3

Setting Up the Hardware

Unpacking and installing the hardware

There are two basic tasks you must complete to get the 3-DNS Controller installed and set up.

• Connect the peripheral hardware and connect the 3-DNS Controller to the network.
• Turn the system on and run the First-Time Boot utility.
  The First-Time Boot utility is a wizard that helps you configure basic system elements such as administrative passwords, IP addresses, and host names for both the root system and the 3-DNS web server. Once you complete the First-Time Boot utility, you can continue the configuration process either from a remote administrative workstation, or directly from the console.

Reviewing the hardware requirements

The 3-DNS Controller comes with the hardware you need for installation and maintenance. However, you must provide standard peripheral hardware, such as a keyboard or serial terminal.

Hardware provided with the 3-DNS Controller

When you unpack the 3-DNS Controller, make sure the following components are included:

• One power cable
• One PC/AT-to-PS/2 keyboard adapter
• Four rack-mounting screws
• Two keys for the front panel lock
• One extra fan filter
• One 3-DNS Controller Administrator Guide

  If you purchase a hardware-based redundant system, you also receive one fail-over cable to connect the two controller units together (network-based redundant systems do not require a fail-over cable). Additionally, if you purchase a 3-DNS Controller that supports encryption, you receive the F-Secure SSH Client manual, published by Data Fellows.

Peripheral hardware that you provide

For each 3-DNS Controller in the system, you need to provide the following peripheral hardware:

• Standard input/output hardware for direct administrative access to the 3-DNS Controller. Either of the following options is acceptable:
  • VGA monitor and PC/AT-compatible keyboard
  • Serial terminal and a null modem cable (See To configure a serial terminal in addition to the console, on page 3-10 , for serial terminal configuration information.)
• Network hubs, switches, or concentrators to connect to the 3-DNS Controller network interfaces. The devices you select must be compatible with the network interface cards installed in the 3-DNS Controller. The devices can support 10/100 Ethernet, Gigabit Ethernet, or FDDI/CDDI (including multiple FDDI and full duplex).
  • For Ethernet, you need either a 10Mb/sec or 100 Mb/sec hub or switch
  • For FDDI/CDDI, a concentrator or a switch is optional

    If you plan on doing remote administration from your own PC workstation, as most users do, we recommend that you have your workstation already in place. Keep in mind that the First-Time Boot utility prompts you to enter your workstation's IP address when you set up remote administrative access.

Familiarizing yourself with the 3-DNS Controller hardware

The 3-DNS Controller is offered in two hardware configurations: the 4U hardware configuration, and the 2U hardware configuration. Before you begin to install the 3-DNS Controller, you may want to quickly review the following figures that illustrate the controls and ports on both the front and the back of a 4U 3-DNS Controller and a 2U 3-DNS Controller.

Using the 3-DNS Controller 4U hardware configuration

This section describes the front and back layout of a 4U 3-DNS Controller. If you have a special hardware configuration, such as those that include more than two interface cards, the ports on the back of your unit will differ slightly from those shown below.

Note: The ports on the back of every 3-DNS Controller are individually labeled.

Figure 3.1 Front view of a 4U 3-DNS Controller

1. Fan filter 2. Keyboard lock 3. Reset button 4. Keyboard lock LED 5. Hard disk drive LED

6. Power LED 7. On/off button 8. 3.5 floppy disk drive 9. CD-ROM drive

Figure 3.1 illustrates the front of a 4U 3-DNS Controller with the access panel open. On the front of the unit, you can turn the unit off and on, and you can reset the unit. You can also view the indicator lights for hard disk access and for the keyboard lock.

Figure 3.2 illustrates the back of a 4U 3-DNS Controller. Note that all ports are labeled, even those which are not intended to be used with the 3-DNS Controller. Ports marked with an asterisk (*) in the list following the figure are not used by the 3-DNS Controller, and you do not need to connect them to any peripheral hardware.

Figure 3.2 Rear view of a 4U 3-DNS Controller

1. Fan 2. Power in 3. Voltage selector 4. Mouse port* 5. Keyboard port 6. Universal serial bus ports* 7. Serial terminal port

8. Printer port* 9. Fail-over port 10. Video (VGA) port 11. Internal interface (RJ-45) 12. External interface (RJ-45) 13. Interface indicator LEDs 14. Watchdog card*

*Not to be connected to any peripheral hardware

Using the 3-DNS Controller 2U hardware configuration

This section describes the front and back layout of a 2U 3-DNS Controller. If you have a special hardware configuration, such as those that include more than two interface cards, the ports on the back of your unit will differ slightly from those shown below.

Note: The ports on the back of every 3-DNS Controller are individually labeled, so it should be clear what each port is, no matter which hardware configuration you have purchased.

Figure 3.3 Front view of a 2U 3-DNS Controller

1. Fan filter 2. Keyboard lock 3. Reset button 4. Keyboard lock LED 5. Hard disk drive LED

6. Power LED 7. On/off button 8. CD-ROM drive

Figure 3.3 illustrates the front of a 2U 3-DNS Controller with the access panel open. On the front of the unit, you can turn the unit off and on, and you can reset the unit. You can also view the indicator lights for hard disk access and for the keyboard lock.

Figure 3.4 illustrates the back of a 2U 3-DNS Controller. Note that all ports are labeled, even those which are not intended to be used with the 3-DNS Controller. Ports marked with an asterisk (*) in the list following the figure are not used by the 3-DNS Controller, and you do not need to connect them to any peripheral hardware.

1. Fan 2. Power in 3. Power out 4. Mouse port* 5. Keyboard port 6. Fail-over port 7. Printer port*

8. Serial terminal port 9. Video (VGA) port 10. External interface (exp0) 11. Internal interface (exp1)

*Not to be connected to any peripheral hardware.

Figure 3.4 Back view of a 2U 3-DNS Controller

Environmental requirements and usage guidelines

A 3-DNS Controller is an industrial network appliance, designed to be mounted in a standard 19-inch rack. To ensure safe installation and operation of the unit:

• Install the rack according to the manufacturer's instructions, and check the rack for stability before placing equipment in it.
• Build and position the rack so that once you install the 3-DNS Controller, the power supply and the vents on both the front and back of the unit remain unobstructed. The 3-DNS Controller must have adequate ventilation around the unit at all times.
• Do not allow the air temperature in the room to exceed 40° C.
• Do not plug the unit into a branch circuit shared by more electronic equipment than the circuit is designed to manage safely at one time.
• Verify that the voltage selector is set appropriately before connecting the power cable to the unit.

  

  

  

Guidelines for DC powered equipment

A DC powered installation must meet the following requirements:

• Install the unit using a 20 Amp external branch circuit protection device.
• For permanently connected equipment, incorporate a readily- accessible disconnect in the fixed wiring.
• Use only copper conductors.

  

Installing and connecting the hardware

There are six basic steps to installing the hardware. You simply need to install the controller in the rack, connect the peripheral hardware and the external and internal interfaces, and then connect the fail-over and power cables. If you have a unit with three or more network interface cards (NICs), be sure to review step 3.

Warning: Do not turn on a 3-DNS Controller until all peripheral hardware is connected to the unit.

To install the hardware

1. Mount the 3-DNS Controller on the rack and secure it using the four rack-mounting screws that are provided.
2. Connect the hardware that you have chosen to use for input/output:

   · If you are using a VGA monitor and keyboard, connect the monitor connector cable to the video port (number 10 in the 4U figure, or number 9 in the 2U figure) and connect the keyboard connector cable to the keyboard port (number 5 in the 4U or 2U figure). Note that a PC/AT-to-PS/2 keyboard adapter is included with each 3-DNS Controller (see the component list on page 3-1 ).

   · Optionally, if you are using a serial terminal as the console, connect the serial cable to the serial terminal port (number 7 in the 4U figure, or number 8 in the 2U figure). You should not connect a keyboard to the 3-DNS Controller. If there is no keyboard connected to the 3-DNS Controller when it is started or rebooted, the 3-DNS Controller defaults to using the serial port as the console.

3. Connect the external interface (number 11 in the 4U figure, or number 10 in the 2U figure) to the network from which the 3-DNS Controller receives connection requests.

