ZPE Systems’ Services Delivery Platform accelerates time-to-market

by Jordan Baker | Apr 25, 2023 | DevOps, Micro-segmentation, Network Automation, News & Announcements, Press Releases, SD-WAN, Secure Access Service Edge (SASE)

ZPE Systems’ Services Delivery Platform accelerates time-to-market with any app, anytime, anywhere

IT teams can deliver instant business value with the on-demand services delivery architecture

Fremont, CA, April 25, 2023 — ZPE Systems’ Services Delivery Platform is IT’s ‘easy’ button for delivering instant business value. Instead of deploying dedicated NGFW hardware and Intel® NUCs, ZPE’s Intel-based platform runs 3rd party apps at remote locations delivered via ZPE Cloud app marketplace. This speed and flexibility simplify global service delivery and fleet management for manufacturing, healthcare, finance, and other industries, where any app can be automatically deployed from the cloud.

Why is this important?

Private-cloud and on-prem services must run on dedicated systems, which causes infrastructure sprawl. This complexity pulls IT teams away from generating revenue, recovering from outages, and stopping ransomware attacks. Their job becomes managing low-level infrastructure and inefficient delivery pipelines. The Services Delivery Platform alleviates this by giving them the speed and flexibility to:

Secure remote locations with cloud-deployed pen test agents & other services
Segment edge networks regardless of interface type
Eliminate supply chain risks with hardened devices
Shrink attack surfaces with swift centralized patch management
Collapse device stacks into 1RU or less using virtual services

Graphic: ZPE’s Services Delivery Platform is represented as blue blocks. Examples of 3rd-party hosted apps are represented in white blocks under Ecosystem Apps.

The Services Delivery Platform brings to life Gartner’s concept of platform engineering. This platform-as-a-service model allows admins to tailor environments with the right apps for SD-WAN, NGFW, pen testing, and other functions, without battling vendor lock-in or changes in security posture. They also gain a consistent management experience across private-cloud and on-prem solutions.

Teams typically avoid platform engineering because there are no best practices for creating the proper control plane management network on secure devices.

ZPE Systems worked with Big Tech to define these best practices, which enterprises can now apply to private-cloud colo and edge deployments using the Services Delivery Platform. This establishes the resilient control plane management network and platform engineering component, both on a single, multi-function device connected to the cloud.

Enterprises accelerate revenue generation, reduce outage costs, and stop ransomware attacks using this architecture.

How does it work?

Nodegrid edge routers bring dedicated LAN and WAN links through multiple interface types (serial, ethernet, USB, IPMI). These create a secure control plane — a Double-RingTM management architecture — while eliminating the hardware attack surface with security features including TPM 2.0, encrypted disk, geofencing, and fully-signed Nodegrid OS.

This network is the foundation of the Services Delivery Platform. Along with hosting the management network, Nodegrid devices directly run VMs, containers, and any choice of app using the onboard multi-core Intel CPU and Linux-based Nodegrid OS. This OS also extends automation across environments and devices to give teams end-to-end activation and chaining of SASE, NGFWs, SD-WAN, and any cloud or on-prem solution.

“I’ve been in ops for a long time. Most of your day is spent just figuring out how to get your environments to work right,” says James Cabe, Director, Technical Alliances at ZPE Systems. “The Services Delivery Platform is a game-changer. The whole thing sits right on the Nodegrid box and you can switch or swap out services whenever you need to. Just choose what you want to deploy and go. It’s all done via separate control plane with no attack surface and no exposure to the Internet.”

Where can I find more information?

Go to zpesystems.com/services-delivery-platform to learn more about the Services Delivery Platform.

