I. Planning and Preparation
Client PC Planning
-
DNS Addresses: CC-NOC must know systems must be configured to use an NTP
the DNS servers used for host resolution.
server for synchronization.
Access CC-NOC through a serial port on a
PC with a terminal emulation program
(Hyper Terminal, Tera Term, etc.) for initial
setup. Additional configuration is carried out
through a web browser. The browser must
have Javascript enabled to function correct-
ly. These browsers and operating systems
are supported on the client PC:
-
Timezone: Specify the correct time Windows Proxy
You must have a proxy to collect Windows
Email Communication Requirements: Management Instrumentation (WMI) data.
zone for accurate reporting.
-
CC-NOC must be able to send SMTP traffic
to send notifications of events.
Note: Both CC-NOC 100 and CC-NOC 250
require configuration of an external proxy,
but if you are using a CC NOC 2500M in a
distributed environment, you can use the
internal proxy of the CC-NOC 2500M.
Secondary Information
You should also consider:
-
ISP Gateway: Monitor your ISP connec-
tion, supply the ISP Gateway address.
SNMP Community Strings: Receive
Browser
IE 6.0
OS
Win2K
Spanned/Mirrored Ports
Mozilla 1.7
Mozilla 1.7
Win 2K, Win XP, Solaris 10
RedHat9
-
Devices must be able to see packets pass-
ing on a network in order for intrusion detec-
tion and network performance to function
properly. They require configuration of a
spanned or mirrored port.
traps and gather performance information
from SNMP-enabled node, supply commu-
nity strings for the systems you want to col-
lect performance data for.
Mozilla Firefox 1.0 Win 2K, Win XP, Solaris 10
Mozilla Firefox 1.0 RedHat9
Thank you for purchasing Raritan’s CommandCenter NOC (CC-NOC). The primary function of a CC-NOC is to man-
age nodes in your network. Nodes are discovered automatically if their IP address is within the
managed range of addresses. In addition to network discovery, a CC-NOC also provides service management, a data-
base of network information, a rules engine, a notification engine, and a web server. A CC-NOC can also be instructed
to collect statistics from your Windows systems, monitor network traffic for intrusion attempts and bandwidth perform-
ance, and scan your systems for vulnerabilities.
Netscape 7.2
Netscape 7.2
Win 2K, Win XP, Solaris 10
RedHat9
-
NTP Server: Synchronize clocks over a
Primary Information
Prior to setup, collect this information:
Ethernet TAP
network using NTP protocol, install a NTP
server.
Instead of using a spanned or mirrored port,
an Ethernet tap could be used that may be
considered a more secure method in which
to listen to network traffic than a spanned
port. Place the Ethernet tap on the Ethernet
cable in the same location where an
Ethernet hub would be used.
-
IP address of CC-NOC: CC-NOC must
have a static IP.
IP address of Discovered Devices:
Identify Hardware and Software in Your Network
CommandCenter Secure Gateway
You may need to identify the software and hardware in your network for software auditing or compliance reporting. With
CC-NOC, you can. With a few clicks, you can find out the number of Microsoft Office XP Professional licenses that have
been installed or the manufacturer of all your equipment.
If you plan on using a CC-SG in conjunction
with a CC-NOC, you must know the IP
address of the CC-SG. If using a CC-NOC
5.2 with CC-SG, the time settings on both
-
Identify the addresses (or range) that
should be managed by a CC-NOC.
Monitor Outage and Network Availability
A CC-NOC continuously monitors your dynamic network and keeps the people (admins) who need to know informed of
important network changes and events. DBAs want to know if mission critical database servers go down. A notification
will go out only to the pertinent DBAs. Therefore, a network event is closely mapped to relevant IT expertise.
II. Physical Installation (all models)
CC-NOC ships with:
2. Mount the appliance safely in a rack or for details on spanned ports.
place on a desktop/shelf.
