-----------------------------------------
Server Technology, Inc.
-----------------------------------------
Sentry Switched Cabinet Distribution Unit
-----------------------------------------
Firmware Revision Notes
-----------------------------------------
Sentry Switched CDU Version 6.0a
February 8, 2007
===============================================================================
Applicable Products
===================
Sentry Switched CDU firmware only applies to products with a product code of 51
hexadecimal. The product code is the fourth octet in the ethernet MAC address,
e.g., the "51" in "00-0A-9C-51-00-00". The ethernet MAC address is displayed
on the web "Configuration - System" page and by the SHOW SYSTEM command.
Firmware Revision History
=========================
yy-mm-dd Ver. Filename Description
-----------
Version 6.0
-----------
07-02-07 6.0a swcdu-v60a.bin First production release
Version 6.0 is a major new-feature release. Updated operation manuals
accompany this release for complete configuration and operation
instructions for the new features.
Included all features simultaneously released in version 5.3i (see
v5.3i notes below).
Updated the look-and-feel of the HTML interface to match the Server
Technology corporate web site colors and styles.
Added the ability to configure various product characteristics. These
include the product serial number, model number, input feed
voltage, input feed maximum load capacity, power type (AC/DC),
and 3-phase indicator (for AC products only).
New products will have the characteristics set at the factory.
The product serial number, model number, power type, and
3-phase indicator are locked (not changeable by the end-user)
when set at the factory.
Already-delivered products that are firmware-upgraded will
allow the customer to configure the product characteristics,
and the values will not be locked.
When configured, the product characteristics will allow for
additional features, such as asset tracking and power
consumption calculation and reporting.
Added power consumption (watts) calculation and reporting. Power
consumption is calculated individually for each input feed
and is summed for a total system power consumption. The power
factor used in the calculations is configurable. 3-phase
power calculations for balanced loads are automatically
applied if the 3-phase product characteristic is set.
Added a 3-Phase out-of-balance threshold. Loads on all three phase
pairs of a 3-phase product are constantly checked for being
within a configureable percent level of the other two phase
pairs. If a phase imbalance occurs outside of the configured
threshold, the condition is noted in the user interfaces and
by the local load displays flashing at a medium speed.
Added system watts per square feet calculation and reporting. The
square feet of the footprint of the system (usually the cabinet
footprint size) is configurable. When configured, the total
system watts is divided by the footprint square feet to
determine and report the system watts per square feet.
Added support for operating system shutdown prior to the turning off
of an outlet that powers a computer system. A hostname/IP is
configurable for each outlet, along with a shutdown enable,
shutdown delay, a script enable, and script delay.
When shutdown is configured and enabled for an outlet, prior
to any system action that will turn off the outlet, encrypted
shutdown messages will be sent accross the network to a Remote
Shutdown Agent running on the computer system. The Switched
CDU will then delay the shutdown delay time (and script delay
time, if enabled) before turning off the outlet, giving the
time needed by the Remote Shutdown Agent to run a shutdown
script (if enabled) and shutdown the operating system.
Remote Shutdown Agents are available for these operating
systems: Windows, Solaris, Netware, Linux, HPUX, and AIX.
Added support to enable optional pay-for features by the entry of a
feature activation key that is unique to each product.
Added the first optional key-activated feature: Smart Load Shedding.
Smart Load Shedding allows for the automatic turning off of
non-critical equipment based on status and conditions in the
operating environment. These include the status of a UPS
(from which an input feed is powered), temperature, and load.
Upon a UPS going 'on-battery', or the temperature or load
exceeding threshold levels, outlets can be turned off to
maximize the uptime of critical equipment or to prevent damage
to equipment. Optionally, upon a return of a UPS to
'on-utility', or of the temperature or load to within
threshold levels, the non-critical equipment can be turned
back on.
SNMP is used to poll a configured UPS for utility/battery
status. SNMP agent object IDS are pre-configured for several
major UPS manufactures, and are custom configurable otherwise.
Added additional outlet control states to reflect shutdown conditions
and Smart Load Shedding event conditions.
Updated the Sentry3 SNMP MIB to include support for the product
characteristics, power consumption values, system watts per
square feet, and the new outlet control states.
-----------
Version 5.3
-----------
07-02-07 5.3i swcdu-v53i.bin Ninth production release
Added LDAPS (LDAP over TLS/SSL) support. TLS/SSL provides an
encrypted connection between the client and server for all
LDAP communication.
Using the web interface, the LDAP TLS/SSL option is
configured and displayed on the "Configuration - LDAP" page
using the new "Use TLS/SSL:" drop-down selection box. The
choices are "Yes" and "No".
Using the command-line interface, the LDAP TLS/SSL option is
configured with the new command:
SET LDAP USETLS { YES | NO }
The SHOW LDAP command has been updated to display the current
setting.
Upon factory reset, the default value is NO.
When LDAP is configured to use TLS/SSL, the LDAP port number
must be changed to match the encrypted port number of the LDAP
directory server. The IANA well-known port number for LDAPS
is 636.
