As inflation rises, new business declines, and another COVID-19 surge looms on the horizon, many organizations are bracing for a recession. CIOs and IT managers are having to do more with less—less staff, less budget for upgrades and repairs, and less access to on-site infrastructure. Despite these restrictions, they still need to ensure the 24/7 availability and optimal performance of enterprise network resources as any amount of downtime could severely impact business revenue.

The ability to continue providing digital services in less-than-ideal situations is known as network resiliency. Network automation is a key tool for ensuring resiliency during staffing shortages and lockdowns, and a network automation framework provides the tools and methodologies needed to create a fully-automated network infrastructure.

The four building blocks of a resilient network automation framework include:

1. IT/OT production infrastructure
2. Automation infrastructure
3. Orchestration infrastructure
4. AIOps

We’ve previously discussed the role of IT/OT production infrastructure in network automation and how an IT/OT convergence strategy accelerates network automation. In this post, we’ll describe the automation infrastructure components that enable end-to-end network automation. Future blogs will explain how the orchestration infrastructure layer and AIOps layer build upon these components to ensure business resiliency.

What is automation infrastructure?

Automation infrastructure is composed of all the hardware and software solutions that enable automation to occur. These solutions target the IT and OT production infrastructure and automate some or all of their workflows.

Key automation infrastructure components

There are a variety of hardware and software solutions that provide automation capabilities for specific workflows, use cases, and deployment models. As part of a resilient network automation framework, the most important automation infrastructure components include:

Gen 3 OOB serial consoles

Serial consoles are typically installed in data centers and used to manage other devices over a serial cable connection. They create an out-of-band management (OOBM) network that’s dedicated to troubleshooting, management, and orchestration traffic, and which is accessible via a secondary internet connection (often using cellular). This secondary connection ensures administrators always have remote management access to critical data center infrastructure even when the primary ISP, WAN link, or production LAN goes down. That means businesses can recover from outages faster and without dispatching expensive truck rolls.

The latest generation of serial consoles, Gen 3, gives administrators the ability to automate workflows on all data center infrastructure. Gen 3 serial consoles are vendor-neutral, which means they can extend their automated management capabilities to any vendor’s device. That vendor neutrality also means that Gen 3 serial consoles support custom scripts and third-party automation tools in addition to whatever automation capabilities are built-in.

For peak resiliency, data center deployments should follow a two-tier OOB architecture. That means each rack of IT/OT production infrastructure should connect to its own Gen 3 serial console, which provides OOB management access and automation. These top-of-rack serial consoles should then connect to an OOB appliance in the middle or end of the row. This ensures OOBM access for the top-of-rack appliances and creates an additional layer of redundancy and resiliency.

Another important aspect of Gen 3 serial consoles is security. Since serial consoles provide comprehensive management access to critical infrastructure, they’re a tempting target for cybercriminals. A secure Gen 3 OOBM solution includes:

• → Integration support for third-party security solutions like next-generation firewalls (NGFWs), security service edge (SSE), and SAML 2.0
• → An up-to-date operating system (OS) kernel that’s frequently patched by the vendor when vulnerabilities are identified
• → Onboard firewall functionality to inspect traffic on both the OOB network and the production network
• → Hardware security features like encrypted boot sequences and BIOS protection to prevent unauthorized access on stolen serial consoles

Gen 3 OOB serial consoles are the automation infrastructure components that enable automation and resiliency for data center deployments at the core of enterprise networks.

SD-WAN gateway routers

A gateway router is used to connect a LAN infrastructure to the internet and the enterprise WAN architecture. As part of a resilient network automation framework, all gateway routers should support SD-WAN (software-defined wide area networking).

SD-WAN separates the control and management processes from underlying WAN hardware and virtualizes them as software. SD-WAN uses features like application awareness and guaranteed minimum bandwidth to automatically optimize network performance. An SD-WAN solution can also use automatic load balancing and failover to ensure continuous availability in the event of a localized failure or data center outage.

SD-WAN is usually a cloud-based service that delivers centralized management and orchestration of automated workflows. This service runs on top of the gateway routers deployed at each site.

An SD-WAN gateway router is a key automation infrastructure component for the main office, data center, branch, and edge deployments because it enables automated WAN management and orchestration. An all-in-one cloud-managed gateway router is particularly useful for OT automation in remote facilities like warehouses and factories because it provides SD-WAN capabilities, OOBM, and routing in one multi-function device.

Monitoring, visibility, and analytics

Monitoring and visibility solutions give administrators virtual eyes and ears on remote network infrastructure. As part of a resilient network automation framework, a visibility solution should be vendor neutral so it can dig its probes into any device in a mixed vendor environment. It should also include environmental monitoring sensors that collect data on conditions in the rack.

