TSR – The Server Room Show – Episode 47 – Remote Management Tools

Prologue

Today it is about the System and Network Administrators. Specially the ones who would do everything remotely from the comfort of their own chair and desk preferably using their own computer and just do what needs to be done or dealt with at the company infrastructure or network. I know this cause I am one of those people.

Solutions from Remote Management/Support Tools to IPMI and Managed PDU-s, All and Everything which helps You be far away but work just as efficiently from Your own comfort just like if You were there.

In-Band Vs Out of Band Management

In-Band management is the ability to administer resources or network devices via the corporate LAN while Out of Band management is a solution that provides a secure dedicated alternate access method into an IT network infrastructure to administer connected devices and IT assets without using the corporate LAN.

Hardware and Software solutions both exist for In-Band and Out of Band management to help a system or network administrator achieve what he/she has to either from inside the corporate LAN while working from the corporate office or on site and also from remotely working from home or while being half way on the other side of the country or continent.

Money invested in all of these solutions are fruitful in the long term when a technician has to travel less often, can work securely from a remote location without being put in harms way unnecessarily not even mentioning a situation when there is just no possibility to get to the location to deal with an emergency f.e at 2am in the morning and the closest technician lives 1,5h with regular commute.

As We will see some of these built in OOB or In Band solutions are coming as standard on some devices and optional on some others or even requires a completely separate appliance dedicated to serve a given task or purpose.

When it comes to software some exists from far back from the 70s

Some solutions both HW & SW can be used for both In-Band and Out of Band (OOB) access or management while others are more suited or dedicated to one approach or the other.

OOB management mostly serves for emergency operations/maintenance while In-Band management is more suited as per the nature of having direct network access to the resources via Corporate LAN during the normal Business Hours when its possible as well to a technician to walk up to the machine or server if he/she has to.


Software Solutions

Some of these You already know maybe You even use it on a daily basis just never thought of it consciously that it is indeed a tool in the toolbox of Remote Management Solutions.

Telnet / SSH

Telnet is an application protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. User data is interspersed in-band with Telnet control information in an 8-bit byte oriented data connection over the Transmission Control Protocol (TCP).

Telnet was developed in 1969 and became one of the first Internet standards. The name stands for “teletype-network”

Historically, Telnet provided access to a command-line interface on a remote host. However, because of serious security concerns when using Telnet over an open network such as the Internet, its use for this purpose has waned significantly in favor of SSH.

The term telnet is also used to refer to the software that implements the client part of the protocol. Telnet client applications are available for virtually all computer platforms. Telnet is also used as a verb. To telnet means to establish a connection using the Telnet protocol, either with a command line client or with a graphical interface. For example, a common directive might be: “To change your password, telnet into the server, log in and run the passwd command.” In most cases, a user would be telnetting into a Unix-like server system or a network device (such as a router).

Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network.Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH.

SSH provides a secure channel over an unsecured network by using a client–server architecture, connecting an SSH client application with an SSH server. The protocol specification distinguishes between two major versions, referred to as SSH-1 and SSH-2. The standard TCP port for SSH is 22. SSH is generally used to access Unix-like operating systems, but it can also be used on Microsoft Windows. Windows 10 uses OpenSSH as its default SSH client and SSH server.

Despite popular misconception, SSH is not an implementation of Telnet with cryptography provided by the Secure Sockets Layer (SSL).

SSH was designed as a replacement for Telnet and for unsecured remote shell protocols such as the Berkeley rsh and the related rlogin and rexec protocols. Those protocols send information, notably passwords, in plaintext, rendering them susceptible to interception and disclosure using packet analysis.The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet, although files leaked by Edward Snowden indicate that the National Security Agency can sometimes decrypt SSH, allowing them to read, modify and selectively suppress the contents of SSH sessions.

SSH can also be run using SCTP rather than TCP as the connection oriented transport layer protocol. The IANA has assigned TCP port 22, UDP port 22 and SCTP port 22 for this protocol.

VNC / RDP

VNC

In computing, Virtual Network Computing (VNC) is a graphical desktop-sharing system that uses the Remote Frame Buffer protocol (RFB) to remotely control another computer. It transmits the keyboard and mouse events from one computer to another, relaying the graphical-screen updates back in the other direction, over a network.

VNC is platform-independent – there are clients and servers for many GUI-based operating systems and for Java. Multiple clients may connect to a VNC server at the same time. Popular uses for this technology include remote technical support and accessing files on one’s work computer from one’s home computer, or vice versa.

VNC was originally developed at the Olivetti & Oracle Research Lab in Cambridge, United Kingdom. The original VNC source code and many modern derivatives are open source under the GNU General Public License.
VNC in KDE 3.1

There are a number of variants of VNC which offer their own particular functionality; e.g., some optimised for Microsoft Windows, or offering file transfer (not part of VNC proper), etc. Many are compatible (without their added features) with VNC proper in the sense that a viewer of one flavour can connect with a server of another; others are based on VNC code but not compatible with standard VNC.

VNC and RFB are registered trademarks of RealVNC Ltd. in the US and some other countries.

RDP

Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software.

Clients exist for most versions of Microsoft Windows (including Windows Mobile), Linux, Unix, macOS, iOS, Android, and other operating systems. RDP servers are built into Windows operating systems; an RDP server for Unix and OS X also exists. By default, the server listens on TCP port 3389 and UDP port 3389.

Microsoft currently refers to their official RDP client software as Remote Desktop Connection, formerly “Terminal Services Client”.




Hardware Solutions


iLO – DRAC – ILOM management interfaces

All the above 3 solutions are silicon based (custom chip by the manufacturer) built in either as standard or as optional for their server products. These special hardware chips with an rj45 port with the embeeded software offers complete access to manage and troubleshoot and also to interact with the server f.e set it up from zero without any OS installed and being powered down just by connecting to power and network.

Servers can be racked with minimal effort and configuration required ( only power to be plugged and a network cable to be plugged into these management interfaces) and a System Administrator remotely can power on the server , boot an iso format of an operating system to be installed on the server like a virtual CD, see and be able to interact with the server just like if He/She had the keyboard mouse and monitor plugged in locally also being to able to access BIOS and other management consoles on the server and see all console messages also pre-boot, etc.

Console Servers

Console servers are dedicated 19″ rackmount 1u or 2u purpose built devices with most of the time propietary embeeded operating system (lately many of those are taking over by embeeded linux os-es like busybox).

They enable secure remote console management of any device with a serial or usb console port including Cisco routers, switches and firewalls, Servers and PBXs and more.

Single purpose built hardware solution which provides a secure alternate route to monitor IT, networking security and power devices from multiple vendors.

While software management tools can be used for performance monitoring and some remote troubleshooting they only work when the network is up.

A Console server ensures that the on site infrastructure is accessible even during network outages.

They can be used to reconfigure, reboot and reimage remotely across the internet or WANs. Disruption and downtime are minimized by providing better visibility of the physical environment and the physical status of equipment. This ensure business continuity through improved uptime and efficiencies.

Normally Console servers provide various ways to securely access on-site infrastructure such as 4G/LTE Modem, Wifi, V.92 modem or like a dual redundant uplinks in form of copper and SFP fiber network access ports.

I have two older models myself.

https://www.perle.com/productimages/iolan-scgru-modular-380px.jpg
console server example
https://www.perle.com/images/diagrams/scglwm-remote-console-management-md.gif
Various routes provided for secure OOB access.


KVM over IP

Remote Server Access (KVM Over IP) products are a new breed of non-intrusive hardware based solutions which allow you both in-band and out-of-band network access to all the servers connected to your KVM switch. Utilizing advanced security and regardless of operating system, these KVM Over IP products allow you to remotely control all your servers/CPU’s – including pre-boot functions such as editing CMOS settings and power cycling your servers. KVM Over IP products allow you access via your internal LAN/WAN, and connectivity via the Internet or dial in access via ISDN or standard 56K modems. Access to the IP KVMs is secured with military grade network security.

Utilizing all these advanced features in conjunction is critical for remote maintenance, support, and failure recovery of data center devices.


KVM Over IP Solution Diagram

KVM Over IP (Out-Of-Band)


Most KVM Over IP devices offer remote out-of-band access from anywhere in the world using a web browser or alternative protocol. KVM Over IP devices can be wired to a single server or computer with a KVM Over IP Gateway, or to KVM Switch with multiple sources that can easily be switched between.

IP KVM Application

Networked KVM (In-Band)

Another type of IP KVM product is known as Desktop over IP. Desktop over IP is similar to a KVM extender solution, but is routed via the internal LAN/WLAN network to provide a true desktop experience in a point-to-point or point-to-multipoint configuration. This type of solution is very popular in the broadcast market, clean rooms, secure computing environments and many other solutions that require high resolution, USB peripheral flexibility or environments that you cannot simply run a Cat5 or fiber cable.

Desktop Over IP Application

Web Browser Access

Most IP KVMs allow local (in-bound) and remote (out-of-bound) operators the ability to monitor and access their servers, storage, and network devices over the network using a web-based browser (Java or Javascript / HTTPS – IPv4, IPv6). Web based control methods employ high specification security techniques to ensure that only authorized users may gain access.

VNC Viewer Access

Real VNC (Virtual Network Computer) software was devised to enable users to access and control remote computers. An IP KVM switch with Real VNC protocol embedded into the security layer provides the benefits of both hardware and software based solutions – universal compatibility, superior graphical performance, and reliable BIOS level access together with encryption to assure the safety of your enterprise.

Serial Console Access (CLI – Command Line Only)

A lot of IP KVMs feature RS232, DB-15, Ethernet, or USB based Serial ports for managing external devices such as servers, switches, and IP routers through a command line interface (CLI). Serial Console access allows for text-based administrative tasks such as accessing the BIOS or boot loader, the kernel, the init system, or the system logger. Serial control requires very little IP bandwidth and can be especially effective in low bandwidth applications.


Remote Power

As last resort action if system hung or need to force reboot as no other means or management interface/s as discussed previously responds.

Many types of PDUs and ATS ( Automated Transfer Systems)

Basic
Metered
Monitored
Switched
Switched-Metered-by-Outlet

Metered ATS
Switched ATS


Cyberpower PDU83102
Switched Metered-by-Outlet PDU


Links



https://www.perle.com/supportfiles/out-of-band-management.shtml

https://en.wikipedia.org/wiki/Stream_Control_Transmission_Protocol

https://drwetter.eu/talks/oob-management,sagehh.pdf

https://www.perle.com/products/console-server.shtml

https://opengear.com/products/cm7100-console-server/