Are you being robbed of sleep by badly designed servers?

But security?!

I admit my experience with light out management is dated, I am in development for the last seven years. Still - ipmi is rather problematic from the security standpoint. No audit (and usually no source available), no updates if/when problems are discovered, limited choice of connection/authentication methods. This boils down to the need for a well-maintained gatekeeper machine on premises, isolating your management network from the Internet. Which means extra cost in equipment and support, and partly defeats the purpose because you won't be able to remotely handle that machine if it fails. We could afford such arrangement for a datacenter of a few hundred servers, but if you only have a few machines on a remote location, it's uneconomical.

iLo's and DRAC's have been a standard part of my life for longer than I now care to remember. They're as much part of a "standard build" for servers now as a power supply or NIC is. They've saved my bacon enough times, and now that Dell are up there with HP for general reliability and stability on those things I'm far happier. I'm not really a desktop person, so can't really comment too much there.

My personal annoyance has always been with HP: if you had a Windows server, and if you wanted to be able to KVM properly to it and see the GUI, then you *had* to buy the optional iLo "Advanced License" - that just totally smelt of price gouging in my view. It still rankles.

It's good to see

that what has been standard practice in the Mainframe/Midrange platform market is finally becoming a reality in other architectures.

I'm an IBM pSeries and Power person, and we have been able to do remote IPL, console, and configuration/management. for years. OK, you paid a premium for some of the features, but many of the base capabilities have been built in for well over a decade, and now includes IVM/PowerVM. The RS/6000 F40 had a service processor when announced in 1996.

It does help that most of the system admin can be done from a command prompt, though.

One of the customers I worked at had a majority of their critical servers in lights-out, mainly unattended sites scattered around the country from before the Millennium..

Doesn't everybody run VMs these days? We ditched the "100s of little boxes" model years ago and run a mix of big Dells, with DRACs, and Supermicro with whatever they call it. The VMs all have VNC console access.

My biggest concern is the lack of security on the remote management cards - typically they don't even have IP filtering.

Sounds to me like your buying the wrong brand, HP have had basic Lights out via WebApp for nearly a decade at least as standard even on the lowly DL140 G3 (G5) servers we have, which set you back under £100 on Ebay at auction, and can be fitted with decent memory and raid (a DL160/DL360 G5) provides the disk performance by default usually for a little more, and 6 2.5" bays.

Remotely flashing BIOS?

Do people really do that, on boxes that matter? I wouldn't fancy it!

System watchdog?

Quite a lot of ordinary motherboards have hardware watchdogs built in, for example the w83627 and similar chips that provide hardware monitoring (voltages, temperature, fan speeds, etc). This can provide a last-resort method of rebooting a sick server if you don't have lights-out support, but only SSH access.

With Linux you can add the corresponding watchdog driver module (they are black-listed by default in Ubuntu) and then the watchdog daemon and configure it to check a few vital signs. Typically you would check the load averages are not stupidly high (say over 5 per CPU core), maybe that rsyslogd is running, that you can run a simple bash script, etc.

If any of those tests fail then you get a moderately orderly reboot, and the hardware watchdog makes sure you get a reboot even if there is a kernel panic style of fault. Brutal perhaps, but it gets the system back up and hopefully either all OK again or at least you can SSH in to fix it.

Managed PDUs and a serial console

Managed PDUs and a serial console server, if you're managing more than a couple of servers the actual cost per server isn't too bad. Admittedly not that helpful if you're using windows but if you're using linux it can be a life saver if you break your network connectivity

Also even quite old servers generally support serial bios....

IPMI how I wish it was old school

I thought IPMI was a thing of the past but some vendors still use it. Dells cloud systems still use IPMI as they only have a BMC installed on them. On the plus side their BMC can be logged into and they have a nice GUI like a RAC card. I would still rather have the RAC or should I call it iDRAC with a separate NIC port to separate the management from the rest of the network. One cost cutting I would prefer never happened!

Time warp? And who is this chap Eadon?

This article felt like reading something from a timewarp.

HP servers with iLO and these problems simply don't exist (and haven't for years!).

And who is this Eadon chap ? What are his credentials ?

Those of us who live in the real (Enterprise) world, know that :

- The Server OS you run is mainly dictated by the app you are trying to run on it.

- Windows / Linux are both mature stable operating systems.

- The argument that Linux is free goes out the window (no pun intended) as soon as you need support!

- Some admin tasks are easier with a GUI, some are easier with a command line.

- Command line and scripting are available on both operating systems.

Wrong headline

"Are you being robbed of sleep by badly designed servers?"

If that's the case, you're being robbed of sleep by badly designed infrastructure. If the failure of a single server requires you to get up at night (or whenever you care to sleep) and do something about it urgently, you've got a massive single point of failure in a place where you cannot afford to have it.

KVM-over-IP (Drac, iLo, IPMI, or external devices like Raritan/Peppercon) only help you go back to bed quicker, but don't solve that problem.

That said, I cannot remember when I last ran any server without KVM-over-IP. Maybe 6 or 7 years ago, and only temporarily until I convinced the customer to hook them up to a Raritan. I agree with Trevor, though, that the last thing you need in case of a failure is a person who acts on your behalf (while you can't see what they see), very often underpaid and not-so-well trained staff who cover night shifts.

Real Point?

I saw the headline and started to read this with interest, but it soon became apparent that the "article" was really nothing useful for sysadmins at all. It just tells us stuff we already know, its not a solution, its not a tip. I didn't find it useful at all.

If anything, the article has told me that I shouldn't be using physical servers with a single OS installed onto a single physical server. Instead of telling vendors to include IPKVM as standard on their servers, you should be purchasing a set of hardware with virtualisation, which will have built in redundancy. No longer would you need to get up in the middle of the night to reboot server. just connect to the management console and check that it has migrated to a working physical server.