Transcript
Avocent® ACS v6000 Advanced Console Server Release Notes Version 2.3.0.10 November 3, 2014 This document outlines: 1. Update Instructions 2. Virtual Appliance Firmware Version Information 3. Features/Enhancements 4. Known Issues ===================================================================================
1. Update Instructions =================================================================================== The ACS v6000 advanced console server version 2.3.0 is the first version of the new virtual console server product line. The ACS v6000 advanced console server runs as a virtual machine and it requires the VMware® ESX server running version 4.1 or the VMware ESXi server running version 4.1. Network communication between the VMware server and the ACS v6000 console server requires that TCP port 8801 be open. The following firewall command should be executed at VMware ESX server host: esxcfg-firewall –o 8801,tcp,out,out-vspc NOTE: VMware ESXi server does not require this command. ===================================================================================
2. Appliance Firmware Version Information =================================================================================== Appliance/Product
Firmware Type
Version
Filename
Part #
Avocent® ACS v6000 Advanced Console Server
Software-ISO image
V_2.3.0.10
SW0217-003.iso
SW0217-003
===================================================================================
3. Features/Enhancements =================================================================================== NOTE: Please refer to the Installation/Administration/User Guide and/or Command Reference Guide for details about features supported by the ACS v6000 console server version 2.3.0. Upgrade included in ACS v6000 console server version 2.3.0.10:
Bash version 3.0.22 that has fixes for the following: CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187
1
Major features of the ACS v6000 advanced console server version 2.3.0.7 include:
Support DSView™ management software version 4 (this requires plug-in version 2.3.0.5).
OpenSSL upgrade from version 0.9.8k to 0.9.8x because of the following security issues: CVE-2012-1165, CVE-2012-2333, CVE-2012-2110, CVE-2012-2131, CVE-2012-0884, CVE-2011-3192, CVE-2012-0021,CVE-2012-0031 and CVE-2012-0053
Apache™ upgrade from version 2.2.14 to 2.2.22 because of the following security issues: CVE-2011-0419, CVE-2011-3192, CVE-2011-3192, CVE-2012-0021,CVE-2012-0031 and CVE-2012-0053
Kerberos- applied patch to fix security issue: CVE-2011-4862.
Login Banner support: o
The administrator can enable and configure the login banner via the on-board web interface (OBWI) and the Command Line Interface (CLI).
o
The login banner is supported by the following sessions: Telnet, SSHv2, OBWI and console.
Group authorization: There is now a new session idle timeout attribute. If the group authorization that the user belongs to does not have the session idle timeout configured, the appliance session idle timeout will be applied for the session.
Support configuration via Bootp request: o
The Bootp Configuration Retrieval option allows the entire unit configuration to be retrieved over Bootp/TFTP during boot and during DHCP renewal. There are two ways to push a configuration during a DHCP request/renewal. The configuration can be sent as file created by the Save Configuration appliance system tool, or it can be sent as a CLI script to be executed under the command line scripting interface.
Feature Alert Strings: Supports regular expression in the configuration of the string.
OBWI/CLI allows configuration of time for vMotion to be completed. ACS v6000 will update the state of the virtual serial port to normal operation (means the vMotion will be aborted) when the time to complete the operation will exceeded the configured value.
Major features of the ACS v6000 advanced console server include:
Linux® Operating System
Integration with DSView™ 3 management software using the plug-in version 2.3.0 of the ACS v6000 advanced console server. This allows access, configuration and management of the ACS v6000 advanced console server with DSView™ 3 management software (requires version 3.6.0.159 or later)
Secure local (console port) and remote IP accessibility
License for serial ports. o
Available licenses based on number of serial ports: 4, 8, 16, 24 and 48.
o
One Serial Port is available for evaluation until license is added
2
o
This release supports a maximum of 48 serial ports based on a single license or multiple combined licenses. There is no warning if the total number of licensed ports is greater than 48.
Support for dual stack IPv4 and IPv6
Persistent File System in virtual hard disk
Three preset security profiles
Support for IP packet and security filtering
Support for IPSec with NAT traversal
Support for remote authentication services
Support for single sign-on (method of access control that enables a user to authenticate only once to gain access to appliance and to serial ports that are configured as Console Access Server – CAS profile)
Support for “strong password enforcement” and for password expiration rules
Support authorization based in group privileges/rights
Solid security to ensure data integrity
Ability to auto discover the name of the virtual servers associated to the serial ports
Local and remote data logging (NFS) with rotations and commands to do “string” searches
System and port event notification (email, SMS, SNMP trap and Syslog)
Simultaneous access to the same serial port
Multiple simultaneous sessions for the target devices with ability to toggle between active concurrent sessions
Web interface for access and configuration (HTTP/HTTPS).The following Web browsers are supported:
o
IE6
o
IE7
o
Firefox® 3.0 (Linux® operating system and Windows® operating system)
Special Features: o Multi-edit support: The Edit button turns to multi-edit behavior when more than one item is selected. Only touched fields shown in green are saved. o
Serial ports configuration is consolidated in one single place. This allows for quicker configuration using the Set CAS wizard.
