1.0 Introduction
This article describes the FX2200 Series 2 hardware components and guides you through the process of installing and configuring Fortanix-Data-Security-Manager (DSM) in a three-phase process as follows:
Appliance Specifications and Components
Server Installation: In this phase, you rack and stack the server.
System Installation and Configuration: In this phase, you install the operating system and configure the network on the servers.
Fortanix Data Security Manager Installation and Configuration: In this phase, you install the Fortanix DSM service and configure the Fortanix DSM cluster.
The rest of this article provides the prerequisites for the installation and the details for each phase.
2.0 Accessories and Parts Included in the Package
The following accessories and parts are included as part of the shipment:
One FX2200 Series II appliance
One Rail kit with instructions
Two US power cords
Three Ethernet cables
NOTE
The Small Form-factor Pluggable (SFP) module is not included in the package for fiber-based hardware appliances; it is the customer's responsibility to purchase it separately.
3.0 FX2200 Series 2 Appliance Views
3.1 Front View
Figure 1: FX2200 Front View
3.2 Rear View
Figure 2: FX2200 Rear View
4.0 FX2200 Series 2 Components and Specifications
4.1 Chassis Specifications
The following table lists the FX2200 Series 2 appliance chassis specifications:
ITEM | SPECIFICATION |
|---|---|
Services and Slot Density | |
Power Supply | Dual redundant 300w AC power supply |
Memory | 64 GB high-speed memory |
Storage | 1 TB |
Processor | Intel® SGX |
Network Connectivity | Dual Copper 10 Gigabit Ethernet, 10GBASE-T, IEEE 802.3an, supporting link aggregation Gigabit Ethernet, 1000Base-T 100 Mb Ethernet : 100BASE- TX 1 x IPMI port Dual SFP28 (Small Form Factor Pluggable) supports: SFI interfaces supports 25GBase-R PCS and 25 Gigabit PMA in order to connect with SFP28 to 25GBase-SR |
High Availability | Scale-out clustered design with built-in HA / DR |
Management / Monitoring | Centralized Management with Web UI, CLI and APIsSyslog, Splunk integration, and APIs. Integration with Syslog, Splunk, Prometheus, and Google Stackdriver. |
Reliability | Non Rotating media- Solid State Devices Dual Redundant Power Supplies, FRU’s (Field Replaceable Units) MTBF 250,000 hours (basis of parts count method) |
Power Specifications | |
Power supply | Dual |
AC input voltage | 100-240v |
AC input line frequency | 63-47hz 5-2.5a |
Max power draw | 200 W |
Average Power draw |
|
Physical Specifications | |
Height | 1.7 in (43.7 mm) |
Width | 17.24 in (438 mm) |
Depth | 20.88 in (530.3 mm) |
Weight | 47lbs / 21.31Kg |
Rack mount accessory kit | Included with the unit |
Packaging Specifications | |
Package height | 9.63 in (244.6 mm) |
Package width | 28.88 in (733.55 mm) |
Package depth | 23.88 in (606.55mm) |
Fans | |
Total number of fans | 4 (not FRU) |
Direction of air flow | Front-to-back, port side is the exhaust |
Operating Condition | |
Temperature | -5 to 40 C° |
Transportation/Storage Condition | |
Temperature | -40 to 70 C° |
Reliability | |
Safety | CE, TUV, GS |
EMC | FCC Class B, C-Tick, CCC, VCCI |
Environmental | RoHS |
4.2 Front and Rear Panel Components
This section describes components of the front and rear panels of the FX2200 Series 2 appliance. For the exact location of these components on the appliance, refer to Section 4.2: Front View.
4.2.1 Front Panel LEDs
FX2200 Series 2 has five status LEDs located in the front.
The following table describes the LEDs, their color, and the status they indicate.
LED | COLOR | STATUS |
|---|---|---|
Fortanix Logo | White | Indicates the unit is on. |
Power | Blue |
|
System Status
| Solid Green | Indicates that both power supply units (PSUs) are connected to their slots, have AC input, and are functioning appropriately. |
Solid Yellow | Indicates that one PSU is present with AC input and functioning appropriately, while the other PSU slot is either empty or not detected. | |
Yellow | Blinking: Indicates that one PSU is present with AC input and is functioning appropriately, while the other PSU is detected but lacks AC input. | |
Disk Activity | Amber | Blinking: Indicates there is disk activity. |
ID button | Blue | Indicates the button is pressed for identification. |
4.2.2 Rear Panel LEDs
The rear panel of the FX2200 Series 2 appliance has an ID button similar to the front panel for identification.
LED | COLOR | STATUS |
|---|---|---|
ID button | Blue |
|
4.3 Ports and Connectors
The FX2200 Series 2 appliance supports five types of ports:
Network Interface ports
Intelligent Platform Management Interface (IPMI) port
USB Serial Console port
VGA port
USB port for keyboard connection.
