CommandCenter® Secure Gateway – giải pháp quản lý tập trung cho Data Center

Ngày 23/02/2013 đăng bởi seo3.VS [email protected]

Với hàng ngàn server, thiết bị mạng, PDU… trong Data Center, việc quản lý tập trung và phân quyền truy cập cho các nhà quản trị mạng là hết sức cần thiết.

CommandCenter® Secure Gateway – giải pháp quản lý tập trung cho Data Center: Thông qua một lần login duy nhất trên trình duyệt web, nhà quản trị có thể điều khiển từ xa tất cả các thiết bị trong Data Center như rack server, blade server, virtual server, các thiết bị mạng, PDU..

GIỚI THIỆU SẢN PHẨM

Thiết bị quản lý CommandCenter® Secure Gateway (CC-SG) cho phép nhà quản trị quản lý từ xa cơ sở hạ tầng mạng ảo và vật lý qua một trình duyệt web duy nhất. CC-SG kết hợp điều khiển truy cập các thiết bị nhiều Data Center ở nhiều nơi khác nhau thông qua một gateway tập trung và đơn giản giúp nhà quản trị phát hiện và xử lý sự cố nhanh chóng. Tính năng truy xuất dữ liệu dễ dàng và tùy chọn WS-API giúp CC-SG trở thành thiết bị quản lý thuận tiện và thân thiện nhất với nhà quản trị trong giải pháp quản lý tập trung Data Center hiện nay.

Các tính năng chính của CommandCenter Secure Gateway:

Truy cập hợp nhất

Chỉ cần truy cập vào một IP duy nhất thông qua trình duyệt web, nhà quản trị có thể:

  • Truy cập BIOS và quản trị từ xa các blade và rack-mounted server thông qua Dominion KX II KVM-over-IP switch hoặc service processors: Dell® DRAC, HP iLO and IBM® RSA
  • Truy cập BIOS và quản trị từ xa các virtual server thông qua VMWare Viewer
  • Truy cập và quản lý tại phòng server trong Data Center thông qua RDP, VNC, SSH, Telnet và VMWare VI Client

An ninh hợp nhất

  • Truy cập server từ xa bảo mật hơn với xác nhận và chứng thực tập trung
  • Chứng thực người dùng với LDAP, Active Directory®, RADIUS and TACACS+
  • Ủy quyền truy cập server và điều khiển nguồn điện cho từng nhà quản trị hệ thống
  • Hợp nhất các bản ghi (logging) và báo cáo truy cập
  • Tất cả các luồng dữ liệu bao gồm video, virtual media, keyboard and mouse đều được mã hóa theo lựa chọn 128 hoặc 256-bit AES và128-bit SSL.

Quản lý cơ sở hạ tầng Data Center phức tạp, không đồng nhất ở bất kỳ nơi nào trên toàn thế giới

TÍNH NĂNG VÀ ƯU ĐIỂM

CommandCenter Secure Gateway (CC-SG) của Raritan giúp nhà quản trị mạng tích hợp việc truy cập an toàn và đơn giản để điều khiển tất cả các thiế bị công nghệ thông tin ở mức ứng dụng, hệ điều hành và BIOS.

Tóm tắt tính năng

  • Bảo mật, chỉ một lần log in vào một IP addsress duy nhất để điều khiển tất cả các dòng sản phẩm của Raritan như Dominion® KVM-over-IP switches, Paragon® II analog KVM devices và Dominion PX™ intelligent PDUs
  • Hai giải pháp thiết bị phần cứng (rack mount) và phần mềm cho nhà quản trị mạng dễ dàng chọn lựa
  • Một lần log in để truy cập và giám sát các physical server (bao gồm blade system và blade server), server ảo, cấu trúc server ảo của VMware® như ESX™ server và môi trường VirtualCenter
  • Quản lý tập trung dựa trên chính sách quản lý, bao gồm kiểm soát quyền truy cập
  • Khả năng giám sát, chẩn đoán và giải quyết các vấn đề liên quan đến cơ sở hạ tầng
  • Giao diện truy cập HTML giúp nhà quản trị dễ dàng thay đổi cách sắp xếp trong việc quản lý thiết bị, bao gồm các truy cập thường xuyên và truy cập gần nhất
  • Truy cập từ xa và quản lý nguồn điện sử dụng HP integrated Lights-Out (iLO/iLO2), Dell® Remote Access Controller (DRAC), IBM® Remote Supervisor Adaptor (RSA) and IPMI service processors, plus RDP, VNC, SSH và Telnet in-band applications
  • Universal Virtual Media™ control, phân quyền chỉ xem hoặc cấm truy cập thông qua thiết bị Dominion KX II
  • Hợp nhất việc quản lý các truy cập, bao gồm báo cáo hoạt động chi tiết
Features Functionality Benefits

Support for Dominion KX II

CC-SG supports access to servers and other IT equipment connected to Dominion KX II. KX II provides virtual media and Absolute Mouse Synchronization™ technology. CC-SG provides discovery, management, upgrades and many other management capabilities of KX II devices.

CC-SG provides seamless integration of access through different Dominion products such as environments with mixed Dominion KX and Dominion KX II devices.

Support for Dominion SX

CC-SG supports access to serial devices connected to Dominion SX.

You get centralized management of multiple SX units along with other Raritan access devices.

Virtualization: Integration of VMware

CC-SG provides streamlined setup of single sign-on access to your virtualized environment, the ability to issue virtual power commands to virtual machines and virtual hosts and a topology view with one-click connections. CC-SG integrates with VMware environments and can support features like connectivity to VirtualCenter software, ESX servers and VMotion™ functionality.

You get consolidated access, power control and auditing of both physical and virtual servers.

Connectivity to virtual machines is always available even when these are moved from one virtual host to another.

Support for Access to Blade Servers Connected to Dominion KX II Devices

CC-SG supports access of blade servers connected to Raritan Dominion KX II switches. Supported blade models include most Dell, HP and IBM blade servers.

You can access all connected nodes from a single client, including blade servers, non-blades, IP tools, service processors, PDUs, virtualized systems and devices connected to Raritan’s KVM solutions.

Support for Raritan’s Dominion PX

CC-SG can discover and add Dominion PX “smart” power strips located on the IP network. The CC-SG will automatically identify the firmware version, serial number and how many outlets are available on the PX. Once added to the CC-SG as a network-managed device, the Dominion PX allows access to the administrative interface via a single sign-on. Additionally, Dominion PX outlets are available for configuration and association to existing CC-SG nodes (servers).

Note: The option of CC-SG integration to the PX through physical connectivity to Dominion devices via a power Computer Interface Module (CIM) or power cable is still available and supported.

You enjoy comprehensive centralized access and management.

Your control of PX units can be independent of KVM or serial switches.

Access to In-Band Application and Embedded Service Processors

Telnet is supported as an in-band serial console interface.

RDP, one of the most commonly used in-band console interfaces, can be used in either console or remote user modes. The RDP console allows the IT administrator to be the only RDP user on the server while the session lasts. All RDP remote console user sessions will terminate on an RDP console login. Additionally, the RDP interface can be adjusted to the desired color depth.

Service accounts can be created and stored on the CC-SG with an MD5 two-way encrypted password. Service accounts can be employed on all in-band interfaces to allow for use with remote or local authentication. Changing the service account password applies to all CC-SG interfaces using that service account. Alternatively, creating specific passwords for each interface is still available.

You have the ability to connect to serial targets using Telnet protocol.

You’ll add flexibility by using RDP.

You’ll reduce the configuration time required to reflect password changes.

Robust Security

Low security profile, Linux®-based appliance architecture.

A powerful policy management tool allows access and control based on a broad range of user customizable criteria, including time of day, physical location, application, operating system, department and function.

Available 128-bit and 256-bit AES encryption for end-to-end node access activity through AES-enabled Dominion devices.

Support for a broad range of authentication protocols, including LDAP, Active Directory®, RADIUS and TACACS+ in addition to local authentication and authorization capabilities.

Ability to import user groups from Active Directory.

Support for Second Factor Authentication with SecureID® on RADIUS servers.

IP-based access control lists (ACLs), which grant or restrict user access by IP address.

Proxy mode for secure access to devices through firewalls/VPNs.

Strong user password authentication, SAS 70 compliance for configurable amounts of failed login attempts and user ID lockout parameters.

 CC-SG is a powerful, hardened secure access platform that delivers peace-of-mind to IT managers who need to provide access to vital corporate resources.

Neighborhood Configuration

Architecture allows a collection of up to 10 CC-SG units to be deployed and work together to serve the IT infrastructure access and control needs of the enterprise. The units in a neighborhood may consist of hardware and/or virtual appliances. All units in a neighborhood must be running the same firmware version.

Scalability: you can add more

CC-SGs as your environment grows.

Performance is enhanced through the distribution of resources across CC-SGs.

Regionalization:

  • It allows local authentication for local access.
  • CC-SG provides around-the-clock global operations – so you can avoid failures across regions.

Departmentalization/local administrative autonomy:

  • CC-SG permits you to access network partitioning.
  • You can segment by access tools, Raritan device type, user type, etc.

You may deploy CC-SG units across different subnets.

Seamless Backup Configuration

“Cluster” configuration provides appliance redundancy through primary and secondary CC-SG deployments on different subnets and/or geographical locations.

Note that the CC-SG virtual appliance cannot be included in a cluster. Raritan supports the VMware High Availability feature for failover of a virtual appliance.

You get instant, seamless failover if the primary unit fails.

Web Browser Access to CC-SG

CC-SG supports Web browser access to either an IP address or host name. A single sign-on via the Web browser interface is available in some applications that can accept automatic username and password entries but do not require additional entry fields like session ID. Access to the Dominion PX Web interface and Dell RAC4 administrative UI are two examples of Web browser interfaces that support single sign-on.

It provides centralized and audited access to any Web server-equipped device such as power strips, embedded service processors and Web-based proprietary IT applications.

Auditing and Audit Trail Reporting

The CC-SG administrator can sort the audit trail report based on categories. For example, the administrator can choose to view only authentication messages for remediation purposes, security messages for monitoring purposes or virtualization messages for virtual machine-related activity tracking. The administrator can choose to view only tasks of embedded- or access-related audit messages. Additionally, the administrator can use a wild card search to find specific audit messages.

Node auditing requires users belonging to a group selected by the CC-SG administrator to enter free text audit information whenever accessing any interface. This information can be viewed in both the audit trail report and the node audit tab.

CC-SG permits granular audit trail sorting for specific purposes like remediation, security and debugging.

It gives you the ability to capture activity reported by system users such as contractors and temporary workers.

Remote Monitoring and Capacity Planning Tools

CC-SG provides a variety of tools to monitor real-time and over-time performance of CC-SG. Once activated, these tools can capture or display information such as CPU, memory, hard disk space, etc.

Using the real-time data capture tool, customers can view information in a graphic format and create e-mail alerts based on thresholds they set. With the over-time data evaluation tool, customers can see their CC-SG performance graphed over time.

CC-SG allows secure, remote monitoring tools that can be activated by customers to monitor their CC-SG hardware performance and alert them when action may be required on their part.

GUI and User Experience Improvements

During its life cycle, several improvements have been introduced to the CC-SG to provide a better user experience. For example, CC-SG administrators can require acknowledgment before any power operation takes place, such as powering off a server. Additionally, the node profile was enhanced to include a tab structure that is more useful to users and includes more useful information.

The continued improvement of the CC-SG UI helps enhance the user experience for Raritan customers.