The LDAPS TLS/SSL client supports:
Secure Sockets Layer (SSL) version 3
Transport Layer Security (TLS) version 1 (RFC 2246)
X.509 version 3 (RFC 2459) Server Certificates with
RSA key sizes up to 4096 bits
Symmetric Cryptography Ciphers:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (168-bit)
TLS_RSA_WITH_DES_CBC_SHA (56-bit)
TLS_RSA_WITH_AES_128_CBC_SHA (128-bit)
TLS_RSA_WITH_AES_256_CBC_SHA (256-bit)
Server certificates are accepted and used on-the-fly
A NULL client certificate is sent to the server if a
client certificate is requested
Added SNMP source IP restriction support. This allows SNMP manager
GET and SET requests to only be allowed from the IP addresses
of the defined traps destinations.
Using the web interface, the SNMP IP Restriction option is
configured and displayed on the "Configuration - SNMP" page
using the new "IP Restriction:" drop-down selection box. The
choices are "No Restrictions" and "Trap Destinations Only".
Using the command-line interface, the SNMP IP Restriction
option is configured with the new command:
SET SNMP IPRESTRICT { NONE | TRAPDESTS }
The SHOW SNMP command has been updated to display the current
setting.
Upon factory reset, the default value is NONE/No Restrictions.
When SNMP is restricted to the traps destinations, and the
traps destinations are defined as host names, the IP addresses
of the host names are looked up by DNS and cached for five
seconds, to avoid excessive DNS lookups with SNMP requests.
Added support to log the source IP address of HTTPS sessions. The
remote source IP addresses of HTTPS sessions are now retrieved
from the SSL/TLS proxy and used in HTTPS login, logout, and
authentication failure log messages.
Fixed the possible loss of a configured host IP address (for the FTP,
SNMP, SNTP, SYSLOG, LDAP, and TACACS protocols) if firmware was
updated from v5.3e or earlier to v5.3f or later, followed by a
command-line interface change to a non-hostname configuration
item for that protocol.
Built with updated TCP/IP and SSL libraries.
06-11-30 5.3h swcdu-v53h.bin Eighth production release
Added code to the web interface to highlight the background of every
other row in all tables.
Added "More (Y/N)" prompting between each page of the SHOW LOG display.
Added and changed the navigation links on the "Tools - View Log" web
page to include "<< First Page", "< Previous Page",
"Next Page >", and "Last Page >>".
Added "(SCP)" after "Coldboot Alert" in the SHOW OPTIONS display to
indicate a relationship between the Serial Command Protocol
(SCP) and the Coldboot Alert features. Upon a coldboot of the
system, if the coldboot alert feature is enabled, the system
will send a 1/2 second RS-232 break out any serial ports that
also have the SCP enabled.
Improved the robustness of the NVM/I2C communication code and changed
NVM/I2C status messages to only be displayed during the boot if
significant errors are detected.
Improved the speed of configuration restores. A PUT of config.bin now
immediately restores the configuration to RAM and begins
writing the configuration to NVM in the background. Upon the
FTP session ending, the restart process starts immediately,
but delays until all NVM writes have completed. Unnecessary
writes of unchanged default configurations no longer occur,
making the time to complete all writes much shorter.
Changed the SSH code to guarantee that any startup errors (such as
invalid keys) are sent out the Console port prior to the system
boot completing.
Changed the syslog message for host name fields to show "(undefined)"
if the name is set to blank.
Removed unnecessary memory usage by the Telnet server.
Fixed a stack overflow and memory overwrite in the email thread that
could cause various system crashes and automatic restarts.
Fixed a temporary run down of the network heap each time an IP address
DNS lookup was performed on a host name, which could lead to a
low-heap automatic restart if many DNS lookups occurred within
a short period of time.
Fixed sluggish performance problems with multiple concurrent HTTPS
sessions.
Fixed the Login link on the web "Restarting" page, which was using the
static IP address even when DHCP was enabled.
Fixed a bug in the "Configuration - TACACS" web page. When applying
the key form, the key data was being written to the incorrect
location in NVM. This was causing the key to not be restored
after a reset, and was causing the login banner to be trashed.
Fixed a bug in the "Tools - View Log" web page. When selecting the
"Previous 100 entries" link to go back to the first 100 log
entries, the data was not being displayed properly.
Fixed the SNMP trap code to not send traps twice to the first trap
destination when the second trap destination is blank.
Fixed the local load display to blink “FE” (for Fuse Error) on displays
for third and fourth input feeds that have a removed/blown
branch fuse. The code was previously only working on displays
for first and second input feeds.
Fixed the FTP server to accurately show the size of files in a
directory list, to list the files in alphabetical order, and
to only show a date/time when available.
Fixed the FTP put of config.bin to restore the email configuration,
which was previously not occurring.
Fixed the FTP get and put of config.bin to backup and restore the
entire configuration for products with third and fourth
enclosures in the system. Previously for these products, only
the configuration for the first and second enclosures were
being backed-up and restored.
Fixed various minor command parsing problems with the SET INFEED, SET
SYSLOG, SET SCPAUTH, SET TRAP, and SET EMAIL commands.
Fixed the "SHOW commands are:" list to show PORTS instead of PORT, to
match the actual valid command parameter. This typo was
introduced in v5.3g.
Updated the integrated board-level test code to v2.0b. Note: this
functionality is only accessible and used during the factory
production process.
06-09-21 5.3g swcdu-v53g.bin Seventh production release
Changed the maximum allowed outlet reboot delay to 600 seconds (from
60 seconds). This allows for a much longer off period during
reboot cycles. Note: the off period during a reboot cycle
cannot be overridden by an ON operation. To turn on an outlet
without waiting for the reboot delay to expire, first turn it
off, then on.
