----------------------------------------- Server Technology, Inc. ----------------------------------------- Sentry Switched Cabinet Distribution Unit ----------------------------------------- Firmware Revision Notes ----------------------------------------- Sentry Switched CDU Version 6.0a February 8, 2007 =============================================================================== Applicable Products =================== Sentry Switched CDU firmware only applies to products with a product code of 51 hexadecimal. The product code is the fourth octet in the ethernet MAC address, e.g., the "51" in "00-0A-9C-51-00-00". The ethernet MAC address is displayed on the web "Configuration - System" page and by the SHOW SYSTEM command. Firmware Revision History ========================= yy-mm-dd Ver. Filename Description ----------- Version 6.0 ----------- 07-02-07 6.0a swcdu-v60a.bin First production release Version 6.0 is a major new-feature release. Updated operation manuals accompany this release for complete configuration and operation instructions for the new features. Included all features simultaneously released in version 5.3i (see v5.3i notes below). Updated the look-and-feel of the HTML interface to match the Server Technology corporate web site colors and styles. Added the ability to configure various product characteristics. These include the product serial number, model number, input feed voltage, input feed maximum load capacity, power type (AC/DC), and 3-phase indicator (for AC products only). New products will have the characteristics set at the factory. The product serial number, model number, power type, and 3-phase indicator are locked (not changeable by the end-user) when set at the factory. Already-delivered products that are firmware-upgraded will allow the customer to configure the product characteristics, and the values will not be locked. When configured, the product characteristics will allow for additional features, such as asset tracking and power consumption calculation and reporting. Added power consumption (watts) calculation and reporting. Power consumption is calculated individually for each input feed and is summed for a total system power consumption. The power factor used in the calculations is configurable. 3-phase power calculations for balanced loads are automatically applied if the 3-phase product characteristic is set. Added a 3-Phase out-of-balance threshold. Loads on all three phase pairs of a 3-phase product are constantly checked for being within a configureable percent level of the other two phase pairs. If a phase imbalance occurs outside of the configured threshold, the condition is noted in the user interfaces and by the local load displays flashing at a medium speed. Added system watts per square feet calculation and reporting. The square feet of the footprint of the system (usually the cabinet footprint size) is configurable. When configured, the total system watts is divided by the footprint square feet to determine and report the system watts per square feet. Added support for operating system shutdown prior to the turning off of an outlet that powers a computer system. A hostname/IP is configurable for each outlet, along with a shutdown enable, shutdown delay, a script enable, and script delay. When shutdown is configured and enabled for an outlet, prior to any system action that will turn off the outlet, encrypted shutdown messages will be sent accross the network to a Remote Shutdown Agent running on the computer system. The Switched CDU will then delay the shutdown delay time (and script delay time, if enabled) before turning off the outlet, giving the time needed by the Remote Shutdown Agent to run a shutdown script (if enabled) and shutdown the operating system. Remote Shutdown Agents are available for these operating systems: Windows, Solaris, Netware, Linux, HPUX, and AIX. Added support to enable optional pay-for features by the entry of a feature activation key that is unique to each product. Added the first optional key-activated feature: Smart Load Shedding. Smart Load Shedding allows for the automatic turning off of non-critical equipment based on status and conditions in the operating environment. These include the status of a UPS (from which an input feed is powered), temperature, and load. Upon a UPS going 'on-battery', or the temperature or load exceeding threshold levels, outlets can be turned off to maximize the uptime of critical equipment or to prevent damage to equipment. Optionally, upon a return of a UPS to 'on-utility', or of the temperature or load to within threshold levels, the non-critical equipment can be turned back on. SNMP is used to poll a configured UPS for utility/battery status. SNMP agent object IDS are pre-configured for several major UPS manufactures, and are custom configurable otherwise. Added additional outlet control states to reflect shutdown conditions and Smart Load Shedding event conditions. Updated the Sentry3 SNMP MIB to include support for the product characteristics, power consumption values, system watts per square feet, and the new outlet control states. ----------- Version 5.3 ----------- 07-02-07 5.3i swcdu-v53i.bin Ninth production release Added LDAPS (LDAP over TLS/SSL) support. TLS/SSL provides an encrypted connection between the client and server for all LDAP communication. Using the web interface, the LDAP TLS/SSL option is configured and displayed on the "Configuration - LDAP" page using the new "Use TLS/SSL:" drop-down selection box. The choices are "Yes" and "No". Using the command-line interface, the LDAP TLS/SSL option is configured with the new command: SET LDAP USETLS { YES | NO } The SHOW LDAP command has been updated to display the current setting. Upon factory reset, the default value is NO. When LDAP is configured to use TLS/SSL, the LDAP port number must be changed to match the encrypted port number of the LDAP directory server. The IANA well-known port number for LDAPS is 636. The LDAPS TLS/SSL client supports: Secure Sockets Layer (SSL) version 3 Transport Layer Security (TLS) version 1 (RFC 2246) X.509 version 3 (RFC 2459) Server Certificates with RSA key sizes up to 4096 bits Symmetric Cryptography Ciphers: TLS_RSA_WITH_3DES_EDE_CBC_SHA (168-bit) TLS_RSA_WITH_DES_CBC_SHA (56-bit) TLS_RSA_WITH_AES_128_CBC_SHA (128-bit) TLS_RSA_WITH_AES_256_CBC_SHA (256-bit) Server certificates are accepted and used on-the-fly A NULL client certificate is sent to the server if a client certificate is requested Added SNMP source IP restriction support. This allows SNMP manager GET and SET requests to only be allowed from the IP addresses of the defined traps destinations. Using the web interface, the SNMP IP Restriction option is configured and displayed on the "Configuration - SNMP" page using the new "IP Restriction:" drop-down selection box. The choices are "No Restrictions" and "Trap Destinations Only". Using the command-line interface, the SNMP IP Restriction option is configured with the new command: SET SNMP IPRESTRICT { NONE | TRAPDESTS } The SHOW SNMP command has been updated to display the current setting. Upon factory reset, the default value is NONE/No Restrictions. When SNMP is restricted to the traps destinations, and the traps destinations are defined as host names, the IP addresses of the host names are looked up by DNS and cached for five seconds, to avoid excessive DNS lookups with SNMP requests. Added support to log the source IP address of HTTPS sessions. The remote source IP addresses of HTTPS sessions are now retrieved from the SSL/TLS proxy and used in HTTPS login, logout, and authentication failure log messages. Fixed the possible loss of a configured host IP address (for the FTP, SNMP, SNTP, SYSLOG, LDAP, and TACACS protocols) if firmware was updated from v5.3e or earlier to v5.3f or later, followed by a command-line interface change to a non-hostname configuration item for that protocol. Built with updated TCP/IP and SSL libraries. 06-11-30 5.3h swcdu-v53h.bin Eighth production release Added code to the web interface to highlight the background of every other row in all tables. Added "More (Y/N)" prompting between each page of the SHOW LOG display. Added and changed the navigation links on the "Tools - View Log" web page to include "<< First Page", "< Previous Page", "Next Page >", and "Last Page >>". Added "(SCP)" after "Coldboot Alert" in the SHOW OPTIONS display to indicate a relationship between the Serial Command Protocol (SCP) and the Coldboot Alert features. Upon a coldboot of the system, if the coldboot alert feature is enabled, the system will send a 1/2 second RS-232 break out any serial ports that also have the SCP enabled. Improved the robustness of the NVM/I2C communication code and changed NVM/I2C status messages to only be displayed during the boot if significant errors are detected. Improved the speed of configuration restores. A PUT of config.bin now immediately restores the configuration to RAM and begins writing the configuration to NVM in the background. Upon the FTP session ending, the restart process starts immediately, but delays until all NVM writes have completed. Unnecessary writes of unchanged default configurations no longer occur, making the time to complete all writes much shorter. Changed the SSH code to guarantee that any startup errors (such as invalid keys) are sent out the Console port prior to the system boot completing. Changed the syslog message for host name fields to show "(undefined)" if the name is set to blank. Removed unnecessary memory usage by the Telnet server. Fixed a stack overflow and memory overwrite in the email thread that could cause various system crashes and automatic restarts. Fixed a temporary run down of the network heap each time an IP address DNS lookup was performed on a host name, which could lead to a low-heap automatic restart if many DNS lookups occurred within a short period of time. Fixed sluggish performance problems with multiple concurrent HTTPS sessions. Fixed the Login link on the web "Restarting" page, which was using the static IP address even when DHCP was enabled. Fixed a bug in the "Configuration - TACACS" web page. When applying the key form, the key data was being written to the incorrect location in NVM. This was causing the key to not be restored after a reset, and was causing the login banner to be trashed. Fixed a bug in the "Tools - View Log" web page. When selecting the "Previous 100 entries" link to go back to the first 100 log entries, the data was not being displayed properly. Fixed the SNMP trap code to not send traps twice to the first trap destination when the second trap destination is blank. Fixed the local load display to blink “FE” (for Fuse Error) on displays for third and fourth input feeds that have a removed/blown branch fuse. The code was previously only working on displays for first and second input feeds. Fixed the FTP server to accurately show the size of files in a directory list, to list the files in alphabetical order, and to only show a date/time when available. Fixed the FTP put of config.bin to restore the email configuration, which was previously not occurring. Fixed the FTP get and put of config.bin to backup and restore the entire configuration for products with third and fourth enclosures in the system. Previously for these products, only the configuration for the first and second enclosures were being backed-up and restored. Fixed various minor command parsing problems with the SET INFEED, SET SYSLOG, SET SCPAUTH, SET TRAP, and SET EMAIL commands. Fixed the "SHOW commands are:" list to show PORTS instead of PORT, to match the actual valid command parameter. This typo was introduced in v5.3g. Updated the integrated board-level test code to v2.0b. Note: this functionality is only accessible and used during the factory production process. 06-09-21 5.3g swcdu-v53g.bin Seventh production release Changed the maximum allowed outlet reboot delay to 600 seconds (from 60 seconds). This allows for a much longer off period during reboot cycles. Note: the off period during a reboot cycle cannot be overridden by an ON operation. To turn on an outlet without waiting for the reboot delay to expire, first turn it off, then on. Changed the minimum allowed value for the outlet sequence interval to zero seconds (from two seconds). This allows for faster outlet sequencing (at one second) or no outlet sequencing (at zero seconds). Improved the accuracy and evenness of the outlet sequence interval timing. This is especially noticeable for products with 32 or more outlets. Added code to detect a hung communication bus (for example, to a slave enclosure) and to prevent a hung bus from causing a system slowdown. Re-ordered the command keywords in the top-level command list, as well as the SET and SHOW command lists, for a more logical grouping of commands by functionality and purpose. Changed/moved the CLI command for setting the display orientation to SET OPTION DISPLAY from just SET DISPLAY. Removed the SHOW DISPLAY command and added the display orientation to the SHOW OPTIONS command. Changed the name of the FTP "filepath" configuration item to FTP "directory" in both the command-line interface (CLI) and the FTP.INI file. This was done to be consistent with the web interface and because "directory" is the more-common term. For backwards compatibility, "filepath" is still accepted. Changed the OEMINFO string to not be cleared upon a reset to factory defaults. Updated the Serial Command Protocol to version 2.0e. Increased by one year the start and end dates of a newly re/generated X.509 certificate. A new certificate will now be valid from September 1, 2006 to September 1, 2016. Fixed LDAP login attempts to the secondary LDAP host possibly always failing. This problem was introduced in v5.3f when hostname support was added -- the previous IP address of the secondary LDAP host was still being used, instead of the new configured hostname. Fixed FTP downloads to not fail when the user-configurable FTP strings (username, password, directory, and filename) are at their maximum sizes. Fixed DNS-server connection test code to work properly when DHCP is enabled or one or both DNS server IP addresses are 0.0.0.0. This fix avoids several cases of unnecessary timeout delays when the DNS servers are unreachable. Fixed host connection test code to immediately fail when link integrity is down. This avoids unnecessary timeout delays in several cases when the network is disconnected or down. Fixed the FTP download code to perform a link-integrity and host connection test prior to attempting a download. This avoids unnecessary timeout delays if the host is unreachable. Fixed the FTP download code to detect and report when the FTP host name cannot be resolved, and to then skip the FTP download attempt. This avoids unnecessary timeout delays. Fixed the LDAP and TACACS+ login code, the SNMP traps sending code, and the FTP download code to skip attempts when the host name is blank. This avoids unnecessary timeout delays. Fixed the PASSWORD command to be available to users with view-only, on-only, and reboot-only access levels. Fixed some SNMP set operations not being logged. This included set operations applied to sysContact, sysName, and sysLocation objects. Fixed problems that could allow out-of-order outlet sequencing on products with a large number of outlets (>64). Fixed problems that could allow products with a large number of outlets (>64) to not sequence back on outlets on a slave tower after it lost and regained power (the outlets would stay in an "off/error" state). Fixed the display code to illuminate the extra/outer decimal point on the first load display when the configuration reset button is pressed and the display orientation is set to inverted. Previously, the inner decimal point (between the two numbers, which is unused when inverted) was being illuminated. Integrated board-level test code v2.0a into the application build. Note: this functionality is only accessible and used during the factory production process. Added support for automatic retrieval of pre-generated certificates and keys after the serial number assignment. Note: this functionality is only accessible and used during the factory production process. 06-06-22 5.3f swcdu-v53f.bin Sixth production release Added Dynamic Host Configuration Protocol (DHCP) support to allow for the automatic acquisition of an IP address, subnet mask, gateway, and DNS server addresses from a network DHCP server. Note: when loading version 5.3f over a previous version that only supported static addressing, DHCP will initially be disabled. Upon a reset to factory defaults, however, DHCP will default to enabled. Using the web interface, DCHP is configured and displayed on the "Configuration - Network" page. Using the command-line interface, DHCP is configured with the new command: SET DHCP { ENABLED | DISABLED } The SHOW NETWORK command has been updated to display the current DHCP setting. When DHCP is enabled, the product will attempt to acquire an address from a DHCP server upon boot, prior to the boot completing. If successful, the acquired addresses will be displayed in the web and command-line interfaces. If unsuccessful, the acquisition attempt will timeout at 30 seconds, and the product will complete the boot using the previously assigned (or default) static addresses. When DHCP is disabled, the product boots with the static addresses, as in previous versions. To view or change the static addresses, DHCP must first be disabled. Upon a lease expiration of addresses assigned by DHCP, a lease renewel is requested. If the DHCP server assigns a lease with a different address, or a timeout occurs during the request, the product will automatically restart. This will allow the product to boot will the new addresses, or fallback to the static addresses. Added hostname support for all host IP address fields: FTP server, SNMP traps destinations, LDAP servers, TACACS servers, SNTP servers, Syslog servers, and SMTP (email) server. A fully-qualified domain name may now be entered instead of an IP address. For example, the LDAP host fields will now accept “serverpdc.reno.servertech.com” instead of just an IP address. Host names will be translated to IP addresses using DNS. Host names can be up to 63 characters. Added support for temperature values to be entered and reported in either the Celsius or Fahrenheit temperature scale. Previous versions always used Celsius. Using the web interface, the temperature scale is configured and displayed on the "Configuration - System" page. Using the command-line interface, the temperature scale is selected