Harried administrators of crowded data centers stuffed with disparate gear can now command up to eight heterogeneous networking devices remotely, thanks to Arula Systems Inc.s Cerebus x8as long as they have deep pockets.
The secure, out-of-band Cerebus x8 management appliance uses standard VT100 terminal emulation and Java applets to access the administration consoles of servers, switches, routers or appliances via a Web browser. Remotely accessing these devices, which Cerebus accomplishes via serial ports through an IP network or the Internet, can save valuable time during configuration and trouble-shooting sessions, increasing productivity and uptime.
The catch is Cerebus rather steep price: Cerebus x8 costs $3,499, which works out to more than $400 per managed device. Although much more expensive than Symantec Corp.s pcAnywhere remote access software, Cerebusunlike pcAnywherecan manage more than just servers: IT managers can plunk the 3.5-inch-high Cerebus on a rack with eight devices and manage the entire rack remotely through the network.
Available since last month, Cerebus x8 supports Windows NT, Linux and Unix servers from such vendors as Sun Microsystems Inc., IBM and Hewlett-Packard Co., along with Cisco Systems Inc. routers and switches, hardware firewalls, and load balancersbasically any networking device with a serial console connection.
The initial configuration of the Cerebus was fairly straightforward in eWeek Labs tests, once the physical connection between the hardware systems and the appliance was established. Cerebus has eight RJ-45 (standard Ethernet) ports for connection to the hardware, but because hardware vendors have different pin-out configurations for their serial console ports, trying to find the right RS-232-to-RJ-45 connector can be frustrating.
For example, we easily connected and accessed the administration console on a Cisco Catalyst 2900XL switch because it has an RJ-45 console port, but we had to try several RS-232-to-RJ-45 connectors before we could connect another switch. After trial and error, we connected the Cerebus to several network devices.
Next, we assigned separate IP addresses to each port to manage the devices from different network segments and then set up users and passwords, enabled SSL (Secure Sockets Layer) encryption, rebooted the port, and accessed the devices with Microsoft Corp.s Internet Explorer and Netscape Communications Corp.s Communicator.
Remote shell game
Establishing remote access to Windows NT servers required the installation of Heroix Corp.s RoboER, which comes bundled with the box. Running as a service in NT, RoboER provides a simple text-based command shell with which managers can remotely monitor and troubleshoot the server.
We used the Cerebus to remotely access an NT server with the RoboER service running and were able to monitor applications and services, view the event logs, edit the registry, and even reboot and shut down the server.
During the remote administration sessions, Cerebus SecureChat feature can be used to communicate in real time, allowing several network administrators to collaborate in problem-solving. The Cerebus also allows the creation of users as observers with view-only permissionuseful for training purposes.
Cerebus employs several security features to prevent unauthorized access to the consoles. It provides secured remote sessions through the SSL handshake protocol with 40-bit RC4 encryption. Every time users log in to the console, Cerebus sends out a session-specific ID with a 5-minute timeout. This ensures that no one can recall the log-in information from the local cache and use it to gain unauthorized access to the console.
User log-in names and passwords are protected via MD5 encryption to prevent illicit access to the user/password list.
No provision has been made to manage multiple Cerebus systems, although Arula officials said a software management solution will be available by the end of next quarter.