| may2006.tar |
Console Servers Product SurveySteve Michnick The principal gateway for accessing and managing all systems in a modern datacenter is a solid and secure console server. Console servers provide access to almost any device controlled by a serial port such as servers, network hubs, routers, switches, and power management systems. The datacenter support staff needs a fast and reliable means to connect to all datacenter components through one centralized service. Sys admins need secure local and remote access to system consoles from any location at any time to effectively and efficiently manage all the servers in a distributed environment. System managers need the ability to monitor connection sessions, audit access logs, and ensure encryption of console activity to meet increasingly strict security expectations from customers and government regulators. A console server is much more than a large KVM switch that extends the connection distance to your terminals. Today's console servers are designed to address security and redundancy requirements and provide features that simplify the task of operating fleets of data-processing equipment. You can find products that offer features such as extensive buffering to capture diagnostic information from a serial device that is having problems. Console server vendors have developed systems to allow you to use the native cables and keyboards for your computers and provide multi-platform and multi-user capabilities. Redundancy features of multiple power supplies and independent network access are now widely available to ensure that the mission critical function of console server is always available. The aim of this year's survey is to help you understand some of the features available when evaluating console server products and show how vendors in the marketplace are positioning themselves to meet your console server requirements. The participating vendors provided extensive information about the features of their console server products, and that information is summarized in the accompanying table. For more detailed console server information and pricing, please contact a vendor sales representative and visit the vendors' Web sites. Console Access Methods The most critical features to consider when evaluating console servers are the methods they provide for accessing your computer systems and network devices. There are two fundamental methods: terminal server and browser-based approaches. All surveyed vendor products support terminal server access and all but one support browser-based access with moderately varying degrees of features. Terminal Servers Terminal servers provide a command-line interface (CLI) that can use secure shell (SSH) protocol for encrypting the console network connection. The CLI approach to accessing consoles has been the standard method of console access for years and vendors provide a variety of terminal emulations to provide support for the widest range of serial port managed systems possible. You should still check with the console server vendors about compatibility if you have devices that do not support VT-100 interfaces. One critical limitation to terminal server access across SSH is that it requires sys admins to carry their SSH client licenses and keys with them to successfully connect to a system console. Another limitation to the CLI/SSH approach is the extent to which the terminal server's SSH clients can determine and cache critical alerts. This is important so alerts can be sent to the admin when starting a console connection. Finally, it is important to understand whether a vendor's console server SSH-based client will interact with your operations standards for Authentication, Authorization, and Accounting (AAA) systems, such as Lightweight Directory Access Protocol (LDAP), RADIUS, Active Directory, and Cisco Systems TACACS+. Browser Access Accessing the console server using a Web browser is desirable because it provides sys admins with a way to connect to the console server through WANs and even the Internet under the protection of the Secure Sockets Layer (SSL) protocol using a wide variety of Java-enabled devices. This provides sys admins with around-the-clock, on-call responsibilities, and the capability to quickly respond to alerts from any place that can provide access to the World Wide Web. Browser access sets a sys admin free from carrying a copy of an SSH client along with the requisite server keys. Web-browser solutions also can take advantage of the full potential of the console server operating system's ability to cache and intelligently process system messages to provide a full report of alerts and traps from a managed server. Browser solutions also provide flexibility in implementing encryption algorithms and AAA solutions for directory services due to the ease of sending Java applets to the client browser. The main drawbacks to browser access to console servers are the limitations to terminal emulation and the lack of support for out-of-band access, which is critical if confronted with a network denial-of-service attack. How to Use the Survey This survey is organized into four categories: console server features, platform specifications, connectivity, and security. Each line categorizes some of the important aspects to consider when developing specifications for evaluating console server vendors. Console Server Features This is a short summary of the platform, operating system, addressing support, and redundancy features available from the vendors who responded to the survey:
Platform Specifications This section provides the details of the number of CPUs, available RAM, and Flash Memory capabilities of each vendor's products. You can also see whether the vendor system hardware uses common hardware platforms such as Sparc or x86-based systems or whether the console server is built with specialized processors or proprietary hardware. This section also provides information about each vendor's redundancy features, such as dual NICs, dual power supplies, and hot-swappable components. Connectivity This section details the port capacity, data transfer rates, Ethernet interfaces, protocols supported, and Web-browser access. A business merger or acquisition can rapidly increase the number of systems in a datacenter. Managers of datacenters should consider how well a console server product can scale to meet the future growth demands of their operation. An Out-of-Band connection feature provides for access to the console server outside of the datacenter network, typically using a dial-in modem. This is a critical requirement for gaining access to the console server when normal network conditions do not exist. Security This section summarizes key security features offered by the vendors. Security features are principle concerns of CIOs and Datacenter Managers. Understanding the features offered by vendors is important for determining whether the console server will meet security requirements now and in the future. These features include encryption algorithms, authentication method, session monitoring and logging capabilities, history buffering, SSH compatibility, and the method of sending critical system alarms. Most vendors provide security features but not all offer the same range of encryption options and AAA capabilities. Understanding the security requirements and technical specifications mandated by your datacenter policies will help you pick the console server that is compatible with your needs. Vendor Notes The vendors who responded to this survey provided generous information about all the console server products they offer. These replies were condensed to show the common features available across each vendor's product lines along with specific notes describing where there are differences in the features available between the vendor models. Please consult the vendor Web sites or sales consultants for complete and specific details on each of the models they offer. All but one vendor included in this survey offers integrated hardware/software console server solutions. Carlo Gavazzi provides software to turn a Sun Solaris server, equipped with proprietary Asynchronous Multi-port Controllers, into a console server. Carlo Gavazzi's unique approach provides the ability to custom-build a console server with the level of performance, redundancy, and number of console ports to suit your needs. Steve Michnick has more than 20 years experience working with information technology in the areas of systems and network administration, programming, and IT project management. He has managed mainframe, Unix, and Windows systems for academic institutions and petroleum, telecommunications, and financial services industries. His current focus is on Unix systems performance management and capacity planning. Vendor Contact Information Avocent Carlo Gavazzi Computing Solutions Cyclades Corporation, An Avocent Company Digi International Lantronix Logical Solutions/Thinklogical MRV Communications, Inc. Opengear Perle Systems, Inc. Raritan, Inc. |