A Simple Way to Manage Console Server Access Rights for Multiple Users

A console server can be an extremely handy tool for remote network administration; sometimes, it can be almost too handy. Access rights usually aren’t a problem when only your IT support staff have access to your console server, but often, once other departments discover what can be done with a console server, they’ll suddenly need to use the console server too.

The very same capabilities that make a console server so useful, can also lead to situations where you need to set different access rights for each user in order to ensure that users don’t exceed their authority and connect to network devices that they have no business connecting to, or employ network services that network administrators need to reserve for themselves.

For example, what if you need to allow a users in one department to access command functions on one one group of servers, while restricting them from accessing command functions on a second group of servers? Or to complicate the situation even further, what if you have users in two different departments who need completely different port access rights, with no overlap between the two departments?

Obviously, the best way to avoid conflicts like this, is to have a means for granting different access rights to each user or user group. WTI console servers include a convenient User Directory, which allows Network Administrators to easily add users or remove users, and custom tailor port and service access rights to each user.

The User Directory effective allows you to fine tune port access permissions for each user, as well as restrict certain users from performing certain types of console port functions. The User Directory allows network administrators to rank each console server user as either an Administrator, a Super User, a regular user or a “View Only” users.

Once the access level has been set, Administrators are allowed to access all serial ports and all command functions, SuperUsers are allowed to access all serial ports, but are prevented from invoking console server configuration commands, regular users can be limited to only specific console ports and are prevented from changing console server parameters, and View Only users are allowed to view status menus for only specific ports and are restricted from invoking any console server commands.

In addition to setting Access Levels for each console server user, the User Directory can also be used to specify which console ports each regular user is allowed to access, select usernames and passwords for each user account and determine whether each user will be allowed to access the console server via Telnet, SSH, Serial Port or Web.

The User Directory can also limit user access to outbound SSH and outbound Telnet capabilities, and define a “callback number” for each user account in order to provide security for dial-up access.

The User Directory provides a single interface that can be employed to quickly set up user accounts and access rights, in order to ensure that certain console server functions are allowed for the users who really need to use them, yet restricted from users who need to be locked out of those same functions. This allows network administrators to make certain that console server users stick to the capabilities that they need, and don’t accidentally create a huge mess by changing console server configuration parameters or connecting to devices that need to remain out of their reach.

For over 30 years, Western Telematic, Inc. (WTI) has been an innovator in the field of remote management for IT facilities. Our comprehensive product line includes a wide range of Serial Console Server products, Switched PDU products and Remote Reboot Switch products to provide secure, remote management of servers, routers and other devices.

Link to Original Content

Tags: , , , , ,

Comments are closed.