CONTACT US
1-844-4ZPE-SYS
ZPE CLOUD

Providing Out-of-Band Connectivity to Mission-Critical IT Resources

Home » Archives for October 2014

Free Yourself from Vendor Lock-in!

by | Oct 22, 2014 | Data Center Management, Vendor Neutral Platform

Back in the early and mid-2000’s the race was on to implement an out-of-band infrastructure (OOBI) to provide access and control to all your IT assets in the data center via a separate management network. Isolating device management to a separate management network was, and still is a great practice. Having the ability to remotely connect to a device in the data center via an isolated network, allows users to perform various tasks such as Reboot, Power off, Power on, run a specific script, provision, test, etc. of specific devices, without impacting the production network processing. Another benefit (among many) is being able to connect to a failed production network device and bring it back in service via remote access and management. Reduces recovery time. Minutes can mean millions when it comes to a production IT outage. The faster you can respond, the less it costs.

Currently, and some 10 years ago, implementing an OOBI required various hardware appliances to be installed in your network to provide access to the device. Serial Console Servers, KVM/IP Switches, Intelligent and Controllable Rack PDU’s, etc… which you need to purchase and install in your data center. 1000’s of dollars were, and still are being spent on the purchase and implementation of these appliances. Why? Because that’s how you do it. Buy more management appliances and add them to your existing infrastructure as you grow. In an attempt to keep up with new technologies like Service Processors (IPMI, ILO, Drac, CIMC, etc) and the explosion of Virtualization, the manufactures have addressed this by creating another appliance for you to buy, add to your rack and network, just to facilitate the access and control to the Service processors and Virtual Machines. These solutions also require periodic updates or upgrades to the vendor specific management software, which was developed (for what was available at the time) over 10 years ago, and based on the use of appliances (sell you more hardware). Not what’s available now.

 

 

 

 

 

 

 

 

Today, Virtualization and Service processors are aggressively being adopted in data centers. This greatly reduces the need for expensive, rack cluttering, and heat generating KVM/IP Switches, and perhaps, in some cases, reduced the need for expensive rack PDU’s. Quite a cost savings. But still not enough. Most all OOBI management solutions require additional hardware appliances in order to consolidate and provide access to the Service Processor or Virtual Machine infrastructure. Again, this method of implementing an OOBI came about 10 years ago and required hardware components (KVM/IP, Serial Console, Intelligent Rack PDU’s, Service Processor, and virtual Machine consolidators) in order for it work. And let’s not forget the vendor specific management tools that are useless without the presence of vendor specific appliances and don’t integrate with equivalent competitor products. For example, Console Servers from different vendors. As a result, you, the users are locked in to a specific vendor technology and method of OOBI management. To frame this differently, suppose your company purchases a company which standardized on an OOBI from vendor A. You’re standardized on vendor B. How do you handle this? Maintain both solutions until you can replace one with the other. Buy more hardware from your preferred OOBI manufacturer to replace the hardware from the other manufacturer. Either way, it’s costly and locking you into a specific vendor OOBI technology and method.

So, what can you do? Continue to expand your OOBI infrastructure from a specific vendor with outdated methods and solutions, OR, you could implement a vendor neutral OOBI software-only management solution that provides the same, if not better, secure access and control to devices from both Vendor A and B without having to add additional hardware appliances. Now you can have OOB connectivity and management of your Physical and Virtual infrastructures as it grows, and expands via whatever vendor/s products you decide to use. In fact, you could use a combination of Vendor A, B, C, and D’s OOB appliances to rebuild a best of breed OOBI. Let Freedom Ring. No more OOBI vendor lock-in.

From the team that gave us the Linux Break Safe Console Server, Managed Rack PDU’s, and put IPMI in Service processors, comes the world’s first Software-Only, Vendor Neutral Access and Control solution for the management of both Physical and Virtual (VMware and Kernel Virtualization) IT device Infrastructures, regardless of manufacturer. “NodeGrid Manager” is the first software-only solution for Access and Control that doesn’t require any additional hardware components to provide access and control to your existing OOBI, regardless of manufacturer. NodeGrid Manager’s agnostic approach to device management allows you to take advantage of your existing hardware OOBI without regard for manufacturer, or the addition of expensive KVM/IP, or service processor and virtual machine consolidator hardware appliances. As a byproduct, NodeGrid Manager frees you from vendor lock-in. NodeGrid provides the same user experience regardless of device and manufacturer via a common UI and standardized feature and command stack across the entire infrastructure. User experience is the same for Server, Storage, Network, Power, and Virtual Machine (VMware and Kernel Virtualization) infrastructure regardless of manufacturer.

If it hasn’t already happened, there will come a time when your existing OOBI starts letting you down. When that happens, turn to ZPE Systems NodeGrid Manager for relief. NodeGrid Manager Delivers a true vendor-neutral experience in OOBI management. Oh, and did we mention you don’t have to add expensive vendor specific proprietary appliances to manage your physical and virtual IT infrastructure.

 

 

Free your OOBI now from vendor lock-in. Stay ahead of technology changes and growth with NodeGrid Manager. The world’s first, Software-Only, Vendor-Neutral Access and Control Solution for both Physical and Virtual IT Infrastructures, that simply and easily works, and scales to meet your needs.

See for yourself.

The fastest way to learn more – Email us at sales@zpesystems.com (or call +1 510 298 3022) to schedule a chat or request a demo.

The Future of IT Infrastructure Management is Here

by | Oct 17, 2014 | Data Center Management

ZPE Systems – The Future of IT Infrastructure Management

You might not know us, but you do.

