Configuring for Terminal Concentrator Connections
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Figure 5.7 illustrates a terminal concentrator with direct serial connections to multiple servers running Emergency Management Services. The optional modem connects to the terminal concentrator. The remote management computer can connect to the terminal concentrator over the network for an in-band connection or over the phone line for an out-of-band connection when the network is not available.
Figure 5.7 Remote Connections with Terminal Concentrator
.gif "Remote Connections with Terminal Concentrator")
The servers running Emergency Management Services connect to the terminal concentrator with serial connections using the VT-UTF8 terminal definition. The serial connections might be provided by null modem cables or by service processors. The number of serial ports provided by the terminal concentrator determines the number of servers that can be supported in this configuration. If the terminal concentrator is integrated with intelligent power switch functionality, you can use this configuration to power servers off and on.
The remote management computer connects to the terminal concentrator over the standard network by using an in-band tool, such as Telnet or SSH, that supports the VT-UTF8 terminal definition.
This configuration requires physical security between the servers and the terminal concentrator. In addition, it is important to provide logical security for the terminal concentrator. Because access to a terminal concentrator provides access to multiple servers, it is important to ensure that only authorized persons can gain access, as described in "Providing Security for Remote Management" later in this chapter, thus protecting the connected servers from denial-of-service attacks. The terminal emulation software supported by the terminal concentrator helps determine the logical security between the management computer and terminal concentrator. For example, some terminal concentrators have SSH built in to provide authentication and encryption. If the terminal emulation software does not support authentication and encryption and the network is accessible to outsiders, an unauthorized person can sniff the network to obtain credentials for your servers. Another solution is to use a private, secondary network for remote management.
The advantages of this type of configuration are:
Supports remote management for multiple servers
Combined with firmware console redirection, provides broad functionality
Supports logical security
Can support the use of legacy computers
The primary disadvantage of this configuration is that it requires additional hardware.
This configuration is an excellent alternative to service processors. When combined with firmware redirection, this configuration provides functionality comparable to service processors without the additional costs. It provides a way to obtain state-of-the-art technology with legacy computers. For a document to assist you in setting up remotely administered servers in this type of configuration, see "Headless Server Quick Start" (SDCEMS_1.doc) on the Windows Server 2003 Deployment Kit companion CD (or see "Headless Server Quick Start" on the Web at https://www.microsoft.com/reskit).
This configuration can be used for the moderate remote management example described in "Examples: Selecting Remote Management Tools" earlier in this chapter.