The door of the IDC is locked, but the door of the network is open. Remote management has become the main way for daily O & M of data centers. However, traditional remote management methods are always scattered, and servers, network devices, power monitoring, temperature and humidity control, and so on are all independent. As these remote management measures cannot be managed in a unified manner, when an endpoint is out of control, the management may be an end-to-end disaster.
What are the risks of Remote Management?
After the big data concentration, many enterprises have increased the management of data centers to reduce operational risks. Raritan, recognized as an innovative company in data center power management, infrastructure management, KVM, and serial port solutions, believes: "Because O & M objects have different management features, during remote management, many data centers adopt multiple remote management systems, which not only complicate routine maintenance operations, but also cause a series of problems such as password leakage and the inability of operators to audit. Data Communication Security, Real-Time Infrastructure monitoring, and a series of problems such as high power costs will increase the difficulty of daily O & M of data centers ."
Taking servers and network devices as an example, if these devices have problems, the network will lose its life and these devices are also the most frequent objects in remote management. For example, many administrators prefer to use remote desktop or SSH or other configuration tools. However, because these services have common vulnerabilities, once the protocol port is exposed to the network, it is often attacked by scanning and brute force password cracking. In addition to remote management vulnerabilities at the application layer, many administrators think that network devices using serial ports are relatively secure, but the opposite is true. For example, vrouters, switches, firewalls, and other devices, if they all adopt serial port management, there will be no remote management. Therefore, it is necessary to use the Telnet service or enable the Web management function. These large numbers of scattered and brand-messy serial devices cannot resist network sniffing and brute force password cracking, and hacker attacks against kernel vulnerabilities. In addition, when the link is faulty, the network browser, RDP, VNC, SSH, Telnet, and other in-band management (in-band) software solutions cannot deeply manage faulty network devices. Management personnel and equipment maintenance personnel in other places cannot troubleshoot faults through the network at the first time, which will cause major losses to production!
Seamless integration of remote management can do more
The data center system is gradually established, but risks also expand. Everyone knows that there will be more than one application, and when you face something beyond your reach, your fate may be in the hands of others. Therefore, a complete remote management solution should not only control each device, but more importantly, this channel should be more convenient and secure. To facilitate management of rack-mounted servers, storage devices, network devices, power systems, temperature and humidity monitoring of various manufacturers, and to combine the latest virtualization technology and asset management, alibaba Cloud launched the CommandCenter Secure Gateway, CC-SG, which comprehensively improves Remote Management in data.
In terms of management, IT administrators can remotely manage various virtual and physical IT infrastructures through a single Web browser interface. For example, for server administrators, access the blade rack server with out-of-band BIOS through Dominion kx ii kvm-over-IP switch or service processor (such as iLO, DRAC, and RSA. It is worth mentioning that, in response to the management needs of data center server virtualization, The CC-SG adds a unique virtualization management tool, the CC-SG integrates the VMware environment, supports connection to the virtualization Center Software, ESX Server, and VMotion functions, and provides BIOS-level access. New virtualization features include the ability to simplify Single Sign On access settings in a virtualized environment and to issue virtual power commands to virtual hosts, you can also click to view the topology view.
In terms of security, because the CC-SG can be a variety of Telnet, RDP and serial port equipment unified access to the operating station, and use a separate network channel, this provides centralized access channels for various servers, storage devices, switches, firewalls, routers, and PDUS responsible for power access. At the same time, service account passwords that use MD5 two-way encryption can be created and stored on the CC-SG for remote or local verification of all in-band interfaces. Of course, the operation information for these accounts is recorded by the CC-SG and detailed audit tracking reports are provided. These security measures play a supporting role for enterprises to build a new generation of security assurance system, and provide secure remote access channels for the physical architecture, virtual architecture, and cloud architecture of the data center.