CDI OBM

QUICKSTART
GUIDE

QuickStart Guide Version 1.0

Communication Devices Inc.

85 Fulton Street

Boonton , NJ 07005-1912

www.commdevices.com

Page | 1 
 
Table of Contents
                                                                                                                                                                                                 Page 

Table of Contents ................................................................................................................................................................. 2

Installing the Software from the CD.............................................................................................................................. 3
SQL Server Express 2008.............................................................................................................................................. 3
Install the CDI Database................................................................................................................................................ 3
Application Server .......................................................................................................................................................... 5
Server Settings ............................................................................................................................................................. 6
Authentication Server ............................................................................................................................................... 6
Install Out of Band Manager........................................................................................................................................ 7
Starting OBM ......................................................................................................................................................................... 7
System Users ......................................................................................................................................................................... 8
NOC Sites ................................................................................................................................................................................. 9
Adding Client Devices to the NOC site ....................................................................................................................10
Create a Group ....................................................................................................................................................................15
Adding a Remote Site........................................................................................................................................................16
Remote Devices ..................................................................................................................................................................17
Adding a Remote device..............................................................................................................................................17
Programming a device .....................................................................................................................................................18
Accessing Devices ..............................................................................................................................................................19
Accessing CDI Devices .............................................................................................................................................19
Accessing Non‐CDI Devices....................................................................................................................................20 
 

Page | 2 
 
Installing the Software from the CD
 

Only installed on machine that will be the server (can be a desktop). Is only installed on ONE machine.
Upon inserting CD, Autorun will display the following:

Green Install Buttons

SQL Server Express 2008

 

Only installed on machine that will be the server (can be a desktop). Is only installed on ONE machine.
Allows you to install or remove SQL Express 2008. Our installer utilizes the standard install package
from Microsoft. This install is only required if you do not have a network SQL server. Install this first if
installing the server.

Install the CDI Database

Click on “Install” to install the CDI Database

The Install Option allows for the installation of a new database. The database should be installed on
your Windows based OBM server, along with the Application server.

Page | 3 
 
You will be asked to provide the target SQL Server, the type of authentication and the folder path
where the database files are to be stored. Delete current database is not needed on the initial install.

You will be asked to specify license files. There is one seat, 10 terminal, and 7 EDL Licenses included
in the OBM.

Answer yes and specify the CD drive location and “ok”

The Installer will notify you when the Database creation is complete, click “ok”.

Page | 4 
 
Application Server
 
Only installed on machine that will be the server (can be a desktop). Is only installed on ONE machine.

This component allows you to install, configure, update, or remove the application server. The
Application Server is required to run the OBM system. It handles all communication between the
database and the workstations. It must be installed and remain running 24/7 for the OBM Application
to work. If the Application Server is not running, your OBM workstations will not function. The
Application server should be installed on your Windows-based server, along with the OBM Database.

Click the green install button in Application Server area

Click “next” at “Welcome”
Folder will be C:\Program Files\Communication Devices Inc\Server\ Change if necessary; and specify if
for all users or just current user. Click “Next”
Accept the license agreement. Click “Next”
CDI Application server will install. This may take a few minutes.
Click “Close” once you have received the “installation complete” message
The Configure Option will come up in a minute or two.

Page | 5 
 
Server Settings
 
The IP address of the server. By default, this is “localhost” and needs to be changed to the IP of the
app server, unless you are performing an SQL Express based install.
Server Mode. By default, Simple Mode is selected. To install & use an encryption certificate, select
Encrypted Mode.
Server and Notification ports. Defines the network ports which will be used for data transmission and
notifications.
Authentication: If you choose Windows Authentication, your user login authentication is handled by
windows workgroups. If you choose SQL Server Authentication, the SQL Server handles database
logins.
The Log Settings dictate the location in which the log file will be stored, as well as the level of detail
that is written to those logs. By default, the log file resides in the root of the application directory
(C:\Program Files\Communication Devices Inc\Out of Band Manager\). You can change the location of
this file by clicking the ellipsis (…) in the application install / configuration dialog.

The following are updates which can be done later using the Configure button in the OBM Application
Server installer
Update Settings & OBM Sharing- OBM Sharing is a feature which allows for the easy updating of non-
network workstations.
Update and Remove Option- The Update option allows you to update the OBM application server to a
later version.

