Optimizing Out-of-band Management

Transcription

1 > Techical White Paper Optimizig Out-of-bad Maagemet For Solaris Servers ABOUT UPLOGIX // Uplogix provides eterprise edge maagemet solutios for orgaizatios seekig to reduce the cost ad complexity of maagig their etworks. Uplogix solutios dramatically icrease etwork uptime, lower etwork support costs ad improve etwork maagemet security. Uplogix is privately held ad headquartered i Austi, Texas. For more iformatio please visit Cogress Ave., Suite 1200 / Austi, Texas T F / Uplogix, Ic. All Rights Reserved. Uplogix, Evoy, ad their respective logos are trademarks of Uplogix, Ic. i the Uited States ad other jurisdictios. All other compay or product ames metioed are used oly for idetificatio purposes ad may be trademarks or registered trademarks of their respective compaies. Uplogix is a Su Pricipal Parter.

2 What is out-of-bad maagemet? Out-of-bad maagemet is distiguished from i-bad maagemet. I-bad refers to usig the regular data etwork to commuicate maagemet status ad actios. Out-of-bad maagemet (OBM) uses a dedicated chael for device maagemet physically separate from the data etwork. I most cases, this ivolves coectig to each device s serial cosole port. Virtually all servers ad etwork devices have dedicated serial cosole ports for local or remote admiistratio. I-bad maagemet is vulerable to etwork outages or commuicatios problems with the devices that are beig maaged. This is precisely the situatio i which it is most useful for IT admiistrators to remotely maage Abstract This paper examies security ad compliace challeges that curretly exist with the outof-bad maagemet (OBM) of Solaris servers i eterprise IT eviromets. The paper reviews the top security ad compliace cocers that IT architects ad admiistrators should cosider for their OBM eeds. I additio, this paper itroduces a ew out-ofbad maagemet solutio from Uplogix oe that has bee optimized for Solaris admiistratio. The Uplogix solutio addresses these challeges ad provides robust security ad auditig capabilities to meet today s eterprise IT requiremets. Itroductio It is estimated that early 90% of Fortue 100 eterprises utilize out-of-bad maagemet (OBM) solutios, such as cosole servers ad KVM (Keyboard, Video, Mouse), i the day-to-day admiistratio of their IT ifrastructure. OBM products provide a alterate coectio that removes etwork depedecy for remote access ad offers low-level cotrol of distributed Solaris systems. There are a umber of chages i the busiess eviromet of these eterprises that are brigig more scrutiy to existig OBM ifrastructure ad practices. These chages iclude ew pressures i the regulatory ad security audit eviromets of some idustries (such as fiacial services, eergy, ad govermet), distributio of data ceters, IT role specializatio, ad outsourcig of IT maagemet fuctios. As curret OBM maagemet practices are examied, the distributed ature of may eterprises today is ofte recogized as the root of may problems. IT persoel are ofte spread too thi, resposible for assets i hudreds or thousads of locatios. The daily maagemet iteractios betwee admiistrators ad servers occur betwee may differet users ad i myriad combiatios, i-bad, out-of-bad, or i perso. But most IT orgaizatios would expect that each of these iteractios would be secure, properly authorized, ad tracked ad recorded for future reportig eeds. Today this is ot happeig. While critically importat ad widely deployed, traditioal out-of-bad maagemet caot adequately meet these eterprises curret eeds. A ew strategy is eeded for securig ad trackig OBM activities throughout eterprise IT eviromets. I formulatig better OBM solutios, key areas eed to be addressed, icludig: Secure ad Robust Server Access Graular Role-based Permissios Loggig ad Log Ispectio Multi-user Sessio Maagemet Cetralized Maagemet Uplogix has created a ext-geeratio out-of-bad maagemet solutio that addresses each of these areas, optimized for Solaris servers. servers ad etwork ifrastructure i order to diagose ad restore affected services.

