Something went wrong. That’s the message that billions of users saw last week when the world’s largest social media giant went dark for hours.
What could’ve just seemed like a minor inconvenience for everyone that likes to scroll through social media for a few minutes during the day, actually had much larger repercussions. Enterprises use these platforms to stay connected. Advertising is one of the biggest draws. The outage affected the more than 10 million brands and businesses who use the platform to promote their products. Organizations using the tech titan’s advertising services reported their sales dropping between 30% to 70%, compared to the same period a week earlier.1
Network outages aren’t uncommon, but what caused this disruption and how could it have been prevented?
The outage was triggered by a system that manages their global backbone routers that coordinate network traffic between their data centers. It connects all its computing facilities together. As you can imagine, this consists of thousands of miles of fiber optic cables all over the world. During a routine maintenance job, a faulty configuration change occurred. A command was issued which caused a complete disconnection between their servers, data centers and the internet… that sounds bad, but it gets worse.
This faulty configuration change also blocked the ability of devices and employees to communicate, creating a cascade of network failures. Their BGP routes for DNS nameservers were withdrawn making it seem like their domains didn’t exist although those servers were still operational. This resulted with internet traffic not being able to resolve URLs or making routing decisions. This still sounds bad… and it still gets worse.
The tech titan’s data centers couldn’t be accessed because their networks were down. Their loss of all DNS broke the internal systems and many of the tools they’d use to try remediate the outage. Having their primary and Out-of-Band networks down, engineers were sent onsite to debug the issue, but like many employees of the social media giant, the disruption also caused them to be locked out of all buildings. Then once they were in, there’s many security layers that make it difficult to modify hardware, even once they can be accessed physically.
After 6 hours and about $100 million in revenue lost, the social media giant was back online, but this outage could’ve been resolved a lot quicker with the Opengear2.
When a disruption occurs, engineers need remote visibility of their entire network. Not being able to log on or be able to even badge into their buildings was a major challenge. This could’ve been overcome by using an Opengear device with Smart Out-of-Band and Failover to Cellular.
Providing continued internet connectivity for remote LANs and equipment using highspeed 4G LTE once the primary link is unavailable, Failover to Cellular automatically activates a secondary connection. This re-establishes inbound and outbound network access without manual intervention. Once failover is enabled, Opengear devices are able to detect failures sending ICMP ping requests from the primary network interface to a primary and secondary address remotely. If these requests fail, the primary connection has also been deemed as having failed. When the primary connection’s been restored, the devices automatically fail forward and resume normal operations. In this case, restoring access to devices and BGP routes.
The Opengear Network Resilience platform could’ve been leveraged to back up device configuration files prior to making network changes. This would’ve enabled the social media giant the ability to restore the known, good configuration files immediately upon discovering the change had caused the outage. Pushing the saved configuration files from the Opengear device back to the affected equipment would have restored the network quickly.
They’d have another set of tools, on a separate network, to remediate the issue. Having this immediate access would’ve significantly shortened the duration of the outage. The Network Resilience Platform is based on presence and proximity of a NetOps or Smart Out-of-Band console server at every location and is centrally orchestrated through Lighthouse software. Providing an independent management plane, organizations have secure, remote access to all their devices, even during an outage. Engineers can remotely identify and remediate issues.
It can be good to make the headlines, but not for something like this. A resilient network means your customers are always connected. Learn how we can help keep your network up and running because, Opengear means business.
Next in our Road to Resilience webinar series is “The New Age of NetOps”, hosted by Roy Chua, Principal at AvidThink, and joining him was Jason Gooley, Technical Evangelist at CISCO, AJ Murray, Senior Network Engineer at Red River and Dan Baxter, Senior Sales Engineer at Opengear. The panel discussed the changing responsibilities of the network engineer and the role that NetOps has played in this evolution. Below are some of the key takeaways:
The road to resiliency is a difficult path to tread, with networks becoming more complex and harder to manage. A key approach to simplifying network management is adopting NetOps, which Jason succinctly described as the streamlining of operations via value-adding technologies such as automation, with AJ concurring and stating that it’s the marriage of the technology with the business.
Roy gave an overview of the research study by Opengear of network engineers, architects and managers, which found that NetOps is rising in popularity, with 87% of organisations acknowledging increased investment in the past two years. NetOps however has implications for both network and business culture, and delving into these trends is crucial for organisations to truly understand how the approach differs.
Network engineers have historically been viewed as the saviours when something goes wrong in an organisation. The culture around saving the day means that one professional is viewed as the keeper of the keys and steps in when a fault occurs. Roy asked the panel about how NetOps is changing this culture. AJ said that NetOps is enabling more engineers to be daily heroes by saving time for the organisation with automation, and Dan agreed, stating the benefits of removing the dependency on a single hero and covering why this allows others to apply their skills. One such example of automation is management of devices to ensure the manual method of logging in to each device can be avoided. The panel agreed that there’s now more opportunities to save the day in more ways for more people.
Much of the fear around increased use of automation under a NetOps approach is the reduction of responsibility for network engineers in this new culture. If everything is automated, Roy asked the panel as to whether they are a redundant entity. They collectively agreed that this isn’t the case. Dan said that automation actually frees up the time for network engineers to reskill or upskill in other areas of the business, and focus on critical thinking areas where they are better suited. Virtualisation and the move to the cloud previously opened up new job opportunities for skilled professionals, and automation will provide the same in the networking world.
Jason also explained how many engineers are also fearful of NetOps and automation due to a potential lack of understanding of this new approach. Jason said that starting small is the key here, even if it’s something as simple as using a Raspberry Pi at home for them to gain experience in that environment, and will help them make the shift from network engineers to network developers. This also plays into the development of new skills for those in the industry.
Relying on external support such as the technical expertise of Opengear and the helpful engineer community will be key for professionals when adopting NetOps. Dan explained that for young network engineers entering the business, collaboration will be crucial, and the onus will be on leaders to ensure they learn from every aspect of the organisation. The panel agreed that a NetOps culture is more than just integration of new solutions; it’s a mindset among the professionals that work within it. Taking these considerations into account will ensure effective integration of NetOps and enable a smoother journey on the road to resilience.
Missed the live stream of the webinar? Be sure to check out the video here for the full rundown.
The transition to 4G is underway, bringing with it faster download speeds, increased reliability – and among many other things, the sunset of 3G devices.
So, what does sunsetting 3G actually mean? This means that carriers, like AT&T, Verizon and T-Mobile, will be shutting off the cellular infrastructure, needed to operative devices that’s based on that network’s technology. Once it’s turned off, devices will no longer draw a connection to that network. Since there are limited amounts of spectrum available to carriers, sunsetting old infrastructure makes room for new technologies and frees up bandwidth for faster, 4G and 5G signals.
As carriers migrate to newer, faster 4G LTE networks, that gradual end of 3G support has begun. As the slower, outdated networks are phased out and new towers are built, all 3G powered equipment, not matter who the manufacturer is, will become less reliable – causing connectivity issues and eventually will no longer work at all.
Since the turndown has begun and with carriers already committing to no new 3G activations, the time to migrate is now. To avoid any service interruptions, enterprises should begin to transition at least 6-12 months out from the sunset date, which varies from carrier to carrier.
Don’t get left behind, it’s time to trade up to Opengear 4G devices. Replacing your legacy units with our smart solutions, let’s you leverage the latest cellular technologies and ensure a resilient network with carrier-certified units.
Opengear appliances are specifically engineered to provide cellular Out-of-Band capabilities. They are purpose-built from individual components, uniquely providing Smart Out-of-Band with an integrated 4G LTE cellular capability that has been certified by the carrier as a complete end device.
Most competitors use a pre-packaged cellular board, like a SocketModem™ – that were never designed to support critical infrastructure. Better suited for ad-hoc installations and small projects, these aren’t truly integrated into the end device. This decreases speeds and makes services unreliable. The carrier may certify the module from the original manufacturer but won’t test the performance of the overall Out-of-Band device.
Limitations of certified, pre-packaged cellular solutions:
Opengear carrier-certified capabilities:
All this, means that our investment in certifications from each wireless carrier lets you know that you’re deploying reliable and secure solutions on your network. Choosing our carrier-certified console servers reduces uncertainty during deployment, with a single point of connection for and cellular-related issues.
Devices from the Network Resilience Platform also allows you to:
Learn more about upgrading your Opengear legacy devices before the full 3G sunset and how you can earn with our trade-in program.
Most enterprises understand that they need to ensure maximum uptime, but they don’t exactly know how to go about doing it. The answer, is deploying a Smart Out-of-Band network.
There are two primary ways for an organization to manage their network, In-Band or Out-of-Band, but first, let’s talk about planes. Networks have three planes – data, control and management. It’s how packets travel to, from and through a device.
In-Band management is when devices are managed through protocols such as telnet or SSH connection to a router or by using some kind of SNMP based tools. Data, production and management traffic use the same path for communicating various elements and having the management and data planes combined poses a large issue. When an outage occurs, without an alternative path to the primary network, engineering teams are locked out of the management plane. This means the reliability of the network is reduced and devices can’t be accessed until the issue is remediated.