If you’re attending RSA Conference April 24-27, visit ZPE Systems at booth 4125 between north and south halls and ask for a demo. Use this code for free RSA expo pass: 52EZPESYSXP

Zero Touch Deployment Cheat Sheet

by Jordan Baker | Apr 19, 2023 | Consolidation, Data Center Management, DevOps, EdgeOps, Failover Connectivity, Network Automation, Remote Network Management, Scripting, SD-WAN, Secure Access Service Edge (SASE), Security Service Edge (SSE), Simplify Branch Infrastructure, Streamline Deployments, Vendor Neutral Platform, Virtualization, Zero Touch Provisioning (ZTP)

Zero touch deployment is meant to make admins’ lives easier by automatically provisioning new devices. However, many teams find the reality of zero touch deployment much more frustrating than manual device configurations. For example, zero touch deployment isn’t always compatible with legacy systems, can be difficult to scale, and is often error-prone and difficult to remotely troubleshoot. This post provides a “cheat sheet” of solutions to the most common zero touch deployment challenges to help organizations streamline their automatic device provisioning.

Zero touch deployment cheat sheet

Zero touch deployment – also known as zero touch provisioning (ZTP) – uses software scripts or definition files to automatically configure new devices. The goal is for a team to be able to ship a new-in-box device to a remote branch where a non-technical user can plug in the device’s power and network cables, at which point the device automatically downloads its configuration from a centralized repository via the branch DHCP server.

In practice, however, there are a variety of common issues that force admins to intervene in the “zero touch” deployment. This guide discusses these challenges and advises how to overcome them to achieve truly zero touch deployments.

Zero touch deployment challenge:	The solution:
Legacy systems don’t have native support for zero touch	Extending zero touch to legacy systems using a vendor-neutral platform
Deployment errors result in costly truck-rolls	Recovering from errors remotely with Gen 3 out-of-band (OOB) management
Securing remote deployments causes firewall bottlenecks	Moving security to the edge with Zero trust gateways and Secure Access Service Edge (SASE)
Automating deployments at scale increases management complexity	Maintaining control through centralized, vendor-neutral orchestration with version control

Extend zero touch to legacy systems with a vendor-neutral platform

Challenge

Solution

While many new systems and networking solutions support zero touch deployment, sometimes there’s still a need to repurpose or reconfigure legacy systems that don’t come with native ZTP support.

Pre-staging these devices before shipping them to the branch is a security risk because the system could be intercepted in transit; plus, they’re likely already deployed at remote sites and need to be reconfigured in place. Without a way to extend zero touch deployment capabilities to those legacy systems, companies often have to pay for admins to travel to remote branches, negating any cost savings they were hoping to gain from reusing older devices.

One way to extend zero touch to legacy systems is with a vendor-neutral management platform. For example, a vendor-neutral serial console switch with auto-sensing ports can connect to modern and legacy infrastructure solutions in a heterogeneous branch deployment so they can all be managed from a single place.

From that unified management platform, admins can write and deploy configuration scripts to connected devices, including legacy systems that don’t support zero touch. Technically, this isn’t zero touch deployment because the system doesn’t automatically download and run its configuration file, but it’s still a way to turn an on-site, manual process into one that’s remotely activated and mostly automated.

Recover from deployment errors with Gen 3 OOB management

Challenge

Solution

A new branch deployment almost never goes completely according to plan, and this is especially true when teams are using zero touch for the first time, or aren’t completely comfortable with software-defined infrastructure and networking. In the best-case scenario, when there’s a configuration error, the zero touch deployment aborts, and an admin is able to correct the problem and restart the process.

However, sometimes the deployment hiccup causes the device to hang, freeze, or get stuck in a reboot cycle. Or, even worse, an unnoticed error in the configuration could allow the deployment to finish successfully but then go on to affect other production dependencies and bring the entire branch network down. Either way, organizations must again deal with the expenses involved in sending a tech out to troubleshoot and fix the problem.

The best way to ensure continuous access to remote infrastructure is with out-of-band (OOB) management. An OOB solution, such as a serial console or all-in-one branch gateway, connects to the management ports on infrastructure devices so admins can remotely monitor and control every device from a single place without IP addresses.

This creates a separate (out-of-band) network that’s dedicated to management and troubleshooting, making it possible for teams to remotely recover devices that have failed the zero touch deployment process or brought down production LAN dependencies. Plus, the OOB gateway uses independent, redundant network interfaces to ensure admins still have remote access even if the production WAN or ISP link goes down.

