ClickPROFILES.

10. ClickAdd.

11. In the Add Profiles window, specify the Profiles linked to the Tag.

12. In the Available Profiles column, select the Profiles, and click >.

13. ClickOK.

14. ClickSave.

Getting Started Guide Practice: Profiles and Privileges


Console ConnectorsA Console’s connection is its privilege-controlled access to its associated privilegedmanagement porton a networked or serial-cable-connected asset. A connect session is the period during whichConsoleWorks is connected to this port. ConsoleWorks records everything communicated during thisconnect session and sends it to the associated Console’s logs.

A Console’s connector is themethod or protocols used to connect ConsoleWorks to a flow ofinformation from amanaged asset.

Directory of ConnectorsThis section contains information about different connector types:What they are, how theywork, andwhen they should be used.


Console Connectors Getting Started Guide

Connector Description

Chained Used in linking consoles. Allow the easy configuration and use of jump points that require some on-demand configuration and then continue through the next jump point until reaching the final target.

ChainedSessions

CHAINEDMS console connector type is one of the few multi-session console types that allow it. Any con-sole that is marked for exclusive and is in use will ripple through CHAINEDMS children and mark themlocked and unavailable.

ESX Host Allows running commands through the service console management interface to manage a host on aVMware vCenter™ server.

ESX Log Enables scanning for events in the logs of VMware ESX™ or vCenter servers.

ESX Server Enables capturing management information from and actions performed by the VMware ESX™ hyper-visor.

ESX VirtualMachine

Enables monitoring and managing of VMware ESX™ virtual machines.

Failover Allows two independent ConsoleWorks invocations simultaneously connected to each managed con-sole in the environment. The secondary invocation continues to function if the primary fails.

File Monitor Monitors a file selected from the Connection Details > Monitored File drop down. Monitor source filescan be added to the <invo>/Config/filemon.conf file.

InterServer Enables monitoring consoles and managing events simultaneously on multiple local andremote ConsoleWorks invocations from a single ConsoleWorks server, operating as in a hierarchy

IPMI SOL Enables ConsoleWorks to connect to and manage assets that support IPMI (v2.0 or later), such as theDRAC and iLO.

Port For-ward Fron-tend

Allows a remote port to be forwarded to a proxy client to allow local applications to connect to a consolewith CWTprox connector associated. rather than the remote target.

PowerShell Establishes a local or remote connection to a system hosting a Windows Event Forwarder and run Win-dows PowerShell®. The PowerShell output is forwarded to the ConsoleWorks server, where it can bemanaged through the PowerShell console.

Pseudo Establishes a connection, such as SSH, to a managed asset by running a pre-defined executable, com-mand, or procedure that starts as soon as it connects.

Pseudo OnDemand

Establishes a connection, such as SSH, to a managed asset by running a pre-defined executable, com-mand, or procedure that starts as soon as connected, then ends after disconnection.

RemotePowerShell

Allows a console connection for forwarding events from a Windows Remote PowerShell connection toConsoleWorks.

RemoteWindowsEvent For-

Allows a console connection for forwarding events from a Windows RDP connection to ConsoleWorks.

Table 17 - 1. Console Connectors

Getting Started Guide Directory of Connectors



warder

Serial Port Administrator can manage an asset through a serial cable connection from the serial port onthe ConsoleWorks server to the serial port of the managed asset.

SNMP TrapReceiver

Enables ConsoleWorks to receive unsolicited SNMP traps. It supports version 1 and version 2c and ver-sion 3 traps.

SSH OnDemandwith Pass-word

Establishes an SSH connection by passing a username-password pair to the target of the connectionand to end the connection automatically as soon as disconnected.

SSH OnDemandwith PublicKey

Establishes an SSH connection by passing the public key of the public/private key pair to the target ofthe connection and to end the connection automatically, as soon as disconnected. Used when a publickey is already created and in place.

SSH Ses-sion withPassword

Establishes multiple independent SSH connections to the same asset by passing a username-pass-word pair to the target of the connection. Previous user connections are not visible in the terminal win-dow.

SSH Ses-sion withPublic Key

Establishes multiple independent SSH connections to the same asset by passing the public key of thepublic/private key pair to the target of the connection.Used when a public key is already created and inplace. Previous user connections are not visible in the terminal window.

SSH withPassword

Establishes a persistent SSH connection by passing a username-password pair to the target of the con-nection.

SSH withPublic Key

Establishes a persistent SSH connection by passing the public key of the public/private key pair to thetarget of the connection. Used when a public key is already created and in place.

