Review: Sentinel32 Secure Console Server
The last console server review I did was the Lightwave Communications CS800 in early 2001. Lightwave was acquired by Lantronix, who then discontinued the CS800 in favor of newer technologies. As a CS800 user, I was looking for something better.
The two main features I looked for in a console server were remote access via SSH (not Telnet) and easily upgradability. The CS800 also had the limitation of not supporting 10/100 uplink – I had to plug it into a 10baseT hub and then uplink that hub to the Cisco switch in my rack. Not only did that waste power, it wasted rack space (which cost me money). Software updates for the CS800 were also few and far between, as the CS800 was a proprietary platform.
My searches led me to come across Logical Solutions and their Secure Server Management line of products.
Some of their “talking points” that I noticed from looking over the product literature seemed to fit my requirements:
- Affordable prices – the console server should not be more expensive than the servers its connected to
- Uses a standard “Full Distribution” Linux for Software Updates
- OpenSSH (updatable via RPM)
- Local and Network Accessibility (multiple simultaneous sessions)
- Hot-swappable device, network, and console interfaces
- Dual redundant hot-swappable power supplies
- “Break-Safe” for Suns – will not send a BREAK unless requested, even when power-cycled
- Can be configured without a local terminal
I contacted Logical Solutions, and they sent me a Sentinel32 via FedEx for evaluation and long-term use.
I took some photographs when the system arrived:
- Contents of the shipping package
- The Sentinel32 unpacked
- The Sentinel32 front-panel LCD
- The Sentinel32 front-panel control buttons
- Logical Solutions logo
- Dual redundant power supplies and network/console ports
- Hot-swappable eight-port serial modules
- Better view of the back panel
- More Pictures
I forgot my camera when I took the unit to install at the colocation facility, so I was unable to get pictures of the installed hardware.
In any case, along with the Sentinel32, the guys at Logical also sent me plenty of cables (standard Cat5/RJ45) and RJ45-to-DB25 adapters to handle all of
the equipment I needed to connect. I took all of this, threw it back in the box, and headed down to my ISP.
Installation of the Sentinel32 couldn’t have been simpler. Since it was being a “drop-in” replacement for the CS800, I already had an IP address reserved with a hostname assigned. I powered off the CS800, removed all the cables to my equipment, and unracked it. Both console servers are 1RU (1.5″) high, so the Sentinel32 slid right in where the CS800 had resided.
I suspect the pinout of the serial ports for the CS800 and Sentinel32 is identical, but I had plenty of cables and adapters from Logical. I
removed the adapters from the CS800, and replaced everything with cabling and RJ45-DB25 adapters that came with the Sentinel32.
Note: I’ve since been informed (and reviewed the manuals) and the RJ45 serial pinouts between the Sentinel32 and the CS800 are different –
the RJ45-DB25 and RJ45-DE9 adapters are not compatible between the two units. The manual has clear diagrams of the port pinouts if you want to make
your own adapters, or connect the Sentinel32 to equipment with nonstandard serial port connectors.
On the Sentinel32, the serial port modules on the back are labeled 1-8. On the 32-port unit, you have four modules, each of them labeled 1-8. Without
reading the manual or the the quick start guide, you have no idea of which end to start plugging cables into. I’d forgotten the manuals at home, and figured that I could figure out what was plugged in where, when I got the unit on the network and could configure it remotely. Luckily, I guessed right, and started plugging in things on the “bottom left” ports, which turned out to be one through four.
Once the Sentinel32 was powered up, it was time to configure it for access over the network. I did not have a serial console or terminal easily4 availble, so I was able to test out configuration through the front-panel LCD and buttons. By default the console server is assigned an IP address of 10.9.8.7, but my management network is on a different subnet. I used the “Front Panel Edit Mode” to configure the machine’s IP address, netmask, and default gateway. Once this was done, I rebooted the unit for good measure and was able to ping it on the local network along with my hosted machines. Alternately, you can SSH to the preconfigured IP address, log in as the root user, and use Linux commands and tools to configure the network interface. The user manual is well-written, enabling even a “non-technical” person to initially configure the unit.
At their core, the Logical Solutions console server products are x86-based computers running GNU/Linux (in this case, a stripped-down Red Hat Linux version 8.0):
[mrbill@scs mrbill]$ cat /etc/redhat-release; uname -a Red Hat Linux release 8.0 (Psyche) Linux scs.mrbill.net 2.4.18-27.8.0 #1 Mon Aug 4 15:16:26 EDT 2003 i486 i486 i386 GNU/Linux
In full cooperation with the terms of the GNU General Public License, Logical Solutions has
published their modifications to GPL’ed source code. In addition, they maintain updates of their custom modifications to Red Hat 8, as well as the latest OpenSSH RPM packages for their products.