with the new command: SET OPTION TEMPSCALE { CELSIUS | FAHRENHEIT } The SHOW OPTIONS command has been updated to display the current setting. When the temperature scale is changed, all thresholds are automatically converted to the newly-selected scale. The supported range and resolution of the temperature scales are: Celsius: 0 to 123.5 degrees, with 0.5 degree resolution, reported in 1/2 degree increments. Fahrenheit: 32 to 254.5 degrees, with 0.9 degree resolution, rounded to and reported in the nearest 1/2 degree increment. Entry of temperature thresholds is automatically limited to the whole values in the ranges shown above for the selected scale. The SNMP MIB has also been updated to support selecting and using the temperature scale. See the descriptions in the new Sentry3.Mib file. Added email support for notification of log messages, including which categories of log messages are to be emailed, and support for two recipients. Using the web interface, Email is configured and displayed on the new "Configuration - Email" page. Using the command-line interface, Email is configured with a new set of SET EMAIL commands. A new SHOW EMAIL command has been added to display the current Email settings. The items that can be configured are: Email enabled/disabled. SET EMAIL { ENABLED | DISABLED } Default: DISABLED SMTP host and port -- the host name/IP and port number of the SMTP server that will deliver the email. SET EMAIL SMTP { HOST hostname | PORT port } Default HOST: blank/undefined Default PORT: 25 'From' address -- the address from which the email reports that it came. SET EMAIL FROM address Default: Sentry3_xxxxxx@, where xxxxxx is the last three octets of the product's MAC address. Primary and Secondary 'Send To' addresses -- the recipient email addresses. SET EMAIL { PRIMARYTO | SECONDARYTO } address Defaults: blank/undefined Categories of log messages to be included in the email. SET EMAIL { EVENT | AUTH | POWER | CONFIG } { ENABLED | DISABLED } Defaults: EVENT ENABLED, others DISABLED. Every minute, up to fifty new log messages in the enabled catagories are placed in the body of an email and sent to both recipients. Multiple emails with be sent if there are more than fifty new log entries in the enabled categories. Added automatic firmware updates. When enabled, the product will periodically, or on a schedule, check the configured FTP server for a newer version of firmware. If found, an automatic restart and load of the new firmware will occur. Using the web interface, automatic update settings are configured and displayed on the "Configuration - FTP" page. Using the command-line interface, automatic update settings are configured with a new subset of SET FTP commands. The SHOW FTP command has been updated to display the current automatic update settings. The items that can be configured are: Automatic updates enabled/disabled. SET FTP AUTOUPDATE { ENABLED | DISABLED } Default: DISABLED Schedule Day upon which to perform a new firmware check. SET FTP AUTOUPDATE DAY { SUNDAY | MONDAY | TUESDAY | WEDNESDAY | THURSDAY | FRIDAY | SATURDAY | EVERYDAY } Default: EVERYDAY Schedule Hour upon which to perform a new firmware check. SET FTP AUTOUPDATE HOUR { 12AM | 1AM | 2AM | 3AM | 4AM | 5AM | 6AM | 7AM | 8AM | 9AM | 10AM | 11AM | 12PM | 1PM | 2PM | 3PM | 4PM | 5PM | 6PM | 7PM | 8PM | 9PM | 10PM | 11PM } Default: 12AM To perform the check for new firmware at the scheduled day and hour, the product must be configured to get real time from an SNTP server, and must have successfully done so. Otherwise, the product will perform the check every 24 hours since the product last booted. To avoid too many simultaneous FTP sessions from multiple products with the same schedule, each product will randomly add a delay (up to one minute) upon the scheduled day/hour, or the period expiring, before connecting to the FTP server. Additionally, up to three attempts to connect will be made, with 15 seconds between each. Added support to the FTP server for two new text files: FTP.INI and SNTP.INI. These allow for common FTP configuration settings, automatic update settings and schedule, and SNTP options to to be duplicated accross a number of products by a FTP put to each. Added support to restart to factory defaults, while preserving the network configuration. This allows for a remote configuration reset, without loosing network connectivity. Using the web interface, this new restart option has been added to the choices on the "Tools - Restart" page. The new choice is "Restart and reset to factory defaults, except network". Using the command-line interface, this new restart option is invoked by a new optional sub-parameter to the RESTART FACTORY command: RESTART FACTORY { KEEPNET } All configuration items will be reset to factory defaults except for the DHCP setting, IP address, subnet mask, gateway, and DNS server addresses. Added support for Server Technology's propietary Serial Command Protocol (SCP). The SCP allows for control and monitoring of the product through a serial connection to the console and/or modem port using a command-response protocol that allows for simplified communication compared to scripting sessions to the command-line interface. This feature was previously available only in custom OEM builds. Added the source IP address of network authentication attempts (both successes and failures) to the log entries. Log entries for logouts also include the source IP address. These apply to all network sessions except those by HTTPS, because the SSL/TLS proxy hides the source IP address from the web server. Added the CLI command "SET OPTION MORE { ENABLED | DISABLED }" to enable or disable the "More (Y/N)" prompting between each page of information for long information displays. The "SHOW OPTIONS" display has also been updated to display the current setting. The default is ENABLED. Added write-behind caching support for NVM write operations. This feature is used by SNMP to greatly improved the speed of SNMP write operations for objects that are written to NVM. Added robustness improvements to the non-volatile memory (NVM) access routines. Added support to display a blinking “FE” (for Fuse Error) on the local load display of an input feed that has a removed/blown branch fuse. The blinking "FE" display alternates with the load display, so that the load on other branches can still be seen. Added support to sequence on outlets when a branch fuse is installed in a product that supports 'hot' fuse swapping. Added support for a serial port data rate of 115200 bps. Added an option on the web "Configuration - System" page to disable the configuration reset button. The feature was added in v5.3e, but the web configuration was accidentally left out. Added support for new hardware models with additional link capabilities. Fixed the problem of not being able to turn off (uncheck) the Location blink option on the web "Configuration - System" page, which was a problem that was introduced in v5.3e. Fixed two LDAP problems. One fix avoids a possible “Out of memory” error during searches, and the other avoids a possible improper parsing of the Group Membership Value Type when type "DN" is selected. Fixed the SSH server to log authentication attempts when using the password authentication method. Previously, only the keyboard-interactive authentication method logged authentication attempts. Fixed the SSH server to not prematurely fail a third authentication attempt. Previously, depending on the SSH client, a third attempt to authenticate would either fail immediately after entering the username, or would accept both the username and password and fail even if they were valid. Three full login attempts can now be made. The server will disconnect the session after the third attempt, if it fails. Fixed the "Configuration - Serial" and "Configuration - Outlets" web pages to no longer cause an "error on page" when submitting the form immediately after having followed an "Edit" link on the page and then returning to that page. 06-02-28 5.3e swcdu-v53e.bin Fifth production release Added logging of all authentications (including failed attempts), power actions, configuration changes, and system events. The log is stored in RAM and can hold up to 4097 entries. Additional log entries will automatically wrap around over the oldest log entries. The log is cleared upon a restart or power loss. For permanent off-product log storage, the Syslog protocol is supported (see below). Each log entry includes a sequential log-entry number, a date/time-stamp (if a date/time has been retrieved by SNTP), and a message. Each log message begins with a category heading of either "AUTH:", "POWER:", "CONFIG:", or "EVENT:", and is followed by the message information. The log can only be viewed by administrators. Using the web interface, the log is viewed by selecting the new "View Log" item under the "Tools" menu. Using the command-line interface, the log is viewed with the new command: SHOW LOG Note: Web authentications (and failed attempts) are only logged when the web server is set for Basic authentication. Added support for the Syslog protocol. The Syslog support is RFC3164-compliant and provides for off-system viewing and permanent storage of log messages. Two Syslog servers are supported. The Syslog support is enabled by configuring the IP address of one or both Syslog servers. The port number used with the Syslog protocol is also configurable. The default port is 514, which is the well-known port for Syslog. Using the web interface, Syslog options are configured and displayed on the new "Configuration - SNTP/Syslog" page. Using the command-line interface, the Syslog server IP addresses and port number are configured with the new commands: SET SYSLOG [ HOSTIP1 | HOSTIP2 ] { ipaddress } SET SYSLOG PORT { number } A new SHOW SYSLOG command has been added to display the current values. Added support to configure a local GMT Offset to the date/time returned by SNTP. This was added because the Syslog RFC requires that the date/time be provided in local time. The offset can be configured in whole hours between plus and minus twelve hours. Using the web interface, the SNTP GMT offset is configured and displayed on the new "Configuration - SNTP/Syslog" page. This page uses the configured GMT offset to show the current date/ time in local time. Using the command-line interface, the SNTP GMT offset is configured with the new command: SET SNTP GMTOFFSET { -12 .. +12 } The SHOW SYSLOG command has been updated to display the current GMT offset value. The SHOW SYSLOG command has also been updated to use the configured GMT offset to show the current date/time in local time. Note: There is currently no automatic adjustment for daylight savings. Added two new access levels for user accounts: Power-User and Reboot-Only. A Power-User account automatically has access rights to all outlets, groups, and ports, just like an administrator, but does not have any configuration rights. A Reboot-Only account is restricted to only the reboot action for outlets to which access rights have been assigned. This prevents a Reboot-Only user from leaving critical equipment in an off state. Note, a reboot will turn on outlets that are off, after the reboot delay period. Using the web interface, the new access levels are selected on the "Configuration - User - Edit" page and are displayed on the "Configuration - Users" page. Using the command-line interface, the new access levels are configured with the updated SET USER ACCESS command, which now accepts "POWERUSER" and "REBOOTONLY" as the access level. The LIST USERS command has been updated to display the new access levels. Added the ability for a user to change their own password. Previously, only an administrator could change account passwords. Using the web interface, a user can change their own password using the new "Change Password" item under the "Tools" menu. Using the command-line interface, a user can change their own password with the new command: PASSWORD By the web or command-line interface, the user must enter their current password, their new password, and a verification of their new password. By allowing a user to change their own password, they can change it from the initial password that was assigned when the account was created, without divulging the new password to an administrator. Once a user changes their own password, an administrator cannot lookup the new password, though