Containers are lightweight standalone software that ensure applications run quickly and efficiently on each computing environment. A form of software virtualization, a container can be used to run many things, this includes everything from software processes to microservices and large applications. They bundle everything an application needs to run; such as libraries, utilities and configuration files. They hold a kernel, a complete file system and the application itself which makes them portable. Previously, applications and workloads had to be rebuilt before being able to migrate to another environment. Containers solve this time-consuming challenge.
Creating and running containers necessitate three types of software:
There’s a variety of benefits when it comes to deploying containers, these include:
Organizations can use containers in multiple ways:
Although there are many platforms to perform the tasks above, for our NetOps Console servers, we choose to deploy Docker. An open source containerization platform, Docker provides a wide range of benefits, like ensuring software source code can be inspected and modified by anyone. It also allows for the development and delivery of software in packages, also known as containers. Each Docker container targets a specific application. This enables enterprises to build distributed applications while using processes they they’ve had in place. Applications can be shipped with necessary dependencies in one package enabling applications to run smoothly in any kind of environment. Docker allows developers to use whatever tools, stacks and environments they’d like, simplifying the roll out of applications across multiple systems.
One of the most frequent questions about Docker is how does it differ from a VM? In the past, VMs have really been the go to with cloud infrastructure. Acting similar to a computer, it is an isolated computing environment that’s created by taking resources from a machine. It makes it possible to run what appear to be many different computers on hardware, however it’s actually one just one computer. Docker containers are a more lightweight, economical and scalable alternative. Operating system support, security and portability are a few of their significant differences. All that containers need to run is just enough of an OS to support programs, libraries and system resources to run a specific program. This means that you can run more containers at a lower cost vs. traditional virtual machines.
Now to dive a little deeper into Docker and our NetOps Console Servers. Enterprises are becoming increasingly software oriented. This has increased the need for IT organizations to have the ability to build versatile applications that can run across multiple channels at the edge. Responsible for network infrastructure, NetOps teams must ensure uptime. A very dynamic role, their every day tasks could range from managing tickets to resolving any network issues that may occur. To properly manage all of that infrastructure, most times remotely, it’s critical that their network architectures are software-defined, application-aware and automated. Containers provide them with the ability to meet accelerated deployment and mobility demands. When building the NetOps Console servers, we took that need into consideration. That’s why it has an x86 platform that was specifically designed to run Docker containers, known as the industry standard, because they have everything needed for an application to run.
Opengear provides a platform which is dedicated to supporting containerized applications and can be used for management purposes. In many cases, NetOps teams have to ask for space in a production application server. This can cause many challenges due to multiple applications running on the same platform. The NetOps Console servers provide an always on management plane, that is there on day one and when things go wrong in the production network.
Check back in for other blogs in this series that discusses Trusted Platform Modules and continued network management success.
NetOps is a proactive approach to networking that uses automation and provisioning to modernize networks. Providing more flexibility, increasing speed and improving programmability, it is centered around making networks capable of supporting the rapid pace of DevOps initiatives. NetOps opens up a whole new world to engineering teams. It brings the edge of the network closer, provides the ability to analyze changes, connects systems to ports and a lot more. It does this by applying the consistent, basic themes of orchestration and automation.
Orchestration: Leveraging zero touch provisioning, configuration and assurance, orchestration enables end to end service management. It is the process of automatically programming the behavior of a network. Orchestration ensures that the network smoothly coordinates with all hardware and software elements to support all applications.
Automation: Manual network processes can delay the application teams’ ability to continuously deploy and update applications. NetOps provides the ability to automate predictable and repeatable tasks. This makes network configuration changes, data collection from nodes and other mundane tasks easy to do, from anywhere.
Opengear recognizes these emerging enterprise demands and these consistent NetOps themes. This has put our team on a three year journey into the world of automation. The end result? Opengear’s new Network Resilience platform, which includes our latest product, The NetOps Console Server (OM Series Appliance).. And that’s the focus of this article.
Entering The World Of NetOps Automation
The NetOps Console Server combines the capabilities of Smart Out-of-Band and the flexibility of NetOps automation, and is managed through our Lighthouse Software to extend your reach and provide visibility of the entire network.
Features that we think you’ll find helpful for your operations include:
We’re here to help you through your NetOps automation journey. Do you want to learn more about NetOps, automation and what it can do for your network? Keep an eye out for Part 2 of our 4 part series.
Throughout the world, everyone’s working lives have suddenly become remote and because of this, visibility has become increasingly important. Social distancing and remote working have now become the norm, and tasks that are critical to business continuity, like going on-site to remediate issues during a disruption or set up a new network, are no longer an option. Lighthouse Enterprise is here to alleviate those issues.
Lighthouse Enterprise already provides network engineers the ability to view and manage their entire network. Now our users are able to take advantage of our new Secure Provisioning Module. Enabling teams to automate the setup of entire remote networks, even when there’s no LAN or WAN in place, the module is a central point that enables the remediation of faults without making a trip out to a site.