   · If you have purchased a unit with three or more network interface cards (NICs), be sure to note or write down how you connect the cables to the internal and external interfaces. When you run the First-Time Boot utility, it automatically detects the number of interfaces that are installed and prompts you to configure more external interfaces, if you want. It is important to select the correct external interface based on the way you have connected the cables to the back of the unit.

4. Connect the internal interface (number 11 in the 4U or 2U figure) to the network that houses the array of servers, routers, or firewalls that the 3-DNS Controller load balances.
5. If you have a hardware-based redundant system, connect the fail-over cable to the serial terminal port on each unit (number 7 in the 4U figure, or number 8 in the 2U figure).
6. Connect the power cable to the 3-DNS Controller (number 2 in the 4U or 2U figure), and then connect it to the power source.

Warning: Before connecting the power cable to a power supply, customers outside the US should make sure that the voltage selector is set appropriately. This check is necessary only if the controller has an external voltage selector.

To configure a serial terminal in addition to the console

To configure a serial terminal, in addition to the standard console, for the 3-DNS Controller, you need to complete the following configuration steps. Note that if you are using a serial vt100 connection, you must edit both the /etc/ttys and bash_profile files on the 3-DNS Controller.

Note: Before you configure the serial terminal, you must disconnect the keyboard from the 3-DNS Controller. When there is no keyboard connected to the 3-DNS Controller, the 3-DNS Controller defaults to using the serial port for the console.

You must attach a serial device to the serial port before the 3-DNS Controller is booted in order for the controller to use the serial port as the console.

1. Configure the serial terminal settings as follows:

   - 9600 baud

   - 8 bits

   - 1 stop bit

   - No parity

2. Open the /etc/ttys file and find the line that reads tty00 off. Modify it as shown here:

  # PC COM ports (tty00 is DOS COM1) tty00 
"/usr/libexec/getty default" vt100 in secure 
tty01 off 

1. Save the /etc/ttys file and close it.
2. Reboot the BIG/ip Controller.

Running the First-Time Boot utility

After you have finished connecting the 3-DNS Controller and peripheral hardware to the network, you then run the First-Time Boot utility. The First-Time Boot utility is a wizard that walks you through a brief series of required configuration tasks, such as defining a root password and configuring IP addresses for the network interfaces. Once you complete the First-Time Boot utility, you can connect to the 3-DNS Controller from a remote workstation and begin configuring your load balancing set up.

The First-Time Boot utility is organized into three phases: configure, confirm, and commit. You first configure all of the required information. Next, you have the opportunity to correct, if necessary, and confirm each individual setting that you have configured. Finally, your confirmed settings are committed and saved to the system.

Each phase walks you through a series of screens, presenting the information in the following order:

• Root password
• Host name
• Default route (typically a router's IP address)
• Time zone
• NTP clocks
• Interface settings for the network interface(s)
• Configuration for 3-DNS redundant systems (fail-over IP address)
• IP address for remote administration
• Settings for the 3-DNS web server
• Defining the basic BIG-IP and sync group configuration
• Settings for the NameSurfer application
• Allowance of technical support access

  The screens you see are tailored to your specific hardware and software configuration. For example, if you have a stand-alone system, the First-Time Boot utility skips the redundant system screens.

Gathering the information

Before you run the First-Time Boot utility on a 3-DNS Controller, you should have the following information ready to enter:

• Passwords for the root system, for the 3-DNS web server, and for technical support access (optional)
• Host names for the root system and the 3-DNS web server
• A default route (typically a router's IP address)
• Settings for the network interfaces, including IP addresses, media type, and custom netmask and broadcast addresses
• Configuration information for redundant systems, including an IP alias for the shared address, and the IP addresses of the individual controllers
• The IP address or IP address range for remote administrative connections
• The IP addresses of the other 3-DNS Controllers and BIG-IP Controllers running in the network

An important note about configuring international 3-DNS Controllers

When you run the First-Time Boot utility on a non-crypto 3-DNS Controller, certain screens are different from those shown when you run the First-Time Boot utility on a crypto 3-DNS Controller.

