White Paper: ESP Is not Free

ESP Is Not Free:

Look to KVM over IP for Efficient Data Center Control


Download PDF

Embedded service processors free? Not so fast. To use the features you really need, you typically pay additional licensing costs. Plus, KVM over IP features lower TCO, multivendor support, enhanced security and flexible user management, among other cost savings.

Ushered in on a wave of consolidation, today’s enterprise data center environments tend to be far more streamlined than in generations past. The advent of blade technology has brought about the shrinking of the server footprint, for example, and virtualization has drastically reduced the number of physical hosts required to support enterprise workloads. Continued consolidation and the evolution to highly virtualized, dynamic, multivendor data centers remain top priorities for many enterprise IT executives. The goal is improved agility in a business climate that often requires a 24 x 7 global presence. In such environments, data center downtime simply isn’t an option. IT operations must be up and running at all times.

That, of course, is easier said than done, with unplanned outages still an unfortunate reality at many companies. In a recent independent U.S. survey of 453 individuals, for example, the Ponemon Institute found that most organizations had experienced at least one unplanned outage in the past 24 months. Row-based or localized downtime proved particularly troublesome, with respondents reporting an average occurrence of 6.8 times during the two-year time frame, with an average duration of 152 minutes, Ponemon said in its report. Rack- and server-based downtime had an average occurrence of 11.2 times during that same period, with an average duration of 153 minutes.

As enterprise IT executives evaluate ways to diminish or eliminate downtime in the data center, they must take into account how they’re enabling access to and control of servers and other data center devices. Ideally, they’d be able to access and control virtual and physical servers, no matter the vendors, from a unified interface. In the offing is easier, smarter control of the data center environment.

The Advantages of External KVM and Centralized Management vs. Embedded Service Processors

“That service processors are free is probably one of the biggest misconceptions about managing access and control. When you really get down to it, they’re not.”
DEREK FINCH
Product Manager, RARITAN, INC.

Two of the leading options IT organizations rely on for server management are external keyboard, video, mouse (KVM) switches and embedded service processors (ESPs) with KVM functionality. At first glance, an ESP seems to have an advantage over an external offering, by virtue of its being integrated into and so, theoretically, more in tune with server operations. However, discerning IT managers understand that location isn’t everything.

In fact, as enterprise IT managers consider factors such as performance, manageability, security and pricing, they quickly come to realize that ESPs can actually be more cumbersome and costly than external KVM switches. Today’s highly demanding multivendor, virtualized data centers call for the strongest-possible access-and-control— centralized or remote—capabilities. Only an external KVM-over-IP switch-based solution with centralized access and control can answer that need—and cost-effectively.

Heterogeneous Support

Today’s data centers tend to be a best-of-breed mixed bag. In other words, enterprise IT managers pick and choose from among any umber of vendors’ products to achieve the greatest costeffectiveness, efficiency and flexibility across the server, network, storage and even power and cooling infrastructures.

Data center heterogeneity also extends to the ESPs, which are conveniently located within a device, with each vendor using its own processor. On the server side, for example, Dell has Dell Remote Access Controller (DRAC), HP has Integrated Lights-Out (iLO) and IBM has Remote Supervisor Adapter (RSA). These major server makers as well as scores of other data center vendors support the Intel-led, out-of-band Intelligent Platform Management Interface (IPMI) management technology too. Each type of ESP, in turn, requires its own management interface—exactly contrary to the unified view of infrastructure sought after by many IT managers.

“They’re finding they need a login to get into this type of environment and a login to get into this other one, and those don’t blend well together,” says Derek Finch, product manager at Raritan, Inc., a leading provider of KVM and IT management solutions.

The ability to serve as a centralized point of access—a single IP address—that can provide a view not only of physical, blade and virtual servers but also of intelligent PDUs, serial devices such as routers and other data center gear is a primary advantage of an external KVM solution with centralized management.