SyslogListener

Receives and manages data from an information source that supports syslog error reporting. Becausesyslog is a one-way protocol, this connector type can use an associated console as a return commandpath back to the syslog system or device, allowing direct device management.

Telnet Connects through an existing TCP/IP network to managed systems or devices that support TCP/IP net-work requests.

Telnet OnDemand

Enables connection through an existing TCP/IP network to managed systems or devices that supportTCP/IP network requests.

Telnet Ses-sion

Establishes multiple independent connections through an existing TCP/IP network to the same man-aged systems or devices that support TCP/IP network requests.

Web For-ward

Console connector allows HTTP requests to be forwarded from ConsoleWorks.

WindowsEvent For-

A tool kit that enables the ConsoleWorks server to monitor and manage Windows Vista (and later) andWindows Server 2008 (and later) systems through a secured channel without using a serial port con-



Directory of Connectors Getting Started Guide


warder(WEF)

sole.

WMI Poller Polls the WMI/CIM data from remote or local Windows systems. (requires Microsoft .NET.)

Xen Host Manages, through an SSH connection, a Citrix Xen hypervisor that's a member of a Xen pool (a clusterof at least two Xen hypervisors).

Xen Pool Monitors and manages clustered (pooled) Citrix Xen-enabled servers and virtual machines.

Xen SourceServer

Captures management information from and actions performed by the Xen open source hypervisor.

Xen SourceVirtualMachine

Monitors and manages Xen open source virtual machines.

Xen VirtualMachine

Monitors and manages Citrix Xen virtual machines.


Getting Started Guide Directory of Connectors


Configuring ConnectorsIf you cannot add or configure a connector, review your Profile’s configuration for the Add privilege forthe Console component.

Tip: Some pre-configured Tags, such asCONSOLE_ACCESS_CONTROL , ADMIN_MODIFY_ACCESS, and ADMIN_CONTROL_ACCESS, already contain the addprivilege for Consoles.

Also, if a connector enter is not available, ensure that its license key is installed on the ConsoleWorksserver by reviewing the Licenses page.

ESX Host

1. Ensure that anESX Server Console already exists prior to creating anESX Host connector.

2. On theConnector drop down, selectESX Host.

TheConnection Details section opens, displaying the ESX Host connector configuration.

3. To designate the current console as the secondary console in a failover configuration, selectEnable Failover; otherwise, ignore this check box.

4. To designate the current console as the secondary console in a failover configuration, selectEnable Failover; otherwise, ignore this check box.

5. On theHypervisor drop down, select theESX Server Console of the hypervisor tomanage.

6. On theHost drop down, select a hypervisor to manage.

Information about the selected host displays.

7. ClickSave.


Configuring Connectors Getting Started Guide

ESX Log

Configure a new ESX Log connector

1. On theConnector drop down, selectESX Log.

TheConnection Details section opens, displaying theESX Log connector configuration.

2. On theHypervisor drop down, select the hypervisor with the logs that to monitor throughthe Console.

3. On the Log File drop down, select the server log tomonitor for Events.

Information about the selected log displays.

Note: Most of this information in the log is also available in the columns on the ViewHypervisors page.

4. ClickSave.

Getting Started Guide Configuring Connectors


ESX Server

Configure a new ESX Server connector

1. On theConnector drop down, selectESX Server.

TheConnection Details section opens, displaying the ESX Server connector configuration.

2. In theHypervisor IP field, enter the hypervisor IP address or domain name, not casesensitive.

3. In thePort field, enter the hypervisor IP port number.

4. In theUsername field, enter the username for the root account hypervisor on step 2.

5. In thePassword field, enter the password for the specified User account. Letter case isimportant.

6. In theRetype Password field, enter the password again.

Specify automatic configuration for virtual machines on the hypervisor.

l To have ConsoleWorks configure a Console for each of the current and future virtualmachines, select theAutomatically create Consoles for new Virtual Machinescheck box.

l To have a serial port configured on the hypervisor for each of the current and futurevirtual machines, select theAutomatically configure Serial for new VirtualMachines check box.

l To have Consoles configured for vCenter logs, select theAutomatically createConsoles for Logs check box.

l To have all changes, such as configurations, properties, or operational states, to anyvirtual machine recorded, select the Log all Virtual Machinechanges check box.

7. ClickSave.



ESX Virtual Machine

Configure a new ESX Virtual Machine connector

1. On theConnector drop down, selectESX Virtual Machine.

TheConnection Details section opens, displaying theESX Virtual Machine connectorconfiguration.

2. To designate the current Console as the secondary Console in a Failover configuration,selectEnable Failover; otherwise, ignore this check box.