Changed the minimum allowed value for the outlet sequence interval to
zero seconds (from two seconds). This allows for faster outlet
sequencing (at one second) or no outlet sequencing (at zero
seconds).
Improved the accuracy and evenness of the outlet sequence interval
timing. This is especially noticeable for products with 32 or
more outlets.
Added code to detect a hung communication bus (for example, to a slave
enclosure) and to prevent a hung bus from causing a system
slowdown.
Re-ordered the command keywords in the top-level command list, as well
as the SET and SHOW command lists, for a more logical grouping
of commands by functionality and purpose.
Changed/moved the CLI command for setting the display orientation to
SET OPTION DISPLAY from just SET DISPLAY. Removed the SHOW
DISPLAY command and added the display orientation to the SHOW
OPTIONS command.
Changed the name of the FTP "filepath" configuration item to FTP
"directory" in both the command-line interface (CLI) and the
FTP.INI file. This was done to be consistent with the web
interface and because "directory" is the more-common term.
For backwards compatibility, "filepath" is still accepted.
Changed the OEMINFO string to not be cleared upon a reset to factory
defaults.
Updated the Serial Command Protocol to version 2.0e.
Increased by one year the start and end dates of a newly re/generated
X.509 certificate. A new certificate will now be valid from
September 1, 2006 to September 1, 2016.
Fixed LDAP login attempts to the secondary LDAP host possibly always
failing. This problem was introduced in v5.3f when hostname
support was added -- the previous IP address of the secondary
LDAP host was still being used, instead of the new configured
hostname.
Fixed FTP downloads to not fail when the user-configurable FTP strings
(username, password, directory, and filename) are at their
maximum sizes.
Fixed DNS-server connection test code to work properly when DHCP is
enabled or one or both DNS server IP addresses are 0.0.0.0.
This fix avoids several cases of unnecessary timeout delays
when the DNS servers are unreachable.
Fixed host connection test code to immediately fail when link integrity
is down. This avoids unnecessary timeout delays in several
cases when the network is disconnected or down.
Fixed the FTP download code to perform a link-integrity and host
connection test prior to attempting a download. This avoids
unnecessary timeout delays if the host is unreachable.
Fixed the FTP download code to detect and report when the FTP host
name cannot be resolved, and to then skip the FTP download
attempt. This avoids unnecessary timeout delays.
Fixed the LDAP and TACACS+ login code, the SNMP traps sending code,
and the FTP download code to skip attempts when the host name
is blank. This avoids unnecessary timeout delays.
Fixed the PASSWORD command to be available to users with view-only,
on-only, and reboot-only access levels.
Fixed some SNMP set operations not being logged. This included set
operations applied to sysContact, sysName, and sysLocation
objects.
Fixed problems that could allow out-of-order outlet sequencing on
products with a large number of outlets (>64).
Fixed problems that could allow products with a large number of
outlets (>64) to not sequence back on outlets on a slave tower
after it lost and regained power (the outlets would stay in
an "off/error" state).
Fixed the display code to illuminate the extra/outer decimal point on
the first load display when the configuration reset button is
pressed and the display orientation is set to inverted.
Previously, the inner decimal point (between the two numbers,
which is unused when inverted) was being illuminated.
Integrated board-level test code v2.0a into the application build.
Note: this functionality is only accessible and used during
the factory production process.
Added support for automatic retrieval of pre-generated certificates
and keys after the serial number assignment. Note: this
functionality is only accessible and used during the factory
production process.
06-06-22 5.3f swcdu-v53f.bin Sixth production release
Added Dynamic Host Configuration Protocol (DHCP) support to allow for
the automatic acquisition of an IP address, subnet mask,
gateway, and DNS server addresses from a network DHCP server.
Note: when loading version 5.3f over a previous version that
only supported static addressing, DHCP will initially be
disabled. Upon a reset to factory defaults, however, DHCP
will default to enabled.
Using the web interface, DCHP is configured and displayed on
the "Configuration - Network" page.
Using the command-line interface, DHCP is configured with the
new command:
SET DHCP { ENABLED | DISABLED }
The SHOW NETWORK command has been updated to display the
current DHCP setting.
When DHCP is enabled, the product will attempt to acquire an
address from a DHCP server upon boot, prior to the boot
completing. If successful, the acquired addresses will be
displayed in the web and command-line interfaces. If
unsuccessful, the acquisition attempt will timeout at 30
seconds, and the product will complete the boot using the
previously assigned (or default) static addresses.
When DHCP is disabled, the product boots with the static
addresses, as in previous versions.
To view or change the static addresses, DHCP must first be
disabled.
Upon a lease expiration of addresses assigned by DHCP, a lease
renewel is requested. If the DHCP server assigns a lease with
a different address, or a timeout occurs during the request,
the product will automatically restart. This will allow the
product to boot will the new addresses, or fallback to the
static addresses.
Added hostname support for all host IP address fields: FTP server,
SNMP traps destinations, LDAP servers, TACACS servers, SNTP
servers, Syslog servers, and SMTP (email) server.
A fully-qualified domain name may now be entered instead of an
IP address. For example, the LDAP host fields will now accept
“serverpdc.reno.servertech.com” instead of just an IP address.
Host names will be translated to IP addresses using DNS. Host
names can be up to 63 characters.
