Installation Guide - Includes Legacy Appliances

Enterasys Dragon
Intrusion Defense System

Installation Guide
(Includes Legacy Appliances)
P/N 9033997-14
i
Notice
Enterasys Networksreservestherighttomakechangesinspecificationsandotherinformationcontainedinthisdocumentand
itswebsitewithoutpriornotice.ThereadershouldinallcasesconsultEnterasys Networkstodeterminewhetheranysuch
changeshavebeenmade.
Thehardware,firmware,orsoftwaredescribedinthisdocumentissubjecttochangewithoutnotice.
INNOEVENTSHALLENTERASYS NETWORKSBELIABLEFORANYINCIDENTAL,INDIRECT,SPECIAL,OR
CONSEQUENTIALDAMAGESWHATSOEVER(INCLUDINGBUTNOTLIMITEDTOLOSTPROFITS)ARISINGOUTOF
ORRELATEDTOTHISDOCUMENT,WEBSITE,ORTHEINFORMATIONCONTAINEDINTHEM,EVENIF
ENTERASYS NETWORKSHASBEENADVISEDOF,KNEWOF,ORSHOULDHAVEKNOWNOF,THEPOSSIBILITYOF
SUCHDAMAGES.
Enterasys Networks, Inc.
50MinutemanRoad
Andover,MA01810
2008Enterasys Networks, Inc.Allrightsreserved.
PartNumber:903399714June 2008
ENTERASYS,ENTERASYSNETWORKS,ENTERASYSDRAGON,ENTERASYSNETSIGHT,andanylogosassociated
therewith,aretrademarksorregisteredtrademarksofEnterasysNetworks,Inc.intheUnitedStatesandothercountries.
Adobe,Acrobat,andAcrobatReaderareregisteredtrademarksofAdobeSystemsIncorporated.
Celeron,Intel,andPentiumIIaretrademarksorregisteredtrademarksofIntelCorporation.
CiscoisaregisteredtrademarkofCiscoSystems,Inc.
FireWall1,OPSECandCheckPointaretrademarksorregisteredtrademarksofCheckPointSoftwareTechnologiesLtd.
Intel,Pentium,andXeonaretrademarksorregisteredtrademarkofIntelCorporation.
IPX/SPX,NovellandNetWarearetrademarksorregisteredtrademarksofNovell,Inc.
LinuxisatrademarkofLinusTorvalds.
Microsoft,Windows,andWindowsNTaretrademarksorregisteredtrademarksofMicrosoftCorporation.
NetscapeisaregisteredtrademarkofNetscapeCommunicationsCorporation.
RedHatisaregisteredtrademarkofRedHat,Inc.
SolarisisatrademarkofSunMicroSystems,Inc.
SPARCisaregisteredtrademarkofSPARCInternational,Inc.
SunandJavaaretrademarksorregisteredtrademarksofSunMicrosystems,Inc.
UNIXisaregisteredtrademarkofTheOpenGroup.
Dragon Intrusion Detection System includes software whose copyright is licensed from MySQL AB.
BleedingSnortLicenseCopyright(c)2005,Bleedingsnort.com
GNUgeneralpublicLicenseCopyright(C)1989,1991FreeSoftwareFoundation,Inc.
Allotherproductnamesmentionedinthismanualmaybetrademarksorregisteredtrademarksoftheirrespectivecompanies.
Electrical Hazard: Only qualified personnel should perform installation procedures.
Riesgo Electrico: Solamente personal calificado debe realizar procedimientos de instalacion.
Elektrischer Gefahrenhinweis: Installationen sollten nur durch ausgebildetes und qualifiziertes Personal
vorgenommen werden.
ii
SupportSiteURL:http://www.enterasys.com/support
DocumentationURL:https://dragon.enterasys.com
DocumentacionURL:https://dragon.enterasys.com
DokumentationimInternet:https://dragon.enterasys.com
Hazardous Substances
ThisproductcomplieswiththerequirementsofEuropeanDirective,2002/95/EC,RestrictionofHazardousSubstances(RoHS)
inElectricalandElectronicEquipment.
European Waste Electrical and Electronic Equipment (WEEE) Notice
InaccordancewithDirective2002/96/ECoftheEuropeanParliamentonwasteelectricalandelectronicequipment(WEEE):
1. Thesymbolaboveindicatesthatseparatecollectionofelectricalandelectronicequipmentisrequiredandthatthisproduct
wasplacedontheEuropeanmarketafterAugust13,2005,thedateofenforcementforDirective2002/96/EC.
2. Whenthisproducthasreachedtheendofitsserviceablelife,itcannotbedisposedofasunsortedmunicipalwaste.Itmust
becollectedandtreatedseparately.
3. IthasbeendeterminedbytheEuropeanParliamentthattherearepotentialnegativeeffectsontheenvironmentandhuman
healthasaresultofthepresenceofhazardoussubstancesinelectricalandelectronicequipment.
4. ItistheusersresponsibilitytoutilizetheavailablecollectionsystemtoensureWEEEisproperlytreated.
Forinformationabouttheavailablecollectionsystem,pleasegotohttp://www.enterasys.com/services/support/,orcontact
EnterasysCustomerSupportat35361705586(Ireland).
iii
Supplement to Product Instructions

(Hazardous Substance)

(Parts)

l|)

|_)

Cd)

C
b
)

lbb)

lbDl)

(Metal Parts)
` `

(Circuit Modules)
` `

(Cables & Cable Assemblies)
` `

(Plastic and Polymeric parts)
`

(Circuit Breakers)
` `

SJ/T 11363-2006
Indicates that the concentration of the hazardous substance in all homogeneous materials in the parts is
below the relevant threshold of the SJ/T 11363-2006 standard.
` SJ/T 11363-2006
Indicates that the concentration of the hazardous substance of at least one of all homogeneous
materials in the parts is above the relevant threshold of the SJ/T 11363-2006 standard.