3. To ensure only one User at a time has a read/write connection, select theExclusiveConnect check box.

4. On theHypervisor drop down, select the hypervisor that manages the virtual machine tomanage through the Console.

5. On theVirtual Machine drop down, select a virtual machine tomanage.

Information about the selected virtual machine displays. Most of this information is alsoavailable in the columns on the View Hypervisors page.

6. ClickSave.



Failover Connector Configuration

About Failover Connectors

Before starting – ensure that your site meets the following Failover connector requirements:

Two functioning, non-Failover, Console connectors configured and connectable to themanaged asset,one Console per invocation. These Consoles are thePrimary Console and theSecondary Console.

Primary Consoles or Secondary Consoles connector types

l ESX Hostl ESX Virtual Machinel LAT Portl LAT Servicel Pseudol SSH with Passwordl SSH with Public Keyl Telnetl XenHostl Xen Source Virtual Machinel Xen Virtual Machine

Note: The two independent ConsoleWorks invocations do not share a server with themanagedasset. Host the two invocations on separate ConsoleWorks servers. This separationensures uninterrupted operation in case of server loss.

Basic Configuration Overview

To configure a new Failover configuration:

l Designate thePrimary andSecondary servers.

l Review theCONWRKS logs.

l Configure the Failover Primary andSecondary connectors (Consoles).

l Enable Failover for theSecondary Console.



Failover Configuration Procedures

Part 1: Designate the Primary and Secondary Servers

1. Log in to ConsoleWorks on the server to be the Failover configurationPrimary server.

2. Navigate toADMIN > Server Management > Configuration >ConfigureConsoleWorks Server.

3. ClickFAILOVER.

4. From theServer Role drop down, selectPrimary.

The fields labeledPrimary XXX are changed toSecondary XXX.

5. If anSSL check box is displayed, complete one of the following tasks:

SSL Tasks

l To enable encrypted communication between the servers, selectSSL checkbox.

l To enable unencrypted communication between the servers, clear theSSLcheck box.

l In theSecondary Identifier field, enter the number displayed as theFailover Identifier on theSecondary Server (located on that serverConfigureConsoleWorks Server page).

Tip: Record the Failover Identifier number displayed for the currentserver. It will be needed in a later step"Configuring Connectors "on page 45

6. In theSecondary Host field, enter the IP address or domain name of the server designatedas the secondary server in this Failover configuration.

7. In theSecondary Port field, enter the IP port number of the secondary server.

8. In theSecondary Username field, enter the name of a ConsoleWorksUser account.

Note: Ensure this account is valid and has administrative privileges on the secondaryserver.

9. In theSecondary Password field, enter a password for the User account.

10. ClickSave.

11. On the confirmation field, clickYes.



12. ClickOK on the log in notificationmessage.

The Primary Server is configured.

13. Configure theSecondary Server.

Repeat step 1 through step 11 on the other ConsoleWorks server to be the secondaryserver in the Failover configuration.

Part 2. Review the CONWRKS Logs

1. Navigate to LOGS > Active.

2. On theConsole drop down, selectCONWRKS.

TheCONWRKS logs display.

3. Review theMessage column for entries prefaced byFAILOVER: State:.

4. If themost recent log entry displaysFAILOVER: State: communication link UP, continuecreating the Failover configuration. If any other message, review the entries and resolve theissue.



Part 3. Configure the Failover Connectors

Before starting:

1. Log in to ConsoleWorks.

2. Ensure that each invocation in the Failover configuration has a non-Failover connection tothemanaged asset. Review the list of Consoles on the View Consoles page.

3. Perform the following two sets of steps on each of the two invocations belonging to theFailover configuration.

Configure the Primary Server Console

1. Navigate toCONSOLES > Add page.

2. From theConnector drop down, select Failover.

TheConnection Details section opens, displaying the Failover connector configuration.

3. To enable encryption between the two ConsoleWorks servers, select theEncryptConnection check box.

Note: Both serversmust have SSL licenses loaded to enable theEncrypt Connectioncheck box. If one server lacks an SSL license, the field displaysUnavailable.

4. In thePrimary Console section, configure thePrimary Console.

5. In theConsoleWorks Host field, enter the IP address or domain name of the serverhosting the primary Console, not case sensitive.

6. In theConsole Port field, enter the IP port number of the invocation hosting the primaryConsole.

The default port is 5176.

7. In theConsole Name field, enter the name of thePrimary Console exactly as it displays onits local invocation. Do not use wildcards.

8. In theUsername field, enter the name of a ConsoleWorksUser account.

Note: Ensure that the User account is valid on the invocation hosting the PrimaryConsole. Also ensure that the account has only one Profile associated to it andthat this Profile haswrite privileges on the Primary Console.

9. In thePassword field, enter a password for the User account ( case sensitive).


11. ClickSave.



Configure the Secondary Server Console

1. In theSecondary Console section, configure the secondary Console.

2. In theConsoleWorks Host field, enter the IP address or domain name of the serverhosting the secondary Console, not case sensitive.

3. In theConsole Port field, enter the IP port number of the invocation hosting the secondaryConsole.

The default port is 5176.

4. In theConsole Name field, enter the name of theSecondary Console exactly as it displayson its local invocation. Do not use wildcards.


Note: Ensure that this account is valid on the invocation hosting the secondaryConsole. Also ensure that the account has only one Profile associated to it andthat this Profile haswrite privileges on the secondary Console.

6. In thePassword field, enter the password for the User account (case sensitive).


8. ClickSave.

Part 4. Enable Failover for the Secondary Console Connector

1. Navigate toCONSOLES > Add.

2. Click .

A list of Consoles display.

3. Select the Console designated as the secondary Console.

The selected Console and its configuration display.

4. SelectConnection Details.

5. ClickEnable Failover.

6. ClickSave.



InterServer: configure a new InterServer connector

WARNING: Do not configure an InterServer connector to monitor itself.

1. On theConnector drop down, select InterServer.

TheConnection Details section opens, displaying the InterServer connector configuration.

2. (optional) To enable encryption between the two ConsoleWorks servers, select theEncryptConnection check box.

Note: Both serversmust have SSL licenses loaded to enable theEncrypt Connectioncheck box. If one server lacks an SSL license, the field displaysUnavailable.

3. In the Target Console section, identify themonitored Console.

4. In theConsoleWorks Host field, enter the IP address or domain name of the serverhosting themonitored Console.

5. In theConsoleWorks Port field, enter the IP port number of the server hosting themonitored Console. The default port is 5176.

6. In theConsole Name field, enter the name of themonitored Console exactly as it displayson its local host.

Do not use wildcards.


Note: Ensure that this account is valid on the server hosting theMonitored Console,that it has only one profile associated to it, and that this profile haswritecapabilities on theMonitored Console. snip-note-userAndprofile

8. In thePassword field, enter the password for the User account


10. ClickSave.

Tip: Because themonitored Console automatically uses the privileges associated with the Useraccount, enter an account reserved forRemote Console AccessOnly. Include in theDescription field some content along the lines of “This Console is to be used remotelythrough ConsoleWorks<invocation_name>.”



Tip: If the InterServer connector monitors a Console on another invocation, the InterServerdoes not display on that invocationCONSOLES: View page. As a result, Users on either ofthe invocations could simultaneously try to connect to the samemanaged Console,producing undesirable results. Configure themonitored Console asHidden and useProfiles to limit access to essential personnel.

Tip: To use an InterServer connector to monitor a Console located on a separate SSL-enabledinvocation, ensure that the InterServer ConsoleWorks server has an SSL license and avalid SSLCertificate.

PowerShell

Configure a new PowerShell connector

Note: ThePowerShell connector is used in conjunction with theWindowsEvent Forwarder(WEF) configuration.

1. On theConnector drop down, selectPowerShell.

TheConnection Details section opens, displaying thePowerShell connector configuration.

2. In theHost IP field, enter the IP address or domain name of the target (typically, themanaged asset that hosts aWEF server).

3. In thePort field, enter the port number of the target.

4. In theShared Secret field, enter the password or phrase that is shared betweenConsoleWorks and theWEF server on themanaged asset to validate identities and initiatethe secure connection.

5. In theRetype Shared Secret field, enter the shared secret again.

6. ClickSave.



Pseudo

Configure a new Pseudo connector

1. From theConnector drop down, selectPseudo.

TheConnection Details section opens, displaying thePseudo connector configuration.

2. If needed, designate the current Console as theSecondary Console in a Failoverconfiguration, by selectingEnable Failover.

3. Click theApplication drop down and review the files. If no file is acceptable, create one.

4. (optional) In theUsername field, enter a User name.

5. (optional) In theUser Password field, enter a password.


7. From the Application drop down, select a command, procedure, or executable that providesthe output thePseudo connector to log as input from aConsole.

8. ClickSave.

Pseudo On Demand

Configure a new PseudoOnDemand connector

1. From theConnector drop down, selectPseudo On Demand.

TheConnection Details section opens, displaying thePseudoOnDemand connectorconfiguration.

2. Click theApplication drop down and review the files.

If no file is acceptable, create one.

3. (optional) In theUsername field, enter a User name.

4. (optional) In theUser Password field, enter a password.


