At 9:51 AM -0600 on 3/18/04, Kelly Setzer wrote:
On Thu, Mar 18, 2004 at 09:07:31AM -0500, Steven M. Bellovin wrote:
In message <g3d67ag03k.fsf@sa.vix.com>, Paul Vixie writes:
I agree, lack of interactive access to a system prior to a functional OS being loaded always seemed like a potential problem area to me, particularly for something based on common PC architecture.
http://www.realweasel.com/ is your friend. (isc has about a dozen of 'em.)
Realweasel is a great idea if you can afford it -- but the PCI version lists for $350, which is as expensive as some used 1U servers on EBay.
Is there an effective alternative? All the intel "servers" these days seem to have one of those handy-dandy (note: sarcasm) ethernet ports variously called "integrated lights-out (ILO)" or "lights-out management (LOM)", etc.
I am dismayed that intel-based server vendors haven't noticed the decades-old trend of having serial ports for emergency/remote access.
Kelly
Many of the SuperMicro motherboards currently have BIOS-level serial consoles that can be activated, and the Intel 440 series also had it (I have 20 or 30 of them). This means I see the BIOS power-up debugs, can get into the BIOS configuration, I see the SCSI PCI messages, just as if there was a screen and keyboard attached to the machine. I don't know what Intel offers today, but I suspect they kept the serial console capability on their server class systems. I suspect other vendors have similar features, but I don't have a large enough sample to say if it's "common" or not. I suspect that serial consoles are common on "high-end" server motherboards, but probably don't exist on the less expensive models, a difference which I'll chalk up to market pressures. If the server you're evaluating doesn't have serial OOB, then I would have grave suspicions about other aspects of it's construction, as the lack of a serial console indicates lack of "server requirement" clue. This gets back to a previous discussion from quite some time ago about standardized out-of-band configuration interfaces for equipment... The combination of an APC 9210 power cycle device plus a Cisco 2511 or 2509 with an octal serial cable has never failed me, and I'm at the "low end" of the price scale for my personal systems. While I do prefer a "real" serial LOM kit (i.e.: Sun Microsystems) the pricepoint for i386-type 1u servers is difficult to match. I've never had a lockup I couldn't get out of, as long as I've hooked up the cables the right way. All my systems are at least 600 miles away, and some of them are 3500 miles away, so I have to rely completely on my out-of-band network. I converted from Sun to Intel-based systems about two years ago, and I've been very pleased with the performance and price, though I miss the quality and consistency of Sun hardware. For DNS, personal web, mail, and other mundane tasks, I find that I'm able to afford serial OOB-capable Intel-based systems of two or three years ago (PIII) which have enough horsepower to do the trick. RealWeasel is too expensive (even with the hypothetical NANOG discount) though extremely nice. As previously mentioned, I can purchase an entire system with serial console built in for that price. If I had a vendor-specific piece of equipment that simply did not do the Right Thing but was tied to a particular motherboard, then I'd consider a RealWeasel. Continuing the thread of costs for a 1u "personal" co-lo offering, here is a little back-of-the-ebay-napkin surfing: $250 (Cisco 2511 w/cables) + 2x$200 (APC 9210) + 16x$270 (1u Intel PIII 650/2x18gSCSI/1g) = $4970 for 16 remotely-configurable/rebootable machines in 19u of space. Now, double that for 38u (4u short of a full rack) and add a Cisco 3548 at $1600. That turns into $11540 for 34 machines, all remotely manageable with remote power cycle. One of those systems could be an altq traffic shaper/router. Not a bad configuration for a best-effort 1u rental service. The trick of course is getting 32 identically-configured 1u machines at this price, with some spares. It's nice to buy equipment on eBay on a one-by-one basis, it doesn't scale for bulk purchases of identical equipment. Does listing example ebay auctions substitute the legitimacy of posting router configs? Probably not. http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=3081026454&category=1484 http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=3080508042&category=11185 http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=3082713166&category=20315 http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=3082896913&category=28040 JT