Re: UPS and remote shutdowns

mlowrie@xxxxxxxxxxx writes:

I've been looking around trying to find some suggestions on how to do
this efficiently while keeping it secure.

I have a small setup (four servers) in which I run services for a few
different clients, and I want to integrate the existing UPS into the
system to allow for automatic shutdowns in the case of prolonged power
outages. I am using an older Compaq T2000 with extra battery pack and
the four servers can run for quite some time before draining the
batteries.

Since I only have the single UPS, and it's more than enough to run the
four servers, I wanted a software solution that would allow all the
servers to shutdown once the UPS "Master" server deemed necessary.
There are various packages out there, but I've hit a snag.

Many trigger off a serial connection from the UPS to the computer.


The problem is that my server setup makes this a bit difficult. I have
a firewall machine that is setup to protect an internal network, and a
dmz as well. I have no problems achieving my goals with the internal
and firewall machines, but I run into a problem with the dmz machine.

I am a bit confused. If the dmz is not connected to the internal machines
at all, then there is no way they can tell it anything. I think I need more
info on your topology.


The dmz does not have any access to the firewall or internal machine
(ie no ports opened/forwarded). Since most of the UPS software that
offers client/server solutions require that the client contact the
server, I'm a bit reluctant to open port to the internal network since
all the client data resides there. I was hoping someone knew of a
software solution that would allow a client to sit and listen until
receiving a "shutdown command" from the master.

I have also read about creating a shutdown user that when logged in,
would shut the server down. Not the best solution, but one that is
possible and would meet my needs.

No idea how you would log on as the shutdown use if that dmz machine is
disconnected from everything.
How does the dmz sit and listen? What can it listen to?

You can certainly create a daemon on some port whose sole role in life is
to listen for a message telling it to shutdown and then shutting down the
machine. ( better probably to just have xinetd run the program. Of course
you probably want more than just a tinkle on the port as otherwise I could
shut down you r machine by just tickling that port)



Anyone have any ideas or suggestions on how I can achieve this while
keep my servers secure?

Any help appreciated!
MIke

.

Relevant Pages

  • Re: UPS Question
    ... I think a more fundamental question is can this UPS run several servers ... Hook the UPS up to one server. ... out a remote shutdown command to each of the other servers. ...
    (microsoft.public.win2000.general)
  • Re: Server 2003 & SBS 2003 Not able to communicate??
    ... You really need to have both these servers under the UPS management ... You're not limited to one server shutdown per UPS. ... Software installs on the servers. ...
    (microsoft.public.windows.server.sbs)
  • Re: [fw-wiz] Defense in Depth to the Desktop
    ... > network hardware mechanisms. ... The Strong Internal Network Defense ... The client subnet and the server ... Servers are allowed to reply to clients, ...
    (Firewall-Wizards)
  • [fw-wiz] Defense in Depth to the Desktop
    ... network hardware mechanisms. ... controls is highlighted when the internal network and systems suffer ... The client subnet and the server ... Servers are allowed to reply to clients, ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Defense in Depth to the Desktop
    ... Sounds a lot like Domain Based Security (not Windows 'domains', ... > network hardware mechanisms. ... The client subnet and the ... Servers are allowed to reply to clients, ...
    (Firewall-Wizards)