Manageability and Security

A second advantage comes in the ease of configuring that single external KVM connection, which is an absolute breeze compared to configuring each embedded processor. In addition, although server vendors claim automatic discovery, deploying ESP connections isn’t really all that easy either. For example, administrators must provide IP address ranges to the management interface. Plus, each ESP physical connection requires network setup, establishment of user privileges, Simple Network Management Protocol (SNMP) scripting and the like.

In addition, ESPs do not provide thorough reporting capabilities and often have anemic centralized user rights management and authorization features. A strong KVM and management solution will support Microsoft Active Directory and other authentication technologies as well as smart card authentication, which is particularly critical in government environments. Such robust privilege management ensures that the right people have access to the right equipment—and it’s all handled through one interface. “You should be able to manage users who have access to a variety of data center and IT resources without having to go into three or four management tools,” Finch says.

Performance

Besides better management and improved security, KVM solutions provide better performance than ESP. KVM switches are known for supporting optimal video quality at any bandwidth. “They can often do video scaling, change resolution settings and such. On the other hand, you typically can’t change your video settings with an ESP. You have one resolution, one screen size, and then you have to go from there,” Finch says.

ESPs often lack in choice of remote access clients, whereas a strong KVM solution provides a broad choice of remote clients.

Backup and Failover

On another front, external KVM solutions provide better backup and failover features. In fact, many IT managers set up a KVM system as a backup to an ESP network. If the ESP network fails, the KVM solution will be able to provide local, or switched, access to all servers while physically in the data center. For example, a KVM switch will often connect as many as eight users to 32 servers, modems or other devices. “You can tier and cascade the switches together to create a large matrix network,” Finch explains. This is not to say that an IT manager couldn’t use service processors for backup, he adds. “But you’re talking about a big additional expense to do that.”

Cost Savings

“Being able to see every server from one console is ideal. I have console access to any one of the Raritan switches. I can log in with a single sign-on to our entire IT infrastructure anywhere.”
MIKE CARPINELLA
Technical Services Director, Duane Morris

Looking at cost, an external KVM solution also wins out over use of ESPs as one last advantage. Although often advertised as or assumed to be free, embedded solutions don’t actually come without charge for any but the most basic features. IT managers may find themselves paying as much as $500 per port in licensing fees associated with advanced features, for example. Meanwhile, pricing for a KVM-over-IP solution such as Raritan’s Dominion KX II starts at $200 per server.

Don’t overlook network costs. A KVM switch requires only one IP address, whereas each ESP typically gets its own IP address, switch port and cable run. Consider that the average total cost of ownership (TCO) for a network port in a data center is $200. With the use of a 32- or 64-port KVM switch, an IT manager can achieve a 32- to 64-to-1 reduction in the number of IP addresses, network orts and cable runs required in the data center. “That service processors are free is probably one of the biggest misconceptions about managing access and control,” Finch says. “When you really get down to it, they’re not.”

Raritan’s Access and Management Solution Delivers the Best of All Worlds

As scores of enterprise IT executives already know, Raritan’s CommandCenter® Secure Gateway (CC-SG) remote data center management solution can provide trustworthy access and control for the most-critical operational needs. At Duane Morris LLP, for example, Raritan devices are helping the data center staff streamline work processes and assure system availability at a new lightsout data center. With features such as easy-to-access BIOS-level controls and support for virtual media, Raritan’s products help simplify administrative tasks such as software installation, patch management, troubleshooting and reconfiguring network cards.

“Because I’m coming into the server on the KVM ports, I can do things like reconfigure network card settings. That’s something you can’t do with Terminal Services. Our work can be done more quickly and from anywhere,” says Mike Carpinella, technical services director at Duane Morris, a full-service law firm with offices in North America, Europe and Asia Pacific.

The central console is also a boon for management. “I bring all our IT equipment into the CommandCenter, so I have one central console,” Carpinella explains. “Being able to see every server from one console is ideal. Ihave console access to any one of the Raritan switches. I can log in with a single sign-on to our entire IT infrastructure anywhere—from home or from the office. And with the logical views, I can quickly find any device in the data center or branch offices that I need.”