By default, the network, ssh, syslog, and cron services are enabled on the Sentinel32. The user manual has a
very good and thorough walk-through of configuring or reconfiguring those services over the network using the standard Red Hat netconfig,
changehostname, timeconfig, and authconfig commands. Once settings are changed, you can reboot the unit (being Sun Break-safe, it will not send spurious BREAK signals when powercycled) or run the save command to make changes permanent on the built-in compactflash card.
Once connected to the Sentinel32, accessing machine consoles is fairly simple. Normally the serial ports are named port1 through
port48, but I renamed the port that my machine was connected to, to the name of the machine. Then, I used the “connect” command to see the
[mrbill@scs mrbill]$ connect ohno Entering Interactive mode on port ohno this is ohno.mrbill.net. unauthorized access prohibited. ohno.mrbill.net console login:To send a break or disconnect back to the “console server” prompt is ESC-B or ESC-A, respectively – this seems to be a standard key sequence
among console server products, as these were the default on the CS800 as well. The editbrk and editesc commands (available to
the root user) can be used to modify the BREAK or “Drop back to console server” key sequence if ESC-A or ESC-B is not appropriate for your application.
Ports can also be monitored, allowing viewing of system consoles and logs by users who do not need interactive access. This is done by using the
monitor command along with a port name instead of the connect command. Also, the 256K-per-port history buffers can be
accessed using standard UNIX/Linux commands (less, more, etc) at /proc/port_buffers/<portnumber> or /lsi/ports/ buf_<name>.
Here I have to stop and tout one of the advantages of Logical Solutions’ products being standards (x86/Linux) based. While writing this review up last
night, I realized that it had been a month since the Sentinel32 was installed, and I’d forgotten the root password I used when changing from the default.
I was able to drive down to the colocation facility, connect a normal 9600 baud serial terminal to the “Console” port, and cycle the power. Up came
a normal x86 boot sequence, along with a GRUB boot menu. With this menu (as on a normal Linux
workstation or dedicated server) I was able to boot the Sentinel32 into single-user mode, reset the password, do a “save” to save the settings to the internal CompactFlash storage,
and reboot. Unlike the CS800, the console port on the Sentinel32 is wired exactly the same as the other 32 ports, so I was able to use the same cabling and connectors
as I use to connect to my servers’ serial ports. I was also impressed that the following morning I’d received a response from Logical Solutions’ tech support people about
the problems before I even got out of bed. During business hours (M-F, 8:30-5:30 EST), live tech support is available by telephone. I just happened to have a problem at
midnight, and managed to solve it myself without having to contact support. This is much better than the support I received for the CS800, which was a proprietary unit
with its own proprietary (and semi-difficult to upgrade) firmware.
The Sentinel32 is part of Logical’s “Mission Critical” console server models, also including the SCS160R and SCS320R.
All of these models have redundant (double) hot-swappable power supplies, serial interfaces, NICs, and console ports – meaning that defective modules can be replaced while
the system is running and without requiring a power-cycle or reboot.
All of Logical’s console server products share the same software/firmware, user interface, and network/console/serial device pinouts. They only differ in level of redundancy
and the ability to hot-swap part modules.
While I was in the middle of the review process, Logical Solutions announced a drastic price reduction across their product line in mid-January:
|SCS160||16 Port Secure Console Server||$995|
|SCS320||32 Port Secure Console Server||$1,995|
|SCS480||48 Port Secure Console Server||$2,995|
|SCS160R||16 Port Dual Power Secure Console Server||$1,495|
|SCS320R||32 Port Dual Power Secure Console Server||$2,495|
|Sentinel32||32 Port Hot-Swappable, Dual Power Secure Console Server||$3,495|
the CS800 I’d used before, and about $300 cheaper than the lowest price I could find for the current equivalent product offering from Lantronix.
I’ve had the Sentinel32 connected to my machines for over a month now, and have yet to run into any problems with the unit (that weren’t caused by
my forgetfulness). I’m happy with it so far, and will probably end up purchasing the unit to replace the old ConsoleServer 800. If you’re looking
for a “real” console server (instead of a re-purposed terminal server), I’d recommend products from Logical Solutions.
Since initially publishing this review, I’ve gotten some feedback and comments from other users of Logical Solutions’ products. I’ve published them below (with permission):
Good article, though it did miss one feature that I think is outstanding and made the decision to purchase easy.. Control over port user access and mode that spans multiple devices via easily maintained NIS maps. (I assume LDAP maps work too, though I have not tried..) This makes granting users access to specfic ports and port permissions as easy as a editmap and push away. And if a 3200 breaks, just replace it and make sure the name/IP is the same, bind to your name service domain and all port permissions are just THERE. For a large operation that can have many different devices in use, this is an AMAZING, FABULOUS feature! And yes, I am using this feature to controll access across two Sentinel-32's and my many NIS users who have access to lab machinery. Eric Timberlake RABM Lab Manager Sun Microsystems, Inc.