3 The Challege: Secure ad Robust Access to Solaris Servers Eterprises require frequet access to distributed server assets durig the ormal course of busiess operatios. Those server assets might be accessed i-bad via primary data etworks, or out-of-bad via secodary etwork liks. IT maagemet eeds to kow that i every case, maagemet access to valuable server assets is completely secure. Further, for cosistet authorizatio, permissios, ad loggig, the access chael to distributed servers eeds to be robust. Limitatios of Traditioal OBM Offerigs Most curret OBM solutios use usecure procedures ad techologies for both the i-bad ad out-ofbad access paths. I-bad Security I-bad access to a out-of-bad (or cosole maagemet) device requires a etwork-based protocol. Most cosole-based maagemet solutios use Telet, a clear-text remote access protocol that was developed for early etworkig systems. The advatage of Telet is that it is virtually uiversal to etworked systems. But because it offers o ecryptio, Telet presets a umber of security cocers. Access via Telet leaves both credetials ad payload iformatio i clear text, which ca easily be itercepted ad read. This is a serious area of vulerability for ay orgaizatio that is cocered with securig iformatio ad protectig the Solaris eviromet. Out-of-bad Security A separate set of cocers arise whe a orgaizatio uses a secodary etwork coectio to access distributed OBM devices. Secodary access is required whe admiistratio tasks must be performed durig a primary etwork outage or whe the task itself may impact a device s primary etwork availability (for example, a major upgrade). The most commo type of secodary access method is through the public switched telephoe etwork (PSTN) utilizig a dial-up coectio to the OBM device. Like Telet access, this approach is earuiversal, but icorporates multiple usecured or iefficiet characteristics. 1. The most otable security problem with a dial-up coectio is the vulerability of the coectio itself. Remotely accessible modems are vulerable to brute-force attacks such as war dialig. Additioally, dial-up coectios are ot ecrypted. As with Telet coectios o the primary data etwork, all traffic across the dial-up coectio, both credetials ad payload, remais i clear text. That leaves dial-up coectios vulerable to soopig. Ayoe with either local or remote access to the telephoe lie ca liste i. 2. Phoe umber maiteace ad storage preset aother secodary-access issue ad potetial security risk. I large orgaizatios, it is ofte a paiful task to cotrol a master list of dial-up umbers, user accouts, ad who has access to use them. 3. Because a dial-up sessio creates a o-routable termial sessio, the secodary coectio to the OBM device is restricted to the user who iitiates it. This presets ay umber of practical limitatios What if more tha oe admiistrator eeds to look ito a issue at a distributed site? More importatly, it presets a sigificat security risk. Because the OBM device o loger has access to cetralized, i-bad etwork services, local services must be substituted. This affects the eterprise first durig user autheticatio. With o access to ay cetralized access cotrol system, the OBM device must rely o a local userame ad password database to autheticate the user. There are several security challeges with this approach: Creatig ad maitaiig a secodary access cotrol list (as opposed to leveragig ivestmet i cetralized autheticatio systems, like Radius or TACACS) Propagatig ad maitaiig this list across potetially hudreds or thousads of devices Verifyig the itegrity of the access cotrol list (for example, dealig with stale passwords) Protectig the access cotrol list o the distributed OBM device

4 Lack of Robust Coectio Alog with user autheticatio, other critical, cetralized etwork-based services are uavailable to the OBM device through a dial-up coectio, icludig applyig accurate permissios ad loggig. Permissios After a user coects ad autheticates properly with a OBM device, the user s permissio level must be determied o that device. Most OBM systems grat dial-up users root access to all services ad ports o a give OBM device. If the OBM system does ot provide root access, a rudimetary permissios system is icorporated i the local userame ad password database. This approach creates the same maagemet ad maiteace challeges that exist with user autheticatio, ad does ot allow eterprises to leverage their ivestmets i cetralized permissios systems such as TACACS or Active Directory. Loggig Most OBM systems rely o very small amouts of local storage to buffer cosole loggig data so that it ca be set to a etwork-based storage resource. If the primary data etwork is uavailable, this buffer iformatio is lost. Beyod that, the local buffer does ot address user activity loggig at all; this is typically implemeted oly through a etwork-based service. Whe a user accesses a device through a dial-up coectio, activity loggig does ot occur. This ca be problematic for ay orgaizatio that must produce audit reports ad verify the itegrity of all maagemet procedures imagie ot beig able to determie what a third-party techicia has doe while accessig a critical Solaris device. How Uplogix Meets the Challege To guaratee secure access via a primary etwork coectio, Uplogix solutio uses SSHv2 for ecryptig all maagemet iteractio with distributed servers. Telet access is disabled by default