,,
:
This table shows where these substances may be found in the supply chain of Enterasys electronic
information products, as of the date of sale of the enclosed product. Note that some of the component types
listed above may or may not be a part of the enclosed product.
50
.
The Environmentally Friendly Use Period (EFUP) for all enclosed products and their parts
are per the symbol shown here, unless otherwise marked. Certain parts may have a
different EFUP (for example, battery modules) and so are marked to reflect such. The
Environmentally Friendly Use Period is valid only when the product is operated under the
conditions defined in the product manual.
,.
,).
iv
Enterasys Networks, Inc. Firmware License Agreement
BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT,
CAREFULLY READ THIS LICENSE AGREEMENT.
Thisdocumentisanagreement(Agreement)betweentheenduser(You)andEnterasysNetworks,Inc.,onbehalfofitself
anditsAffiliates(ashereinafterdefined)(Enterasys)thatsetsforthYourrightsandobligationswithrespecttotheEnterasys
softwareprogram/firmware(includinganyaccompanyingdocumentation,hardwareormedia)(Program)inthepackage
andprevailsoveranyadditional,conflictingorinconsistenttermsandconditionsappearingonanypurchaseorderorother
documentsubmittedbyYou.Affiliatemeansanyperson,partnership,corporation,limitedliabilitycompany,otherformof
enterprisethatdirectlyorindirectlythroughoneormoreintermediaries,controls,oriscontrolledby,orisundercommon
controlwiththepartyspecified.ThisAgreementconstitutestheentireunderstandingbetweentheparties,withrespecttothe
subjectmatterofthisAgreement.TheProgrammaybecontainedinfirmware,chipsorothermedia.
BYINSTALLINGOROTHERWISEUSINGTHEPROGRAM,YOUREPRESENTTHATYOUAREAUTHORIZEDTOACCEPT
THESETERMSONBEHALFOFTHEENDUSER(IFTHEENDUSERISANENTITYONWHOSEBEHALFYOUARE
AUTHORIZEDTOACT,YOUANDYOURSHALLBEDEEMEDTOREFERTOSUCHENTITY)ANDTHATYOU
AGREETHATYOUAREBOUNDBYTHETERMSOFTHISAGREEMENT,WHICHINCLUDES,AMONGOTHER
PROVISIONS,THELICENSE,THEDISCLAIMEROFWARRANTYANDTHELIMITATIONOFLIABILITY.IFYOUDONOT
AGREETOTHETERMSOFTHISAGREEMENTORARENOTAUTHORIZEDTOENTERINTOTHISAGREEMENT,
ENTERASYSISUNWILLINGTOLICENSETHEPROGRAMTOYOUANDYOUAGREETORETURNTHEUNOPENED
PRODUCTTOENTERASYSORYOURDEALER,IFANY,WITHINTEN(10)DAYSFOLLOWINGTHEDATEOFRECEIPT
FORAFULLREFUND.
IFYOUHAVEANYQUESTIONSABOUTTHISAGREEMENT,CONTACTENTERASYSNETWORKS,LEGAL
DEPARTMENTAT(978)6841000.
YouandEnterasysagreeasfollows:
1. LICENSE. Youhavethenonexclusiveandnontransferablerighttouseonlytheone(1)copyoftheProgramprovidedin
thispackagesubjecttothetermsandconditionsofthisAgreement.
2. RESTRICTIONS. ExceptasotherwiseauthorizedinwritingbyEnterasys,Youmaynot,normayYoupermitanythird
partyto:
(a) Reverseengineer,decompile,disassembleormodifytheProgram,inwholeorinpart,includingforreasonsoferror
correctionorinteroperability,excepttotheextentexpresslypermittedbyapplicablelawandtotheextenttheparties
shallnotbepermittedbythatapplicablelaw,suchrightsareexpresslyexcluded.Informationnecessarytoachieve
interoperabilityorcorrecterrorsisavailablefromEnterasysuponrequestanduponpaymentofEnterasysapplicable
fee.
(b) IncorporatethePrograminwholeorinpart,inanyotherproductorcreatederivativeworksbasedontheProgram,in
wholeorinpart.
(c) Publish,disclose,copyreproduceortransmittheProgram,inwholeorinpart.
(d) Assign,sell,license,sublicense,rent,lease,encumberbywayofsecurityinterest,pledgeorotherwisetransferthe
Program,inwholeorinpart.
(e) Removeanycopyright,trademark,proprietaryrights,disclaimerorwarningnoticeincludedonorembeddedinany
partoftheProgram.
3. APPLICABLELAW. ThisAgreementshallbeinterpretedandgovernedunderthelawsandinthestateandfederalcourts
oftheCommonwealthofMassachusettswithoutregardtoitsconflictsoflawsprovisions.Youacceptthepersonaljurisdiction
andvenueoftheCommonwealthofMassachusettscourts.Noneofthe1980UnitedNationsConventionontheLimitationPeriod
intheInternationalSaleofGoods,andtheUniformComputerInformationTransactionsActshallapplytothisAgreement.
4. EXPORTRESTRICTIONS. YouunderstandthatEnterasysanditsAffiliatesaresubjecttoregulationbyagenciesofthe
U.S.Government,includingtheU.S.DepartmentofCommerce,whichprohibitexportordiversionofcertaintechnicalproducts
tocertaincountries,unlessalicensetoexporttheproductisobtainedfromtheU.S.Governmentoranexceptionfromobtaining
suchlicensemayberelieduponbytheexportingparty.
v
IftheProgramisexportedfromtheUnitedStatespursuanttotheLicenseExceptionCIVundertheU.S.Export
AdministrationRegulations,YouagreethatYouareacivilenduseroftheProgramandagreethatYouwillusetheProgramfor
civilendusesonlyandnotformilitarypurposes.
IftheProgramisexportedfromtheUnitedStatespursuanttotheLicenseExceptionTSRundertheU.S.Export
AdministrationRegulations,inadditiontotherestrictionontransfersetforthinSection1or2ofthisAgreement,Youagreenot
to(i)reexportorreleasetheProgram,thesourcecodefortheProgramortechnologytoanationalofacountryinCountry
GroupsD:1orE:2(Albania,Armenia,Azerbaijan,Belarus,Cambodia,Cuba,Georgia,Iraq,Kazakhstan,Laos,Libya,Macau,
Moldova,Mongolia,NorthKorea,thePeoplesRepublicofChina,Russia,Tajikistan,Turkmenistan,Ukraine,Uzbekistan,
Vietnam,orsuchothercountriesasmaybedesignatedbytheUnitedStatesGovernment),(ii)exporttoCountryGroupsD:1or
E:2(asdefinedherein)thedirectproductoftheProgramorthetechnology,ifsuchforeignproduceddirectproductissubjectto
nationalsecuritycontrolsasidentifiedontheU.S.CommerceControlList,or(iii)ifthedirectproductofthetechnologyisa
completeplantoranymajorcomponentofaplant,exporttoCountryGroupsD:1orE:2thedirectproductoftheplantora
majorcomponentthereof,ifsuchforeignproduceddirectproductissubjecttonationalsecuritycontrolsasidentifiedonthe
U.S.CommerceControlListorissubjecttoStateDepartmentcontrolsundertheU.S.MunitionsList.
5. UNITEDSTATESGOVERNMENTRESTRICTEDRIGHTS. TheenclosedProgram(i)wasdevelopedsolelyatprivate
expense;(ii)containsrestrictedcomputersoftwaresubmittedwithrestrictedrightsinaccordancewithsection52.22719(a)
through(d)oftheCommercialComputerSoftwareRestrictedRightsClauseanditssuccessors,and(iii)inallrespectsis
proprietarydatabelongingtoEnterasysand/oritssuppliers.ForDepartmentofDefenseunits,theProgramisconsidered
commercialcomputersoftwareinaccordancewithDFARSsection227.72023anditssuccessors,anduse,duplication,or
disclosurebytheU.S.Governmentissubjecttorestrictionssetforthherein.
6. DISCLAIMEROFWARRANTY. EXCEPTFORTHOSEWARRANTIESEXPRESSLYPROVIDEDTOYOUINWRITING
BYENTERASYS,ENTERASYSDISCLAIMSALLWARRANTIES,EITHEREXPRESSORIMPLIED,INCLUDINGBUTNOT
LIMITEDTOIMPLIEDWARRANTIESOFMERCHANTABILITY,SATISFACTORYQUALITY,FITNESSFORAPARTICULAR
PURPOSE,TITLEANDNONINFRINGEMENTWITHRESPECTTOTHEPROGRAM.IFIMPLIEDWARRANTIESMAYNOT
BEDISCLAIMEDBYAPPLICABLELAW,THENANYIMPLIEDWARRANTIESARELIMITEDINDURATIONTOTHIRTY
(30)DAYSAFTERDELIVERYOFTHEPROGRAMTOYOU.
7. LIMITATIONOFLIABILITY. INNOEVENTSHALLENTERASYSORITSSUPPLIERSBELIABLEFORANY
DAMAGESWHATSOEVER(INCLUDING,WITHOUTLIMITATION,DAMAGESFORLOSSOFBUSINESS,PROFITS,
BUSINESSINTERRUPTION,LOSSOFBUSINESSINFORMATION,SPECIAL,INCIDENTAL,CONSEQUENTIAL,OR
RELIANCEDAMAGES,OROTHERLOSS)ARISINGOUTOFTHEUSEORINABILITYTOUSETHEPROGRAM,EVENIF
ENTERASYSHASBEENADVISEDOFTHEPOSSIBILITYOFSUCHDAMAGES.THISFOREGOINGLIMITATIONSHALL
APPLYREGARDLESSOFTHECAUSEOFACTIONUNDERWHICHDAMAGESARESOUGHT.
THECUMULATIVELIABILITYOFENTERASYSTOYOUFORALLCLAIMSRELATINGTOTHEPROGRAM,IN
CONTRACT,TORTOROTHERWISE,SHALLNOTEXCEEDTHETOTALAMOUNTOFFEESPAIDTOENTERASYSBY
YOUFORTHERIGHTSGRANTEDHEREIN.
8. AUDITRIGHTS. YouherebyacknowledgethattheintellectualpropertyrightsassociatedwiththeProgramareofcritical
valuetoEnterasys,and,accordingly,Youherebyagreetomaintaincompletebooks,recordsandaccountsshowing(i)license
feesdueandpaid,and(ii)theuse,copyinganddeploymentoftheProgram.YoualsogranttoEnterasysanditsauthorized
representatives,uponreasonablenotice,therighttoauditandexamineduringYournormalbusinesshours,Yourbooks,records,
accountsandhardwaredevicesuponwhichtheProgrammaybedeployedtoverifycompliancewiththisAgreement,including
theverificationofthelicensefeesdueandpaidEnterasysandtheuse,copyinganddeploymentoftheProgram.Enterasysright
ofexaminationshallbeexercisedreasonably,ingoodfaithandinamannercalculatedtonotunreasonablyinterferewithYour
business.IntheeventsuchauditdiscoversnoncompliancewiththisAgreement,includingcopiesoftheProgrammade,used
ordeployedinbreachofthisAgreement,YoushallpromptlypaytoEnterasystheappropriatelicensefees.Enterasysreserves
theright,tobeexercisedinitssolediscretionandwithoutpriornotice,toterminatethislicense,effectiveimmediately,forfailure
tocomplywiththisAgreement.Uponanysuchtermination,YoushallimmediatelyceasealluseoftheProgramandshallreturn
toEnterasystheProgramandallcopiesoftheProgram.
9. OWNERSHIP. Thisisalicenseagreementandnotanagreementforsale.YouacknowledgeandagreethattheProgram
constitutestradesecretsand/orcopyrightedmaterialofEnterasysand/oritssuppliers.Youagreetoimplementreasonable
securitymeasurestoprotectsuchtradesecretsandcopyrightedmaterial.Allright,titleandinterestinandtotheProgramshall
remainwithEnterasysand/oritssuppliers.AllrightsnotspecificallygrantedtoYoushallbereservedtoEnterasys.
10. ENFORCEMENT. YouacknowledgeandagreethatanybreachofSections2,4,or9ofthisAgreementbyYoumaycause
Enterasysirreparabledamageforwhichrecoveryofmoneydamageswouldbeinadequate,andthatEnterasysmaybeentitled
toseektimelyinjunctiverelieftoprotectEnterasysrightsunderthisAgreementinadditiontoanyandallremediesavailableat
law.
vi
11. ASSIGNMENT. Youmaynotassign,transferorsublicensethisAgreementoranyofYourrightsorobligationsunderthis
Agreement,exceptthatYoumayassignthisAgreementtoanypersonorentitywhichacquiressubstantiallyallofYourstock
assets.EnterasysmayassignthisAgreementinitssolediscretion.ThisAgreementshallbebindinguponandinuretothebenefit
oftheparties,theirlegalrepresentatives,permittedtransferees,successorsandassignsaspermittedbythisAgreement.Any
attemptedassignment,transferorsublicenseinviolationofthetermsofthisAgreementshallbevoidandabreachofthis
Agreement.
12. WAIVER. AwaiverbyEnterasysofabreachofanyofthetermsandconditionsofthisAgreementmustbeinwritingand
willnotbeconstruedasawaiverofanysubsequentbreachofsuchtermorcondition.Enterasysfailuretoenforceatermupon
YourbreachofsuchtermshallnotbeconstruedasawaiverofYourbreachorpreventenforcementonanyotheroccasion.
13. SEVERABILITY. IntheeventanyprovisionofthisAgreementisfoundtobeinvalid,illegalorunenforceable,thevalidity,
legalityandenforceabilityofanyoftheremainingprovisionsshallnotinanywaybeaffectedorimpairedthereby,andthat
provisionshallbereformed,construedandenforcedtothemaximumextentpermissible.Anysuchinvalidity,illegality,or
unenforceabilityinanyjurisdictionshallnotinvalidateorrenderillegalorunenforceablesuchprovisioninanyother
jurisdiction.
14. TERMINATION. EnterasysmayterminatethisAgreementimmediatelyuponYourbreachofanyofthetermsand
conditionsofthisAgreement.Uponanysuchtermination,YoushallimmediatelyceasealluseoftheProgramandshallreturn
toEnterasystheProgramandallcopiesoftheProgram.
vii
Enterasys Networks, Inc. Software License Agreement
Thisdocumentisanagreement(Agreement)betweenYou,theenduser,andEnterasysNetworks,Inc.onbehalfofitselfand
itsAffiliates(Enterasys)thatsetsforthyourrightsandobligationswithrespecttothesoftwarecontainedinCDROMor
othermedia.Affiliatesmeansanyperson,partnership,corporation,limitedliabilitycompany,orotherformofenterprisethat
directlyorindirectlythroughoneormoreintermediaries,controls,oriscontrolledby,orisundercommoncontrolwiththe
partyspecified.BYINSTALLINGTHEENCLOSEDPRODUCT,YOUAREAGREEINGTOBECOMEBOUNDBYTHETERMS
OFTHISAGREEMENT,WHICHINCLUDESTHELICENSEANDTHELIMITATIONOFWARRANTYANDDISCLAIMER
OFLIABILITY.IFYOUDONOTAGREETOTHETERMSOFTHISAGREEMENT,RETURNTHEUNOPENEDPRODUCTTO
ENTERASYSORYOURDEALER,IFANY,WITHINTEN(10)DAYSFOLLOWINGTHEDATEOFRECEIPTFORAFULL
REFUND.
IFYOUHAVEANYQUESTIONSABOUTTHISAGREEMENT,CONTACTENTERASYSNETWORKS,INC.(978)6841000.
Attn:LegalDepartment.
EnterasyswillgrantYouanontransferable,nonexclusivelicensetousethemachinereadableformofsoftware(theLicensed
Software)andtheaccompanyingdocumentation(theLicensedSoftware,themediaembodyingtheLicensedSoftware,andthe
documentationarecollectivelyreferredtointhisAgreementastheLicensedMaterials)ononesinglecomputerifYouagree
tothefollowingtermsandconditions:
1. TERM. ThisAgreementiseffectivefromthedateonwhichYouopenthepackagecontainingtheLicensedMaterials.You
mayterminatetheAgreementatanytimebydestroyingtheLicensedMaterials,togetherwithallcopies,modificationsand
mergedportionsinanyform.TheAgreementandyourlicensetousetheLicensedMaterialswillalsoterminateifYoufailto
complywithanytermorconditionherein.
2. GRANTOFSOFTWARELICENSE. ThelicensegrantedtoYoubyEnterasyswhenYouopenthissealedpackage
authorizesYoutousetheLicensedSoftwareonanyone,singlecomputeronly,oranyreplacementforthatcomputer,forinternal
useonly.Aseparatelicense,underaseparateSoftwareLicenseAgreement,isrequiredforanyothercomputeronwhichYouor
anotherindividualoremployeeintendtousetheLicensedSoftware.YOUMAYNOTUSE,COPY,ORMODIFYTHELICENSED
MATERIALS,INWHOLEORINPART,EXCEPTASEXPRESSLYPROVIDEDINTHISAGREEMENT.
3. RESTRICTIONAGAINSTCOPYINGORMODIFYINGLICENSEDMATERIALS. Exceptasexpresslypermittedinthis
Agreement,YoumaynotcopyorotherwisereproducetheLicensedMaterials.Innoeventdoesthelimitedcopyingor
reproductionpermittedunderthisAgreementincludetherighttodecompile,disassemble,electronicallytransfer,orreverse
engineertheLicensedSoftware,ortotranslatetheLicensedSoftwareintoanothercomputerlanguage.
ThemediaembodyingtheLicensedSoftwaremaybecopiedbyYou,inwholeorinpart,intoprintedormachinereadable
form,insufficientnumbersonlyforbackuporarchivalpurposes,ortoreplaceawornordefectivecopy.However,Youagree
nottohavemorethantwo(2)copiesoftheLicensedSoftwareinwholeorinpart,includingtheoriginalmedia,inyour
possessionforsaidpurposeswithoutEnterasyspriorwrittenconsent,andinnoeventshallYouoperatemorethanonecopyof
theLicensedSoftware.Youmaynotcopyorreproducethedocumentation.Youagreetomaintainappropriaterecordsofthe
locationoftheoriginalmediaandallcopiesoftheLicensedSoftware,inwholeorinpart,madebyYou.Youmaymodifythe
machinereadableformoftheLicensedSoftwarefor(1)yourowninternaluseor(2)tomergetheLicensedSoftwareintoother
programmaterialtoformamodularworkforyourownuse,providedthatsuchworkremainsmodular,butonterminationof
thisAgreement,YouarerequiredtocompletelyremovetheLicensedSoftwarefromanysuchmodularwork.Anyportionofthe
LicensedSoftwareincludedinanysuchmodularworkshallbeusedonlyonasinglecomputerforinternalpurposesandshall
remainsubjecttoallthetermsandconditionsofthisAgreement.
YouagreetoincludeanycopyrightorotherproprietarynoticesetforthonthelabelofthemediaembodyingtheLicensed
SoftwareonanycopyoftheLicensedSoftwareinanyform,inwholeorinpart,oronanymodificationoftheLicensedSoftware
oranysuchmodularworkcontainingtheLicensedSoftwareoranypartthereof.
4. TITLEANDPROPRIETARYRIGHTS.
(a) TheLicensedMaterialsarecopyrightedworksandarethesoleandexclusivepropertyofEnterasys,anycompanyora
divisionthereofwhichEnterasyscontrolsoriscontrolledby,orwhichmayresultfromthemergerorconsolidation
withEnterasys(itsAffiliates),and/ortheirsuppliers.ThisAgreementconveysalimitedrighttooperatetheLicensed
MaterialsandshallnotbeconstruedtoconveytitletotheLicensedMaterialstoYou.Therearenoimpliedrights.You
shallnotsell,lease,transfer,sublicense,disposeof,orotherwisemakeavailabletheLicensedMaterialsoranyportion
thereof,toanyotherparty.
(b) YoufurtheracknowledgethatintheeventofabreachofthisAgreement,Enterasysshallsuffersevereandirreparable
damagesforwhichmonetarycompensationalonewillbeinadequate.Youthereforeagreethatintheeventofabreach
ofthisAgreement,Enterasysshallbeentitledtomonetarydamagesanditsreasonableattorneysfeesandcostsin
enforcingthisAgreement,aswellasinjunctiverelieftorestrainsuchbreach,inadditiontoanyotherremediesavailable
toEnterasys.
viii
5. PROTECTIONANDSECURITY. IntheperformanceofthisAgreementorincontemplationthereof,Youandyour
employeesandagentsmayhaveaccesstoprivateorconfidentialinformationownedorcontrolledbyEnterasysrelatingtothe
LicensedMaterialssuppliedhereunderincluding,butnotlimitedto,productspecificationsandschematics,andsuch
informationmaycontainproprietarydetailsanddisclosures.AllinformationanddatasoacquiredbyYouoryouremployeesor
agentsunderthisAgreementorincontemplationhereofshallbeandshallremainEnterasysexclusiveproperty,andYoushall
useyourbestefforts(whichinanyeventshallnotbelessthantheeffortsYoutaketoensuretheconfidentialityofyourown
proprietaryandotherconfidentialinformation)tokeep,andhaveyouremployeesandagentskeep,anyandallsuchinformation
anddataconfidential,andshallnotcopy,publish,ordiscloseittoothers,withoutEnterasyspriorwrittenapproval,andshall
returnsuchinformationanddatatoEnterasysatitsrequest.Nothinghereinshalllimityouruseordisseminationofinformation
notactuallyderivedfromEnterasysorofinformationwhichhasbeenorsubsequentlyismadepublicbyEnterasys,orathird
partyhavingauthoritytodoso.
YouagreenottodeliverorotherwisemakeavailabletheLicensedMaterialsoranypartthereof,includingwithout
limitationtheobjectorsourcecode(ifprovided)oftheLicensedSoftware,toanypartyotherthanEnterasysoritsemployees,
exceptforpurposesspecificallyrelatedtoyouruseoftheLicensedSoftwareonasinglecomputerasexpresslyprovidedinthis
Agreement,withoutthepriorwrittenconsentofEnterasys.Youagreetouseyourbesteffortsandtakeallreasonablestepsto
safeguardtheLicensedMaterialstoensurethatnounauthorizedpersonnelshallhaveaccesstheretoandthatnounauthorized
copy,publication,disclosure,ordistribution,inwholeorinpart,inanyformshallbemade,andYouagreetonotifyEnterasys
ofanyunauthorizedusethereof.YouacknowledgethattheLicensedMaterialscontainvaluableconfidentialinformationand
tradesecrets,andthatunauthorizeduse,copyingand/ordisclosurethereofareharmfultoEnterasysoritsAffiliatesand/or
its/theirsoftwaresuppliers.
6. MAINTENANCEANDUPDATES. Updatesandcertainmaintenanceandsupportservices,ifany,shallbeprovidedto
YoupursuanttothetermsofaEnterasysServiceandMaintenanceAgreement,ifEnterasysandYouenterintosuchan
agreement.Exceptasspecificallysetforthinsuchagreement,EnterasysshallnotbeunderanyobligationtoprovideSoftware
Updates,modifications,orenhancements,orSoftwaremaintenanceandsupportservicestoYou.
7. DEFAULTANDTERMINATION. IntheeventthatYoushallfailtokeep,observe,orperformanyobligationunderthis
Agreement,includingafailuretopayanysumsduetoEnterasys,orintheeventthatYoubecomeinsolventorseekprotection,
voluntarilyorinvoluntarily,underanybankruptcylaw,Enterasysmay,inadditiontoanyotherremediesitmayhaveunder
law,terminatetheLicenseandanyotheragreementsbetweenEnterasysandYou.
(a) ImmediatelyafteranyterminationoftheAgreementorifYouhaveforanyreasondiscontinueduseofSoftware,You
shallreturntoEnterasystheoriginalandanycopiesoftheLicensedMaterialsandremovetheLicensedSoftwarefrom
anymodularworksmadepursuanttoSection3,andcertifyinwritingthatthroughyourbesteffortsandtothebestof
yourknowledgetheoriginalandallcopiesoftheterminatedordiscontinuedLicensedMaterialshavebeenreturned
toEnterasys.
(b) Sections4,5,7,8,9,10,11,and12shallsurviveterminationofthisAgreementforanyreason.
8. EXPORTREQUIREMENTS. YouunderstandthatEnterasysanditsAffiliatesaresubjecttoregulationbyagenciesofthe
U.S.Government,includingtheU.S.DepartmentofCommerce,whichprohibitexportordiversionofcertaintechnicalproducts
tocertaincountries,unlessalicensetoexporttheproductisobtainedfromtheU.S.Governmentoranexceptionfromobtaining
suchlicensemayberelieduponbytheexportingparty.
IftheLicensedMaterialsareexportedfromtheUnitedStatespursuanttotheLicenseExceptionCIVundertheU.S.Export
AdministrationRegulations,YouagreethatYouareacivilenduseroftheLicensedMaterialsandagreethatYouwillusethe
LicensedMaterialsforcivilendusesonlyandnotformilitarypurposes.
IftheLicensedMaterialsareexportedfromtheUnitedStatespursuanttotheLicenseExceptionTSRundertheU.S.Export
AdministrationRegulations,inadditiontotherestrictionontransfersetforthinSection4ofthisAgreement,Youagreenotto
(i)reexportorreleasetheLicensedSoftware,thesourcecodefortheLicensedSoftwareortechnologytoanationalofacountry
inCountryGroupsD:1orE:2(Albania,Armenia,Azerbaijan,Belarus,Cambodia,Cuba,Georgia,Iraq,Kazakhstan,Kyrgyzstan,
Laos,Libya,Macau,Moldova,Mongolia,NorthKorea,thePeoplesRepublicofChina,Russia,Tajikistan,Turkmenistan,
Ukraine,Uzbekistan,Vietnam,orsuchothercountriesasmaybedesignatedbytheUnitedStatesGovernment),(ii)exportto
CountryGroupsD:1orE:2(asdefinedherein)thedirectproductoftheLicensedSoftwareorthetechnology,ifsuchforeign
produceddirectproductissubjecttonationalsecuritycontrolsasidentifiedontheU.S.CommerceControlList,or(iii)ifthe
directproductofthetechnologyisacompleteplantoranymajorcomponentofaplant,exporttoCountryGroupsD:1orE:2
thedirectproductoftheplantoramajorcomponentthereof,ifsuchforeignproduceddirectproductissubjecttonational
securitycontrolsasidentifiedontheU.S.CommerceControlListorissubjecttoStateDepartmentcontrolsundertheU.S.
MunitionsList.
ix
9. UNITEDSTATESGOVERNMENTRESTRICTEDRIGHTS. TheLicensedMaterials(i)weredevelopedsolelyatprivate
expense;(ii)containsrestrictedcomputersoftwaresubmittedwithrestrictedrightsinaccordancewithsection52.22719(a)
through(d)oftheCommercialComputerSoftwareRestrictedRightsClauseanditssuccessors,and(iii)inallrespectsis
proprietarydatabelongingtoEnterasysand/oritssuppliers.ForDepartmentofDefenseunits,theLicensedMaterialsare
consideredcommercialcomputersoftwareinaccordancewithDFARSsection227.72023anditssuccessors,anduse,
duplication,ordisclosurebytheU.S.Governmentissubjecttorestrictionssetforthherein.
10. LIMITEDWARRANTYANDLIMITATIONOFLIABILITY. TheonlywarrantyEnterasysmakestoYouinconnection
withthislicenseoftheLicensedMaterialsisthatifthemediaonwhichtheLicensedSoftwareisrecordedisdefective,itwillbe
replacedwithoutcharge,ifEnterasysingoodfaithdeterminesthatthemediaandproofofpaymentofthelicensefeeare
returnedtoEnterasysorthedealerfromwhomitwasobtainedwithinninety(90)daysofthedateofpaymentofthelicensefee.
NEITHERENTERASYSNORITSAFFILIATESMAKEANYOTHERWARRANTYORREPRESENTATION,EXPRESSOR
IMPLIED,WITHRESPECTTOTHELICENSEDMATERIALS,WHICHARELICENSEDASIS.THELIMITEDWARRANTY
ANDREMEDYPROVIDEDABOVEAREEXCLUSIVEANDINLIEUOFALLOTHERWARRANTIES,INCLUDING
IMPLIEDWARRANTIESOFMERCHANTABILITYORFITNESSFORAPARTICULARPURPOSE,WHICHAREEXPRESSLY
DISCLAIMED,ANDSTATEMENTSORREPRESENTATIONSMADEBYANYOTHERPERSONORFIRMAREVOID.ONLY
TOTHEEXTENTSUCHEXCLUSIONOFANYIMPLIEDWARRANTYISNOTPERMITTEDBYLAW,THEDURATIONOF
SUCHIMPLIEDWARRANTYISLIMITEDTOTHEDURATIONOFTHELIMITEDWARRANTYSETFORTHABOVE.YOU
ASSUMEALLRISKASTOTHEQUALITY,FUNCTIONANDPERFORMANCEOFTHELICENSEDMATERIALS.INNO
EVENTWILLENTERASYSORANYOTHERPARTYWHOHASBEENINVOLVEDINTHECREATION,PRODUCTIONOR
DELIVERYOFTHELICENSEDMATERIALSBELIABLEFORSPECIAL,DIRECT,INDIRECT,RELIANCE,INCIDENTALOR
CONSEQUENTIALDAMAGES,INCLUDINGLOSSOFDATAORPROFITSORFORINABILITYTOUSETHELICENSED
MATERIALS,TOANYPARTYEVENIFENTERASYSORSUCHOTHERPARTYHASBEENADVISEDOFTHEPOSSIBILITY
OFSUCHDAMAGES.INNOEVENTSHALLENTERASYSORSUCHOTHERPARTYSLIABILITYFORANYDAMAGES
ORLOSSTOYOUORANYOTHERPARTYEXCEEDTHELICENSEFEEYOUPAIDFORTHELICENSEDMATERIALS.
Somestatesdonotallowlimitationsonhowlonganimpliedwarrantylastsandsomestatesdonotallowtheexclusionor
limitationofincidentalorconsequentialdamages,sotheabovelimitationandexclusionmaynotapplytoYou.Thislimited
warrantygivesYouspecificlegalrights,andYoumayalsohaveotherrightswhichvaryfromstatetostate.
11. JURISDICTION. TherightsandobligationsofthepartiestothisAgreementshallbegovernedandconstruedin
accordancewiththelawsandintheStateandFederalcourtsoftheCommonwealthofMassachusetts,withoutregardtoitsrules
withrespecttochoiceoflaw.Youwaiveanyobjectionstothepersonaljurisdictionandvenueofsuchcourts.Noneofthe1980
UnitedNationsConventionontheLimitationPeriodintheInternationalSaleofGoods,andtheUniformComputerInformation
TransactionsActshallapplytothisAgreement.
12. GENERAL.
(a) ThisAgreementistheentireagreementbetweenEnterasysandYouregardingtheLicensedMaterials,andallprior
agreements,representations,statements,andundertakings,oralorwritten,areherebyexpresslysupersededand
canceled.
(b) ThisAgreementmaynotbechangedoramendedexceptinwritingsignedbybothpartieshereto.
(c) YourepresentthatYouhavefullrightand/orauthorizationtoenterintothisAgreement.
(d) ThisAgreementshallnotbeassignablebyYouwithouttheexpresswrittenconsentofEnterasys,Therightsof
EnterasysandYourobligationsunderthisAgreementshallinuretothebenefitofEnterasysassignees,licensors,and
licensees.
(e) SectionheadingsareforconvenienceonlyandshallnotbeconsideredintheinterpretationofthisAgreement.
(f) TheprovisionsoftheAgreementareseverableandifanyoneormoreoftheprovisionshereofarejudiciallydetermined
tobeillegalorotherwiseunenforceable,inwholeorinpart,theremainingprovisionsofthisAgreementshall
neverthelessbebindingonandenforceablebyandbetweenthepartieshereto.
(g) Enterasyswaiverofanyrightshallnotconstitutewaiverofthatrightinfuture.ThisAgreementconstitutestheentire
understandingbetweenthepartieswithrespecttothesubjectmatterhereof,andallprioragreements,representations,
statementsandundertakings,oralorwritten,areherebyexpresslysupersededandcanceled.Nopurchaseordershall
supersedethisAgreement.
(h) ShouldYouhaveanyquestionsregardingthisAgreement,YoumaycontactEnterasysattheaddresssetforthbelow.
AnynoticeorothercommunicationtobesenttoEnterasysmustbemailedbycertifiedmailtothefollowingaddress:
ENTERASYSNETWORKS,INC.,50MinutemanRoad,Andover,MA01810Attn:ManagerLegalDepartment.
x
xi
Contents
About This Guide
Intended Audience ........................................................................................................................................... xv
Associated Documentation ........................................................................................................................... 1-xv
Conventions ....................................................................................................................................................xvi
Getting Help .................................................................................................................................................... xvii
Chapter 1: DSNSA7-GE500-SX/TX, DSIPA7-GE500-SX/TX, DSEMA7-U,
DRAGON-E500-SX/TX Overview and Setup
Kit Contents .................................................................................................................................................... 1-1
Specifications ................................................................................................................................................. 1-2
Power Supply ................................................................................................................................................. 1-3
500-Watt Power Supply ........................................................................................................................... 1-3
Chassis Back Panel I/O Ports and Features .................................................................................................. 1-4
Front Panel Controls and Indicators ............................................................................................................... 1-5
Installing the Appliance into a Rack ................................................................................................................ 1-7
Equipment Rack Precautions ................................................................................................................... 1-7
Cautions ................................................................................................................................................... 1-7
Safety Warnings and Cautions ....................................................................................................................... 1-8
Warnings .................................................................................................................................................. 1-8
Cautions ................................................................................................................................................... 1-9
Wichtige Sicherheitshinweise........................................................................................................... 1-11
Consignes de scurit...................................................................................................................... 1-13
Instrucciones de seguridad importantes........................................................................................... 1-15
AVVERTENZA: Italiano................................................................................................................... 1-17
Regulatory and Compliance Information ...................................................................................................... 1-19
Product Safety Compliance .................................................................................................................... 1-19
Product EMC Compliance Class A Compliance ................................................................................. 1-19
Certifications / Registrations / Declarations .......................................................................................... 1-20
Product Regulatory Compliance Markings ............................................................................................. 1-20
Electromagnetic Compatibility Notices ................................................................................................... 1-21
FCC (USA) ....................................................................................................................................... 1-21
Industry Canada (ICES-003) ............................................................................................................ 1-22
Europe (CE Declaration of Conformity) ............................................................................................ 1-22
VCCI (Japan) .................................................................................................................................... 1-22
BSMI (Taiwan).................................................................................................................................. 1-23
Korean RRL Compliance.................................................................................................................. 1-23
Chapter 2: DRAGON-EAL-SX/TX, DSEPA7, DSNSA7-FE-TX, DSISA7-SX/TX,
DSIPA7-FE-TX, DSEMA7-LE/ME, DSNSA7-GE250-SX/TX,
DSIPA7-GE250-SX/TX Overview and Setup
Kit Contents .................................................................................................................................................... 2-1
Specifications ................................................................................................................................................. 2-2
Power Supply ................................................................................................................................................. 2-3
500-Watt Power Supply ........................................................................................................................... 2-4
Chassis Back Panel I/O Ports and Features .................................................................................................. 2-5
Cautions ................................................................................................................................................... 2-8
xii
Warnings .................................................................................................................................................. 2-9
Cautions ................................................................................................................................................. 2-10
Product Safety Compliance .................................................................................................................... 2-20
Product EMC Compliance ..................................................................................................................... 2-20
Product Regulatory Compliance Markings ............................................................................................. 2-20
USA .................................................................................................................................................. 2-21
FCC Verification Statement .................................................................................................................... 2-21
ICES-003 (Canada) ................................................................................................................................ 2-22
Europe (CE Declaration of Conformity) .................................................................................................. 2-22
Japan EMC Compatibility ...................................................................................................................... 2-22
BSMI (Taiwan) ....................................................................................................................................... 2-22
Chapter 3: DSNSA7-GIG-SX/TX, DSIPA7-GIG-SX/TX, DSEMA7-RED-U,
DSEMA7-6RED400U Overview and Setup
Kit Contents .................................................................................................................................................... 3-1
Specifications ................................................................................................................................................. 3-2
Power Supply ................................................................................................................................................. 3-3
700-Watt Redundant Power Supply Input Voltages ................................................................................. 3-3
700-Watt Power Supply...................................................................................................................... 3-3
700-Watt Single Power Supply Output Voltages ................................................................................ 3-3
Chassis Back I/O Ports and Features ............................................................................................................ 3-4
Warnings .................................................................................................................................................. 3-9
Cautions ................................................................................................................................................. 3-10
Product Regulatory Compliance ............................................................................................................ 3-20
Product Safety Compliance.............................................................................................................. 3-20
Product EMC Compliance Class A Compliance............................................................................ 3-20
Certifications / Registrations / Declarations ..................................................................................... 3-21
Product Regulatory Compliance Markings ....................................................................................... 3-21
FCC (USA) ....................................................................................................................................... 3-22
Industry Canada (ICES-003) ............................................................................................................ 3-23
Europe (CE Declaration of Conformity) ............................................................................................ 3-23
VCCI (Japan) .................................................................................................................................... 3-23
BSMI (Taiwan).................................................................................................................................. 3-24
Korean RRL...................................................................................................................................... 3-24
xiii
Chapter 4: Commissioning
Pre-Commissioning Tasks .............................................................................................................................. 4-1
Gathering Required information ............................................................................................................... 4-1
Creating a User Account .......................................................................................................................... 4-1
Generating a New Key ............................................................................................................................. 4-2
Upgrading an Existing Key ....................................................................................................................... 4-3
Commissioning the Appliance ........................................................................................................................ 4-4
Dragon License Key Installation ..................................................................................................................... 4-6
Chapter 5: Dragon Software Installation
Installation Overview ...................................................................................................................................... 5-2
Installation Methods ................................................................................................................................. 5-2
Using the Graphical Installation Wizard.............................................................................................. 5-2
Using the Console Mode Installer....................................................................................................... 5-2
Installation Prerequisites .......................................................................................................................... 5-3
Database Password ........................................................................................................................... 5-3
RADIUS Authentication ...................................................................................................................... 5-3
LDAP Authentication .......................................................................................................................... 5-3
Dragon Installation Types ........................................................................................................................ 5-4
Enterprise Manager and Reporting .................................................................................................... 5-4
Sensors & Agents............................................................................................................................... 5-4
Standalone ......................................................................................................................................... 5-4
Reporting............................................................................................................................................ 5-5
Custom............................................................................................................................................... 5-5
Upgrading Dragon Software ........................................................................................................................... 5-6
Upgrading from Previous 7.x Versions ..................................................................................................... 5-6
Upgrading Dragon .................................................................................................................................... 5-6
Using Binary Upgrade ............................................................................................................................ 5-10
Supported Platforms......................................................................................................................... 5-10
Binary Upgrade Prerequisites........................................................................................................... 5-10
Procedure......................................................................................................................................... 5-10
How Binary Upgrade Works ............................................................................................................. 5-12
Controlling the Upgrade.................................................................................................................... 5-13
Binary Upgrade Status Information .................................................................................................. 5-13
Binary Upgrade Package Naming Convention Rules....................................................................... 5-15
Enterprise Manager and Reporting Installation ............................................................................................ 5-16
EMS GUI Client Installation .......................................................................................................................... 5-24
EMS Client Installation on Windows Vista ............................................................................................. 5-24
Sensor Installation on UNIX (Sensors & Agents) ......................................................................................... 5-25
Sensors & Agents Installation ................................................................................................................ 5-25
Host Sensor Installation on Windows ........................................................................................................... 5-31
Host Sensor Silent Mode Installation on Windows ....................................................................................... 5-32
Starting the Server ........................................................................................................................................ 5-33
Custom SSL Keystore Generation ............................................................................................................... 5-34
Creating and Modifying Tomcat Certificates ................................................................................................. 5-35
Exporting the Public Key from the Keystore ........................................................................................... 5-36
Ports Used by Dragon .................................................................................................................................. 5-37
Appendix A: Upgrading the Kernel on the Appliance
Appendix B: Hard Drive Installation
xiv
Appendix C: Additional Upgrade Information
Upgrading from V6.x to V7.x ......................................................................................................................... C-1
Pre-Upgrade Information ......................................................................................................................... C-1
V6.x to V7.x Upgrade Procedure ............................................................................................................ C-1
Converting the V6.x Files to V7.x Format .......................................................................................... C-1
Migrating the Sensors........................................................................................................................ C-2
Binary Upgrade from V7.2.1 ......................................................................................................................... C-5
Platform-Specific Pre-Upgrade Information....................................................................................... C-5
Monitoring a 7.2.1.1 Upgrade............................................................................................................ C-6
Upgrading from the EMS Client .............................................................................................................. C-6
Running Binary Upgrade from the Command Line ................................................................................. C-8
Appendix D: Ethernet Port Map Restoration
Problem Description ...................................................................................................................................... D-1
Solution .......................................................................................................................................................... D-1
Preparation in 6.3.3 ................................................................................................................................. D-1
7.2.2 Install .............................................................................................................................................. D-2
Maintaining the 6.3.3 Port Map ............................................................................................................... D-3
Appendix E: LDAP and RADIUS Authentication Requirements
Dragon Roles ................................................................................................................................................. E-1
RADIUS Requirements .................................................................................................................................. E-2
User Requirements ................................................................................................................................. E-2
EMS Server Requirements ..................................................................................................................... E-3
Example .................................................................................................................................................. E-3
LDAP Requirements ...................................................................................................................................... E-4
Sample Enterasys.ldif ............................................................................................................................. E-5
Requirements for LDIF Directory Structure ............................................................................................. E-7
Index
Dragon Intrusion Defense System Installation Guide xv
About This Guide
TheEnterasysDragon
IntrusionDefenseSystemisaproprietaryoperatingsystembasedon
Linux.Dragon
isanintrusiondefensesolutionconsistingofanIntrusionDetectionSystem(IDS),
activeresponse,andintrusionprevention.ThisguidedescribestheinstallationofDragonlegacy
hardwareappliancesandtheDragonEnterpriseManagementServer(EMS)andotherDragon
components.Onceinstallationiscomplete,refertotheDragonIntrusionDefenseSystem
ConfigurationGuide.
ThisguidesupportsDragonIntrusionDefenseSystemVersion7.3,andhigher.
Intended Audience
Thisguideisintendedforexperiencednetworkadministratorswhoareresponsiblefor
implementingandmaintaininganIntrusionDefenseSystem.
Associated Documentation
TheDragonuserdocumentationlistedbelowisavailablefromhttps://dragon.enterasys.com.
Dragon Document Title Description
Installation Guide Provides detailed installation information for the Dragon
hardware appliances and the Dragon Intrusion Defense System
software.
Configuration Guide Describes how to configure Dragon using GUI management
tools. It also describes the placement of Dragon components
within your network.
Creating Host Sensor Policies Describes how to create custom Host Sensor policies.
Creating Network Sensor Policies and
Signatures
Describes how to create custom Network Sensor policies and
signatures.
Reporting Guide Describes Dragon reporting tools. Reporting tools available
from the command line are described in the Dragon Intrusion
Defense System Command Line Tools Reference.
Tutorial Provides basic instructions to install the Dragon Server, Network
Sensor (in IDS mode), and Host Sensor on a single Linux
machine (not a Dragon appliance) and the Dragon Management
Client GUI on a Windows machine. Sample criteria is provided.
IPS Tutorial Provides basic instructions to install the Dragon Server, and
Network Sensor (in IPS mode), on an IPS appliance, and the
Dragon Management Client GUI on a Windows machine.
Sample criteria is provided.
Command Line Tools Reference Describes the forensics command line tools you can use to
analyze a single dragon.db file.
xvi About This Guide
Conventions
Thefollowingconventionsareusedinthisdocument:
Sensor Internal Events An HTML file that lists the Network Sensor and the Host Sensor
internal events and their descriptions.
FAQ Provides the answers to frequently asked questions.
Dragon Document Title Description
bold type Actual user input values or names of screens and commands.
blue type Indicates a hypertext link. When reading this document online, click the text in blue to go to the
referenced figure, table, or section.
italic type User input value required.
courier Used for command-level input or output.
Note: Calls the readers attention to any item of information that may be of special importance.
Caution: Contains information essential to avoid damage to the equipment.
Precaucin: Contiene informacin esencial para prevenir daar el equipo.
Achtung: Verweit auf wichtige Informationen zum Schutz gegen Beschdigungen.
Warning: Warns against an action that could result in personal injury or death.
Advertencia: Advierte contra una accin que pudiera resultar en lesin corporal o la muerte.
Warnhinweis: Warnung vor Handlungen, die zu Verletzung von Personen oder gar Todesfllen
fhren knnen!
Electrical Hazard: Warns against an action that could result in personal injury or death.
Riesgo Electrico: Advierte contra una accin que pudiera resultar en lesin corporal o la
muerte debido a un riesgo elctrico.
Elektrischer Gefahrenhinweis: Warnung vor smtlichen Handlungen, die zu Verletzung von
Personen oder Todesfllen hervorgerufen durch elektrische Spannung fhren knnen!
Dragon Intrusion Defense System Installation Guide xvii
Getting Help
Foradditionalsupport,contactEnterasys Networksusingoneofthefollowingmethods:
BeforecontactingEnterasys Networksfortechnicalsupport,havethefollowinginformation
ready:
YourEnterasys Networksservicecontractnumber.
Adescriptionofthefailure.
Adescriptionofanyaction(s)alreadytakentoresolvetheproblem(forexample,changing
modeswitches,andrebootingtheunit).
TheserialandrevisionnumbersofallinvolvedEnterasys Networksproductsinthenetwork.
TheserialandrevisionnumberforaDragonapplianceisa12characterstringsuchas:
Adescriptionofyournetworkenvironment(forexample,layout,andcabletype).
Networkloadandframesizeatthetimeoftrouble(ifknown).
Thedevicehistory(forexample,haveyoureturnedthedevicebefore,isthisarecurring
problem).
AnypreviousReturnMaterialAuthorization(RMA)numbers.
World Wide Web http://www.enterasys.com/support
Phone 1-800-872-8440 (toll-free in U.S. and Canada) or 1-978-684-1000
For the Enterasys Networks Support toll-free number in your country:
http://www.enterasys.com/support
Internet mail support@enterasys.com
To expedite your message, please type [dragon] in the subject line.
To send comments or suggestions concerning this document to the Technical Publications Department:
techpubs@enterasys.com
To expedite your message, please include the document Part Number in the email message.
97260022040D
xviii About This Guide
Dragon Intrusion Defense System Installation Guide 1-1
1
DSNSA7-GE500-SX/TX, DSIPA7-GE500-SX/TX,
DSEMA7-U, DRAGON-E500-SX/TX
Overview and Setup
TheEnterasysDragonIntrusionDefenseSystemisaproprietaryoperatingsystembasedon
Linux.Thischapterdescribesthecomponentsshippedwiththeappliance,specifications,and
requirements.
ForSafetyinformation,refertoSafetyWarningsandCautionsonpage 18beforeinstalling
theappliance.
TheappliancesinthischapterusetheIntel
SR1400chassis.RefertoRegulatoryand
ComplianceInformationonpage 119.
ForthelatestRegulatoryandComplianceinformation,goto
http://www.intel.com/support/motherboards/server/chassis/sr1400.
Kit Contents
YourDragonappliancewasshippedwiththefollowingcomponents:
TheDragonIntrusionDefenseSystemApplianceQuickStartcard
OneCDROMcontainingDragonsoftware
Onepowercord
For information about... Refer to page...
Kit Contents 1-1
Specifications 1-2
Power Supply 1-3
Chassis Back Panel I/O Ports and Features 1-4
Front Panel Controls and Indicators 1-5
Installing the Appliance into a Rack 1-7
Safety Warnings and Cautions 1-8
Regulatory and Compliance Information 1-19
Specifications
1-2 DSNSA7-GE500-SX/TX, DSIPA7-GE500-SX/TX, DSEMA7-U, DRAGON-E500-SX/TX Overview and Setup
Specifications
ThephysicalspecificationsfortheappliancesarelistedinTable 11,andtheenvironmental
specificationsarelistedinTable 12.
Table 1-1 Physical Specifications
Specification Description
Dimensions (approximate) Height: 1.703 in. (43.25 mm)
Width: 16.930 in. (430 mm)
Depth: 26.457 in. (672 mm)
Weight: 31 lb (14.1 kg)
Hard Drives
(dependent on option selected)
Up to three fixed, hot-swap SATA or hot-swap SCSI drives
Peripherals
Slimline bay for CD-ROM, DVD-ROM drive, or floppy drive
PCI riser card (configurations depend on accessories used)
Control Panel Standard Control Panel
LEDs and displays NIC 1 Activity
NIC 2 Activity
Power / Sleep
System Status
System Identification
Hard Drive Activity
Power Supply One 500-W power supply
System Security Lockable front bezel (optional accessory)
Chassis intrusion switch
Lock attach point for chassis cover
Fans Four 40x40x56 mm dual-rotor fans
One 40x40x28 mm single rotor fan
Two 40x40x28 mm fans in the power supply
USB One front panel USB port with Standard Control Panel
Two back panel USB ports
Video One front panel video port
One rear panel video port
Note: Video connections must be used separately. The board and
chassis do not support synchronous use of video out the front and
back.
Table 1-2 Environmental Specifications
Temperature Non-operating: -40 C to 70 C (-40 F to 158 F)
Operating: 5 C (41 F) to 35 C (95 F); derated 0.5 C
(32.9 F) for every 1000 ft (305 m), to a maximum of
10,000 ft (3048 m).
Humidity Non-operating: 90% relative humidity (non-condensing) at
30 C (86 F).
Shock
Operating Packaged
2.0 g, 11 msec, 1/2 sine
Operational after an 18-inch free fall.
Power Supply
Power Supply
ThefollowingsectiondescribesthepowersupplyavailablefortheDragonapplianceslistedinthis
chapter.
500-Watt Power Supply
The500wattpowersupplyconsistsofthepowersupplybayandonepowersupplymodule.The
powersupplyprovides500wattsofpowerandisdesignedtominimizeEMI.Thepowersupply
operateswithinthefollowingvoltagerangesandisratedasfollows:
100120volts(V)at50/60Hertz(Hz);5.2amperes(A)maximum(max)
Table 13liststhetotalwattageavailablefromthepowersubsystemforeachvoltage.Ensurethat
yourloadsdonotexceedatotalwattageof500watts.
Acoustic noise 7 Bels in sound power for a typical office ambient temperature,
65 F to 75 F (18.33 C to 23.89 C). Your selection of
peripherals may change the noise level.
Electrostatic discharge (ESD) Tested to 15 kilovolts (kV); no component damage.
Table 1-2 Environmental Specifications (continued)
Warning: Do not attempt to modify or use the supplied AC power cord if it is not the exact type
required.
The power supply cord is the main disconnect to AC power. The socket outlet must be installed
near the equipment and readily accessible.
If the power cord supplied with the system is not compatible with the AC wall outlet in your region,
get one that meets the following criteria:
The cord must be rated for the available AC voltage and have a current rating that is at least 125
percent of the current rating of the server.
The plug on the power cord that plugs into the wall outlet must be a grounding-type male plug
designed for use in your region. It must have certification marks showing certification by an
agency acceptable in your region.
The connector that plugs into the AC receptacle on the power supply must be an IEC 320, sheet
C13type female connector.
In Europe, the cord must be less than 4.5 meters (14.76 feet) long, and it must be flexible <HAR>
(harmonized) or VDE certified cordage to comply with the chassis safety certifications.
Table 1-3 500-W Power Supply System Output Capability
Voltage Maximum Current
+3.3 V 16 A
+5.0 V 12 A
+5 V Standby 2 A
+12.0 V 35 A
-12.0 V 0.5 A
Caution: Do not exceed an output of 90 watts for the +5 V and +3.3 V outputs. Exceeding an output
of 90 watts will overload the power subsystem and may cause the power supply to overheat and
malfunction.
Chassis Back Panel I/O Ports and Features
Figure 11showsthebackpanelI/Oportsandfeatures.Refertotheillustrationthatrepresents
yourappliance.
Connectyourkeyboard,mouse,video,andI/OcablesasshowninFigure 11.
Figure 1-1 Back I/O Ports and Features
A. PS/2 Mouse, Keyboard, connectors
B. RJ-45 serial B port
C. NIC 1, NIC 2 connectors
D. Video connector
E. USB 1, USB 2 connectors
F. Management Network Interface (optional)
G. SCSI connector (SCSI version only)
H. AC power connector
I. PCI card bracket (full-height)
J. Gigabit copper ports
10/100/1000 Mbps (RJ-45 connectors)
A. PS/2 Mouse, Keyboard, connectors
B. PCI card bracket (low profile)
C. Gigabit copper ports
or
Gigabit Ethernet fiber ports
1000 Base-SX (Full Duplex LC connectors)
or
Gigabit Ethernet copper ports
1000 Base-T (RJ-45 connectors)
D. AC power connector
E. SCSI connector (SCSI version only)
F. Management Network Interface (optional)
G. USB 1, USB 2 connectors
H. Video connector
I. NIC 1 connector
J. NIC 2 connector
K. RJ-45 serial B port
Front Panel Controls and Indicators
Figure 12showsachassisfrontpanelwiththeoptionalCDROMdriveandharddrivebays
installed.Table 14describesthecontrolbuttonfunctionsandLEDstatusforallDragon
appliancesinthischapter.Table 15providesadditionalinformationfortheNICLEDs.
Figure 1-2 Front Panel Controls and Indicators
Table 1-4 Callout Descriptions (Buttons and LEDs)
Callout Name Function
A
B
NIC 2 activity
NIC 1 activity
A continuous green light indicates a link between the system
and the network to which it is connected.
A blinking green light indicates network activity.
C Power/Sleep button The Power button toggles the system power on/off.
The Sleep button is for ACPI-compatible systems.
D Power/Sleep LED A continuous green light indicates that the system has power
applied to it.
A blinking green light indicates that the system is in a S1 sleep
state.
No light indicates that the system does not have power applied
to it (other than the 5 V standby power).
E Hard drive disk status LED A random blinking green light indicates hard drive activity (SCSI,
SATA, or IDE).
A continuous amber light indicates a hard drive disk fault (SCSI
SATA, or IDE).
No light