• On crypto 3-DNS Controllers, the First-Time Boot utility prompts you to configure an administrative IP address from which the 3-DNS Controller accepts ssh connections.
• On non-crypto 3-DNS Controllers, the First-Time Boot utility prompts you to configure an administrative IP address from which the 3-DNS Controller accepts rsh connections.

  The 3-DNS Controller stores the administrative IP address for rsh and rcp connections in the /etc/hosts.allow file. Note that storing the administrative IP address in the /etc/hosts.allow file may differ slightly from other common rsh configurations where it is often stored in the /etc/hosts.equiv file.

Starting the First-Time Boot utility

The following steps get you started with the First-Time Boot utility. As you work through the First-Time Boot utility, refer to the following sections that provide you with important information regarding each screen that the First-Time Boot utility presents.

Run the First-Time Boot utility directly on the console, using the VGA monitor and keyboard.

1. Turn on the power switch.

   Once you turn on the power switch (located on the front of the 3-DNS Controller as shown in Figure 3.1 , number 7), the License Agreement screen appears.

2. Read the License Agreement as you page down to the end of the License Agreement screen, and press Enter.
3. If you accept the agreement, select Yes, I Agree To This License, and press Enter.
   The Welcome screen appears.
4. Continue to press any key until you come to the New Root Password screen.
5. Each screen in the First-Time Boot utility provides instructions on how to proceed. For additional information on how to fill in the remaining screens in the First-Time Boot utility, read the following sections.

Defining a root password

A root password allows you administrative access to the 3-DNS Controller. The password must contain a minimum of 6 characters, and a maximum of 128 characters. Passwords are case-sensitive, and we recommend that your password contain a combination of uppercase and lowercase characters, as well as punctuation characters. Once you enter a password, the First-Time Boot utility prompts you to confirm your root password by typing it again. If the two passwords match, your password is immediately saved. If the two passwords do not match, you receive an error message asking you to re-enter your password.

Warning: The root password is the only setting that is saved immediately; the other settings are confirmed and committed at the end of the First-Time Boot utility process. You can change the root password after the First-Time Boot utility completes and you reboot the 3-DNS Controller (see To change the root user password for command line access, on page 7-11 for details). You can change other system settings when the First-Time Boot utility prompts you to confirm your configuration settings.

Defining a host name

The host name identifies the 3-DNS Controller. Host names must start with a letter or number and contain at least two characters. They may contain numbers, letters, dash symbols ( - ), and periods ( . ). There are no additional restrictions on host names, other than those imposed by your own network requirements.

Configuring a default route

If a 3-DNS Controller does not have a predefined static route for network traffic, the unit automatically sends traffic to the IP address that you define as the default route. Typically, a default route is set to a router's IP address.

Configuring a time zone

Configuring a time zone ensures that the clock for the 3-DNS Controller is set correctly, and that dates and times recorded in log files correspond to the time zone of the system administrator. Scroll through the time zone host to find the zone closest to your location. Note that one option may appear with multiple names.

Configuring NTP clocks

You can synchronize your time to a public time server by using Network Time Protocol (NTP). NTP is built on top of TCP/IP and assures accurate local timekeeping with reference to clocks located on the Internet. This protocol is capable of synchronizing distributed clocks within milliseconds over long periods of time. If you choose to do this, make sure UDP port 123 is open in both directions when 3-DNS is behind a firewall.

Configuring the interfaces

If you have a redundant system, on the Configure 3-DNS Interfaces screen, select Yes, it is a redundant 3-DNS System. You must configure the primary Ethernet interface, but you configure the secondary Ethernet interface only if you want to have two independent network access paths to the 3-DNS Controller. The utility prompts you for each interface, and asks you to provide the IP address, netmask, broadcast address, and the interface media type.

If you have a redundant system, you are also prompted to provide the IP address that serves as an IP alias for both 3-DNS Controllers. The IP alias is shared between the units, and is used only by the currently active machine. Each individual controller uses unique IP addresses on its network interface card(s). The First-Time Boot utility guides you through configuring the interfaces, based on your hardware configuration.

• Stand-alone controllers
  On stand-alone controllers, you enter IP addresses in the following order: primary Ethernet interface IP address, secondary Ethernet interface IP address.
• Redundant systems
  On redundant systems, you enter IP addresses in the following order: primary Ethernet interface IP address, primary shared alias, secondary Ethernet interface IP address, secondary shared alias.

