What is Smart Out-Of-Band Anyway?

diploma-1390785_960_720If you’re a regular reader of this blog or you’ve visited our shiny new website, you’ll be no doubt familiar with the term Smart Out-Of-Band (or SmartOOB™, #SmartOOB).  But what exactly does it mean?

Simply put, it means Opengear boxes aren’t “JBOC” (Just a Bunch of Consoles) that sit passively on your management network, ala a traditional serial terminal access server.

Opengear has the smarts built in to detect issues that may affect the availability of your network, and to respond by alerting operators with escalating alarms, proactively restoring network connectivity, or even bringing managed infrastructure back online.

From a technical perspective, Smart Out-Of-Band is powered by a suite of services running inside every Opengear appliance.

Connection Manager

When you’re managing infrastructure remotely, console access is contingent on remote network access – how do you reach the LAN when the WAN’s gone down?

Opengear appliances directly integrate multiple network technologies, such as dual fiber or gigabit Ethernet, Wi-Fi, PSTN modem and 4G LTE cellular, providing resilience through diversity and redundancy.

Connection Manager is the service that controls and monitors the health of each network connection.  When a connection is deemed to have failed, it can bring up and/or start routing via a secondary, failover connection – providing as-needed, least cost path remote access.

Advanced applications of conman include bringing up a VPN tunnel during failover, to automatically restore private management LAN routes over a public cellular WWAN.

Portmanager

The heart of any out-of-band management system is the ability to access low-level device consoles over the network, using standard protocols such as SSH, HTTPS and Telnet.  Portmanager is our purpose-built service that facilitates just this.

Unlike traditional serial terminal servers, Portmanager supports both RS-232 serial and USB connections to device consoles.  It can also virtualize COM ports over the network using RFC2217, for specialized and legacy applications.

Portmanager can be configured to log full console session transcripts to local or remote storage, for audit, forensics, and troubleshooting.  By default, it allows multiple, simultaneous sessions to a single console, and enforces user and group-level permissions via local or remote AAA.

A handy, inline escape menu lets you view logs, send a serial break and control power (more on this next!), from inside an active session.  portmanager also includes a number of bundled CLI tools, such as pmshell to launch the console chooser and pmusers to list and disconnect active user sessions.

In an earlier blog post I’ve highlighted some of the ways to access consoles via Portmanager, which you can try using our online demo.

Network UPS Tools & Powerman

While most people associate out-of-band management with network and perhaps server infrastructure, Opengear is also smart enough to manage power infrastructure from over 100 vendors. This allows PDU outlets to be powered off, on or cycled, and UPS online and battery status to be monitored.

Opengear communicates with supported power devices over serial, network or USB, with the open source packages Network UPS Tools and Powerman doing most of the heavy lifting.  We’ve also developed some driver scripts in-house – the curious can check out /etc/powerstrips.xml on any Opengear appliance or our online demo to see how it’s done under the hood.

There’s also this blog post covering some nifty power control tips and tricks, which (you guessed it) you can try for yourself with our online demo.

Auto-Response

The central cog of Smart Out-Of-Band, Auto-Response ties all the above services together, allowing you to create rules whereby events raised by one service trigger one or more actions by another.

This allows the whole to become more than the sum of its parts, e.g.:

  • When an unplugged console cable is detected, send an SNMP trap to the NOC  NMS; if it’s not plugged in after 30 minutes, send an SMS via the cellular  connection directly to an admin
  • When a ping test through a WAN accelerator fails, power cycle its connected PDU outlets to bring it back online
  • When the primary Ethernet network connection fails, start an IPsec tunnel via cellular to restore management network routes

And while there are many built-in event checks and actions, Auto-Response is also extensible via custom scripts – so you can make your out-of-band as smart as you like!