Authentication Server
 

This should be changed to the address of the authentication server if using one.
Radius and Tacacs+: Enter Tacacs+ and Radius Options.
Network Discovery Server and Polling Service Options- Enter Network Discovery and Polling Service
Options
When done, click green “OK”

Page | 6 
 
Install Out of Band Manager
 

Install on each machine that wants to connect to the OBM database for management or operations.
Typically, the OBM Manager would not be installed on the server, only on the workstations that will be
connecting to the server; however, the Out of Band Manager is capable of running on the OBM server.
Click the green Install button for Out of Band Manager will present you with the OBM Application install
dialog.
Click “next” at welcome. Specify folder if different than default, then if OBM is just for current user or
all users. Accept License agreement.
You will need to supply the installer with the IP address of the application server, the server mode, and
the path for the log file.

Starting OBM

Once OBM is installed, a shortcut will appear on your desktop. If this is the first time you’ve
run OBM, you will be presented with a registration form, which may be returned to CDI via
email or fax.

Assuming a successful connection to the Application

Server, you will be presented with the OBM login
screen. The factory default login is:
Username: administrator

Page | 7 
 
 Password: administrator
These login credentials can be changed, and new users added, from within OBM.

You can select which OBM server to connect to, if multiple are available, by clicking the blue arrow
button. You will be presented with a list of currently configured servers. In addition to selecting which
server to connect to, you may also add or remove servers.

System Users
 

To add users or change the default administrator password:

Click on “System Users”, then add a user name and password; confirm the password.
The OBM will be set up with a role of administrator, click on the box on the right side of the screen to
add to this role. Roles can be set up tailored to your needs.
You may also click on any user and change the user name, password, or other fields

Page | 8 
 
To change the type of user, click on “Users”; then the drop down menu from “User Type” ; either in
the user info tab or in the user’s line on the User list. The default user type is

encryption.

NOC Sites
 

A NOC site is any central site where Client device will be installed. The Client devices are used to
dialout to remote sites and connect securely.

After the installation of the OBM, the groups setup will be as below. There will be a default NOC site,
which can be renamed. The template can be changed for the new devices added (parameters are
shown in adding client device to the NOC site.) This is done by clicking on NOC Site Management.

You must press the save button

for your changes to take effect.
Page | 9 
 
Adding Client Devices to the NOC site

Client devices are added to the NOC Sites Group. Once it has been added to the NOC Sites Group, the
client device may be attached to one or more Groups.
Double Click on the NOC site in the tree. Then Click on Create and select Client Device from the drop
down.

Device Info

Network Enable, AES256 Enable (PA1XX’s only) and SSH Enable should be checked unless you are not
using them.
Enter a name you would like the device to be called.
Select the mode of communication with the device- modem, serial, network…

Network Properties

The network proprieties tab defines properties such as IP addresses associated with the device, Syslog
server, and attributes of the Syslog server, and OBM heartbeat.

Page | 10 
 
Device IP Address: IP address of the device
NAT Address: Normally this is the same as the Device IP address. The purpose of this address is to
allow devices of an internal network to be identified by one IP address when routed to a different
network.
Subnet Mask: The Subnet Mask determines to which subnet an IP address belongs by filtering with
this bit pattern. If your host PC is using the wrong subnet mask, it may not be possible to correctly
identify all users on that subnet and many users may be unreachable by your computer. The subnet
mask is defaulted to work with an 8-bit host address. For any other host bit address, you must change
the subnet mask to the proper setting.
Gateway IP Address (Optional) : The router/gateway address that allows you access to other
network segments. This address must be within the local network.
Client PPP Address (Optional): The address of the host to which the CDI device will send a request
to establish a PPP session.
Port No: The port number used to communicate from the Network side i.e. Telnet Port Number.
Only can be entered if “Use Default Port 1001” is not checked.
Use Default Port 10001: Click to enable the OBM to use of the device default port for programming.
Hardware Address: Only required if the device is initially being programmed via the network. The
OBM uses the Hardware Address (located on the label under on the underside of the unit) to find the
device on the network and program the IP address. If using modem or serial the OBM will retrieve the
hardware address.

Syslog Server
If a Syslog Server application is running on your network, CDI devices can report audit trail messages
to the Syslog Server for monitoring purposes.
Note: OBM can act as the syslog server, to view the Syslog log, click Syslog in the Logs toolbar.
Primary IP Address: Enter the primary address of the Application Server that is handling Syslog traffic.
You may then enter the Syslog IP port number that the CDI device can use for communication.
Secondary IP Address: Enter an address that will be used when the primary IP address is not available.
You may then enter the Syslog IP port number that the CDI device can use for communication.

OBM RealTime Log

Enable RealTime Log
RealTime logs (RTL) allow real-time messages from CDI devices to be sent via the network connection
to the OBM server. Without RTL enabled the devices will not send events in real time back to the
server, they will be buffered until the unit is polled (which will need to be enabled). RTL must be
enabled in order to generate alarms from missed heartbeats.

Page | 11 
 
RealTime Log Address
IP address of the OBM workstation that is enabled for Real Time logs.
OBM Heartbeat Attributes
The OBM Heartbeat is an automatic “I’m alive” and here is the Telco Line Status (TLS) message that is
sent periodically by a CDI device to the OBM application server. If heartbeat messages or any other
messages are not received by the OBM application server within the given time interval, an alarm (No
Contact From Device) will be triggered for this device. This would indicate that the device is in trouble
or its network access is in trouble.
The Heartbeat also checks the “Telco Line Status”. The modem will go “off hook” and check for Dial
Tone during each Heartbeat interval. The device will report that status of the Telco line as part of the
Heartbeat response. This allows the central site to realize that a remote site has no working telco
connection long before it is going to be used. If the Telco line is restored, this is also reported in the
Heartbeat message. The OBM can pass this alarm to an SNMP manager, an Email Alert, or a SMS text
message.
For non-CDI devices, this is accomplished using Polling. The Polling feature pings the device at a
specified interval to check if it is still available and online.
Max No. Of Missed Heartbeats
Number of missed heartbeats that will trigger an alarm from the OBM workstation that is set for real
time logs. The default is three to allow for latency and/or collisions in a network
Heartbeat Message Interval
The time in minutes between heartbeats sent by the remote device. For example, an interval of 60
would generate a heartbeat once an hour by the remote device. This interval would be programmed
into the device.
Example: If the Maximum Number of Missed heartbeats is set to three beats and the Heartbeat
Message Interval to 60 minutes, a “No Contact From Device” error is generated by the OBM each time
the device does not respond with 180 minutes (3 x 60).
Note: In order to receive heartbeat messages or alarms, OBM RealTime logs must enabled. If real-time
logs are not enabled, no heartbeat messages will be received even though the heartbeat attributes
have been defined. OBM Real Time logs are enabled in Common System Settings tab.
Radius Server
Primary IP Address: Enter the Radius IP Address of the Radius server.
Secondary IP Address: Enter an IP address to be used fir the Primary IP address is not available.
Radius Key Optional: Enter the Radius Key. A maximum of 128 characters can be entered.

System Options The parameters on this screen enable you to set user security levels, system
password and key information, and first message delay time. The parameters displayed may vary
depending on the device.

Page | 12 
 
AES Mode: All should be checked for the client to accept all types of Encryption to the Remote
Sys Password: This is the password used by OBM to access the device. Enter a password by the OBM
to access and program the device. If asterisks are displayed, a password already exists. You may
change the password by deleting the current one and entering a new one. For security purposes, the
password will be displayed as asterisks.
Sys Key: This is the key used by OBM to access and encrypt data with the device.. By using the sys
key, communication between the OBM and the device encrypted. The system key must have 48 hex
characters. The Sys Key may be entered or system-generated. To have the system generate it, click
Generate.
Host DTR / RTS Loss of Signal: Sets the number of seconds that the host signals have been lost
before an alarm is generated and sent back to the OBM. A loss of signal from the host device can
signify the device is in trouble, a loss of power, or a cable being removed from the device. The
connection to the host has been lost

