Remote Connectivity to OpenVMS Systems

Mobeen_1 · ‎05-18-2004

Folks,
We have multiple sites across the globe from where our systems managers remotely connect to our datacenters to work on the OpenVMS systems. The following is the means we use
1. VPN to the data center
2. Telnet to a VMS host that runs TNG Console
Manager
3. From Console Manager connect to the
VMS hosts.

I am looking for some alternative approaches that will work as a backup to the existing method that we are following. I would appreciate if you could let me know any other means that you use, also if you are aware of any tools that help in this....

If you need any additional information, do let me know and i would be glad to furnish the same.

regards
Mobeen

Uwe Zessin · ‎05-18-2004

Hello Mobeen,

I sometimes see it is useful to be able to connect to a system via SYSMAN so I can issue easy DCL commands. Last time I checked the server process was not started automatically on standalone systems, but that is easy to fix.

.

Mobeen_1 · ‎05-18-2004

Uwe,
What i am looking for is a solution to get to the VMS systems. Once i am on the VMS systems i can explore the possibility of using SYSMAN or Console Manager or any other means.

regards
Mobeen

Peter Clarke · ‎05-18-2004

Mobeen,

Thanks for your answer on my question just need to know what the correct command to run autogen would be??

Cheers

Peter

Victor Mendham · ‎05-19-2004

I have a few legacy implementations with Modems/decservers. It is another method but, you might not get that past security depts in this day and age, but it is another method.

You could try a variation on this, with a newer Alpha server. Modem or Once VPN'd in to network, telnet to 90M, to allow access to server via RMC or MBM.

Basically the idea is telnet #.#.#.# 2001 where #.#.#.# is ip address of 90M, and port 2001 or others are you specific Alpha servers you need access to.

1. You would need to install 90M
2. cfg 90m so default pswd are changed
3. configure port security on 90M (define)
4. connect 90M to console or mbm port of Alpha

Note: U can toggle between terminal session & RMC or MBM mode to do system work (not OPA0:) and then if required issue sys$system:shutdwn then, once down if required use RMC of MBM move to physically power off the hardware.

5. ensure fw access though corp network to desktop
6. ensure fw access through VPN to allow remote from home (at 02:00 am when you're paged)

Vic..

M C_1 · ‎05-19-2004

Mobeen,

We use as a primary method Citrix for remote managements of our systems. Once inside our network we use a secure client (putty) to access our systems. For system work rather than use putty, we also connect to our console manager. As a secondary method, we use securID FOB for a direct connection.

An alternative is to open you system to inbound telnet using SSH. However, security may not like that.

MC

It is what it is!

Robert Atkinson · ‎05-19-2004

Mobeen, we use RoboCentral from Heroix (http://www.heroix.com/products/detail_robocentral.htm).

It does a lot more than just allow connections, but is the best priced product that we could find.

On the plus side, the UK support staff are almost perfect!

Rob.

Mobeen_1 · ‎05-19-2004

Robert,
Would u mind telling me how is the licensing like? Also do we have to run anything on the VMS servers like agents?

This seems to me like more of an Enterprise Management Product in the lines of BMC Patrol for OpenVMS

Appreciate if you could provide some additional details. Let me know how the pricing goes..i.e per CPU or Per Server or ?? and if possible what the price is approx :-)

Thanks
Mobeen

Robert Atkinson · ‎05-19-2004

Mobeen,
the RoboCentral server sits on a Windows box. You then connect it to the host machine via the serial port. This can be direct out of COM1 or via a server, i.e. reverse Telnet.

The advantage of this is that you can watch/manage other devices, such as Switches, hubs, disk controllers, etc.

RoboCentral is primarily designed as an 'events watcher'. It will monitor the output from the console port, and match strings of text against pre-configured rules.

If the rule matches, you can then instruct RoboCentral to take an action. In our case, we get it to email and page support staff, or run a DCL command file on the Alpha itself.

RoboCentral uses Domain authentication, but you can pre-determine access levels, etc. Onc that's configured, you can Telnet to the RoboCentral port, and manage ANY of the configured systems, including reviewing the console log files.

This means you could be sitting on a beach in Bermuda with an IPAQ and reboot a box in Botswana!! Because you're using the console port and have access to the SRM Console, you could even perform an upgrade!

The only software that runs on the Alpha is RoboEDA, which is used to perform actions on that node, i.e. run a command file.