4.3.1 Network Interface Ports
There are two built-in network interface ports on the FX2200 Series 2 appliance. These ports support the following:
10Gigabit Ethernet
10GBASE-T
IEEE802.3an
supporting link aggregation Gigabit Ethernet
1000Base-T 100 Mb Ethernet: 100BASE- TX and are numbered 1 and 2
4.3.2 Management Port (IPMI Interface)
The management Ethernet port on an FX2200 Series 2 appliance is used for the IPMI setup. It uses an RJ-45 connector to connect to a management device for out-of-band management.
The management port uses an autosensing RJ-45 connector to support a 10/100/1000Base-T connection. The two LEDs on the port indicate link/activity on the port as well as the link speed status of the port.
Management Port LEDs:
The management port on the FX2200 Series 2 appliance has two LEDs that indicate link/activity and port status.
Figure 3: Management Port LEDs
The following table describes the LEDs on the management port for both IPMI and copper ports.
LED | COLOR | STATE AND DESCRIPTION |
|---|---|---|
Link/Activity | Green |
|
Status | Green/yellow |
|
4.3.3 DB9 Console Port
The Console port on the FX2200 Series 2 appliance is a serial port and is accessible through a DB9 connector. You can configure IPs of the appliance by connecting to DB9 COM serial port.
4.3.4 VGA Port
The VGA port is used to connect the monitor.
4.3.5 USB Port
There are two USB ports for the keyboard on the FX2200 Series 2 appliance. The USB port complies with the USB 3.0 specification.
NOTE
As part of security hardening, all USB drives on the FX2200 appliance are disabled by default. However, if there is a need to enable the USB drive, then use the following command on each appliance to enable it.
rm /etc/modprobe.d/usb_storage.conf modprobe usb-storage
5.0 Power Supply and Cooling System
The FX2200 Series 2 appliance has a built-in AC-to-DC power supply unit. Read this section to learn more about the AC power supply in the appliance as well as about the cooling system and airflow through the appliance chassis.
5.1 AC Power Supply in FX2200 Series 2 Appliance
The FX2200 appliance has two integrated AC power supply that exposes a NEMA 5-15P male AC inlet connector externally. The unit can be powered by connecting the supplied power cord to AC mains with the C13 female connector end of the power cord plugged into the unit.
5.2 AC Power Cord Specifications
The FX2200 Series 2 appliance ships with two detachable AC power cords. The power cord uses a C13 female connector at one end and the other end is a NEMA 5-15P Male.
5.3 Cooling System in an FX2200 Series 2 Appliance
The cooling system in an FX2200 Series 2 appliance consists of internal heat sinks and an internal fan with adjustable speed. The fan speed is algorithmically controlled, based on readings obtained from internal temperature sensors that in turn is determined by factors such as external ambient as well as the traffic workload.
6.0 Server Installation
If the ambient temperature inside the chassis rises above the acceptable range, the appliance raises an alarm. If the temperature inside the chassis rises above the maximum threshold temperature, the appliance shuts down automatically.
6.1 Overview
This section provides a quick setup checklist to get your FX2200 up and running. By following these steps in the order given will enable you to have the system operational within a minimum amount of time.
6.2 Unpacking the System
Inspect the box in which FX2200 was shipped and note if it was damaged in any way. If the server itself shows damage, file a damage claim with the carrier who delivered it. Decide on a suitable location for the rack unit that will hold the FX2200. It should be situated in a clean, dust-free area that is well ventilated. Avoid areas where heat, electrical noise, and electromagnetic fields are generated. Place it near a grounded power outlet. Read the Rack and Server Precautions in the next section.
6.3 Preparing For Setup
The box the FX2200 was shipped in should include two sets of rail assemblies, two rail mounting brackets, and the mounting screws you will need to install the system into the rack. Follow the steps in the order given to complete the installation process in a minimum amount of time. Read this section in its entirety before you begin the installation procedure outlined in the sections that follow.
6.3.1 Choose a Setup Location
Leave enough clearance in front of the rack to enable you to open the front door completely (~25 inches).
Leave approximately 30 inches of clearance in the back of the rack to allow for sufficient airflow and ease in servicing.
This product is for installation only in a Restricted Access Location (dedicated equipment rooms, service closets, and the like).
6.3.2 Rack Precautions
Ensure that the leveling jacks on the bottom of the rack are fully extended to the floor with the full weight of the rack resting on them.
In single rack installation, stabilizers should be attached to the rack.
In multiple rack installations, the racks should be coupled together.
Always make sure the rack is stable before extending a component from the rack.
You should extend only one component at a time - extending two or more simultaneously may cause the rack to become unstable.
6.3.3 Server Precautions
Review the electrical and general safety precautions.
Determine the placement of each component in the rack before you install the rails.
Install the heaviest server components on the bottom of the rack first, and then work up.
Use a regulating uninterruptible power supply (UPS) to protect the server from power surges, voltage spikes and to keep your system operating in case of a power failure.
Always keep the rack's front door and all panels and components on the servers closed when not servicing to maintain proper cooling.
6.3.4 Rack Mounting Considerations
Ambient Operating Temperature: If installed in a closed or multi-unit rack assembly, the ambient operating temperature of the rack environment may be greater than the ambient temperature of the room. Therefore, consideration should be given to installing the equipment in an environment compatible with the manufacturer’s maximum rated ambient temperature (Tmra).
Reduced Airflow: Equipment should be mounted into a rack so that the amount of airflow required for safe operation is not compromised.
6.3.5 Mechanical Loading
Equipment should be mounted into a rack so that a hazardous condition does not arise due to uneven mechanical loading.
Circuit Overloading: Consideration should be given to the connection of the equipment to the power supply circuitry and the effect that any possible overloading of circuits might have on overcurrent protection and power supply wiring. Appropriate consideration of equipment nameplate ratings should be used when addressing this concern
Reliable Ground: A reliable ground must be maintained at all times. To ensure this, the rack itself should be grounded. Particular attention should be given to power supply connections other than the direct connections to the branch circuit (that is, the use of power strips, and so on.)
6.4 Installing the System into a Rack
This section provides information on installing the FX2200 into a rack unit with the rack rails provided. If the system has already been mounted into a rack, you can skip ahead. There are a variety of rack units on the market, which may mean the assembly procedure will differ slightly. You should also refer to the installation instructions that came with the rack unit you are using.
6.4.1 Identifying the Sections of the Rack Rails
Two rack rail assemblies are provided in the rack mounting kit. Each assembly consists of two sections: an inner fixed chassis rail that secures directly to the server chassis and an outer fixed rack rail that secures directly to the rack itself. Two pairs of short brackets to be used on the front side of the outer rails are also included.
6.4.2 Installing the Server into the Rack
Once you have rails attached to both the chassis and the rack unit, the next step is to install the server into the rack. Do this by lining up the rear of the chassis rails with the front of the rack rails. Slide the chassis rails into the rack rails, keeping the pressure even on both sides (you may have to depress the locking tabs when inserting). When the server has been pushed completely into the rack, you should hear the locking of the tabs "click".
7.0 System Safety
7.1 Electrical Safety Precautions
Basic electrical safety precautions should be followed to protect yourself from harm and the FX2200 from damage:
Be aware of the locations of the power on/off switch on the chassis as well as the room's emergency power-off switch, disconnection switch, or electrical outlet. If an electrical accident occurs, you can then quickly remove power from the system.
Do not work alone when working with high voltage components.
When disconnecting power, you should first power down the system with the operating system and then unplug the power cords of all the power supply modules in the system.
7.2 General Safety Precautions
Follow these rules to ensure general safety:
Keep the area around the FX2200 clean and free of clutter.
FX2200 weighs approximately 43 lbs when fully loaded. When lifting the system, two people at either end should lift slowly with their feet spread out to distribute the weight. Always keep your back straight and lift with your legs.
While working on the system, do not wear loose clothing such as neckties and unbuttoned shirt sleeves, which can come into contact with electrical circuits or be pulled into a cooling fan.
The power supply power cord must include a grounding plug and must be plugged into grounded electrical outlets.
8.0 Prerequisites
Before beginning the Fortanix DSM installation process, please make sure the following requirements are met.
Fortanix DSM appliances are racked and stacked with all cables connected.
The IPMI should be configured correctly and the appliances should be available remotely through the IPMI IP address. For more information, refer to Fortanix IPMI Setup for FX2200 Series II.
Network configuration (IP address, subnet mask, and gateway) has been assigned for each server.
The hostname should be assigned to the Fortanix DSM cluster.
You should add DNS entries (A records) for all the appliances, all mapped to the cluster IP address described above, to your DNS server.
All the ports mentioned in the Section 12.1: List of Required Open Ports should be open between servers.
You should have the ability to issue or generate certificates for certificate signing requests (CSRs) generated by Fortanix DSM with the subject alternative name (SAN) containing the above-stated hostnames.
You should be able to configure NTP on the servers. If the servers are not going to have access to public NTP servers, then they need to be able to connect to an NTP server on your network.
If you are working with Fortanix provided servers, then you must have the default username/password for the servers handy. These will be distributed by email from Fortanix to post shipment of the servers, to a relevant contact person in your team.
When you do a remote login to FX2200 through IPMI KVM (Keyboard, Video, and Mouse) for network configuration, the following keyboard settings are required:
Install US keyboard layout on the user machine
Open the Virtual Keyboard windows accessory (comes preinstalled in all Windows deployments) to make special characters clearly visible with respect to their position on the keyboard.
9.0 System Configuration and Installation
For more information on Remote Administration by IPMI and Network Configuration, refer to Section 4.0 of Fortanix DSM Installation Guide.
10.0 Fortanix Data Security Manager Installation and Configuration
This phase installs Fortanix DSM software and configures the Fortanix DSM cluster. For more information, refer to Section 5.0 of Fortanix DSM Installation Guide.
11.0 Using Fortanix Data Security Manager
After all the servers reboot, you can access the Fortanix DSM web interface using the hostname assigned to the Fortanix DSM cluster, for example, https://<Your_DSM_Server_URL>. For detailed information on Fortanix DSM usage, refer to Section 6.0 of Fortanix DSM Installation Guide.
12.0 Appendix
12.1 List of Required Open Ports
For a list of open ports, refer to Fortanix Data Security Manager Port Requirements.