Re: KVM question - skip this technology entirely

Regarding KVM solutions, how about *none*?

I inherited a network of about 150 Linux boxes that have a mix of no console
port, a Raritan Dominion port, or an Avocent port.  Most of the boxes came
from Dell and contain a card called the "Dell Remote Assistant Card" (DRAC)
but none of those had ever been plugged in; I only vaguely knew what those
were for.

What I hate about the Raritan:  unless you pay for a super-duper-high price
for multi-user support (on top of an already-expensive box), only one person
can use a given chassis.  Unless you buy their management server, each box is
separate so you have to remember which of N Raritan boxes your target machine
is connected to.  And most vexing of all, the device has a nasty piece of
key-bounce logic that inserts unwanted keystrokes into your input stream if
you type faster than 25wpm.

What I hate about the Avocent:  we have a stripped-down version so I'm sure
their higher end ones are better, but as with the Raritan they are separate
non-centrally-managed units and the ones we have don't provide remote access
so you have to walk into the computer room to use it.

What I like about the DRAC:  each one is its own separate thing with its own
separate IP address so you can develop your own DNS/DHCP-based central
management environment and make everything work the way you want.  If you've
been around since the old DEC days, think of the front-end processor that
you'd find on the larger systems:  it was usually a PDP-11 that you'd use to
boot up and otherwise control a VAX or PDP10.  Same idea:  this is a front-end
processor that stays powered up all the time and provides you with far more
capability than a KVM switch.  Need to power down half your servers to save
electricity during the off-peak period?  Write a script and you can do that.
Need to push the reset button because you inevitably have to run some silly
Windows box that periodically gets hosed in a location 30 or 3000 miles from
you?  No problem.

HP has a similar (but better-coded) product called the ILO (Intelligent Lights
Out).  These big-name brands cost $300 per server.  There are white-box
equivalents on the market for a whole lot less.

By the time you buy a remote KVM switch with its cabling, and run all the
requisite cables, you're looking at more money and labor for the KVM solution
than the console front-end solution.

I look forward to the day I finally have the time to finish yanking out our
Raritans so you can find me posting them on eBay.

-rich




--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Thanks Rich,
All of the X86 servers are Intel whiteboxes with no ILO capability.
Certainly the 3 HP Integrity systems do, and can be remotely managed,
but they are not the issue.  We have 5 people in our office, and I'm
really the only technical person other than my boss. Currently, for me
to access the systems (other than remote ssh login), I currently have
to bring a monitor, keyboard and mouse into the server room. A single
user remote access is probably ok for us. Additionally, if I am not
available, either my boss or possibly one of the New York or Toronto IT
people could log in. But, a KVM is not critical.

On Sun, 11 May 2008 08:34:36 -0400 (EDT)
"Rich Braun" <richb@...> wrote:




--
--
Jerry Feldman <gaf@...>
Boston Linux and Unix
PGP key id: 537C5846
PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB  CA3B 4607 4319 537C 5846

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Rich Braun wrote:
> Most of the boxes came from Dell and contain a card called the "Dell
> Remote Assistant Card" (DRAC)...this is a front-end processor that
> stays powered up all the time and provides you with far more
> capability than a KVM switch.

What is the "KVM experience" like with these devices? As responsive as a
hard-wired KVM or more sluggish like a VNC connection? What resolution
do they support? Can they access the BIOS screens?

What's required on the client side?


> There are white-box equivalents on the market for a whole lot less.

Any specific products you can mention?

  -Tom

--
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Just one more question.
we also need to acquire a rack (probably 42U). BUG bought a rack from
WordCare in 2004, but we never took delivery of it and WorldCare
probably disposed of it (I'm checking with them), but we could also buy
a used rack, but my company is not cheap, and they have been doing
well this year.
--
--
Jerry Feldman <gaf@...>
Boston Linux and Unix
PGP key id: 537C5846
PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB  CA3B 4607 4319 537C 5846

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

On Sun, May 11, 2008 at 8:34 AM, Rich Braun <richb@...> wrote:
Since we had the chance to build the network from the ground up back
in 1998, we used Raritan from the get-go.  We found that the price per
port was cheaper when you buy a KVM over IP solution rather than
buying the ILO or DRAC, which also needed more switchports on your
network.  So if you have 150 servers, that means you need 150 more
switchports just to support your remote access network.  One advantage
to the ILO and DRAC is it also controls the hardware power, so if the
machine is powered off by accident you can get into the ILO or DRAC as
long as you used an external power brick plugged into the card.  But
that also add 150 more power ports to go that route.  If you go
without the external ILO/DRAC power, then if the server has lost
power, you cannot get into the card.  At my last company they used all
HP with the ILO boards and I remember one time where the circuit that
the main computer was on shut off, but the circuit that the ILO
powerbrick was plugged into was still one.

Also, we found that the 4 user version wasn't all that more expensive
when you are buying the 64 port version's instead of the 16 or 32
port.  Buy more and the price per port goes down.  Your beef shouldn't
be with each specific piece of equipment that you have, it should be
that you inherited a network that is not homogeneous in any way, so
not matter what you do it's large, complicated and pricey because
you've already invested in 4 different technologies.  Also, with the
company I work for we've found using a KVM like Raritan, and APC PDU's
across all our datacenters is better for us because we acquire many
internet startups.  Along with these acquisitions we acquire all sorts
of hardware.  But using an external KVM/PDU setup, we don't care what
hardware we acquire because for our management needs it supports
everything.


--
-matt

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

"Matt Shields" <mattboston@...> wrote:
> If you go
> without the external ILO/DRAC power, then if the server has lost
> power, you cannot get into the card.  At my last company they used all
> HP with the ILO boards and I remember one time where the circuit that
> the main computer was on shut off

Hmm I don't understand this argument.  If main power to the computer is off
then you can't turn it on no matter what kind of options you have.  In my case
I'm working with systems that each have two power supplies so hopefully the
above scenarios would be virtually impossible (at least, no more likely than a
scenario where a DRAC could somehow put power into the system by some
alternate method).  The KVMs don't have any mechanism for power cycling or
resetting so that's what interests me about the DRAC/ILO solution.

Didn't know you could connect a separate power supply to the DRAC or ILO, I
really am just starting out with this stuff, just wanted to post here that
this is an alternative to the KVMs (which have *always* frustrated me).  Maybe
the console front-ends will ultimately prove just as frustrating but so far I
haven't had any troubles.  And the "user experience" is as good as or better
than the Raritan or Avocent connection, at least through a 100-Mbit or faster
network link.

> Your beef shouldn't
> be with each specific piece of equipment that you have, it should be
> that you inherited a network that is not homogeneous in any way...

I have never inherited one that was, and I've never managed to pull off
building my own that was.  Over any span of time, technologies get obsolete or
overpriced so you wind up making different choices about what to buy.  It's
never practical to yank *everything* out and start over, so there is always a
mix.

As for the network ports argument:  KVM ports always cost a whole lot more
than plain Ethernet ports on cheapo 100-megabit 48-port switches (the
console-net switches don't have to be fancy like the production-net
switches)--you can get by on $5 to $20/port for Ethernet ports depending on
whether you want SNMP on them (I do but it's not really necessary).

I dunno, maybe I'll post more on this after a few more months of switching
things around.

Hey since you're a Raritan user--have you ever run into that key-bounce
problem?  Is this something I might be able to eliminate with a firmware
upgrade from Raritan?  If I type at my normal speed into a Raritan console,
the remote server sees roughly 50% more characters than I actually type--it
duplicates and transposes characters in the input stream.  That particular bug
made me dismissive of the technology, and disinclined to shell out any more
bucks for higher-end products.

As for the query about white-box console front-end solutions:  the guy who
recommended this at work said he likes the ones from Supermicro.  I don't know
the price but I think it's in the $130 range (!).  If I could do this for that
kind of price, especially if it could be done on any motherboard (which may
not be possible) it'd be hard to imagine ever contemplating a KVM solution
again.  The scalability of being able to run this for 2 computers at my house
or 20 computers at a small company or 1000 at the place where I currently work
would be compelling, especially since it means I don't ever have to keep a
database of which ports are connected to what.

-rich


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Rich Braun wrote:
> ...the console-net switches don't have to be fancy like the
> production-net switches...

That was my thought. In addition, if you aren't segregating your console
control to its own segment or need the redundancy of an additional
switch port, you could use a 2-port passive hub at each server. It'd be
cheap and cut down on cabling. You don't really need a dedicated switch
port for the small amount of data used by the console (if we're talking
about servers, that are rarely accessed this way).

(It looks like some of the cards below have two Ethernet jacks on them.
Perhaps they're configured to act as a "pass through" - essentially a
passive hub.)


> As for the query about white-box console front-end solutions:  the guy who
> recommended this at work said he likes the ones from Supermicro.

Ah...

http://www.supermicro.com/products/accessories/addon/SIM.cfm

   PMI (Intelligent Platform Management Interface) is a hardware-level
   interface specification that defines a common, abstract message-based
   interface to platform monitoring and control functions. Providing
   peace of mind to customers, SIM (Supermicro Intelligent Management)
   module implements IPMI 2.0 technology to provide remote access,
   monitoring and administration for Supermicro server platforms. With
   SIM, server administrators can view a server's hardware status
   remotely, receive an alarm automatically if a failure occurs, and
   power cycle a system that is non-responsive.

A bunch are shown on that page. They mostly look like PCI cards.

Are there generic IPMI clients for multiple platforms?


> I don't know the price but I think it's in the $130 range (!).

A search for "IPMI" at Newegg:
http://www.newegg.com/Product/ProductList.aspx?Submit=ENE&DEPA=0&Description=IPMI&x=23&y=31

turns up a few Supermicro motherboards, and at least one IPMI card for
$45, though it isn't currently available and doesn't match any of the
part numbers on the Supermicro page.

I also see several Avocent KVMs show up as being IPMI compliant (ability
to manage servers using IPMI).

Found one here for $85:
http://censuspc.com/_search.php?q=aoc-sim

$120:
http://www.computersunlimited.com/super_micro_supermicro_aoc-sim_supermicro_38358_prd1.htm

$110:
http://www.nextag.com/Super-Micro-Supermicro-Add-551036581/prices-html?nxtg=b4c80a240532-AD4D2E5AA14B26AE

Different models in each case.


> If I could do this for that kind of price, especially if it could be
> done on any motherboard (which may not be possible)...

Per the Supermicro page the card needs to be matched to the motherboard.

Makes sense given that the card is extracting temperature and other data
that is motherboard specific. It also sounds like in some cases the card
avoids having its own Ethernet port by piggybacking on the motherboard
Ethernet port. So it needs pretty tight integration.

Seems it ought to be possible to have a more universal design if you
were willing to give up on some of those features. Once that's
accomplished, economies of scale could drive the price down. (Or
alternatively, use open source firmware on the IPMI card, and load
motherboard specific drivers for extracting sensor data.)


> ...it'd be hard to imagine ever contemplating a KVM solution again.

Well, even at $50 per card, the break-even point isn't reached until you
have quite a few ports. You can get an 8-port KVM for under $200
(several choices under $100).


On a related note, I heard mentioned on a podcast that there is "virtual
KVM" software available, specifically Synergy[1]. It implements
something similar to the above, with the obvious disadvantage that it
runs on the main hardware and depends on the health of the running OS.
Anyone used it?

1. http://synergy2.sourceforge.net/

  -Tom

--
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

On Sun, 11 May 2008 22:42:52 -0400 (EDT)
"Rich Braun" <richb@...> wrote:
As mentioned, on an HP ILO, when you power off the computer (eg.
shutdown -h or via the power button) the ILO board remains powered on.
Certainly, if you pull the plug (or plugs) that will certainly power
down the ILO.

Some KVM's do have power options. In our case, we do have physical
access 9-5 and usually do not have any mission critical applications
requiring access outside of normal business hours, but we do have
employees who do log in nights and weekends.

So, my objective is to be able to manage the systems remotely more as a
convenience. I'll take a look at the DRAC solution since the Intel
whiteboxen are Supermicro.

Note that while at HP, we had a very large lab in the Linux Expertise
Center (about 500 square feet) with equipment ranging from smaller
ProLiant systems up to large SuperDome with mostly Linux, but also
Windows Server, HP-UX, and different virtualization strategies.  We
did use KVMs so we could have console access from our desks although
the lab was accessible to us 24x7. I think we might have used Brocade
at the time.

--
--
Jerry Feldman <gaf@...>
Boston Linux and Unix
PGP key id: 537C5846
PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB  CA3B 4607 4319 537C 5846

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

On Mon, May 12, 2008 at 7:44 AM, Jerry Feldman <gaf@...> wrote:
The ILO's have a DC input for an extra power brick.  So even if you
the main power cables were pulled, it's still possible to get into the
ILO, which would have an alert that says it's main power source has
been lost.  The ILO's are nice, but I found they cost more to use
them.  I won't run lower end switches just to maintain a KVM network,
when I used them in the past I put them on my regular enterprise class
switches on a different VLAN.  Once you figured in the cost of the ILO
license, the extra network ports, the extra power ports for the brick,
it did cost more than a KVM solution.  But whatever, to each his own.



--
-matt

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

On Sun, 11 May 2008 22:42:52 -0400 (EDT)
"Rich Braun" <richb@...> wrote:
I just looked at the Supermicro IPMI cards, and they run roughly just
under $100 to $200 depending on features.  I didn't check Dell DRAC
because we have no Dells, and we have ILO on the 3 HP Integrity
servers.  The IPMI also has a virtual media over LAN capability. I
think the basic decision will be based on the recommendation from our
Toronto Data Center people.
--
--
Jerry Feldman <gaf@...>
Boston Linux and Unix
PGP key id: 537C5846
PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB  CA3B 4607 4319 537C 5846

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

On Mon, 12 May 2008 09:15:23 -0400
"Matt Shields" <mattboston@...> wrote:

> The ILO's have a DC input for an extra power brick.  So even if you
> the main power cables were pulled, it's still possible to get into the
> ILO, which would have an alert that says it's main power source has
> been lost.  The ILO's are nice, but I found they cost more to use
> them.  I won't run lower end switches just to maintain a KVM network,
> when I used them in the past I put them on my regular enterprise class
> switches on a different VLAN.  Once you figured in the cost of the ILO
> license, the extra network ports, the extra power ports for the brick,
> it did cost more than a KVM solution.

In my experience, the ILO port is dead when you remove power, and there
is no licensing that I am aware of. However, there is an additional
management module you can license from HP, but the basic ILO, AFAIK,
does not require a license.

--
--
Jerry Feldman <gaf@...>
Boston Linux and Unix
PGP key id: 537C5846
PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB  CA3B 4607 4319 537C 5846

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

I worked with Sun systems years ago.  Yes, you could shut them off at
the power supply, but the 'inteligent' power supply kept a small
processor (think 'bios') running.  From the serial port or network it
was possible to login and 'power up' the system and see the entire boot
process on the serial port.  It was possible to power down similarly.
The ability to run FORTH in the Bios was a hoot and allowed for all
kinds of things, but few used this power.

On Mon, 2008-05-12 at 09:15 -0400, Matt Shields wrote:

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

On Mon, May 12, 2008 at 09:34:37AM -0400, Jerry Feldman wrote:
> I just looked at the Supermicro IPMI cards, and they run roughly just
> under $100 to $200 depending on features.  I didn't check Dell DRAC
> because we have no Dells, and we have ILO on the 3 HP Integrity
> servers.  The IPMI also has a virtual media over LAN capability. I
> think the basic decision will be based on the recommendation from our
> Toronto Data Center people.

Do yourself a favor and avoid IPMI at all cost. It *sucks*. You wouldn't
believe how poorly these things are implemented.

IPMI is a poor substitute for ILO. For IPMI to function properly, the main
system needs to be somewhat functional. It's entirely possible to get the
host computer in a state (say, crashed) that takes the IPMI down with it.

Also, it's dead easy to crash an IPMI card - my favorite way to do so for
Supermicro's IPMI cards (v1.5 and v2 last time I tried) is by redirecting a
serial console through it and then sending a lot of data over serial. A cat
of a large file for instance. The IPMI card just hangs after a few seconds.

The hoops you have to jump through to get the IPMI card configured properly
are significant - you need bootable DOS floppy/usb keys to flash a firmware
onto the IPMI adapter, set ip address and netmask, etc. Ipmitool can do the
latter, but some models need to have the IPMI adapter ip address set in the
nic firmware, too, which ipmitool can't do...

Also, depending on what flavor of IPMI you get and how it's implemented on
your particular board, you'll need to make sure the IPMI card is set to
exactly the same MAC and IP address as the NIC it's piggy-backed on (I kid
you not - the *same* MAC address), or alternatively it must *not* have the
same IP and MAC address as that interface. Read the documentation and be
prepared for a great deal of confusion.

I wasted a royal amount of time with IPMI on a project with 96 or so
supermicro servers. More often than not the IPMI card was not reachable when
it was needed. Oh - yeah, when your IPMI card is crashed, the only reliable
way to recover it is to cut all power to the entire machine - unplug the
cable.

In the end we gave up on IPMI, bought remote power switches and opengear
remote console servers (highly recommended) and called it a day.

Thanks,
Ward.

--
Pong.be         -(  There are only 10 kinds of people in the world. Those  )-
Virtual hosting -(   who understand binary, and those who don't. -- Bear   )-
http://pong.be  -(                                                         )-
GnuPG public key: http://pgp.mit.edu

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

On Mon, 12 May 2008 10:55:16 -0400
Ward Vandewege <ward@...> wrote:
I've pretty much eliminated the IPMI solution for various reasons.  One
reason is that I would have to open up all of the systems to check the
mother board (laziness :-).  The other is that we need to buy a switch
for that rack because we really can only have 1 or 2 cables going up
across the room, but we also want a rack mounted monitor/keyboard. But,
the KVM over IP boxes still have 1 cat-5 per server + a host adapter
that converts the cat-5 to VGA/USB or VGA/PS-2.  My gut feel is the
Rose Electronics unit that is currently used in our other data centers
unless we get some bad feedback from the IT people. The Aten unit
appears to be the most cost effective solution at about $1600 (unit +
cables), but I would like to hear if someone had some experience.

--
--
Jerry Feldman <gaf@...>
Boston Linux and Unix
PGP key id: 537C5846
PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB  CA3B 4607 4319 537C 5846

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss