2

Working with the First-Time Boot Utility

• Using the First-Time Boot utility
• Gathering configuration information
• Starting the First-Time Boot utility
• Configuring settings for the GLOBAL-SITE web server
• Configuring the LDAP server
• Confirming your configuration settings
• Committing your configuration settings to the system

Using the First-Time Boot utility

The First-Time Boot utility is a wizard that walks you through a brief series of tasks to complete the required configuration for the GLOBAL-SITE Controller. The utility has you do things like define a root password and configure IP addresses for the network interfaces.

The First-Time Boot utility's three phases are: configure, confirm, and commit. Each phase walks you through a series of screens, so that you can configure the following settings:

• End-user software license
• Root password
• GLOBAL-SITE password
• Settings for optional technical support access
• Enable support account
• Host name
• Default route
• interfaces
• Nameserver
• NTP server
• Time zone
• System time
• SSH
• Telnet
• FTP log file access
• GLOBAL-SITE Identifier
• Settings for the GLOBAL-SITE web server
• Self signed SSL certificate information
• LDAP server

  First, you configure all of the required information. Next, you have the opportunity to correct, if necessary, and confirm each individual setting that you have configured. Last, your confirmed settings are committed and saved to the system.

Gathering configuration information

Before you run the First-Time Boot utility on a specific GLOBAL-SITE Controller, you should have the following information ready to enter:

• Passwords for the root system, for the GLOBAL-SITE web server, for the GLOBAL-SITE Controller, and for technical support access (optional)
• Host name for the GLOBAL-SITE Controller
• A default route (typically a router's IP address)
• Settings for the network interfaces, including IP addresses, media type, and custom netmask
• The IP address or IP address range for remote administrative connections

Starting the First-Time Boot utility

The First-Time Boot utility starts automatically when you turn on the GLOBAL-SITE Controller (the power switch is located on the front of the controller). The first screen the controller displays is the License Agreement screen. You must scroll through the screen, read the license, and accept the agreement before you can move to the next screen. If you agree to the license statement, the next screen you see is the Welcome screen. From this screen, simply press any key on the keyboard to start the First-Time Boot utility, and then follow the instructions on the subsequent screens to complete the process.

Note: You can change any configurations at a later time using the ITCMconsole command line utility. See Chapter 6, ITCMconsole Command Line Interface , for more information.

Defining a root password

You gain administrative access to the GLOBAL-SITE Controller by using a root password. The root password must contain a minimum of 6 characters, but no more than 15 characters. Passwords are case-sensitive, and we recommend that your password contain a combination of uppercase and lowercase characters, as well as special characters. Once you enter a password, the First-Time Boot utility prompts you to confirm your root password by typing it again. If the two passwords match, your password is immediately saved. If the two passwords do not match, you receive an error message asking you to re-enter your password.

Warning: The root password is the only setting that is saved immediately, rather than confirmed and committed at the end of the First-Time Boot utility process. You can change the root password from the ITCMconsole, after the First-Time Boot utility completes and you reboot the GLOBAL-SITE Controller. (To change the root password after initial configuration, you use the ITCMconsole command user. See user, on page 6-33 for more information.) You can change other system settings when the First-Time Boot utility prompts you to confirm your configuration settings or at a later time using the ITCMconsole.

Defining a GLOBAL-SITE password

Enter a password that is between 6 and 15 characters long. You only use the GLOBAL-SITE password when you log into the GLOBAL-SITE Controller as gsite to access the GLOBAL-SITE command line utilities. Those utilities are separate from the ITCMconsole. You can configure everything you need on the web-based user interface or from the ITCMconsole and should rarely, if ever, need to access this other command line utility.

Allowing Tech Support

If you want to allow Technical Support access to your GLOBAL-SITE Controller, choose to enable a Tech Support account. The next screen asks you to set and confirm the tech support password, which can be between 6 and 15 characters long. If you do not want a tech support account, you go to the next screen.

Defining a host name

The host name identifies the GLOBAL-SITE Controller itself. Host names must be in the format of a fully-qualified domain name. Host names may contain letters, numbers, and the symbol for dash ( - ), however, they may not contain spaces. For example, if the controller's label is controller1, then you define the host name as controller1.yourdomain.com.

Configuring a default route

If a GLOBAL-SITE Controller does not have a predefined static route for network traffic, the controller automatically sends traffic to the IP address that you define as the default route. Typically, a default route is set to a router's IP address.