Added support for temperature values to be entered and reported in
either the Celsius or Fahrenheit temperature scale. Previous
versions always used Celsius.
Using the web interface, the temperature scale is configured
and displayed on the "Configuration - System" page.
Using the command-line interface, the temperature scale is
selected with the new command:
SET OPTION TEMPSCALE { CELSIUS | FAHRENHEIT }
The SHOW OPTIONS command has been updated to display the
current setting.
When the temperature scale is changed, all thresholds are
automatically converted to the newly-selected scale.
The supported range and resolution of the temperature scales
are:
Celsius: 0 to 123.5 degrees, with 0.5 degree
resolution, reported in 1/2 degree increments.
Fahrenheit: 32 to 254.5 degrees, with 0.9 degree
resolution, rounded to and reported in the nearest
1/2 degree increment.
Entry of temperature thresholds is automatically limited to the
whole values in the ranges shown above for the selected scale.
The SNMP MIB has also been updated to support selecting and
using the temperature scale. See the descriptions in the new
Sentry3.Mib file.
Added email support for notification of log messages, including which
categories of log messages are to be emailed, and support for
two recipients.
Using the web interface, Email is configured and displayed on
the new "Configuration - Email" page.
Using the command-line interface, Email is configured with a
new set of SET EMAIL commands. A new SHOW EMAIL command has
been added to display the current Email settings.
The items that can be configured are:
Email enabled/disabled.
SET EMAIL { ENABLED | DISABLED }
Default: DISABLED
SMTP host and port -- the host name/IP and port number
of the SMTP server that will deliver the email.
SET EMAIL SMTP { HOST hostname | PORT port }
Default HOST: blank/undefined
Default PORT: 25
'From' address -- the address from which the email
reports that it came.
SET EMAIL FROM address
Default: Sentry3_xxxxxx@, where xxxxxx is the
last three octets of the product's MAC address.
Primary and Secondary 'Send To' addresses -- the
recipient email addresses.
SET EMAIL { PRIMARYTO | SECONDARYTO } address
Defaults: blank/undefined
Categories of log messages to be included in the email.
SET EMAIL { EVENT | AUTH | POWER | CONFIG }
{ ENABLED | DISABLED }
Defaults: EVENT ENABLED, others DISABLED.
Every minute, up to fifty new log messages in the enabled
catagories are placed in the body of an email and sent to
both recipients. Multiple emails with be sent if there are
more than fifty new log entries in the enabled categories.
Added automatic firmware updates. When enabled, the product will
periodically, or on a schedule, check the configured FTP server
for a newer version of firmware. If found, an automatic
restart and load of the new firmware will occur.
Using the web interface, automatic update settings are
configured and displayed on the "Configuration - FTP" page.
Using the command-line interface, automatic update settings are
configured with a new subset of SET FTP commands. The SHOW
FTP command has been updated to display the current automatic
update settings.
The items that can be configured are:
Automatic updates enabled/disabled.
SET FTP AUTOUPDATE { ENABLED | DISABLED }
Default: DISABLED
Schedule Day upon which to perform a new firmware
check.
SET FTP AUTOUPDATE DAY { SUNDAY | MONDAY |
TUESDAY | WEDNESDAY |
THURSDAY | FRIDAY |
SATURDAY | EVERYDAY }
Default: EVERYDAY
Schedule Hour upon which to perform a new firmware
check.
SET FTP AUTOUPDATE HOUR { 12AM | 1AM | 2AM |
3AM | 4AM | 5AM |
6AM | 7AM | 8AM |
9AM | 10AM | 11AM |
12PM | 1PM | 2PM |
3PM | 4PM | 5PM |
6PM | 7PM | 8PM |
9PM | 10PM | 11PM }
Default: 12AM
To perform the check for new firmware at the scheduled day
and hour, the product must be configured to get real time from
an SNTP server, and must have successfully done so. Otherwise,
the product will perform the check every 24 hours since the
product last booted.
To avoid too many simultaneous FTP sessions from multiple
products with the same schedule, each product will randomly
add a delay (up to one minute) upon the scheduled day/hour, or
the period expiring, before connecting to the FTP server.
Additionally, up to three attempts to connect will be made,
with 15 seconds between each.
Added support to the FTP server for two new text files: FTP.INI and
SNTP.INI. These allow for common FTP configuration settings,
automatic update settings and schedule, and SNTP options to
to be duplicated accross a number of products by a FTP put to
each.
Added support to restart to factory defaults, while preserving the
network configuration. This allows for a remote configuration
reset, without loosing network connectivity.
Using the web interface, this new restart option has been added
to the choices on the "Tools - Restart" page. The new choice
is "Restart and reset to factory defaults, except network".
Using the command-line interface, this new restart option is
invoked by a new optional sub-parameter to the RESTART FACTORY
command:
RESTART FACTORY { KEEPNET }
All configuration items will be reset to factory defaults
except for the DHCP setting, IP address, subnet mask, gateway,
and DNS server addresses.
Added support for Server Technology's propietary Serial Command
Protocol (SCP). The SCP allows for control and monitoring of
the product through a serial connection to the console and/or
modem port using a command-response protocol that allows for
simplified communication compared to scripting sessions to the
command-line interface. This feature was previously available
only in custom OEM builds.
