Cyclades AlterPath Manager E200
Price: $8,950 US
Global console namespace across managed devices.
Global user management across managed devices.
Access via SSH and Web.
Automated firmware updates.
A little pricey.
Passwords stored clear text and world-readable.
Needs more comprehensive documentation.
Cyclades makes a number of excellent products aimed at easing system administration and data center management. These include console (serial and KVM) and remote power management. In the past, these devices were all islands unto themselves needing individual management. Authentication and authorization could be unified easily with a directory service such as LDAP, Radius, NIS or Kerberos, but the configuration of the devices would need to be managed individually and manually.
In modern complex data center environments, infrastructure must be flexible to keep up with changing circumstances and requirements. A central management system was needed.
Serial Consoles in the Data Center
For most computers, the console is the video monitor and a directly attached keyboard. This is where kernel and boot messages go as a system is coming up. The console eventually becomes a login terminal, either graphical or text mode, after a system is fully booted. On servers, however, graphical consoles are not needed and are often unwanted. Consoles on servers usually are used only to recover an ailing system or install a new OS. In these cases, a serial port is used as the console. This provides a very simple device for the kernel to deliver messages without the complexity or wasted CPU cycles of a graphics device. Serial consoles have the added benefit of remote access when used in conjunction with a console server such as the Cyclades ACS series products. These devices literally allow you to use SSH (secure shell) to connect directly to a server's console and manage it from anywhere. Remote access to a server console allows the system administrator to recover and even re-install the OS from anywhere, if the server is running Linux or UNIX. For more information on implementing serial consoles on Linux see my LJ article in the August 2004 issue.
Some of Cyclades' most popular products are the TS and ACS serial console management devices. These thin 1U-rackmount enclosures allow secure remote console access to servers and serial-port-equipped appliances such as filers, routers, firewalls, SAN arrays and switches. The AlterPath Manager (APM) is designed to sit above multiple ACS and TS units and centralize configuration and authentication.
The APM unit sports an 850MHz Intel Celeron CPU, 256MB RAM, 40GB disk, two 10/100 Ethernet ports and two serial ports, one for the APM's console and another for an optional dial-in modem. Not much horsepower by today's standards, but more than enough for what the APM needs to do. This is all basically off-the-shelf hardware; the APM is primarily a software product that includes integrated hardware.
The hardware is packaged nicely in a sturdy 1U-rack enclosure. Indicators are on the front with all connectors on the rear.
The APM runs a small customized Linux OS. Cyclades' management application is Web-based and runs under the Tomcat Java servlet engine. The servlet engine serves on both HTTP and HTTPS (encrypted) ports, and Cyclades provides simple instructions for disabling the non-encrypted port. All configuration and control of the managed devices is done over encrypted SSH connections.
The APM uses password-style authentication to the managed devices using expect. I would have liked to see public key authentication, but passwords are easier to understand for most people and at least it's still all encrypted. The root passwords for all managed devices are stored in a MySQL database running on the APM. This database allows connections only from localhost and stores these passwords in clear text. It also appears that the MySQL databases on all APM devices use the same hard-coded database root password. All the database passwords can be found in the world-readable configuration file /var/apm/apm.properties. It needs to be assumed that any user with shell access to the APM will have complete control of the managed devices because of the unfettered access to the root passwords. This security situation should be significantly tightened up by Cyclades' developers.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Back to Backups
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Google's Abacus Project: It's All about Trust
- Secure Desktops with Qubes: Introduction
- Linux Mint 18
- Fancy Tricks for Changing Numeric Base
- Working with Command Arguments
- Secure Desktops with Qubes: Installation
- Seeing Red and Getting Sleep
- CentOS 6.8 Released
Until recently, IBM’s Power Platform was looked upon as being the system that hosted IBM’s flavor of UNIX and proprietary operating system called IBM i. These servers often are found in medium-size businesses running ERP, CRM and financials for on-premise customers. By enabling the Power platform to run the Linux OS, IBM now has positioned Power to be the platform of choice for those already running Linux that are facing scalability issues, especially customers looking at analytics, big data or cloud computing.
￼Running Linux on IBM’s Power hardware offers some obvious benefits, including improved processing speed and memory bandwidth, inherent security, and simpler deployment and management. But if you look beyond the impressive architecture, you’ll also find an open ecosystem that has given rise to a strong, innovative community, as well as an inventory of system and network management applications that really help leverage the benefits offered by running Linux on Power.Get the Guide