MainLogo

User Guide


Nodegrid Serial Console™

Nodegrid Services Router™

Nodegrid Bold SR™

Nodegrid Manager™

This document supports versions 4.0.x.

U.S. Notification

WARNING: Changes or modifications to this unit not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment.

NOTE: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case the user will be required to correct the interference at his/her own expense.

Canadian Notification

This Class A digital apparatus complies with Canadian ICES-003.

Cet appareil numérique de la classe A est conforme à la norme NMB-003 du Canada.

European Union Notification

Note: This is a class A product. In a domestic environment, this product may cause radio interference in which case the user may be required to take adequate measures.

Japan Notification

Japan

 

 

All other marks are the property of their respective owners. This document may contain confidential and/or proprietary information of ZPE Systems, Inc., and its receipt or possession does not convey any right to reproduce, disclose its contents, or to manufacture or sell anything that it may describe. Reproduction, disclosure, or use without specific authorization from ZPE Systems, Inc. is strictly prohibited.

©2019 ZPE Systems, Inc. All rights reserved.

Table of Contents

IntroductionProduct OverviewNodegrid Serial ConsoleNodegrid Serial Console - S SeriesNodegrid Serial Console - R SeriesNodegrid Serial Console - T SeriesNodegrid Services RouterNodegrid Services RouterNodegrid Services Router Expansion ModulesExpansion Module Compatibility ChartNodegrid Bold SRNodegrid ManagerInstallation Hardware InstallationWhat's in the Box?Installation of Modules for Nodegrid Services RouterRack MountingNetwork ConnectionConnecting Power Cord(s)Connecting Target DevicesConnecting Serial Target DevicesConnecting IP Target DevicesConnecting to a NodegridConnection via Console PortConnecting via ETH0Connection via Wi-FiConnection via KVM PortNodegrid Manager InstallationCreating a Virtual Machine - VMWareInstalling Nodegrid ManagerInitial Network ConfigurationIdentify Current IP AddressIdentify Current IP Address - WebUIIdentify Current IP Address - CLIDefine Static IP AddressDefine Static IP Address - Web UIDefine Static IP Address - CLIInterfacesWebUICLIShellAPIDevice AccessDevice SessionsDevice Sessions - Web UIDevice Sessions - CLIDevice InformationDisplay Device Information - Web UIDisplay Device Information - CLIDevice ViewsTable ViewTree ViewNode ViewMap ViewImage ViewSearchDevice SearchGlobal SearchDevice Management (Managed Devices)Configuration of Managed DevicesSerial DevicesConfigure Serial Devices - WebUIConfigure Serial Devices - CLIService Processor DevicesAdd Service Processor Devices - WebUIAdd Service Processor Devices - CLIDevices with SSHAdd Devices with SSH - WebUIAdd Devices with SSH - CLIConsole ServersAdd Console Servers - WebUIAdd Console Server Ports - WebUIAdd Console Servers - CLIAdd Console Server Ports - CLIKVM SwitchesAdd KVM Switches - WebUIAdd KVM Switch Ports - WebUIAdd KVM Switches - CLIAdd KVM Switch Ports - CLIRack PDU's Rack PDUs - WebUIAdd Rack PDU - CLICisco UCSAdd Cisco UCS - WebUIAdd Cisco UCS - CLINetappAdd Netapp - WebUIAdd Netapp - CLIInfraboxAdd Infrabox - WebUIAdd Infrabox - CLIVirtual MachinesAdd VMWare Virtual Machines - WebUIAdd VMWare Virtual Machines - CLIAdd KVM Virtual Machines - WebUIAdd KVM Virtual Machines - CLIAuto-DiscoveryAuto Discovery of Console Server and KVM Switch PortsAuto Discovery of Console Server and KVM Switch ports - WebUIAuto Discovery of Console Server and KVM Switch ports - CLIAuto Discovery of Network DevicesAuto Discovery of Network Devices - WebUIAuto Discovery of Network Devices - CLIAuto Discovery of Virtual MachinesAuto Discovery of Virtual Machines - WebUIAuto Discovery of Virtual Machines - CLIAuto Discovery of DHCP ClientsAuto Discovery of DHCP Clients - Web UIAuto Discovery of DHCP Clients - CLIDevice SettingsHostname DetectionConfigure Hostname DetectionGlobal Settings for Hostname DetectionCreate a Probe or MatchMulti SessionsBreak SignalEscape SequencesDisable User Authentication SSH / Telnet PortBinary SocketIP AliasesLocationWeb URLIconModeExpirationDevice State DetectionSerial DevicesIP DevicesRun Custom Scripts on Device Status ChangeData LoggingEvent LoggingAlert Strings and Custom ScriptsCustom FieldsCommands and Custom CommandsTree View SettingsDevice TypesPreferencesPower Menu PreferencesSession PreferencesTrackingOpen SessionsEvent ListSystem UsageDiscovery LogsNetwork StatisticsDevice StatisticsSchedulerSystemLicensesSystem PreferencesAddress LocationSession Idle TimeoutLogin logo imageLogin BannerUtilization RateConsole PortPower SuppliesNetwork Boot (PXE)Date and TimeLoggingCustom FieldsDial-Up System MaintenanceShutdown and RebootSoftware UpgradeFactory ResetSystem Configuration ChecksumLoad System CertificateNetwork ToolsBackup and RestoreSave SettingsRestore SettingsNetworkSettingsHostname and Domain NameNetwork FailoverIP ForwardingLoopback AddressNetwork Connection ConfigurationBonding InterfacesEthernet InterfacesMobile Broadband GSM InterfaceVLAN InterfaceWIFI InterfaceWIFI Access PointWIFI ClientWIFI SettingsBridge InterfaceAnalog Modem InterfaceStatic RoutesManual HostnamesDHCP ServerNetwork Switch ConfigurationSwitch InterfacesVLAN ConfigurationUntagged/Access PortsTagged/Trunk PortsBackplane PortsVPNSSL VPNSSL VPN Client SSL VPN SERVERIPSEC VPNAuthentication Methods Pre-shared Keys RSA Keys X.509 Certificates Connection Scenarios Host to Host Host to Site Site to Site Host to Multi Site Site to Multi Site Configuration of IPSec AuthenticationLocal AccountsManage Local UsersHash Format PasswordPassword RulesGroupsManage GroupsCreate a User GroupAdd local users to a groupAssign system permissions and settings to a groupAssign external groupsAssign device permissionsAssign power outlet permissionsExternal Authentication ProviderLDAP and Active DirectoryTACACS +RADIUSKerberosSecurityFirewallServicesActive ServicesManaged DevicesIntrusion PreventionSSHWeb ServiceCryptographic ProtocolsCloudPeers OverviewCloud SettingsEnable CloudAutomatic EnrollmentLicense PoolPeer ManagementAuditing SettingsData LoggingEventsDestinationsFileSyslogSNMP TrapEmail NotificationMonitoringCustomizing a Monitoring TemplateSNMP TemplateIPMI Discovery TemplateEnabling MonitoringDashboardExploring Data PointsCreating a VisualizationLine ChartsArea ChartsCreating a DashboardInspecting a DashboardApplicationsDocker ApplicationsDocker ImagesDocker ContainersApplication LinksNetwork Function VirtualisationAppendixTechnical SupportSubmit a Support TicketUpdates and PatchesConfiguring Virtual Serial Port (vSPC) on VM ServersDC PowerFundamentalsCase of -48VDC supply Case of +48VDC supplyAC PowerSerial Port PinoutSafety Quick Install Guide RoHS Data PersistencySoft RemovalHard Removal - Secure EraseCredits

Introduction

The Nodegrid 4.0 User manual covers the Nodegrid Platform version 4.0 and the supporting units like the Nodegrid Serial Console Series, Nodegrid Services Router and the Nodegrid Bold SR.

Product Overview

Nodegrid Serial Console

Nodegrid Serial Console product line consolidates and manages attached devices via Serial Port Connection including servers, network routers and switches, storage, PDUs, UPSs, and any other device with a serial port.

Nodegrid Serial Console - S Series

NODEGRID SERIAL CONSOLE (S Series) is made to fit any modern and legacy mixed environment. With auto-sensing ports, you can use the S Series Console Servers within any environment whether using straight through cables or with legacy adapters.

Hardware Specifications

ItemDescription
CPUIntel x86_64 dual core CPU
Memory & Storage4 GB of DDR3 DRAM, 32 GB mSATA SSD
Interfaces2 Gigabit (10/100/1000BT) Ethernet interfaces on RJ45 or 2 SFP+ Fiber interfaces compatible with 1GB / 2.5GB / 10GB modules
16, 32, 48 RS-232 serial ports on RJ45 @ 230,400 bps max/port.
1 RS-232 serial console port on RJ45
1 USB 3.0 Host,1 USB 2.0 Host and 12 USB 2.0 Hosts on Type A connector
1 HDMI
PowerSingle/Dual AC 100-240 VAC, 50/60 Hz
Dual DC: 40-63 VDC
Power consumption 45 W typical
PhysicalFront-Rear mounting brackets
Size (L x W x H): 443 x 312 x 43 mm (17.4 x 12.3 x 1.7 in), 1U
Weight: 4.9 kg (10.8 lb), depending on options
Front-to-Back or Back-to-Front Fans (Swappable)
EnvironmentalOperation: 0 to 50° C (32 to 122° F), 20-90% RH, non-cond.
Storage: -20 to 67° C (-4 to 153° F), 10-90% RH, non-cond.

Interfaces Front

NSC_S front panel

PortDescription
HDMIHDMI Interface
USBUSB 2.0 Port
PWRPower LED
SYSSystem LED
RSTReset button : <10s system reset, >10s configuration factory reset and system reset
FANFan's
USB1 x USB 2.0 Port, 12 x USB 1.1 Ports

Interfaces Back

NSC_S back panel

PortDescription
PowerSingle or Dual Power Sockets
SerialSerial Interfaces
ETH0/SFP0Network Interface
ETH1/SFP1Network Interface
ConsoleConsole MGMT Interface
USB1 x USB 3.0

Nodegrid Serial Console - R Series

NODEGRID SERIAL CONSOLE (R Series) is made to fit into major hardware environments like Cisco, Arista, Dell, Palo Alto Networks, and Juniper. R Series Serial Consoles are perfect for retrofits and to upgarde Rack Standards of existing builds.

Hardware Specifications

ItemDescription
CPUIntel Atom x86_64 dual core @ 1.75 GHz CPU
Memory & Storage4 GB of DDR3 DRAM, 32 GB mSATA SSD
Interfaces2 Gigabit (10/100/1000BT) Ethernet interfaces on RJ45 or 2 SFP+ Fiber interfaces compatible with 1GB / 2.5GB / 10GB modules
16, 32, 48, 96 RS-232 serial ports on RJ45 @ 230,400 bps max/port.
1 RS-232 serial console port on RJ45
1 USB 3.0 Host and 2 USB 2.0 Hosts on Type A connector
1 HDMI
PowerSingle/Dual AC 100-240 VAC, 50/60 Hz
Dual DC: 40-63 VDC
Power consumption 45 W (on 96 ports)
PhysicalFront-Rear mounting brackets
Size (L x W x H): 443 x 312 x 43 mm (17.4 x 12.3 x 1.7 in), 1U
Weight: 4.9 kg (10.8 lb), depending on options
EnvironmentalOperation: 0 to 50° C (32 to 122° F), 20-90% RH, non-cond.
Storage: -20 to 67° C (-4 to 153° F), 10-90% RH, non-cond.

Interfaces Front

NODEGRID SERIAL CONSOLE (R Series) - Front

PortDescription
HDMIHDMI Interface
USB2 x USB 2.0 Port
PWRPower LED
SYSSystem LED
RSTReset button : <10s system reset, >10s configuration factory reset and system reset

Interfaces Back

NODEGRID SERIAL CONSOLE (R Series) - Rear

PortDescription
PowerSingle or Dual Power Sockets
SerialSerial Interfaces
ETH0/SFP0Network Interface
ETH1/SFP1Network Interface
ConsoleConsole MGMT Interface
USBUSB 3.0

Nodegrid Serial Console - T Series

NODEGRID SERIAL CONSOLE (T Series) is made to fit into environments still utilizing legacy devices, and can be a direct replacement of the legacy console server.

Hardware Specifications

ItemDescription
CPUIntel Atom x86_64 dual core @ 1.75 GHz CPU
Memory & Storage4 GB of DDR3 DRAM, 32 GB mSATA SSD
Interfaces2 Gigabit (10/100/1000BT) Ethernet interfaces on RJ45 or 2 SFP+ Fiber interfaces compatible with 1GB / 2.5GB / 10GB modules
16, 32, 48, 96 RS-232 serial ports on RJ45 @ 230,400 bps max/port.
1 RS-232 serial console port on RJ45
1 USB 3.0 Host and 2 USB 2.0 Hosts on Type A connector
1 HDMI
PowerSingle/Dual AC 100-240 VAC, 50/60 Hz
Dual DC: 40-63 VDC
Power consumption 45 W (on 96 ports)
PhysicalFront-Rear mounting brackets
Size (L x W x H): 443 x 312 x 43 mm (17.4 x 12.3 x 1.7 in), 1U
Weight: 4.9 kg (10.8 lb), depending on options
EnvironmentalOperation: 0 to 50° C (32 to 122° F), 20-90% RH, non-cond.
Storage: -20 to 67° C (-4 to 153° F), 10-90% RH, non-cond.

Interfaces Front

NODEGRID SERIAL CONSOLE (T Series) - Front

PortDescription
HDMIHDMI Interface
USB2 x USB 2.0 Port
PWRPower LED
SYSSystem LED
RSTReset button : <10s system reset, >10s configuration factory reset and system reset

Interfaces Back

NODEGRID SERIAL CONSOLE (T Series) - Rear

PortDescription
PowerSingle or Dual Power Sockets
SerialSerial Interfaces
ETH0/SFP0Network Interface
ETH1/SFP1Network Interface
ConsoleConsole MGMT Interface
USBUSB 3.0

Nodegrid Services Router

The Nodegrid Services Router is a platform appliance designed for software-defined networking (SDN), out of band (OOB) management, DevOps, cellular failover, docker, SD-WAN, remote/branch offices, retail locations, and network function virtualization (NFV) capabilities.

Nodegrid Services Router

NODEGRID SERVICES ROUTER is a modular open platform appliance designed for software-defined networking (SDN), out of band (OOB) management, DevOps, cellular failover, docker, SD-WAN, remote/branch offices, retail locations, and network function virtualization (NFV) capabilities.

Hardware Specifications

ItemDescription
CPUIntel Multi-core x86_64 CPU
Memory & Storage8 GB of DDR4 DRAM, 32 GB mSATA SSD (Factory Upgradeable)
Interfaces2 SFP+ Ethernet
2 Gigabit Ethernet
1 RS-232 serial console port on RJ45
1 USB 3.0
1 USB 2.0
1 HDMI
PowerSingle/Dual AC 100-240 VAC, 50/60 Hz
Dual DC: 36-75 VDC
Power Consumption 90W typical
PhysicalFront-Rear mounting brackets
Size (L x W x H): 438 x 332 x 43mm (17.2 x 13.1 x 1.7 in), 1U
Weight: 4.9 kg (10.8 lb), depending on options
Air Exhaust or Air Intake Fans (Swappable)
EnvironmentalOperation: 0 to 45° C (32 to 113° F), 5-95% RH, non-cond.
Storage: -20 to 67° C (-4 to 153° F), 10-90% RH, non-cond.

Interfaces Front

PortDescription
Slot 1Slot for Module
Slot 2Slot for Module
Slot 3Slot for Module
SFP+ 0Network Interface
SFP+ 1Network Interface
ETH0Network Interface
ETH1Network Interface
ConsoleConsole MGMT Interface
USBUSB 3.0
RSTReset button : <10s system reset, >10s configuration factory reset and system reset

Interfaces Back

PortDescription
Slot 4Slot for Module (depending on the Model)
Slot 5Slot for Module (depending on the Model)
USB2 x USB 2.0 Port
HDMIHDMI Interface
PWRPower LED
SYSSystem LED
FANFan's
Power SocketDual Power Sockets
PowerSingle or Dual Power Sockets

Nodegrid Services Router Expansion Modules

Nodegrid Services Router has up to five slots for modules that provides extreme flexibility for function expansion.

ModulePictureSpecification
16-Port 1GbE
1000BASE-T
Cat5e or better
8-Port SFP+ 10GbE
Supports all SFP+ Modules
8-Port PoE+
25.5W max power per port
Total max 150W PoE+ available
Configurable power budget
16-Port Serial
RJ45 Serial Rolled
port max 230,400 bps
16-Port USB
USB 2.0 interfaces Type A
M.2 Cellular + Antenna
For upto 2x 4G/LTE modems
M.2 SATA
For upto 2x mSATA storage modules
Storage
For 2.5" SATA (HDD/SDD) storage
Compute
Compute module (server on a card), provides independent compute capabilities.

Expansion Module Compatibility Chart

Expansion CardSlot 1Slot 2Slot 3Slot4Slot5
16-Port GbE EthernetSecure Isolated Mode **Secure Isolated Mode **
16-Port Serial
16-Port USB
M.2 Cellular / Wi-Fi
8-Port SFP+Secure Isolated Mode **Secure Isolated Mode **
8-Port POE+
ComputeSecure Isolated Mode **Secure Isolated Mode **
Storage *
M.2 SATA *

Note:

(*) The Nodegrid Services Router supports a maximum of 2 SATA drives, which can be divided into 2 Storage cards or in one M.2 SATA card

(**) The Secure Isolated Mode allows for the managment of the cards as if they would be located in a normal Slot, but the network traffic is isolated from anyother slot.

Nodegrid Bold SR

Nodegrid Bold SR is an open platform appliance designed for secure access and control over remote and IoT devices at the EDGE of your network. Bold SR supports cellular failover, Network Function Virtualization (NFV) and Software Defined Networking with a focus on SD-WAN.

Hardware Specifications

ItemDescription
CPUIntel Multi-core x86_64 CPU
Memory & Storage4 GB of DDR3 DRAM, 32 GB mSATA SSD (Upgradeable)
Interfaces1 Gigabit (10/100/1000BT) Ethernet interfaces on RJ45
4 Gigabit (10/100/1000BT) Ethernet interfaces on RJ45 with Built-in Switch
8 RS-232 serial ports on RJ45
1 RS-232 console port on RJ45
USB 3.0 Host on Type A
2 USB 2.0 Hosts on Type A
1 Wi-Fi – optional
2 Cellular Slots with Dual SIM – Optional
1 VGA port
Power12 VDC via external 100–240 VAC, 50/60 Hz adapter
12 VDC via external 48 VDC adapter
Power consumption 25 W typical
PhysicalFront-Rear mounting brackets
Size (L x W x H): 142 x 201 x 44 mm (5.5 x 7.9 x 1.73 in)
Weight: 1.2 kg (2.6 lb)
EnvironmentalOperation: -20°C to 50°C (-4 to 122° F), 20-90% RH, non-cond.
Storage: -20 to 67° C (-4 to 153° F), 10-90% RH, non-cond.

Interfaces Front

PortDescription
Channel ASignal Strength indicator for Channel A
Channel BSignal Strength indicator for Channel B
ConsoleConsole MGMT Interface
PWRPower LED
SYSSystem LED
Power SwitchPower Switch
RSTReset button : <10s system reset, >10s configuration factory reset and system reset

Interfaces Back


PortDescription
PWR INPower Socket for external Power Supply
MonitorVGA Interface
ETH0Network Interface (WAN)
USB2 x USB 2.0 Port
2 x USB 3.0 Port
ETH1Network Interface (NET)
ETH2Network Interface (NET)
ETH3Network Interface (NET)
ETH4Network Interface (NET)
SerialSerial Interfaces 1-8

Nodegrid Manager

Nodegrid Manager provides you with a unified solution to control compute, network, storage, and smart power assets.

Hardware Requirements

ItemDescription
CPUmin. 2 x Intel Multi-core x86_64 CPU
Memory & Storage4 GB RAM, min 32 GB HDD
Interfacesmin 1 Gigabit Ethernet interface
Supported HypervisorsVMWare ESX, Linux KVM, Oracle Virtualbox -- Linux OS

Installation

Hardware Installation

Please refer to Appendix - Quick Install Guide provided along with the unit in the box for quick instructions on how to start your box.

What's in the Box?

Each unit is shipped with multiple accessories. The below table lists the content of the box.

ModelMounting BracketsPower CablesLoop-Back AdapterConsole AdapterNetwork CableQuickStart Guide & Safety Sheet
Nodegrid Serial Console - T SeriesYesYesLegacy
enter image description here
Z000036YesYes
Nodegrid Serial Console - R Series - TxxRYesYesCisco
enter image description here
Z000015YesYes
Nodegrid Serial Console - S Series - TxxSYesYesLegacy/Cisco
enter image description here
Z000015
Z000036
YesYes
Nodegrid Services RouterYesYesLegacy/Cisco
enter image description here
Z000014
Z000015
YesYes
Nodegrid Bold Services RouterNoExternal Power SupplyLegacy/Cisco
enter image description here
Z000014
Z000015
YesYes

Installation of Modules for Nodegrid Services Router

The Nodegrid Services Router supports different modules. These need to be installed before the unit is powered up. The modules should be installed in an ESD protected environment, to avoid damage to any of the components. To install a card follow the following steps.

Note: The blanking panel should be kept for later use. For thermal efficiency and safety, each unused slot needs to be covered with a blanking panel.

Expansion CardSlot 1Slot 2Slot 3Slot 4Slot 5
16-Port GbE EthernetSecure Isolated Mode **Secure Isolated Mode **
16-Port Serial
16-Port USB
M.2 Cellular / Wi-Fi
8-Port SFP+Secure Isolated Mode **Secure Isolated Mode **
8-Port POE+
ComputeSecure Isolated Mode **Secure Isolated Mode **
Storage *
M.2 SATA *

Note:

(*) The Nodegrid Services Router supports a maximum of 2 SATA drives, which can be divided into 2 Storage cards or in one M.2 SATA card

(**) The Secure Isolated Mode allows for the managment of the cards as if they would be located in a normal Slot, but the network traffic is isolated from anyother slot.

Rack Mounting

All units which are shipped with rack mounting brackets can be mounted to fit in the standard 19" rack. Two rack mounting brackets are provided in the box as outlined in Section (What is in the box). The remainder of this document will refer to "rack or cabinet" as "rack".

Note: Some units are actively cooled by fans, it is important these units are getting properly mounted into the rack, to ensure that the fans blow into the correct direction. The fan direction can be determined from the part number of the unit.

ModelPart NumberCooledAir Flow 
Nodegrid Serial Console - T SeriesNSC-Txx-xxxx-xxxPassiveN/A 
Nodegrid Serial Console - R SeriesNSC-TxxR-xxxx-xxxPassiveN/A 
Nodegrid Serial Console - S SeriesNSC-TxxS-xxxx-xxx-FActiveFront-Back (air in)Nodgrid Serial Console - Front to Back Airflow
Nodegrid Serial Console - S SeriesNSC-TxxS-xxxx-xxx-BActiveBack-Front (air out)Nodgrid Serial Console - Back to Front Airflow
Nodegrid Services RouterNSR-xxxx-xxxActiveFront-Back (air out)Nodgrid Services Router - Back to Front Airflow
Nodegrid Services RouterNSR-xxxx-xxxActiveBack-Front (air in)Nodgrid Services Router - Front to Back Airflow
Nodegrid Bold Services RouterBSR-xx-xxxxPassiveN/A 

Network Connection

Depending on the model and version the unit will either have a minimum of 2 copper ethernet ports or 2 SFP+ ports. Connect the desired network cables (CAT5e, CAT6, CAT6A) from your network switch port to any of the available network ports of the unit. For models with SFP+ ports install the SFP+ module before the unit is turned on and connect the appropriate cables.

Connecting Power Cord(s)

The Nodegrid unit includes one or multiple power supplies (AC or DC). Connect all the power supplies with appropriate cables to an available power source, like a Rack PDU. In case your unit is shipped with one power supply then no redundancy for a power failure is available. unit with two power supplies provides redundancy against power failures. Both power supplies should be connected to two independent power sources.

Note - Nodegrid Services Router with PoE: On the Nodegrid Services Router with PoE support, the 2nd power supply is used to provide power for the PoE feature and can not be used to provide redundancy for a power outage.

After all the power supplies are appropriately connected to a power source turn the power supplies on.

(See Appendix - DC Power for information on the DC power supply ports).

Connecting Target Devices

Connecting Serial Target Devices

Note: To avoid EMC issues use good quality network cable for all port connections.

The cabling and adapters that you may need to use between the unit serial ports and the serial devices’ console port will depend on their pinouts.

Latest serial devices such as routers, switches, and servers will have either a DB9, RJ45 or USB port as their console ports. See the manufacturer’s manual of your serial device console for the port pinout. In case of an RJ45 port console port, it is likely that it will use the Cisco-like pinout.

See table below for cabling you need to use depending on your unit serial ports and Serial Devices’ console port.

ModelPort TypePinoutDevice Port - RJ45 (Legacy)Device Port - RJ45 (Cisco)Device Port - DB9Device Port - USB
Nodegrid Serial Console - T SeriesRJ45LegacyCAT5e cableCAT5e cable plus Z000039 crossover adapterCAT5e cable plus Z000036 crossover adapterUSB
Nodegrid Serial Console - R SeriesRJ45Cisco-CAT5e cableCAT5e cable plus Z000015 crossover adapterUSB
Nodegrid Serial Console - S SeriesRJ45Auto-Sensing (Legacy/Cisco)CAT5e cableCAT5e cableCAT5e cable plus Z000015 crossover adapterUSB
Nodegrid Services RouterRJ45Cisco-CAT5e cableCAT5e cable plus Z000015 crossover adapterUSB
Nodegrid Bold Services RouterRJ45Cisco-CAT5e cableCAT5e cable plus Z000015 crossover adapterUSB

If the serial device’s RJ45 does not have the Cisco-like pinout, or if you have any questions on connecting your serial device to the unit, please contact ZPE Systems Technical Support for assistance.

Connecting IP Target Devices

Note: To avoid EMC issues use good quality network cable for all port connections.

All IP based target device can be either directly connected to a network interface on a Nodegrid unit or through an existing network infrastructure. In case target devices are directly connected, standard network cables (CAT 5, CAT6, CAT6e) can be used for ethernet connections or appropriate fiber cables can be used.

Connecting to a Nodegrid

Connection via Console Port

Use the provided CAT5e and RJ45-DB9 Z000036 adapter/cable to communicate with the Nodegrid unit. Connect one end of the CAT5e cable to the Nodegrid console port. Connect the other end to the RJ45-DB9 adapter, and then plug it to your laptop or PC's DB9 COM port (if your laptop or PC does not have DB9 COM port, use a USB-DB9 adapter (not provided)).

Have a serial application (such as xterm, TeraTerm, Putty, SecureCRT) running on your laptop/PC to open a terminal session to that COM port (see the system information about the COM port to be used) with 115200bps, 8 bits, No parity, 1 stop bit, and no flow control settings.

Connecting via ETH0

The ETH0 interface is by default configured to listen to DHCP requests. In case no DHCP Server is available, the unit will use a default IP address of 192.168.160.10. The unit can be accessed using a browser on https://[DHCP ASSIGNED IP] or on https://192.168.160.10, alternatively, can the unit be accessed with an ssh client.

SettingValue
DHCPenabled
fallback IPyes
Default IP192.168.160.10/24
Default URLhttps://192.168.160.10
Default sshssh admin@192.168.160.10

Connection via Wi-Fi

The Nodegrid is pre-configured to act as a Wi-Fi hotspot in case an appropriate Wi-Fi device is connected. This can either be a built-in Wi-Fi module or a USB Wi-Fi adapter.

The Nodegrid will automatically be presenting a Wi-Fi network with the SSID Nodegrid. The default WPA Shared key is Nodegrid. The Nodegrid will not automatically provide an IP address to clients. Configure the client to have a valid IP address in the 192.168.162.1/24 range. The unit can now be accessed using a browser on https://192.168.162.1 or through ssh.

SettingValue
SSIDNodegrid
WPA Shared keyNodegrid
Default Network192.168.162.1/24
Default URLhttps://192.168.162.1
Default sshssh admin@192.168.162.1

Connection via KVM Port

The Nodegrid unit can be directly configured and managed through it's KVM interfaces. Connect a Monitor with an HDMI cable to the units HDMI interface.

The Nodegrid Bold SR provides a VGA port instead of an HDMI interface.

Note: HDMI to DVI-D adapters can be used and allow the connections of a DVI-D Monitor.

Connect a USB Keyboard and Mouse to the available USB ports.

Note: The keyboard and mouse need to be supported under Linux, Windows only devices are not supported. This limitation mostly affects devices which use a USB wireless dongle.

The login prompt will be presented.

Nodegrid Manager Installation

Nodegrid Manager software is installed from an ISO file. The installation procedure is a three-stage process:

Minimum Requirements

Creating a Virtual Machine - VMWare

enter image description here

enter image description here

enter image description here

Note: the values are minimum settings and should be adjusted as needed

enter image description here

enter image description here

Installing Nodegrid Manager

To install your Nodegrid Manager software:

enter image description here

enter image description here

enter image description here

Initial Network Configuration

After the Nodegrid Platform is turned on, boot messages will be displayed, and the login prompt will be displayed.

The default administrator username is admin and the default password is admin. Admin users can access the Nodegrid Platform via a console port, through the web interface (HTTPS) or CLI (SSH). Other access methods can be enabled.

The superuser is root and the default password is root. The root user has SHELL access to the Linux OS, but not to the Web Interface.

By default, Nodegrid Platform is set up with DHCP IP configuration enabled.

Note: The Nodegrid Platform will respond on ETH0 at 192.168.160.10 if your DHCP server fails or is unavailable.

Identify Current IP Address

To identify the currently assigned IP address/es login to the Nodegrid Platform as admin user and navigate to the Network Connections screen.

Identify Current IP Address - WebUI

Identify Current IP Address - CLI

Example Output:

Define Static IP Address

Note: The below examples use IPv4 for communication. IPv6 is fully supported on the Nodegrid Platform and appropriate settings are available in the same menus.

Define Static IP Address - Web UI

enter image description here

Define Static IP Address - CLI

Example:

Follow the same steps for other interfaces as required.

Interfaces

WebUI

The Nodegrid platform can be accessed via its build in WebUI. The interface allows for full access to all target devices and configuration and management of the platform.

The Web UI supports all modern browsers with HTML5 support including mobile browsers. Regularly tested browsers include Internet Explorer 11, Edge, Chrome and Firefox.

The WebUI provides the following general structure

MenuIconDescription
AccessThe access menu provides easy access for all users to managed devices. It allows users with the appropriate permissions to start sessions, control power and review the device logging details
TrackingThe tracking menu provides an overview of general statistics and system information, like system utilization and serial port statics beside others.
SystemThe system's menu allows administrators to perform general administrative tasks on the Nodegrid Platform, for example, Firmware updates, backups and restores and licenses
NetworkThe Network menu allows access and administration to all network interfaces and features
Managed DevicesThrough this menu can administrators add, configure and remove devices which should be managed through the Nodegrid platform
CloudThe Cloud menu allows administrators to administrate the Nodegrid Cloud feature
SecurityThe Security menu provide configuration options which controls user access and general security of the Nodegrid platform
AuditingThis menu allows administrators to administrate auditing levels and locations as well as some global logging settings.
DashboardThe Dashboard allows users and administrators to create and view dashboards and reports.
ApplicationsThe applications menu is only visible if a valid Virtualisation license is available. With a proper license, it allows administrators to manage and control NFV's and Docker applications

CLI

The Nodegrid platform can be accessed through a CLI interface. The CLI is accessed by connecting to the platform using an ssh client or through its console port. The interface allows for access to all console target sessions and configuration and management of the platform. The CLI structure follows mostly the structure of the WebUI.

The CLI provides the following general structure

FolderDescription
/accessThe access menu provides easy access for all users to managed devices. It allows users with the appropriate permissions to start sessions, control power and review the device logging details
/systemThe folder provides the combined functions of the Tracking and System menu from the web UI. The tracking features provide an overview of general statistics and system information, like system utilization and serial port statics beside others. The system's features allow administrators to perform general administrative tasks on the Nodegrid Platform, for example, Firmware updates, backups and restores and licenses
/settingsThe folder provides access to the system, security, auditing, and managed devices settings and configuration options

While the CLI provides a large number of commands and options, can the general usage of the CLI be broken down to a few basic commands from where a user or administrator can start from.

CLI CommandDescription
TAB TABThe key combination of a double TAB provides a list of all available commands, settings or options which are currently valid
lsThe ls command list the current folder structure
showThe show command when valid will display the current settings in a tabular view
setAll changes and settings are initiated with the set command in the general form of set option=value multiple setting can be combined by providing additional option=value pairs, like set option1=value1 option2=value2
commitMost changes are not directly saved and activated, changes to the configuration can be reviewed with the show command before they get saved and activated with the commit command. That changes are not active yet and require to be saved is indicated in the CLI by a + sign in front of the command promt, like: [+admin@nodegrid /]#
cancel or revertIn case setting should not be committed and saved, the cancel or revert command can be used to revert the changes.

Examples

Shell

The Nodegrid platform provides direct access to the operating systems shell. This access is by default only available to the root user (directly) and admin user (from CLI). It is recommended to review the requirement for shell access and to limit access to it as required. Shell access is provided for advanced use cases and should be used with caution. Changes made to the configuration of the Nodegrid platform through the Shell can have a negative impact on the general workings of the platform.

API

The Nodegrid platform provides a RESTful API, which can be used to read and change and Nodegrid configuration. The API documentation is embedded on Nodegrid and it is available under System > Toolkit > API or from the pull down USER menu at the top right corner of the main WEB page.

API

Note: The API documentation can be found on each Nodegrid platform under https://<Nodegrid IP>/api_doc.html

Device Access

The Access page provides an overview of all available target devices. It allows users to easily connect to managed devices as well as review their current device status and search for target devices. The displayed target devices will be determent by the user's permissions as well as by the current state of Nodegrid Cloud nodes.

Device Sessions

The first view which is available to a user after login into the Web UI is the Access View. This view provides an overview of all available targets to which the user has access to. Each target will indicate its current connection status as well as the available connection types.

Connection Status is:

StateIndicator ColourIconDescription
ConnectedGreenNodegrid can successfully connect to the target device and it is available for sessions
In-UseBlueThe Device is currently in use
DisconnectedOrangeNodegrid could not successfully connect to the target device and it is not available for sessions
UnknownGreyThe connection status is unknown. This is the default state for target devices with the connection mode On-Demand or for new target devices for which the discovery process is not completed.

Device sessions can be directly be started from this location.

Device Sessions - Web UI

A user has multiple options to start a device session from the WebUI. In the Access screen the user will directly see the available target sessions and can start a new session by just clicking on the connection button.

Access View

This will start a new window in which the target session will be established.

At the bottom of the window, the user is presented with buttons which allow the user to further control the target session and target device. The options available will depend on the connection type and device configuration.

OptionsDescription
enter image description hereThe Text Input option allows a user to past larger text items directly into a session.
enter image description hereThe Clipboard options allows to for highlighted lines in the session to be copied out by a user
enter image description hereThe Info option will display the current device details
full_screenThe Fullscreen will expand the window to use the full screen. The session window itself will not expand beyond its maximum size change size
enter image description hereThe Power Off option will perform a power off on the target devices through a connected Rack PDU or IPMI device
enter image description hereThe Power On option will perform a power on on the target devices through a connected Rack PDU or IPMI device
enter image description hereThe Reset option will perform a power cycle on the target devices through a connected Rack PDU or IPMI device
enter image description hereThe Power Status will display the current power status of a device as returned by a connected Rack PDU or IPMI device
enter image description hereThis option closes the currently active session
enter image description hereThe plus sign expands or minimizes the command line options at the bottom of the screen

By closing the window with the session to the target device will be closed.

Device Sessions - CLI

The access view is available in the CLI through the access menu, a user can directly navigate to this menu with cd /access. To see the currently available targets the user can use the command show.

Example:

A device session can be directly started from here with the connect command. Use: connect <target name>

Example:

Note: Only console sessions or sessions which provide a text-based interface can be started from the CLI.

After a connection is established the user use the Escape sequence ^Ec or ^O to further control the session.

Note: the Escape sequences can be changed in the device settings.

The following options are available.

OptionEscape SequenceDescription
.^Ec.disconnect the current session
g^Ecgdisplays the current user group information
l^Eclsends the break signal as defined in the device settings
w^Ecwdisplays the currently connected users
<cr>^Ec<cr>sends a ignore/abort command signal
k^Eckserial port(speed data bits parity stop bits flow)
b^Ecbsends a broadcast message, a message can be typed after the escape sequence sent.
i^Ecidisplays the current serial port information
s^Ecschanges the current session to read-only mode
a^Ecachanges the current session to read-write mode
f^Ecfforces the current session to read-write mode
z^Eczdisconnect a specific connected user session
?^Ec?print this message

Power Control options are available on targets which are connected to a managed Rack PDU or provide power control through IMPI. The power menu can be started with ^O

Device Information

Each device maintained by the Nodegrid platform has a multitude of device information stored in the system. This information is visible to users and fully searchable in the system. This is specifically useful when users are trying to identify specific targets.

The stored information is a combination of automatically discovered values, values which have been set during the device configuration and additional information which have been associated with a device by an administrator.

The device information can be displayed in the Access view for a specific device, by clicking on a target name in the Web UI or by navigating to the device in the CLI.

Display Device Information - Web UI

Device Details

Display Device Information - CLI

Device Views

The WebUI offers multiple ways to view and access target devices. By default, all users have displayed the Table view, which provides easy access to all targets. Other views are available and improve the accessibility or visualization of the current device status easier. The following views are available:

Each user can change the default view which will be displayed after login. For this, the user opens the preferred view and uses the Pin It button. Pin a View

Note: The Table view is the only view which is available on the CLI.

Table View

The table view allows for easy access to all target device and their device sessions. It provides a table view which outlines easily the current status for each device. The view will display all devices currently connected to the unit as well as all other targets which are available through the Cloud feature.

Table View

The view supports filtering the current list by current device status and other search criteria. In order to filter by current device status Click on the device status icons in the top right-hand corner. The following example filters the devices by Connection State (Connected and In-Use)

Device Status Filter

More advanced search options are available through the Search field. See Device Search for more details.

Tree View

The Tree view displays all targets based on the physical hierarchies of the Nodegrid setup and allows to start connections for each target. It allows for easy access to targets devices based on their location, like Nodegrid name, city name, data center name, row and rack, and others. The View section offers filters, based on location and device types.

Tree View

More advanced search options are available through the Search field. See Device Search for more details.

Node View

The Node View arranges all target devices around their connected Nodegrid units and makes it easy to get a complete overview of all targets and Nodegrid units in a Cloud. The View allows access to target device information and connections by clicking on the target nodes.

Access Node View

More advanced search options are available through the Search field. See Device Search for more details.

Map View

The Map View allows you to see the current status of your devices on a global map to get a complete overview of all targets and Nodegrid units in a Cloud. The Map View allows displaying precise location details down to a building level. The View allows accessing target device information and connections by clicking on the target nodes.

Global View

Global View

Street View

Street View

More advanced search options are available through the Search field. See Device Search for more details.

Image View

The Image View allows customers to display a custom view of there Nodegrid units and target devices and associated information. The implementation requires Professional Services implementation. Contact Customer Support support@zpesystem.com for additional information.

Search

The Nodegrid Platform provides advanced search capabilities which allow users to easily search and access the information and target devices they require.