Pricing is per RoboCentral server and then per console connection. I think we bought the inital package including 6 connections for around Â£7,000, then paid around Â£500 per additional connection.

Robert Atkinson · ‎05-19-2004

Sorry, should also have mentioned that it also comes with Admin and User GUI's, so that you can easily see events, manage systems, etc.

Plug over, I think!

To show that I'm not completely biased, I was sent this the other day, but I have no knowledge of it :-

http://www.xuis.com/products/openvms/consoleworks/

Rob.

Stanley F Quayle · ‎05-20-2004

My remote administration solution of choice (and the cheapest) is to station a Linux box at the remote site. You can get both LAT and DECnet support from:

http://linux-decnet.sourceforge.net

And, of course, TCP/IP (telnet, FTP, etc.) is already built-in.

If you want console access, you can connect a serial port from the Linux box to the system's console port (assuming you've set the VMS system for serial console).

You can then use SSH to go to the Linux box, or even have the Linux box dial up over a phone line. For your application, once you're into the data center VPN, it should be clear sailing...

http://www.stanq.com/charon-vax.html

Ian Miller. · ‎05-20-2004

or a DECserver 700 with an attached modem. The DECserver 700 can do RADIUS authenication against a RADIUS server on your VMS system. Once connected to the DECserver can use telnet or LAT to connect to VMS systems.

____________________
Purely Personal Opinion

Stanley F Quayle · ‎05-20-2004

> or a DECserver 700 with an attached modem.

Yeah, but you only get one session. With the Linux box, you get multiple simultaneous sessions -- extremely handy.

And don't forget the DECnet capabaility. I really am doing BACKUP from VMS to Linux. Especially handy for systems that don't have an IP stack.

http://www.stanq.com/charon-vax.html

Mike Naime · ‎05-20-2004

More variations on your theme.

Option 1.)
- VPN to the Data Center.
1a.) Open Telnet session from my Laptop to VMS server.
1b.) Open Browser window to a DS10 running TDI's ConsoleWorks. (Another Serial port scanner/manager/logger) This goes to the Console port on a Private network that has DECServer 700's connected to the serial ports on almost all of our VMS and IBM boxes.

Unlike other Console Mangers that I have looked at, we can "Share" the console access between multiple people. This means that I can have Operations, Myself, another tech, and HP all looking at the same console output at the same time. This ability has kept us from switching to other console manager that do not offer this ability.

Option 2.) Citrix connection to Firewall Citrix server.
(Same options as above.)
2a.) Open Telnet sessions from there, Or
2b.) IE to Consoleworks.

VMS SAN mechanic

Robert Atkinson · ‎05-20-2004

Mike, RoboCentral does offer shared access, either on an all read/write basis, or one write, others read basis.

You can also kick people off the console, providing you've got the RC privileges to do so.

Rob.

Antoniov. · ‎05-20-2004

Mobeen,
if you have DS90M, you can use session with kerberos but you are limited to use console.
@Antoniov

Antonio Maria Vigliotti

Victor Mendham · ‎05-20-2004

Mobeen,

Like Robocental (a better solution than my 90M remote access method as it allows you to capture OPA0: or OPCOM messages), Polycentre was owned by DEC, sold to CA, still available.

We use both RoboCentral and PCM, but I think HP uses ConsoleWorks as well. A simple search of google will pull info. I think RoboCentral is quite reasonably priced, bot sure about ConsoleWorks, but PCM is really pricey (CA of course...), RoboCentral even allows you to have a DR type situation where if primary RoboCentral goes down, backup can monitor or provide remoe access/console.

They all do the same basic remote access ( not h/w support like 90M), but they also give you OPA0: functionality so you can get to >>> or P00>>> mode. But what I like best is the remote console, actual OPA0 connectivity and OPCOM messages trapped, logged and can be alerted on.

Like, if >>> or P00>>> send red alert, so Ops can page to my pager or helpdesk, i can now trap on device offline, or backup messages QUIT or CONTINUE, etc... Some can be informational alerts or warnings, other critical.

Vic..

Mobeen_1 · ‎05-21-2004

Folks,
I am looking for a very very simple solution. Currently we do a VPN into our data centre and then work on the TNG Console Manager to get access.

So we still have TNG Console Manager.

I am looking for a solution to get to the TNG Console Manager system at my data center from US, Europe and India.

One of the solution that i am currently exploring is, hooking up a modem on the console manager VMS system at my data center and dial into that from across the different locations.

