SUMMARY: Enterprise Servers: Headless or Not?

From: Caparrosso, Nelson T. (Nelson.T.Caparrosso@Mail.AAS.ameritech.com)
Date: Thu Sep 14 2000 - 12:00:22 CDT


It seems like the overwhelming consensus is to have datacenter-based servers
as headless for the very reasons I have enumerated. From what I have
gathered, there are more risks (both security and techinical) associated
with a SUN Graphics Console as against having an ASCII (vtXXX) terminal.
Having a console/terminal server instead is the obvious choice as long as it
is secure, bufferred and does not send a break signal to the servers at
power-off.

There were a few views which pointed that a graphics console may be required
like in the case of Oracle 8i installs. Would someone confirm that this
indeed is true and the same could not be achieved using an X-Windows
emulation (ie. eXceed)?

Many thanks to those of you that replied. Apologies to those that I was
unable to include and acknowledge.

Original Post:

> Esteemed Gurus:
>
> In most of my previous engagements, it has always been a practice that
> enterprise servers be configured/installed as 'headless' - that is without
a
> SUN Graphics console and a cgsix/graphics card. The reasons have been: (1)
> eliminate one possible failure point due to CDE/Openwindows hiccups and/or
> KVM switch failures, (2) load generated by X-Windows and (3) cost.
>
> My question to the group - are these reasons valid? My view still is along
> these lines - to have only ASCII terminals on these servers.
>
> Your views/opinions will highly be appreciated and I will summarise as
> usual.
-----------------------------------------------------------------
From: William Hathaway [mailto:wdh@ftope.com]
Sent: Wednesday, September 13, 2000 9:37 AM
To: Caparrosso, Nelson T.
Subject: Re: Enterprise Servers: Headless or Not?

Hi Nelson,
  I agree with your reasons for going headless, but I prefer to use a
terminal server approach instead of vt100s, this allows admins to access
the console remotely. I've used Auror'a Control Tower before, which I
liked a lot. It runs on a Sun, and you hook a couple of multi-port serial
cards. The last site I was at had 64 machines hook to it. The advantages
are:

1) console access is available from anywhere
2) you can use ssh to access the console server, so nobody can snoop the
root password
3) all data in and out of the console is logged and timestams are also put
in the logs every X minutes, allows you very easy access to track things
down
4) supports sharing a session between several people watching the console,
and one person having read/write access. This can be done at any time, if
someone else has the console busy and went to lunch, you can "steal" it.
5) granular access control, someone has to log into the terminal server,
and then optionally also know a password to fire up a console session to a
machine

It isn't rocket science software, but it works really well, and it has
been a real help on the occasiona a machine has kicked and the logs don't
say anything, we can usually look in the console server logs and see any
messages that may have been spit out of the console. I'm sure there are
some other products out there that do similiar jobs, but i like the
software based apprach, having the logs on a machine makes them easy to
get to, and allowing ssh is a boon for security.
Good luck,
/wdh

-----------------------------------------------------------------
From: dharringt@deq.state.va.us [mailto:dharringt@deq.state.va.us]
Sent: Wednesday, September 13, 2000 8:58 AM
To: Nelson.T.Caparrosso@Mail.AAS.ameritech.com
Subject: re: Enterprise Servers: Headless or Not?

Nelson;

For what it is worth (<=$.02), most of my servers are 'consoled' by a Sun
monitor, but in each case thru a switching system (Lightwave
Communications).
The exception is two E5000's purchased initially as an HA system, that we
have subsequently separated. These are controlled thru a serial
concentrator,
which lets me control the machines down to the prom level.

The servers (mostly Oracle) are not so busy that any processes devoted to
the
console affect the performance of the machine. The console is rarely used so

its overhead is minimal.

I like the consolidation of terminals as it makes my job as SA easier,
reduces initial cost for terminals and conserves space and utilities. But
this is another discussion entirely........

Dave Harrington
VA Dept of Environmental Quality
Phone; 804-698-4558
FAX: 804-698-4561
-----------------------------------------------------------------
From: Jed Dobson [mailto:jed@wgtech.com]
Sent: Wednesday, September 13, 2000 6:41 AM
To: Caparrosso, Nelson T.
Subject: Re: Enterprise Servers: Headless or Not?

On EX000 servers you NEED an ASCII terminal. Large systems take a long
time to boot and having a local console will let you see error messages
and watch boot process. Also much information is printed before the
framebuffer even gets activated. The POST commands will also require a
terminal.

At the very least put both on the system. This will allow you to see all
the prom and POST messages on the terminal and still use the head.

My preference however is no FB, only VT-style terminal (connect to a term
server in the DataCenter and configure telnet console in addition to
local)

-jed

-----------------------------------------------------------------
From: Shriman Gurung [mailto:SG@dataconnection.com]
Sent: Wednesday, September 13, 2000 5:44 AM
To: 'Caparrosso, Nelson T.'
Subject: RE: Enterprise Servers: Headless or Not?

Hi there,

I agree with you, but for slightly different reasons. Yes, CDE and X like
to slurp up your server's memory, but chances are that your server has more
than 32Mb RAM these days [!!] and so it hardly matters. Cost is an issue
only up to a point -- if you are replacing a gfx card and monitor plus kvm
switch with a nice ascii terminal and reverse terminal server you may not be
saving that much.

Other things to consider:

Size: a 14" ascii terminal sits happily in a 19" rack. A 19" monitor
doesn't (and let's face it, X is painful to use on a small screen). I have
seen some lovely LCD monitors that slide away in a 1U drawer though...

Security: running CDE means you have to secure stuff like ToolTalk. If it's
not running, you don't have to think about it too much.

Need: Is there anything that you _have_ to do at the console that can
reasonably only be done in X? Chances are if you're in front of the machine
then you are doing some scary stuff like blowing away filesystems or booting
from CD after a crash. CDE won't help you there.

I'd be interested to see a summary of the other sun-managers' views!

regards

shriman
-----------------------------------------------------------------

------------------------------------------------------------------
NELSON CAPARROSO y TAN
UNIX/Microsoft/GIS Consultant
Decision Consultants, Inc

Internet : www.decisionconsultants.com
             nelson.caparroso@decisionconsultants.com

Disclaimer: All views & opinions in this e-mail are mine alone!
------------------------------------------------------------------

S
U BEFORE POSTING please READ the FAQ located at
N ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/faq
. and the list POLICY statement located at
M ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/policy
A To submit questions/summaries to this list send your email message to:
N sun-managers@sunmanagers.ececs.uc.edu
A To unsubscribe from this list please send an email message to:
G majordomo@sunmanagers.ececs.uc.edu
E and in the BODY type:
R unsubscribe sun-managers
S Or
. unsubscribe sun-managers original@subscription.address
L To view an archive of this list please visit:
I http://www.latech.edu/sunman.html
S
T



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:17 CDT