Tripp Lite B097016 Owners Manual for B093- B097- and B098-Series Console Serve - Page 35

3. System Configuration A backup configuration file - model-name_iso-format-date_config.opg - is downloaded from the Tripp Lite device to the local system. Alternately, you can save the configuration as an xml file: • Select System > Configuration Backup > XML Configuration. An editable field containing the configuration file in XML format is presented. • Click into the field to make it active. • If you are running any browser on Windows or Linux, right-click and choose Select All from the contextual menu or press Control-A. Then, right-click and choose Copy from the contextual menu or press Control-C. • If you are using any browser on Mac OS, choose Edit > Select All or press Command-A. Then choose Edit > Copy or press Command-C. • In your preferred text-editor, create a new empty document, paste the copied data into the empty document and save the file. Whatever file-name you choose, it must include the.xml filename suffix. • Copy the saved .opg or .xml file to a public-facing directory on a file server serving at least one of the following protocols: HTTPS, HTTP, FTP or TFTP (only HTTPS can be used if the connection between the file server and a to-be-configured Tripp Lite device travels over an untrusted network). • Configure your DHCP server to include a vendor-specific option for Tripp Lite devices (this will be performed in a DHCP serverspecific way). The vendor-specific option should be set to a string containing the URL of the published .opg or .xml file in the step above. The option string must not exceed 250 characters and it must end in either .opg or .xml. • Connect a new Tripp Lite device (either factory-reset or Config-Erased) to the network and apply power. Note: It may take up to 5 minutes for the device to find the .opg or .xml file (via DHCP), download, install and then reboot. Example ISC DHCP (dhcpd) Server Configuration The following is an example DHCP server configuration fragment for serving an .opg configuration image via the ISC DHCP server, dhcpd: option space tripp-lite code width 1 length width 1; option tripp-lite.config-url code 1 = text; class " tripp-lite -config-over-dhcp-test" { match if option vendor-class-identifier ~~ "^Tripp Lite/"; vendor-option-space tripp-lite; option tripp-lite.config-url "https://example.com/tripp-lite/${class}.opg"; } Setup When the LAN is Untrusted If the connection between the file server and a to-be-configured Tripp Lite device includes an untrusted network, a two-handed approach can mitigate the issue. Note: This approach adds two physical steps where trust can be difficult, if not impossible, to establish completely. First, the custody chain from the creation of the data-carrying USB flash drive to its deployment. Second, the hands connecting the USB flash drive to the Tripp Lite device. • Generate an X.509 certificate for the Tripp Lite device. • Concatenate the certificate and its private key into a single file named client.pem. • Copy client.pem onto a USB flash drive. • Set up an HTTPS server such that access to the .opg or .xml file is restricted to clients that can provide the X.509 client certificate generated above. • Put a copy of the CA cert that signed the HTTP server's certificate - ca-bundle.crt - onto the USB flash drive bearing client.pem. • Insert the USB flash drive into the Tripp Lite device before attaching power or network. • Continue the procedure from 'Copy the saved .opg or .xml file to a public-facing directory on a file server' above using the HTTPS protocol between the client and server. 35