6. From theApplication drop down, select the command, procedure, or executable thatprovides the output thePseudoOnDemand connector to log as input from aConsole.

7. ConsoleWorks can break the connection automatically after the last User disconnects fromthemanaged asset by selecting theAuto-Disconnect check box.

8. ClickSave.



Serial Port

Configure a new Serial Port connector

1. From theConnector drop down, selectSerial Port.

TheConnection Details section opens, displaying theSerial Port connector configuration.

2. To ensure only one user at a time has a read/write connection, select theExclusiveConnect check box.

3. In the Terminal Device field, enter the name of the terminal device connected to themanaged asset.

4. ClickSave.

SNMP Trap Receiver

Configure an SNMP Trap Receiver

Note: SNMP version 3 (aka v3) does not encode an Agent IP. It encodes the authenticationconfiguration of the SNMP v3User (akaV3User). ConsoleWorkswatches for thisconfiguration and directs incoming traps containing it to the Console.

1. From theConnector drop down, selectSNMP Trap Receiver.

TheConnection Details section opens, displaying theSNMP Trap Receiver connectorconfiguration.

2. Select theCatch All check box.

3. ClickSave.

(SNMP versions: 1, 2c, 3)

Configure a new SNMP Trap Receiver connector



2. From theSNMP Version drop down, selectAll.

3. In theSource IP field, enter the IP address for ConsoleWorks tomonitor.

4. ClickSave.



SNMP versions: 1, 2c


Note: Use an SNMP version-specific configuration when to differentiate between SNMP version1/version 2c traps and version 3 traps coming from the same source, especially if thatsource is a centralized forwarder.

1. From the Connector drop down, selectSNMP Trap Receiver.


2. From the SNMP Version drop down, select v1/2.

3. Complete one or more of the following tasks:

4. In theSource IP field, enter the IP address of the trap sender.

5. TheAgent IP field becomes optional.

6. In theAgent IP field, enter the address that is embedded in the trap for the Console toreceive.

Note: This IP can differ from the source Agent IP if another machine has passed alongthemessage.

TheSource IP field becomes optional.

7. ClickSave.



SNMP version: 3


1. Use an SNMP version-specific configuration to differentiate between SNMP version1/version 2c traps and version 3 traps coming from the same source, specially if that sourceis a centralized forwarder.



3. From the SNMP Version drop down, select v3.

TheV3User field displays.

4. Complete one or more of the following tasks:

l In theSource IP field, enter the IP address of the trap sender.l TheV3User field becomes optional.l In theV3 User field, enter the SNMP version 3 User that is embedded in the trap that theConsole to receive.

5. TheSource IP field becomes optional.

6. ClickSave.



SSH On Demand with Password

Configure a new SSH OnDemandwithPassword connector.

1. From theConnector drop down, selectSSH On Demand with Password.

TheConnection Details section opens, displaying theSSH OnDemandwith Passwordconnector configuration.


3. In theHost IP field, enter the IP address or domain name of the connection target.

4. In thePort field, enter the port number of the connection target.

5. In theUsername field, enter the name of a User that has authorization to connect to thetarget connection.

6. In thePassword field, enter the password for the specified User, case sensitive.


(optional) Configure the connection details.

Field Definitions

Auto-Disconnect

Automatically ends the console connection to the target after the last user disconnectsfrom the connection target.

Clear Removes the host server fingerprint from ConsoleWorks.

Command Specifies the one-line executable, command, or procedure that runs after the SSHconnection to the target has completed. Its input and output can be managed throughthe console.

Disable onFingerprintChange

Automatically disables the console when ConsoleWorks detects that the managedserver is no longer providing the currently authorized fingerprint.

Fingerprint Identifies the pubic key from the managed server. The fingerprint displays after theconsole has been created. It should match the fingerprint on the server.

Min. ConnectInterval

Specifies the minimum number of seconds ConsoleWorks to wait before trying toreestablish an unexpectedly stopped (lost comm) connection or retrying a connectionthat failed on its initial attempt.

ChangeAuthentication

Enables changing the authentication method and credentials for connecting to the hostserver.

Field Definitions

8. ClickSave.



SSH On Demand with Public Key

Tip: Before configuring this connector enter, review the SSH Keys page (ADMIN > ServerManagement > SSH Keys) to ensure that ConsoleWorks contains the public key. Seeabout importing keys

Configure a new SSH On Demand with Public Key connector

1. From theConnector drop down, selectSSH On Demand with Public Key.

TheConnection Details section opens, displaying theSSH OnDemandwith Public Keyconnector configuration.