indicates no hard drive activity.
F Fault LED (system status) A continuous green light indicates that the system is operating
normally.
A blinking green light indicates that the system is operating in a
degraded condition.
A continuous amber light

indicates that the system is in a
critical or nonrecoverable condition.
A blinking amber light indicates that the system is in a
noncritical condition.
No light indicates POST/system stop.
G System ID LED A continuous blue light indicates that the System ID button is
depressed so the light is turned on by software.
No light indicates that the System ID button is not depressed.
H System ID button Toggles the front panel ID LED and the baseboard ID LED on and
off. The baseboard LED is visible from the rear of the chassis and
allows you to locate the server from the rear of a rack of systems.
I Reset button Reboots and initializes the system.
J USB connector Allows you to attach a USB component to the front of the chassis.
K NMI button When you press the recessed button with a paper clip or a pin, a
nonmaskable interrupt is issued, and the server is put into a halt
state for diagnostic purposes.
L Video port Allows you to attach a video monitor to the front of the chassis.
The front and rear video ports cannot be used at the same time.
Table 1-5 NIC LEDs Description
LED State Description
Left LED OFF
Solid Amber
Blinking Green
No network connection
Network connection in place
Transmit/receive activity
Right LED OFF
Solid Amber
Solid Green
10 Mbps connection (if left LED is on or blinking)
100 Mbps connection
1000 Mbps connection
Table 1-4 Callout Descriptions (Buttons and LEDs) (continued)
Installing the Appliance into a Rack
Installationinstructionsforthestandardbracketkitandtheoptionalrailkitareincludedwith
eachkit.
Equipment Rack Precautions
ANCHOR THE EQUIPMENT RACK: The equipment rack must be anchored to an unmovable support to
prevent it from falling over when one or more servers are extended in front of it on slide assemblies. The
equipment rack must be installed according to the manufacturers instructions. You must also consider the
weight of any other device installed in the rack.
MAIN AC POWER DISCONNECT: You are responsible for installing an AC power disconnect for the entire
rack unit. This main disconnect must be readily accessible and it must be labeled as controlling power to the
entire unit, not just to the server(s).
GROUNDING THE RACK INSTALLATION: To avoid the potential for an electrical shock hazard, you must
include a third wire safety grounding conductor with the rack installation. If server power cords are plugged
into AC outlets that are part of the rack, then you must provide proper grounding for the rack itself. If server
power cords are plugged into wall AC outlets, the safety grounding conductor in each power cord provides
proper grounding only for the server. You must provide additional, proper grounding for the rack and other
devices installed in it.
OVERCURRENT PROTECTION: The server is designed for an AC line voltage source with up to 20 amperes
of overcurrent protection. If the power system for the equipment rack is installed on a branch circuit with more
than 20 amperes of protection, you must provide supplemental protection for the server. If more than one
server is installed in the rack, the power source for each server must be from a separate branch circuit.
Cautions
Safety Warnings and Cautions
System power on/off: The power button DOES NOT turn off the system AC power. To remove power from
system, you must unplug the AC power cord from the wall outlet. Make sure the AC power cord is unplugged
before you open the chassis, add, or remove any components.
Hazardous conditions, devices and cables: Hazardous electrical conditions may be present on power,
telephone, and communication cables. Turn off the server and disconnect the power cord,
telecommunications systems, networks, and modems attached to the server before opening it. Otherwise,
personal injury or equipment damage can result.
Electrostatic discharge (ESD) and ESD protection: ESD can damage disk drives, boards, and other parts.
We recommend that you perform all procedures in this chapter only at an ESD workstation. If one is not
available, provide some ESD protection by wearing an antistatic wrist strap attached to chassis groundany
unpainted metal surfaceon your server when handling parts.
ESD and handling boards: Always handle boards carefully. They can be extremely sensitive to ESD. Hold
boards only by their edges. After removing a board from its protective wrapper or from the server, place the
board component side up on a grounded, static free surface. Use a conductive foam pad if available but not
the board wrapper. Do not slide board over any surface.
Installing or removing jumpers: A jumper is a small plastic encased conductor that slips over two jumper
pins. Some jumpers have a small tab on top that you can grip with your fingertips or with a pair of fine needle-
nosed pliers. If your jumpers do not have such a tab, take care when using needle-nosed pliers to remove or
install a jumper; grip the narrow sides of the jumper with the pliers, never the wide sides. Gripping the wide
sides can damage the contacts inside the jumper, causing intermittent problems with the function controlled
by that jumper. Take care to grip with, but not squeeze, the pliers or other tool you use to remove a jumper, or
you may bend or break the stake pins on the board.
Warnings
Cautions
Readallcautionandsafetystatementsinthisdocumentbeforeperforminganyoftheinstructions.
SeealsoIntelServerBoardsandServerChassisSafetyInformationathttp://support.intel.com/support/
motherboards/server/sb/CS010770.htm
The power supply in this product contains no user-serviceable parts. Refer servicing
only to qualified personnel.
Do not attempt to modify or use the supplied AC power cord if it is not the exact type
required. A product with more than one power supply will have a separate AC power
cord for each supply.
The power button on the system does not turn off system AC power. To remove AC
power from the system, you must unplug each AC power cord from the wall outlet or
power supply.
The power cord(s) is considered the disconnect device to the main (AC) power. The
socket outlet that the system plugs into shall be installed near the equipment and shall
be easily accessible.
SAFETY STEPS: Whenever you remove the chassis covers to access the inside of the
system, follow these steps:
1. Turn off all peripheral devices connected to the system.
2. Turn off the system by pressing the power button.
3. Unplug all AC power cords from the system or from wall outlets.
4. Label and disconnect all cables connected to I/O connectors or ports on the back of
the system.
5. Provide some electrostatic discharge (ESD) protection by wearing an antistatic wrist
strap attached to chassis ground of the systemany unpainted metal surface
when handling components.
6. Do not operate the system with the chassis covers removed.
After you have completed the six SAFETY steps above, you can remove the system
covers. To do this:
1. Unlock and remove the padlock from the back of the system if a padlock has been
installed.
2. Remove and save all screws from the covers.
3. Remove the covers.
For proper cooling and airflow, always reinstall the chassis covers before turning on the
system. Operating the system without the covers in place can damage system parts. To
install the covers:
1. Check first to make sure you have not left loose tools or parts inside the system.
2. Check that cables, add-in boards, and other components are properly installed.
3. Attach the covers to the chassis with the screws removed earlier, and tighten them
firmly.
4. Insert and lock the padlock to the system to prevent unauthorized access inside the
system.
5. Connect all external cables and the AC power cord(s) to the system.
A microprocessor and heat sink may be hot if the system has been running. Also, there
may be sharp pins and edges on some board and chassis parts. Contact should be
made with care. Consider wearing protective gloves.
Danger of explosion if the battery is incorrectly replaced. Replace only with the same or
equivalent type recommended by the equipment manufacturer. Dispose of used
batteries according to manufacturers instructions.
The system is designed to operate in a typical office environment. Choose a site that is:
Clean and free of airborne particles (other than normal room dust).
Well ventilated and away from sources of heat including direct sunlight.
Away from sources of vibration or physical shock.
Isolated from strong electromagnetic fields produced by electrical devices.
In regions that are susceptible to electrical storms, we recommend you plug your
system into a surge suppresser and disconnect telecommunication lines to your
modem during an electrical storm.
Provided with a properly grounded wall outlet.
Provided with sufficient space to access the power supply cord(s), because they
serve as the products main power disconnect.
Wichtige Sicherheitshinweise
LesenSiezunchstsmtlicheWarnundSicherheitshinweiseindiesemDokument,bevorSieeine
derAnweisungenausfhren.BeachtenSiehierzuauchdieSicherheitshinweisezuIntelServer
platinenundServergehusenunterhttp://support.intel.com/support/motherboards/server/sb/CS
010770.htm
Benutzer knnen am Netzgert dieses Produkts keine Reparaturen vornehmen. Das
Produkt enthlt mglicherweise mehrere Netzgerte. Wartungsarbeiten mssen von
qualifizierten Technikern ausgefhrt werden.
Versuchen Sie nicht, das mitgelieferte Netzkabel zu ndern oder zu verwenden, wenn
es sich nicht genau um den erforderlichen Typ handelt. Ein Produkt mit mehreren
Netzgerten hat fr jedes Netzgert ein eigenes Netzkabel.
Der Wechselstrom des Systems wird durch den Ein-/Aus-Schalter fr Gleichstrom
nicht ausgeschaltet. Ziehen Sie jedes Wechselstrom-Netzkabel aus der Steckdose
bzw. dem Netzgert, um den Stromanschlu des Systems zu unterbrechen.
SICHERHEISMASSNAHMEN: Immer wenn Sie die Gehuseabdeckung abnehmen
um an das Systeminnere zu gelangen, sollten Sie folgende Schritte beachten:
1. Schalten Sie alle an Ihr System angeschlossenen Peripheriegerte aus.
2. Schalten Sie das System mit dem Hauptschalter aus.
3. Ziehen Sie den Stromanschlustecker Ihres Systems aus der Steckdose.
4. Auf der Rckseite des Systems beschriften und ziehen Sie alle Anschlukabel von
den I/O Anschlssen oder Ports ab.
5. Tragen Sie ein geerdetes Antistatik Gelenkband, um elektrostatische Ladungen
(ESD) ber blanke Metallstellen bei der Handhabung der Komponenten zu
vermeiden.
6. Schalten Sie das System niemals ohne ordnungsgem montiertes Gehuse ein.
Nachdem Sie die oben erwhnten ersten sechs SICHERHEITSSCHRITTE
durchgefhrt haben, knnen Sie die Abdeckung abnehmen, indem Sie:
1. ffnen und entfernen Sie die Verschlueinrichtung (Padlock) auf der Rckseite des
Systems, falls eine Verschlueinrichtung installiert ist.
2. Entfernen Sie alle Schrauben der Gehuseabdeckung.
3. Nehmen Sie die Abdeckung ab.
Zur ordnungsgemen Khlung und Lftung mu die Gehuseabdeckung immer
wieder vor dem Einschalten installiert werden. Ein Betrieb des Systems ohne
angebrachte Abdeckung kann Ihrem System oder Teile darin beschdigen. Um die
Abdeckung wieder anzubringen:
1. Vergewissern Sie sich, da Sie keine Werkzeuge oder Teile im Innern des Systems
zurckgelassen haben.
2. berprfen Sie alle Kabel, Zusatzkarten und andere Komponenten auf
ordnungsgemen Sitz und Installation.
3. Bringen Sie die Abdeckungen wieder am Gehuse an, indem Sie die zuvor gelsten
Schrauben wieder anbringen. Ziehen Sie diese gut an.
4. Bringen Sie die Verschlueinrichtung (Padlock) wieder an und schlieen Sie diese,
um ein unerlaubtes ffnen des Systems zu verhindern.
5. Schlieen Sie alle externen Kabel und den AC Stromanschlustecker Ihres
Systems wieder an.
Der Mikroprozessor und der Khler sind mglicherweise erhitzt, wenn das System in
Betrieb ist. Auerdem knnen einige Platinen und Gehuseteile scharfe Spitzen und
Kanten aufweisen. Arbeiten an Platinen und Gehuse sollten vorsichtig ausgefhrt
werden. Sie sollten Schutzhandschuhe tragen.

Bei falschem Einsetzen einer neuen Batterie besteht Explosionsgefahr. Die Batterie
darf nur durch denselben oder einen entsprechenden, vom Hersteller empfohlenen
Batterietyp ersetzt werden. Entsorgen Sie verbrauchte Batterien den Anweisungen des
Herstellers entsprechend.

Das System wurde fr den Betrieb in einer normalen Broumgebung entwickelt. Der
Standort sollte:
sauber und staubfrei sein (Hausstaub ausgenommen);
gut gelftet und keinen Heizquellen ausgesetzt sein (einschlielich direkter
Sonneneinstrahlung);
keinen Erschtterungen ausgesetzt sein;
keine starken, von elektrischen Gerten erzeugten elektromagnetischen Felder
aufweisen;
in Regionen, in denen elektrische Strme auftreten, mit einem
berspannungsschutzgert verbunden sein; whrend eines elektrischen Sturms
sollte keine Verbindung der Telekommunikationsleitungen mit dem Modem
bestehen;
mit einer geerdeten Wechselstromsteckdose ausgerstet sein;
ber ausreichend Platz verfgen, um Zugang zu den Netzkabeln zu gewhrleisten,
da der Stromanschlu des Produkts hauptschlich ber die Kabel unterbrochen
wird.
/ http://
support.intel.com/support/motherboards/server/sb/CS-010770.htm Intel Server
Boards and Server Chassis Safety Information Intel
Consignes de scurit
Lisezattentiontouteslesconsignesdescuritetlesmisesengardeindiquesdanscedocument
avantdesuivretouteinstruction.ConsultezIntelServerBoardsandServerChassisSafetyInformation
surlesitehttp://support.intel.com/support/motherboards/server/sb/CS010770.htm
Le bloc d'alimentation de ce produit ne contient aucune pice pouvant tre rpare par
l'utilisateur. Ce produit peut contenir plus d'un bloc d'alimentation. Veuillez contacter un
technicien qualifi en cas de problme.
Ne pas essayer d'utiliser ni modifier le cble d'alimentation CA fourni, s'il ne
correspond pas exactement au type requis. Le nombre de cbles d'alimentation CA
fournis correspond au nombre de blocs d'alimentation du produit.
Notez que le commutateur CC de mise sous tension /hors tension du panneau avant
n'teint pas l'alimentation CA du systme. Pour mettre le systme hors tension, vous
devez dbrancher chaque cble d'alimentation de sa prise.
CONSIGNES DE SCURIT -Lorsque vous ouvrez le botier pour accder lintrieur
du systme, suivez les consignes suivantes:
1. Mettez hors tension tous les priphriques connects au systme.
2. Mettez le systme hors tension en mettant linterrupteur gnral en position OFF
(bouton-poussoir).
3. Dbranchez tous les cordons dalimentation c.a. du systme et des prises murales.
4. Identifiez et dbranchez tous les cbles relis aux connecteurs dE-S ou aux accs
derrire le systme.
5. Pour prvenir les dcharges lectrostatiques lorsque vous touchez aux
composants, portez une bande antistatique pour poignet et reliez-la la masse du
systme (toute surface mtallique non peinte du botier).
6. Ne faites pas fonctionner le systme tandis que le botier est ouvert.
Une fois TOUTES les tapes prcdentes accomplies, vous pouvez retirer les
panneaux du systme. Procdez comme suit:
1. Si un cadenas a t install sur larrire du systme, dverrouillez-le et retirez-le.
2. Retirez toutes les vis des panneaux et mettez-les dans un endroit sr.
3. Retirez les panneaux.
Afin de permettre le refroidissement et laration du systme, rinstallez toujours les
panneaux du botier avant de mettre le systme sous tension. Le fonctionnement du
systme en labsence des panneaux risque dendommager ses pices. Pour installer
les panneaux, procdez comme suit:
1. Assurez-vous de ne pas avoir oubli doutils ou de pices dmontes dans le
systme.
2. Assurez-vous que les cbles, les cartes dextension et les autres composants sont
bien installs.
3. Revissez solidement les panneaux du botier avec les vis retires plus tt.
4. Remettez le cadenas en place et verrouillez-le afin de prvenir tout accs non
autoris lintrieur du systme.
5. Rebranchez tous les cordons dalimentation c. a. et cbles externes au systme.
Le microprocesseur et le dissipateur de chaleur peuvent tre chauds si le systme a
t sous tension. Faites galement attention aux broches aigus des cartes et aux
bords tranchants du capot. Nous vous recommandons l'usage de gants de protection.
Danger d'explosion si la batterie n'est pas remonte correctement. Remplacer
uniquement avec une batterie du mme type ou d'un type quivalent recommand par
le fabricant. Disposez des piles uses selon les instructions du fabricant.
Le systme a t conu pour fonctionner dans un cadre de travail normal.
L'emplacement choisi doit tre:
Propre et dpourvu de poussire en suspension (sauf la poussire normale).
Bien ar et loin des sources de chaleur, y compris du soleil direct.
A l'abri des chocs et des sources de vibrations.
Isol de forts champs lectromagntiques genrs par des appareils lectriques.
Dans les rgions sujettes aux orages magntiques il est recomand de brancher
votre systme un supresseur de surtension, et de dbrancher toutes les lignes de
tlcommunications de votre modem durant un orage.
Muni d'une prise murale correctement mise la terre.
Suffisamment spacieux pour vous permettre d'accder aux cbles d'alimentation
(ceux-ci tant le seul moyen de mettre le systme hors tension).
Instrucciones de seguridad importantes
Leatodaslasdeclaracionesdeseguridadyprecaucindeestedocumentoantesderealizar
cualquieradelasinstrucciones.VeaIntelServerBoardsandServerChassisSafetyInformationenen
http://support.intel.com/support/motherboards/server/sb/CS010770.htm
El usuario debe abstenerse de manipular los componentes de la fuente de
alimentacin de este producto, cuya reparacin debe dejarse exclusivamente en
manos de personal tcnico especializado. Puede que este producto disponga de ms
de una fuente de alimentacin.
No intente modificar ni usar el cable de alimentacin de corriente alterna, si no
corresponde exactamente con el tipo requerido.
El nmero de cables suministrados se corresponden con el nmero de fuentes de
alimentacin de corriente alterna que tenga el producto.
Ntese que el interruptor activado/desactivado en el panel frontal no desconecta la
corriente alterna del sistema. Para desconectarla, deber desenchufar todos los
cables de corriente alterna de la pared o desconectar la fuente de alimentacin.
INSTRUCCIONES DE SEGURIDAD: Cuando extraiga la tapa del chasis para acceder
al interior del sistema, siga las siguientes instrucciones:
1. Apague todos los dispositivos perifricos conectados al sistema.
2. Apague el sistema presionando el interruptor encendido/apagado.
3. Desconecte todos los cables de alimentacin CA del sistema o de las tomas de
corriente alterna.
4. Identifique y desconecte todos los cables enchufados a los conectores E/S o a los
puertos situados en la parte posterior del sistema.
5. Cuando manipule los componentes, es importante protegerse contra la descarga
electrosttica (ESD). Puede hacerlo si utiliza una muequera antiesttica sujetada
a la toma de tierra del chasis o a cualquier tipo de superficie de metal sin pintar.
6. No ponga en marcha el sistema si se han extrado las tapas del chasis.
Despus de completar las seis instrucciones de SEGURIDAD mencionadas, ya puede
extraer las tapas del sistema. Para ello:
1. Desbloquee y extraiga el bloqueo de seguridad de la parte posterior del sistema, si
se ha instalado uno.
2. Extraiga y guarde todos los tornillos de las tapas.
3. Extraiga las tapas.
Para obtener un enfriamiento y un flujo de aire adecuados, reinstale siempre las tapas
del chasis antes de poner en marcha el sistema. Si pone en funcionamiento el sistema
sin las tapas bien colocadas puede daar los componentes del sistema. Para instalar
las tapas:
1. Asegrese primero de no haber dejado herramientas o componentes sueltos dentro
del sistema.
2. Compruebe que los cables, las placas adicionales y otros componentes se hayan
instalado correctamente.
3. Incorpore las tapas al chasis mediante los tornillos extrados anteriormente,
tensndolos firmemente.
4. Inserte el bloqueo de seguridad en el sistema y bloquelo para impedir que pueda
accederse al mismo sin autorizacin.
5. Conecte todos los cables externos y los cables de alimentacin CA al sistema.
Si el sistema ha estado en funcionamiento, el microprocesador y el disipador de calor
pueden estar an calientes. Tambin conviene tener en cuenta que en el chasis o en el
tablero puede haber piezas cortantes o punzantes. Por ello, se recomienda precaucin
y el uso de guantes protectores.
Existe peligro de explosin si la pila no se cambia de forma adecuada. Utilice
solamente pilas iguales o del mismo tipo que las recomendadas por el fabricante del
equipo. Para deshacerse de las pilas usadas, siga igualmente las instrucciones del
fabricante.
El sistema est diseado para funcionar en un entorno de trabajo normal. Escoja un
lugar:
Limpio y libre de partculas en suspensin (salvo el polvo normal).
Bien ventilado y alejado de fuentes de calor, incluida la luz solar directa.
Alejado de fuentes de vibracin.
Aislado de campos electromagnticos fuertes producidos por dispositivos
elctricos.
En regiones con frecuentes tormentas elctricas, se recomienda conectar su
sistema a un eliminador de sobrevoltage y desconectar el mdem de las lneas de
telecomunicacin durante las tormentas.
Provisto de una toma de tierra correctamente instalada.
Provisto de espacio suficiente como para acceder a los cables de alimentacin, ya
que stos hacen de medio principal de desconexin del sistema.
AVVERTENZA: Italiano
Rivolgersi ad un tecnico specializzato per la riparazione dei componenti
dell'alimentazione di questo prodotto. possibile che il prodotto disponga di pi fonti di
alimentazione.
Non modificare o utilizzare il cavo di alimentazione in c.a. fornito dal produttore, se non
corrisponde esattamente al tipo richiesto. Ad ogni fonte di alimentazione corrisponde
un cavo di alimentazione in c.a. separato.
Linterruttore attivato/disattivato nel pannello anteriore non interrompe lalimentazione
in c.a. del sistema. Per interromperla, necessario scollegare tutti i cavi di
alimentazione in c.a. dalle prese a muro o dallalimentazione di corrente.
PASSI DI SICUREZZA: Qualora si rimuovano le coperture del telaio per accedere
allinterno del sistema, seguire i seguenti passi:
1. Spegnere tutti i dispositivi periferici collegati al sistema.
2. Spegnere il sistema, usando il pulsante spento/acceso dellinterruttore del sistema.
3. Togliere tutte le spine dei cavi del sistema dalle prese elettriche.
4. Identificare e sconnettere tutti i cavi attaccati ai collegamenti I/O od alle prese
installate sul retro del sistema.
5. Qualora si tocchino i componenti, proteggersi dallo scarico elettrostatico (SES),
portando un cinghia anti-statica da polso che attaccata alla presa a terra del telaio
del sistema qualsiasi superficie non dipinta .
6. Non far operare il sistema quando il telaio senza le coperture.
Dopo aver seguito i sei passi di SICUREZZA sopracitati, togliere le coperture del telaio
del sistema come seque:
1. Aprire e rimuovere il lucchetto dal retro del sistema qualora ve ne fosse uno
installato.
2. Togliere e mettere in un posto sicuro tutte le viti delle coperture.
3. Togliere le coperture.
Per il giusto flusso dellaria e raffreddamento del sistema, rimettere sempre le
coperture del telaio prima di riaccendere il sistema. Operare il sistema senza le
coperture al loro proprio posto potrebbe danneggiare i componenti del sistema. Per
rimettere le coperture del telaio:
1. Controllare prima che non si siano lasciati degli attrezzi o dei componenti dentro il
sistema.
2. Controllare che i cavi, dei supporti aggiuntivi ed altri componenti siano stati installati
appropriatamente.
3. Attaccare le coperture al telaio con le viti tolte in precedenza e avvitarle
strettamente.
4. Inserire e chiudere a chiave il lucchetto sul retro del sistema per impedire laccesso
non autorizzato al sistema.
5. Ricollegare tutti i cavi esterni e le prolunghe AC del sistema.
Se il sistema stato a lungo in funzione, il microprocessore e il dissipatore di calore
potrebbero essere surriscaldati. Fare attenzione alla presenza di piedini appuntiti e
parti taglienti sulle schede e sul telaio. consigliabile l'uso di guanti di protezione.
Esiste il pericolo di un esplosione se la pila non viene sostituita in modo corretto.
Utilizzare solo pile uguali o di tipo equivalente a quelle consigliate dal produttore. Per
disfarsi delle pile usate, seguire le istruzioni del produttore.
Il sistema progettato per funzionare in un ambiente di lavoro tipo. Scegliere una
postazione che sia:
Pulita e libera da particelle in sospensione (a parte la normale polvere presente
nell'ambiente).
Ben ventilata e lontana da fonti di calore, compresa la luce solare diretta.
Al riparo da urti e lontana da fonti di vibrazione.
Isolata dai forti campi magnetici prodotti da dispositivi elettrici.
In aree soggette a temporali, consigliabile collegare il sistema ad un limitatore di
corrente. In caso di temporali, scollegare le linee di comunicazione dal modem.
Dotata di una presa a muro correttamente installata.
Dotata di spazio sufficiente ad accedere ai cavi di alimentazione, i quali
rappresentano il mezzo principale di scollegamento del sistema.
Regulatory and Compliance Information
Product Safety Compliance
TheServerChassisSR1400complieswiththefollowingsafetyrequirements:
UL60950CSA60950(USA/Canada)
EN60950(Europe)
IEC60950(International)
CBCertificate&Report,IEC60950(reporttoincludeallcountrynationaldeviations)
GSLicense(Germany)
GOSTR5037792License(Russia)
BelarusLicense(Belarus)
UkraineLicense(Ukraine)
CELowVoltageDirective73/23/EEE(Europe)
IRAMCertification(Argentina)
GB4943CNCACertification(China)
Product EMC Compliance Class A Compliance
TheServerChassisSR1400hasbeentestedandverifiedtocomplywiththefollowing
electromagneticcompatibility(EMC)regulationswheninstalledinacompatibleIntelhost
system.Forinformationoncompatiblehostsystem(s),refertoIntelsServerBuilderWebsiteor
contactyourlocalIntelrepresentative.
FCC/ICES003Emissions(USA/Canada)Verification
CISPR22Emissions(International)
EN55022Emissions(Europe)
EN55024Immunity(Europe)
EN6100032Harmonics(Europe)
EN6100033VoltageFlicker(Europe)
CEEMCDirective89/336/EEC(Europe)
VCCIEmissions(Japan)
AS/NZS3548Emissions(Australia/NewZealand)
BSMICNS13438Emissions(Taiwan)
GOSTR2921691Emissions(Russia)
GOSTR5062895Immunity(Russia)
RRLMICNoticeNo.199741(EMC)&199742(EMI)(Korea)
GB17625(Harmonics)CNCACertification(China)
Certifications / Registrations / Declarations
ULCertification(US/Canada)
CEDeclarationofConformity(CENELECEurope)
FCC/ICES003ClassAAttestation(USA/Canada)
VCCICertification(Japan)
CTickDeclarationofConformity(Australia)
MEDDeclarationofConformity(NewZealand)
BSMICertification(Taiwan)
GOSTRCertification/License(Russia)
BelarusCertification/License(Belarus)
RRLCertification(Korea)
CNCACertification(China)
EcologyDeclaration(International)
Product Regulatory Compliance Markings
ThisproductismarkedwiththefollowingProductCertificationMarkings:
Regulatory Compliance Country Marking
cULus Listing Marks USA/Canada
GS Mark Germany
CE Mark Europe
FCC Marking (Class A) USA
Electromagnetic Compatibility Notices
FCC (USA)
ThisdevicecomplieswithPart15oftheFCCRules.Operationissubjecttothefollowingtwo
conditions:(1)thisdevicemaynotcauseharmfulinterference,and(2)thisdevicemustacceptany
interferencereceived,includinginterferencethatmaycauseundesiredoperation.
ForquestionsrelatedtotheEMCperformanceofthisproduct,contact:
IntelCorporation
5200N.E.ElamYoungParkway
Hillsboro,OR97124
18006288686
ThisequipmenthasbeentestedandfoundtocomplywiththelimitsforaClassAdigitaldevice,
pursuanttoPart15oftheFCCRules.Theselimitsaredesignedtoprovidereasonableprotection
againstharmfulinterferenceinaresidentialinstallation.Thisequipmentgenerates,uses,andcan
radiateradiofrequencyenergyand,ifnotinstalledandusedinaccordancewiththeinstructions,
maycauseharmfulinterferencetoradiocommunications.However,thereisnoguaranteethat
interferencewillnotoccurinaparticularinstallation.Ifthisequipmentdoescauseharmful
interferencetoradioortelevisionreception,whichcanbedeterminedbyturningtheequipment
offandon,theuserisencouragedtotrytocorrecttheinterferencebyoneormoreofthefollowing
measures:
Reorientorrelocatethereceivingantenna.
Increasetheseparationbetweentheequipmentandthereceiver.
EMC Marking (Class A) Canada
VCCI Marking (Class A) Japan
BSMI Certification
Number & Class A
Warning
Taiwan
GOST R Marking Russia
RRL MIC Mark Korea

Connecttheequipmenttoanoutletonacircuitotherthantheonetowhichthereceiveris
connected.
Consultthedealeroranexperiencedradio/TVtechnicianforhelp.
Anychangesormodificationsnotexpresslyapprovedbythegranteeofthisdevicecouldvoidthe
usersauthoritytooperatetheequipment.Thecustomerisresponsibleforensuringcomplianceof
themodifiedproduct.
Onlyperipherals(computerinput/outputdevices,terminals,printers,etc.)thatcomplywithFCC
ClassAorBlimitsmaybeattachedtothiscomputerproduct.Operationwithnoncompliant
peripheralsislikelytoresultininterferencetoradioandTVreception.
Allcablesusedtoconnecttoperipheralsmustbeshieldedandgrounded.Operationwithcables,
connectedtoperipherals,thatarenotshieldedandgroundedmayresultininterferencetoradio
andTVreception.
Industry Canada (ICES-003)
Cetappareilnumriquerespecteleslimitesbruitsradiolectriquesapplicablesauxappareils
numriquesdeClasseAprescritesdanslanormesurlematrielbrouilleur:Appareils
Numriques,NMB003dicteparleMinistreCanadiandesCommunications.
Englishtranslationofthenoticeabove:
ThisdigitalapparatusdoesnotexceedtheClassAlimitsforradionoiseemissionsfromdigital
apparatussetoutintheinterferencecausingequipmentstandardentitledDigitalApparatus,
ICES003oftheCanadianDepartmentofCommunications.
Europe (CE Declaration of Conformity)
Thisproducthasbeentestedinaccordancetoo,andcomplieswiththeLowVoltageDirective(73/
23/EEC)andEMCDirective(89/336/EEC).TheproducthasbeenmarkedwiththeCEMarkto
illustrateitscompliance.
VCCI (Japan)
ThisisaClassAproductbasedonthestandardoftheVoluntaryControlCouncilforInterference
(VCCI)fromInformationTechnologyEquipment.Ifthisisusedneararadioortelevisionreceiver
inadomesticenvironment,itmaycauseradiointerference.Installandusetheequipment
accordingtotheinstructionmanual.
BSMI (Taiwan)
TheBSMICertificationMarkingandEMCwarningislocatedontheoutsiderearareaofthe
product.
Korean RRL Compliance
1. TypeofEquipment(ModelName):OnLicenseandProduct
2. CertificationNo.:OnRRLcertificate.ObtaincertificatefromlocalIntelrepresentative
3. NameofCertificationRecipient:IntelCorporation
4. DateofManufacturer:Refertodatecodeonproduct
5. Manufacturer/Nation:IntelCorporation/Refertocountryoforiginmarkedonproduct
2
DRAGON-EAL-SX/TX, DSEPA7, DSNSA7-FE-TX,
DSISA7-SX/TX, DSIPA7-FE-TX, DSEMA7-LE/ME,
DSNSA7-GE250-SX/TX, DSIPA7-GE250-SX/TX
Overview and Setup
requirements.
theappliance.
http://www.intel.com/support/motherboards/server/chassis/sr1400/sb/cs013927.htm.
Kit Contents
Onepowersupply
Onepowercord
Kit Contents 2-1
Specifications 2-2
Power Supply 2-3
Chassis Back Panel I/O Ports and Features 2-5
Specifications
2-2 DRAGON-EAL-SX/TX, DSEPA7, DSNSA7-FE-TX, DSISA7-SX/TX, DSIPA7-FE-TX, DSEMA7-LE/ME, DSNSA7-GE250-SX/TX,
Specifications
Thephysicalspecificationsfortheappliancesarelistedinthefollowingtables.
Dimensions (approximate) Height: 1.703 in. (43.25 mm)
Width: 16.930 in. (430 mm)
Depth: 26.457 in. (672 mm)
Max Weight: 31 lb (14.1 kg)
Hard Drives
Up to three fixed, hot-swap SATA or hot-swap SCSI drives
Peripherals
Slimline bay for CD-ROM, DVD/drive, or floppy drive
PCI riser card (configurations depend on accessories used)
One external serial port and one serial header
One 40-pin ATA-100 IDE connector
An integrated Serial ATA controller with 4 serial ports output.
Support for Raid 0, 1, and 10
One standard 34-pin front panel connector supporting floppy drive
interface with support for one drive, for use with or without
backplane
PS/2 keyboard and mouse ports
LEDs and displays NIC 1 Activity
NIC 2 Activity
Power / Sleep
System Status
System Identification
Hard Drive Activity
Power Supply One 500-watt power supply
Fans Support for up to four system fan modules and one processor fan
USB Two external USB 2.0 ports on the back panel with an additional
internal header, which provides support for two additional USB ports
with front panel support (four total possible USB 2.0 ports)
Video One rear panel video port
Operating Temperature -10 C to 35 C (50 F to 95 F) with the maximum rate of change not
to exceed 10 C (50 F) per hour
Non-Operating Temperature -40 C to +70 C (-40 F to 158 F)
Altitude -60 meters (-197 feet) below sea level to 4000 meters (13,123 feet)
above sea level
Non-operating humidity 90%, non-condensing @ 35 C (95 F)
95%, non-condensing @ 30 C (86 F) for -GIG appliances
Power Supply
Power Supply
ThefollowingsectiondescribesthepowersupplyavailablefortheDragonapplianceslistedinthis
chapter.
Acoustic noise Sound Pressure: 55 dBA (Rackmount) in an idle state at typical office
ambient temperature. (23 +/- degrees C)
Sound Power: 7.0 BA in an idle state at typical office ambient
temperature. (23 +/- 2 degrees C)
Operating Shock No errors with a half sine wave shock of 2G (with 11-millisecond
duration).
Package Shock Operational after a 24-inch free fall, although cosmetic damage may
be present (Chassis weight 40 to 80 pounds (18.14 to 36.28 kg))
ESD +/- 15kV per Intel Environmental test specification
System Cooling
Requirement in BTU/Hr
1826 BTU/hour
Table 2-2 Environmental Specifications (continued)
required.
Power Supply
The500wattpowersupplyconsistsofthepowersupplybayandonepowersupplymodule.The
powersupplyprovides500wattsofpowerandisdesignedtominimizeEMI.Thepowersupply
operateswithinthefollowingvoltagerangesandisratedasfollows:
Table 23liststhetotalwattageavailablefromthepowersubsystemforeachvoltage.Ensurethat
yourloadsdonotexceedthecombinedtotalwattageof500watts.
Table 2-3 500-Watt Power Supply System Output Capability
+3.3 V 16 A
+5.0 V 12 A
+5 V Standby 2 A
+12.0 V 35 A
-12.0 V 0.5 A
Caution: Do not exceed a power output of 90 watts for the +5 V and +3.3 V outputs. Exceeding an
output of 90 watts will overload the power subsystem and may cause the power supply to overheat
and malfunction.
Figure 21showsthebackI/Oportsandfeatures.Refertotheillustrationthatrepresentsyour
appliance.
Connectyourkeyboard,mouse,video,andcablesasshowninFigure 21.
A. Serial A port connector
B. NIC 1, 10/100/1000 Mbps (RJ-45 connector)
C. Gigabit Ethernet copper ports
or
Gigabit Ethernet fiber ports
E. Power supply fans
F. USB 1, USB 2, connectors
G. NIC 2, 10/100/1000 Mbps (RJ-45 connector)
H. Video connector
I. PS/2 Mouse, Keyboard, connectors
A. Serial A port connector
B. NIC 1, 10/100/1000 Mbps (RJ-45 connector)
C. 1000 Base-SX Gigabit fiber (LC connector)
or
10/100/1000 Base-T (RJ-45 connector)
E. Power supply fans
G. NIC 2, 10/100/1000 Mbps (RJ-45 connector)
H. Video connector
I. PS/2 Mouse, Keyboard, connectors
Figure 22showsachassisfrontpanelwiththeoptionalDVD/CDdriveandfloppydiskdrive
installed.Table 24describesthecontrolbuttonfunctionsandtheLEDstatusforallDragon
applianceslistedinthischapter.Table 25providesadditionalinformationfortheNICLEDs.
A
B
NIC 2 activity
NIC 1 activity
applied to it.
A blinking green light indicates that the system is in an S1 sleep
state.
SATA, or IDE).
A continuous amber light indicates a hard drive disk fault (SCSI
SATA, or IDE).
No light

indicates no hard drive activity, nor fault (SCSI, SATA, or
IDE).
F System Status LED A continuous green light indicates that the system is operating
normally.
degraded condition.

indicates that the system is in a critical
or nonrecoverable condition.
A blinking amber light indicates that the system is in a noncritical
condition.
G System ID LED A continuous blue light indicates that the ID button is depressed
so the light is turned on by software.
No light indicates that the ID button is not depressed.
Left LED OFF
Solid Amber
Blinking Green
Right LED OFF
Solid Amber
Solid Green
100 Mbps connection
eachkit.
Cautions
Warnings
Cautions
SeealsoIntelServerBoardsandServerChassisSafetyInformationathttp://support.intel.com/support/
motherboards/server/sb/CS010770.htm
The power supply in this product contains no user-serviceable parts. Refer servicing
only to qualified personnel.
power supply.
SAFETY STEPS: Whenever you remove the chassis covers to access the inside of
the system, follow these steps:
4. Label and disconnect all cables connected to I/O connectors or ports on the back of
the system.
5. Provide some electrostatic discharge (ESD) protection by wearing an antistatic wrist
strap attached to chassis ground of the systemany unpainted metal surface
when handling components.
covers. To do this:
installed.
For proper cooling and airflow, always reinstall the chassis covers before turning on the
system. Operating the system without the covers in place can damage system parts. To
install the covers:
3. Attach the covers to the chassis with the screws removed earlier, and tighten them
firmly.
4. Insert and lock the padlock to the system to prevent unauthorized access inside the
system.
A microprocessor and heat sink may be hot if the system has been running. Also, there
may be sharp pins and edges on some board and chassis parts. Contact should be
made with care. Consider wearing protective gloves.
Danger of explosion if the battery is incorrectly replaced. Replace only with the same or
equivalent type recommended by the equipment manufacturer. Dispose of used
The system is designed to operate in a typical office environment. Choose a site that is:
system into a surge suppressor and disconnect telecommunication lines to your
derAnweisungenausfhren.BeachtenSiehierzuauchdieSicherheitshinweisezuIntel
ServerplatinenundServergehusenunterhttp://support.intel.com/support/motherboards/server/
sb/CS010770.htm
4. Auf der Rckseite des Systems beschriften und ziehen Sie alle Anschlukabel von
den I/O Anschlssen oder Ports ab.
vermeiden.
1. ffnen und entfernen Sie die Verschlueinrichtung (Padlock) auf der Rckseite des
Systems, falls eine Verschlueinrichtung installiert ist.
1. Vergewissern Sie sich, da Sie keine Werkzeuge oder Teile im Innern des Systems
zurckgelassen haben.
3. Bringen Sie die Abdeckungen wieder am Gehuse an, indem Sie die zuvor gelsten
Schrauben wieder anbringen. Ziehen Sie diese gut an.
4. Bringen Sie die Verschlueinrichtung (Padlock) wieder an und schlieen Sie diese,
um ein unerlaubtes ffnen des Systems zu verhindern.
Systems wieder an.

Batterietyp ersetzt werden. Entsorgen Sie verbrauchte Batterien den Anweisungen des
Herstellers entsprechend.

Standort sollte:
aufweisen;
bestehen;
wird.
/ http://
Consignes de scurit
surlesitehttp://support.intel.com/support/motherboards/server/sb/CS010770.htm
(bouton-poussoir).
3. Dbranchez tous les cordons dalimentation c.a. du systme et des prises murales.
4. Identifiez et dbranchez tous les cbles relis aux connecteurs dE-S ou aux accs
derrire le systme.
1. Si un cadenas a t install sur larrire du systme, dverrouillez-le et retirez-le.
systme.
2. Assurez-vous que les cbles, les cartes dextension et les autres composants sont
bien installs.
http://support.intel.com/support/motherboards/server/sb/CS010770.htm
corriente alterna.
1. Desbloquee y extraiga el bloqueo de seguridad de la parte posterior del sistema, si
se ha instalado uno.
las tapas:
1. Asegrese primero de no haber dejado herramientas o componentes sueltos dentro
del sistema.
fabricante.
lugar:
Aislado de campos electromagnticos fuertes producidos por dispositivos
elctricos.
En regiones con frecuentes tormentas elctricas, se recomienda conectar su
sistema a un eliminador de sobrevoltage y desconectar el mdem de las lneas de
dell'alimentazione di questo prodotto. possibile che il prodotto disponga di pi fonti di
alimentazione.
Non modificare o utilizzare il cavo di alimentazione in c.a. fornito dal produttore, se non
corrisponde esattamente al tipo richiesto. Ad ogni fonte di alimentazione corrisponde
un cavo di alimentazione in c.a. separato.
2. Spegnere il sistema, usando il pulsante spento/acceso dellinterruttore del sistema.
portando un cinghia anti-statica da polso che attaccata alla presa a terra del telaio
del sistema qualsiasi superficie non dipinta .
installato.
sistema.
2. Controllare che i cavi, dei supporti aggiuntivi ed altri componenti siano stati installati
appropriatamente.
strettamente.
4. Inserire e chiudere a chiave il lucchetto sul retro del sistema per impedire laccesso
non autorizzato al sistema.
postazione che sia:
nell'ambiente).
TheSC1425complieswiththefollowingsafetyrequirements:
UL1950CSA950(US/Canada)
EN60950(EuropeanUnion)
CELowVoltageDirective(73/23/EEC)(EuropeanUnion)
EMKOTSE(74SEC)207/94(Nordics)
Product EMC Compliance
TheSC1425hasbeentestedandverifiedtocomplywiththefollowingelectromagnetic
compatibility(EMC)regulationswheninstalledacompatibleIntelhostsystem.Forinformation
oncompatiblehostsystem(s)refertoIntelsServerBuilderwebsiteorcontactyourlocalIntel
representative.
FCC(ClassAVerification)Radiated&ConductedEmissions(USA)
ICES003(ClassA)Radiated&ConductedEmissions(Canada)
CISPR22(ClassA)Radiated&ConductedEmissions(International)
EN55022(ClassA)Radiated&ConductedEmissions(EuropeanUnion)
EN55024(Immunity)(EuropeanUnion)
EN6100032&3(PowerHarmonics&FluctuationandFlicker)
CEEMCDirective(89/336/EEC)(EuropeanUnion)
VCCI(ClassA)Radiated&ConductedEmissions(Japan)
AS/NZS3548(ClassA)Radiated&ConductedEmissions(Australia/NewZealand)
RRL(ClassA)Radiated&ConductedEmissions(Korea)
BSMI(ClassA)Radiated&ConductedEmissions(Taiwan)
ThisproductisprovidedwiththefollowingProductCertificationMarkings.
UL/cULListingMark
CEMark
GermanGSMark
RussianGOSTMark
FCC,ClassAVerificationMarking
ICES003(CanadaEMCComplianceMarking)
VCCI,ClassAMark
AustralianCTickMark
TaiwanBSMICertificationNumberandClassAWarning
USA
IntelCorporation
Hillsboro,OR97124
18006288686
measures:
connected.
themodifiedproduct.
ClassBlimitsmaybeattachedtothiscomputerproduct.Operationwithnoncompliant
andTVreception.
FCC Verification Statement
ProductType:SC1400UP;SE7221BK1E
conditions:(1)Thisdevicemaynotcauseharmfulinterference,and(2)thisdevicemustaccept
anyinterferencereceived,includinginterferencethatmaycauseundesiredoperation.
IntelCorporation
Hillsboro,OR971246497
Phone:1(800)INTEL4Uor1(800)6288686
ICES-003 (Canada)
(Englishtranslationofthenoticeabove)ThisdigitalapparatusdoesnotexceedtheClassAlimits
forradionoiseemissionsfromdigitalapparatussetoutintheinterferencecausingequipment
standardentitledDigitalApparatus,ICES003oftheCanadianDepartmentof
Communications.
Thisproducthasbeentestedinaccordancetoo,andcomplieswiththeLowVoltageDirective(73/
23/EEC)andEMCDirective(89/336/EEC).TheproducthasbeenmarkedwiththeCEMarkto
Japan EMC Compatibility
ElectromagneticCompatibilityNotices(International)
ThisisaClassAproductbasedonthestandardoftheVoluntaryControlCouncilForInterference
BSMI (Taiwan)
TheBSMICertificationnumberandthefollowingwarningislocatedontheproductsafetylabel
whichislocatedonthebottomside(pedestalorientation)orside(rackmountconfiguration).
3
DSNSA7-GIG-SX/TX, DSIPA7-GIG-SX/TX,
DSEMA7-RED-U, DSEMA7-6RED400U
Overview and Setup
requirements.
theappliance.
http://support.intel.com/support/motherboards/server
.
Kit Contents
Two700Wpowersupplies
Onepowercord
Kit Contents 3-1
Specifications 3-2
Power Supply 3-3
Chassis Back I/O Ports and Features 3-4
Specifications
3-2 DSNSA7-GIG-SX/TX, DSIPA7-GIG-SX/TX, DSEMA7-RED-U, DSEMA7-6RED400U Overview and Setup
Specifications
ThephysicalspecificationsfortheappliancesarelistedinTable 31.Theenvironmental
requirementsarelistedinTable 32.
Dimensions (approximate) Height: 87.5 mm (3.445 in.)
Width: 430 mm (16.93 in.)
Depth: 672 mm (26.457 in.)
Base chassis weight: 60 lb (27 kg)
Hard Drives
Up to five fixed or hot-swap SATA or SCSI drives
Drive bay for sixth SATA or SCSI hot-swap hard drive or a 3.5-inch
tape drive
Peripherals
Slimline bay for CD-ROM drive, DVD-ROM drive, or floppy drive
PCI riser card bracket
Fans (dependent on option selected)
Support for up to eight system fans (four standard, four as optional
accessory)
Two non-redundant fans in power supply
Power Supplies One hot-swap 700-watt power supply module
One plus one hot-swap redundant 700-watt power supply
USB One front panel USB port
Two back panel USB ports
Video One front panel video port
One rear panel video port
Temperature Non-operating: -40 C to 70 C (-40 F to 158 F)
Operating: 5 C to 35 C (41 F to 95 F); derated 0.5 C (32.9 F)
for every 1000 ft (305 m), to a maximum of 10,000 ft (3048 m).
Humidity Non-operating: 90% relative humidity (non-condensing) at
30 C (86 F).
Shock
Operating Packaged
2.0 g, 11 msec, 1/2 sine
Operational after an 18-inch free fall.
Acoustic noise 7 Bels in sound power for a typical office ambient temperature,
65 F to 75 F (18.33 C to 23.89 C). Your selection of
peripherals may change the noise level.
Electrostatic discharge (ESD) Tested to 15 kilovolts (kV); no component damage.
Power Supply
Power Supply
ThefollowingsectiondescribesthepowersupplyavailableforDragonapplianceslistedinthis
chapter.
700-Watt Redundant Power Supply Input Voltages
700-Watt Single Power Supply Output Voltages
Thetablebelowliststhetotalwattageavailablefromthepowersubsystemforeachvoltage.Ifyou
configureyoursystemheavily,ensurethatyourloadsdonotexceedthecombinedtotalwattageof
700watts.
required.
Table 3-3 Power Supply Output Capability
+3.3 V 24 A
+ 5.0 V 24 A
+ 5 V Standby 2 A
+ 12.0 V 58 A
-120.0 V 0.5 A
Caution: Do not exceed a combined power output of 140 watts for the +5 V and +3.3 V outputs.
Exceeding a combined 140 watts will overload the power subsystem and may cause the power
supplies to overheat and malfunction. The expansion slots on the server board are rated for no
more than 25 watts for any one slot. The average current usage per slot should not exceed
13 watts.
Chassis Back I/O Ports and Features
Figure 31showsthebackpaneloptions.Refertotheillustrationthatrepresentsyourappliance.
Connectyourkeyboard,mouse,video,andotherI/OcablesasshowninFigure 31.
A. PS/2 Mouse, Keyboard connectors
B. RJ-45 serial port B connector
C. NIC 1, NIC 2,
D. DB9 serial A port cut-out
E. Video connector
F. USB 1, USB 2 connectors
G. Diagnostic Port Code LEDs
H. Management NIC (IMM - Advanced Edition required)
I. External SCSI channel B connector
J. Power supply fans
K. AC Power connectors
(top for redundant power supply)
L. Power supply fans
M. PCI card bracket (full height)
N. Gigabit Ethernet fiber ports,
or
Gigabit Ethernet copper ports,
or
Gigabit copper ports,
O. PCI card bracket (low profile)
C. NIC 1, NIC 2,
E. Video connector
F. USB 1, USB 2 connectors
K. AC power connectors
M. / N. Gigabit Ethernet copper ports,
or
Gigabit copper ports,
C. NIC 1, NIC 2
E. Video connector
K. AC Power connectors
M. Full-height add-on card bracket
N. Low-profile add-on card bracket
Figure 32showsachassisfrontpanelwiththeoptionalDVD/CDdriveinstalled.Table 34
describesthecontrolbuttonfunctionsandtheLEDstatus.Table 35providesadditional
informationfortheNICLEDs.
A
B
NIC 2 activity
NIC 1 activity
applied to it.
A blinking green light indicates that the system is in an S1 sleep
state.
SATA, or IDE).
A continuous amber light indicates a hard drive disk fault (SCSI,
SATA, or IDE).
No light

indicates no hard drive activity, nor fault (SCSI, SATA, or
IDE).
F Fault LED (system status) A continuous green light indicates that the system is operating
normally.
degraded condition.

indicates that the system is in a critical
or nonrecoverable condition.
A blinking amber light indicates that the system is in a noncritical
condition.
G System ID LED A continuous blue light indicates that the System ID button is
depressed so the light is turned on by software.
No light indicates that the System ID button is not depressed.
Left LED OFF
Solid Amber
Blinking Green
Right LED OFF
Solid Amber
Solid Green
100 Mbps connection
eachkit.
Cautions
Beforeworkingwithyourserverproduct,whetheryouareusingthisguideoranyotherresource
asareference,paycloseattentiontothesafetyinstructions.Youmustadheretotheassembly
instructionsinthisguidetoensureandmaintaincompliancewithexistingproductcertifications
andapprovals.Useonlythedescribed,regulatedcomponentsspecifiedinthisguide.Useofother
products/componentswillvoidtheULlistingandotherregulatoryapprovalsoftheproductand
willmostlikelyresultinnoncompliancewithproductregulationsintheregion(s)inwhichthe
productissold.
Warnings
Cautions
The power supply in this product contains no user-serviceable parts. There may be
more than one supply in this product. Refer servicing only to qualified personnel.
power supply.
SAFETY STEPS: Whenever you remove the chassis covers to access the inside of
the system, follow these steps:
4. Label and disconnect all cables connected to I/O connectors or ports on the back
of the system.
5. Provide some electrostatic discharge (ESD) protection by wearing an antistatic
wrist strap attached to chassis ground of the systemany unpainted metal
surfacewhen handling components.
covers. To do this:
installed.
For proper cooling and airflow, always reinstall the chassis covers before turning on
the system. Operating the system without the covers in place can damage system
parts. To install the covers:
3. Attach the covers to the chassis with the screws removed earlier, and tighten
them firmly.
4. Insert and lock the padlock to the system to prevent unauthorized access inside
the system.
A microprocessor and heat sink may be hot if the system has been running. Also,
there may be sharp pins and edges on some board and chassis parts. Contact should
be made with care. Consider wearing protective gloves.
Danger of explosion if the battery is incorrectly replaced. Replace only with the same
or equivalent type recommended by the equipment manufacturer. Dispose of used
The system is designed to operate in a typical office environment. Choose a site that
is:
system into a surge suppressor and disconnect telecommunication lines to your
derAnweisungenausfhren.BeachtenSiehierzuauchdieSicherheitshinweisezuIntel
ServerplatinenundServergehusenunterhttp://support.intel.com/support/motherboards/server/
sb/CS010770.htm.
4. Auf der Rckseite des Systems beschriften und ziehen Sie alle Anschlukabel
von den I/O Anschlssen oder Ports ab.
vermeiden.
1. ffnen und entfernen Sie die Verschlueinrichtung (Padlock) auf der Rckseite
des Systems, falls eine Verschlueinrichtung installiert ist.
/ http://