If you know of any other alternate methods, please let me know.

Thanks for throwing out all ideas, i really appreciate it

regards
Mobeen

Antoniov. · ‎05-21-2004

Mobeen,
modem solution is the simplest but it's not robust. I use modem for access to some customer and I found sporadic problems.
I don't known TNG console and I hope for you this software manages modem well.
If I were you I avoid use mode to connect on the other side of the world.

@Antoniov

Antonio Maria Vigliotti

Keith Parris · ‎06-07-2004

What part of the process are you most interested in having a backup for? The VPN connection? The Telnet connection over the IP network? The Console Manager connection to the consoles?

Anton van Ruitenbeek · ‎06-07-2004

Mobeen,

I didn't see this one till Keith brouth it up. But anyway, we use (after testing RoboCentral and others) a linux version from Cyclades. This looks like a terminal server with 32 ports, running Linux and give us the possibility to log all the 32 ports. Can be cascaded to max. 3 boxes (biggest box is 48 ports, so max of 144 serail ports per cascade). Ok stop now, I'm not a selling person ;-). Because this is Linux, (yeh, not my taste, but works file ;-) ) you can also do the logging of these ports remotely (in you're case, at your location from the remote systems) or both (logging remote and local). So if remote connection is lost you can make connection other way around (modem, another VPN, backup lines due (secure) dialin) and can look at the logging etc.

AvR

NL: Meten is weten, maar je moet weten hoe te meten! - UK: Measuremets is knowledge, but you need to know how to measure !

Mobeen_1 · ‎06-08-2004

Keith,
I am interested in having a backup for my VPN. As i mentioned earlier, only way our System Managers at remote sites can connect to VMS systems VPN.

Thus i am looking at backup solutions for VPN.

Thanks
Mobeen

Jim Strehlow · ‎06-09-2004

Where there are remote sites that have Windows networks, we set up a dial-up networking connection to a modem. Once on the network, I launch software on my workstation such as
- Quest Toad to check a database or
- WRQ Reflection for OpenVMS and Unix
as a terminal emulator to log onto the
OpenVMS server via a telnet session.

That gives us access to everything for OpenVMS except for the >>> triple chevron boot prompt.

Some remote sites install a dial-back modem on a phone line.
For some remote sites we must phone someone to turn on the modem.

Jim Strehlow, Data911
Alameda, CA, USA

Mobeen_1 · ‎06-10-2004

Jim,
I am precisely trying a solution similar to what you do.

The data centers are at different geographical locations in US and we have an international team supporting these systems.

regards
Mobeen

Keith Parris · ‎06-10-2004

One way folks provide backup for VPN access is to have multiple installations of the VPN gateway facilities in different locations -- if one isn't working at the moment, you can tunnel in through another. This uses the same VPN software on the client side, regardless of which site you tunnel in through.

Alternatively, you might look at having VPN software and gateways from multiple vendors. These is some risk the different VPN software may interfere if both are on the same PC, but I've also seen this work in practice.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Remote Connectivity to OpenVMS Systems

Remote Connectivity to OpenVMS Systems

Re: Remote Connectivity to OpenVMS Systems

Re: Remote Connectivity to OpenVMS Systems

Re: Remote Connectivity to OpenVMS Systems

Re: Remote Connectivity to OpenVMS Systems

Re: Remote Connectivity to OpenVMS Systems

Re: Remote Connectivity to OpenVMS Systems

Re: Remote Connectivity to OpenVMS Systems

Re: Remote Connectivity to OpenVMS Systems

Re: Remote Connectivity to OpenVMS Systems

Re: Remote Connectivity to OpenVMS Systems

Re: Remote Connectivity to OpenVMS Systems

Re: Remote Connectivity to OpenVMS Systems

Re: Remote Connectivity to OpenVMS Systems

Re: Remote Connectivity to OpenVMS Systems

Re: Remote Connectivity to OpenVMS Systems

Re: Remote Connectivity to OpenVMS Systems

Re: Remote Connectivity to OpenVMS Systems

Re: Remote Connectivity to OpenVMS Systems

Re: Remote Connectivity to OpenVMS Systems

Re: Remote Connectivity to OpenVMS Systems

Re: Remote Connectivity to OpenVMS Systems

Re: Remote Connectivity to OpenVMS Systems

Re: Remote Connectivity to OpenVMS Systems

Re: Remote Connectivity to OpenVMS Systems