Configuring the primary and secondary Ethernet interfaces

The Select Interface screen shows a list of the installed interfaces. Select the Ethernet interface you want to configure, and press Enter (the primary Ethernet interface is typically named exp0). The utility prompts you for the following information, in many cases offering you a default:

• Interface IP address
• Netmask
• Broadcast address
• Primary shared IP alias (redundant systems only)
• Primary shared alias netmask (redundant systems only)
• Primary shared alias broadcast address (redundant systems only)
• Interface media type
• Peer IP address (redundant systems only)

Note: The IP address of the primary Ethernet interface is not the IP address associated with your domain(s). The IP addresses of the domains themselves are specified by the wide IP definitions.

Warning: The First-Time Boot utility lists only the network interface cards that it detects during boot up. If the utility lists only one interface card, the network adapter may have come loose during shipping. Check the LED indicators on the network adapters to ensure that they have properly detected the 3-DNS Controller media that should be installed.

Once you select the interface, you need to enter the following information:

• IP address
• Netmask
  Note that the 3-DNS Controller uses a default netmask appropriate to the subnetwork indicated by the IP address. The default netmask is shown in brackets at the prompt. To accept the default, press Return.
• Broadcast address
  The default broadcast address is a combination of the IP address and the netmask. The default broadcast address is shown in brackets at the prompt. To accept the default, press Return.
• Primary shared IP alias (redundant systems only)
• Peer IP address (redundant systems only)
  The peer IP address is the IP address of the other controller that runs in the redundant system. The 3-DNS Controller uses the specified peer IP address to communicate with the second controller.
• Media type for primary Ethernet interface
  The media type options depend on the network interface card included in your hardware configuration. The 3-DNS platform supports the following types:
  • Auto
  • 10baseT
  • 10baseT,FDX
  • 100baseTX
  • 100baseTX,FDX
  • FDDI
  • Gigabit Ethernet

Configuring remote administration

When you configure remote administration, the screens that you see vary, depending on whether you have a US 3-DNS Controller, or an international 3-DNS Controller.

• On a US 3-DNS Controller, the first screen you see is the Configure SSH screen, which prompts you to type an address for SSH command line access.
• On international 3-DNS Controllers that do not have SSH, the First-Time Boot utility displays the Configure rsh screen instead.

  The First-Time Boot utility prompts you to enter a single IP address or a range of IP addresses, from which the 3-DNS Controller can accept administrative connections (either remote shell connections, or connections to the 3-DNS web server). To specify a range of IP addresses, you can use the asterisk (*) as a wildcard character in the IP addresses.

  The following example allows remote administration from all hosts on the 192.168.2.0 network:

  192.168.2.*

Tip: For redundant systems, you must configure command line access. If you do not configure command line access, the two controllers in the system cannot communicate with each other, and they cannot properly initiate a fail-over.

Configuring settings for the 3-DNS web server

The 3-DNS web server requires that you define a domain name for the server on the primary Ethernet interface. If you are using the secondary Ethernet interface, you must define a domain name on that interface as well. The 3-DNS web server configuration requires that you define a user ID and password. On US products, the configuration also generates certificates for authentication.

The First-Time Boot utility guides you through a series of screens to set up web server access:

• The first screen prompts you to enter a fully-qualified domain name for each network interface that you configured earlier in the utility.
• The certification screen prompts you to enter the company name and location information used for the authentication certificate (US 3-DNS Controllers only).
• The next web server screen prompts you for a user name and a password. The password does not show on screen as you type it. The utility prompts you to enter the password again for confirmation purposes.
• The final screen prompts you to specify whether you want to allow F5 technical support to have access to the web server.

  Note that if you ever change the IP addresses or host names on the 3-DNS Controller interfaces, you need to reconfigure the 3-DNS web server to reflect your new settings. You can run the re-configuration utility from the command line using the following command:

  config_httpd

If you wish to create a new password for the 3-DNS web server, delete the /var/f5/httpd/basicauth/users file before running the config-httpd utility. If this file is missing from the configuration, the utility prompts you for both user ID and password information.

