A third, less common approach is to deploy OOBM devices both top-of-rack and end-of-row. This makes the OOBM network highly resilient to both outages and ransomware attacks, providing a completely isolated management environment while maintaining the flexibility of a ToR deployment.
Out-of-band deployment best practices
The following best practices can help improve the flexibility, security, scalability, and resilience of out-of-band deployments.
Vendor-neutral platforms
Using vendor-neutral OOBM console servers helps consolidate data center management in a single platform. These devices can manage infrastructure from any vendor and integrate with third-party solutions for security, automation, troubleshooting, and more. Vendor-neutral OOBM deployments reduce management complexity and costs, while ensuring easy scalability.
OOBM security
OOBM devices and networks must be protected against compromise to keep bad actors from commandeering the control plane. The best practice is to use OOBM switches with strong hardware security, SAML integrations for multi-factor authentication (MFA) and single sign-on (SSO), embedded firewalls, and frequent firmware/software updates to patch new vulnerabilities.
Infrastructure automation
OOBM serial consoles should support automation to improve scalability and efficiency, while reducing complexity and recovery times. At a minimum, they need zero-touch provisioning (ZTP) to automatically configure new infrastructure devices over the network. Advanced solutions like the Nodegrid Serial Console Plus can also host or integrate third-party automation for things like configuration management, security monitoring, troubleshooting, and even AIOps.
Streamline your out-of-band deployment with Nodegrid
Nodegrid OOBM switches can be deployed top-of-rack, end-of-row, or both to improve the resilience of any data center architecture. They have an open architecture that can integrate and host other vendors’ software and virtualized network functions for security, automation, and much more. Nodegrid serial consoles and all connected devices can be remotely managed from a single, on-premises or cloud-based software platform, significantly reducing management complexity. Plus, Nodegrid is frequently patched and comes back with security features like BIOS protection, UEFI Secure Boot, self-encrypted disk (SED), Trusted Platform Module (TPM) 2.0, an embedded firewall, and SAML 2.0 integrations.