an administrator can always assign a new password. This behavior is important for accountability assessment of log entries, which include, when relevant, the name of the user that performed the authentication, power action, or configuration change that was logged. Added the ability to enforce the usage of strong passwords. Strong password support, when enabled, requires passwords be a minimum of 8 characters with at least one uppercase letter, one lowercase letter, one digit, and one special character. When a password is changed, strong password support requires that the new password differ in at least four character positions from the old password. Using the web interface, the strong password option is configured and displayed on the "Configuration - System" page. Using the command-line interface, strong password support is enabled or disabled using the new command: SET OPTION STRONGPASSWORDS { ENABLED | DISABLED } A new SHOW OPTIONS command has been added to display the current value. Added an option to disable the external configuration reset button. In an insecure location, this button may pose a security threat since it could be used to return the unit to factory defaults, which would then allow a login using the default administrator account. Disabling the button removes this security concern. Using the command-line interface, the configuration reset button is enabled or disabled using the new command: SET OPTION BUTTON { ENABLED | DISABLED } A new SHOW OPTIONS command has been added to display the current value. Added support to configure a pre-login banner. This feature allows an administrator to configure up to 2070 characters of text that will be displayed prior to a login. This can be used for displaying any message, such as legal text or disclaimers. Using the web interface, the login banner is configured and displayed on the new "Configuration - System - Login Banner" page. A link to this new page has been added to the "Configuration - System" page. Using the command-line interface, the login banner is configured using the new command: SET BANNER For serial and Telnet sessions, the banner is automatically displayed before the login prompts. For SSH sessions, the "keyboard-interactive" authentication method must be used to be presented with the login banner. For web browser sessions, if the banner is not blank, the default page will display the banner in a fixed-width font, followed by a link to login. If the banner is blank, the default page is automatically adjusted so that the banner page is skipped, making the web login process identical to previous versions. Added support for the upload and download of configurations. This feature allows for configuration backup and restore, as well as a common/template configuration to be uploaded to multiple products. The upload/download of configurations is supported via a built-in FTP server. A single administrator login (at a time) is supported by the FTP server. The FTP server has a fixed one-minute timeout. Two files can be uploaded/downloaded from the root of the FTP server: CONFIG.BIN contains the entire configuration, excluding TCP/IP settings, serialized and factory-only configurations, the X.509 certificate, and SSH keys. This file is encoded as to not be user readable or editable. Although encoded, this file should be kept in a secure location. This file should not be edited. If edited, the file will be invalid when uploaded. NETWORK.INI contains just the TCP/IP settings (IP address, subnet mask, gateway, DNS1, and DNS2). This file is user readable and editable. When uploaded, the NETWORK.INI settings only take a few seconds to be stored. When CONFIG.BIN is uploaded, several minutes are needed to store the entire configuration. During this time, an additional upload will not succeed. Thus, if both files are to be uploaded, NETWORK.INI should be uploaded first. If either NETWORK.INI or CONFIG.BIN are uploaded, then upon a timeout or logout from the FTP server, an automatic restart is set to occur, pending the successful completion of the uploaded settings being stored. The restart will cause the product to boot with the new settings applied. The FTP server, and thus the configuration upload/download feature, can be disabled, if considered a security risk. Using the web interface, the FTP Server setting is configured and displayed on the "Configuration - FTP" page. Using the command-line interface, the FTP Server is enabled or disabled using the new command: SET FTP SERVER { ENABLED | DISABLED } The SHOW NETWORK command has been updated to display the current FTP Server setting. Note: The FTP Server does not support web browser FTP file tranfers. A non-web-browser FTP client must be used. Added web security checks to prevent out-of-order submittals of form items from being applied. Changed all web security realms to have the same realm name. This should cause web browsers to clear all cached passwords for the product when an error 401 (not authorized) page is sent. Fixed the web login code to ignore case when comparing the entered username with names already in the active-session table. This prevents identical account logins from using multiple sessions if the username is entered in a different case. Added support to the SSH server for the "keyboard-interactive" authentication method. This method must be used to be presented with the pre-login banner text. Fixed the SSH server so that it no longer reports to an SSH client that "public-key" is a supported authentication method. The methods currently supported are "keyboard-interactive" and "password". Added code to prevent outlet, group, and port names from being set to "ALL", which is a reserved keyword. Fixed the ADD and DELETE commands to always accept the absolute port IDs for the Console and Modem ports. Fixed the command-line interface to not allow the port name MODEM to be used with the ADD and DELETE commands on products that do not have a MODEM port. Removed debugging options that could expose account passwords to administrators. Changed "baud rate" to "data rate" in the command-line interface. Fixed another serial driver problem that could allow the command-line interface to get behind by one character for a session started on the Console or Modem port. Built with updated TCP/IP, SSL, and FTP Server libraries. 05-12-01 5.3d swcdu-v53d.bin Fourth production release Fixed the system failing to boot when configured with an invalid IP Address and Subnet Mask combination in which the bits in the host portion of the IP Address are all ones (the subnet broadcast address). The TCP/IP stack no longer attempts to load when the bits in the host portion of the IP Address are either all ones or all zeros, as both cases are invalid for a host IP address. The web user interface no longer allows these invalid combinations. Fixed several cases of TCP/IP sockets not being closed upon TACACS+ authentication failures. This fix avoids an automatic restart that would otherwise occur if all socket resources became unavailable. Added support to the LDAP and TACACS+ clients to cause a fallback to local authentication when the destination network or host is unreachable and the Authentication Order is set to Remote-Only. Previously, this fallback would only occur when the host refused the connection or when the connection to the host timed-out. These additions cover additional cases in which the host may be unavailable, but fallback should occur. 05-11-16 5.3c swcdu-v53c.bin Third production release Fixed a critical security flaw affecting HTTP/S authentications when the web server is set for Basic authentication. Fixed the SNMP agent to allow the temperature and humidity threshold objects to be set through SNMP. Previously, noSuchName or notWritable was being returned for these objects. Fixed cases of spurious SNMP traps being generated for temperature and humidity sensors that are connected to an environmental monitor that goes off-line and then back on-line. Fixed a serial driver problem that could allow the command-line interface to get behind by one character. Fixed a problem in the LDAP client that allowed a directory server group name to match local user account names, instead of just local LDAP group account names. Fixed the problem of a branch fuse error being reported for the branches of an input feed that is off. The input feed is now properly reported as being off, instead of reporting a fuse error. This only applies to products with branch-circuit fuse sensing. Fixed the command-line interface to not allow the port name MODEM to be used with the SET PORT command on products that do not have a MODEM port. Fixed the command-line interface to not allow the ID or name of a slave tower to be used with the SET TOWER command when a slave tower is not connected. Fixed a spelling error in an error message that can occur on the "Configuration - Users" web page. Added robustness improvements to the non-volatile memory (NVM) access routines. Added robustness improvements to the internal communications bus access routines. Eliminated unnecessary bus communications for features that are not supported by the hardware. Added support for the serial port data rate to be changed without requiring a restart. The change now occurs upon logout of the current session. A message that the data rate is changing is sent at the current data rate just before the data rate is changed. This same message is also sent upon a boot completing if the administrator-configured data rate is different than the fixed console-port boot data rate of 9600 bps. Added support to configure the TACACS+ port number. Using the web interface, the TACACS+ port number is configured and displayed on the "Configuration - TACACS+" page. Using the command-line interface, the TACACS+ port number is configured with the new command: SET TACACS PORT { number } The SHOW TACACS command displays the current value. Added support for the keyword ALL to be specified as the group name in the ADD/DELETE GROUPxxxxxxxxxx commands. Added a check to the LDAP client that DNS can resolve the LDAP host address when the bind type is set to MD5, which is required with MD5 LDAP binds. Added the brief display of dash-dash on load displays during off-line to on-line transitions while the initial load reading is occuring. Added support for new load measurement hardware that supports 60 Amp input feeds. Added support for new front-panel LED hardware that displays the status of the outlets. 05-07-17 5.3b swcdu-v53b.bin Second production release Completely redesigned and reimplemented the LDAP authentication feature to support a wide variety of directory services and non-standard schemas. LDAP bind, search, and filter strings are now configurable by an administrator to match their particular directory service and schema. See ldap_update.txt for more information. Fixed the LDAP implementation to support simple binds with Active Directory servers. Fixed the LDAP implementation to not require uppercase usernames for HTTP logins when authenticating with an Active Directory server using MD5 binds. Added a per-outlet Post-On Delay feature. This feature allows for an extra delay after an outlet is turned on before the other outlets after it are turned on. This delay only applies to the other outlets at power up and when those outlets are part of the same single operation that caused the turn on of the outlet with the non-zero Post-On Delay. A typical use of this feature allows for a device to complete its boots before devices that are dependent upon it are booted, such as in a client/server network application. Using the web interface, the post-on delay is displayed on the "Configuration - Outlets" page and is configured on the "Configuration - Outlets - Edit" page. Using the command-line interface, the post-on delay is configured with the new command: SET OUTLET POSTONDELAY { outlet_id } { nnn } where "nnn" is a value, in seconds, between 0 and 900. The SHOW OUTLETS command displays the current setting. Upon factory reset, the default value is 0 seconds. Added an option to invert the load displays. When inverted, the load values for all input feeds in the system will be written upside-down, and in whole amps, to the respective displays. This feature is to allow for upside-down mounting of vertical products when the power is fed from the ceiling. Using the web interface, the display orientation is displayed and configured on the "Configuration - System" page. Using the command-line interface, the display orientation is configured with the new command: SET DISPLAY { NORMAL | INVERTED } A new SHOW DISPLAY command displays the current setting. Upon factory reset, the default is determined by an internal factory-installed jumper/switch position. Unless the product was specifically ordered with inverted displays, this jumper/ switch position will be open, resulting in normal display orientation. Added medium-speed (1/2 second on/off) blinking of load displays when the input feed load value is above the preset SNMP trap threshold. Added support to the CLI and Web interfaces to allow an administrator to configure the SNMP MIB-II sysName, sysLocation, and sysContact objects. Using the web interface, the SNMP MIB-II sysXXXXX objects are display and configured on the "Configuration - SNMP" page. Using the command-line interface, the SNMP MIB-II sysXXXXX objects are configured with the new commands: SET SNMP SYSNAME { string } SET SNMP SYSLOCATION { string } SET SNMP SYSCONTACT { string } The SHOW SNMP command has been updated to display the current values. Removed the automatic display of the outlet status upon a non- administrative login to the command-line interface (CLI). Removed code from the Telnet and serial port login routines that caused the entered username to be uppercased. This could prevent TACACS+ logins from succeeding. Fixed the problem of default non-administrative TACACS+ privilege- level accounts not having appropriate access rights to login through the web interface. Added HTTP session cookies to force reauthentication after a timeout or logout of a web browser session when the web server is set for Basic autentication. Fixed the web server to no longer be vulnerable to the Cross Site Scripting (XSS) vulnerability (CAN-2003-0218). Fixed memory leaks and handling of low memory conditions in the HTTPS (SSL/TLS) code that could cause the web server to hang. Fixed problems where corrosive page refreshes could cause the web server to hang. Fixed absolute URLs not being handled correctly when accessed from HTTP V1.0 browsers. Changed hyperlinks on the HTML logout and error pages to be absolute, not relative, to avoid possible broken links. Added a hint in the web error message box for an invalid IP address to indicate that 0.0.0.0 should be used for none. Fixed the problem of closing the web browser before the Restarting page is displayed, but after confirming a restart, from preventing the restart and no longer allowing another restart to be issued, by web or CLI. The restart will still not occur, but another restart can now be performed. Changed the TACACS+ web configuration page to not send the current encryption key to the browser because, even though it was shown as dots, viewing the source would show it in clear text. The status of the key is now shown as just "(blank)" or "(set)" and a separate form allows for a new key to be entered and verified. Changed the User Edit web page to not send the current password to the browser because, even though it was shown as dots, viewing the source would show it in clear text. A new password can now be entered and verified on the page, or left blank for no change. Fixed improper handling of low memory conditions in the Telnet server that could cause the server thread to end. Fixed improper handling of low memory conditions in the SSH server that could cause the server thread to end. Fixed problems in the SSH socket handling code that could cause the product to crash and automatically restart. Fixed the TCP/IP stack to no longer be vulnerable to Blind TCP Reset attacks (CAN-2004-0790). Added code to monitor the TCP/IP socket usage and to perform an automatic restart if all socket resources unexpectedly become unavailable. Fixed the PING command to always close sockets in case of errors. Increased the stack size of the SNMP trap thread to avoid potential system crashes. Fixed a problem that caused SNMP SET (write) operations to fail for the Sentry3-MIB systemLocation object. Fixed the SNMP agent to not match object IDs (OIDs) that are too long. Fixed the SNMP agent to not allow objects to be lexicographically out of order. Fixed the SNMP agent to return SNMP v2c error values when SNMP v2c protocol data units are used. Fixed the SNMP agent to check for and properly handle negative table index values. Fixed the CLI SET SNMP xxxCOMM commands to allow spaces in the community strings. Previously the string would be truncated at the first space. Fixed an incorrect internal SNMP message length that could cause memory to be overwritten. Fixed corruption of an internal debugging log by messages that were too long. Added debug logging of thread peak stack usage. Changed the behavior of beta code versions to not disable auto-crash recovery (auto-restart) code. Added debugging code to record in flash the running thread during a crash, before an auto-restart. Added reset of a communication bus multiplexor when the selected channel is hung. This fix works in conjunction with updated hardware to avoid a non-powered, but connected, slave product from hanging the internal communication on the master. Built with all available updated system libraries. 05-04-22 5.3a swcdu-v53a.bin First production release =============================================================================== Copyright (C) 2007 Server Technology, Inc.Download Driver Pack
After your driver has been downloaded, follow these simple steps to install it.
Expand the archive file (if the download file is in zip or rar format).
If the expanded file has an .exe extension, double click it and follow the installation instructions.
Otherwise, open Device Manager by right-clicking the Start menu and selecting Device Manager.
Find the device and model you want to update in the device list.
Double-click on it to open the Properties dialog box.
From the Properties dialog box, select the Driver tab.
Click the Update Driver button, then follow the instructions.
Very important: You must reboot your system to ensure that any driver updates have taken effect.
For more help, visit our Driver Support section for step-by-step videos on how to install drivers for every file type.