Home > Products > Centralized Server Management > CommandCenter Secure Gateway

E-MAIL

CommandCenter Secure Gateway

Manage your virtual machines, blade systems, rack servers, networking devices, and power distribution units – your entire heterogeneous IT infrastructure located anywhere in the world
– from a single Web browser-based interface.

OVERVIEW
BENEFITS
FAQ
SCREENSHOTS
ORDERING INFO

OVERVIEW

Raritan's CommandCenter® Secure Gateway centralized management appliance allows data center administrators to manage virtual and physical IT infrastructure remotely from a single web browser interface. CC-SG aggregates console access and remote power control capabilities to devices in multiple local or remote data centers, providing a simple, centralized gateway to diagnose and resolve data center management issues quickly. Easy data import/export features and an optional WS-API make CommandCenter-Secure Gateway the most convenient and user-friendly IT management solution available.

CC-SG is a perfect compliment to our Power IQ power management solution and enables power control of devices connected to any PDU managed by Power IQ – without leaving the CC-SG GUI. Plus, data can be synchronized automatically between the two products.

View the technical specifications for CC-SG E1 and CC-SG V1

Download a free virtualized evaluation copy of CC-SG for up to 16 nodes and interfaces
(runs on VMware, including ESX/ESXi and VMware Player). Includes a built-in license.

CommandCenter Secure Gateway provides:

Unified Access
By entering a single IP address into a standard web browser running on either a PC (Windows, Linux, Mac), smartphone or tablet PC, an IT administrator can have:

Out-of-band BIOS-level access to blade and rack-mounted servers via Dominion KX II KVM-over-IP switch or service processors (ie. iLO, DRAC, RSA)
BIOS-level access to virtual servers via VMWare Viewer
In-band access to servers via RDP, VNC, SSH, Telnet and VMWare’s VI Client

Consolidated Security
Remote server access is more secure with centralized authentication, authorization and logging

Users are authenticated against LDAP, Active Directory®, RADIUS and TACACS+
Sophisticated role-based authorization determines users’ access and power control privileges.
Consolidated audit logs and reporting helps meet compliance requirements.
All data traffic, including that of video, virtual media, keyboard and mouse, is encrypted with selectable encryption mode – 128- or 256-bit AES and 128-bit SSL.

Management of Heterogeneous IT infrastructure located anywhere in the world

VMware Virtual Infrastructure (VirtualCenter, ESX Servers, and Virtual Machines)
Blade servers from IBM®, HP® and Dell®
Embedded Service Processors (iLO, DRAC, RSA, IPMI)
Rack-mounted servers from multi-vendors
Networking devices such as routers, Ethernet switches
Dominion KX II KVM-over-IP switches
Dominion SX Secure Console Servers
Dominion PX Intelligent PDU

Product Documentation, Firmware, and Online Help

BENEFITS

Click here for a PDF of this information

Raritan's CommandCenter Secure Gateway (CC-SG) provides IT organizations with integrated, secure and simplified access and control of all technology platforms at the application, operating system and BIOS level.

Feature Summary

Secure, single sign-on to a single IP address for managing all of Raritan’s Dominion® KVM-over-IP switches, Paragon® II analog KVM devices and Dominion PX™ intelligent PDUs
Available as a rack-mountable hardware solution or a virtual appliance
Single point of access and audit to physical servers (including blade systems and servers), virtual machines and VMware® infrastructure such as the ESX™ server and VirtualCenter environments
Centralized, role-based policy management, including controlled access privileges
The ability to monitor, diagnose and resolve infrastructure problems
HTML Access Client interface, which allows the user to easily locate managed equipment in customizable views, including favorites and recently accessed nodes
Remote access and power control using HP integrated Lights-Out (iLO/iLO2), Dell® Remote Access Controller (DRAC), IBM® Remote Supervisor Adaptor (RSA) and IPMI service processors, plus RDP, VNC, SSH and Telnet in-band applications
Universal Virtual Media™ control, view only or deny access policies through Dominion KX II devices
Consolidated audit trail, including detailed activity reports

Features	Functionality	Benefits
Support for Dominion KX II	CC-SG supports access to servers and other IT equipment connected to Dominion KX II. KX II provides virtual media and Absolute Mouse Synchronization™ technology. CC-SG provides discovery, management, upgrades and many other management capabilities of KX II devices.	CC-SG provides seamless integration of access through different Dominion products such as environments with mixed Dominion KX and Dominion KX II devices.
Support for Dominion SX	CC-SG supports access to serial devices connected to Dominion SX.	You get centralized management of multiple SX units along with other Raritan access devices.
Virtualization: Integration of VMware	CC-SG provides streamlined setup of single sign-on access to your virtualized environment, the ability to issue virtual power commands to virtual machines and virtual hosts and a topology view with one-click connections. CC-SG integrates with VMware environments and can support features like connectivity to VirtualCenter software, ESX servers and VMotion™ functionality.	You get consolidated access, power control and auditing of both physical and virtual servers. Connectivity to virtual machines is always available even when these are moved from one virtual host to another.
Support for Access to Blade Servers Connected to Dominion KX II Devices	CC-SG supports access of blade servers connected to Raritan Dominion KX II switches. Supported blade models include most Dell, HP and IBM blade servers.	You can access all connected nodes from a single client, including blade servers, non-blades, IP tools, service processors, PDUs, virtualized systems and devices connected to Raritan’s KVM solutions.
Support for Raritan’s Dominion PX	CC-SG can discover and add Dominion PX “smart” power strips located on the IP network. The CC-SG will automatically identify the firmware version, serial number and how many outlets are available on the PX. Once added to the CC-SG as a network-managed device, the Dominion PX allows access to the administrative interface via a single sign-on. Additionally, Dominion PX outlets are available for configuration and association to existing CC-SG nodes (servers). Note: The option of CC-SG integration to the PX through physical connectivity to Dominion devices via a power Computer Interface Module (CIM) or power cable is still available and supported.	You enjoy comprehensive centralized access and management. Your control of PX units can be independent of KVM or serial switches.
Access to In-Band Application and Embedded Service Processors	Telnet is supported as an in-band serial console interface. RDP, one of the most commonly used in-band console interfaces, can be used in either console or remote user modes. The RDP console allows the IT administrator to be the only RDP user on the server while the session lasts. All RDP remote console user sessions will terminate on an RDP console login. Additionally, the RDP interface can be adjusted to the desired color depth. Service accounts can be created and stored on the CC-SG with an MD5 two-way encrypted password. Service accounts can be employed on all in-band interfaces to allow for use with remote or local authentication. Changing the service account password applies to all CC-SG interfaces using that service account. Alternatively, creating specific passwords for each interface is still available.	You have the ability to connect to serial targets using Telnet protocol. You’ll add flexibility by using RDP. You’ll reduce the configuration time required to reflect password changes.
Robust Security	Low security profile, Linux^®-based appliance architecture. A powerful policy management tool allows access and control based on a broad range of user customizable criteria, including time of day, physical location, application, operating system, department and function. Available 128-bit and 256-bit AES encryption for end-to-end node access activity through AES-enabled Dominion devices. Support for a broad range of authentication protocols, including LDAP, Active Directory®, RADIUS and TACACS+ in addition to local authentication and authorization capabilities. Ability to import user groups from Active Directory. Support for Second Factor Authentication with SecureID® on RADIUS servers. IP-based access control lists (ACLs), which grant or restrict user access by IP address. Proxy mode for secure access to devices through firewalls/VPNs. Strong user password authentication, SAS 70 compliance for configurable amounts of failed login attempts and user ID lockout parameters.	CC-SG is a powerful, hardened secure access platform that delivers peace-of-mind to IT managers who need to provide access to vital corporate resources.
Neighborhood Configuration	Architecture allows a collection of up to 10 CC-SG units to be deployed and work together to serve the IT infrastructure access and control needs of the enterprise. The units in a neighborhood may consist of hardware and/or virtual appliances. All units in a neighborhood must be running the same firmware version.	Scalability: you can add more CC-SGs as your environment grows. Performance is enhanced through the distribution of resources across CC-SGs. Regionalization: It allows local authentication for local access. CC-SG provides around-the-clock global operations – so you can avoid failures across regions. Departmentalization/local administrative autonomy: CC-SG permits you to access network partitioning. You can segment by access tools, Raritan device type, user type, etc. You may deploy CC-SG units across different subnets.
Seamless Backup Configuration	“Cluster” configuration provides appliance redundancy through primary and secondary CC-SG deployments on different subnets and/or geographical locations. Note that the CC-SG virtual appliance cannot be included in a cluster. Raritan supports the VMware High Availability feature for failover of a virtual appliance.	You get instant, seamless failover if the primary unit fails.
Web Browser Access to CC-SG	CC-SG supports Web browser access to either an IP address or host name. A single sign-on via the Web browser interface is available in some applications that can accept automatic username and password entries but do not require additional entry fields like session ID. Access to the Dominion PX Web interface and Dell RAC4 administrative UI are two examples of Web browser interfaces that support single sign-on.	It provides centralized and audited access to any Web server-equipped device such as power strips, embedded service processors and Web-based proprietary IT applications.
Auditing and Audit Trail Reporting	The CC-SG administrator can sort the audit trail report based on categories. For example, the administrator can choose to view only authentication messages for remediation purposes, security messages for monitoring purposes or virtualization messages for virtual machine-related activity tracking. The administrator can choose to view only tasks of embedded- or access-related audit messages. Additionally, the administrator can use a wild card search to find specific audit messages. Node auditing requires users belonging to a group selected by the CC-SG administrator to enter free text audit information whenever accessing any interface. This information can be viewed in both the audit trail report and the node audit tab.	CC-SG permits granular audit trail sorting for specific purposes like remediation, security and debugging. It gives you the ability to capture activity reported by system users such as contractors and temporary workers.
Remote Monitoring and Capacity Planning Tools	CC-SG provides a variety of tools to monitor real-time and over-time performance of CC-SG. Once activated, these tools can capture or display information such as CPU, memory, hard disk space, etc. Using the real-time data capture tool, customers can view information in a graphic format and create e-mail alerts based on thresholds they set. With the over-time data evaluation tool, customers can see their CC-SG performance graphed over time.	CC-SG allows secure, remote monitoring tools that can be activated by customers to monitor their CC-SG hardware performance and alert them when action may be required on their part.
GUI and User Experience Improvements	During its life cycle, several improvements have been introduced to the CC-SG to provide a better user experience. For example, CC-SG administrators can require acknowledgment before any power operation takes place, such as powering off a server. Additionally, the node profile was enhanced to include a tab structure that is more useful to users and includes more useful information.	The continued improvement of the CC-SG UI helps enhance the user experience for Raritan customers.
Streamlined Raritan Device Firmware Upgrade Process	The Task Manager device upgrade function includes the ability to select the number of devices to be upgraded concurrently. In addition, the user can determine a time window for the automated upgrade task. At the end of the window, no more device upgrades will be initiated by CC-SG. In order to execute a parallel upgrade, a simple select-and-move window allows the administrator to identify those devices chosen for the upgrade task. An improved Restart Device automated task has been created. The CC-SG administrator can choose multiple devices and restart them at a selected time. This is particularly useful in cases where a device restart is desired prior to or after the device upgrade. At the completion of the task, there is an Upgrade Status report generated in addition to the auto-generated e-mail alert. The Upgrade Status report provides a real-time description of the device upgrade task. The report changes based on which device is being upgraded, which was upgraded or which is yet to be upgraded.	This feature is particularly valuable in environments where a large number of Dominion devices are managed by CC-SG, whether in a data center or distributed environment. This feature is also very useful in data centers operating 24/7 and environments where infrastructure maintenance and infrastructure downtime need to be minimized and closely monitored. The automated upgrade device is streamlined to provide a simplified yet well-controlled upgrade process for your Raritan equipment.
HP iLO2 Support	CC-SG supports single sign-on console access to HP servers equipped with iLO2 processors. In addition, CC-SG provides remote power on/off/cycle and graceful shutdown capabilities to these HP servers.	CC-SG increases productivity in environments where servers with iLO2 are deployed along with CC-SG.
Personal View Customization Using Node Groups	In addition to creating customized views by predefined categories, customized views can be created using predefined node groups. Group-based custom views can be created in both HTML Access Client and Java™-based Admin Clients. The CC-SG administrator can share custom views with all system users and, in addition, each user can create their own customized view using node groups and device groups.	For enterprise customers or large distributed IT environments where multiple groups exist, users can easily find the server or IT equipment they need to access. By easily creating custom views and modifying them on the fly, CC-SG makes the IT staff’s work easier and allows them to spend more time focusing on problem resolution than searching for servers.
Virtual Media	CC-SG supports control of virtual media access policies. Three options of authorization are available for virtual media: deny, control and view only. Virtual media is available for OOB nodes connected through a virtual media CIM to a Dominion KX II device managed by the CC-SG. Virtual media can be mounted on a client system or on a remote network drive equipped with a USB connection.	This feature makes it easy to re-image (apply a new OS), boot or upgrade the device remotely.
WS-API Support	An optional WS-API is available for use with CC-SG.	This allows access of CC-SG, connected nodes and other CC-SG functions from your own customized client application.
Synchronize Data with Power IQ^®	CC-SG pulls data from Power IQ for easy, convenient data synchronization.	Ensure that CC-SG and Power IQ have common infrastructure data. Save time by not duplicating data entry tasks. Node, interface, device, port and other information is easily synchronized.
Data Import/Export	CC-SG includes a very comprehensive import/export capability. CSV files can be imported to help expedite the process of configuring devices, nodes, users, associations and PDUs. Import/export files include: Import and export of categories and elements Import and export of user groups and users Import and export of nodes and interfaces Import and export of devices and ports Power IQ import and export file	By maintaining information in a spreadsheet of IT infrastructure profiles, administrators can easily manipulate data and save it as a .csv file for importing into CC-SG, saving time. Administrators can leverage the data already in CC-SG, easily export data from CC-SG to create a master file, make any necessary changes, then return it to CC-SG or use it in other applications. Share data between CC-SG and Power IQ.
Control Power for Servers Connected to any PDU Supported by Power IQ	Enables power control of CC-SG nodes (Power IQ IT devices) that are connected to multivendor PDUs being managed by Power IQ – without leaving their CC-SG client.	CC-SG users that have also implemented Power IQ enjoy the convenience of managing the power of their IT infrastructure without leaving CC-SG. Devices can be connected to any PDU that is managed by Power IQ – including non-Raritan models.
Virtual CC-SG: Evaluation Version	A software-only evaluation version of CC-SG is now available, which can be installed on virtualized servers and PCs. The “Eval” is fully functional with a few exceptions: Supports a maximum of 16 “interfaces” Does not support the optional CC-SG WS-API Note: The purpose of the virtual version of CC-SG is to enable an easy and convenient method of evaluating CC-SG; it is not available with full functionality. To obtain full functionality, the CC-SG E1 and V1 appliances are available. A DVD may be ordered (CCSG16-VA) or the evaluation may be download from the Raritan website (www.raritan.com).	CC-SG can now be evaluated without installing the hardware appliance. Simply install the virtual version on any virtualized machine running either VMware Server or ESXi (both are free versions from VMware).
.NET™ Client Support	CC-SG includes an “Active KVM Client” (AKC), which utilizes Microsoft’s .NET technology instead of Java. Both the Admin and Access Client support .NET. Client PCs may run on Windows® XP, Windows Vista® and Windows 7 operating systems.	Provides the choice to use a .NET client for those who prefer the Windows-based architecture.
Windows 7 Support	CC-SG now supports the access of target devices running Windows 7. The use of Windows 7 on client PCs is also supported. Each version of Windows 7 is supported (Home Premium, Professional and Ultimate).	Organizations that are implementing servers and clients running Windows 7 can conveniently upgrade existing CC-SG units to support their updated infrastructure – or install new CC-SGs without worrying about compatibility with the latest Microsoft operating system.
DRAC 6 Support	In addition to the long-existing support for DRAC 4 and 5, CC-SG now provides access to Dell Remote Access Controller 6. Access to the controller is available through the following interfaces: Telnet SSH Web Browser IPMI Power	Organizations with Dell servers who have migrated from DRAC 4 or 5 to DRAC 6 can conveniently access them through CC-SG. Customers who need standard KVM access to some servers and access through DRAC to others can conveniently manage all resources through a single CC-SG client.

FAQ

Click here for a PDF of this information

Question

Answer

What is CommandCenter Secure Gateway (CC-SG)?

CommandCenter Secure Gateway is a management appliance that provides unified, secure browser or CLI-based access to the KVM, serial and power control devices in the data center and remote offices. CC-SG is available as a rack mountable hardware solution or as a virtual appliance (runs on VMware®).

CC-SG manages Raritan’s Dominion® series, Paragon® II, IP-Reach® and Dominion PXTM intelligent power distribution units to provide centralized policy and security management for user access to servers and devices. CC-SG uses different access and power control methods to provide centralized management of devices, software applications and other solutions in the data center. These include Raritan devices, embedded service processors like HP iLO/2/3, Dell® DRAC, IBM® RSA, IPMI and in-band software solutions such as RDP, VNC, SSH, Telnet and Web browser.

What are the different CC-SG hardware options?

Raritan offers hardware versions to address both small- and medium-size businesses as well as large enterprises with thousands of servers and other IT appliances. CC-SG E1 is targeted at large deployments as well as environments where dual power supply is required for redundancy. The CC-SG V1 is a powerful KVM and in-band access and power management appliance designed to address network redundancy or subnet proxy environments.

The CC-SG G1 hardware model was discontinued in June 2007. In order to enjoy the benefits of new features and fixes available in release CC-SG 4.0.0 and later, CC-SG G1 customers must upgrade to the E1 or V1 models. A trade-in offer is available for customers upgrading their CC-SG G1 to new hardware. Note that the product warranty for CC-SG G1 will be honored as long as that warranty is still in effect.

Which Virtualization Platform can I install CC-SG on?

CC-SG can be installed on a VMware virtual machine. Please see the CC-SG compatibility matrix for the supported versions.

Which Raritan products does CC-SG support?

CC-SG can manage Raritan’s Dominion KX and KX II and KX II-101 KVM-over-IP switches, Dominion SX serial-over-IP console servers, Dominion KSX II remote office appliances and Paragon II*. CC-SG also enables centralized remote power management by providing connectivity to Raritan’s Dominion PX intelligent rack power management solutions.

*Supports Paragon II access via direct connection to Dominion KX II.

How does CC-SG integrate with other Raritan products?

CC-SG uses a powerful proprietary search and discovery technology that identifies and connects selected Raritan devices. Once CC-SG is connected and set up, device connection is transparent and administration is simple.

Does CC-SG have a software support program?

Yes. Software support, which includes product updates and access to Raritan Technical Support, is included for the first year of your CC-SG purchase. After the first year, extended software support can be purchased. It’s important to obtain the extended coverage before the end of the first year to ensure against a period without support.

If I buy the CC-SG virtual appliance, can I run it on multiple virtual servers?

A different license is needed for each virtual machine on which it runs.

Can I access CC-SG from a smart phone?

Yes. Introduced in release 5.2, the Mobile KVM Client (MKC) enables out-of-band KVM access and power control from mobile devices. In 5.2, iPad® and iPhone® with IOS 4.0 or later are supported. Additional device support is planned.
The MKC supports out-of-band KVM access through Dominion KX II and power control through CC-SG power interfaces for DRAC, iLO/iLO2/iLO3, IPMI, RSA and VMware virtual machines. Also supported is power control of Power IQ®-managed PDUs and Raritan’s PX platform. Use of this feature also requires KX II 2.4 or higher.

What are node licenses?

CC-SG is licensed based on the number of nodes and interfaces that you want it to be able to access. The base product (for both the hardware and virtualized solutions) is provided with a 128-node license. Additional licenses can be added as needed to meet your needs as your organization changes and grows.

How do I identify if I have a
CC-SG G1?

If you purchased and received your CC-SG before May 2006, you have
CC-SG G1 hardware. If you received your CC-SG after May 2006, and are not sure about your hardware mode, use one of the following three methods to identify if you have a CC-SG G1 hardware model:

Using the Appliance Serial Number

Locate your serial number underneath the appliance
If your serial number starts with the letters XG, your appliance is a G1

Using the Admin Client GUI

Log into the CC-SG administrative interface
In the Administration dropdown menu, select the Configuration option
Select the SNMP tab
In the System Description area, you will identify your hardware model

Using the Diagnostic Console CLI

With SSH client (e.g., PuTTY), make a connection using port number 23 to the
CC-SG IP address
Log in using “status” account
In the System Information area at the Model field, CC-SG G1 will be indicated

I have a CC-SG V1/CC-SG E1. However, I don’t know if this unit has an AMD or Intel® processor. How do I find out?

You can identify CC-SG V1 or E1 using the GUI

Login to the Admin Client by entering URL <YOUR_CC-SG_IP_address>/admin> into a Web browser
In the top menu, go to Administration>Configuration
Select the SNMP tab
Above the “Update Agent Configuration” button, you will see your
CC-SG firmware and hardware model

Alternatively, you can identify CC-SG V1 or E1 using the CLI

Open SSH session using port number 23 to the CC-SG IP address
Login as “status”
Look for the Model field

In either case, use the following table to identify your hardware and processor:

Hardware	AMD	Intel
CC-SG E1	CC-SG E1-0	CC-SG E1-1
CC-SG V1	CC-SG V1-A	CC-SG V1-1

Does CC-SG support access and management of virtual servers?

Yes. With CC-SG firmware version 4.0 and later, you can add a virtualization environment to CC-SG to enable a connection from CC-SG to virtual machines, virtual hosts and control systems. The new virtualization feature includes streamlined setup of single sign-on access to your virtualization environment, ability to issue virtual power commands to virtual machines and virtual hosts and a topology view with one-click connections. CC-SG integrates with VMware environments and can support features like connectivity to the Virtual Center software, ESX™; servers and VMotion™ functionality.

Does CC-SG support direct KVM access to blade servers?

Yes. CC-SG supports access to and management of blade servers that are connected to the KX II. CC-SG allows for convenient and easy organization in its GUI of blade servers and the chassis that houses them.

How does CC-SG integrate with blade chassis products?

CC-SG can support any device with a KVM or serial interface as a transparent pass-through. All blade chassis come with one KVM connection for the management of the blade system. Some blade servers allow KVM connections on a blade basis through a proprietary add-on connector from the blade server manufacturer. This would allow access and control of the blade server through Raritan devices. In addition, CC-SG can incorporate access and power management through embedded cards such as HP iLO2 and RiLOE II, Dell DRAC (4/5/6) and IBM RSA II. Typically, these cards are located on the blade chassis and control the whole enclosure. CC-SG also provides power management through power strips connected to Raritan devices.

CC-SG can also provide centralized access to individual blades with RDP, VNC or SSH.

In release 5.2 support for Cisco®'s UCS platform was added. Users can access KVM and IPMI functions via CC-SG interfaces to the UCS' Integrated Management controller (CIMC).

What is a CC-SG “Cluster”?