Out-of-Band management provides an alternative method to securely connect to remote equipment during an outage. A secondary, secure access path, it creates an always on independent management plane that provides reliable access to monitor and manage infrastructure. Network engineers can then lock down the most critical functions on the production network to prevent access from other users.
Placing a console server in each rack provides the necessary physical presence at the site with direct proximity to the IT infrastructure, creating a secure network. This type of capability has become critical for engineers as remote sites are deployed – but how do you choose a console server?
When choosing a console server, it’s critical to evaluate your enterprise’s needs – however there’s some features that are needed across the board.
Looking for a console server? View our product selector to find the perfect match for your network environment.
FIND A CONSOLE SERVER
Enterprise needs are constantly changing and they need a scalable solution that will meet their growing demands. Engineers need a console server that has all the capabilities we discussed.
Don’t manage your network with your network: Make sure you have a device that provides Out-of-Band management. Providing an independent management plane, you don’t have to rely on your network to get access to your network. If you do, you’re doing it wrong. There’s a much easier way
Out-of-Band Interfaces: You need an Out-of-Band interface that gives you options around cellular. You need the ability to not have your public interface up and available at all times. When console servers have the cellular option, they have a public IP address and so you can get there at any time, however this also means anyone can see it. You need a console server that has the ability to automate the interface based on internal connectivity tests and provide the ability to manually control it as well, access can bee SMS based or from a trusted phone list
Power Management: Console servers with a managed devices configuration, allows you to correlate a serial port to the specific power outlet you need. This enables you to power cycle the device right from the serial session, the process is more seamless. The console server is the facilitator of all of the connectivity and you don’t have to interact with the device at all to make it happen. The console server provides the connectivity. Engineers don’t have to go to a console server first to connect to the product or go to the GUI to turn off the power, some managed devices pull this all into one feature so engineers can can stay inside the device and do what they need to do
Control Access: You need a console server that has a firewall, enabling you to restrict access. If someone hacks into the network, you need the ability to fix it remotely and securely. Engineers want a device that can be used as a jump post where they can connect into the console server and log into a Linux device to the remote network. They can then ping to to test connectivity and SSH to the box that’s located at the remote site. Also they can get access to web interfaces, if they have a centralized management software with an IP access feature, they can get direct GUI access on the remote LAN or port forward on the console server. Connecting to the console server first and then doing a TCP dump, allows you to grab sniffer traces to gather information and troubleshoot at the remote location, eliminating the need for a truck roll. You don’t have to go on-site, or call a non-technical person and walk them through what to do
The Opengear Network Resilience Platform has a full range of console servers and is based on Lighthouse Management Software. All devices are configured with Smart Out-of-Band, standard in each appliance.
Smart Out-of-Band by Opengear raises secure remote access to a new level. It goes beyond traditional Out-of-Band management by enabling secure monitoring, access and management, from anywhere. When paired with Failover to Cellular, enterprises have enough bandwidth to run critical business processes while remediating the issue. It is built in to every device in the Opengear Network Resilience Platform and provides enterprises with uninterrupted availability, even during network disruptions.
Architected to meet network resilience needs, Smart Out-of-Band:
Smart Out-of-Band allows engineers to access equipment remotely with automated management and support capabilities. Customized rules and policies allow the Opengear device to automatically detect and remediate issues as they occur while providing enterprise grade security during an outage. It’s beneficial for Day One deployments, SD-WAN and every day device management. Learn more about the range of Smart Out-of-Band console servers.
Out-of-Band management gives you both presence and proximity to your critical devices. That’s the secure foundation you need to add NetOps into the fold.
Today, there is a growing awareness of NetOps across the business and IT worlds. Larger enterprises may have set up NetOps teams in the same way they have for DevOps teams. However, there’s little understanding of what NetOps actually means across many organizations.
Organizations won’t be shifting their existing network engineering team wholesale into that role. More than likely they’d be adding another layer, charging the network engineering team to focus on the day to day work, and commissioning a NetOps team to look at the orchestration and the automation of it. This represents a major investment, so this is why it’s more likely that larger companies are considering it at the moment. It also represents a big change for network engineers in terms of the skillsets they need. For years the badge of honor has been being a certified engineer and CCIE (Cisco Certified Internetwork Expert) or a CCNA (Cisco Certified Network Associate).
Although those certifications are still valuable for NetOps, there is a whole additional skillset that engineers need to train themselves on. For example, they’ll need to be able to program in Python and be able to understand how Docker containers work. They’ll also have to be able to deploy commonly-used toolsets like Chef, Puppet and Ansible.
This evolution of the role of the network engineer is all part of an ongoing process, through which network management is becoming increasingly automated. Linked to that is the rise of the independent management plane, which as we’ve discussed, helps network engineers provide organizations with secure remote access to their network today. This approach also delivers network set-up and configuration, ongoing day to day management and network remediation when something goes wrong. At the same time, it’s helping to fuel the move to NetOps automation, as a smart Out-of-Band network can now also be used to run these standard automation tools
Most important of all, it helps keep the network up and running and keeps costly network downtime to a minimum. Outages causes organizations to lose money and also impacts their reputation. The independent management plane together with NetOps automation helps reduce this threat and ensure business continuity. At a time when most businesses are focused on doing more with less, that’s absolutely key.
We’ve already discussed that Out-of-Band plays a critical role in NetOps automation, but today we’ll really get into how the two work together. (Read Part 1 Here)
NetOps is, in part, an evolution of DevOps. It’s a mindset that fosters communication, collaboration, integration and automation among software developers and operational IT teams. Today, we are seeing DevOps tools increasingly applied to networking. This has created a NetOps approach to building and maintaining a reliable infrastructure to support evolving demands.
One approach to introducing NetOps into an enterprise is to layer it into an existing system. This adds functionality and flexibility to a familiar component of the infrastructure. An independent management plane, like Out-of-Band, already provides presence and proximity to critical network devices, so it’s well-placed to bring NetOps automation to your network. It’s there on Day One, enabling the deployment process to be managed via a centralized management software and ensuring network equipment can effectively self-configure.
It’s also there for the standard day-to-day process of keeping the network running. Out-of-Band provides an alternative route to remediate the network when it’s down. The separate management plane is the facilitator, giving engineers the infrastructure to make use of NetOps today and in the future, whatever the approach evolves into over time.
These tools and capabilities are already changing the nature of the network engineer’s role. Engineers have traditionally followed a manual process with most of their time working on the command line interface (CLI) typing in a range of esoteric commands. Over time, that shifted to engineers wanting to use a graphical user interface (GUI) – a more intuitive approach which doesn’t require the learning of specific commands. To fully automate their approach, they’re increasingly using NetOps.
NetOps has become so prevalent because of the growing complexity of modern IT networks. Most enterprises have more distributed networks than before. This has caused the network engineer role to evolve.
Organizations need a more automated approach to networking which NetOps has provided, reducing a lot of the repetitive applications and routines that engineers would typically have had to run through previously. Most companies would expect an engineer to log in, run through five or six routines to work out what was happening and then remediate the problem if an outage occurs, but with NetOps, remediation is a lot easier.
NetOps can automate that entire procedure so that when that event happens, the system automatically runs through those five or six steps. If that resolves the problem, all well and good. If not, the issue is escalated to the network engineer to handle the next level of troubleshooting. This simplifies the process while also removing human error because so many downtime incidents are caused by someone pushing a wrong configuration, or typing in the wrong letters when they are sending commands. By using a NetOps approach to correctly program an automation routine, an enterprise can effectively reduce these challenges.
NetOps is concerned with automation and reducing human error. With so many new data centers, and more network locations moving out to the edge, there are not enough engineers available to comprehensively staff and support all these sites. Businesses can use NetOps tools to concentrate their resources at a Network Operations Center with ‘follow the sun’ support regardless of time zone, rather than having to find resources to staff each and every site. This saves time and money.
In Part 3 of our blog series we’ll discuss how an independent management plane and NetOps reduces downtime.
The needs of an enterprise are constantly evolving, which creates a continuous demand on the network. The solution to support those current and emerging requirements is an independent management plane, also known as an Out-of-Band network. It provides an organization with many remote capabilities – a necessity when dealing with current travel restrictions, staffing shortages and the increase of distributed sites. In this blog series, we’ll discuss how Out-of-Band management is the first step when creating a resilient network – and once you’ve got that, how simple it is to introduce NetOps into your enterprise. Flexibility and functionality are able to be added in by just layering it onto an existing solution, like Out-of-Band, but we’ll get to that later.
Let’s start by talking about current network architectures. The way many networks are setup assumes that an organization relies on its production network to manage that same network – and this isn’t a great idea. It’s dangerous because when an issue occurs, most times, an engineer won’t have access to that production network, disabling them from accessing critical devices and interrupting business operations.
To keep the network running at all times and reduce downtime as much as possible, a separate, secure management plane is key. An Out-of-Band network provides engineers with a secondary way to securely connect to the network during an outage. This enables them troubleshoot and remediate any issues remotely, while also providing the ability to complete many other every day device management tasks. During a disruption, Out-of-Band is your safety net.
When network issues occur, most times, the Internet is still available but it can be impossible to use because the amount of congestion. When this happens, enterprises often make the mistake of pushing the configuration point to a network device. This actually slows down the network. The sheer volume of traffic flowing through it makes it even more difficult for a network engineer to access the relevant device, go in via the production network and fix it. Out-of-Band solves that problem by providing always on access to the network via a separate management plane.
Not only does this allow engineers to remediate the issue without having to step on site or interfere with business operations, it also improves security. It gives administrators the ability to lock down features in the production network. For example, only allowing team members with certain credentials to push a configuration.
This particular feature is helpful because as we know, in most organizations, there are lot of individuals in an IT department that have access to the main production network. Anyone who has IT credentials has a reason to access it. This is just one of the many reasons why it’s important to set the network aside for engineers only. They have specific tasks to do that nobody else from the team would be qualified to complete, like configuring devices. In general, that is a task that organizations would typically not want anyone else from the IT team, or a third party contractor to do because one push of the wrong button can take down the entire network and cost thousands of hours in downtime. Rather than everybody using the same production network, an enterprise can set up an independent management plane for the sole for use of its network engineers.
Having this capability is just one of the many reasons why we call Out-of-Band, the network for network engineers. It provides them with the ability to configure devices, manage the network and automate common NetOps processes. It addresses most of their network management challenges while also anticipating future ones. Their networks are prepared for today’s requirements and to meet tomorrow’s demands. One capability that many organizations are integrating into their networking approach is automation. For many, this is adding in NetOps capabilities.
Out-of-Band plays a key role in NetOps automation. But what actually is NetOps? It stands for ‘network operations’ but that doesn’t paint the full picture. Stay tuned for Part 2, where we discuss entering the world of NetOps and how Out-of-Band can help.
Zero Touch Provisioning allows network administrators to automate repetitive tasks, reduce human touchpoints and minimize errors. For enterprises with any significant deployment, ZTP is scalable and allows engineering teams to streamline processes using automation, and leverage staff as effectively as possible.
Traditional deployments are a very manual process. They are time consuming, costly and error prone. We call it the “rinse and repeat” method. An engineer may have to go on site, log into a single unit through the CLI and configure the device for basic operation. All of this has to be done before the process of configuration can be completed from the central management system. It makes you think, there’s got to be an easier way – and there is.
Zero Touch Provisioning combines automation and provisioning capabilities to do most of the heavy lifting during deployment. This solution simplifies the provisioning and configuration of devices with a process that can be completed in a matter of hours, instead of days. For enterprises who don’t have the IT staff to send on site, or are limited by travel restrictions, ZTP ensures devices can for the most be part be set up remotely, without the need for a highly technical engineer on site. And for those in the healthcare, financial services and retail industries with many new sites to constantly get up and running, this automation can enable faster deployment across wider geographies.
ZTP has many benefits. These include:
The basis of Zero Touch Provisioning is automation. ZTP of managed devices using an Opengear appliance involves an integrated DCHP server and the Secure Provisioning Module of Lighthouse. This allows engineers to completely automate the provisioning process on Day One remotely. The device is sent to the remote site without any configurations other than the Lighthouse address. The Opengear is configured to recognize the managed devices and provide them with the appropriate operating system image and configuration files.
Before being shipped, each Opengear appliance is preconfigured for 4G LTE network connectivity so that once it arrives at the remote site it can securely connect to Lighthouse. The appliance is shipped, racked and stacked. After the appliance has been powered up, the embedded TPM 2.0 chip performs an integrity test to ensure the device hasn’t been tampered with during shipping. The device then creates a WAN bootstrap network to form an independent Out-of-Band network between the remote site and central operations. It receives a provisioning bundle based off of the devices that need to be provisioned. The network admin then remotely prepares the operating system images and configuration files in Lighthouse while the remote tech cables up the managed devices. Opengear’s distribution policy ensures the correct configuration files are delivered to each device.
For engineering teams dealing with travel restrictions, lack of staff and trying to meet enterprise network demands, Opengear’s smart solutions will provide you with the capabilities to automate most of your processes, all from the comfort of your own home. To learn more about ZTP with Opengear, visit our NetOps Automation Page.
This past year has led to a new range of considerations for the network industry. The COVID-19 pandemic and its impact around the world has created a large move towards remote working. This rapidly shifting landscape has left many business scrambling, putting new technology and practices into place to ensure they aren’t left behind.
As life suddenly became remote, technologies that many enterprises were just beginning to implement or consider were moved to the forefront. Travel restrictions left many engineering teams figuring out how to complete Day One Provisioning, troubleshoot, increase security and complete every day device management from their homes. Major themes that we saw emerge to meet demands were automation, increased reliance on VPNs, more remote deployments and leveraging the cloud. 2021 is set to be a transformative period for network management. The Opengear team shares their thoughts on what may happen this year.
