Taking Control: IP Devices Promise the Future of Data Center Control and Management
Introduction IT professionals have always wanted the flexibility of anytime, anywhere access to their servers, network devices, and applications. Whether problems caused by device failures, denial of service attacks, cyber intrusions and malware, or natural disasters, data centers are constantly at risk. This need for secure remote management has risen to the forefront as a top priority on the To Do list of network administrators. Until now, this was cost-prohibitive for all but the largest data centers. However, the affordability of IP remote management devices has enabled organizations of all sizes to benefit from secure over IP access across the room, throughout an office complex in a distributed computing environment or transcending global boundaries all via an Internet connection and browser. The question becomes: How can remote management not make sense, and what is the effect on the information infrastructure? The answer to the first half of the question lies in the optimization of IP KVM (keyboard/video/mouse) switches and IP-based remote management devices. These technology enablers help network administrators to easily and effectively diagnose, control and repair server-based problems from any location in real time. In terms of the second part of the question, for an organization with many legacy devices and existing KVM switches, an IP-based remote management device is the answer. These can work with both analog and digital KVM switches. Other organizations may opt for hybrid devices that combine both the KVM switch and remote management functionality in one box. With either option, network administrators can receive significant cost and IT benefits as well as remote access. These hardware-based solutions have proven to be a more reliable solution than remote access software, which requires an agent running on each target server. Remote access software may have some caché in the industry, but it is limited in ultimate capability and imposes a CPU overhead burden. A hardware-based combination of a KVM switch with an IP-based access device gives the remote user direct access to hundreds of servers with no CPU overhead. It also provides total control, from GUI applications to BIOS-level troubleshooting, maintenance, and even rebooting. More importantly, this solution can provide out-of-band access so servers remain accessible even if the primary network is down. These capabilities are vital to IT professionals, especially when they have to react to an unexpected technical crisis. According to a recent report by Venture Development Corporation (VDC) on the market potential for remote management solutions: IP-Based KVM Switches will drive industry growth as more branch sites adopt the solutions for remote server management. Serial Console Servers can significantly reduce enterprise costs. Effective management of IT peripherals using these devices can substantially reduce network downtime. This white paper discusses the nature of the current KVM environment related to remote access and control, both for total Lights Out scenarios as well as for convenience and time-
savings in locally staffed environments. In reality, sensible remote management deployments should consider all available tools for an integrated approach. A Remote Management Technology History Lesson Historically speaking, the client-server model largely replaced the mainframe in the early 1990s at which time LAN-connected servers each with its own keyboard and monitor filled data centers and created the demand for server switches. The earliest switches were K- V only since the mouse was not a factor in the predominant DOS and Novell Netware environments of that era. With first generation KVM switches (really KV switches), IT professionals had to sit or stand in front of the computers since cable lengths were short. The desire for control from afar led to the advent of software-only methods for remote access, such as PC Anywhere, Carbon Copy, Timbuktu, and later VNC (Virtual Network Computing), Windows Remote Desktop, Apple Remote Desktop and similar applications. These methods have continued to evolve and to join various terminal access solutions for Unix, Linux, Windows and Mac OS-X machines as well as remote access as a service solutions like GoToMyPC. All these solutions permit control from afar even if afar is simply down the hallway. In the mid 1990s, the rise of the multi-user KVM switch brought longer cable runs, and later the introduction of Category 5-cabled analog KVM switches extended the server-to-console distance to nearly 1000 feet enough to span most office layouts within a single floor or small building. Hence, the local remote access solution could be hard-wired. By the late 1990s, mouse control and color video support were integrated into several models of stand-alone IP interface boxes from various KVM switch manufacturers. That early generation of IP KVM interfaces comprised large, costly computers equipped with special purpose cards and software; these boxes adapted existing KVM switches so that connected servers could be accessed via a TCP/IP network connection. Such IP KVM access allowed IT managers and technicians to monitor, diagnose and perform maintenance on a variety of platforms without being physically present. Most importantly, by keeping tabs on systems and fixing problems remotely without running down the hall or traveling between floors or buildings managers could minimize costly system downtime while saving their own precious time. The Present IP Access Landscape Most KVM switch manufacturers offer IP-based remote access solutions. Many of these solutions are integrated within KVM switches, serial terminal servers, and power distribution units (PDUs), while others are offered as stand-alone IP interfaces that can be appended to existing non-ip enabled devices. Some card-based IP access solutions are integrated into individual servers, either offered by the server company or third party manufacturers. Each approach may offer benefits depending on the applications.