o Uplogix OBM devices, ad oly privileged users ca re-eable it. To secure secodary access to distributed servers, Uplogix employs a uique ad secure coectivity strategy. By default Uplogix uses a dial-out model, which addresses all the security problems commoly see with secodary access to traditioal OBM devices. Whe the Uplogix appliace detects a lack of coectivity through the primary data etwork it calls home, dialig out istead of requirig a user to iitiate a iboud dial-up coectio. The Uplogix appliace establishes a outboud poit-to-poit protocol (PPP) or virtual private etwork (VPN) coectio as opposed to a iboud termial sessio, so the secodary coectio is the IP-based ad routable. This coectio ca ow use all the cetralized, i-bad services already i place for autheticatio, authorizatio, ad loggig. It also addresses the sigle-user access challeges of dial-up. Multiple users ca ow coect through the secodary maagemet path via ecrypted SSH sessios. Uplogix uses multiple rules to determie whe to call home. These rules ca be cofigured o a device-by-device basis, ad ca be maaged through a cetral admiistratio portal. Basic rules test for primary data etwork coectivity, ad establish a secodary coectio if the primary etwork is uavailable or uderperformig. More sophisticated rules ca be tailored to specific eviromets, for example takig ito accout the time of day, status of other etwork ifrastructure, or various collected etwork statistics. I additio, admiistrators ca maually iitiate a dial-out coectio whe startig maiteace procedures. By providig access through SSH sessios over either the i-bad etwork or a dial-out PPP or VPN coectio, the Uplogix solutio provides a comprehesive aswer to the questio of secure access to remote servers. For autheticatio, the Uplogix solutio supports itegratio with existig eterprise autheticatio products such as TACACS or Radius. Local autheticatio ca also be provided if required.

5 The Challege: Graular Role-based Permissios The growth ad sophisticatio of IT orgaizatios has created the eed for role specializatio ad outsourcig. These chages require a much more sophisticated, very graular approach to authorizatio, limitig certai subsets of fuctioality to a specific role, group, or user. Limitatios of Traditioal OBM Offerigs After a user coects ad autheticates properly with a OBM device, the user s permissio level must be determied o that device. Most OBM systems implemet a very rudimetary port-based permissios model. Essetially, IT orgaizatios restrict access to the various ports o OBM devices o a peruser basis, which meas that a user with access to the port has access to ay fuctio o the device coected to that port. If the OBM system does ot provide root access, a rudimetary permissios system is usually icorporated i the local userame ad password database. Whe OBM solutios were iitially deployed (some up to a decade ago), this type of permissio model was sufficiet. The fact that a IT orgaizatio could cotrol access to differet ports o a OBM device was welcomed, ad was a logical security model. Today, port-based permissios are simply ot graular eough to support a eterprise IT orgaizatio s security practices. Key deficiecies with graular permissios i traditioal OBM solutios are the eeds for fuctio-specific access cotrol ad role-specific access cotrol. Fuctio-specific access cotrol As OBM solutios have become more sophisticated, they have evolved beyod cosole access. Historically, cotrollig access to a port o the OBM device meat cotrollig access to the sole fuctio of that port - so today s port-based model grats users access to all fuctios available from a give port. But as OBM providers implemet additioal fuctioality, this level of privilege cotrol is o loger sufficiet. If a OBM provider were to implemet loggig ad log storage o a give port, should all users with access to that port be able to see the logs? Should they all be able to clear them? As OBM solutios become more sophisticated ad fuctioality evolves at the port level such as loggig ad sessio maagemet a more graular permissios model is required. Role-specific access cotrol Curret iformatio security practices require roles-based authorizatio models. A eterprise may ow have hudreds or eve thousads of IT admiistrators resposible for supportig its IT eviromet. As these IT orgaizatios have evolved, their audit ad traceability requiremets have grow. IT orgaizatios have realiged themselves ito logical groups, each of which is resposible for performig discrete maagemet operatios for example, Credetials/ Accout maagemet teams ad Operatioal teams. This problem is exacerbated as IT orgaizatios adopt outsourcig strategies ad begi to give exteral admiistrators access to critical servers or ifrastructure devices. Traditioal OBM solutios have ot adapted their authorizatio schemes to this type of role-based orgaizatioal structure, ad the curret port-based permissios models caot be easily exteded to accomplish this. Very little has bee doe or ca be doe to improve the traditioal port-based authorizatio scheme used by most OBM providers. Some oe-off cotrols have bee developed to restrict access to such fuctios as cofiguratio chages to the OBM device ad log file deletio. These are iterim solutios at best; they do ot provide a complete commad-based authorizatio model, or do they address the eed for a role-based solutio.

