Console Server Design Considerations
Ron McCarty
When considering a console solution, a review of the common features available can ensure that the design meets your requirements. Although few environments need all features, it is important to understand the features available in order to measure the importance of features, rank them appropriately, and decide on the best solution for your own environment.
Rights and Authentication
Because of the escalated privileges provided on the console ports on many variants of Unix, rights and authentication features should receive careful consideration. Granularity is the key to flexibly; however, if the solution offers too much granularity, then the rights administration should support a grouping methodology to allow rights to be summarized and applied easily. Specific features to review are limiting users (or groups) to specific ports, time of day login (especially important for operators or outsource data centers), administrator access and limitation to the console, and assistance mode for viewing other sessions.
The types of authentication supported by console servers have improved drastically, with most console servers supporting multiple authentication methodologies. Popular implementations include RADIUS, TACACS, LDAP, and Microsoft Active Directory. Typically one or more of these authentication methods already exist in many environments. The following provides a brief overview of each.
Local Accounts -- Most console servers will have a method of maintaining simple user IDs and passwords. Ideally, a couple of local accounts can be provisioned to be a backup method to the preferred authentication protocol.
|