A CC-SG Cluster consists of two CC-SG hardware appliances: one primary and one secondary, for backup security in case of primary unit failure. Both units share common data for active users and active connections, and all status data is replicated between the two.

Can two CC-SG virtual appliances be clustered?

No. For failover of a virtual appliance, we support using VMware's High Availability feature.

Do I need to buy additional licenses for the backup Cluster unit?

No. Because only one unit is active at a time, node licenses are not needed for the second unit.

What is a CC-SG “Neighborhood”?

A CC-SG neighborhood is a collection of up to 10 CC-SG units, deployed and working together to serve the IT infrastructure access and control needs of the enterprise. A Neighborhood implementation allows for significant scalability and distribution of CC-SGs for improved performance in large or geographically-dispersed configurations.

How do I find servers and devices that are managed by another CC-SG Neighborhood appliance?

Users can search from the Access Client for nodes that are managed directly by other neighborhood CC-SGs and launch the interfaces for the discovered nodes. Users can then create a consolidated node list spanning multiple neighborhood units – providing easy, convenient access when needed.

Can Clusters and Neighborhoods be implemented together?

Absolutely. By deploying CC-SG in a combination Cluster/neighborhood configuration, not only is performance improved, but automatic failover ensures the elimination of or decrease in downtime.

Can a Neighborhood be built with virtual appliances?

Yes. It is operated the same way as a neighborhood with hardware appliances.

Can a virtual and hardware appliance be included in the same Neighborhood?

Yes. Note that all appliances in a neighborhood must be running the same firmware version.

If I buy a CC-SG virtual appliance, can I easily migrate to it from a CC-SG hardware appliance?

Yes. As of release 5.1, the system configuration and database can be easily transferred. Both appliances must be running the same firmware release for easy migration.

Is the status of CC-SG limited by the status of the devices that it proxies?

No. CC-SG software resides on the dedicated appliance. This means that even if the device being proxied by CC-SG is not operating, users can still access CC-SG.

Can I upgrade to newer versions of CC-SG as they become available?

Yes. Information about firmware or firmware availability may be downloaded from the Raritan website at http://www.raritan.com/support/CommandCenter-Secure-Gateway/

Upgrades are done through CommandCenter Secure Gateway’s client Graphical User Interface. Additionally, the CC-SG appliance has a CD/DVD-ROM drive to facilitate install/upgrades.

How many login accounts can be created for CC-SG?

There is no specified limit to the number of login accounts that can be created. However, licensing restrictions or system specifications will limit the number of concurrent users or the number of nodes associated with the CC-SG based on the configuration deployed.

Can I assign specific node access to a specific user?

Yes, for users with Administrator permissions. Administrators have the ability to assign specific nodes per user.

How are passwords secured in CC-SG?

Passwords are encrypted using MD5 encryption, a one-way hash. This provides additional security to prevent unauthorized users from accessing the password list.

Additionally, users can be authenticated remotely using Active Directory®, RADIUS, LDAP or TACACS+ servers. The password is not stored or cached on CC-SG when using remote authentication.

An administrator added a new node to the CC-SG database and assigned it to me, but I cannot see it in my Device Selection table. Why?

Newly-added nodes should automatically appear in the user’s node table. To update the table and view the newly-assigned node, click the [Refresh] button.

Note: Clicking Refresh on the CC-SG toolbar will not close the session. Only the browser [Refresh] button will close the session.

Do I have to manually add all information to CC-SG, such as device and user information?Do I have to manually add all information to CC-SG, such as device and user information?

No. CC-SG, as of release 4.2, includes a very comprehensive import/export capability. CSV files can be imported to help expedite the process of configuring devices, nodes, users, associations and PDUs. Import/export files include:

Import and export of categories and elements
Import and export of user groups and users
Import and export of nodes and interfaces
Import and export of devices and ports
Power IQ® import and export file

Which version(s) of Java^TM does CC-SG support?

Please check the compatibility matrix to identify which JRE version is required for a given CC-SG firmware release.

The CC-SG administrator has the ability to set his or her own required JRE version for CC-SG users and also provide Hyperlink to this JRE version.

Note: JRE is required to use the CC-SG Java-based Admin Client and for Raritan console applications such as MPC and VKC. JRE is not required for use with the CC-SG HTML-based Access Client.

Specifically what type of changes can a management system monitor and alert on?

CC-SG will log user activity (login/logout, connect/disconnect) and configuration changes at both CC-SG and managed Raritan appliances, and status changes of the connected appliances. All of the above can be forwarded to a network management system or enterprise notification system via SNMP or syslog.

What is the recommended use of Computer Interface Modules (CIMs) being moved or swapped at the physical level with changes to the logical database?