Device Search

The Device Search is available on all Device views and provides an easy method to search and filter the Target devices in each view.

The Device Search can be accessed in the WebUI through the search field in the top left-hand corner of each view and on the CLI with the search command in the access menu. The NodeIQ™ Natural Language Search allows users to search for device property fields, including custom fields. This function works naturally with stand-alone units as well across all Nodegrid units in a Cloud configuration. The System automatically updates all the information about device changes and newly added devices and their properties in the background.

The Search filed supports the following keywords:

KeywordDescription
[Search String]a search string which represents part of or a compleat string to be searched for
ANDCombines multiple search strings with an AND
ORCombines multiple search strings with an OR. Default search behaviour for more than one search string
NOTAny targets matching the search string will NOT be returned
[Field Name]Allows limit of the Search String to a specific Field Name

Note: The keywords AND, OR and NOT are case sensitive. and, or, not will be identified as search strings.

To search for standard and custom field data (including groups, such as “admin” group), IP addresses or a specific device, follow the examples below:

Example with AND

“PDU AND IPMI”

Search AND

Example with OR

"PDU OR IPMI"

Search OR

"PDU IPMI"

Search OR

Example with NOT

"PDU AND NOT IPMI"

Search NOT

Example with Field Name

"name:PDU"

Search Field Name

Global Search

A Global Search option is available in the WebUI. The Search field is located at the top of the screen beside the current user information and logs out option. The global search works in the same way as the Device Search and supports the same keywords. The Search is available from all screens and allows easy access to all target devices and target sessions.

Device Management (Managed Devices)

The Managed Devices Section allows users to configure, create and delete target devices. The Nodegrid Platform supports target devices which are connected through a serial, USB, or network connection. The following protocols are currently supported for network-based devices Telnet, SSH, HTTP/S, IMPI variations and SNMP.

The user has multiple options to enable or create and new target devices. They can be manually enabled/created or can be discovered.

Each managed device added in the system uses one license from the pool. Each unit is shipped with enough perpertual licenses to cover the amount of physical ports and no further licenses are required to utilize the physical ports. Additional licenses can be added to a unit to allow it to manage additional devices. If licenses expire or are deleted from the system, the devices exceeding the total licenses will have their status changed to “unlicensed”. While their information will be retained in the system, the unlicensed devices will not show up in the access page preventing the user from connecting to them. Only licensed devices are listed on the access page and are available for access and management. The top right corner of the Managed Devices view shows the total licenses in the system, total in use and total available licenses. See Licenses for more details.

The Nodegrid platform supports the following managed device types.

Configuration of Managed Devices

New devices can be added to the Devices menu. The menu offers the options to:

To perform any of these tasks either click on the button or select first a device and then click the button in the WebUI or use the command in the CLI.

WebUI Enable Port 1 exampleEnable Port

CLI rename port 2 example

Serial Devices

The Nodegrid Platform supports RS-232 Serial connections thought the available Serial and USB interfaces. The ports are automatically detected and displayed in the Devices menu and can directly be used. Each port needs to be enabled and configured to provide access to the target device.

Before configuring the Nodegrid port check the console port settings of the target device with the manufacturer. Most devices use settings of 9600,8,N,1,N which is the default for the port

The Nodegrid Console Server S Series support advanced auto-detection which simplify the configuration process, by automatically detecting the cable pinout (Legacy and Cisco) and connection speed.

Configure Serial Devices - WebUI

Console Port Settings

Configure Serial Devices - CLI

Service Processor Devices

The Nodegrid platform supports multiple IPMI based Service Processors like IPMI 1.5, IMPI 2.0, Hewlett Packard ILO's, Oracle/SUN iLOM's, IBM IMM's, Dell DRAC and iDRAC.

In order to manage these devices, the Nodegrid requires a valid network connection to the target device. This can be through a dedicated network interface on the Nodegrid itself or through an existing network connection.

The Nodegrid supports the following features for Service Processors.

Note: Some features might not be available depending on the Service Processor capabilities.

For console access via SOL, you must also enable BIOS console redirect and OS console redirect (typically for Linux OS) on the server.

Add Service Processor Devices - WebUI

Service Processor Settings

Add Service Processor Devices - CLI

[admin@nodegrid /]# cd /settings/devices
[admin@nodegrid devices]# add
[admin@nodegrid {devices}]# set name=IPMI
[admin@nodegrid {devices}]# set type=ipmi_2.0
[admin@nodegrid {devices}]# set ip_address=192.168.10.11
[admin@nodegrid {devices}]# set credential=ask_during_login

or

[admin@nodegrid {devices}]# set credential=set_now
[admin@nodegrid {devices}]# set username=admin password=admin

[admin@nodegrid {devices}]# commit

Devices with SSH

The Solution supports the management of target devices through SSH. The Nodegrid supports the following features for these devices:

Add Devices with SSH - WebUI

Console Server Settings

Add Devices with SSH - CLI

[admin@nodegrid /]# cd /settings/devices
[admin@nodegrid devices]# add
[admin@nodegrid {devices}]# set name=Device_Console_SSH
[admin@nodegrid {devices}]# set type=device_console
[admin@nodegrid {devices}]# set ip_address=192.168.10.252
[admin@nodegrid {devices}]# set credential=ask_during_login

or

[admin@nodegrid {devices}]# set credential=set_now
[admin@nodegrid {devices}]# set username=admin password=admin

[admin@nodegrid {devices}]# commit

Console Servers

The Solution supports multiple 3rd party Console Servers from different vendors, including console servers from Avocent and Servertech. These devices can be added to the Nodegrid Platform and the system will then allow using the connected targets as if they would have been directly connected to a Nodegrid appliance. Adding 3rd party Console Servers is a two-step process, in the first step the 3rd party appliance is added to the Nodegrid and in a 2nd step, all enabled ports will be added to the platform.

The Nodegrid supports the following features for these devices:

Add Console Servers - WebUI

Console Server

Add Console Server Ports - WebUI

Note: Ports can be automatically detected and added see Auto Discovery Section for details

Console Server Port

Add Console Servers - CLI

[admin@nodegrid /]# cd /settings/devices
[admin@nodegrid devices]# add
[admin@nodegrid {devices}]# set name=Console_Server
[admin@nodegrid {devices}]# set type=console_server_acs6000
[admin@nodegrid {devices}]# set ip_address=192.168.2.151
[admin@nodegrid {devices}]# set end_point = appliance
[admin@nodegrid {devices}]# set credential=ask_during_login

or

[admin@nodegrid {devices}]# set credential=set_now
[admin@nodegrid {devices}]# set username=admin password=admin

[admin@nodegrid {devices}]# commit

Add Console Server Ports - CLI

Note: Ports can be automatically detected and added see Auto Discovery Section for details

[admin@nodegrid /]# cd /settings/devices
[admin@nodegrid devices]# add
[admin@nodegrid {devices}]# set name=Console_Server_Port_5
[admin@nodegrid {devices}]# set type=console_server_acs6000
[admin@nodegrid {devices}]# set ip_address=192.168.2.151
[admin@nodegrid {devices}]# set end_point = serial_port
[admin@nodegrid {devices}]# set port_number = 5
[admin@nodegrid {devices}]# set credential=ask_during_login

or

[admin@nodegrid {devices}]# set credential=set_now
[admin@nodegrid {devices}]# set username=admin password=admin

[admin@nodegrid {devices}]# commit

KVM Switches

The Solution supports multiple 3rd party KVM Switches from different vendors, including products from Avocent and Raritan. These devices can be added to the Nodegrid Platform and the system will then allow using the connected targets as if they would have been directly connected to a Nodegrid appliance. Adding 3rd party KVM Switches is a two-step process, in the first step the 3rd party appliance is added to the Nodegrid and in a 2nd step, all enabled ports will be added to the platform.

The Nodegrid supports the following features for these devices:

Add KVM Switches - WebUI

KVM Switch

Add KVM Switch Ports - WebUI

Note: Ports can be automatically detected and added see Auto Discovery Section for details

KVM Switch Port

Add KVM Switches - CLI

[admin@nodegrid /]# cd /settings/devices
[admin@nodegrid devices]# add
[admin@nodegrid {devices}]# set name=KVM_Switch
[admin@nodegrid {devices}]# set type=kvm_aten
[admin@nodegrid {devices}]# set ip_address=192.168.2.151
[admin@nodegrid {devices}]# set end_point = appliance
[admin@nodegrid {devices}]# set credential=ask_during_login

or

[admin@nodegrid {devices}]# set credential=set_now
[admin@nodegrid {devices}]# set username=admin password=admin

[admin@nodegrid {devices}]# commit

Add KVM Switch Ports - CLI

Note: Ports can be automatically detected and added see Auto Discovery Section for details

[admin@nodegrid /]# cd /settings/devices
[admin@nodegrid devices]# add
[admin@nodegrid {devices}]# set name=Console_Server_Port_5
[admin@nodegrid {devices}]# set type=kvm_aten
[admin@nodegrid {devices}]# set ip_address=192.168.2.151
[admin@nodegrid {devices}]# set end_point = kvm_port
[admin@nodegrid {devices}]# set port_number = 1
[admin@nodegrid {devices}]# set credential=ask_during_login

or

[admin@nodegrid {devices}]# set credential=set_now
[admin@nodegrid {devices}]# set username=admin password=admin

[admin@nodegrid {devices}]# commit

Rack PDU's

The Solution supports multiple 3rd party Rack PDUs from different vendors, including products from Avocent, Raritan, and Servertech. These devices can be added to the Nodegrid Platform and the system will then allow users to connect to the Rack PDU and control the power outlets should this function be supported by the Rack PDU. Outlets can then be associated to specific target devices, which allows users to directly control the specific power outlets for this target device.

The Nodegrid supports the following features for these devices:

Note: The Power Control feature needs to be supported by the Rack PDU. Check the manual of the Rack PDU if the feature is available on a specific model.

Rack PDUs - WebUI

Rack PDU

Note: By default will Nodegrid communicate with the Rack PDU using ssh/telnet. The reaction time of Rack PDUs using these interface is typically very slow. It is therefore recommended to use SNMP for the communication with the Rack PDU if possible.

Rack PDU - Commands

Rack PDU - Commands - Outlets

Note: Use SNMP details which provide read and write access. With Read-Only credentials can the Nodegrid Platform not control the power outlets.

Rack PDU - Managment

Add Rack PDU - CLI

Note: By default will Nodegrid communicate with the Rack PDU using ssh/telnet. The reaction time of Rack PDUs using these interface is typically very slow. It is therefore recommended to use SNMP for the communication with the Rack PDU if possible.

Note: Use SNMP details which provide read and write access. With Read-Only credentials can the Nodegrid Platform not control the power outlets.

[admin@nodegrid /]# cd /settings/devices
[admin@nodegrid devices]# add
[admin@nodegrid {devices}]# set name=Rack_PDU
[admin@nodegrid {devices}]# set type=pdu_servertech
[admin@nodegrid {devices}]# set ip_address=192.168.2.39
[admin@nodegrid {devices}]# set credential=ask_during_login

or

[admin@nodegrid {devices}]# set credential=set_now
[admin@nodegrid {devices}]# set username=admin password=admin

[admin@nodegrid {devices}]# commit
[admin@nodegrid /]# cd /settings/devices/Rack_PDU/commands/outlet
[admin@nodegrid outlet]# set protocol=snmp
[admin@nodegrid outlet]# cd /settings/devices/Rack_PDU/management/
[admin@nodegrid management]# set snmp=yes
[+admin@nodegrid management]# snmp_version = v2
[+admin@nodegrid management]# snmp_commmunity = private
[+admin@nodegrid management]# commit

Cisco UCS

The Solution supports the management of Cisco UCS through there Console Ports as well as there management interfaces. The Nodegrid supports the following features for these devices:

Add Cisco UCS - WebUI

Cisco UCS

Add Cisco UCS - CLI

Netapp

The Solution supports a management of Netapp appliances through there management interfaces. The Nodegrid supports the following features for these devices:

Add Netapp - WebUI

Netapp

Add Netapp - CLI

[admin@nodegrid /]# cd /settings/devices
[admin@nodegrid devices]# add
[admin@nodegrid {devices}]# set name=Netapp
[admin@nodegrid {devices}]# set type=netapp
[admin@nodegrid {devices}]# set ip_address=192.168.10.250
[admin@nodegrid {devices}]# set credential=ask_during_login

or

[admin@nodegrid {devices}]# set credential=set_now
[admin@nodegrid {devices}]# set username=admin password=admin

[admin@nodegrid {devices}]# commit

Infrabox

The Solution supports the Smart Access Control for Rack's solution appliances (Infrabox) from InfraSolution. The Nodegrid supports the following features for these devices:

Note: Communication to the appliances requires SNMP to be configured on the appliances

Add Infrabox - WebUI

Infrabox

Infrabox

Add Infrabox - CLI

[admin@nodegrid /]# cd /settings/devices
[admin@nodegrid devices]# add
[admin@nodegrid {devices}]# set name=Infrabox
[admin@nodegrid {devices}]# set type=infrabox
[admin@nodegrid {devices}]# set ip_address=192.168.10.250
[admin@nodegrid {devices}]# set credential=ask_during_login

or

[admin@nodegrid {devices}]# set credential=set_now
[admin@nodegrid {devices}]# set username=admin password=admin

[admin@nodegrid {devices}]# commit

[admin@nodegrid outlet]# cd /settings/devices/Infrabox/management/
[admin@nodegrid management]# set snmp=yes
[+admin@nodegrid management]# snmp_version=v2
[+admin@nodegrid management]# snmp_commmunity=private
[+admin@nodegrid management]# commit

Virtual Machines

The solution supports the management of VMWare virtual machines as well a KVM Virtual Machines. The Nodegrid supports the following features for these devices:

The system supports connection to ESX directly or VSphere servers. In case a connection is made directly the ESX server has to support the "vCenter agent for VMware Host" feature, which can be abled through a ESX server license. To check if the ESX server supports this feature, login to the ESX host and navigate to the License Feature section. Here are the available licenses and features listed which are supported by the host.

VMWare License

Note : In order to utilize the vSPC option with VMWare virtual machines the port needs to be configured on the Virtual Machine. See Appendix A: Configuring Virtual Serial Port (vSPC) on VM Servers

Add VMWare Virtual Machines - WebUI

VM Manager.png

Add VMWare Virtual Machines - CLI

[admin@nodegrid /]# cd /settings/auto_discovery/vm_managers/
[admin@nodegrid vm_managers]# add
[admin@nodegrid {vm_managers}]# set vm_server=VCenter
[admin@nodegrid {vm_managers}]# set username=admin
[admin@nodegrid {vm_managers}]# set password=password
[admin@nodegrid {vm_managers}]# commit

[admin@nodegrid /]# cd /settings/devices
[admin@nodegrid devices]# add
[admin@nodegrid {devices}]# set name=Virtual_Machine
[admin@nodegrid {devices}]# set type=virtual_console_vmware
[admin@nodegrid {devices}]# set ip_address=192.168.2.151
[admin@nodegrid {devices}]# set vm_manager=192.168.10.11
[admin@nodegrid {devices}]# commit

Add KVM Virtual Machines - WebUI

Add KVM Virtual Machines - CLI

[admin@nodegrid /]# cd /settings/devices
[admin@nodegrid devices]# add
[admin@nodegrid {devices}]# set name=virtual_machine_kvm
[admin@nodegrid {devices}]# set type=virtual_console_vmware
[admin@nodegrid {devices}]# set ip_address=192.168.10.11
[admin@nodegrid {devices}]# set username=root
[admin@nodegrid {devices}]# set password=password
[admin@nodegrid {devices}]# commit

Auto-Discovery

The Nodegrid Platform is able to automatically discover and add network devices, enabled ports on console servers, KVM switches and Virtual Serial Ports (VMWare) and Virtual Machines (VMWare).

This feature clones discovered devices from existing devices matching their profile and build dynamic access groups. For best results with this feature, make sure the device to be used as a reference in the cloning process is correctly configured. Verify that username, password and IP address are correct by accessing the device. Verify that the data logging and event logging settings are correct by auditing the log files. Verify that events are being detected based on data logging and event logging by simulating events and checking if any notification was created. Verify that the device is in the desirable authorization group with correct access rights.

The Auto Discovery follows the below general process:

Note: For each target device type a template device needs to be created.

Discover Now

Auto Discovery of Console Server and KVM Switch Ports

The Auto Discovery process can be used to automatically add and configure managed devices for 3rd party console server ports and KVM Switch ports. The process will discover all enabled ports on a managed appliance. The Console Server appliance and KVM Switches can be discovered using the Network Devices process see Auto Discovery of Network Devices.

Auto Discovery of Console Server and KVM Switch ports - WebUI

Create Template Device - Console Server

Discovery Rules - Console Server

Auto Discovery Console Server Result

Auto Discovery of Console Server and KVM Switch ports - CLI

Auto Discovery of Network Devices

Network appliances can be automatically discovered and added to the Nodegrid Platform. This includes appliances which support Telnet, SSH, ICMP, Console Servers, KVM Switches or IMPI protocols besides others. Appliances can be discovered through 3 separate method's, which can be combined or used independently:

Auto Discovery of Network Devices - WebUI

Create Template Device Network

Network Scan

Discovery Rule Network

Auto Discovery of Network Devices - CLI

[admin@nodegrid /]# cd /settings/devices
[admin@nodegrid devices]# add
[admin@nodegrid {devices}]# set name=Network_Template
[admin@nodegrid {devices}]# set type=device_console
[admin@nodegrid {devices}]# set ip_address=127.0.0.1
[admin@nodegrid {devices}]# set credential=ask_during_login

or

[admin@nodegrid {devices}]# set credential=set_now
[admin@nodegrid {devices}]# set username=admin password=admin

[admin@nodegrid {devices}]# set mode=disabled
[admin@nodegrid {devices}]# commit

[admin@nodegrid /]# cd /settings/auto_discovery/network_scan/
[admin@nodegrid network_scan]# add
[+admin@nodegrid {network_scan}]# set scan_id=SSH_Console
[+admin@nodegrid {network_scan}]# set ip_range_start=192.168.10.1
[+admin@nodegrid {network_scan}]# set ip_range_end=192.168.10.254
[+admin@nodegrid {network_scan}]# set enable_scanning=yes
[+admin@nodegrid {network_scan}]# set similar_devices=yes
[+admin@nodegrid {network_scan}]# set device= network_template
[+admin@nodegrid {network_scan}]# set port_scan=yes
[+admin@nodegrid {network_scan}]# set port_list=22
[+admin@nodegrid {network_scan}]# set ping=no
[+admin@nodegrid {network_scan}]# set scan_interval=100
[+admin@nodegrid {network_scan}]# commit

[admin@nodegrid /]# cd /settings/auto_discovery/discovery_rules/
[admin@nodegrid discovery_rules]# add
[admin@nodegrid {discovery_rules}]# set rule_name=Network_Scan
[admin@nodegrid {discovery_rules}]# set status=enabled
[admin@nodegrid {discovery_rules}]# set method=network_scan
[admin@nodegrid {discovery_rules}]# set scan_id=SSH_Console
[admin@nodegrid {discovery_rules}]# set action=clone_mode_enabled
[admin@nodegrid {discovery_rules}]# set clone_from=Network_Template
[admin@nodegrid {discovery_rules}]# commit

Auto Discovery of Virtual Machines

Virtual Machines which are managed by VMWare VCenter or run on ESXi can be discovered and managed. The process will regularly scan VCenter or the ESXi host and detect newly added Virtual Machines. The virtual machines can either be added as type virtual_console_vmware or virtual_serial_port. See Appendix A: Configuring Virtual Serial Port (vSPC) on VM Servers

Note: ESXi free version is not supported.

Auto Discovery of Virtual Machines - WebUI

Create Template Device VM

Discovery Rule VM

VM Manager

VM Manager Discover VMs

Auto Discovery of Virtual Machines - CLI

[admin@nodegrid /]# cd /settings/devices
[admin@nodegrid devices]# add
[admin@nodegrid {devices}]# set name=Virtual_Machine_Template
[admin@nodegrid {devices}]# set type=virtual_console_vmware
[admin@nodegrid {devices}]# set ip_address=192.168.2.151
[admin@nodegrid {devices}]# set mode=disabled
[admin@nodegrid {devices}]# commit

[admin@nodegrid /]# cd /settings/auto_discovery/discovery_rules/
[admin@nodegrid discovery_rules]# add
[admin@nodegrid {discovery_rules}]# set rule_name=Virtual_Machine
[admin@nodegrid {discovery_rules}]# set status=enabled
[admin@nodegrid {discovery_rules}]# set method=vm_manager
[admin@nodegrid {discovery_rules}]# set action=clone_mode_enabled
[admin@nodegrid {discovery_rules}]# set clone_from=Vitual_Machine_Template
[admin@nodegrid {discovery_rules}]# commit

Auto Discovery of DHCP Clients

The Nodegrid Platform can be used as a DHCP Server for Clients within the management network. These devices can be automatically discovered and added to the Nodegrid platform. This feature only supports DHCP Clients which receive their DHCP lease from the local Nodegrid platform, see DHCP Server for details on how to setup the DHCP Server feature.

Auto Discovery of DHCP Clients - Web UI

Create Template Device Network

After the rule was created will device be automatically added to the system as soon as they receive an DHCP address or renew there DHCP address lease, default value for the address lease renewal is every 10min.

Auto Discovery of DHCP Clients - CLI

[admin@nodegrid /]# cd /settings/devices
[admin@nodegrid devices]# add
[admin@nodegrid {devices}]# set name=Network_Template
[admin@nodegrid {devices}]# set type=device_console
[admin@nodegrid {devices}]# set ip_address=127.0.0.1
[admin@nodegrid {devices}]# set credential=ask_during_login

or

[admin@nodegrid {devices}]# set credential=set_now
[admin@nodegrid {devices}]# set username=admin password=admin

[admin@nodegrid {devices}]# set mode=disabled
[admin@nodegrid {devices}]# commit

Device Settings

Most devices support additional configuration options and settings. This section will explain these settings and how they can be configured.

Hostname Detection

This feature allows the automatic discovery of a target devices hostnames (network or serial), base on its login prompt, promt or a banner.

By default, it has already some probes and matches for most of following devices types: PDUs, NetApp, Console Servers, Device Consoles, and Service Processors.

Nodegrid will send the first probe, and wait for a match. If there is no match, it will send the second probe, and so on. Once there is a match, the probing stops for that device.

Configure Hostname Detection

In most case the only configuration required is to enable the feature on the target device. For this navigate to the device in the Managed Devices (WebUI) or settings/devices/ (CLI) section and enable the feature.

WebUI

enter image description here

CLI

[admin@nodegrid /]# /settings/devices/Device_Console_Serial/access/
[admin@nodegrid /]# set enable_hostname_detection=yes
[+admin@nodegrid /]# commit
Global Settings for Hostname Detection

Futher, to enabling the feature for each target device can the following settings be adjusted under Managed Devices:Auto Discovery:Hostname Detection (WebUI) or /settings/auto_discovery/hostname_detection (CLI)

The following global settings can be configured

General Settings

image-20181220165117418

Create a Probe or Match

WebUI

Note: For Matches RegEx expressions are allowed. Use the variable %H to indicate the loaction of the hostname

image-20181220172352407

CLI

Multi Sessions

Multisessions allow multiple users to access the same device at the same time. All users will be able to see the same output. By default the first user has read-write access, all other users have read access to the session. By enabling the option Read-Write Multisession can this behavior be changed so that all connected users have read-write access to the session. In this case only one user at a time has write access, the system automatically switches to the first user who is trying to enter keystrokes in the session.

It is possiable to see during a session all connected users through the console session menu (see: Break Signal). This feature is available for device console sessions.

WebUI

enter image description here

CLI

Break Signal

This options allows users to send a break signal via the ssh console session. The function can be enabled on a per device basis and the break sequence be set.

image-20181220175037283

WebUI

CLI

[admin@nodegrid /]# /settings/devices/Device_Console_Serial/access/
[admin@nodegrid /]# set enable_send_break=yes
[+admin@nodegrid access]# set break_sequence=~break
[+admin@nodegrid access]# commit

Escape Sequences

Escape Sequences allow users to esacpe from the current session and to bring up a menu or to directly perform specific tasks like bring up the power menu.

The Nodegrid supports two escape sequences. One for the normal session menu and secound for the power menu which allows for direct power controll of a target device if this is setup accordingly. (See: Power Control)

Both escape sequences are preset with a default value which can be changed if needed.

 Default Sequence 
Escape Sequence^EcCTRL+SHIFT+E c
Power Control Key^OCTRL+SHIFT+O

WebUI

image-20181221151051874

CLI

[admin@nodegrid /]# /settings/devices/Device_Console_Serial/access/
[admin@nodegrid /]# set escape_sequence=^Ec
[+admin@nodegrid access]# set power_control_key=^O
[+admin@nodegrid access]# commit

Disable User Authentication

By default when accessing a target device, the user has to authenticate first against the Nodegrid unit and is then connected through to the device. If this is not required for a specific reason then this features allows to disable the Nodegrid authentication for the specific devices.

Note: This will disable any Nodegrid authentication methond for this device. Ensure that appropiate authentication menchanism are setup on the target device.

WebUI

CLI

[admin@nodegrid /]# /settings/devices/Device_Console_Serial/access/
[admin@nodegrid /]# set skip_authentication_to_access_device=yes
[+admin@nodegrid access]# commit

SSH / Telnet Port

This features allows administrors to define a specific ssh or telnet port for target devices.

By default each target device has a unique telnet port assign which uses port 7000 as basis port plus the port number. For ssh connections the default port will be used for all connections by default.

SSH and Telnet ports ports can be adjusted as needed.

WebUI

image-20181221174307315

CLI - SSH

CLI - Telnet

[admin@nodegrid /]# /settings/devices/Device_Console_Serial/access/
[admin@nodegrid /]# set allow_ssh_protocol=yes
[+admin@nodegrid access]#set ssh_port=17001
[+admin@nodegrid access]#set allow_telnet_protocol=yes
[+admin@nodegrid access]#set telnet_port=7001
[+admin@nodegrid access]#commit 

Binary Socket

The Binary Socket Feature allows for 3rd party systems to directly access the device as if it would be physically connected. Singals will be transmitted directly and will not be encapsulated in the telnet or ssh protocol. A specific port needs to be assigned.

WebUI

image-20190117170600932

CLI

[admin@nodegrid /]# /settings/devices/Device_Console_Serial/access/
[admin@nodegrid /]# set allow_binary_socket=yes
[+admin@nodegrid access]#set tcp_socket_port=15001
[+admin@nodegrid access]#commit

IP Aliases

Console sessions can be started from the WebUI, CLI or directly through a ssh/telnet client. In case a ssh client is used the default method to access a specific target device is to pass the target device name through as a parameter.

Port Aliases allow users to connect instead to a target device by utilising a IP Addresses. Each IP Alias supports the definition of a telnet and binary port as desired

The Nodegrid solution supports the allocation of upto 2 IP address alias for each target device. The feature supports IPv4 as well as IPv6 Addresses.

WebUI

image-20181221172205059

CLI

[admin@nodegrid /]# /settings/devices/Device_Console_Serial/access/
[admin@nodegrid /]# set enable_ip_alias=yes
[+admin@nodegrid access]#set ip_alias=192.168.10.249
[+admin@nodegrid access]#set interface=eth0
[+admin@nodegrid access]#set ip_alias_telnet=yes
[+admin@nodegrid access]#set ip_alias_telnet_port=23
[+admin@nodegrid access]#set ip_alias_binary=no
[+admin@nodegrid access]#set ip_alias_binary_port=15001
[+admin@nodegrid access]#commit

Location

Each Device can be assosiated with a location. The location details are used to display the device and its status on the map view.

The location can be defined through address details or directly through Longitude and Latitude values. In case the location values are provided through an address dose the unit require a internet connection, for the translation into longitude and latitude.

WebUI

image-20190118140447712

CLI

Note: The CLI dose not support the function to look up a address and convert it to valid latitude and longitude coordinates.

[admin@nodegrid /]# /settings/devices/Device_Console_Serial/access/
[admin@nodegrid /]# set coordinates="37.5418582,-121.9750624"
[+admin@nodegrid access]#set address_location="46757 Fremont Blvd, Fremont, CA 94538, USA"
[+admin@nodegrid access]#commit

Web URL

A Web URL can be defined for each device. The URL will be used for the Web command which is available for each device by default.

The defaut URL defined for all IP based sessions is http://%IP where by %IP will be replaced by the IP Address values defined for each device.

By default will the URL be opened inside a HTML5 frame which is forwarded to the client. This allows to pass through unsewcured device web interfaces without exposing the devices to the network.

This can be controlled by disabling the feature Launch URL via HTML5

WebUI

image-20190118140524830

CLI

[admin@nodegrid /]# /settings/devices/Device_Console_Serial/access/
[admin@nodegrid /]#set web_url="https://%IP"
[+admin@nodegrid access]#set launch_url_via_html5=yes
[+admin@nodegrid access]#commit

Icon

For each device can a icon be defined, which reptresents its device type.

WebUI

image-20190118140628532

CLI

[admin@nodegrid /]# /settings/devices/Device_Console_Serial/access/
[admin@nodegrid /]#set icon=switch.png
[+admin@nodegrid access]#commit

Mode

The device Mode defines how the device is managed by the Nodegrid platform and how the device status is confirmed. The system supports 4 different modes.

ModeDescription
DisabledIn this mode is a device disabled. No sessions can be opened to it and Nodegrid dose not check if the device is reachable.
EnabledIn this mode is a device enabled and sessions can be started. Nodegrid activly checks if a device is reachable.
On-DemandIn this mode is a device enabled and session can be started. Nodegrid dose not check if a device is reachable
DiscoveredIn this mode is a device disabled. No sessions can be opened to it and Nodegrid dose not check if the device is reachable. This mode indicates that the device was added to the system through a discovery process.

WebUI

image-20190118140657423

CLI

[admin@nodegrid /]# /settings/devices/Device_Console_Serial/access/
[admin@nodegrid /]#set mode=enabled
[+admin@nodegrid access]#commit

Expiration

For each device can a expiration date or days be defined after which a device will automatically become unavailable. The default value is Never in which case the device and its data will stay in the system until admin user removes it.

Date the device will be available until the date specified. After that date, it will set to Disabled mode and admin user has 10 days to take an action. After the 10 days, the device and its data will be removed from the system.

Days – this is similar to timeout – if there is no update on the device’s configuration, after the specified days, the device and its data will be removed from the system. This is independent of the use of the device.

Both Date and Days will be mostly applied to VM devices in order to get in sync with the ESXi Servers where the VMs are constantly being added, moved, and deleted, and the Nodegrid managed device license may become available.

NOTE: This feature is only available for IP based devices

WebUI

image-20190118140732286

CLI

[admin@nodegrid /]# /settings/devices/Device_Console_Serial/access/
[admin@nodegrid /]#set expiration=date
[+admin@nodegrid access]#set expiration_date=2020-01-01
[+admin@nodegrid access]#commit

or 

[admin@nodegrid /]#set expiration=days
[+admin@nodegrid access]#set expiration_days=5
[+admin@nodegrid access]#commit

or

[admin@nodegrid /]#set expiration=never

Device State Detection

Nodegrid supports for all devices which are in enabled mode a device state deticetion which indicates if the device is currently available.

Serial Devices

By default uses Nodegrid for serial devices the DCD or CTS signals. In case these signal do not exist for a specific device can the device state detection be changed to use the data flow instead. In this case the state will be determent based on actaul data be transmitted by the device.

To use this feature the function Enable device state detection based in data flow needs to be enabled

IP Devices

The default mechanism for IP based devices is to establish and monitore an active ssh session to a device.

Additionally to this can a icmp (ping) check be enabled to establish if the device is active.

To use this feature the function Enable device state detection based on network traffic (icmp) needs to be enabled

WebUI

CLI

[admin@nodegrid /]# /settings/devices/Device_Console_Serial/access/
[admin@nodegrid /]#set enable_device_state_detection_based_in_data_flow=yes

or

[admin@nodegrid /]#set enable_device_state_detection_based_on_network_traffic=yes

[+admin@nodegrid access]#commit

Run Custom Scripts on Device Status Change

This feature allows users to assigned custom scripts to specific device status changes. This feature is mostly used in cases specific actions need to be performed on status changes which go bejond event notifications.

The following status changes can be used:

The scripts need to be written and provided either by the customer or through a Proffessional Services engagment.

The scripts need to be copied to the Nodegrid before they can be assigned to a device status. Scripts need to be placed in the /etc/scripts/access folder. Each script needs to to be executable with user privileges.

WebUI

image-20190125153718074

CLI

[admin@nodegrid /]# /settings/devices/Device_Console_Serial/management/
[admin@nodegrid /]#set on_session_start=sessionstart.sh
[+admin@nodegrid management]#commit

Data Logging

Note: This feature is available to all text based sessions, like serial sessions or ssh based sessions.

Through enabling of the Data Log feature will the system be configured to collect data logs from a device. Data logs will capture all information which are send to a device and and are coming from a device. If a device is in enabled mode will the data logs collect data even if no user is currently connect to device. This enables logging of system messages which are pushed to console sessions.

The collected data logs will be stored locally to the Nodegrid or remotly depending on the Auditing settings.

WebUI

image-20190125153854064

CLI

[admin@nodegrid /]# /settings/devices/Device_Console_Serial/logging/
[admin@nodegrid /]#set data_logging=yes
[+admin@nodegrid logging]#commit

Event Logging

Note: This feature is available to Service Processor and IPMI sessions.

By enabling this feature will the system be configured to collcet Service Processor Event Log data. The type of collected data will depend on the abilties and configuration of the Service Process.

With the settings Log Frequency and Log unit can be controlled how often the information can be collected. Collection intervals range from 1 min to 9999 hours.

The collected data logs will be stored locally to the Nodegrid or remotly depending on the Auditing settings.

WebUI

image-20190125154107755

CLI

[admin@nodegrid /]# /settings/devices/ipmi/logging/
[admin@nodegrid /]#set event_logging=yes
[+admin@nodegrid logging]#set event_log_frequecy=1
[+admin@nodegrid logging]#set event_log_unit=hours
[+admin@nodegrid logging]#commit

Alert Strings and Custom Scripts

The Data and Event Logging features can additionally to collecting information as well create event notifications and based on these events execute custom scripts. This is archived by defining alert strings. Alert strings can be a simple text match or a regular expression pattern string that is evaluated against the data source stream as the data is collected. Events are generated for each match.

The scripts need to be written and provided either by the customer or through a Proffessional Services engagment.

The scripts need to be copied to the Nodegrid before they can be assigned to a device status. Scripts need to be placed in the /etc/scripts/datalog folder for data log events or /etc/scripts/events folder for event logs. Each script needs to to be executable with user privileges.

WebUI - Data Logging Alerts

WebUI - Event Logging Alerts

CLI - Data Logging Alerts

[admin@nodegrid /]# /settings/devices/Device_Console_Serial/logging/
[admin@nodegrid /]#set data_logging=yes
[+admin@nodegrid logging]#set enable_data_logging_alerts=yes
[+admin@nodegrid logging]#set data_string_1="String"
[+admin@nodegrid logging]#set data_script_1=ShutdownDevice_sample.sh
[+admin@nodegrid logging]#commit

CLI - Event Logging Alerts

[admin@nodegrid /]# /settings/devices/ipmi/logging/
[admin@nodegrid /]#set event_logging=yes
[+admin@nodegrid logging]#set event_log_frequecy=1
[+admin@nodegrid logging]#set event_log_unit=hours
[+admin@nodegrid logging]#set enable_event_logging_alerts=yes
[+admin@nodegrid logging]#set event_string_1="String"
[+admin@nodegrid logging]#set event_script_1=PowerCycleDevice_sample.sh
[+admin@nodegrid logging]#commit

Custom Fields

Custom Fields allow users to assign additional information to devices. These information will be visable for each device in the device overview page and are fully searchable.

Custom infomormation are stored as a key/value pair.

WebUI

CLI

[admin@nodegrid /]# /settings/devices/Serial_Console/custom_fields/
[admin@nodegrid /]#add
[+admin@nodegrid custom_fields]#set field_name=Custom_Field_Example
[+admin@nodegrid custom_fields]#set field_value="A Value"
[+admin@nodegrid custom_fields]#commit

Commands and Custom Commands

Each device type offers a collection of commands, which allow users to access and interact with a device. The default configuration is sufficent for most users and is therefore the recommended option. If default configuration is not sufficent can admin users disable or change existing commands, add existing commands which are not enabled by default or assign custom commands to a device. Changes made in the Command feature effect all users and should be take with care. If a admin user wishes to not have specific commands available to certain users or groups, this can be accomplished via user and group authorization.

The available commands for a device will be dependen on the device type, for example is KVM command (which enable Service Processor KVM session support) is only available to Service Processor devices while the Outlet command is available to all device types.

Custom Commands are available to all device types and are provided through custom scripts. Custom commands can provide support for a wide range of different functions, startinging from additional session options to specific custom tasks which should be performed on a device.

The scripts need to be written and provided either by the customer or through a Proffessional Services engagment.

Note: While Custom Commands can be executed through the WebUI and CLI, can Custom Commands currently only provide feedback and output to the CLI and not the WebUI

WebUI - Generic

image-20190125160444299

WebUI - Custom Commands

 

CLI - Custom Commands

[admin@nodegrid /]# /settings/devices/Serial_Console/commands/
[admin@nodegrid /]#add
[+admin@nodegrid commands]#set command=custom_commands
[+admin@nodegrid commands]#set custom_command_enabled1=yes
[+admin@nodegrid commands]#set custom_command_script1=SSH.py
[+admin@nodegrid commands]#set custom_command_label1=SSH
[+admin@nodegrid commands]#commit

Tree View Settings

In Managed Devices :: Views can an admin adjust and create and tree structure, to which devices can be associated. The feature is usefull in order to reflect specifc organisational or physical structures which help users to find and access there devices.

Further can Groups be used to aggregate monitoring values like a Rack or room level.

Device Types

Device Type settings allow administrators to adjust or create customised versions of existing device types. This is benifical in cases where the default value for a device type dose not match a customers current defauklt values.

By either Cloning, Editing or Deleting existing device types, can these values, like the defauly communication protocol be adjusted as needed. These setting will take effect automatically for all devices which currently utilise the specific device type.

Preferences

The Preference menu allows administrators to define Power Menu and Session Prefernces options further. These are global settings and will effect all sessions.

Power Menu Preferences

The power menu preferences options allow administrators to define the order and labling of the power menu as it appears in a console session.

Session Preferences

The session preference section allows users to define a session Disconnect HotKey for console sessions. This feature is benifical when users typicaly start console sessions from within console sessions, as well called cascaded console session. In this case it can be dificult to exit a specif console session witghout closing all sessions in the chain. The hotkey will provide a user the option to specifically disconnect from a specific amount of the console session within the chain. Starting from the current session working its way back up the chain.

The value is by default undefined.

Tracking

The Tracking features provide information about the system and connected devices like Open Sessions, Event List, Routing Table, System Usage, Discovery Logs, LLDP and Serial Statistics.

Open Sessions

The Open Sessions page provides an overview of connected users and devices sessions.

The Sessions Table menu shows all users actively connected to the system, from where they are connecting from, and for how long.

In the Device Table menu shows information about active device sessions, the amount of connected session and the users which are connected.

If a user has permission based on an authorization group, he/she can terminate sessions.

Event List

The Event List menu provides statistical information on the system events occurrences. Events can be selected and the current counters reset.

