Remote administration
Dec 1, 2008 12:00 PM, By Brad Gilmer
If you are an accidental system administrator, here are some tools that can help.
If you woke up one day and realized you're doing a job different from what you started, you might be an accidental system administrator. An accidental system administrator is a broadcast engineer who spends all of his or her time administering computer systems in the broadcast environment. Because many of us in this position started out working as broadcast engineers, we may have missed out on useful tools that can help us do our accidental jobs. The following remote system administration tools can make your life easier. (Note: I know the Mac has tools similar to what I discuss here. I talk about Windows and UNIX since I am familiar with those systems.)
Remote desktop tools
Figure 1. A separate monitoring Ethernet network allows you to monitor and
maintain servers even when power or Ethernet connectivity to the main servers
is lost. You can access the servers and network components many different ways,
providing fl exibility in dealing with various problems.
Select figure to enlarge.
Since the early days of computing, there have been utilities that allow users to access their computers from a remote location. GoToMyPC and pcAnywhere are two common examples. A user can not only gain access to files and other resources on a remote computer, but these utilities enable users to operate the remote computer as if they were sitting in front of it. This can be a great help if you need to do something at a work computer while somewhere else. It is also a helpful tool if you need to access a computer somewhere at the station while you are working at your desk.
In Windows XP and later, Microsoft includes a tool called Remote Desktop, which allows you to access and administer a remote server from your desktop. This is an extremely handy tool that I use all the time on my Windows servers. In fact, my servers do not have monitors or keyboards. I normally access them via Remote Desktop from my office computer.
People who operate UNIX systems have had remote access for years via the command line interface. I prefer to access these servers via Secure Shell (SSH) using RSA authentication. My favorite — and free — client for remote console access of UNIX systems is PuTTY.
Be careful not to use telnet over the Internet. Everything you type is sent in the clear. Anyone using a packet capture program can easily see everything you type. I disable all telnet functionality on my servers.
Some people prefer using the X Window System to administer Linux systems compared with the command line interface. While not as easy to configure as Windows Remote Desktop, it is possible to run a remote X Window session that provides remote access to your Linux system using a GUI interface.
SYSTEM HEALTH
Another set of helpful tools monitors the health of your servers and allows you to perform basic functions such as turning the servers off and turning them back on again. I confess to only having experience with IBM e-Series servers. Other enterprise-class server manufacturers provide similar functionality.
Remote system health tools monitor things such as CPU temperatures, fan RPM and power supply voltages. When a limit is exceeded, the monitor software sends an e-mail notification. As Figure 1 on page 30 shows, the IBM Remote Supervisor Adapter provides a high-level green light, red light status for all the connected servers. One can drill down to a specific server and then down to monitored parameters to learn more about a fault.
Disk array monitoring
Unless the RAID array is remotely monitored, there is no way for a maintenance person to know that a drive has been lost without physically inspecting the disk status lights on the front of the RAID array. If a second drive fails before the first failed drive is replaced, all data on the entire array is lost.
I use the IBM Director and IBM ServeRAID Manager to monitor the health of my RAID arrays. These software packages monitor a host of parameters on the system, including individual drives in the RAID array. If any drive fails, the system notifies me by e-mail immediately.
IP KVM switches
Another trick in the bag of remote administration tools is the IP KVM switch. A KVM switch allows the user to connect one keyboard, monitor and mouse to several computers. Broadcasters have used them for years where desktop space is scarce. An IP KVM switch does the same thing as a regular KVM switch, but instead of connecting a keyboard, monitor and mouse to the switch output, you hook up an Ethernet connection. Then connect to the IP KVM switch through the desktop computer using special software. With this software, you can switch between the different remote computer consoles just as if you were using a local wired KVM switch.
In this system, there is a small box (a KVM dongle) that has an Ethernet connector and keyboard, video and mouse cables coming out of it. These cables connect to the computer to be controlled. The Ethernet connector joins the dongle to the monitoring Ethernet network. The IP KVM switch itself connects to the LAN and ultimately to the Internet. You connect to the IP KVM switch by running special virtual console software on the desktop computer. The virtual console provides access to the server as if your remote computer were connected to the server directly. Response over this link is slow, but if you are having problems, this may be a last resort in correcting issues because, in some operating systems, critical error messages may only appear on the local computer console.
Router and switch remote access
You may need to access routers and switches to perform maintenance. It is common to access these devices using telnet. Usually this is safe because the telnet connection can only be accessed via a VPN, which is an encrypted link between the remote user and the router. As a backup, connect a cable between the serial port on the router or switch and one of your servers. Then, if you are unable to use telnet, you can access your server remotely and use a serial communications program such as hyperterm to connect to the router.
Putting it all together
As Figure 1 shows, I strongly suggest you create a separate monitoring Ethernet network with its own switch and a separate connection to the Internet. Also, ensure that this network is fed from a power source that is different from the servers and main Ethernet switch. Likewise, if the health monitoring hardware supports it, run these devices from separate power.
With the configuration shown in Figure 1, if the circuit breaker or UPS powering the servers has a problem, you will still be able to access the monitoring network. In fact, the RSA in an IBM server will contact you if the server it is monitoring has lost power, even though the RSA is physically located in the failed server. If, however, you have run the RSA off of the same power as the main server, then the RSA will lose power as well, and you will not receive a notification.
Having a separate monitoring network saved me many times when there were problems with the primary Ethernet connection to my servers. Because the monitoring network runs on a separate LAN, I can access the console on the server and reconfigure the Ethernet settings on the main server Ethernet connection without making a trip back in to the office.
This article is not meant as a tutorial on remote monitoring, but as an introduction so that you can be aware of the possibilities that exist. Your favorite hardware vendor may have different remote monitoring solutions. I encourage you to explore these solutions and to implement them in your facility. This will make your job as an accidental system administrator easier, and it will make you more efficient and effective.
Brad Gilmer is executive director of the Video Services Forum, executive director of the Advanced Media Workflow Association and president of Gilmer & Associates.
Send questions and comments to: brad.gilmer@penton.com
| Want to use this article? Click here for options! |  |