HP iLO2 Support

CC-SG supports single sign-on console access to HP servers equipped with iLO2 processors. In addition, CC-SG provides remote power on/off/cycle and graceful shutdown capabilities to these HP servers.

CC-SG increases productivity in environments where servers with iLO2 are deployed along with CC-SG.

Virtual Media

CC-SG supports control of virtual media access policies. Three options of authorization are available for virtual media: deny, control and view only. Virtual media is available for OOB nodes connected through a virtual media CIM to a Dominion KX II device managed by the CC-SG. Virtual media can be mounted on a client system or on a remote network drive equipped with a USB connection.

This feature makes it easy to re-image (apply a new OS), boot or upgrade the device remotely.

WS-API Support

An optional WS-API is available for use with CC-SG.

This allows access of CC-SG, connected nodes and other CC-SG functions from your own customized client application

Synchronize Data with Power IQ®

CC-SG pulls data from Power IQ for easy, convenient data synchronization.

Ensure that CC-SG and Power IQ have common infrastructure data.

Save time by not duplicating data entry tasks. Node, interface, device, port and other information is easily synchronized.

Data Import/Export

CC-SG includes a very comprehensive import/export capability. CSV files can be imported to help expedite the process of configuring devices, nodes, users, associations and PDUs. Import/export files include:

  • Import and export of categories and elements
  • Import and export of user groups and users
  • Import and export of nodes and interfaces
  • Import and export of devices and ports
  • Power IQ import and export file

By maintaining information in a spreadsheet of IT infrastructure profiles, administrators can easily manipulate data and save it as a .csv file for importing into CC-SG, saving time.

Administrators can leverage the data already in CC-SG, easily export data from CC-SG to create a master file, make any necessary changes, then return it to CC-SG or use it in other applications.

Share data between CC-SG and Power IQ.

DRAC 6 Support

In addition to the long-existing support for DRAC 4 and 5, CC-SG now provides access to Dell Remote Access Controller 6. Access to the controller is available through the following interfaces:

  • Telnet
  • SSH
  • Web Browser
  • IPMI Power

Organizations with Dell servers who have migrated from DRAC 4 or 5 to DRAC 6 can conveniently access them through CC-SG.

Customers who need standard KVM access to some servers and access through DRAC to others can conveniently manage all resources through a single CC-SG client.

THÔNG SỐ KỸ THUẤT

CommandCenter Secure Gateway CC-SG V1 CC-SG E1
Form Factor 1U 2U
Dimensions (DxWxH) 17.3″x 24.2″x 1.75″; 440 x 615 x 44 mm 17.3″x 27.5″x 3.5″; 440 x 699 x 89mm
Weight 23.80lb; 10.80kg 44.1lbs; 20kg
Power Single Supply (1 x 300 watt) Dual Supply (2 x 500 watt)
Operating Temperature 10 – 35 0C
10 – 40 0C
Mean Time Between Failure (MTBF) 38,269 hours 53,564 hours
KVM Admin Port (DB15 + PS/2 or USB Keyboard/Mouse) (DB15 + PS/2 or USB Keyboard/Mouse)
Serial Admin Port DB9 DB9, DB10
Console Port 2 x USB 2.0 Ports 2 x USB 2.0 Ports
Hardware
Processor Intel® Core™ 2 Duo E8400 Intel Xeon® X3360
Memory 4 GB 8 GB
Network Interfaces (2) 10/100/1000 Eth. (RJ45) (2) 10/100/1000 Eth. (RJ45)
Hard Disk & Controller (2) 80 GB SATA @ 7,200 rpm, RAID 1 (2) 150 GB SATA @ 10,000 rpm, RAID 1
CD/ROM drive DVD-ROM DVD-ROM
Remote Connection
Protocols TCP/IP, UDP, RADIUS, LDAP, TACACS+, SNMP, SNTP, HTTP, HTTPS

024 7303 4068