20071230

Happy New Year! It's about time...

Time for a New Years Resolution! Establish an NTP server at every site I work on, and point as many devices to it as I can. (I'll do this to save everyone some time.)

Consider taking a look around your installation. How long would it take to check the uptimes of the devices, and also check their on-board Real Time Clocks. How many do you think are correctly showing the current time, within +/- 10 minutes? For your network gear, how many are showing log timestamps as the "from startup" uptime stamp, instead of a date/time notation?

Now, consider that, in the time it would take to EVALUATE your clocks and timestamp settings, that you could probably FIX THEM, not just record the results! If you plan to go and touch all the gear anyway, why not save some time, and SET the clocks, instead of checking them?

But, when was the last time anyone bothered to do this, in your installation? Maybe the clocks on your devices only get set when each device is installed. (If you ship devices between data centers, across timezones, do you make a point of changing the device clocks when you receive them into your installation?) Let's face it, these clocks are cheap, and they ALL have some drift in them. Even if the drift is minimal, the error is cumulative, and can be significant across 3 or more years. You complicate the drift when you don't use a stable starting point. (What time reference does everyone use when they set device clocks? Probably their independent wrist watch?)

In the same way that you need to spend some money to make more money, you need to spend time to make more time! NTP is a great way to set clocks, and keep them close to the current time. (Even a daily time sync will all but eliminate the effect of drift on the cheap clocks.) Most devices have a no-cost client available, and many servers and some network gear have a no-cost NTP Server option available. If you have a complicated network, with multiple customers or DMZs, you can invest in an appliance that uses GPS or the cellular phne service to provide a drop-in connection on an isolated network. You just need to take some time to set up a server, and then set your devices to be clients.

Technically, all of this work (and invested time setting up NTP) doesn't save time, per se. What it will do is reduce the time you spend tracking down problems. Calculating time-math is hard. Correlating time offsets in log files between devices with unsynchronized clocks takes a LOT of time. But, when you have an "event" in your installation, and you need to find the Root Cause, you need to compare a bunch of logs, to figure out what happend first, then second, and etc.

If you take the time to set up an NTP server, you make it quick and easy to 'set and forget' the clocks on new devices coming into your installation. When you take the time to point all of your existing devices to the NTP server, you'll save time comparing the logs on all future 'events'. It's hard to guess how much time, or how soon you will recover that time, but it WILL happen. Just give it time.

-Zonker-

Some NTP appliance resources I've found to be interesting:
VMware NTP appliance VM info
Symmetricom S200
J-Time (Meinberg USA) Lantime M300
Brandywine Communications NTV-100RG

20071228

Saving time, and saving soles...

Whether you wear sports shoes, cowboy boots, or birkenstocks, the life of your shoe's soles are determined partly by how much walking you do in them. I'm a big fan of recreational walking, but I'd like to minimize the running around I need to do at the shop.

In the event of an emergency, getting on a serial console saves me from pushing a cart around, waiting for elevators, carrying a laptop around (and all the extra adapters, cables and power packs), just so I can get on the console of various devices, just so I can check configurations.

Yes, if the network is working, I can check a lot of the configurations across the network. But, sometimes interfaces die. Sometimes a typographic error will change an interface or network setting. Sometimes a cable gets unplugged accidentally. That's when your normal access breaks, and leaves you scrambling. Unless you have a console management network in place, and some strategicly placed console servers. (Better still, you should have something logging all of those remote consoles, but that's a topic for another post.)

Today I watched a friend cutting over to a new network over the holidays. Progress was being made, but it was slower than planned, and the days are starting to run out. He had developers from the new network gear vendor helping to debug the lack of interaction. While they all had their laptops, I watched as they wheeled a cart around the buildings, and up and down elevators, trying to check configurations because the network wasn't yet stable.

What was missing was a stable, simple console server deployment, with 8-16 ports in each of the main and intermediate frame rooms (MDF and IDFs). There was already fiber between the rooms. The console net could have been simple, stable, and independent of the main network. And it would have allowed them to be logged into many consoles at one time. They could have been watching errors and events on many devices as they tried tuning various settings.

Sure, this costs a bit of money to set up. But the price per port is low for simple, reliable gear. Consider the time for a couple contractors, and three developers, working over the holidays, trying to debug a problem. (I guess if your doing that work as an hourly worker, it's not so bad...but if you're the person in finance trying to close out the end-of-year books, and the network is being flaky, I imagine that your perspective about how soon the network should be stable would be different.)

I've written elsewhere about my portable Emergency Kit (a small hub, console server, adapters, cables, and canned telnet configurations to the console server). Today, I'm trying to lobby for you to consider a simple configuration, to support your current devices, with a bit of room to grow. Hopefully, you may find yourself trying to add more gear in preparation for a cutover, adding extra devices in every wiring closet, and you'll save yourself time and steps if you have some extra ports ready in each location.

Remote offices/sites deserve this consideration as well. I know many places that install a modem on the core router at their remote sites. But, what happens when the router relies on a TACACS or RADIUS server at that location, and the problem is not the router? You can dial in, get a prompt, but you can't authenticate, so you can't get into the router, or the authentication server. If you had a small console server there, and the modem allowed you into the console server, you would have a better chance of getting the access you need. (Even if you only see errors, you'd understand how to resolve the problems later...maybe the authentication server is trying to log your attempt by resolving to a DNS host that it cannot reach (since the network to the main office is down)? You know you need a DNS host in that office, or at least some static entries in the local hosts table for that host.)

Trust me about this...adding console servers isn't going to make you lazy. It WILL save you time, which you can spend doing some of the other tasks on your plate. It is well worth the investment of time and money to set it up.

-Zonker-

20071129

All Together Now...

You use Console Servers to manage the serial ports of various devices, right? So, it only makes sense that a 'Best Practice' would be to connect the console ports of your Console Servers to a port on a console server, so you can monitor the Console Servers, too, right?

BUT, to do this 'right', you need to connect it to another, different console server. After all, when do you really need to use the console? When the machine is having a problem, and WHEN THE DEVICE REBOOTS! (All Caps used for emphasis...sorry if I offended anyone. ;-) When the device reboots, your serial console is how you see what the machine is doing until it gets going sufficiently for the network to be of use to you. So, if you connect your serial port to another port on the same Console server, you can monitor it when all is going well, but when things go badly, you've just lost your console access as well.

Tonight, I hit a bit of a snag...because I had connected some Console Server console ports to other "nearby" Console Servers. (Imagine 18" console jumper cables...why not, the 'different' units were close enough.) "What could be the problem with that", I had thought.

Tonight was the night to upgrade the software on this set of Console Servers...complete with systematic reboots between revision levels. Doing the three in parallel, to take advantage of 'cut-and-paste' to minimize the chances for typographical errors. Halfway through the reboots, I stop seeing progress...because the reboot of Console Server A had taken out the console access for Console Server B...

So, I type this note as I wait for the Console Servers to reboot and for my console access to stabilize again, and I consider whether my tie would have been worth the extra ~125 feet of cable to make the console runs to diversely-disparate Console Servers, to minimize the chance of a 'cluster service' outage taking out closely-grouped Console Servers. Food for thought.

-Z-

20071023

Whether we need DCD more than symetry

I'm very much in favor of a symmetrical RJ45 wiring schema for console servers, because it could minimize how many adapters I would need to stock. The advantages of a symmetrical pinout include using a simple 'rolled' cable to make a 'null-modem' connection between devices and adapters.

Now, I'm not picking any particular vendors wiring scheme as 'the best'. I'm espousing symmetry as the 'best way'. The problem is, this means having two Signal Ground pins, which usually means that DCD won't have a pin. (On an 8-wire RJ45 interface, you would have two ground leads, two data leads, two hardware flow control leads, and two hardware handshaking leads.)

Remember that today's Console Server has its roots in yesteryears Terminal Servers. The old TS used modems or terminals, to let remote users connect to hosts across the network. The hardware handshaking was used by the terminals to indicate if they were connected. With modems, they could be connected and powered, but it was DCD signals from the modem to the TS which told the TS whether an interface was 'on-line' with a remote user.

But, these days in console service, modems are a pretty rare thing. Still, I'll be the first to recognize that modems could be used to dial into a remote site and try to connect when the main WAN links are down. However, you can configure most modems to toggle the DSR lead to reflect the status of DCD, and you can configure most console servers to recognize the DSR lead as a signal that the device isn't ready. (So, I don't think we really need DCD in console service. I'll leave Dial-up Networking for later article.)

If you look at my Signals Page, in the RJ45 section, you'll notice that there are already a couple of symmetrical pinout schemes. But you can also see the wide variety of combinations that I've found so far. While pin 4 seems to be the most common pin for signal ground, its clear that not everyone uses pin for for the signal ground. That makes it harder to make an RJ45 signal tracer that works in all cases, so there is less incentive for a vendor to take on that project.

So, for the existing symmetrical RJ45 pinouts on my signals page, you'll notice that they use pins 4 and 5 as ground pins. Data pins are on pins 3 and 6. Handshaking is on pins 2 and 7, and flow control are on pins 1 and 8.

If you're asking "why can't we use pin 5 for DCD?", then you may not have thought about the issue deeply. The first problem comes when you use a rolled cable as a null modem, and you now connect two devices signal leads, but not their signal ground pins! You'll be replying on the chassis ground connections to provide the signal reference. Using these console servers in large data centers means that you may be connecting devices on different phases of the AC circuit, or even across two different Power Distrubtion Units (PDUs) or Uninterruptible Power Supplies (UPSs). The result could be burned out serial ports on your console server and the attached devices, or more sever damage to the units.

So, to summarize the vendors I know about today;

Symmetrical, with 2 grounds (9+ of 26):
Cisco, Logical Solutions SCS, Lantronics SCS-1600, Digi PortServer II, Xyplex 1600/1800, iTouch/MRV in-Reach lines, Juniper Networks (J-series devices, and many NetScreen devices), Server Technology CDU consoles, and Sun Microsystems console/TTY ports

Symmetrical, except for 1 ground and DCD (3 of 26):
Digi CM, Digi STS-1610, Opengear CM

Of the 27 console connections I've documented, 15 use pin 4 for ground, and 9 use pin 6 for ground. (Keep that in mind if you are making your own RJ45 signal tracers.) And of the 9 symmetrical pinouts, eight of them use pins 4 and 5 for ground, and one uses pin6 3 and 6.

It seems to me that other vendors (who are not making console servers) have been choosing the Cisco wiring scheme (Juniper, Sun, Server Technology). Lantronix picked the null-modem compliment to the Cisco pinout. Those choices have been good for me, since it simplifies some of the deployments that I work on. It's interesting to note that the Xyplex/iTouch/MRV pinouts are almost identical, except that pins 1 and 8 (the flow control leads) are inverted from the Cisco schema. (So, if you don't care about flow control, you can mix-and-match these devices with the Cisco-schema cousins.)

I'm under the impression that some vendors are considering adopting a different wiring scheme for their future product series. I'd strongly urge that they consider adopting a symmetrical schema, and I'd also strongly encourage them to consider using an existing schema, rather than trying to come up with a unique schema. And I'm always interested in discussing it in person, though an email on the topic is also welcome.

20070920

Sometimes you want it raw...

Your console connection, that is!

When you are using a console server for remote access to serial consoles, you're defaults are usually a telnet-type listerner on the console server. That means a 7-bit session, with the high-order bit normally being "0". (That's why you sometimes have a session that displays unusual characters...something trips the high-order bit to "1", and you need to reset the session/port to clear the bit.)

But, what if you NEED to pass 8-bit data? Sam Crooks recently had the need to upgrade the OS on a router, but didn't have a the ability to use the network to get the code to the unit. He could, however, use XMODEM-1K from a locally-attached laptop serial port to the console of the unit. Except that his laptop was across the network. The gotcha here was the 8th-bit was set to "1" in much of the data, and certainly in the file transfer sequence numbers. This botches up the connection, and you need to start over again. (I'll explain about the modes first, but I'll also share notes from Sam's solution towards the end of this article.)

Fortunately, most console servers today have legacy roots in "Terminal Server" service, as in dial-in modem pools, and binary file transfers. So, besides their 'default' 7-bit session mode, most have an "8-bit, escapable" mode, and some even have a full "raw 8-bit, non-escapable" mode. You just may have to dig around a bit to find out how to access them. To demonstrate the issues, we'll use Cisco access servers as the example.

With the Cisco devices, to reach across the network to a particular serial port, you normally use a telnet client, to the IP address of the access server, at the TCP port 2000 + n, where n equals the (async) line number. That is, line 21, would be at TCP 2021. This is for the normal, 7-bit session. So far, so good?

If you need to use the 8th bit regularly (specialty keys, alternate characters, etc.), you can get the "escapable" 8-bit mode by using the TCP port 4000 + n. (The same n as before.) The 'escapable' pat means that you still have a couple of the 254 possible characters that you cannot use as data, because these will be used for the client to escape from sending data, so it can send control info (like "quit this session"). Most folks could use the 7-bit mode or the 8-bit mode interchangeably.

But, if you need to send ALL 256 possible characters (think the block sequence numbers, if you think that your data wouldn't have all the characters), then you need to use a "raw 8-bit" mode. But, if you can't escape from the data session (because your escape characters are "just data" now...), how do you close the session? You need to get the device connected to the async port to toggle it's handshake line. (Think of it as a modem call ending, and the modem drops the DCD line, or it cycles the DSR line...because that where that code has it's roots.)

In the Cisco access servers, you can invoke the "raw 8-bit" mode at TCP port 6000 + n.

Here are the notes from Sam's solution, once he discovered these different modes;

The serial speed of 9,600 bps is too slow for big file transfers, so he increases the port speeds to 115,200 bps. (In his case, he uses autobaud on one side, and manually sets the speed on the other. I presume this is so the speeds will resort to 9,600 after everything's finished.)

Next, he sets the port for the data transfer;

Switch#terminal download
Switch#
Switch#copy xmodem: flash:/c3560-advipservicesk9-mz.122-37.SE1.bin
Destination filename [c3560-advipservicesk9-mz.122-37.SE1.bin]?
Begin the Xmodem or Xmodem-1K transfer now...
CCCCCCCCC
now here, we go to TermTerm's, menus....
File../Transfer->/XMODEM->Send...
Pick the file, select 1K at the bottom of the window (vs CRC or checksum)...
and off the file transfer goes....hopefully to completion, and in a reasonable time...

Finally, when the transfer completes, he needs to break the session from the far end, so he uses the command clear line n (where n is the line number of the serial port you are using for the transfer).

Cisco also has a good, older page about the various commands related to configuring access servers for modem usage, which has some useful clues as well, including transport in and out, and changing your escape characters. You'll find references to these binary modes on this page, in the section relating to 'rotary'.

You can also find useful information searching for "configuring lines for modem support". For example, you can find a brief summary related to contacting the AUX port on a Cisco DSLAM using these three modes here.

Related Cisco commands (Anyone can search the public Documentation part of the Cisco website, but Cisco support contract holders can find more information if they are logged in.)
  • reverse telnet
  • configuring modem line rotary
  • telnet break-on-ip
  • exec (look for telnet-related BREAK info)
Good luck with that!

-Z-

20070919

Insert Wire A into Slot B (specialty cables and adapters)

The other title for this article could be "Pocket Notes (you really CAN take it with you)". Here's how I 'remember' how to wire a serial crossover cable when I'm in a data center, without easy web access.

I used to carry a small pocket notebook with notes and adapter diagrams, but those got worn and ratty and dog-eared. So I kept them in a computer, printed the notes and drawings, and carried a small (5" x 8.5") binder. This way, I could mark-up the notes when I was away from the computer, and make changes on the computer, and print more 'clean' pages. It was also easy to give a page away, since I knew I could easily replace it. Eventually, the binder got bigger, thicker, and heavier, until I finally started carrying the computer around.

Now, ten years later, I keep my console information pages on the web, but I also keep critical notes on my Treo (Palm OS device). But the OS isn't important! If you have a pocket/palmtop computer, you can use the memo functions to carry useful cable info in the note files.

ASCII art isn't easy, and it isn't pretty unless you are using a mono-spaced font. But recording the wiring for specialty cables is easy. In an earlier posting, I described how to determine the wiring for specialty cables. And most of us could easily spout off the wiring sequence for an AT&T 468B-wired CAT-5 cable, right? So, you start with that color sequence on one end...but what colors do you need on the other end? THIS is easily described with text, and proportional fonts do not get in the way.

I usually show the cable, wired from both ends, since I can use a simple RJ-45 cable continuity tester...but, I add the Cat-5 color code in between the pin numbers. I use the AT&T 468B sequence on the first end, since it's a good visual starting place. Then, I show the sequence on the 'other' end, with the resulting color sequence. It's this other sequence that it hard to translate in my mind, so I keep a 'note' that won't get dog-eared in my phone, since it's almost always going to be with me.

Here's an example of a crossover cable between Cyclades ACS Console Servers;

Cyclades crossover
one end...
1 whi-orn 5
2 orn-whi 8
3 whi-grn 6
4 blu-whi 4
5 whi-blu 1
6 grn-whi 3
7 whi-brn 7
8 brn-whi 2

other end...
1 whi-blu 5
2 brn-whi 8
3 grn-whi 6
4 blu-whi 4
5 whi-orn 1
6 whi-grn 3
7 whi-brn 7
8 orn-whi 2

Using the PalmOS memopad feature, I have note files for a variety of console servers. It's easy to combine wiring notes (crossover, loopback, signal inputs/outputs) for a single vendor into a separate file, for quick reference. You should be able to do something similar with other PalmTop devices.

I do still keep post-its handy at a few sites, with the "other end" wiring sequence, in case the memos aren't available. (The battery died, or I can't take a camera-phone into certain data centers...) When they start to get worn, I make new ones, using the records on my phone, or my web pages.

I hope this note is helpful to some of you. I know that it saves me a LOT of time.

20070831

When did my console service become Critical Infrastructure?

Many Conserver instances were started as an experiment. It was something to add to an existing console server deployment. It's usually installed on a seldom-used machine, probably older hardware, and maybe without support. But, it was certainly "enough to do the job, for now."

Once it was working, a few other folks started to use it. Then you offered to add more ports into the config for other system and network administrators. Soon, you've pulled in most of the original console server ports in the shop, and you're buying more console servers, and you're starting to look for more RAM and bigger hard drives. You're wondering if you are backing this system up, since the logs have become useful data. Then, one day, some data retention policy comes along, and you realize your console data just became Vital Records, and needs to be protected. It's time to think about an upgrade, and a service contract, and a way to write directly to archival media.

Why didn't you think about those things sooner? That's the topic for today's blog. What started as a demonstration just became critical infrastructure at one site I support. Here's what we are considering as we are looking for making this Conserver deployment a "Production Service".

Supported Hardware. Rather than a hand-me-down or a "Frankenstein machine", consider getting newer hardware. This will give you a longer product life (read that as "you can get tech support and replacement parts from the vendor" for 3-4 years), and you should consider the support contract, since this will likely become Critical Infrastructure if it hasn't already.

If you are trying to do this "on the cheap", you could try using a hand-me-down machine. Make sure you get a spare chassis (with power supply and motherboard), and and many drives and RAM! Remember, older drives and RAM get to be more expensive when they are no longer the new stuff! You'll also need to be able to service your own gear, on your own time.

Redundant Power Supplies. Unless your data center has fancy power distribution units that source two circuits to a since power cable, you should consider using a chassis that has dual power supplies. Make sure that the chassis can run fine (fully configured) on just one power supply! You should make sure that you are sourcing the power supplies from two different circuits. Also, find out if the power supplies have to be on the same PHASE of power, and find out BEFORE you plug them in. (Have I mentioned the value of a support contract for your hardware?)

I need RAM. Lots and lots of RAM. But how much is "lots". This depends on the number of consoles you plan to support, including your "someday" scenarios. Remember that Conserver starts with it's own process, and then spawns children for (generally) every 16 ports. Your OS will want some. And any other tools and scripts will need some. (If you are going to be editing large log files, searching large data sets, or processing many large log files, you're going to want a LOT of RAM, so that you avoid swapping memory to the hard drives.) Don't skimp on RAM.

Dedicated Log Data Drive(s). You don't want your logs on the same drive a your main OS. (If your console logs fill the disk over a holiday weekend, and your system can't write it's own system logs, your Monday morning is going to be a LONG morning!) How much space do you need? This is the hardest thing to estimate, since it really depends on how much you use your consoles. But, here is a good ballpark to start - estimate 20 MBytes for every console you plan to support, plus 1-2 GBytes as a buffer for when some logs start filling up faster than you expected.

Since Conserver can auto-rotate the logfiles when they reach a certain size, you want to consider how large a file you can open with the editing tools you want to use. I rotate my logs between 10-20 MB, and I use grep and PERL to find things. But if you use other tools that can't open files larger than, say, 5 MB, then you should adjust your log rotation size accordingly.

Use RAID to help protect your data. Even basic mirroring of your log drive will help protect the data set (your vital log files). If you are capturing a lot of very busy log files, you might want to consider striping the data. You may also want to consider hardware RAID support. (This can save you system some CPU overhead, but it also adds some hardware complication. Still, many sites are successfully using hardware RAID. If this is your first attempt to use hardware RAID, you should consider getting the hardware support contract for your machine.)

Consider using a RAID pair to protect your OS, scripts and tools as well! Many newer machines can host five 2.5-inch drives in a 1-Rack-Unit chassis. That gives you a pair for the OS, and a pair for log data.

Backing up your critical log files to archival media. CD media is cheap, but so is DVD media. (Heck, DVD drives are cheap, too!) You can get 5+ GBytes on a single-layer DVD, and must laptops and other workstations can read them. It's an ideal media for the day when the auditor comes and asks you to produce the log files for certain machines across a range of dates.

Remember, too, that most log data is going to be ASCII data. It's VERY compressible, and you can use PERL and cron jobs to compress the latest newly-rotated log files to a gzip version. This will let you store more log data longer, and lets you delete some of the older non-zipped versions. (Compressing the log files means you are going to be backing up the compressed logs, so you can store more of them on the DVD media...this means some savings in the number of discs you need to write over time.)


So, what would I recommend? Let me start by giving you the information that I'm using to base the decision, and then I'll tell you.

Given:
650 console ports today, could grow to 1024
(20 MB x 1,024 = 20 GB of drive, plus overhead, 25 GB minimum)
I want to store large amounts of compressed log files.
(3 yr retention needs for some files, 60 GB minimum)
1024 consoles means 65 processes, minimum, but more if my processes are really busy due to verbose logging. Could be 128+ Conserver processes later.
I want to run Splunk for log checking (RAM and drive implications.)
I also need drive space for backup, and log report manipulation.

What I'm proposing;
Dell 2950, with two 1.8 GHz Quad-core processors (Energy Smart)
Pick your OS (I'll pick Suse Linux, 3 yr license for the OS support)
8 GB of RAM (four 2 GB Dual Ranked DIMMs, Energy Smart)
Hardware RAID
76 GB, 15k-RPM drive threesome for the OS
146 GB, 10k-RPM drive threesome for the logs
Dual PS

This gives me a pair of drives for the OS, plus an on-site warm-spare, plus a pair for the logs with a warm spare. The drives are hot-swappable, so if I have a failed drive that RAID cannot recover, I'll yank the failed drive and swap in the warm spare, then let RAID rebuild it, and then I'll call Dell support for a next-day replacement, for the next three years. If I were really worried about hardware failure, I might opt for the 4-hour on-site contract.

Total cost comes in at $8.5k(US) today, from Dell, though the price may be better through other channels. (That works out to about $2,900 per year, or about $240 per month, to support 1,000 vital ports in the shop.)

Can you get by for less? Certainly. But, what is the cost to you if you lose log files you need to be retaining? What will the business impact be if the server is down for a day or more, and your administrators have to scramble to manage their servers and network gear 'the old fashioned way'? The cost isn't too bad, for Critical Infrastructure, now that it's proven itself to be useful and reliable. Shouldn't you put it on reliable hardware as well?

-Z-

20070714

Making progress, leaving footprints.

It's a bit depressing to see that I'm down to about one blog per month. At least I'm making a bit of effort hre, as well as making progress on the other projects that compete for my time.

As I've changed jobs, I appreciate the 'Oral History Project' that most companies use to store and share knowledge about network infrastructure, legacy reasons for doing things, even network architecture. But, I only like them a little, mainly because they aren't a stable source. People leave companies, or even just transfer to other departments. Stories change with time, and details tend to degrade very rapidly. I like documents better. (That's one large reason I make my web pages, and keep this blog.)

I learned a long time ago, from two examples, that the time it takes to make some basic documentation is largely paid ack when you use the documentation 3-4 times. Whether it's time saved when you refer to it yourself at a later date, or whether it's time saved when you give the document to someone else, and they can do a task, without you needing to give them the information via storytelling and sitting with them while they do the task. (I won't put the example stories in this article, to save space. Maybe I'll post them in a separate article, if there is some demand for them.)

When I'm debugging a problem, I keep notes, usually in a 'notepad' or 'teach text' file. (Save the file with a useful name, and save it often during the project!) If I'm working on a device configuration, I keep a diary of the changes I made, in case I need to revert anything. I also paste in any error messages I get during the process.

BUT, here's the message for this blog... During the process, I make notes about some of the useful options for some of the commands I'm using. (I needed to look through the syntax for this effort, and I learned something...so I save it for a future effort!) When I'm done, and I've figured out the proper sequence of commands, I now have a basic document that shows me the correct steps, and a few added notes for related commands. If I take an extra 30-60 mintes, I can add some comments for the next time... things to be aware of, pitfalls to avoid, information to gather before you start, how long it might take... these all get into the document.

At the end of the effort, I now save a copy of the file in a "Clues" directory. This is my 'canonical' place for the most current version of my clues, for anything I've worked on. I've written my stories down, and everyone on the team knows where to look for them if they need to work on a project. If I'm unavailable, my team will still have access to useful knowledge on an array of tasks. (And, if it's easy to hand off a project, it's more likely I'll be able to hand it off and do something more interesting the next time.)

Make a clues repository, start gathering simple process docs, and get the other folks in your department to share in filling the repository.

-Z-

20070602

The Emergency Kit

I've put together a small kit, which can give me quick access to the serial consoles of various machines, for those little emergency trips to the colocation facility, or a customer site. It's been so successful and handy that colleagues are borrowing it for small cluster jumpstarts, and even for a Disaster Recovery exercise. So, I'd also describe it here.

The gist is, I started with a small 8-port console server, so I could use my laptop, a pre-configured telnet client, a crossover-Ethernet cable, and a handful of adapters to connect to various devices. I found that I often needed to be connected to the machine's network as well, so I added a small hub to the kit, as well as a small power outlet strip to my laptop bag.

I picked the Cyclades TS-800 8-port console server because it was small, was BREAK-safe, and ran from a 'wall wart' (power pack). I really wanted one that could run on 12-volts DC, so I could run the kit on car battery power, but couldn't find one. My laptop can also run from 12-volts DC (which could be handy in an emergency). Sadly, the TS-800 units are no longer sold by Avocent, but there are still a variety of small console servers on the market.

The small console server fit in the large pocket of my laptop bag, but limited how many cables I could carry, along with all the adapters. I finally fell to using a small, extra bag for the console bits.

I added a small 10-Mbps hub initially, so I could also do some packet sniffing, since most small switches don't have the ability to 'span' or 'mirror' ports. But, that bottleneck also throttled network access to the attached device, and I wasn't doing so much packet sniffing, so I 'traded up' to a Allied Telesyn AT-FS708LE 8-port 10/100 Mbps switch. This is a 12-volt DC device. It's small, lightweight, sturdy, and still available cheaply.

The kit now includes the switch, the console server, two crossover-Ethernet cables (1'- and 5'-long), an assortment of lengths of regular 8-wire CAT-5 cables, and an assortment of 24 Cyclades serial adapters. I also have a few 1'-long Cyclades null-modem (DCE-to-DTE crossed RJ-45 cables, and a few CAT-5e-rated female RF45 couplers. Add in the wall warts, and the kit lives in a 6-quart Sterilite plastic container about the size of a shoebox. Easy for security folks to see what is inside, but you don't want to put this in the belly of an airplane.

The Console Server is really the key to this kit, so here's what I've done to make it work;

First, configured the device as a console server, then copied the config file so I have an on-board copy, in case someone feels the need to change settings while they borrow it.
cp /etc/portslave/pslave.conf /etc/portslave/pslave.bkup

Make sure the backup config is saved into the unit's NVRAM. On the Cyclades, this means adding the file into /etc/config_files. (This is one reason I strip most of the comments out of my console server config files, since I'm basically saving two copies of the configuration file.) Now, if someone needs to change the config file, it's quick and easy to get back on the console, and copy the config back over the pslave.conf file, then 'saveconf' and reboot.

I also add an entry for my laptop into the /etc/hosts file on the console server, to reduce delays when making your reverse-TCP connections to the console server.

I had originally assigned different port speeds (19.2k, 38.8, 57.6, and 115.2) to ports 5 through 8, to make it quick and easy to access a high-speed port. But, I found that most ports are STILL at 9.6kbps as a default, and sometimes I needed more than 4 ports. In those cases when I needed a higher speed, I often needed more than one port at the higher speed at the same time. Since I found myself making many configuration changes I decided to revert the base configuration to 9.6k all 'round, but that's just explaining my reasons. You may want to do it your own way, and that's up to you.

I also pointed all the "extra" services (Radius server, syslog, etc) that the console server might want to use to the laptop IP address. I already use a small but of RFC-1918 address space, to reduce the chances of a conflict with the network that I may attach to. Pointing just to my laptop reduces the chance of the TS tripping any Intrusion Detection System (IDS) that might be watching the network. (I don't use the Syslog much anymore, but if I want to try it, that's one less part I need to configure.)

The current laptop is a PC, using PuTTY as the client tool. This lets me save the basic settings for "ts-1" through "ts-8" (configured to connect to the IP address of the console server, at ports 7001-7008, respectively). I use a distinctive window size and text/background colors for these windows, and each connection is configured with a unique 'window name', and a unique log-file name. The distinctive window settings make it easy to tell which open windows are serial connections, versus network sessions when I'm debugging.

An advantage to using PuTTY for this, is I can also 'export' a copy the Windows Registry settings for these sessions onto my FLASH fob, and easily give the settings to someone who is going to borrow the kit, and VIOLA! They are ready to connect to the ports quickly and easily. PuTTY is small, and runs without needing to be 'installed', so I have a copy of that on the FLASH fob as well.

The final bit that makes the kit as easy to loan as it is for me to use it, is a 1-page README document (also on the FLASH fob...with a canned Conserver config snippet for this device, just in case), which outlines the default IP settings, serial speed settings, adapter and cabling clues, and basics about how to open a reverse-TCP session to a serial port. I also include clues and the password for configuring the device. (Add a few useful labels to the hub and console server, mark the wall-wart connectors with a color-code at the device-end, and things go pretty smoothly.)

I don't use it very often, but when I need it, it's ready to go! When your time is worth money, having a kit on the shelf is money well spent!

-Z-

20070422

Relieve pressure in your shop!

We've got plenty of pressure with deadlines looming, new projects, and other 'people issues'. But the pressure I'm writing about today is torque.

For serial adapters that screw on (DB25, DE9, etc.), you shouldn't need to tighten them more than finger-tight. The screws are meant to keep the connector from being pulled out if the cable is tugged. Most of the small threaded nuts and screw-end on the adapters are not made for serious torque, and will likely break, or strip, if you apply too much pressure.

Finger-tight for you may be tighter than finger-tight for someone else that might need to work on the gear later. I don't want to make someone have to go get tools to remove serial adapters.

This goes for the screws for mounting your gear in cabinets or relay racks. You can tighten these hand-tight, but don't set your screw-gun to be an impact wrench! The lowest settings will probably be fine. (If it's not, you should make sure that you haven't cross-threaded the screw to begin with, rather than cutting new threads in the rails...because aluminum rails will strip easily, and steel rails will chew your screws easily. Let's try to not damage any parts today.)

The other damage that occurs from too much pressure is damaging the screwdriver bits and the screw-tops. It starts when the screw stops, and the drill keeps going, and the screwdriver bit starts to round over the screw head, but it's starting to damage the screwdriver bit as well! This makes it easier for the screwdriver bit to round over the next screwheads. (Take a good look at the philips bit in your screwgun today. If you don't have good, straight edges, it's time to turn down the torque, and either get out the file to renew your bit, or use a new replacement bit.)

The pressure you will save, will be the pressure on you in your next emergency. You'll be able to quickly remove an adapter without needing to go get tools. Your tools will easily remove and install screws, and your screws and rack rails won't be damaged by 'the last guy that worked on them'.

Once you set the torque on your screwgun to only 1 or 2, keep checking it, since there are probably other folks that borrow it. They'll likely change the setting, and not put it back. When you find it has been changed, you may be able to share this note with the culprit, and make things just a bit nicer in your shop.

Use the correct serial adapters, and trust them.

Today was a service window, and I was working in an old part of the network. I stumbled onto a broken DE9-toRJ45 adapter, dangling by it's wires. I swapped it out for a new one, from the proper vendor for the terminal servers in use, but there was no response via conserver.

"It was working fine last week." I'm told.

Looking further, I found a poor RJ45 termination, but the signals on on my signal tracer looked odd as well. This led me to the other end of the cable, where I found that I was looking at a USOC-Rolled cable (old CDDI-type wiring). This would have been a 'null-modem' if they had been using Cisco console servers, but they were not. Instead, they had only a couple leads correctly connected, and signal ground was not one of them. After a bit of frustration reaching more consoles, and reterminating those cables to be straight-through again, the network was back under our control. But why had they failed?

"But they've always worked like that." I'm told.

The wiring of the Cisco adapters, the null-modem (USOC-Rolled) cables, and the non-Cisco console servers wiring scheme had meant that signal reference was really be derived from the equipment chassis, across the power systems ground, between the console servers and the controlled devices. Today was they day that newer, fatter power circuits were installed, and moving the gear to different Power Distribution Units were too much.

The signal reference ground pin is extremely important, to prevent data errors, possible equipment damage, and possible injury to staffl handling the connections! (I'll share my 'bad ground, smoking gun' story another day, when I have more time.)

Using the correct adapters, and correct wiring, will lead to predictable results. Mixing and matching parts you have laying around with specialty cables will eventually cause you more headaches, and possibly more money than you will save. And the chances are good that you'll need to 'do it the right way' sooner or later. If your shop is as busy as the places I've been, you may as well do it right in the first place, because you may not have time to do it right later without sacrificing weekends or vacation time.

20070413

Kudos to the Cyclades folks

Their product was developed across three continents, and sometimes you could find grammatical errors in their on-line tech notes (perhaps because the authors first language was not English?), but I have not found any techical errors in the command-line instructions of the older files.

To be honest, I occassionally took some liberties, trying to optimize the steps that they had outlined. But, if things didn't work the way I expected, I have always had success when I did it exactly the way they typed it.

As someone who owns and operates on a bunch of older Cyclades gear, I'm very thankful that Avocent has retained the old Cyclades files at http://global.cyclades.com. Access to the old information has proven to be invaluable for upgrading older units to newer code.

And, as a fan of documentation (see my Console Connection Guides...), I tip my hats to those who made sure that the original instructions were spot-on correct, every time! Thanks, folks! I hope the Avocent team will follow well in your footsteps.

-Z-

20070408

Going back to the beginning

"I am waiting for you, Vizzni! You told me to go back to the beginning, so I have. When a job went wrong, you went back to the beginning!" - Inigo Montoya, Princess Bride -

Today's topic is a lesson in Change Control, sort of. More like Pre-Change Control.

Most manufacturers post their upgrade instructions. Some of these instructions are fine. Some are even exceptional. But few manufacturers offer instructions for how to downgrade their code. Yet, if an upgrade goes wrong, you will probably want a fall-back plan, to get you back where you were, at least until you can get the vendor to help past the problem(s).

Most console server devices store their OS and boot files in FLASH. But many of them cannot store more than one version of the OS in the on-board FLASH at a time. So, the upgrade process will overwrite the old version. If you plan to revert to the original version, you need to gather a few things before you start;
  • A copy of the current code version
    (You may be able to TFTP the file to a server from the device!)
  • At least a byte-count for the installed currently installed version
  • Better is to have the MD5 checksum hash for the currently installed version
A timestamp for the currently installed version may not be very useful, because many devices display the current system time for the files in FLASH. Even if the device displays an older timestamp, it's often the date the code was installed, and not the datestamp of the file was created. Still, if your device gives you older timestamps, it's worth noting the date and times of all of the files in your FLASH, before you start, so you can compare them at the end of the process.

If your device has MD5 implemented, so that you can check the new version for integrity, you should also use MD5 to display the checksum for the current version before you start. (If you need to load the old version back again, you should know what the checksum will be.)

You keep all of the software CDs that came with your devices when they are new, right? (At least ONE copy for each platform, and for each different software version as you collect them.) You should also mark them (the CDs, Manuals, etc.) for the software version they contain. The cost of a bookcase is cheaper then an evening of your wasted time because you cannot easily find the information you need.

"But my vendor keeps all of this stuff on-line. Why bother to keep the old stuff?" you ask. Let me offer a few cases that happen more often than you might expect;
  • The vendor goes out of business, and the website goes away.
  • The vendor sells the product line, and the new vendor kills it off.
  • The vendor gets acquired, and the old website goes away.
  • The vendor decides old software is "support", and is worth money.
  • Newer versions of software are too big to fit into the FLASH in your device.
  • The upgrade instructions had a mistake.
  • The new code doesn't like your old hardware.
  • The vendor decides to remove old versions from the web, to encourage the adoption of newer versions.
You should make a habit of checking for newer coder versions, for all of the hardware devices you own. Read through the release notes, and decide if the code might be useful to you. If you might want to upgrade someday, collect the newer versions (the binary file(s), README file(s), and PDF documents, and any checksum files).

Keep the versions in separate directories, since sometimes the image names are identical, and you don't want to overwrite the old files when you add the newer files. Then, you will be ready to upgrade when the time comes, and you'll also be ready to downgrade again, if needed.

-Z-

20070331

Serial Speed-shifting demons

A fellow called Jerry Roy emailed me, asking if I knew how to connect a Cisco AUX port to a Topglobal Phoebus EVDO router console. There were a few thing he needed to work out...

1) the Cisco RJ45 to EVDO Mini-DIN-8 cable wiring
2) the configuration settings on the Cisco
3) why his old Cisco config clues didn't work right

Jerry is no slouch at this stuff, and had configured Cisco gear for reverse-TCP conection to the AUX port in the past, but this one was baffling him. He had a mini-DIN to DE-9 modem cable, but it wasn't playing nicely with the Cisco adapter. When he connected to the AUX port over the network, he got a Cisco login instead of the EVDO. Solving this took us about a week, including emailing to the vendor's support staff and the EVDO manufacturer in China to clarify signalling info and determine what wires needed connect to which pins. Once we had what we thought were the right pins, we still saw garbage on start-up, which made us try a variety of settings (even though the console speed was set to 9600 8-N-1).

We determined that the exec/no exec flag had changed in a major Cisco IOS revision from 12.2 to 12.3, so his abbreviated configuration commands needed to be amended. (It doesn't hurt to invoke a 'default' setting, so my Cisco config clues are a good start, if you're using reverse-TCP to get to Cisco ports.)

Jerry finally determined that the Tpoglobal Phoebus EVDO device runs its console at 115.2k 8-N-1, but he couldn't get any reponse from the console after the startup...because the OS then changes the EVDO console to the user-defined speed. The EVDO was running POST at one speed (spewing garbage at the modem/console), then silently shifting speed to a different, user-specifiable speed. He eventually set the user-defined speed for 115.2k, so the speeds would be consistent.

What made this so hard;
a) cisco changed the 'default' functions for local login (exec) between major IOS versions
b) vendor docs used unusual signal names (TD+, TD-, etc.) without input/output clues
c) molded cables, and unusual connectors made it hard to determine cable pinouts.
d) Roy didn't have any signal testing gear besides a voltmeter.
e) vendor docs didn't mention that P.O.S.T. messages would always be at 115.2 kbps

Developers Clue #1: If you think this speed shifting is a good idea, at least end the POST with a tag indicating that "POST is done, switching to OS console speed", even if you can't indicate what the new speed might be.

Developers Clue #2: If you think this speed shifting is a good idea, in the code that allows the user to set/check the definable console speed, you should also retun a note that the POST speed will remain at [speed], so the user is reminded that there will be a difference. (Or add an option to set the speed "Same as P.O.S.T. console speed".)

Tech Writers Clue: If the system console can be set for two different speeds, the cases need to be called out in the manual.

Here's the cable diagram Jerry came up with (in case someone else needs it) with the pin numbers shuffled to see where loops occur;
Cisco AUX           EVDO console
RJ45M mini-DIN-8M refer to my Signals page
1 RTS -->(nc) (nc) --> DCD 1 for connector pinout info
3 TD -->------------> RD 3
6 RD <------------<-- TD 5 8 CTS <------------<-- RTS 6 4 GND ---+-----------> GND 4
| (nc) --> CTS 2
5 gnd ---' (loop Cisco pins 4 to 5)
2 DTR -->-. (nc) --> DSR 7
7 DSR <---' (loop Cisco pins 2 to 7)
Since the EVDO apparently doesn't have a DTR output, we looped the Cisco hardware handshake lines. (For use connecting to other consoles, I would usually pass these to the 'far side', so the far device could tell if the cable was plugged in AND the near device was turned on. After all, that's what these leads were designed to do.) If you care about hardware flow control (RTS/CTS), you could also connect Cisco pin 1 to EVDO pin 7.

-Z-

Mining for (serial) gold on Google

When I'm using my gmail account, I find that I know keep an eye on the 'content-relavant' ads they post on the right side of my screen. If a link looks interesting, I'll 'open link in new tab', and look at them later. This way, I don't really interrupt the flow that I'm following now. Most of the links don't pan out, but sometimes I find gold, that really valuable site that I might not have found using keyword searches before. (I don't know why I don't find them at other times. I'll take lucky chances any day! :-)

Today's nugget was the Intro to Serial Communications page at TalTech.com. There is a lot in common with my Minor Scroll of Console Knowledge, but there are a few other tidbits there that I haven't put on my page. (I've already emailed the webmaster, asking if permission to link to their page. Netiquette first, of course.)

If you haven't tried gmail, you might want to, now that you don't need a referral. My acount was a test, to chat with a friend. It expanded to become an archive for console-related emails that I received on my other accounts, and the ads became more relavant. Now it's one of my main accounts. Thanks, Google!

-Z-

20070329

Crossing a VPN to get to your Console Ports

You may not have tried this yet, but you may want to read the note anyway, so you'll be prepared for the day you will need to cross a VPN. As security gets tightened, and networks are segmented, the VPNs will be coming to a LAN near you.

I hadn't thought about the issue of "dropped links" for years. My modems would often time-out from inactivity. Sometimes ISDN connections would drop due to idle timers, because there weren't that many B-channels available in the pool. I understand why you get timed out, and I empathize with the implementers. But, sometimes you need to keep a link up, without thinking too hard, or remembering to type a key.

In the modem days, I'd start a PING across a PPP link. Sometimes I'd set my email to poll every 5 minutes, just short of the timer, in order to keep links active. But broadband access and SSH to hosts was ubiquitous enough that I'd forgotten about this inconvenience.

Today, I was bitten bye a VPN with idle-timeouts set uselessly low for working remotely on my consoles. While email, and web browsers don't care so much (since they are always initiating a new TCP connection), it was invisible at first. But, my SSH sessions would suddenly be frozen. with no indication of the problem. Meanwhile, my idle TCP connection at the far host was abandoned, and would need to be killed off by someone with administrative privileges.

The answer was the TCP-keepalive options available in my SSH client. Under Microsoft graphical OSs, I use PuTTY, and you can set the option there for sending keep-alive null packets every n seconds, and/or TCP keep-alives. This solves the problem when it needs solving (only when I've got an SSH session I care about), and its automatically done (no need to remember special hacks), with minimal load on the network link.

Now, I admit that I am hogging a resource (the VPN session), but I'm usually logged in for a good reason (such as wrenching on the network), so I'm doing it for a good cause.

If you are going to SSH into console servers (or even reverse-TCP), a dropped VPN connection will cause you a lot of grief, since the port you were connected to will be 'busy' until someone can kill off that process. If you are using SSH to log into a Console Management Application Server (such as Conserver), you will be leaving abandoned sessions on the application server host, but the console ports themselves will still be available to the next person who needs to get on them. If you run into this symptom, check for the keep-alive options in your telnet/SSH clients, and see if that doesn't fix your timeouts. Just remember to log out of those sessions when you are done, so the VPN access can continue to be shared.

-Z-

20070324

Making the adapter or cable you need

I've got shelves, covered with tupperware tubs and drawers of adapters, sorted by wiring type and DCE/DTE, and labeled (both the adapters, and the tubs and drawers). I also have a variety of test gear handy to help me test serial ports and devices. But I know that I'm a bit unusual in this regard.

Most shops I've visited have one box or drawer where they collect 'stuff' that isn't 'Ethernet'. The problem is, many vendors do little to label their parts, other than to add a part number. (Sometimes, though, the part number is on a baggie around an unlabeled part. Once the baggie is lost, the part becomes useless as soon as you seperate it from its associated equipment.)

You can spend a lot of time trying various combinations of the parts at your disposal, testing at each step whether it shows signs of working, or you can set out to build the cable or adapter that you need.

To build the cable or adapter, you need to know:
1) are both devices using the same Electrical Signalling (i.e. RS232, TTL, RS488, etc.)
2) which pin/contact numbers are which on the connectors you need to use
3) which signals are on which pins, and which are inputs vs outputs

Your search for information should start with the equipment you need to connect. Some equipment will include pinouts and signal info on a label on the chassis itself. Next comes reading the manual, which should be on a bookshelf in your office if the equipment is still in use. Sometimes you can find the documentation on a CD-ROM that came with the equipment (you keep those, too, right?), or the vendors website, in their support section. Start with these if you can, since configuration information for the port may be needed later, and these documents will be specific to the software revision loaded on your equipment.

If you can't find the information resources from your vendor, your favorite search engine may be useful. I prefer Google, but they have their good and bad weeks when it comes to finding useful results. (There are occassional bouts with bogus search portals saturating the Google results. It's like a tide, really...when it gets really bad, they manage to clean it up, and results get really good again. No, I'm not trying to bite the hand that holds my new blog. ;-) I've had poor results with MSN, and Yahoo is hit-and-miss but they have too many ads for my tastes. The lesson here is to pick your favorite, but to try others if you are not successful in your searches.

You want to be sure that you only connect two devices if they have the same electrical signalling specifications. TTL signals are from 0v to +5v, while RS-232 signals are -12v to +12v. If you connect a TTL device to an RS232 device, you may not damage the RS232 port, but you will most likely 'let the smoke out' of the TTL interface chip (e.g. permanently damage it).

Now, it IS possible to connect a TTL device to an RS232 device, using an interface (electrical) level converter between them, but you cannot do it with a simple cable or adapter.

Once you know that your two interfaces are electrically compatible, just make a wiring diagram for your cable or adapter. List one connector on the left side of the page, and the other on the right side. Include which devices are being connected, as well as the connector type and gender, so you can identify this wiring diagram easily if you need it again in the future.

DCE and DTE were defined 'in the old days', but it was a 'draft specification'. It was an attempt to make things interchangeable. But it wasn't something which culd be enforced, so there are manufacturers that picked the 'less intuitive' option when designing their devices. As a result, they stack the odds against us if we are just guessing. So, when you find the pinout descriptions for the signals, you could 'bet' that TXD (Transmit Data) is an output, and RXD is an input. But, if you're using a less-popular/smaller manufacturers device, you may be disappointed. That's why I test the pinouts after I know where the Signal ('Reference') Ground pin is located. You should try to test your ports as well, whether you use a voltmeter, or a signal tester.

I usually list the pin numbers sequentially (with 1 at the top), and I also add the signal name, and the 'direction' of the signal. If the signal is an output, I use an arrow that points away from the number. An input will point at the number. The reference ground signal will not have an arrow. (You can see an example of this on my Signals page.) You can even use this format in simple text files or email, like so...
Cisco AUX         Cyclades ACS
RJ45-M RJ45-M
1 RTS --> <-- RTS 1 2 DTR --> <-- DTR 2 3 TD --> <-- TD 3 4 GND --- --- GND 4
5 gnd* <- --> CTS 5
6 RD <-- --> RD 6
7 DSR <-- --> DCD 7
8 CTS <-- --> DSR 8
You can now start drawing the lines that connect 'complimentary' signals, but I find that all of the crossing lines are difficult to read. Instead, I draw a second version, where I draw the signal straight across from the left side to the right side, and I put the appropriate number in the 'right-hand column'. It makes it easier for my eyes to follow. It would look like this...
Cisco AUX         Cyclades ACS
RJ45-M RJ45-M
1 RTS --> --> CTS 5
2 DTR --> --> DSR 8
3 TD --> --> RD 6
4 GND ---+-- --- GND 4
5 gnd* <-' nc -> DCD 7
6 RD <-- <-- TD 3 7 DSR <-- <-- DTR 2
8 CTS <-- <-- RTS 1
This gives you a chance to count all of the pins on the right side. Is there one of each number? It also lets you see the 'odd' connections. In this case, the Cisco side needs to loop pin 4 to pin 5 (it's a switch in legacy products that tells the interface to be RS232. Without that input, the hardware doesn't use RS232 signalling.) Since the Cisco doesn't have a DCD output, the input on the Cyclades would not be connected. You can program the Cyclades to ignore the state of the DCD input. By diagraming the cable or adapter like this, it's a visual reminder that you need to check whether the device cares about an input which will NOT be connected.

I also find it's helpful to have a reference illustration for the pinouts of my connectors handy, when it's finally time to make the adapter or cable. You can find illustrations on the web, but you can find the cmmon connectors used for RS232 connections on my Signals page. Scroll to the buttom of the page for the DB and DE connectors. You can find a more verbose collection of basic RS232 clues and signal information on my Minor Scroll of Console Knowledge.

-Z-

20070321

Kick-off post

I've put the project of adding a log to my Console pages (http://www.conserver.com/consoles/) for too long. This seems like a good way to get started with blogging without any more delays.

My plan is to post tips and ideas, and ring to light some of the unusual problems I find while helping set up secure, remote access to serial consoles. I hope the site will become a supplement to the guides and the testing I do on the regular site, and I welcome questions and comments on the topics that I post.

Regards. -Z-