Acano solution
Acano Solution Installation Guide
Acano
January 2014
76-1002-03-B
Contents
Contents
1 Introduction ... 3
1.1 Before You Start ... 3
1.1.1 Safety information ... 3
1.1.2 You will need the following equipment ... 3
2 The Acano Server ... 5
2.1 LED Descriptions ... 6
2.1.1 Front panel LEDs ... 6
2.1.2 Back panel LEDs... 6
3 Hardware Installation ... 7
4 Network Configuration ... 10
4.1 Creating an Administrator Account ... 10
4.2 Setting up the Network Interfaces for IPv4 ... 11
4.3 Creating the Web Admin Interface Certificate ... 12
4.4 Configuring the Web Interface for HTTPS Access ... 13
Appendix A DC Power Option – Wiring and Safety ... 15
Location ... 15
Wiring ... 15
Overcurrent protection ... 15
Figures Figure 1: Acano Server front panel ... 5
Figure 2: Acano Server back panel with power units installed ... 5
Figure 3: Fitting inside rail components to the Acano Server sides ... 7
Figure 4: Cage nut locations for the rack rails ... 8
Figure 5: Location of the red button ... 10
Introduction
1 Introduction
Follow this guide to fit the Acano Server into a rack, fit the power supplies, connect the cables, power up and achieve basic network connectivity. See the Deployment Guide for other set up and configuration information.
1.1 Before You Start
1.1.1 Safety information
WARNING: Read the information at www.acano.com/safety. There you will find essential safety information to protect you and the equipment.
The Acano Server weighs approximately 23 kg / 51 lbs.
Do not attempt to lift it on your own at any time.
Do not place it on top of any other equipment.
Do not support it on the rack ears alone; they are not designed to be load-bearing.
The power units do not have an on/off switch; the server will power on as soon as power is connected. Therefore do not do so until instructed.
DC power option only: See Appendix A for additional safety information.
1.1.2 You will need the following equipment
The Acano Server comes with most of the components you need.
The shipping box contains:
One Acano Server
A box containing two power supplies
A box containing power cables for various countries, a serial cable, two rack ears and accessories
Note: If you are using AC power and none of the supplied power cables are approved for your location, you will need to provide them.
Two rack rails. (These rails are not left- or right-handed but are packed in the correct installation orientation relative to the Acano Server)
However, you must provide the following:
A 2U space in a 4-post rack
Up to five Ethernet patch cables. The cabling required depends on your network speed and
the length of the cable run: 10GBASE-T: Cat 6 (patch) or Cat 6A, 1000BASE-T: Cat 5e, Cat
Introduction
A selection of Philips and flat blade screwdrivers
The Acano Server
2 The Acano Server
The front and back of the Acano Server are shown in figures 1 and 2 below. Not all the connections are required during installation.
Figure 1: Acano Server front panel
Figure 2: Acano Server back panel with power units installed OK and
Warning status lights
Power units’
status lights Console port
Network interfaces A to D, each with two status lights
Expansion interface (not currently used) Admin
interface Power unit locations A
and B
The Acano Server
2.1 Status Light Descriptions
This section describes the behavior of the Acano Server status lights (LEDs).
2.1.1 Front panel LEDs
There are four LEDs on the front of the Acano Server: OK, Warning, Power Supply A and Power Supply B. They have the following behavior.
OK
Blue: normal operation Warning
If on (red), check the cause urgently in the Web Admin Interface Status > General page.
Supply A/B
Blue: power supply is operating normally
Flashing quickly: power supply is present but not functioning (i.e. not plugged in)
Flashing slowly: power supply is not present
Note: If either power supply LED is flashing; check the cause urgently in the Web Admin Interface Status > General page.
2.1.2 Back panel LEDs
All five Ethernet ports (Admin and A to D) have the same LED behavior:
Left
Green: Link at 10G
Amber: Link at 1G
Off: Link at 10/100M Right
Green: Link up
Blinking: Activity on link
Off: Link down
Hardware Installation
3 Hardware Installation
Note: From end November 2013 the Acano Server ships with two rack rails – and this guide reflects that. The rack rails are not available for older Acano Servers: if you need an older version of the Installation Guide contact [email protected].
1. Check that the rack sides are parallel and adjust them if necessary.
2. Open the Acano Server packaging; remove the two small boxes and then with another person, using the handles provided, lift the server out of the box and onto a strong flat surface.
3. Open the accessories box and find:
12 x M4 screws for fixing the ears and rails to the server
12 x M5 cage nuts and 12 x M5 screws for fixing the rails and ears into the rack
4. Lift the rack rails out of the packaging, noting the orientation in each case; that is, which end goes at the front of the server.
5. Adjust the length of the rack rails to fit the depth of your rack. This may require repositioning the two screws holding the rear bracket on each rack rail. Tighten the screws securely.
6. Separate the rack rail inner section (which fits to the server) from the rack rail outer section using the release latch.
