crd portal · crd portal - manual for third party employees (crd user) manual_crduser.docm page 6...
TRANSCRIPT
-
CRD Portal
Manual for Third Party Employees (CRD User)
Version: 3.4.9
Date: 06.11.2018
State: provided
-
Copyright © 2018 by T-Com,
Alle Rechte, auch die des auszugsweisen Nachdrucks, der fotomechanischen Wiedergabe (einschließlich
Mikrokopie) sowie der Auswertung durch Datenbanken oder ähnliche Einrichtungen, vorbehalten.
Manual_CRDUser.docm Page ii
Credits
Publisher
Production, Computing Services & Solutions (CSS) GCU MPHS, Security Consulting & Engineering Holzhauser-Straße 4-8 13509 Berlin
Version Date State
3.4.9 06.11.2018 provided
Contact persons Telephone E-mail
Sketch
This document explains how third party employees can access target systems via a CRD Portal.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page iii
Table of Contents
1 Introduction and Boundary 1
2 Overview 2
2.1 Task of CRD ..................................................................................................... 2
2.2 Functionality ...................................................................................................... 2
2.3 Connection Establishment ................................................................................ 3
2.4 Software Requirements ..................................................................................... 4
2.5 License ............................................................................................................. 4
3 Working with CRD Console 5
3.1 Providing the Access Information ...................................................................... 5
3.2 Installation and Settings before Starting ............................................................ 5
3.3 Conversion of Existing Sessions ....................................................................... 7
3.3.1 Since Console version 3.0 ..................................................................... 7
3.3.2 Since Console version 3.4.6 .................................................................. 8
3.4 Overview ........................................................................................................... 8
3.5 Session Management ..................................................................................... 10
3.6 Import Sessions .............................................................................................. 11
3.6.1 Main Menu .......................................................................................... 11
3.6.2 Import Ticket ....................................................................................... 12
3.6.3 Drag & Drop ........................................................................................ 12
3.7 Protocols per netelement ................................................................................ 13
3.8 Key Handling .................................................................................................. 13
3.8.1 Generate a RSA Key ........................................................................... 13
3.8.2 Show/Delete RSA Keys ....................................................................... 15
3.8.3 Changing Passphrase of RSA Keys .................................................... 16
3.9 Settings ........................................................................................................... 16
3.9.1 First application launch ........................................................................ 17
3.9.2 Language ............................................................................................ 20
3.9.3 Log level.............................................................................................. 20
3.9.4 Proxy ................................................................................................... 21
3.9.5 Change default Path ........................................................................... 21
3.9.6 Terminal .............................................................................................. 22
3.10 Establishing Connections ................................................................................ 24
3.10.1 Portal configuration ............................................................................. 24
3.10.2 Connecting to a netelement................................................................. 24
3.11 Starting CRD Console with Command Line Arguments ................................... 41
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page iv
4 Error Handling 42
5 Technical Support 50
6 Glossary 51
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page v
Table of Images
Figure 2-1: Functionality of Connection Establishment ...................................................... 3
Figure 3-1: Switch to German ............................................................................................ 6
Figure 3-2: Convert Existing Session Files ........................................................................ 7
Figure 3-3: "sessions" Folder before Conversion ............................................................ 7
Figure 3-4: "sessions" Folder after Conversion............................................................... 7
Figure 3-5 conversion dialog ............................................................................................. 8
Figure 3-6: CRD Console Main Window ............................................................................ 9
Figure 3-7: Menu “CRD Console“ .................................................................................... 11
Abbildung 3-8: Import Ticket ............................................................................................ 12
Abbildung 3-9: import per drag & drop ............................................................................. 13
Figure 3-10: Menu “RSA/DSA key” .................................................................................. 14
Figure 3-11: Key Generation ........................................................................................... 14
Figure 3-12: Public Key ................................................................................................... 15
Figure 3-13: Show and Delete Keys ................................................................................ 16
Figure 3-14: Settings Menu ............................................................................................. 16
Figure 3-15: Wizard page 1 language selection ............................................................... 17
Figure 3-16 Wizard page 2 selecting RSA-key option ...................................................... 18
Figure 3-17 Wizard page 3 selecting the private RSA-key ............................................... 19
Figure 3-18 Wizard page 3 generating a RSA-keypair ..................................................... 20
Figure 3-19: Proxy Settings ............................................................................................. 21
Figure 3-20: Change default Path .................................................................................... 21
Figure 3-21: Dialog Change color .................................................................................... 22
Figure 3-22: Dialog Color selection ................................................................................. 22
Figure 3-23: Dialog Lines of scroll back ........................................................................... 23
Figure 3-24: Tab "CRD gateway" .................................................................................... 24
Figure 3-25: Tab "Net element" ....................................................................................... 25
Figure 3-26: Remote Host Authentication ........................................................................ 25
Figure 3-27: Passphrase Dialog for SSH/Telnet .............................................................. 26
Figure 3-28: SSH Terminal Emulator ............................................................................... 27
Figure 3-29: Select and Copy & Paste ............................................................................. 28
Figure 3-31: Contextmenu VNC-Viewer .......................................................................... 29
Figure 3-31: Tab “VNC settings” for RDP ........................................................................ 30
Figure 3-32: Passphrase Dialog for RDP/NX ................................................................... 30
Figure 3-33: RDP Session ............................................................................................... 31
Figure 3-34: Tab “VNC settings” for NX ........................................................................... 32
Figure 3-35: NX authentication ........................................................................................ 33
Figure 3-36: NX Session with desktop ............................................................................. 34
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page vi
Figure 3-37: Active NX Sessions ..................................................................................... 35
Figure 3-38: X2GO login screen ...................................................................................... 36
Figure 3-39: SCP Protocol Selection ............................................................................... 37
Figure 3-40: SCP for Uploading ....................................................................................... 37
Figure 3-41: SCP Connections Window .......................................................................... 39
Figure 3-42: SCP for Downloading .................................................................................. 40
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 1
1 Introduction and Boundary
This document explains how third party employees (CRD users) can connect to internal
target systems of Deutsche Telekom AG via a CRD Portal for the purpose of diagnosis
and maintenance.