To ensure full OOB management coverage of a heterogenous, mixed-vendor environment, the out-of-band solution should be completely vendor-neutral. An open OOB device also supports integrations with third-party solutions for automation, orchestration, and security. This kind of out-of-band platform is known as Gen 3 OOB. Gen 3 OOB management ensures that teams can remotely recover from zero touch deployment errors no matter what device is affected or how the production network is impacted.

Secure remote deployments with zero trust gateways and SASE

Challenge

Solution

Organizations need to secure all devices at all remote sites using consistent policies and security controls. However, for smaller branches and IoT sites, it usually isn’t cost-effective to deploy a security appliance in each location.

Plus, adding more firewalls also adds more management complexity. That means traffic is usually backhauled through the main data center firewall, creating bottlenecks and causing network latency for the entire enterprise.

Using zero trust gateways and cloud-based security services, companies can move security to the branch without the cost and complexity of additional firewalls. An all-in-one, zero trust gateway solution combines SD-WAN, gateway routing, and OOB management in a single device. It also supports zero trust authentication technologies like SAML 2.0 and 2FA. A zero trust gateway also needs to support network micro-segmentation, which will allow the use of highly specific security policies and targeted security controls. Plus, by enabling software-defined wide area networking (SD-WAN), a zero trust gateway facilitates the use of SASE.

Secure Access Service Edge (SASE) is a cloud-based service that combines several enterprise security solutions into a single platform. Zero trust gateways use SD-WAN’s intelligent routing capabilities to detect branch traffic that’s destined for the cloud or web. This traffic is directed through the SASE stack for firewall inspection and security policy application, allowing it to bypass the main security appliance entirely. SASE helps reduce the load on the enterprise firewall, reducing bottlenecks and improving performance without sacrificing security.

Scale zero touch deployments with centralized orchestration

Challenge

Solution

Zero touch deployments occur (at least in theory) without any admin intervention, but they still need to be monitored for failures. Keeping track of a handful of automatic deployments may seem easy enough, but as the number and frequency increases, it becomes more challenging. This is especially true when companies kick off large-scale expansions, deploying dozens of devices at once, all of which could be plugged in at any time to begin the automated provisioning process. Plus, different devices need different configuration files, and admins need a way to work together without overwriting each other’s code or duplicating each other’s efforts.

A vendor-neutral orchestration platform provides a central hub for network and infrastructure automation across the entire enterprise. This platform uses the serial consoles and OOB gateways in each remote location to gain control over all the connected devices, so network teams can monitor and deploy all their zero touch configurations from one place. An orchestration platform is the single source of truth for all automation, so it needs to support version control. This ensures that admins can see who created or changed a configuration file and revert to a previous version when there’s a mistake.

Simplifying zero touch deployment with Nodegrid

Zero touch deployment can be a hassle, but using vendor-neutral management systems, Gen 3 OOB management, zero trust gateways, and centralized orchestration can help organizations overcome the most common hurdles. For example, a vendor-neutral Nodegrid branch gateway deployed at each remote site helps you extend automation to legacy systems, provides fast and reliable out-of-band access to recover from issues, enables zero trust security & SASE, and gives you unified orchestration through the Nodegrid Manager (on premises) and ZPE Cloud software.

Ready to learn more about zero touch deployment?

Nodegrid has a solution for every zero touch deployment challenge. Schedule a demo to see how Nodegrid’s vendor-neutral platform can simplify zero touch deployment for your enterprise.

ZPE Systems Partners with Atsign to Add Zero Attack Surface Technology

by Jordan Baker | Apr 19, 2023 | News & Announcements, Press Releases

ZPE Systems Partners with Atsign to Add Zero Attack Surface Technology to Industry-Leading Infrastructure Management Solutions

ZPE Systems and Atsign to demonstrate solution at RSA Conference (booth 4125) April 24 – 27, 2023

FREMONT, Calif. and SAN JOSE, Calif., April 19, 2023 (GLOBE NEWSWIRE) — ZPE Systems, the leading provider of open infrastructure management solutions, and Atsign, a leading provider of privacy and security solutions, have announced a strategic partnership. This partnership combines ZPE’s award-winning networking solutions with Atsign’s cutting-edge security technology, to help customers achieve zero attack surface.