Each CIM includes a serial number and a target system name. Raritan systems devices assume that a CIM remains connected to its named target when its connection is moved to another switch. This move is automatically reflected in the system configuration and is propagated to CC-SG. If the CIM is moved to another server, an administrator must rename the CIM.

Is CC-SG integrated with Power IQ?

Yes. CC-SG does have several points of integration with Raritan’s Power IQ power management solution. First, Power IQ data, such as node, interface, outlet and device information can be pulled into CC-SG to eliminate time-consuming data entry into both databases. Alternatively, data that’s exported from either product can be imported into the other for fast, easy sharing and synchronization.

Also, CC-SG users can control the power of nodes that are connected to Raritan PX™ and multivendor PDUs being managed by Power IQ – without leaving their CC-SG client.

Will the current Paragon solution work with CC-SG?

Yes. Simply connect Paragon II to the Dominion KX II and set up the KX II as a connected device. Please refer to the Paragon II User Guide for details

How will I know if someone else is logged into a Raritan device managed by CC-SG?

CC-SG presents the list of users logged into a device and can show which users are currently accessing a node through the active users report. Currently accessed devices will be in bold when looking at the device tree view from the CC-SG GUI. In addition, a bold node and a bold interface name of a node would indicate that it is currently being accessed by a user.

Does CC-SG have the ability to look at multiple device screens? How is this presented?

If there are many devices connected to the CC-SG, users can scroll through the screens to view them all, provided they have the appropriate access privileges. Multiple screens can be opened, each one corresponding to one node, but will be restricted on the KVM side by the capacity of the KVM-over-IP channels.

Is SSL encryption internal (LAN) or external (WAN)?

Both. The session is encrypted regardless of source, i.e., LAN/WAN.

Can audit/logging abilities track down who switched a power plug on/off?

Yes. Direct power switch off is not logged, but the power on/off through the CC-SG GUI is recorded in the audit trail and can be viewed in an audit trail report.

Does CC-SG support Client Certificate Request?

Yes. Under CC-SG, navigate to Security Manager under Setup.

Does CC-SG support virtual media?

Yes. CC-SG supports Virtual Media Deny, View and Control access policies. Customers can take advantage of the virtual media capabilities of CC-SG by using a Dominion KX II product managed by CC-SG. The use of virtual media on the Dominion KX II also requires a special virtual media Computer Interface Module.

Does CC-SG support Firefox®?

Yes, including Firefox 3.0.x. Please see the compatibility matrix for a full list of supported Web clients.

If I have an existing IT management application or client, can I integrate it with
CC-SG?

Yes. Raritan offers an optional WS-API for this purpose. It allows access of CC-SG, connected nodes and other CC-SG functions from your own customized client application. Ordering information can now be found in our price list.

If the CC-SG’s RAID drive(s) fail(s), can I get a new drive?

Yes. Please see the Administrator’s Guide for further information and troubleshooting if you suspect issues with the RAID drive(s). As of release 4.1, there is an onscreen diagnostics menu to help identify any issues. Please contact Raritan Tech Support for assistance.

Does CC-SG support AES-256?

Yes. AES-256 can be selected in the Admin GUI. AES-128 is the default setting.

Is there an evaluation version of CC-SG?

Yes. There is an evaluation version of CC-SG that can be installed on VMware Player, ESX or ESXi. You may either order the software from Raritan (part no. CCSG16-VA) or download it from our web site.

The “Eval” is fully functional with a few exceptions:

Supports a maximum of 16 “interfaces”
Does not support the optional CC-SG WS-API

Is there a .NET™ version of CC-SG clients?

Yes. CC-SG includes an “Active KVM Client” (AKC), which utilizes Microsoft’s .NET® technology instead of Java. Both the Admin and Access Client support .NET. Client PCs may run on Windows XP®, Vista® and Win7 operating systems.

What are all the applications needed on the client machines in order to use CC-SG?

CC-SG has been designed to avoid adding any extra burden to client administrators. CC-SG stores and provides all the client applications, which means next to nothing needs to be specially maintained on your client devices. The only small exception is that a compatible version of Java (JRE) is installed if you are going to use the CC-SG Java-based Admin Client or Raritan console applications such as MPC and VKC. JRE is not required for use with the CC-SG HTML-based Access Client.

Does CC-SG support Windows 7 and Windows 2008 Server?

Yes. CC-SG supports target devices running Windows 7 and Windows 2008 Server. The use of either OS on Client PCs is also supported. Each version of Windows 7 is supported (Home Premium, Professional and Ultimate).