We designed and engineered OOBI appliances that are deployed in the world’s largest data centers. We are a group of technologists with more than 100+ years of cumulative experience in the remote console management business, with many patents granted. Now we’re putting our century of experience to work to make your job even easier. Welcome to the simpler, faster, more cost effective software-defined future of IT Infrastructure Management.

Did you know that the team who brought you the world’s first Linux Break safe Console Servers, coded the firmware for Rack PDUs and put IPMI inside of big name servers, is now delivering a Vendor Neutral software solution to access and control both Physical and Virtual IT assets? It’s true.

NodeGrid Manager is the industry’s first and only pure software solution on the market today that allows you to access and control Servers, Networks, Storage, Virtual Machines, Rack PDUs, UPSs and more from a single interface without the addition of any hardware appliances, while taking advantage of your existing infrastructure.

NodeGrid customers are reducing the number of management tools they need to buy, learn, use, and maintain. You too can save time responding to outages faster, helping to improve service levels. Save money on training and maintenance costs associated with vendor specific management tools. These are just a few of the many benefits NodeGrid provides. NodeGrid takes advantage of your existing access and control hardware and supplements data center visualization and monitoring tools.

Ready to take your infrastructure management to the next level? Schedule a live online demo of NodeGrid to learn how we’re changing the way physical and virtual infrastructures can, and should be managed, now and in the future.

Thanks in advance for joining us on this exciting journey into the future of software-defined infrastructure. We look forward to hearing from you.

Avoid Future ShellShock Type Attacks

by | Oct 1, 2014 | Data Center Management

ShellShock UNIX Bash Bug – Introduction

You’ve heard about the ShellShock Unix Bash “ghost user” exploit at least 13 times by now. This discovery of a hurtful secret within a deep, trusted friendship (ubiquitous reliance upon generally stable Open Source software) reminds us that IT Security is like any long-term relationship – constantly evolving.

Did you and your colleagues have a fire drill this week reacting to the ShellShock news? If it felt like one over the past week, where everybody ran around patching servers and semi-anxiously diagnosed what else might be vulnerable, then you’ve come to the right triage center. ZPE Systems provides a solution which helps sysadmins avoid the ShellShock bug’s malicious ghost users in the first place. Feeling lucky?

Lucky or Forward Thinking?

Enterprise INFOSEC admins who already had NodeGrid Manager installed before this latest problem merely had to patch one user portal. After this, said admins were able to leisurely patch the thousands of systems safely nestled behind NodeGrid Manager at their own pace. In fact, they could wait until Christmas and feel quite zen, although we don’t recommend it. Just because you can do something doesn’t mean you should. Our existing customers are already benefiting from NodeGrid’s intrinsic built-in Firewall capabilities.

This “Firewall capability” of NodeGrid Manager isn’t something we’ve trumpeted much before. By placing NodeGrid in front of all your devices, you effectively firewall user access to your varied, globally distributed IT assets. Widespread damage by users is highly reduced in a NodeGrid environment. Upon login to NodeGrid, users are authenticated against your existing enterprise AD/LDAP database for access. Then, users are further authorized based on their existing profiles with specific access rights to specific IT assets. No user will have direct access to every shell in the house without your explicit authorization.

Your Way, the Right Way

In this way, Joe, a senior engineer within the IT Security team, only has access to specific switches, routers, servers and smart PDU infrastructure to which he is authorized. Joe’s world consists of only those machines to which he is authorized access to from within NodeGrid. He won’t have access to or even see Marketing VMs, Development storage and server hardware or Finance servers and switches. Joe is protected, and his colleagues in other departments are also protected.

Another Use Case:

  • Samuel’s “internal and trusted” corporate Dell laptop has been hacked/infected by a Shellshock type attack.
  • Sam’s laptop tries to connect to NodeGrid without encrypted user credentials – is unceremoniously blocked – and can’t hack the rest of the network.
  • Multiple layers of NodeGrid security prevent collateral damage.

NodeGrid can help to improve the security and reduce the exposure to vulnerabilities by allowing network separation between critical systems and the users. NodeGrid’s “FireTrail” secure tunneling through Firewalls feature explicitly limits IT asset exposure to outside elements. Users receive secure locked-down access to authorized devices behind sensitive Firewalls without ever needing to know Firewall credentials. Deploying NodeGrid is almost like having two extra Firewalls.

 

 

Illustration of NodeGrid’s FireTrail secure tunneling IT asset protection feature.

 

 

In a NodeGrid managed device scenario, there is no direct connection to the bash of the target managed devices. NodeGrid works as the entry point, redirecting authorized users to a secondary network connection established exclusively between NodeGrid and your target managed devices. Also, by limiting the access availability to the serial console port of managed devices or access only within the management network (not production), sysadmins can improve the security of critical devices.

Get the Protection You Need Right Now

If you’d like to be doubly protected from future ShellShock bash bug type attacks, or any other attacks on your infrastructure based upon compromised user logins or exposed IT assets, contact us today. As you know, NodeGrid can act as a second firewall, or moat, around your IT castle — either in front of your existing firewall appliance or behind it.

 

In celebration of Halloween this month, we continue to offer terrifyingly good weekly demo sessions in person and via Webex. Register now to watch an overview of NodeGrid and learn how it can help save your IT bacon. You’re also welcome to download an evaluation copy of NodeGrid.

We look forward to helping enterprises and the global Internet become more secure and stable places to conduct business.

Warm wishes,

Kenneth Ott

Partnership Development

Kenneth Ott is Partnerships Manager at ZPE Systems and began using shell accounts in the late ’90s. He conducts initial consultations with organizations seeking simplified IT infrastructure management options. Outside of work, Kenneth enjoys hiking and camping throughout California.