o
The following commands are available:
Set CAS (configure and edit selected serial port as CAS Profile)
Enable/Disable selected serial ports
Clone (copy configuration of the selected port to others)
Reset To Factory (reset the configuration of selected serial ports to the factory configuration with status disabled)
3
o
Serial ports table supports serial viewer for quick validation of the CAS Profile settings. The table also reports RS-232 signals and additional settings summary for quick reference.
o
VM Settings / VM Serial Ports: allow management of the associations between the Virtual Machines Serial Ports and the ACS v6000 advanced console server ports.
The following commands are available: Add (add new associations) Delete (delete selected associations) Resync with VMware vCenter Server (try to fix problem with outdated IP address and wrong vSPC number)
CLI (command line interface) for access and configuration. Special commands: o
wiz command for first configuration of network device ETH0
o
list_configuration command lists the configuration in a format that allows pasting the output directly on the appliance session (console, SSH or TELNET) in order to (re)configure the unit.
o
echo on/off command enables/disables the echo of the input data. These commands should be used when pasting the list_configuration output (not mandatory).
o
The ls command displays available sub-nodes (sub-directories) while the show command displays tables or parameters, i.e. content of the node.
o
Hostname (display the hostname of the appliance)
o
Whoami (display the username)
Allows multiple administrators logged in through Web-UI or CLI concurrently
DHCP for dynamic IP assignment
Time synchronization with support for global time zone and NTP server configuration
Support for TCP Port alias when the protocol is “telnet” to access the serial port - Fast direct IP or TCP direct addressing of individual serial ports; enables scripts and other automation to directly access individual serial ports.
Support for TCP Port alias to be used instead the port name when the protocol is “ssh”.
Support for IP Alias (IPv4 & IPv6) for Serial Ports configured.
Support for fallback name when auto-discovering the host name. Option supported to configure a name that will be used when auto-discovery fails to detect target name. If not configured, the name will be the default name, such as 0c-2a-b6-p-4 or the virtual machine associated with the serial port.
Support for Radius attribute Service_Type and Tacacs+ attribute User_Level for Group Authorization.
Linked cipher levels for HTTPS connections with the correct SSL version. Such as:
o
For SSL v2 or 2/3, cipher level is configured as low, medium and high.
o
For SSL v 3, cipher level is configured as medium and high
Well-known console server TS-Menu feature is available in the ACS v6000 advanced console server. It shows authorized targets (serial ports) in a menu driven format. 4
Login profile is a group parameter that allows users to configure between TS-Menu or specific CLI command when login in to the appliance.
Well-known console server Power Management Menu (CTRL+P command) is available in the ACS v6000 advanced console server. This is a menu driven list of power actions for serial ports with associated Virtual Servers. This is presented when power management menu hotkey is pressed during connection to serial target.
Alerts Strings feature supports up to 480 alerts strings distributed among the serial ports.
Shutdown command brings the system down in a secure way, ready to be turned off. All logged in users are notified that the system is going down, and log in is blocked.
The user interface of the ACS v6000 advanced console server supports localization in English, Japanese and Simplified Chinese. CLI will use the language configured in appliance language. The Web will use the language configured in the client browser, if supported.
The root user goes straight to SHELL prompt after login. The shell-login-profile group was created to implement this behavior. User can delete the group ‘shell-login-profile’ from the Users/Authorization/Groups to login directly to CLI.
Pool of CAS serial ports feature: an administrator can create a pool of serial ports where each serial port in the pool shares a pool name, TCP Port Alias, IPv4 Alias and IPv6 Alias. The first available port in the pool is used as the serial port for connection.
SU and SUDO commands are available in the shell prompt.
Support configuration via bootp request.
Support Firmware Upgrade via OBWI and CLI.
===================================================================================
4. Known Issues =================================================================================== This release contains the following known issues:
The ACS v6000 console server will accept another vMotion start message for a virtual serial port that is already in vMotion state. (L3-65668221).
The ACS v6000 console server can be enrolled in the DSView™ 4 software. (L3-65662748, L3-65669369, L3-65672415).
Emerson and Emerson Network Power are trademarks or service marks of Emerson Electric Co. Avocent, the Avocent logo, and DSView are trademarks or service marks of Avocent Corporation. All other marks are the intellectual property of their respective owners. This document may contain confidential and/or proprietary information of Avocent Corporation, and its receipt or possession does not convey any right to reproduce, disclose its contents, or to manufacture or sell anything that it may describe. Reproduction, disclosure, or use without specific authorization from Avocent Corporation is strictly prohibited. ©2014 Avocent Corporation. All rights reserved. 5