Mailing List Archive

On Tue, 8 Nov 2005, Mike Daigle wrote:

> I am looking to buy some new console servers to work with conserver. The
> most attractive thing I have seen so far is the Raritan Dominion SX. We
> will get the 48 port model.
>
> The reasons I like it are that it has a faster processor than most.
> Processor speed is 200MHZ to Cyclades 66MHz. This will help with those
> slow SSH connections. And the price is the lowest I have been quoted on
> so far.
>
> Does anybody hae experience with these devices? I am assuming they will
> work with conserver - is that a leap of faith or should I test it, or
> has anybody else tested it?
>
> They also advertise that they are Sun BREAK safe.

Heh. Raritan has been calling my boss of late, so I too would be
interested in the answers to this :)

Thanks!

-n
--
-------------------------------------------
nathan hruby <nhruby@uga.edu>
uga enterprise information technology services
production systems support
-------------------------------------------
_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users

I'll throw my two cents into this discussion.

I've looked at Raritan from their website and their
magazine ads. I tried to get a white paper once, and
was grilled by someone from Raritan on the phone before
they would send it, asking who I was, how many we wanted,
whether I was the final say in the buying decision, etc.
(and I never received the white paper, so I must have
been too small a fish...I guess I don't buy enough. ;-)

I've been testing console servers for serial BREAK
problems now for 5+ years. As a general rule, "terminal
servers" send BREAK on power off, and most newer "console
servers" are safe. (There are some caveats, you can check
the BREAK-off test results to see what we tested, and
which devices passed or failed, and how we tested them at
http://www.conserver.com/consoles/BREAK-off/breakinfo.html

The Raritan Dominion has been on my "want to test" list
for 2 years now, and I can't get one. Sorry folks. I tried.

Bryan Stansell and I have bent the ears of any CS vendors
that would listen, about the issues surrounding serial BREAK.
We *know* we affected one design in progress, and we believe
we have affected two others. Most vendors 'get it' now. :-)

I don't know whether you will be able to use the Raritan
with conserver. Raritan seems very sensitive/secretive about
the product, and I'm guessing that this carries over to how
they feel about security. In the case of Lightwave Communications,
the engineers felt that it was insecure to allow a remote
TCP session to connect to a port without authentication. They
wanted users to log in, and use the cyclic buffers on the device
to scroll back the logs per port. They were unwilling to even
consider making that an option, if their customer might want
to 'expose themselves' to that risk. (Their box WAS break safe,
but w couldn't use it with Conserver. The senior executives
were willing to consider the issue, but the engineers swayed
the execs to keep the security tight.) I get a similar feeling
from Raritan, on the small number of phone calls I've made,
trying to take a look at their product.

I love their fun websites. Has anyone on the list got any
practical experience with one (or have the docs, to shed light
on the reverse-tcp functionality of the product)?

I wonder if they'll be in the vendor hall at LISA this year.
(http://www.usenix.org/lisa05/promote/)

-Z-

_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users

and here's my 2 cents...

after following some links on their support site, i found the docs here:

http://www.raritan.com/_downloads/pdfs/products/user_man_dom_sx.pdf

after a quick scan through it, it doesn't look like they offer plain old
telnet-style access to the ports. they do allow you to ssh into the box
and then connect to a console via their cli. they even show:

$ SSH -l dominion -t 192.168.51.225 "sconsole -u admin -a pass123 -p 2"

as an example of how to connect to port #2 with a username of admin and
password of pass123. that's workable (from a conserver perspective),
but not ideal.

why? because when you do that you are going through what looks like
their own console management system. you can be connected read-write or
read-only, you have an escape key that takes you to a cli for doing
things with the port (like sending a break), etc. just an alternate
take on the conserver experience, really. so, you have two layers of
console management going on - one on the box, another by conserver.

will the two play well together? what's the definition of "well"? ;-)
will it be easy to configure the box and have conserver talk to it?
perhaps. take out "easy", and yeah, it could work. assuming it can
handle 48 full-time ssh connections. could it start getting complicated
if someone uses their web interface or another ssh connection to bump
you to read-only on the box but conserver still thinks it's read-write?
i'd think so. impossible to work with? nah.

those are just a few of my random thoughts. can it be made to work? i
think so. would other things integrate "easier", yep.

remember, the flexibility of conserver makes it able to talk to many
things...you'll have to judge for yourself whether or not it *should*
talk to a particular thing.