Added the source IP address of network authentication attempts (both
successes and failures) to the log entries. Log entries for
logouts also include the source IP address. These apply to
all network sessions except those by HTTPS, because the
SSL/TLS proxy hides the source IP address from the web server.
Added the CLI command "SET OPTION MORE { ENABLED | DISABLED }" to
enable or disable the "More (Y/N)" prompting between each page
of information for long information displays. The "SHOW
OPTIONS" display has also been updated to display the current
setting. The default is ENABLED.
Added write-behind caching support for NVM write operations. This
feature is used by SNMP to greatly improved the speed of SNMP
write operations for objects that are written to NVM.
Added robustness improvements to the non-volatile memory (NVM) access
routines.
Added support to display a blinking “FE” (for Fuse Error) on the
local load display of an input feed that has a removed/blown
branch fuse. The blinking "FE" display alternates with the
load display, so that the load on other branches can still
be seen.
Added support to sequence on outlets when a branch fuse is installed
in a product that supports 'hot' fuse swapping.
Added support for a serial port data rate of 115200 bps.
Added an option on the web "Configuration - System" page to disable
the configuration reset button. The feature was added in
v5.3e, but the web configuration was accidentally left out.
Added support for new hardware models with additional link
capabilities.
Fixed the problem of not being able to turn off (uncheck) the Location
blink option on the web "Configuration - System" page, which
was a problem that was introduced in v5.3e.
Fixed two LDAP problems. One fix avoids a possible “Out of memory”
error during searches, and the other avoids a possible improper
parsing of the Group Membership Value Type when type "DN" is
selected.
Fixed the SSH server to log authentication attempts when using the
password authentication method. Previously, only the
keyboard-interactive authentication method logged
authentication attempts.
Fixed the SSH server to not prematurely fail a third authentication
attempt. Previously, depending on the SSH client, a third
attempt to authenticate would either fail immediately after
entering the username, or would accept both the username and
password and fail even if they were valid. Three full login
attempts can now be made. The server will disconnect the
session after the third attempt, if it fails.
Fixed the "Configuration - Serial" and "Configuration - Outlets" web
pages to no longer cause an "error on page" when submitting
the form immediately after having followed an "Edit" link on
the page and then returning to that page.
06-02-28 5.3e swcdu-v53e.bin Fifth production release
Added logging of all authentications (including failed attempts),
power actions, configuration changes, and system events.
The log is stored in RAM and can hold up to 4097 entries.
Additional log entries will automatically wrap around over the
oldest log entries. The log is cleared upon a restart or
power loss. For permanent off-product log storage, the Syslog
protocol is supported (see below).
Each log entry includes a sequential log-entry number, a
date/time-stamp (if a date/time has been retrieved by SNTP),
and a message. Each log message begins with a category
heading of either "AUTH:", "POWER:", "CONFIG:", or "EVENT:",
and is followed by the message information.
The log can only be viewed by administrators.
Using the web interface, the log is viewed by selecting the
new "View Log" item under the "Tools" menu.
Using the command-line interface, the log is viewed with the
new command:
SHOW LOG
Note: Web authentications (and failed attempts) are only
logged when the web server is set for Basic authentication.
Added support for the Syslog protocol. The Syslog support is
RFC3164-compliant and provides for off-system viewing and
permanent storage of log messages.
Two Syslog servers are supported. The Syslog support is
enabled by configuring the IP address of one or both Syslog
servers. The port number used with the Syslog protocol is
also configurable. The default port is 514, which is the
well-known port for Syslog.
Using the web interface, Syslog options are configured and
displayed on the new "Configuration - SNTP/Syslog" page.
Using the command-line interface, the Syslog server IP
addresses and port number are configured with the
new commands:
SET SYSLOG [ HOSTIP1 | HOSTIP2 ] { ipaddress }
SET SYSLOG PORT { number }
A new SHOW SYSLOG command has been added to display the
current values.
Added support to configure a local GMT Offset to the date/time
returned by SNTP. This was added because the Syslog RFC
requires that the date/time be provided in local time.
The offset can be configured in whole hours between plus and
minus twelve hours.
Using the web interface, the SNTP GMT offset is configured and
displayed on the new "Configuration - SNTP/Syslog" page. This
page uses the configured GMT offset to show the current date/
time in local time.
Using the command-line interface, the SNTP GMT offset is
configured with the new command:
SET SNTP GMTOFFSET { -12 .. +12 }
The SHOW SYSLOG command has been updated to display the
current GMT offset value. The SHOW SYSLOG command has also
been updated to use the configured GMT offset to show the
current date/time in local time.
Note: There is currently no automatic adjustment for daylight
savings.
Added two new access levels for user accounts: Power-User and
Reboot-Only.
A Power-User account automatically has access rights to all
outlets, groups, and ports, just like an administrator, but
does not have any configuration rights.
A Reboot-Only account is restricted to only the reboot action
for outlets to which access rights have been assigned. This
prevents a Reboot-Only user from leaving critical equipment in
an off state. Note, a reboot will turn on outlets that are
off, after the reboot delay period.
Using the web interface, the new access levels are selected on
the "Configuration - User - Edit" page and are displayed on
the "Configuration - Users" page.
Using the command-line interface, the new access levels are
configured with the updated SET USER ACCESS command, which
now accepts "POWERUSER" and "REBOOTONLY" as the access level.
The LIST USERS command has been updated to display the new
access levels.
