Remote management

Dr Peadar Grant

Data Centre Infrastructure

“Lights out management” is a colloquial term referring to a data centre where IT and infrastructure related tasks are carried out remotely in so far as possible. This leads to a situation where the data centre does not normally have people within it for routine operations. A key goal towards achieving lights-out management is to reduce the need to interact with server hardware directly.

1 In-band management

In the context of servers, in-band management refers to the use of normal remote access features provided by the operating system and accessed by the standard network pathways. Obviously, OS-level remote management features should be used where possible for day-to-day tasks:

1.1 Remote command-line access

Common protocols would include telnet (insecure) and SSH (secure shell, secure if set up correctly).

Once connected, the shell used will depend on the OS and its settings. Normally PowerShell on Windows, Bash on Linux.

Remote command-line access is very flexible and tends to work well. SSH clients are available for almost all OSes including phone and tablet.

1.2 Serial console

Most UNIX server OSes can provide varying degrees of command-line functionality over a serial port. This will be discussed again separately under Serial consoles.

1.3 Graphical desktop

Many server OSes don’t have a desktop at all. Linux and UNIX operating systems are traditionally installed without the desktop. Windows Server Core also does not have a desktop.

If available, standard remote protocols such as Remote Desktop Protocol (RDP) and Virtual Network Computing (VNC) are often used. These can be configured in many different ways, but generally will either mirror the local keyboard/screen or offer a separate desktop to it.

1.4 Administration tools

There are a number of other admin tools that are very useful in a data centre environment as well as remote access:

2 Local management

In a data centre, it is common to connect servers to a rackmount KVM to enable a flip-up monitor, keyboard and mouse to be connected to a server for installation, configuration and troubleshooting.


PIC

Figure 1: In-rack KVM

Normally these KVM units can be connected to multiple servers simultaneously and switched among them using buttons on the KVM itself.

2.1 Remote KVM

Remote KVM units connect to in-rack servers in the normal way (VGA/HDMI+USB/PS2), but do not have a local monitor / keyboard.

For small environments or to move PCs out of noise-sensitive areas a KVM-over-CAT6 or KVM-over-IP extender is sometimes used, which is only able to connect to a single device.

3 Out-of-band management

Out-of band management features are included on most server hardware. All too often, these features go unused. Out-of-band management cards go by a number of manufacturer-dependent names:

iDRAC:
integrated Dell Remote Access Controller
iLO:
integrated Lights Out (HP)
iLOM:
integrated Lights Out Management (Sun/Oracle)
IMM:
Integrated Management Module (IBM)

Integrated management cards are now fitted to many servers, taking the place of many of the solutions above:


PIC

Figure 2: Dell R320 rear panel showing iDRAC NIC

Most management cards offer remote power on/off and reset, as well as more powerful features: Note that regardless of the server’s power state, the management card is normally powered constantly when the server is plugged in.

3.1 Virtual console

Virtual console is one of the most useful features. It provides remote KVM access that is entirely independent of the operating system. Anything that the server shows on its hardware video output will be shown in the virtual console.

Browser-based systems include those based on Java applets and the newer HTML5-based systems. Additionally, most offer access over either VNC and/or RDP protocols so that any standards-compliant client can be used.

3.2 Virtual media

Some tasks such as OS installation, rescue and cloning normally will require physical access for USB and/or optical media. The virtual media feature allows an ISO image on your local PC to appear in place of the server’s inbuilt optical drive. To the server OS, this is entirely transparent.

The virtual media feature is often directly integrated into the browser-based remote clients described above.

3.3 System monitoring

The iDRAC card may offer system monitoring information over standard (SNMP) or other custom/proprietary protocols. This is in addition to and entirely separate from any SNMP that the host OS may support.

3.4 Command-line interface

Most management cards offer a command-line interface with varying degrees of functionality.

On Dell iDRACs SSH can be enabled. A basic command-line shell is available with most functionality accessible using the racadm command.

3.5 IPMI

Most management cards implement some/all of the Intelligent Platform Management Interface (IPMI) management standard. IPMI permits servers from different manufacturers to be controlled using IPMI clients.

3.6 OS visibility

The server operating system is not aware of the management card by default. Some management cards can be interfaced in various ways to the host OS, allowing the out-of-band management features to be configured from the host OS. This depends on the particular card.

3.7 Considerations

3.8 Managed network switches

Most servers and other IT-related devices are plugged into a network switch. In a data centre, all switches should be of the L2 managed type where possible, offering the following possibilities:

Managed switches may be managed over Serial (requiring modem or Serial-to-IP box). More modern equipment can be managed over IP (SSH/Telnet) in one of two ways:

In-band
management is where the management features are available over the same network that the switch itself is on.
Out-of-band
management is where the switch has a separate network interface for management purposes. (This can sometimes take the form of a configurable management VLAN number.)

3.9 Serial console access

Some IT equipment is primarily managed via a serial port:

This can be easily used to enable lights-out management: