I've been looking at a lot of console server and other out-of-band management solutions recently. These days, there's no shortage of console servers, appliances to manage console servers, and appliances to manage those applicances, each at enterprise cost availability.

But what if you're responsible for the network at a small business and you're looking for an out-of-band management solution on a small business budget? OpenGear's CM4008 provides secure out-of-band management for just under $500. It provides real price performance in a convenient package for small business console requirements by leveraging the power of embedded Linux and open source. The CM4008 includes key networking and security modules (OpenSSH, OpenSSL, PAM, Netfilter/IPTables and so on) too. OpenGear has harnessed the power of open source to provide a secure platform for infrastructure management while keeping that platform economical for small businesses.

The CM4008 is small, about the size of wireless router, and has eight ports to connect servers via standard CAT5 cables (with serial adapters provided). The CM4008 easily integrates into your network by initiating a connection immediately via DHCP. The OpenGear Quick Start Guide (provided) says that the CM4008 will default to 192.168.0.1, but my unit picked up a DHCP address of 192.168.0.105, so this address seems to depend on your network configuration.

Open the address with your browser and the Web interface to the CM4008 greets you. Within minutes you can configure the serial ports to allow access via telnet, ssh, or raw TCP (see Figure 1). Other common serial settings can be configured, but no changes were necessary for me to proceed. I was also able to add a user via the Web interface and then authorize that user to one or all of the console ports. Once I had configured my user name, password, and the serial port I need to connect to, I configured a getty on my Fedore Core 4 box to allow console access on ttyS0. I added the following line to /etc/inittab:

co:2345:respawn:/sbin/agetty ttyS0 9600 vt100

Connecting to consoles is a snap without the need to learn any extra commands or syntax, and without any Java Web consoles. With the CM4008, you simply connect via the configured protocol using ports designated for each console port on the CM4008. For example, to connect to the serial console attached to port 1 on the CM4008 via ssh, I ssh'd to the address of the CM4008 on port 3001.

Example

ssh -p 3001 mfrye@192.168.0.105

Depending on which terminal emulator you use, you may see slightly different output to your screen. For instance, I initially tested the CM4008 with Putty and found that passwords I entered into the console session were visible. Testing with xterm in Fedora Core on my laptop showed no similar behavior (see Figure 2).

One of the pleasant features of the CM4008 is that you can connect to the serial console simultaneously from several different connections. Console access can be shared to allow teams to co-troubleshoot a problem, or for training purposes as output can be seen on any of the console connections interactively. For example, I was able to display an entire software migration to a team of new engineers by having them all log into the CM4008 on the same port.

All in all, I was very pleased with the simplicity, ease of use, and value of the OpenGear CM4008 and would recommend it to small IT shops who have a need for out-of-band or console management. The value provided by using embedded Linux enables OpenGear to pass enormous savings on to customers. As a result, even in the case of the CM4008's 16- and 48-port rack mountable siblings, the cost ends up being one third to one half of the list price of OpenGear's closest competitors.

CM4008 Specifications
List Price: $495
OpenGear Inc. www.opengear.com

Security and Authentication

• Secure Shell (SSHV2)
• IP packet and security filtering
• TACACS+, RADIUS
• PAP/CHAP authentication (dial up)
• User access lists per port
• Local authentication
• System event syslog

• Web management (HTTP/HTTPS)
• Command Line interface (Linux Shell)
• SNMP
• Port triggers and alerts
• Port sniffing (simultaneous access to a port)
• Online data buffering
• Offline data logging (Syslog, NFS, CIFS)

• In-Band (Ethernet)
• Out-of- band (dial up) - modem access through DB9 port
• Local access (though DB9 serial port)

• DHCP for dynamic IP assignment
• NTP for time synchronization
• PPP for dial up access
• FTP, TFTP client for file transfer

• Flash upgradeable
• Unlimited free upgrades from online FTP site

• Telnet/SSH to Linux shell
• SUN / Solaris ready - no inadvertent breaks
• Break over SSH support

• Linux operating system
• Full source code access enables custom configuration
• SSH Sessions on all po