1. Vergewissern Sie sich, da Sie keine Werkzeuge oder Teile im Innern des
Systems zurckgelassen haben.
3. Bringen Sie die Abdeckungen wieder am Gehuse an, indem Sie die zuvor
gelsten Schrauben wieder anbringen. Ziehen Sie diese gut an.
4. Bringen Sie die Verschlueinrichtung (Padlock) wieder an und schlieen Sie
diese, um ein unerlaubtes ffnen des Systems zu verhindern.
Systems wieder an.
Batterietyp ersetzt werden. Entsorgen Sie verbrauchte Batterien den Anweisungen
des Herstellers entsprechend.
Standort sollte:
aufweisen;
bestehen;
wird.
Consignes de scurit
surlesitehttp://support.intel.com/support/motherboards/server/sb/CS010770.htm.
(bouton-poussoir).
3. Dbranchez tous les cordons dalimentation c.a. du systme et des prises
murales.
4. Identifiez et dbranchez tous les cbles relis aux connecteurs dE-S ou aux
accs derrire le systme.
1. Si un cadenas a t install sur larrire du systme, dverrouillez-le et retirez-
le.
systme.
2. Assurez-vous que les cbles, les cartes dextension et les autres composants
sont bien installs.
http://support.intel.com/support/motherboards/server/sb/CS010770.htm.
1. Desbloquee y extraiga el bloqueo de seguridad de la parte posterior del sistema,
si se ha instalado uno.
corriente alterna.
las tapas:
1. Asegrese primero de no haber dejado herramientas o componentes sueltos
dentro del sistema.
fabricante.
lugar:
Aislado de campos electromagnticos fuertes producidos por dispositivos elctricos.
En regiones con frecuentes tormentas elctricas, se recomienda conectar su sistema
a un eliminador de sobrevoltage y desconectar el mdem de las lneas de
dell'alimentazione di questo prodotto. possibile che il prodotto disponga di pi fonti
di alimentazione.
Non modificare o utilizzare il cavo di alimentazione in c.a. fornito dal produttore, se
non corrisponde esattamente al tipo richiesto. Ad ogni fonte di alimentazione
corrisponde un cavo di alimentazione in c.a. separato.
2. Spegnere il sistema, usando il pulsante spento/acceso dellinterruttore del
sistema.
portando un cinghia anti-statica da polso che attaccata alla presa a terra del
telaio del sistema qualsiasi superficie non dipinta .
installato.
sistema.
2. Controllare che i cavi, dei supporti aggiuntivi ed altri componenti siano stati
installati appropriatamente.
strettamente.
4. Inserire e chiudere a chiave il lucchetto sul retro del sistema per impedire
laccesso non autorizzato al sistema.
postazione che sia:
nell'ambiente).
Product Regulatory Compliance
TheServerChassisSR2400complieswiththefollowingsafetyrequirements:
UL60950CSA60950(USA/Canada)
EN60950(Europe)
CBCertificate&Report,IEC60950(reporttoincludeallcountrynationaldeviations)
GSLicense(Germany)
GOSTR5037792License(Russia)
CELowVoltageDirective73/23/EEE(Europe)
Product EMC Compliance Class A Compliance
TheServerChassisSR2400hasbeenhasbeentestedandverifiedtocomplywiththefollowing
electromagneticcompatibility(EMC)regulationswheninstalledacompatibleIntelhostsystem.
Forinformationoncompatiblehostsystem(s)refertoIntelsServerBuilderWebsiteorcontact
yourlocalIntelrepresentative.
FCC/ICES003Emissions(USA/Canada)Verification
CISPR22Emissions(International)
EN55022Emissions(Europe)
EN55024Immunity(Europe)
EN6100032Harmonics(Europe)
EN6100033VoltageFlicker(Europe)
CEEMCDirective89/336/EEC(Europe)
VCCIEmissions(Japan)
AS/NZS3548Emissions(Australia/NewZealand)
BSMICNS13438Emissions(Taiwan)
GOSTR2921691Emissions(Russia)
GOSTR5062895Immunity(Russia)
RRLMICNoticeNo.199741(EMC)&199742(EMI)(Korea)
GB17625(Harmonics)CNCACertification(China)
Certifications / Registrations / Declarations
ULCertification(US/Canada)
CEDeclarationofConformity(CENELECEurope)
FCC/ICES003ClassAAttestation(USA/Canada)
VCCICertification(Japan)
CTickDeclarationofConformity(Australia)
MEDDeclarationofConformity(NewZealand)
BSMICertification(Taiwan)
GOSTRCertification/License(Russia)
BelarusCertification/License(Belarus)
RRLCertification(Korea)
CNCACertification(China)
EcologyDeclaration(International)
ThisproductismarkedwiththefollowingProductCertificationMarkings:
cULus Listing Marks USA/Canada
GS Mark Germany
CE Mark Europe
FCC Marking (Class A) USA
EMC Marking (Class A) Canada
FCC (USA)
IntelCorporation
Hillsboro,OR97124
18006288686
measures:
VCCI Marking (Class A) Japan
BSMI Certification
Number & Class A
Warning
Taiwan
GOST R Marking Russia
RRL MIC Mark Korea
connected.
themodifiedproduct.
ClassAorBlimitsmaybeattachedtothiscomputerproduct.Operationwithnoncompliant
andTVreception.
Industry Canada (ICES-003)
ThisdigitalapparatusdoesnotexceedtheClassAlimitsforradionoiseemissionsfromdigital
apparatussetoutintheinterferencecausingequipmentstandardentitledDigitalApparatus,
ICES003oftheCanadianDepartmentofCommunications.
Thisproducthasbeentestedinaccordancetoo,andcomplieswiththeLowVoltageDirective
(73/23/EEC)andEMCDirective(89/336/EEC).TheproducthasbeenmarkedwiththeCEMarkto
VCCI (Japan)
ThisisaClassAproductbasedonthestandardoftheVoluntaryControlCouncilforInterference
BSMI (Taiwan)
TheBSMICertificationMarkingandEMCwarningislocatedontheoutsiderearareaofthe
product.
Korean RRL
1. TypeofEquipment(ModelName):OnLicenseandProduct
2. CertificationNo.:OnRRLcertificate.ObtaincertificatefromlocalIntelrepresentative
3. NameofCertificationRecipient:IntelCorporation
4. DateofManufacturer:Refertodatecodeonproduct
5. Manufacturer/Nation:IntelCorporation/Refertocountryoforiginmarkedonproduct
4
Commissioning
Onceanappliancehasbeenphysicallyinstalledintoarack,youneedtopowerontheappliance
andgothroughtheinitialcommissioningprocessaswellasDragonsoftwareinstallation.This
chapterdescribesthecommissioningprocess.
Pre-Commissioning Tasks
Thefollowingprecommissioningtasksmustbecompletedbeforeyoucansetuptheapplianceor
installDragonsoftware.
Gathering Required information
Thefollowinginformationisneededpriortoexecutinganyofthestepsinthesection:
Hostnames
IPAddresses
NetworkSubnetMasks
Thephysicalpapercertificatedeliveredwithyourappliance
Onceyouhavethisinformation,youcancreateasupportaccountandobtainyourlicensekey
file.
Creating a User Account
TogetalicensekeyrequiredtooperateDragonproducts,youmustcreateauseraccount.
Ifyoudonotalreadyhaveauseraccount:
1. GototheEnterasysNetworksDragonSupportSite,https://dragon.enterasys.com,tocreatea
newuseraccount.
Pre-Commissioning Tasks 4-1
Commissioning the Appliance 4-4
Dragon License Key Installation 4-6
Note: To get a license key required to operate Dragon products, you must create a user
account. See Creating a User Account.
Totherightofthescreenisthenewaccountentryarea.ClickSignUp!Onthenextwebpage
clickRegister.Anewpageisdisplayed.Fillintheformcompletely,andclickonNewuser.
Youruserinformation(IDandpassword)isemailedtothespecifiedaccount.
2. GototheEnterasysNetworksDragonSupportSite,https://dragon.enterasys.com,againand
loginusingtheusernameandpasswordemailedtoyou.
YouareplacedintheprotectedareaoftheDragonSupportsite.AleftsideNavigationbar
provideslinksforallactivities.
3. UnderAccount,clickSelfUpgrade.
4. Enterthelicensekeyfoundonyourpapercertificate,andclickSubmit.
Ifyoureceivedmultiplenumbersormultiplecertificates,onlyonenumberneedstobe
entered.Youraccountisnowupgradedfromdemotocustomerstatus.
Generating a New Key
Onceanaccountiscreated,youcangenerateanewkey.Ifyouhaveanexistingaccountandwant
toupgradeit,seeUpgradinganExistingKeyonpage 43.
Togenerateanewkey:
1. UnderDragonLicensing,clickAddaLicense.
2. Enteralicensenumber(fromyourcertificate)andhostnameoftheappliance,andclick
Submit.
3. Repeatstep1andstep2foreachlicensecertificate.
YoumayclickMyRegistrytoviewyourlicenseentries.Youmayaddnotestoeachentry,if
desired.Dragon7.xlicensesarehighlightedinblue.
4. UnderDragonLicensing,clickMyKeyFiles.
5. Inthemiddleofthetable,clickNewDragon7PermanentKeyRequest.
6. Fillintheform,andthenclickSubmit.
Allfieldsarerequired.Thekeyidentifieristohelpyouidentifythekey.
OnekeyfileappliestoallinstalledDragoncomponents.Allofthecomponentsyouhave
licensedaredisplayedinatable.
Note: If you initially acquired an account in demo status, the Add a License link will not be visible
until you upgrade to a release status. You must use the Self Upgrade link with one of your Dragon
licenses to upgrade your account.Then, the Add a License link will be visible.
Notes: The hostname cannot be changed. Licenses are tied to hostnames.
If this a multi-pack, only the first hostname needs to be entered. The other hostnames are listed as
FREE_PLACEHOLDER in your registry. You can change this name, if desired, by clicking on the
name.
Note: A Dragon 7 license can create a Dragon 7 key and a Dragon 6 key. You may wish to generate
a Dragon 6 key to fully enable a Demo version of Dragon 6, prior to upgrading to an enabled
Version 7. Keys generated for Dragon 6 enable Dragon 6 software. Dragon 7 keys enable Dragon 7
software.
7. Checktheboxesnexttothehostnameforthetypeoflicense(HIDS,NIDS,orServer)inthekey
file,andthenclickSubmit.
ForHostSensor,youmustselectthedesiredoperatingsystem.
8. UnderDragonLicensing,clickMyKeyFilesagain.Astatustableisdisplayed.
9. Locatetherowthatcontainsyournewlycreatedkeyidentifier.
10. RightclickonthediskiconintheActionscolumnandselectSaveTargetAstodownloadthe
filetoyourdesireddesignation,orleftclickonthediskicontocopythefiletoyoursystem.
Thisfileisyourlicensekey.
ThemagnifyingglassprovidesinformationaboutthekeyincludingtheMD5Sum.The
trashbinallowsyoutodeletethefile(withconfirmation).
11. Locateyourdownloadedlicensekeyfile,andrenameittodragon.key.Youwillneedthekey
duringtheDragonsoftwareinstallation.
12. GotoCommissioningtheApplianceonpage 44.
Upgrading an Existing Key
Onceanaccounthasbeencreatedyoucanupgradeanexistingkey.Ifyoudonothaveanexisting
keyfromapreviousversionofDragon,seeGeneratingaNewKeyonpage 42togeneratea
newone.
Toupgradeakey:
1. UnderDragonLicensing,clickAddaLicense.
2. Enteralicensenumber(fromyourcertificate)andhostnameoftheappliance,andclick
Submit.
TheUpgradewizardappears.
3. FollowthestepsintheUpgradewizard.
Eachitemeligibleforupgradeislisted.Youcanselectonlyoneitemtoupgrade.Theold
licenseisdisabledandthenewlicenseisappliedtotheexistinghostname(notethatthe
hostnameenteredaboveisignored).
4. ClickConfirmUpgrade.
Allkeyfilesaffectedbytheupgradearelisted.Newkeyfilesarelistedfor7.x.Thesecontain
theexistingkeyfilenameappendedwitha7.Existingkeyfilesarenotmodifiedtoretaintheir
integrityforitemsnotupgraded.
5. UnderDragonLicensing,clickMyKeyFiles.
6. Locatetherowthatcontainsyournewlycreatedkeyidentifier.
7. RightclickonthediskiconintheActionscolumnandselectSaveTargetAstodownloadthe
filetoyourdesireddesignation,orleftclickonthediskicontocopythefiletoyoursystem..
Thisfileisyourlicensekey.
Note: IPS requires two keywords in the license: One for IPS and the other for IDS (Network
Sensor).
Note: The hostname entered is ignored for upgrades. It can be any text.
Commissioning the Appliance
ThemagnifyingglassprovidesinformationaboutthekeyincludingtheMD5Sum.The
trashbinallowsyoutodeletethefile(withconfirmation).
8. Locateyourdownloadedlicensekeyfile,andrenameittodragon.key.
9. Foranappliance,gotoCommissioningtheApplianceonpage 44.ForDragonsoftware
installationonyourdevice,gotoChapter 5,DragonSoftwareInstallation.
PleasereadthePreCommissioningTasksbeforeyoucommissiontheappliance.
Tocommissiontheappliance:
1. Accesstheapplianceusingyouraccessmethod(forexample,SSHorserialconsole).
2. Pressthefrontpanelpowerbuttontoturnontheappliance.
3. Ifthisisnotthefirsttimeyouhaveinitiatedtheappliance,youmaybootfromaCD
containingtheDragonimage(downloadedfromtheDragonsupportsite)toinvokethe
commissioningscreens.
TheDragonApplianceInstallationscreenappears.
4. Typerebootattheprompt.IfusingaCDtoboottheapplianceyoumustremovetheCD
beforetheappliancereboots.
Aftersometime,theloginpromptappears.
5. Typeroot,andthenpressEntertwice(untilyougettotheNoRootPasswordDetected
screen).
6. PressEntertoacceptYes.
7. Enteryournewpassword,andthenpressEnter.
8. Reenteryournewpassword,andthenpressEnteruntilyougettotheConfigureNetwork
screen.
9. IntheConfigureNetworkscreen,pressEntertoacceptYes.
TheHostnamescreenappears.
10. Enterahostname,andthenpressEnter.
TheSetupIPAddressfor<Hostname>screenappears.
11. SelectyourIPtype(staticorDHCP),andthenpressEntertoacceptOK.
TheEnterIPAddressfor<Hostname>screenappears.
12. EntertheIPaddressoftheappliance,andthenpressEntertoacceptOK.
TheEnterNetmaskforLocalNetworkscreenappears.
Note: Enterasys recommends that all passwords be at least eight characters in length.
Note: If there are existing default IP addresses, delete them before you enter the IP address of the
appliance.
13. Enterthenetmaskoftheappliance,andthenpressEntertoacceptOK.
TheEnterGatewayAddressscreenappears.
14. Enteryourgatewayaddress,andthenpressEntertoacceptOK.
TheUseaNameServerscreenappears.
15. PressEntertoacceptYes.
TheSelectNameServicescreenappears.
16. Enterthenameserveraddress,andthenpressEntertoacceptOK.
TheConfirmNetworkSetupscreenappears.
17. Verifyyourinformation,andthenpressEntertoaccept.PressEnteragaininthesecond
verificationscreentoaccept.
TheHWClockscreenappears.
18. IntheHWClockscreen,selectHWClockSettoLocalTime,andthenpressEntertoaccept
OK.
19. SelectthedesiredTimeZonefromtheTimeZonemenu,andthenpressEnter.
TheEnableSNMPscreenappears.
20. Selectoneofthefollowing:
a. IfyoudonotwanttouseSNMPdaemonandtrapservices:
(1) SelectNO,andpressEntertoaccept.
YouareplacedintheDragonInstallationscreen.
(2) GotoStep28.
OR
b. TousetheSNMPdaemonandtrapservices:
(1) SelectYES(thedefault),andpressEntertoaccept.
TheEnterSystemContactscreenappears.
(2) Gotostep21.
21. Enterthesystemcontact,andthenpressEnter.
TheSystemLocationscreenappears.
22. Enterthesystemlocation,andthenpressEnter.
TheReadCommunityStringscreenappears.
23. EntertheReadcommunitystringandpressEnter.
TheWriteCommunityStringscreenappears.
24. EntertheWritecommunitystringandpressEnter.
TheAccessControlscreenappears.
25. EntertheIPaddressfromwhichtoacceptcommunitynamesandpressEnter.
TheSNMPtrapDestinationsscreenappears.
26. EntertheIPaddressoftheSNMPtrapserviceandPressEnter.
Dragon License Key Installation
ThetrapCommunityscreenappears.
27. Enterthecommunitystringforsendingtraps,andthenpressEnter.
Theappliancecommissioningprocedurecompletes.Thismaytakeseveralminutes.
28. YouareplacedintotheDragoninstallation.
29. Refertotherestofthisbookforinstallationproceduresandlicensekeyinformation.
Forinformationaboutthetypesofinstallationsyoucanperformandtheinformationyoumust
provide,readChapter 5,DragonSoftwareInstallation.Althoughtheinstallationsdescribedin
Chapter 5showthescreensforthegraphicalinstallationprocess,theinformationthatmustbe
enteredisthesamefortheconsolemode(ASCIIcommandline)installation.
Dragon License Key Installation
YoucaninstalltheDragonkeyfilefromeitherthenetwork(usingscp),orfromaCD.Thelicense
isinstalledafterallcommissioningtasksarecompletedandbeforeoraftersoftwareinstallation.
NotethatthelicensekeyfilemustbeinstalledpriortorunningDragonontheEMS.
IfyourDragonenvironmentincludesanEMSserver,youonlyneedtoinstallthekeyfileonthe
EMSserver.ThekeysforalltheothernodeswillbepusheddownfromtheEMS.IfyourDragon
componentswillnotbemanagedbyanEMSserver,thenyoumustinstallthekeyfileoneach
nodeseparately.
TocopythefilefromaCD:
1. Typemount/dev/cdrom/mnt.
2. Copythekeyfiletotherequiredlocation.
a. OntheEMSserverandforStandaloneinstallationsonDragonappliances,copythekey
filetotwolocations:/usr/dragonand/usr/dragon/policymgr/keys.Whenyoucopythe
filetothe/policymgr/keysdirectory,renamethekeytosomethingthatwillconveythe
contentsofthekeyfile.Forexample:
cp/mnt/keyfilename /usr/dragon/dragon.key
cp/mnt/keyfilename /usr/dragon/policymgr/keys/<hostname>.key
b. OnNetworkSensors,HostSensors,Reportingnodes,andEFPsthatwillnotbemanaged
byanEMS,copythekeyfiletothe/usr/dragondirectory.
cp/mnt/keyfilename /usr/dragon/dragon.key
3. Ensurethatthedragon.keyfilehasthecorrectfilepermissions(Owner=dragon,
Group=dragon)byenteringthefollowingcommandinthe/usr/dragondirectory:
./install/fixperms.pl