(btw, in general the box does seem to have a lot of cool features)

Bryan
_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users

Mike> I am looking to buy some new console servers to work with
Mike> conserver. The most attractive thing I have seen so far is the
Mike> Raritan Dominion SX. We will get the 48 port model.

I like the Digi CMxx series of console servers. Simple to use,
compact, a sane admin interface, etc.

Mike> The reasons I like it are that it has a faster processor than
Mike> most. Processor speed is 200MHZ to Cyclades 66MHz. This will
Mike> help with those slow SSH connections. And the price is the
Mike> lowest I have been quoted on so far.

So what are your primary issues? Are you trying to put the console
server on your production network and secure them by using SSH to
connect from Conserver to the console?

Is there an option of setting up a private network which only the
console server uses to talk with the console servers?

I've got both Digi CM and Avocent CPS16s, and I personally want to
chuck the Avocents out, their interface is pretty ugly. I wish I
could play with some other boxes...

Also, you might just want to poke around on Ebay for Digi and or other
vendors boxes for sale cheap. It's not like they have alot of working
parts in them which can go wrong... and you might be able to get a
good deal that way.

John
_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users

We have an number of the Digi CMXX boxes. They are very nice with the
ability to ssh to port 7000 to see a list of the available ports on the box,
and then just hit a number to bring up that particular console. You can also
individually ssh to port 7001 for the first port, 7002 for the second, etc,
but I can never remember what port something is on. I could see this
becoming an issue if you had more than one of these at a site...some overall
management like Digi Connectware Manager would be needed to keep it
straight. You can also ssh right into the box to find that they are running
Linux under the hood:
# uname -a
Linux digicm32 2.4.2_hhl20 #725 Mon Jan 3 17:19:07 KST 2005 ppc unknown
# df
Filesystem 1k-blocks Used Available Use% Mounted on
/dev/root.old 3963 532 3227 14% /initrd
/dev/mtdblock2 13880 13880 0 100% /
/dev/mtdblock5 1024 324 700 32% /usr2
which I think Raritan and Cyclades also do. I was told this allows you to
do neat things like syslog to a CF card and sftp that to a central server
for reporting from remote sites with cron.
Ernie


On 11/9/05, John Stoffel <john.stoffel@taec.toshiba.com> wrote:
>
>
> Mike> I am looking to buy some new console servers to work with
> Mike> conserver. The most attractive thing I have seen so far is the
> Mike> Raritan Dominion SX. We will get the 48 port model.
>
> I like the Digi CMxx series of console servers. Simple to use,
> compact, a sane admin interface, etc.
>
> Mike> The reasons I like it are that it has a faster processor than
> Mike> most. Processor speed is 200MHZ to Cyclades 66MHz. This will
> Mike> help with those slow SSH connections. And the price is the
> Mike> lowest I have been quoted on so far.
>
> So what are your primary issues? Are you trying to put the console
> server on your production network and secure them by using SSH to
> connect from Conserver to the console?
>
> Is there an option of setting up a private network which only the
> console server uses to talk with the console servers?
>
> I've got both Digi CM and Avocent CPS16s, and I personally want to
> chuck the Avocents out, their interface is pretty ugly. I wish I
> could play with some other boxes...
>
> Also, you might just want to poke around on Ebay for Digi and or other
> vendors boxes for sale cheap. It's not like they have alot of working
> parts in them which can go wrong... and you might be able to get a
> good deal that way.
>
> John
> _______________________________________________
> users mailing list
> users@conserver.com
> https://www.conserver.com/mailman/listinfo/users
>

On 9 Nov 2005, at 15:47, John Stoffel wrote:

> I've got both Digi CM and Avocent CPS16s, and I personally want to
> chuck the Avocents out, their interface is pretty ugly. I wish I
> could play with some other boxes...

We eval'd Digi (excellent, we bought), Avocent (not impressed) and
Cyclades (the software looked like it was knocked together in an
afternoon by the work experience boy).

YMMV.

Arthur

--
Dr. A. Clune, Systems Security Advisor
The Computing Service, University of York
ajc22@york.ac.uk 01904 433129


_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users

Ernie> We have an number of the Digi CMXX boxes. They are very nice
Ernie> with the ability to ssh to port 7000 to see a list of the
Ernie> available ports on the box, and then just hit a number to bring
Ernie> up that particular console. You can also individually ssh to
Ernie> port 7001 for the first port, 7002 for the second, etc, but I
Ernie> can never remember what port something is on. I could see this
Ernie> becoming an issue if you had more than one of these at a
Ernie> site...some overall management like Digi Connectware Manager
Ernie> would be needed to keep it straight.

