IM4248-2 Infrastructure Management Gateway von Opengear

Today's data centers need management tools that leverage the wide range of new in-band and out-of-band control technologies. Administrators need to use ALOM and iLO specific applications to access their embedded service processors. They need console access to the operating systems, and remote SOL access to the BIOS in their servers. They need secure browser and console access to reconfigure their firewalls and routers. They need to be able to power cycle systems and network devices - using the selection of UPS, IPMI and power strip devices they have deployed.

They need these controls to be available before the computers have booted, before the networks have become active, and even before the operating system has been provisioned. And they need secure access to these controls at the most remote sites in their distributed enterprise.

Integrated management gateway

Each of the mission-critical servers, switches, routers, power controllers and VoIP gateways in the data center has its own in-band and out-of-band management toolkit. A collection of local and remotely dispersed technical managers (system administrators, network administrators, applications specialists, service providers and vendor help desks) use these tools, and each wants to poke secure holes in the site network security to access the particular devices they control. The IM4248-2 gateway consolidates this to provide a single point of secure access for all these managers, and for all these tools, protocols and management applications.

Enterprise policies need flexible yet powerful access control mechanisms. The IM4248-2 restricts access by IP address, password and account - and once a user is authenticated, they are further restricted to using nominated services and TCP/UDP ports on the specific devices they have been authorized to access. All in-band and out-of-band management activity is logged, and these logs can be archived off line. This advanced auditing and tracking helps the organization conform to mandatory compliance requirements like Sarbanes-Oxley, GLBA and HIPAA.

Secure In-band and Out-of-band access

The IM4248-2 gateway can be accessed in-band by the local or remote manager using the public data network or a private IP network. Or it can be accessed out-of-band using an alternate broadband route on the second Ethernet port, or a dial-in PPP connection with its integrated modem. So if the in-band operational network is down, flexible access is available out-of-band. The SDT Tunneling server is embedded in each IM4248-2 gateway. It enables managers to use classical in-band graphical control tools like X11, RDP and VNC to control applications and reconfigure operating systems, but makes them available over these out-of-band channels. And all these connections are secure, with authenticated access using up to 128-bit AES encryption, and a selection of filtering and logging facilities.

The IM4248-2 gateway also supports IPMI and SOL and the out-of-band control tools that accompany BMC and service processors. These new management facilities enable monitoring, logging, recovery, inventory, and control of the hardware, BIOS, OS and applications - independent of the state of the main CPU, network and OS. The BIOS can be reconfigured remotely, and the system can be rebooted remotely - using side-band or out-of-band channels - even when the CPU itself is not operating. Using these same out-of-band channels, managers can have full KVM graphical control of applications running on the server - even when the in-band network access to the server is down. The IM4248-2 supports an extensive range of these new lights-out management control tools including IPMI, iLO, RSA, ALOM, DRAC and more.

SDTConnector (the SDT Tunneling Java client) ships with each IM4248-2 to simplify setting up secure connections through the IM4248-2 gateway, and launching the relevant control tools. With SDTConnector a remote administrator can, for example, securely tunnel through a remote IM4248-2 and be connected through to a selected Dell server, then start the Dell Open Manage client locally - all with one push of a button. Control applications like OpenManage, give access to the full IPMI and service processor facilities, and they interoperate with the leading enterprise management applications like ZENworks, OpenView, Microsoft MOM, BMC PATROL and NetIQ AppManager.

* Securely connects serial devices to 10/100Base-T Ethernet network
High Availability

Administrators need 24/7 access to their severs -both at the local data center and at the remote sites. The IM4248-2 family has been built to meet this need for maximum reliability - each unit ships with dual input dual AC power supplies with automatic failover, so the IM4248-2 can be fed from independent AC power sources. The IM4248-2 also has two Ethernet ports. One is for the primary connection, to enable connected devices to be accessed locally via the management LAN or remotely over the Internet. The second Ethernet can be configured to connect to an alternate access network (or the same LAN as the primary Ethernet port) for redundancy, in case of failure of the primary port. This is referred to as Ethernet failover or bonding. With failover enabled, if the first Ethernet port fails, the second one automatically becomes active until the first one recovers.

Each IM4248-2 has an inbuilt modem which can be used for dial-in out-of-band access. The modem, and the second Ethernet port can be cnfigured for out-of-band "dial-out" access. The IM4248-2 has a heartbeat monitor that checks it is healthily online, clear to send alerts and alarms, and accessible by remote users. If the heartbeat falters then the gateway can automatically dial up a remote site to raise an alarm, or switch to and activate some failover broadband access link. This is particularly beneficial for smaller remote sites or an ISP's wireless POP. If the main broadband or even some internal network goes down, the administrator can be notified immediately (rather than waiting until a customer complains) and out-of-band access is available for the administrator to repair the fault.

