Remote Management Concepts

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Conventional remote management involves establishing an in-band connection to a server to manage it across the network. As a class, in-band management tools are robust, versatile, and secure. Whenever a server is functioning and available across the network, in-band management tools are the tools of choice. In the past, this type of management was the only type of remote management available for servers running Windows operating systems.

By using Windows Server 2003, you can also manage servers by using out-of-band connections that make it possible to perform management tasks when the server is not responding to the standard network connection. When you lose the capability to manage the server with the in-band connection — such as when the firmware is initializing, a Stop error occurs, or the server stops responding — you need to use an out-of-band connection to manage it remotely.

A primary purpose of the out-of-band connection is to provide a means for you to return the server to a functioning state so that you can continue to manage it with your conventional in-band tools. Out-of-band management also makes it possible for you to configure your servers for remote administration, which means the local keyboard and monitor are optional. When combined with appropriate out-of-band hardware components, Windows Server 2003–based servers need to be managed locally only for hardware installation or replacement.

Note

• For a document to assist you in setting up servers for remote administration, see "Headless Server Quick Start" (SDCEMS_1.doc) on the Microsoft® Windows® Server 2003 Deployment Kit companion CD (or see "Headless Server Quick Start" on the Web at https://www.microsoft.com/reskit).

In-Band Management

Conventional remote management tools, such as Telnet, use in-band connections for communicating with the managed server. In-band connections rely on operating system network drivers for establishing connections between computers, so a server must be initialized and operational to be managed with these tools.

The most common in-band connection hardware device is a network adapter, such as an Ethernet adapter, analog modem, or Integrated Services Digital Network (ISDN) modem. The most typical method of in-band remote management is connecting through the network directly to the server, but you can also use Windows Server 2003 remote access and virtual private network (VPN) connections to manage servers through an in-band connection.

Typical tasks performed by using in-band management tools include routine configuration, monitoring, troubleshooting, and maintenance.

Out-of-Band Management

When a server is not in a functional state and cannot be accessed by using the standard network connection, you need to use an out-of-band connection to manage it remotely. Out-of-band connections do not rely on operating system network drivers for establishing connections between computers. The following are typical situations when you might need to manage a computer by using an out-of-band connection:

• The server is powered down.

• The BIOS is conducting the POST.

• A Stop error occurs.

• The server is too low on resources to respond adequately.

• The network adapter malfunctions or fails.

• The Windows loader or Recovery Console is running.

• The server is not fully initialized.

Common out-of-band connection hardware devices include serial ports, analog modems, and ISDN modems. In addition, out-of-band hardware components known as service processors can in some cases provide out-of-band connections over the network. A service processor is a microprocessor that functions independently of the CPU(s) in a computer and provides additional server management functionality for any operating state, whether or not the operating system is functioning.

Emergency Management Services, as well as features built into some hardware components and firmware, support out-of-band connections. Hardware components that support out-of-band connections include service processors, terminal concentrators, intelligent uninterruptible power supplies (UPSs), and intelligent power switches. A terminal concentrator is a hardware device that allows you to monitor multiple servers simultaneously by connecting to their out-of-band serial ports through a single network connection. An intelligent UPS or intelligent power switch is one that provides some remote functionality, such as powering up or down or resetting a computer. These components are described in detail in "Choosing Software and Hardware Tools" later in this chapter.

Console redirection is a key out-of-band feature that sends keyboard input and character-based output destined for the local display device to the out-of-band port so that you can view the information on a remote computer. Console redirection does not preclude locally attached monitors and keyboards: a computer with console redirection can still process input from a local keyboard and display output to a local monitor.

Emergency Management Services, service processors, and some system firmware provide console redirection. The extensible firmware interface (EFI) on Itanium-based computers typically provides console redirection. The BIOS on x86-based computers might or might not provide console redirection; contact your computer manufacturer to find out.

The specific component that controls console redirection changes as the operating state changes. For example, a service processor or firmware provides console redirection during power up and during the Power On Self Test (POST), and Emergency Management Services provides console redirection as soon as the Windows loader (Ntldr) starts. You can transfer control of console redirection to another component, such as a service processor, by entering specific escape sequences from the management computer.