Chapters:
Chapter 2:Overview of functionality of CRD Chapter 3:Working with the CRD Console, establishment of CRD connections Chapter 4:Overview of error handling Chapter 5:Information about technical support contact
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 2
2 Overview
2.1 Task of CRD
Due to different requirements Deutsche Telekom AG as a service provider is in charge of
the operation of their nets and IT systems. However if administrative works cannot be
accomplished by own employees, third party companies are hired for diagnosis and
maintenance. In such cases all connections to internal systems have to be recorded and
supervised.
To meet the requirements of risk management efficiently, the operator of IT systems has
to install appropriate monitoring systems to be able to supervise, record and analyze
connections of external administrators or third party companies.
The CRD Portal is such a monitoring system which allows for granting, recording and
supervising of accesses to internal target systems of Deutsche Telekom AG for the
purpose of diagnosis and maintenance.
2.2 Functionality
To grant access rights to target systems for third party employees (CRD users) via a CRD
Portal, the operator has to issue a so-called CRD session ticket. This ticket explicitly
determines which employees may connect to what target systems in what time, using
what protocols. In this manner a CRD Portal works like a firewall. After providing this
information, third party employees will be able to access the specified target systems
under the specified limitations.
When establishing a connection, the connection parameters get checked by the CRD
Portal. If they are valid and comply with a CRD session ticket, the CRD session gets
activated. A CRD session is a time slot in which CRD users are able to connect to target
systems as specified in the CRD session ticket.
According to limitations of the associated CRD session ticket the CRD user may establish
connections within a CRD session arbitrarily. However, the number of concurrent
connections is limited by the CRD session ticket. A CRD session gets terminated if it
reaches the end of the time slot (as specified in the ticket) or if an operator explicitly
terminates it. This causes all open connections to terminate.
CRD Portal operators are always able to monitor or terminate single connections or
terminate an entire session.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 3
2.3 Connection Establishment
Figure 2-1 gives a high level overview of the connection establishment from a CRD user
terminal over a CRD Portal to target systems.
Figure 2-1: Functionality of Connection Establishment
A CRD user starts a SSH connection from his terminal (extTerminal) to the CRD
Portal. The SSH server is a modified OpenSSH server which is able to parse CRD
specific parameters (such as desired protocol, ticket ID, target system). CRD users
therefore are able to request connections. Currently, the following protocols are
supported: SSH (for remote controlling UNIX systems via command line), SCP (for
downloading or uploading files to UNIX systems), telnet (for remote controlling routers
and switches), RDP (for remote controlling Windows systems via GUI) and NX or X2Go
(for remote controlling UNIX systems via GUI).
The OpenSSH server in collaboration with the CRD SessionManagement component
analyze the provided parameters and check if they comply with active CRD session
tickets. In case of a negative check result, the SSH connection will be refused returning a
corresponding error code. Otherwise, if the check result is positive, additional server
processes will be started and thus, client programs (e.g. VNC viewer) are able to connect
to the CRD Portal using the established SSH tunnel. The CRD Portal then connects to the
requested target system.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 4
The client program CRD Console allows for a convenient input of all parameters and
automatically starts the corresponding client programs (depending on the protocol). As a
java program it can be run on many operating systems.
Hint 1: A connection can only be established as long as there are at least 10
minutes left to the defined session end.
2.4 Software Requirements
Using the CRD Console, only the following software package is required:
• Java Runtime Environment version 1.7.
The CRD Console program is provided as a java archive and thereby can be run on
different operating platforms (tested on Windows XP, Windows 7 and CentOS).
2.5 License
The program contains the following open source components:
• Jsch (JCraft, T-Systems): OpenSSH java implementation
• Log4j (Apache): logging library by Apache
• SecureVncViewer (Tightvnc, T-Systems): VNC viewer with SSH support
• GSI-SSHTerm (SSHTools): SSH-Terminal-Emulator
• Xerces (Apache): Java-XML-Handling
CRD Console is published under GNU General Public License (v2).
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 5
3 Working with CRD Console
3.1 Providing the Access Information
To enable third party employees to establish connections to target systems, the CRD
Portal operator has to issue a CRD session ticket and provide the required information to
the CRD user.
The following information has to be provided to the CRD user:
• Begin and end of the CRD session.
• Maximum number of concurrent connections.
• Name of the CRD users who are authorized to activate the CRD session. That
name corresponds with a public key on the CRD Portal.
• Ticket ID: 16-digit number (hexadecimal).
• Allowed protocols: RDP, Telnet, SSH, SCP, X2Go or NX.
• Allowed target systems: IP addresses or names of the allowed target systems.
• Login credentials: credentials to login with, on specific target systems if no
automatic login is configured.
• CRD Portal address: public IP address or name of the CRD Portals.
• company name: this name is used for connecting to the CRD Portal with SSH.
• SSH port of the CRD Portals: default is 3022.
Using these parameters CRD users are now enabled to establish SSH connections to the
CRD Portal. Authentication method is always the CRD user’s private key.
Hint 2: To allow communication with the CRD Portal with SSH, the CRD user’s
public key has to be transmitted to the CRD Portal operator in order to
enable a SSH authentication.
3.2 Installation and Settings before Starting
The following pieces of programs are needed to run CRD Console:
• CRDConsole-.jar
CRD Console needs a working directory for saving session configurations and settings.
This directory will be created automatically in the home directory of the current user and
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 6
has the name „.CRDconsole“. For example for a Windows user “erwin” it would look like
this:
C:\Dokuments and Settings\erwin\.CRDconsole
For a Windows-7 user ”erwin“ for instance:
C:\Users\erwin\.CRDconsole
For a Linux user ”erwin“ for instance:
~erwin/.CRDconsole
This working directory also contains the log file and the known_hosts file.
The file CRDConsole-.jar as a standalone program can be moved to any
directory on the computer. Double clicking starts CRD Console if the extension jar is
associated with java. Alternatively the command „java –jar CRDConsole-
.jar“ can be used.
By default CRD Console starts in English. The menu “Settings” “Language“ provides a
language switch.
