Cellular Out-Of-Band Connections

Wireless Access to your IT Infrastructure from anywhere in the world
Managing distributed IT infrastructure is hard enough. Why make it more complex and expensive by having to buy, deploy and manage multi-vendor proprietary management tools? An integrated out-of-band management solution should be a flexible solution that deploys quickly, begins working immediately, is simple to use and manage, and integrates seamlessly with existing IT management systems.

The Opengear ACM5000 and IM4200-X2 families support internal and external cellular modems. These modems will need to be provisioned by the cellular carrier for a data plan. Once provisioned, the Opengear devices can than be configured to operate in variety of modes for cellular connectivity.

Our cellular enabled devices can answer out-of-band connections that are initiated remotely, or they can be configured to initiate the out bound connection from the remote site. Within each available modes available there are some options to include security such as IP Sec VPN and secure SSH tunneling.

Data plans are available from major carriers for as low as $5.00 per month.
M2M plans from major carriers offer private APN and pooled data plans that allow for secure remote wireless connectivity for as little as $5.00 per site, per month.

To reduce the complexity of public IP addressing our devices are also designed to utilize dynamic dns services and the ability to “call home” to our centralized management platform or SSH server when connected to a cellular carrier network.

Out-Of-Band Connections Initiated Remotely from IT Staff
Call outbound to your remote site over a cellular link 

Cellular Out of Band Connection Initiated from the Opengear device

Public IP Address
Opengear cellular devices can listen on the carrier network at both static and dynamic IP addresses. Some carriers offer a premium for a static IP address, while others offer no static IP’s at all. If your carrier provides a static IP address you can simply browse to the Opengear via the web interface and access all connected devices.

Dynamic DNS
With Dynamic DNS (DDNS) an advanced console server whose IP address is dynamically assigned (and that may change from time to time) can be located using a fixed host or domain name. The ACM500x, IMG4xxx and IM42xx products with Firmware 3.0.2 and later support DDNS. The first step in enabling DDNS is to create an account with the supported DDNS service provider of your choice. Supported DDNS providers include:

  • DyNS www.dyns.cx
  • dyndns.org www.dyndns.org
  • GNUDip gnudip.cheapnet.net
  • ODS www.ods.org
  • TZO www.tzo.com
  • 3322.org (Chinese provider) www.3322.org

Upon registering with the DDNS service provider, you will select a username and password, as well as a hostname that you will use as the DNS name. You can determine the intervals of when the remote cellular device updates the DDNS service with the carrier provided IP address. This allows IT staff to locate cellular connected devices at a consistent address.

Out-Of-Band Connections Initiated from Opengear Device
Automatic failover and recovery initiated by the remote site 

Cellular Out of Band Connection Initiated from the Opengear device

Failover Mode
The Opengear cellular connected devices can automatically establish a cellular out-of-band connection to the carrier network when the primary link is experiencing an outage. The mechanism to trigger a failover connection is activated when both the primary and secondary probe addresses fail to respond. The Opengear devices will automatically connect out bound in a failover scenario and automatically fail back to the primary link once service has been restored.

Once failover mode has been activated the cellular radio will be enabled, the device will log into the carrier network and then become available to access remotely. At this time you can use Public IP addresses, Dynamic DNS, or establish rules for the device to “call home”.

Call Home
All console servers with Firmware V3.2 and later, include the Call Home feature which initiates the setup of a secure SSH tunnel from the console server to a centralized CMS6100 or VCMS server (referred to herein as CMS- Centralized Monitoring System). The console server then registers as a call home “candidate” on the CMS – and once accepted there it becomes a Managed Console Server. The CMS will then monitor the Managed Console Server, and administrators can access the remote Managed Console Server, through the CMS. This access is available even when the remote console server is behind a third party firewall or has a private non-routable IP addresses, which is often the case when the console server is connected via a cellular modem connection.

Call Home to a generic central SSH server

If you are connecting to a generic SSH server (not a CMS/VCMS) you may configure advanced settings for listening SSH server ports and SSH user to authenticate on the central SSH server. By selecting Listening Server, you may create a Remote port forward from the central SSH server to the remote unit, or a local port forward from this unit to the Server.

3G IPSec connection to a centralized VPN security appliance
The Opengear cellular enabled devices support IPSec VPN’s which can be used to provide a secure connection between the remote site and centralized VPN security appliance. The remote Opengear device can be configured to use this IPSec VPN link while operating in-band and while operating in out-of-band mode the Opengear can rebuild this tunnel over the 3g cellular connection. This feature allows the remote site to retain a consistent address regardless of whether it uses the primary network connection or cellular out-of-band.

High Speed Wireless Connectivity
The ACM5004-G can be used as primary wireless network connectivity to assets at remote locations, or can be used as a backup to existing wired landline connections. Equipped with built-in failover capability, the ACM5004-G automatically switches from a primary wired connections to wireless mobile broadband network during primary service outages and automatically fails back without interruption to service.

Posted in Remote Management