Additional components that support out-of-band connections are described later in this chapter.

Emergency Management Services

Emergency Management Services is a new feature in Windows Server 2003 that provides out-of-band connections through a serial port or, in the case of some service processors, an alternate network connection. With Emergency Management Services, you can perform administrative tasks remotely using an out-of-band connection. When you combine Emergency Management Services with the appropriate out-of-band hardware, you can perform all administrative tasks remotely, except for installing or replacing hardware.

Emergency Management Services features are fully or partially available when the Windows Server 2003 operating system is loading, is running, or is in distress — such as when it is slow or not responding or when a Stop error occurs.

The three Emergency Management Services features that support out-of-band management are console redirection, Special Administration Console (SAC), and !Special Administration Console (!SAC). The Windows Server 2003 loader or kernel must be at least partially functioning for these features to be available.

Console redirection

Emergency Management Services can redirect keyboard input and character-based output when any of the following Windows Server 2003 components are running:

• The operating system loader on x86-based multiple-boot computers

• Recovery Console

• The Windows Server 2003 kernel

• The command prompt (cmd.exe)

• Text-mode Setup, during Windows Server 2003 installation

• Remote Installation Services (RIS) Setup

For more information about how Emergency Management Services console redirection works with these components and when it is not available, see the Storage Technologies Collection of the Windows Server 2003 Technical Reference (or see the Storage Technologies Collection on the Web at https://www.microsoft.com/reskit).

Special Administration Console

Special Administration Console (SAC) is the primary Emergency Management Services command-line environment. It provides a variety of commands for monitoring server status and troubleshooting problems during emergencies. SAC is available whenever the Windows Server 2003 kernel is running in normal mode, safe mode, and during the graphical user interface (GUI)–mode phase of Setup.

Caution

• Using SAC during an operating system upgrade or installation might cause the upgrade or installation to fail or become unstable.

Using SAC, you can establish multiple user sessions, called channels, and switch between them. Although SAC is separate from the Windows Server 2003 command prompt (cmd.exe), you can establish a command prompt channel from SAC and then switch between SAC and the command prompt channels by using SAC commands or escape sequences. During the GUI-mode phase of Setup, you can also establish a channel for viewing setup logs so that you can troubleshoot unresponsive or failed operating system installations. You can access only one channel at a time, which means that multiuser access to SAC is not available. To create a SAC channel, you must use a local Administrator account; therefore, all the commands that you run in a channel run as local administrator.

For more information about SAC capabilities and how to use them, see the Storage Technologies Collection of the Windows Server 2003 Technical Reference (or see the Storage Technologies Collection on the Web at https://www.microsoft.com/reskit). For more information about SAC commands, see "Special Administration Console (SAC) and SAC commands" in Help and Support Center for Windows Server 2003.

!Special Administration Console

!Special Administration Console (!SAC) is a scaled-down version of SAC that is designed to recover an unresponsive system — for example, due to a Stop error. You cannot directly invoke !SAC; it becomes available automatically when a server experiences a system failure or fault. !SAC is a last-resort tool that lets you view Stop messages, obtain computer identification information, and restart the server.

Remotely Administered Servers

Remotely administered servers (also known as "headless servers") are computers that can operate without a keyboard, mouse, and local monitor. If the system firmware supports it, the video adapter and keyboard controller are also optional. Emergency Management Services, in combination with the appropriate hardware and system firmware console redirection, makes it possible for you to configure servers running Windows Server 2003 for remote administration. Redirecting firmware allows the system to pass the POST without a video adapter. When a server runs Emergency Management Services, you can manage it with both in-band and out-of-band tools, making locally attached input and output devices unnecessary.

Using remotely administered servers does not preclude having locally attached input devices. Depending on your hardware configuration, you might be able to attach and remove local devices, such as Universal Serial Bus (USB) keyboards and mouse devices, as needed.

Computer manufacturers offer systems preconfigured for remote administration that have no keyboard controller, video adapter, or mouse. For more information about purchasing a computer that you can administer remotely or configuring your existing computers for remote administration, contact your computer manufacturer.