CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 7 of 7

Thread: Remote console and/or RDP (or VNC) access

  1. #1
    Join Date
    2006-01-28
    Posts
    163
    Rep Power
    13

    Default Remote console and/or RDP (or VNC) access

    Back in the late 1990s / early 2000s, I remember using a small Linux device to provide console access to appliances.

    I've been looking for a similar device, and I came across http://www.lantronix.com/products/lantronix-spider/

    My biggest complaint is the way it is powered via USB port. If you reboot the computer it's connected to, that will interrupt power to the USB port, so you'll lose connection to the IP-KVM. If you have the IP-KVM on an enterprise switch with spanning tree protocol, you'll have to wait a few minutes for it to come back online, then log back in, download the Java applet, confirm all the security exceptions and then get the screen back. The trouble here is by that time, you've missed any opportunity to (for instance) enter the BIOS, get into a RAID controller, issue F8 for Windows boot options or ESC to pause a Linux boot... That's a huge weakness.

    I'm curious if anyone is using something similar or better. Thank you in advance.
    Listen is an acronym for silent.

  2. #2
    Join Date
    2008-07-31
    Location
    Netherlands, Europe
    Posts
    1,141
    Rep Power
    12

    Default Re: Remote console and/or RDP (or VNC) access

    For simple single port units we use Startech net-rs232 network devices and for DC setups we use the 32 port units from Raritan.Main advantage is that there is a normal power and you connect through the network with telnet (Startech) or SSH (Raritan) to the box and it is online as long as you allow it. ( we send these boxes to other parts of the world with the same IP on that unit as the IP of the FW (mostly there is only 1 IP available and no switchports) so we ask our local contact to switch the cable over.
    Regards, Maarten.
    Triple MDS on R77.30, MDS on R80.10, VSX, GAIA.

  3. #3
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    257
    Rep Power
    12

    Default Re: Remote console and/or RDP (or VNC) access

    Just about every server I have used since 2004 has had a Lights-Out Management (LOM) interface of some kind. Vendors all seem to have their own names. IBM calls it Integrated Management Module (IMM), Dell calls it Dell Remote Access Controller (DRAC), Sun and Fujitsu both call theirs Integrated Lights Out Manager (ILOM), HP calls it Integrated Lights-Out (iLO; not sure why the lowercase i).

    Modern lights-out management interfaces power on as soon as the server is plugged in. They control the server's ATX power, so you can power-cycle remotely without a managed PDU. Most have the ability to send SNMP traps or email alerts for hardware events the OS can't see like fan failures. Good ones also have remote keyboard/video/mouse capabilities. Since about 2010, it is also common to have an emulated optical drive, so you can point the LOM card to an ISO image to install an OS on the server.

    It's so incredibly useful I refuse to buy a server without one. Some of Check Point's "appliances" have LOM cards, but all the ones I've tried so far (5k, 12k, 13k, 15k, 23k) are awful. This is one of the biggest reasons I can't stand using those boxes.

    RS232 (and USB) console servers certainly have their place. Most network gear is still stuck in the 90s with regards to ease of fully-remote administration. A console server can at least get you fully-out-of-band management which can still be done over IP. The lack of power control has bitten me a few times. Very little is as irritating as having to drive to a datacenter just to press a power button.
    Zimmie

  4. #4
    Join Date
    2006-09-26
    Posts
    3,162
    Rep Power
    16

    Default Re: Remote console and/or RDP (or VNC) access

    Quote Originally Posted by Bob_Zimmerman View Post
    Just about every server I have used since 2004 has had a Lights-Out Management (LOM) interface of some kind. Vendors all seem to have their own names. IBM calls it Integrated Management Module (IMM), Dell calls it Dell Remote Access Controller (DRAC), Sun and Fujitsu both call theirs Integrated Lights Out Manager (ILOM), HP calls it Integrated Lights-Out (iLO; not sure why the lowercase i).
    Minor correction. I've used IBM servers x3650 and they called it "Remote Supervisor Adapter (RSA)". Integrated Management Module (IMM), you must be referring to servers produced by Lenovo.

  5. #5
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    257
    Rep Power
    12

    Default Re: Remote console and/or RDP (or VNC) access

    Quote Originally Posted by cciesec2006 View Post
    Minor correction. I've used IBM servers x3650 and they called it "Remote Supervisor Adapter (RSA)". Integrated Management Module (IMM), you must be referring to servers produced by Lenovo.
    Right! I had completely forgotten about that one! Lenovo-manufactured, IBM-branded servers have used the names Remote Supervisor Adapter (RSA), RSA-II, RSA-II Slimline, Integrated Management Module (IMM), and IMM2. I don't recall which models of server used which one, but the first x3650 model probably had an RSA-II Slimline. The x3650 M4 definitely uses an IMM2. I believe all of the Lenovo-branded models still use IMM2, and I don't think they've announced any forthcoming replacement.

    I have an x3850 M2 with an RSA-II Slimline, which I use as a personal lab box. It's surprisingly quiet for a server meant to live in a datacenter.
    Zimmie

  6. #6
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,625
    Rep Power
    9

    Default Re: Remote console and/or RDP (or VNC) access

    There is also impitool with SOL (Serial over Lan). I haven't used it but its on my giant todo list.

  7. #7
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    257
    Rep Power
    12

    Default Re: Remote console and/or RDP (or VNC) access

    Quote Originally Posted by jflemingeds View Post
    There is also impitool with SOL (Serial over Lan). I haven't used it but its on my giant todo list.
    An excellent point. IPMI exists on most current servers. It can provide SOL, and most versions have power management capabilities. Configuring it properly is a little complicated, but when set up, it works really well. It's essentially a standardized interface to the LOM card.

    A lot of laptop and desktop computers have IPMI capabilities now. In those cases, it is typically the only interface for LOM. Same goes for many low-end servers.
    Zimmie

Similar Threads

  1. firewall console access
    By petercinvest in forum Firewall Blade
    Replies: 1
    Last Post: 2015-11-20, 18:09
  2. Unable to access web console
    By jaymis45 in forum Check Point UTM-1 Appliances
    Replies: 3
    Last Post: 2015-02-02, 11:07
  3. IPSec VPN Remote Access can't access internal network after connect
    By arykustirin in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 3
    Last Post: 2011-08-19, 18:17
  4. disable console access
    By efdsa1 in forum Miscellaneous
    Replies: 0
    Last Post: 2011-08-15, 07:27
  5. Remote console to SPLAT EMC
    By jspeliers in forum Check Point SecurePlatform (SPLAT)
    Replies: 3
    Last Post: 2006-06-28, 15:03

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •