Remote boot

Harold van Oostrom pedge at lanceerplaats.nl
Thu Jan 16 20:24:01 CST 2003


On Fri, Jan 17, 2003 at 12:07:03AM +0000, Philip Rowlands wrote:
> On Thu, 16 Jan 2003, Michael Redinger wrote:
> 
> >PE 1650 has an ERA, but it is deactivated per default. You have to buy the
> >activation key for it (if you didn't include this when buying the server,
> >this costs about 150 euro (=dollar)).
> 
> Please elaborate; is this equivalent as Sun's LOM (lights-out
> management)? Is it different to the DRAC card ($300)? I can't see this
> option on Dell's website when configuring a PE1650.

Phil,

The options appears to be missing on www.dell.com but it is on the Euro site:

http://commerce.euro.dell.com/dellstore/config/frameset.asp?s=ukbsd&l=en&m=gbp&c=607&n=3119&cu=ukbsd&pch=1&pn=3119&sbc=ukbsd&b=31868

Sun's LOM gives you complete control over the machine and requires only
a serial connection. It is more expensive though ;-)

Connecting to ERA requires a M$ computer with IE with java plugin, and if 
you want console redirection (say if you want to go into the BIOS) then 
that must be in the same LAN as the ERA. (Note 1)

Taken together these requirements make the ERA pretty useless for
remote management.  That's why people buy remote boot switches and
use Linux serial console instead.  But see my earlier post(s).

Cheers,
Harold.

(Note 1)
Well strictly speaking it needn't be, if you manage to setup the right NAT 
rules in a firewall you can probably make it work.

Has anybody done this ?

You'ld still better tunnel your connections though since

ERA has VIRTUALLY NO SECURITY. 

Essentialy this VNC Q+A applies:
http://www.uk.research.att.com/vnc/faq.html#q55

The ERA password is hashed with a challenge, but that doesn't help much 
as the sessionid which is sent in the clear as a cookie header in every
request, is sufficient to authorise subsequent requests.

This means that when connecting to your server over public internet
someone in between your browser and the ERA card could:

o sniff your normal password(s) while you login using console redirection

o execute arbitrary commands while you are logged in using console redirection

o power-on, power-off your server while you are using the ERA

But if that is any relief to you, your ERA password cannot be sniffed ;-)
 




More information about the Linux-PowerEdge mailing list