Specifications
©
2002, David K. Z. Harris
18
Pg. 18
© 2002
David K. Z. Harris
Terminal Servers and Security
Ø Some vendors are adding SSH to
their devices
² How will you manage accounts
across many boxes?
² Can they authenticate against an
existing server?
² What happens if they can’t reach the
server?
Ø Security is still new here...
SSH has become a vital checkbox for many vendors to add to their terminal
servers and other network devices, but the interoperability of the actual
implementations, architectures, and failure modes are still far from good. You
can get some single-vendor solutions running if you need them today, but you
may not be able to integrate it later with other gear that you’ll want or need.
Ask your vendor how to manage multiple accounts across multiple terminal
servers. What happens when a user changes their password on one
device…how does the change propagate to the other devices?
If you authenticate against a central authentication server (ala Cisco
TACACS+, or RADIUS), what happens to user authentication if contact with
the authentication server is unavailable? (This is an issue for terminal servers
in remote offices if the WAN should fail...do you want to install and maintain
multiple authentication servers in various offices? Can that management be
automated?)
You will have more flexibility if you can implement a management network,
to provide the level of security for physical access to the logging and client
session data streams.
If you feel you need to add SSH today, you may be limiting your options. Of
course, this will change over time, as customers push vendors to address the
interoperability issues.