3. In theHost IP field, enter the IP address or DNS name of the target of the connection.


5. From theKey drop down, select the public key to use to authenticate and enableconnections to themanaged asset.

Tip: Key names are case-sensitive.



6. (optional) Configure the rest of the connection details.

Field Definitions

Auto-Disconnect

Automatically ends the console connection to the target after the last user disconnectsfrom the connection target.








Password If the SSH key was imported, then enter the passphrase that ConsoleWorks uses toaccess the SSH keys, enabling the keys to be presented to the asset and, if accepted,initiate the connection.

If ConsoleWorks generated the SSH key, then leave the Password field blank.

RetypePassword

Enter the Password again.

Username Specifies the user authorized to for target connection .


Enables you to change the authentication method and credentials for connecting to thehost server.

Field Definitions

7. ClickSave.



SSH Session with Password

Configure a new SSH Session with Password connector

1. From theConnector drop down, selectSSH Session with Password.

TheConnection Details section opens, displaying the SSH Session with Passwordconnector configuration.


3. In theHost IP field, enter the IP address or domain name of the target of the connection.


5. In theUsername field, enter the name of a User that has authorization to connect to thetarget connection.

6. In thePassword field, enter the password for the specified User account, case sensitive.



Field Definitions










Table 1. Field Definitions

9. ClickSave.



SSH Session with Public Key

Tip: Before configuring this connector enter, review the SSH Keys page (ADMIN > ServerManagement > SSH Keys) to ensure that ConsoleWorks contains the public key.

Configure a new SSH Session with Public Key connector

1. From theConnector drop down, selectSSH Session with Public Key.

TheConnection Details section opens, displaying theSSH Session with Public Keyconnector configuration.



4. From theKey drop down, select the public key to use to authenticate and enableconnections to themanaged asset, case sensitive.




Field Definitions










RetypePassword






6. ClickSave.



SSH with Password

Configure a new SSH with Password connector

1. From theConnector drop down, selectSSH with Password.

TheConnection Details section opens, displaying theSSH with Password connectorconfiguration.

Note: To designate the current console as the secondary console in a failoverconfiguration, selectEnable Failover



4. In theUsername field, enter a User authorized to connect to the connection target.

5. In thePassword field, enter the password for the specified User, case sensitive.



Field Definitions











8. ClickSave.



SSH with Public Key

Tip: Before configuring this connector enter, review the SSH Keys page (ADMIN > ServerManagement > SSH Keys) to ensure ConsoleWorks contains the public key.

Configure a new SSH with Public Key connector

1. From theConnector drop down, selectSSH with Public Key.

TheConnection Details section opens, displaying theSSH with Public Key connectorconfiguration.




4. From theKey drop down, select the public key to use to authenticate and enableconnections to themanaged asset, case sensitive.




Field Definitions










RetypePassword






6. ClickSave.



Syslog Listener

Configure a new Syslog Listener connector that capturesmessages from a specific IP address.

1. From theConnector drop down, selectSyslog Listener.

TheConnection Details section opens, displaying theSyslog Listener connectorconfiguration.

2. In theRemote Host field, enter the IP address or domain name of the device sendingsyslogmessages to ConsoleWorks.

3. In thePort field, enter the port that ConsoleWorks uses to receivemessages from thedevice identified in theRemote Host field.

Note: This port can be shared amongSyslog Listeners. The typicalSyslog Listenerconnector uses port 514.


Field Definition

AssociatedConsole

Specifies the Console used to manage the device (a return command path to theSyslog device).

Add PacketTermination

Automatically adds carriage-return and line-feed characters to terminate a Syslogpacket, if a packet lacks terminating characters.

Field Definitions

5. ClickSave.



Syslog Listener Catch All

Configure a new Syslog Listener Catch All connector

1. On theConnector drop down, selectSyslog Listener.

TheConnection Details section opens, displaying theSyslog Listener connectorconfiguration.

2. Select theCatch All check box.

3. In thePort field, enter the port that ConsoleWorks uses to receivemessages.

Note: This port can be shared amongSyslog Listeners. The typicalSyslog Listenerconnector uses port 514.


Field Definition

AssociatedConsole

Specifies the Console used to manage the device (a return command path to theSyslog device).

Add PacketTermination

Automatically adds carriage-return and line-feed characters to terminate a Syslogpacket, if a packet lacks terminating characters.

Field Definitions

5. ClickSave.



Telnet

Configure a new Telnet connector

1. From theConnector drop down, select Telnet.

TheConnection Details section opens, displaying the Telnet connector configuration.