Figure 3-1: Switch to German
To be able to open this manual with the help menu in the CRD Console, copy this manual
as a PDF named „Console.pdf“ into the working directory.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 7
3.3 Conversion of Existing Sessions
3.3.1 Since Console version 3.0
This chapter describes the conversion of session files from a CRD Console older than
version 3.0. If this is your first use of CRD Console, if a conversion has been performed
already or if there are no session files to convert this chapter can be skipped.
On starting CRD Console with version 3.0 or higher, session files from older versions (cfg
format) can automatically be converted to a new format (xml). The following dialog
appears:
Figure 3-2: Convert Existing Session Files
Confirming with “Yes” automatically converts the existing session files and starts CRD
Console. As normal all sessions will appear in the session list. Conversion does no
changes to the session content and is strongly recommended, because otherwise the
saved sessions cannot be used anymore. For backup purposes the old session files are
not deleted but moved to a folder „old“. The following two figures illustrate the conversion
of session files, which are contained in the „sessions“ folder:
Figure 3-3: "sessions" Folder before Conversion
Figure 3-4: "sessions" Folder after Conversion
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 8
Declining with “No” will skip conversion and hence no sessions will appear inside the
session list. The conversion dialog will appear again on starting CRD Console next time.
3.3.2 Since Console version 3.4.6
This chapter describes the conversion of session files from a CRD Console older than
version 3.4.6. If this is your first use of CRD Console, if a conversion has been performed
already or if there are no session files to convert this chapter can be skipped.
On loading a session file that has been saved with an older Console (before 3.4.6 but not
before 3.0) the following dialog appears:
Figure 3-5 conversion dialog
If you confirm this dialog by clicking “yes” the session file will be converted and loaded into
the console. The conversion has no effect to the session information and should be
processed to be able to keep working with the saved session file. For safety reasons a
backup of the older session file will be created in the folder “sessions_backup”.
If you reject the conversion by clicking “no” the session file will not be converted and not
loaded into the console.
3.4 Overview
The following figure explains the CRD Console user interface after starting:
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 9
Figure 3-6: CRD Console Main Window
- Import session files - Exit program
Connection parameters to the CRD portal
Clear text fields of the current tab
- Language - Loglevel - Clear all text fields - Default path - Proxy settings -Terminal settings
Save current connection parameters under a specified name
Load connection parameters from a previously saved and now selected session
Delete the selected session
- Release and license information - Manual
Name of the current session
List of saved sessions
File browser for key selection
- Key management - SCP downloads/uploads list - Active connections list
Establish connection
Connection parameters to the target system
Indicator for accessibleness of the gateway
import ticket date from clipboard
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 10
3.5 Session Management
For your convenience, frequently used connection parameters can be saved (as you
might know from Putty). Set a name in the text field “Name of session” and click “Save”.
The name then appears in the list of saved sessions. Using double click or “Load” loads
the saved parameters again and fills the text field accordingly.
Saving connection parameters can be used for creating templates. For example a
template may contain connection parameters to a CRD Portal, leaving the target system
text fields clear. This template can then be used for different target systems having the tab
“CRD gateway” already filled out.
Saving can also be applied to complete connection settings so that on loading this session
the connection can be opened immediately.
Using the “Delete” button deletes the selected session from the list (deletes the file as
well).
To perform changes on session filles, first load your session (click the “Load” button or
double click the session in the session list), then apply changes and save again. Saving
under the same name will overwrite the existing session file. Saving under a new name
will create a new session file.
Saved session files will be stored in the default path (see 3.9.5). If this is your first start of
CRD Console the “sessions” folder in the working directory will be set as default path.
SessionFiles will be named accordingly to the session name and the file extension ‘xml’.
Please note chapter 3.3 Conversion of Existing Sessions.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 11
3.6 Import Sessions
3.6.1 Main Menu
Since version 3.1 CRD Console allows for importing session files, this option is included in
the main menu “CRD Console“.
Figure 3-7: Menu “CRD Console“
The menu item “Load connection data from file” opens a file browser to choose an xml file.
If this file is a valid CRD Console session file, all text fields will be filled properly. The
temporary session name is the file path. This way a CRD Portal operator could send xml
files that already contain all required information and simply can be loaded to the CRD
Console.
This function can also be used for sharing session files among CRD users.
After importing the session file, the session is not yet saved to the own list of sessions. By
typing a valid name instead of the file path the imported session can be saved and added
to the list of sessions.
Please note chapter 3.3 Conversion of Existing Sessions.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 12
3.6.2 Import Ticket
The button “Import Ticket” imports session data from the clipboard. This data may be the
path to a session file or an encoded text which represents the ticket data in an encrypted
format. Usually you will find this text within the email notification for new tickets. If the
clipboard is empty, a file dialog will be opened for selecting a session file as described in
chapter 3.6.1 Main Menu. The list of existing session files has a context menu called
"Paste". This menu has the same function as the "Import Ticket" button.
If the contents of the clipboard cannot be read, a corresponding error message will be
displayed.
Abbildung 3-8: Import Ticket
3.6.3 Drag & Drop
You may also import a session file by dragging it with your mouse from a file browser or
an email client (e.g. Outlook) into the session list of the CRD Console. By releasing the
mouse button the session file will be imported as it is described in chapter 3.6.1 Main
Menu.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 13
Abbildung 3-9: import per drag & drop
3.7 Protocols per netelement
To increase usablility since version 2.4.16 of the CRD portal session files additionally
contain information about allowed protocols on netelements. Those session files can only
be loaded since version 3.4.6 of the CRD console. The protocol selection list will be
restricted for each netelement accordingly to the protocol definition in the session file.
If you manually change the ip address of the portal or the ip address of a netelement or
the ticket number the protocol selection list will be reset so that all available protocols are
seletable. The CRD portal rejects connection request for protocols that are not allowed for
the particular netelement.
3.8 Key Handling
3.8.1 Generate a RSA Key
For communicating with a CRD Portal, a key pair has to be generated. Authentication on
the CRD Portal always bases on challenge-response procedure with asymmetric keys.
