IT Briefcase Exclusive Interview with Rajesh Ganesan, ManageEngine
August 19, 2013 No CommentsIn the discussion below, Rajesh Ganesan from ManageEngine talks about the rise in data center remote access and how it’s making IT professionals – and IT management vendors – rethink their approach to securely accessing remote resources.
- Q: What’s happening in the data center to make remote access a hot topic?
A: The rise of cloud computing – public, private and hybrid – has made the data center more important to more businesses than ever before. That’s a good thing, but it puts more pressure on data center admins to make sure their systems are delivering maximum performance, 24×7. Remote access is becoming the preferred way to manage data center operations because people don’t need to be onsite, in the data center, to maintain peak performance and service levels.
But traditionally, data centers haven’t been so keen on remote access. Rather than allowing direct access to remote devices via SSH and Telnet, most data centers require remote admins to connect to a landing server first and then “hop” to the target system. From a security and segmentation perspective, that makes sense. But from a usability perspective, it makes remote access a pain. Admins have to know the IP address of the landing server, and then provide usernames and passwords at the landing server, each subsequent hop and, finally, the target device. It’s a manual, awkward, time-consuming process.
- Q: So now the pressure’s on to streamline remote access because it’s in demand?
A: Absolutely. After all, when admins can fix problems from a remote location, why should they have to be present physically at the data center? Why not make working remotely as easy as possible? Without compromising the integrity of the data center, of course.
Much of the data center admins’ work can be executed remotely. On servers, admins can deploy new apps or libraries, change an app’s factory-default password, restart an app, reboot a server, change server settings, access permissions and more. Network device tasks might include changing firewall settings, analyzing switches’ traffic flow, reviewing device configurations, upgrading firmware, installing patches, changing device configurations and more. Power distribution units can be remotely controlled to turn outlets on or off if a server/device is unresponsive or to control the ambient temperature in the data center.
- Q: What kind of usability challenges do data center admins face today, in terms of remote access?
A: It all depends on how the credentials are being managed and the type of remote access mechanism. First of all, a lot of data center admins keep track of all the login credentials and IP addresses in unsecured data stores – spreadsheets, text files and post-it notes, home-grown tools and insecure data stores – which are both cumbersome to use and vulnerable to attack.
Secondly, if an administrator is using spreadsheets or text files to trace the equipment first and then the connected landing servers, the IP addresses, and passwords, there will be an inordinate amount of time spent even before the remote access begins. And administrators who use fragmented tools for remote access like VNC, RDP, SSH and TELNET are simply going to compound that time challenge.
Let’s consider a real-world example. In a medium size organization, a technician typically needs to log in to data centers about 50 times on a shift to carry out various operations, including configuration, monitoring, running scripts for maintenance and troubleshooting, etc. Privileged account passwords of data center resources are generally very complex. And the admins have to enter a complex username and password at every hop.
- Q: Give us a glimpse of the data center’s remote access future.
A: When everything depends on remote access, you need to replace a manual, multi-step process with single-step, automated access. If you have admins remotely logging in to a data center 50 times per shift, it’s just cruel to make them jump over the IP address, username and password hurdles raised by traditional data center remote access.
Instead, you want to configure landing servers and their login credentials, and then you want to associate the servers with the target resources. That way, admins can connect to remote resources with one click.
So the future is really about automating the entire remote access process, completely eliminating the manual steps for the admins to provide the experience of a direct connection. Of course, the remote access sequence itself remains unchanged and executes transparently in the background. Basically, you want to maintain the integrity of the data center’s security, access controls and auditing requirements. But at the same time you want to boost productivity for techs.
Rajesh Ganesan is director of product management, enterprise security and SaaS solutions, at ManageEngine, a division of Zoho Corp. Rajesh has been with Zoho for over 17 years developing software products in various domains including telecommunications, network management and IT security. He has built many successful products at ManageEngine, currently focussing on delivering enterprise IT management solutions as SaaS. He can be reached on LinkedIn and Twitter.