Umm... call me dense, but aren't you using Conserver to manage these
boxes and which hosts are connected to which ports? That's the whole
reason to have conserver.

I do like that they are running Linux and that I can ssh into them,
but I honestly treat them mostly as dumb devices. That don't send
breaks. :"]

Though maybe it would be interesting to see if I can do SSH to each of
the individual ports, and whether the load on the console server
system and the CM32 is too much or not. I bet most makers don't
expect you to be running all the ports all the time...

John
_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users

On a recent flight, I happened to sit next to Larry Kraft, Digi's VP of
American Sales & Marketing. We had a nice discussion about Digi's products
and how they address both the needs of console servers & RFID concentrators.
He was familiar with Conserver and seemed to have a decent engineering
understanding of what sysadmins need for console servers, which was
pleasantly surprising since he's in marketing and not engineering.

The last project I needed a conserver for I ended up with a Cisco 2600 that
was gathering dust in a recycle pile in the data center; for security we
just used a 192.168.x.x network from the conserver host, so the only access
to the consoles was via that host, which we were able to restrict with SSH
for direct logons, and SSL for conserver access. It worked very well, and
you can get some cheap boxes off Ebay I'm sure. If you're buying new, I'd
second the recommendation to evaluate the Digi CMxx series.
--
Rich Holland (913) 645-1950 SAP Technical Consultant
print unpack("u","92G5S\=\"!A;F]T:&5R(\'!E<FP\@:&%C:V5R\"\@\`\`");

_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users

Actually, no. We're migrating off conserver because it means we have to rely
on two boxes to have console operation.
We want to be able to have one box at each branch site. The new Cyclades
boxes now have the capability to also act as a KVM and will connect to their
managed power strips so that everything is managed from one box. Of course,
this brings up the issue of putting all your eggs in one basket and all
that.

Of course, doing ssh to each port might be interesting.



On 11/9/05, John Stoffel <john.stoffel@taec.toshiba.com> wrote:
>
>
> Ernie> We have an number of the Digi CMXX boxes. They are very nice
> Ernie> with the ability to ssh to port 7000 to see a list of the
> Ernie> available ports on the box, and then just hit a number to bring
> Ernie> up that particular console. You can also individually ssh to
> Ernie> port 7001 for the first port, 7002 for the second, etc, but I
> Ernie> can never remember what port something is on. I could see this
> Ernie> becoming an issue if you had more than one of these at a
> Ernie> site...some overall management like Digi Connectware Manager
> Ernie> would be needed to keep it straight.
>
> Umm... call me dense, but aren't you using Conserver to manage these
> boxes and which hosts are connected to which ports? That's the whole
> reason to have conserver.
>
> I do like that they are running Linux and that I can ssh into them,
> but I honestly treat them mostly as dumb devices. That don't send
> breaks. :"]
>
> Though maybe it would be interesting to see if I can do SSH to each of
> the individual ports, and whether the load on the console server
> system and the CM32 is too much or not. I bet most makers don't
> expect you to be running all the ports all the time...
>
> John
>

Ernie> Actually, no. We're migrating off conserver because it means we
Ernie> have to rely on two boxes to have console operation.

So you're giving up the ability to have the mapping of host-consoles
to console-server/port done for you automatically? With logging?

Ok, I guess I can see it. In my mind, the benefits outweigh the risks
for us.

Ernie> We want to be able to have one box at each branch site. The new
Ernie> Cyclades boxes now have the capability to also act as a KVM and
Ernie> will connect to their managed power strips so that everything
Ernie> is managed from one box. Of course, this brings up the issue of
Ernie> putting all your eggs in one basket and all that.

Sure. If there's a single port to log into on the Cyclades and then
you can pick which host's console to access easily, then go for it.

Ernie> Of course, doing ssh to each port might be interesting.

Sure, it can be a big CPU sink on both ends of the connection. Esp
when you should really only need one encrypted tunnel between the
ConsoleServer and the manager system (running Conserver for example).

My problem that conserver solves is that sites with multiple console
servers are a pain to manage because you need to either login to all
the CS (Console Servers) to find the proper host port, or if you have
a mixture of CS types, then you have different access methods to use,
etc.

John
_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users