System Usage

The System Usage page presents information about Memory Usage, CPU Usage, and Disk usage for the current system.

Discovery Logs

The Discovery Logs page shows the logs of the discovery processes set on the Managed Devices’ setting for auto discovery.

Network Statistics

The Network statistics page displays network Interface information,LLDP and the Routing Table details.

The Interface page displays the network interface statistics, like state, package counters, collisions, dropped and errors.

The LLDP page shows the devices that are advertising their identity and capabilities on the LAN. You may want to enable LLDP advertising and reception through this connection in your Nodegrid by setting it up in network connections.

The Routing Table page shows the routing rules that Nodegrid follows for the network communications. It also included any static network routes which were added.

Device Statistics

The Devices page shows connection statistics for physically connected devices, like serial and USB devices. The available options will depend on the specific Nodegrid unit.

The Serial Statistics page provides statistical information on the serial ports connectivity such as transmitted and received data, RS232 signals, errors.

The USB devices page provides details about connected USB devices and initialized drivers.

Scheduler

The Scheduler page provides information about scheduled tasks, when they were run, by whom and any events or errors where displayed.

System

The system settings allow the configuration of system specific settings like license keys, general system settings, firmware updates, backup and restore and others.

Licenses

Clicking on "System" brings you straight to the "Licenses" tab. This tab displays all licenses enrolled in this Nodegrid, along with other relevant information, a license key, expiration date, application, etc. The upper right corner shows the number of licenses, used and available. Licenses can be added or deleted in this page. If licenses expire or are deleted, the devices exceeding the total licenses will change status to "unlicensed", but their information will be retained in the system. However, unlicensed devices will not show up in the access page.

A license is required for each managed device for Nodegrid access and control. The required license for each serial port of the Nodegrid is included with the product.

A managed device is any physical or virtual device defined under Nodegrid for access and control.

System Preferences

Main system preferences are configured in this tab.

Address Location

Enter a valid address location for this Nodegrid, and click on the small compass icon/button on the right of this field to populate the "Coordinates" field below with Latitude and Longitude of that address.

The "Help Location" field is an alternate URL location for the user manual. The administrator can download the user manual and post to a specific location reachable by Nodegrid. When the small "Help" icon/button on top right of the Nodegrid WebUI is clicked, a new webpage opens with the file referenced by this URL.

Session Idle Timeout

This is the number of seconds for open sessions to time out due to inactivity; enter a zero value for new sessions to never expire. Configuration changes on this field will be effective for new sessions only. Existing sessions will continue following their timeout value specified at session start. This setting applies to all telnet, SSH, HTTP, HTTPS, and console sessions.

Login logo image

Use this feature to change the logo image to be used on Nodegrid's WebUI login page. The new image file has to be a .png or .jpg and can be uploaded from your local desktop or a remote server (FTP, TFTP, SFTP, SCP, HTTP, and HTTPS). Enter the respective URL format, username and password may be required. <PROTOCOL>://<ServerAddress>/<Remote File>.

After uploading, refresh the browser cache to show the new image.

Login Banner

Nodegrid can be configured to show a login banner on Telnet, SSHv2, HTTP, HTTPs and Console login, to display the user a message before logging into the system. The default banner (below) can be edited and customized by the admin.

Default login banner:

WARNING: This private system is provided for authorized use only and it may be monitored for all lawful purposes to ensure its use. All information including personal information, placed on or sent over this system may be
monitored and recorded. Use of this system, authorized or unauthorized, constitutes consent to monitoring your session. Unauthorized use may subject you to criminal prosecution. Evidence of any such unauthorized use may be used for administrative, criminal and/or legal actions. 

Utilization Rate

Click and check respective boxes and enter the desired usage percentage to enable monitoring the utilization rate of licenses and local serial ports. An event will be generated when the percentage is reached. The default value is 90%.

Console Port

Set the baud rate of the local console port. The default value is set to 115,200 bps.

Power Supplies

Displays the state of dual power supplies (ON/OFF) and to enable alarm sound (check the appropriate box) when one power supply go down.

To acknowledge the alarm state, click on Acknowledge Alarm State on the top left of this page System::Preferences.

Network Boot (PXE)

Nodegrid can be set to boot from an ISO image from the network. Enter the unit's IPv4 address and netmask, the ethernet interface to be used (eth0 or eth1), and the URL where the ISO image is http://ServerIPAddress/PATH/FILENAME.ISO

Date and Time

Set the Network Time Protocol (NTP) server for automatic retrieval of accurate time or set manually the date and time. NTP is the default configuration and it will try to retrieve the date and time from any server in the NTP pool. In manual configuration mode, Nodegrid will use its own clock to provide date and time information. Refresh the page to see the current system time.

The local time zone can also be set from the drop-down menu, the default is UTC.

Note: All timestamps in Event Logs is in UTC.

Logging

The System Logging feature enables data logging of all CLI session to the Nodegrid to be logged for later inspection and auditing.

The collected data logs will be stored locally to the Nodegrid or remotely depending on the Auditing settings.

The Data Logging features can create event notifications in addition to collect information. This is archived by defining alert strings. Alert strings can be a simple text match or a regular expression pattern string that is evaluated against the data source stream as the data is collected. Events are generated for each match.

Custom Fields

This section adds searchable custom fields to the unit.

Use this feature to add pieces of information that are not available by default. Nodegrid system allows the creation of custom fields so that they become part of information of the device.

Dial-Up

Parameters for dialing to the device and callback users are configured here. Login and PPP connection features are also defined using the drop-down menu.

System Maintenance

System maintenance features are available in System::Toolkit page. This toolkit is used to run the followings:

Shutdown and Reboot

Shutdown and reboot commands allow the graceful shutdown and reboot of the Nodegrid, the system will show a warning message that all active sessions will be dropped.

During a reboot of the unit will the operating system be automatically restarted. On a shutdown will the operating system be brought into a halt state. At this point, it is safe to drop the power supply to the unit, by either turning off the power supplies or removing the power cords from the unit. To turn the unit back on the power supply will need to be stopped and then restored.

Software Upgrade

There are three methods for upgrading software; from the device itself, from the computer connected to the device or from a remote server. The ISO image of the new software must be previously loaded on those specific places.

If downgrading, you can choose to apply factory default configuration or to restore a saved configuration.

Factory Reset

This option is used to restore all configuration to factory default, you can choose to clear all log files or not.

System Configuration Checksum

Use this feature to create a checksum baseline of a specific current configuration. This provides administrators a quick tool to verify periodically if the configuration has changed. Click to compare running configuration to the saved baseline; the main result will be "Passed" if all configuration matches (all "OK"), and will fail if there is a change detected, pinpointing the altered place.

MD5 and SHA256 are currently supported.

Load System Certificate

A certificate can be loaded from the local computer connected to the Nodegrid or from a remote server. If loading from the local computer, select the file, otherwise enter the URL of the remote server, as well as pertinent username and password.

Notice that when the certificate is applied, the web server is restarted and may disconnect active sessions.

The protocols FTP, TFTP, SFTP, SCP, HTTP, and HTTPS are supported.

Network Tools

This page provides essential network tools of "ping", "traceroute" and "DNS lookup", exactly as using the command line. Command output is displayed in the lower part of the page.

Backup and Restore

Save Settings

Current configuration can be saved in the Ndegrid itself, to the local computer connected to the device, or to a remote server. Give any (meaningful) name to the configuration, it will be saved to the "/backup" directory.

Server address can be the IP address or hostname/FQDN. If using IPv6, use brackets [ ... ].

FTP, TFTP, SFTP, and SCP protocols are supported.

Restore Settings

Saved configuration can be loaded from the Ndegrid itself, from the local computer connected to the device, or from a remote server.

Server address can be the IP address or hostname/FQDN. If using IPv6, use brackets [ ... ].

FTP, TFTP, SFTP, SCP, HTTP and HTTPS protocols are supported.

Network

The Network menu allows administrators to configure and adjust all network-related settings, like configuring the network, LTE, WIFI interfaces or configuring bounding or VLAN details.

Settings

The Network Settings menu allows administrators to define the units host and domain name, configure Network Failover between multiple interfaces, enable IP Forwarding and to configure a loopback address.

Hostname and Domain Name

The units hostname and domain name can be defined in the Network Settings menu. Provide appropriate values for both settings.

Network Failover

The network failover option allows administrators to automatically failover between two to three different network interfaces.

For each failover setting can an administrator define the following settings:

SettingOptionsDescription
Primary ConnectionInterfacesList of all available network interfaces. One needs to be selected
Secondary Connection/Tertiary ConnectionInterfacesList of all available network interfaces. One needs to be selected
TriggerUnreachable Primary Connection IPv4 Default Gateway
Unreachable IP address
Based on the setting the system will either check the availability of the default gateway or of an address which can be specified
Number of failed retries to failoverNumberAmount of failed tries to reach the trigger address. This value will be used to trigger a failover.
Number of successful retries to recoverNumberAmount of successful tries to reach the trigger address. This value will be used to trigger a fallback.
Interval between retries (seconds)NumberAmount of time which will be waited between tries

The system supports configuration of Dynamic DNS for the failover interfaces.

IP Forwarding

IP Forwarding can be used to route network traffic between network interfaces. The behavior of the routing traffic can be further adjusted using firewall settings.

IP Forwarding can be enabled independently for IPv4 and IPv6.

Loopback Address

The Nodegrid system allows configuring a Loopback address for IPv4 and IPv6 if required. The address configured is assigned with a bitmask of /32 (IPv4) or /128 (IPv6).

Network Connection Configuration

The network connection configuration allows administrators to edit, to add and delete existing network configurations. The Nodegrid solution will automatically add all existing physical interfaces. The following physical interfaces exist, depending on the model.

InterfaceModelPhysical Interface
ETH0alleth0
ETH1Nodegrid Serail Consoles, Nodegrid Services Routereth1
BACKPLANE0Nodegrid Bold SR, Nodegrid Services Routerbackplane0, provides connection to switch ports and sfp0 (Nodegrid Services Router)
BACKPLANE1Nodegrid Services Routerbackplane1, provides connection to sfp1
hotspotallinterface is bound wireless adapter if available

For each interface can the administrator define the following settings

SettingsDescription
DescriptionInterface Description
Set as Primary ConnectionDefines the interface as the primary connection for the unit, only one interface can be the primary
Enable LLDP advertising and reception through this connectionEnables LLDP advertisement through the interface
(IPv4/IPv6) modedefines the IP mode to be used for the interface, available are
No (IPv4/IPv6) Address
DHCP (IPv4)

Address Auto Configuration (IPv6)
Stateful DHCPv6
Static (IPv4/IPv6)
(IPv4/IPv6) addressDefines a static IP address, if the mode is set to static
(IPv4/IPv6) bitmaskDefines a static IP bitmask, if the mode is set to static
(IPv4/IPv6) gatewayDefines a static IP gateway, if the mode is set to static (Optional)
(IPv4/IPv6) DNS ServerDefines a DNS Server to be used for this connection Defines a static IP gateway, if the mode is set to static (Optional)
(IPv4/IPv6) DNS SearchDefines a domain name which will be used for DNS lookups

In addition, to the existing physical interfaces, additional interfaces can be defined, which allow for more advanced configuration options. The following interface types are supported.

InterfaceDescription
BondingAllows the Bonding of multiple interfaces for Failover purposes
EthernetAllows the configuration of additional physical interfaces
Mobile Broadband GSMAllows the configuration of available LTE modem connections
VLANThis option allows the configuration of VLAN interfaces, which are bound to physical interfaces
WiFiThis option allows the configuration of WIFI interfaces as WIFI client or hotspot. By default, a WiFi interface already exists with the name hotspot
BridgeAllows the creation of a Bridge interface of one or multiple physical interfaces

Bonding Interfaces

Bonding interfaces allow the system to bond two physical network interfaces to one interface. All physical interfaces in the bond will then act as one interface. This allows for an active failover between the two interfaces in case a physical connection to an interface is interrupted. The built-in feature Network Failover can be used for the same purpose. The main difference is that the build in feature Network Failover works on the IP layer and allows for more functionality, instead, a bonding interface works on the link layer.

Note: The build function Network Failover and Bonding can be combined.

For each bonding interface can the administrator define the normal network settings, like IP address, Bitmask, etc.. and the following specific settings

SettingDescription
Primary InterfacePrimary network interface
Secondary InterfaceSecondary network interface
Bonding ModeAllows to set the Bond mode to be used, valid options are
Active Backup - Packets are only sent through one active interface, this allows for failover
Round Robin - Packets are sent in a Round Robin method through both interfaces. This mode allows for load balancing and failover
Link MonitoringAllows the Link monitoring mode to be specified, valid options are
MII
ARP
Monitoring Frequency (ms)Allows defining a link state monitoring frequency in ms for the interfaces. Value is only valid for MII mode.
Link Up delay (ms)Allows defining a delay in ms before an interface is brought up after a link is detected. Value is only valid for MII mode.
Link Down delay (ms)Allows defining a delay in ms before an interface is brought down after link down is detected. Value is only valid for MII mode.
ARP targetAllows defining an IP target which will be used to send ARP monitoring requests to. Value needs to be defined for ARP mode.
ARP validateAllows to define which interfaces to use for the ARP validation, options are
None
Active
Backup
All
Bond Fail-over-MAC policyAllows to define the MAC address failover policy, possible values are
Primary Interface
Current Active Interface
Follow Active Interface

Ethernet Interfaces

Additional Ethernet interfaces can be added and configured after additional physical interface where added to the system. This might be the case with a Nodegrid Manager installation, where the system might have more than two interfaces to better support network separation.

Mobile Broadband GSM Interface

Mobile Broadband interfaces can be configured when a mobile broadband modem is available to the unit. The Nodegrid Services Router and Nodegrid Bold SR support built-in modems. For all other units, external modems can be used. The created interfaces allow the system to establish an internet connection which is most commonly used for failover options. Users and remote systems can as well directly access the device through a mobile connection if this is supported by the ISP.

Note: The build in modems support Active-Passive SIM failover. The settings for SIM-2 are only supported for the build in modems

For each Mobile Broadband GSM interface can the administrator define the normal network settings, like IP address, Bitmask, etc.. and the following SIM specific settings, these settings are ISP specific and should be requested from the ISP before configuring the modem connection.

SettingDescription
SIM-1 User nameuser name to unlock the sim
SIM-1 Passwordpassword to unlock the sim
SIM-1 Access Point Name (APN)Access Point Name
SIM-1 Personal Identification Number (PIN)pin to unlock the sim
Enable Second SIM cardThis option allows a 2nd sim card to be configured. Only supported
Active SIM cardAllows the definition of the primary SIM card, which will be used
SIM-2 User nameuser name to unlock the sim
SIM-2 Passwordpassword to unlock the sim
SIM-2 Access Point Name (APN)Access Point Name
SIM-2 Personal Identification Number (PIN)pin to unlock the sim

VLAN Interface

VLAN Interfaces allow the Nodegrid system to natively tag network traffic with a specific VLAN ID. For this, a VLAN Interface needs to be created. The VLAN interface will behave and allows the same settings as any other network interface on in Nodegrid solution. The new interface will be bound to a specific physical interface and the administrator as the ability to define the VLAN ID.

WIFI Interface

The Nodegrid solution supports the use of a Nodegrid as a WiFi client or access point. For this, a compatible WiFi module needs to be installed.

WIFI Access Point

By default, a hotspot interface is defined which will configure the Nodegrid solution as an access point if a WiFi module is present.

To use the Nodegrid as an Access Point change the existing values to the desired new values

WIFI Client

To use the Nodegrid a WiFi client is it required to disable the existing hotspot connection, by navigating to its settings and to disable the option Connect Automatically. Ensure that the hotspot interface is down at this point.

After this, a new WiFi interface can be created which will allow the Nodegrid to act as a client

WIFI Settings

The Wifi configuration currently supports No Security or WPA2 Personal security configuration options.

The following WiFi specific settings are available

SettingDescription
WiFi SSIDSSID to be used
WiFi BSSIDMAC address of the Access Point to be used
Hidden NetworkWhen enabled the SSID will not be broadcasted
WiFi SecurityAllows the security to be set up to either
No Security
WPA2 Personal
WPA shared keyIf WPA2 Personal is defined as security, then a shared key can be defined

Bridge Interface

Bridge Interfaces all the system to create a virtual switch which crosses one or more interfaces. The switch is completely transparent to the network interfaces and does not require any additional setup. The most common use for a bridge network is together with NFV's as bridge interfaces provide easy network access for any NFV running on the Nodegrid solution, with the outside as well as with the Nodegrid system itself.

Bridge network interfaces allow the same network configuration options as all Ethernet interfaces, further to this can the following options be defined.

SettingDescription
Bridge Interfacescomma-separated list of physical interfaces
Enable Spanning Tree Protocolallows to enable the Spanning Tree Protocol for the interface
Hello Time (sec)The number of seconds a HELLO packet is sent. The setting is used when Spanning Tree is enabled.
Forward Delay (sec)Allows defining a packet forward delay. The setting is used when Spanning Tree is enabled.
Max Age (sec)Allows defining maximum age for packages. The setting is used when Spanning Tree is enabled.

Analog Modem Interface

The analog modem interface allows administrators to configure an existing analog modem and the required PPP connection details. To configure this option successfully a supported analog modem needs to be connected to the Nodegrid system.

The following settings can be configured

SettingDescription
Statusthe status defines the connection status, options are
Enabled
Disabled
Device Namename of the detected modem, example ttyUSB0
SpeedSerial connection speed to the modem
PPP Dial-Out Phone Number 
Init ChatThis option allows defining a specific AT init string if this is required
PPP Idle Timeout (sec)The settings define the connection idle timeout after which the connection gets automatically disconnected. 0 sec indicates that the connection does not get automatically disconnected.
PPP IPv4/IPv6AddressThis setting allows the definition of IPv4 addresses for the PPP connection the following options are available
No Address
Local Configuration - allows the configuration of a local and remote IP address
Accept Configuration from Remote Peer
PPP AuthenticationThis setting allows the definition of PPP authentication options. Possible options are
None
By Local System - allows a definition of authentication protocol of PAP,CHAP,EAP
By Remote Peer - allows a definition of a remote username and password

Static Routes

The static routes feature allows the definition and management of static routes. Routes can be created for IPv4 and IPv6 and are assigned to specific network interfaces. The following options exist

SettingDescription
ConnectionAllows the selection of the network connection to which the route will be associated with
TypeAllows the definition of the IP type. Options are
IPv4
IPv6
Destination IPAllows the definition of the destination IP or network
Destination BitMaskAllows the definition of the associated bitmask in the form of xxx.xxx.xxx.xxx or xx Example:
255.255.255.0
24
Gateway IPAllows the definition of the gateway address
MetricAllows the definition of the routing entry metric value the lower the value the hight the wight of the route. Normal routes have a default value of 100

Manual Hostnames

The hostname feature allows the configuration and management of manual hostname definitions, which is equivalent to entries in the host's file.

The following options exits

SettingDescription
IP Addressallows the definition of the target hosts IP address. IPv4 and IPv6 formats are supported
Hostnameallows the definition of the targets hostname
Aliasallows the definition of additional hostname aliases

DHCP Server

The DHCP function allows the configuration and management of a DHCP server for target devices. The DHCP server is by default not configured and not active. After a DHCP scope is defined, the system will start serving IP addresses to all target devices which are connected to the interface which matches the general DHCP scope.

The configuration of the DHCP server is a two-step process. In the first, the general DHCP scope and configuration is configured and created. In the 2nd step can IP address ranges (Network Range) be defined which will be used to server IP addresses as well as IP address reservations (Hosts) for specific hosts.

The following options exist

SettingDescription
SubNetIP address subnet network which will be used. This has to match the configuration of a configured interface.
NetmaskThe network mask for the defined subnet in the format xxx.xxx.xxx.xxx
Domainallows defining the domain name for the scope
Domain Name Servers (DNS)allows the definition of DNS servers for the scope
Router IPallows the definition of a default gateway for the scope
Network Range - IP Address Startallows the definition of the first IP address which will be severed
Network Range - IP Address Endallows the definition of the last IP address which will be served
Hosts - Hostnameallows the definition of a hostname for IP address reservation
Hosts - HW Addressallows the definition of a MAC address to which an IP address reservation applies
Hosts - IP Addressallows the definition of an IP address which will be assigned to specific host matching the defined MAC address

Network Switch Configuration

The Nodegrid Server Router appliance enables users to configure the built-in network switch. Allowing for advanced network configuration for each network enable card and port. Currently supported functions include the enabling and disabling of individual ports and creation of tagged (access) and untagged (trunk) ports.

Each card which provides network connectivity, Backplane 0/1 and SFP0/1 are directly connected to the switch. The interfaces Backplane0/1 and SFP0/1 are active by default and can be used to provide or consume ZTP, PXE and DHCP requests by default. All other network interfaces are disabled by default.

All ports belong to VLAN1 and provide by direct communication between all enabled interfaces, with the exception of Backplane1 and SFP1 which belong to VLAN2.

Switch Interfaces

The switch interfaces provide an overview of all switch ports, their current status and allow to enable, disable, show the current VLAN associations (Tagged and Untagged) and to configure Port VLAN IDs.

The Port VLAN ID will be assigned to all incoming untagged packets. The Port VLAN ID will then be used to forward the packets to other ports which match that VLAN ID.

The switch port interface will clearly identify the VLAN interfaces to which a port belongs. On most common scenarios a port is either an untagged port which is the equivalent to an access port or a tagged port which is the equivalent to a trunk port.

VLAN Configuration

The VLAN options allow administrators to create, delete and manage VLAN's and assign ports to them as needed. By default VLAN 1 and VLAN 2 exist. All ports belong by default to VLAN 1 with the exception of BACKPLANE1 and SFP1 which belong by default to VLAN2.

Untagged/Access Ports

To assign a port to a specific VLAN as an untagged or access port can be done by enabling the port and by then changing the PORT VLAN ID to the desired VLAN. By doing this the port will automatically be assigned to VLAN and untagged port.

Note: the VLAN needs to exist before the port can be assigned to it

Tagged/Trunk Ports

Tagged ports allow incoming packets to carry already VLAN tags. Tagged ports will accept any packet which belongs to an assigned VLAN. They are mostly used to create a trunk connection between multiple switches. To assign a port as a tagged port a minimum of 1 VLAN needs to to be added to a port as tagged VLAN. This can be done through the VLAN configuration. The Port VLAN ID for a tagged port should match one of the assigned VLANs or should be blank. In this case, no untagged traffic will be accepted by the port.

Note: the VLAN needs to exist before the port can be assigned to it

Backplane Ports

the backplane settings control the switch interfaces which are exposed to the Nodegrid platform directly. In order for the Nodegrid to communicate with any of the existing switch ports or VLANs at least one of the backplane interfaces has to be part of the specific VLAN. The backplane settings display again the current VLAN associations and allow to set the Port VLAN ID's for the backplane interfaces.

VPN

The Nodegrid solution supports multiple VPN options, which allow the system to act as VPN servers or Clients in a variety of different scenarios. The system currently supports SSL VPN CLient and Server options as well as IPSec configuration options for a host to host, site to site and others.

SSL VPN

Nodegrid supports a wide variety of SSL configuration option and the system can act as either an SSL Client or SSL Server depending on the customer configuration and security needs.

SSL VPN Client

The SSL VPN client configuration option is mostly used for failover scenarios, whereby a main secure connection fails over to a less secure connection type. The VPN tunnel is then used to secure the traffic between the sides. When the Nodegrid is configured as an SSL VPN client, the configuration gets bound to a network interface (optional) and the VPN tunnel will automatically be established as soon as the bounded interface is starting. Multiple Client configurations can be added supporting different connection and interface details.

Note: Depending on the configuration multiple files are required, which have to be present before the configuration can be completed. All files need to be placed in /etc/openvpn/CA

The following options exist for the Client configuration.

SettingDescription
Nameconnection name
Network Connectionallows selecting the network interface to which the tunnel will be bound.
Gateway IP AddressIP address or FQDN of the SSL VPN server
Gateway TCP PortTCP port which will be used for the connection, the default value is 1194
Connection Protocolsupported connection protocols are
UTP
TCP
Tunnel MTUMTU size for the tunnel interface
HMAC/Message Digest Algallows selecting the HMAC connection algorism from a list
Cipher Algallows selecting the connection cipher algorism from a list
Use LZO data compress AlgorithmCan be enabled to support data compression
Authentication Methodallows to define the user authentication method, options are
TLS
Static Key
Password
Password plus TLS
TLS - CA CertificateCA Certificate used by the SSL Server
TLS - Client CertificateCertificate which is recognized by the SSL Server
TLS - Client Private KeyClient Certificates Private key
Static Key - SecretSecret to be used
Static Key - Local Endpoint (Local IP)Local IP address for the VPN connection
Static Key - Remote Endpoint (Remote IP)Remote IP address for the VPN connection
Password - UsernameConnection Username
Password - PasswordConnection Password
Password - CA CertificateCA Certificate file used by the SSL Server
Password plus TLS - UsernameConnection Username
Password plus TLS - PasswordConnection Password
Password plus TLS - CA CertificateCA Certificate file used by the SSL Server
Password plus TLS - Client CertificateClient Certificate which is recognized by the SSL Server
Password plus TLS - Client Private KeyClient Certificates Private key

SSL VPN SERVER

The Nodegrid can be configured to act as an SSL VPN server. By default the server is disabled. After the server is configured and started provides the SSL Server Status page an overview of the general server status and connected clients.

Note: Depending on the configuration multiple files are required, which have to be present before the configuration can be completed. All files need to be placed in /etc/openvpn/CA

The following server configuration options exist

SettingDescription
StatusDefault value is Disabled this setting needs to be set to Enabled to start the server after it is fully configured
Listen IP addressThis setting allows to the definition of a listen to IP address if defined the server will only respond to client requests coming in on this interface.
Listen Port numberthis setting defines the listen port for incoming connections. The default value is 1194
Protocolthis value defines the protocol to be used options available are
UDP
TCP
Tunnel MTUallows defining the MTU used for the tunnel. The default value is 1500
Number of Concurrent Tunnelsallows defining the total amount of concurrent SSL client sessions. The default value is 256
IP AddressThis section allows the definition of the IP address settings for the tunnel options available are
Network
Point to Point
Point To Point IPv6
IP Address - Network - IPv4 Tunnel(NetAddr Netmask)Allows the definition of an IPv4 network address and network mask which will be used for the tunnel
IP Address - Network - IPv6 Tunnel(NetAddr/Bitmask):Allows the definition of an IPv4 network address and network mask which will be used for the tunnel
IP Address - Point-to-Point - Local Endpoint (Local IP)Allows the definition of a local IPv4 IP address for a Point to Point connection
IP Address - Point-to-Point - Remote Endpoint (Remote IP)Allows the definition of a remote IPv4 IP address for a Point to Point connection
IP Address - Point-to-Point IPv6 - Local Endpoint (Local IP)Allows the definition of a local IPv6 IP address for a Point to Point connection
IP Address - Point-to-Point IPv6 - Remote Endpoint (Remote IP)Allows the definition of a remote IPv6 IP address for a Point to Point connection
Authentication MethodThis allows to select the desired authentication method, available options are
TLS
Static Key
Password
Password plus TLS
TLS - CA Certificateallows selecting the CA certificate to be used
TLS - Server Certificateallows selecting the server certificate to be used
TLS - Server Keyallows selecting the private key belonging to the server certificate
TLS - Diffie Hellmanallows selecting the Diffie Hellman key
Static Key - Secretallows selecting the secret to be used
Static Key - Diffie Hellmanallows selecting the Diffie Hellman key
Password - CA Certificateallows selecting the CA certificate to be used
Password - Server Certificateallows selecting the server certificate to be used
Password - Server Keyallows selecting the private key belonging to the server certificate
Password - Diffie Hellmanallows selecting the Diffie Hellman key
Password plus TLS - CA Certificateallows selecting the CA certificate to be used
Password plus TLS- Server Certificateallows selecting the server certificate to be used
Password plus TLS- Server Keyallows selecting the private key belonging to the server certificate
Password plus TLS- Diffie Hellmanallows selecting the Diffie Hellman key
HMAC/Message Digestallows selecting the HMAC connection algorism from a list
Cipherallows selecting the connection cipher algorism from a list
Min TLS versionThe expected connection TLS minimum version. Supported values are
None
TLS 1.0
TLS 1.1
TLS 1.2
Use LZO data compress AlgorithmWhen enabled all tunnel traffic with be compressed
Redirect Gateway (Force all client generated traffic through the tunnel)When enabled all traffic emanating from a client will be forced through the tunnel.

IPSEC VPN

The Nodegrid solution supports the configuration of IPSec tunnels. The system supports a variety of configuration options for a host to host, host to site, site to site and roadwarrior configurations.

Note: As the Nodegrid node will be directly be exposed to the Internet. Is it strongly recommended to secure the appliance. Built-in features can be used for this like:

Authentication Methods

Multiple Authentication methods are available together with IPSec and the Nodegrid solution. Some of these are very easy to implement, like Pre-Shared keys and RSA keys but offer limited flexibility in larger setups while certificates required more initial configuration and setup but offer the flexibility and consistency to easily manage and maintain larger setups.

Pre-shared Keys

Pre-shared Keys is a simple and the least secure method to secure an IPSec connection. Pre-shared keys are a combination of characters which represent a secret. Both nodes need to share the same secret. Nodegrid supports pre-shared keys with a minimum length of 32 characters. The maximum length is much higher but due to compatibility reasons with other vendors, we will use a length of 64 bit for the examples below. In general, the longer the pre-shared is the more secure it is.

RSA Keys

RSA Keys or Raw RSA keys are commonly used for static configurations between single or a small number of hosts. The nodes manually configured to have each other’s RSA keys as part of the configuration.

X.509 Certificates

X.509 Certificate authentications are typically used for larger deployments with a small to a large number of nodes. The RSA keys of the individual nodes are signed by a central Certificate Authority (CA). The Certificate Authority is used to maintain the trust relationship between the nodes including revocation of trust for specific nodes. The Nodegrid solutions support for this purpose public and private CA’s. Further to this can the Nodegrid Solution be used to host and manage its own Certificate Authority for the purpose of the IPSec communication.

Connection Scenarios

IPSec supports many different connection scenarios, starting from communication just between 2 nodes to communication of one node to multiple nodes, communication limited just to the nodes involved or expanding beyond the directly involved nodes to the networks access able behind the nodes. Due to the multitude of communication options, examples are provided for some of the most common scenarios.

Host to Host

img

Host to Host communication means that 2 nodes have a VPN tunnel open which connects them directly. The communication which is exchanged through the tunnel is limited to direct communication between them. None of the packages will be routed or forwarded. This is essentially a point to point communication between 2 nodes.

Host to Site

img

In a Host to Site communication scenario one node establishes a VPN tunnel to a 2nd node. Communication is limited on one site to the specific node and on the other side to all devices in a range of subnet which is accessible by the 2nd node

Site to Site

img

In a Site to Site communication, the tunnel is as before established between 2 nodes, communication is allowed to specific the subnet on both sides, allowing for communication between devices on either side of the connection.

Host to Multi Site

img

Multi-Site communication scenarios can be created by either creating individual VPN connections between hosts or by specific multi-site configurations. The later greatly improve scalability and manageability of the connection setup

As the name indicates allows a Host to multi-site communication multiple nodes to connect to the same node. A typical scenario for this would be that remote offices have a VPN connection to the main office. In this specific scenario would the communication be limited to the one node and devices on specified subnets in the remote locations.

Site to Multi Site

img

This scenario is probably the most common form for enterprise VPN setups. It is similar to the Host to multi-site option but communication is allowed to the specific subnet on either side, whereby the West node would have access to all specified subnet on any of the sites but the remote sites have only access to subnet exposed by the West node.

 Host to HostHost to SiteSite to SiteHost to Multi-SiteSite to Multi-Site
Pre-shared Keyspossiblepossiblepossiblepossiblepossible
RSA KeyRecommendedRecommendedRecommendedpossiblepossible
X.509 CertificatesRecommendedRecommendedRecommendedRecommendedRecommended

Configuration of IPSec

This section outlines the general configuration steps which can be used to configure the desired connection.

Note: For Production environments, it is recommended to use RSA Keys or Certificate Authentication. Pre-Shared Keys are easy to set up and are a good starting point for test environments.

For more detailed instruction on how t use IPSec with the Nodegrid solution, visit our Knowledge Base.

Authentication

Authentication is the process of validating who you are or who you claim to be, which is usually done using credentials. Credentials take most often the form of a username and password.

Authorization is the essential security part, that complements authentication. Once you are authenticated using your credentials, authorization determines what you have access to, e.g. certain directories, power or serial devices, etc.

Nodegrid has a built-in admin user account named 'admin' with full access and rights to set all configurable aspects of the unit, network, security, authentication, authorization, devices to be managed, including other users. This special user account, 'admin' cannot be deleted and it has the default password 'admin'.

Note: For security reasons, administrators are strongly advised to change the default password during the first login by using the Change Password option on the pull-down menu under your username in the top right corner of the WebUI.

The Nodegrid platform fully the supports Authentication of local users and groups as well as external users and groups. External authentication of users and groups can be done through LDAP/AD, Tacacs+, Radius and Kerberos.

All users have access to all enabled managed devices by default. Fine Grain Authorisation can be enabled by selecting the option Device access enforced via user group authorization under Services.

Based on the groups they are assigned to, these users have limited access to Nodegrid Web portal management attributes. Privileges of users can be modified by setting profile and access rights in an authorization group. A user who belongs to the group Admin will have the same administrative privileges as the admin user. Each user must have a specific user account on Nodegrid or on an external authentication server. A user can be assigned to one or more authorization groups.

Local Accounts

New local users can be added, deleted, changed and locked under Local Accounts in Security. Administrators can force passwords to be changed upon next login and set expiration dates for the user accounts. Regardless of activation options, users can change their own passwords at any time. This feature lists all users and their respective information.

Manage Local Users

The Management of Local users can be archived under Security::Local Accounts. The following options are available

Add Local Users

Hash Format Password

If you are an admin and prefer to not use plain password, using instead a hash format password, you can do so using this feature. This may be of special interest in using scripts, to avoids scripts containing or displaying actual passwords of the users.

It should be noticed, however, that this requires the hash password to be generated separately beforehand, using a hash password generator of your preference. Examples of popular hash generators in Linux are OpenSSL, chpasswd, mkpasswd, using MD5, SHA256, SHA512, etc..

The Nodegrid can also be used for this purpose, its own OpenSSL implementation. Example using Nodegrid's OpenSSL version

root@nodegrid:~# openssl passwd -1 -salt mysall
Password:
$1$mysall$YBFr9On0wjde5be32mC1g1

Password Rules

All local user accounts are subject to password rules. These can be adjusted under Security::Password Rules, the administrator can set values for password complexity as well as password expiration, as a set of minimum days, maximum days and warning days.

The following settings can be adjusted

SettingValueDescription
Check Password ComplexityTrue
False
Enables or Disables, Password complexity rules. The default value is disabled
Password Complexity - Minimum Number of DigitsNumberMinimum amount of digits which need to be included in the password. Default value: 0
Password Complexity - Minimum Number of Upper Case CharactersNumberMinimum amount of upper cases which need to be included in the password. Default value: 0
Password Complexity - Minimum Number of Special CharactersNumberminimum amount of special characters which need to be included in the password. Default value: 0
Password Complexity - Minimum SizeNumberminimum amount of characters included in the password. Default value: 8
Password Complexity - Number of Passwords to Store in HistoryNumberAmount of password stored in the password history. Preventing the reuse of passwords for this amount. Default value: 1
Password Expiration - Min DaysNumberAmount of days the password has to be valid for before it can be changed. Default value: 0
Password Expiration - Max DaysNumberMaximum amount of days a password can be valid for before it has to be changed. Default value: 99999
Password Expiration - Warning DaysNumberAmount of days, users will be notified before their password expires. Default value: 7

Groups

Nodegrid uses user groups to combine multiple local and remote users into a single local group, which is then used to assign system-wide administrative roles/permissions like user permission and administrative permissions. Further, are groups used to grant access permissions to specific target devices. User Groups which are authenticated against external authentication provider are mapped to local groups, this will assign the remote groups the permissions of the assigned local group.

Should a user be a member of multiple groups then the combined access rights will take effect.

Administrators can add and delete groups, as well as change their permissions. When you log in to the Nodegrid for the first time, you will see two groups in the default configuration, Admin and Users, which can not be deleted.

Manage Groups

The Nodegrid platform contains two default groups with default permissions. The admin grants the admin user full system and target access. The user group grants all members full access to all targets if Fine Grain Authorisation is disabled (default). When Fine Grain Authorisation is enabled then the user group members have no access to any target device by default.

Administrators can create, edit and delete groups under Security :: Authorization

Create a User Group

At this point, the group has been created to change its properties and permissions click on the group name.

Add local users to a group

Assign system permissions and settings to a group

A user group can be assigned multiple additional system permissions. All groups have by default the user permission, granting them access to the Access table. Which will allow them to connect to target devices based on the specific target permissions.

The following system permissions can be assigned.

Note: Multiple permissions can be assigned to the same group.

PermissionDescription
Track System InformationGrants access to tracking information. See section Tracking
Terminate SessionsGrants the permission to terminal user and device sessions
Software Upgrade and Reboot SystemGrants Permission to perform system upgrades and reboots
Configure SystemGrants administrative rights to change the system configuration
Configure User AccountGrants permissions to change the Authorisation setting.
Apply & Save SettingsGrants permissions to save settings
Shell AccessGrants access to the system shell

The following settings can be configured

SettingValueDescription
PermissionsTrack System Information
Terminate Sessions
Software Upgrade and Reboot System
Configure System
Configure User Account
Apply & Save Settings
Shell Access
System Permissions
Restrict Configure System Permission to Read OnlyTrue
False
The granted system settings are visible but cannot be changed
Menu-driven access to devicesTrue
False
The members of the group will be presented with a target menu when ssh connection directly to the Nodegrid is established.
Custom Session TimeoutTrue
False
Enable a custom session time
Timeout [seconds]NumberSession timeout in seconds
Email Events toEmail Addresslist of email address to which events will be send

Assign external groups

External groups need to be assigned to a local group. This will ensure that the remote group gets the correct permissions assigned. To assign an external group, follow the below steps

Note: This step is required for LDAP, AD, and Kerberos groups. Radius and Tacacs authentication provider offer other methods to link external groups/users to local groups.

Assign device permissions

In case Fine Grain Authorisation is enabled the permissions to access specific devices need to be assigned to groups. This is done by adding specific devices to a group and to set the appropriate access rights to the target. Multiple devices can be added at the same time and the access permissions can be set together.

Note: access permissions to control power outlets are granted through the Outlets permissions and not through Devices

Access permissions can be added ,deleted and edited for each group as necessary

The following access permissions can be assigned

PermissionValueDescription
SessionRead-Write
Read-Only
No-Access
Permission to access serial or ssh sessions (Console)
PowerPower Controll
Power Status
No Access
Power Control permissions through IPMI
DoorDoor Control
Door Status
No Access
Door Control permissions
MKSTrue
False
Acces to MKS sessions
Reset DeviceTrue
False
Permission to reset a device session
KVMTrue
False
Access to KVM sessions
SP ConsoleTrue
False
Access to IPMI console sessions (Serial over Lan)
Virtual MediaTrue
False
Access to establish a Virtual Media session to an IPMI device
Access Log AuditTrue
False
Access to read the access log of an IPMI device
Access Log ClearTrue
False
Permission to clear the access log of an IPMI device
Event Log AuditTrue
False
Permission to read the device-specific event log
Event Log ClearTrue
False
Permission to clear the device-specific Event Log
MonitoringTrue
False
Permission to access monitoring features
Sensors DataTrue
False
Permission to read sensor data
Custom CommandsTrue
False
Permission to execute custom commands

Assign power outlet permissions

Access permissions for power outlets from Rack PDUs are controlled individually as the power to turn on or off a device can have severe consequences to the running of a data center or remote location. The assignment of permissions is analogous to device's access permissions.

