Serial Console Servers:

5 Ways Remote Access Technology Improves Business Continuity,
Simplifies IT Management, and Reduces Costs.

A White Paper by Raritan

Download PDF

---

Introduction

Serial console servers allow IT and network administrators to remotely access, monitor and manage equipment with console ports, such as routers, switches, servers, storage hardware, firewalls, power distribution units (PDUs) and uninterruptible power supplies (UPS).

The advantages of deploying serial console servers is to improve business continuity, allow for easier and faster IT maintenance and management and result in cost and time savings, which frees up IT staff to focus on other important tasks, such as creating new, innovative services.

From a central location, they can use serial console technology to troubleshoot, configure or reboot devices, regardless of where the equipment resides: in an on-site data center, in a nearby building or colocation facility or even in remote offices and facilities in other cities.

For example, IT staffers can remotely monitor the health of equipment as well as receive real-time notifications for abnormal situations. They can also gain visibility into network conditions, and if an outage or other service disruption occurs, they can connect to the equipment, properly diagnose the problem, and in many cases, remedy the situation remotely.

This paper will detail the five key applications of serial console servers, explain the benefits of each and share real-world use cases on how organizations of all sizes can take advantage of the technology.

Remote Access to Console Ports

Managing IT equipment gets more complex as enterprises grow larger and become more geographically disbursed. Serial console servers simplify and streamline IT maintenance and management by providing IT organizations with multiple ways to remotely access and administer their tech infrastructure. This flexibility is critical because it allows IT staff to choose the best connection path for any task or situation.

Serial-over-IP access provides the ability to connect to serial console ports over a LAN, WAN or Internet connection. With serial consoles servers, you can access and control devices using Command Line Interface (CLI) commands through Java-free, web-based clients, Secure Shell (SSH) clients and TELNET¹.

1 - TELNET is not recommended because it does not support encryption. Web-based interfaces that are Java-free are more secure because Java has security risks.

For those who prefer to manage devices through graphical user interfaces (GUIs), IT organizations can deploy management software that allows them to centrally manage all their Serial console servers through a web-based GUI.

To maximize convenience and enable powerful scripting, users can access device console ports via:

• Direct Port Access. This is a convenient feature where users can directly connect to devices via the web, SSH or Telnet by bypassing the serial console’s user interface. Instead, users can simply proceed to the targeted console port via fixed TCP port.
• At-the-Rack Access. Enterprises invest in Serial console servers for remote access, but sometimes IT administrators are in front of their equipment in their data center or wiring closet and need access to hardware directly. Through at-the-rack access, administrators connect to devices through a traditional RJ45 serial port, a USB port with laptops or with a traditional keyboard, mouse and monitor.
• Modem Access. If enterprises lose network connectivity or WAN access at a particular location, traditional analog telephone modems and cellular 3G/4G modems allow IT staff an alternative method to access and repair their network equipment and other IT infrastructure. This failsafe access is critical to respond to emergency situations.

Out-of-Band Access

In a disaster recovery situation, enterprises can’t rely solely on software-based network and systems management tools because these may not be available. This is where out-of-band access from Serial console servers can come to the rescue. Serial console servers work independently of operating systems and with multiple connectivity options to provide users with emergency access to network equipment and IT infrastructure with serial ports.

Benefits of out-of-band access include:

• Ability to troubleshoot, maintain and manage serial devices remotely even when you lose network access
• Minimize downtime by quickly recovering from disasters, outages and other problems
• Save money by not having to travel or send technicians to remote sites

For example, in a small-scale outage limited to one building or a wiring closet or rack of servers, IT administrators can access the non-responsive or malfunctioning devices through their serial ports. Each serial device has system or kernel consoles that regularly send system status messages. So, IT staffers can connect to devices, get their status by viewing their system or kernel console messages, and immediately start troubleshooting and reconfiguring settings if they must.

Even if a technician must go on-site, the central IT organization can at least diagnose the problem and pinpoint the exact location of the issue. That way, the central IT department can send technicians with the correct expertise to perform repairs or swap out equipment.

Real-Time Monitoring, Log and Alerts

A serial console server can monitor the performance of infrastructure equipment and send real-time alerts to IT staff if it detects critical events and failures, such as a server that is running out of memory or high temperatures detected in a rack. More specifically, Serial console servers can capture, store and monitor the full system logs from serial console ports.

On each port, users can define keywords such as “ERROR” or “ABORT” that indicates a failure or warning situation to trigger alerts and notifications from the serial console server over e-mail or via Simple Network Management Protocol (SNMP), giving the IT staff time to fix issues. In some cases, the alerts allow organizations to proactively resolve problems before devices fail.

Comprehensive Security: Access Control & Logging

Strong security, access rights management and authentication prevent unauthorized access to Serial console servers and connected serial devices.

Users are required to log into Serial console servers with usernames and passwords. IT leaders can customize access control and grant employees full or limited access to network and data center equipment, depending on their roles in the organization.

Serial Consoles also log user’s access, providing administrators with auditable activity logs of what time and what devices they’ve logged into. For example, if an employee logs into a Cisco switch and changes the configuration of that device, historical log messages show that this specific user made changes at this time and date.

Serial console servers support several protocols for logging: syslog, SNMP and Simple Mail Transfer Protocol (SMTP).

If an enterprise suffers a security incident, such as an unauthorized network intrusion, for example, the IT staff can analyze the logs to investigate the incident and see what happened.

Central IT organizations can also interface serial console servers with directory servers for authentication. Serial console servers support authentication and authorization using the LDAP, RADIUS and TACACS (Terminal Access Controller Access Control System) protocols. Integration with directory servers helps customers with a large number of IT users avoid creating separate logins and passwords for all the different serial devices. Users can simply authenticate through a directory server, which is a big convenience.

Serial console servers support 256-bit Advanced Encryption Standard (AES) encryption and two-factor authentication. Users can integrate a RADIUS server with RSA SecurID, for example, and use RSA tokens for two factor authentication (2FA).

Serial console servers also support TLS encryption for web browser security. For government, military and other users that have more stringent security requirements, Serial console servers also provide validated FIPS 140-2 cryptography for enhanced encryption.

Remote Power Control

While troubleshooting, IT technicians sometimes need to reboot servers or networking equipment to get them working again. A device may have crashed, or it could be hung and not responding. In those situations, IT staff can quickly use Serial console servers in conjunction with an intelligent PDU supporting outlet switching to remotely power cycle equipment.

This helps speed up recovery time and lowers costs because it can save IT staff from having to travel to remote sites.

To enable remote power management, enterprises can connect their Serial console servers to PDUs and set up associations between all the equipment ahead of time. That way, IT administrators can safely and securely power up and power down specific equipment with a press of a button. They don’t have to know which PDU is connected to which serial device on which outlet.

Conclusion

To review, Serial console servers are a critical piece of IT infrastructure and a smart investment for any enterprise IT shop because the technology allows for the secure, remote access and management of network and data center equipment.

Serial console servers provide five key features: flexible and reliable anytime, anywhere access to serial devices through CLI and GUI interfaces and through in-band access (network and Internet access) and out-of-band access through modems. The technology also provides real-time monitoring and alerts; comprehensive security through access control, authentication and encryption; and remote power management. The result is higher availability and improved uptime, simpler IT management and reduced IT costs.

About Raritan

Raritan began developing KVM switches for IT professionals to manage servers remotely in 1985. Today, as a brand of Legrand, we are a leading provider of intelligent rack PDUs. Our solutions increase the reliability and intelligence of data centers in 9 of the top 10 Fortune 500 technology companies. Learn more at Raritan.com

Download PDF