Secure Provisioning extends these core capabilities of Smart Out-of-Band, beyond the maintenance and repair of existing networks, to the initial provision of new network routers, switches, firewalls and more. Remote and resilient, it takes the risk out of invasive WAN migration projects and forklift upgrades that have historically come at the expense of business continuity. Secure Provisioning enables an agile approach to network infrastructure management, in line with today’s rapidly evolving business requirements. It helps Ops teams move beyond the “fear culture” and embrace change.
Leveraging the remote presence and proximity of Opengear’s IM7200, ACM7000-L or node at the edge with a secure and resilient cellular uplink to Lighthouse at the core, it eliminates the need for network engineers to travel to remote sites, which it has already been connected to during pre-staging. Basic configuration tasks and pre-staging, which is already done remote, can now be all be done remotely.
Lighthouse Enterprise automatically pushes images, configuration, and script files to the device, which in turn provisions other hardware devices at the remote site. This completes the secure, zero-touch provisioning of local network infrastructure from a single appliance – and with no IT intervention required.
Built on best-practice DevOps tools like Git and Ansible, wrapped in an intuitive UI and powerful RESTful API, Secure Provisioning seamlessly integrates into existing operational workflows – no matter where your organization is on its network automation journey. Secure Provisioning extends the reach of Zero Touch Provisioning (ZTP), initially developed for rapid deployment in hyperscale data centers, to the very edge of your network. With support for all major network infrastructure vendors including Cisco, Arista, and Juniper, Secure Provisioning is a vendor-neutral solution that simplifies the delivery of initial configuration and software components to automatically bring network infrastructure online or back online.
The recent announcement of vulnerabilities within the Baseboard Management Controllers (BMCs) of Supermicro servers have shown us we need to ensure we are running a dedicated management network with Out-of-Band access.
Wired Magazine may have overstated the risk with their story “Supermicro Bug Could Let “Virtual USBs” Take Over Corporate Servers”, but it does highlight the importance of managing your infrastructure though a dedicated management plane to provide adequate security.
BMCs on the Supermicro X9, X10 and X11 platforms implement a key feature, virtual media, allowing administrators to attach devices such as USB and DVD drives. When accessed remotely, the service allows plaintext authentication, sends most traffic unencrypted and is susceptible to an authentication bypass. These issues allow an attacker to access the server, sometimes without needing any credentials at all. Once connected, hackers are able to attack the server as if they had physical access to a USB port.
If these devices were managed through an Opengear out-of-band network, restrictions could be put in place to provide secure access and keep your network safe via Smart Out-of-BandTM. Providing an alternate path to the network in the event of an outage, organizations are able to monitor, access and manage devices remotely. If a disruption is detected, automatically Smart Out-of-Band will detect and remediate the issue. Learn more about Opengear Console Servers and Remote IP backed by Lighthouse.
Opengear’s Lighthouse has reached another milestone. We now support all of the Big 3 cloud providers, adding AWS support in the latest release. With options for deploying all major Hypervisors and Amazon’s AWS, Microsoft’s Azure and and Google’s GCE you have options for how you deploy the smartest out-of-band management solution available today.
In addition to AWS support, Lighthouse 2019.Q3.0 introduces the ability to centrally manage backups for all of your connected Opengear Nodes as well as secure LDAP/S communication.
Find out all the details here and get your copy today.
Lighthouse software centralizes secure Smart Out-of-Band Management and NetOps automation through a single portal. It allows java-free remote access to Opengear console servers and third-party devices and is the engine that drives the NetOps Automation platform.
With SD-WAN and Edge Computing gaining adoption every day, we recognize the need for an out-of-band strategy that supports this. In fact, the importance of an out-of-band network and the alternative access pathway becomes even more critical. The increasing reliance on automation, rather than humans on site forces the approach of out-of-band networks to evolve to meet these new challenges.
We are taking this challenge head-on, and today with great pride, we are announcing the release of Lighthouse Enterprise.
The first two additional features in Lighthouse Enterprise highlight our commitment to providing solutions to solve that challenge.
1. Remote IP Access
Traditionally, out-of-band management has referred to the use of serial console ports on network devices to allow a human operator to access that device – often remotely – via CLI or a GUI, outside of the primary production network.
Increasingly, new network devices use alternative physical connections such as USB, ethernet, or fiber, which negates the use of traditional console servers. Additionally, with the adoption of NetOps workflows, there is no longer a human operator connecting to the device – in many cases it is an automated software system, which operates via IP protocols rather than through CLI or GUI.
The majority of Network Management Software is designed to use IP-based protocols (e.g. IPMI, SNMP, NETCONF, OpenConfig, Syslog, VPN) to reach network devices being managed over an always-on network infrastructure. If an edge location is offline, which is exactly when remediation action is needed, all network management tools are suddenly unable to access or to provide monitoring information. If you use a Log Management system for network health and security diagnostics, for example, it cannot continue to collect data if a remote site is disconnected.
To ensure a resilient network in these circumstances, the out-of-band network must now provide an alternate path with secure IP access to the remote site IP network, from a central location. LH Enterprise includes simple functionality to allow this remote IP access to occur through the platform.
