Using Terminal Concentrators for Remote Management

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Terminal concentrators provide remote access to multiple servers through their out-of-band serial ports. The servers connect to the serial ports on the terminal concentrator with null modem cables. The remote management computer establishes a network connection to the terminal concentrator by using its network port. Typically, you use Telnet or a Web interface to remotely perform management tasks on the servers connected to the terminal concentrator.

Terminal concentrators facilitate remote management of servers in the following ways:

  • You can manage servers using a serial connection without being within the distance of a serial cable length.

  • You can monitor and manage multiple servers simultaneously from a single management computer.

  • Several administrators can simultaneously view information for different servers.

Setup, configuration, and features for terminal concentrators vary by manufacturer. When choosing a terminal concentrator, assess the following features:

  • Number of available serial ports.

  • Built-in security features, such as use of passwords and encryption.

  • Power switch capabilities.

  • Number of available Ethernet ports, if important in your environment.

Some terminal concentrators support Secure Shell (SSH), which is a secure command-line alternative to Telnet. SSH is a protocol for establishing secure connections over networks. It provides logical security for the in-band connection from the management computer by supporting strong authentication and encryption and protecting against a variety of network-level attacks. Because SSH is independent of the operating system, it provides interoperability in environments with mixed operating systems. Several vendors provide Windows implementations of SSH clients and servers. Use a Web search engine and search using the keyword "SSH" to find a variety of SSH vendors, as well as frequently asked questions (FAQs) and other documentation.

You need to provide physical security for the serial connections from the servers to the terminal concentrator. Because the security features for terminal concentrators are not standardized, you might need to provide your own logical security for the in-band connection. If your terminal concentrator does not support authentication and encryption, consider using one of the following techniques to secure the connection:

  • Use a secondary private management network that you can access with direct-dial remote access or with a VPN connection.

  • Use a router to secure the network traffic.

  • Use SSH, if the terminal concentrator supports it, instead of Telnet to provide authentication and encryption.