CommandCenter Secure Gateway

PRODUCT OVERVIEW
FEATURES & BENEFITS
TECHNICAL SPECS
FAQ

CommandCenter® Secure Gateway (CC-SG) management appliances provide unified, secure access to KVM, serial and remote power management devices via a Web browser. Compatible with Raritan's Dominion® Series, Paragon® II, IP-Reach® and Dominion PX intelligent PDUs, CC-SG provides centralized policy and security management of users and devices connected to Raritan products, other embedded solutions like iLO/iLO2, IPMI, and in-band software solutions and virtualization environments.

CC-SG delivers secure, powerful and effective management through AES encryption, flexible authentication options (LDAP, Active Directory®, RADIUS and TACACS+), comprehensive reporting capabilities, customizable views and SNMP Traps. CC-SG aggregates console access and remote power control capabilities to devices in multiple local or remote data centers, providing a simple, centralized gateway to diagnose and resolve problems quickly.

CC-SG G1 users please note: The CC-SG G1 has recently been discontinued. Trade in your old appliances now for a next generation CC-SG E1 or V1 and save 15%! Click here for more details.

Main Units

CC-2XE1-1024	Cluster Kit: 2 CC-SG E1 Appliances & License for 1024 nodes + 2YR HW Warranty on each appliance	$19,995.00
CC-2XE1-512	Cluster Kit: 2 CC-SG E1 Appliances & License for 512 nodes + 2YR HW Warranty on each appliance	$14,995.00
CC-2XV1-256	Cluster Kit: 2 Appliances & License for 256 nodes + 2YR HW Warranty on each appliance	$12,995.00
CC-E1-256	CommandCenter Secure Gateway E1 Appliance & License for 256 nodes + 2YR HW Warranty	$9,995.00
CC-E1-512	CommandCenter Secure Gateway E1 Appliance & License for 512 nodes + 2YR HW Warranty	$12,995.00
CC-V1-128	CommandCenter Secure Gateway Appliance & License for 128 nodes + 2YR HW Warranty	$5,695.00
CC-V1-256	CommandCenter Secure Gateway Appliance & License for 256 nodes + 2YR HW Warranty	$8,995.00
CCL-1024	License package - 1024 node lincense	$13,995.00
CCL-128	License package - 128 node lincense	$3,695.00
CCL-2048	License Package - 2048 Additional Nodes	$19,995.00
CCL-256	License package - 256 node lincense	$5,995.00
CCL-4096	License Package - 4096 Additional Nodes	$24,995.00
CCL-512	License package - 512 node lincense	$8,995.00
CCL-64	License package - 64 node lincense	$1,995.00
		$0.00
These are U.S. MSRPs only; prices are set by the reseller and prices vary in other countries.

Accessories

CCL-64	License package - 64 node lincense	$1,995.00
WARCC-V1-128-1	1 Year extended warranty Gold for CommandCenter Secure Gateway CC-V1-128	$1,139.00
WARCC-V1-128-2	2 Year extended warranty Platinum for CommandCenter Secure Gateway CC-V1-128	$1,424.00
CCL-1024	License package - 1024 node lincense	$13,995.00
CCL-128	License package - 128 node lincense	$3,695.00
CCL-2048	License Package - 2048 Additional Nodes	$19,995.00
CCL-256	License package - 256 node lincense	$5,995.00
CCL-4096	License Package - 4096 Additional Nodes	$24,995.00
CCL-512	License package - 512 node lincense	$8,995.00
CCL-8192	License Package - 8192 Additional Nodes	$29,995.00
SVC-DCC-EXPANDED	Expanded centralized infrastructure management service	$0.00
WARCC-2XE1-512-1	1 Year extended warranty Gold for CommandCenter Secure Gateway CC-2xE1-512 or CC-2xE1-1024 (Cluster Kit)	$2,999.00
WARCC-2XE1-512-2	2 Year extended warranty Platinum for CommandCenter Secure Gateway CC-2xE1-512 or CC-2xE1-1024 (Cluster Kit)	$3,749.00
WARCC-2XV1-256-1	1 Year extended warranty Gold for CommandCenter Secure Gateway CC-2xV1-256 (Cluster kit)	$2,599.00
WARCC-2XV1-256-2	2 Year extended warranty Platinum for CommandCenter Secure Gateway CC-2xV1-256 (Cluster kit)	$3,249.00
WARCC-E1-256-1	1 Year extended warranty Gold for CommandCenter Secure gateway CC-E1-256	$1,999.00
WARCC-E1-256-2	2 Year extended warranty Platinum for CommandCenter Secure gateway CC-E1-256	$2,499.00
WARCC-V1-256-1	1 Year extended warranty Gold for CommandCenter Secure Gateway CC-V1-256	$1,799.00
WARCC-V1-256-2	2 Year extended warranty Platinum for CommandCenter Secure Gateway CC-V1-256	$2,249.00
These are U.S. MSRPs only; prices are set by the reseller and prices vary in other countries.

Click here for a PDF of the Features & Benefits for Release 4.0

Click here for a PDF of the Features & Benefits for Release 3.2

Feature	Benefit
Integration of Raritan’s Dominion® PX ‘smart’ PDU via IP networks	Functionality: CommandCenter Secure Gateway (CC-SG) can now discover or add a Dominion PX ‘smart’ power strip located on the IP network. The CC-SG will automatically identify the firmware version, serial number and how many outlets are available on the PX. Once added to the CC-SG as a network managed device, CC-SG can provide a single sign on access to the Dominion PX administrative interface. Additionally, Dominion PX outlets are available for configuration and association to existing CC-SG nodes (servers). Note: The option of CC-SG integration to PX through physical connectivity to Dominion devices via power CIM or power cable is still available and is supported in this release. Benefits: Control of the PX is now independent of KVM or serial switches. Now that the Dominion PX is supported in CC-SG in the two configurations (IP or connected to a Dominion device), customers have more deployment options with their Raritan equipment.
Virtualization: Integration of VMware™	Functionality: Add virtualization environment to CC-SG to enable connection from CC-SG to virtual machines, virtual hosts, and control systems. The new virtualization feature includes streamlined setup of single-sign-on access to your virtualization environment, ability to issue virtual power commands to virtual machines and virtual hosts, and a topology view with one click connections. CC-SG integrates with VMware™ environments and can support features like connectivity to the Virtual Center software, ESX servers, and VMotion™ functionality. Benefits: Consolidated access, power control and auditing of both physical and virtual servers. Connectivity to virtual machines is always available even when these are moved from one virtual host to another.
In-band application and embedded service processor enhancements	Functionality: TELNET is now supported as a new in-band serial console interface. RDP, one of the most commonly used in-band console interfaces can now be used in either console or remote user modes. The RDP console allows IT admin to be the only RDP user on the server while their session lasts. All RDP remote console user sessions will terminate upon an RDP console login. Additionally, RDP interface can now be adjusted to the desired color depth. Service accounts can be created and stored on CC-SG with an MD5 two-way encrypted password. Service accounts can be used on all in-band interfaces to allow for use with remote or local authentication. Change of the service account password would apply to all CC-SG interfaces using that service account. Alternatively, creating a password specific to each interface is still available. Benefits: Ability to connect to serial targets using TELNET protocol. Flexibility in using RDP. Use of RDP in addition to KVM is now more compelling because of the new console/remote user option as well as the ability to setup color depth. Reduce the configuration time required to reflect password changes. This is a specifically useful feature for those customers who have internal security requirements for periodical password changes.
Auditing and audit trail report enhancements	Functionality: The CC-SG administrator can now sort the audit trail report based on categories. For example, the administrator can choose to view only authentication messages for remediation purposes, security messages for monitoring purposes, or virtualization messages for virtual machine-related activity tracking. The administrator can now choose to view only tasks, embedded or access related audit messages. Additionally, the administrator can use wild card search to find specific audit messages. Node auditing is a new capability requiring users belonging to a group selected by the CC-SG administrator to enter free text audit information whenever accessing any interface. This information can be viewed in both the audit trail report and the new node audit tab. Benefits: Granular audit trail sorting for specific purposes like remediation, security, and debugging. Ability to capture activity reported by system users such as contractors and temporary workers.
JRE version management capabilities	Functionality: The CC-SG administrator can now prompt their users and direct them to their desired Java version if their version is either not supported on the CC-SG or older than the version the CC-SG administrator desire they use. Benefits: Ability to alert users if the JRE version installed on their client is not what their CC-SG administrator wants them to use.
Remote monitoring and capacity planning tools	Functionality: CC-SG 4.0 introduces variety of tools to monitor real time and over time performance of the CC-SG. Once activated, these tools can capture or display information such as CPU, memory, hard disk space, etc. Using the real time data capture tool, customers can not only view information in a graphical format but can also create e-mail alerts based on thresholds they set. With an overtime data evaluation tool, customers can see their CC-SG performance graphed overtime. Both tools need to be activated by the admin and communication between the CC-SG and these tools apply to IP addresses and specific ports approved by the administrator. Benefits: Secure remote monitoring tools that can be activated by customers to monitor their CC-SG hardware performance and alert them when action may be required on their part.
GUI and user experience improvements	Functionality: The new firmware introduces many new improvements to the existing CC-SG platform. For example, CC-SG administrators can now require acknowledgement before any power operation such as powering off a server is conducted. Additionally, the node profile was enhanced to include a tab structure that is more useful to users and includes more useful information: Interfaces Tab: Always displays when the node is being selected and provides all Out-of-band, In-band, and Power Control interfaces available to the user. Associations Tab: Includes all the categories and elements describing the node or the device. Locations and Contacts Tab: Includes location (Department, Site, and Location) and contact (Name, Phone Number, and Cell Phone) information related to the node or device. Notes Tab: Can be used to capture reminders or other information a user may wish to communicate with other users of this node. The information is kept for reference only and is not captured in the Audit Trail. Audit Tab: Lists all node access activities done by users required to enter audit. In addition to other information captured in the Access Report for this node, information will include a Free Text Note entered by selected users (see Free Text Note Entry to Audit Trail feature below). Virtualization Data Tabs: Applicable to virtual machines, virtual hosts, or control system nodes only and contains data and hyperlinks applicable to virtualization. Benefits: Continued improvement of the CC-SG UI helps improve user experience for Raritan customers. Whether they are administrators of the CC-SG or other Raritan equipment or users attempting to access a server, CC-SG 4.0 is making processes and experience better.

Click here for a PDF of this information

P/N: CC-SG E1

Form Factor: 2U
Dimensions: 27.05" (W) x 18.70" (D) x 3.46" (H); 687mm (W) x 475mm (D) x 88mm (H)
Weight: 44.1 lbs; 20kg.
Power: Dual Supply (2 x 500 watt)
Operating Temp: 10-40 C; 50-104 F
MTBF: 53,564 hours
KVM Admin Port: DB15 + PS2 or USB Keyboard/Mouse
Serial Admin Port: DB10
Console Port: 3 x USB 2.0 ports

Hardware

Processor: 2 x AMD Opteron 250
Memory: 2 x 2 GB
Ethernet Interfaces: (2) 10/100/1000 Ethernet (RJ45)
Hard Disk & Controller:(2) 74GB SATA drives @ 10000 RPM, RAID 1
CD/ROM Drive: DVD-ROM

Remote Connection:

Protocols:TCP/IP, UDP, RADIUS, SNMP, SNTP, SSH, HTTP, HTTPS

Warranty: 2 years. *Advanced Replacement Guardian Extended Warranty Also Available

P/N: CC-SG V1

Form Factor: 1U
Dimensions: 24.21" (W) x 19.09" (D) x 1.75" (H); 615mm (W) x 485mm (D) x 44mm (H)
Weight:23.8 lbs; 10.8kg.
Power: Single Supply (300 watt)
Operating Temp: 10-35 C; 50-95 F
MTBF: 36,354 hours
KVM Admin Port: DB15 + PS2 or USB Keyboard/Mouse
Serial Admin Port: DB9
Console Port: 2 x USB 2.0 ports

Hardware

Processor: 1 AMD Opteron 146
Memory: 2 GB
Ethernet Interfaces: (2) 10/100/1000 Ethernet (RJ45)
Hard Disk & Controller: (2) 80GB SATA drives @ 7200 RPM, RAID 1
CD/ROM Drive: DVD-ROM

Remote Connection

Protocols: TCP/IP, UDP, RADIUS, SNMP, SNTP, SSH, HTTP, HTTPS

Warranty: 2 years. *Advanced Replacement Guardian Extended Warranty Also Available

P/N: CC-SG G1

Form Factor: 1U
Dimensions:22.1"(W) x 17.32"(D) x 1.75"(H); 563mm (W) x 440mm (D) x 44mm (H)
Power: Redundant, hot-swappable power supply; auto sensing 110/220 V - 2.0A
Operating Temp: 0-30 C; 32-104 F
MTBF: 38,269 hours
KVM Admin Port: DB15 + PS2 Keyboard/Mouse
Serial Admin Port: DB9

Hardware

Processor: Intel Pentium III 1 GHz
Memory: 512MB
Network Interfaces: (2) 10/100 Ethernet (RJ45)
Hard Disk & Controller: 2 40GB IDE drives @ 7200 RPM, RAID 1
CD-ROM Drive: 40x read-only*
Console: DB-9 RS232 console port

Remote Connection

Protocols: TCP/IP, UDP, RADIUS, SNMP, SNTP, SSH, HTTP, HTTPS

Warranty: 2 years. *Advanced Replacement Guardian Extended Warranty Also Available.

*Product must be registered with Raritan to qualify for Advanced Replacement Guardian Extended Warranty.

Click here for a PDF of this information

What is CommandCenter Secure Gateway (CC-SG)?
What are the different CC-SG hardware options supported?
How do I identify if I have a CC-G1?
Why would I need CC-SG?
Which Raritan products does CC-SG support?
How does CC-SG support virtualization?
How does CC-SG integrate with other Raritan products?
Is the status of CC-SG limited by the status of the devices that it proxies?
Can I upgrade to newer versions of CC-SG as they become available?
How many login accounts can be created for CC-SG?
Can I assign specific node access to a specific user?
How are passwords secured in CC-SG?
An administrator added a new node to the CC-SG database and assigned it to me, but I cannot see it in my Device Selection table. Why?
Which version(s) of Java does CC-SG support?
Specifically what type of changes can a management system monitor and alert on?
What is the recommended use of Computer Interface Modules (CIMs) being moved or swapped at the physical level with changes to the logical database?
How does CC-SG integrate with blade chassis products?
Will the current Paragon solution work with CC-SG?
How will I know if someone else is logged into a Raritan device managed by CC-SG?
Does CC-SG have the ability to look at multiple device screens? How is this presented?
Is SSL encryption internal (LAN) or external (WAN)?
Can audit/logging abilities track down to who switched a power plug on/off?
Does CC-SG support Client Certificate Request?
Does CC-SG support Virtual Media?

What is CommandCenter Secure Gateway (CC-SG)?
CommandCenter Secure Gateway (CC-SG) is a management appliance that provides unified, secure, browser or CLI-based access to the KVM, serial and power control devices in the data center and remote offices. CC-SG manages Raritan's Dominion® Series, Paragon® II, IP-Reach®, and Dominion PX intelligent power distribution units to provide centralized policy and security management for user access to servers and devices. CC-SG uses different access and power control methods to provide centralized management of devices, software applications, and other solutions in the datacenter. These include Raritan devices, embedded service processors like HP iLO, Dell DRAC, IBM RSA, IPMI, and in-band software solutions such as RDP, VNC, SSH, Telnet and Web browser.

What are the different CC-SG hardware options supported?
Raritan offers hardware versions to address both small and medium size businesses as well as large enterprises with thousands of servers and other IT appliances. CC-SG E1 is targeted at large deployments as well as environments where dual power supply is required for redundancy. The CC-SG V1 is a powerful KVM and in-band access and power management appliance designed to address network redundancy or subnet proxy environments.

