When you buy a rack mounted unit that does this, it's sometimes called a terminal server. You can provide network to serial access, enable unique passwords on each device and create access lists. When I managed customer equipment, I used to require a DECserver and modem/phone line for last ditch access. In this case, I had firewall, switch, router and console access. Much of this kit is can be found used or see Vnetek. I understand Cisco also makes comparable product. You can pair this with virtual comm port driver, letting you drive these units from a central location.
Answer number 2, you need to put a business risk into supporting antique systems. Cost of replacement, downtime to find part vs lost business. Consider stocking in house pre staged replacement systems.