The page you're viewing is for English (ASIA) region.

The page you're viewing is for English (ASIA) region.

How to Achieve Greater Security and Efficiency for In-Band and Out-Of-Band Service Processor Management

Daniel Cecalacean • July 18, 2016

You only have to do a quick search on “service processors” to see that tech companies are engaged in an arms race to make their embedded service processors ever more powerful. There’s no question that service processors are making it a lot easier for IT administrators to remotely access, monitor and maintain servers.

Before I became product manager for the Avocent Universal Management Gateway (UMG), I was the Global Data Center Manager for Vertiv. In that position, I learned first-hand about how great modern service processor management tools are. But I also realized these tools introduce risk if not used in a secure and responsible manner. I wanted to leverage service processor power while improving security and performance in our data centers by addressing two key issues:

  • Reducing infrastructure vulnerability. Service processors can introduce risk if not properly managed. For example, they come with universal default passwords and configurations. With so many different service processors, it’s tempting to stick to these defaults which provide hackers with easy entry to the network.

  • Increasing administrative efficiency. As in most large data centers, we manage hundreds of service processors from multiple vendors, each with its own interface and unique configuration. IT administrators must use multiple service processor interfaces, maintain large spreadsheets with the name and IP address of each processor and perform updates server by server. It adds up to a lot of time, resources and money.

The solution to these issues turned out to be right in my own company-the Avocent Universal Management Gateway. The UMG is a converged access and control appliance that is perfectly suited to a mixed service processor environment. Designed for local, remote and out-of-band access, the UMG enables IT administrators to monitor and manage multiple service processors from a single interface.

More Control Yields More Security

Let’s start with how the Avocent UMG can reduce risk. Using the UMG’s built-in LDAP/Active Directory interface, administrators set up authentication and authorization controls just once. They no longer need to create and remember separate credentials for each Service Processor (or get lazy and use the defaults.) Access is easier while compliance with password and user access policies is maintained.

The UMG can also cost efficiently increase the security of providing out-of-band access. With the ability to physically attach up to 40 service processors to a single UMG, IT needs fewer network ports for the out-of-band network. The UMG can reside on a separate, isolated network and function as the central gateway to each service processor. This increases infrastructure security because service processors are no longer directly accessible from the production network.

Unified Management Leads to Greater Efficiency

The Avocent UMG makes life easier for IT staff, starting with automated discovery of each service processor. Using built-in service processor profiles, the UMG automatically discovers new processors, connects to them and populates the new system in its database. Maintenance is simpler too because administrators can use the UMG for bulk updates, such as a vulnerability patch. It automatically disseminates the patch, doing away with the need to make each change server by server.

The appliance can consolidate up to 1024 service processors so that their functions such as console access, power control and sensor monitoring and alerting, can be performed in a centralized and secure fashion

As those late-night gizmo advertisements say, “But wait! There’s more!” that’s true of the Avocent Universal Management Gateway as well. Its capabilities are not limited to service processors. The UMG also integrates digital KVM, serial console, and environmental management so that IT administrators can monitor and manage hundreds or thousands of assets from a single pane of glass. A single UMG can replace multiple legacy management consoles to save a lot of rack space.

Using the UMG as the “brain” in our global data centers as well as several edge locations has proven an excellent choice. Its single point of remote access and control for all of the assets in these locations has minimized the need to physically enter the data centers, increasing security. At the same time, the UMG’s converged view has facilitated consolidated infrastructure management that helps our staff monitor and maintain hundreds of assets more efficiently.

And, if you’re wondering why I am no longer in the data center position, well…one of the reasons is because I liked the UMG and the concept a lot, so I was very excited about the opportunity to manage, promote and further develop it.

The Avocent Universal Management Gateway is a truly unique and innovative solution in the Data Center and IT infrastructure management space.

  

Feel free to subscribe to our blog to stay informed on the latest trends, technologies and news.

Related Articles

Language & Location