Mailing List Archive

Zonker Harris wrote:
> I've had trouble getting conserver to open 32 SSH sessions
> to individual ports on a Cyclades ACS-32. SSH does take a
> lot of resource on both devices, and (if you plan to keep
> those sessions active for long periods) can require a lot
> of RAM (especially if you tickle a memory leak, since the
> sessions aren't closing, and relinquishing memory).

We certainly have some problems on initial startup, but it all
normalizes after a few minutes and a handful of retries. Conserver's
ability to say "you've retried too many times, I'm suspending you for a
few minutes" is critical in all of this.

So it's not a situation that's unmanagable at the moment, but it's
certainly not optimal.

Of course, at the moment we have 5 cyclades, but are looking to have 48
very soon, which if I didn't split up my conserver boxes would be 2304
ssh sessions from a single box, which is ... not good. ;)

I think your solution is very elegant and I'd love to see that ability
in cyclades and conserver...

--
Phil Dibowitz
P: 310-360-2330 C: 213-923-5115
Unix Admin, Ticketmaster.com

-Z-

MO does this now!


We are glad to make this interface available to conserver code; either you
or Bryan can contact me off list to work out the details.

History
----------

We asked the console server vendors to support a common interface across all
console servers almost three years ago; they declined as a single interface
would have allowed their customers to easily mix and match and add console
servers from other vendors and w/o being locked into their specific
products. We built it anyway and will gladly build it for any linux or
windows based console server.

The binary we built is called emser ; we have versions for the cyclades,
lantronix, digi, logical solutions, opengear, DNPG and our own MO console
servers ( 1500.00 USD for 48 ports by the way!); the hardware supported uses
varied chip sets and works very efficiently. We even have an interface to
Digi's Real Port from emser that we did in coordination with Digi.

Raritan committed to provide a console server we could load emser and test,
but has yet to deliver it. Avocent's CPS or Equinox and Perle's Console
servers all use an OS that does not allow us to load an image either in the
form of an image.bin or the binaries themselves. We stand ready to build the
binary for Avocent, Perle and test on Raritan.

The emser is now deployed under what we call Infrastructure Management
Layer. Companies who have deployed it or have been testing it include DESY,
GSK, UNILEVER, Vodafone Ireland and Sweden, Queensland University,
DaimlerChrysler-Stuttgart, UPMC, OLAF, Centrica, BetFair and many more! It
works great
See

http://www.KiNETWORKS.com/pdf/ConsoleServer-emser.pdf


http://www.KiNETWORKS.com/pdf/OperatingSystems-emser


checkout a power point presentation done by a DaimlerChrysler consultant:

http://www.KiNETWORKS.com/pdf/ee.ppt


Functionality
-----------------
The emser binary runs on all major console servers. The emser runs on any
existing UNIX, Linux or Windows OSs. This means you can take any old PC and
make it a console server quickly and easily with a serial card. The console
manager running our product or conserver connects to emser over a 1024 bit
encrypted pipe with a single link. The emser maintains the connection to the
serial ports and the connection back to the host running our product or
conserver.

We also connect to emser on a Windows, Linux or UNIX system and can bring up
a CMD or command line window. This means highly secure connection to an
In-Band connection that is fully logged and requires no legacy login; this
revolutionizes access to in-band systems. So emser allows command line
interfaces to be accessed just the same as console or serial card ports.

The emser provides configuration and change control as well. The change and
configuration control is also handled by emser and our console manager MO (
Manage Operations )This makes it trivial to replace a console server if it
dies. Simply set up the hostname and IP address and load emser and you are
ready to go.

The emser eliminates the hours necessary to build scripts and maintain those
scripts to do change and configuration of console servers. You are also more
likely to change console server vendors because you are not locked into a
vendor for want of a script to configure it to say nothing of the time saved
by using emser rather than the vendor specific configuration programs.

The emser provides the added advantage of allowing multiple console managers
access to a single port on the server; since emser controls the port - it
allows multiple systems to access the port on the console server so that if
one console manager running our product or conserver goes down there is
still a connection on a redundant system running our product or conserver.

We also have a mechanism now that allows the host enabled with emser to have
application write to a centralized log file server using the emser pipe.





|-----Original Message-----
|From: users-bounces@conserver.com [mailto:users-bounces@conserver.com] On
|Behalf Of Zonker Harris
|Sent: Wednesday, November 09, 2005 12:15 PM
|To: users@conserver.com
|Subject: SSH performance, CPU speed...
|
| I've had trouble getting conserver to open 32 SSH sessions
|to individual ports on a Cyclades ACS-32. SSH does take a
|lot of resource on both devices, and (if you plan to keep
|those sessions active for long periods) can require a lot
|of RAM (especially if you tickle a memory leak, since the
|sessions aren't closing, and relinquishing memory).
|
| Cary Roberts (at TellMe) as thought about this, and he's
|tried talking to vendors about the idea, but so far the
|vendors aren't keen on the idea. The idea is, that the
|console servers (CS) should accept SSL or SSH tunnels,
|and the idea plays out like this;
|
| The conserver host would open a single SSH session to
| CS #1, and then tunnel certain ports (say 10001-10032)
| to CS #1 (to ports 7001-7032, for this example).
|
| The conserver would open a second SSH session to CS #2,
| and tunnel ports 10033-10064 to CS #2 ports 7001-7032...
|
| Now, conserver would look for all of these ports, and use
| one tunnel per CS to encrypt all the sessions for each CS,
| instead of needing to have [24|32|48] SSH sessions per CS.
| This would reduce loads on the CSs, as well as the conserver.
|
| I'm testing with fairly low-end hardware, because I don't
|need to stress-load the CSs that I'm testing. In my real-world
|test, the conserver was also the mail host, syslog host, and
|a busy apache server, plus a few other tasks. The CSs were
|having some trouble, but the host was also slow trying to open
|all of those sessions. It was ugly, and we quickly wired a
|small management net to connect 4 CSs to 3 hosts, with a small
|8-port switch. This keeps the in-the-clear sessions from
|the curious and/or malicious, and reduced the SSH load on
|the conserver (since users still need to SSH in to get to
|the console client app ;-).
|
| My thought? More CPU in the CS is OK, but you may also
|need more CPU on your conserver host (or whatever box is
|going to originate all of those SSH sessions to the CSs).
|
| Best regards,
|
| -Z-
|
|_______________________________________________
|users mailing list
|users@conserver.com
|https://www.conserver.com/mailman/listinfo/users
|
|___________________________________________________________________
|___
|This email has been scanned by the MessageLabs Email Security System.
|For more information please visit http://www.messagelabs.com/email
|___________________________________________________________________
|___

_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users