Page | 13 
 
Internal Modem

Internal Modem Type: Select either Analog or GPRS (cellular) as the internal modem type. If GPRS
is selected, the device needs to have a GPRS modem installed.
Extra AT Command Settings
Modem Type:
Modem Inactivity timer (min); Specify the number of minutes of no activity detected by the modem
before the modem disconnects.
Enter 0 to disable this feature.
Serial AT Commands: Click the checkbox to program the AT command into the modem. You do not
have to enter an AT in the front of command string and do not include spaces or delimiters between
commands.
Modem
Modem Port Bits/Parity: Select the modem port bits and parity from the drop down list.
Modem Port Baud Rate: Select the baud rate of the modem port from the drop down list.
Defined Messages
User-defined messages can be sent out either before or after the authentication process begins.
Primary: Enter a user-defined message sent before the authentication process starts. This is typically
“Welcome to XYZ Company only valid users should be using this system”, and may be followed by
additional legal warnings.
Secondary: A user-defined message sent after the first user authentication prompt response has been
processed. This is typically “we really meant what we said in the first message and will prosecute any
trespassers” followed by the appropriate legal warnings.

Device Audit
Maintains a trail of device activity

Page | 14 
 
Create a Group
 

A Group is a collection of remote sites that can be identified for management purposes. An example
might be different networks that are being managed like, Corporate, Engineering, Production, etc. Or
for an MSP it may be separate customers. 

Groups are broken down into elements which represent each SITE. Each site is then broken down into
DEVICES. The devices can be CDI devices (PA100/PA200) or can be non-CDI devices like ROUTERS,
FIREWALLS, NETWORK APPLICANCES, ETC. Non CDI devices can be access via Telnet, SSH, or
Browser. CDI devices can be access by NETWORK DIALOUT, SSH, NETWORK TUNNEL.

To Add a Group, Click on “Groups” in the Toolbar; Then click on “Create” near the top right of the
groups template screen. It will show the users and you can select all or the ones you want to be
members of this group.
Type in a name and a description for the group. Check the box at the right for the client encryptors to
be assigned to the group. Note: The Client Device or Encryptor must be programmed by the
OBM in order to be added to the Group

Device Info tab- enter a device type for the group template. Specify the Primary, Secondary, and
Terminal mode of communications. Also check RSA, Network, AES256, and SSH licenses if you are
using these. Specify the Primary, Secondary, and Terminal Communication.
Network Properties Tab- You will set up the Syslog server, OBM RealTime log, and OBM heartbeat
attributes as you did for the client device.
System info Tab, check the AES mode, & set up the System Key as you did for the client.
In device mode, enter the security you wish to use:
Standard Device (Enable Security)- Default
Auto Authentication/Encryption – this device will only communicate with CDI Clients in an
encrypted mode. The device will automatically attempt to exchange a key once a connection has been
established. The user will not be prompted for a userID.

Page | 15 
 
 RSA SecurID Device- The device will act like a legacy RSA SecurID device. This is a mode
created specifically to mimic a latency SecurID device and is only recommended for applications
requiring strict legacy compatibility. The broader use is for an RSA token ton be used in the encryption
mode or the standard mode with RSA enabled.
Standard Device (Bypass Security): Security is disabled for this device.
Network Access to Modem: Select the option for network access to the modem. When this option is
enabled, you can access the modem and dial out from the network. This can be a security concern
because the modem is enabling this will make the modem available for dial out from the network.
Disabled
Enabled /No Encryption
Enabled / Encryption

Internal Modem- Set up as in client device.

Default Ports- for use as a template, you may want to set up default ports if the same port is going
to be used for the same device on every device.
Polling Tab- Enable Polling, Interval, Max No of Missed Polls

Adding a Remote Site

Click the Remote Sites button in the Security toolbar. The Remote Sites tab will open.
In the Group field, select the Group from the drop down to which the Remote site will be added.
Click the Create Button near the top right.
Enter the name, location, contact name, and phone for the contact person. You may enter this
information in the open tab or in the table.
Click Save to save the changes. The new Remote Site will be displayed in the Group Tree pane. Click
Skip to ignore the changes.

Enter the Remote

Site information
You must press the save button
for your changes to take effect.

Page | 16 
 
Remote Devices

A remote device is a device in the field to which you will be connecting. Remote devices can be routers,
firewalls, network switches, and CDI devices. All these devices can be access and managed via the
OBM software A remote device can only belong to one Group, and only to one Remote Site within the
Group.