Added the ability for a user to change their own password. Previously,
only an administrator could change account passwords.
Using the web interface, a user can change their own password
using the new "Change Password" item under the "Tools" menu.
Using the command-line interface, a user can change their own
password with the new command:
PASSWORD
By the web or command-line interface, the user must enter
their current password, their new password, and a verification
of their new password.
By allowing a user to change their own password, they can
change it from the initial password that was assigned when the
account was created, without divulging the new password to an
administrator. Once a user changes their own password, an
administrator cannot lookup the new password, though an
administrator can always assign a new password.
This behavior is important for accountability assessment of
log entries, which include, when relevant, the name of the
user that performed the authentication, power action, or
configuration change that was logged.
Added the ability to enforce the usage of strong passwords. Strong
password support, when enabled, requires passwords be a
minimum of 8 characters with at least one uppercase letter,
one lowercase letter, one digit, and one special character.
When a password is changed, strong password support requires
that the new password differ in at least four character
positions from the old password.
Using the web interface, the strong password option is
configured and displayed on the "Configuration - System" page.
Using the command-line interface, strong password support is
enabled or disabled using the new command:
SET OPTION STRONGPASSWORDS { ENABLED | DISABLED }
A new SHOW OPTIONS command has been added to display the
current value.
Added an option to disable the external configuration reset button.
In an insecure location, this button may pose a security
threat since it could be used to return the unit to factory
defaults, which would then allow a login using the default
administrator account. Disabling the button removes this
security concern.
Using the command-line interface, the configuration reset
button is enabled or disabled using the new command:
SET OPTION BUTTON { ENABLED | DISABLED }
A new SHOW OPTIONS command has been added to display the
current value.
Added support to configure a pre-login banner. This feature allows an
administrator to configure up to 2070 characters of text that
will be displayed prior to a login. This can be used for
displaying any message, such as legal text or disclaimers.
Using the web interface, the login banner is configured and
displayed on the new "Configuration - System - Login Banner"
page. A link to this new page has been added to the
"Configuration - System" page.
Using the command-line interface, the login banner is
configured using the new command:
SET BANNER
For serial and Telnet sessions, the banner is automatically
displayed before the login prompts. For SSH sessions, the
"keyboard-interactive" authentication method must be used to
be presented with the login banner. For web browser sessions,
if the banner is not blank, the default page will display the
banner in a fixed-width font, followed by a link to login.
If the banner is blank, the default page is automatically
adjusted so that the banner page is skipped, making the web
login process identical to previous versions.
Added support for the upload and download of configurations. This
feature allows for configuration backup and restore, as well
as a common/template configuration to be uploaded to multiple
products.
The upload/download of configurations is supported via a
built-in FTP server. A single administrator login (at a time)
is supported by the FTP server. The FTP server has a fixed
one-minute timeout.
Two files can be uploaded/downloaded from the root of the FTP
server:
CONFIG.BIN contains the entire configuration,
excluding TCP/IP settings, serialized and factory-only
configurations, the X.509 certificate, and SSH keys.
This file is encoded as to not be user readable or
editable. Although encoded, this file should be kept
in a secure location. This file should not be edited.
If edited, the file will be invalid when uploaded.
NETWORK.INI contains just the TCP/IP settings (IP
address, subnet mask, gateway, DNS1, and DNS2). This
file is user readable and editable.
When uploaded, the NETWORK.INI settings only take a few
seconds to be stored. When CONFIG.BIN is uploaded, several
minutes are needed to store the entire configuration. During
this time, an additional upload will not succeed. Thus, if
both files are to be uploaded, NETWORK.INI should be uploaded
first.
If either NETWORK.INI or CONFIG.BIN are uploaded, then upon a
timeout or logout from the FTP server, an automatic restart is
set to occur, pending the successful completion of the
uploaded settings being stored. The restart will cause the
product to boot with the new settings applied.
The FTP server, and thus the configuration upload/download
feature, can be disabled, if considered a security risk.
Using the web interface, the FTP Server setting is configured
and displayed on the "Configuration - FTP" page.
Using the command-line interface, the FTP Server is enabled or
disabled using the new command:
SET FTP SERVER { ENABLED | DISABLED }
The SHOW NETWORK command has been updated to display the
current FTP Server setting.
Note: The FTP Server does not support web browser FTP file
tranfers. A non-web-browser FTP client must be used.
Added web security checks to prevent out-of-order submittals of form
items from being applied.
Changed all web security realms to have the same realm name. This
should cause web browsers to clear all cached passwords for
the product when an error 401 (not authorized) page is sent.
Fixed the web login code to ignore case when comparing the entered
username with names already in the active-session table. This
prevents identical account logins from using multiple sessions
if the username is entered in a different case.
Added support to the SSH server for the "keyboard-interactive"
authentication method. This method must be used to be
presented with the pre-login banner text.
Fixed the SSH server so that it no longer reports to an SSH client
that "public-key" is a supported authentication method. The
methods currently supported are "keyboard-interactive" and
"password".
Added code to prevent outlet, group, and port names from being set to
"ALL", which is a reserved keyword.
Fixed the ADD and DELETE commands to always accept the absolute port
IDs for the Console and Modem ports.
Fixed the command-line interface to not allow the port name MODEM to
be used with the ADD and DELETE commands on products that do
not have a MODEM port.