7. Screw one rack rail inner section to the appropriate side of the Acano Server using the supplied M4 screws (see figure 3). Repeat for the other side.
Figure 3: Fitting inside rail components to the Acano Server sides
Hardware Installation
8. Using a Philips screwdriver fit the rack ears, one on each side of the server at the front using the remaining M4 screws (see figure 3).
1. Attach the outer rail section to the sides of the rack using the supplied M5 screws and cage nuts (see figure 4). Use two screws at the back and two screws at the front of each rail (eight in total).
Figure 4: Cage nut locations for the rack rails
10. With another person, lift the server up
to the rack and slide the two rail sections together on each side.
11. Secure the server in the rack with the rack ears using two M5 screws for each rack ear.
Note: Do not support the Acano Server on the rack ears alone.
12. Unpack the box containing the two power supplies. They are identical.
13. Move to the back of the rack and slide the power supplies fully into the Power A and B slots in the back of the server until they latch (see Figure 2).
Notes:
Do not connect power to the server at this time.
DC power option only: See Appendix A for DC wiring instructions. Do not switch on the power at this time.
14. Connect a network cable to the Admin interface and to your administrator network.
This interface is used to set up time servers and to upgrade the software version. (Both are outside the scope of this Installation Guide.) Connections to the Admin interface are via SSH or SFTP.
15. Connect a network cable to the A interface and to your production or testing network.
This media interface is also used for access to the Web Admin Interface and therefore for
Hardware Installation
server configuration. An HTTPS connection is required – attempting to connect using HTTP will fail. A certificate is required – as explained in later sections.
Note: Interfaces A to D will operate at the speed of the network switch that they are connected to. If you are using a speed of 10G be sure to use the appropriate cable for the speed and cable length. The interface LEDs show which speed is in use. See the section, LED descriptions.
16. If required, connect the other interfaces (B to D).
Network Configuration
4 Network Configuration
4.1 Creating an Administrator Account
2. Connect power:
AC power option: connect both power units to the AC mains using the appropriate power cables for your location. There are no on/off switches; therefore the Acano Server
powers up immediately
DC power option: switch on the DC power to the Acano Server
3. Moving to the front of the server (see Figure 1), you see the two power unit status LEDs and the server status LED are on, indicating that the Acano Server is powered and operational.
4. Connect the Acano Server Console port to a terminal emulator using the serial cable supplied in the box. Use baud rate 115200, 8 data bits, no parity and 1 stop bit
5. Using a Philips screwdriver loosen the two screws on the top front service hatch and hinge the cover upwards.
You see the fan module on the left and a smaller area on the right with cables and connectors. In this area and behind the front grill are two small buttons: one red (labeled reset) and one black.
Figure 5: Location of the red button
6. Carefully press the red (reset) button only.
7. Within 4 minutes of pressing this button log into the Acano Server using the terminal emulator: user account is “admin”, no password will be requested.
8. Set up your admin account using the following command.
user add admin admin
Network Configuration
9. You will be prompted for a password which you must enter twice.
10. Close the hatch and push the screws down to secure the hatch, no screwdriver is needed.
Note: When you log in subsequently, either via the Console port or Admin interface, using the admin account you will be asked for this password.
4.2 Setting up the Network Interfaces for IPv4
11. Configure the Network Interface speed
To set network interface speed, duplex and auto-negotiation parameters use the iface command e.g. to display the current configuration on the Admin interface, type:
iface admin
where “admin” is the Web Admin Interface. In the examples below “admin” can be substituted by “a” (the A interface) to re-use the commands to configure that interface.
To set the Admin interface to 1GE, full duplex type:
iface admin 1000 full
and to switch auto negotiation on or off, type:
iface admin autoneg <on/off>
We recommend that the network interface is set to auto negotiation unless you have a specific reason not to.
12. Configure the IP settings:
a. Go on to step c if you are using static IP addresses.
b. Configure to use DHCP
To enable dhcp on the Admin interface type:
ipv4 admin dhcp
Note: There is a similar set of commands to use if you are using IPv6. See the MMP Command Reference for a full description.
Then to find out the dhcp configured settings, type:
ipv4 admin ipv4 a
Go on to step 13.
c. Configure to use static IP addresses (skip this step if you are using DHCP)
Use the IPV4 add command to add a static IP address to the interface with a specified subnet mask and default gateway. For example, to add address 10.1.2.4 with prefix length 16 (netmask 255.255.0.0) with gateway 10.1.1.1 to the MMP, type:
ipv4 admin add 10.1.2.4/16 10.1.1.1 To remove the IPv4 address, type.
ipv4 admin del
Network Configuration
a. To output the dns configuration, type:
dns
b. To set the application DNS server, type:
dns mmp add forwardzone <domain name> <server IP>
Note: A forward zone is a pair consisting of a domain name and a server address: if a name is below the given domain name in the DNS hierarchy, then the DNS resolver can query the given server. Multiple servers can be given for any particular domain name to provide load balancing and fail over. A common usage will be to specify "." as the domain name i.e. the root of the DNS hierarchy which matches every domain name, i.e. is the server is on IP 10.1.1.1
dns mmp add forwardzone . 10.1.1.1 c. Similarly, configure the DNS for the MMP.
d. If you need to delete a DNS entry use:
dns mmp del forwardzone <domain name> <server IP>
for example:
dns mmp del forwardzone . 10.1.1.1
4.3 Creating the Web Admin Interface Certificate
You need to create a security certificate to install onto the Acano Server. For users happy to trust that Acano meets requirements for generation of private key material, private keys and associated Certificate Signing Requests can be generated with the MMP pki command.
14. Log in to the MMP and generate the private key and certificate signing request:
pki csr <key/cert basename> <commonName>
where <key/cert basename> is a string identifying the new key and CSR (e.g. "webserver"
results in "webserver.key" and "webserver.csr" files)
<commonName>" is the commonName (CN) which should be on the certificate. The commonName must be the DNS name for the server to be protected by SSL (for more information see http://info.ssl.com/Article.aspx?id=10048). For example, if the website to be protected will be https://server.mycompany.com, then enter server.mycompany.com. Failure to do this will result in browser certificate errors.
15. The CSR is then used in one of two ways.
a. Ideally, send the CSR to a Certificate Authority (CA), such as Verisign who will verify the identity of the requestor and issue a signed certificate.
i. Transfer the file to the CA.
ii. Issue the following command in the command line management shell on the CA server replacing the path and CSR name with your information:
certreq -submit -attrib "CertificateTemplate:WebServer"
C:\Users\Administrator\Desktop\certcsr.pem
iii. After entering the command, a CA selection list is displayed similar to that below.
Select the correct CA and click OK.
Network Configuration
iv. Do one of the following:
If your Windows account has permissions to issue certificates, you are prompted to save the resulting certificate, for example as webserver.pem. Go on to the step 3 below.
If you do not see a prompt to issue the resulting certificate, but instead see a message on the command prompt window that the 'Certificate request is pending: taken under submission', then follow the steps in Appendix D before going on to step 3 below.
CAUTION: If you are using a CA with the Web Enrolment feature installed, you may copy the CSR text including the BEGIN CERTIFICATE REQUEST and END
CERTIFICATE REQUEST lines to submit. After the certificate has been issued, copy only the certificate and not the Certificate Chain. Be sure to include all text including the BEGIN CERTIFICATE and END CERTIFICATE lines and paste into a text file.
b. Alternatively for quick testing and debugging, self-signed certificates can be generated (http://en.wikipedia.org/wiki/Self-signed_certificate).
pki selfsigned <key/cert basename>
where <key/cert basename> identifies the key and certificate which will be generated e.g. "pki selfsigned webserver" creates webserver.key and webserver.crt (which is self- signed).
16. Transfer both the the certificate and key files (e.g. webserver.crt and webserver.key) to the MMP of the Acano Server using SFTP.
4.4 Configuring the Web Interface for HTTPS Access
You can configure the Web Admin Interface to use any or all of the five Ethernet interfaces.
17. Establish a SSH connection again to the MMP of the Acano Server and log in.
18. Enter the following commands to configure the Web Admin Interface to use the Ethernet
interface labeled Admin:
Network Configuration
webadmin listen mmp 443 webadmin enable
Note: Be sure to use the same names as the certificates you uploaded in section 4.3 19. Create a Web Admin Interface admin user to use the Web Admin Interface with the
command webadmin user <name> <password> , e.g.
webadmin user fred mypassword345
20. Test that you can access the Web Admin Interface of the Acano Server, i.e. enter
https:\\acanoserver.mycomany.com in your browser and login using the user account you created in step 3.
You are now ready to configure the Acano Server. See the Deployment Guide for details.
DC Power Option – Wiring and Safety
Appendix A DC Power Option – Wiring and Safety
If you are using the DC power option for your Acano Server, you must observe the following additional instructions.
Location
The Acano Server must be installed in a restricted access location within the meaning of UL 60950-1, IEC 60950-1 or equivalent (see http://www.ul.com).
Wiring
Use 10 AWG wire for the RTN, -48V and ground (earth) connections. (The RTN is the positive power connection and the -48V is the negative power connection. The ground (earth) connection is to the chassis for safety.)
Note: Generally, DC wiring colors are not standardized nationally. Follow the color scheme applicable to your facility.
Overcurrent protection
Use a 30A circuit breaker on the branch circuit connection to each power supply unit. The circuit
breakers must be approved for use in your facility.
© 2014 Acano (UK) Ltd. All rights reserved.
This document is provided for information purposes only and its contents are subject to change without notice. This document may not be reproduced or transmitted in any form or by any means, for any purpose other than the recipient’s personal use, without our prior written permission.
Acano and coSpace are trademarks of Acano. Other names may be trademarks of their respective owners.
