March 2022

Vertiv Avocent ACS EOL: Choose Your Replacement Option

by Jordan Baker | Mar 28, 2022 | Serial Consoles

Old,Way,Or,New,Way,With,Business,Woman,Using,A

Vertiv discontinued their Avocent ACS6000 line of serial console servers at the end of 2018 and will stop supporting them on July 31, 2023 (or whenever your warranty expires). The Vertiv Avocent ACS EOL guide recommends the ACS8000 series as a direct replacement, but before you make the switch you should consider all your options.

In this blog, we’ll directly compare the ACS6000 to the ACS8000, as well as recommend an alternative replacement option for your EOL serial consoles.

Vertiv Avocent ACS EOL Model: ACS6000

The Vertiv Avocent ACS6000 series is an enterprise data center serial console server with support for remote out-of-band management and zero touch provisioning (ZTP). Vertiv offers on-premises management via their DSView™ management software, CLI (command line interface), and web app. The ACS6000 supports advanced authentication via Radius, TACACS+, LDAP/AD, NIS, and Kerberos, as well as one-time passwords (OTP). However, its automation capabilities are limited to ZTP and auto-sensing ports.

Vertiv Avocent ACS6000 tech specs

Serial console features:	SSH direct to consoles Telnet, SSH, or a serial terminal connection Multiple concurrent sessions Automatic device name discovery
Pinout auto-detection:	Cyclades and Cisco pinouts
Vendor neutral:	No
CPU:	PPC440Epx @ 533 MHz
DRAM:	256MB
Maximum ports:	48
Cellular failover:	3G/4G failover and OOB
Sensors:	Internal temperature sensor
Operating system:	Linux OS and DSViewTM management software
On-premises management:	DSViewTM, CLI, web app
Cloud management:	No
Automation:	Zero touch provisioning Auto-sensing ports
Automation for end devices:	No
Guest OS support:	No
Authentication servers:	Local Radius TACACS+ LDAP/AD NIS Kerberos
Hardware security:	Embedded FIPS 140-2 module
Two-Factor Authentication:	Yes
Power management:	Power management integrated with serial session as well as the Vertiv GXT UPS

Vertiv Avocent ACS EOL Replacement Option: ACS8000

Vertiv’s direct replacement for the EOL ACS6000 is the ACS8000 series. To make your migration easier, the ACS8000 supports your existing ACS6000 configuration files and CLI scripts. In addition, the ACS8000 delivers new features such as an upgraded CPU, more RAM, and an environmental sensor port with support for temperature, humidity, leak, pressure, and contact sensors.

Where the ACS8000 really improves upon the old EOL series is with automation—it supports RESTful API Python and Perl scripts and automated management of PDU (power distribution unit) and UPS (universal power supply) products. However, the ACS8000 still only provides on-premises management, and it doesn’t support integrations with third-party automation and orchestration solutions.

Vertiv Avocent ACS6000 vs. ACS8000 tech specs

	Vertiv Avocent ACS6000	Vertiv Avocent ACS8000
Serial console features:	SSH direct to consoles Telnet, SSH, or a serial terminal connection Multiple concurrent sessions Automatic device name discovery	SSH direct to consoles Keystroke logging Telnet, SSH, or a serial terminal connection Alert on cable disconnects Multiple concurrent sessions Automatic device name discovery
Pinout auto-detection:	Cyclades and Cisco pinouts	Cyclades and Cisco pinouts
Vendor neutral:	No	No
CPU:	PPC440Epx @ 533 MHz	Dual-core ARM® Cortex™-A9 MPCore™ with CoreSight™
DRAM:	256MB	1GB
Maximum ports:	48	48
Cellular failover:	3G/4G failover and OOB	3G/4G failover and OOB
Sensors:	Internal temperature sensor	Environmental sensor port Internal temperature Door Dry contact Humidity
Operating system:	Linux OS and DSViewTM management software	Linux OS and DSViewTM management software
On-premises management:	DSViewTM, CLI, web app	DSViewTM, CLI, web app
Cloud management:	No	No
Automation:	Zero touch provisioning Auto-sensing ports	Zero touch provisioning Auto-sensing ports RESTful API Python Perl
Automation for end devices	No	Avocent Power Management Vertiv MPH2 Rack PDU Cyclades PM Intelligent PDU Avocent SPC power control devices Server Technology SentryTM Server Technology SentryTM Power Tower Eaton Raritan APC
Guest OS support:	No	No
Authentication servers:	Local Radius TACACS+ LDAP/AD NIS Kerberos	Local Radius TACACS+ LDAP/AD NIS Kerberos
Hardware security:	Embedded FIPS 140-2 module	Embedded FIPS 140-2 module
Two-Factor Authentication:	Yes	Yes
Power management:	Power management integrated with serial session as well as the Vertiv GXT UPS	Power management integrated with serial session as well as the Vertiv GXT UPS

Vertiv Avocent ACS EOL Replacement Option: Nodegrid Serial Console Plus (NSCP)

The ACS8000 addresses some of the weaknesses of the EOL ACS6000 series. However, if your enterprise needs a NetDevOps data center solution with next-gen features like cloud management and vendor-neutral orchestration support, then Vertiv’s models fall short.

The Nodegrid Serial Console Plus (NSCP) from ZPE Solutions delivers these features and more in a high-density, 96-port 1U rackmount design. The NSCP also provides hardened device security with on-board features like secure boot, encrypted disk, TPM 2.0 and geofencing, as well as embedded firewall security and SAML 2.0 authentication. Plus, the NSCP runs on Nodegrid OS, an open Linux-based architecture with full support for NetDevOps automation and orchestration solutions like Docker, Chef, Puppet, and Ansible.

Head-to-head: ACS6000 vs. ACS8000 vs. NSCP tech specs

	Vertiv Avocent ACS6000	Vertiv Avocent ACS8000	Nodegrid Serial Console Plus (NSCP)
Serial console features:	SSH direct to consoles Telnet, SSH, or a serial terminal connection Multiple concurrent sessions Automatic device name discovery	SSH direct to consoles Keystroke logging Telnet, SSH, or a serial terminal connection Alert on cable disconnects Multiple concurrent sessions Automatic device name discovery	SSH direct to consoles Keystroke logging to ZPE Cloud Alert on cable disconnects Text pattern match Multiple concurrent sessions Automatic device name discovery
Pinout auto-detection:	Cyclades and Cisco pinouts	Cyclades and Cisco pinouts	Cisco pinout
Vendor neutral:	No	No	Yes
CPU:	PPC440Epx @ 533 MHz	Dual-core ARM® Cortex™-A9 MPCore™ with CoreSight™	Intel x86, 64 bit
DRAM:	256MB	1GB	4GB
Maximum ports:	48	48	96
Cellular failover:	3G/4G failover and OOB	3G/4G failover and OOB	5G/4G/LTE and Wifi failover and OOB
Sensors:	Internal temperature sensor	Environmental sensor port Internal temperature Door Dry contact Humidity	External USB attached sensors: Particulate Smoke detector Airflow and temperature Proximity/door Temperature Humidity Plus, a 7-port USB hub
Operating system:	Linux OS and DSViewTM management software	Linux OS and DSViewTM management software	Flexible, open, 64-bit Linux-based Nodegrid OS optimized for integration with third-party automation and orchestration tools
On-premises management:	DSViewTM, CLI, web app	DSViewTM, CLI, web app	Nodegrid Manager
Cloud management:	No	No	ZPE Cloud Manager
Automation:	Zero touch provisioning Auto-sensing ports	Zero touch provisioning Auto-sensing ports RESTful API Python Perl	Zero touch provisioning Auto-sensing ports Python ZPE Cloud Chef Docker KVM Hypervisor Puppet RedHat Ansible Ruby ShellScript
Automation for end devices	No	Avocent Power Management Vertiv MPH2 Rack PDU Cyclades PM Intelligent PDU Avocent SPC power control devices Server Technology SentryTM Server Technology SentryTM Power Tower Eaton Raritan APC	ZPE Cloud Chef Docker KVM Hypervisor Puppet RedHat Ansible Ruby ShellScript
Guest OS support:	No	No	Ability to run VMs and Docker
Authentication servers:	Local Radius TACACS+ LDAP/AD NIS Kerberos	Local Radius TACACS+ LDAP/AD NIS Kerberos	Local Radius TACACS+ LDAP/AD NIS Kerberos SAML 2.0 (Okta, DUO, PINGID, ADFS)
Hardware security:	Embedded FIPS 140-2 module	Embedded FIPS 140-2 module	TPM 2.0 BIOS protection UEFI Secure Boot Geofencing
Two-Factor Authentication:	Yes	Yes	Yes
Power management:	Power management integrated with serial session as well as the Vertiv GXT UPS	Power management integrated with serial session as well as the Vertiv GXT UPS	Power management integrated with serial session (escape sequence in the serial session or power buttons in web serial session Power control of VMs Access rights for users and user groups

Though the Vertiv Avocent ACS8000 series provides a close match to the capabilities of the EOL ACS6000 series, it fails to deliver the advanced features you need to achieve NetDevOps transformation. Only the Nodegrid Serial Console Plus gives you intuitive cloud management, hardened device security, and full automation and orchestration support.

Ready to replace your Vertiv Avocent ACS EOL serial console server with the Nodegrid Serial Console Plus?

Contact ZPE Systems online or call 1-844-ZPE-SYS.

ONUG Spring 2022

by ZPE Systems | Mar 24, 2022 | Events

ONUG Spring 2022
Thursday, April 28 11:10am EST
Meadowlands Expo Center, Secaucus, New Jersey

Want to see what the Ukraine conflict has to do with edge networking? Join us at ONUG on Thursday, April 28 at 11:10am for a first-hand look at how to protect intellectual property & data privacy.

VP of Marketing, Koroush Saraf, and Director of Solution Engineering, Rene Neumann will show you how to deploy, destroy, and re-deploy networks that are vulnerable at the edge — whether due to natural disaster or international conflict. Explore the automation blueprint that’s enabled by our out-of-band infrastructure and open orchestration platform that supports Gluware, Ansible, SaltStack, and custom scripts.

This is your chance to collaborate with ZPE Systems and the largest tech companies in the world.

ONUG Proof of Concept: Automation without Anxiety

“IT Lessons from Ukraine – An Automation Blueprint for Deploying, Destroying, & Redeploying Edge Networks”

Download the Presentation

Customer Use Case

Shifting Gears: How Network Automation Drove an Auto Company to the Cloud

Read the Automation Case Study

Data Center World 2022

by ZPE Systems | Mar 22, 2022 | Events

Meet us at Data Center World, March 28-31 at the Austin Convention Center in Austin, Texas. Our engineers will be standing by to showcase some of our leading network resilience solutions, which are trusted by 6 of the top 10 global tech giants.

Get hands on with our open, Linux-based Nodegrid Serial Consoles and Services Routers, and see how our platform helps you overcome human error, security gaps, and interoperability issues.

When you register, use code ‘ZPE’ to save $300 on your Data Center World passes! We’ll see you there!

Save $300 Now

Security Field Day 7

by ZPE Systems | Mar 22, 2022 | Events

Did you miss our presentation at Security Field Day 7? Download the presentation or watch the recording below! Here’s an overview of what you’ll discover:

Why cybersecurity can’t be solved by a single vendor
How to overcome risks & ransomware by using immutable principles
How to build, destroy, & rebuild networks to protect property & data privacy

VP of Product Koroush Saraf walks you through our open Nodegrid platform that brings together diverse security ecosystems. Director of Solution Engineering Rene Neumann gives you two demos of Nodegrid based on customer use cases from Ukraine.

Download the presentation to take with you, and use the links below to watch the recorded event.

Watch Now Download the Presentation

ZPE Introduction: Why Cybersecurity for Enterprise Can’t Be Solved By One Vendor

Cybersecurity vendors are at the top of their game. So why are cyberattacks increasing and becoming more effective? We’ll discuss the modern enterprise’s pain of having too many products, from too many vendors, which leaves too many security gaps. We’ll also discuss why this dynamic attack surface can’t be solved simply by adding more products, and instead requires a platform — an automated and open platform capable of unifying the diverse ecosystem of cybersecurity solutions and eliminating gaps.

ZPE Demo: Immutable Principles of Branch Deployment

In this demo, we will show you how to overcome supply chain security risks and address ransomware by putting immutable infrastructure principles into action. We will demonstrate how to use SaltStack automation on our out-of-band platform, which we’ll use to build, destroy, and re-build an edge data center — with ease and at scale.

ZPE Demo: Zero Pain Ecosystem – Launching Security Apps from ZPE’s Cybersecurity Platform

In this demo, we will show our enterprise cybersecurity platform that powers what we call the Zero Pain Ecosystem. We will demonstrate the ease of use in securing remote branch locations, by using Horizon3’s NodeZero to launch an automated pen test, and by running a Splunk agent to feed XDR systems. We will conclude this demo by showing how to use immutable principles for disaster recovery, to decommission an infrastructure stack and rebuild it automatically from scratch.

Liked what you saw?

Check out our other Network/Security Field Day Presentations

Networking Field Day 26

Introduction to ZPE Systems
Global Data Center Infrastructure Management & Orchestration with ZPE Systems
Deploying & Managing Critical Remote Edge Infrastructure with ZPE Systems Nodegrid
Tour ZPE Systems’ Nodegrid and ZPE Cloud

View the Networking Field Day 26 Presentation

Networking Field Day 27

Problems that led ZPE to develop the Zero Pain Ecosystem
How ZPE customers use Gen 3 OOB to automate remote critical infrastructure and edge networks
Demo No. 1: Hands on with Gen 3 OOB to resolve edge operational challenges
Demo No. 2: Go beyond standard OOB and explore the automated Zero Pain Ecosystem

View the Networking Field Day 27 Presentation

How to Achieve Network Security: 4 Essential Steps for IT Professionals

by Jordan Baker | Mar 16, 2022 | Data Center Management

How critical is network security today?. According to IBM, the cost of a data breach rose to $4.24 million in 2021, and that figure continues to rise. In this blog, we’ll describe how to achieve network security through micro-segmentation, zero trust principles, cloud-based edge security, and network automation.

How to achieve network security: 4 essential steps for IT professionals

1. Shrink your perimeter

The traditional strategy for network security involves creating one large security perimeter around your entire enterprise network to protect all the data, accounts, devices, and applications contained within—even those hosted in the cloud, at remote branch offices, and in small edge data centers. The security controls and policies in use by this perimeter need to account for every single vulnerability and attack surface. Often, that leaves you with a complex, bloated patchwork of security appliances and services that are difficult to manage across multiple vendors and platforms. The harder it is to manage your security perimeter, the more likely you are to accidentally leave gaps in your coverage or miss the subtler signs of a potential breach.

To achieve network security in your enterprise, you need to shrink your perimeter and focus on protecting the individual data, applications, assets, and services at risk. You do this by micro-segmenting your network to logically separate your data, applications, assets, and services. This allows you to create micro-perimeters of highly specific policies and controls that account for the security risks, vulnerabilities, sensitivity, and value of each of your enterprise resources.

Shrinking your security perimeter and micro-segmenting your network also facilitates the implementation of zero trust security. Learn more about the importance of micro-segmentation for zero trust networks.

2. Never trust, always verify

Zero trust security is a proven strategy for protecting enterprise networks – in fact, the President signed an executive order in 2021 urging organizations to adopt a zero trust architecture. Zero trust security follows the principle of “never trust, always verify.” That means you don’t automatically assume the trustworthiness of any network entities even if they’re on your internal enterprise network. You also reduce the privileges granted to any individual account, making sure each network entity has access to the specific resources they need and nothing more. This reduces the lateral movement of a compromised account and limits the amount of damage that can be inflicted during an attack.

To apply and enforce zero trust access policies, you need an identity and access management (IAM) solution that allows you to dynamically and consistently assess an entity’s trustworthiness based on the context of the situation. Many IAM platforms utilize user and entity behavior analytics (UEBA), which monitors the activity of accounts and devices on your network to establish a baseline of behavior. UEBA can then use that baseline to determine when a network entity is behaving in a risky or unusual way, and then force that entity to reestablish trust before it accesses any new resources.

Zero trust security uses the methodology of “never trust, always verify” to limit the damage done by compromised user accounts and devices on your network. Learn more in our ultimate guide to a zero trust security model for an enterprise.

3. Secure your network edge

If your enterprise includes branch offices, work-from-home employees, small data centers, and other remote locations, you need a strategy to secure your network edge. Typically, that means backhauling all remote traffic through a firewall in the central data center, even if that traffic is bound for cloud resources. This can create bottlenecks in your enterprise network and reduce productivity.

Security service edge, or SSE, uses a cloud-based security stack to monitor and protect your remote, cloud-destined traffic without needing to route through your data center. SSE uses technologies like zero trust network access (ZTNA), secure web gateways (SWG), cloud access security brokers (CASB), and firewall as a service (FWaaS) to secure your edge traffic. Each of these security controls is delivered as a cloud-based service, so your remote users and devices can access your cloud resources securely without routing through your main firewall.

Security service edge, or SSE, provides enterprise-grade protection to your edge networks without impacting network performance or productivity. Learn more in What is security service edge (SSE)? Everything you need to know.

4. Reduce human error

According to Gartner, up to 99% of firewall breaches are caused by human error. When IT professionals need to manually configure and manage many different devices in a complex enterprise network, the risk of human error increases. A misconfigured security setting or user account could create vulnerabilities and leave you exposed to attacks. One way to reduce human error and the associated risk of a security breach is through network automation.

For example, zero touch provisioning can be leveraged to automatically configure and deploy network appliances. Software-defined networking (SDN) and infrastructure as code (IaC) are methods for decoupling device configurations from the underlying hardware, which allows you to use automated scripts to configure, update, and manage appliances and computing resources. Software-defined wide area networking, or SD-WAN, provides the same software abstraction and automation capabilities for your remote edge network infrastructure.

Network automation reduces the risk of configuration mistakes, which contributes to a more secure enterprise network. Plus, network automation is critical if you want to implement NetDevOps. Learn more about the importance of NetDevOps automation for modern networks.

To achieve network security, you need to rethink the old “castle and moat” strategy in which you have one big security perimeter (the moat) surrounding your entire enterprise and you assume everything within that perimeter (the castle) is safe and trustworthy. You should also consider a cloud-based approach to protecting your remote, cloud-destined traffic to improve the security and performance of your entire enterprise. Finally, you should use network automation to reduce the time you’re spending on tedious configurations, which will help eliminate configuration mistakes.

Achieve network security with the right solution

When you’re following the steps above, you’re likely to face a few challenges. For example, vendor lock-in can make it difficult to apply zero trust security controls or integrate third-party automation solutions. Additionally, to route your edge traffic through an SSE technology stack such as Zscaler or Cloudflare, you need an SD-WAN on-ramp with the ability to intelligently identify and re-route cloud-destined traffic. Plus, implementing all these security technologies can leave you with many different solutions to manage, increasing the complexity and difficulty of your enterprise network management.

ZPE Systems solves all these challenges with an innovative and vendor-neutral family of network management solutions. ZPE’s line of network edge routers and data center serial consoles runs on the Nodegrid OS, an open, x86 Linux-based operating system that allows easy integrations with zero trust security solutions and supports third-party automation via tools like Ansible and Chef. ZPE’s SD-WAN platform is the best on-ramp to your SSE stack, providing a secure, lightweight cloud solution from which to manage your edge network. Plus, with ZPE Cloud, you can consolidate management of your entire network behind one pane of glass, allowing you to efficiently deploy and orchestrate your network security strategy.

Want to learn more about how to achieve network security?

Visit our network security blog or contact ZPE Systems today.

« Older Entries

Next Entries »

ZPE Solution Pathways

Discover Nodegrid