Managing data centres via wireless link
Data centre management is about to go mobile.
By John Brandon, Computerworld | Computerworld UK | Published: 01:00, 30 August 2007
Data centre management is about to go mobile. Network and systems administrators are tired of working in a cramped environment that is alternately too cold or too hot, and so the idea of managing software and servers via a wireless hookup is about to come into its own, some observers believe.
Admittedly, this setup has its problems, including concerns about interference slowing the performance of a mission-critical application, such as server maintenance, and security. In most wireless setups, security is often geared for executives checking e-mail, not an admin configuring access for a new accounting department ERP rollout.
Indeed, for most large companies, Wi-Fi is the purview of business travellers, those PDA- and laptop-toting power users who need anytime, anywhere access in corporate buildings, at airports and hotels, and at Starbucks. But this kind of access back to the data centre is just a matter of time, some believe.
"Remote management over wireless is a big request we get almost daily," says Craig Mathias, principal and founder of Farpoint Group, an expert in wireless networking technology. "No one wants to sit there all day in the data centre looking at a console; they have other things they want to do."
"Wireless access offers admins a way to escape constant noise and heat of the data centre," says Charles King, an analyst at Pundit-IT Research. "It also offers a single and unified method for delivering data centre performance information so it could be useful for aggregating that information to a single location or console. That could help improve or make more efficient management processes."
Wireless remote management: controversy and benefits
Today, if they do perform systems-management tasks remotely, most administrators typically do so over telnet and a wired connection located in the same building as the systems they're managing. If they do access the data centre remotely, it is usually to review reports or alerts via a cell phone, not to actually change user accounts or configure systems management settings.
But one analyst is not in favour of suggesting Wi-Fi as a proper remote management connection at all.
"Regardless of how you secure a WLAN, it's usually a no-no to connect to mission-critical data centre infrastructure that way," says George Hamilton, director of enterprise infrastructure at Yankee Group Research. "If you're in the building, why do you need to connect to the data centre LAN from a WLAN? You can telnet in" or access the data centre via a compact Java virtual machine that runs on a portable device, also known as a KVM.
Still, even when there's a LAN port in every cubicle and conference room, wireless hookups would allow admins to get more mobile, address issues with individuals or departments from a laptop and pretty much work from anywhere. And even though it's less than ideal from a security standpoint, Hamilton agrees that demand might necessitate allowing the wireless option for data centre management.
"Given proper security, it does give the operator flexibility to access the environment where it is convenient for him or her," says Hamilton. "An admin could go to a particular [software or hardware] engineer in the building and troubleshoot in their presence." One way this could happen: Hamilton points to companies that provide remote-management features for smart phones and handhelds.
There are other vendors that specialise in remote data centre management. Avocent recently announced a family of serial console servers for remote management of small and mid-sized data centres. Another is UK-based Adder, which recently announced the AdderLink ipeps (IP engine per server) to help access servers no matter where they are located. "If you can get remote access to the data centre, it doesn't matter if you are near the user or not near the user, or near the data centre or not near the data centre," adds Mathias, agreeing that Wi-Fi offers remote benefits. "The keyword is convenience."
Hackers compromised a wireless network at retailer TJ Companies recently, stealing 45 million credit card numbers. Wardriving, where hackers drive around looking for open access points, is common around enterprise campuses, and Linux distributions with tools for hacking both WPA and WEP encryption measures are readily available. One of the most common tricks: just guessing an admin's WPA pass code, which if remote management is conducted over wireless link, opens the door to steal financial data or trusted company information.
However, when secured properly, a wireless connection is just as impenetrable as a wired connection.
"You could argue that that physical security is better over a wired connection, because you can lock the console in the data centre," says Farpoint's Mathias.
"But you can lock down access to applications, and that is not a wireless issue at all. Passwords on the laptop, passwords in the remote management suite, two-factor authentication all helps. You should definitely use a VPN, strong authentication and 802.1x."
King agrees. "Strong encryption and user key management should address most security concerns, and since those processes are common in many data centres, extending them to a wireless management network shouldn't be too difficult," he says. "Depending on the location of the data centre, network monitoring for possible intrusions is another option."
With strong encryption, user keys and VPN/802.1x, wireless becomes more viable for admins. But interference is a nagging problem. If the access point is situated near the data centre, metal cabinets can cause serious bottlenecks and failures.
King suggests working with experienced wireless networking consultants to configure the networks, weed out interference problems and test throughput.
Mathias explains that interference is an increasing problem, although in the enterprise there is usually a better network design so that one WLAN is not causing problems for another. This is unlike home environments, where channel congestion is common. Also, when interference does occur, it is usually a blip that causes slight delays, says Mathias. In a home environment, these delays are more noticeable because users see stuttering in a video stream, or hear break-ups during a VoIP phone call.
"If you are concerned about interference, and we think anyone running a large WLAN should be, there are tools such as Cognio Spectrum Expert 3.1 that are very cost effective, and will let you look at all kinds of interference -- and not just from other wireless LANs," says Mathias, who also suggested tools from Berkeley Varitronics Systems Both tools allow you to measure wireless speed, see competing 802.11b and 802.11g signals and monitor signal strength.
King agrees that interference is a thorny issue and one that could easily make Wi-Fi access for data centre admins more of a hindrance than a help. Rather than going mobile in the building, admins working on mission-critical systems should probably rely on a wired connection, telnet or just use the console in the data centre room itself, he suggests.
John Brandon worked in IT management for 10 years before starting a full-time writing career.