Enterprises have seen great challenges this year, which in large part is due to COVID-19. Now, network teams work remotely. Many are not able to travel and when they do sometimes they can’t even get into the building. This has created a need to find creative ways to collaborate and work together to bring up new sites, which is a necessity since new deployments are critical to stay competitive in the market place. This is where secure, remote access comes into play.
Those that have it are glad that they do and those that don’t wish they did. CIO’s will budget for these types of solutions that will prepare them for the next “event.” There will also be huge investments in digital transformation, including network resilience solutions. These will include secure remote access, disaster recovery and most importantly, hyper-automation. It is the whole idea that anything that can be automated in an organization should be automated. Legacy business processes need to be updated to improve efficiencies, speed, and business agility so they stay competitive and won’t get left behind.
While equipment and digital assets have long been protected with physical security measures, the move towards working from home will mean additional layers of virtual security will be needed to protect remote workers, such as intellectual property and double factor authentication measures, along with defenses against cyber-attacks.
SD-WAN will benefit from implementation with Secure Access Service Edge (SASE) to provide scalable security controls for remote work, which will help mitigate security risks. Improvements in security will also increase uptake of blockchain technology, with more industries looking to adopt this solution. Integration of automated processes will help to improve efficiencies, speed of processes and business agility. Leveraging automation will enable businesses to balance and secure the increase in remote connections. Doing so will also augment local IT staff for service recovery and daily routine tasks. At the core of this automation will be the need to enhance resilience across operations, enabling organizations to be ready for any external factors that may affect them in future.
The single biggest challenge this year has been the remote workforce and the numerous challenges it has brought to bear. Companies that had already invested in moving their environments into the Co-Lo or cloud were in a better position to ramp up to meet the demands of individual users logging on discretely. In light of this, enterprises are going to need to strengthen their network security.
The business world will never go back to the 2020 norm or pre-COVID-19 times. Many users will continue to work remotely and will want the ability to keep access to all their normal work environments regardless of location. However, as 2020 was spent getting people online and giving access, 2021 will need to migrate to security. With so many attacks these days, the cost to businesses is crippling. As the demand for remote access has ramped up, so has the need to add additional layers of virtual security. With the ever expanding security layers, a much more robust management layer will become a necessity, a management layer independent of the data and control layer.
In the past year, many technology adoptions have had to been made very quickly. The entire tech field has had to change and adapt to a new dynamic. Prior to COVID-19 the trend to move services and infrastructure to the Cloud or COLOs was well under way. That has accelerated that migration for end users and on the flip side meant providers have had to ramp up capacity. All of this now needs to be done by workers operating remotely. This means selecting the right remote meetings options, securing VPN access for an entire work force, expanding the capacity of secure portal access, and finding ways to build up infrastructure with limited remote hands. Businesses shifting to the cloud, and it is almost everyone, will be looking to take advantage of new cloud services such as AWS Network Firewall Services or those offered by services providers like IBM. It’s now no longer just about moving applications and services to the cloud, it’s about how you do it better, faster and more securely.
Organizations are going to need to strengthen their networks. Resilience is the key, with designed-in redundancy, multiple paths, and full WAN redundancy delivering the reliable network connectivity that is required for mission critical cloud services. The operations team need the ability to automate the remote provisioning of new equipment, upgrades and changes, and the often overlooked ability to re-provision the whole stack if something goes wrong. This particularly applies to servers, which provide critical local services, and may be running virtualized network functions (VNFs), a whole stack of software including the operating system, hypervisor, and virtual applications, all of which need managing, configuration and regular updates.
The pandemic has and will continue to push network engineers to increase edge build out, with a sustained focus on tools that allow remote diagnostics and troubleshooting. Many users will continue to be remote for a long time and getting data closer to them in region will become critical for continued business operations. This will make VPNs and end points of utmost importance. Users will be connecting to these sites and uptime is critical. To ensure work continues to get done, administrators will need tools in place to resolve issues remotely and efficiently. Redundancy is key to keeping networks up. Secondary connectivity, remote support tools and sustained throughput are keys to success for 2021.
Reliable, resilient, and self-remediating connectivity are more important than ever. With less physical access there is a need for more remote access resiliency. Organizations will require increased security for both physical and logical access to infrastructure. Hardware may be deployed in environments where physical access is difficult to manage, so devices will need HW tamper and stored data protection using TPM chips or a similar technology. Other technologies that will continue to increase in use are Zero Touch Provisioning and other automation tools, which have accelerated as a surge of users move from centralized site infrastructure to home based connections. This shift required deploying new equipment for VPN concentration, load balancing and remote backhaul bandwidth to on-prem resources. Organizations can leverage automation to help balance and secure the large increase in remote connections.
