Love them, or hate them, graphical user interfaces bear much of the responsibility for establishing Linux’s toe-hold in the enterprise. But in making Unix friendly to new administrators, Linux GUIs have saddled administrators with the need to pump large - and arguably unnecessary - volumes of data through network connections that may not be able to support them, fully.
The addition of GUI tools is just one of a widening range of remote server management requirements that is forcing development of remote administration tools to take on a hyper-evolutionary pace.
At the high end of the scale, the better-funded data centre now sports KVM over IP technology that can show BIOS information from booting PC servers before their OS is loaded.
But it is not cheap. Avocent’s DS range of KM over IP switches start at $1,750 for a single user installation. That price tag is made up of a $1,000 DSAuth licence - one of which is required per installation - and a $750 per user license for Avocent’s DSView software. Unfortunately, there’s no getting around the DSAuth software requirement - it stores the topology, permissions and per-device contact information for each installation.
What do you get for your extra spend? Well, to reap the advantage of a consolidated view of your servers, UPSs and any serial port-equipped router, switch or hub, you will also have to attach a $1,695 Avocent CPS810 or a $2,195 CPS1610, a KVM, a user station that talks to the KVM and a battery of pricey cables and adaptors.
In return, you will get not just a consolidated view of your data centre but also the ability to trap for pre-specified strings issued by devices to flash devices, to trap failed authentication attempts and to manage SNMP.
That is perfect for big data centres but, if your server management scenario contains small branch offices, or is simply too small for the expense of KVM over IP, you are likely to be caught in the fight over which, of the many, software remote admin methods works best.
If you lord it over a purely Windows environment, pcAnywhere, Laplink and Microsoft’s built-in Remote Desktop Connection (RDC) still rule the day. Using the Remote Desktop Protocol (RDP) RDC comes at a particularly attractive price: free.
It is not free of problems, though. Serious users of RDC’s Administrator Mode will have noticed RDC’s occasional failure to let go of logged off connections. Any time this happens twice, RDC will have used both of its two default Administrator Mode connections, which forces administrators to physically log into the box and manually break both RDP connections. This is most likely to happen on a machine that is running short of RAM and is swapping memory out to disk.
Microsoft’s efforts to slim down RDP have come closer and closer to the lightweight Citrix RCA protocol, while providing almost the same screen-feel, over the network, that you experience at the console. It’s got so slim that the Windows’ GUI itself is now the main item that prevents RDC-based server administration from becoming any faster.
Microsoft is working hard to overcome that, writing a new scripting interface to replace the poorly documented Windows Scripting Host and its more or less undocumented network administration tools. Called Monad, it is likely to offer networkable, scriptable, command line-access to many more Windows components than have been exposed before. Monad is a direct response to the easy controllability of Linux. But it will probably not ship until Longhorn’s release in 1996.
Linux, of course, is key. More and more administrators face the interoperability thrills of administering both Linux and Windows servers - and from each other. Administering Windows from Linux is simple: use Linux’s rdesktop tool to make a Remote Desktop Connection.
In contrast, many Windows administrators came to Linux only recently. With their ability to configure a Linux server limited to the minimal understanding that dribbles from the teat of new Linux GUIs, they naturally adopt VNC for its ability to push a graphical desktop display through a TCP/IP connection with reasonable speed.
VNC has suffered remarkably few security bugs considering its youth and its purpose but it does require X-windows to be installed on servers. That does involve a hit on server performance and - arguably - on server security.
Many Windows administrators still do not realise the power and security of modern remote Unix server administration tools. That’s particularly true of older Windows administrators whose IT roots were established around 1970s and 1980s operating systems. Their hard-won respect for efficient use of both bandwidth and server resources frequently leads them avoid GUI remote controls and to use telnet to administer Linux systems instead.
But although they gain the efficiency of lightweight, command line-based administration, the security risk presented by telnet is too great for it to be acceptable in modern networks.
The answer is ssh. Available in commercial and free versions, ssh is the encrypted rsh replacement that has revolutionized Linux and to some extent most Unix server administration. Its slow take-up among some experienced administrators is probably due to the difficult install it presented in its early days around 1997. Ssh brought along what - for some - are difficult new concepts, such as host keys, separate user keys, public and private keys, and certificates.
Nevertheless ssh comes as standard as both server and client on all modern Linux distributions and now dominates remote Linux administration.
While well known for offering encrypted remote access, ssh is much more than secret telnet. Like rsh, it can append strings of commands and capture their output, so that:
dumps the output of the “w” command to a local file. It can transfer complete images of small remote disks using commands like:
It can do all this automatically if administrators set up certificates, or keys, that allow local and remote machines to authenticate each other without human interaction.
As late as 2000, ssh was still conceptually difficult to install on Windows but the advent of free Windows client programs like putty and pscp have brought the lightweight, super-secure advantages of ssh to Microsoft’s platform. This makes command line administration of Linux from Windows a lightweight breeze.
It’s not quite so easy, yet, to administer Windows from a Linux command line though efforts to create a native ssh server for Windows are forging ahead with the Cygwin port of various Unix libraries.
Who knows - maybe even Microsoft will consider building ssh-compatible functionality into Monad.
Related Articles on Techworld