How it worksRelying on IPPower's Secure Connectivity Services, ServerControl allows the creation of a higly encrypted secure tunnel between the client PC and the remote server. Through the tunnel, any maintenance software tool (like remote control applications, a terminal application or a browser accessing a web-based configuration tool), can reach the remote server to give technicians full access to the controlled machine. In a typical scenario, a server is connected to an InfraNode hardware controller through a local area network connection. Optionally, the InfraNode also controls the mains power of the servers. The InfraNode is able to connect an InfraReachServer using multiple paths, both IN-BAND and OUT-OF-BAND, depending on its configuration: normally, the InfraNode will work IN-BAND, reaching the InfraReachServer via the corporate LAN and/or firewall (optionally an InfraGate can be deployed in parallel with the firewall to serve as a maitenance dedicated gateway only for the purpose of the InfraReach connection, thus avoiding any re-configuration of the company's security setup). In addition to the normal network connection, the InfraNode can be configured to use an OUT-OF-BAND PSTN dial-up connection to an internet service provider or a GSM/GPRS connection as an emergency backup of the existing standard connectivity. Once connected to the InfraReachServer, the InfraNode authenticates itself using the IP Power Technologies Security Standard that guarantees the identity of the controller and the safe exchange of session keys. On the other side, the user's PC is running the InfraClient software that, using a 1024-bit RSA key (stored on a scrambled pass phrase protected file normally on a removable security USB memory device), is able to reach the InfraReachServer and authenticate with it just like the InfraNode does. After both sides have successfully authenticated themself with the InfraReachServer, a secure tunnel is established over a direct IP connection between the InfraClient and the InfraNode, no matter what kind of connectivity is used between them (Local LAN or Internet). From this moment, the user's PC sees a new network connection that, at the operating system level, works just like any other network connection: this way, any remote control tool is able to securely reach and operate the remote server. For example, a Windows Terminal Server can be accessed under complete security, or a computer running VNC, PC Anywhere or Remotely Anywhere can be easily controlled by the user. A Linux machine can be accessed through common maintenance tools like VNC or a web-based configuration tool like the well-known Webmin, or even accessed through its console port using a terminal application for an even deeper control when no network access is available. Step-by-step to secure remote controlThe user has to take taking very few very simple steps to manage a remote server using ServerControl.
The advantages of this approach are multiple: first, the connection to the remote server is completely automated and secure. In addition, all computers are managed centrally making it easier than ever to maintain any large IT infrastructure and all servers are available right inside a web page. Access mode is fully customizable allowing the user to choose the most appropriate tool for every different server (for example using webmin or a terminal application for Linux servers and Remote Desktop Connection for Windows servers). | Key featuresCentralized management of single servers as well as complex network State of the art security with 1024bit RSA key authentication and strong encryption Web based interface for maximum usability with minimum training Compatibility with any third-party remote control tool allows seamless integration with existing infrastructure Security highlightsServerControl relies on IPPower's Secure Connectivity Services to create a strongly encrypted communication channel on top of existing connectivity services like the corporate network and/or the Internet.
A unique key is stored inside the InfraNode's hardware whereas the user's key reside on a scrambled file pass phrase protected normally on a removable USB memory device. Two-level security The Virtual IP TunnelWhat makes ServerControl stand up against concurrent solutions is the InfraClient-InfraNode connection technique: a virtual network interface with its own IP address is created on the user's PC. This interface is the entry point to the secure IP tunnel terminating at the remote InfraNode and is seen by the operating system as a normal network interface: any data sent to the virtual IP connection is transparently and securely tunneled through the InfraNode to the remote server which has its own virtual IP. This makes ServerControl compatible with any remote control tool on the market. |
Additional ServerControl functionalities
Power control
In addition to the secure IP tunneling, InfraReach's exclusive power control functionality allows the user to perform a remote server's power-down/power-up cycle when the InfraNode is connected between the mains supply outlet and the server's power input. This way, a completely frozen machine can be rebooted without any need of local access or a server made unaccessible after a security breach can be cut off the network immediately.
Monitoring and alarming
On Windows servers, ServerControl also supports a complete range of alarming functionalities triggering selected events as they happen: for example
- A program was started
- A program stopped
- The system is low on memory
- A program is using memory away from a predefined range
- Disk full condition is incoming
This functionality is key to prevent critical or even dangerous situations by making technicians aware of the incoming problem on time thanks to the alarm notification via email or even SMS: a fine-grained configuration of the alarm reaction is available on a customizable alarm severity basis.
Connecting to the InfraReachServer with his Internet browser, the user has immediate visibility on the state of health of the monitored servers. In addition, a complete history of the alarms is available along with a detailed view of each alarm. The technician can also handle each single alarm or groups of alarms and store and track all the intervention made to solve the fault. This means auditing and control easy and reliable.
Monitoring and alarming support on linux servers will be released shortly.