| sep2005.tar |
Console Servers Product SurveySteve Michnick The quintessential and critical requirement for managing any high-powered and multiform data center is solid and secure console management. Highly skilled sys admins require around the clock, secure remote access to system consoles from any location to effectively and efficiently manage the crucial assets in a distributed environment. System managers require the features of data encryption, session monitoring, and audit logging to meet increasingly strict security expectations from customers and government regulators. Console servers are designed to address these requirements and provide many other features that simplify the task of operating a fleet of data processing equipment. This survey will help you get to know many of the features available when evaluating console server products and shows how vendors in the marketplace are positioning themselves to meet the important console server requirements. Console Access Methods The first and foremost features to consider when evaluating a console server are the methods it will provide for accessing your computer systems and network devices. There are two fundamental methods -- terminal server and browser-based approaches. All surveyed vendor products, except one, support both methods with moderately varying degrees of features. Terminal Servers Terminal servers provide a command-line interface (CLI) that can use secure shell (SSH) protocol for encrypting the console network connection. The CLI approach to accessing consoles has been the standard method for access for years and vendors provide a broad range of terminal emulations to support a wide range of systems. You should still check with the console server vendors about compatibility if you have devices that do not support VT-100 interfaces. One important limitation to terminal server access across SSH is the need for sys admins to carry their SSH client licenses and keys with them to successfully connect to a system console. Another limitation to the CLI/SSH approach is the limits of the terminal server's SSH client's ability to determine and cache critical alerts, so they can be sent to the admin when he starts a console connection. Finally, check whether a vendor's console server SSH-based client will interact with your operations standards for Authentication, Authorization, and Accounting (AAA) systems, such as Lightweight Directory Access Protocol (LDAP), RADIUS, Active Directory, and Cisco Systems TACACS+. Browser Access Web browser-based access is desirable since it provides access to the console server through the Internet under the protection of the Secure Sockets Layer (SSL) protocol using a wide variety of Java-enabled devices. This gives sys admins with 24-hour, on-call responsibilities the capability to quickly respond to alerts from anywhere in the world that has Web access. Browser access sets a sys admin free from carrying a copy of an SSH client along with the requisite server keys. Web-browser solutions also can take advantage of the full potential of the console server operating system's ability to cache and intelligently process system messages to provide a full report of alerts and traps from a managed server. Browser solutions also provide flexibility in implementing encryption algorithms and AAA solutions for directory services due to the ease of sending Java applets to the client browser. The main drawbacks to browser access to console servers are the limitations to terminal emulation and the lack of support for out-of-band access, which will be critical when confronted with a denial-of-service attacks. How to Use the Survey This survey is organized into four categories: console server features, platform specifications, connectivity, and security. Each line time-categorizes some of the important aspects to consider when developing specifications for evaluating console server vendors. Console Server Features This is a short summary of the platform, operating system, addressing support, and redundancy features available from each of the vendors that replied to requests for information about their products.
Platform Specifications This section provides the details of the number of CPUs, available RAM, and Flash Memory capabilities of each vendor's products. Connectivity This section details the port capacity, data transfer rates, Ethernet interfaces, protocols supported, and whether Web-browser access is supported by the vendor's products.
Security This section summarizes key security features offered by the vendors. These features include encryption algorithms, authentication method, session monitoring and logging capabilities, history buffering, SSH compatibility, and method for sending critical system alarms. Vendor Notes Each of the vendors included in this survey replied with generous information about all the console server products they offer. These replies were condensed to show the common features available across each vendor's product lines along with specific notes describing where there are differences in the features available between the ranges of vendor models. Please consult the vendor Web sites or sales consultants for complete and specific details for each of the models. All but one vendor in this survey offer integrated hardware/software console server solutions. Carlo Gavazzi provides software to turn a Sun Solaris server, equipped with proprietary Asynchronous Multi-port Controllers, into a console server. Carlo Gavazzi's unique approach provides the ability to custom-build a console server with the level of performance, redundancy, and number of console ports to suit your needs. Steve Michnick has more than 20 years experience working with information technology in the areas of systems and network administration, programming, and IT project management. He has managed mainframe, Unix, and Windows systems for academic institutions and petroleum, telecommunications, and financial services industries. His current focus is on Unix systems performance management and capacity planning. Vendor Contact Information Avocent
Carlo Gavazzi Computing Solutions
Cyclades Corporation
Digi International
Lantronix
Logical Solutions, Inc.
MRV Communications, Inc.
Opengear
Perle Systems, Inc.
Raritan Computer, Inc. |