3. In theHost IP field, enter the IP address or domain name of the connection target (typically,themanaged asset).


5. To disable Telnet option negotiations, select theRaw Data check box.

Note: Disable Telnet option negotiations for devices, such as air handlers, that sendserial data without any negotiations.

6. ClickSave.

Tip: For connections going through a terminal server to the asset, aRecord NotFound error can occur. In this case, reconfigure the connector to use the IPaddress of the terminal server.



Telnet On Demand

Configure a new Telnet OnDemand connector

1. From theConnector drop down, select Telnet On Demand.

TheConnection Details section opens, displaying the Telnet OnDemand connectorconfiguration.



4. In thePort field, enter the port number of themanaged asset.


See Field Definitions

Field Definition

Auto-Disconnect

Automatically ends the connection after the last User disconnects from the managed asset.

Send FirstCharacter

Automatically sends the first character when connecting through a Telnet On Demandconnector.

Note: This first character, when sent prior to the completion ofTelnet negotiations,can prevent certain connections, such as those to a Brocade® Fibre OSswitch. In these cases, clear the check box.

Raw Data Disables Telnet option negotiations.

Tip: Disable Telnet option negotiations for devices, such as air handlers, that send serial datawithout any negotiations.


6. ClickSave.




Telnet Session

Configure a new Telnet Session connector

1. From theConnector drop down, select Telnet Session.

TheConnection Details section opens, displaying the Telnet Session connectorconfiguration.



4. To disable Telnet option negotiations, select theRaw Data check box.

Tip: Disable Telnet option negotiations for devices, such as air handlers, that sendserial data without any negotiations.

5. ClickSave.




Windows Event Forwarder

Before Starting

l Obtain theWEF installer from theWindowsEvent Forwarder page in ConsoleWorks.l Install and configure theWEF server on the systems beingmonitored.l An SSL certificatemust be on the ConsoleWorks server.l See theWEF Start-UpGuide.

Configure a newWindowsEvent Forwarder connector

1. From theConnector drop down, selectWindows Event Forwarder.

TheConnection Details section opens, displaying theWindowsEvent Forwarder connectorconfiguration.

2. In theHost IP field, enter the IP address or domain name of the connection target.


4. In theShared Secret field, enter the password or phrase that is shared betweenConsoleWorks and theWEF server on themanaged asset to validate identities and initiatethe secure connection.

5. In theRetype Shared Secret field, enter the shared secret again.

6. ClickSave.

7. On the CONSOLES: Edit page, clickConfigure WEF.

TheWEFConfiguration field opens.

8. Specify the event logs to bemonitored.

9. Click theEvent Logs tab and add the event logs from themachine described in step 1 andstep 2.

Tip: Review the ConsoleWorksWEF Start-UpGuide for detailed instructions andtroubleshooting information about capturing event logswith theWEF.

10. Specify the log filesmonitored.

11. Click the Files tab and add the log files from themachine described in step 1 and step 2.

Tip: Review the ConsoleWorksWEF Start-UpGuide for detailed instructions andtroubleshooting information about capturing logswith theWEF.

12. ClickSave.



Note: Depending on the amount of data requested, a newWEFmight take a fewminutes to gather and forward the requested logs and files. The files beginforwarding from the end of the file at the time you completed configuring theWEF or at the start time for the ConsoleWorksWEF Server Service on theConsoleWorks server host, whichever occurrence is later.

WMI Poller

AWMI Poller connector’s configuration is site-specific. Please contact TDi Support for a customizedconnector configuration.



Xen Host

About Xen Host

You cannot create a Xen Host Console for a solitary Xen hypervisor. The hypervisor must beparticipating in a resource pool of at least two Xen hypervisors, and this resource pool must beassociated with a Xen Pool Console.

Xen Host Consoles are not needed for managing virtualized infrastructure strictly at the resource poollevel or the virtual machine level. For the former, use a Xen Pool Console. For the latter, use a XenVirtual Machine Console.

Configure a new XenHost connector

1. From theConnector drop down, selectXen Host.

TheConnection Details section opens, displaying theXenHost connector configuration.



3. From theHypervisor drop down, select the Xen Pool Console for the resource pool thatcontains the server to manage.

4. From theHost drop down, select the server to manage through the Console.





Field Definitions






Enables you to change the authentication method and credentials for connecting tothe host server.


6. ClickSave.



Xen Pool

Configure a new Xen Pool connector

1. From the Connector drop down, selectXen Pool.

TheConnection Details section opens, displaying theXen Pool connector configuration.


3. In theMaster IP field, enter theMaster server IP address or domain name, not casesensitive.

4. (optional) In thePort field, enter theMaster server's IP port number.

5. In theUsername field, enter the Username for the root—or equivalent—account on the Xenserver located at the entered IP address.

6. In thePassword field, enter the password for the specified account. Letter case isimportant.



Field Definition

Automatically create Consoles fornew Virtual Machines

Automatically configures a Console for each of the current virtualmachines.

Change Authentication Enables you to change the authentication method and credentialsfor connecting to the resource pool’s servers.

Field Definitions

9. ClickSave.



Xen Source Server

Configure a new Xen Source Server connector

1. From theConnector drop down, selectXen Source Server.

TheConnection Details section opens, displaying the Xen Source Server connectorconfiguration.

2. In theHypervisor IP field, enter the hypervisor IP address or domain name.

3. (optional) In thePort field, enter the hypervisor IP port number.

4. In theUsername field, enter the username for the root, or equivalent account for theentered IP address.

5. In thePassword field, enter the password for the specified account, case sensitive.



Field Definition

Automatically createConsoles for new VirtualMachines

Configures automatically a Console for each of the current virtual machines.

Virtual Machines Enables you to associate virtual machines to this hypervisor. TheConsoleWorks Help provides instructions for using Virtual Machines (search:virtual machines).

Field Definitions

8. ClickSave.



Xen Source Virtual Machine

Configure a new Xen Source Virtual Machine connector

1. From theConnector drop down, selectXen Source Virtual Machine.

TheConnection Details section opens, displaying theXen Source Virtual Machineconnector configuration.



3. From theHypervisor drop down, select the hypervisor that manages the virtual machine tomanage through the Console.

4. From theVirtual Machine drop down, select the virtual machine tomanage.


5. ClickSave.



Xen Virtual Machine

Configure a new Xen Virtual Machine connector

1. From the Connector drop down, selectXen Virtual Machine.

TheConnection Details section opens, displaying theXen Virtual Machine connectorconfiguration.



3. From theHypervisor drop down, select the hypervisor that manages the virtual machine tomanage through the Console.

4. From theVirtual Machine drop down, select the virtual machine tomanage.


5. ClickSave.



Supported IP PortsThe following table shows a sample of the ports ConsoleWorks can use, under which circumstances,and for what purposes.

Port IPProtocol Type Usage Initial Connection

Direction

22 TCP SSH Encrypt connection from ConsoleWorks to Console servers,hosts, VMware hypervisors, XEN hypervisors, and other man-aged devices.

Outgoing

23 TCP Telnet Connect from ConsoleWorks to Console servers, hosts, andother managed devices.

Outgoing

25 TCP,UDP

SMTP Send email from ConsoleWorks through user-defined Actionsor CWScripts.

Outgoing

53 TCP,UDP

DNS ConsoleWorks determines IP addresses through DNS service.Unnecessary when using raw IP addresses in all configurationelements or local hosts file.

Outgoing

69 UDP TFTP (optional) Used by the TFTP CWScript plugin. Outgoing

80 TCP HTTP Connect from VIRTUALfx to VMware and Citrix XEN hyper-visors when SSL is not configured.

Outgoing

162 TCP,UDP

SNMP Send and receive SNMP traps. Default ConsoleWorks port.Port is user-configurable.

Incoming/Outgoing

389 TCP LDAP Works with optional external authentication. Outgoing

443 TCP HTTPS Connect from VIRTUALfx to VMware and Citrix XEN hyper-visors when SSL is configured.

Outgoing

445 TCP MSAD Works with Microsoft Active Directory external authentication. Outgoing

514 UDP SYSLOG Receive Syslog messages from monitored systems. DefaultConsoleWorks port. Port is user-configurable.

Incoming

1812 UPD Radius Works with optional external authentication. Outgoing

5176 TCP ConsoleWorks(HTTP[S])

Access ConsoleWorks from web browsers and command-lineinterface.Default ConsoleWorks port. Port is user-configurable.

Incoming

5177 TCP TDI-SWEF Default port for Secure Windows Event Forwarder. Port is user-configurable.

Incoming

5178 TCP TDI-SWEFDefault port for Secure Windows Event Forwarder. Port isuser-configurable.

Outgoing

Table 1. IP Ports


Supported IP Ports Getting Started Guide

Port IPProtocol Type Usage Initial Connection

Direction

8022 TCP SSH CLI Default port for SSH CLI. Port is user-configurable. Incoming

9363 TCP XEN Connect from VIRTUALfx to Open Source XEN hypervisors.This is the port used in XEN documentation examples. Specificimplementations may use other, user-configured, ports.

Outgoing

Table 1. IP Ports

Getting Started Guide Supported IP Ports


consoleworks getting started guide 5.3-0u0

Documents