Although there are many things we’d like to forget about 2020, there are also many things that we’ve learned through adaptation that we take with us into the new year. It’s not a question of if enterprises will invest in IT, but where. From distributed cloud models to edge deployments and increasing the use of automation, organizations will be using new technologies for their evolving demands. To learn how Opengear can help with your digital transformation to increase network speed, improve efficiencies and ensure business agility, download our white paper, The Network For Network Engineers.
A Trusted Platform Module (TPM) chip is a secure crypto processor that provides hardware based, security related functions. Introduced in 2009, more than 2 billion of these chips have been embedded into a wide range of devices such as PCs, ATMs and most recently, in Opengear console servers.
These specialized TPM chips can be used with any major operating system. They are placed into end point devices and store critical data such as passwords, certificates and encryption keys. The encryption keys are specific to each host system for hardware authentication :
As travel restrictions remain in place and uncertainty grows due to the pandemic, enterprises must have the capabilities to securely deploy to a new location. Most times an organization will ship the devices and send a tech on site. In transit, boxes can be tampered with and even stolen. When something like that occurs, if there’s no TPM chip embedded, a lot of sensitive information is at risk. The NetOps Console Server solves that challenge.
The new Opengear NetOps Console Servers includes a TPM 2.0 chip, which consists of an encryption engine with secure memory. TPM technology has been common in laptops and server systems for a few years, but Opengear is one of the first vendors to include and use its capabilities in a network appliance.
For organizations deploying equipment to a new site, they aren’t always able to have technicians on site. The NetOps Console Server is a secure device, that can be sent to a new location, to manage Day One deployments with an embedded TPM 2.0 chip. This protects configuration files and prevents tampering.
When the device lands at the new site, it uses a 4G LTE secure connection to call home and enables the deployment process to be managed through our centralized management software. Up to date configuration and image files are pulled in while standard Docker containers and Python runtime environment allow automation procedures to run directly on the device.
TPM utilized in the NetOps Console server provides:
Learn more about how the NetOps Console Servers with embedded TPM 2.0 chips will ensure simple and secure Day One Deployments for your organization.
4G LTE Failover or Failover to Cellular (F2C) allows enterprises to efficiently change over to an always available connection when a disruption occurs on the primary, wired internet line. An outage scenario is inevitable. Those with distributed sites, like in the retail industry, are all too familiar with it. When a POS system stops working, organizations are faced with losing business and money, with the cost of downtime at $260,000 per hour. Not being able to process payments, customers will have to go elsewhere or an organization can take a riskier route and manually write down credit card numbers. This opens up a wide range of liability and non-PCI (Payment Card Industry) compliance.
However, if an enterprise has a Failover to Cellular solution in place, or equipment with this capability built in, they are ensured always on network connectivity. If the primary wired internet connection is lost, Failover to Cellular kicks in. Providing speed to keep the network running smoothly, and continued internet connectivity for remote LANs and equipment over 4G LTE, engineers are able to restore the WAN without the need of manual intervention or impacting normal operations. They are then able to automatically activate a secondary connection to reestablish in and outbound network access.
Working similar to the 4G LTE technology on a smart phone, this kind of connection allows enterprises to pay per unit of data. Ensuring a consistent monthly cost depending on the carrier chosen to use, it can be deployed by simply plugging the SIM card from the carrier into the networking equipment.
In Opengear devices, Failover To Cellular is built-in with the internal or external PSTN modems that can be used for this. Once it is enabled, the equipment is able to detect failures by sending ICMP ping requests from the network to a primary and secondary probe address remotely. If these requests fail, the primary connection has been reestablished and the devices automatically fail forward. Opengear devices have three operation modes.
This is the default mode when no failover scheme has been configured. Failover detection is disabled. Only inbound connections on the cellular interface are routed back out the cellular interface, to enable Out-of-Band access from remote networks, like through incoming SSH. Otherwise outbound network connections, like through a VPN client tunnel or SNMP alerts, are established according to the main static routing table, regardless of network state.
Failover detection is enabled on the primary interface. The secondary interface remains in a down state with no network configuration. When failover is initiated, the secondary network interface is started and configured. If a default route is installed on the secondary interfaces, it takes precedence over the default route on the failed primary interface. During failover, the outbound network traffic is established from the secondary connection.
This mode combines Always Up and Failover mode. Failover detection is enabled, however the secondary interface is kept in a dormant up state. Only inbound connections on the cellular interface are routed back out the cellular interface, to enable Out-of-Band access from remote networks.
When failover is initiated, the default route of the secondary interface takes precedence over the failed primary interface. Outbound network traffic is established out the secondary connection during failover.