Removed debugging options that could expose account passwords to
administrators.
Changed "baud rate" to "data rate" in the command-line interface.
Fixed another serial driver problem that could allow the command-line
interface to get behind by one character for a session started
on the Console or Modem port.
Built with updated TCP/IP, SSL, and FTP Server libraries.
05-12-01 5.3d swcdu-v53d.bin Fourth production release
Fixed the system failing to boot when configured with an invalid IP
Address and Subnet Mask combination in which the bits in the
host portion of the IP Address are all ones (the subnet
broadcast address). The TCP/IP stack no longer attempts to
load when the bits in the host portion of the IP Address are
either all ones or all zeros, as both cases are invalid for
a host IP address. The web user interface no longer allows
these invalid combinations.
Fixed several cases of TCP/IP sockets not being closed upon TACACS+
authentication failures. This fix avoids an automatic restart
that would otherwise occur if all socket resources became
unavailable.
Added support to the LDAP and TACACS+ clients to cause a fallback to
local authentication when the destination network or host is
unreachable and the Authentication Order is set to
Remote-Only. Previously, this fallback would only occur when
the host refused the connection or when the connection to the
host timed-out. These additions cover additional cases in
which the host may be unavailable, but fallback should occur.
05-11-16 5.3c swcdu-v53c.bin Third production release
Fixed a critical security flaw affecting HTTP/S authentications when
the web server is set for Basic authentication.
Fixed the SNMP agent to allow the temperature and humidity threshold
objects to be set through SNMP. Previously, noSuchName or
notWritable was being returned for these objects.
Fixed cases of spurious SNMP traps being generated for temperature
and humidity sensors that are connected to an environmental
monitor that goes off-line and then back on-line.
Fixed a serial driver problem that could allow the command-line
interface to get behind by one character.
Fixed a problem in the LDAP client that allowed a directory server
group name to match local user account names, instead of just
local LDAP group account names.
Fixed the problem of a branch fuse error being reported for the
branches of an input feed that is off. The input feed is now
properly reported as being off, instead of reporting a fuse
error. This only applies to products with branch-circuit fuse
sensing.
Fixed the command-line interface to not allow the port name MODEM to
be used with the SET PORT command on products that do not have
a MODEM port.
Fixed the command-line interface to not allow the ID or name of a
slave tower to be used with the SET TOWER command when a slave
tower is not connected.
Fixed a spelling error in an error message that can occur on the
"Configuration - Users" web page.
Added robustness improvements to the non-volatile memory (NVM) access
routines.
Added robustness improvements to the internal communications bus
access routines. Eliminated unnecessary bus communications
for features that are not supported by the hardware.
Added support for the serial port data rate to be changed without
requiring a restart. The change now occurs upon logout
of the current session. A message that the data rate is
changing is sent at the current data rate just before the data
rate is changed. This same message is also sent upon a boot
completing if the administrator-configured data rate is
different than the fixed console-port boot data rate of
9600 bps.
Added support to configure the TACACS+ port number.
Using the web interface, the TACACS+ port number is
configured and displayed on the "Configuration - TACACS+"
page.
Using the command-line interface, the TACACS+ port number
is configured with the new command:
SET TACACS PORT { number }
The SHOW TACACS command displays the current value.
Added support for the keyword ALL to be specified as the group name
in the ADD/DELETE GROUPxxxxxxxxxx commands.
Added a check to the LDAP client that DNS can resolve the LDAP host
address when the bind type is set to MD5, which is required
with MD5 LDAP binds.
Added the brief display of dash-dash on load displays during off-line
to on-line transitions while the initial load reading is
occuring.
Added support for new load measurement hardware that supports 60 Amp
input feeds.
Added support for new front-panel LED hardware that displays the
status of the outlets.
05-07-17 5.3b swcdu-v53b.bin Second production release
Completely redesigned and reimplemented the LDAP authentication
feature to support a wide variety of directory services and
non-standard schemas. LDAP bind, search, and filter strings
are now configurable by an administrator to match their
particular directory service and schema. See ldap_update.txt
for more information.
Fixed the LDAP implementation to support simple binds with Active
Directory servers.
Fixed the LDAP implementation to not require uppercase usernames for
HTTP logins when authenticating with an Active Directory
server using MD5 binds.
Added a per-outlet Post-On Delay feature. This feature allows for an
extra delay after an outlet is turned on before the other
outlets after it are turned on. This delay only applies to
the other outlets at power up and when those outlets are part
of the same single operation that caused the turn on of the
outlet with the non-zero Post-On Delay.
A typical use of this feature allows for a device to complete
its boots before devices that are dependent upon it are
booted, such as in a client/server network application.
Using the web interface, the post-on delay is displayed on the
"Configuration - Outlets" page and is configured on the
"Configuration - Outlets - Edit" page.
Using the command-line interface, the post-on delay is
configured with the new command:
SET OUTLET POSTONDELAY { outlet_id } { nnn }
where "nnn" is a value, in seconds, between 0 and 900.
The SHOW OUTLETS command displays the current setting.
Upon factory reset, the default value is 0 seconds.
Added an option to invert the load displays. When inverted, the load
values for all input feeds in the system will be written
upside-down, and in whole amps, to the respective displays.
This feature is to allow for upside-down mounting of vertical
products when the power is fed from the ceiling.