6 How Uplogix Meets the Challege Uplogix OBM solutios use a powerful role-based permissios scheme to provide commad-level authorizatio. I this scheme, each user is associated with at least oe role. Durig the process of associatig users to roles, the role is assiged withi a cotext a specific Uplogix OBM appliace or group of appliaces, a port o a appliace, or the cetralized Uplogix cotrol platform. Each role assigmet specifies which commads the user ca ru i that particular cotext. I this way, every iteractio with a Uplogix OBM device ca be cotrolled o a per-user or per-group basis usig roles. This makes the Uplogix commad-level, role-based permissios model comprehesive ad flexible. With the Uplogix solutio, IT orgaizatios ca assig predefied roles or create fuctioal roles like operatios, egieerig, or security, ad defie the commad-level access for each role. For example, the operatios role might have access to the cosole commads o the OBM device, but limited access to the loggig facilities. The Egieerig role might have access to the cosole commads ad a set of additioal helper commads that the OBM device provides (file copy, boot records, port buffers, etc). The security role might oly have access to the loggig facilities ad the help commads to eable or disable the port. The orgaizatio ca the apply these custom roles to idividual users or groups of users. Cotiuig with our example, let us assume there is a West Coast Server Operatios user ad a East Coast Server Operatios user. Does this orgaizatio wat the West Coast Server Operatios user to have access to the servers o the east coast? Maybe ot this is where cotext comes ito play. The Uplogix solutio allows each user s roles to be applied to oly the set of devices to which the user should have access, ad it allows users to be assiged differet roles i differet cotexts. I our example, we could give the West Coast Server Operatios user the Operatios role for all of the west coast servers, but o role o ay west coast etwork equipmet or ay of the east coast equipmet. With o role assiged o the east coast equipmet or west coast etwork gear, this user has o access to it. I cotrast to traditioal OBM solutios, the Uplogix solutio allows IT orgaizatios to defie user privileges commad by commad, at ay level of the deploymet; ad to grat users differet levels of privileges device by device ad port by port. UPLOGIX ENVOY NRM EMS EMS ENVOY MANAGEMENT STATION (EMS) CONSOLE CONNECTION PRODUCTION NETWORK OUT-OF-BAND CONNECTION INTERNET ROUTER ON-DEMAND Z Z SWITCH WIRELESS ACCESS POINT SERVER OUT-OF-BAND CONNECTION DATA CENTER OUT-OF-BAND CONNECTION WAN REMOTE OFFICE REMOTE OFFICE Figure 1: Uplogix Solutio Deploymet i a Solaris Eviromet Evoy appliaces are deployed i dataceters or remote office locatios ad coect directly to Solaris servers ad other etwork ifrastructure devices. The EMS applicatio is deployed at the etwork operatios cotrol ceter (NOC) so that IT staff ca moitor ad maage multiple Uplogix appliaces.

7 The Challege: Loggig ad Log Aalysis With chages i the regulatory ad security eviromets i differet coutries, may eterprises ow face much more rigorous data security audit ad retetio requiremets. A key elemet i maagig Solaris servers effectively is the ability to capture, aalyze, ad act o loggig iformatio about each server. Limitatios of Traditioal OBM Offerigs Traditioal OBM solutios provide very limited loggig fuctioality, which is typically depedet o etwork-based resources for storage ad retrieval. Miimal Storage Curret OBM devices simply do ot have sufficiet oboard storage to accommodate loggig iformatio. Due to this lack of oboard storage, traditioal OBM solutios have icluded small buffers that capture cosole output from the coected servers. These port buffers capture miimal output from a device s cosole port, typically KB. This data is stored locally o the OBM device o a per port basis. Port buffers ca be overwritte with ew data very rapidly. I order to preserve loggig data, traditioal OBM devices must be cofigured to use a etwork-based resource like Network File System (NFS) or SYSLOG to archive this data before it is overwritte. Agai, this presets a loggig gap if these etwork resources are uavailable. Basic Loggig Limits Keystroke activity loggig is typically implemeted through a etwork-based service such as TACACS accoutig. There are two dowsides to this approach. First, keystroke loggig is oly doe whe the etwork is active ad accessible. Give that most OBM devices are deployed to be accessible regardless of the state of the etwork, this presets a sizable loggig gap durig periods whe the etwork resources are uavailable. The secod dowside to this approach is that keystroke loggig oly captures the user s iput but o output from the user s activities. This prevets most OBM devices from capturig sessio logs, which iclude both keystroke activity ad associated output resposes. Sessio logs are a importat tool for auditig, traceability, traiig, triage, ad activity justificatio. Stale Log Data Eve with the limited data iformatio that traditioal OBM devices capture, there are typically o facilities icluded for either log ispectio or aalysis. Most OBM devices provide basic services for viewig ad maagig the limited amout of log data stored o the device. The idividual etwork-based resources provide their ow archive ad aalysis features. The challege with these systems is that they typically archive iformatio from thousads or tes of thousads of devices. Retrievig ad aalyzig iformatio cotaied i the logs is tedious ad cumbersome at best. Critical, time-sesitive iformatio is likely to go uoticed, or to be impossible to fid, util well after the iformatio would be useful a server or security admiistrators. Traditioal OBM providers have struggled to address these loggig issues. The fudametal problem is the lack of storage o the OBM devices; without a local resource to store additioal loggig iformatio, very little ca be doe to improve log collectio ad maagemet. Some providers have developed add-o facilities for additioal storage. This is typically accomplished through a exteral storage device such as a PCMCIA hard drive. The dowsides to this approach iclude the cost as well as the deploymet ad maagemet of a secodary storage device o each OBM device, ad the fact that these secodary devices ca easily be removed ad the loggig disabled.

8 How Uplogix Meets the Challege The Uplogix solutio provides robust loggig facilities that address all the limitatios of the curret solutios plus exteded loggig fuctioality to capture additioal iformatio about the servers coected to a give cosole port. Extesive Device-based Storage Uplogix provides 80GB of oboard storage per OBM device. All loggig facilities ca use this local storage to archive log data regardless of etwork resource availability. Uplogix OBM devices ca be cofigured to offload loggig iformatio to traditioal etwork-based services, but the local storage remais available ad active. Additioally, all loggig iformatio captured by a Uplogix OBM device ca be archived to the Uplogix cetral maagemet statio (if used) i compressed ad ecrypted batches. Comprehesive Log Capture The Uplogix solutio provides robust sessio loggig, capturig keystroke activity ad associated device output ad storig both i idexed local archives. Alog with the sessio data, the archive cotais meta iformatio about the correspodig user, timestamps, ad user s coectivity iformatio. While Uplogix implemets port buffers as a coveiece to traditioal OBM users, the solutio also provides a database-drive, cosole log archive. The device s port buffers work like those of other traditioal OBM devices, overwritig data whe the buffers fill ad offloadig it to a etwork-based resource if cofigured to do so. The database-drive cosole log system works a little differetly. All cosole messages are parsed ito sigle-lie etries ad idexed ito a local database. The local database tracks the device s hostame, OBM device port umber, ad OBM device host iformatio for each log etry. If the messages are properly formatted, they are further parsed to traditioal SYSLOG compoets ad stored i the database for quick searchig ad referece. The oboard database is archived to the Uplogix cetral maagemet statio o a regular basis. Real-time Log Ispectio Alog with these robust oboard loggig facilities, Uplogix has also implemeted a powerful log ispectio egie. Recogizig that it would be simpler ad faster to examie log data as it is captured, the Uplogix team developed the ability to examie logs ilie. Through the solutio, users ca cofigure the ispectio egie to examie both sessio ad cosole logs i real time. The ispectio egie examies the log data for predefied patters. The system uses stadard regular expressios (Regex) to documet ispectio patters. Regular expressios ca be created ad maaged locally or through the Uplogix cetral maagemet statio. Through the cetral maagemet statio, regular expressios ca be packaged ad propagated to multiple systems. A extesio of the solutio s loggig facilities is to capture power-o self-test (POST) data from coected devices. POST iformatio ca be particularly useful whe debuggig upgrade ad hardware issues. Ay time a Solaris server is rebooted, the Uplogix OBM device will capture the full POST record ad archive it to local storage. The Uplogix OBM solutio addresses all the limitatios of traditioal OBM approaches to loggig, ot just by providig complete sessio loggig ad the facilities to store large amouts of log data locally but also by providig sophisticated tools for assessig ad respodig to iformatio as it is logged while still maitaiig compatibility with traditioal OBM systems.