There are many advantages to having Failover To Cellular. Providing remote access even when the WAN and LAN networks are down, engineers have the ability to quickly remediate the issue while having full network visibility. Failover To Cellular is a necessity for enterprises looking to ensure resilience and keep the network running at all times. To learn more about this technology, visit https://opengear.com/solution/failover-to-cellular.
Out-of-Band management provides enterprises with secure access to critical devices, even during a disruption. When was the last time you had an outage? Everyone’s gotten that call at 3 AM telling them that a server or a network device is down. Driving or even flying to a data center or remote site can be time consuming and expensive, with just one hour of downtime costing an average of $260,000 per hour. The site could be far and without the proper network visibility, they might not have what’s needed to remediate the problem. An Out-of-band network solves that challenge.
In-Band management involves managing network devices through protocols such as https, web browser, telenet or SSH, administering the network via the LAN. Data and control commands travel across the same network route which means it has the same security vulnerabilities as the data plane. If that occurs, engineers could be locked out of the management plane. When an organization relies on their production network to manage their everyday network, if a disruption occurs, critical devices can’t be accessed, which puts business at a standstill.
Many enterprises that aren’t using an Out-of-Band management system are reliant on Plain Old Telephone Service (POTS) lines. Cost and reliability are some of the main reasoning in moving from this solution because maintaining these copper lines for carriers is expensive. Since 2018, the major carriers are no longer installing or maintaining existing POTS lines. This means that services and maintenance prices, which are already costly, may increase. Any IT team that needs to maintain POTS lines is faced with expenses incurred from purchasing everything needed for onsite hardware. On average, it can cost between $50 and $100 a month for one POTS line, keep in mind, you’ll need two. These are just a few reasons why organizations are looking at alternate, more reliable solutions to provide network resilience.
Out-of-Band management provides a secure, remote connection to IT network environments during outages or disruptions in communications to the primary WAN/LAN connection. This is accomplished through the use of serial console servers (sometimes called terminal servers) which provide an alternate path of remediation for critical network devices through a separate management plane, often through a 4G LTE cellular connection. This ensures organizations with uninterrupted availability and network resilience. Implementing Out-of-Band management is simple, it’s done by placing console servers at each location and connecting them to routers, switches, and other key hardware.
Out-of-Band provides presence and proximity to these devices, with an appliance at every compute location, physically connected to critical network devices at the site. The independent management plane provides the core team with secure access to equipment remotely. This can be used for Day One, everyday management, and during network events. Remote equipment such as routers, switches, and servers are accessed through the management plane, without the need of directly accessing the device’s production IP address, also it is independent of the primary ISP connection that an organization uses. It is completely separate from the production network and allows engineers to monitor and manage devices without relying on the data plane.
So what are some other reasons why an enterprise would want an alternate way to access their equipment? There are a few reasons:
Security: Breaches are increasing, and a threat to organizations in every industry. If all of the administration or management ports are connected to the production network and an attack occurs, they can try to access your IT infrastructure. Whereas if the port is connected to an Out-of-Band management system, the LAN can’t access any administration consoles on that equipment. Since it separates the user and management traffic, engineers can lock down parts of the network, restrict access, and secure the management plane.
Business Continuity: If an incoming network feed is compromised – maybe a backhoe cuts it, and an organization’s ISP connection goes down – how do business functions continue without being impacted? Out-of-Band management ensures that a tech doesn’t need to be sent onsite and remediation can be done remotely. Combined with 4G LTE, enterprises have a secure, alternate access path and Failover to Cellular provides the bandwidth necessary to ensure processes continue to operate during a disruption.
Enterprises are constantly looking at IT teams to cut costs and still provide always-on network availability. The initial expenses incurred during the rollout of Out-of-Band management will pay for themselves once deployed. Organizations will have better availability, reliability, and dependability, all at a fraction of the cost of POTS lines.
So let’s go back to our original question, when you’re woken up with a phone call in the middle of the night, how are you addressing the issue? If you don’t have Out-of-Band, you’ll have to roll a truck, the cost of this is $1,000 or more per event.  This is costly and with current travel restrictions in place, getting on-site is even more time-consuming. Every minute the network is down, money is lost and there’s no business continuity.
Out-of-Band allows you to identify and remediate the issue remotely, reducing the need for a truck roll. The increased visibility and remote management capabilities will help make your life easier, without having to rely on antiquated modems. Allowing for configurations to uploaded remotely, powering cycling routers and resetting equipment engineers can do all necessary tasks from one central location. You need a network that is always on and constantly available, go here to learn how Opengear’s Smart Out-of-Band management can help.