|
Call Us:
US/Canada: 1-800-234-9072
Direct Dial: 1-818-575-4000 |
Welcome to BeyondTrust's support
portal for PowerKeeper. This page provides
support information about the PowerKeeper
HP ProLiant DL360 Generation 5 appliance.
We welcome all comments and suggestions
so that we may better serve our PowerKeeper
customers.
- How can I debug problems with
the VPN communication?
-
1. The network cables are in the
PowerKeeper Network interface on
each device.
2. The Ethernet cables are the correct
type for the connection used:
Hub or switch straight Ethernet
PowerKeeper to PowerKeeper direct
connection crossover cable
3. If you are using a managed switch,
check that it is not configured
for another network (must be 192.168.0.0/24).
4. The PowerKeeper address and firewall
address are on the same collision
domain.
5. The network cables are of good
quality (known to work on other
systems).
6. The firewall of either appliance
was not reset.
It is very important that the Primary
and Replica appliances are able
to communicate with their default
configuration prior to changing
the network and firewall settings.
All PowerKeeper appliances ship
with addresses on the 192.168.0.0/24
network.
Note: The two appliances of a High
Availability pair are not interchangeable.
Each device should come with a designated
role identified on the appliance.
This role is either Primary or Replica
and the devices must be configured
as such.
- How can I identify which PowerKeeper
device is the Primary and which one
the Replica?
-
The appliances are labeled as "Primary"
and "Replica" when shipped. If the
labels are missing or cannot be
seen, the following steps can be
taken:
1. Log in to the configuration page
by connecting a crossover cable
from your laptop to the PowerKeeper
port labeled CONFIG and access https://192.168.1.105/sypkconfig,
then go to Network Settings -> Net
Tools, and ping the word "primary".
Take note of the IP address that
is returned.
2. Go to Network Settings -> Modify
Network Settings and compare the
"Local IP Settings" with the result
of the ping in step 1. If
they match, you are connected to
the Primary, otherwise you are connected
to the Replica.
- Passwords are not being updated
after a change request.
-
1. Check that the correct platform
is set in the system record.
2. Has SSH been properly configured?
Verify communication to the remote
machine with a Test System operation.
3. If using Active Directory, make
sure the functional account password
matches in both PowerKeeper and
Active Directory.
- When I try to restore my database
to our Replica appliance, I get an error
that the database is Read-only.
-
The Replica appliance may be in
Test mode. Access the Replica and
change its state to "Primary".
- What if the Internet goes down
and we lose connection to the PowerKeeper
appliance? How do we retrieve passwords?
-
In the case of WAN loss, the passwords
can be released locally by an ISA
or Admin.
In the case of LAN loss, a workstation
can be connected to the PowerKeeper
appliance via crossover cable to
the network port.
- How much work is involved in
setting up the SSH and the configuration
with SSH?
-
Its quick and easy:
1. Add the functional account with
useradd or equivalent.
2. Change the UID and GID to 0.
3. Create a .ssh directory for the
functional account.
4. Copy the public key (id_dsa.pub)
from PowerKeeper to the .ssh directory.
5. Edit the sshd configuration file
on the client system (/etc/ssh/sshd_config)
per instructions in the PowerKeeper
manual.
6. Restart the ssh daemon.
- Is it possible to export the
private key to a new appliance, to allow
multiple appliances to reset the same
hosts without multiple key pairs?
-
No, there is no way to export the
private key. However, there is a
way to achieve this. By default,
PowerKeeper generates the key pair,
and only the public key is available
for export. There is an option under
Key Management to upload a private
key for use by PowerKeeper. From
this uploaded private key, PowerKeeper
then generates the appropriate public
key. Uploading this same private
key to multiple appliances would
achieve the result of only having
a single public key to load for
the functional account on the managed
systems.
Alternatively, PowerKeeper could
generate a new key pair when initially
installed. At this point, a backup
could be taken from this appliance
and loaded onto additional appliances.
This too would allow multiple appliances
to use the same private key. In
other words, the key pair is part
of the appliance backup, and is
restored during a restore operation.
This is done so that multiple key
pairs are not required for failover
in an HA setup, or for non-HA, so
that a cold spare could be restored
and functional without having to
install new public keys on the managed
systems. Please note this could
be used to sync the keys from multiple
appliances initially, but if the
key were ever changed (via generate
a new key pair), it would not be
possible to resync the appliances
without loss of data on the appliance
that is restored from backup.
- How can I update the SSL certificate
in PowerKeeper?
-
To replace the SSL certificate on
PowerKeeper, login to /sypkconfig
and navigate to
Keys > Web Certificate Request.
Replacing the certificate is a three-step
process that includes generating
a request, downloading and submitting
the request file to a certificate
authority (CA), and uploading the
new certificate to PowerKeeper.
1. Complete all required fields
of the Certificate Request Form
and select the Generate Certificate
Request button.
2. Download the request file generated
by PowerKeeper. Use this request
file with the CA to obtain a new
certificate.
3. Upload the new certificate provided
by the CA into PowerKeeper using
the Upload Web Certificate option.
Browse to the new certificate file
and click Upload. Refreshing the
current page or a logoff/logon will
display the new certificate.
BeyondTrust's technical support is available
24 hours per day, seven days per week.
Technical support representatives can
be contacted between 7:00 AM to 5:00
PM Pacific Time, Monday through Friday,
by telephone, email, and fax or by using
the online
support form. Evening and weekend
support is available by telephone only.
To expedite your support case, please
provide the following information in
communication with BeyondTrust customer
support representatives. Be prepared
to provide us with information about
yourself, your company, and the product
including:
 Product
name and version
Exact
command(s) run when the problem occurred
Specific
error message
Hardware support is provided by Hewlett-Packard
under the warranty that is included
with the purchase of PowerKeeper appliances.
These PowerKeeper appliances have a
standard Hewlett-Packard limited warranty
of 3 years on parts and on-site labor.
This warranty includes next business
day service from global service centers.
Response times are based on local standard
business days and working hours. See
the Hewlett-Packard web site for specific
details on response times for your region.
It is important that you contact BeyondTrust
Technical Support before contacting
Hewlett-Packard to properly analyze
the cause of the problem. Due to the
secure nature of the PowerKeeper appliance,
it may be difficult to determine if
a problem is hardware-related or software-related.
If BeyondTrust Technical Support finds
the problem is hardware-related, you
will be asked to contact your local
Hewlett-Packard service center to schedule
a service call. For the location of
your local Hewlett-Packard service center,
visit the
Hewlett-Packard
web site.
The status and expiration date of your
hardware warranty is also available
on the Hewlett-Packard web site. To
obtain this information, you need to
provide the current hardware model and
the appliance’s serial number. The current
hardware model for the PowerKeeper units
is the ProLiant DL360 G5. The serial
number is located on the top of the
PowerKeeper appliance.
Telephone:
(800) 234-9072
(818) 575-4040
Fax:
(818) 889-1894
|
PowerKeeper
Support