2. High Availability
The new Multi-Instance Operation provides the ability to access nodes through multiple Lighthouse instances at the same time, allowing large enterprise users to maximize availability with redundant systems. It includes a rolling upgrade feature which ensures all instances are updated when the administrator upgrades the primary version; and allows up to 10 nodes to be configured.
We encourage you to reach out to your sales rep and ask to take these exciting new features for a test drive. We think you will love what you see.
WAN Edge continues to be a large focus for IT Professionals worldwide. Data is being consumed at an ever-increasing rate with Online Meetings, Video Presentations and SaaS software and services dominating knowledge workers’ days. The high cost of equipment and leased lines are prohibitive to IT budgets. Keeping up with the needs of a branch office in 2019 is difficult, and more importantly expensive, often forcing difficult decisions on everyday needs.
SD-WAN is quickly becoming the standard deployment for organizations worldwide for many reasons. One of its many benefits is that it helps combat inflated budgets and limited functionality in traditional WAN offerings. While these new offerings provide the ability to use commodity connectivity and include additional functionality at the Edge, they fail to deliver on a key feature that is required by IT departments, failsafe access in outage scenarios. Out-of-Band (OOB) options should be included in any branch office and data center build out. This has not been the case with early adoption of SD-WAN, as organizations are often led to believe it’s not necessarily needed.
Most SD-WAN solutions support service orchestration (mainly cloud-based) from the central controller, reducing human intervention so the end user has to do little, to nothing. The devices call home and the bootstrap, configuration and management processes are engaged automatically.
All of this however, relies on the SD-WAN working well. As the SD-WAN starts to waver and begins to fail you cannot always rely on the SD-WAN to fix its own problems. Under those circumstances it will likely lose communications with the central controller and go offline, and someone has to diagnose and/or replace appliances since the umbilical cord is cut.
SD-WAN nodes will occasionally go offline or struggle and there’s no inbuilt magic to stop it. The reasons may vary but an offline SD-WAN node is a big deal and it may happen through –
Often SD-WAN is sold as ultra-reliable because it supports bandwidth aggregation and traffic splitting over multiple disparate links (cable, xDSL, MPLS, fiber…) with flexible use-cases because it employs methods to prioritize traffic according to application latency. However, SD-WAN does introduce new limitations which include reduced access to supported hardware, difficult to configure advanced features, and varied access or no access to remote troubleshooting.
Opengear’s Smart Out-of-Band (Smart OOB™) manages and recovers SD-WAN nodes even when sites have or are beginning to fail. OOB enables remote setup, ongoing maintenance and disaster recovery of mission-critical IT, power and network infrastructure. By moving computation to the data – as opposed to moving data to the computation, businesses get unmatched speed and effectiveness in managing remote devices. You have options for understanding what happened in real time and getting productivity back without the added burden of having to be onsite.
No-one else has a feature-for-feature equivalent to Smart OOB appliances and centralized management through Lighthouse. Opengear offers site fail-over through cellular connected appliances, Remote System Access, Health and Telemetry monitoring, Remote Power Control, Auto-remediation through smart alerts and actions and SD-WAN appliance reconfiguration from local storage.
Opengear delivers improved resiliency for SD-WAN and for the rest of the edge network. We have become the safety blanket around the WAN Edge where virtualized customer premises equipment (vCPE) platforms or software-defined WAN (SD-WAN) software/appliances are set to boom and it’s the same comfort we provide to keeping traditional routers on-line.
For out-of-band deployments, enterprises are utilizing Lighthouse which allows network engineers to seamlessly connect and manage devices anywhere. Organizations are already seeing results from this software and to continue our commitment to customers, the Opengear team has decided to change our current Lighthouse model to Subscription Pricing.
So, why is Opengear changing our current model to this and what does it mean for you? Here’s what you should know.
This change will occur in January 2019. Owners of current licenses will be able to complete their existing term of maintenance to completion. No features will be disabled but unless they convert to subscription pricing they won’t be able to upgrade their Lighthouse instance. Current license owners are able to receive discounted subscription pricing when converting. Each license is sold as a one year term and to allow organizations to match hardware warranties or front load the cost in a capex style, organizations can purchase up to four one year licenses at a time. Each license will include access to software, updates and support for the duration of the term.
Opengear recognizes that organizations scale over time and they may need to purchase additional nodes. We have made it so that when more nodes are needed, they can be purchased in any amount. When this is done, a new license key will be created and customers will be able to seamlessly apply that to their Lighthouse instance.
Since 2004, Opengear has been providing solutions to customers allowing them to decrease deployment costs, reduce manual operations and guarantee repeatability. The Opengear team believes that by changing to a subscription-based pricing model we will be continuing our commitment to customers by providing new features faster and more efficiently. As we become a more software forward company, this change will allow our organization to exceed customers’ expectations with smart and resilient solutions.
In September, Opengear will be releasing a vendor-neutral NetOps Automation Platform that will significantly streamline network and infrastructure operations. This full-featured network automation solution will be used with Lighthouse to aggregate organization’s out-of-band infrastructure, enabling local and remote users to quickly access any connected console.
For more information about subscription sales or NetOps Automation, please reach out to your Opengear Sales Representative.