The User Directory – Simplifying Multiple User Access to your Console Switch
When a console switch is used to manage multiple devices in a data center, it’s common that many different users are allowed to access command functions on the switch. This allows each department or work group to be responsible for the maintenance of their own rack mount devices, while also preventing departments from accessing equipment that belongs to another department or division. Typically, an individual account will be defined for each user. This account will define which ports and command functions will be available to each user, effectively providing access to some devices, while denying access to others.
In order to restrict access to important command functions, WTI console switch products allow you to set the command access level for each user account. Our console switch products offer four different access levels: Administrator, SuperUser, User and View Only. Each access level grants permission to use a different selection of commands; lower access levels are restricted from invoking configuration commands, while Administrators are granted access to all commands. The four different access levels can be summarized as follows:
- Administrator: Administrators are allowed to invoke all configuration and operation commands, can view all status screens, and can always connect to all console switch Serial Ports. Port access cannot be disabled for Administrator level accounts.
- SuperUser: SuperUsers are allowed to invoke all Serial Port connection commands and view all status screens. SuperUsers can view configuration menus, but are not allowed to change configuration parameters. SuperUsers are granted access to all console switch Serial Ports. Port Access cannot be disabled for SuperUser level accounts.
- User: Users are allowed to invoke port connection commands and view all status screens, but can only apply commands to the console switch Serial Ports that they have been specifically granted access to. In addition, Users are not allowed to view configuration menus or change configuration parameters. Accounts with User level access are only allowed to create connections with the Serial Ports that have been specifically permitted via their account.
- ViewOnly: Accounts with ViewOnly access, are allowed to view Status Menus, but are not allowed to invoke port connection commands, and cannot view configuration menus or change configuration parameters. ViewOnly accounts can display the Port Status screen, but can only view the status of the console switch Serial Ports that are specifically allowed by the account. Accounts with ViewOnly access are not allowed to create connections with Serial Ports.
These four access levels allow the administrator to assign different plug and command access privileges to each account, thereby limiting each user to the appropriate ports and commands functions. This prevents unauthorized users from changing configuration parameters or accessing devices that belong to other departments or organizations, while still allowing authorized users access to the ports and commands that are needed for maintenance and trouble shooting purposes.
An intelligently designed user directory, with layered access privileges, is a vital element for any console switch that will be shared by various groups and users. The User directory also simplifies the process of assigning access rights to each user or group, tracking command activity and protecting configuration functions from unauthorized access.
Western Telematic, Inc. (WTI) designs and manufactures remote device management products for IT applications. WTI’s Serial Console Switch products, Remote Reboot products, Switched PDU products and A/B Fallback products are engineered to allow you to securely manage and troubleshoot rack equipment in remote locations.
