Electronics Protection - Spring 2016 - (Page 6)

Feature Security Considerations for Data Center Intelligent Rack Power Distribution Ashish Moondra, Senior Product Manager of Power, Electronics & Software Chatsworth Products As the need for data center infrastructure management (DCIM) increases, data centers are making the shift towards intelligent rack power distribution units (PDUs) within their cabinets. The overall rack power distribution market grew 4.7 percent year-over-year, while the growth rate for intelligent versions is significantly higher than that, according to a 2015 report by research and analysis firm IHS Technology. Intelligent rack PDUs are being used today to monitor availability of power to IT equipment, to monitor energy consumption of individual IT equipment and to provide environmental monitoring at the cabinet level. Additionally, they are being used to remotely turn equipment on and off for the purposes of recycling power to hung up servers, to provision new equipment being deployed, or in some cases, to reduce the energy consumption associated with unused equipment. While these capabilities provide significant benefits, proper caution needs to be taken against potential abuse arising out of outlets that are deliberately turned off or through disablement of alarms and notifications associated with critical events. Intelligent PDUs can be managed in several different ways: remotely, through an onboard web interface; serially, through a command-line type interface or a centralized management software; and locally, through an embedded display. It is important that each of these interfaces have the following security capabilities built into them. Onboard Web Interface: The graphical user interface should support HTTPS protocol. HTTPS utilizes Secure Socket Layer (SSL) to transmit data. SSL takes the data that is being pushed or pulled into the PDU and encrypts it. In addition, it is an advantage to have the web interface supported IPv6. Not only does this future-proof the equipment being managed, it also provides added security in comparison with IPv4. Centralized Management Software: With most data centers deploying two PDUs within every cabinet for redundant power, several organizations utilize a centralized management application to manage the sizeable investment in intelligent rack PDUs. These applications could vary from specialized PDU management software, DCIM applications, building management software or even open source applications. Most of these applications communicate with intelligent PDUs utilizing Standard Network Management Protocol (SNMP). In the event these are being used, both the intelligent PDU and the software should provide support for SNMP version 3. Version 3 supports authentication as well as Data Encryption Standard (DES) encryption. It is important that authentication be enabled to be able to take advantage of encryption. Text Based/Serial Communication: Command line interface (CLI) is used within several organizations to manage intelligent PDUs. This method is used primarily by data center groups supporting Unix/Linux platforms. Traditionally, the application layer protocol supported to manage the PDUs over this interface is Telnet, which is not very secure by itself. However, several intelligent PDUs today support Secure Shell (SSH), which provides remote login and other network services for secure operations over an otherwise unsecured network. Local Display: As we speak about all different ways to manage PDUs remotely, it is important to consider that most intelligent PDUs include an onboard display for local monitoring. To ensure that any changes on the PDU achieved through remote interfaces are not undone by anyone with local access, the ability at the display should be kept limited to monitoring. Management capabilities such as control of power, setting up or changing of thresholds should be limited to the remote interfaces. Embedded within the intelligent PDU firmware should be separate permission levels that get exposed through all of the above interfaces. Within most organizations, users for supported IT equipment are often separate from the personnel responsible for the actual management and operation of the PDU itself. It is important that the users of IT equipment only 6 Spring 2016 * www.ElectronicsProtectionMagazine.com http://www.ElectronicsProtectionMagazine.com

Table of Contents for the Digital Edition of Electronics Protection - Spring 2016

Editor's Choice
Security Considerations for Data Center Intelligent Rack Power Distribution
Five Misconceptions about DRUPS Systems
Designing and Managing Custom Battery Pack Enclosures
Reducing TCO with the Right UPS Architecture and Operating Mode
Industry News
Calendar of Events

Electronics Protection - Spring 2016