Using the web interface, the display orientation is displayed
and configured on the "Configuration - System" page.
Using the command-line interface, the display orientation is
configured with the new command:
SET DISPLAY { NORMAL | INVERTED }
A new SHOW DISPLAY command displays the current setting.
Upon factory reset, the default is determined by an internal
factory-installed jumper/switch position. Unless the product
was specifically ordered with inverted displays, this jumper/
switch position will be open, resulting in normal display
orientation.
Added medium-speed (1/2 second on/off) blinking of load displays when
the input feed load value is above the preset SNMP trap
threshold.
Added support to the CLI and Web interfaces to allow an administrator
to configure the SNMP MIB-II sysName, sysLocation, and
sysContact objects.
Using the web interface, the SNMP MIB-II sysXXXXX objects are
display and configured on the "Configuration - SNMP" page.
Using the command-line interface, the SNMP MIB-II sysXXXXX
objects are configured with the new commands:
SET SNMP SYSNAME { string }
SET SNMP SYSLOCATION { string }
SET SNMP SYSCONTACT { string }
The SHOW SNMP command has been updated to display the current
values.
Removed the automatic display of the outlet status upon a non-
administrative login to the command-line interface (CLI).
Removed code from the Telnet and serial port login routines that
caused the entered username to be uppercased. This could
prevent TACACS+ logins from succeeding.
Fixed the problem of default non-administrative TACACS+ privilege-
level accounts not having appropriate access rights to login
through the web interface.
Added HTTP session cookies to force reauthentication after a timeout
or logout of a web browser session when the web server is set
for Basic autentication.
Fixed the web server to no longer be vulnerable to the Cross Site
Scripting (XSS) vulnerability (CAN-2003-0218).
Fixed memory leaks and handling of low memory conditions in the HTTPS
(SSL/TLS) code that could cause the web server to hang.
Fixed problems where corrosive page refreshes could cause the web
server to hang.
Fixed absolute URLs not being handled correctly when accessed from
HTTP V1.0 browsers.
Changed hyperlinks on the HTML logout and error pages to be absolute,
not relative, to avoid possible broken links.
Added a hint in the web error message box for an invalid IP address
to indicate that 0.0.0.0 should be used for none.
Fixed the problem of closing the web browser before the Restarting
page is displayed, but after confirming a restart, from
preventing the restart and no longer allowing another restart
to be issued, by web or CLI. The restart will still not
occur, but another restart can now be performed.
Changed the TACACS+ web configuration page to not send the current
encryption key to the browser because, even though it was
shown as dots, viewing the source would show it in clear text.
The status of the key is now shown as just "(blank)" or
"(set)" and a separate form allows for a new key to be
entered and verified.
Changed the User Edit web page to not send the current password to the
browser because, even though it was shown as dots, viewing the
source would show it in clear text. A new password can now be
entered and verified on the page, or left blank for no change.
Fixed improper handling of low memory conditions in the Telnet server
that could cause the server thread to end.
Fixed improper handling of low memory conditions in the SSH server
that could cause the server thread to end.
Fixed problems in the SSH socket handling code that could cause the
product to crash and automatically restart.
Fixed the TCP/IP stack to no longer be vulnerable to Blind TCP Reset
attacks (CAN-2004-0790).
Added code to monitor the TCP/IP socket usage and to perform an
automatic restart if all socket resources unexpectedly become
unavailable.
Fixed the PING command to always close sockets in case of errors.
Increased the stack size of the SNMP trap thread to avoid potential
system crashes.
Fixed a problem that caused SNMP SET (write) operations to fail for
the Sentry3-MIB systemLocation object.
Fixed the SNMP agent to not match object IDs (OIDs) that are too long.
Fixed the SNMP agent to not allow objects to be lexicographically out
of order.
Fixed the SNMP agent to return SNMP v2c error values when SNMP v2c
protocol data units are used.
Fixed the SNMP agent to check for and properly handle negative table
index values.
Fixed the CLI SET SNMP xxxCOMM commands to allow spaces in the
community strings. Previously the string would be truncated
at the first space.
Fixed an incorrect internal SNMP message length that could cause
memory to be overwritten.
Fixed corruption of an internal debugging log by messages that were
too long.
Added debug logging of thread peak stack usage.
Changed the behavior of beta code versions to not disable auto-crash
recovery (auto-restart) code.
Added debugging code to record in flash the running thread during a
crash, before an auto-restart.
Added reset of a communication bus multiplexor when the selected
channel is hung. This fix works in conjunction with updated
hardware to avoid a non-powered, but connected, slave product
from hanging the internal communication on the master.
Built with all available updated system libraries.
05-04-22 5.3a swcdu-v53a.bin First production release
===============================================================================
Copyright (C) 2007 Server Technology, Inc.
Download Driver Pack
After your driver has been downloaded, follow these simple steps to install it.
Expand the archive file (if the download file is in zip or rar format).
If the expanded file has an .exe extension, double click it and follow the installation instructions.
Otherwise, open Device Manager by right-clicking the Start menu and selecting Device Manager.
Find the device and model you want to update in the device list.
Double-click on it to open the Properties dialog box.
From the Properties dialog box, select the Driver tab.
Click the Update Driver button, then follow the instructions.
Very important: You must reboot your system to ensure that any driver updates have taken effect.
For more help, visit our Driver Support section for step-by-step videos on how to install drivers for every file type.