OPENGEAR BLOG

Stay up to date with the latest information on network security,
business continuity, and network availability.

Most enterprises understand that they need to ensure maximum uptime, but they don’t exactly know how to go about doing it. The answer, is deploying a Smart Out-of-Band network.

There are two primary ways for an organization to manage their network, In-Band or Out-of-Band, but first, let’s talk about planes. Networks have three planes – data, control and management. It’s how packets travel to, from and through a device.

  • The Data Plane: This consists of the components of infrastructure that carry user data. Its purpose is to facilitate the flow of data, for example, from a customer’s computer to a web server
  • The Control Plane: This carries signaling traffic. It refers to the functions and processes that determine which path to use when it’s routing data from one place to another. For example, it allows routers to take data from a customer’s computer to a web server by choosing a specific path
  • Management Plane: This configures, monitors and provide management services to each part of a network stack. These are parts of the router that are used to manage the device and dare compliant with standard protocols like SSH

In-Band and Out-of-Band

In-Band management is when devices are managed through protocols such as telnet or SSH connection to a router or by using some kind of SNMP based tools. Data, production and management traffic use the same path for communicating various elements and having the management and data planes combined poses a large issue. When an outage occurs, without an alternative path to the primary network, engineering teams are locked out of the management plane. This means the reliability of the network is reduced and devices can’t be accessed until the issue is remediated.

Out-of-Band management provides an alternative method to securely connect to remote equipment during an outage. A secondary, secure access path, it creates an always on independent management plane that provides reliable access to monitor and manage infrastructure. Network engineers can then lock down the most critical functions on the production network to prevent access from other users.

Choosing the Right Console Server

Placing a console server in each rack provides the necessary physical presence at the site with direct proximity to the IT infrastructure, creating a secure network. This type of capability has become critical for engineers as remote sites are deployed – but how do you choose a console server?

When choosing a console server, it’s critical to evaluate your enterprise’s needs – however there’s some features that are needed across the board.

  • Dual Power: This ensures the necessary always on access to remote network devices
  • Cellular: Failover to Cellular capabilities use 4G LTE so during an disruption, engineers have the bandwidth to access critical applications while remediating the issues.The cellular modem provided in some products provides an alternative to the ‘last mile’. The LTE bandwidth not only for remote access to determine root cause of an outage without rolling a truck or sending someone on site but is a path for remote site production network traffic.
  • Port Density: Console servers should take up as little space as possible in the rack but have the ability to manage all the equipment in it. Products with higher port density have the same physical footprint as other port models but engineers can cram another 48 ports in and it becomes much denser
  • Flexible I/O Options: More devices are deploying Ethernet and USB management ports, this let’s engineers get access to more than just serial connectivity
  • Central Management: The primary value of central management is that it’s a single portal where technicians can access their managed devices whether in or Out-of-Band
  • Carrier Certified: Some devices are marketed as being cellular certified. A cellular module may have gone through the certification process. But once it’s embedded, the certification isn’t automatically transferred to the full solution. The device needs to be tested again to ensure it works in conjunction with the cellular module and the testing process varies between carriers
  • Sensors: Console servers with environmental sensors provide temperature, smoke and humidity monitoring detection, with alerting solutions for managing changes in these environmental conditions

Looking for a console server? View our product selector to find the perfect match for your network environment.

FIND A CONSOLE SERVER

Best Practices

Enterprise needs are constantly changing and they need a scalable solution that will meet their growing demands. Engineers need a console server that has all the capabilities we discussed.

Don’t manage your network with your network: Make sure you have a device that provides Out-of-Band management. Providing an independent management plane,  you don’t have to rely on your network to get access to your network. If you do, you’re doing it wrong. There’s a much easier way

Out-of-Band Interfaces: You need an Out-of-Band interface that gives you options around cellular. You need the ability to not have your public interface up and available at all times. When console servers have the cellular option, they have a public IP address and so you can get there  at any time, however this also means anyone can see it. You need a console server that has the ability to automate the interface based on internal connectivity tests and provide the ability to manually control it as well, access can bee SMS based or from a trusted phone list

Power Management: Console servers with a managed devices configuration, allows you to correlate a serial port to the specific power outlet you need. This enables you to power cycle the device right from the serial session, the process is more seamless. The console server is the facilitator of all of the connectivity and you don’t have to interact with the device at all to make it happen. The console server provides the connectivity. Engineers don’t have to go to a console server first to connect to the product or go to the GUI to turn off  the power, some managed devices pull this all into one feature so engineers can can stay inside the device and do what they need to do

Control Access: You need a console server that has a firewall, enabling you to restrict access. If someone hacks into the network, you need the ability to fix it remotely and securely. Engineers want a device that can be used as a  jump post where they can connect into the console server and log into a Linux device to the remote network. They can then ping to to test connectivity and SSH to the box that’s located at the remote site. Also they can get access to web interfaces, if they have a centralized management software with an IP access feature, they can get direct GUI access on the remote LAN or port forward on the console server. Connecting to the console server first and then doing a TCP dump, allows you to grab sniffer traces to gather information and troubleshoot at the remote location, eliminating the need for a truck roll. You don’t have to go on-site, or call a non-technical person and walk them through what to do

The Purpose-Built Console Server

The Opengear Network Resilience Platform has a full range of console servers and is based on Lighthouse Management Software. All devices are configured with Smart Out-of-Band, standard in each appliance.

Smart Out-of-Band by Opengear raises secure remote access to a new level.  It goes beyond traditional Out-of-Band management by enabling secure monitoring, access and management, from anywhere. When paired with Failover to Cellular, enterprises have enough bandwidth to run critical business processes while remediating the issue. It is built in to every device in the Opengear Network Resilience Platform and provides enterprises with uninterrupted availability, even during network disruptions.

Architected to meet network resilience needs, Smart Out-of-Band:

  • Enables scalability, managing infrastructure at hundreds of sites
  • Operates independently of the in-band network, with Carrier-certified embedded cellular modems
  • Provides uninterrupted monitoring, AAA and alerting during remote WAN repair or provisioning
  • Drops into existing networks with Cisco, Juniper Aruba, Fortinet and more
  • With Lighthouse Enterprise centralized management software, creates a turnkey VPN solution
  • Sends advanced automated alerts via SMS and enables preemptive failover on environmental catastrophes

Smart Out-of-Band by Opengear

Smart Out-of-Band allows engineers to access equipment remotely with automated management and support capabilities. Customized rules and policies allow the Opengear device to automatically detect and remediate issues as they occur while providing enterprise grade security during an outage. It’s beneficial for Day One deployments, SD-WAN and every day device management. Learn more about the range of Smart Out-of-Band console servers.