----------------------------------------- Server Technology ----------------------------------------- Sentry Switched Cabinet Distribution Unit ----------------------------------------- Firmware Revision Notes ----------------------------------------- Sentry Switched CDU Version 7.1f January 19, 2021 =============================================================================== Applicable Products =================== Sentry Switched CDU firmware only applies to products with a product code of 11, or 51 through 56, hexadecimal. The product code is the fourth octet in the Ethernet MAC address, e.g., the "51" in "00-0A-9C-51-00-00". The Ethernet MAC address is displayed on the web "Configuration - System" page and by the SHOW SYSTEM command. Firmware Revision History ========================= yy-mm-dd Ver. Filename Description -------- ---- -------- ----------- ----------- Version 7.1 ----------- 21-01-19 7.1f swcdu-v71f.bin Sixth production release Version 7.1f is a maintenance and security-patch release. Update to version 7.1f is recommended for all products. Removed MS SYNC from the Treck TCP/IP stack to stop security scanners from giving a false positive for Ripple20 vulnerabilities. Fixed the SSH server to timeout and close sessions that never attempt authentication. Sessions are now closed if successful authentication does not complete within 60 seconds. Fixed the SSH server to limit authentication to three failed attempts. Fixed LDAP logins to fail if multiple user objects are returned by the user search, which indicates an invalid configuration of the user search filter. This prevents an unlikely case of an invalid configuration allowing a successful login. Fixed RADIUS authentication to operate over IPv6. 20-06-29 7.1e swcdu-v71e.bin Fifth production release Version 7.1e is a critical security-patch, new-feature, and maintenance release. Update to version 7.1e is strongly recommended for all products. Fixed critical TCP/IP stack vulnerabilities. Server Technology was recently notified that researchers from JSOF (www.jsof-tech.com) found vulnerabilities within the Treck TCPIP, IPv4, IPv6, DHCP, DHCPv6 and DNS products. These third-party libraries provide the network stack in our Switched CDU products. In reviewing these vulnerabilities, US-Cert and Mitre have classified the highest level as a possible "critical" severity (CVSS v3.1 score 10.0) vulnerability, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. Some of these vulnerabilities can be triggered remotely without any authentication on the device. The vulnerability can lead to a full remote code execution on the target device. Server Technology strongly recommends that customers immediately review and deploy this latest firmware to eliminate these potential risks. At time of release of this firmware, there is no known in the wild exploit of these vulnerabilities. JSOF and Treck are coordinating a public disclosure of the vulnerabilities that is tentatively set for June 15th, 2020. After disclosure, applicable Mitre CVE and US-Cert VU numbers will be added to these release notes. Update: JSOF has collectively named the vulnerabilities 'Ripple20'. More information is available at: https://www.jsof-tech.com/ripple20/ US-Cert VU number: 257161 Mitre CVE numbers: CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11899, CVE-2020-11900, CVE-2020-11901, CVE-2020-11902, CVE-2020-11903, CVE-2020-11904, CVE-2020-11905, CVE-2020-11906, CVE-2020-11907, CVE-2020-11908, CVE-2020-11909, CVE-2020-11910, CVE-2020-11911, CVE-2020-11912, CVE-2020-11913, CVE-2020-11914 Added SNMPv3 SHA authentication and AES privacy. Using the web interface, the SHA and AES options are configured by new choices in the Authentication Type and Privacy Type dropdowns on the Configuration->SNMP/Thresholds page. Using the CLI, the SHA and AES options are configured by these new command keywords: SET SNMP V3 ROAUTHTYPE { SHA } SET SNMP V3 RWAUTHTYPE { SHA } SET SNMP V3 ROPRIVTYPE { AES } SET SNMP V3 RWPRIVTYPE { AES } Added StartUp Stick support to configure SNMPv3 SHA authentication and AES privacy. Version 1.07 of the StartUp Stick spreadsheet tool is required. Updated the Sentry Network Access Protocol (SNAP) version to 2.1. This update supports configuring SNMPv3 SHA authentication and AES privacy. Increased the maximum number of repeater object IDs in an SNMP GetBulk operation from 10 to 20. Fixed the SNMP agent, when using SNMPv3 privacy (encryption), to disallow setting a duplicate value for 'name' objects that require uniqueness. Fixed the SNMP agent to increment the snmpEngineBoots value upon each initialization. Fixed SNMP Get operations for leaf node / scalar objects to only succeed when ending in '.0'. 19-01-15 7.1d swcdu-v71d.bin Fourth production release Version 7.1d is a new-feature, maintenance, and security-patch release. Update to version 7.1d is recommended for all products. Added support for console port login without DSR. This avoids the error message 'No DSR -- login is not available with DSR low' when connecting from a serial device that does not support DSR or does not assert DSR high. As in previous versions, sessions started with DSR high will monitor for a DSR loss (a high-to-low transition, for example, by a cable disconnect), upon which the session will automatically logout for security reasons. Sessions started with DSR low will not monitor for a DSR loss, such that a manual session logout or session timeout is required to avoid the security risk of a subsequent console connection starting in an already-authenticated session. Updated the OpenSSL component to v1.0.2p (August 2018). Refer to the OpenSSL.org change log for details. Fixed the web interface login to properly authenticate an entered username and/or password of exactly the maximum 32-character length. Fixed a potential CGI/HTTP crash and automatic restart when an unauthorized user attempts access during multiple simultaneous sessions. Fixed SNMP getnext operations to Sentry3-MIB eventInformationGroup objects when '.0' is not included at the end of the object ID in the request. Previously the object returned was one past the correct lexicographically-ordered object. Fixed SNMP IP Restrictions to 'Trap Destinations Only' when the trap destinations are specified by hostnames. Previously the hostnames were not being resolved to IP addresses, resulting in all inbound SNMP traffic being blocked. Fixed changes by successful SNMP set operations to mib-2 system objects (sysContact, sysName, and sysLocation) to be persistent across restarts. Fixed DNS lookups to not occur for blank hostnames. Built with an updated TCPIP library with a fix that avoids malformed DNS responses from potentially provoking crashes and unexpected behavior, and a fix for TCP hangups during SYN flood attacks. 18-02-12 7.1c swcdu-v71c.bin Third production release Version 7.1c is a new-feature, maintenance, and security-patch release. Update to version 7.1c is recommended for all products. Added support to attempt recovery from a Static IPv4 Address Conflict condition. Recovery is attempted upon a link integrity loss and recovery, and by periodic retries (starting shortly after detecting the condition, and repeating hourly). Added StartUp Stick support to configure: outlet reboot delay, outlet sequence interval, outlet sequence order, temperature scale, web session timeout, CLI session timeout, configuration reset button, strong passwords, and StartUp Stick disable. Version 1.04 of the StartUp Stick spreadsheet tool is required. Changed StartUp Stick support to log usage attempts when disabled, and to differentiate between EVENT and AUTH log messages. Changed the maximum length of the LDAP Search Bind Password from 20 to 32 characters. Updated the Sentry Network Access Protocol (SNAP) version to 2.0. This update supports the increased length of the LDAP Search Bind Password. Updated the OpenSSL component to v1.0.2n (Dec 2017), which is the latest release of the Long Term Support (LTS) version. Fixed the Login Banner configuration web page to not truncate banner text to 255 characters. This problem was introduced in v7.1b. Built with an updated SNMP library with a minor memory-overwrite fix. 17-08-02 7.1b swcdu-v71b.bin Second production release Version 7.1b is a maintenance and security-patch release. Update to version 7.1b is recommended for all products. Added a web and CLI message to inform users that outlets will not change state upon a restart. Added support for a Japanese outlet-control enable/acceptance page, for PSE compliance. Updated the OpenSSL component to v1.0.2l (May 2017), which is the latest release of the Long Term Support (LTS) version. This includes various bug fixes, but no security fixes. Reduced the number of supported simultaneous Telnet and SSH sessions to 3 each, from 4 each, to reduce RAM usage. Reduced the number of concurrent web connections to 16, from 24, to match the number of TLS1.2 threads and to reduce RAM usage. Adjusted RAM allocations to increase the system heap by 96K and the network heap by 64K, for increased stability during multiple concurrent TLS1.2 HTTPS sessions. Removed 'POPS SNMP Support' from the list of key-activated features, as this feature has been included without a key since v6.1a. Fixed the web server to no longer be vulnerable to the “Misfortune Cookie” security flaw (CVE-2014-9222). Fixed the web server to no longer be vulnerable to the "Digest Buffer Overflow Vulnerability" security flaw (CVE-2014-9223). 17-03-07 7.1a swcdu-v71a.bin First production release Version 7.1a is a major security-upgrade and minor maintenance release. Upgraded Transport Layer Security (TLS) to version 1.2 (RFC 5246). This support is based on OpenSSL v1.0.2k (January 2017), which is the latest release of the Long Term Support (LTS) version. Supported ciphers: TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA Removed TLS1.0 support and the 3DES (TLS_RSA_WITH_3DES_EDE_CBC_SHA) cipher. Only TLS1.2 is supported. Security upgrade notes and requirements: TLS1.2 support affects HTTPS, LDAPS, and SNAP. HTTPS (secure web server): A modern web browser with TLS1.2 support is required. Current versions of IE, Firefox, Chrome, Opera, and Safari have been tested and are supported. The HTTPS server uses the first matching cipher from the client preference list. LDAPS (secure LDAP client over TLS): LDAPS support requires a modern directory service with TLS1.2 support. Active Directory support has been tested with Windows Server 2012 R2. OpenLDAP support has been tested with v2.4.42. SNAP (secure access by Sentry Power Manager (SPM) software): SPM version 6.0.9 or later is required to support TLS1.2 for SNAP operations. Changed regenerated self-signed X.509 certificates to use a 2048-bit key and SHA256 as the signature hash algorithm, to comply with current minimum security standards. It is highly recommended (and may be required by some browsers) that old weaker self-signed certificates be removed from certificate stores and new stronger certificates be regenerated and accepted into certificate stores. Added dynamic adjustment of the default port number on the LDAP configuration web page when the Bind Type is changed. Added form submission by the Enter key on the Ping tools web page. Removed Cisco Energywise support. Fixed StartUp Stick support to properly handle configuring access by HTTPS but not HTTP, which previously errantly disabled all web services. Fixed a "Request Too Large" error message when making changes on the Outlet Traps and Shutdown configuration web pages on systems with a large number of outlets. Fixed the Outlet Traps configuration web page to not require reauthentication after visiting the page on systems with a large number of outlets. Fixed unnecessary delays between sending SNMP traps when many traps are sent in a short period of time. Fixed configuration changes to SNMP community strings, SNMP v3 users, and the SNMP trap format to indicate that a restart is required. Fixed configuration changes to the HTTP/S port to properly indicate when a restart is required. Fixed a CLI session end to be logged with a NOTICE severity to a SYSLOG server, instead of a WARNING severity. Fixed identification of the power action (on/off/reboot) in an RF Code outlet state-change alarm. Fixed code to suspend the web thread during firmware updates. ----------- Version 7.0 ----------- 17-03-08 7.0w swcdu-v70w.bin Twenty-first production release Version 7.0w is a minor maintenance release. Added dynamic adjustment of the default port number on the LDAP configuration web page when the Bind Type is changed. Added form submission by the Enter key on the Ping tools web page. Fixed StartUp Stick support to properly handle configuring access by HTTPS but not HTTP, which previously errantly disabled all web services. Fixed a "Request Too Large" error message when making changes on the Outlet Traps and Shutdown configuration web pages on systems with a large number of outlets. Fixed the Outlet Traps configuration web page to not require reauthentication after visiting the page on systems with a large number of outlets. Fixed unnecessary delays between sending SNMP traps when many traps are sent in a short period of time. Fixed configuration changes to SNMP community strings, SNMP v3 users, and the SNMP trap format to indicate that a restart is required. Fixed configuration changes to the HTTP/S port to properly indicate when a restart is required. Fixed a CLI session end to be logged with a NOTICE severity to a SYSLOG server, instead of a WARNING severity. Fixed identification of the power action (on/off/reboot) in an RF Code outlet state-change alarm. Fixed code to suspend the web thread during firmware updates. 16-08-26 7.0v swcdu-v70v.bin Twentieth production release Version 7.0v is a maintenance-only release. Update to version 7.0v is recommended for all products. Fixed successful authentication responses from secondary remote authentication servers (LDAP, TACACS+, RADIUS) to allow access, instead of being ignored. Fixed cases of the auto-orientation sensor status not being applied if inverted at powerup. Fixed a possible crash and automatic restart of the root thread due to a stack overflow resulting from constantly repeating SSH sessions. Fixed system monitoring of the SSH server thread to cause an automatic restart if found to have ended unexpectedly. 16-04-27 7.0u swcdu-v70u.bin Nineteenth production release Version 7.0u is a maintenance and security-patch release. Update to version 7.0u is strongly recommended for all products. Added 'Silk to UI Map' scheme numbers 15 and 16, for custom- silkscreened products with reversed N to 1 outlet numbering. Added infeed status and flash information to DEBUG SUPPORT. Replaced the default SNTP servers (2.pool.ntp.org and 1.pool.ntp.org) with newly-registered Server Technology NTP pool servers (2.servertech.pool.ntp.org and 1.servertech.pool.ntp.org). Changed FTP GET failure responses to distinguish between 'File Not Found' and 'Permission Denied'. Fixed FTP firmware uploads by FileZilla when configured to use more than one connection. Previously a restart would occur without flash-writing the update. Fixed a security issue with SNMP v1/v2c community strings. Fixed changes to the SNMP SysName, SysContact, and SysLocation strings to not require a restart to take effect. Fixed normal SNAP restarts, which broke in 7.0s. This bug prevented the unit from restarting when SPM performed a normal 'Restart', although the operation appeared to succeed in SPM. Updated the integrated board-level test code to v3.0d, with a fix for a factory process that could corrupt flash wear counters. Note: this functionality is only accessible and used during the factory production process. Rebuilt the SSL, SSH, LDAP, Directory Services, and Energywise libraries, to accommodate updated dependencies. 15-10-14 7.0t swcdu-v70t.bin Eighteenth production release Version 7.0t is a maintenance-only release. Update to version 7.0t is recommended for all products. Fixed RF Code support, which broke in v7.0s. Fixed modem initialization support, which broke in v7.0s. Fixed not being able to turn off (uncheck) the Location Blink option on the web 'Configuration - System' page, which broke in v7.0s. Fixed SHOW TRAPS to show the T/H sensor trap information, and to show the correct Status Trap and Delta values for T/H sensors of second or later environmental monitors, which were showing values for the first environmental monitor. These broke in v7.0s. Fixed the SET RADIUS PRIMARY SERVER command, which was setting the secondary server. This broke in v7.0q. Fixed the Connection Timeout for the Aux/Modem port in SHOW PORTS to show '(Disabled)' when set to zero, and removed an extra 's' after 'minute(s)' when not zero. Fixed misalignment of column text in SHOW SHUTDOWN. Removed insecure DES cipher support from the LDAPS client. 15-07-24 7.0s swcdu-v70s.bin Seventeenth production release Version 7.0s is a new-feature, maintenance, and security-patch release. Update to version 7.0s is recommended for all products. Added StartUp Stick support. The StartUp Stick is a tool for quick and easy mass-configuration of operating parameters. See https://www.servertech.com/products/accessories/startup-stick for further information. Added support for Smart Load Shedding due to humidity-sensor high- threshold events. Outlet actions (on or off) can now be configured to occur automatically when a humidity measurement crosses a high threshold, with optional reverse action upon recovery (with hysteresis). Related changes include: - Added SET OUTLET HUMIDEVENT. - Added SET EVENT SENSOR HUMIDDELTA, HUMIDHIGH, HUMIDRECOVERY, and TEMPRECOVERY. - Changed SET EVENT SENSOR AUTORECOVERY to be a hidden alias to SET EVENT SENSOR TEMPRECOVERY. - Updated the SHOW LOADSHED and SHOW EVENT commands to display the humidity load-shedding configuration. - Updated the web Smart Load Shedding 'Outlets' and 'Events' pages to configure and display the humidity load-shedding configuration. - Changed 'Temperature event outlet action' to 'Sensor event outlet action' in log messages for outlet action changes. Added support for the GMT offset to be set in minutes, to accommodate partial-hour time zones. The hour range was also extended so that all standard international time zones from -12:59 to +14:59 are now supported. Added code to prevent downgrading to prior firmware versions on new NIC hardware with a Micrel PHY. Removed weak MD5 HMAC algorithm support from the SSH server. Changed regenerated self-signed X.509 certificates to use SHA-1 as the signature hash algorithm, instead of weak MD5. Changed the minimum Shutdown Delay from 30 seconds to 1 second. Changed SHOW SHUTDOWN to display '(not set)' for undefined hosts. Updated the SNAP version to 1.9. This version added support for the extended hour/minute GMT offset configuration (above), and included a change for SPM to optimize 'set' operations. Fixed Smart Load Shedding to sequence multiple outlets with 'On' shedding actions. Fixed Smart Load Shedding to not require a network connection, except for UPS shedding, which requires a network connection for SNMP polling of a UPS. Fixed SNMP GETNEXT operations to not skip every-other object in the infeed and outlet tables in certain conditions when an EMCU is connected. This problem was introduced in v7.0q. Fixed incorrect SNMP GETNEXT results (an invalid object ID or being lexicographically out-of-order) when the request included a table 'entry' value other than one. Fixed the web and CLI configuration of the SMTP username to not allow spaces. Fixed the CLI to allow removal of the last LDAP group when access is 'Remote Only'. Fixed 'ST Eye' support to dynamically reconfigure the Bluetooth module with configuration changes made while the module is connected. Fixed several cases of indicating that a restart is required after configuration changes that didn't require a restart. Fixed incorrect log messages for some DHCP changes made by the web network-configuration page. Fixed various other minor CLI formatting, prompting, input validation, parameter handling, and log message issues. 15-05-21 7.0r swcdu-v70r.bin Sixteenth production release Version 7.0r is a maintenance-only release. Added support for a Micrel KSZ8081 PHY on new NIC hardware. Updated the integrated board-level test code to v3.0c, adding Micrel PHY support. Note: this functionality is only accessible and used during the factory production process. Fixed the potential for a communication bus failure with products running TRMS v1.1g or v1.1h sub-component firmware versions. Previously these versions could result in no sub-components (infeeds, outlets, sensors, etc.) being detected, along with the displays on the product blinking dash-dash ("--"). 15-05-01 7.0q swcdu-v70q.bin Fifteenth production release Version 7.0q is a maintenance and security-patch release. Update to version 7.0q is recommended for all products. Fixed the web server to no longer be vulnerable to the "POODLE" SSLv3 security flaw (CVE-2014-3566) by disabling SSLv3 services. SSH server changes and fixes: - Removed insecure 96-bit digest HMAC algorithm support. - Removed blowfish cipher support. - Fixed sessions to not hang after receiving 1000 characters. - Fixed support for newer SSH clients with long HMAC algorithm lists. - Fixed the server to not send a 'window adjust' packet for every received character. - Increased the maximum packet and windows size. - Added sending an exit-status value of 0 to a session close. - Fixed a session close to send the final 'Session Ended' message before disconnecting. - Removed an extra newline after the 'Session Ended' message. - Substantially improved the SFTP server speed of a file upload. A firmware upload now takes a bit over a minute, versus about five minutes previously. - Fixed the SFTP server to refresh the session timeout on any session operation. Fixed backup-master display auto-orientation support with products running TRMS v1.1g or PIPS-BM v1.0h sub-component firmware versions. Previously these versions disabled the auto- orientation sensor when the NIC-master was enabled, and vice- versa. Fixed the SET RADIUS command to not clear the secret for the primary server when setting the secret for the secondary server, and vice-versa. Fixed cases of the TCP/IP stack 'up' event occurring prior to final acquisition of a static IPv4 address. This fixes the SNMPv3 Engine ID being wrong (ending with zeros) when the Ethernet cable is plugged in after the boot completes. Fixed the OID of 'eventStatusText' and 'eventStatusCondition' SNMP MIB objects to end with '.0' when sent in traps. FTP server changes and fixes: - Fixed 'IPv6 Prefix' bounds checking on a NETWORK.INI upload. - Fixed 'Scheduled Hour' bounds checking on an FTP.INI upload. - Added an update of DNS servers after a NETWORK.INI upload. - Added an SNTP time update after an SNTP.INI upload. Fixed web pages that support file uploads to not allow selection of multiple files for upload, which isn't supported. Fixed SNAP changes to Email Notifications to be written to non-volatile memory. Fixed SNAP logging of LDAP Bind Type changes to show the new bind type. Fixed the SET TOWER NAME log message to show the correct new value. Fixed the SET UPS ONUTILITY log message to show the correct new value. Fixed web page log messages for auto-recovery of water sensor load- shedding to show the correct new value. Fixed web page log messages for contact closure load-shedding to show the correct new value. Fixed the SET SNTP DST START and SET SNTP DST END commands to not error when setting the new value to the current value. Cosmetic changes: - Added a colon after 'SNMPv2 Agent' in the SHOW SNMP command display. - Corrected 'Daylight Savings Time' to the official 'Daylight Saving Time'. - Corrected the SMTP/Email web page to show 'Transfer' (not 'Transport') for the 'T' in SMTP. - Corrected a spelling typo in 'Temperature' (was missing the 'a') on the Sensor Traps web page. - Updated the copyright year to 2015. 14-11-04 7.0p swcdu-v70p.bin Fourteenth production release Version 7.0p is a maintenance-only release. Update to version 7.0p is strongly recommended for all products. Fixed the potential for an infinite booting loop that would result from an unintended watchdog reset if a SYSLOG server was specified by a hostname and the DNS servers were unreachable when the TCP/IP stack start-up completed, such as can occur after power-up/restart when connected to a switch port with the Spanning Tree Protocol (STP) enabled, which delays traffic through the switch for 30-50 seconds after link integrity is established. This problem was introduced in v7.0n. Fixed the RADIUS 'NASIPv4Address' attribute value to be the IP address of the CDU, not the IP address of the RADIUS server. This broke in v7.0b. Fixed a factory restart to not cause a garbled/invalid first log entry about removing the SSL certificate and key. Fixed the web 'Configuration - HTTP/SSL' certificate/key upload page to not re-display as the 'Tools - Firmware' upload page after a failed upload. 14-09-30 7.0n swcdu-v70n.bin Thirteenth production release Version 7.0n is a significant maintenance release providing important fixes and reliability enhancements. Added the number of 'Active Users' to the SHOW SYSTEM command. Added a nine-second master watchdog to possibly reset and recover an extremely aberrant non-responsive system. Added a periodic posting of the network and system heaps to the debug log, if different from the previous check. Improved the system heap monitoring and low-heap restart conditions. Changed the Telnet and SSH servers to each support four simultaneous sessions, instead of sharing four sessions total between Telnet and SSH. Changed the FTP server to accept a firmware update filename of *.bin, instead of just 'firmware.bin', with the single exception of the filename 'config.bin', which is reserved for the system configuration file. Changed the CLI to not automatically terminate input and execute the command upon entry of a 61st character at the command prompt. Reduced/improved SSH connection times by about 5%, by optimizations and removal of an unnecessary delay. Fixed the cause of a crash and automatic restart during the server identification stage of an SSH connection by some SSH clients. Fixed an SSH session from becoming non-responsive due to CLI commands being sent and echoed too fast, before the previous command ended. This broke in v7.0m. Fixed an SSH session from becoming non-responsive due to PuTTy ‘winadj’ packets. This broke in v7.0m. Fixed the FTP server to allow multiple PUT operations during the same session (which broke in v7.0m), and to disallow unsupported filenames. Fixed the FTP server to cause a restart when the session ends after the PUT of 'config.bin' or 'network.ini'. This broke in v7.0m. Fixed a crash and automatic restart in the FTP server upon a GET of 'config.bin' with certain hardware models that have four I2C communication busses. This broke in v7.0m. Fixed possible causes of a Telnet session becoming non-responsive when kept open for an extended time. Fixed possible causes of a Telnet session crashing/restarting during a DEBUG SUPPORT command. Fixed possible communication errors and data loss during 'ST Eye' connections by Apple iOS devices. This could occur due to Bluetooth buffer overruns, which are now avoided by data throttling. Fixed a user-certificate passphrase to be preserved when a self-signed SSL X.509 certificate is regenerated. Fixed the connection of a CLI session to a serial port (by the CONNECT command) to not be counted as an additional active user. Fixed the Flash File System (FFS) to not require/perform an extra restart after the first-time initialization (upon upgrade from v7.0k and earlier). Fixed long login banners (greater than 2048 characters) to not be garbled at the end with serial and Telnet sessions. Fixed console port message strings to be fully sent before a restart due to a pushed firmware update or crash/auto-restart. Updated the integrated board-level test code to v3.0b. Note: this functionality is only accessible and used during the factory production process. Built with an updated TCP/IP library with minor DHCPv6 fixes. 14-07-18 7.0m swcdu-v70m.bin Twelfth production release Upgraded and enhanced the SSH server: - Reduced/improved connection times by about 25%. - Changed the identification string from "SSH-2.0-Mocana SSH" to "SSH-2.0-ServerTech_SSH". - Added SFTP support. Logins are restricted to administrative users and two simultaneous connections/sessions. - Removed support for the weak Arcfour (RC4) symmetric cryptography cipher. Note: these changes require client acceptance of new server signatures. Added support for firmware updates by three client-push methods: FTP, SFTP, and HTTP/S. - Using the HTTP/S web interface, updated firmware binaries are uploaded on the new "Tools - Firmware" page. Simply choose the appropriate *.bin file and press the 'Upload' button. - Using SFTP, simply perform a PUT of the appropriate *.bin file. - Using FTP, first locally rename the appropriate *.bin file to 'firmware.bin', and then perform a PUT of that file. For all methods, once a small part of the file has been received, a header is checked for validity of the image for the system. If valid, other network services are terminated, and a system restart is flagged to occur subsequent to the rest of the process, successful or not. The remainder of the file is received and CRC file-integrity checks are performed. If successful, the new firmware is written to flash. A system restart completes the process. Added support for a user-supplied SSL X.509 identity certificate and key. This feature allows a customer to replace the default self-signed SSL X.509 certificate with their own certificate. - Supports PEM or DER format. - Supports passphrase encryption. - Support one *.crt and one *.key file. - Files can be uploaded by HTTP/S (HTTPS recommended) and SFTP. - Files are write-only and hidden (for security). For a user certificate to be used by the CDU, a certificate (*.crt) and key (*.key) file must be uploaded to the CDU, the 'User Certificate' option must be enabled, and a passphrase must be configured (if required by the certificate/key), followed by a system restart. Using the HTTP/S web interface, certificate and key files are uploaded from a new 'Upload' page link on the "Configuration - HTTP/SSL" page. One-at-a-time, simply choose a *.crt or *.key file and press the 'Upload' button. Using SFTP, certificate and key files are uploaded by performing a PUT of a *.crt and *.key file. Using the HTTP/S web interface, the 'User Certificate' feature is enabled and configured by additions to the "Configuration - HTTP/SSL" page. These include an enabled/disabled selection, a 'Passphrase' string, and display of 'Stored Files' status. Using the command-line interface (CLI), the 'User Certificate' feature is enabled and configured by additional keywords to the SET SSL command: SET SSL USERCERT { ENABLED | DISABLED } SET SSL USERPASS The SHOW NETWORK command has been updated to display the current configuration of the 'User Certificate' feature options. Added support to configure a custom CLI prompt. A custom prompt is configured with a new keyword to the existing SET OPTION command: SET OPTION PROMPT The maximum length of the custom prompt string is 31 characters. Setting the custom prompt to an empty string disables use of a custom prompt. The SHOW OPTIONS command has been updated to display the custom prompt. Added support for each serial port to have its own connection timeout, instead one timeout for all ports. The SET PORT TIMEOUT command has been updated to accept a target port (instead of ALL), and SHOW PORTS has been updated to display the timeout per port. The timeout has also been split to each port in the "Configuration - Serial Ports" web page. Added the 'Engine ID' to the display of the SNMP v3 configuration, in both the web interface and CLI. Added support for the factory to configure the default of the DHCP 'Static Fallback' option to 'Disabled'. Added DHCP option 12 to inform the DHCP server of the CDU's host name, based upon the host name portion of the configured FQDN. Removed unused options from DHCP requests, including a HOST_NAME request, DOMAIN_NAME, NTP_SERVERS, NIS_DOMAIN_NAME, and IP_FORWARDING. Changed the starting and ending dates that will be used in a regenerated self-signed SSL X.509 certificate to be the firmware build date plus ten years. Changed the FTP server to accept two simultaneous connections. This improves support for FTP clients that use one connection for directory/file browsing, and another connection for file transfers. Improved validity checks on new firmware images. Improved the robustness of I2C communication with auto-orientation sensors. Increased the maximum allowed temperature hysteresis (recovery delta) to 30 degrees Celsius (54 degrees Fahrenheit). Updated the SNMP Sentry3 MIB. This MIB adjusted the upper limit of the tempHumidSensorTempRecDelta object, for the above change. Updated the Serial Command Protocol (SCP) and specification document to version 2.0k. This version supports new query commands for environmental monitor sensor metrics and statuses of the metrics (normal, high, low, etc.). Minor web changes and fixes: - On the Summary page, converted alarms from non-bold to bold with red background, for easier reading. - Fixed detection for broken 'div' borders across IE browser versions. - Fixed the CSS 'textarea' font for consistent display across browsers. Note: the browser cache may have to be cleared for these changes to take effect. Fixed the inability to control some outlets from the web GUI when other outlets are locked, which was occurring on certain product models. Fixed inconsistent 'restart required' notifications with certain Telnet, SSH, HTTP, and SSL configuration changes. Fixed log messages for successful SNMP set requests to include the IPv4 address when running in dual-stack mode. Fixed the network stack start-up to have extra time to complete successfully before displaying an error. This avoids a potential 'Invalid TCP/IP config!' error message when connected to a manual-negotiation hub/switch, despite the stack starting successfully a few seconds later. Built with an updated AWS/Email library with cross-site scripting fixes. 14-01-28 7.0k swcdu-v70k.bin Eleventh production release Added 'ST Eye' support for Bluetooth connections by Apple iOS devices. Added an 'eventStatusText' and 'eventStatusCondition' object to all SNMP traps. These provide a text equivalent of the status object in the trap, and interpretation of the status to an error (alarm) or non-error (clear) state. Updated the SNMP Sentry3 MIB. This MIB added the objects to support the above SNMP trap additions. Fixed the SNMP agent 'ifDescr' values. Since version 7.0a, 'eth0' and 'LOOPBACK' descriptions have been assigned to the wrong interface index -- they were reversed. 'lo' (loopback) is now correctly returned for ifDescr.1, and 'eth0' (ethernet) for ifDescr.2. Fixed Telnet and SSH sessions to end cleanly upon a restart, instead of being left open. This problem was introduced in v7.0f. Fixed the network stack start-up to not attempt IP acquisition by DHCP when configured with a static address (DHCP disabled) and a static address conflict is detected. Fixed 'Smart Load Shedding' support to write to NVM a disabled auto- recovery state when an event disables auto-recovery for a previously shed outlet that was marked for auto-recovery. Fixed various minor CLI formatting and prompt issues. Updated the copyright year to 2014. 13-12-10 7.0j swcdu-v70j.bin Tenth production release Updated documentation accompanies this release. For complete configuration and operation instructions about new features below, please refer to the new manuals and technical notes, which are available on the Server Technology website (http://www.servertech.com). Added support for 'ST Eye', Server Technology's mobile-device application that allows interfacing with Server Technology CDUs via Bluetooth. For more information, see the technical note 'Server Technology’s Bluetooth Solution Using the ST Eye Mobile Monitoring App'. Added support for 'Smart Load Shedding' by Contact Closure events and Water Sensor events from an Environmental Monitor Control Unit (EMCU). Added a configurable humidity recovery delta (hysteresis). After exceeding a low or high humidity threshold (thus entering an error condition) the humidity value must return past the threshold by this amount to clear the error condition. The default is 2% relative humidity. Added configuration of the CLI, SCP, and RFTAG options to the web 'Configuration - Serial Ports' pages. Added ‘Falcon Electric’ UPS support. Added robustness improvements to the NVM/I2C communication code to address transient 'NVM Error', 'No Comm', and 'On/Error' conditions. Added support to force reversible displays to not use the decimal point when upside-down. This option is for customers with a mix of old and new products, mounted upside-down, who want consistent current display across all units. To make use of this option, contact technical support to request the needed factory- configuration command. Added 'Silk to UI Map' scheme number 14, for new products. Fixed RF Code reporting of serial numbers and model numbers. Since version 7.0a, serial numbers have been garbled on link units, and model numbers have been garbled on master and link units. Also fixed the third character of the master model number possibly being wrong, which has existed since RF Code support was added in v6.0n. Fixed cases of failing to detect 50Hz environments. Fixed invalid user and port names in log messages from SCP sessions. Fixed sluggish and inconsistent responsiveness to 'Smart Load Shedding' events by checking for events every second, instead of every ten seconds, except for UPS events. Fixed 'Smart Load Shedding' to not recover from multiple shed events unless all shed events have auto-recovery enabled. Fixed an incorrect title on the 'Power Monitoring - Outlets' web page. Fixed various minor UI issues. Updated the SNMP Sentry3 MIB. This MIB added a new object, tempHumidSensorHumidRecDelta, for managing the hysteresis value of humidity sensors. Updated the Serial Command Protocol (SCP) and specification document to version 2.0j. This version supports new query commands for network settings, network status, and uptime, and also includes minor changes/fixes. Updated the integrated board-level test code to v3.0a. Note: this functionality is only accessible and used during the factory production process. Built with updated TCP/IP and SNMP libraries that fix a memory leak. 13-08-23 7.0i swcdu-v70i.bin Ninth production release Added an LDAP option to search groups to find the group memberships of a user. Previously only the user's directory entries were searched for a "Group Membership Attribute" to find the groups for which that user is a member. That approach, however, requires that the Directory Server include a group membership attribute in the user class, which is not supported (or not by default) by some servers, such as OpenLDAP and SunOne (and its successors). This new option allows searching directory entries of groups for a "User Membership Attribute" to find the groups for which the user is a member. Using the web interface, the "Group Search" option is enabled and configured by additions to the "Configuration - LDAP" page. These include a "Group Search" enabled/disabled selection, a "Base DN" string for where to start the search, and a "User Membership Attribute" string for a comma-delimited string of up to two attribute names (whose values in the search results are users that are a member of that group). Using the command-line interface (CLI), the "Group Search" option is enabled and configured by additions to the SET LDAP command: SET LDAP GROUPSEARCH { ENABLED | DISABLED } SET LDAP GROUPSEARCH BASEDN SET LDAP GROUPSEARCH USERATTR The SHOW LDAP command has been updated to display the current configuration of the "Group Search" option. Added a web page for debugging information. Currently this page only provides information about the most-recent LDAP login attempt, which was previously only available from the console serial port. The debugging page is available at: http:///debug.html An administrator login is required. The LDAP debugging information is for the most-recent LDAP login attempt, which includes the administrator login to the debug page. To debug a non-administrator LDAP login attempt, first login to the debug page as an administrator, attempt the other login from another session, and then refresh the debug page to view the debugging information. Added the ability to configure Sentry Power Manager (SPM) Secure Access by the command-line interface (CLI). New commands have been added to enable or disable SPM access, and to reset the SPM password: SET SPM { ENABLED | DISABLED } SET SPM RESETPW The SHOW NETWORK command has been updated to display the current "SPM Access" enabled/disabled setting. Added 'Silk to UI Map' scheme numbers 11 to 13, for new products and upgrades of existing products. Increased the DHCP Boot Delay from 95 to 100 seconds. This provides an extra delay that is needed to complete falling back from DHCP to a Static IP when link negotiation is "Manual" (auto- negotiation not available or disabled on the hub/switch). This fixes the cause of an FTP firmware download failing with the console message “Unable to perform FTP download -- No network or TCP/IP stack” when link negotiation is “Manual” and DHCP is enabled, but a DHCP server is not reachable. Fixed DHCP to succeed despite an invalid static IP address (0.0.0.0 or 255.255.255.255). Previously it would stay at “Acquiring” indefinitely without getting an address. Fixed DHCP static fallback to occur upon each re-acquisition attempt that times out if there has been a link-integrity change. Previously, if DHCP had ever succeeded, fallback to static settings would not occur on future re-acquisitions. Fixed Remote Shutdown Agent (RSA) support. Since the IPv6 additions in v7.0c, the RSA socket was being improperly closed, causing the final packet (which starts the shutdown) to not be sent to the RSA, resulting in no shutdown of the OS. Fixed the optional blinking of the location in the web interface. It was not blinking in Chrome, Safari, and Firefox, but did blink in IE and Opera. Blinking now works in all five browsers. Note: the browser cache may have to be cleared for the change to take effect. Fixed the FTP client error messages to distinguish between failing to get the file versus failing to get the file data. If an incorrect filename is specified (such that the file is not found on the server) the error message is now “unable to get file” versus “unable to get file data”. Fixed the FTP server 215 response code (SYST reply) to be "215 Sentry Switched CDU ", where is currently "v7.0i". The reply was previously a default of the FTP server library. Fixed various minor CLI issues with parameter display and input validation. Fixed a broken form on the "Smart Load Shedding - Outlets" web page with products that do not have input-feed current-measuring hardware. Updated the SNMP Sentry3 MIB. This MIB adjusted the upper limit of several integer objects, for additional product coverage. Updated the SNAP version to 1.8. This version fixed various minor protocol issues and added support for configuration of the new LDAP group-search options. Built with updated TCP/IP and BSP libraries. 13-04-26 7.0h swcdu-v70h.bin Eighth production release Fixed support on certain models for a blown fuse or tripped circuit breaker to open the outlet relays on the affected branch. This is supposed to occur so that the outlets can be sequenced back on upon a recovery, to avoid cumulative in-rush. However, for models using non-POPS relay-control boards with integrated branch status sensing, this support was broken in version 7.0f. Fixed the FQDN name string to not change to "(undefined)" upon a restart to factory defaults with the option to keep the network settings. Fixed minor typo and formatting issues in the CLI interface. Fixed the SET PORT TIMEOUT ALL command to only accept numbers. Fixed the SET SCPAUTH USER command to not reject a valid password entered at the prompt instead of as a command parameter. Updated the Serial Command Protocol (SCP) and specification document to version 2.0i. This version supports new query commands for network settings, network status, and uptime, and also includes minor changes/fixes. 13-04-16 7.0g swcdu-v70g.bin Seventh production release Fixed the problem of a field upgrade to v7.0f resulting in locked outlets for any outlet that previously had any of its configuration items modified (name, wakeup state, post-on delay, shutdown hostname/IP, shutdown enable/delay, or script enable/delay). This problem was introduced with the outlet-locking feature in v7.0f. Upgrading to v7.0g will unlock outlets that were locked by the upgrade to v7.0f, except for outlets that were explicitly locked since the upgrade. Affected outlets can also be unlocked from the “Configuration – Outlets - Edit” web page or by the CLI command "SET OUTLET LOCKED NO". Fixed a crash and automatic restart when attempting an SSH connection by an SSH client that uses the JCraft Java Secure Channel (JSch) source/library. Fixed the SNMP SET Community to provide read/write access, not write-only access. This problem was introduced in v7.0a. Fixed minor formatting issues in the SET TRAP THS TEMPDELTA value prompt, the SHOW SNMP output, and the web "Configuration - SNMP/Thresholds" page, as well as adding read-only and read/write indicators to the GET and SET Community strings. 13-04-05 7.0f swcdu-v70f.bin Sixth production release Added support for products with new branch status and current-measurement hardware. Alerting is supported for branch-down and over-current conditions. An updated SNMP Sentry3 MIB accompanies this release. This MIB adds a new branch table and branch traps. New web and CLI user interfaces are provided for configuration and monitoring. These are dynamically available only when the new hardware is automatically detected. Using the web interface, branch names are configured on a new "Configuration - Branches" page. Branch traps and thresholds are configured on a new "Configuration - SNMP/Thresholds - Branch Traps and Thresholds" page. Branch status and measurements are displayed on a new "Power Monitoring - Branches" page. Using the CLI, new commands have been added for configuration of names, traps, and thresholds: SET BRANCH NAME { branch_id } { name } SET TRAP BRANCH STATUS { branch_id } { ON | OFF } SET TRAP BRANCH LOAD { branch_id } { ON | OFF } SET TRAP BRANCH LOADHIGH { branch_id } { threshold } The command SHOW BRANCH has been added to display branch name configuration, and the SHOW TRAPS command has been updated to display branch trap configuration. The command BSTAT has been added to display branch status and current measurements. Added IPM2 upgrade/conversion support. An IPM2 is an intelligent power module product with two relay-controlled outlets. This product was part of the legacy "Sentry Remote Power Manager" product family, which only runs end-of-life firmware up to version 5.3s from December 2009. To provide the numerous new firmware features since v5.3s (such as IPv6 and SNMPv3), an IPM2 can now be converted into the "Sentry Switched Cabinet Distribution Unit" product family by loading this version 7.0f or later Switched CDU firmware. Conversion occurs automatically when the IPM2 boots the new firmware for the first time. The firmware will automatically adjust the product family name, and will automatically regenerate a new SSL X.509 certificate, which can add up to 30 minutes to the first boot. The vast majority of product configuration will be retained, but some settings will automatically change. For example, if SNMP is not enabled, SNMP settings will change to match v7 Switched CDU defaults, to be discoverable by default. Configuration settings should be reviewed after the first boot completes. Added support to configure outlets to a locked (no control) state. This feature allows for an extra level of protection against an unintended or accidental switching off of critical equipment that should rarely, if ever, be relay controlled. It can also prevent unused outlets from being turned on, for example, in a situation where a circuit is at capacity and should not allow for more devices/loads to be turned on. When an outlet is configured into the locked state, it will lock at the current (on or off) Control State of the outlet. The Control State of the outlet will change to "Locked On" or "Locked Off". Control actions in the web interface will be unavailable for the outlet, and the outlet will not be affected by group actions or Smart Load Shedding actions. CLI and SNMP control actions will be silently ignored. Upon a power-up of the CDU, a locked outlet will lock into the configured Wakeup State. Using the web interface, an outlet is locked or unlocked using a checkbox on the "Configuration - Outlets - Edit" page. The "Configuration - Outlets" page has been updated to list the locked state (yes or no) of each outlet. Using the CLI, a new command has been added to lock or unlock an outlet: SET OUTLET LOCKED { outlet_id } { YES | NO } The command SHOW OUTLETS has been updated to list the locked state of each outlet. Added display of Tower status to the CLI SYSSTAT command and to the web "Power Monitoring - System" page. Added 3-phase load out-of-balance alerting. This option, when enabled, will provide an alert when the current on the lines of a 3-phase system are out-of-balance past a pre-set threshold percentage. Being out-of-balance reduces efficiency and prevents reaching maximum capacity of the circuit. Adjustment to the distribution of loads may be desired when alerted to this condition. Using the web interface, 3-Phase Load Out-of-Balance Alerting is enabled or disabled on the "Configuration - System" page. Using the CLI, a new command has been added to enable or disable 3-Phase Load Out-of-Balance Alerting: SET SYSTEM BALANCEALERT { ENABLED | DISABLED } The command SHOW SYSTEM has been updated to display the current configuration. When enabled and in an out-of-balance condition, the new Tower status display on the "Power Monitoring - System" web page and by the CLI SYSSTAT command will show "3ph Out-of-Balance", unless there is a higher priority tower error state to report. Local log messages will be generated, spawning alerts by SYSLOG or Email, if enabled. SNMP alerting is also supported by the existing towerStatusEvent trap, if enabled. Added display of default port numbers in the web user interface. Added support to configure the HTTPS (SSL) port number. Using the web interface, the HTTPS port is configured on the "Configuration - HTTP/SSL" page. Using the CLI, a new command has been added to configure the HTTPS port: SET SSL PORT { port_num } Added dynamic hiding of features not supported on specific products. Added support to abort from the SHOW LOG command by pressing . Updated the SNAP version to 1.7: - Added LDAP, RADIUS, and TACACS configuration. - Added serial port baud rate and connection timeout configuration. - Fixed display orientation configuration. Combined the configuration of the LDAP "Use TLS" option into the LDAP "Bind Type" setting. "Use TLS" is no longer a separate option. Using the web interface, the "Bind Type:" choices are now "Simple", "TLS/SSL", and "MD5". Using the CLI, the SET LDAP BIND command has been change to: SET LDAP BIND { SIMPLE | TLS | MD5 } The command SET LDAP USETLS has been deprecated. For backwards compatibility, it is hidden but still supported. Removed configuration of the LDAP Group Membership Type. The type is now auto-detected from the LDAP data. For backwards compatibility, the CLI command SET LDAP GROUPTYPE is hidden but still supported. Updated the starting and ending dates that will be used in a regenerated X.509 certificate. A new certificate will now be valid from March 1, 2013 to March 1, 2023. Adjusted timing of communication busses for increased reliability. Fixed a critical issue of an FTP PUT of CONFIG.BIN corrupting factory product-characteristic settings. This bug was introduced in v7.0a. Fixed an FTP GET of CONFIG.bin not returning the entire configuration on products with large configuration files (>~90K). Fixed an SNMP agent lexicographical ordering issue with a GetNext operation starting at an OID before or in the Sentry3-MIB systemGroup but not at a node object -- the agent was errantly returning the node object after the correct object. Fixed an issue of a change to the SNMPv3 Read-Only user causing that user to get Read-Write access until a reboot. Fixed problems of SSH connections failing when configured with a long login banner. The banner length is now truncated to 1500 bytes in SSH packets to prevent the client-side problem from occurring. Fixed cases of missing warnings about power estimate inaccuracy during a 3-phase out-of-balance condition on TRMS-based (non-PIPS) current-measuring products. Fixed the FTP firmware update process to skip unnecessary connection retry attempts when the FTP host/IP configuration is blank. Fixed an infeed status of "Off/Error" to have a higher priority than "On/Fuse" and to not reflect a fuse error on the neutral line of a 3-phase Wye product. Fixed SET BANNER to not delete characters from the beginning of a line while backspacing when the previous line was not 80 characters. Fixed a double "Enter" in the CLI SET BANNER prompt string. Fixed a rare phantom internal temperature critical error. Fixed the SET TRAP INFEED LOADHIGH command with the ALL parameter to write all changes to NVM -- only the first infeed was being written to NVM. Fixed a user change of the infeed maximum load value to be pushed to the backup master so that overload occurs at the same value when the NIC is not running the bus (during a restart or on a disconnected link unit). Fixed a restart command/action not resulting in a restart when Energywise was enabled but SNTP was not configured properly. Fixed the Apply button not working in some situations on the web outlets and system configuration pages. Fixed minor typo and formatting issues in the web and CLI interfaces. 13-01-17 7.0e swcdu-v70e.bin Fifth production release Added support to configure the SNMP trap format version. The trap format can be v1, v2c, or v3, regardless of the versions that are enabled for the agent. Using the web interface, the "Trap Format" is configured on the "Configuration - SNMP/Thresholds" page. Using the command-line interface (CLI), the trap format is configured with a new parameter to the existing SET SNMP command: SET SNMP TRAPFORMAT { 1 | 2 | 3 } The SHOW SNMP command has been updated to display the current trap format version. The default trap version is now v1, regardless of the versions that are enabled for the agent. Added (back) support to configure the SNMP v1/v2c trap community string. Previously in v7, the trap community string was fixed at "public". In v6 and earlier, it was configurable. It is now again configurable, and defaults to "trap", as in v6 and earlier. Added support for a detected blown fuse or tripped breaker to be reported on the upstream input feed as an 'On/Fuse' error, meaning the input feed is on, but one or more downstream fuses/breakers to outlets powered by the input feed are blown/tripped. This matches the existing behavior of the input feed current displays flashing 'FE' (fuse error) when in that error condition. An input feed in the 'On/Fuse' error state will now log the error and generate SNMP 'infeedStatusEvent' traps, but will not suppress error traps for the affected outlets. Added a DEBUG SUPPORT command to collect the most-common information needed for technical support. Added SNAP support to configure the SNMP trap format version. Added (back) SNAP support to configure the SNMP v1/v2c trap community string. Updated the SNAP version to 1.6. Fixed the SNMP v1/v2c support to allow for read/write access, instead of just read-only access, when the GET and SET community strings are both set to the same string. This was the previous behavior in v6 and earlier, but changed/broke in v7.0a. Fixed setting of an input feed 'high load' threshold in both the web interface and through the SNMP agent 'infeedLoadHighThresh' object. These were both broken in version 7.0c -- there was no error, but the change did not occur. Fixed the last variable binding included with the 'towerStatusEvent' trap. The 'towerInfeedCount' object and value was being included instead of the 'towerStatus' object and value. This was broken in version 7.0a. Fixed the CONNECT command to not immediately disconnect when issued from an SSH session that was established while another Telnet or SSH session already existed. Fixed recording in non-volatile memory of the count and details of automatic restarts that occur. This was broken in version 7.0d. Fixed a crash and automatic restart caused by a buffer overflow when using the factory-set 'Silk to UI Map' scheme number 9 or 10. 12-11-13 7.0d swcdu-v70d.bin Fourth production release Updated documentation accompanies this release. This includes both product-specific and 'Smart Load Shedding' manuals. For complete configuration and operation instructions about new features below, please refer to the new manuals, which are available on the Server Technology website (http://www.servertech.com). Added support for new hardware with an auto-orientation sensor, to allow for automatic inversion of the display orientation when a product is vertically flipped. When the presence of an auto-orientation sensor is automatically detected, 'Display Orientation' in the web interface will include an 'Auto' choice, and the SET OPTION DISPLAY command in the CLI will accept AUTO as a parameter. When set to auto, the web page and the SHOW OPTIONS command will display the current orientation in parentheses, for example '(Inverted)'. The default display orientation is 'Auto' when an auto-orientation sensor is present. Added silkscreen-to-user-interface default-name mapping (Silk to UI Map). New products will have a SILK2UIMAP scheme number set at the factory that will result in default tower, input feed, and outlet names that closely match those silkscreened on the product enclosure. Added support to revoke (deactivate) a previously key-activated feature, by entry of another 'revoke' feature key. Added several "Smart Load Shedding" enhancements: - Grace timers for UPS events. - Multiple UPS per infeed support. - Enables/disables for event types. - Support for all temperature sensors in the system, not just the first two. - Support for temperature events to turn outlets on instead of off. Added reachability status to the UPS monitoring information. Added support for FTP and Email settings to be tested by CLI commands. - FTP settings can be tested by the command: SET FTP TEST - Email settings can be tested by the command: SET EMAIL TEST Added default SNTP servers: 2.pool.ntp.org and 1.pool.ntp.org Added support to NETWORK.INI for the FQDN ENABLED/DISABLED configuration. Added a user log message for when the maximum simultaneous Telnet/SSH sessions has been exceeded. Added changing of the input feed high-load threshold to 80% of the new capacity when the input feed load capacity is changed. Added support for 100A PIPS hardware. Added support for up to 64 outlets in single/dual-phase PIPS product. A new Sentry3 SNMP MIB accompanies this release, with changes to support 64 outlets per infeed. Added support to configure the SNMPv3 trap username, which was previously fixed at "Sentry Trap". The default trap username is now blank, and must be set by an administrator, like other SNMPv3 usernames, for SNMPv3 traps to be sent. Added the source IP address to SNMP log messages. Added support for legacy SNMP v1/v2c CLI commands, for backwards compatibility: SET SNMP { ENABLED | DISABLED } SET SNMP SETCOMM SET SNMP GETCOMM SET SNMP TRAPCOMM These commands set the same values as the new SET SNMP V2 commands. These commands have been deprecated, are not shown in command lists, and may disappear in future versions. Added a message that a restart is required upon a change of the static address when DHCP and Static Fallback are both enabled. Added duplicate static address detection and avoidance. Changed the default setting for the network Boot Delay to disabled. Changed the network status of 'Lost Address' to 'Re-acquiring', as a DHCP lease expiration results in a new address acquisition request. Changed the Static Fallback feature behavior when DHCP is enabled: - A fallback to the static address occurs only if link integrity is present. - Upon loss/recovery of link integrity, DHCP acquisition is re-attempted. Updated support for Sentry Power Manager (SPM) Secure Access. Added SNAP support to configure: - The SNMPv3 trap username. - The display orientation to 'Auto'. - The infeed nominal line-to-line voltage. - The system power factor. Fixed the network Boot Delay to not apply when link integrity is not present. Fixed the network Boot Delay to not apply when the network is disabled. Fixed DHCP to not fail when FQDN is enabled but the name string is blank. The FDQN option is now automatically left out of the DHCP request when the name string is blank. Fixed the 'outletLoadEvent' trap -- it was returning the wrong variable binding with a recover-from-error trap. Fixed the outlet SNMP/thresholds page –- when checking/unchecking the load trap for an individual outlet, the corresponding status trap was being toggled opposite of correct behavior. Fixed SNMP bulk set operations for turning on outlets when sequencing is reversed -- previously, instead of sequencing, outlets were turning on together, after a long delay. Fixed power-on sequencing of outlets after a breaker reset and recovery when configured for reversed sequencing -- instead of sequencing, outlets were turning on together, after a long delay. Fixed setting of the network mode to disabled to not cause a crash and automatic restart on NIM hardware. Fixed an unintended boot-time display out the serial port of a 'PCB Button Active' message, followed by a boot menu, on ME hardware. Removed a '-- TCP/IP stack offline! check network configuration' message that was misleading and redundant with the network status. Fixed the enterprise number used in the creation of the SNMPv3 engineID to be the ServerTech enterprise number (1718) instead of the enterprise number of the company that developed the SNMP stack, Treck (29999). The engineID is derived per RFC 3411. Fixed the web pages that display outlet details for POPS outlets. These pages were incorrectly showing the Energy value of the first outlet for all outlets in the system. This bug was introduced in v7.0c. Fixed the CONNECT command, when issued through an SSH session, to not immediately disconnect. This bug was introduced in v7.0b. Fixed the factory-set maximum load value of an input feed to be preserved if upgrading from pre-v7.0c and then downgrading back to pre-v7.0c. Fixed incorrect port labelling in the DEBUG STAT command. Fixed obscure cases of the first LED display not properly illuminating segments in response to the configuration reset button being pressed. When an infeed was off (no value shown) or the current was unreadable (dash-dash shown) the extra decimal place was not being illuminated when the button was pressed, and three horizontal bars were not being displayed when pressed for 10-15 seconds. Fixed the SET OUTLET SHUTDOWN command to not cause a crash and automatic restart. Fixed an attempt in the web interface to create a duplicate user to not cause a crash and automatic restart. Fixed a potential problem of web page changes to the input feed high-load thresholds not being displayed, although changed. Fixed the issue of the FQDN name string and STATICFALLBACK setting not being restored properly from a PUT of NETWORK.INI. Fixed RTS being left de-asserted on the console port. RTS is now asserted when the system boots. Fixed the 'Configuration - Serial Ports - Edit' web page for the MODEM port to apply changes, which were being ignored. Fixed the SET MODEM commands to allow more than 3 characters in modem strings. Fixed SNAP to allow spaces in SNMP v3 usernames. Fixed the issue of a SNAP list command not returning dynamic configuration information (users and groups). Fixed web interface 'remove' links to not show up for the user of the current session. Fixed web interface 'remove' links to not show up for TACACS users, which cannot be removed. Fixed the issue of a remotely-authenticated (by LDAP, TACACS, or RADIUS) administrative users being allowed to remove the last local administrative user. Fixed the web and CLI interfaces to allow the infeed nominal voltage to be increased above the factory-set default. Fixed a CLI change of the infeed nominal voltage to refresh the circuit capacity of a PIPS product. Fixed the cause of some I2C communication bus errors by fine-tuning bus timings independently for sensor and non-sensor busses. Fixed minor text typos and formatting issues. Known issue: The SNAP version beta flag was not turned off in the v7.0d release. The version is reported as 1.5 (Beta 1), even though it is the final non-beta release of v1.5. Built with updated TCP/IP, SNMP, BSP, AWS & EMail, FileSystem, and TFTP libraries. 12-07-06 7.0c swcdu-v70c.bin Third production release Added IPv6 support. The network stack now supports both "Dual IPv6/IPv4" and "IPv4 only" mode. The "Configuration - Network" web page and the CLI commands for managing network settings have changed substantially. Using the web interface, IPv6 settings are configured on the "Configuration - Network" page, which has changed to support both IPv4 and IPv6 settings. Using the CLI, the commands to set network settings have changed to include an extra keyword of IPV4 or IPV6, and a new command has been added to select the network mode: SET IPV4 { ADDRESS | SUBNET | GATEWAY } SET IPV6 { ADDRESS | PREFIX | GATEWAY } SET NET { DISABLED | IPV4ONLY | DUALV6V4 } The SHOW NETWORK command has been updated to display all IPv4 and IPv6 settings. For maximum backwards compatibility, the default network mode is "IPv4 only". For backwards compatibility, the CLI commands SET IPADDRESS, SET SUBNET, and SET GATEWAY remain for IPv4 network settings, but are no longer shown in the SET menus. Please refer to the "Sentry CDU IPv6 Support v70c Release.pdf" addendum for additional information on IPv6 support and configuration. Added (back) support for SNMP IP restrictions, which had been removed in v7.0a. Please refer to the v5.3i release notes below for information on the SNMP IP restriction feature. Added javascript validation to the SNMP web configuration page for enforcement of a non-blank Authentication Password or Privacy Password when the corresponding Authentication Type or Privacy Type is other than 'None'. Added a PIPS, POPS, and PIPS+POPS logo to be automatically displayed (or not) in the product header bar of the web interface, based upon automatic detection of the hardware features. Added an icon of the Server Technology globe logo as a 'favorite icon' for web browsers. A 'favorite icon' is displayed by web browsers in various places: bookmarks, tabs, address bar, links bar, and drag-to-desktop shortcuts. Use varies by web browser. Added an enable/disable configuration item for using FQDN, instead of needing to blank the FQDN string to disable it. In the CLI, the command SET DHCP FQDN { ENABLED | DISABLED } has been added. In the web interface, an enable checkbox now precedes the FQDN text box. Updated the web server to report the start date as the date of the most-recent source-code change before release. This date is used in the HTTP header of static files as the "Last-Modified" date, which allows for intelligent browser caching of infrequently-changed "static" files, such as *.js (java script), *.css (cascading style sheet), and graphic image files. Fixed causes of an FTP PUT of CONFIG.BIN failing. Fixed LDAP authentication failures. A distinguished-name (DN) buffer was not being null-terminated, causing a shorter DN to fail after a longer DN was used in the buffer. This problem was introduced in v7.0a. Fixed an LDAP issue of access rights of multiple matching LDAP groups not being logically OR’ed (only the last matching group’s access rights were used). This problem was introduced in v7.0a. Fixed the web Summary page to properly show the selected temperature scale. Previously the temperature scale was shown as degrees C even when Fahrenheit was selected. Fixed the system uptime to not rollover to zero after 49.7 days of runtime. This problem was introduced in v7.0a. Fixed a timing issue with communication to Temperature/Humidity (T/H) sensors on NIM hardware that was responsible for potential T/H sensor failures where v6.1 firmware worked. Fixed an issue of outlets on a link unit not going to a “NoComm” state when the link unit was unplugged. Fixed cases of "No Comm" errors occurring at outlets when a parent (its infeed or tower) is also in the "No Comm" state, in which case the outlet errors are supposed to be suppressed. Fixed cases of an incorrect error about excessive NVM wear of flash on NIM hardware. It is now a warning, with “burst” awareness to avoid an unnecessary warning. Fixed the number of concurrent HTTPS connections to be 24, as intended in v7.0a, where it was instead errantly set to only 16. Fixed the SHOW NETWORK display of the SNMP v2 and v3 states. Both were showing enabled when disabled, and vice-versa. The SHOW SNMP command showed the correct states. Fixed rare cases of a "Critical Alert -- Internal over-temperature fault" in products without an internal temperature measurement device. Fixed an incorrect log message when changing the SNMP v3 Privacy Password. Fixed an incorrect log message that mixed up recovery from an infeed load error with recovery from an infeed status error. Fixed the SHOW ENERGYWISE display to show "(undefined)" instead of blank when the domain is not defined. 12-05-09 7.0b swcdu-v70b.bin Second production release Added support for Cisco EnergyWise roles and the system name to be configurable, up to sixteen characters. Added "[Sentry3_xxxxxx]" (where "xxxxxx" is the last three octets of the MAC address) to the start of the subject of email messages, as a unique-per-unit source identifier, to distinguish the source of an email when multiple units share a single SMTP account through which to send emails. The subject was also shortened by removing the word "Notification" from the end. Added the sending of a test email to target email destinations when using the "Test" button in the "Configuration - SMTP/Email" web page. Previously the "Test" button tested communication to the SMTP server, but did not send a test email. This change allows testing of the email systems beyond the CDU's interactions. Fixed sending of emails to the secondary email address to still be attempted even if the first email address fails. Changed the rules for when to apply the Wakeup State of an outlet to include a unit power cycling without the network interface card also power cycling. This change results in a power cycle to a link unit now having the Wakeup State applied, instead of the last Control State. If desired, previous behavior can be achieved by setting the Wakeup State to "Last". Fixed the problem of a Wakeup State of "Last" not working for outlets that are off -- the outlets would still turn on after a power loss and recovery. This problem was introduced in v7.0a. Fixed SNMP SET operations on outletControlAction objects when multiple object/value pairs are included in the variable bindings of a single SET operation. In v7.0a, actions would only occur for the last outletControlAction object, and only if it was the last variable binding in the request. Fixed cases of SNMP SET operations on string values resulting in extra unexpected/garbage characters in the string. Fixed the problem of receiving no response to SNMP requests when the defined v2 community strings or v3 usernames or passwords are at the maximum length. This fix includes reducing the allowed maximum size of SNMP v3 usernames from 32 to 31, authentication passwords from 40 to 39, and privacy passwords from 32 to 31. Fixed a change to an SNMP trap destination to not require a restart to take effect. Fixed the system power factor to be retained at the user-set value upon an upgrade from v6.x to v7 firmware. Fixed a web submit of the first form on the "Configuration - FTP" page to write a new FTP "Host" value when it is the only value changed. Previously, in v7.0a, the "Host" value would be written to RAM, but not NVM, if it was the only value changed, resulting in the change being lost upon the next boot. A work-around is to make a change to another form item when applying a change to the FTP "Host". Fixed the REMOVE UPS command -- it was always replying with "Invalid name specified" and failing to remove the specified existing UPS. Fixed a restart to factory defaults with the option to keep the network settings -- the network settings were kept/restored upon the factory restart, but were not being written to non-volatile memory (NVM), such that they were lost upon the next restart. This problem was introduced in v7.0a. Added an automatic fix-up of NVM control blocks that were previously affected by a CRC calculation bug that was fixed in v6.1e. The previous fix prevents the problem from occurring, but did not fix control blocks that were affected before the fix. Fixed an incorrect log entry of Energywise "keywords" as "importance". Fixed causes of an FTP PUT of CONFIG.BIN failing. Fixed completed Telnet/SSH sessions to properly disconnect. Built with updated TCP/IP and SNMP libraries. 12-03-30 7.0a swcdu-v70a.bin First production release Version 7.0 is a major new-feature release. An updated operation manual accompanies this release. For complete configuration and operation instructions about new features below, please refer to the new manual. Version 7.0 is built upon an updated operating system, including a new Treck IPv4/v6 dual stack and Treck SNMPv1/v2c/v3 stack. Increased the speed of web-interface sessions by significant page and code optimizations. Increased the speed of HTTPS (SSL/TLS) web sessions by over 200% by increasing the number of concurrent HTTPS and SSL/TLS connections/threads to 24, to account for "connection hungry" web browsers that no longer follow the HTTP/1.1 RFC2616 limit of two concurrent connections to a server. Adjusted the number of concurrent web user sessions to 4 total, either HTTP or HTTPS. Added SNMP v3 support. SNMP v3 supports authentication and encryption. Authentication methods supported are: None and MD5. Encryption methods are: None and DES. Authentication must be used if encryption is used. Two SNMP v3 users are supported, one with read-only (RO) access and one with read/write (RW) access. Using the web interface, SNMP v3 settings are configured on the "Configuration - SNMP/Thresholds" page. Using the CLI, SNMP v3 settings are configured with new keywords that have been added to the existing SET SNMP command: SET SNMP V3 { ENABLED | DISABLED | RWUSERNAME | RWAUTHTYPE | RWPRIVTYPE | RWAUTHPASS | RWPRIVPASS | ROUSERNAME | ROAUTHTYPE | ROPRIVTYPE |ROAUTHPASS | ROPRIVPASS } The SHOW SNMP command has been updated to display the new SNMP v3 settings. Moved the CLI commands for SNMP v1/v2c settings to under a new "V2" keyword that has been added to the existing SET SNMP command: SET SNMP V2 { ENABLED | DISABLED | GETCOMM | SETCOMM } Removed support for SNMP IP restrictions. Removed support for configuring the SNMP v1/v2c trap community string, which is now fixed at “public”. Updated the format of SNMP traps/notifications. When SNMP v3 is enabled, traps are in v3 format. Otherwise, traps are in v2 format. Previously, traps were in v1 format. Added support for SMTP Authentication (SMTP AUTH). This allows the mail client in the CDU to login to the mail server during the process of sending a mail, which may be required by the mail server in order to relay mail to another mail server. Supported authentication methods are: None (default, no SMTP AUTH), Digest-MD5, CRAM-MD5, Login, and Plain. Authentication occurs with a configured username and password. Optionally, the email 'From' Address may be used in place of the username. Using the web interface, SMTP AUTH settings are configured on the "Configuration - SMTP/Email" page. Using the CLI, SMTP AUTH settings are configured with new keywords that have been added to the existing SET EMAIL SMTP command: SET EMAIL SMTP { AUTHTYPE | USERNAME | PASSWORD | USEUSERNAME | USEFROMADDR } The SHOW EMAIL command has been updated to display the current SMTP AUTH settings. Added support for Daylight Savings Time (DST) automatic clock adjustment. DST support is disabled by default. When enabled, the date and time will automatically be adjusted forward one hour between the starting and ending dates and times, which are configurable. Using the web interface, DST settings are configured and enabled on the "Configuration - SNTP/Syslog" page. Using the command-line interface (CLI), DST settings are configured and enabled with new keywords that have been added to the existing SET SNTP command: SET SNTP DST { ENABLED | DISABLED | START | END } The SHOW SNTP command has been updated to display the current DST settings. Added DHCP re-acquisition of network settings upon link-integrity loss and recovery. Fixed IP Forwarding to be disabled, and to report as disabled by the SNMP "ipForwarding" object. Fixed Telnet and SSH sessions to complete the send of final messages before closing, thus cleanly ending sessions. Changed the FTP server 220 response code (service ready) login banner to "220 Sentry Switched CDU FTP server ready.", where is currently "v7.0a". Changed the web server identification in HTTP response headers to "ServerTech-AWS/", where is currently "v7.0a". "AWS" is short for Advanced Web Server. Fixed an incorrect file size (off by two bytes) of network.ini in the FTP server. Added support to report internal non-volatile memory (NVM) errors through the user interfaces and SNMP. Updated support for Sentry Power Manager (SPM) Secure Access. This release supports the new configuration settings for SNMPv3, SMTP Authentication, and DST. ----------- Version 6.1 ----------- 12-03-20 6.1f swcdu-v61f.bin Sixth production release Fixed the Environmental Monitor Control Unit (EMCU) temperature/humidity sensors and contact closures to not be counted and reported by SNMP as part of the number of sensors/contacts of the environmental monitor in a link enclosure, when a link enclosure includes a new hardware board to support two more temperature/humidity sensors in the system. Fixed regeneration of a new X.509 certificate to not enable Sentry Power Manager (SPM) Secure Access and to not reset the SPM password. Both are now left at their current setting. Adjusted the refresh interval of automatically-reloading web pages (other than the "System - Summary" page) to 15 seconds. Adjusted *.js (java script) and *.css (cascading style sheet) web pages to report as static content to web browsers, to improve web performance by page caching. Added support for a 6-outlet 3-phase relay-control board with 30A outlets and integrated branch-status sensing. Updated the copyright year in the web interface. Updated the starting and ending dates that will be used in a regenerated X.509 certificate. A new certificate will now be valid from March 1, 2012 to March 1, 2022. 12-02-16 6.1e swcdu-v61e.bin fifth production release Added Cisco EnergyWise (release v1.2) support: Configuration of EnergyWise support is only available through the command-line interface (CLI), with these new commands: SET ENERGYWISE ... SHOW ENERGYWISE A separate Technical Note is available that documents the operation and configuration of EnergyWise support. Added support for a new Network Interface Module (NIM) with four internal communication channels. Added support for new reversible display hardware that maintains 0.1 Amp resolution below ten Amps when inverted. Added support to reverse the outlet sequencing order: Using the web interface, the outlet sequencing order is configured on the "Configuration - System" page. Using the command-line interface (CLI), the outlet sequencing order is configured with a new keyword to the existing SET OPTION command: SET OPTION OUTLETSEQUENCE { NORMAL | REVERSED } The SHOW OPTIONS command has been updated to display the current outlet sequencing order. Added support for an 'MRV LX Series LX-5250' emulation mode. When enabled, an SCP version query will respond with 'MRV LX Series LX-5250 Emulator' and an OEM information query will respond with 'LX-5250'. This mode will allow an MRV LX Console Server to control and monitor CDU models equivalent to the MRV LX-5250 models. Configuration of the MRV Emulation mode is only available through the command-line interface (CLI), with a new keyword to the existing SET PORT SCP command: SET PORT SCP EMULATE { NONE | MRV } The SHOW PORTS command has been updated to show 'SCP: EMULMRV' when MRV emulation mode is enabled. Added support for new temperature and humidity sensor hardware in a link enclosure, allowing for two more sensors in a system with both a master and link enclosure. Fixed an obscure case of a CRC calculation bug when writing to flash on NIM hardware, potentially causing a failure to read the data in a control block if the first ever update of the control block was also the last before a restart. Improved data-integrity tests for configuration data written to flash memory on NIM hardware. Fixed code to not calculate and report Watts for the neutral line of a 3-phase Wye system. Updated user interfaces to not show voltage, power, and line status for the neutral line of a 3-phase Wye system. Changed the default name of the neutral line of a 3-phase Wye system to reflect that it is the neutral. Changed the order of columns in the CLI ISTAT command output to be consistent with the equivalent web page. Improved the speed of detection of a lost (unplugged) temperature and humidity sensor on NIM hardware. Fixed an obscure case of an incorrect Environmental Monitor Control Unit (EMCU) index possibly being returned in event log messages and SNMP traps for the Analog-to-Digital Converter (ADC) of the EMCU. Updated support for Sentry Power Manager (SPM) Secure Access. This release supports the new configuration settings for reversing the outlet sequencing order. Minor cleanup of log-message strings. Updated the "System - Summary" web page to hide the graphical display for input feeds of legacy products that do not measure input current. Updated the integrated board-level test code to v2.0j. Note: this functionality is only accessible and used during the factory production process. 11-10-05 6.1d swcdu-v61d.bin Fourth production release Added support for hardware platforms with a second serial port, and for an ES900 serial switch connected to that second serial port. Fixed several problems that were introduced in version 6.1a: Fixed the command-line interface (CLI) failing to match user-assigned (or default) outlet names to names entered with CLI commands, which resulted in "User/outlet -- name not found" errors. Fixed the CLI and web interface to not allow duplicate outlet names. Fixed the CLI "SET FTP PASSWORD" command -- when entered with no additional arguments, the password entered at the subsequent prompt was not correctly saved, unless the password was blank. Fixed the web interface TACACS+ configuration page to write the first "options" form items to non-volatile memory. Prior to this, these settings were lost upon a restart. Reduced the amount of RAM reserved for the event log. The number of entries before the log wraps has been reduced from 4097 to 3713. Updated support for Sentry Power Manager (SPM) Secure Access. This release fixes writes to a second SYSLOG server, allows spaces in SNMP community strings, and adds support for the DHCP static fallback and boot delay options. Updated the integrated board-level test code to v2.0i. Note: this functionality is only accessible and used during the factory production process. 11-07-14 6.1c swcdu-v61c.bin Third production release Fixed a critical bug that prevented outlet control actions by SNMP. This problem was introduced in version 6.1b. The outletControlAction and outletWakeupState objects were being skipped and always responded to SNMP requests with a noSuchName or noSuchInstance response. Added support to the NETWORK.INI file (available through the FTP server) for the new DHCP Static Fallback and Boot Delay options. Added display of a textual identifier, either "(ME)" or "(NIM)", after the hardware revision code in the display output of the SHOW SYSTEM command and on the "Configuration - System" web page. Fixed the "Configuration - SNMP/Thresholds - Sensor Traps and Thresholds" web page and SNMP agent to accept temperature recovery delta values up to 18 degrees when using the Fahrenheit temperature scale. Previously, the 10 degrees limit for the Celsius temperature scale was also being applied for the Fahrenheit temperature scale. Fixed a PUT of config.bin to preserve the new DHCP Static Fallback and Boot Delay options on the target system. 11-06-29 6.1b swcdu-v61b.bin Second production release An updated operation manual accompanies this release. For complete configuration and operation instructions about new features below, please refer to the new manual. Manuals are available at: http://www.servertech.com/support/Technical_Library/ Product_Manuals Added support for two new DHCP options: Static Fallback and Boot Delay. Both options can be enabled (the default) or disabled. Disabling Static Fallback configures the DHCP client to attempt indefinitely to acquire an address from a DHCP server, never timing out to fall back to a static address. By default, the DHCP client attempts to acquire an address for 90 seconds before falling back to a static address. With Static Fallback disabled and Boot Delay enabled, this same 90 seconds is the amount of time for DHCP acquisition attempts before allowing the boot of the CDU to complete, after which outlet sequencing will occur while DHCP acquisition continues. Disabling Boot Delay reduced the 90 seconds of attempts to just 5 seconds before allowing the boot to complete while DHCP acquisition continues. Use of these options allows for forcing the IP address to only be acquired by DHCP, with no timeout for static fallback, and/or the completion of the boot before acquisition has succeeded. Use of these options also allows for completing the boot and powering-up outlets while DHCP acquisition continues. This is necessary for successful DHCP acquisition when the CDU is powered up and one of the outlets powers either a network device that provides the connectivity to the network with the DHCP server, or powers the DHCP server itself. Using the web interface, these new DHCP options are configured on the "Configuration - Network" page. Using the command-line interface (CLI), these new DHCP options are configured with new parameters to the existing SET DHCP command: SET DHCP STATICFALLBACK { ENABLED | DISABLED } SET DHCP BOOTDELAY { ENABLED | DISABLED } The SHOW NETWORK command has been updated to display the current value of these new DHCP options. Added a new object to the SNMP MIB and agent for the temperature recovery delta. A new Sentry3.Mib file accompanies this release. SNMP MIB files are available at: ftp://ftp.servertech.com/pub/SNMP/sentry3/ Added a key-activated feature to disable all outlet control. With this "Outlet Control Inhibit" feature activated, outlets will sequence on after power-up and recovery from a downed branch (fuse/breaker), but all control capability is disabled. Fixed changing of the display orientation causing a tower offline/online communication glitch. Other very minor miscellaneous fixes. 11-05-10 6.1a swcdu-v61a.bin First production release Version 6.1 is a major new-feature release. An updated operation manual accompanies this release. For complete configuration and operation instructions about new features below, please refer to the new manual. Added support for new Network Interface Module (NIM) hardware. This hardware is identified by a hardware revision code of 64. Note: NIM hardware requires version 6.1a or later firmware -- it cannot be downgraded to prior versions. Updated the look-and-feel of the web interface to match the colors and styles of the Server Technology "Sentry Power Manager" (SPM) v5 software. Added a "System - Summary" page to the web interface. This page dynamically displays a sensor graph and alarm status for each line current, temperature, and humidity measurement, as well as displaying identifying system information, the number of active users, and the total power consumption. This page automatically updates every five seconds. The summary page is available to administrators and users with environmental monitor access rights. Improved web interface performance by reducing page sizes and optimizing web server code. Added support for Sentry Power Manager (SPM) Secure Access. This feature will allow future versions of SPM software to securely configure and manage CDU firmware features that are not available by SNMP. SPM Secure Access uses the Server Technology proprietary Sentry Network Access Protocol (SNAP). SNAP runs over a secure HTTPS session. Changed the default value for the SNMP Agent to enabled, and changed the default value for the SNMP Set Community string to blank. This allows for out-of-the-box discovery by an SNMP manager, but without the security risk of allowing write access to the MIB objects. Updated the SNMP MIB and agent to support reading and writing the outlet sequence interval, the outlet reboot delay, the outlet wakeup state, and the outlet post-on delay. Also added a system configuration-modified counter object. See the descriptions in the new Sentry3.Mib file that accompanies this release. Changed the default values for temperature and humidity sensors to: Low Temp = 5 degrees C (41 F), High Temp = 45 degrees C (113 F), Low Humidity = 10%, and High Humidity = 90%. Prior to this, defaults were the minimum and maximum of the sensor range. Removed the restriction that POPS SNMP objects only be available as a key-activated feature. For consistency with previously key-activated products, this feature is now always reported as enabled. Removed the HTTP MD5 authentication/security option. Added a remaining-character counter to the web interface "Configuration - System - Login Banner" page. ----------- Version 6.0 ----------- 11-05-10 6.0r swcdu-v60r.bin Fifteenth production release Fixed RF Code support for accumulation/reporting of outlet average RMS current not occurring in master-only POPS systems. Fixed internal string length initialization of the DHCP FQDN hostname in the DHCP request packet, which may be responsible for failures of the DHCP server to support the hostname. Fixed a PUT of config.bin to the FTP server to only restore the email "from" address and the SNMP sysName value on the unit from which config.bin was originally retrieved, in order to not overwrite unique-per-unit values on other units. Fixed rare cases of LDAP authentications failing due to timeouts, by increasing the timeout from 5 to 10 seconds. Fixed rare cases of LDAP authentications failing due to out-of-memory problems, by increasing the heap size. 11-02-23 6.0q swcdu-v60q.bin Fourteenth production release Added support to preserve the value of the FQDN string upon a "reset to factory defaults, except network". Fixed cases of communication failing to a UPS or Remote Shutdown Agent when DHCP is in use and the host was configured using a hostname. Updated the starting and ending dates that will be used in a regenerated X.509 certificate. A new certificate will now be valid from February 1, 2011 to February 1, 2021. Changed the delay between detection attempts for an RF Code tag from one to ten seconds. Changed "Include Authorization Messages:" to "Include Authentication Messages:" on the "Configuration - Email" web page. Fixed the log message for changing the authentication order to say "Authentication" instead of "Authorization". Fixed the log message for changing the FQDN string to include the new value. Fixed the header of SYSLOG messages to use the DHCP-acquired IP address (when DHCP is enabled and successful) instead of the static address. Added "[Sentry3_xxxxxx]" (where "xxxxxx" is the last three octets of the MAC address) to the start of SYSLOG messages, before "AUTH:", "EVENT:", etc., as a unique-per-unit source identifier. Updated the copyright year in the footer of the web interface to 2011. Removed the patent list from the footer of the web interface. 11-01-18 6.0p swcdu-v60p.bin Thirteenth production release Changed the default FQDN hostname from "Sentry3_xxxxxx" to "sentry3-xxxxxx". The underscore was changed to a hyphen because underscores are not valid in a hostname, per RFC 952, and thus may not be supported by some DHCP/DNS servers. The "S" was changed to lowercase because hostnames are more commonly lowercase. Fixed RADIUS support not closing sockets, leading to auto-restarts due to running out of sockets. 10-12-02 6.0n swcdu-v60n.bin Twelfth production release Added support for DHCP Option 81, Fully-Qualified Domain Name (FQDN). With this option, the DHCP client requests that the DHCP server perform DNS updates for FQDN-to-IP-address mapping. The default FQDN hostname is "Sentry3_xxxxxx", where "xxxxxx" is the last three octets of the MAC address. This FQDN value can be edited, allowing a different name to be chosen, and/or to expand the value to include a domain name. Using the web interface, the DHCP FQDN option is configured on the "Configuration - Network" page. Using the command-line interface (CLI), the DHCP FQDN options is configured with new parameters to the existing SET DHCP command: SET DHCP FQDN The maximum length of the FQDN string is 63 characters. Setting the FQDN value to an empty string disables use of the FDQN option. The SHOW NETWORK command has been updated to display the current value of FQDN string. Added RF Code support for wire-free monitoring of power and alarm information from PIPS and PIPS+POPS CDUs. An RF Code active-RFID tag plugs into the CDU serial port and is automatically recognized and used. Added support with PIPS hardware to continue to report/display the line current when in an overload condition. Added support for a second pair of temperature/humidity sensors internal to the master unit. Fixed the possible lack of update of the total system watts upon disconnect of a link unit from a master. Fixed the improper reporting of PIPS voltages as 65535 when the measurement value was not available. The value in this case is now properly reported as -1. Fixed a possible error in the calculation of the power factor with initial PIPS hardware that may not detect the reactance properly. Suppressed reporting of the reactance in this case. Fixed cases of LDAP serial-debugging output overflowing the serial buffer and resulting in garbage or truncated output. Fixed a system crash and automatic restart cause by overly long outlet names in non-3-phase branch-current-monitoring products. This problem was introduced after version 6.0g. Fixed a problem with absolute outlet names not being properly adjusted to exclude the infeed identifier in single-phase products. This problem was introduced after version 6.0g. Fixed a problem of failing to bring on-line some early hardware revisions of TrueRMS current-measurement boards. This problem was introduced after version 6.0g. Fixed a buffer overrun, and a resulting crash of the web server, that occurs when visiting the "Configuration - System - Login Banner" web page with a current banner that includes enough non-web-safe characters to exceed 5120 characters after expansion to safe numeric character reference form. Fixed presentation in the web interface of remotely-authenticated usernames that include spaces. Fixed the "Configuration - SNMP/Thresholds" web page to not log a change to the "Error Trap Repeat Time:" when there was no change. Fixed logging of the new value of the environmental monitoring right on the "Configuration - User - Edit" web page -- the opposite of the new value was being logged. 10-09-03 6.0m swcdu-v60m.bin Eleventh production release Added support for a ten-outlet relay-control board with integrated branch status sensing. Added support for PIPS single-phase 24-outlet two-branch products. Added support for 100A TrueRMS current-measuring hardware. Improved the integrity checks on the decompression of the flash image into ram by the addition of a 32-bit CRC. Fixed a missing web interface "Configuration - Outlets" link in the navigation menu of the web page for non-POPS products. 10-07-07 6.0k swcdu-v60k.bin Tenth production release Added support to extend serial number ranges. Changed the SNMP agent to automatically skip MIB objects that are not supported by the detected hardware, for example, PIPS and POPS objects. 10-06-11 6.0j swcdu-v60j.bin Ninth production release Added Per-Inlet Power Sensing (PIPS) support. Updated the SNMP MIB and agent to support PIPS objects. See the descriptions in the new Sentry3.Mib file that accompanies this release. Added support in the SNMP agent to use cached IP addresses of trap destinations when the trap destinations are defined as host names. The IP addresses of the host names are looked up by DNS and cached for five seconds. This avoids excessive DNS lookups when many SNMP traps are sent in a short period of time. Changed the maximum 3-phase load out-of-balance threshold to 200% from 100%, as 200% is the maximum in a wye-load system. Changed "value suspect" to "power calculations may be inaccurate" in the message for 3-phase unbalanced loads that occurs when beyond the out-of-balance threshold. Updated the OSTAT command for POPS data to no longer default to a target of "ALL" outlets if a target is not specified, and to instead display help text. This gives the user the chance to see that the DETAILS option is available. Removed support in the TLS/SSL server for the weak 56-bit TLS_RSA_WITH_DES_CBC_SHA symmetric cryptography cipher. Fixed several cases of CLI keywords not being accepted in uppercase. Fixed duplicate default input-feed names occurring on 3-phase branch-current-monitoring products. Fixed load value strings remaining at "N/A" when an overload condition is present at boot, until the overload condition clears. Fixed cases of the email client failing to send emails (until a restart) after a loss of the socket connection to the SMTP email server. Fixed a rounding error that could allow for a slight disparity between Amps displayed in the various user interfaces and the values reported by SNMP. Fixed spurious fan errors. Fixed an improper interpretation of user access right in the web interface -- a general user with environmental monitoring access rights was incorrectly treated as having reboot-only rights. Fixed spurious cases of an infeed overloading and recovering, and a humidity sensor reading 127% and recovering. Fixed total system power calculations to exclude the fourth neutral current measurement in 3-phase wye-load products. Updated the starting and ending dates that will be used in a regenerated X.509 certificate. A new certificate will now be valid from November 1, 2009 to November 1, 2019. Updated the Serial Command Protocol (SCP) and specification document to version 2.0h. This version now supports PIPS. Fixed cases of a possibly incorrect status being shown in log messages for water sensor errors and outlet load errors. Changed SYSLOG messages that were improperly using a facility code of LOG_SYSLOG to properly use LOG_DAEMON. Updated the copyright year in the footer of the web interface to 2010. 09-03-10 6.0h swcdu-v60h.bin Eighth production release Added Per-Outlet Power Sensing (POPS) support. Added an OSTAT CLI command for POPS information. Updated the SNMP MIB and agent to support POPS objects. These objects are feature-key activated. See the descriptions in the new Sentry3.Mib file that accompanies this release. Added support to inform the backup master in new TrueRMS power supply hardware of display orientation changes, such that the backup master will write to the display in the same orientation as the network-card master. Fixed cases of the reported system uptime diverging slightly from the actual system uptime. Updated the Serial Command Protocol (SCP) and specification document to version 2.0g. This version now supports POPS. 08-11-25 6.0g swcdu-v60g.bin Seventh production release Added RADIUS support. RADIUS (Remote Authentication Dial-In User Service) is a centralized authentication, authorization, and accounting service. Switched CDU firmware supports the authentication and authorization features of RADIUS. With RADIUS enabled and configured, user login attempts to the Switched CDU result in authentication requests to the RADIUS server to determine access. Replies from the RADIUS server approve or deny access, and, if approved, also determined the authorized access level and access control lists for the user. RADIUS network communication is secured by a shared secret. The shared secret is used to sign RADIUS data packets to ensure they are coming from a trusted source, and to encrypt user passwords. The shared secret is configured on both the Switched CDU and the RADIUS server. A user's authorized access level and access control lists are configured only on the RADIUS server using Server Technology Vendor Specific Attribute (VSA) dictionary entries. These are defined in the file "dictionary.sti". See "dictionary.sti" for attribute usage notes and examples. Switched CDU RADIUS client supported features: Authentication and authorization per RFC 2865 Two RADIUS servers, each configurable with: Host name/IP (63 characters maximum) Shared secret (48 characters maximum) Port (1 to 65535, default = 1812) Timeout (1 to 30 seconds, default = 5) Retries (0 to 10, default = 2) Authentication order configurable to "Remote->Local" or "Remote Only". Password Authentication Protocol (PAP) authentication method. Maximum 32-character usernames and passwords. Server Technology Vendor Specific Attributes (see dictionary.sti). Unique "NAS-Identifier" (per Switched CDU) in requests to the RADIUS servers, for filtering. The "NAS-Identifier" value is "Sentry3_xxxxxx", where "xxxxxx" is the last three octets of the MAC address. Using the web interface, the RADIUS options are configured on the "Configuration - RADIUS" page. Using the command-line interface (CLI), the RADIUS options are configured with the new command: SET RADIUS { ENABLED | DISABLED } SET RADIUS { PRIMARY | SECONDARY } { SERVER | SECRET | PORT | TIMEOUT | RETRIES } A SHOW RADIUS command has been added to display the RADIUS settings. Added configuration of user session timeout periods for the web and command-line interfaces. Previously, these session timeout periods were fixed at 5 minutes. The web and command-line interface session timeouts can now be separately configured for a timeout period between 1 minute and 1440 minutes (24-hours). Using the web interface, the user session timeouts are configured on the "Configuration - System" page. Using the command-line interface (CLI), the user session timeouts are configured with new parameters to the existing SET OPTION command: SET OPTION { CLITIMEOUT | WEBTIMEOUT } The SHOW OPTIONS command has been updated to display the user session timeouts. Added support to display up to a 32-character username for the active user in the web interface, above the navigation menu, with the name wrapping after 16 characters. Added support for log messages to include up to 32-character usernames when remote authentication is used (LDAP, TACACS+, and RADIUS). Previously, even though usernames could be longer than sixteen characters for remote authentications, only the first sixteen characters were logged. Changed all user-authentication input methods to limit accepted usernames and passwords to 32 characters, and to allow remote authentication attempts with blank passwords. Changed the power control request processing to greatly improve the responsiveness of power actions, especially with SNMP requests. Changed the submission order of multiple outlet power actions by the "Outlet Control" web page and by a single SNMP SET request from OFF-REBOOT-ON to REBOOT-OFF-ON, both to make the behavior that all actions turning off equipment in a request occur prior to ON actions in the request, and to tighten up the time between OFF and ON actions. Changed the code that writes the "last" outlet control state to NVM to skip doing so when no outlets are set to "Wake Last". Fixed the failure to receive network settings by DHCP due to initial connectivity delays introduced by various features of advanced switches (see http://www.cisco.com/warp/public/473/12. html). These switches block network traffic for up to a minute after a link is established, preventing DHCP requests from reaching the DHCP server during that time. The DHCP client was only retrying for up to 30 seconds, giving up, and falling back to static network settings. An additional minute of DHCP request attempts has been added to overcome this problem. Note: units with static network settings can still have other early network traffic, such as an SNMP startup trap, blocked. Fixed the problem of no response to SNMP GET and SET requests when the defined community strings were the maximum length. Fixed the local display logic to not write to the first display until after a successful initialization of the power supply board that performs the current measurements. Previously, the first display would blank if the power supply board failed to initialize successfully, which was inconsistent with the behavior for additional displays, which would remain blinking dash-dash ("--"). Fixed the "rem_addr" (remote address) field in TACACS+ authentication and authorization request packets to not change when the SNMP "sysName" value is changed. The value now remains fixed at "Sentry3_xxxxxx", where "xxxxxx" is the last three octets of the MAC address. This keeps the remote address unique to each CDU. Fixed a log entry missing for an automatic web user logout that occurs when the maximum number of simultaneous web user sessions has been reached and the oldest inactive web user's session is ended and re-allocated for use by a new session. Fixed a very obscure case in which a user's password could show up in log messages as part of the user's name. Fixed SET SYSTEM AREA, SET SYSTEM PF, and SET SYSTEM BALANCE to only accept valid value strings with the appropriate number of decimal places. Fixed inconsistent SNMP log messages that reported "by user SNMP" to report just "by SNMP". Fixed login failures to the FTP server, and a stack overflow of the FTP server, when logging into the FTP server using LDAP or TACACS+ remote authentication. Fixed buffer overruns in the FTP server that the prevented proper restoration/setting of several values in FTP.INI when the values were longer than sixteen characters. Fixed several FTP server log messages to be consistent with other user interfaces. Fixed the FTP server to always require both a username and password be entered before authentication of the credentials is started. Fixed possibly-incorrect source IP addresses being logged in the logout messages of web users. Fixed an improper error message with the SET SYSTEM AREA command. Fixed minor inconsistencies in the titles and text of various web pages. Fixed the javascript input validation for the Area, Power Factor, and 3-Phase Load Out-of-Balance Threshold on the "Configuration - System" web page. Fixed the web pages to show the correct/current IP address of the CDU when the IP address configuration has changed, but a restart has not yet been performed. Fixed web pages to show graphic image tooltips in FireFox. 08-07-24 6.0f swcdu-v60f.bin Sixth production release Fixed watt calculations for 3-phase products that measure phase current instead of line current. In this case only, the previous watt calculation would under-report power consumption by the SQRT(3). Note: this fix does not affect any current Switched CDU models. Fixed the 3-phase out-of-balance check to not apply to products that measure multiple branch currents per phase, in which case it is not applicable. Note: this fix does not affect any current Switched CDU models. Fixed the SHOW TOWERS command to display the product serial number, model number, power type, and 3-phase indicator. The display of this information was inadvertently removed in v6.0c. 08-07-10 6.0e swcdu-v60e.bin Fifth production release Added support to select a square meter or a square foot as the unit of area. The unit of area applies to the user-configured system area (footprint) and the system-calculated watts per area unit. The unit of area was previously a square foot, and not configurable. Using the web interface, the unit of area is configured on the "Configuration - System" page using a new drop-down selection box to the right of the input box for the area value. Using the command-line interface, the unit of area is configured with the new command: SET SYSTEM AREAUNIT { SQUAREMETER | SQUAREFOOT } The SHOW SYSTEM command has been updated to display the selected unit of area after the area value. Upon a reset to factory defaults, the unit of area is now a square meter. Changed the SNMP agent to perform power-on/reboot sequencing between the outlets of multiple outletControlAction object IDs that are sent in a single SNMP set operation. Previously the outlet actions would occur simultaneously, without sequencing, allowing for the possibility of multiple in-rush currents exceeding the capacity of an upstream breaker/fuse. The outlet actions now occur with sequencing, exactly the same as a web page submit of multiple individual outlet actions. Updated the SNMP MIB and agent to support reading and writing the new area of unit and the existing system power factor, as well as making the system area value writable. See the descriptions in the new Sentry3.Mib file. Updated patent numbers in the web page footer. Updated the Serial Command Protocol (SCP) and specification document to version 2.0f. This version now supports all the features new to v6. Fixed spurious false fan failure and internal over-temperature errors. Fixed an improper case of flashing "oL" (for overload) on the input feed load displays of a linked unit when it was connected to a master unit running v6.0d firmware and a CRC error occurred reading the NVM in the linked unit. Fixed possible cases of an invalid CRC having been written to the NVM of a linked unit during the factory configuration process. Valid data with a specific CRC error is automatically detected and corrected in deployed units. Fixed an input validation error on the "Input Feed Traps and Thresholds" web page when a linked product has been disconnected. Fixed cases of shutdown and script delay values not being stored as entered and reverting to incorrect/default values after a restart. Fixed "Request Too Large" errors when submitting certain web page forms on products with a large number of outlets. Fixed a problem introduced in v6.0d that caused the load to temporarily display as 0.65535 in the user interfaces immediately after a linked product was disconnected. Fixed inconsistent table row highlighting on the "Sensors" web page. Fixed the SET OUTLET SHUTDOWN/SCRIPT command to not accept ALL, thus avoiding incorrect behavior and memory corruption that was occurring if ALL was attempted. Fixed the SET OUTLET HOST command to not accept ALL, and to properly set the hostname when parameters are provided on the command line. Built with updated SSL, Web, and Email libraries. 08-02-28 6.0d swcdu-v60d.bin Fourth production release Added support for new v6 input-feed current-measurement hardware that supplies hundredth-Amp resolution with better than two percent accuracy. Changed the code that reports the current measured by v5 (and earlier) input-feed current-measurement hardware to report the value in increments equal to the internally-measured resolution. Previously, the value was reported in increments that were twice the internally-measured resolution. Products that previously reported in 1/4 Amp increments now report in 1/8 Amp increments and products that previously reported in 1/2 Amp increments now report in 1/4 Amp increments. Products with new v6 input-feed current-measurement hardware report in 1/100 Amp increments. Regardless of the resolution, the minimum reported input-feed current above zero is 1/4 Amp. Changed the LED display code to show current readings in 0.1 Amp increments up to ten Amps when new v6 input-feed current- measurement hardware is detected. Fixed the LDAP code to replace up to three occurrences of "%s" in the "User Search Filter" with the username supplied during login. Previously only the first occurrence of "%s" was replaced. This change allows complex search filters with logical operations between multiple filters, per RFC 2254. 08-01-22 6.0c swcdu-v60c.bin Third production release Updated manuals accompany this release. Please refer to the updated manuals for complete configuration and operation instructions. Manuals are available on the Server Technology web site (http://www.servertech.com). Added support to individually enable and disable the supported SSH authentication methods (password and keyboard-interactive). This allows an SSH client to be forced to use a specific method. For example, by enabling the "keyboard-interactive" method but disabling the "password" method, the client will be forced to use "keyboard-interactive", which is required to display the login banner. Using the web interface, the SSH authentication methods are configured on the "Configuration - Telnet/SSH" page using new checkboxes. Using the command-line interface, the SSH authentication methods are configured with the new command: SET SSH AUTHMETHOD { PASSWORD | KBINT } { ENABLED | DISABLED } The SHOW NETWORK command has been updated to display the enabled SSH authentication methods. At least one SSH authentication method must remain enabled. This is enforced by the web and command-line interfaces. Upon factory reset, all SSH authentication methods are enabled. Added support for hardware with internal temperature sensing and fan rotation sensing. If the necessary hardware is present, it is automatically detected and supported. When the hardware has been detected, if the internal temperature exceeds a factory-configured maximum-operating limit, or a fan significantly slows or fails, the fault will be reported. The command-line interface will report temperature or fan faults as critical errors before each command prompt ("Switched CDU:") is displayed. The web interface will report temperature or fan faults as critical errors in red text below the main-frame header each time a page is shown or refreshed. Temperature and fan faults will also be logged as a system event. If setup to do so, these log entries will be sent to a syslog server and/or to an email recipient. The SNMP agent has also been updated to report temperature or fan faults. The towerStatus object supports new 'FanFail' and 'overTemp' states, and the towerStatusEvent trap/notification will be sent during these states. For all error-reporting methods, an over-temperature fault has a higher priority than a fan failure -- if both faults occur simultaneously, only an over-temperature fault will be reported. However, one fault for each tower/enclosure can be reported simultaneously. The SHOW TOWERS command has been updated to automatically display the status of the internal temperature sensors and fans, if the hardware support is detected. Upon a fault, the SHOW TOWERS command will provide additional information about the fault, for example, which of several fans has failed. The SNMP MIB has also been updated. See the descriptions in the new Sentry3.Mib file for details. Added a configurable temperature recovery delta. After exceeding the high temperature threshold (thus entering an alarm and load shedding condition) the temperature value must fall below the high temperature threshold by the recovery delta number of degrees before recovering. The default is 1 degree Celsius, 2 degrees Fahrenheit. Added support for an external environmental monitoring unit (an EMCU) even if the master product includes built-in support for temperature/humidity sensors. Note: a hardware update may be required to support powering an EMCU through the Link port. Changed UPS support to be available without Load Shedding. This allows the voltage for an input feed to be retrieved from a UPS for more-accurate watt calculations. Using the web interface, the UPS settings are configured on a new "Configuration - UPS" page and the status is displayed on a new "Power Monitoring - UPS" page. Using the command-line interface, the UPS settings are configured with the SET UPS command and the status is displayed with the SHOW UPS command. Changed the Smart Load shedding web configuration to be more intuitive. UPS was moved to under configuration, and the rest was consolidated and cleaned-up under "Outlets" and "Events" sub-menus. Changed UPS on-battery load shedding to not activate until two consecutive UPS status polls (ten seconds apart) have both shown an on-battery status. This prevents a short utility power loss or brownout from unnecessarily causing load shedding of outlets. Changed and improved the SET UPS command parameters and displays. Changed the web navigation menu SNMP item to be SNMP/Thresholds, to guide users to the pages for setting thresholds, which apply for various purposes, with or without using SNMP. Changed the default input feed high load threshold to be 80% of the factory-configured input feed maximum load capacity, instead of defaulting to 255 Amps. Changed the CLI and web configuration of the input feed high load threshold to be limited to a maximum of the factory-configured maximum load capacity. Changed the input feed overload determination code to indicate an overload condition when the measured input feed current is greater than 0.5 Amps above the factory-configured maximum load capacity, instead of always at 30.5 or 60.5 Amps (dependent upon the product), which should never be reached in lower capacity products. Changed the time between retries of FTP firmware downloads from one second to one minute to address initial connectivity delays introduced by various features of some advanced switches (see http://www.cisco.com/warp/public/473/12.html). Changed the SSH server to display the product name and version string upon a successful authentication, just prior to the location being displayed. Changed the LDAP Search Bind Password and FTP client password to be hidden in the web and command-line interfaces. Asterisks or dots are shown for each character when entered and displayed. The passwords are never sent to the web browser, so they are not viewable in the web source. Changed the term "probe" to "sensor" throughout the CLI whenever referring to a temperature/humidity sensor, for consistency. Removed a connection test to the LDAP servers prior to the initial LDAP bind. This connection test was responsible for a Novell eDirectory LDAP trace showing errors prior to the login. The LDAP network connection timeout was adjusted to achieve the same purpose as the connection test, which is to avoid lengthy delays when an LDAP server is unavailable. Removed input feed load shedding auto-recovery, which served no useful purpose and could cause 'thrashing'. Fixed the default for UPS load-shedding auto-recovery to be on. Fixed configuration of a custom UPS status polling OID. Previously a custom setting was never used. Fixed display of a custom UPS voltage polling OID in the SET UPS command prompts. Fixed a security issue that could expose partial account passwords for some users under specific conditions. Fixed the ADD and DELETE commands to accept 16 character usernames at username prompts. Fixed the SSH server "keyboard-interactive" authentication method to accept and use the username supplied in the initial client authentication request packet. Fixed the SSH server "keyboard-interactive" authentication method to properly attempt displaying the logon banner. Previously, some SSH clients, such as PuTTY, would not display the login banner. Fixed the failure of an FTP PUT of config.bin to restore the entire configuration if the FTP client was quit/exited immediately or soon after the PUT operation completed. Fixed the TACACS+ client to accept "priv-lvl*nn" in a successful authorization response from the server in order to set the privilege level of the authorized session. The TACACS+ client now supports "priv_lvl=nn", priv_lvl*nn", "priv-lvl=nn", and "priv-lvl*nn". Fixed the "Smart Load Shedding - Outlets", "Configuration - Shutdown", "Configuration - Input Feed and Temperature Sensor Thresholds", and "Configuration - UPS - Edit" web pages to not cause page errors when clicking on a checkbox. Fixed the "Configuration - Telnet/SSH" web page to properly position a "value changed" message when the Telnet port number is changed. Fixed the LED display code to show "0.5" Amps on products with 60 Amp input feeds. Previously, the display would jump from "0.0" to "1.0" Amps. Fixed the SHOW TRAPS command on 60 Amp products that support only a single temperature/humidity sensor. Previously, the session would end when attempting to display the environmental monitor trap settings. Fixed several item description and log message inconsistencies between the web and CLI interfaces. 07-06-22 6.0b swcdu-v60b.bin Second production release Added enforcement of the mutual exclusivity between the LDAP 'Use TLS' option and an LDAP bind type of MD5, which do not operate together. Changed the calculations used to determine when 3-phase loads are out-of-balance. These changes implement an industry-standard calculation method and resolve improper cases of reporting an out-of-balance condition. The mean of the three loads is now calculated first. If the mean is less than 1/2 Amp, the loads are considered balanced. Otherwise, the maximum deviation of the three loads from the mean is calculated. If the maximum deviation is less than 1/2 Amp, the loads are considered balanced. Otherwise, the maximum deviation is calculated as a percentage of the mean. If this percentage is greater than the configured "3-Phase Load Out-Of-Balance Threshold", then the loads are considered to be out-of-balance. Removed flashing of the local load displays when 3-phase loads are determined to be out-of-balance. Removed the IP Address from the email subject line, per customer requests, due to security concerns. Emails from multiple products are still uniquely identifiable by the 'From' address. Removed the OEMINFO command keyword from the SET and SHOW commands. Fixed the email code to attempt sending to the secondary email 'To' address if the primary email address failed. Previously, a send to the secondary email address was not being attempted if the primary email address failed. Fixed the email code to limit the email body text to a length of 8K bytes, to avoid a possible memory overwrite, crash, and auto-restart. Email bodies will now be limited to 50 log entries or 8K bytes, whichever is smaller. Fixed a possible crash and automatic restart of the system if the 'To' or 'From' email addresses were set to the maximum length in the "Configuration - Email" web page. Fixed the SNMP SysUpTime value to increment time at the correct rate. Previously, the return value was only incrementing one second for every ten actual seconds. Fixed the factory default for the SNMP SysName value and the email 'From' address value to properly reflect the last three octets of the product's MAC address. Previously, after being reset to factory defaults, another restart would revert the final two octets to zero if an SNMP setting was not changed. Updated the starting and ending dates that will be used in a regenerated X.509 certificate. A new certificate will now be valid from June 21, 2007 to June 21, 2017. Updated the integrated board-level test code to v2.0c. Note: this functionality is only accessible and used during the factory production process. Built with updated TCP/IP, SSL, SNMP, Web Server, and Telnet Server libraries. 07-02-07 6.0a swcdu-v60a.bin First production release Version 6.0 is a major new-feature release. Updated operation manuals accompany this release for complete configuration and operation instructions for the new features. Included all features simultaneously released in version 5.3i (see v5.3i notes below). Updated the look-and-feel of the HTML interface to match the Server Technology corporate web site colors and styles. Added the ability to configure various product characteristics. These include the product serial number, model number, input feed voltage, input feed maximum load capacity, power type (AC/DC), and 3-phase indicator (for AC products only). New products will have the characteristics set at the factory. The product serial number, model number, power type, and 3-phase indicator are locked (not changeable by the end-user) when set at the factory. Already-delivered products that are firmware-upgraded will allow the customer to configure the product characteristics, and the values will not be locked. When configured, the product characteristics will allow for additional features, such as asset tracking and power consumption calculation and reporting. Added power consumption (watts) calculation and reporting. Power consumption is calculated individually for each input feed and is summed for a total system power consumption. The power factor used in the calculations is configurable. 3-phase power calculations for balanced loads are automatically applied if the 3-phase product characteristic is set. Added a 3-Phase out-of-balance threshold. Loads on all three phase pairs of a 3-phase product are constantly checked for being within a configurable percent level of the other two phase pairs. If a phase imbalance occurs outside of the configured threshold, the condition is noted in the user interfaces and by the local load displays flashing at a medium speed. Added system watts per square feet calculation and reporting. The square feet of the footprint of the system (usually the cabinet footprint size) is configurable. When configured, the total system watts is divided by the footprint square feet to determine and report the system watts per square feet. Added support for operating system shutdown prior to the turning off of an outlet that powers a computer system. A hostname/IP is configurable for each outlet, along with a shutdown enable, shutdown delay, a script enable, and script delay. When shutdown is configured and enabled for an outlet, prior to any system action that will turn off the outlet, encrypted shutdown messages will be sent across the network to a Remote Shutdown Agent running on the computer system. The Switched CDU will then delay the shutdown delay time (and script delay time, if enabled) before turning off the outlet, giving the time needed by the Remote Shutdown Agent to run a shutdown script (if enabled) and shutdown the operating system. Remote Shutdown Agents are available for these operating systems: Windows, Solaris, Netware, Linux, HPUX, and AIX. Added support to enable optional pay-for features by the entry of a feature activation key that is unique to each product. Added the first optional key-activated feature: Smart Load Shedding. Smart Load Shedding allows for the automatic turning off of non-critical equipment based on status and conditions in the operating environment. These include the status of a UPS (from which an input feed is powered), temperature, and load. Upon a UPS going 'on-battery', or the temperature or load exceeding threshold levels, outlets can be turned off to maximize the uptime of critical equipment or to prevent damage to equipment. Optionally, upon a return of a UPS to 'on-utility', or of the temperature or load to within threshold levels, the non-critical equipment can be turned back on. SNMP is used to poll a configured UPS for utility/battery status. SNMP agent object IDS are pre-configured for several major UPS manufactures, and are custom configurable otherwise. Added additional outlet control states to reflect shutdown conditions and Smart Load Shedding event conditions. Reducted the number of supported simultaneous Telnet/SSH sessions to 4 from 9. Updated the Sentry3 SNMP MIB to include support for the product characteristics, power consumption values, system watts per square feet, and the new outlet control states. ----------- Version 5.3 ----------- 08-03-31 5.3q swcdu-v53q.bin Fifteenth production release Changed the SNMP agent to perform power-on/reboot sequencing between the outlets of multiple outletControlAction object IDs that are sent in a single SNMP set operation. Previously the outlet actions would occur simultaneously, without sequencing, allowing for the possibility of multiple in-rush currents exceeding the capacity of an upstream breaker/fuse. The outlet actions now occur with sequencing, exactly the same as a web page submit of multiple individual outlet actions. Fixed the LDAP code to replace up to three occurrences of "%s" in the "User Search Filter" with the username supplied during login. Previously only the first occurrence of "%s" was replaced. This change allows complex search filters with logical operations between multiple filters, per RFC 2254. Fixed spurious false fan failure and internal over-temperature errors. 08-01-14 5.3p swcdu-v53p.bin Fourteenth production release Fixed a security issue that could expose partial account passwords for some users under specific conditions. Fixed the ADD and DELETE commands to accept 16 character usernames at username prompts. Fixed several log message inconsistencies between the web and CLI interfaces. 07-12-14 5.3n swcdu-v53n.bin Thirteenth production release Added support to individually enable and disable the supported SSH authentication methods (password and keyboard-interactive). This allows an SSH client to be forced to use a specific method. For example, by enabling the "keyboard-interactive" method but disabling the "password" method, the client will be forced to use "keyboard-interactive", which is required to display the login banner. Using the web interface, the SSH authentication methods are configured on the "Configuration - Telnet/SSH" page using new checkboxes. Using the command-line interface, the SSH authentication methods are configured with the new command: SET SSH AUTHMETHOD { PASSWORD | KBINT } { ENABLED | DISABLED } The SHOW NETWORK command has been updated to display the enabled SSH authentication methods. At least one SSH authentication method must remain enabled. This is enforced by the web and command-line interfaces. Upon factory reset, all SSH authentication methods are enabled. Added support for an external environmental monitoring unit (an EMCU) even if the master product includes built-in support for temperature/humidity sensors. Note: a hardware update may be required to support powering an EMCU through the Link port. Changed the time between retries of FTP firmware downloads from one second to one minute to address initial connectivity delays introduced by various features of some advanced switches (see http://www.cisco.com/warp/public/473/12.html). Changed the SSH server to display the product name and version string upon a successful authentication, just prior to the location being displayed. Changed the term "probe" to "sensor" throughout the CLI whenever referring to a temperature/humidity sensor, for consistency. Fixed the SSH server "keyboard-interactive" authentication method to accept and use the username supplied in the initial client authentication request packet. Fixed the SSH server "keyboard-interactive" authentication method to properly attempt displaying the logon banner. Previously, some SSH clients, such as PuTTY, would not display the login banner. Fixed the failure of an FTP PUT of config.bin to restore the entire configuration if the FTP client was quit/exited immediately or soon after the PUT operation completed. Fixed the SHOW TRAPS command on 60 Amp products that support only a single temperature/humidity sensor. Previously, the session would end when attempting to display the environmental monitor trap settings. Fixed log message inconsistencies between the web and CLI interfaces. 07-09-17 5.3m swcdu-v53m.bin Twelfth production release Fixed outlets not being discovered on other than the first input feed of a product, and thus not being controllable. This bug was inadvertently introduced in v5.3k with the internal temperature and fan rotation sensing support. Fixed the LED display code to show "0.5" Amps on products with 60 Amp input feeds. Previously, the display would jump from "0.0" to "1.0" Amps. 07-08-27 5.3k swcdu-v53k.bin Eleventh production release Added support for hardware with internal temperature sensing and fan rotation sensing. If the necessary hardware is present, it is automatically detected and supported. When the hardware has been detected, if the internal temperature exceeds a factory-configured maximum-operating limit, or a fan significantly slows or fails, the fault will be reported. The command-line interface will report temperature or fan faults as critical errors before each command prompt ("Switched CDU:") is displayed. The web interface will report temperature or fan faults as critical errors in red text below the main-frame header each time a page is shown or refreshed. Temperature and fan faults will also be logged as a system event. If setup to do so, these log entries will be sent to a syslog server and/or to an email recipient. The SNMP agent has also been updated to report temperature or fan faults. The towerStatus object supports new 'FanFail' and 'overTemp' states, and the towerStatusEvent trap/notification will be sent during these states. For all error-reporting methods, an over-temperature fault has a higher priority than a fan failure -- if both faults occur simultaneously, only an over-temperature fault will be reported. However, one fault for each tower/enclosure can be reported simultaneously. The SHOW TOWERS command has been updated to automatically display the status of the internal temperature sensors and fans, if the hardware support is detected. Upon a fault, the SHOW TOWERS command will provide additional information about the fault, for example, which of several fans has failed. The SNMP MIB has also been updated. See the descriptions in the new Sentry3.Mib file for details. Changed the LDAP Search Bind Password and FTP client password to be hidden in the web and command-line interfaces. Asterisks or dots are shown for each character when entered and displayed. The passwords are never sent to the web browser, so they are not viewable in the web source. Removed a connection test to the LDAP servers prior to the initial LDAP bind. This connection test was responsible for a Novell eDirectory LDAP trace showing errors prior to the login. The LDAP network connection timeout was adjusted to achieve the same purpose as the connection test, which is to avoid lengthy delays when an LDAP server is unavailable. Fixed the TACACS+ client to accept "priv-lvl*nn" in a successful authorization response from the server in order to set the privilege level of the authorized session. The TACACS+ client now supports "priv_lvl=nn", priv_lvl*nn", "priv-lvl=nn", and "priv-lvl*nn". 