SCREENSHOTS

	Unified Access to Virtual and Physical Servers, Blade Systems, and Networking Devices From a single IP address and a single interface to manage blade systems, rack-mounted servers, virtual environment, networking devices and a variety of systems.
	Virtualization Environment Topology View Hierarchical view of the VirtualCenter and all underlying Virtual Hosts and Virtual Machines. Users can connect to the virtual environment via multiple interfaces, all with a single click.
	Direct Access to Virtual Host via Multiple Interfaces Accessing virtual host via SSH, KVM connection or VI Client.
	Virtual Host Information Display virtualization firmware version, host server, and networking information. Virtual power control capabilities are available for users with appropriate privileges. One-click access to the VMware VirtualCenter.
	Direct Access to Virtual Machine Interface via Multiple Interfaces VMware Console Viewer and a Virtual Power interface are the default interfaces to access virtual machines and control power. In-band interfaces, such as RDP, VNC or SSH, can be added as well.
	Virtual Machine Information Key information, such as network, storage and allocated resources, is displayed for each virtual machine. One click brings you to the virtual host and control system managing the virtual machine.
	Adding a Virtual Environment to CommandCenter Secure Gateway Configuration data is automatically pulled from VirtualCenter. User can assign access interface(s) from most commonly used tools. Instantly, the entire virtual infrastructure is available through CommandCenter Secure Gateway.
	Control Power for Servers and Other Devices Connected to any PDU Supported by Power IQ CC-SG users that have also implemented Power IQ enjoy the convenience of managing the power of their IT infrastructure without leaving CC-SG. Devices can be connected to any PDU that is managed by Power IQ - including non-Raritan models.
	Hierarchical View of Blades Displays blade chassis and blade servers in hierarchical view. One-click access to the blade servers.
	“Neighborhood” Feature – Access Client All CommandCenter Secure Gateway “member” units in a neighborhood and the IT equipment connected to them are accessible from a single Web client, enabling quick access and control across multiple local and/or remote data centers.
	Creating Neighborhoods in the Admin Client Neighborhoods consisting of multiple CommandCenter Secure Gateway appliances – from two to ten – working together to ensure unparalleled performance, flexibility and scalability in IT access and management.
	Audit Trail Centralized, detailed event logs for auditing and compliance.
	Authentication CommandCenter Secure Gateway supports Active Directory®, LDAP, TACACS+ and RADIUS for authentication.
	Encryption All traffic – keyboard and mouse strokes, video images and Virtual Media are encrypted. Configure CC-SG to require AES-128 or AES-256 encryption between your client and servers.
	Login Settings – Strong Password Strong password requirements are easy to configure.
	Out-of-band KVM connection to a server BIOS-level access to a server via Dominion® KX II KVM-over-IP switch.
	Connect to Target Servers via DRAC Support for Dell® DRAC, HP iLO and IBM® RSA to server access and power control.
	Out-of-band Serial Connection to a Cisco® Router Servers via Dominion SX Out-of-band serial access to a Cisco router.
	SSH and Telnet Connection to a Server Serial devices can be accessed through in-band applications (SSH, Telnet) or out-of-band serial connection via Raritan’s Dominion SX secure console server.
	Connecting to a Virtual Machine via VMware Viewer CommandCenter Secure Gateway allows multiple ways to access a virtual machine: BIOS-level access and power control via VMware Viewer, in-band access via RDP/VNC.

ORDERING INFO

Virtual Appliances

Hardware Appliances

Licenses & Support

Warranties

Professional Services

TAKE THE NEXT STEP

Schedule an Online Demo

Request Product Info

What's New?

Dominion KX II - The world's Best KVM-over-IP switch now supports IBM, HP and Dell blade servers!

Find Out More >>

LEARN MORE

You can access your virtual servers and the physical infrastructure (blade servers, rack servers, networking devices) all from a single ubiquitous interface.

Raritan solutions provide consolidated access and centralized security for your entire IT infrastructure.

CommandCenter Secure Gateway

OVERVIEW

BENEFITS

FAQ

SCREENSHOTS

Unified Access to Virtual and Physical Servers, Blade Systems, and Networking Devices

Virtualization Environment Topology View

Direct Access to Virtual Host via Multiple Interfaces

Virtual Host Information

Direct Access to Virtual Machine Interface via Multiple Interfaces

Virtual Machine Information

Adding a Virtual Environment to CommandCenter Secure Gateway

Control Power for Servers and Other Devices Connected to any PDU Supported by Power IQ

Hierarchical View of Blades

“Neighborhood” Feature – Access Client

Creating Neighborhoods in the Admin Client

Audit Trail

Authentication

Encryption

Login Settings – Strong Password

Out-of-band KVM connection to a server

Connect to Target Servers via DRAC

Out-of-band Serial Connection to a Cisco® Router Servers via Dominion SX

SSH and Telnet Connection to a Server

Connecting to a Virtual Machine via VMware Viewer

ORDERING INFO

TAKE THE NEXT STEP

What's New?

LEARN MORE