Overall, today s enterprise is deploying greater numbers of IP-enabled remote management solutions. In many cases, these are best utilized as a mix of solutions that also include local (analog) KVM access and software remote desktop or remote terminal access. The prudent IT professional that understands the underlying terminology and technologies behind modern remote management solutions will be the hero of the organization, especially if the network used for software remote access is down. Software Remote Access Software-based remote solutions are typically less expensive than their hardware counterparts. For example, Remote Desktop is included within Microsoft s Windows operating systems at no extra charge. Such solutions are generally quite effective for server management, and remain a valuable tool, particularly over fast LAN connections. However, this option generally becomes useless when the server is locked up. All software remote access methods share a common pitfall because they demand a properly functioning server. If the difficulty involves a locked up platform or one that fails to boot properly, then remote control software solutions are ineffective. This situation paves the way for a solution that provides remote access to the keyboard, monitor and mouse ports of the server (or other device) and thereby allows for BIOS level monitoring and command intervention. Such access allows the user to restore the network in a manner that is equivalent to being there. IP KVM Switch Access Known by various monikers including IP KVM, KVM over the Net, and KVMoIP, among others, this technology converts the digital keyboard, mouse and the analog video signals at the computer (or analog KVM switch) console connections to move through a TCP/IP network as a stream of data packets. The actual conversion between TCP/IP and computer interface signals occurs at one of three places: in a stand-alone interface that typically connects to the console port of a KVM switch, as part of an integrated KVM switch with built-in IP accessibility, or within a specialized circuit card (typically a PCI card) that sits in the individual computer being controlled. The remote access is handled by software on a remote computer, sometimes in the form of a dedicated software client and more often through a standard web browser. IP KVM allows one or more simultaneous users (depending upon the hardware design) to control servers from anywhere in the world. In contrast to software solutions, this technology enables network administrators to monitor and control the full boot cycle for the connected servers. This level of access is critical for installing certain drivers, setting up SCSI drive arrays, updating firmware, and performing a network boot, and so forth. This technology is also valuable for local access. For example, remote access within an office eliminates cable drops between floors. IP KVM systems with one or two physical switches per rack consumes less inter-rack wiring than analog systems where multiple cables may be needed between the switches in various racks.
IP KVM is proving to be a business-critical tool to comply with the Sarbanes-Oxley act requirements for remote, redundant computing. As the technology continues to evolve, an equally compelling use could be customer support/help desk applications within the enterprise, and outsourced support scenarios. IP KVM is a boon to follow-the-sun staffing for the worldwide enterprise: why should an organization pay a local crew overtime when it can simply jump across an ocean with IP KVM and have an overseas team monitor the data center during the graveyard shift? Figure 1. Typical IP KVM System (Including IP Serial Access) IP KVMs are generally platform neutral and operating system independent a single client interface can seamlessly access a variety of computers which may be running with different CPUs and operating systems. This flexibility is not typically found in remote desktop software solutions. Since most IP KVM switches are limited to one or two IP-connected users, network administrators within larger data centers are encouraged to take a combination approach with a multi-user analog KVM (typically providing 4 or 8 users per switch) and a handful of
stand-alone IP KVM interfaces connected to the analog switch system. In this case, the user load can be shared by remote and local staff as needed, with a maximum number of local seats populated for handling those occasional but critical peak demand situations like: new software or hardware platform rollouts, stomping out viral outbreaks, recovering from a catastrophic power outage, and so on. IP Serial Switch Access IP Serial access is akin to IP KVM and offers remote control is for serial ASCII data streams. Serial control is common for Unix and Linux servers, although other operating systems such as Windows XP/Vista/Server 2003, and Macintosh OS-X also provide for serial terminalstyle command exchanges. Serial control ports are also common on routers, network-attached storage (NAS), and remotely controllable power distribution units (PDUs). The most prevalent IP control of serial ports is via a terminal server or serial switch that has a built-in IP interface. When the serial switch is being used to control a router, it may be advisable to allow for a second mode of access to the serial switch such as a second maintenance IP network or a dialup modem. Otherwise, if the router is down, access to the IP-controlled serial switch makes it difficult to effect maintenance of that router. (In fact, apart from the main data network, a maintenance IP network for KVM switching is a recommended best practice in this area of technology.) The combination of IP Serial access and KVM access provide a robust solution to remote lights out data center maintenance. However, the remaining piece of the remote management puzzle involves controlling the power to the servers and other devices. IP Power Distribution Unit (PDU) Access The remotely controllable PDU has emerged as an essential tool when servers are locked up and require power cycling, as well as for activating occasionally used systems in order to save power. In addition, these PDUs are valuable for powering down non-essential systems in the event of an emergency such as air conditioning failure, UPS-only operation during an extended power outage, etc. Some PDUs offer useful, automatically sequenced turn-on of multiple connected servers. This feature proves valuable for taking an entire rack of computers online after maintenance or a power outage. There is a higher current surge when a machine is first powered up. By sequencing these surges instead of having an all at once situation, the overall capacity of the power strip is less apt to be exceeded, and the chance of tripping a circuit breaker is reduced. Environmental Monitoring A number of manufacturers offer hardware devices that combine different sets of sensor inputs and relay-controlled contacts that can be accessed for remote control and management
