The User Directory – A Vital Tool for Managing Console Access Server User Capabilities

In a typical out of band management application, a console access server (http://www.wti.com/c-51-console-access-servers.aspx) is often connected to a variety of different network elements. This type of configuration allows remote access to console port command functions on each connected device, but it also creates a bit of a user management problem, in that you might not want to allow every user to have access to every connected device. A multi-level user directory often provides the best solution for managing multiple console access server users, and making certain that each user can access the devices that they need to access, yet are denied access to devices that belong to other users.

A multi-level user directory simplifies the process of managing multiple console access server users by providing administrators with a convenient means to grant or deny each user’s access to specific serial ports, command functions and services. This allows the administrator to custom tailor the command and port privileges of each individual console access server user, and provides a quick, simple way to ensure that users are only allowed to connect to network elements that are appropriate to their job function and that only authorized users are granted access to console access server configuration functions.

Ideally, a multi-level user directory should allow administrators to permit or deny each user’s access to each console access server serial port. This ensures that each user only employs the console access server to communicate with appropriate network elements. This is a vital capability for any out of band management application where multiple users need to access different devices at the same remote network site. For example, a network administrator might want to allow IT support personnel to access all console access server serial ports, while permitting another user to only access one or two appropriate devices.

In any application where multiple users will employ the console access server, it’s also important to regulate the types of commands that each user is allowed to invoke. The reasons for this are many. For example, you might want to prevent unqualified users from accidentally changing configuration parameters, yet allow IT support personnel full access to configuration functions. In addition, it’s also helpful to be able to restrict some users to only status display commands. This allows administrators to create “guest” accounts for users such as managers who might be interested in reviewing event logs or temperature logs from a remote network site, but have no need to change parameters or connect to remote devices.

If your out of band management application includes remote users who will contact the console access server from off-site locations, it’s also helpful to be able to filter the types of service that are available to each user account. This allows administrators to permit or deny user access via local console port, Telnet, SSH or web, and also restrict access to features such as outbound SSH capabilities.

In order to simplify the process of quickly setting up user accounts, it’s also helpful for the user directory to include pre-defined access levels, which can be quickly assigned to each new user account. For example, if the console access server user directory includes an administrator level which provides access to all commands and ports, a user level that allows access to only connection commands and specific ports, and a basic level that only permits access to status display commands, this allows appropriate command capabilities to be quickly assigned to each user, rather than picking each individual command capability for each individual user.

A console access server is an important element in any out of band management application, in that it provides users with out of band access to to serial console ports on remote devices, and allows administrators to check temperature, user events and alarm actions at remote network sites. But given the wide range of capabilities that are provided by a console access server, it’s clearly important that the console access server must also include a means to manage user access to these vital functions. A multi-level user directory provides the perfect tool for granting appropriate port and command privileges to each user, and making sure that users don’t access serial ports and command functions that are not appropriate to their job function.

Link to Original Content

Tags: , , , , ,

Comments are closed.