4. Typeumount/mnt
5. Typerebootatthecommandprompttorebootthesystem.
6. Ifyouhavenotpreviouslycompletedthesoftwareinstallation,gotoChapter 5,Dragon
SoftwareInstallation,todeterminethetypeofinstallationyouwant,andfortheinstallation
procedures.
Note: Ignore missing file messages.
Dragon Intrusion Defense System Appliance Installation Guide 5-1
5
Dragon Software Installation
ThischapterdescribeshowtoinstallDragononaDragonappliance,oronanyDragonsupported
platform(refertotheReleaseNotesforsupportinformation).Ifyouareinstallingonanappliance,
theconsolemodeinstaller(commandlineASCIItextversion)isautomaticallyinvokedafterthe
commissioningprocess.Otherwise,thegraphicalinstallerisavailableinyourinstallationbundle.
Installation Overview 5-2
Upgrading Dragon Software 5-6
Enterprise Manager and Reporting Installation 5-16
EMS GUI Client Installation 5-24
Sensor Installation on UNIX (Sensors & Agents) 5-25
Host Sensor Installation on Windows 5-31
Host Sensor Silent Mode Installation on Windows 5-32
Starting the Server 5-33
Custom SSL Keystore Generation 5-34
Creating and Modifying Tomcat Certificates 5-35
Ports Used by Dragon 5-37
Note: For system requirement information, refer to the latest Release Notes.
Installation Overview
5-2 Dragon Software Installation
Dragonoffersfivetypesofsoftwareinstallationsandtwoinstallationmethods.Theconsolemode
textversionoftheinstallerisautomaticallyinvokedafterthecommissioningprocessonaDragon
appliance.ThereisalsoagraphicalinstallationwizardthatusesanInstallAnywareGUIformat.
Notethatinordertousethegraphicalinstallationwizard,thesystemonwhichyouareinstalling
mustsupportgraphicaluserinterfaces.
ThefivesoftwareinstallationoptionsaredescribedinDragonInstallationTypesonpage 54.
ToinstalltheEMSGUIClient,refertoEMSGUIClientInstallationonpage 524.
IfyourenvironmentwilluseeitherRADIUSorLDAPforuserauthenticationandauthorizationin
placeoflocalauthorizationusingtheDragondatabase,seeInstallationPrerequisitesonpage 53.
Installation Methods
Using the Graphical Installation Wizard
Tostartthegraphicalinstallationwizard:
1. LocatetheDragonServerInstallationbundleforyourplatform,eitheronaCD,orinthe
locationtowhichitwasdownloaded(forupgrades)anduntarthebundle.
2. Executetheinstallationfile,Dragon.bin,fromthe/EMS/Disk1/InstData/VMdirectoryor
fromthelocationtowhichitwasuntarred.Forexample:
./Dragon.bin
Thegraphicalinstallationwizardopens.
3. Followtheinstructionsinthewizardtocompleteyourinstallation.
ClickNexttomovetothenextscreenandPrevious(whereapplicable)toreturntoaprevious
screen.ClickFinishwhentheinstallationscreensarecomplete.
Using the Console Mode Installer
Tostarttheconsolemodetextinstaller:
1. LocatetheDragonServerInstallationbundleforyourplatform,eitheronyourCD,orinthe
locationtowhichitwasdownloaded(forupgrades)anduntarthebundle.
2. Executetheinstallationfile,Dragon.bin,fromthe/EMS/Disk1/InstData/VMdirectoryor
fromthelocationtowhichitwasuntarred.Usetheiconsoleparametertoinvoketheconsole
modeinstaller.Forexample:
./Dragon.biniconsole
3. Theconsolemodeinstallerpresentstheinstallationquestionsinatextformat.Youmakeyour
selectionsbyrespondingtotheprompts.
Note: Make sure you unzip/untar the files into a different directory than the client; otherwise, files
may be overwritten. If you are using a GUI facility to untar the bundle, make sure the recreate folder
structure option is on.
Note: Make sure you unzip/untar the files into a different directory than the client; otherwise, files
may be overwritten. If you are using a GUI facility to untar the bundle, make sure the recreate folder
structure option is on.
Installation Prerequisites
Database Password
Duringtheinstallation,youwillhavetoenteraDragonEnterprisedatabaselocalpassword.The
localpasswordallowsthelocaldatabasetobeaccessedwithreadwritepermissions.The
passwordmustbe18alphanumericcharacterstobevalid.
RADIUS Authentication
IfyourenvironmentusesRADIUSauthenticationandauthorizationtoprovideusercredentials
forDragonusers,youmusthavethefollowinginformationbeforestartingaDragonEMS
installation:
TheRADIUSserverIPaddress
TheRADIUSsharedsecret
TheRADIUSauthenticationtype,eitherPAPorCHAP
RefertoAppendix E,LDAPandRADIUSAuthenticationRequirements,forinformationabout
configurationrequirementsfortheRADIUSserver.
LDAP Authentication
IfyourenvironmentusesLDAPauthenticationandauthorizationtoprovideusercredentialsfor
Dragonusers,youmusthavethefollowinginformationbeforestartingaDragonEMSinstallation:
TheLDAPURL,enteredinthefollowingformat:
ldap://<IP address of LDAP server>
Forexample:
ldap://192.168.10.10
TheLDAPgroupbaseDNsetting,enteredinthefollowingformat:
ou=<org-unit>,dc=<domain-comp>,dc=<domain-comp>
Forexample,usingthedefaultvaluesusedbytheDragoninstall:
ou=dragon,dc=vmdc1,dc=local
TheLDAPbasefiltersetting,enteredinthefollowingformat:
(member=cn={USERNAME},cn=<user-definition-location>,
dc=<domain-comp>,dc=<domain-comp>
Forexample,usingthedefaultvaluesusedbytheDragoninstall:
(member=cn={USERNAME},cn=users,dc=vmdc1,dc=local)
RefertoAppendix E,LDAPandRADIUSAuthenticationRequirements,forinformationabout
configurationrequirementsfortheLDAPserver.
Note: The authentication values you enter during installation are written to the login-config.xml file
located in the <installdir>/dragon/enterprise-manager/server/default/conf directory.
If you need to change the values after installation, you can edit that file.
Dragon Installation Types
TheDragoninstallationallowsyoutochoosefromfiveinstallationtypes.Eachtypesatisfiesa
varietyofinstallationrequirements.
Enterprise Manager and Reporting
ThisinstallationisrecommendedwhenyoudesireanEMSserveronlymachine.
TheEnterpriseManagerandReportinginstallationtypeinstalls:
EMSServer
Middleware
EFP(EventFlowProcessor)
Allagents
ReportingComponents
Itdoesnotinstall:
EMSGUIClient
HostorNetworkSensors
Sensors & Agents
Thisinstallationisrecommendedifyoudesireabarebonessensor,anonmanagedsensor,an
enterprisesensor,oranEFP.Forbarebonessensors,donotinstalltheEMSClient.Fornon
managedsensors,donotconfigurepoliciesintheEMSClient.Youmayaccessthereportingtools
forthissensortype.
TheSensors&Agentsinstallationtypeinstalls:
HostSensorsandNetworkSensors
Middleware
EFP
Allagents
ReportingComponents
Itdoesnotinstall:
EMSServer
EMSGUIClient
Standalone
ThisinstallationisrecommendedforEnterpriseManagementServerinstallationswhenyouthink
youmayalsowanttoinstallaNetworkSensorand/orHostSensor,inadditiontotheEMS,onthe
machine.ItinstallseverycomponentofDragonexceptfortheEMSGUIclient.
TheStandaloneinstallationtypeinstalls:
NetworkSensorsandHostSensors
Middleware
EFP
Allagents
ReportingComponents
EMSServer
Itdoesnotinstall:
EMSGUIClient
Reporting
Thisinstallationinstallscomponentsneededforreporting.Afterinstallation,youmustconnectto
aservermachineusingtheEMSclienttoaccesstheReportinginterface.
TheReportinginstallationtypeinstalls:
Allagents
ReportingComponents
Itdoesnotinstall:
EMSServer
EMSGUIClient
Sensors
Middleware
EFP
Custom
TheCustomInstallationallowsyoutocombineanyoftheaboveinstallationsintoasingle
installation.CheckingmultipleinstallationsystemsautomaticallyswitchesyoutoCustommode.
Upgrading Dragon Software
Thissectionprovidesimportantupgradeinformation,andtheinstructionstoupgradethe
software.
RefertoAppendix A,UpgradingtheKernelontheAppliancefortheinstructionstoupgradethe
LinuxKernelontheappliance.
Upgrading from Previous 7.x Versions
WhenyouupgradeaDragondeployment,thereisaparticularordertofollowthatensuresa
successfulresult.
1. IdentifyalltheDragonnodesandapplicationsinyourenvironment.ThesemayincludeEMS
servers,Reportingnodes,NetworkSensors,HostSensors,andEventFlowProcessors(EFPs).
Someofthenodeswillhavetobeupgradedindividuallybyrunningtheinstallprogram.
OthersmaybeupgradedusingtheBinaryUpgradeprocessavailableintheEMS.
2. BackupyourEMSdatabasebeforeupgradingyourEMS.RefertoDatabaseBackuponpage
314oftheDragonIntrusionDefenseSystemConfigurationGuide.
3. UpgradetheEMSandtheEMSclientfirst.TheEMSandtheEMSClientmustbeupgradedby
runningtheDragoninstallationprocessonthehost.RefertoUpgradingDragonon
page 56,andEMSGUIClientInstallationonpage 524,fordetailsonhowtoperformthe
upgrades.
4. UpgradetheReportingnodesbyrunningtheinstallationprocessonthehost.TheReporting
nodescanbeupgradedatthesametime,oraftertheEMS.Theeventchannelremains
backwardcompatible,andolderversionsensorswillcontinuetoreporttheireventstothe
ReportingnodesaftertheReportingnodeshavebeenupgraded.
5. AftertheEMSandEMSclientareupgraded,theNetworkSensors,HostSensors,andEFPs
canallbeupdatedfromtheEMSclientbyusingtheBinaryUpgradeprocess.Thisprocessis
discussedindetailinUsingBinaryUpgradeonpage 510.
Upgrading Dragon
IfyouhaveapreviousversionofDragoninstalled,andwanttoupgradetothelatestversion,
performthefollowingsteps:
ToupgradeDragonsoftware:
1. Gotohttps://dragon.enterasys.com.
2. Logintothesite,gototheDownloadspage,thenselecttheDragonSoftwarelinkandthe
desiredsoftwareversion.
3. DownloadtheEMSServerpackagefortheappropriateOStoyourEMSserver.
4. LogintoyourEMSserverandextractthepackage.
# ssh -1 root <EMSserver>
# tar xvfz EmsServer_<yourOS>_VM_7.x.x-yyy.tar.gz
5. Startyourpreferredinstaller.
Note: If you are upgrading from V6.x to V7.x, refer to Appendix C, Additional Upgrade Information.
Tostartthegraphicalinstallerwizard,execute:
./Dragon.bin
Tostartthetextbasedconsolemodeinstaller,execute:
./Dragon.bin -i console
Thefollowinginstructionsillustrateusingthegraphicalinstallerwizard.Ifyouareusingthe
textbasedconsolemodeinstaller,youmustentertexttorespondtothepromptsonthe
screensratherthanclickingabutton,buttheinformationrequestedisthesame.
6. SelectthelanguagefortheupgradeandclickOK.
7. Anintroductiontotheinstallationprocessisdisplayed.ClickNext..
8. IntheLicenseAgreementscreen,acceptthetermsofthelicense,andclickNext.
9. IntheInstallationFolderscreen,thedefaultDragoninstallationdirectoryisdisplayed.The
upgradesoftwarewillbeinstalledinthedirectoryyouchooseinthisscreen.ClickNext.
Note: If you did not install Dragon in the default directory, click Choose to browse to that directory.
10. Ascreenisdisplayedindicatingthatanexistinginstallationhasbeenfound.Thescreenoffers
twochoices.
Selectoneofthefollowing,andclickNext:
UpgradeDragon:Upgradestheexistinginstallation.Allapplicationfilesareupdatedbut
configurationfilesarenotoverwritten.Thisistheoptionyoushouldchoosewhenyouare
upgradingtoanewversionofthesoftware.
UninstallandInstallNew:Uninstallsthepreviousversionandinstallsthenewversion.
Usethisoptionifyouwantacompletelycleaninstall.
11. Thescreensthatfollowaredependentonyourselection.Refertotheappropriateinstallation
sectionslaterinthischapterforinformationaboutspecificparametersyoumayhavetoenter.
12. UsethissameproceduretoupgradeanyReportingnodesyoumayhave.
13. OnceyouhaveupgradedtheEMSserversoftware,upgradetheEMSclientasdescribedin
EMSGUIClientInstallationonpage 524.
14. AfteryouhaveupgradedyourEMSandEMSclient,youcanusetheDistributedBinary
UpgradefacilitytoupgraderemotesensorsandEFPsfromtheEMS.RefertoUsingBinary
Upgradeonpage 510.
Using Binary Upgrade
AfteryouhaveupgradedyourEMSandEMSclient,youcanusetheDistributedBinaryUpgrade
facilitytoupgraderemotesensorsfromtheEMS.
Supported Platforms
TheDragonEnterpriseManagementServer(EMS)cancentrallyupgradeDragonsoftware
installedonanysupportedplatform.RefertotheDragonReleaseNotesforalistofsupported
platformsforthecurrentrelease.
Binary Upgrade Prerequisites
Eachcandidatesensormachinemustmeetthefollowingrequirementtobeupgradedfromthe
EMS:
gzipandgunzipmustbeavailablesomewhereinthedefaultPATH.
TheremustbeenoughdiskspaceforabackupoftheoriginalDragoninstallation.Thisbackup
ismadetoensuretheinstallationcanberolledbacktoitspreviousstateintheeventofany
problemduringtheupgradeprocess.Ifthispresentsanissue,pleasecontactEnterasys
Support.
Procedure
Thisproceduredescribesthestepstoperformabinaryupgrade.Theupgradepackageisaself
extractingshellarchive.Fordetailedinformationabouthowthebinaryupgradeprocessworks,
refertoHowBinaryUpgradeWorksonpage 512.
1. DownloadtheupgradepackagefromtheDragonsupportsitetoyourEMSservermachine.
Thenameofthepackageisoftheform:
UpgradePackages7.x.xyyy.tar.gz
2. LogintoyourEMSserver.
3. Copytheupgradepackagetoatemporarylocation.
# cp UpgradePackages-7.x.x-yyy.tar.gz /tmp
4. Extractthepackage.
# tar xvfz UpgradePackages-7.x.x-yyy.tar.gz
5. Ifyouputthepackageina/tmpdirectory,thebinaryfileswillbeextractedto
/tmp/policymgr/binaries.YounowhavetomovethemtotheDragoninstallationlocation.
# cd /usr/dragon/policymgr
# mv /tmp/policymgr/binaries /usr/dragon/policymgr
The/usr/dragon/policymgr/binariesdirectorynowcontainsdirectoriesforeachsupported
OS,whichinturncontainthe.shscriptstoperformthebinaryupgradeprocedurethroughthe
EMSclient.
Note: Refer to Binary Upgrade from V7.2.1 on page C-5 if you want to perform a binary upgrade
on remote sensors running V7.2.1. The procedure in this section applies only to remote sensors
running V7.2.2 or later.
6. Ifyouuntarredasthesuperuser,correctpermissionsonthefiles.
# cd /usr/dragon/install
# ./fixperms.pl
7. LaunchyourEMSclient.
8. SelectTools>BinaryUpgrade>BinaryUpgradeManagerfromthemenubartoaccessthe
BinaryUpgradeManagerscreen.
9. IntheBinaryUpgradeManagerscreen,selecttheoperatingsystemfromthePlatformdrop
downmenu.YoumustselectanoperatingsystemdonotleavethedefaultoptionofAllin
thePlatformfield.
AllnodesusingtheoperatingsystemyouselectedarenowlistedintheDeviceNodestable.
10. Selectthenode,ornodes,listedunderNodeNameinthetable,toupgrade.
Thenumberofsimultaneousrequestsissettofive,ofthesameplatform,atthesametime.
EnterasysNetworksdoesnotrecommendupgradingmorethanafewatatime.
11. Ifnecessary,selectthebinaryupgradepackageversionnumberfromtheVersiondropdown
menutoupgradeto.
12. ClickontheUpgradebutton.
Notes:
The node becomes inactive during upgrade. Depending on your bandwidth, environment
settings, and the package size, the node may be inactive for several minutes.
If there is an error during the upgrade, the version number reverts back to the original version.
You can review the upgrade process in the Log Viewer.
13. TheStatusWindowdisplays.ClickontheViewIncompletebuttontodisplayonlythenodes
thatarecurrentlybeingupgraded.
14. Toviewtheupgradeprogress,clickontheViewLogbuttontoopentheLogViewer.TheLog
Viewercanalsobeusedtodetermineifthereisaproblemwiththeupgrade.
Whentheupgradeiscomplete,thesensorbecomesactiveagain,andthenewversionislisted
intheBinaryUpgradeStatusWindow.
15. RepeattheseupgradestepsforeachOSyouhaveinyourenvironment.
How Binary Upgrade Works
Theupgradebundleisaselfextractingshellarchive.Thisiscommunicatedtonetcfgclientbythe
server,andnetcfgclientsimplyexecutesit.IfyouhaveinstalledDragonin/usr/dragon,for
example,theupgradebundlewillbecopiedto/usrasdragonupgrade7.x.x.x.sh.Itisdeliberately
notcopiedtotheDragondirectorytoavoidcomplicationswithlockedfilesduringupgrade.The
defaultbehaviorcanbechangedrefertoControllingtheUpgradeonpage 513.
Onceexecuted,itextractsto/usr/dragonupgrade7.x.x.x/.Insidethatdirectoryisascriptcalled
doupgrade.shthatcontrolstheupgradeprocess.Whiletheupgradeisinprocess,alogfileis
generatedas/usr/dragonupgrade.log,andwhencomplete,successfulorotherwise,thelogfileis
appendedto/usr/dragon/logs/upgrade.log.Thedoupgrade.shscriptitselfmonitorsthesuccessof
theupgrade,andinitiatesarollbackifnecessary.Thelogwillprovidethedetailsonanyupgrade
failure.
Theprocessislistedbelow:
AllDragonprocessesexceptnetcfgclientarestopped.
ThecurrentDragoninstallationiscopiedentirelytoastagingarea.
Newfilesareoverlaid,andoldfilesareremovedasnecessary.Permissionsarereset.
Thecurrentinstallationismovedoutoftheway(todragonbackup<pid>).
Theupgradedinstallationisrenamedtoyouroriginalinstallname(forexample,/usr/dragon).
netcfgclientisstopped.
Dragonisrestartedintheupgraded/usr/dragondirectory.
Controlling the Upgrade
Youcancontrolcertaindetailsofthebinaryupgradewiththefollowingenvironmentvariables.
Eachmustbesetintheenvironmentofthenetcfgclientprocess,soifyouwishtochangethese
settings,priortoupgradingyoushouldopenashellonthesensormachineandissue:
# cd /usr/dragon
# ./dragon-stop.sh
# change environment variables
# ./dragon-start.sh
Wherethesevariablesrepresentpathsonthefilesystem,youmustprovideanabsolutepath.
DRAGON_UPGRADE_TEMP_DIR:apath,thisdetermineswhere
theupgradebundleisstoredwhileintransitfromtheserver.
wheretheupgradelogisstoredduringtheupgradeprocess.
anytemporaryfilesarecreatedduringtheupgradeprocess.Thedefaulttempdirectoryis
theparentofyourDragoninstallationdirectory(forexample,/usr).Ifthispartitionis
readonly,orifthereisnotenoughspace,youcanoverridethedefaulthere.
DRAGON_UPGRADE_DELETE_DRAGON_BACKUP:(default0)ifsetto1,afterthe
upgradeprocesscompletessuccessfully,thebackupmadeofyourpreviousDragon
installationwillbedeleted.
DRAGON_UPGRADE_DELETE_LOG_FILES:(default0)ifsetto1,duringtheupgrade
process,DragonwillremoveoldlogfilesfromyourcurrentDragoninstallation.
DRAGON_UPGRADE_DELETE_CORE_FILES:(default1)ifsetto1,duringtheupgrade
process,DragonwillremoveanydebuggingfilesleftbehindbyyourcurrentDragon
installation.
DRAGON_UPGRADE_DELETE_TMP_UPGRADE_LOG:(default1)ifsetto0,afterthe
upgradeprocess,Dragonwillleavebehindthelogfile
$DRAGON_UPGRADE_TEMP_DIR/dragonupgrade.log
DRAGON_UPGRADE_DRAGON_INSTALL_DIR:netcfgclientcalculatesthisautomatically,
butyoucanoverrideitifnecessary.
Binary Upgrade Status Information
Thefollowingtableliststhebinaryupgradestates,alongwiththeirdescriptions,thatmaybe
displayedintheBinaryUpgradeStatusWindow.
State Description
Upgrade Pending The binary upgrade request was submitted and is awaiting execution.
Upgrade requests remain pending to ensure that the number of
simultaneous requests is set below the maximum number to prevent
system overload. The number of outstanding requests is decremented
each time an outstanding upgrade goes to one of the completed states.
The number of simultaneous requests is set to 5.
Upgrade Downloading The upgrade remains in this state until the upgrade process responds.
This response indicates whether the download was successful, or not, on
the sensor.
Upon success, the state transitions to the Upgrade Started State.
Upon failure, the state transitions to the Completed Failed Before
Upgrade state.
Upgrade Started This state indicates that the upgrade has started on the sensor. The
upgrade remains in this state until the sensor reports that it is either
inactive or upgrading. Once the download has completed, the state
transitions to the Upgrade In Progress state.
Upgrade in Progress This state indicates that we are awaiting the completion of the upgrade
with either an indication of success or failure.
Completed Successful This states indicates that the upgrade was successful. The sensor should
be reporting that it is active, and that it is running at the new revision. To
view the details of the upgrade, click on View Log.
Complete-Fail Before Update This state indicates that the upgrade failed before it was started on the
sensor. The likely cause is a problem downloading the upgrade file, or
starting the upgrade. To view the details of the upgrade failure, click on
View Log.
Complete-Rolled back This state indicates that the upgrade failed during the upgrade process,
and that the sensor has rolled back to the previous revision and
restarted. The sensor should show that it is active and still running the
pre-upgrade revision. To view the details of the upgrade failure, click on
View Log.
Complete-No Response
(timeout)
This state indicates that the sensor has not returned to the active state
within a reasonable amount of time, and will likely require manual
intervention. Currently, the upgrade timeout is set at 20 minutes.
Note: The timeout is based on when the upgrade request was actually
started, not when it was submitted. When a large number of upgrades
are requested simultaneously there may be a long period of time
between the requests submit time and its start time.
The sensor should be checked to determine if there is the unlikely
chance that the upgrade is still progressing.
State Description
Binary Upgrade Package Naming Convention Rules
Thedistributedbinaryupgradepackageshaveaspecificnamingconvention.Ifthepackagesare
notnamedproperly,theywillnotshowupundertheVersionfieldintheBinaryUpgrade
Manager.
Torenameabinaryupgradepackage,youmustfollowtheserules:
Everybinaryupgradepackagemusthavetheplatformnameinit.Forexample,aWindows
upgrademusthavewindowsinthefilename,andanAIXupgrademusthaveAIXinthe
filename.
Windowsbinaryupgradepackagesmustendwith.msi.
AIX,Linux,HPUX,andSolarisbinaryupgradepackagesmustendwith.jar.
Thebinaryupgradepackagemusthaveaversionnumberinitsname,withaleading
lowercasev.Thevdenotesthedigitsthatwillfollow,andwillbethedistributedversion
number.Forexample,afilenamedLinuxPackage_v7.2.3.0.jarwilldisplayas7.2.3.0inthe
BinaryUpgradeManager.
Note: Enterasys Networks recommends that you do not change the binary upgrade package
name.
Enterprise Manager and Reporting Installation
ThissectionprovidestheinstallationproceduretoinstalltheDragonEnterpriseManagerand
Reportingonaserver.Thisinstallationisrecommendedwhenyouwantonlytheservertorunon
amachine.RefertoEnterpriseManagerandReportingonpage 54foralistofthecomponents
installedbythisinstallation.
1. ToinstalltheEnterpriseManager,startyourpreferredinstaller.
./Dragon.bin
2. Selectthelanguagefortheinstallation,andclickOK.
3. Anintroductiontotheinstallationprocessisdisplayed.ClickNext.
4. IntheLicenseAgreementscreen,acceptthetermsofthelicense,andclickNext.
5. IntheInstallationFolderscreen,thedefaultDragoninstallationdirectoryisdisplayed.
Enterasysrecommendsthatyouusethedefaultinstallationdirectory.
ClickChoosetobrowsetoadifferentlocationtoinstallDragon.
Togobacktothedefaultinstallationlocation,clickRestoreDefaultFolder.
ClickNext.
6. IntheChooseInstallSetscreen,clickonEnterpriseManagerandReporting,thenclickNext.
7. IntheDragonCommunicationChannelConfigurationscreen,enterthefollowing
information,thenclickNext.
IPAddressForThisNode:Entertheaddressofthishostsystem.
ConfigurationChannelPort:Acceptthedefaultvalue.
8. InthesecondDragonCommunicationChannelConfigurationscreen,enterthefollowing
information,thenclickNext.
EncryptionType:Choosetheencryptioncipher.Thedefault,AES,istherecommended
encryptiontype.
SharedSecret:EntertheSharedSecretforthisencryptiontype.
9. IntheDragonAuthenticationscreen,selecttheauthenticationmethodtobeusedforlogging
intoDragon.Selectoneofthefollowingmethods,thenclickNext:
DragonLocal:Choosethismethodifuserandroleauthenticationwillbedonebymeans
ofthelocaldatabaseontheEMS.
LDAP:ChoosethismethodifuserandroleauthenticationwillbedonebyanLDAP
server.RefertoLDAPAuthenticationonpage 53formoreinformation.
RADIUS:ChoosethismethodifuserandroleauthenticationwillbedonebyaRADIUS
server.RefertoRADIUSAuthenticationonpage 53formoreinformation.
IfyouchoseDragonLocal,gotoStep 12onpage 521.
IfyouchoseLDAP,gotoStep 10onpage 520.
IfyouchoseRADIUS,gotoStep 11onpage 520.
10. IfyouchosetheLDAPauthenticationmethod,thefollowingscreenisdisplayed.Entervalues
inthefollowingfields,thenclickNext.(GotoStep 12onpage 521.)
LDAPURL:EntertheIPaddressofyourLDAPserver.
LDAPBaseDN:Enterthegroupbasedistinguishedname(DN)foryourLDAPserver.
LDAPFilter:EntertheLDAPbasefiltersettingforyourLDAPserver.
11. IfyouchosetheRADIUSauthenticationmethod,thefollowingscreenisdisplayed.Enter
valuesinthefollowingfields,thenclickNext.(GotoStep 12onpage 521.)
RADIUSIP:EntertheIPaddressofyourRADIUSserver.
SharedSecret:EntertheRADIUSsharedsecret.
SelecttheRADIUSauthenticationtype,eitherPAPorCHAP.
Note: If you do not know the values for your LDAP implementation, and you accept the default
values, you can change them later by editing the login-config.xml file located in the
<installdir>/dragon/enterprise-manager/server/default/conf directory.
Note: If you do not know the values for your RADIUS implementation, and you accept the default
values, you can change them later by editing the login-config.xml file located in the
<installdir>/dragon/enterprise-manager/server/default/conf directory.
12. IntheDragonDatabaseConfigurationscreen,setthedefaultuserpasswordfortheMYSQL
database.Thispasswordallowsthelocaldatabasetobeaccessedwithreadwritepermissions.
ClickNext
13. InthePreInstallationSummaryscreen,reviewthesummarytoverifytheinstallationfolder,
installationsetcomponents,anddiskspacerequirementsinformationiscorrectbefore
continuing.
IfyouselectedtheDragonLocalauthenticationmethod,clickInstallandgotoStep 15.
IfyouselectedLDAPorRADIUSauthentication,clickNextandgotoStep 14.
14. InthesecondPreInstallationSummaryscreen,verifythattheauthenticationvaluesare
correctbeforecontinuing.ClickInstall.
15. TheInstallingDragonscreenappears.
16. Whentheinstallationiscomplete,thePostInstallationSummaryscreenisdisplayed.Click
Donetoclosethewindow.
EMS GUI Client Installation
EMS GUI Client Installation
TheEMSManagementGUIclientinstallermustbelaunchedseparately.
Tostarttheinstaller:
1. LocatetheDragonClientInstallationbundleforyourplatformeitheronyourCDorinthe
locationtowhichitwasdownloaded(forupgrades)andunzip/untarthebundle.
Thisstepisplatformdependent.Invoketheexecutableinthemeansmostfamiliarforyour
platform.
2. Executetheinstallationfile,EMSClient.exeorEMSClient.bin,fromthelocationtowhichit
wasunzipped/untarred.
Thisstepisplatformdependent.Invoketheexecutableinthemeansmostfamiliarforyour
platform.
3. Followtheinstructionsinthewizardtocompleteyourinstallation.
ClickNexttomovetothenextscreen,andPrevioustoreturntoapreviousscreen.ClickDone
whentheinstallationscreensarecomplete.
EMS Client Installation on Windows Vista
InordertoinstalltheDragonEMSclientonWindowsVista,theEMSclientinstallermustberun
inWindowsXPcompatibilitymode.Followthesesteps:
1. LocatetheEMSclientinstallerfile(namedEMSClient.exe)inthe<locationofinstall
bundle>\EMSclient\Disk1\InstData\VM\directory.
2. RightclickontheEMSClient.exefileandselectProperties.
3. SelecttheCompatibilitytab.
4. SelectRunthisprogramincompatibilitymodefor:andthenselectWindowsXPfromthe
dropdownmenu.
5. ClickApply,thenOK.
6. DoubleclickonEMSClient.exetostarttheinstallationprocess.
Note: Make sure you unzip/untar the files into a different directory than the server (and previous
installations of the client). Otherwise, files may be overwritten. If you are using a GUI facility to
unzip/untar the bundle, make sure the recreate folder structure option is on.
Sensor Installation on UNIX (Sensors & Agents)
Thissectiondescribestheinstallationproceduretoinstallasensor.Thisinstallationis
recommendedifyoudesireabarebonessensor,anonmanagedsensor,anenterprisesensor,oran
EFP.RefertoSensors&Agentsonpage 54foralistofthecomponentsinstalled.
IfyouareinstallinganEnterpriseHostorNetworkSensor,youneedtheIPaddressoftheEMS
serverduringthisinstallationprocess.Allinformationrequestedinthesensorinstallationmust
exactlymatchtheinformationconfiguredintheHostorNetworkSensorPolicy.Thesensorwill
notbefunctionaluntilithasbeendeployedfromtheEMSwithapolicy,andadditonallyfor
NetworkSensors,withsignatures.
Sensors & Agents Installation
Preinstallationtasksinclude:
1. Ensurethatallrequiredprerequisitesaremet.
2. Ensurethereisenoughdiskspaceonthepartitionfromwhichyouruntheinstaller.Ifthereis
not,settheenvironmentvariableIATEMPDIRtopointtoapartitionwithmorespace,for
example(assumingsh/bash):
$ export IATEMPDIR=/opt/largedisk
3. Makesurethe/etc/hostsfileissetupcorrectly,withtheIPaddressofthesystemandthe
systemshostname.Forexample:
10.100.100.1 linuxhost1
4. Locatethesensorinstallationbundle.Theexampleusedassumesthattheinstallationbundle
isin/tmp.
5. Unzipanduntartheinstallationbundle.Theinstallerexecutableis
/tmp/EMS/Disk1/InstData/VM/Dragon.bin.
Toinstallasensor:
1. Startyourpreferredinstaller.
./Dragon.bin
Note: You must be user root to install Dragon.
2. Selectthelanguagefortheinstallation,andclickOK.
3. Anintroductiontotheinstallationprocessisdisplayed.ClickNext.
4. Acceptthetermsofthelicense,andclickNext.
5. IntheInstallationFolderscreen,thedefaultDragoninstallationdirectoryisdisplayed.
Enterasysrecommendsthatyouusethedefaultinstallationdirectory.
ClickChoosetobrowsetoadifferentlocationtoinstallDragon.
Togobacktothedefaultinstallationlocation,clickRestoreDefaultFolder.
ClickNext.
6. IntheChooseInstallSetscreen,selectSensors&Agents.ClickNext.
7. IntheDragonCommunicationChannelConfigurationscreen,enterthefollowing
information.
Sensor,AgentNodeIP:Entertheaddressofthishostsystem.
EnterpriseManagementServerIP:EntertheaddressofthesystemthathastheEMS
serverinstalled.
ConfigurationChannelPort:Acceptthedefaultvalue.
CommunicationDirection:
ServertoSensorindicatesthattheEMSwillinitiatetheconfigurationchannel
connection.Youmaywanttoselectthisoptionifsensorsandserverareonopposite
sidesofafirewall.Otherwise,selectSensortoServer.
SensortoServerindicatesthatsensormachineswillinitiateconfigurationchannel
connectionstothisEMS.Thisistypicallythepreferredselection.
ClickNext.
8. InthesecondDragonCommunicationChannelConfigurationscreen,enterthefollowing
information,andclickNext.
SharedSecret:EntertheSharedSecretfortheencryptiontype.
EncryptionType:Choosetheencryptioncipher.Thedefault,AES,istherecommended
encryption.
9. InthePreInstallationSummaryscreen,verifythattheinstallationfolder,installationset
components,anddiskspacerequirementsinformationiscorrectbeforecontinuing.Ifthe
informationiscorrect,clickInstall.
TheInstallingDragonscreenappears.
10. Whentheinstallationiscomplete,thePostInstallationSummaryscreenappears.ClickDone.
TheinstallationoftheSensoriscomplete.
Note: The Sensor will not be fully active until the EMS deploys its policies and key.
Host Sensor Installation on Windows
Host Sensor Installation on Windows
YoucaninstallonlyaHostSensorontoaWindowsdeviceusingaseparateWindowsonly
installer.YouinstalltheHostSensorinEnterprisemode.Theenterpriseconfigurationallowsyou
torecordandvieweventsataremoteEMSServerand/orManagementClient.
IfyouareinstallinganEnterpriseHostSensor,youneedtheIPaddressoftheserverduringthis
installationprocess.AllinformationrequestedintheHostSensorinstallationmustexactlymatch
theinformationconfiguredintheHostSensorpolicy.Thesensorwillnotbefunctionaluntilithas
beendeployedfromtheEMSwithaHostSensorpolicy
ThefollowingoperatingsystemsaresupportedforthisHostSensoronlyinstallation:
XPProfessional
Windows2003(withlatestservicepacks)
Vista
ToinstalltheHostSensoronWindows:
1. LocatetheHostSensorInstallationfileonyourCD,orinthelocationtowhichitwas
downloaded(forupgrades).
2. ExecutethefileHostSensorSetup.exe.
Awizardisinvoked.
3. Followtheinstructionsinthewizardtocompletetheinstallation.
YouareaskedifyouwanttoinstallinEnterprisemode.
ForEnterprisemode,eventsareviewedusingtheEMSManagementGUIwhichcanbe
installedlocallyorremotely.TheeventsarestoredontheEMSserver.Youmustselect
whetherthehostmachineorremoteEMSserverinitiatescommunication.Eventsarenot
recordedlocallyinEnterprisemode.TheyareforwardedtotheEMSManagementServer.
Host Sensor Silent Mode Installation on Windows
Host Sensor Silent Mode Installation on Windows
ThissectiondescribeshowtoinstallaHostSensorusingtheWindowsinstallerprogramMsiexec
forasilent(noninteractive)installation.
ThefollowingoperatingsystemsaresupportedforthisHostSensoronlyinstallation:
XPProfessional
Windows2003(withlatestservicepacks)
Vista
RefertoTable 51forthecommandlinevariables(publicproperties)usedintheHostSensor
installation.
Table 5-1 Host Sensor Command Line Variables for Silent Installation
Variable Description
INSTALLDIR Optional. This variable specifies the installation directory. The default installation
directory is C:\Program File\enterasys\DragonSquire
OPERATIONMODE Optional. This variable specifies the operation mode for the Host Sensor:
standalone or enterprise.
The default is enterprise mode.
CONNTYPE Optional. This variable specifies in which direction, relative to the Host Sensor
system, the connection between the Host Sensor and the EMS starts. If the Host
Sensor starts the connection, this variable should set to outbound. Otherwise it
should be set to inbound.
The default setting is outbound.
LOCALIP Required. This variable specifies the Host Sensor IP address.
IPADDRESSEMS Required. This variable specifies the IP address of the EMS that will manage the
Host Sensor.
PORTNUM Optional. This variable specifies the IP port number that is the connection target.
When the connection between the Host Sensor and the EMS is initiated either by
the Host Sensor or the EMS, this is the IP port it contacts.
The default is 9111.
ENCRYPTION Optional. All the traffic going through the connection between the Host Sensor and
the EMS is encrypted. This variable specifies the encryption method.
Selections are AES and BLOWFISH.
The default is AES.
SHAREDSECRET Required. This variable specifies the shared secret used by the traffic encryption.
Starting the Server
ToinstalltheHostSensorinsilentmode:
1. LogonasanadministratortothesystemwheretheHostSensorwillbeinstalled.
2. Gotothesystemcommandprompt.
3. ChangetothedirectorywheretheDragonHostSensorinstallationpackageislocated.For
example,ifyourpackageisintheC:\tempfolder,typethefollowingcommandandpress
Enter.
cd C:\temp
4. Enterthedircommandatthecommandprompt,andpressEnter.
Youshouldseetheinstallationpackage,DragonHostSensorvXX.msiinthecurrentfolder,
whereXXisthelatestversionnumber.
5. Executethemsiexeccommand,usingthe/ioptionandspecifyingthenameoftheDragon
installationpackage.Enterthedesiredvariablesandtheirvalues.Thevaluesshouldbe
enclosedwithinquotes.
Thefollowingexampledoesnotuseanyoftheoptionalvariables.Therefore,thedefault
valuesareusedforthosevariables.Ifyoudontwanttousethedefaultvalues,includethose
variablesinyourcommand.The/qnoptionspecifiesthatnoUIshouldbedisplayed.
$ msiexec /i "DragonHostSensor-v73.msi" /qn LOCALIP=134.141.133.234
IPADDRESSEMS="134.141.133.223" SHAREDSECRET="dragon" QUIETINSTALL="yes"
6. Verifythattheinstallationwassuccessful.ClickStart>ControlPanel>AddorRemove
Programs.TheAddorRemoveProgramswindowshowscurrentlyinstalledprograms.You
willseeDragonHostSensorX.Xontheprogramlist.
Starting the Server
Aftertheserverisinstalled,itmustbestarted.Theservermustalsobestartedeachtimethe
machineisrebooted,unlessyouareonaDragonappliance.ADragonappliancerestartstheserver
uponreboot.
Tostarttheserver:
1. Atthecommandprompt,entercd /usr/dragon
2. Atthecommandprompt,enter./dragon-start.sh
Theserverisstarted.
Tostoptheserver:
1. Atthecommandprompt,entercd /usr/dragon
2. Atthecommandprompt,enter./dragon-stop.sh
Theserverisstopped.
Custom SSL Keystore Generation
Custom SSL Keystore Generation
ToensuresecurecommunicationbetweentheclientandtheEMS,EnterasysNetworks
recommendsgeneratingauniquecertificate,anddistributingittotheclientsandEMS.
TheclientandEMSusecertificatebasedencryption.AdefaultcertificateispartoftheEMSand
clientinstallation.ThecertificateensuresthatthecommunicationbetweentheEMSandclientsis
securebecausethedataisencrypted,butitalsomeansthatallcustomersgetthesamecertificate.
Intheory,anyonewhohasoneofthedefaultcertificatescoulddecryptthetrafficbetweenany
otherdefaultDragonEMS/clientcommunication.Usingthekeystoregenerationprocess,youcan
generateanew,uniquecertificate.Then,evenifsomeonewasabletolistentothetrafficonthe
network,theywouldbeunabletodecryptthattrafficwithoutacopyofthenewcertificate.
ThedefaultkeystoresthatshipwithDragonwerecreatedwiththejavakeytoolprogram.The
keystoreissimplyacontainerthatholdsoneormorecertificates.
ThefollowinginstructionsoutlinethecreationofacustomSSLkeystoreexample,usingthesame
javakeytool.
1. Locatethekeytool.Thekeytoolislocatedinthebindirectoryofanyrecentjavajdkorjre
installation.
2. Usingthekeytoolbinary,enterthefollowingcommand:
# keytool genkey keystore dragon.keystore alias dragon validity 365
Youarepromptedforapasswordtosetonthekeystore.Rememberthepasswordyouset,as
youwillneeditlater.Youwillbeaskedaseriesofoptionalquestions;yourname,group,
company,state,andcountry.Finally,youwillbeaskedthepasswordforthiskeyentry
(dragon).Makeitthesameasthepasswordyousetforthekeystore.Thisgeneratesanew
keystoredragon.keystorewithakeyentrynameddragonthatwillbevalidfor365days.
3. Addasecondkeyentrynamedrmi+ssl,byenteringthefollowingcommand:
#keytool genkey keystore dragon.keystore alias rmi+ssl validity 365
Youarepromptedwiththesamesetofquestionsyouwerefortheoriginaldragonkeyentry.
Setthekeyentrypasswordtothesamepasswordasthekeystore.
YoushouldnowhaveafullyfunctionalSSLkeystorenameddragon.keystore.Thisdirectly
replacestheexistingdragon.keystoreonyourEMSinstallationinthe
$DRAGON_HOME$/enterprisemanager/server/default/confdirectory.
4. YouneedtomodifytwotextfilesontheEMS,withthepasswordforthenewkeystore.Search
forkeystoreinbothfilestolocatewhereyouneedtosetthenewpassword(thepasswordfor
thekeystorethatshippedwithdragonbydefaultisdrag0n1).
a. enterprisemanager/server/default/conf/jbossservice.xml
b. enterprisemanager/server/default/deploy/jbosswebtomcat41.sar/METAINF/jboss
service.xml.
Creating and Modifying Tomcat Certificates
ThissectionprovidestheinformationtocreateandmodifyTomcatcertificatesfortheweb
browser.
Performthefollowingsteps:
1. Whenyoucreatethecommonname(firstandlastname)usingthekeytoolcommand,you
needtoentereithertheIPaddressorthehostnameofthesystem.
Example:
ThefollowingexampleusesdragonreporterastheDragonservershostname,and1.1.1.1
astheDragonserversIPaddress.
Usingkeytool,ifyouenterthenamedragonreportertoaccessthebrowser,thefollowing
URLworks(assumingthatdragonreporterisresolvedin/etc/hosts):
https://dragonreporter/dragon
ThefollowingURLwillNOTwork:https://1.1.1.1:9443/dragon
Ifyoudecidetousethehostname,ratherthantheIPaddress,ensurethatthebrowsercan
resolvethehostname,eitherbymeansofDNSorthehostsfile(onWindows:
~Windows/system32/drivers/etc/hosts)
2. CompletetheinstructionsinCustomSSLKeystoreGenerationonpage 534,including
modifyingthetwofiles,andcopyingthedragon.keystorefiletoallDragonsystems,including
machinesrunningtheEMSclient.
Ifthedragon.keystorefileisnotcopiedtotheEMSclientmachine,theEMSclientwillnotbe
abletoconnecttotheEMSserver.
3. RestartDragononthesystemswhereyoucopiedthedragon.keystorefiles.
4. Launchthebrowser,andentertheURLoftheDragonsystem(usingeithertheIPaddressor
thehostname,dependingonwhatyouenteredforthenameusingthekeytoolcommand).
5. InthePopUpCertificatewindow,clickInstall,andinstallthecertificateforthatbrowser.
6. Shutdownthebrowser,andthenrestartthebrowser.
7. EntertheURLoftheDragonsystemagain.
YoushouldnotseeaPopupCertificationwindow.
Note: You must use what you entered as the common name (IP address or hostname) in the URL
when using the browser. Otherwise, the certificate will not match.
Exporting the Public Key from the Keystore
ThissectionassumesthatyoualreadygeneratedtheEMSskeys.
1. Exportthecertificate(publickey)toafile:
# keytool -export -keystore /PATH/TO/KEYSTORE -alias rmi+ssl -file ./rmi.cert
2. Ensurethattheexportedcertificatematchesupwiththepublickeythatwasinitially
generatedbythekeytool:
# keytool -list -keystore /PATH/TO/KEYSTORE -alias rmi+ssl
# keytool -printcert -file ./rmi.cert -alias rmi+ssl
Ifthemd5checksumsonthetwopublickeysmatch,youshouldhaveavalidcertificate.
3. Importthecertificateintoanewkeystore:
# keytool -import -alias rmi+ssl -file /PATH/TO/PUBLIC/KEYSTORE -alias
rmi+ssl -file /PATH/TO/rmi.cert
4. Toviewthecontentsofthenewkeystore:
# keytool -list -keystore /PATH/TO/PUBLIC/KEYSTORE
Themd5checksumofthecertificateinthepublickeystoreshouldmatchupwiththe
checksumsfortheexportedcertificate,andtheoriginalpublickeyintheEMSsnewkeystore.
Iftheprocedurewassuccessful,thermi+sslcertificateisnowinthepublickeystore.
5. Repeattheabovestepsforthedragonkey(replacethermi+sslaliaswithdragon)togetavalid
keystorewithonlypublickeycertificates.
6. Copythepublickeystoretoallclientinstallations.
Ports Used by Dragon
ThefollowingtableliststheportsusedbyDragon:
ForinformationaboutchangingtheportsusedbytheDragonEMSserverandclient,referto
AppendixB,ChangingDragonPortNumbers,intheDragonIntrusionDefenseSystem
ConfigurationGuide.
Port Type Mode
1098 TCP Listen jboss:service=Naming
1099 TCP Listen jboss:service=Naming (RMI port)
1162 UDP Listen jboss.jmx:name=SnmpAgent?,service=trapd,type=logger
4445 TCP Listen jboss:service=invoker,type=pooled
5555 TCP Listen jboss:service=invoker,type=jrmp
5559 TCP Listen jboss:service=invoker,type=jrmp,socketType=SSL
8009 TCP Listen jboss.web:service=WebServer?
8083 TCP Listen jboss:service=WebService
8093 TCP Established jboss.mq:service=InvocationLayer?,type=UIL2, local
9111 TCP Dragon EMS/Sensor configuration channel
9112 TCP Dragon Event Channel
9117 TCP Established Mysql connection. Local access only, the bind address
specification in my.cnf will not allow any external connections to the
database.
9443 TCP Listen SSL with Tomcat
32952 UDP Listen client-port on Red Hat Linux 9.0, Fedora Core 1, Red Hat
Enterprise 3. Outgoing client connections from systems. This is the first
port used by the operating system for outbound connections, and will
make connections from port 32768 and higher.
Dragon Intrusion Defense System Installation Guide A-1
A
Upgrading the Kernel on the Appliance
ThisappendixprovidestheinstructionstoupgradetheLinuxkernelonyourappliance.

Afteryouupgradetothelatestsupportedkernel,youmustcompletetheDragoninstallationthat
upgradesyourversionofDragontomatchthesupportedkernel.
PerformthefollowingstepstoviewthecurrentversionoftheLinuxKernelonyourappliance:
1. LogintoDragonasroot.
2. Enterthefollowingcommand:
uname -a
Thefollowingexampleshowsanoutputofthiscommand:
uname -a
Linux old-appliance 2.6.10 #3 SMP Thur Feb 3 03:43:43 EST 2005 i686
unknown unknown unknown GNU/Linux
ToupgradeyourLinuxKernel:
1. Gotohttps://dragon.enterasys.com.
2. Logintothesite,gototheDownloadspage,thenselecttheDragonSoftwarelinkandthe
desiredsoftwareversion.
3. ClickonApplianceImagelink.
4. DownloadthedesiredISOimage.Notethatthev7.3ISOimageisNOTsupportedonlegacy
appliances.
5. BurntheimageontoaCD.
6. InserttheCDintotheapplianceCDROMdrive.
7. EnterthefollowingcommandstomounttheCD:
mount -t auto /dev/hdc /mnt/cdrom
cd /mnt/cdrom
8. Enterthefollowingcommandtostarttheupgrade:
./upgrade.sh
Theupgrademaytakeseveralminutes.
Notes: The v7.3 appliance image (ISO image) is not supported on Legacy appliances. You can,
however, install the v7.3 software on Legacy appliances running the latest v7.2.3 appliance image.
For all other versions earlier than v7.3, please read the release notes for the Dragon Intrusion
Defense System version that you are upgrading to before you upgrade the Linux kernel. If the
release is only a software release, then refer to Upgrading Dragon Software on page 5-6 to
upgrade the software only.
A-2 Upgrading the Kernel on the Appliance
9. Enterthefollowingcommandstounmount,andthenejecttheCD:
cd /
umount /mnt/cdrom/
eject
10. Enterthefollowingcommandtoreboottheappliance:
reboot
Dragon Intrusion Defense System Installation Guide B-1
B
Hard Drive Installation
Thisappendixprovidestheinstructionstoaddaharddrivetotheappliance.
Performthefollowingsteps:
1. Turnoffthepowertotheappliance.
2. Attachanelectricalstaticdischarge(ESD)wriststrap.
3. Addtheadditionaldrivetothesystem,followingthemanufacturersinstructions.
4. Reboottheappliance.
5. SSHtotheappliance,andloginasroot.
6. EnterthefollowingcommandtostopDragon.
~dragon/dragon-stop.sh
7. Usethedmesgcommandtoverifythatthenewdrivehasbeendetected,asshowninthe
followingexample:
dmesg |grep scsi
scsi0 : Adaptec AIC7XXX EISA/VLB/PCI SCSI HBA DRIVER, Rev 6.2.4
scsi1 : Adaptec AIC7XXX EISA/VLB/PCI SCSI HBA DRIVER, Rev 6.2.4
(scsi1:A:0): 160.000MB/s transfers (80.000MHz DT, offset 63, 16bit)
(scsi1:A:1): 160.000MB/s transfers (80.000MHz DT, offset 31, 16bit)
scsi1:A:0:0: Tagged Queuing enabled. Depth 253
scsi1:A:1:0: Tagged Queuing enabled. Depth 253
Attached scsi disk sda at scsi1, channel 0, id 0, lun 0
*Attached scsi disk sdb at scsi1, channel 0, id 1, lun 0*
8. Configurethedrive:
a. Enterthefollowingcommand:
run: fdisk /dev/sdb
Youwillbeaskedcylinderquestions:
Ifyouareusingthewholedriveasasinglepartition,start=1andendisthemaximum
size.
Ifyouwanttopartitionthedrive,youwillneedtocomputethestart/stopcylinders,
andensuretheydonotoverlap.
Caution: An antistatic wrist strap is required to perform the following procedures. Refer to the
Safety Warnings and Cautions for the specific appliance in this document.
B-2 Hard Drive Installation
b. Enterthefollowingcommand:
run: mke2fs -j -c /dev/sdb
c. Enterthefollowingcommandtomounttheharddrivemanually(toensurethatthehard
driveworks):
mount /dev/sdb /mnt
d. Ifthemountworked,enterthefollowingcommandtounmountit:
umount /mnt
e. Createthemountpointforthedrive.Forexample,enterthefollowingcommandtocreate
amountpointnamed/usr2inwhichthenewharddrivewillreside:
mkdir /usr2
f. Modify/etc/fstabtoensuredriveismountedatreboot.Forexample,usingthenewhard
drivewithamountpointof/usr2,the/etc/fstabwouldlooklikethefollowing:
/dev/sdb /usr2 ext3 defaults 1 2
9. Totestthenewmountpoint,enterthefollowingcommand:
mount -a
Theabovecommandattemptstomounteverythinginthe/etc/fstabthatisnotalready
mounted.Ifthetestissuccessful,thenthemountiscomplete.
10. Reboottheappliance.
Note: Depending on the drive being installed, this may take several hours.
Dragon Intrusion Defense System Installation Guide C-1
C
Additional Upgrade Information
Thisappendixcontainsthefollowingupgradeinformation.
Upgrading from V6.x to V7.x
Pre-Upgrade Information
ToupgradefromDragonV6.xtoV7.x,youmustfollowtheproceduresinthefollowingorderto
ensureasuccessfulresult:
1. SetupaDragonV7.xserver.TosetupaseparateDragonV7.xserver,followtheinstallation
instructionsinEnterpriseManagerandReportingInstallationonpage 516,andthenrefer
totheconfigurationinformationintheConfigurationGuide.
2. CopytheDragonV6.xpolicyinformationtotheDragonV7.xserver,andruntheconversion
utilitytocreateaDragonV7.xconfigurationasdescribedinthefollowingupgradeprocedure.
3. MigratethesensorstoV7.x,asdescribedbelow.
V6.x to V7.x Upgrade Procedure
ThefollowingprocedureassumesthattheexistingDragonV6.xserversystemcontainsallofthe
DragonV6.xpolicyinformation(dragon.net,dragon.sigs,*.lib,*.pollib,and*.policyfilesforNIDS
andHIDS),thattheDragonV7.xserverisinstalledonadifferentsystem,andbothofthesystems
areeitheraLinuxorSolarissystem.
Thefollowingupgradeprocedureusesdragon6asthehostnamefortheDragonV6.xsystem,
dragon7asthehostnamefortheDragonV7.xsystem,and/usr/dragonasthedirectorypath
whereDragonisinstalled.Substitutethenamesusedwithyouractualnames.
Converting the V6.x Files to V7.x Format
1. CopytheDragon6configurationtotheDragon7server:
# ssh -l root dragon6
# cd /usr/dragon
# tar cvf dragon6_policies.tar policymgr
Upgrading from V6.x to V7.x C-1
Binary Upgrade from V7.2.1 C-5
C-2 Additional Upgrade Information
# gzip dragon6_policies.tar
# scp dragon6_policies.tar.gz dragon7:/usr/dragon
2. ExtracttheDragon6policiesontheDragon7server:
# ssh -l root dragon7
# cd /usr/dragon
# mkdir dragon6
# mv dragon6_policies.tar.gz dragon6
# cd dragon6
# tar zxvf dragon6_policies.tar.gz
3. Convertthepolicies:
# cd ../tools/DragonPolicyConvert/
# ./dragon_policy_convert.pl -v --dragon6-dir
/usr/dragon/dragon6/policymgr
XMLfilesarecreatedineachoftherespectivedirectoriessuchas
/usr/dragon/dragon6/policymgr/distribute/<sensorname>/current/conf.
IfyouwanttoseealloftheXMLfiles,run:
# find /usr/dragon/dragon6/policymgr -name '*.xml'
4. Copyeachoftheconvertedfilesinto/usr/dragon/importFiles.
5. Importtheconvertedfilesintothedatabase.
a. StarttheV7.xEMSclient.
b. SelectTools>ImportWizardfromthemenubar.
TheImportWizardwindowappears.
c. SelectthetypeoffiletoimportandclickNext.
Youcanimportexistingsignaturesorpolicies.Allimportedfilesmustresidein
/usr/dragon/importFiles.
d. Entertheinformationbasedontheimporttypeselected.
Forsignatures,assignanewnameandselecttheXMLfiletoimport.
Forpolicies,assignanewnameandselectwhetherthepolicyisforaHostorNetwork
Sensor.Dependingonthatcriteria,youcanselecttheXMLfiletoimportandpossibly
theOStowhichthepolicyapplies.
e. ClickFinishwheninformationentryiscomplete.
Migrating the Sensors
Therearetwooptionsavailable.Selectfromoneofthefollowing:
Migrateallsensorsatonce.Thisoptionappliestosmalldeployments,withafewsensors.
RunduplicateEMS,EFPs,andNetworkSensors.Thisoptionisrecommendedforcritical
environmentswithlargedeployments,andhighvolumesoftraffic.
Tomigrateallsensorsatthesametime:
1. Enterthefollowingcommandstosavethedragon.dbfilesonyourReportingServer(orEMS):
# tar cvf dragon6db.tar DB
# gzip dragon6db.tar
# scp dragon6db.tar.gz /path-to-another-system/
2. UpgradetheV6.xEMStoV7.x.RefertoUpgradingDragonSoftwareonpage 56.
TheV6.xsensorswillnotbeabletocommunicatewiththeEMSaftertheupgrade.
3. IfyourReportingServerisadifferentmachinefromyourEMS,upgradeyourV6.xReporting
Server(EFP)toV7.x.RefertoUpgradingDragonSoftwareonpage 56.
4. AftertheReportingServer(orEMS)isconverted,copythedragon6db.tarfiletothenew
DragonReportingServerandextractit.
# cd /usr/dragon
# cp ~/dragon6db.tar.gz .
# gunzip dragon6db.tar.gz
# tar xvf dragon6db.tar
5. ConverteachV6.xsensortoV7.x.RefertoUpgradingDragonSoftwareonpage 56.
6. AddtheconvertedsensorstotheV7.xEMS.
ThefollowingstepsareusedtomigrateusingduplicateEMS,EFPs,andNetworkSensors.
Toperformtheupgradeinthismanner,youwillneedadditionalhoststhatcanbeusedduringthe
migration.YouwillneedonemachinetorunyourV7.xEMSandonenewsensormachine.You
mayneedtoreplaceseveralsensorhoststomeetthenewminimumsystemrequirementsforV7.x.
Additionally,ifyouhaveEFPsorReportingnodesonseparatehosts,youwillneedanextra
machinefortheEFPmigration.
Atahighlevel,themigrationsequenceis:
1. InstallaV7.xEMSonaseparatemachine,leavingtheV6.xEMSrunning.
2. Migratethesensors,oneatatime,fromtheV6.xEMStotheV7.xEMS.Todothis:
a. InstalltheV7.xsensorimageontheextrahost.
b. CopytheconfigurationfromaV6.xsensortotheV7.xsensorontheextrahost.
c. AddtheV7.xsensortotheV7.xEMSandtestuntilyouaresatisfiedthatallthecorrect
eventsarebeingsenttotheV7.xEMS.
d. OnceyouarecertainthatthemigratedV7.xsensorisoperatingcorrectly,shutdownthe
V6.xsensor,andusethatmachineasthenewV7.xsensorhosttomigratethenextV6.x
sensor.
3. IfyouhaveintermediateEFPs,migratetheEFPstoV7.xbeforemigratingthesensors.An
additionalhostisneededtomigratetheEFPsinamannersimilartomigratingthesensors.
a. InstalltheV7.xEFPonthenewhost,andconfigureittoreporteventstotheV7.xEMSor
toplevelReportingnode.
b. OncetheV7.xEFPisconfigured,migratetheV6.xsensorsthatarereportingeventstothe
V6.xEFPthatisbeingreplaced.Atthepointwhennomoresensorsarereportingtothe
oldV6.xEFP,youcanusethathostastheV7.xEFPasyoumigratethenextEFP.
TorunduplicateEMS,EFPs,andNetworkSensors:
1. Enterthefollowingcommandstosavethedragon.dbfiles:
# tar cvf dragon6db.tar DB
# gzip dragon6db.tar
# scp dragon6db.tar.gz /path-to-another-system/
2. SetupaduplicateEMSrunningV7.xsoftware.RefertoEnterpriseManagerandReporting
Installationonpage 516.
3. AddanewV7.xEFP(EFP1)andsensor(NIDS1).Theyshouldbeconfiguredidenticallytothe
firstV6.xEFPandNIDStobemigratedtoV7.x.
4. AfterEFP1isconverted,copyandextractthedragon6db.tar.gztoit.
# cd /usr/dragon
# cp ~/dragon6db.tar.gz .
# gunzip dragon6db.tar.gz
# tar xvf dragon6db.tar
5. ConfiguretheEMStomanagetheEFP1andNIDS1.
6. PlacethenewEFP1intothenetworkinplaceoftheV6.xEFP.
7. PlaceNIDS1intothenetworkinplaceofthefirstV6.xNIDS.ThefirstV6.xNIDSisnowfree
tobeconfiguredasthenextV7.xsensor,andsoon.
8. IfyouhavemultipleEFPstoupgrade,youmaydothemoneatatimebyaddingtheV7.xEFPtothe
networktoreplaceoneV6.xEFPandmigratingalltheV6.xsensorsreportingtothatEFP.Onceno
sensorsarereportingtotheV6.xEFP,youcaninstalltheV7.xEFPsoftwareonthathostanduseitto
migratethenextEFP.
9. ContinuetomigratealltheEFPsandsensorsuntilyouhaveoneremainingunitofeach.
ConfiguretheremainingunitsastheoriginalEMS,EFP1andNIDS1.Thisfreesuptheinitial
unitstogobacktotheiroriginaluse.
10. ToupgradeaHostSensor,stopthesensoronthehostmachine.UpgradefromV6.xby
installingtheV7.xsoftwaredirectly.UsetheEMStosenddowntheupgradedpolicy,andthen
startHostSensor.IfyouencounterafilesinusewarningonaWindowsmachine,youmay
needtorebootthehostmachine.However,ingeneral,thisshouldnotbenecessary.
Note: V7.x system requirements may dictate that you need to replace more than one EFP with new
hardware.
Binary Upgrade from V7.2.1
TheprocedureforperformingbinaryupgradestoremotesensorsrunningV7.2.2orlateris
describedinUsingBinaryUpgradeonpage 510.IfyouhavenodesrunningV7.2.1andwantto
usetheBinaryUpgradefeature,theupgradeprocessisatwostepprocess.
Thefirstupgradeistoversion7.2.1.1,andisnecessarytocorrectsomeknownissuesinthe
upgradefeatureofthedeployed7.2.1software.Thesecondupgradeupgradesyourmachineto
thelatestversion.Thistwostageprocessrequirestwoupgradebundlesforeachplatform,
availablefromtheDragonsupportwebsite.
ThecontrollingEMSmustbeupgradedtoV7.2.2orlaterbeforestartingthisprocedure.
Platform-Specific Pre-Upgrade Information
Upgrading to 7.2.1.1
The7.2.1.1upgradewillfailandrollbackifanysensorsoragentsdonotrestartafterthe
upgradeprocessfinishes.Priortotheupgrade,ifanyofyoursensorsoragentsarestopped(a
redicondisplays),deliberatelyorotherwise,theyshouldberemovedfromtheirassociated
nodesintheEMSclient.Aftertheupgradeprocesscompletes,theycanbereadded,andthe
samepolicyreassociated.
Duringthe7.2.1.1upgrade,donotissueanydeploys,starts,stopsorshutdownstothetarget
sensorwiththeEMSclient.
IftheEMSclientreportsthe7.2.1.1upgradefails,pleasealsoconsulttheEnterprisepanelin
theEMSclient.Ifthepanelreportsyourtargetsensorsversionis7.2.1.1,andtheiconsremain
green,theupgradesucceeded.
AIX Upgrades
OneachAIXmachinetobeupgraded,youmustremovethefile/usr/dragon/lib/libiconv.a
manually,beforetheupgradeprocessbegins.Thisfileconflictswiththelibraryjavarequiresfora
7.2.1.1upgrade,resultinginthejavaprocessfailingtostart,andthe7.2.1.1upgradefailing.This
canbescriptedwithacommandsuchasthefollowing:
# for i in aixsensor1 aixsensor2 aixsensor3 ; do ssh $i "rm -f
/usr/dragon/lib/libiconv.a" ; done
Linux Upgrades
Thereisaknownissueupgradingto7.2.1.1onUbuntu,whichmayaffectotherLinuxplatforms.
Thesymptomisthatthejavaprocessdoesnotstart,meaningnoupgrade.logisproduced.Ifyou
experiencethisproblem,pleasecontactEnterasysSupport.
Microsoft Windows Upgrades
MicrosoftWindowsmachinesmustberunningatWindowsInstaller(MSI)3.0orlatertoupgrade
tothe7.2.2orlaterversionofDragon.IfthebinaryupgradedeterminesthattheWindowsInstaller
versiononthehostmachineistoolow,thebinaryupgradewillnotattempttoupgradetothe
latestversionandanerrormessagewillbeloggedinthenetcfgclient.logfile.Thehostmachine
caneitherbemanuallyupgradedtothelatestversion(afterthe7.2.1.1upgrade),oranewer
versionofWindowsInstallercanbeinstalled.
Monitoring a 7.2.1.1 Upgrade
Thenetcfgclientprocess(configchannelmiddleware)runningonthesensormachinecontrols
theupgradefromtheclientside.Thenetcfgclientlogfilewillrevealthereceiptofanupgrade
commandfromtheserver,andthensoonafterwards,thefilelogs/upgrade.logwillshowthe
process.netcfgclientstartsajavaprocess(bundledwithDragon),andtheupgradeisdrivenby
anXMLdescriptionfileprocessedbyant.Iftheupgradeproceedsnormally,netcfgclientwill
stopatacertainpoint,andthenberestarted(toallowforupgradingofnetcfgclientitself);soa
shortdropinconnectivityistobeexpected.netcfgclientslogfilewillrevealthedetailsofany
rollback.Itisimportanttonotethatfor7.2.1,netcfgclientwillconsidertheupgradetohavefailed
ifanysensorsoragentsdonotstartaftertheprocedurecompletes.Inthiscase,arollbackwillbe
initiated.Priortotheupgrade,ifanyofyoursensorsaredown,deliberatelyorotherwise(redicon
intheEMSclient),youshouldremovethesensorfromyournodepriortoupgrading.Afterthe
upgradecompletes,youcanreaddthesensor,andreassociatethesamepolicy.Thisstepisonly
necessaryfortheupgradeto7.2.1.1.
Upgrading from the EMS Client
Thebinaryupgradeinstallationprocedureconsistsoftwoparts:
1. Installingthe7.2.1.1distributedbinaryfile.
2. Installingthelatestdistributedbinaryfile(V7.2.2orlater).
Youmustfollowtheinstructionsintheorderthattheyarepresented.
ToperformtheupgradefromV7.2.1.0tothelatestDragonversion,followthesesteps:
1. Ensurethatyouhavereadandfollowedtheinstructions,inPreUpgradeInformationon
page C1beforeyoustartthebinaryupgrade.
2. Downloadthe7.2.2upgradepackagearchivefromtheDragonwebsite.Thenameofthe
packageis:UpgradePackages7.2.2128.tar.gz.
3. Downloadtheupgradepackagearchiveforthelatestversion(laterthan7.2.2)fromthe
Dragonwebsite.Forexample,thenameoftheV7.2.3upgradepackageis:UpgradePackages
7.2.3208.tar.gz.
4. LogintoyourEMSserver.
5. Copytheupgradepackagestoatemporarylocation.Forexample:
# cp UpgradePackages-7.2.2-128.tar.gz /tmp
# cp UpgradePackages-7.2.3-208.tar.gz /tmp
6. Extractthepackages.Forexample:
# tar xvfz UpgradePackages-7.2.2-128.tar.gz
# tar xvfz UpgradePackages-7.2.3-208.tar.gz
Note: To upgrade from 7.2.1.0 to 7.2.1.1, any node selected must have all sensors and agents
defined as active. If a sensor, or agent, is inactive at the time of the upgrade, the version will revert
back to the original version.
7. Ifyouputthepackageina/tmpdirectory,thebinaryfileswillbeextractedto
/tmp/policymgr/binaries.YounowhavetomovethemtotheDragoninstallationlocation.
# cd /usr/dragon/policymgr
# mv /tmp/policymgr/binaries /usr/dragon/policymgr
The/usr/dragon/policymgr/binariesdirectorynowcontainsdirectoriesforeachsupported
OS,whichinturncontainthe.shscriptstoperformthebinaryupgradeprocedurethroughthe
EMSclient.
8. Ifyouuntarredasthesuperuser,correctpermissionsonthefiles.
# cd /usr/dragon/install
# ./fixperms.pl
9. LaunchtheEMSclient.
10. SelectTools>BinaryUpgrade>BinaryUpgradeManagerfromthemenubartoaccessthe
BinaryUpgradeManagerscreen.
11. IntheBinaryUpgradeManagerscreen,selecttheoperatingsystemfromthePlatformdrop
downmenu.YoumustselectanoperatingsystemdonotleavethedefaultoptionofAllin
thePlatformfield.
AllnodesusingtheoperatingsystemyouselectedarenowlistedintheDeviceNodestable.
12. Selectthenode,ornodes,listedunderNodeNameinthetable,toupgrade.
Thenumberofsimultaneousrequestsissettofive,ofthesameplatform,atthesametime.
EnterasysNetworksdoesnotrecommendupgradingmorethanafewatatime.
13. Selectthe7.2.1.1binaryupgradepackageversionnumberfromtheVersiondropdownmenu
toupgradeto.YouMUSTupgradeto7.2.1.1first,beforeupgradingtoalaterversion.
15. TheStatusWindowdisplays.ClickontheViewIncompletebuttontodisplayonlythenodes
thatarecurrentlybeingupgraded.
16. Toviewtheupgradeprogress,clickontheViewLogbuttontoopentheLogViewer.TheLog
Viewercanalsobeusedtodetermineifthereisaproblemwiththeupgrade.
Whentheupgradeiscomplete,thesensorbecomesactiveagain,andthenewversionislisted
intheBinaryUpgradeStatusWindow.
17. Whenthenodebecomesactiveagain,andtheversiondisplayedintheBinaryUpgradeStatus
Windowis7.2.1.1,proceedtoStep 18.
18. ClosetheBinaryUpgradeStatuswindow,andifopen,closetheLogViewerwindow.Youare
nowreadytoupgradefrom7.2.1.1tothelatestversion.
Note: To understand the naming convention used for the upgrade package files, refer to Binary
Upgrade Package Naming Convention Rules on page 5-15.
Notes:
The node becomes inactive during upgrade. Depending on your bandwidth, environment
settings, and the package size, the node may be inactive for several minutes.
If there is an error during the upgrade, the version number reverts back to the original version.
You can review the upgrade process in the Log Viewer.
19. IntheBinaryUpgradeManagerwindow,selectthesamenode,ornodes,listedunderNode
Nameinthetableagain.
20. Ensurethatthesameoperatingsystem(selectedinthe7.2.1.0to7.2.1.1upgrade)isselected
fromthePlatformdropdownmenu.
21. SelectthelatestbinaryupgradepackageversionnumberfromtheVersiondropdownmenu
toupgradeto.Forexample,ifyouareupgradingtoV7.2.3,select7.2.3.0fromthedropdown
menu.
23. UsetheStatusWindowandLogViewertocheckontheprogressoftheupgrade.
Whentheupgradeiscomplete,thesensorbecomesactiveagainandthenewversionislistedin
theBinaryUpgradeStatusWindow.Youwillseethatthenodeswereupgradedtwice,from7.2.1.0
to7.2.1.1andfrom7.2.1.1tothelatestversion.
RepeatthisprocessforeachoperatingsysteminyourDragonenvironment.
Running Binary Upgrade from the Command Line
Youcanalsorunthebinaryupgradefromthecommandlineontheuserinterface.Forexample,if
yoursensormachineiscalledmysensorandrunsLinux,thecommandwouldbe:
# cd /usr/dragon/bin
# ./dpmmwctl --host-control --host-name=mysensor --action=upgrade --upgrade-
file=/usr/dragon/bin/policymgr/binaries/Linux/LinuxBinaryUpgradev7.2.1.1.sh -W
180 -w -V
# ./dpmmwctl --host-control --host-name=mysensor --action=upgrade --upgrade-
file=/usr/dragon/bin/policymgr/binaries/Linux/LinuxBinaryUpgradev7.2.2.0.sh -W
180 -w -V
Itisimportanttonotethatifanupgradeisstartedfromthecommandlineratherthantheuser
interface,itwillnotbeloggedinthedatabase,nortrackablefromtheBinaryUpgradeStatus
Manager.
Dragon Intrusion Defense System Installation Guide D-1
D
Ethernet Port Map Restoration
ThisappendixdescribeshowtomaintaintheEthernetportmappingsonDragonapplianceswhen
upgradingfrom6.3.3toa7.x.yversion.
Problem Description
TheDragonIDS/IPSupgradefrom6.3.3toa7.x.yversionoccursonmostDragonappliances
withoutissues.Theupgradeitselfisamajorupgradeandthisiswellknownintheuser
community.
Dragon6.3.3runsonaSlackwareLinux2.4.31kernelwhereas7.x.yversionswereupgradedtorun
onaSlackwareLinux2.6.14kernel.
IncertainGE500appliances,theupgradecausesaproblemwheretheoperatorlosesmanagement
connectivitytotheappliance.Thisproblemisattributedtodifferentbehaviorexhibitedbythe
EthernetdriversinthetwoversionsofLinuxkernels.The2.4kernelbaseddrivernamesthe
motherboardEthernetportsaseth0,eth1,andsoon,andthenseekstoidentifyandnamethe
PCMCIAports.InsomeappliancesrunningDragon7.x.y(ontopofkernel2.6),theEthernetports
arenamedbasedonafirstdiscoveredfirstnamedbasis.
Anappliancethatisupgradedfrom6.3.3to7.x.ymayfindthatitsmanagementport,whichwas
eth0forexample,inDragon6.3.3withthe2.4kernel,hasbeenrenamedandthuswillnotbeeth0.
Thisrenderstheapplianceunreachableandcanbeasourceofconsiderablefrustrationwhenthe
upgradeisdoneremotely.ThisproblemisdocumentedintheDragonSupportKnowledgeBase.
Toalleviatethisproblem,aspecial7.2.2versionhasbeenmadeavailable.Usingthisinterim
versionandfollowingafewsteps,theupgradecanbedonewithoutlossofconnectivity.After
upgradingto7.2.2andremappingtheEthernetportsfollowingthestepsinthisdocument,you
canupgradetothelatestDragonversion.
Solution
Toresolvethisissue,ascripthasbeenincludedaspartoftheDragonupgrade.sh.Withthehelpof
thisscript,theportmaplearnedwhenthesystemranona2.4kernelisrestoredwhenthesystem
runsthe2.6kernel.
Preparation in 6.3.3
1. Makesureyour6.3.3versionisrunningproperly.
2. Itisrecommendedthatyoucreateabackup.
3. Makesureallportsintheappliancearevisibletothe/sbin/ifconfigcommand.
Thisstepisveryimportant.IfthereareEthernetportsonthesystemthatdonotshowup
usinganifconfigcommand,thentheremaybeproblemsinrestoringtheportmapwhenthe
Solution
D-2 Ethernet Port Map Restoration
systemisupgradedtoDragon7.2.2.Thescriptwillalsomakesureallportsareuppriorto
savingtheconfigurationwhilein2.4kernelexecutionspace.
4. Downloadthetarfilenamedportremap.tar.gzfromtheDragonsupportsitetoaknown
locationonyourappliance.Forexample,in/var/tmp.
Thetarfilecandownloadedfrom:
https://dragon.enterasys.com/downloads/portremap.tar.gz
portremap.tar.gzisatarfilethatcontainsDragon7.2.2alongwithamodifiedupgrade.sh
script.Italsoincludesascriptfileusedbyupgrade.shnamedportmapReverse1.pl.
5. Becomerootandexecutethefollowingcommandstountarinto/opt/dragon6to7/:
cd /opt
tar -xzvf /var/tmp/portremap.tar.gz (or any path where portremap.tar.gz was
stored)
6. Performtheupgrade:
cd dragon6to7
./upgrade.sh
7. Verifythattheupgradeworkedcorrectly.
a. Executethefollowingcommand:
ls /var/portremap/
andverifythatthefollowingfourfilesareinthedirectory:
iftab_2_4
ifconfig_2_4
ifroute_2_4
defroute_2_4
b. Executethefollowingcommand:
cat/var/portremap/iftab_2_4
andverifythatyouseeallyourethportsandtheirmacaddresses.
c. Lookin/var/log/portremap2_4to2_6.log.
d. Verifythat/etc/rc.d/portmapReverse1.plexists.
e. Verifythatthe/opt/portmapcfg_2_4/directoryispresentandthat/opt/portmapcfg_2_4/
portmapcfg_2_4.tar.gzexists.
/opt/portmapcfg_2_4//portmapcfg_2_4.tar.gzisatarofallfilesin/var/portremap/*_2_4.
Thiswillserveasalocalarchive.Youmaywanttosavethisfileexternally.
8. Reboottheapplianceandtrytoconnecttoitafterabrieftime.
7.2.2 Install
Aftertherebootoftheapplianceissuccessfulandyouareabletologin,dothefollowing:
1. Tarup/usr/dragonwhichmayhavethe6.3.3installationandsaveitinaknownlocation,
preferablyremotefromtheappliance.
2. Remove/usr/dragonwhichmaycontainthe6.3.3installation:
rm -rf /usr/dragon
Solution
Dragon Intrusion Defense System Installation Guide D-3
3. Install7.2.2:
cd /opt
tar -xvzf /opt/dragon6to7/install/DRAGON/EmsServer_Linux_VM.tar.gz
cd EMS/Disk1/InsData/VM/
4. FollowtheinstructionsforinstallingDragonfoundinChapter 5,DragonSoftware
Installation.
Maintaining the 6.3.3 Port Map
Theportmaplearnedandwrittenintothe/var/portremapdirectoryisessentialforproperport
namerestorationwheneverDragonrebootsin7.2.2.Thusitisessentialthatyoucopythe
followingfilestoanexternallocationasabackup:
/var/portremap/iftab_2_4
/var/portremap/ifconfig_2_4
/var/portremap/ifroute_2_4
/var/portremap/defroute_2_4
/etc/rc.d/portmapReverse-1.pl
Alternatively,youcansimplycopythe/opt/portmapcfg_2_4/portmapcfg_2_4.tar.gztoanexternal
location,since/opt/portmapcfg_2_4/portmapcfg_2_4.tar.gzisatarofthefilesabove.
Solution
D-4 Ethernet Port Map Restoration
Dragon Intrusion Defense System Installation Guide E-1
E
LDAP and RADIUS Authentication Requirements
ThisappendixdescribestheconfigurationrequirementsforusingRADIUSorLDAPfor
authorizationandauthenticationofDragonusers.
Dragon Roles
Table E1liststhenamesoftheDragonuserrolesthatmustbedefinedforbothRADIUSand
LDAPauthentication.
Table E-1 Dragon User Roles
Dragon Role Description
DragonSuperAdmin Complete access to all management GUI and reporting tasks
including:
Deploy configuration
Change configuration/commit
View configuration
View topology
Reporting GUI
Configure Users
DragonAdmin Broad access to all management GUI tasks including:
Change configuration/commit
View configuration
View topology
This user cannot access the Reporting GUI or configure users.
DragonDeployAdmin Access to some management GUI tasks including:
View configuration
View topology
This user cannot access the Reporting GUI, configure users, or
change configuration.
RADIUS Requirements
E-2 LDAP and RADIUS Authentication Requirements
RADIUS Requirements
User Requirements
OntheRADIUSserver,theRemoteAccessPolicyusedbyeachDragonusershouldbeconfigured
withaFilterIDattributeforeachDragonroleassignedtothatuser.
ThevalueoftheFilterIDattributemustbeoftheform:
role:DRAGON_ROLE
whereDRAGON_ROLEisoneoftheroleslistedinTable E1.
TheDRAGON_ROLEattributevalueiscasesensitive.
Theremustbeaseparateattributeentryforeachroleassignedtoagivenuser.
EachuserMUSTbegiventheDragonViewAdminrole.
YoudonotneedtoconfigureauserforeverypossibleDragonrole.
DragonCommitAdmin Access to some management GUI tasks including:
Change/Commit configuration
View configuration
View topology
This user cannot access the Reporting GUI, configure users, or deploy
configuration.
DragonViewConfigAdmin Access to some management GUI tasks including:
View configuration
View topology
This user cannot access the Reporting GUI, configure users, commit,
or deploy configuration.
DragonViewAdmin Access to some management GUI tasks including:
View topology
This user cannot access the Reporting GUI, configure users, commit,
view configuration, or deploy configuration. The display area is left
unpopulated.
DragonReports This user, also referred to as an analyst, has view-only access to the
management GUI, with the exception of being able to launch the
Reporting interface from the GUI.
Also has access to Reporting GUI from a browser.
DragonUserAdmin Access only to user creation management GUI tasks.
This user can create other users, but cannot perform any other
management GUI tasks. This role may be combined with other roles.
Table E-1 Dragon User Roles
Dragon Role Description
RADIUS Requirements
EMS Server Requirements
TheEMSservermustbeallowedasaRADIUSclienttotheRADIUSserver.
TheRADIUSsharedsecretconfiguredontheEMSservermustmatchthesharedsecretconfigured
ontheRADIUSserver.
DragonsupportstheCHAPandPAPauthenticationprotocols.
Bydefault,theinstallationprocessallowsyoutoconfigureonlyoneRADIUSserverfor
authentication.IfyournetworkenvironmentneedsamorecomplexRADIUSconfiguration,
pleasecontactEnterasysNetworksTechnicalSupportforassistance.
Example
ThefollowingexampleshowshowtoconfiguretheFilterIdattributeinanenvironmentusing
WindowsServerIASasaRADIUSserver.FourFilterIDshavebeenconfigured,oneforeachof
fourDragonroles.NotethattheDragonViewAdminroleisrequiredtobeconfiguredforevery
Dragonuser,inadditiontoanyotherrolesthatmaybeassigned.
LDAP Requirements
LDAP Requirements
Thissectiondescribestheschemaobjectsandattributesandthedirectorystructurethatmustbe
definedintheLDAPdatabasetosupportDragon.
Ingeneral,anorganizationalunitmustbecreated,andwithinit,organizationalrolesmustbe
defined,oneorganizationalroleforeachDragonrolelistedinTable E1onpage E1.Withineach
oftheorganizationalrolesisaroleoccupantattributethatwillholduserswhohaveaccessto
thatrole.TheroleoccupantattributetakesthefullDN(directoryname)oftheuseryouwould
liketohaveprivilegestothatrole.
Onepossiblestructureisoutlinedbelow.SchemaObjectsareinboldandobjectattributesare
italicized.
O=Enterasys(organization)
ou=DragonGroups(organizationalunit)
DragonSuperAdmin(organizationalRole)
cn=RosanneRoe,ou=People,o=Enterasys(RoleOccupantAttribute)
cn=JohnDoe,ou=People,o=Enterasys(RoleOccupantAttribute)
DragonViewAdmin(organizationRole)
cn=NelsonCoe,ou=People,o=Enterasys(RoleOccupantAttribute)...
//AddtherestoftheDragonRolestoDragonGroups
ou=People(organizationalunit)
JohnDoe(person)
(personattributes(password,email,phone#etc))
RosanneRoe(person)
(personattributes(password,email,phone#etc))
...forallusers.
Inthestructureshownabove,thetreeisdividedintotwopartspeopleandrolesbothof
whichhaveaparentwhichisanorganizationalunit:
PeopleorganizationalunitMostcompanieswhichuseadirectoryservicewillalreadyhave
users/peopledefinedintheirschema(forexample,WindowsActivedirectoryforallthe
employeesinyourcompany).Youcanuseexistingpeopleorcreateanewgroupofspecific
usersandnamestobeusedonlyforDragon.
DragonGroupsorganizationalunitIntheexampleabove,theDragonGroups
organizationalunitcontainsalloftheDragonroleswithinit.EachrolehastheattributeRole
OccupantwhichtakesthefullDN(directoryname)oftheuseryouwouldliketohave
privilegestothatrole.Toauthenticateagainstadirectory,ausermustexistandmustbe
assignedtoatleastonerole.
DragonLDAPauthenticationwillworkasfollows:
1. Taketheusernameandpasswordandauthenticate.
2. Ifthisauthenticationfails,sodoesthelogin.
3. Ifthisauthenticationpasses,andtheuserexists,andtheirpasswordiscorrect,testallthe
Dragonrolesforthatusersexistencewithinthem.
4. Givetheuserwhateverrolecredentialstheuserexistsin.
LDAP Requirements
5. IftheuserdoesnotexistinanyoftheDragonroles,authenticationwillfailbecausetheuseris
notavalidDragonUser.
Sample Enterasys.ldif
dn: o=Enterasys
o: Enterasys
objectclass: top
objectclass: organization
dn: ou=DragonGroups, o=Enterasys
ou: DragonGroups
objectclass: top
objectclass: organizationalunit
dn: cn=DragonSuperAdmin, ou=DragonGroups, o=Enterasys
cn: DragonSuperAdmin
objectclass: top
objectclass: organizationalRole
ou: DragonGroups
roleOccupant: cn=Rosanne Roe, ou=People, o=Enterasys
roleOccupant: cn=John Doe, ou=People, o=Enterasys
description: Dragon super users
dn: cn=DragonUserAdmin, ou=DragonGroups, o=Enterasys
cn: DragonUserAdmin
objectclass: top
ou: DragonGroups
description: Dragon admin users
dn: cn=DragonConfigAdmin, ou=DragonGroups, o=Enterasys
cn: DragonConfigAdmin
objectclass: top
ou: DragonGroups
roleOccupant: cn=Nelson Coe, ou=People, o=Enterasys
roleOccupant: cn=Bill Bow, ou=People, o=Enterasys
description: Dragon config users
dn: cn=DragonViewAdmin,ou=DragonGroups,o=Enterasys
objectclass: top
LDAP Requirements
cn: DragonViewAdmin
ou: DragonGroups
roleOccupant: cn=Nelson Coe, ou=People, o=Enterasys
roleOccupant: cn=Bill Bow, ou=People, o=Enterasys
description: Dragon viewing users
dn: ou=People, o=Enterasys
ou: People
objectclass: top
objectclass: organizationalunit
dn: cn=John Doe, ou=People, o=Enterasys
cn: John Doe
sn: John Doe
userPassword: MYsecret
mail: J.Doe@JNDITutorial.com
telephonenumber: +1 408 555 5252
facsimiletelephonenumber: +1 408 555 3228
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
dn: cn=Rosanne Roe, ou=People, o=Enterasys
cn: Rosanne Roe
sn: Roe
userPassword: Rosanne
mail: R.Roe@JNDITutorial.com
objectclass: top
objectclass: person
dn: cn=Nelson Coe, ou=People, o=Enterasys
cn: Nelson Coe
sn: Coe
userPassword: his3Ssecret
LDAP Requirements
mail: N.Coe@JNDITutorial.com
objectclass: top
objectclass: person
dn: cn=Bill Bow, ou=People, o=Enterasys
cn: Bill Bow
sn: Bow
mail: B.Bow@JNDITutorial.com
objectclass: top
objectclass: person
Requirements for LDIF Directory Structure
Ausermustexistinthedatabase.
Ausermusthavethepasswordattributeset.
Aparentobjectthatiscapableofsubclassingorganizationalrolesmustbecreated.Referto
RFC2256.
AnorganizationalrolemustbecreatedforeachofthegivenDragonrolesandthename
spelledexactlyasshowninTable E1onpage E1.
TheroleoccupantattributeineachoftheorganizationalrolesmustbegiventhefullDNofa
userwhohasbeenassignedtothatrole.
EVERYuserwhohasaDragonrolemustalsobeaddedtotheDragonViewAdminrole.
WithoutbeingaddedtotheDragonViewAdminrole,auserwithanyotherrolestillcannot
authenticateproperly.
LDAP Requirements
Index-1
Index
B
Back panel
DRAGON-E500-SX/TX 1-4
Dragon-EAL-SX/TX 2-5
DSEMA7-6RED400U 3-4
DSEMA7-LE/ME 2-5
DSEMA7-RED-U 3-4
DSEMA7-U 1-4
DSEPA7 2-5
DSIPA7-FE-TX 2-5
DSIPA7-GE250-SX/TX 2-5
DSIPA7-GIG-SX/TX 3-4
DSISA7-SX/TX 2-5
DSNSA7-FE-TX 2-5
DSNSA7-GE250-SX/TX 2-5
DSNSA7-GIG-SX/TX 3-4
Binary upgrade for sensors, see
Distributed binary upgrade
Buttons
DSEMA7-6RED400U 3-6
DSEMA7-LE/ME 2-6
DSEMA7-RED-U 3-6
DSEMA7-U 1-5
DSEPA7 2-6
DSIPA7-FE-TX 2-6
DSISA7-SX/TX 2-6
DSNSA7-FE-TX 2-6
C
Certificate-based encryption 5-34
Commissioning the appliance 4-4
Create user account 4-1
Custom SSL keystore generation 5-34
D
Default certificate 5-34
Default installation directory 5-8
controlling the upgrade 5-13
EMS Upgrade Prerequisites 5-10
from V7.2.1 only C-5
monitoring a 7.2.1.1 upgrade C-6
monitoring a 7.2.2 upgrade 5-12
naming convention rules 5-15
platform specific information C-5
status information 5-13
supported platforms 5-10
upgrading from the EMS client C-6
Dragon permanent key request 4-2
Dragon ports used 5-37
Dragon upgrade 5-6
DragonAdmin E-1
DragonCommitAdmin E-2
DragonDeployAdmin E-1
DRAGON-E500-SX/TX
overview 1-1
setup 1-1
Dragon-EAL-SX/TX
overview 2-1
setup 2-1
DragonReports E-2
DragonSuperAdmin E-1
DragonUserAdmin E-2
DragonViewAdmin E-2
DragonViewConfigAdmin E-2
DSEMA7-6RED400U
overview 3-1
setup 3-1
DSEMA7-LE/ME
overview 2-1
setup 2-1
DSEMA7-RED-U
overview 3-1
setup 3-1
DSEMA7-U
overview 1-1, 2-1, 3-1
setup 1-1
DSEPA7
overview 2-1
setup 2-1
DSIPA7-FE-TX overview 2-1
DSIPA7-FE-TX setup 2-1
DSIPA7-GE250-SX/TX
overview 2-1
setup 2-1
DSIPA7-GE500-SX/TX
overview 1-1, 2-1, 3-1
setup 1-1
DSIPA7-GIG-SX/TX
overview 3-1
setup 3-1
DSISA7-SX/TX
overview 2-1
setup 2-1
DSNSA7-FE-TX overview 2-1
DSNSA7-FE-TX setup 2-1
DSNSA7-GE250-SX/TX
overview 2-1
setup 2-1
DSNSA7-GE500-SX/TX
overview 1-1, 2-1, 3-1
setup 1-1, 2-1, 3-1
DSNSA7-GIG-SX/TX
overview 3-1
setup 3-1
E
EMS
client installation 5-24
server start 5-33
Enterprise Manager installation 5-16,
5-25
F
Front panel controls and indicators
DSEMA7-6RED400U 3-6
DSEMA7-RED-U 3-6
DSEMA7-U 1-5
G
Generating a new key 4-2
Getting help xvii
GUI installation 5-24
H
hard drive, installing B-1
Help xvii
Host Sensor
policy import C-2
Host Sensor silent mode installation on
Windows 5-32
I
Installation
Host Sensor (Windows) 5-31
overview 5-2
types 5-4
Installation procedure
EMS Client 5-24
Enterprise Manager 5-16, 5-25
hard drive B-1
Host Sensor on Windows 5-31
Host Sensor silent mode on
Windows 5-32
Installation types
custom 5-5
Enterprise Manager 5-4
reporting 5-5
Sensor & Agents 5-4
standalone 5-4
Intended audience xv
IPS
two keywords in license 4-3
Index-2
J
Java keytool 5-34
K
Kernel
upgrade 5-6, A-1
version A-1
Key
file 4-2
generation 4-2
installation 4-6
upgrade 4-3
Keystore 5-34
Kit contents
DSEMA7-6RED400U 3-1
DSEMA7-LE/ME 2-1
DSEMA7-RED-U 3-1
DSEMA7-U 1-1
DSEPA7 2-1
DSIPA7-FE-TX 2-1
DSISA7-SX/TX 2-1
DSNSA7-FE-TX 2-1
L
LDAP requirements E-4
LEDs
DSEMA7-6RED400U 3-6
DSEMA7-LE/ME 2-6
DSEMA7-RED-U 3-6
DSEMA7-U 1-5
DSEPA7 2-6
DSIPA7-FE-TX 2-6
DSISA7-SX/TX 2-6
DSNSA7-FE-TX 2-6
Licensing 4-2
Linux
kernel version A-1
upgrade kernel A-1
N
Network Sensor
policy import C-2
Non-managed sensor 5-4
P
Ports used by Dragon 5-37
Power supply
DSEMA7-6RED400U 3-3
DSEMA7-LE/ME 2-3
DSEMA7-RED-U 3-3
DSEMA7-U 1-3
DSEPA7 2-3
DSIPA7-FE-TX 2-3
DSISA7-SX/TX 2-3
DSNSA7-FE-TX 2-3
Pre-commissioning tasks 4-1
Proprietary operating system 1-1, 2-1,
3-1
R
Rack installation
DSEMA7-6RED400U 3-8
DSEMA7-LE/ME 2-8
DSEMA7-RED-U 3-8
DSEMA7-U 1-7
DSEPA7 2-8
DSIPA7-FE-TX 2-8
DSISA7-SX/TX 2-8
DSNSA7-FE-TX 2-8
RADIUS requirements E-2
Register 4-2
Regulatory
DSEMA7-6RED400U 3-20
DSEMA7-LE/ME 2-20
DSEMA7-RED-U 3-20
DSEMA7-U 1-19
DSEPA7 2-20
DSIPA7-FE-TX 2-20
DSISA7-SX/TX 2-20
DSNSA7-FE-TX 2-20
S
Safety
DSEMA7-6RED400U 3-9
DSEMA7-LE/ME 2-9
DSEMA7-RED-U 3-9
DSEMA7-U 1-8
DSEPA7 2-9
DSIPA7-FE-TX 2-9
DSISA7-SX/TX 2-9
DSNSA7-FE-TX 2-9
Server
start 5-33
stop 5-33
Sign up 4-2
Software upgrade 5-6
Specifications
DSEMA7-6RED400U 3-2
DSEMA7-LE/ME 2-2
DSEMA7-RED-U 3-2
DSEMA7-U 1-2
DSEPA7 2-2
DSIPA7-FE-TX 2-2
DSISA7-SX/TX 2-2
DSNSA7-FE-TX 2-2
SSL keystore generation 5-34
Standalone
Host Sensor (UNIX) 5-25
Standalone installation 5-4
Start server 5-33
Stop server 5-33
T
Technical support xvii
Tomcat certificates 5-35
Types of installations 5-4
custom 5-5
Enterprise Manager 5-4
reporting 5-5
Sensor & Agents 5-4
standalone 5-4
Index-3
Typographical conventions xvi
U
Upgrade
binary for remote sensors, see
Upgrade Dragon
from a previous V7.x 5-6
from V6.x C-1
procedure 5-6
Upgrade from V6.x to V7.x C-1
Upgrade key 4-3
User account creation 4-1
Index-4

Installation Guide - Includes Legacy Appliances

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Installation Guide - Includes Legacy Appliances

Uploaded by

Copyright:

Available Formats

Enterasys Dragon

Intrusion Defense System

Supplement to Product Instructions

Zur ordnungsgemen Khlung und Lftung mu die Gehuseabdeckung immer

You might also like