|
| 
|
|
The IM4200 enables IT, NOC and telecom professionals to securely manage the assets in their data and communications centers from anywhere in the world.
These data and communications centers are managed on a day to day basis with in-band protocols and applications running over production networks. There's a wealth of in-band tools such as Telnet, RDP and VNC, and in-band applications like Nagios, OpenView, Open NMS, WebEx and GoToMyPC that enable the computers, network and communications infrastructure in these centers to be configured and controlled. However these devices also invariably have out-of-band ports so they can still be accessed, reconfigured and recovered in event of failure e.g. should an operating system crash or a network segment or incoming trunk connection fail (taking with it all the normal in-band management pathways).
System and network administrators and telecom engineers all have similar out-of-band management needs. They need secure network console (SSH, HTTPS etc) and serial console access to the devices (so the can reconfigure the routers, firewalls, servers, DSLAMs etc). They also need to be able to remotely power cycle the devices, using the selection of UPS, IPMI and power strip devices they have deployed. Each also has some unique needs e.g. sysadmins may need to use specific out-of-band applications, such as IBM Director and Dell OpenManage, to access the service processors (RSA, DRAC) embedded in their servers or remote SOL access to the BIOS in these servers.
The IM4200 infrastructure manager is a high availability solution that meets all these needs and more. It provides a reliable gateway from the production network to a management network, enabling local administrators to securely access their infrastructure and to quickly diagnose and fix problems with hardware, firmware, operating system or application software. The IM4200 also enables remote administrators to securely access and control devices on the management network and the main production network.
Secure infrastructure management
Each of the mission-critical servers, switches, routers, power controllers, DSLAMs and VoIP gateways in the data or communications center has its own in-band and out-of-band management toolkit. Local and remotely dispersed technical managers (including system administrators, network administrators, applications specialists, service providers and vendor help desks) use these tools. And each wants to poke secure holes in the site security to access the particular assets they control.
The IM4200 infrastructure manager consolidates this to provide the single point of secure access for all these managers and for all these tools, protocols and management applications.
Enterprise policies need flexible yet powerful access control mechanisms. The IM4200 restricts access by IP address, password and account - and once a user is authenticated they are further restricted to using nominated services and TCP/UDP ports on the specific pieces of the infrastructure that they have been authorized to access. All in-band and out-of-band management activity is logged and these logs can be archived off line. This advanced auditing and tracking helps the organization conform to mandatory compliance requirements like Sarbanes-Oxley, GLBA and HIPAA.
The IM4200 centralized management portal provides access and control for up to 48 serially connected and hundreds of network connected devices; all through a single management gateway. The number of controlled serial devices can also be extended to many hundreds by connecting additional IM4200 or CM4000 servers to the management network.
Secure In-band and Out-of-band access
The IM4200 can be accessed in-band by the local or remote manager using the public data network or a private IP network. Or it can be accessed out-of-band using an alternate broadband route on the second Ethernet port or a dial-in PPP connection to its integrated modem. So if the in-band operational network is down, flexible access is available out-of-band. The SSH tunneling server embedded in each IM4200 enables remote managers to use classical in-band graphical control tools like X11, RDP and VNC to control applications and reconfigure operating systems, but it makes these tools available over the out-of-band channels. And all these connections are secure, with authenticated access using up to 128-bit AES encryption and a selection of filtering and logging facilities.
The IM4200 also supports IPMI and SOL and the out-of-band control tools that accompany popular BMC and service processors. These new management facilities enable monitoring, logging, recovery, inventory, and control of the hardware, BIOS, OS and applications - independent of the state of the main CPU, network and OS. The BIOS can be reconfigured remotely and the system can be rebooted remotely - using side-band or out-of-band channels - even when the CPU itself is not operating. Using these same out-of-band channels, managers can have full KVM graphical control of applications running on the server - even when the in-band network access to the server is down. The IM4200 supports an extensive range of these new lights-out management control tools including IPMI, iLO, RSA, ALOM, DRAC and more.
SDTConnector point-and-click SSH client
SDTConnector, the SDT Tunneling Java client shipping with each IM4200, simplifies setting up secure connections through the IM4200 gateway, and launching relevant control tools. With SDTConnector a remote administrator can securely tunnel through a IM4200 and be connected to the DRAC on a selected Dell server, then start the Dell Open Manage client locally - all with one push of a button. SDTConnector interoperates with a range of popular control applications like OpenManage which give access to the full IPMI and service processor facilities; and which also interoperate with the leading enterprise management applications like ZENworks, OpenView, Microsoft MOM, BMC PATROL and NetIQ AppManager.
The IM4200 also supports sophisticated customizable monitoring, alerts and alarm management, with removable USB flash logs. And they have embedded Nagios NSCA client and NRPE server software so the IM4200 functions as a distributed Nagios monitoring server, removing the need for dedicated slave Nagios servers at remote sites.
High availability
System and network administrators and telecom engineers need 24/7 management access to their infrastructure, at both local and remote sites, so the IM4200 family has maximum reliability built in. Each unit has dual input dual power supplies (AC or DC) with automatic failover, so the IM4200 can be fed from independent AC power sources. The IM4200 also has two Ethernet ports. One is for the primary connection, so connected devices can be accessed locally via the management LAN or remotely over the Internet. The second Ethernet can be configured to connect to an alternate access network (or the same LAN as the primary Ethernet port) for redundancy in case of failure of the primary port. This is referred to as Ethernet failover or bonding. With failover enabled, if the first Ethernet connection fails the second one automatically becomes active until the first one recovers.
Each IM4200 has an inbuilt modem which can be used for dial-in out-of-band access. The modem (and the second Ethernet port) can be configured for out-of-band "dial-out" access. The IM4200 has a heartbeat monitor that checks it is healthily online, clear to send alerts and alarms, and accessible by remote users. If the heartbeat falters then the gateway can automatically dial up a remote site to raise an alarm, or switch to and activate some failover broadband access link. This is particularly beneficial when managing distributed data center sites or POPs. If the main broadband or even some internal network goes down, the administrator can be notified immediately (rather than waiting until a customer complains:) and out-of-band access is available for the administrator to repair the fault.
|
|
|