This joint solution enables organizations to manage network infrastructure from anywhere in the world, and with zero open TCP/UDP ports or static IP addresses. Attackers cannot identify or fingerprint the device or services. This stops adversaries from persisting or moving inside your organization. Pairing ZPE with Atsign enhances efficiency and security, giving customers access to comprehensive network management and security features that include advanced authentication and access control, centralized management of user accounts, and real-time monitoring and alerting.

“We are thrilled to partner with Atsign and help customers address the growing complexity of network management and security,” said James Cabe, Director Global Alliances and Strategic Sales at ZPE Systems. “Atsign’s advanced security technology allows organizations to easily deploy our joint solution and implement the highest level of security possible, while streamlining network management.”

“We are excited to partner with ZPE Systems to deliver world-class security to their world-class network infrastructure solution,” said Kevin Nickels, CPO of Atsign. “Our network security solution will enable customers to take advantage of ZPE’s network routing and administration tools with peace of mind knowing their systems are completely secure.”

The joint solution will be shown at the RSA conference (ZPE booth 4125) in San Francisco April 24 – 27, 2023. More information can be found at https://zpesystems.com/company/events/rsa-conference-2023/

About Atsign

Atsign is an award-winning technology company that believes the privacy and security of every person, organization, and device is a fundamental right, and they’re working towards making it a reality. They won the 2022 IoTSF Champion award and the 2023 IoT Global Award for Securing IoT. For more information, visit www.atsign.com.

About ZPE Systems

ZPE Systems provides the best, most resilient, and secure solutions that support infrastructure reliability and holistic security for medium to large enterprises and digital service providers. 6 of the top 10 global tech giants trust ZPE Systems’ Cybersecurity Delivery Platform for Automated Zero-day Infrastructure Patching and Ransomware Recovery & Remediation for Datacenter, Edge, OT, and MSPs. ZPE Systems solutions eliminate human error and allow IT to easily manage, secure, and scale a resilient infrastructure with Intel-based serial consoles, services routers, sensors, zero-touch zero-trust provisioning and cloud-managed out-of-band automation. For more information, visit www.zpesystems.com.

Streamlining Remote Data Center Management

by Jordan Baker | Apr 14, 2023 | Consolidation, Data Center Management, Failover Connectivity, SD-WAN, Secure Access Service Edge (SASE), Simplify Branch Infrastructure, Vendor Neutral Platform, Virtualization

With the tech industry in turmoil and an ongoing recession forcing cutbacks, many sysadmins and engineers are struggling to efficiently manage their data center infrastructure. Overworked admins are more likely to make mistakes and issues are more likely to fall between the cracks, making the enterprise network less resilient. In the current economy, businesses can’t afford to lose revenue due to data center outages, and that’s why it’s crucial to invest in the tools teams need to efficiently manage and monitor remote infrastructure.

This blog explains how to streamline remote data center management using technologies like out-of-band (OOB) management, automation, orchestration, and AIOps to ensure network resiliency.

Table of Contents

How to streamline remote data center management
Streamlining remote data center management with ZPE Systems

How to streamline remote data center management

Out-of-band management

Organizations commonly deploy redundant internet connections at their data centers to provide network failover, ensuring business continuity in case the primary ISP suffers an outage. However, if the data center WAN or LAN goes down due to an equipment failure, configuration mistake, or security breach, network failover won’t help admins solve the problem. If remote data center devices are unable to get an IP address, then they’ll be unreachable on the production network, leaving remote teams without a way to diagnose and fix the issue. That means expensive truck rolls or on-site managed services, plus the revenue and reputation costs of extended downtime.

What’s needed to ensure business continuity and reduce the cost of outages is an out-of-band (OOB) management network that doesn’t rely on any production infrastructure. The most efficient way to accomplish this is with Gen 3 OOB serial consoles. These systems include redundant network interfaces – often using cellular – to ensure continuous remote access even if the production ISP or MPLS link goes down. An OOB serial console directly connects to data center infrastructure devices via the serial port, which means remote admins can access and manage them without an IP address. The result is that remote data center management teams can diagnose and fix problems without traveling on-site, saving money on recovery costs as well as reducing the duration and business impact of outages.