07-06-21 5.3j swcdu-v53j.bin Tenth production release Added enforcement of the mutual exclusivity between the LDAP 'Use TLS' option and an LDAP bind type of MD5, which do not operate together. Removed the IP Address from the email subject line, per customer requests, due to security concerns. Emails from multiple products are still uniquely identifiable by the 'From' address. Removed the OEMINFO command keyword from the SET and SHOW commands. Fixed the email code to attempt sending to the secondary email 'To' address if the primary email address failed. Previously, a send to the secondary email address was not being attempted if the primary email address failed. Fixed the email code to limit the email body text to a length of 8K bytes, to avoid a possible memory overwrite, crash, and auto-restart. Email bodies will now be limited to 50 log entries or 8K bytes, whichever is smaller. Fixed a possible crash and automatic restart of the system if the 'To' or 'From' email addresses were set to the maximum length in the "Configuration - Email" web page. Fixed the SNMP SysUpTime value to increment time at the correct rate. Previously, the return value was only incrementing one second for every ten actual seconds. Fixed the factory default for the SNMP SysName value and the email 'From' address value to properly reflect the last three octets of the product's MAC address. Previously, after being reset to factory defaults, another restart would revert the final two octets to zero if an SNMP setting was not changed. Updated the starting and ending dates that will be used in a regenerated X.509 certificate. A new certificate will now be valid from June 21, 2007 to June 21, 2017. Updated the integrated board-level test code to v2.0c. Note: this functionality is only accessible and used during the factory production process. Built with updated TCP/IP, SSL, SNMP, Web Server, and Telnet Server libraries. 07-02-07 5.3i swcdu-v53i.bin Ninth production release Added LDAPS (LDAP over TLS/SSL) support. TLS/SSL provides an encrypted connection between the client and server for all LDAP communication. Using the web interface, the LDAP TLS/SSL option is configured and displayed on the "Configuration - LDAP" page using the new "Use TLS/SSL:" drop-down selection box. The choices are "Yes" and "No". Using the command-line interface, the LDAP TLS/SSL option is configured with the new command: SET LDAP USETLS { YES | NO } The SHOW LDAP command has been updated to display the current setting. Upon factory reset, the default value is NO. When LDAP is configured to use TLS/SSL, the LDAP port number must be changed to match the encrypted port number of the LDAP directory server. The IANA well-known port number for LDAPS is 636. The LDAPS TLS/SSL client supports: Secure Sockets Layer (SSL) version 3 Transport Layer Security (TLS) version 1 (RFC 2246) X.509 version 3 (RFC 2459) Server Certificates with RSA key sizes up to 4096 bits Symmetric Cryptography Ciphers: TLS_RSA_WITH_3DES_EDE_CBC_SHA (168-bit) TLS_RSA_WITH_DES_CBC_SHA (56-bit) TLS_RSA_WITH_AES_128_CBC_SHA (128-bit) TLS_RSA_WITH_AES_256_CBC_SHA (256-bit) Server certificates are accepted and used on-the-fly A NULL client certificate is sent to the server if a client certificate is requested Added SNMP source IP restriction support. This allows SNMP manager GET and SET requests to only be allowed from the IP addresses of the defined traps destinations. Using the web interface, the SNMP IP Restriction option is configured and displayed on the "Configuration - SNMP" page using the new "IP Restriction:" drop-down selection box. The choices are "No Restrictions" and "Trap Destinations Only". Using the command-line interface, the SNMP IP Restriction option is configured with the new command: SET SNMP IPRESTRICT { NONE | TRAPDESTS } The SHOW SNMP command has been updated to display the current setting. Upon factory reset, the default value is NONE/No Restrictions. When SNMP is restricted to the traps destinations, and the traps destinations are defined as host names, the IP addresses of the host names are looked up by DNS and cached for five seconds, to avoid excessive DNS lookups with SNMP requests. Added support to log the source IP address of HTTPS sessions. The remote source IP addresses of HTTPS sessions are now retrieved from the SSL/TLS proxy and used in HTTPS login, logout, and authentication failure log messages. Fixed the possible loss of a configured host IP address (for the FTP, SNMP, SNTP, SYSLOG, LDAP, and TACACS protocols) if firmware was updated from v5.3e or earlier to v5.3f or later, followed by a command-line interface change to a non-hostname configuration item for that protocol. Built with updated TCP/IP and SSL libraries. 06-11-30 5.3h swcdu-v53h.bin Eighth production release Added code to the web interface to highlight the background of every other row in all tables. Added "More (Y/N)" prompting between each page of the SHOW LOG display. Added and changed the navigation links on the "Tools - View Log" web page to include "<< First Page", "< Previous Page", "Next Page >", and "Last Page >>". Added "(SCP)" after "Coldboot Alert" in the SHOW OPTIONS display to indicate a relationship between the Serial Command Protocol (SCP) and the Coldboot Alert features. Upon a coldboot of the system, if the coldboot alert feature is enabled, the system will send a 1/2 second RS-232 break out any serial ports that also have the SCP enabled. Improved the robustness of the NVM/I2C communication code and changed NVM/I2C status messages to only be displayed during the boot if significant errors are detected. Improved the speed of configuration restores. A PUT of config.bin now immediately restores the configuration to RAM and begins writing the configuration to NVM in the background. Upon the FTP session ending, the restart process starts immediately, but delays until all NVM writes have completed. Unnecessary writes of unchanged default configurations no longer occur, making the time to complete all writes much shorter. Changed the SSH code to guarantee that any startup errors (such as invalid keys) are sent out the Console port prior to the system boot completing. Changed the syslog message for host name fields to show "(undefined)" if the name is set to blank. Removed unnecessary memory usage by the Telnet server. Fixed a stack overflow and memory overwrite in the email thread that could cause various system crashes and automatic restarts. Fixed a temporary run down of the network heap each time an IP address DNS lookup was performed on a host name, which could lead to a low-heap automatic restart if many DNS lookups occurred within a short period of time. Fixed sluggish performance problems with multiple concurrent HTTPS sessions. Fixed the Login link on the web "Restarting" page, which was using the static IP address even when DHCP was enabled. Fixed a bug in the "Configuration - TACACS" web page. When applying the key form, the key data was being written to the incorrect location in NVM. This was causing the key to not be restored after a reset, and was causing the login banner to be trashed. Fixed a bug in the "Tools - View Log" web page. When selecting the "Previous 100 entries" link to go back to the first 100 log entries, the data was not being displayed properly. Fixed the SNMP trap code to not send traps twice to the first trap destination when the second trap destination is blank. Fixed the local load display to blink “FE” (for Fuse Error) on displays for third and fourth input feeds that have a removed/blown branch fuse. The code was previously only working on displays for first and second input feeds. Fixed the FTP server to accurately show the size of files in a directory list, to list the files in alphabetical order, and to only show a date/time when available. Fixed the FTP put of config.bin to restore the email configuration, which was previously not occurring. Fixed the FTP get and put of config.bin to backup and restore the entire configuration for products with third and fourth enclosures in the system. Previously for these products, only the configuration for the first and second enclosures were being backed-up and restored. Fixed various minor command parsing problems with the SET INFEED, SET SYSLOG, SET SCPAUTH, SET TRAP, and SET EMAIL commands. Fixed the "SHOW commands are:" list to show PORTS instead of PORT, to match the actual valid command parameter. This typo was introduced in v5.3g. Updated the integrated board-level test code to v2.0b. Note: this functionality is only accessible and used during the factory production process. 06-09-21 5.3g swcdu-v53g.bin Seventh production release Changed the maximum allowed outlet reboot delay to 600 seconds (from 60 seconds). This allows for a much longer off period during reboot cycles. Note: the off period during a reboot cycle cannot be overridden by an ON operation. To turn on an outlet without waiting for the reboot delay to expire, first turn it off, then on. Changed the minimum allowed value for the outlet sequence interval to zero seconds (from two seconds). This allows for faster outlet sequencing (at one second) or no outlet sequencing (at zero seconds). Improved the accuracy and evenness of the outlet sequence interval timing. This is especially noticeable for products with 32 or more outlets. Added code to detect a hung communication bus (for example, to a slave enclosure) and to prevent a hung bus from causing a system slowdown. Re-ordered the command keywords in the top-level command list, as well as the SET and SHOW command lists, for a more logical grouping of commands by functionality and purpose. Changed/moved the CLI command for setting the display orientation to SET OPTION DISPLAY from just SET DISPLAY. Removed the SHOW DISPLAY command and added the display orientation to the SHOW OPTIONS command. Changed the name of the FTP "filepath" configuration item to FTP "directory" in both the command-line interface (CLI) and the FTP.INI file. This was done to be consistent with the web interface and because "directory" is the more-common term. For backwards compatibility, "filepath" is still accepted. Changed the OEMINFO string to not be cleared upon a reset to factory defaults. Updated the Serial Command Protocol to version 2.0e. Increased by one year the start and end dates of a newly re/generated X.509 certificate. A new certificate will now be valid from September 1, 2006 to September 1, 2016. Fixed LDAP login attempts to the secondary LDAP host possibly always failing. This problem was introduced in v5.3f when hostname support was added -- the previous IP address of the secondary LDAP host was still being used, instead of the new configured hostname. Fixed FTP downloads to not fail when the user-configurable FTP strings (username, password, directory, and filename) are at their maximum sizes. Fixed DNS-server connection test code to work properly when DHCP is enabled or one or both DNS server IP addresses are 0.0.0.0. This fix avoids several cases of unnecessary timeout delays when the DNS servers are unreachable. Fixed host connection test code to immediately fail when link integrity is down. This avoids unnecessary timeout delays in several cases when the network is disconnected or down. Fixed the FTP download code to perform a link-integrity and host connection test prior to attempting a download. This avoids unnecessary timeout delays if the host is unreachable. Fixed the FTP download code to detect and report when the FTP host name cannot be resolved, and to then skip the FTP download attempt. This avoids unnecessary timeout delays. Fixed the LDAP and TACACS+ login code, the SNMP traps sending code, and the FTP download code to skip attempts when the host name is blank. This avoids unnecessary timeout delays. Fixed the PASSWORD command to be available to users with view-only, on-only, and reboot-only access levels. Fixed some SNMP set operations not being logged. This included set operations applied to sysContact, sysName, and sysLocation objects. Fixed problems that could allow out-of-order outlet sequencing on products with a large number of outlets (>64). Fixed problems that could allow products with a large number of outlets (>64) to not sequence back on outlets on a slave tower after it lost and regained power (the outlets would stay in an "off/error" state). Fixed the display code to illuminate the extra/outer decimal point on the first load display when the configuration reset button is pressed and the display orientation is set to inverted. Previously, the inner decimal point (between the two numbers, which is unused when inverted) was being illuminated. Integrated board-level test code v2.0a into the application build. Note: this functionality is only accessible and used during the factory production process. Added support for automatic retrieval of pre-generated certificates and keys after the serial number assignment. Note: this functionality is only accessible and used during the factory production process. 06-06-22 5.3f swcdu-v53f.bin Sixth production release Added Dynamic Host Configuration Protocol (DHCP) support to allow for the automatic acquisition of an IP address, subnet mask, gateway, and DNS server addresses from a network DHCP server. Note: when loading version 5.3f over a previous version that only supported static addressing, DHCP will initially be disabled. Upon a reset to factory defaults, however, DHCP will default to enabled. Using the web interface, DHCP is configured and displayed on the "Configuration - Network" page. Using the command-line interface, DHCP is configured with the new command: SET DHCP { ENABLED | DISABLED } The SHOW NETWORK command has been updated to display the current DHCP setting. When DHCP is enabled, the product will attempt to acquire an address from a DHCP server upon boot, prior to the boot completing. If successful, the acquired addresses will be displayed in the web and command-line interfaces. If unsuccessful, the acquisition attempt will timeout at 30 seconds, and the product will complete the boot using the previously assigned (or default) static addresses. When DHCP is disabled, the product boots with the static addresses, as in previous versions. To view or change the static addresses, DHCP must first be disabled. Upon a lease expiration of addresses assigned by DHCP, a lease renewal is requested. If the DHCP server assigns a lease with a different address, or a timeout occurs during the request, the product will automatically restart. This will allow the product to boot will the new addresses, or fallback to the static addresses. Added hostname support for all host IP address fields: FTP server, SNMP traps destinations, LDAP servers, TACACS servers, SNTP servers, Syslog servers, and SMTP (email) server. A fully-qualified domain name may now be entered instead of an IP address. For example, the LDAP host fields will now accept “serverpdc.reno.servertech.com” instead of just an IP address. Host names will be translated to IP addresses using DNS. Host names can be up to 63 characters. Added support for temperature values to be entered and reported in either the Celsius or Fahrenheit temperature scale. Previous versions always used Celsius. Using the web interface, the temperature scale is configured and displayed on the "Configuration - System" page. Using the command-line interface, the temperature scale is selected with the new command: SET OPTION TEMPSCALE { CELSIUS | FAHRENHEIT } The SHOW OPTIONS command has been updated to display the current setting. When the temperature scale is changed, all thresholds are automatically converted to the newly-selected scale. The supported range and resolution of the temperature scales are: Celsius: 0 to 123.5 degrees, with 0.5 degree resolution, reported in 1/2 degree increments. Fahrenheit: 32 to 254.5 degrees, with 0.9 degree resolution, rounded to and reported in the nearest 1/2 degree increment. Entry of temperature thresholds is automatically limited to the whole values in the ranges shown above for the selected scale. The SNMP MIB has also been updated to support selecting and using the temperature scale. See the descriptions in the new Sentry3.Mib file. Added email support for notification of log messages, including which categories of log messages are to be emailed, and support for two recipients. Using the web interface, Email is configured and displayed on the new "Configuration - Email" page. Using the command-line interface, Email is configured with a new set of SET EMAIL commands. A new SHOW EMAIL command has been added to display the current Email settings. The items that can be configured are: Email enabled/disabled. SET EMAIL { ENABLED | DISABLED } Default: DISABLED SMTP host and port -- the host name/IP and port number of the SMTP server that will deliver the email. SET EMAIL SMTP { HOST hostname | PORT port } Default HOST: blank/undefined Default PORT: 25 'From' address -- the address from which the email reports that it came. SET EMAIL FROM address Default: Sentry3_xxxxxx@, where xxxxxx is the last three octets of the product's MAC address. Primary and Secondary 'Send To' addresses -- the recipient email addresses. SET EMAIL { PRIMARYTO | SECONDARYTO } address Defaults: blank/undefined Categories of log messages to be included in the email. SET EMAIL { EVENT | AUTH | POWER | CONFIG } { ENABLED | DISABLED } Defaults: EVENT ENABLED, others DISABLED. Every minute, up to fifty new log messages in the enabled categories are placed in the body of an email and sent to both recipients. Multiple emails with be sent if there are more than fifty new log entries in the enabled categories. Added automatic firmware updates. When enabled, the product will periodically, or on a schedule, check the configured FTP server for a newer version of firmware. If found, an automatic restart and load of the new firmware will occur. Using the web interface, automatic update settings are configured and displayed on the "Configuration - FTP" page. Using the command-line interface, automatic update settings are configured with a new subset of SET FTP commands. The SHOW FTP command has been updated to display the current automatic update settings. The items that can be configured are: Automatic updates enabled/disabled. SET FTP AUTOUPDATE { ENABLED | DISABLED } Default: DISABLED Schedule Day upon which to perform a new firmware check. SET FTP AUTOUPDATE DAY { SUNDAY | MONDAY | TUESDAY | WEDNESDAY | THURSDAY | FRIDAY | SATURDAY | EVERYDAY } Default: EVERYDAY Schedule Hour upon which to perform a new firmware check. SET FTP AUTOUPDATE HOUR { 12AM | 1AM | 2AM | 3AM | 4AM | 5AM | 6AM | 7AM | 8AM | 9AM | 10AM | 11AM | 12PM | 1PM | 2PM | 3PM | 4PM | 5PM | 6PM | 7PM | 8PM | 9PM | 10PM | 11PM } Default: 12AM To perform the check for new firmware at the scheduled day and hour, the product must be configured to get real time from an SNTP server, and must have successfully done so. Otherwise, the product will perform the check every 24 hours since the product last booted. To avoid too many simultaneous FTP sessions from multiple products with the same schedule, each product will randomly add a delay (up to one minute) upon the scheduled day/hour, or the period expiring, before connecting to the FTP server. Additionally, up to three attempts to connect will be made, with 15 seconds between each. Added support to the FTP server for two new text files: FTP.INI and SNTP.INI. These allow for common FTP configuration settings, automatic update settings and schedule, and SNTP options to to be duplicated across a number of products by a FTP put to each. Added support to restart to factory defaults, while preserving the network configuration. This allows for a remote configuration reset, without loosing network connectivity. Using the web interface, this new restart option has been added to the choices on the "Tools - Restart" page. The new choice is "Restart and reset to factory defaults, except network". Using the command-line interface, this new restart option is invoked by a new optional sub-parameter to the RESTART FACTORY command: RESTART FACTORY { KEEPNET } All configuration items will be reset to factory defaults except for the DHCP setting, IP address, subnet mask, gateway, and DNS server addresses. Added support for Server Technology's proprietary Serial Command Protocol (SCP). The SCP allows for control and monitoring of the product through a serial connection to the console and/or modem port using a command-response protocol that allows for simplified communication compared to scripting sessions to the command-line interface. This feature was previously available only in custom OEM builds. Added the source IP address of network authentication attempts (both successes and failures) to the log entries. Log entries for logouts also include the source IP address. These apply to all network sessions except those by HTTPS, because the SSL/TLS proxy hides the source IP address from the web server. Added the CLI command "SET OPTION MORE { ENABLED | DISABLED }" to enable or disable the "More (Y/N)" prompting between each page of information for long information displays. The "SHOW OPTIONS" display has also been updated to display the current setting. The default is ENABLED. Added write-behind caching support for NVM write operations. This feature is used by SNMP to greatly improved the speed of SNMP write operations for objects that are written to NVM. Added robustness improvements to the non-volatile memory (NVM) access routines. Added support to display a blinking “FE” (for Fuse Error) on the local load display of an input feed that has a removed/blown branch fuse. The blinking "FE" display alternates with the load display, so that the load on other branches can still be seen. Added support to sequence on outlets when a branch fuse is installed in a product that supports 'hot' fuse swapping. Added support for a serial port data rate of 115200 bps. Added an option on the web "Configuration - System" page to disable the configuration reset button. The feature was added in v5.3e, but the web configuration was accidentally left out. Added support for new hardware models with additional link capabilities. Fixed the problem of not being able to turn off (uncheck) the Location blink option on the web "Configuration - System" page, which was a problem that was introduced in v5.3e. Fixed two LDAP problems. One fix avoids a possible “Out of memory” error during searches, and the other avoids a possible improper parsing of the Group Membership Value Type when type "DN" is selected. Fixed the SSH server to log authentication attempts when using the password authentication method. Previously, only the keyboard-interactive authentication method logged authentication attempts. Fixed the SSH server to not prematurely fail a third authentication attempt. Previously, depending on the SSH client, a third attempt to authenticate would either fail immediately after entering the username, or would accept both the username and password and fail even if they were valid. Three full login attempts can now be made. The server will disconnect the session after the third attempt, if it fails. Fixed the "Configuration - Serial" and "Configuration - Outlets" web pages to no longer cause an "error on page" when submitting the form immediately after having followed an "Edit" link on the page and then returning to that page. 06-02-28 5.3e swcdu-v53e.bin Fifth production release Added logging of all authentications (including failed attempts), power actions, configuration changes, and system events. The log is stored in RAM and can hold up to 4097 entries. Additional log entries will automatically wrap around over the oldest log entries. The log is cleared upon a restart or power loss. For permanent off-product log storage, the Syslog protocol is supported (see below). Each log entry includes a sequential log-entry number, a date/time-stamp (if a date/time has been retrieved by SNTP), and a message. Each log message begins with a category heading of either "AUTH:", "POWER:", "CONFIG:", or "EVENT:", and is followed by the message information. The log can only be viewed by administrators. Using the web interface, the log is viewed by selecting the new "View Log" item under the "Tools" menu. Using the command-line interface, the log is viewed with the new command: SHOW LOG Note: Web authentications (and failed attempts) are only logged when the web server is set for Basic authentication. Added support for the Syslog protocol. The Syslog support is RFC3164-compliant and provides for off-system viewing and permanent storage of log messages. Two Syslog servers are supported. The Syslog support is enabled by configuring the IP address of one or both Syslog servers. The port number used with the Syslog protocol is also configurable. The default port is 514, which is the well-known port for Syslog. Using the web interface, Syslog options are configured and displayed on the new "Configuration - SNTP/Syslog" page. Using the command-line interface, the Syslog server IP addresses and port number are configured with the new commands: SET SYSLOG [ HOSTIP1 | HOSTIP2 ] { ipaddress } SET SYSLOG PORT { number } A new SHOW SYSLOG command has been added to display the current values. Added support to configure a local GMT Offset to the date/time returned by SNTP. This was added because the Syslog RFC requires that the date/time be provided in local time. The offset can be configured in whole hours between plus and minus twelve hours. Using the web interface, the SNTP GMT offset is configured and displayed on the new "Configuration - SNTP/Syslog" page. This page uses the configured GMT offset to show the current date/ time in local time. Using the command-line interface, the SNTP GMT offset is configured with the new command: SET SNTP GMTOFFSET { -12 .. +12 } The SHOW SYSLOG command has been updated to display the current GMT offset value. The SHOW SYSLOG command has also been updated to use the configured GMT offset to show the current date/time in local time. Note: There is currently no automatic adjustment for daylight savings. Added two new access levels for user accounts: Power-User and Reboot-Only. A Power-User account automatically has access rights to all outlets, groups, and ports, just like an administrator, but does not have any configuration rights. A Reboot-Only account is restricted to only the reboot action for outlets to which access rights have been assigned. This prevents a Reboot-Only user from leaving critical equipment in an off state. Note, a reboot will turn on outlets that are off, after the reboot delay period. Using the web interface, the new access levels are selected on the "Configuration - User - Edit" page and are displayed on the "Configuration - Users" page. Using the command-line interface, the new access levels are configured with the updated SET USER ACCESS command, which now accepts "POWERUSER" and "REBOOTONLY" as the access level. The LIST USERS command has been updated to display the new access levels. Added the ability for a user to change their password. Previously, only an administrator could change account passwords. Using the web interface, a user can change their password using the new "Change Password" item under the "Tools" menu. Using the command-line interface, a user can change their password with the new command: PASSWORD By the web or command-line interface, the user must enter their current password, their new password, and a verification of their new password. By allowing a user to change their own password, they can change it from the initial password that was assigned when the account was created, without divulging the new password to an administrator. Once a user changes their own password, an administrator cannot lookup the new password, though an administrator can always assign a new password. This behavior is important for accountability assessment of log entries, which include, when relevant, the name of the user that performed the authentication, power action, or configuration change that was logged. Added the ability to enforce the usage of strong passwords. Strong password support, when enabled, requires passwords be a minimum of 8 characters with at least one uppercase letter, one lowercase letter, one digit, and one special character. When a password is changed, strong password support requires that the new password differ in at least four character positions from the old password. Using the web interface, the strong password option is configured and displayed on the "Configuration - System" page. Using the command-line interface, strong password support is enabled or disabled using the new command: SET OPTION STRONGPASSWORDS { ENABLED | DISABLED } A new SHOW OPTIONS command has been added to display the current value. Added an option to disable the external configuration reset button. In an insecure location, this button may pose a security threat since it could be used to return the unit to factory defaults, which would then allow a login using the default administrator account. Disabling the button removes this security concern. Using the command-line interface, the configuration reset button is enabled or disabled using the new command: SET OPTION BUTTON { ENABLED | DISABLED } A new SHOW OPTIONS command has been added to display the current value. Added support to configure a pre-login banner. This feature allows an administrator to configure up to 2070 characters of text that will be displayed prior to a login. This can be used for displaying any message, such as legal text or disclaimers. Using the web interface, the login banner is configured and displayed on the new "Configuration - System - Login Banner" page. A link to this new page has been added to the "Configuration - System" page. Using the command-line interface, the login banner is configured using the new command: SET BANNER For serial and Telnet sessions, the banner is automatically displayed before the login prompts. For SSH sessions, the "keyboard-interactive" authentication method must be used to be presented with the login banner. For web browser sessions, if the banner is not blank, the default page will display the banner in a fixed-width font, followed by a link to login. If the banner is blank, the default page is automatically adjusted so that the banner page is skipped, making the web login process identical to previous versions. Added support for the upload and download of configurations. This feature allows for configuration backup and restore, as well as a common/template configuration to be uploaded to multiple products. The upload/download of configurations is supported via a built-in FTP server. A single administrator login (at a time) is supported by the FTP server. The FTP server has a fixed one-minute timeout. Two files can be uploaded/downloaded from the root of the FTP server: CONFIG.BIN contains the entire configuration, excluding TCP/IP settings, serialized and factory-only configurations, the X.509 certificate, and SSH keys. This file is encoded as to not be user readable or editable. Although encoded, this file should be kept in a secure location. This file should not be edited. If edited, the file will be invalid when uploaded. NETWORK.INI contains just the TCP/IP settings (IP address, subnet mask, gateway, DNS1, and DNS2). This file is user readable and editable. When uploaded, the NETWORK.INI settings only take a few seconds to be stored. When CONFIG.BIN is uploaded, several minutes are needed to store the entire configuration. During this time, an additional upload will not succeed. Thus, if both files are to be uploaded, NETWORK.INI should be uploaded first. If either NETWORK.INI or CONFIG.BIN are uploaded, then upon a timeout or logout from the FTP server, an automatic restart is set to occur, pending the successful completion of the uploaded settings being stored. The restart will cause the product to boot with the new settings applied. The FTP server, and thus the configuration upload/download feature, can be disabled, if considered a security risk. Using the web interface, the FTP Server setting is configured and displayed on the "Configuration - FTP" page. Using the command-line interface, the FTP Server is enabled or disabled using the new command: SET FTP SERVER { ENABLED | DISABLED } The SHOW NETWORK command has been updated to display the current FTP Server setting. Note: The FTP Server does not support web browser FTP file transfers. A non-web-browser FTP client must be used. Added web security checks to prevent out-of-order submittals of form items from being applied. Changed all web security realms to have the same realm name. This should cause web browsers to clear all cached passwords for the product when an error 401 (not authorized) page is sent. Fixed the web login code to ignore case when comparing the entered username with names already in the active-session table. This prevents identical account logins from using multiple sessions if the username is entered in a different case. Added support to the SSH server for the "keyboard-interactive" authentication method. This method must be used to be presented with the pre-login banner text. Fixed the SSH server so that it no longer reports to an SSH client that "public-key" is a supported authentication method. The methods currently supported are "keyboard-interactive" and "password". Added code to prevent outlet, group, and port names from being set to "ALL", which is a reserved keyword. Fixed the ADD and DELETE commands to always accept the absolute port IDs for the Console and Modem ports. Fixed the command-line interface to not allow the port name MODEM to be used with the ADD and DELETE commands on products that do not have a MODEM port. Removed debugging options that could expose account passwords to administrators. Changed "baud rate" to "data rate" in the command-line interface. Fixed another serial driver problem that could allow the command-line interface to get behind by one character for a session started on the Console or Modem port. Built with updated TCP/IP, SSL, and FTP Server libraries. 05-12-01 5.3d swcdu-v53d.bin Fourth production release Fixed the system failing to boot when configured with an invalid IP Address and Subnet Mask combination in which the bits in the host portion of the IP Address are all ones (the subnet broadcast address). The TCP/IP stack no longer attempts to load when the bits in the host portion of the IP Address are either all ones or all zeros, as both cases are invalid for a host IP address. The web user interface no longer allows these invalid combinations. Fixed several cases of TCP/IP sockets not being closed upon TACACS+ authentication failures. This fix avoids an automatic restart that would otherwise occur if all socket resources became unavailable. Added support to the LDAP and TACACS+ clients to cause a fallback to local authentication when the destination network or host is unreachable and the Authentication Order is set to Remote-Only. Previously, this fallback would only occur when the host refused the connection or when the connection to the host timed-out. These additions cover additional cases in which the host may be unavailable, but fallback should occur. 05-11-16 5.3c swcdu-v53c.bin Third production release Fixed a critical security flaw affecting HTTP/S authentications when the web server is set for Basic authentication. Fixed the SNMP agent to allow the temperature and humidity threshold objects to be set through SNMP. Previously, noSuchName or notWritable was being returned for these objects. Fixed cases of spurious SNMP traps being generated for temperature and humidity sensors that are connected to an environmental monitor that goes off-line and then back on-line. Fixed a serial driver problem that could allow the command-line interface to get behind by one character. Fixed a problem in the LDAP client that allowed a directory server group name to match local user account names, instead of just local LDAP group account names. Fixed the problem of a branch fuse error being reported for the branches of an input feed that is off. The input feed is now properly reported as being off, instead of reporting a fuse error. This only applies to products with branch-circuit fuse sensing. Fixed the command-line interface to not allow the port name MODEM to be used with the SET PORT command on products that do not have a MODEM port. Fixed the command-line interface to not allow the ID or name of a slave tower to be used with the SET TOWER command when a slave tower is not connected. Fixed a spelling error in an error message that can occur on the "Configuration - Users" web page. Added robustness improvements to the non-volatile memory (NVM) access routines. Added robustness improvements to the internal communications bus access routines. Eliminated unnecessary bus communications for features that are not supported by the hardware. Added support for the serial port data rate to be changed without requiring a restart. The change now occurs upon logout of the current session. A message that the data rate is changing is sent at the current data rate just before the data rate is changed. This same message is also sent upon a boot completing if the administrator-configured data rate is different than the fixed console-port boot data rate of 9600 bps. Added support to configure the TACACS+ port number. Using the web interface, the TACACS+ port number is configured and displayed on the "Configuration - TACACS+" page. Using the command-line interface, the TACACS+ port number is configured with the new command: SET TACACS PORT { number } The SHOW TACACS command displays the current value. Added support for the keyword ALL to be specified as the group name in the ADD/DELETE GROUPxxxxxxxxxx commands. Added a check to the LDAP client that DNS can resolve the LDAP host address when the bind type is set to MD5, which is required with MD5 LDAP binds. Added the brief display of dash-dash on load displays during off-line to on-line transitions while the initial load reading is occurring. Added support for new load measurement hardware that supports 60 Amp input feeds. Added support for new front-panel LED hardware that displays the status of the outlets. 05-07-17 5.3b swcdu-v53b.bin Second production release Completely redesigned and re-implemented the LDAP authentication feature to support a wide variety of directory services and non-standard schemas. LDAP bind, search, and filter strings are now configurable by an administrator to match their particular directory service and schema. See ldap_update.txt for more information. Fixed the LDAP implementation to support simple binds with Active Directory servers. Fixed the LDAP implementation to not require uppercase usernames for HTTP logins when authenticating with an Active Directory server using MD5 binds. Added a per-outlet Post-On Delay feature. This feature allows for an extra delay after an outlet is turned on before the other outlets after it are turned on. This delay only applies to the other outlets at power up and when those outlets are part of the same single operation that caused the turn on of the outlet with the non-zero Post-On Delay. A typical use of this feature allows for a device to complete its boots before devices that are dependent upon it are booted, such as in a client/server network application. Using the web interface, the post-on delay is displayed on the "Configuration - Outlets" page and is configured on the "Configuration - Outlets - Edit" page. Using the command-line interface, the post-on delay is configured with the new command: SET OUTLET POSTONDELAY { outlet_id } { nnn } where "nnn" is a value, in seconds, between 0 and 900. The SHOW OUTLETS command displays the current setting. Upon factory reset, the default value is 0 seconds. Added an option to invert the load displays. When inverted, the load values for all input feeds in the system will be written upside-down, and in whole amps, to the respective displays. This feature is to allow for upside-down mounting of vertical products when the power is fed from the ceiling. Using the web interface, the display orientation is displayed and configured on the "Configuration - System" page. Using the command-line interface, the display orientation is configured with the new command: SET DISPLAY { NORMAL | INVERTED } A new SHOW DISPLAY command displays the current setting. Upon factory reset, the default is determined by an internal factory-installed jumper/switch position. Unless the product was specifically ordered with inverted displays, this jumper/ switch position will be open, resulting in normal display orientation. Added medium-speed (1/2 second on/off) blinking of load displays when the input feed load value is above the pre-set SNMP trap threshold. Added support to the CLI and Web interfaces to allow an administrator to configure the SNMP MIB-II sysName, sysLocation, and sysContact objects. Using the web interface, the SNMP MIB-II sysXXXXX objects are display and configured on the "Configuration - SNMP" page. Using the command-line interface, the SNMP MIB-II sysXXXXX objects are configured with the new commands: SET SNMP SYSNAME { string } SET SNMP SYSLOCATION { string } SET SNMP SYSCONTACT { string } The SHOW SNMP command has been updated to display the current values. Removed the automatic display of the outlet status upon a non- administrative login to the command-line interface (CLI). Removed code from the Telnet and serial port login routines that caused the entered username to be uppercased. This could prevent TACACS+ logins from succeeding. Fixed the problem of default non-administrative TACACS+ privilege- level accounts not having appropriate access rights to login through the web interface. Added HTTP session cookies to force re-authentication after a timeout or logout of a web browser session when the web server is set for Basic authentication. Fixed the web server to no longer be vulnerable to the Cross Site Scripting (XSS) vulnerability (CAN-2003-0218). Fixed memory leaks and handling of low memory conditions in the HTTPS (SSL/TLS) code that could cause the web server to hang. Fixed problems where corrosive page refreshes could cause the web server to hang. Fixed absolute URLs not being handled correctly when accessed from HTTP V1.0 browsers. Changed hyperlinks on the HTML logout and error pages to be absolute, not relative, to avoid possible broken links. Added a hint in the web error message box for an invalid IP address to indicate that 0.0.0.0 should be used for none. Fixed the problem of closing the web browser before the Restarting page is displayed, but after confirming a restart, from preventing the restart and no longer allowing another restart to be issued, by web or CLI. The restart will still not occur, but another restart can now be performed. Changed the TACACS+ web configuration page to not send the current encryption key to the browser because, even though it was shown as dots, viewing the source would show it in clear text. The status of the key is now shown as just "(blank)" or "(set)" and a separate form allows for a new key to be entered and verified. Changed the User Edit web page to not send the current password to the browser because, even though it was shown as dots, viewing the source would show it in clear text. A new password can now be entered and verified on the page, or left blank for no change. Fixed improper handling of low memory conditions in the Telnet server that could cause the server thread to end. Fixed improper handling of low memory conditions in the SSH server that could cause the server thread to end. Fixed problems in the SSH socket handling code that could cause the product to crash and automatically restart. Fixed the TCP/IP stack to no longer be vulnerable to Blind TCP Reset attacks (CAN-2004-0790). Added code to monitor the TCP/IP socket usage and to perform an automatic restart if all socket resources unexpectedly become unavailable. Fixed the PING command to always close sockets in case of errors. Increased the stack size of the SNMP trap thread to avoid potential system crashes. Fixed a problem that caused SNMP SET (write) operations to fail for the Sentry3-MIB systemLocation object. Fixed the SNMP agent to not match object IDs (OIDs) that are too long. Fixed the SNMP agent to not allow objects to be lexicographically out of order. Fixed the SNMP agent to return SNMP v2c error values when SNMP v2c protocol data units are used. Fixed the SNMP agent to check for and properly handle negative table index values. Fixed the CLI SET SNMP xxxCOMM commands to allow spaces in the community strings. Previously the string would be truncated at the first space. Fixed an incorrect internal SNMP message length that could cause memory to be overwritten. Fixed corruption of an internal debugging log by messages that were too long. Added debug logging of thread peak stack usage. Changed the behavior of beta code versions to not disable auto-crash recovery (auto-restart) code. Added debugging code to record in flash the running thread during a crash, before an auto-restart. Added reset of a communication bus multiplexor when the selected channel is hung. This fix works in conjunction with updated hardware to avoid a non-powered, but connected, slave product from hanging the internal communication on the master. Built with all available updated system libraries. 05-04-22 5.3a swcdu-v53a.bin First production release =============================================================================== Copyright (C) 2021 Server Technology