Besides a single point for accessing and auditing physical and virtual servers, the CC-SG features a variety of other advanced capabilities.

On the security front, for example, it provides a powerful policy management tool that allows access and control based on a broad range of user-customizable criteria, including time of day, physical location, application, operating system, department and function.Raritan offers 128- and 256-bit Advanced Encryption Standard (AES) encryption for end-to-end node access activity through AES-enabled Dominion® devices and support for a broad range of authentication protocols, including Lightweight Directory Access Protocol (LDAP), Active Directory, Remote Authentication Dial-In User Service (RADIUS) and Terminal Access Controller Access-Control System+ (TACACS+) in addition to local authentication and authorization capabilities.

Other security features include the ability to import user groups from Active Directory, support for two-factor authentication with RSA SecurID on RADIUS servers, strong password authentication, SAS 70 compliance for configurable amounts of failed login attempts and user ID lockout parameters.

The CC-SG aggregates access and management of IT infrastructure, including servers, serial devices and PDUs in multiple local or remote data centers, providing a simple, centralized gateway for diagnosing and resolving data center management issues quickly. What’s more, IT managers who opt not to use a traditional KVM switch can instead use a variety of in-band interfaces, such as IPMI, iLO/iLO2, DRAC and RSA, which CC-SG supports, for direct server access.

For auditing and reporting, CC-SG permits granular audit trail sorting for specific purposes such as remediation, security and debugging. It also provides the ability to capture activity reported by system users such as contractors and temporary workers.

The companion Dominion KX II, the latest generation switch, provides secure, BIOS-level access to data center devices at the rack, over IP and via modem. Administrators can perform all management, administration and configuration operations via a simple graphical user interface, remotely from the convenience of their desktops or while in the data center.

Backup access capabilities are critical. The switch includes several failover and security features to ensure availability in the always-on buttoned-down data center. And in case the network goes down, each KX II switch has a local port, so you can walk up, plug the KVM into that local port and maintain access.

In addition, Raritan delivers stellar virtual at-the-rack video performance, using nextgeneration features such as ultrafast screen refresh, 1,920 x 1,080 high-definition remote video resolution, advanced color calibration and per-server video optimization. With fullscreen video display, users appear to be directly connected to the target server. They view the full video display from the target server without window borders or tool bars. With a new “pop-up” menu bar, users can run KVM client functions while in full-screen mode.

The Dominion KX II can also launch KVM sessions to multiple monitors, in either fullscreen or standard modes. In this mode, users can view the list of servers on one screen and launch full-screen KVM sessions in another, helping enhance productivity.

Sometimes it’s the little things that make a difference. The Dominion KX II also provides a feature called Absolute Mouse Synchronization™—administrators do not need to adjust mouse settings on the target server during installation. With Raritan’s Absolute Mouse Synchronization technology, the remote and target server mouse pointers never go out of sync. In addition, the system automatically adjusts to the server’s mouse settings.

Overall, the CC-SG/Dominion KX II combination makes for a powerful KVM-over-IP solution—a logical choice for IT managers looking for secure, integrated data center management. After close scrutiny, the advantages of Raritan’s KVM solution over ESPs are clear: lower TCO; 1/32 to 1/64 the number of network ports and IP addresses required; multivendor support for heterogeneous data centers; enhanced security; consolidated local port access; and centralized access, authentication and logging, with flexible user management.

About Raritan

Raritan, a brand of Legrand, is a trusted provider of rack power distribution units, branch circuit monitors, transfer switches, environmental sensors, KVM-over-IP switches, serial console servers, and A/V solutions for data centers and IT professionals. Established in 1985 and based in Somerset, N.J., Raritan has offices worldwide serving customers in 76 countries. In more than 50,000 locations, Raritan’s award-winning hardware solutions help small, midsize, enterprise, and colocation data centers to increase efficiency, improve reliability, and raise productivity. And provide IT departments with secure, reliable remote access tools needed to manage mission-critical environments. For more information, visit us at Raritan.com.


Download PDF