Plus, an OOB management network can be used to execute resource-intensive automation and orchestration workflows without using valuable MPLS bandwidth or affecting production network performance. Gen 3 serial consoles are vendor-neutral and support the use of third-party automation scripts and playbooks, giving remote data center teams a centralized orchestration platform for more streamlined infrastructure and network management.

Infrastructure and network automation

Staff cutbacks have left data center teams stretched paper-thin, and reduced budgets mean they’re being asked to do more with less. When admins are overworked with many tedious, manual tasks, they’re more likely to make mistakes. These mistakes are a major cybersecurity threat, with Microsoft estimating that up to 80% of ransomware attacks are caused by misconfigured devices, applications, and security systems.

Automation helps remediate human error by taking over the repetitive, tedious workflows that computers are best at, leaving admins and engineers free to handle the creative, intuitive work that only humans can accomplish. For example, teams can use infrastructure as code (IaC) and zero touch provisioning (ZTP) to turn data center device configurations into software scripts that are deployed and executed automatically. Automated configuration management tools can then monitor these devices for changes that might introduce a security vulnerability and then automatically roll-back to the last known good configuration. Teams can also use software-defined networking (SDN) and software-defined wide area networking (SD-WAN) to automate traffic management and optimization, load balancing, access control list (ACL) updates, and other network management workflows.

Automation makes it possible for small network operation centers (NOCs) and data center teams to efficiently control large and distributed enterprise deployments. While network automation hasn’t quite caught up to infrastructure automation in terms of adoption and tool maturity, the use of vendor-neutral devices and platforms allows teams to use their existing IaC and configuration management tools to deploy and control network devices like routers, switches, load balancers, and security appliances. Vendor-neutral solutions also make it easier to implement centralized orchestration to manage automation workflows across the entire network architecture.

Centralized orchestration

Automation’s goal is to streamline data center management, but when it’s not handled correctly, it can easily wind up overcomplicating things instead. If admins aren’t monitoring their automated workflows, there could be changes occurring without any human oversight, leading to potential security risks and making it harder to perform root-cause analysis (RCA) when issues arise. In addition, without an organized, centralized repository for network automation scripts and configurations, engineers could end up duplicating each other’s work and negating any productivity gains. Plus, having a fragmented automation architecture makes it impossible for admins and security analysts to holistically monitor and manage the enterprise network.

Centralized orchestration provides a single platform from which to deploy, monitor, and manage automation across data center deployments and distributed network architectures. A data center infrastructure orchestration platform should include:

⮕ Source code version control – A centralized repository for automation scripts that tracks changes and acts as a single source of truth for the entire automated infrastructure.
⮕ Vendor-neutral orchestrator – A tool that controls all of the automated workflows in a data center deployment, essentially automating the automation.
⮕Visibility & analytics – Dashboards where admins can monitor automated workflows, view current device health and network performance, and gain insights from their AIOps and big data tools.

To ensure optimal coverage and efficiency, the source code repository must be compatible with the chosen scripting language(s), the orchestrator must support any IaC playbooks, and the visibility tools must be able to hook into all systems, applications, and devices in the data center. That means the orchestration platform should be vendor-neutral.

AIOps

Data center infrastructure, and the platforms used to monitor and manage it, all generate a lot of logs. The data contained in these logs can provide valuable insights about the health, performance, and security of that infrastructure, but only if teams have the ability to collect and analyze it. Unfortunately, human beings aren’t very adept at parsing vast quantities of data to spot and predict patterns. However, humans have designed artificial intelligence to pick up the slack.

Artificial intelligence for IT operations – or AIOps – uses technologies like machine learning (ML) and natural language processing (NLP) to analyze logs from data centers and network infrastructure. AIOps pulls data from sources such as monitoring and orchestration platforms, environmental monitoring sensors, and firewall logs, then utilizes that data to provide business insights, predict future outcomes, and make decisions to solve problems.

AIOps is a relatively new technology and as such its capabilities continue to evolve. However, data center teams are currently using AIOps for things like enhanced threat modeling, automatic root cause analysis, and intelligent performance monitoring. For overworked and understaffed data center teams, AIOps essentially acts as an extra brain devoted to the monitoring and analysis of automated infrastructure.