Features and Benefits

* Centralized management gateway providing secure access for local and remote management
* A secure gateway to manage hundreds of serial and network connected servers and appliances
* Secure in-band and out-of-band access
* In built modem for out-of-band dial-in or heart-beat triggered dial-out
* Integrates with centralized enterprise management
* 512MB storage for custom code, logging and local FTP/TFTP storage
* Simple browser or command line management interface
* Local or remote access to headless servers (LOM, IPMI) and network devices
* Power management - remotely turn on, off and reboot equipment via serial, IPMI
* Multiplatform - Linux, Windows, Cisco, BSD, UNIX and SUN compatible
* Rock solid stability - optimized hardware and robust Linux software
* Configurable open source Linux kernel and applications
* Automated alerts and alarm management
* Console logs maintained and archived off-line for easy problem resolution
* Secure, encrypted access to remote systems
* Port access can be restricted by password, account or IP address
* Multiple levels of filtering and access logging
* Unlimited users with multiple users per port
* Up to 50 concurrent SSH sessions (SDT tunnels) can be open at the one time
* Affordable solution to reducing costly MTTR and MTBF.
* Compact solution. 48 serial ports dual ethernet in 1RU rackmount


High Availability

* Dual universal AC input power supplies
* Dual Ethernet with bonding for auto failover or additional out-of-band broadband connection
* In built modem for out-of-band dial-in access
* Heartbeat monitor with auto dial-out option
* Multiple local boot images stored locally for roll back
* 512MB local FTP/TFTP storage for device configuration files

Security and Authentication

* Secure Shell (SSH V2 and V3)
* TACACS+ , RADIUS and LDAP authentication
* PAP/CHAP authentication (dial up)
* Dial back support
* Local authentication
* System event syslog
* SSH port and IP forwarding support
* IP packet filtering
* Unlimited user accounts

Serial Console Port Management

* Windows 2003 Server ACS and EMS support
* SUN / Solaris ready (no inadvertent breaks)
* Break over SSH support
* Port triggers with SMNP and email alerts
* Offline data logging (Syslog, NFS, CIFS)
* Online data buffering and logging
* Multiple users per port (with port sniffing)
* Access by TCP port * Telnet/SSH/Raw TCP connect
* RFC 2217 - Port Redirection
* Windows Remote Desktop or VNC over serial support
* Clustering - single IP for multiple IM4200 and CM4000 devices
* Per serial port user access lists

LAN Port Management

* Secure SSH tunneling tunneling (TCP/UDP applications)
* Secure Remote Desktop access to Windows XP/2003
* Secure VNC access to Sun/Windows /Linux computers
* Secure HTTP(S) access to browser controlled appliances
* Native IPMI 1.5 and 2.0 (RMCP/RMCP+) support for BMC and service processor access and control
* Secure SOL (Serial over LAN) access to BIOS, EMS and ACS
* Service processor access (IPMI, ILO, LOM and more)
* Access to KVM built in to service processors (DRAC, RSA)
* Secure Telnet access
* Limit user access by LAN device and SDT service for that device
* Port triggers with SMNP and email alerts for all tunnel traffic
* Each gateway can port forward to an unlimited number of locally networked hosts (computers, routers)
* No limit on number of hosts being concurrently accessed through the one tunnel
* Up to 50 concurrent SSH sessions (SDT tunnels) can be open at the one time
* No limit on number of clients who can access the one gateway

SDTConnector point-and-click SSH client

* Single access point for distributed networks of PCs and smart appliances
* Preconfigured to tunnel VNC, RDP, HTTP, HTTPS, SSH and Telnet; and to access common lights-out management (LOM) services
* User can specify new custom services using arbitrary TCP/UDP port numbers and client applications
* Strong Encryption (3DES, Blowfish, AES, Arcfour)
* Strong Authentication (Public Key, One-Time Password, Kerberos)
* Easy for the end user to install with point and click operation
* Simple for the administrator to configure and manage
* No limit on the number of IM4200 gateways that can be accessed
* Runs on any graphical OS (Windows, Linux, UNIX, Solaris,Mac OS X) with JRE 1.4.2 or later

IM4248 System Management

* Secure web management (HTTPS)
* Local browser management (HTTP)
* Command Line interface (Linux Shell)
* ARP-Ping (IP address assignment)
* SNMP

Accessibility

* In-band (local Ethernet or secure tunnel over Internet)
* Out-of-band (dial-up modem access) included * Additional Ethernet for broadband out-of-band connection
* Local serial console access

Other Protocols Supported

* DHCP for dynamic IP assignment
* NTP for time synchronization
* PPP for dial up access
* NAT port redirection

Upgrades

* Flash upgradeable
* Free upgrades from online FTP site
* HTTP, FTP, TFTP client for file transfer

Operating System

* Linux with source code access
* 512MB local flash for custom code