Configuring CyberPower RMCard

This is a guide to how I securely configure a CyberPower RMCard. By default, many settings are left to be desired.

In this guide I assume the actual power-related settings are based on good engineering principles i.e. Keep it default stupid.

1. Firmware Upgrade

When setting up a new device the first thing we should do is update it.

As of the time of this writing, you can download version 1.4.1 from here: https://www.cyberpowersystems.com/product/software/firmware/rmcard205305-firmware-v141/

After downloading, unzip the file.

Login to your new RMCard and head to System > About.

Place the cpsrm2scfw_141.bin file in the Firmware Upload field.

Place the cpsrm2scdata_141.bin file in the Data Upload field.

Select Submit.

The card will reboot, and take around 5 minutes to reload.

Head back to System > About and verify the Firmware Version matches is 1.4.1.

2. Time

NTP is a must with RMCards otherwise you won’t be able to know when something occured in the logs.

Head over to System > General > Time and set the following values:

  • Using NTP Server : Enabled.
  • Primary NTP Server : Your server of choice.
  • Secondary NTP Server : Your server of choice.
  • Update Interval: 1.

Select Apply.

Now head over to System > General > Daylight Savings Time.

I live in the US so let’s enable Traditional US DST time (Second Sunday in March to First Sunday in November).

3. Device Name

Isn’t everything in the server room? Not always, let’s tidy up the name and location of the device. These settings will also be used by SNMP.

Head over to System > General > Identification. Set the following values:

  • Name : CA-UPS-01 I use the naming schema: Location-Device Type-Unique Number.
  • Location : Upstairs Closet` or whatever you think is most accurate.
  • Contact : An E-Mail Address Using an email address allows you to use this in conjunction with SNMP Syscontact.

4. Disable Viewer Account

By default, RMCards ship with a Viewer account that can be used to access your system. Since this is likely not needed by most, let’s disable it.

Head over to System > Security > Local Account and uncheck Viewer: Allow Access.

5. Session Control (Logout After)

Head over to System > Security > Session Control and set the timeout to 10 minutes. Otherwise, you will be logged out every 3 minutes. Which is quite a pain.

6. SNMP

SNMP v1

First head over to System > Network Service > SNMPv1 and uncheck allow access. Then click apply.

Next select the private community and set it to forbidden. By default, RMCards come with an unsafe default SNMP config that comes with read/write.

SNMP v3

Now head over to System > Network Service > SNMPv3 and check allow access. Then click apply.

To set up an SNMPv3 community I suggest the following:

  • User : nms
  • Authentication Protocol : SHA
  • Authentication Password : Your choice between 16 and 31 characters.
  • Privacy Protocol : AES
  • Privacy Password : Your choice between 16 and 31 characters.
  • IP Address : 0.0.0.0

Afterwards, select Apply.

7. Secure Protocols

HTTPS

Head on down to System > Network Service > Web Service, select Enable HTTPS and then click Apply.

SSH

Head down to System > Network Service > Console Service, select Enable SSH and then click Apply.

8. E-Mail Notifications

It’s always nice to know the power is out, or that the UPS is having issues.

SMTP Configure

Head on over to System > Notification > SMTP Server and fill out based on your needs.

Recipients

Head next to System > Notification > E-mail Recipients and add your email address. Make sure to test the setup before continuing.

9. Syslog

The final step! Let’s jump to Log > Syslog and check Syslog Enabled then click Apply.

Next, click Add Server` and add the syslog server of your choice.

10. Network Configuration

This is going to be much more dependent on your setup. In my case, I’d suggest a DHCP reservation so it is easier to update or migrate around later on.

With DHCP reservations, the defaults on the RMCard are fine so make your adjustments on your dhcp server.

In any case, place your RMcard on a secured network. Do no place this on your open workstation network if you can.

A Checklist

Settings Location Default Value Suggested Value Notes Completed
NTP Server System > General > Time Not Set Your NTP Servers Without it you can’t determine easily what time something happened.
NTP Update Interval System > General > Time 8760 1 8760 Hours is once a year, which is silly.
Timezone System > General > Time UTC Set based on your location Makes it easier to read logs.
System Name System > General > Identification RMCARD205
System Location System > General > Identification Server Room
System Contact System > General > Identification Administrator
DST System > General > Daylight Savings Time Disabled Set based on your location Automatic DST swap if needed.
Login Timeout System > Security > Session Control 3 10 Logout is too frequent when using the device.
Viewer Account System > Security > Local Account Enabled Disabled Security: Default account on all CyberPower Devices.
SNMP V1 Read/Write System > Network Service > SNMPv1 Private Read/Write Private Forbidden Security: Read/Write SNMP default on all CyberPower.
SNMP V1 Enabled System > Network Service > SNMPv1 Allow Access: Enabled Allow Access: Disabled Security: SNMP V1 is in plain text.
SNMP V3 Enable System > Network Service > SNMPv3 Allow Access: Disabled Allow Access: Enabled Security: SNMP v1 Alterntiave.
HTTPS System > Network Service > Web Enable HTTP Enable HTTPS Security: Password sent in plain text without HTTPS.
SSH System > Network Service > Console Enable Telnet Enable SSH Security: Telnet is in plain text.
SMTP System > Notification > SMTP Disabled Enable Notifications
Syslog Log > Syslog Disabled Enable Log Management