[Info-vax] VSI and Process Software announcement
Kerry Main
kemain.nospam at gmail.com
Mon Sep 26 15:10:43 EDT 2016
> -----Original Message-----
> From: Info-vax [mailto:info-vax-bounces at rbnsn.com] On Behalf
> Of Chris via Info-vax
> Sent: 26-Sep-16 12:35 PM
> To: info-vax at rbnsn.com
> Cc: Chris <xxx.syseng.yyy at gfsys.co.uk>
> Subject: Re: [Info-vax] VSI and Process Software announcement
>
> On 09/26/16 00:21, Kerry Main wrote:
>
> >
> > Lots of systems have dedicated ILO's, mgmt. processors
> (including
> > OpenVMS.. the Nautilus family of VAX's had separate Pro380
> PC's), but
> > Steve's point was that these separate mgmt. functions and
> serial
> > consoles are a thing of the past. I disagree.
>
> The advantage of network based ilom is that it fits in well
with
> existing infrastructure and if it has it's own dedicated
hardware
> interface, is easy to aggegate and secure into an isolated
> management subnet. While serial consoles are ok, some are rj45,
> some are db9, which makes it difficult to find a common
solution.
> Also, you then need a serial to tcp server to get the whole lot
> onto the network. There are still times though, when only a
> laptop into the console port can get the job done...
>
> Regards,
>
> Chris
>
The advantage of a serial is that, like TCPIP for networking, it
is a lowest common standard for consoles to almost every IT
device (network, storage, servers, appliances). While console
outputs might differ between DB9/RJ45, the adapters to each are
common and available in any local computer shop.
With an enterprise secure console management solution in place,
one can quickly implement a common mgmt. policy to all these
different devices. For the same reason you do not want a server
sysAdmin to have update/change access to server logs, the same
applies to VM's, network and storage devices as well.
VM console Support:
http://bit.ly/2cyEiCw
In terms of aggregation, many large shops (especially outsourcers
and cloud providers) have dedicated VLANs for specific functions
and higher levels of security. One common VLAN subnet is often
called MGMT which is the VLAN that console mgmt., ILO's, server
mgmt. access etc are all plugged into. Its often the subnet where
patches are rolled out to minimize regular net traffic impact.
The last thing one would want is to have someone crack a firewall
(internal or external) and then have direct access to a TCPIP
address for an ILO port. These need to be on a separate VLAN
with additional security at the network level applied to them.
As mentioned earlier in the thread, ConsoleWorks from TDI is a
good example of a multi-platform console mgmt. product. Btw, it
also supports OpenVMS not only as a client, but also OpenVMS as
the central hub ConsoleWorks server.
https://www.tditechnologies.com/products/consoleworks-server
Console management whitepaper from TDI:
http://bit.ly/2dbtxnv
Regards,
Kerry Main
Kerry dot main at starkgaming dot com
More information about the Info-vax
mailing list