The public key has to be transmitted to the CRD Portal operator, while the private key
always stays with the CDR user.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 14
The CRD Console menu item “Extras” “RSA key” “Generate RSA key” allows for the
generation of key pairs.
Figure 3-10: Menu “RSA/DSA key”
The following dialog appears:
Figure 3-11: Key Generation
Choose a valid file path (including file name) for the private key and enter this path on the
form tag “Key name”. The button “…” opens a file browser.
Hint 3: Always keep the private key protected and prevent others from reading.
Choose a private directory and never a publicly available area!
The comment should be an unambiguous description of the key that contains owner and
function of the key. This eases assignments.
Always protect the key with a passphrase! CRD Console puts a warning in case of
insecure passphrases. The passphrase should be not shorter than 8 letters containing
characters from at least two of the following groups:
• capital letters
• small letters
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 15
• numbers
• special characters
After the successful generation the following dialog appears:
Figure 3-12: Public Key
Besides the private key file, a file with the public key (extension “.pub”) has been created.
The content of this file is the same as in the text area. This public key and the displayed
fingerprint should be transmitted to the CRD Portal operator. In order to ensure the correct
public key (protection of integrity) gets imported it is necessary to use a secure channel
(e.g. encrypted email) for transmission. The fingerprint helps to detect whether or not the
public key was manipulated.
To increase security and prevent others from manipulating both, public key and
fingerprint, the fingerprint must be transmitted using a separate way of communication
(e.g. fax, letter, telephone).
3.8.2 Show/Delete RSA Keys
The menu item “Extras” “RSA key” “Show or delete RSA key” allows for viewing or
deleting generated keys. Fingerprint and public key get calculated again.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 16
Figure 3-13: Show and Delete Keys
Hint 4: If your private key was compromised (read, copied or manipulated by
others), immediately notify the CRD Portal operator! Delete your private
key and redo key generation procedure.
3.8.3 Changing Passphrase of RSA Keys
The menu item “Extras” “RSA key” “Change RSA passphrase” allows for changing
the passphrase of a private key. This has no effect on the key information itself and the
public key remains unchanged.
Hint 5: For security reasons passphrases should be changed frequently.
3.9 Settings
The menu “Settings” provides different CRD Console settings.
Figure 3-14: Settings Menu
Settings get saved in conf/settings.xml in the CRD Console working directory. Next
time starting CRD Console saved settings will get loaded and applied automatically.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 17
3.9.1 First application launch
The first time the application is launched, a wizard will be displayed to assist the user in
setting the global configurations language and private RSA-key. The first page displays
the language selection, where the language is preconfigured with the system-locale. The
language can be switched between German and English. Cancel will quit the wizard and
start the CRD Console application.
Figure 3-15: Wizard page 1 language selection
At the second wizard-page a selection between an available RSA-keypair (yes) or
generating a new RSA-keypair (no) can be made.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 18
Figure 3-16 Wizard page 2 selecting RSA-key option
When a RSA-keypair is available, at wizard page 3 the location of the keyfile can be
selected by using the “…”-button.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 19
Figure 3-17 Wizard page 3 selecting the private RSA-key
When at page 2 the generation of a new RSA-keypair is selected, the wizard page from
Figure 3-18 will be displayed, to configure the generation-settings. By pressing Generate
the keypair will be generated and saved under the configured key name.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 20
Figure 3-18 Wizard page 3 generating a RSA-keypair
When the wizard is closed by Save, the entered configuration data language and RSA-
keypair will be configured in the application and the CRD-console will be launched.
3.9.2 Language
Choose between German and English.
3.9.3 Log level
Errors, warnings, info messages and debugging messages get appended to the log file
CRDConsole.log in the working directory. To prevent large file sizes, the log file gets
deleted every time on starting CRD Console.
If CRD Console was started on command line („java –jar“) log messages will appear
on the command line as well.
The menu item “Log Level” provides levels between ‘ALL’ and ‘FATAL’. Those levels
determine the rate and level of detail of the log messages (falling from ‘ALL’ to ‘FATAL’).
‘ALL’ writes all messages. This mode can be helpful when searching for the reason of a
certain behavior of the CRD Console. However in normal operations those many
messages are not of interest and may slow down a bit.
Default log level is ‘INFO’.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 21
3.9.4 Proxy
CRD Console provides the possibility of establishing connections via a SOCKS proxy. The
menu item “Proxy…” opens the proxy settings dialog.
Figure 3-19: Proxy Settings
Provide host (DNS or IP address), port (default is 1080) and SOCKS version. When using
SOCKS version 5, the proxy server also requires authentication with a username and a
password. Confirming with “OK” initiates the CRD Console to send all future connection
requests to the proxy server. Before applying this setting, the CRD Console tries to
establish a TCP socket connection to the host and port to check if host and port are
reachable. This may take a while.
Deleting the host text field removes the entire proxy settings.
3.9.5 Change default Path
Settings of the default path for accessing templates and key files are provided by an
special dialog.
Figure 3-20: Change default Path
By selecting the button „…“ an selection dialog will be opened. All settings will be saved
by pushing the „OK“ button. If pushing the „Cancel“ button or the “X” button on right edge
of dialog window no settings will be saved.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 22
3.9.6 Terminal
Two dialogs for changing settings for the terminal are offered via this menu item. "Change
color" and „Lines of scroll back".
3.9.6.1 Change color
This dialog allow users to set the background color and/or to set the font color for the
terminal. Font color also named as foreground color.
Figure 3-21: Dialog Change color
Default values for font color is white and for background color is black. The text fields are
only for displaying the selected color. The button to the right of the text field opens the
dialog "Color selection". Changed colors will be used in terminal immediately.
Figure 3-22: Dialog Color selection
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 23
With the OK button in the "Change Color" dialog, changed values will be saved into local
configuration file on User PC and close the dialog.
Cancel, will close the dialog without changing or save value into local configuration file . If
you select front and background colors alike and start a new terminal connection, default
colors values will be recovered black, white on the terminal.
3.9.6.2 Lines of scroll back
With this dialog, the number of lines displayed in the terminal can be changed with
scrollback. Minimum value is 1, maximum value is 99.999. The minimum displayed lines
in the terminal depend on the window size. For example, The terminal window large
enough for ten lines, with a changed value of 1 still 10 lines are displayed in the terminal.
Changed count of scroll back lines will be used in terminal instantly.
Figure 3-23: Dialog Lines of scroll back
Default value for number of lines for scrollback is 1000. With “OK” changed value will be
saved into local configuration file and close the dialog. The Cancel button will close the
dialog without saving.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 24
3.10 Establishing Connections
3.10.1 Portal configuration
Make sure all required fields in the tab “CRD gateway” are filled. Choose either IP address
or DNS name of the CRD Portal. Use the button “…” to browse for the private key file.
Default port is 3022.
With CRD gateway accessibleness, the accessibility of the gateway is represented by the
traffic light colors.
red -- gateway is not available
yellow – checking connection to gateway
green – connection to the gateway has been established
The following figure shows an example:
Figure 3-24: Tab "CRD gateway"
3.10.2 Connecting to a netelement
Please note chapter 3.7 Protocols per netelement.
3.10.2.1 Establish a SSH Connection
The tab “Net element” contains all information on the target system of Deutsche Telekom
AG. Choose between IP address or logical name (internal identifier) and provide the ticket
ID that was given to you by a CRD operator. Choose “ssh” as protocol.
The ticket ID is a 16 character hexadecimal number. Avoid typos (e.g. space at the end).
The following figure shows an example:
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 25
Figure 3-25: Tab "Net element"
After all parameters are inserted they can be saved for a quick reuse. Enter a name in the
text field “Name of session” and click “Save”. This name will now appear in the list of
saved sessions. Double clicking or selecting and “Load” will load the parameters again.
To start the connection click “Open Connection”. If this is the first time connection to this
CRD Portal the following dialog appears:
Figure 3-26: Remote Host Authentication
Ask the CRD operator for the SSH server host key fingerprint. This is to make sure you
can check if you talk to the “right” CRD Portal and prevent Man-in-the-middle attacks.
Click “Always” if you trust and want this fingerprint to be added to the CRD_known_hosts
(in the working directory). That will make this dialog never come up again.
Click “Yes” if you temporarily trust. This will open the connection but not add the
fingerprint to the known hosts list. That will make this dialog come up again next time.
Click “No” if you distrust this fingerprint. This will cancel the connection and the dialog will
come up again next time. Choose this option if the fingerprint differs from the one the CRD
operator has published. If that is the case it might indicate a Man-in-the-middle attack.
See the glossary for more information on the known_host file.
The next dialog requests the private key passphrase.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 26
Figure 3-27: Passphrase Dialog for SSH/Telnet
If all your data inserted are valid and comply with a CRD session ticket, a SSH terminal
emulator opens. This terminal (GSI-SSHTerm) already displays the SSH connection to the
target system. The emulator software is comprised by the CRD Console but is executed
as a separate java process.
Sometimes the emulator program might hang. This is a known bug. The window remains
black and does not react on clicks or keys. These windows can be closed with the menu
item “Extras” “Show active connections” where all active connections are listed and can
be killed separately. You can as well kill the process manually with its PID.
There are different types of logins on the target system. The type of login is specified in
the CRD session ticket by the CRD operator.
• UserID / password:
The CRD operator must provide the login credentials to the CRD user who logs in
himself.
• Automated login:
The CRD Portal is in charge of automatically logging the CRD user in. So on
opening connections the CRD user is already logged in and does not need to know
any credentials.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 27
The following figure gives an overview of the terminal emulator:
Figure 3-28: SSH Terminal Emulator
Protocol used (SSH/Telnet)
Ticket ID used
Target system (of Deutsche Telekom AG) connected to
CRD Portal connected to
Own company name
Connection state
SSH inputs / outputs
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 28
The emulator program allows for the selection of text blocks with the left mouse key and
copy & paste via the context menu (right mouse key):
Figure 3-29: Select and Copy & Paste
“Clear” clears all outputs. “Refresh” refreshes the display.
The window can be resized arbitrarily. Contents (e.g. man pages, vi editor …) should
adapt automatically.
Hint 6: Keep in mind that all activities are being recorded and CRD operators can
monitor live connections at any time.
To terminate the connection, type “exit”. The state will switch to “disconnected” and the
window can be closed.
There can be multiple connections (to the same or to different target systems)
concurrently open. Click “Open Connection” again to start another SSH connection.
However the maximum number of concurrently open connections is limited by the CRD
session ticket.
See the chapter “Error Handling” if errors occur.
3.10.2.2 Establish a Telnet Connection
Telnet connections are very similar to SSH connections (see above). Choose “telnet” in
the tab “Net element”.
The same terminal emulator as for SSH is used also for Telnet.
See the chapter “Error handling” if errors occur.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 29
3.10.2.3 Establishing a graphical connection
For remote desktop connections with a graphical user interface, the console is using
“Virtual Network Computing”, also called VNC-connections. For this type of connections
the TurboVNC implementation is used. TurboVNC can compress 3D and video workloads
significantly better than standard VNC implementations. TurboVNC connections can be
established to netelements with the protocols RDP, NX and X2Go. The documentation of
TurboVNC is not part of this manual. Only CRD-specific differences to the standard
implementation will be described. With the F8-key a context menu in the viewer is
displayed.
Figure 3-30: Contextmenu VNC-Viewer
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 30
3.10.2.4 Establish a RDP Connection
Fill in all data as described for SSH connections. Choose “rdp” as protocol. This will open
a new tab “VNC settings”.
Figure 3-31: Tab “VNC settings” for RDP
In “VNC settings” the preferred window size can be chosen from a set of window sizes.
This gives the opportunity to adapt the window size to your screen size. Clicking “Clear
input” for this tab restores the default window size (1280x1024) again. The window size
can be any listed entry and does not get checked by the CRD Portal.
On “Open Connection” the next dialog requests the private key passphrase.
Figure 3-32: Passphrase Dialog for RDP/NX
Hit Enter to confirm or hit ESC to cancel.