The CC-G1 hardware model was discontinued in June of 2007. In order to enjoy the benefits of new features and fixes available in release CC 4.0.0 and later, CC-G1 customers must upgrade to the E1 or V1 models. A trade-in offer is available for customers upgrading their CC-G1 to a new hardware. Note that product warranty for CC-G1 will be respected as long as that warranty is still in effect.

For more information, visit http://www.raritan.com/products/centralized-management/commandcenter-secure-gateway/

How do I identify if I have a CC-G1?
If you purchased and received your CC-SG before May, 2006, you have CC-SG G1 hardware. If you received your CC-SG after May, 2006, and are not sure about your hardware mode, use one of the following three methods to identify if you have a CC-SG-G1 hardware model:

Using the Appliance Serial Number

Locate your serial number underneath the appliance
If your serial number starts with the letters XG,

Using the Admin Client GUI

Log in to the CC-SG administrative interface
In the Administration drop down menu, select the Configuration option
Select the SNMP tab
In the System Description area you will identify your

Using the Diagnostic Console CLI

With SSH client (e.g., PuTTY) make a connection using port number 23 to the CC-SG IP address
Login using ”status” account

In the System Information area at the Model field, CC-SG-G1 will be indicated.

Why would I need CC-SG?
As more data center servers and appliances are deployed, IT management is becoming increasingly complex, IT staffs are being stretched to the limit and the demand for actionable information that help address uptime issues is on the rise. CC-SG allows an IT administrator to access, manage and view all equipment, manage users and access permissions from a single remote device.

Which Raritan products does CC-SG support?
CC-SG can manage Raritan's Dominion KX and KX II KVM-over-IP switches, Dominion SX Serial-over-IP console servers, Dominion KSX remote office appliances and CommandCenter NOC. When deployed with the Paragon II System Controller (P2-SC), CC-SG supports access and control of multiple Paragon II switches. CC-SG also enables centralized remote power management by providing connectivity to Raritan’s Dominion PX intelligent rack power management solutions.

How does CC-SG support virtualization?
With CC-SG firmware version 4.0 you can add virtualization environment to CC-SG to enable connection from CC-SG to virtual machines, virtual hosts, and control systems. The new virtualization feature includes streamlined setup of single-sign-on access to your virtualization environment, ability to issue virtual power commands to virtual machines and virtual hosts, and a topology view with one click connections. CC-SG integrates with VMware™ environments and can support features like connectivity to the Virtual Center software, ESX servers, and VMotion™ functionality.

How does CC-SG integrate with other Raritan products?
CC-SG uses a powerful proprietary search and discovery technology that identifies and connects selected Raritan devices. Once CC-SG is connected and set up, device connection is transparent and administration is simple.

Is the status of CC-SG limited by the status of the devices that it proxies?
No. CC-SG software resides on the dedicated appliance. This means that even if the device being proxied by CC-SG is not operating, users can still access CC-SG.

Can I upgrade to newer versions of CC-SG as they become available?
Yes. Information about firmware availability or firmware may be downloaded from the Raritan Web site at http://www.raritan.com/support/CommandCenter-Secure-Gateway/
Upgrades are done through CommandCenter Secure Gateway’s client Graphical User Interface. Additionally, the CC-SG appliance has a CD/DVD ROM drive to facilitate install/upgrades.

How many login accounts can be created for CC-SG?
There is no specified limit to the number of login accounts that can be created. However, licensing restrictions or system specifications will limit the number of concurrent users or the number of nodes associated with the CC-SG based on the configuration deployed.

Can I assign specific node access to a specific user?
Yes, for users with Administrator permissions. Administrators have the ability to assign specific nodes per user.

How are passwords secured in CC-SG?
Passwords are encrypted using MD5 encryption, a one-way hash. This provides additional security to prevent unauthorized users from accessing the password list. Additionally, users can be authenticated remotely using Active Directory, Radius, LDAP or TACACS+ servers. Password is not stored or cached on CC-SG when using remote authentication.

An administrator added a new node to the CC-SG database and assigned it to me, but I cannot see it in my Device Selection table. Why?
Newly-added nodes should automatically appear in the user’s node table. To update the table, and see the newly-assigned node, click the [Refresh] button. Note: Clicking refresh on the CC-SG toolbar will not close the session. Only the browser refresh button will close the session.

Which version(s) of Java does CC-SG support?
Check the compatibility matrix to identify which JRE version is required for a given CC-SG firmware release. For example, CC-SG 4.0 supports JRE 1.5.0_10 and later versions. The CC-SG administrator has the ability to set his or her own required JRE version for CC-SG users and also provide Hyperlink to this JRE version. Note that JRE is required for use of the CC-SG Java-based Admin Client and for Raritan console applications such as MPC and VKC. JRE is not required for use of the CC-SG HTML-based Access Client.

Specifically what type of changes can a management system monitor and alert on?
CC-SG will log user activity (login/logout, connect/disconnect) and configuration changes at both CC-SG and managed Raritan appliances, and status changes of the connected appliances. All of the above can be forwarded to a network management system or enterprise notification system via SNMP or Syslog.

What is the recommended use of Computer Interface Modules (CIMs) being moved or swapped at the physical level with changes to the logical database?
Each CIM includes a serial number and a target system name. Raritan systems devices assume that a CIM remains connected to its named target when its connection is moved to another switch. This move is automatically reflected in the system configuration and is propagated to CC-SG. If the CIM is moved to another server, an administrator must rename the CIM.

How does CC-SG integrate with blade chassis products?
CC-SG can support any device with a KVM or serial interface as a transparent pass-through. All blade chassis come with one KVM connection for the management of the blade system. Some blade servers allow KVM connections on a blade basis through a proprietary add-on connector from the blade server manufacturer. This would allow access and control of the blade server through Raritan devices. In addition, CC-SG can incorporate access and power management through embedded cards such as HP iLO and RiLOEII, Dell DRAC4, and IBM RSA II. Typically, these cards are located on the blade chassis and control the whole enclosure. CC-SG also provides power management through power strips connected to Raritan devices. CC-SG can also provide centralized access to individual blades with RDP, VNC or SSH.

Will the current Paragon solution work with CC-SG?
Raritan has introduced an interface device – Paragon II System Controller (P2-SC) – that integrates Raritan’s Paragon II analog Cat5 KVM switches with CC-SG. Visit http://www.raritan.com/products/analog-kvm/paragon-ii/ for more information.

How will I know if someone else is logged into a Raritan device managed by CC-SG?
CC-SG presents the list of users logged into a device and can show which users are currently accessing a node through the active users report. Currently accessed devices will be bolded when looking at the device tree view from the CC-SG GUI. In addition, a bolded node and a bolded interface name of a node would indicate that it is currently being accessed by a user.

Does CC-SG have the ability to look at multiple device screens? How is this presented?
If there are many devices connected to CC-SG, users can scroll through the screens to view them all, provided they have the appropriate access privileges. Multiple screens can be opened, each one corresponding to one node, but will be restricted on the KVM side by the capacity of the KVM-over-IP channels.

Is SSL encryption internal (LAN) or external (WAN)?
Both. The session is encrypted regardless of source, i.e., LAN/WAN.

Can audit/logging abilities track down to who switched a power plug on/off?
Direct power switch off is not logged, but the power on/off through the CC-SG GUI is recorded in the audit trail and can be viewed in an Audit Trail report.

Does CC-SG support Client Certificate Request?
Yes. Under CC-SG, navigate to Security Manager under Setup.

Does CC-SG support Virtual Media?
Yes. CC-SG supports Virtual Media Deny, View and Control access policies. Customers can take advantage of the Virtual Media capabilities of CC-SG by using a Dominion KX II product managed by CC-SG. The use of Virtual Media on the Dominion KX II also requires a special Virtual Media Computer Interface Module (CIM.)