- (1) Appliance, 1U, rack-mountable
- (1) Standard US power cord
- (1) Null-modem cable
Identify Security “Hot Spots” and Improve Network Security
Note: Step 4 applies only to CC-NOC
100/250 or CC-NOC 2500S.
3. Plug a Category 5 ethernet cable into
the Management port (labeled LAN 1). Plug
the other end of this cable into an ethernet
hub/switch that can communicate with the
network to be managed.
To help you plan for improved security or assist in compliance activities (for example, Sarbanes-Oxley), you can run
intrusion detection reports to identify potential “hot spots” in your network or to ensure that your most mission-critical or
key infrastructure machines (those with financial data) have not been attacked. Once identified, you can then increase
security by adding firewall rules to those machines or changing the settings to be more restrictive.
5. Plug the power cord into the power inlet
on the CC-NOC unit. Plug the other end of
the power cord into a nearby power source.
If any pieces are missing, please contact
Raritan Support.
6. Power ON the unit.
Identify Vulnerabilities on Your Systems
4. Plug a second ethernet cable into the
1. Record the serial number for later use.
The number begins with CPP and can be
found on the bottom of the unit.
Monitor port (LAN 2). Plug the other end of 7. The system will boot and the power LED
this cable into a “promiscuous port” (often on the front of the appliance will illuminate.
called “spanned” or “mirrored” port) on the Wait approximately five minutes for the sys-
switch or any port on a shared-media hub. tem to complete initial startup tasks before
Please see Raritan’s CC-NOC User Guide proceeding.
Once configured, a CC-NOC looks for vulnerabilities on specified nodes in the network and works in conjunction with
the authentication credentials used by Windows Management. Using the Vulnerability Browser, trends can be identified.
Links to the public Common Vulnerabilities and Exposure List database http://www.cve.mitre.org are provided to pro-
vide more information about the vulnerabilities. With a few clicks, you can install Microsoft patches on machines that
have vulnerabilities.
SERIAL:___________________________
Capacity Planning and Traffic Analysis
8
10
9
With CC-NOC, you can analyze your traffic to help with capacity planning of your networks or to determine the reason
for spikes in your network. Using traffic analysis will help in identifying the source host if you are experiencing a slow-
down in your network. Traffic summaries can be analyzed to identify potential problems in your network or to prevent
problems from ever occurring.
Access CommandCenter Secure Gateway (CC-SG)
Associating a CommandCenter Secure Gateway (CC-SG) with a CC-NOC allows your users more flexibility when solv-
ing issues by giving them direct KVM (Keyboard, Video, Mouse) access to problem devices. CC-NOC users can be
authenticated remotely by CC-SG to provide an enhanced seamless mode of operation and Single Sign-on (SSO)
access to CC-SG targets. With one-click access to CC-SG and SSO access to targets, a CC-NOC user can move eas-
ily between systems.
2
1
3
4
5
15 13
7
View Syslog Events on CC-NOC
A syslog receiver is registered on a CC-NOC. To forward syslog events to a CC-NOC appliance, enter the IP address
of the CC -on a wireless router (e.g., Netgear, Linksys) that is connected to your Unix, Linux machines. The syslog
severities are mapped to corresponding severities on the CC-NOC.
14 12 11
6
Diagram Key
Questions? Contact Raritan Support: 1-800-724-8090, press 6, press 1.
FAX: 732-764-8887 email: [email protected]
1. Serial Port
2. USB
3. LAN1
4. LAN2
5. Power Inlet
6. Power Button
7. Power LED
8. Printer Port
9. Monitor Port
10. Keyboard, Mouse Ports
11. Reset Button
12. Disk Access LED
13. LAN1 LED
14. LAN2 LED
15. CPU Overheat LED
For more detailed instructions, please consult the Administrator Guide found on the enclosed CD-ROM or on the web at www.raritan.com. Rev. B May 2006 255-80-5320
|