If all your data inserted are valid and comply with a CRD session ticket, a VNC viewer
opens. The display already shows your RDP session on the target system. The VNC
viewer software is comprised by the CRD Console but is executed as a separate java
process.
There are different types of logins on the target system. The type of login is specified in
the CRD session ticket by the CRD operator.
• UserID / password:
The CRD operator must provide the login credentials to the CRD user who logs in
himself.
• Automated login:
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 31
The CRD Portal is in charge of automatically logging the CRD user in. So on
opening connections the CRD user is already logged in and does not need to know
any credentials.
The following figure gives an overview of the VNC viewer:
Figure 3-33: RDP Session
Hint 7: The entire RDP session is being recorded by the CRD Portal and CRD
operators can monitor live connections at any time.
Hint 8: On changing to full screen mode all other windows and task bars on this
screen will be hidden. The window frame and button panel of the VNC
viewer disappears, too. With the key combination Strg+Alt+Shift+F or
context menu (F8) Fullscreen a switch between full screen and
windowed screen is possible. On pressing the Windows key on the
keyboard the Windows desktop appears where other windows can be
accessed again. By logging off from the target system the VNC viewer
automatically closes (and full screen mode with it).
Terminating RDP sessions should always be done by logging off from the target system.
If terminating is done by closing the window or clicking “Disconnect” the Windows login on
the target system remains active. That means that all programs of the RDP user keep
Fullscreen Display refresh Protocol, resolution, IP netelement and ticket-id
Send ctrl/alt to the remote deksotp
Send Ctrl-Alt-Del to the remote desktop
Remote windows desktop of the target system
Force disconnect
Send the windows key to the remote desktop
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 32
running (Windows session is locked). It depends on the Windows system and its
configuration, if RDP users always get a new session or if they are able to resume
sessions. A locked session can also mean that other users cannot logon.
In general multiple RDP sessions can be open at the same time (if the session ticket
allows that).
Hint 9: For standard Windows systems (other than Terminal Servers) only one
RDP session can be performed at a time. The moment when another
user tries to log on with the same credentials he overtakes the active
RDP session while the original user gets disconnected.
See the chapter “Error handling” if errors occur.
3.10.2.5 Establish a NX Connection
NX connections are very similar to RDP connections (see above). Choose “nx” in the tab
“Net element”.
In the tab “VNC settings” you can change the window size and select a desktop
environment. You can choose between "Gnome" and "KDE". The default selection is
"Gnome".
Figure 3-34: Tab “VNC settings” for NX
The same VNC viewer as for RDP is used for NX.
The following figure gives an overview of the VNC viewer with a NX connection:
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 33
Figure 3-35: NX authentication
As specified in the session ticket, login can be performed by the CRD user or
automatically by the CRD Portal. Figure 3-35 shows the login window in case the CRD
user has to log in with credentials.
If login is successful the graphical desktop environment (e.g. Gnome or KDE) of the target
system appears. The following figure gives an impression.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 34
Figure 3-36: NX Session with desktop
In case there are already active NX connections to this target system, after the login a list
of active connections is displayed. The following figure shows the screen that occurs in
case there is already one active NX connection.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 35
Figure 3-37: Active NX Sessions
That table lists active NX connections by session name (NX internal ID), type (e.g. Gnome
or KDE), geometry, state and more. The following actions can be performed:
• Refresh: Refresh this list.
• Resume: Resume the selected NX connection. In case another CRD user is
connected with this session, he gets disconnected. Programs and windows on the
target system keep running.
• Terminate: Terminate the selected NX connection. In case another CRD user is
connected with this session, he gets disconnected and all programs and windows
get closed.
• New: Start a new NX session. Active connections remain unchanged. Depending
on the NX server the number of maximum connections may be limited.
• Cancel: Cancel your current connection. Active connections remain unchanged.
See the chapter “Error handling” if errors occur.
3.10.2.6 Establish a X2GO Connection
X2GO connections are established very similarly to NX connections (see chapter
3.10.2.5). In the tab “Net element” you have to choose “x2go”.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 36
In the tab “VNC settings” you can change the window size and select a desktop
environment. You can choose between “Mate”, "Gnome" and "KDE". The default selection
is "Mate".
If your private RSA/DSA key is encrypted with a passphrase you will be asked to enter it
when the connection is being opened. (see chapter 3.10.2.3)
Figure 3-38 shows the login screen for X2GO connections. If you can see this screen the
connection has already been established successfully.
Figure 3-38: X2GO login screen
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 37
3.10.2.7 Establish a SCP Connection for Uploading Files
SCP supports uploading of files from a local computer to a remote UNIX system.
Fill in all data as explained before and choose „scp (local => remote)“ as protocol. This
opens a new tab “SCP settings”.
Figure 3-39: SCP Protocol Selection
This new tab allows for providing source and destination of the file transfer.
Figure 3-40: SCP for Uploading
Click the button „…“ to open a file browser for choosing the source file.
Hint 10: Folders cannot be copied. Pack a folder to an archive in order to copy it.
Hint 11: Only one single file can be copied at a time. Pack multiple files to
archives in order to copy them together.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 38
Hint 12: If the file size changes while this file is being copied (e.g. log files),
copying will be performed for the size the file had at the beginning of
copying and end with an error. This is because the CRD Console wants
to copy the whole file but the CRD Portal only awaits the number of bytes
transmitted at the beginning of copying.
The second text field allows for specifying the destination directory. Please, note the
following:
• Provide an existing directory in UNIX notation. Non existing directories will not be
created.
• Do not include a file name at the end. Copying and renaming is not possible.
• Base directory is the home directory of the UNIX user associated with the private
key. Paths can be given relative to the base directory.
• Use slashes (/) instead of backslashes (\).
• Do not finish with a slash at the end (e.g. not: „folder1/folder2/“).
• Maximum path length is 200 characters.
• You might not have the rights to write files to directories other than your home
directory (e.g. „/etc“).
• Existing files with the same name will be overwritten without questioning!
You might be familiar with the SCP syntax (“scp localfile target:destination”)
where destination is what is expected in this second text field.
