HPE Community
Operating System - HP-UX
1832592 Members
3204 Online
110043 Solutions
New Discussion

Re: Can we eliminate consoles and have a centralized solution

 
SOLVED
Go to solution
Henry Weldon
Advisor

‎06-19-2001 05:03 AM

‎06-19-2001 05:03 AM

Can we eliminate consoles and have a centralized solution

Can we eliminate the need for a console on all our HP, Sun, AIX servers? I have tried HP's remote console and it has security problems. i.e. if you do not log out correctly, the next person coming in can access the console without a password. I have over a hundred servers, but many do not have consoles. We keep one on a crash cart.
Be Prepared
0 Kudos
Reply
6 REPLIES 6
Victor BERRIDGE
Honored Contributor

‎06-19-2001 05:48 AM

‎06-19-2001 05:48 AM

Re: Can we eliminate consoles and have a centralized solution

Hi,
All is possible...
You will need some terminal servers like ANNEX XL or DECServer700 (I think), or anything equivalent

All the best

Victor
0 Kudos
Reply
Rob Smith
Respected Contributor

‎06-19-2001 05:54 AM

‎06-19-2001 05:54 AM

Re: Can we eliminate consoles and have a centralized solution

Hi, check out http://www.wti.com/. They have a good console management solution in both 16 and 8 port models.

Rob

Learn the rules so you can break them properly.
Reply
Jim Turner
HPE Pro

‎06-19-2001 06:17 AM

‎06-19-2001 06:17 AM

Solution

Re: Can we eliminate consoles and have a centralized solution

Henry,

We had a similar problem. We also found the HP Secure Web Consoles to have inadequate security. The "secure" part is a childishly simple, easily breakable md5 hash on the data. There was no account lockout after x unsuccessful login attempts, no password aging, etc. All of these things are important for console access via the LAN since such action effectively negates any physical security you have for your computer room.

Here is the solution that I designed. I put an old C110 with a 64-port serial MUX in the computer room. (Note: A C110 can handle *three* 64-port MUXes if needed.) I used D-Shell/RJ45 adapters at the MUX and console ports and ran Cat-5 (good for about 1000' at 9600bps) from the MUX to all of the server console ports. I installed pcomm (An MS-DOS ProComm look-alike, http://hpux.cs.utah.edu/hppd/hpux/Misc/pcomm-2.0.2/) for easy-to-use terminal software.

The C110 is configured with all of the OS and third-party security required of all UNIX hosts in our corporate environment so it is audit compliant. We went two steps further by installing Secure Shell (ssh2) on the C110 and restricting root logins to /dev/console. Only SysAdmins have accounts on the C110.

We installed ssh2 clients everywhere we would need access (PC, Wkstn, Home). We even put a couple of green screens on the serial ports of the C110 for direct computer room console access. Now Internal Control and Auditing is frothy with excitement. My boss and his boss are happy because a years-old audit issue has been closed. I'm happy because I don't hear IC and Audit pissing and moaning about us not following "best practices".

Your mileage may vary. Email me at jturner@hertz.com if you'd like more technical detail.

Cheers,
Jim
Reply
Patrick Wessel
Honored Contributor

‎06-19-2001 07:05 AM

‎06-19-2001 07:05 AM

Re: Can we eliminate consoles and have a centralized solution

check out what the central web console
can do for you:
http://www.hp.com/products1/unix/management/confmanagement/cwc/index.html
There is no good troubleshooting with bad data
0 Kudos
Reply
Jim Turner
HPE Pro

‎06-19-2001 07:17 AM

‎06-19-2001 07:17 AM

Re: Can we eliminate consoles and have a centralized solution

With all due respect to HP and Central Web Console...

My solution = $0

(And my solution doesn't require the use of Microsloth Winblows or Microsloth Idiot Exploder!)
Reply
Bill McNAMARA_1
Honored Contributor

‎06-19-2001 07:34 AM

‎06-19-2001 07:34 AM

Re: Can we eliminate consoles and have a centralized solution

Your systems can boot without /dev/console if you configure it at least once!
You can then use service control manager to centrally manage all the servers... but not via /dev/console.. The only way to get rid of console terms is to use either the term mux or GSP systems such as N, L, SD.

Service Control Mgr is a free d/l from software.hp.com and worth investigating.

Later,
Bill
It works for me (tm)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.