Configuring the interfaces

The First-Time Boot utility lists available interfaces that are available to configure. You need to type the IP address and netmask, and choose the media type for the interface. Use the arrow keys to move to the interface you want to configure. You must at least configure the eth0 interface. Use the keyboard key C to continue with the First-Time Boot utility once you are through configuring interfaces.

• IP address
  This is the IP address of the controller itself.
• Netmask
  Type a netmask appropriate to the subnet indicated by the IP address.
• Media type
  The media type options depend on the network interface card included in your hardware configuration.

Configuring nameserver

Enter an external nameserver to forward DNS requests to.

Configuring NTP clocks

You can synchronize the time on your GLOBAL-SITE Controller to a public time server by using Network Time Protocol (NTP). NTP is built on top of IP and assures accurate, local timekeeping with reference to clocks located on the Internet. This protocol is capable of synchronizing distributed clocks, within milliseconds, over long periods of time. If you choose to enable NTP, make sure UDP port 123 is open in both directions when the GLOBAL-SITE Controller is behind a firewall.

Configuring a time zone

Configuring a time zone ensures that the clock for the GLOBAL-SITE Controller is set correctly, and that dates and times recorded in log files correspond to the time zone of the system administrator. Scroll through the time zone list to find the time zone closest to your location. Note that one option may appear with multiple names.

Configuring system time

You must update the system time if it is more than 100 minutes off in order for the NTP daemon to work correctly.

Configuring remote administration

When you configure remote administration, the first screen you see is the Configure SSH screen, which prompts you to type an address for ssh command line access.

The First-Time Boot utility prompts you to enter a single IP address, or a range of IP addresses, from which the GLOBAL-SITE Controller can accept administrative connections (either remote shell connections, or connections to the GLOBAL-SITE web server). The following example demonstrates how to specify a range of IP addresses. This example allows remote administration from all hosts on the 192.168.2. subnetwork:

192.168.2.

Configuring services

Choose to configure any or all of the following:

• Telnet
  Turn Telnet on or off, and set allowed hosts for Telnet. The default is off.
• FTP
  Turn FTP on or off. The default is off. Turning FTP on enables FTP access to the GLOBAL-SITE Controller, therefore we recommend you choose to keep FTP turned off.

Entering the GLOBAL-SITE Identifier

You should have received a GLOBAL-SITE Identifier from your support representative. Enter that number here. If you do not have an Identifier, please contact Technical Support.

Configuring settings for the GLOBAL-SITE web server

The GLOBAL-SITE web server requires that you define a domain name for the server, a user ID, and a password. The GLOBAL-SITE web server hosts the web-based Configuration utility. The information that you configure in these screens allows you to access the Configuration utility from a web browser on your workstation.

The First-Time Boot utility guides you through a series of screens to set up web server access:

• The first web server screen prompts you for a user name (the default is gsite) and a password. The password does not show on screen as you type it. The utility prompts you to enter the password again for confirmation purposes.
• The next web server screen prompts you to set web access. Enter the IP addresses that are permitted access to your web-based user interface, or type all to allow all access.
• The certification screen prompts you to enter the management port number (the default is 443), country, state, city, company, and division information used for the authentication certificate.

Configuring GLOBAL-SITE web server passwords

You can add additional web users or change the password for this web user account with the ITCMconsole webuser command.

Configuring the LDAP server

You can now set up a common authentication and authorization data store for the GLOBAL-SITE Controller you use. Choose Standalone or Master server if the controller is to be the LDAP server, or Remote LDAP server if you already have an LDAP server you want to use. If you choose a remote LDAP server, you must provide the host name and password for that server.

Confirming your configuration settings

At this point, you have entered all the configuration information, and now you confirm each setting. Each confirmation screen displays a setting and prompts you to either accept or re-enter it. If you choose to edit the setting, the utility displays the original configuration screen in which you defined the setting the first time. When you finish editing the item, you return directly to the Confirmation screen for that item, and continue the confirmation process. Note that once you accept a setting in the Confirmation screen, you do not have another opportunity to review it before the commit phase.

You confirm or edit the settings in the same order that you configured them: Once you have confirmed the last setting, the First-Time Boot utility moves directly into the commit phase, where you are not able to make any changes.

Committing your configuration settings to the system

Once you confirm all of the configuration settings, the First-Time Boot utility saves the configuration settings. If you want to change any information at a later time, you can change certain settings in the web-based user interface, or you can change the settings using the ITCMconsole command line utility.