Electronics Protection - Spring 2016 - (Page 6)
Security Considerations for Data Center
Intelligent Rack Power Distribution
Ashish Moondra, Senior Product Manager of Power, Electronics & Software
As the need for data center infrastructure management (DCIM) increases, data centers are making the shift towards
intelligent rack power distribution units (PDUs) within their cabinets. The overall rack power distribution market grew 4.7
percent year-over-year, while the growth rate for intelligent versions is significantly higher than that, according to a 2015
report by research and analysis firm IHS Technology.
Intelligent rack PDUs are being used today to monitor availability of power to IT equipment, to monitor energy consumption of individual IT equipment and to provide environmental monitoring at the cabinet level. Additionally, they are being
used to remotely turn equipment on and off for the purposes of recycling power to hung up servers, to provision new
equipment being deployed, or in some cases, to reduce the energy consumption associated with unused equipment. While
these capabilities provide significant benefits, proper caution needs to be taken against potential abuse arising out of outlets that are deliberately turned off or through disablement of alarms and notifications associated with critical events.
Intelligent PDUs can be managed in several different ways: remotely, through an onboard web interface; serially, through a
command-line type interface or a centralized management software; and locally, through an embedded display. It is important that each of these interfaces have the following security capabilities built into them.
Onboard Web Interface: The graphical user interface should support HTTPS
protocol. HTTPS utilizes Secure Socket Layer (SSL) to transmit data. SSL takes
the data that is being pushed or pulled into the PDU and encrypts it. In addition,
it is an advantage to have the web interface supported IPv6. Not only does this
future-proof the equipment being managed, it also provides added security in
comparison with IPv4.
Centralized Management Software: With most data centers deploying two
PDUs within every cabinet for redundant power, several organizations utilize a
centralized management application to manage the sizeable investment in intelligent rack PDUs. These applications could vary from specialized PDU management software, DCIM applications, building management software or even open
source applications. Most of these applications communicate with intelligent PDUs utilizing Standard Network Management Protocol (SNMP). In the event these are being used, both the intelligent PDU and the software should provide
support for SNMP version 3. Version 3 supports authentication as well as Data Encryption Standard (DES) encryption. It is
important that authentication be enabled to be able to take advantage of encryption.
Text Based/Serial Communication: Command line interface (CLI) is used within several organizations to manage intelligent PDUs. This method is used primarily by data center groups supporting Unix/Linux platforms. Traditionally, the application layer protocol supported to manage the PDUs over this interface is Telnet, which is not very secure by itself. However,
several intelligent PDUs today support Secure Shell (SSH), which provides remote login and other network services for
secure operations over an otherwise unsecured network.
Local Display: As we speak about all different ways to manage PDUs remotely, it is important to consider that most intelligent PDUs include an onboard display for local monitoring. To ensure that any changes on the PDU achieved through
remote interfaces are not undone by anyone with local access, the ability at the display should be kept limited to monitoring. Management capabilities such as control of power, setting up or changing of thresholds should be limited to the
Embedded within the intelligent PDU firmware should be separate permission levels that get exposed through all of the
above interfaces. Within most organizations, users for supported IT equipment are often separate from the personnel
responsible for the actual management and operation of the PDU itself. It is important that the users of IT equipment only
Spring 2016 * www.ElectronicsProtectionMagazine.com
Table of Contents for the Digital Edition of Electronics Protection - Spring 2016
Security Considerations for Data Center Intelligent Rack Power Distribution
Five Misconceptions about DRUPS Systems
Designing and Managing Custom Battery Pack Enclosures
Reducing TCO with the Right UPS Architecture and Operating Mode
Calendar of Events
Electronics Protection - Spring 2016