via IP. Typical functions include sensing of temperature, moisture, door-openings, and power consumption. These product detect climate changes due to failed cooling systems, broken water pipes or leaky roofs, physical security breaches, and so forth. Analog (Cat 5) Matrix KVM Switches Don t Overlook This Technology IP KVMs have taken the lion s share of interest but the analog KVM switch continues to play a significant role in remote access. In particular, the Cat 5 KVM matrix switch offers costeffective multi-user control over a proliferation of servers. Individual hardware boxes support 2, 4, 8 or more user consoles, which can access from 8 to 32 or more servers, and such hardware boxes can be daisy-chained or cascaded to create systems where 8 or more users control thousands of servers. For true long-distance remote access, users can simply connect one or more IP KVM access units (interface adaptors) to the console port(s) of the analog KVM; some companies even offer combined IP/local console stations for their analog KVM switches. Under each scenario, the user receives the benefit of the best video/keyboard/mouse response for the local users and all the benefit of remote access. Refer to Fig. 2.
Figure 2. Analog (Cat 5) KVM Switch System with Added IP Access Centralized Control for Remote Management The expanded use of IP KVM and IP Serial devices raises issues of overall access management and ease of use. Network administrators with multiple standalone IP-accessible devices must select the correct IP address for each device and execute a separate log in this approach can work for a few switches but can offer limitations for larger data centers with many remote locations.
From a management standpoint, the presence of multiple IP KVM and IP Serial devices (switches or PDUs) within the enterprise can be daunting if each is accessed independently. The answer lies in providing a centralized dashboard to control, log and report on IP KVM and IP Serial activity. Leading manufacturers of IP KVM and IP Serial products offer various solutions as dedicated hardware gateways or in the form of software based solutions that run on standard servers. The physical IP KVM and IP Serial switch installation is unchanged; only one more Ethernet drop is required (to the central control system, per Fig. 3). Figure 3. Centralized Control Simplifies Enterprise IP Access Centralized control provides the efficiency of having a single IP address that allows users to point and request access via a challenge-response system such as the active directory or RADIUS approach. The system should be based on a secure network methodology (such as HTTPS, SSL, DNS, LDAP/LDAPS). For added security, network traffic that is funneled through a centralized IP KVM/IP Serial management system should offer 128-bit encryption, flexible session time-outs, password expirations, and strong username/password authentication. Better central management systems permit permission-based groupings of servers and devices, and may also provide for auto device discovery, system health
information, and alarms (via SNMP, for example). At the highest level of access, network administrators should be able to view, in real time, which users are logged in and those devices they are monitoring and controlling centralized control should give these IT professionals the capability to temporarily displace logged-in lower ranking users should the network be compromised. Such tools are a boon to the secure, easily-deployed enterprisewide use of IP KVM and IP Serial switches. Selecting the Right IP Access System and Deploying it Properly When determining the best IP access system, consider how many users: 1. Typically access the servers 2. Require access to servers at once 3. Operate beyond the local remote limit of 1000 feet so from the server 4. Stay connected to the switch for long periods of time 5. Perform most of their work via software-only solutions (e.g., Remote Desktop). In terms of overall considerations, IP access should not be evaluated purely by the cost of the equipment but should also factor in the substantial money lost to the enterprise due to even a fraction of a percent of downtime. and how much of that can be eliminated with the right balance of IP and local access. After taking into account all these considerations, network administrators may find that the ideal Remote Access system may differ in design than the sheer count the users, count the ports brute force approach taken by some vendors and consultants. Buyer beware since the unsuspecting IT pro could wind up specifying a system has more capability than needed at twice the cost to install. On the flip side, a system with limited capabilities will not satisfy real-world daily needs, nor will it suffice in crisis situations. Summary Today s organizations are continually challenged to maintain control of its data centers within its walls and beyond. Remote management is a powerful tool for control but selection of the right solution that can work seamlessly with an existing infrastructure is paramount. Network administrators with the right remote control vision can help their companies gain more access to devices anytime, anywhere while maintaining the security and integrity of their infrastructures. Remote management is a powerful tool in the hands of the network administrator. With great power comes great responsibility to make the right choices.