|
A 1. |
Why do I need SSH?
Normally an administrator connects to devices attached to the CS9000 by using Telnet. However, with Telnet the data is sent ‘open’. This means anyone with a network analyser can see (or sniff) the data being sent over the network. This data could contain the master passwords to devices such as firewalls, routers or even the main corporate server. Once in possession of these passwords access can be gained and any amount of damaged caused. |
A 2. |
How do I access my devices with SSH?
An SSH client needs to run on the administrators PC. They are similar to standard terminal emulators but support the SSH protocol. There are free SSH clients available for download on the web such as PuTTy or TeraTerm. |
| A 3. |
Will the 10MB units still be available?
Perle is in the process of discontinuing the 10MB units. The 10/100 units are a direct replacement and are sold at the same price. |
| A 4. |
Has the physical layout of the CS9000 changed?
No. The 10BaseT port has now become the 10/100 port and so there is no physical layout change to the unit. |
| A 5. |
I already have some CS9000’s which I wish to get SSH on?
The SSH software is part of a firmware release and is available on the web for free download. Existing CS9000's can be flash upgraded to this version using normal methods. . See Perle downloads |
| A 6. |
What is the difference between SSH v1 and SSH v2?
Overall, SSH v2 is more secure. SSH v1 and SSH v2 are two entirely different protocols that encrypt at different parts of the packets. SSH v1 uses server and host keys to authenticate systems where SSH v2 uses host keys. SSH v2 is a complete rewrite of the protocol, and does not use the same networking implementation as SSH v1. |
| A 7. |
Do I need SSL?
SSL is the protocol for encrypting data when using web browsers. |
| A 8. |
The CS9000 also supports Radius security, what benefits does this offer?
The CS9000 has an internal user database for up to 32 user names. However, some customers have external databases that all their systems can query for authentication purposes. The most common is Radius and this is what the CS9000 supports.
When an administrator tries to connect to a piece of equipment attached to the CS9000 he will be prompted for a user name and password before gaining access. The CS9000 can be configured to query the Radius server for authentication of the user name and password. This applies to both SSH and Telnet connections. |
| A 9. |
Does the CS9000 have port buffers?
Yes. Many systems such as Sun servers, routers, remote access servers and raid boxes output many messages from the console ports. Some of these messages are info only, others are critical warning messages. The system administrator must be able to get these messages. Without buffers the message is lost if the administrator is not connected at the time. With buffers they are stored within the CS9000 and can be viewed at a later time to aid problem diagnosis and solving.
CS9000 Port Buffer Sizes |
| A 10. |
Can I send a break signal to a Sun Server via the CS9000
Yes. The CS9000 does not send break signals when power cycled thus preventing unwanted shutdowns of Sun servers. However, the CS9000 can be configured to allow a break signal to be passed through when deliberately sent by the administrator. This allows the administrator to take a Sun server to the Open Boot Prompt only when desired.
Break signals can be sent via Telnet and SSH sessions (see manual for details) |
| A 11. |
What advantages can be gained by using a CS9000 with a Sun Netra?
A Sun Netra t1 has no video/keyboard/mouse ports and so can only be accessed via the network or the serial console ports. When powering on a Netra for the first time you must have a connection to the Serial A/LOM port. Through this port you will power on the system and then be asked to input information to decide the setup of the system. All of these can be done through a port on the CS9000 and avoid the need to be local to the system as the CS9000 is capable of in and out of band access.
Via this port it is possible to power on and power off the system at any time using the LOM (Lights-Out Management) facility. Also through the LOM you can monitor the status of the power supply, fans, fault LED and alarms even when the system is powered down. There is also the ability to turn on fault LED’s in order to help identify a unit in a rack full of Netra servers. Once the system has booted up it is possible to access the Solaris O/S for full system management.
Without a CS9000 it will be necessary to have a terminal connected to every server (think of the space needed and the power consumption). The only other option is to have nothing connected to the port and only connect when there is an emergency, however this will demand that someone is local to the system and have full access to the racks at all times. |
| A 12. |
Does the CS9000 come with more than 24 ports?
Many users are reluctant to put in high port density console servers. If all devices in a rack were connected to one console server then access would be lost to all devices in the unfortunate scenario where the console server failed. By installing 2 smaller density units there is a high level of redundancy in the event of a failure. In addition, most racks are usually populated with 16 devices or less. Many servers take up 3 U’s and many storage devices take up 14 U’s. In these cases a smaller density port server is desired. Most people use cabling options to connect more that one rack to the Perle 16 or 24 port versions of the CS9000. |
| A 13. |
Can the CS9000 be used to power manage systems (i.e. power cycle systems)
The CS9000 cannot do this on it's own but can if used in conjunction with a unit such as APC's MasterSwitch. The APC box can be accessed via the network or via a serial port (attached to CS9000) and can provide power to a maximum of 8 systems. The power can then be cut to any of these ports by the administrator either via the LAN or via dialup into the CS9000 allowing a system to be hard booted. One advantage of using this through a CS9000 is the SSH encryption which will stop the user names and passwords to the MasterSwitch being discovered.
Also some systems such as the Sun Netra range allow power management through their serial console port which is connected via a CS9000. |