Streamlining remote data center management with ZPE Systems

A resilient enterprise network uses out-of-band (OOB) management, automation, orchestration, and AIOps to streamline remote data center management and ensure business continuity. The backbone of such an architecture is vendor-neutral solutions, such as the Nodegrid platform from ZPE Systems. Nodegrid serial consoles provide Gen 3 OOB management with complete vendor freedom, so you can control any device, deploy your choice of automation scripts and playbooks, host third-party security and AIOps solutions, and unify the management of all of the above with a single orchestration platform.

Ready to learn more about data center management?

To learn more about remote data center management with Nodegrid, contact ZPE Systems today.

Need an in-depth guide to building a more resilient network infrastructure? Fill out the form below to download the Network Automation Blueprint from ZPE Systems.

ZPE Systems keeps first responders mission-ready with FirstNet certification

by Jordan Baker | Apr 11, 2023 | News & Announcements, Press Releases

ZPE Systems keeps first responders mission-ready with FirstNet certification

Public safety organizations can now take advantage of FirstNet Band 14 using ZPE’s powerful yet compact edge routers

What’s the news?

Fremont, CA April 11, 2023 — ZPE Systems, a leading provider of software and hardware for network infrastructure management, is proud to announce that they are now a certified partner of FirstNet, Built with AT&T, America’s public safety wireless communications provider. Public safety and critical infrastructure organizations nationwide use ZPE’s Nodegrid devices, and this partnership ensures that first responders remain mission-ready with first-priority 4G & 5G connectivity via Nodegrid.

Roger Rustad, Western Division Director at ITDRC, says, “ZPE’s Nodegrid devices are the most powerful and portable Edge security devices in our inventory. They far exceeded our expectations for connecting our fleet, and provide us with a local compute environment along with multiple cellular modems that enable us to leverage multi-carrier redundancy, including FirstNet Band 14.”

Why is this important?

No connection is more important than one that could help save a life. Today, FirstNet serves more than 24,000 agencies and organizations — with more than 4.4 million connections — and solves longstanding communications challenges involving interoperability, network congestion, and commercial network providers slowing public safety’s data connection. This partnership ensures fire, EMS, law enforcement, and other organizations equipped with Nodegrid get superior coverage for day-to-day response and life-saving missions.

FirstNet offers distinct advantages over commercial offerings, with unique features, functionality, and dedicated spectrum needed by the public safety community. Similarly, ZPE’s Nodegrid offers distinct advantages over typical network infrastructure and management solutions. Its Services Delivery Platform allows network engineers to deploy any app at any time, such as for communications services and critical infrastructure monitoring, to ensure fast, reliable connectivity around the clock. Additionally, its Gen 3 out-of-band gives low-level access to hardware to ensure survivability, and extends zero touch deployment and continuous maintenance capabilities to every piece of critical equipment, adding another layer of resiliency to support the public safety mission.

ZPE Systems supports the mission with innovative, small form-factor networking devices ideal for ambulances, police cruisers, and self-contained crisis-response kits, where physical space is extremely limited. The Nodegrid Mini SR is as small as a smartphone, but provides Ethernet, Wi-Fi, and 4G/LTE connectivity, with onboard computing resources for hosting mission-critical apps and containers at the farthest network edge. The slightly larger Nodegrid Hive SR offers dual-concurrent 4G or 5G modems with quad-SIM slots, along with SD-WAN features that ensure always-on connectivity even in challenging circumstances.

Image: Nodegrid Mini SR

All Nodegrid appliances pair with ZPE Cloud, which is a secure file repository and orchestration solution. This gives organizations push-button simplicity to automatically deploy their nationwide device fleet, along with easy management of global devices via centralized dashboard.

Where can I find more information?

Learn more about ZPE Systems’ FirstNet certification. If you’re attending RSA Conference April 24-27, visit ZPE Systems at booth 4125 and ask for a demo.

To learn more about America’s public safety network, check out FirstNet.com or click here for FirstNet news.

« Older Entries

Next Entries »

ZPE Solution Pathways

Discover Nodegrid