9 The Challege: Sessio Maagemet Sessio maagemet keeps users from takig advatage of abadoed termial sessios to gai access to Solaris servers or fuctioality for which they otherwise lack appropriate permissios. May Uplogix customers have stated that this is their largest area of cocer with OBM solutios today. Limitatios of Traditioal OBM Offerigs Most OBM solutios provide sessio maagemet for a user s coectivity withi the OBM device itself. This may be accomplished through cotrols built ito the OBM device, or through the embedded timeout mechaisms with the uderlyig coectivity protocols. But curret OBM solutios miss the boat with sessio maagemet betwee the OBM device ad the cosole-coected Solaris server to which it provides access. For eterprise security ad IT compliace teams there are two major problems that result from this lack of Solaris sessio maagemet: Piggybackig or ghostig users gaiig access to the Solaris server without ecessarily havig the appropriate privileges to do so Sessios associated with oe user beig logged as associated to aother user Both of these are major problems for ay eterprise with cotrols i place for iformatio security ad auditig. Let s look at a example to illustrate this. Let s say that a user establishes a coectio to the OBM device ad is coected to a Solaris server cofigured o port 1 of the OBM device. The server would have forced this user to autheticate with the server s access cotrol system ad establish a permissio level. Assumig this user has the appropriate credetials ad authorizatio to use the server s cosole, the user would ow establish a sessio with the server through its cosole port. What happes whe this user s sessio with the OBM device times out? The coectio with the OBM device ca easily be re-established, but the user would t have a clea sessio to re-establish with the server, because there is o mechaism for sessio maagemet betwee the OBM device ad the ed Solaris server. The OBM device has o way to close the server s cosole sessio. If a user let us assume a differet user coects to the OBM device ad accesses the Solaris server o port 1, the ew user is preseted with the first user s previous sessio, with all of that prior user s permissios. This piggybackig is a serious security hole. Note that piggybackig has o impact o either user s privileges iside the OBM device itself. Both users may have valid OBM accouts, ad both may have privileges o port 1. The problem lies i their privileges o the server coected to port 1, which traditioal OBM devices caot cotrol. The secod sceario that causes eterprise security ad IT compliace teams cocer is icorrect sessio associatio due to a ew user pickig up a sessio that remaied ope o port 1 whe the OBM sessio timed out. Settig aside the differeces i the users privileges o the server, cosider the other security subsystems affected by this lack of sessio maagemet. Piggybackig ca affect loggig, chage maagemet, ad evet maagemet o the Solaris server. The server caot distiguish betwee the activities of the first user ad the secod, so all these subsystems log ad attribute iformatio to the first user istead of the secod. This seriously impacts the auditig ad traceability of user iteractios o critical ifrastructure devices. Orgaizatios face a umber of security risks associated with the lack of sessio maagemet cotrols. Not oly does this problem create a large hole i their auditig ad compliace strategies, it also potetially opes up their critical ifrastructure systems for soopig or attack by o-privileged users. Traditioal OBM solutios offer o solutios or workarouds for these sessio maagemet issues. They lack the itegrated itelligece ad automatio abilities required for good sessio maagemet. Eve if poit solutios begi to emerge, the true challege lies i the solutio s ability to provide the ecessary level of automated sessio maagemet i a multi-vedor eviromet.

10 How Uplogix Meets the Challege Uplogix OBM solutios provide the automated maagemet capabilities required to provide sessio maagemet for Solaris server eviromets. Uplogix solutios support two differet mechaisms for closig user sessios o Solaris servers automated or maual. Automated sessio maagemet procedures are iitiated whe a user issues the exit commad from a cosole sessio, or whe a iactivity timeout is reached. Timeouts are cofigurable, ad are based o periods of user iactivity. For activity timeouts, users are prompted halfway through the timeout period ad wared of potetial sessio closure. Whe oe of the trigger evets occurs, Uplogix OBM devices sed a series of escape sequeces to the server to exit ay ope applicatios ad retur the cosole sessio to a workig prompt. Oce the Uplogix OBM appliace determies that the cosole sessio is at a active prompt, the user sessio is closed via a exit or logout commad, which prevets piggy-backig or associated problems. Uplogix also recogizes that there are times whe it may be ecessary to leave a cosole sessio ope for a exteded period eve a exteded period of iactivity; for example, durig a complicated software upgrade. There may be poits i the upgrade process where the server is processig iformatio ad the user has o iput or iteractio with the system. To help elimiate premature sessio closures, Uplogix provides three maual mechaisms for admiistrators to exted their sessios: Sessio closure remider otices Uplogix OBM devices prompt users halfway through the iactivity timeout period to remid them that the sessio will be closed for iactivity i a specified amout of time. Termial Lock Uplogix OBM devices have the ability to lock a cosole port, disablig the sessio timeout ad keepig all other users from accessig the port. This prevets piggybackig while allowig exteded access to a server s cosole port, for example to complete a operatig system upgrade. To use this capability, the user must have termial lock privileges o the port to which the lock is to be applied. The termial lock may oly be overridde by a user who has lock override privileges o the locked port, or by the user who iitiated the lock. Iactivity extesio Users with the appropriate privileges may maually exted the iactivity timeout o a per-sessio basis. This allows admiistrators to exted the timeout without overridig the cofiguratio of the port or OBM device. The iactivity extesio is oly valid for the curret user s sessio ad will be reset after the curret sessio is closed. Although traditioal OBM solutios sessio maagemet capabilities have limitatios, the Uplogix solutio targets ad elimiates these limitatios ad the vulerabilities they imply. Ope sessios with servers coected to the Uplogix appliace close o exit, or they close whe the coectio to Uplogix times out, whichever occurs first; piggybackig is ot possible. MGMT NETWORK Figure 2: Rack Diagram I this sceario, the Evoy is coected to two servers, a router, ad a switch via cosole. The Evoy also coects to the primary maagemet etheret etwork, as well as a out-of-bad etwork lik. Uplogix provides support for a wide variety of OOB coectio alteratives icludig: Etheret, Satellite, GPRS, GSM, ISDN, DSL, ad POTS. CONSOLE MGMT ETHERNET OOB CONNECTION POWER MGMT UPLOGIX ENVOY NRM ROUTER SWITCH SERVER 10

11 The Challege: Cetralized Maagemet Most OBM vedors have provided some form of cetralized maagemet for their solutios, but i may cases it does ot meet the scalability, reliability ad flexibility requiremets of the eterprise. Limitatios of Traditioal OBM Offerigs Commo shortcomigs of cetralized maagemet for OBM solutios iclude scalability, limited cofiguratio ad user maagemet capabilities, limited or o reportig ad auditig capabilities, ad iaccessibility durig i-bad (primary) etwork outages. Scalability Cetralized maagemet solutios do ot always scale to acceptable performace expectatios. A solutio is eeded that ca cosolidate the ivetory ad provide a sigle poit of maagemet for potetially thousads IT ifrastructure devices beig maaged. Limited cofiguratio ad user maagemet These capabilities are ot always sophisticated eough to address the cetralized maagemet eeds of the eterprise. Users should be able to execute eterprise-wide maagemet tasks, such as performig cofiguratio chages or distributig patches, without havig to perform these tasks device by device. Absece of eterprise-level reportig ad auditig fuctioality Recet regulatory chages ad other evets have created the eed for detailed reportig ad auditig capabilities; traditioal cetral maagemet solutios have ot ecessarily kept pace with these ew requiremets. Robust ad reliable reportig of user iteractios, evets, alarms, ad device health is required, ad the solutio eeds to allow for customizatio to meet idividual customer s eeds. Iaccessibility durig etwork outages Perhaps the most serious shortcomig of traditioal OBM cetral maagemet solutios is that they rely o the primary etwork to fuctio, ad are thus useless whe the user eeds them most: whe the i-bad etwork fails. These shortcomigs exist because, for the most part, OBM providers cetral maagemet solutios were desiged after the OBM devices themselves were mature products, rather tha beig desiged i cojuctio with them. Because of this, the uderlyig desig philosophy of may such solutios has bee reactive i ature; the desig arises i respose to a customer s request. The result is a solutio that specifically addresses oe set of eeds without ecessarily aticipatig others. Cosole server hardware maufacturers focus o cosole servers, ot eterprise applicatios, ad provide a cetralized maagemet product that similarly focuses o the specific devices beig maaged rather tha o the eterprise as a whole. Some traditioal OOB vedors have started to provide cetralized maagemet of ed-devices o the cosole server over the etwork. However, agai, whe the etwork fails, there is o reliable coectio to maage it. Some provide exteral hard disks to spool loggig data whe a outage occurs, but these logs are accessible to users thus susceptible to tamperig - ad lack the powerful file maagemet ad archival methods eeded to work effectively with them. 11

12 How Uplogix Meets the Challege Uplogix has desiged its cetral maagemet applicatio from the groud up to coordiate the activities of thousads of Uplogix appliaces usig prove eterprise applicatio techologies. The secure commuicatio model is out-boud from the appliace to the cetral applicatio, distributig the majority of the load aroud the eterprise. Extesive cofiguratio maagemet is provided for ot oly the Uplogix OBM appliaces, but for the ed devices beig maaged as well. Hierarchical iheritace of commo settigs, prefereces, ad scheduled tasks addresses eterprises eed to widely deploy ew settig ad policies without idividually touchig each appliace. Role-based permissio maagemet specifically grats abilities to view ad chage dozes of settigs from the cetralized cosole to authorized users or user groups, with most chages executed withi 60 secods. Chages to the devices coected to the cosole are implemeted as well, from sedig oe lie commads, to Evoy s pateted device itegratio egie, which uses specific drivers to maage each device based upo idustry best practices. User ad User Group maagemet are available from a cetralized database or delegated to a cetralized third-party Radius or TACACS system. Permissioig is applied usig roles to provide graular cotrols for every feature. Roles are applied hierarchically with iheritace or o-hierarchically based o everythig from physical port to ed-device model umber ad operatig system. User sessios from cosole servers are uploaded regularly ad available for review, as is the log of the iteractive web sessios of the Uplogix maagemet statio. Most importatly, this detailed maagemet ad reportig is available through a secure out-of-bad chael whe the i-bad etwork has failed. Usig a outside-i approach, each Uplogix OBM appliace is desiged to cotiuously upload the state ad alarms from each device via the out-of-bad chael. This iformatio ca easily be forwarded ad itegrated ito other, existig cetralized maagemet systems for aalysis ad actio eve whe the etwork is dow for exteded periods. Coclusio We have see that traditioal OBM solutios have evolved uevely to address emergig challeges i maagig distributed Solaris server eviromets. The icreased importace of OBM i overall server maagemet requires a ew strategy that addresses: secure access via both the primary ad secodary access paths a flexible system of graular permissios comprehesive loggig ad log aalysis robust sessio maagemet proactive, easy-to-use cetral maagemet The Uplogix out-of-bad maagemet solutio combied with Su s Solaris offerigs provides all the capabilities your IT orgaizatio eeds to meet today s security ad auditig challeges. 12