Some examples:
• To copy a file to the home directory, type the following:
. (alternatively the absolute path can be used: „/home/erwin“)
• To copy a file into a folder in the home directory, type the following:
./folder (alternatively „folder“ or „/home/erwin/folder“ works, too)
For renaming, copying, moving or execution of the copied file on the target system use a
SSH connection in addition.
By clicking “Open Connection” copying gets started (as for the other protocols the private
key passphrase has to be provided). This opens the window “SCP connections” which can
be opened via “Extras” “Show scp connections”, too. It contains a list of all active and
finished SCP connections with various pieces of information.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 39
Figure 3-41: SCP Connections Window
Hint 13: All file transfers are being recorded by the CRD Portal.
See the chapter “Error handling” if errors occur.
File size Upload or download (this: upload)
State Time stamp of starting copying
Cancel copying (only possible for active connections)
Source file name on the local computer
Remove all entries (does no change to connections)
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 40
3.10.2.8 Establish a SCP Connection for Downloading Files
SCP allows for downloading of remote files from the target system to the local computer.
Choose „scp (remote => local)“ as protocol. This opens the new tab “SCP settings”:
Figure 3-42: SCP for Downloading
Type the path of the file to download from the target system in the first text field. Please,
note the following:
• Provide an existing file in UNIX notation.
• Copying of remote directories is not possible. To copy a directory pack it to an
archive (access via CRD SSH connection) or copy each file separately.
• Base directory is the home directory of the UNIX user associated with the private
key. Paths can be given relative to the base directory.
• Use slashes (/) instead of backslashes (\).
• Do not finish with a slash at the end (e.g. not: „folder1/folder2/“).
• Maximum path length is 200 characters.
• You might not have the rights to read certain system files.
You might be familiar with the SCP syntax (“scp target:remotefile
destination”) where remotefile is what is expected in this first text field.
Some examples:
• To download the „.bash_history“ file of the remote user on the target system,
type the following:
./.bash_history (or „.bash_history“ or „/home/erwin/.bash_history“)
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 41
• To copy the file „authorized_keys“ from the „.ssh“ folder of the home
directory, type the following:
./.ssh/authorized_keys (or „.ssh/authorized_keys“ or …)
For the second text field click the button “…” to open a file browser for choosing a local
destination directory. If a file with the same name already exists there, a question dialog
appears.
See the chapter “Error handling” if errors occur.
3.11 Starting CRD Console with Command Line Arguments
Starting CRD Console from a command line (“java –jar CRDConsole-
.jar“) allows for adding arguments to start CRD Console with a certain
setting. Supported arguments will be listed with argument --help. (call: “java –jar
CRDConsole-.jar –-help”).
The argument –-notab changes the layout from tab layout to the original default layout
(one box below the other).
The argument –-session can be used to fit the CRD Console for automatically open a
specific connection when starting. Pass the name of the session to start. This session
name must exist in the list of saved session. For example Figure 3-6 shows a session with
name “ssh-session-jumpserver”. To open this connection when starting CRD Console, call
“java –jar CRDConsole-.jar –-session ssh-session-
jumpserver”.
The arguments –-notab and –-session can be combined.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 42
4 Error Handling
The following table contains possible errors that may occur using CRD Console and counter measures:
Error Measure
CRD Console does not start. Call ”java –jar CRDConsole-.jar“
from command line and analyze the outputs.
Make sure java (version 1.7) is installed and available.
Check for the correct IP address (or DNS name) in the
tab “CRD gateway”. Check network connectivity. Try to
ping the address. Try a telnet to the port (default 3022).
If ping and telnet are successful and the error occurs
again, SSH authentication at the CRD Portal probably
fails. Check for the correct private key file. Contact the
CRD operator.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 43
The connection was not permitted from portal.
The end date of the ticket was exceeded.
The ticket was actively terminated by the administrator
on the portal.
The ticket is not yet active.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 44
The selected protocol is wrong or is not
supported by the target system or the target system is
not available.
The target system is not valid for this ticket. Check the
entered data in tab “Net element”.
The protocol is not valid for this ticket. Check
the entered value on tab “Net element”.
The target system is not responding or the protocol is
wrong. Please check the ip address and the protocol on
the tab "Net element".
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 45
The count of connections permitted to the target system
was exceeded.
The used user is not included in the ticket.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 46
The path of your private RSA-key file, stored in the
global configuration, is wrong or the file does exist.
Choose a location for your private RSA-key file!
Check in tab “CRD-gateway” in the field private RAS-
Key the entry or check the private RSA-key.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 47
Authentication at CRD Portal is successful but the portal
refuses the connection to the target system.
Check for correct data in the tab “Net element” and
make sure it complies with the ticket information given
to you by the CRD operator.
Please note: CRD operators may terminate sessions or
deactivate tickets at any time. Contact the CRD
operator.
Saved sessions are not available (empty list). Make sure CRD Console has access to the working
directory. Read chapters 3.2 and 3.3. If necessary copy
session files manually into the ”sessions“ folder and
restart CRD Console.
Make sure the “conf“ folder in the working directory
(“.CRDconsole“) contains the file “sessions.xsd“.
This file should be copied automatically on starting CRD
Console and is comprised by the archive CRDConsole-
.jar.
Restart CRD Console.
The selected session cannot be loaded. Open the xml
file and check if the file has been edited by others (or
other programs). Compare with session files which
work.
If the file cannot be fixed, delete this session and try to
insert all data manually. Try saving the parameters as a
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 48
new session.
In case CRD Console is started via command line (or
with a script) make sure the “java –jar” command
does not refer to other directories.
Instead of “java –jar folder/CRDConsole-
.jar” call “cd folder; java –jar
CRDConsole-.jar”.
Contact the CRD operator if this error occurs again.
Try again. Check network connectivity. Check if other
protocols (e.g. SSH) work instead.
Especially check the UNIX file path (in SCP settings) for
syntax errors. Read chapters 3.10.2.6 and 3.10.2.8.
Consider your limited read/write permissions on the
target system.
Please note: CRD operators may terminate sessions or
deactivate tickets at any time. Contact the CRD
operator.
Authentication at CRD Portal is successful but the portal
refuses the connection to the target system.