External Authentication Provider

Nodegrid provides an easy and simple way to enable external authentication on the platform. It can be set up to authenticate users with:

In order to allow external users access to the Nodegrid platform the following steps need to be performed independently of the specific authentication provider

Authentication providers can be added, deleted, modified in the Security :: Authentication section. The section will display all currently configured authentication providers and allows the creation, deletion, modification, and order of the authentication providers. The order of the authentication providers determents which one will be used first to authenticate the user. Should the authentication then fail the user access might be rejected or the next authentication provider might be tried. The authentication provider setting Fallback if denied access control this. When enabled then the next provider will be used. If disabled the user access will be granted or denied based on the result.

Note: Should a provider not be available to authenticate users at any given time then the provider will be skipped and the next provider will be used.

All users accessing the Nodegrid need to be a member of a group. If a user can not be identified as being a group member then a default group will be used. By default, this is the user group. The group which will be used can be adjusted using the Default Group option

The following section outlines how the different external authentication providers are added and configured.

LDAP and Active Directory

The LDAP protocol is an open standard and there is a large variety of implementations, all similar but bearing slight variations. LDAP examples shown are based on OpenLDAP implementation.

Microsoft’s Active Directory is one of the largest and widely used implementations of LDAP, it allows implementation of very complex authentication provider structure reflecting the internal organization of companies.

Provide the following information to set up an LDAP or Active Directory authentication server.

FieldValuesDescription
StatusTrue
False
Default Value is Enabled. This means the provider will be used to authenticate users
Fallback if denied accessEnabled or DisabledDefault is Disabled. It is recommended to Enable this feature in case the provider is not available.
Remote ServerFQDN or IP of LDAP server or domainNodegrid supports resolution of Active Directory Servers through DNS requests. This means that either specific Active Directory Servers can be specified or a valid Active Directory Domain. In case of the later, the system will contact the closest Server based on the DNS results.
BaseBase DNThis field can contain the Root DN or a sublevel DN. This DN marks the highest point which will be used to search for users or groups
SecureOn, Off or Start_TLSDefault is off, all traffic between the Nodegrid and the LDAP server will be sent unencrypted. On is recommended. (This feature needs to be supported by the Server)
Global Catalog ServerTrue
False
When enabled that the provider will use an Active Directory Global Catalog Server
Database UsernameSearch User NameFull Qualified username, which can be used to search through the directory. Only required if the LDAP server requires authentication for browsing of the directory
Database Password and Confirm PasswordPassword for the search userOnly required if the LDAP server requires authentication for browsing of the directory
Login AttributeField identifies the usernameattribute field which contains the username. For Active Directory this is sAMAccountName by default.
Group AttributeField identifies the group namesAttribute filed which contains the group identifier. For Active Directory this is memberOf by default
Search FilterSearch Filter following the LDAP implementation 

Example configuration for OpenLDAP server

FieldValue
StatusTrue
Fallback if denied accessTrue
Remote Sever192.168.1.1
Basedc=zpe,dc=net
SecureOff
Global Catalog ServerFalse
Database Usernamecn=admin,dc=zpe,dc=net
Login Attributecn
Group AttributememberUID

Example configuration for Active Directory server

FieldValue
StatusTrue
Fallback if denied accessTrue
Remote Sever192.168.1.1
Basedc=zpesystems,dc=com
SecureStart TLS
Global Catalog ServerTrue
Database Usernamecn=Administrator,cn=Users,dc=zpesystems,dc=com
Login AttributesAMAccountName
Group AttributememberOf

More information on how to setup LDAP and Active Directory can be found under How to Configure Active Directory or LDAP Authentication Provider

TACACS +

Terminal Access Controller Access-Control System Plus (TACACS+) is a protocol developed by Cisco and released as an open standard beginning in 1993. Although derived from TACACS, TACACS+ is a separate protocol that handles authentication, authorization, and accounting (AAA) services. TACACS+ and other flexible AAA protocols have largely replaced their predecessors.

FieldValuesDescription
StatusTrue
False
Default Value is Enabled. This means the provider will be used to authenticate users
Fallback if denied accessEnabled or DisabledDefault is Disabled. It is recommended to Enable this feature in case the provider is not available.
Remote ServerIP address 
Accounting ServerIP address 
TACACS+ PortTCP PortDefault port 49
Serviceppp
shell
raccess
Authentication service used by TACACS. The default value is raccess
Secret/Confirm SecretSecret 
TimeoutNumberCommunication timeout in seconds. Default value: 2
RetriesNumberAmount of retries before connection fails
TACACS+ VersionV0
V1
V0_V1
V1_V0
TACACS version to be used. The default value is V1
Enable User-Level attribute of Shell and raccess services association to local authorization groupTrue
False
 
User Level 1 - 10Nodegrid group name 

RADIUS

RADIUS is a client/server protocol that runs in the application layer and can use either TCP or UDP as transport. Operating on port 1812, it provides centralized Authentication, Authorization, and Accounting (AAA) management for users.

The Nodegrid Platform allows multiple methods to assign Radius users to Nodegrid groups. the following options exist:

FieldValuesDescription
StatusTrue
False
The default Value is Enabled. This means the provider will be used to authenticate users
Fallback if denied accessEnabled or DisabledDefault is Disabled. It is recommended to Enable this feature in case the provider is not available.
Remote ServerIP address 
Accounting ServerIP Address 
Secret / Confirm SecretSecret 
TimeoutNumberCommunication timeout in seconds. The default value: 2
RetriesNumberAmount of retries before connection fails
Enable ServiceType attribute association to local authorization groupTrue
False
Allows the assignment of Radius Service Types to Nodegrid local groups
Service Type LoginNodegrid group name 
Service Type FramedNodegrid group name 
Service Type Callback LoginNodegrid group name 
Service Type Callback FramedNodegrid group name 
Service Type OutboundNodegrid group name 
Service Type AdministrativeNodegrid group name 

Kerberos

Kerberos is a computer network authentication protocol that uses tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Designed primarily as a client–server model, it provides mutual authentication. Both the user and the server verify each other's identity. It builds on symmetric key cryptography and requires a trusted third party, and optionally may use public-key cryptography. It uses UDP port 88 by default.

FieldValuesComment
StatusTrue
False
Default Value is Enabled. This means the provider will be used to authenticate users
Fallback if denied accessEnabled or DisabledDefault is Disabled. It is recommended to Enable this feature in case the provider is not available.
Remote ServerIP address 
Realm Domain NameKerberos realm name 
Domain Namedomain name 

Security

Firewall

Nodegrid acts as a Firewall when configured to do so by an administrator. There are six built-in default chains, three for IPv4 and three for IPv6. These accept Output, Input and Forward packets. Additional User chains can be created and deleted if required. For each chain, the default policy can be set. The default policy is set to Accept packages. Default chains cannot be deleted.

Rules can be created for each chain, by clicking on the chain name. This will list all existing rules belonging to the chain. Rules can be created, deleted and modified. The following settings exist for rules. For more details review the iptables documentation.

SettingValuesDescription
TargetACCEPT
DROP
REJECT
LOG
RETURN
 
Source IP/MaskIP address and mask 
Reverse match for source IP/maskTRUE
FALSE
 
Destination IP/MaskIP address and mask 
Reverse match for destination IP/maskTRUE
FALSE
 
Input InterfaceAny
Available interfaces
one value of the list can be selected
Reverse match for input interfaceTRUE
FALSE
 
Output InterfaceAny
Available interfaces
one value of the list can be selected
Reverse match for output interfaceTRUE
FALSE
 
Enable State MatchNEW
ESTABLISHED
RELATED
INVALID
one or multiple States can be selected
Reverse state matchTRUE
FALSE
 
FragmentsAll packets and fragments
Unfragmented packets and 1st packets
2nd and further packets
one value of the list can be selected
Reject WithNetwork Unreachable
Host Unreachable
Port Unreachable
Protocol Unreachable
Network Prohibited
Host Prohibited
Administratively Prohibited
TCP Reset
 
ProtocolNumeric
TCP
UDP
ICMP
 
Protocol - Numeric - Protocol NumberProtocol Number 
Protocol - TCP - Source PortPort Number 
Protocol - TCP - Destination PortPort Number 
Protocol - TCP - TCP Flag SYNAny
Set
Unset
 
Protocol - TCP - TCP Flag ACKAny
Set
Unset
 
Protocol - TCP - TCP Flag FINAny
Set
Unset
 
Protocol - TCP - TCP Flag RSTAny
Set
Unset
 
Protocol - TCP - TCP Flag URGAny
Set
Unset
 
Protocol - TCP - TCP Flag PSHAny
Set
Unset
 
Protocol - TCP - Reverse match for TCP flagsTRUE
FALSE
 
Protocol - UDP - Source PortPort Number 
Protocol - UDP - Destination PortPort Number 
Protocol - ICMP - ICMP TypeAny
Echo Reply
Destination Unreachable
Network Unreachable
Host Unreachable
Protocol Unreachable
Port Unreachable
Fragmentation Needed
Source Route Failed
Network Unknown
Host Unknown
Network Prohibited
TOS Network Unreachable
TOS Host Unreachable
Communication Prohibited
Host Precedence Violation
Precedence Cutoff
Source Quench
Redirect
Network Redirect
Host Redirect
TOS Network Redirect
TOS Host Redirect
Echo Request
Router Advertisement
Router Solicitation
Time Exceeded
TTL Zero During Transit
TTL Zero During Reassembly
Parameter Problem
Bad IP Header
Required Option Missing
Timestamp Request
Timestamp Reply
Address Mask Request
Address Mask Reply
 
Protocol - ICMP - Reverse match for ICMP typeTRUE
FALSE
 
Reverse match for protocolTRUE
FALSE
 
Reverse match for source portTRUE
FALSE
 
Reverse match for destination portTRUE
FALSE
 
Log LevelDebug
Info
Notice
Warning
Error
Critical
Alert
Emergency
 
Log PrefixLog Prefix String 
Log TCP Sequence NumbersTRUE
FALSE
 
Log Options From The TCP Packet HeaderTRUE
FALSE
 
Log Options From The IP Packet HeaderTRUE
FALSE
 

Services

The Services page allows defining the Active Services running on the system as well as general service settings for Managed Devices, Intrusion Prevention, SSH settings to the systems itself, Web Service settings and Cryptographic Protocols for the Web Service.

This allows configuring the security level of the system. For instance, can unsecured protocols like Telnet or HTTP be disabled, or the SSH version which is allowed to access the system.

Active Services

The Active Services page allows the control which Services should be enabled in the system and which network ports they should be using.

The following settings are available

SettingValueDescription
Enable detection of USB devicesTRUE
FALSE
Enabled by Default
Enable RPCTRUE
FALSE
Required for NFS share access
Enable FTP ServiceTRUE
FALSE
 
Enable SNMP ServiceTRUE
FALSE
Enabled by Default
Enable Telnet Service to NodegridTRUE
FALSE
 
Telnet TCP PortPort numberDefault value: 23
Enable Telnet Service to Managed DevicesTRUE
FALSE
 
Enable ICMP echo replyTRUE
FALSE
Enabled by Default
Enable USB over IPTRUE
FALSE
 
Enable Virtualization ServicesTRUE
FALSE
Needs to be Enabled in order to run NFV's or Docker apps. Both features require licenses
Cloud TCP PortPort NumberDefault value: 9966
Enable Automatic Cloud EnrollmentTRUE
FALSE
 
Search Engine TCP PortPort NumberDefault Value: 9300
Enable Search Engine High Level Cipher SuiteTRUE
FALSE
 
Enable VM Serial accessTRUE
FALSE
Enabled by Default
VM Serial PortPort NumberDefault Value: 9977
vMotion timeout [seconds]Number in secondsDefault Value: 300
Enable Zero Touch ProvisioningTRUE
FALSE
Enabled by Default
Enable PXE (Preboot eXecution Environment)TRUE
FALSE
Enabled by Default

Managed Devices

The Managed Devices section allows controlling of general aspects and services controlling managed devices. The following settings are available.

SettingValueDescription
Device access enforced via user group authorizationTRUE
FALSE
When this feature is enabled, users will only have access to devices listed under the authorization groups that the user belongs. If this feature is not enabled, all enrolled devices in the Nodegrid will be available to the user and the user will be able to access them without restriction.
Enable AutodiscoveryTRUE
FALSE
This feature allows the Auto Discovery of managed devices on the network.
DHCP lease controlled by autodiscovery rulesTRUE
FALSE
If this feature is enabled then the DHCP server will only server leases to devices which have been discovered through the Auto Discovery process. This feature is only available when Enable AutoDiscovery is enabled.

Intrusion Prevention

The Intrusion Prevention section allows the configuration of mechanisms which can prevent unauthorized access to a system, like Fail 2 Ban and Rescue Mode. The following settings are available.

SettingValueDescription
Block host with multiple authentication failsTRUE
FALSE
 
Period Host will stay blocked (min)Number in minAmount of time the system will not be reachable on the network. Default value:10
Timeframe to monitor authentication fails (min)Number in minAmount of time during which failed authentication attempts are counted and before the counter gets reset. Default value:10
Number of authentication fails to block hostNumberAmount of failed authentication attempts during Number of authentication fails to block host before the host will be blocked. Default value:5
Rescue Mode requires authenticationTRUE
FALSE
After the feature is enabled the Rescue Mode will require authentication through a local user account, like root.

SSH

The SSH section allows configuration of the SSH service controlling access to the Nodegrid system. The following settings are available.

SettingValueDescription
SSH allow root accessTRUE
FALSE
Allows root access through SSH, Enabled by default.
SSH TCP PortPort NumberDevalt value: 22
SSH Ciphersallowed list of ciphersDefault value: blank, which allows all ciphers which are supported by Nodegrid
SSH MACsallowed list of MAC addressesDefault value: blank, which allows all systems to access the Nodegrid via ssh
SSH KexAlgorithmsan allowed list of key exchange algorithmsDefault value: blank

Web Service

The Web Service section allows the configuration of the web server. The following settings are available.

SettingValueDescription
Enable HTTP accessTRUE
FALSE
Default value: Enabled
HTTP PortPort NumberDefault value: 80
Enable HTTPS accessTRUE
FALSE
Default value: Enabled
HTTPS PortPort NumberDefault value: 443
Redirect HTTP to HTTPSTRUE
FALSE
Default value: Enabled

Cryptographic Protocols

The Cryptographic Protocols allow configuration of ciphers which are supported to access the web server. The following settings are available.

SettingValueDescription
TLSv1.2TRUE
FALSE
Default value: Enabled
TLSv1.1TRUE
FALSE
Default value: Enabled
TLSv1TRUE
FALSE
Default value: Disabled
Cipher Suite LevelHigh
Medium
Low
Custom
Default value: Medium

Cloud

Cloud is a Nodegrid feature that establishes a secure and resilient connection among other Nodegrid platforms so that when Cloud Clustering is enabled, multiple Nodegrid systems can easily manage and access all managed devices from other nodes. Nodegrid makes cloud access management even easier with cloud asset search. By logging into any Nodegrid node users can search the entire Nodegrid-managed enterprise network and cloud with a single interface.

This allows for vertical and horizontal scalability.

Peers Overview

The Peers page lists all Nodegrid units that are enrolled in the cloud.

The table shows the name of each Nodegrid, their IP Addresses, type, and status of communication with other peers.

Peers can be removed by selecting entries and then clicking on the Remove button. If the Nodegrid is the coordinator, it cannot be removed from the table.

Cloud Settings

In this section, the Cloud feature and the additional services Perr Management and License Pool can be enabled and configured.

Note: The Cloud feature requires a software license for each node in the cloud.

Enable Cloud

The Cloud feature can be enabled by checking the Enable Cloud checkbox. Each Cloud requires to have one Coordinator which coordinates and controls the enrollment of peer systems.

The first unit the cloud needs to be set as Type Coordinator. all other units can then be set to type Peer. The role of the Coordinator can later be changed to another system by selecting the Type of Coordinator on a peer. The change will then automatically propagated through the system.

If the Nodegrid is the coordinator, make sure the Allow Enrollment checkbox is checked, and provide a Cloud Name and Pre-Shared Key so that peers can be enrolled to the Cloud.

Please note that the Cloud Name and the Pre-Shared Key will be used in the Peer’s settings.

If the Nodegrid is the Peer, then enter the Coordinator’s Cloud Name, Coordinators's Address, and the Pre-Shared Key.

Check the Enable Clustering checkbox for allowing other Nodegrid systems to manage, access, and search all managed devices from other nodes.

Note: The Coordinator is only required for the enrollment of the peers. Once all Nodegrid systems were enrolled into the Cloud, the Coordinator can be set as Peers to prevent the enrollment of other units.

Automatic Enrollment

The Automatic Enrollment features allow administrators to automatically add new Nodegrid systems which become available to an existing cloud. The feature is enabled by default for Peers to be detected. The setting Pre-Shared Key need to be the same on the Coordinator as well as on the Peers. It is set by default to nodegrid-key. The value Interval [seconds] only applies to coordinators and regulates how often invitations are sent to potential peers based on the define network list.

After the Coordinator is enabled and configured, the admin user can add a range of IPs where other Nodegrid systems are on the network. To add network ranges for the discovery process add them to the Automatic Enrollment Range page under Cloud Settings.

Note: It is recommended to only add IP's to the Automatic Enrollment Range which are potentially Nodegrid units, as the system will send continually invitations to all IP's until a Nodegrid unit was found on a specific IP and it was added to the Cloud.

This way, the Coordinator will communicate with any Nodegrid system on those ranges and add them to the Cloud, thus eliminating the need to go to each of the Nodegrid nodes and set them as peers.

License Pool

The License Pool features allow for central management of all software licenses within a cloud. For this at least one unit needs to be set up as a License Pool Server, all other units are set up as License Pool Clients, which is the default setting.

License Pool Clients will automatically request required licenses from the License Pool Server. Licenses Pool Server will check the availability of licenses and assign the requested licenses if they are available. The Client will renew the licenses dependent on the servers Renew Time [days]. In case a client becomes unavailable for an extended period of time and exceed the servers Lease Time [days], then the licenses will become invalid on the client and return to the pool.

The currently leased licenses can be viewed on the License Pool Server in the Licenses section.

Peer Management

The Peer Management feature enables a function to centrally upgrade the firmware of Nodegrid units in the cloud. To enable the feature select Enable Peer Management.

The cloud Management page allows then to start the software upgrade process for remote Nodegrid units from a central location. The firmware which will be applied to the units needs to be hosted on a central location which is available through a URL.

Note: The URL should include the remote server’s IP or hostname, file path, and the ISO file. For example: ftp://192.168.2.200/nodegrid/Nodegrid_Platform_v3.1.0_20160127.iso

The page lists all Nodegrid systems in the Cloud. Select desired nodes that have the Management Status as Idle. If the status shows disabled, it means that the Nodegrid has Peer Management feature disabled. Once the selection is done, click on the Software Upgrade button. Select Remote Server and enter URL, Username, and Password. The option Format partitions before upgrade will reparation the Nodegrid units hard drive before performing the firmware upgrade.

If downgrading the software, you have the option to Restore configuration saved on version upgrade or Apply factory default configuration.

Auditing Settings

The auditing feature allows events which have been created to be sent to four different destinations: Email, File, SNMP Trap, and Syslog. It also allows data logging and events logging to be stored locally, remotely via NFS or sent to a Syslog server.