You can also add users to the existing password file, change a password for an existing user, or recreate the password file, without actually going through the 3-DNS web server configuration process. For more information, see To add a new user ID using the Configuration utility, on page 7-11 .

Warning: If you have modified the 3-DNS web server configuration outside of the configuration utility, be aware that some changes may be lost when you run the config-httpd utility. This utility overwrites the httpd.conf file, and several other files, but it does warn you before doing so.

Identifying additional controllers in the network

In the next series of screens, you identify other 3-DNS Controllers and BIG-IP Controllers running on the network that the current 3-DNS Controller needs to communicate with. For each additional 3-DNS Controller or BIG-IP Controller, you must enter the IP address, the root user ID, whether you access the controller using SSH or rsh, and you must select which sync group the controller belongs to. A sync group is a group of 3-DNS Controllers that share configuration settings and path statistics.

Note that if you are defining a redundant system (either 3-DNS Controllers or BIG-IP Controllers), you need to enter the IP address of the controller, as well as the shared IP alias for each interface on the controller. You also need to choose whether the current 3-DNS Controller will be a principal or a receiver (note that each sync group can have only one principal, but can have an unlimited number of receivers).

You can view the list of currently-defined controllers at any time, and you can use the List is Complete option to exit these screens and move on to the next configuration task.

Configuring the NameSurfer application for zone file management

In the final series of screens, you choose whether to have NameSurfer handle DNS zone file management on the current 3-DNS Controller. We strongly recommend that you configure NameSurfer to handle zone file management by selecting NameSurfer to be the master on the 3-DNS Controller. If you select NameSurfer as the master, NameSurfer converts the master DNS zone files on the controller and handles all changes and updates to these files. (You can access the NameSurfer application directly from the Configuration utility). For details about converting existing BIND files to NameSurfer, see To transfer and convert existing BIND files, on page L-22 .

Warning: If you do not set NameSurfer to be the master for your wide IP zones, you cannot use the Configuration utility. Instead, you must manually configure all 3-DNS Controller settings.

Confirming your configuration settings

By this point, you should already have entered all the configuration information, and now you confirm each setting. Each confirmation screen displays a setting and prompts you to accept or edit it. If you choose to edit the setting, the utility displays the original configuration screen in which you defined the setting the first time. When you finish editing the item, you return directly to the Confirmation screen for that item, and continue the confirmation process. Note that once you accept a setting in the Confirmation screen, you do not have another opportunity to review it.

You confirm or edit the settings in the same order that you configured them:

• Confirm Host name
• Confirm Default route
• Confirm time zone
• Confirm all interface settings, external and internal
• Confirm administrative IP address
• Confirm web server options

  Once you have confirmed the last setting, the First-Time Boot utility moves directly into the commit phase, where you are not able to make any changes.

Committing your configuration settings to the system

Once you confirm all of the configuration settings, the configuration utility saves the configuration settings. During this commit process, the First-Time Boot utility creates the following files and tables:

• An administrative IP access file
  This file stores the IP address, or IP address range, from which the 3-DNS Controller accepts administrative connections.
• An /etc/wideip.conf file
• An /etc/netstart file
• An /etc/ethers file
• A /var/f5/httpd/conf/httpd.conf file
• An /etc/sshd_config file

  If you want to change any information in these files at a later time, you can edit the files directly, change the information in the web-based Configuration utility, or change certain settings using command line utilities. If necessary, you can also re-run the First-Time Boot utility.

Enabling remote login tools

If you are setting up a crypto 3-DNS Controller that needs to communicate with international 3-DNS Controllers, you must enable the rsh and rcp tools on the crypto 3-DNS Controller. These are the standard communication and copying tools that international 3-DNS Controller and BIG-IP Controllers use.

To enable the remote login tools on a US 3-DNS Controller

Run the rsetup script from the command line. The rsetup script performs several essential steps to enable access for rsh and rcp, and we strongly recommend that you use the script rather than doing this manually.

Preparing workstations for command line access

The type of system you have determines the options you have for remote command line administration:

• crypto 3-DNS Controllers support secure shell command line access using the F-Secure SSH client.
• non-crypto 3-DNS Controllers support command line access using a standard rsh shell.

  If you are working with a crypto 3-DNS Controller, we recommend that you install the F-Secure SSH client on your workstation. The 3-DNS Controller includes a version of the F-Secure SSH client for each of the following platforms: Windows, UNIX, and Macintosh. You can download the F-Secure client using your web browser, or by using an FTP server on the administrative workstation.

  The F-Secure license agreement allows you to download two copies of the F-Secure SSH client. If you require additional licenses, contact Data Fellows. For information about contacting Data Fellows, as well as information about working with the SSH client, refer to the F-Secure manual included with your 3-DNS Controller.

Note: You can also use the F-Secure SSH suite to transfer files to and from the 3-DNS Controller, and for remote backups. An F-Secure SSH client is pre-installed on the 3-DNS Controller to assist with file transfer activities. Please refer to the F-Secure User's Manual for more information.

Downloading the F-Secure SSH client from the 3-DNS web server

The F-Secure SSH client is available in the Downloads section of the 3-DNS web server. For US products, you connect to the 3-DNS web server via SSL on port 443 (use https:// rather than http:// in the URL). Once you connect to the 3-DNS web server, click the Downloads link. From the Downloads page, you can select the SSH Client.

Downloading the F-Secure SSH client using FTP

The 3-DNS Controller has an FTP client installed, which allows you to transfer the F-Secure SSH Client using FTP. (Note that your destination workstation must also have an FTP server installed.) After you transfer the installation file, you simply decompress the file and run the F-Secure installation program.

You initiate the transfer from the 3-DNS Controller itself using the monitor and keyboard or the serial terminal attached directly to the 3-DNS Controller.

To transfer the SSH client using FTP

1. Locate the appropriate SSH client for the operating system that runs on the administrative workstation:

   a) Navigate to the /usr/contrib/fsecure directory where the F-secure SSH clients are stored.

   b) List the directory, noting the file name that corresponds to the operating system of your administration workstation.

2. Start FTP:
   ftp
3. Open a connection to the remote workstation using the following command, where IP address is the IP address of the remote workstation itself:

  open <IP address>

Once you connect to the administrative workstation, the FTP server on the administrative workstation prompts you for a password.

1. Type the appropriate user name and password to complete the connection.
2. Switch to passive FTP mode:

  passive

1. Switch the transfer mode to binary:

  bin

1. Navigate to the directory on the administrative workstation where you want to install the F-Secure SSH client.
2. Start the transfer process using the following command, where filename is the name of the F-Secure file that is specific to the operating system running on the administrative workstation:

  put <filename>

1. Once the transfer is done, type the following command:

  quit

Setting up the F-Secure SSH client on a Windows 95 or Windows NT workstation

The F-Secure SSH client installation file for Windows platforms is compressed in ZIP format. You can use standard ZIP tools, such as PKZip or WinZip to extract the file.

To unzip and install the SSH client

1. Log on to the Windows workstation.
2. Navigate to the directory where you transferred the F-Secure installation file, and run PKZip or WinZip to extract the files.
3. The set of files extracted includes a Setup executable. Run the Setup executable and install the client.
4. Start the F-Secure SSH client.
5. In the SSH Client window, from the File menu choose Connect.
   The Connect Using Password Authentication window opens.
6. Click Properties.
7. In the Options dialog box, check Compression and Forward X11, and set the Cipher option to Blowfish. Click OK to return to the Connect Using Password Authentication window.
8. In the Connect Using Password Authentication window, type the following items:

   a) 3-DNS Controller IP address or host name

   b) The root user name

   c) The root password

9. Press Return to log on to the 3-DNS Controller.

Setting up the F-Secure SSH client on a UNIX workstation

The F-Secure installation file for UNIX platforms is compressed in TAR/Gzip format.

To untar and install the SSH client

1. Log on to the workstation and navigate to the directory where you transferred the F-Secure SSH client tar file.
2. Untar the file and follow the instructions in the install file to build the F-Secure SSH client for your workstation.
3. Start the SSH client.
4. Open a connection to the 3-DNS Controller:

  ssh -l root [3-DNS IP address]

1. Type the root password.