Best Network Performance Monitoring Tools

by Jordan Baker | Nov 15, 2023 | Application Hosting, Data Logging, Increase Productivity, Minimize Impact of Disruptions, Monitoring & Reporting, Out of Band Management, Remote Network Management, User Management, Vendor Neutral Platform

Network performance monitoring tools provide visibility into the health and efficiency of networks and their underlying infrastructure of devices and software. Some platforms focus entirely on collecting and analyzing logs from various sources on the network, while others provide additional management capabilities that let you control, change, and troubleshoot network infrastructure. Choosing the right solution requires a thoughtful consideration of factors such as the cost, scalability, and interoperability of the software, as well as your team’s experience and abilities. This guide compares three of the best network performance monitoring tools by analyzing these critical factors before providing advice on the most scalable and cost-effective way to deploy your solutions.

Comparing best network performance monitoring tools

Platform	Key Features
SolarWinds Network Performance Monitor (NPM)	Network device, performance, and fault monitoring Deep packet inspection and analysis LAN and WAN monitoring Automatic network discovery, mapping, and monitoring Network availability monitoring Network diagnostics Network path analysis Network performance testing SNMP monitoring Wi-Fi analysis
Kentik	Network telemetry dashboards Multi-vendor network monitoring Cloud, edge, and hybrid cloud monitoring SaaS application performance & uptime monitoring Intelligent automated alerts SNMP, traffic flow, VPC, host agent, and synthetic monitoring Multi-cloud performance monitoring Kubernetes workload monitoring SD-WAN monitoring Network security monitoring Network map visualizations QoE monitoring
ThousandEyes	Network availability and performance testing WAN performance monitoring Cisco SD-WAN monitoring and optimization Browser session monitoring Network path visibility User Wi-Fi connectivity monitoring VPN mapping and monitoring Cross-layer data visualizations

Disclaimer: This comparison was written by a 3rd party in collaboration with ZPE Systems using data gathered from publicly available data sheets and admin guides, as of 10/20/2023. Please email us if you have corrections or edits, or want to review additional attributes: Matrix@zpesystems.com

SolarWinds Network Performance Monitor (NPM)

The Network Performance Monitor (NPM) is part of the SolarWinds Orion platform of integrated products. This mature and richly featured monitoring software is delivered as a cloud-based service and can observe SaaS (software as a service), cloud, hybrid cloud, and on-premises infrastructure. With advanced features like deep packet inspection (DPI), WAN optimization monitoring, automatic network mapping, and automated diagnostic tools, SolarWinds NPM is meant to be a complete, enterprise-grade observability solution. As part of the Orion platform, it’s also extensible with other products from the SolarWinds ecosystem, such as a Network Configuration Manager. As an enterprise solution, SolarWinds NPM comes with a high price tag that grows even larger as additional monitoring agents are added, limiting the scalability. Another important factor to consider is that SolarWinds recently suffered a high-profile hack that compromised thousands of customers, so there are security risks involved in trusting the Orion supply chain. Additionally, despite a large library of integrations, SolarWinds is a closed ecosystem that doesn’t work well with 3rd-party tools or custom scripts.

Pros	Cons
Supports SaaS, cloud, and on-premises networks Includes advanced monitoring features like DPI Part of a large ecosystem of observability and management solutions	Pricing is expensive and limits scalability Recently suffered a high-profile breach that impacted thousands of customers Closed ecosystem may not support your 3rd-party tools

Kentik

Kentik is an end-to-end network observability platform for cloud, multi-cloud, hybrid cloud, SaaS, and data center infrastructure. In addition to network performance monitoring, the platform includes monitoring solutions for SaaS application performance and SD-WAN performance. Other observability features include SaaS uptime monitoring, AI-driven insights and alerts, network security monitoring, and QoE (Quality of Experience) monitoring. Kentik also recently launched a Kubernetes network monitoring solution called Kentik Kube that provides end-to-end cluster visibility. Overall, Kentik is a powerful network observability platform that includes many of its most innovative features in its “Essentials” and “Pro” pricing packages, providing a lot of bang for your buck. The downside is that you can’t subscribe to features individually and must purchase a whole package, meaning you could end up paying for features you don’t need. Because Kentik is not a large vendor, its customer service may be slow to respond in some cases. Additionally, although Kentik does have a large library of integrations, it is not a vendor-neutral platform.

Pros	Cons
Supports cloud, multi-cloud, hybrid cloud, SaaS, and data center infrastructure Includes many advanced features and solutions at no additional cost Provides AI-driven network insights and intelligent alerts	Products aren’t available a la carte Customer service and technical support can be slow to respond Isn’t entirely vendor-neutral

ThousandEyes

ThousandEyes is a digital experience monitoring platform primarily focused on network and application synthetic testing, end-user performance monitoring, and ISP Internet monitoring for SaaS, cloud, and on-premises networks. Additionally, ThousandEyes is part of the Cisco family and can be used to monitor and optimize Cisco SD-WAN architectures. Across its family of observability products, ThousandEyes includes features like wireless network visibility, SaaS performance visualizations, cloud application outage detection, and SD-WAN performance forecasting. The major advantage of the ThousandEyes platform is that it provides true end-to-end visibility of the entire service delivery chain, including end-user device performance and third-party provider availability. One downside is the endpoint agent-based monitoring solution requires on-premises VMs to run, which can be cumbersome to maintain and limits scalability. The pricing is expensive compared to similar solutions, and you may have to combine products to get all the features you need. Additionally, ThousandEyes is not a vendor-neutral platform and has a relatively small library of integrations.

Pros	Cons
Supports SaaS, cloud, and on-premises networks Works with Cisco DNA software for SD-WAN monitoring Provides end-to-end visibility of the entire service delivery chain	Agent-based monitoring requires on-premises VMs, limiting scalability Pricing is expensive compared to similar solutions Limited integrations, preventing interoperability

Conclusion

Each of the solutions on this list has advantages that make it well-suited to certain environments, as well as limitations to consider. Solarwinds NPM is part of a large ecosystem of observability and management solutions that includes advanced features like DPI, but it’s suffering from a major security incident and has a closed ecosystem. Kentik packs a lot of innovative, AI-driven monitoring capabilities into its platform offerings, but its pricing tiers are inflexible, and it doesn’t have the large, enterprise-grade support team of its larger competitors. ThousandEyes provides end-to-end visibility of the entire service delivery chain and works seamlessly with Cisco DNA software, but it has a steep learning curve and a limited library of integrations.

How to run the best network performance monitoring tools

Most network performance monitoring tools – even cloud-based SaaS offerings – communicate with endpoint agents using software deployed on VMs (virtual machines) running on-premises in each business location. Running these VMs on fully provisioned servers or PCs is expensive, but deploying them on NUCs is highly insecure, especially as organizations scale out with distributed branches and edge computing sites. What’s needed is a consolidated hardware solution that combines critical branch, edge, and data center networking functionality with vendor-neutral VM and application hosting, such as the Nodegrid platform from ZPE Systems. Nodegrid’s serial switches and network edge routers run the open, Linux-based Nodegrid OS, which can host your choice of third-party software – including Docker containers – for network performance monitoring, SD-WAN, security, automation, and more. Nodegrid’s versatile, modular hardware solutions also provide out-of-band (OOB) management access to critical remote infrastructure and monitoring solutions, giving teams a lifeline to recover from outages and ransomware attacks. Nodegrid uses innovative, enterprise-grade security features like Secure Boot, self-encrypted disk, and two-factor authentication (2FA), and its onboard software is frequently patched for vulnerabilities to defend against a breach. Deploying Nodegrid at each business site consolidates your network to reduce hardware overhead, streamlining management and enabling easy scalability.

Deploy the best network performance monitoring tools with Nodegrid

Reach out to ZPE Systems to see a demo of how the best network performance monitoring tools run on the Nodegrid platform.
Contact Us

Breaking Down The 2023 Ragnar Locker Cyberattacks

by Jordan Baker | Nov 3, 2023 | Improve Network Security, Micro-segmentation, Minimize Impact of Disruptions, Network Automation, Out of Band Management, SecOps, User Management, Zero Trust Security

This article was written by James Cabe, CISSP, a 30-year cybersecurity expert who’s helped major companies including Microsoft and Fortinet.

Throughout 2023, several organizations were successfully hit by Ragnar Locker cyberattacks. The affected victims spanned the globe and were forced to shut down much of their critical operations, while the attackers demanded tens of millions of dollars in ransom payments. Despite the group being taken down by law enforcement in October, organizations are re-evaluating their defensive measures — and more importantly, their recovery strategies — to combat these attacks.

If you read my previous articles about the ongoing MOVEit breach and the ransomware that hit MGM, you probably know that isolation is key. It helps you fight through attacks by cutting the kill chain, so that you can restore services quickly without reinfection.

Who Carries Out Ragnar Locker Cyberattacks?

Recent Ragnar Locker cyberattacks were carried out by the Dark Angels Team cybercriminal group. Dark Angels Team’s modus operandi is to breach a company’s defenses, spread laterally, and steal data that can be used to extort the target company. The approach they take involves gaining access to the Windows domain controller, where they deploy ransomware. They encrypt devices using Windows and ESXi encryptors, which gives organizations little recourse aside from taking their critical systems offline in order to stop the spread.

How Do Ragnar Locker Cyberattacks Start?

Ragnar Locker breaches, like all ransomware attacks, require a kill chain that must first be initiated. MITRE ATT&CK defines this as the ‘initial,’ and in these attacks, the initial comes from social engineering. Email stuffing is often the tactic of choice, whereby the attacker sends an email that appears to have a trail of replies or forwards (see the example below). Email trails like this trick spam filters and land directly in the target’s inbox. When an employee clicks a malicious link inside the email, the attack kicks off.

Image: Email stuffing is used by marketers and threat actors alike to bypass spam filters.

How Do Companies Discover Ragnar Locker Cyberattacks?

After the Ragnar Locker cyberattack kicks off, the bad link uses Java to load the locker ransomware, then a series of batch scripts installs a payload consisting of virtual box emulation software. This emulation software takes over and encrypts the host, and displays the ransomware message (see image below).

Image: A Ragnar Locker ransomware message showing on encrypted devices.

How Do Ragnar Locker Cyberattacks Spread?

The attack spreads by gaining access to Windows domain controllers and then attacking the management interfaces of the VMware ESXi machines. Most organizations don’t properly segment or isolate these management interfaces. This makes them especially vulnerable even to older Babuk ransomware source code that is an ESXi encryptor. Basically, the attackers only need to gain access to the management network, and then they can attack the production network.

From Intel471: “VMware’s ESXi is called a ‘bare metal’ hypervisor because the underlying hardware on which it is installed doesn’t need an operating system. ESXi allows the hardware to be utilized for multiple virtual machines (VMs), which saves on hardware costs. ESXi is a fruitful target for attackers since it may be connected to several VMs and the storage for them. Security experts warn ransomware actors have built specific binaries to target these systems. Groups joining this trend include HelloKitty, Black Basta, Cheerscrypt and GwisinLocker.”

They continue, “Over the last few years, several vulnerabilities have been identified in ESXi, including CVE-2021-21974. The vulnerability is a heap overflow vulnerability within Open Service Location Protocol (OpenSLP), which is a network discovery tool. The vulnerability is remotely exploitable over port 427, and has a Common Vulnerability Scoring System Version 3.0 (CVSSv3) base score of 8.8. It’s suspected that it may be the vulnerability exploited in this attack. VMware said that “significantly out-of-date products” were targeted with vulnerabilities that had been addressed. It affects ESXi versions 7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG and 6.5 before ESXi650-202102101-SG. Due to other vulnerabilities in OpenSLP, VMware disabled OpenSLP starting in 2021 in ESXi versions 7.0 U2c and ESXi 8.0, which is the current version.”

Ultimately, these attacks exploit a combination of a lack of management plane isolation to the VMware management interfaces, specifically on port 427 (OpenSLP), and a lack of patching and updating. Organizations also typically lack a backup authentication mechanism for the control plane, as well as Privileged Access Management, which are both good fallback options.

How Can Companies Stop Ragnar Locker Cyberattacks?

Ragnar Locker ransomware and other attacks are successful because companies don’t employ proper management plane isolation. Attackers can gain access to VMware management interfaces, and then they essentially have the keys to the kingdom. That’s it. No amount of defense can save you.

If you recall CISA’s binding operational directive, they call for an isolated management infrastructure. This is what we refer to as IMI. Rather than serving as a defense, like we think of traditional cybersecurity products, the IMI is an architecture that allows you to fight back. It’s your quick-reaction force, your cavalry, your secret weapon that ensures you always have a counterattack ready to deploy.

IMI is infrastructure that is dedicated — and most importantly, fully isolated from production assets — to ensuring operations can recover quickly from breaches and outages. Here’s a graphical breakdown:

The IMI includes all of the tools you need for rerouting traffic, decommissioning affected gear, wiping/re-imaging devices, and restoring infrastructure. You can also incorporate automation to speed the process along and make recovery something that happens in minutes or hours at the most. Aside from being completely isolated from production assets, the IMI itself is also segmented and employs zero trust practices. This means that you and only you have access to your secret weapon for cutting the ransomware kill chain.

How Do You Use Isolated Management Infrastructure?

An IMI can host an IRE (Isolated Recovery Environment), which is used to cut off all user data and remote access (except for OOB) to an entire infected site. A properly implemented recovery environment should automate most of these activities to speed up the recovery. One of the first considerations is the requirement for a secondary organization in your IAM that is not attached to normal operations. This is what is known as a set of “Break the Glass” accounts. These are known in military circles but have made it into formal practice as part of a strong playbook for ransomware. Once you do this, you can instantiate selected Zero Trust remote access to the site using credentials that are not in the scope of the attack, and then bring up a communications channel for a virtual war room using software like Rocket Chat, Jitsi, Slack, or other standalone communications tools that are installable on the IRE environment.

Avoiding normal authentication methods or IAM and normal communication channels is required for the integrity of the recovery and strengthens the recovery playbook. During this time, no email may be used that is associated directly with the organization. Ideally, email should never touch an account that is associated with it either.

The next step is to create a new set of clean side networks that do not directly connect to the main backbone or put it behind another firewall for triage good/bad. Using a sniffer software running on the IRE, the recovery team can then run a passive scan or an active scanner against all machines continuing to try to send email to Exchange/M365. You can give access to people that are deemed good (not sending traffic) but lock off (with an EDR) the ability to open Outlook for a while, while keeping them on the web email. From there, continue working through to find all the sending drivers to see if they have a good backup. If not, back up the infected drive for offline data retrieval for later. Then re-image while scanning the UEFI BIOS during boot (if needed, run an IPMI scan). If the site has a list of assets that are considered crown jewels, prioritize these.

Once you have a segmented “clean side” established with all the network services required to operate the site (DNS, IAM, DHCP), then Internet access can be restored to this site on a limited basis; which means only out-bound communications, nothing in-bound. Restorative operations can continue apace. making sure that the infected side assets are captured in backup for later forensics following chain-of-custody if damages exceeding insurance limits are found to be the case. This is decided in the war room.

Download the Isolated Management Infrastructure Blueprint

Now is the time to lay the groundwork for your IMI so you can fight back against ransomware. Download the Network Automation Blueprint, which gives you a step-by-step guide to building your Isolated Management Infrastructure.

Download blueprint

Get in touch with me!

True security can only be achieved through resilience, and that’s my mission. If you want help shoring up your defenses, building an IMI, and implementing a Resilience System, get in touch with me. Here are links to my social media accounts:

Nodegrid OS and ZPE Cloud achieve industry’s highest security with Synopsys

by Jordan Baker | Nov 2, 2023 | DevOps, Improve Network Security, News & Announcements, SecOps

How do you address security across the software development life cycle?

“Security is the cornerstone of ZPE’s infrastructure management solutions,” says Koroush Saraf, Vice President of Product Management and Marketing at ZPE Systems. “Our automation platform touches every aspect of our customers’ critical infrastructure, from networking and firewall gear, to servers, smart PDUs, and everything else in their production network. The ZPE portfolio is architected with the strongest security and implemented with the same level of scrutiny.”

Given the critical nature of enterprise networking, security is paramount to ZPE’s customers.

“The average time taken to apply patches and fix vulnerabilities can be more than 205 days,” says Saraf. “This is due to many reasons: limited resources and time, concerns that something may break, or in some cases, admins don’t even know that a critical patch is available. That’s why ZPE takes on the responsibility for customers. They’re assured that the systems running their infrastructure are running the latest, most secure software. And if a patch fails, our built-in undo button reverts to a safe configuration before any damage can be done.”

Saraf adds, “Like with all modern organizations, ZPE uses a complex mix of proprietary, open source, and third-party software obtained through a variety of sources from the software supply chain. Think third-party libraries, packaged software from ISVs, IoT and embedded firmware, and especially open source components. In fact, studies show that over three-quarters of the code in any given application is likely to be open source.”

“Most third parties won’t provide the source code behind their software,” notes Saraf. “But the question remains whether that supplier is as security-conscious as ZPE. Again, we found the solution with Synopsys, which gives us insight into any third-party software we include without requiring access to the source code.”

The solution: Comprehensive security testing with Synopsys AST

Different security solutions focus on different aspects of vulnerability detection and risk mitigation. By layering multiple solutions such as static analysis, dynamic analysis, and software composition analysis, ZPE covers a wide range of potential vulnerabilities, ensuring that code quality and security issues are identified at various stages during the software development life cycle and across different types of code.

Coverity® provides the speed, ease of use, accuracy, industry standards compliance, and scalability to develop high-quality, secure applications. Coverity identifies critical quality defects and security vulnerabilities as code is written, early in ZPE’s development process when they are easiest to fix. Coverity seamlessly integrates automated security testing into CI/CD pipelines, supports existing development tools and workflows, and can be deployed either on-premises or in the cloud.

WhiteHat™ Dynamic is a software-as-a-service dynamic application security testing solution that allows businesses to quickly deploy a scalable web security program. No matter how many websites or how often they change, WhiteHat Dynamic can scale to meet any demand. It provides security and development teams with fast, accurate, and continuous vulnerability assessments of applications in QA and production, applying the same techniques hackers use to find weaknesses This enables ZPE to streamline the remediation process, prioritize vulnerabilities based on severity and threat, and focus on remediation and its overall security posture.

Black Duck® helps ZPE identify supply chain security and license risks even when it doesn’t have access to the underlying software’s code. This is a critical security tool for the modern software supply chain. Black Duck Binary Analysis can scan virtually any software, including desktop and mobile applications, third-party libraries, packaged software, and embedded system firmware. It quickly generates a complete Software Bill of Materials (SBOM), which tracks third-party and open source components, and identifies known security vulnerabilities, associated licenses, and code quality risks.

The result: A notable reduction of CVEs

“One of the outcomes from taking a comprehensive, layered approach to security testing has been a notable reduction in CVEs on the systems we deploy,” says Saraf.

“I think a lot of industry players don’t give enough attention to patching CVEs. They wait until after a security incident, or until a customer specifically asks. Unfortunately, it’s normal to see unpatched, outdated software running on critical infrastructure. The Equifax breach of 2017 is just one example that exposed the personal data of millions. It’s a particular problem with IoT and embedded devices—many of those systems get installed and forgotten. But it’s another attack surface, especially if you use the equipment for critical infrastructure automation.”

“ZPE’s goal is to reduce the attack surface of our systems to as close to zero as possible, either by making sure that software vulnerabilities are identified and addressed, and that our software is running the most secure and up-to-date versions. It’s an ongoing process— what is vulnerability-free today won’t necessarily be so tomorrow—which is why ZPE always stays security-conscious. I think the company’s commitment to security has positioned ZPE as a trusted partner for enterprises seeking secure automation solutions for their critical infrastructure needs.

Download the document for details about Synopsys and ZPE Systems

Download

How to Fight the latest Ransomware Attacks

Nodegrid plus Synopsys is the most secure platform for Isolated Management Infrastructure (IMI). This architecture is recommended by the FBI and CISA, and allows you to fight back when ransomware strikes. Check out our latest IMI articles from cybersecurity veterans James Cabe and Koroush Saraf, who have helped companies including Fortinet, Microsoft, and Palo Alto Networks.

OOB Network Management Software Tools

by Jordan Baker | Nov 2, 2023 | Improve Network Security, Increase Productivity, Minimize Impact of Disruptions, Out of Band Management, Remote Network Management, Vendor Neutral Platform

Network management software tools enable administrators to provision, monitor, and maintain networks and network infrastructure without manually touching each individual device or service. We’ve previously covered the best network management software for both cloud-based and hardware-based networks. This post dives deeper into the hardware-based network management tools deployed in on-premises or private cloud environments via serial consoles (a.k.a. console servers, serial console servers, serial console routers, or serial switches).

These network management software tools provide out-of-band (OOB) management access to connected network infrastructure in data centers and remote sites. Serial consoles directly interface with network systems and devices, creating an isolated management network that doesn’t depend on the production LAN, WAN, or ISP. OOB management ensures continuous remote access even during major outages, so teams can troubleshoot and recover branch offices, edge computing sites, and other remote environments without costly truck rolls or managed service support. OOB console servers also unify management of all connected infrastructure, giving administrators a single platform to monitor, control, and automate the entire distributed network architecture.

Looking for a new out-of-band network management device? Read our guide:

Comparing the Best Out-of-Band Management Devices

We compare offerings from the four best OOB network management software tool providers and discuss the features, advantages, and disadvantages of each to help network teams make the best choice for their environment.

The best OOB network management software tools

Platform	Key Features
ZPE Systems Nodegrid Manager/ZPE Cloud	5G/4G LTE, Wi-Fi, POTS, or fiber OOB and failover support On-premises or cloud-based software options Robust hardware and software security including 2FA and SAML 2.0 x86 CPU and Linux-based Nodegrid OS support Guest OS and Docker containers Vendor-neutral software integrates with third-party tools like Ansible, Chef, Python, and Ruby Extends ZTP and other automation to legacy and mixed-vendor infrastructure OOB support over IPMI, ILO, DRAC, CIMC, vSerial, and KVM Device auto-discovery via network scan and custom probes Power management integrated with serial session Supports full range of environmental monitoring sensors
Vertiv Avocent DSView	4G LTE OOB and failover support HTML5 KVM and Serial viewers Telnet/PuTTY serial interfaces Session log, report, and archive Data Center Zone definitions ZTP, SOAP API, Python, Perl, PDU, and UPS automation Schedule and on-demand firmware management Web secure 2048 SSL certificate Two-factor authentication (2FA)
PerleVIEW	4G LTE, Wi-Fi, POTS, or fiber OOB and failover support Health monitoring and event handling Integrates with SNMP NMS Automated device discovery Device CLI scripting Configuration backup, firmware, and change management Single sign-on for in-band connections Device PING tool Audit trail log
Opengear Lighthouse	4G LTE or fiber for OOB and failover x86 processor can run Guest OSes and automation Supports over 100 power vendors’ equipment Automatic port discovery Lighthouse playbooks for streamlined automation Integrated SAML and AAA authentication Opengear NetOps modules support Bash, Docker, Pearl, Python, and Ruby SSH direct to consoles Keystroke logging

Disclaimer: This comparison was written by a 3rd party in collaboration with ZPE Systems using data gathered from publicly available data sheets and admin guides, as of 10/13/2023. Please email us if you have corrections or edits, or want to review additional attributes: Matrix@zpesystems.com

ZPE Systems Nodegrid Manager/ZPE Cloud

ZPE Systems offers two network management software tools based on their Nodegrid line of serial consoles and integrated edge routers. Nodegrid Manager is on-premises software, and ZPE Cloud is a cloud-based tool, but both provide out-of-band management access to on-premises infrastructure in data centers, branches, private clouds, and other remote sites. Nodegrid hardware offers a variety of connectivity options for OOB, failover, and WAN, including Wi-Fi and 5G. Nodegrid also supports a full range of environmental monitoring sensors for greater control over conditions in remote deployments.

Nodegrid solutions are protected by robust hardware and software security features, including UEFI Secure Boot, an embedded firewall with selectable cryptographic protocols, and 2FA and SAML 2.0 authentication. The x86 CPU architecture and Linux-based OS support Guest OSes and Docker containers, so Nodegrid boxes can directly host third-party software for security, automation, orchestration. Both Nodegrid Manager and ZPE Cloud are also completely vendor-neutral, supporting third-party automation scripts and tools including RedHat Ansible, Chef, Python, Ruby, and more. Nodegrid can even extend ZTP and other automation to legacy infrastructure that otherwise wouldn’t support it.

Nodegrid’s open platform essentially makes it a customizable network management multi-tool that’s capable of consolidating many different software solutions and network services. The primary limitation to this vendor-neutrality is that some other providers may require the purchase of additional licenses to run their tools on the Nodegrid platform.

For a real-world example of Nodegrid’s ability to streamline network management, read our case study, Vapor IO: Re-architecting the Internet.
.

Pros

Cons

5G/4G LTE, Wi-Fi, POTS, or fiber OOB and failover support
On-premises or cloud-based software options
Robust hardware and software security including 2FA and SAML 2.0
x86 CPU and Linux-based OS support Guest OS and Docker containers
Vendor-neutral software integrates with third-party tools like Ansible, Chef, Python, and Ruby
Extends ZTP and other automation to legacy and mixed-vendor infrastructure

Other vendors may require additional licenses to run VNFs and other tools on Nodegrid

Vertiv Avocent DSView

The DSViewTM network management software works with Vertiv Avocent out-of-band serial consoles, the ACS 800 and ACS 8000, which use 4G LTE cellular for out-of-band management and failover. Like the other options on this list, DSView consolidates the management of connected network infrastructure in a single web-based platform. In addition to serial port control, this software also provides keyboard/video/mouse (KVM) and MIB-based (Management Information Base) controls. It also supports environmental monitoring via sensors, but ACS8000 serial console servers only come with one sensor port – and the ACS800 doesn’t have one at all.

DSView management software includes automation support for Zero Touch Provisioning (ZTP), SOAP API, Python, and Perl scripts, and automated PDU (power distribution unit) and UPS (uninterruptible power supply) management. It also provides console event logging and notifications, such as “dying gasp” alarms when systems unexpectedly lose power. However, the software is not extensible with third-party automation or orchestration integrations, and the ACS800 and ACS8000 serial console hardware solutions run on an ARM CPU architecture that can’t support VMs or Docker.
.

Pros	Cons
4G LTE OOB and failover support Environmental monitoring sensor support ZTP, SOAP API, Python, Perl, PDU, and UPS automation Serial, KVM, and MIB-based controls FIPS 410-2 cryptography and 2FA security	No support for third-party automation or orchestration Doesn’t run VMs or Docker containers Serial console lacks an embedded firewall

PerleVIEW

PerleVIEW network management software tools are based on Perle’s IOLAN SCG & SCR OOB console servers. The platform includes automated device discovery, automatic event handling, device scripting, ZTP, and collection of device statistics and health statuses. Perle focuses on meeting the FCAPS network management framework created by the International Organization for Standardization (ISO). FCAPS standards for Fault management, Configuration, Administration, Performance management, and Security management, and PerleVIEW’s features target each of these areas. For example, fault management is streamlined through automated event handling with customizable alerts and SNMP probes.

However, the software does not support any third-party integrations, limiting its automation and security capabilities. Aside from automated device discovery and event handling, PerleVIEW doesn’t offer any automation for end devices. It also doesn’t support two-factor authentication (2FA), and only supports single sign-on (SSO) for in-band connections.
.

Pros	Cons
4G LTE, Wi-Fi, POTS, or fiber OOB and failover support Automated device discovery, event handling, health and device log collection, and device scripting Integrates with SNMP NMS (network management station) Single sign-on for in-band connections only Follows FCAPS standards	No support for third-party automation or orchestration Doesn’t run VMs or Docker containers Lacks support for environmental monitoring sensors

Opengear Lighthouse

Lighthouse is a network management platform that works with Opengear console servers, such as the OM2200 Operations Manager and the CM8100. The base version of Lighthouse provides out-of-band management access, integrated SAML and AAA authentication, and integrations with third-party notification and alert systems. Lighthouse supports over 100 power vendors’ equipment to streamline PDU and UPS management, and the x86 processor can run Guest OSes and automation.

With additional licenses, Lighthouse software is extensible with Opengear NetOps modules that provide greater automation capabilities with support for Bash, Docker, Pearl, Python, and Ruby. The upgraded Automation edition also includes ZTP for end devices and RESTful APIs. Beyond that, however, automation and orchestration abilities are limited because Lighthouse isn’t vendor-neutral, and Opengear has a limited ecosystem of integrations.
.

Pros	Cons
4G LTE or fiber for OOB and failover Integrated SAML and AAA authentication Supports over 100 power vendors’ equipment x86 processor can run Guest OSes and automation Opengear NetOps modules and ZTP available for automation	Only upgraded Automation edition supports ZTP for end devices NetOps modules require additional licenses Limited integration ecosystem

Key takeaways

All four options on this list provide out-of-band (OOB) access to remote network infrastructure, giving teams a lifeline in case of production failures or outages. Vertiv Avocent’s DSView software provides some automation capabilities and environmental monitoring, but doesn’t support third-party automation, VMs, or Docker containers. PerleVIEW focuses on meeting FCAPS network management standards but has very limited automation and security capabilities. Opengear Lighthouse is extensible with NetOps modules and other automation features, but they require additional licenses or fees, and you’re limited to Opengear’s ecosystem of integrations.

ZPE Systems offers Nodegrid Manager as an on-premises application or ZPE Cloud as a cloud-based tool. Both options use vendor-neutral hardware and software to create an open platform you can customize with your favorite third-party apps and integrations. ZPE’s OOB network management software tools enable end-to-end automation over a highly secure and reliable out-of-band control plane for a more resilient network infrastructure.

Deploy the best OOB network management software tools with ZPE Systems

Reach out to ZPE to learn how to build a resilient network with Nodegrid OOB network management software tools. Contact Us

Living Spaces Furniture: Scaling to 50 sites with only 3 network staff

by Jordan Baker | Oct 27, 2023 | Case Studies, Consolidation, Failover Connectivity, Improve Network Security, Increase Productivity, Network Automation, Out of Band Management, Pillar 2 - Critical Remote, Remote Network Management, Simplify Branch Infrastructure, Streamline Deployments

Collapsing the stack and centralizing management helps Living Spaces accelerate scaling across the U.S.

Blake Johnson – Living Spaces Furniture Network Architect

“We’ve quadrupled business, but Nodegrid is actually shrinking our workload, especially as we implement new automation. It’s a gamechanger for network folks. Period.” — Blake Johnson, Network Architect, Living Spaces Furniture

Download the Case Study

Living Spaces is a prominent furniture retailer in the United States. Their store locations include large showrooms, where customers can view furnishings for indoor and outdoor spaces, and plenty of warehouse space for storing on-hand inventory. These locations must serve customers with responsive shopping experiences, which depend on the network infrastructure.

Increasing demand helped Living Spaces grow out of its home state of California, into states including Arizona, Colorado, Oklahoma, Texas, and others. Their out-of-band infrastructure was crucial to spinning up new locations and maintaining operations. But they faced a significant problem: this infrastructure was incredibly complex and costly, requiring many dedicated cellular and out-of-band devices at each location. See why their three-person network team needed a solution that could:

Reduce costs and eliminate the need for $300,000 per year in SIM contracts
Reduce workloads and risks, by centralizing management and minimizing entry points
Accelerate deployments by allowing automation

« Older Entries

Next Entries »

ZPE Solution Pathways

Discover Nodegrid