Data Logging

The Data logging feature allows capturing the data stream going to and coming from target devices as well as from the Nodegrid system. General settings for the data logging feature are available under Auditing :: Settings. The following settings are available.

SettingValuesDescription
Enable File DestinationTRUE
FALSE
When the feature is enabled all Data Logs are stored to the defined File location under Auditing Destinations. Default Value: Enabled
Enable Syslog DestinationTRUE
FALSE
When the feature is enabled all Data Logs are sent to the defined Syslog location under Auditing Destinations.Default Value: Disabled
Add Timestamp on every line loggedTRUE
FALSE
When this feature is enabled, a timestamp will be added to each data log line
Timestamp FormatUTC
Local Time
Defines the timestamp timezone, which will be used. Default value: UTC

Events

The Nodegrid system automatically creates events based on its and device settings. All events get stored to the local file system by default. This behavior can be adjusted under Auditing :: Events. The administrator can configure to which destination events get logged and which event categories get logged.

The system supports 4 event categories which can be individually controlled:

Note: Under Tracking :: Event List are all events listed and the category they belong to.

Each of these event categories can be configured to send the events to any of the 4 event destinations or to none. Event Destinations are:

Destinations

File

Data logs are written by default to files which are maintained locally. The file destination and archive settings can be set under Auditing :: Destinations :: File

Note: NFS requires RPC service to be enabled in Security :: Services

The following options are available.

SettingValuesDescription
Destinationloacal
NFS
 
NFS - NFS ServerIP address of NFS Server 
NFS - NFS PathPath to the NFS root directoryEach unit should have its own root directory.
File Size [Kbytes]File size in KbytesFile size at which the file will be rotated. Valid values are between 0 (disabled) and 2048 Kb. Default value: 1024.
Number of ArchivesNumberNumber of archive files which should be kept before they will be discarded. Default value: 10 max value: 99
(NFS) Archive by Time [HH:MM]Time in format HH:MMTime at which the file archive will be rotated. Default value: blank

Syslog

The Syslog destination can be used to store data logs and event notifications. The system supports a local Syslog destination or a remote IPv4 and IPv6 destination.

The following option is available.

SettingValuesDescription
System ConsoleTRUE
FALSE
Syslog events will be displayed on the Nodegrid
system console port sessions.
By default, this option is enabled
Admin SessionTRUE
FALSE
Syslog events will be displayed and any admin
session which is open to the Nodegrid system.
By default this option is disabled.
IPv4 Remote ServerIP addressOne or multiple IP addresses can be provided.
Addresses need to be separated by a comma.
IPv4 Address or HostnameTRUE
FALSE
By default is disabled
IPv6 Remote ServerIP addressOne or multiple IP addresses can be provided.
Addresses need to be separated by a comma.
IPv6 Address or HostnameTRUE
FALSE
By default is disabled
Event FacilityLog Local 0
Log Local 1
Log Local 2
Log Local 3
Log Local 4
Log Local 5
Defines the Syslog logging facility for Events
Data Logging FacilityLog Local 0
Log Local 1
Log Local 2
Log Local 3
Log Local 4
Log Local 5
Defines the Syslog logging facility for data logs

SNMP Trap

Any triggered event can be sent via an SNMP trap to an existing NMS system. The Nodegrid system supports SNMP v2 and 3 for traps. The MIB files for the Nodegrid system are available together with the firmware files.

Note: SNMP3 INFORM messages are currently not supported.

The following options are available.

SettingValueDescription
SNMP Engine IDnoneDisplayes the systems Engine ID
ServerIPv4 or IPv6 IP address 
Transport ProtocolUDP-IPv4
TCP-IPv4
UDP-IPv6
TCP-IPv6
protocol used to send the traps. Default is UDP-IPv4.
PortTCP portdefault value is 161
Trap VersionVersion 2c
Version 3
SNMP version to be used
Version 2c - Communitycommunity name 
Version 3 - User Nameuser name 
Version 3 -Security LevelnoAuthNoPriv
authNoPriv
authPriv
 
Version 3 -Authentication AlgorithmMD5
SHA
 
Version 3 -Authentication PasswordPassword 
Version 3 -Privacy AlgorithmDES
AES
 
Version 3 -Privacy PassphrasePassphrase 

Email Notification

Events can be sent via Email to an email address. The following options are available.

SettingValueDescription
ServerSMTP server address 
PortTCP port to be usedDefault port is 25
UsernameUsername 
PasswordPassword 
Confirm PasswordPassword 
Destination Emailemail addresstarget email address to which the events will be sent to
Start TLSTRUE
FALSE
Should TLS be used for the communication

Monitoring

The Monitoring feature allows Nodegrid to monitor and collect sensor data from Managed Devices which are connected to a Nodegrid sensor or support SNMP or IPMI as a protocol.

The collected data are defined and controlled through Monitoring Templates which will be assigned to a monitored device during its configuration.

Customizing a Monitoring Template

There are a number of pre-existing monitoring templates, which typically fulfill the user's requirements. Should the need arise then these templates can be customized.

All templates are text files located in subdirectories of the/etc/collectd.templates directory according to the protocol used to collect the monitoring data, either SNMP or IPMI.

Any new file in these directories will automatically appear in the user interface.

SNMP Template

To create a new SNMP template, log in as root to the shell. Create a copy of one existing template as a starting point for the new template.

Each SNMP template file has two types of subsections:

The template file should only include data points which are of interest, all other data points can be removed from the file.

The following table explains the settings and the possible values for a data entry

SettingValueDescription
DataInternal name of the Data point as it will be collected by the Nodegrid system. The Name should be unique.the name should not have any spaces. Example
Data "pdu_in_cur"
Data "pdu_in_vol"
Typetemperature
fanspeed
humidity
counter
percent
timeleft
voltage
current
power
apparent_power
power_factor
frequency
data type
Tabletrue
false
reflects if the OID is part of a table or not
Instancetrue
false
If Table is true: A SNMP OID prefix that will be walked to retrieve a list of names that will be associated with the corresponding values. For example, in a PDU this could be the outlet name.
If Table is false: The name [of the instance] that will be associated with the value, as a string.
InstancePrefixStringOptional. A string to the prepended to the Instance, enclosed in double quotes.
Valuestrue
false
If Table is true: The SNMP OID prefix that will be walked to retrieve a list of values.
If Table is false: The SNMP OID used to retrieve a single value.
ScaleDecimal valueOptional. A decimal value to be multiplied to the value retrieved before persisting it.

Example

    <Data "pdu_in_cur">
      Type "current"
      Table true
      Instance ".1.3.6.1.4.1.476.1.42.3.8.40.20.1.20"
      Values ".1.3.6.1.4.1.476.1.42.3.8.40.20.1.130"
      Scale 0.01
    </Data>

The host entry in an SNMP template dose only requires an adjustment in the Collect setting. The values list should contain a list of all data entries which should be collected. All listed data entries require a corresponding data entry definition.

IPMI Discovery Template

The ‘discover’ template for IPMI will automatically discover all the sensors available on an IPMI device.

The template will have only one subsection, Host, and the options of interest are:

SettingValueDescription
AuthTypenone
md2
md5
straight
The authentication type for the IPMI protocol. The default is to negotiate the strongest one.
Privilegecallback
user
operator
admin
The privilege level for the IPMI protocol. The default is admin.
SensorName of the Sensor to be collectedSelects sensors to collect or to ignore, depending on IgnoreSelected. May be defined multiple times, each one selecting one sensor.
IgnoreSelectedtrue
false
If true, will not collect that for the sensors selected by Sensor.
If false will only collect the sensors selected by Sensor.
ScaleOptional. A decimal value to be multiplied to the value retrieved before persisting it.

Enabling Monitoring

Monitoring is enabled on a per-device basis. The settings are part of the Managed Device settings. To enable Monitoring are the following steps required.

Dashboard

Nodegrid provides the dashboard tool to visually see Event Details, Managed Device details and monitoring data from the system and the Managed Devices. It gives the flexibility to create several dashboards for different purposes and monitor managed devices data points such as Power Consumption, Voltage (V), Current (A), Temperature, Fan speed, and many more. It provides options to show data from a different period of times such as the last 15 minutes, the last hour, the last day, this week, this month, the last 5 years.

The Dashboard guide will provide a starting point on how to create simple and useful Dashboards which can be expanded if needed and allow users to create the dashboards which are relevant.

Note: The Dashboard feature is only available through the WebUI

Exploring Data Points

This section is not required, but it will describe how it can be verified that the collected data are stored and to learn more about the data being collected. The raw data points which are collected can be viewed by performing the steps below.

Note: As collected data is buffered before being stored, it can take a couple of collection cycles before the data can be visualized.

The following fields can be used in search expressions.

Data Point fields (logstash-* Index )

FieldValuesDescription
hostDevice NameThe name of the device being monitored.
pluginsnmp
ipmi
nominal
aggregation
Name of the collection plugin
plugin_instancesum
average
The
instance of the plugin collecting the data, if the plugin requires it. Present iin the aggregation plugin
collectd_typetemperature
fanspeed
humidity
counter
percent
timeleft
voltage
current
power
apparent_power
power_factor
frequency
Type of measurement
type_instanceData Point NameThe name of the element associated with the measurement

Device fields (logstash-* Index )

FieldValuesDescription
nameDevice NameThe name of the device being monitored.
modeenabled
ondemand
disabled
operational mode of the device
typedevice typeDevice type as assigned to the device under Managed Devices
familyilo
drac
ipmi_1.5
ilmi_2.0
cimc_ucs
device_console
pdu
device family
addr_locationAddress 
coordinatesCoordinates 
ipIP address 
macMAC addressThe MAC address of the device, if known.
aliasIP address alias 
groupslist of groupsThe authorization groups which have granted access to the device
licensedyes
no
device license state
statusconnected
disconnected
in-use
unknown
The current status of the device
nodegridNodegrid hostnameThe hostname of the Nodegrid that controls the device
custom fields Any custom field configured for the device

Event fields (*_date_* Index )

FieldValueDescription
event_idNumberEvent ID number
event_msgTextEvent Message
hostNodegrid hostnamehostname of the Nodegrid where the Event occurred.
messageTextFull message text

Creating a Visualization

Visualizations allow the gathered data to be displayed on a Dashboard. The Visualization includes a wide variety of different options to display and aggregate data. The following sections cover a small subset of the options available and aim to be a starting point in the creation process of custom visualizations.

Line Charts

Line Charts allow the visualization of data points along the line graph. It is one of the most common graphs used.

The following process outlines the general steps to create a line chart.

Area Charts

The area chart, which is useful for stacking measurements for different although related entities, such as the outlets of a PDU.

Note: Review the Line Chart section before continuing with the Area Chart

Note: When using area charts to careful to not account for the same measurement twice, by mixing power consumers and power producers, or a Rack PDU’s input and output power.

Creating a Dashboard

Dashboards are a collection of one or more visualizations. They can be changed or new Dashboards can be created. The following steps outline how a new Dashboard can be created.

Inspecting a Dashboard

From this point on can be opened and viewed, following the below steps.

Applications

The Nodegrid platform allows running additional applications on it. This is mostly used to expand software capabilities like running specific applications close to the end devices. The most common use cases are in the areas of monitoring and SD-WAN. While all Nodegrid units support this feature, is the Services Router Family specifically designed to run applications and provides a wide variety of connectivity options.

Note: The applications feature requires additional licenses to be installed. The Virtualization service is by default disabled and needs to be enabled under Services

 

Docker Applications

Docker is an open platform for building, shipping and running distributed applications. The Nodegrid platform allows administrators to run Docker applications. The platform allows pulling of Docker applications from Docker Hub, starting and stopping of the Docker Containers.

Note: "Enable Virtualization Services" must be enabled in Security :: Services in order to run NFV's or Docker apps. Both features require licenses (System :: License).

 

Note: The management of Docker Applications is currently only available through the WebUI. The WebUI provides a basic interface to manage Docker Containers. For more advanced features can administrators use the docker command line tools.

Docker Images

The Applications :: Images section allows administrators to download and to delete specific Docker containers images. They can be directly downloaded from Docker Hub. For this, the Nodegrid requires direct network access to Docker Hub.

New Images can be download following the below steps.

Docker Containers

The Applications :: Containers section allows administrators to add a container based on an existing image to the Nodegrid system. The container can be started, stopped and deleted if required.

For additional detail see the official Docker create documentation.

Note: After the container was created it will not be started automatically.

To add a container follow the following steps

Application Links

Application Links allow administrators to create simple web links to running containers and other applications.

image-20190304165842961

image-20190304165924905

Note: Depending on the Application might it be advantages to create a target device for the created Application.

Network Function Virtualisation

The Nodegrid platform allows administrators to run additional NFV's or other Virtual Machines. A large variety of configuration options is available through the command line interface.

Please contact Technical Support for more information.

Appendix

Technical Support

Our Technical Support staff are standing by to provide assistance in case you have any operational or installation issues regarding your licensed Nodegrid product. In order to be assisted in the fastest way possible, follow the steps below:

Submit a Support Ticket

To submit an online ticket request for support follow the following steps:

You will receive an Email from ZPE Systems confirming that your request has been received and will be reviewed by our support staff. The Email will as well contain your ticket number. Please take note if the ticket number and refer to it at later times as needed.

Updates and Patches

To automatically receive information about important security patch announcements, future firmware updates, and other technical information, sign up to The Loop here:

www.zpesystems.com/loop/


Configuring Virtual Serial Port (vSPC) on VM Servers

In order to redirect the VMware virtual machine vSPC data to Nodegrid Platform, the virtual machine serial port needs to be configured as described below:

vSPC

VMWare_Firewall

VMWare_Firewall_Port

To modify the outgoing port range, connect to the ESXi command line and execute the following commands:

VMWare_Firewall_Port_Range

Edit the port section:

VMWare_Firewall_Port_Configuration

Save the changes and then restart the firewall service:

VMWare_restart_firewall

For further information on VMware firewall, please refer to VMware Knowledge Base.

DC Power

DC power is connected to DC-powered equipment using three wires: Return (RTN), Ground () and 48 VDC.

Warning It is critical that the power source supports the DC power requirements of your Nodegrid. Make sure that your power source is the correct type and that your DC power cables are in good condition before proceeding. Failure to do so could result in personal injury or damage to the equipment.

Warning Wiring to power from a DC supply may be confusing, especially in telecom racks, where the supply's positive wire (usually of red color) goes to the ground, and the hot wire (usually of black color) carries the -48VDC. In case of any doubt, consult a certified electric technician before proceeding with connections. Failure to do the right connections could result in personal injury or damage to the equipment.

Fundamentals

 

Figure: Dual DC Power Connection Terminal Block

NumberDescription
1Power Switch
2RTN (Return)
3Ground ()
448 VDC


 

Figure: DC association - terminal power source and switch

 

Figure: NSR Single DC + PoE Power Connection Terminal Block

To power a Nodegrid unit with DC power:

  1. Make sure the unit is turned off.
  2. Make sure DC power cables are not connected to a power source. Never work on powered wires.
  3. Remove the protective cover from the DC power block by sliding it to the left or right.
  4. Loosen all three DC power connection terminal screws.
  5. Connect your return lead to the RTN terminal, your ground lead to the terminal and your 48 VDC lead to the 48 VDC terminal and tighten the screws.
  6. Slide the protective cover back into place over the DC terminal block.
  7. If your unit has dual-input DC terminals, repeat steps 3-6 for the second terminal block.
  8. Connect the DC power cables to the DC power source and turn on the DC power source.
  9. Connect a serial client (set as 115200 8N1) to the console port (Teraterm, puTTY, etc) (optional)
  10. Turn on your unit. Double-check booting messages on the connected serial client.
  11. Turn on the power switches of the connected devices.
  12. Connect the DC power cables to the DC power source and turn on the DC power source.
  13. Turn on your unit.
  14. Turn on the power switches of the connected devices.

 

Case of -48VDC supply

enter image description here

Case of +48VDC supply

enter image description here

AC Power

AC diagram for the NSR models with PoE+ support

 

Figure: NSR Single AC + PoE Power Input and Switch

Serial Port Pinout

The tables below display serial port pinout information.

Cisco-like Pinout

PinSignal NameInput/Output
1CTSIN
2DCDIN
3RxDIN
4GNDN/A
5GNDN/A
6TxDOUT
7DTROUT
8RTSOUT

Legacy Pinout

PinSignal NameInput/Output
1RTSOUT
2DTROUT
3TxDOUT
4GNDN/A
5CTSIN
6RxDIN
7DCDIN
8UnusedN/A

Safety

Please refer to the links below for product safety information.

Quick Install Guide

Please refer to the links below for product installation information.

RoHS

Please refer to the links below for RoHS information.

Data Persistency

In normal operation, user data resulting from keystrokes, managed devices output and device monitoring data passing through our product may be stored in nonvolatile device memory when data logging or monitoring is enabled in the configuration settings.

The Nodegrid devices contain the following memory devices:

  1. BIOS Memory Size: 64MB Memory Type: NOR Flash Volatility: Nonvolatile User Data: No
  2. Flash Disk Memory Size: 32 GB or 64 GB. Other custom sizes may be used. Memory Type: SSD Volatility: Nonvolatile User Data: Yes. Partition/Data: sda2 - unit configuration sda5 - backup configuration sda8 - user home directories and log files
  3. RAM Memory Size: 4 GB or 8 GB Memory Type: DDR3 Volatility: Volatile User Data: Yes

There are two ways to remove user data from the nonvolatile memory of Nodegrid unit:

Soft Removal

Erase the nonvolatile memory of Nodegrid using the following procedure:

 ` Use the * and * keys to select which entry is highlighted.
  Press enter to boot the selected OS, `e' to edit the commands
  before booting or `c' for a command-line.`

 

Hard Removal - Secure Erase

Erase the nonvolatile memory of Nodegrid unit using the following procedure:

                             GNU GRUB version 2.00

 +--------------------------------------------------------------------------+
 |Nodegrid Platform - Chain boot                                            |
 |Nodegrid Platform - Rescue Mode                                           |
 |Nodegrid Platform - Secure Erase  <--                                     |
 |                                                                          |
 |                                                                          |
 |                                                                          |
 |                                                                          |
 |                                                                          |
 |                                                                          |
 |                                                                          |
 |                                                                          |
 +--------------------------------------------------------------------------+
  `Use the ^ and v keys to select which entry is highlighted.
  Press enter to boot the selected OS, `e' to edit the commands
  before booting or `c' for a command-line.`

Nodegrid Boot live - Secure Erase

This action will completely erase the system. Using this procedure will destroy ALL data on the SSD and render it unrecoverable even by data recovery services. After executing this step, system software will no longer exist and must be reinstalled via network.
Type 'erase' to secure erase the SSD or 'cancel' to reboot:

Note: Secure Erase requires the unit to be power cycled (powered off and powered on) prior to the erase command. Otherwise, the following message will show and the system will halt to allow the user to perform a power cycle as required:

Operation not supported. Unit must be power cycled prior to erase command.
Wait for system halt and power cycle the unit.
[ 4.614365] reboot: System halted

Secure erase cannot be canceled once confirmed.
Type 'yes' to confirm secure erase:

Secure erase of SDD will start now…
security_password="PasSWorD"

/dev/sda:
Issuing SECURITY_SET_PASS command, password="PasSWorD", user=user, mode=high
security_password="PasSWorD"

/dev/sda:
Issuing SECURITY_ERASE command, password="PasSWorD", user=user

Secure erase completed. System halting…
[ 29.083186] reboot: System halted

Access here for a copy of the Letter of Volatility

Credits

ZPE Systems, the ZPE Systems logo, Nodegrid, and Nodegrid Manager are registered Trademarks of ZPE Systems, Inc. or its affiliates in the U.S. and other countries.
All other marks are the property of their respective owners.

© 2013-2019 ZPE Systems, Inc.

Contact us

Sales: sales@zpesystems.com

Support: support@zpesystems.com

ZPE Systems, Inc.
46757 Fremont Blvd.
Fremont, CA 94538
USA

www.zpesystems.com