APC vs TrippLite metered PDU's

Frederik Kriewitz frederik at kriewitz.eu
Wed Dec 2 10:25:28 UTC 2015


Hello Dovid,

we've been using APC devices (including PDUs) for a couple of years.

Occasionally the MGMT cards of the devices stop responding, we had to
manually reset them on site (Reset is possible without affecting the
devices, it won't toggle any relays). This has been a rare event
(~once every 10 years). Overall they are running stable.

You shouldn't expect any long time software/bug fix support either.
E.g. they didn't fix their SSL implementation when the POODLE attack
came up on various slightly older devices (the devices only support
SSLv3 so it's hard to use HTTPS nowadays). On older devices (first
generation) enabling HTTPS will make the interface become really slow
too (apparently due to CPU limitations). On the new MGMT cards (second
generation) they apparently added some crypto hardware offloading
chips to fix that.

Proper HTTPS support is the biggest issue we're still having with
them. In order to enable HTTPS on the webinterface you've to use their
"APC Security Wizard" to generate the key and get the CSR, once you
got it signed you've to use the Wizard again to import the
certificate, then upload the resulting file to the device. The Wizard
is only available for Windows and is a basic GUI application, there's
no easy automation possible. If you have a couple of 100 devices,
renewing certificates for them is a relay annoying task. Their
solution for this is to get a wildcard certificate and use the same
certificate on all devices.

Besides that there's no support for intermediate certificates which in
practice forces you to install any intermediate certificate on your
devices from which you're planning to access the webinterface.
This was first reported in 2007 and is still not fixed:
http://forums.apc.com/spaces/7/ups-management-devices-powerchute-software/forums/general/4567/ssl-intermediate-certificates-on-nmc

If you've a company policy which forces you to use proper
certificates, etc. for the webinterface using APC will be painful.
If you'll use the webinterface rarely and handle the switching, etc.
via SNMP you should be fine.

If you have any probelm try their their forum (Their normal ticketing
system support is really bad).

Best Regards,
Frederik Kriewitz

On Wed, Dec 2, 2015 at 12:57 AM, Craig Tomkow <ctomkow at gmail.com> wrote:
> APC PDUs have been good.  Their HTTPS interface moves like molasses iirc,
> but as long as you have some SNMP mgmt platform (APC struxureware for us),
> then you are good.



More information about the NANOG mailing list