UPS and remote shutdowns

I've been looking around trying to find some suggestions on how to do
this efficiently while keeping it secure.

I have a small setup (four servers) in which I run services for a few
different clients, and I want to integrate the existing UPS into the
system to allow for automatic shutdowns in the case of prolonged power
outages. I am using an older Compaq T2000 with extra battery pack and
the four servers can run for quite some time before draining the
batteries.

Since I only have the single UPS, and it's more than enough to run the
four servers, I wanted a software solution that would allow all the
servers to shutdown once the UPS "Master" server deemed necessary.
There are various packages out there, but I've hit a snag.

The problem is that my server setup makes this a bit difficult. I have
a firewall machine that is setup to protect an internal network, and a
dmz as well. I have no problems achieving my goals with the internal
and firewall machines, but I run into a problem with the dmz machine.

The dmz does not have any access to the firewall or internal machine
(ie no ports opened/forwarded). Since most of the UPS software that
offers client/server solutions require that the client contact the
server, I'm a bit reluctant to open port to the internal network since
all the client data resides there. I was hoping someone knew of a
software solution that would allow a client to sit and listen until
receiving a "shutdown command" from the master.

I have also read about creating a shutdown user that when logged in,
would shut the server down. Not the best solution, but one that is
possible and would meet my needs.

Anyone have any ideas or suggestions on how I can achieve this while
keep my servers secure?

Any help appreciated!
MIke

(E-Mail Removed) wrote:
>
> Anyone have any ideas or suggestions on how I can achieve this while
> keep my servers secure?
>

Wire a connection from the master serial port to the dmz serial port.
Pick some useful pin like DTR on the master and CD on the slave.

Have the master turn DTR on (high) when it's time to shut down. Write
a simple daemon that monitors the CD on the slave, and when it goes
high, perform a shutdown.

--Yan

(E-Mail Removed) writes:

>I've been looking around trying to find some suggestions on how to do
>this efficiently while keeping it secure.

>I have a small setup (four servers) in which I run services for a few
>different clients, and I want to integrate the existing UPS into the
>system to allow for automatic shutdowns in the case of prolonged power
>outages. I am using an older Compaq T2000 with extra battery pack and
>the four servers can run for quite some time before draining the
>batteries.

>Since I only have the single UPS, and it's more than enough to run the
>four servers, I wanted a software solution that would allow all the
>servers to shutdown once the UPS "Master" server deemed necessary.
>There are various packages out there, but I've hit a snag.

Many trigger off a serial connection from the UPS to the computer.


>The problem is that my server setup makes this a bit difficult. I have
>a firewall machine that is setup to protect an internal network, and a
>dmz as well. I have no problems achieving my goals with the internal
>and firewall machines, but I run into a problem with the dmz machine.

I am a bit confused. If the dmz is not connected to the internal machines
at all, then there is no way they can tell it anything. I think I need more
info on your topology.


>The dmz does not have any access to the firewall or internal machine
>(ie no ports opened/forwarded). Since most of the UPS software that
>offers client/server solutions require that the client contact the
>server, I'm a bit reluctant to open port to the internal network since
>all the client data resides there. I was hoping someone knew of a
>software solution that would allow a client to sit and listen until
>receiving a "shutdown command" from the master.

>I have also read about creating a shutdown user that when logged in,
>would shut the server down. Not the best solution, but one that is
>possible and would meet my needs.

No idea how you would log on as the shutdown use if that dmz machine is
disconnected from everything.
How does the dmz sit and listen? What can it listen to?

You can certainly create a daemon on some port whose sole role in life is
to listen for a message telling it to shutdown and then shutting down the
machine. ( better probably to just have xinetd run the program. Of course
you probably want more than just a tinkle on the port as otherwise I could
shut down you r machine by just tickling that port)



>Anyone have any ideas or suggestions on how I can achieve this while
>keep my servers secure?

>Any help appreciated!
>MIke

>
> Many trigger off a serial connection from the UPS to the computer.

I don't really have an issue with triggering on the master server. That
part is fully functional and works great.

>
> I am a bit confused. If the dmz is not connected to the internal machines
> at all, then there is no way they can tell it anything. I think I need more
> info on your topology.

I have no problem contacting the dmz machine from the internal network.
All the UPS software I have seen requires that the client connects to
the master, so my dmz machine would have to contact my internal network
which I am trying to avoid.

I have a typical dmz setup:
http://www.linuxjournal.com/articles...415/4415f2.png

The firewall is set so there is open access from the internal network
to the dmz, but not the other way around.

> >I have also read about creating a shutdown user that when logged in,
> >would shut the server down. Not the best solution, but one that is
> >possible and would meet my needs.
>
> No idea how you would log on as the shutdown use if that dmz machine is
> disconnected from everything.
> How does the dmz sit and listen? What can it listen to?

Disconnected from everything? What ever gave you that impression? I
stated it doesn't have access to the internal machines or the firewall
- something you want to achieve with a dmz. You don't want a hacker who
has comprimised your dmz to be able to start hacking your firewall or
internal network.

If setup properly, the firewall should be transparent to everyone that
uses it but still pass traffic that has been allowed by the firewall
rules.

>
> You can certainly create a daemon on some port whose sole role in life is
> to listen for a message telling it to shutdown and then shutting down the
> machine. ( better probably to just have xinetd run the program. Of course
> you probably want more than just a tinkle on the port as otherwise I could
> shut down you r machine by just tickling that port)

That's something I'm looking into now.

(E-Mail Removed) writes:

>>
>> Many trigger off a serial connection from the UPS to the computer.

>I don't really have an issue with triggering on the master server. That
>part is fully functional and works great.

>>
>> I am a bit confused. If the dmz is not connected to the internal machines
>> at all, then there is no way they can tell it anything. I think I need more
>> info on your topology.

>I have no problem contacting the dmz machine from the internal network.
>All the UPS software I have seen requires that the client connects to
>the master, so my dmz machine would have to contact my internal network
>which I am trying to avoid.

No problem then. You can even set up a daemon or you could set up an ssh to
run shutdown -h -t 120
Ie, make sure sshd is running on the dmz with access (/etc/hosts.allow)
only from one internal machine.

Set up rsa passwordless access and just do
ssh dmz shutdown -h -t 120

If the power comes up again, do
ssh dmz killall shutdown


>I have a typical dmz setup:
>http://www.linuxjournal.com/articles...415/4415f2.png

>The firewall is set so there is open access from the internal network
>to the dmz, but not the other way around.

>> >I have also read about creating a shutdown user that when logged in,
>> >would shut the server down. Not the best solution, but one that is
>> >possible and would meet my needs.
>>
>> No idea how you would log on as the shutdown use if that dmz machine is
>> disconnected from everything.
>> How does the dmz sit and listen? What can it listen to?

>Disconnected from everything? What ever gave you that impression? I
>stated it doesn't have access to the internal machines or the firewall
>- something you want to achieve with a dmz. You don't want a hacker who
>has comprimised your dmz to be able to start hacking your firewall or
>internal network.

>If setup properly, the firewall should be transparent to everyone that
>uses it but still pass traffic that has been allowed by the firewall
>rules.

>>
>> You can certainly create a daemon on some port whose sole role in life is
>> to listen for a message telling it to shutdown and then shutting down the
>> machine. ( better probably to just have xinetd run the program. Of course
>> you probably want more than just a tinkle on the port as otherwise I could
>> shut down you r machine by just tickling that port)

>That's something I'm looking into now.

On 8 Dec 2006 18:44:31 -0800, (E-Mail Removed) wrote:
>>
>> Many trigger off a serial connection from the UPS to the computer.
>
>I don't really have an issue with triggering on the master server. That
>part is fully functional and works great.

For some UPS models, you can get an expansion card with additional
serial ports. For example AP9607 for Smart-UPSs from APC.
I'm using such a card to hook up a filtering bridge which doesn't have
an IP address, so the other tricks as desribed here don't work.

More information about this card:
http://www.apc.com/resource/include/...e_sku=AP9607CB
or (if you need even more ports):
http://www.apc.com/resource/include/...ase_sku=AP9207
I have no idea if something like this is available for your UPS, but it
might be worth it to ask around.

--
Maurice

Unruh wrote:
> (E-Mail Removed) writes:
>
> >>
> >> Many trigger off a serial connection from the UPS to the computer.
>
> >I don't really have an issue with triggering on the master server. That
> >part is fully functional and works great.
>
> >>
> >> I am a bit confused. If the dmz is not connected to the internal machines
> >> at all, then there is no way they can tell it anything. I think I need more
> >> info on your topology.
>
> >I have no problem contacting the dmz machine from the internal network.
> >All the UPS software I have seen requires that the client connects to
> >the master, so my dmz machine would have to contact my internal network
> >which I am trying to avoid.
>
> No problem then. You can even set up a daemon or you could set up an ssh to
> run shutdown -h -t 120
> Ie, make sure sshd is running on the dmz with access (/etc/hosts.allow)
> only from one internal machine.
>

I'm using Lansafe from Powerware as it fully supports the
Coompaq/Deltec UPS communication protocol without any problems. The
nice thing about the software is that you can have it execute commands
for each event type (173 different events).

For a few events (eg. 1 minute to shutdown and power restored), I have
it run a script in which it contacts a powerd daemon on the dmz
machine. The powerd daemon uses simple authentication and command
structure to receive commands from the master. Those commands in turn
change the init level (using FAIL and OK messages in /etc/powerstatus).


I wrote some simple expect script to authenticate and set the status as
required. Seems to work pretty good.

I thought about the ssh method, and I may change over at a later date -
a little more secure never hurts anyone!

Thanks for your input.
Mike