Check for correct data in the tab “Net element” and
make sure it complies with the information given to you
by the CRD operator.
Please note: CRD operators may terminate sessions or
deactivate tickets at any time. Contact the CRD
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 49
operator.
The terminal emulator (GSI-SSHTerm) hangs and does not react anymore. Close the window and try again. If the window cannot be
closed, close the window via “Extras” “Show active
connections” with the “cancel” button.
Alternatively kill the related java process or just ignore
the window.
First terminate all active connections before closing
CRD Console. “Extras” “Show active connections”
gives a list of all active connections. They can be
terminated there, too.
Alternatively java processes can be killed by their PID.
Hint 14: The menu “Settings“ ”Log level“ allows for increasing the log level. Apply “ALL” to miss no message. Analysis can be
helpful for finding the reason of a CRD Console related problem. The log file CRDconsole.log is located inside the
working directory („.CRDconsole“) of CRD Console. This file gets removed on every start of the CRD Console.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 50
5 Technical Support
For technical issues, please contact the following hotline:
+49 421 5155 8103
STTS SM keyword: CRD-Portal, 3rd-Party Hotline.
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 51
6 Glossary
Term Description
Working directory Directory where CRD Console saves settings, sessions, known_hosts file and log file.
The directory is named .CRDConsole and gets created on the first start
of CRD Console in the user’s home directory.
Example Windows XP: C:\Dokuments and Settings\erwin\.CRDconsole
Example Windows 7: C:\Users\erwin\.CRDconsole
Example Linux: /home/erwin/.CRDconsole
CRD Controlled Remote Diagnosis. Firewall-like client-server architecture for managing, authorizing, supervising and recording maintenance connections from external companies.
CRD Portal Also: CRD gateway. CRD server that checks incoming connection request for validity and compliance with a session ticket. Performs the actual connection to the target system and records all connections. Provides live monitoring for CRD operators.
CRD session Time slot in which third party employees (CRD users) can access internal target systems.
CRD session ticket Also: session ticket. Base for a CRD session which defines the limitations of accesses. Has an unambiguous identifier (ticket ID).
CRD operator Also: CRD admin. Person (or institution) that is in charge of the internal target systems of Deutsche Telekom AG and runs the CRD Portal for providing access to third parties for maintenance purposes.
CRD user Also: third party employee. Employee of an external company to maintain internal target systems of Deutsche Telekom AG. User of the CRD Console.
DNS name Domain Name System. Name associated with an IP address.
extTerminal Computer of the CRD user.
known_hosts file File which contains all SSH server which are known. Identifier is a public SSH host key, which the server presents to the client on the beginning of every SSH connection. When a SSH client tries a first connection to a server, the user can decide whether or not to permanently trust this server ( host key will be added to known_hosts).
If a presented host key suddenly differs from the one in known_hosts, this might indicate a Man-in-the-middle attack!
The CRD Console’s known_hosts file is in the working directory and named “CRD_known_hosts”.
Target system Also: net element. Computer of Deutschen Telekom AG which is subject to maintenance by third party companies and therefore protected by a CRD Portal. This system can also be a jump server that allows further jumps to actual target systems. However in terms of CRD it is the
-
CRD Portal - Manual for Third Party Employees (CRD User)
Manual_CRDUser.docm Page 52
system the CRD user requests access for.
NX Graphical client-server application for remote controlling UNIX systems (with graphical desktops like Gnome or KDE). Developed by NoMachine. Bases on SSH.
OpenSSH BSD licensed open source implementation of SSH.
RDP Remote Desktop Protocol. Windows specific protocol for remote controlling Windows computers. Developed by Microsoft.
SCP Secure Copy. Protocol and client program for copying files over a network, using SSH tunnels.
SOCKS Internet protocol that routes network packets between a client and server through a proxy server.
Short for „SOCKet Secure“
SSH Secure Shell. Protocol and client program for remote controlling UNIX systems on command line over a secure channel.
SSH tunnel Encrypted data stream between SSH client and server that can be used for securely transfer other data streams (e.g. files, unencrypted protocols, …)
Telnet TCP based network protocol for remote controlling UNIX systems (especially routers and switches) over an unencrypted channel.
Ticket ID 16 character hexadecimal number that identifies a CRD session ticket.
TightVNC VNC client-server program which provides a highly efficient compression of the graphical data stream.
VNC Virtual Network Computing. Client-server program for remote controlling computers with a graphical user interface. Used for graphical protocols between CDR user and CRD Portal.
CRD PortalManual for Third Party Employees (CRD User)Credits
Table of ContentsTable of Images1 Introduction and Boundary2 Overview2.1 Task of CRD2.2 Functionality2.3 Connection Establishment2.4 Software Requirements2.5 License
3 Working with CRD Console3.1 Providing the Access Information3.2 Installation and Settings before Starting3.3 Conversion of Existing Sessions3.3.1 Since Console version 3.03.3.2 Since Console version 3.4.6
3.4 Overview3.5 Session Management3.6 Import Sessions3.6.1 Main Menu3.6.2 Import Ticket3.6.3 Drag & Drop
3.7 Protocols per netelement3.8 Key Handling3.8.1 Generate a RSA Key3.8.2 Show/Delete RSA Keys3.8.3 Changing Passphrase of RSA Keys
3.9 Settings3.9.1 First application launch3.9.2 Language3.9.3 Log level3.9.4 Proxy3.9.5 Change default Path3.9.6 Terminal3.9.6.1 Change color3.9.6.2 Lines of scroll back
3.10 Establishing Connections3.10.1 Portal configuration3.10.2 Connecting to a netelement3.10.2.1 Establish a SSH Connection3.10.2.2 Establish a Telnet Connection3.10.2.3 Establishing a graphical connection3.10.2.4 Establish a RDP Connection3.10.2.5 Establish a NX Connection3.10.2.6 Establish a X2GO Connection3.10.2.7 Establish a SCP Connection for Uploading Files3.10.2.8 Establish a SCP Connection for Downloading Files
3.11 Starting CRD Console with Command Line Arguments
4 Error Handling5 Technical Support6 Glossary