IpPower - ServerControl

ServerControl is the InfraReach product of choice where secure remote control and maintenance of network servers or application PCs is required.

How it works

Relying on IPPower's Secure Connectivity Services, ServerControl allows the creation of a higly encrypted secure tunnel between the client PC and the remote server. Through the tunnel, any maintenance software tool (like remote control applications, a terminal application or a browser accessing a web-based configuration tool), can reach the remote server to give technicians full access to the controlled machine.

In a typical scenario, a server is connected to an InfraNode hardware controller through a local area network connection. Optionally, the InfraNode also controls the mains power of the servers. The InfraNode is able to connect an InfraReachServer using multiple paths, both IN-BAND and OUT-OF-BAND, depending on its configuration: normally, the InfraNode will work IN-BAND, reaching the InfraReachServer via the corporate LAN and/or firewall (optionally an InfraGate can be deployed in parallel with the firewall to serve as a maitenance dedicated gateway only for the purpose of the InfraReach connection, thus avoiding any re-configuration of the company's security setup).

In addition to the normal network connection, the InfraNode can be configured to use an OUT-OF-BAND PSTN dial-up connection to an internet service provider or a GSM/GPRS connection as an emergency backup of the existing standard connectivity. Once connected to the InfraReachServer, the InfraNode authenticates itself using the IP Power Technologies Security Standard that guarantees the identity of the controller and the safe exchange of session keys.

On the other side, the user's PC is running the InfraClient software that, using a 1024-bit RSA key (stored on a scrambled pass phrase protected file normally on a removable security USB memory device), is able to reach the InfraReachServer and authenticate with it just like the InfraNode does.

After both sides have successfully authenticated themself with the InfraReachServer, a secure tunnel is established over a direct IP connection between the InfraClient and the InfraNode, no matter what kind of connectivity is used between them (Local LAN or Internet). From this moment, the user's PC sees a new network connection that, at the operating system level, works just like any other network connection: this way, any remote control tool is able to securely reach and operate the remote server.

For example, a Windows Terminal Server can be accessed under complete security, or a computer running VNC, PC Anywhere or Remotely Anywhere can be easily controlled by the user. A Linux machine can be accessed through common maintenance tools like VNC or a web-based configuration tool like the well-known Webmin, or even accessed through its console port using a terminal application for an even deeper control when no network access is available.

Step-by-step to secure remote control

The user has to take taking very few very simple steps to manage a remote server using ServerControl.

	1. The user navigates with his browser to the address of the InfraReachServer and logs in. The InfraReachServer's web interface shows a list of remote devices the user has rights to access. Overall, the web interface is as easy to use as a usual web site or portal.

	2. Near to the name of the remote server he wants to control, the user clicks the "Control this PC" link. The secure connection is transparently created in the background.

	3. No additional operations are usually required to the user: a pre-configured application is automatically run to access the remote server via the secure IP tunnel: this could be a browser accessing a web-based remote control/configuration tool (VNC, PC Anywhere, Webmin or any other) as well as any other client application (for example a telnet or ssh client).

The advantages of this approach are multiple: first, the connection to the remote server is completely automated and secure. In addition, all computers are managed centrally making it easier than ever to maintain any large IT infrastructure and all servers are available right inside a web page. Access mode is fully customizable allowing the user to choose the most appropriate tool for every different server (for example using webmin or a terminal application for Linux servers and Remote Desktop Connection for Windows servers).

Key features

Centralized management of single servers as well as complex network

State of the art security with 1024bit RSA key authentication and strong encryption

Web based interface for maximum usability with minimum training

Compatibility with any third-party remote control tool allows seamless integration with existing infrastructure

Security highlights

ServerControl relies on IPPower's Secure Connectivity Services to create a strongly encrypted communication channel on top of existing connectivity services like the corporate network and/or the Internet.

The InfraClient application running on the user's PC and the remote InfraNode connect together after authenticating with the InfraReachServer. Both parties rely on a 1024bit RSA key that guarantees their identities and the safe exchange of session keys

A unique key is stored inside the InfraNode's hardware whereas the user's key reside on a scrambled file pass phrase protected normally on a removable USB memory device.

Two-level security
The InfraReachServer monitoring and administration functionalities only require a valid login to be supplied, whereas any connectivity task, always performed by the InfraClient, always require the user-specific RSA key to be present on the user's PC. This ensures an even higher security level on any task that directly involves a remote device.

The Virtual IP Tunnel

What makes ServerControl stand up against concurrent solutions is the InfraClient-InfraNode connection technique: a virtual network interface with its own IP address is created on the user's PC. This interface is the entry point to the secure IP tunnel terminating at the remote InfraNode and is seen by the operating system as a normal network interface: any data sent to the virtual IP connection is transparently and securely tunneled through the InfraNode to the remote server which has its own virtual IP. This makes ServerControl compatible with any remote control tool on the market.

Additional ServerControl functionalities

Power control

In addition to the secure IP tunneling, InfraReach's exclusive power control functionality allows the user to perform a remote server's power-down/power-up cycle when the InfraNode is connected between the mains supply outlet and the server's power input. This way, a completely frozen machine can be rebooted without any need of local access or a server made unaccessible after a security breach can be cut off the network immediately.

Monitoring and alarming

On Windows servers, ServerControl also supports a complete range of alarming functionalities triggering selected events as they happen: for example

A program was started
A program stopped
The system is low on memory
A program is using memory away from a predefined range
Disk full condition is incoming

This functionality is key to prevent critical or even dangerous situations by making technicians aware of the incoming problem on time thanks to the alarm notification via email or even SMS: a fine-grained configuration of the alarm reaction is available on a customizable alarm severity basis.

Connecting to the InfraReachServer with his Internet browser, the user has immediate visibility on the state of health of the monitored servers. In addition, a complete history of the alarms is available along with a detailed view of each alarm. The technician can also handle each single alarm or groups of alarms and store and track all the intervention made to solve the fault. This means auditing and control easy and reliable.

Monitoring and alarming support on linux servers will be released shortly.