Management Technologies

Kategorie: Opengear

Remote Network Management

Managing the mission-critical systems and networks in the modern central office or data center is complex. But managing this infrastructure when it's distributed remotely across unsecured public network connections introduces another layer of challenges. Remote management is not a new concept, but its adoption in recent years has increased rapidly as all businesses are faced with the imperative of reducing costs of management as well as downtime. Fortunately a new selection of infrastructure management technologies and tools has evolved to meet these needs.

In-band remote management

Computers and network devices are configured and controlled on a day to day basis using in-band management tools operating over the main production network. Some of these management tools used are provided as integrated functions of the operating platforms like Remote Desktop which has been available in all Windows operating systems since NT4. For other platforms, like Linux UNIX and Mac, there's Virtual Network Computing (VNC) which is available for most platforms.

Third parties also provide a wide range of remote management/remote control software solutions and the newer web portal products and services like WebEx that offer quality applications and systems level management solutions.

However from a business continuity standpoint, these in-band management systems all have a significant shortcoming in that they all connect over the operating network and run over the operating system ... so they fail exactly when they are most needed.

If the operating system is no longer running the in-band management application also no longer runs. If the network access is unavailable (due to some disruption in service or local misconfiguration) the in-band access will not work.

One solution is to ensure business continuity during outages and/or disasters by installing full network/server redundancy, and at the central office and major data center this is a viable solution. Another more cost effective solution is the creation of a new class of “out-of-band” management tools.

Out-of-band management

Unlike strictly IP-based in-band solutions, out-of-band tools provide a secondary path to the remote site and to the devices at those sites for use when the primary network is impaired. Additionally they may provide an alternate path to the host operating system or CPU so control can be reasserted when the device itself is not functioning. Most computer and network devices come standard out-of-band access ports, so they can still be accessed, reconfigured and recovered in event of failure of the normal in-band management methods (e.g. the operating system crashes, or a network connection fails).

Out-of-band management is defined as any management done over channels and interfaces that are separate from those used for user/customer data, and examples include:

• Serial console management over a dedicated TTY serial console port
• KVM over IP providing direct keyboard, video and mouse console connection
• Network console management over a dedicated Ethernet IP network port connected to the management network (using Telnet, Web browser)
• Service Processors (dedicated internal processors provided in new generation servers and telecommunications platforms which use IPMI protocol)

Integrated management

Today each of the mission-critical servers, switches, routers, power controllers and telecoms equipment comes with its own blend of in-band and out-of-band management tools. And there's a collection of local and remotely dispersed technical managers (system administrators, network administrators, applications specialists, service providers and vendor help desks) looking to use these tools - each wanting to poke their secure holes in the site network security to access the particular devices they control. The SDT technology in Opengear's IM/IMG/CM/SD4000 gateways provide a single consolidated point of secure access for these managers, and for them to use all their in-band and out-of-band tools. So irrespective of the health of the remote infrastructure there's:

• Pathways to devices that are network unreachable (serial consoles to servers, routers, RDP/VNC over serial, dial-in or alternate remote access)
• Access to servers that are in unstable (serial consoles – EMS/SAC)
• Access to servers that are hung/non-operational (power strip, IPMI)
• Access to server chassis with no O/S installed (IPMI, Service Processor)
• Monitoring and alerts that advise that disruption may have occurred

---