Adding a Remote device

A new remote device can be added to a Remote Site of a Group. When a new device is created, the
default parameters from the Group Template are applied. You may then open the Device Info and
other tabs to add device-specific information.
Click Remote Sites in the toolbar. The Remote Sites tab opens.

Alternatively, you may also add a device to a Remote Site by selecting the Remote Site from the Group
List.
To add a remote device to a Remote Site of a Group, use either method. The Device Info tab opens.
Verify that the Remote site name to which you want to add the device is displayed in the Sites field. If
it is not, select the site from the drop down menu.

Page | 17 
 
Click Create. The Device Info tab opens. A new device of the Default Device type will be listed in the
Device panel.
To add a device of a different type, select the device type from the drop-down list.
Enter the device-specific information in the Device Info tab, System Options, and the remaining tabs.
The tabs displayed depend on the device type. The fields of each tab are described in previous
sections.
When you are finished, click Save.
A non-CDI device, such as a router, firewall, or network switch, can be added to the database for SSH
access and/or periodic polling for activity.
To add a non-CDI device to a Group, follow the steps in section. Adding a Remote Device. For Device
type, select “non-CDI” device.
Fill in the fields in the Device Info tab, network properties, and how you would like to access the device
SSH
Telnet
Browser
Dial up
Polling. In Polling, remember to enable polling by clicking the Enable Polling checkbox. The Polling
feature pings the device at a given interval to make sure it is still online. This is equivalent to the
“Heartbeat” feature of CDI devices.
Click Save to save your changes.
The Device Info tab includes reference information about the device being added and defines the
communication paths by which OBM will access the device.
The entries displayed are the default entries that you entered in the Group template. You may need to
change these entries for the specific device that you are adding.

Programming a device

All the information you have been adding into the database is still in the database. In order to get that
information into the CDI devices they must be programmed.

To Program a device, go to the device in the NOC or Remote site. You may select programming at the
top or right click to the left of the device name and select programming. This will be via the default
communications you have specified in network properties (network, serial, modem…)

Page | 18 
 
 or 

Program-Reload Device: Clears the memory of the device then re-programs it with all the settings
in the device record information. The device record contains all the information, parameters, settings,
and properties that the OBM stores about a device. Use this for initial programming.
Program-Update Device: Updates the device by adding any changes configured in the device record
since the last time the device was programmed.
Device will be programmed with communications you had set up in the device. (Modem, Network, or
Serial Port.

Accessing Devices
Accessing CDI Devices
Your CDI devices can be accessed by navigating to the site you wish to connect to, right clicking on the
device, and selecting Connect To… from the menu or clicking Connect To, at the top next to
programming. You will be presented with the connection window, which will allow you to select how
you wish to connect to the device. Clicking the Connect button will begin the connection process. Once

Page | 19 
 
connected, you will be presented with a list of the serial or power control ports you have access to.
Selecting a host port will give you terminal access to reconfigure the attached non-CDI device. You will
then be able to interact with the device as if you were connected directly to it'sits serial port. Selecting
a power port will allow you to reset the attached device by interrupting it's power supply for a set
duration, or switching it off entirely, assuming of course, that you have installed a power control
module. Once you are finished, pressing the Disconnect button will drop the connection.
You may specify the type of connection between devices or direct.

You will get a screen preset for the connection setup of that device. You may change the connection
method by changing “select communication Type”. Once you press “connect” you will be passed to the
terminal screen and your keyboard will be directly mapped to the connection.
Click “disconnect” at the top or “ESC” on the keyboard to disconnect.

Accessing Non-CDI Devices

Your non-CDI devices can be accessed in much the same way as your CDI devices. Select the device
from the site’s device list, right click on it, and select Connect to…from the menu. . You will be
presented with the connection window, which will allow you to select how you wish to connect to the
device. Clicking the Connect button will begin the connection process. A terminal window will appear,
allowing you to interact with the device. Once you are finished, pressing the Disconnect button will
drop the connection.

Page | 20 
 
This is the menu displayed by a remote CDI device. You may connect to a HOST PORT by typing
H”X”return on the keyboard where “x” is the port number.

To control power on a selected power (if using Power Control Modules or a PA244x device) you can
type Px return on the keyboard where “x’ is the PCM port number. You will be prompted to power cycle
or turn power ON/OFF for that particular port.

Page | 21