RW
The principles and practices of out-of-band network management have long been established as an effective way to reduce support costs and increase business continuity – In this article Robert Waldie, VP Business Development (UK & Europe) at Opengear, looks at how recent developments have seen traditional out-of-band management tools transformed into sophisticated devices that help to solve perennial problems in innovative new ways.
An out-of-band contingency plan once meant connecting a dial-up modem to the serial console port of the site’s primary router – for sites with multiple pieces of critical network infrastructure, an async serial terminal server was used to multiplex consoles behind a single port. These solutions were a crude, but effective method of allowing remote maintenance or outage remediation when there was no-one qualified close by.
The terminal servers of 10 years ago have evolved into today’s out-of-band console servers and remote monitoring and management (RMM) gateway devices, and do a lot more than remote access. Modern solutions are management platforms in their own right, integrating troubleshooting tools and capabilities including power outlet control. They function as virtual remote hands, aiming to provide remote operators with the same level of control as if they were physically present.
RS232 serial console ports pervade as a bullet-proof management channel during network outages. Many of these devices have also adopted support for other management interfaces, such as USB, and dedicated management LAN ports for IPMI lights-out-management cards.
Always-available remote access is still the cornerstone of any out-of-band solution, with one or more dedicated wired or wireless out-of-band interfaces commonly integrated to minimise points of failure. Following the lead of Opengear, many vendors now support military-spec FIPS 140-2 encryption and VPN to enable secure remote access over public IP networks.
Using continuous infrastructure status monitoring and alerting features, network admins get immediate email, SMS or SNMP notification when there is trouble brewing at remote sites. Being directly attached to critical network infrastructure console ports, the management devices couldn’t be better placed to detect the first signs of trouble. There is a growing trend towards interoperability with central monitoring and management systems – the devices act as distributed agents for Nagios, Solarwinds, and other, vendor-specific tools, to form the framework of an enterprise-wide system.
Legacy out-of-band solutions require available copper to serve remote access – now the ubiquity of cellular data networks has given rise to a new generation of cellular-enabled alternatives. With many sites moving to VOIP and fibre, the time and cost involved in provisioning a POTS line just for out-of-band may no longer make sense. It’s difficult to match the ease and speed of deployment of a cellular solution – insert the SIM and you’re most of the way there.
There are other advantages to cellular. Dial-up speeds are sufficient for a serial console session, enough to fix up a router misconfiguration, however graphical out-of-band management using RDP or vKVM are far more suited to the extra bandwidth of a 1 – 7 Mbp/s 3G connection.
Smartphones and tablets have ushered in an era of inexpensive cellular data. Costs can be further reduced with a management device that routes via the site’s primary Ethernet network, only bringing up cellular IP when network troubles are detected, or in response to an SMS command. Using a northbound VPN or reverse SSH tunnel gives you inbound access without having to pay extra for a public IP address. Devices pre-configured in this way can even be parachuted via courier into firewalled or offline sites for remote troubleshooting on demand.
The most advanced of the current generation include a run book automation (RBA) framework, to configure automatic, escalating remedial actions in the event of an outage. For example, if a router’s down – restore a known good running-config, then try power cycling – if it’s still down, alert an operator that human intervention is required.
The convergence of IT and operational technology (OT) such as building management systems, is now allowing RMM devices to monitor physical and environmental sensors, serve CCTV streams, and drive relays and alarms, so that remote operators maintain situational awareness and complete control of a remote site. These latest developments in particular illustrate how far the humble terminal server has come in solving the problem of not being there.