Device monitoring and environmental sensors give administrators the ability to detect potential issues and respond quickly to prevent outages. Monitoring and visibility solutions also collect valuable data that can feed into the AIOps building block of the network automation framework.

Infrastructure as Code

Infrastructure as Code, or IaC, uses software abstraction to decouple infrastructure configurations from the underlying hardware. Configurations are written as scripts or definition files that automatically provision virtual machines (VMs), containers, or software-defined networking (SDN) devices. An IaC definition file can be deployed repeatedly, which means many identical resources can be spun up quickly while ensuring consistent configurations. An IaC config can also undergo automatic security testing before it’s deployed to any devices to prevent vulnerabilities from affecting production.

Another important aspect of IaC is automatic configuration management. Configuration management solutions like RedHat Ansible allow administrators to define the desired state of a system or network resource. The configuration management tool continuously monitors the resource to detect unauthorized changes, which might be made by a careless sysadmin or could be a sign of a malware infection. As soon as the change is detected, the configuration management solution uses a programmatic playbook to take whatever actions are needed to restore the system to its proper state.

IaC helps ensure network resiliency by reducing human error in device configurations and updates, as well as by enabling the use of pre-production automated security vulnerability scanning and configuration management. Infrastructure as Code also facilitates another key automation infrastructure component—immutable infrastructure.

Immutable infrastructure

In-place system and device updates are a common cause of hangs or failures which can be challenging to resolve remotely. Immutable infrastructure resolves this problem by eliminating updates and configuration changes altogether. Immutable infrastructure refers to virtual systems and network resources that are never changed in place. If an immutable resource has an issue or vulnerability, or if its OS is out of date, an entirely new resource is spun up and the old one is simply deleted.

IaC is an immutable infrastructure best practice because it gives administrators the ability to provision many devices very quickly and with identical configurations. Immutable infrastructure is secure, easy to deploy, and resilient to failure, making it an important part of the network automation framework.

Why Nodegrid is a key automation infrastructure component

The automation infrastructure building block of the network automation framework relies on vendor-neutral OOBM devices like gateway routers and Gen 3 serial consoles that extend automation to converged IT/OT production infrastructure. These devices must also support monitoring and visibility solutions, Infrastructure as Code with configuration management, and immutable infrastructure.

For example, the Nodegrid platform from ZPE Systems includes OOB management hardware for a variety of data centers, branch, and edge deployments. Nodegrid serial consoles, such as the NSCP, can dig their hooks into any device in your data center to enable end-to-end network automation. A Nodegrid Gen 3 OOB serial console can even extend IaC and immutable practices to legacy devices to ensure resiliency without expensive forklift upgrades.

Nodegrid services routers, such as the Mini SR, are compact edge gateways that deliver SD-WAN support, OOBM, and cloud management capabilities to IT/OT infrastructure in smaller branch office and edge data center deployments. Nodegrid SRs can help you consolidate an entire rack of branch infrastructure into a single device to reduce management complexity, CapEx, and OpEx.

Nodegrid out-of-band is delivered via WiFi, Ethernet, or 5G/4G LTE to ensure administrators have fast and reliable access to remote infrastructure. All Nodegrid OOB devices are protected by robust hardware security features like BIOS protection, UEFI Secure Boot, geofencing, disk encryption, and TPM 2.0. Plus, Nodegrid supports integrations with Zero Trust Security solutions like identity and access management (IAM) and SAML 2.0, as well as providing an on-ramp to SSE.

Nodegrid serial consoles and services routers also include interfaces for environmental monitoring sensors to collect crucial data about conditions in your rack. These sensors, as well as any other connected devices, can all be observed and managed from a single, centralized monitoring and reporting platform.

What makes Nodegrid a crucial element of automation infrastructure is its ability to directly host Infrastructure as Code and automated configuration solutions, including Ansible, Chef, Puppet, SaltStack, Monit, and Docker. Nodegrid appliances can then extend the capabilities of the IaC solution to any of the modern, legacy, and mixed-vendor devices it manages.

ZPE’s Network Automation Blueprint

Automation infrastructure works together with IT/OT production infrastructure, orchestration, and AIOps to ensure network resiliency during uncertain times. The Network Automation Blueprint from ZPE Systems provides a reference architecture for achieving Gartner’s definition of hyperautomation as well as meeting the Open Networking User Group (ONUG) Orchestration and Automation recommendations.

In future blog posts, we’ll discuss the remaining two building blocks of the Network Automation Blueprint in depth. In the meantime, you can read about IT/OT production infrastructure or click here to get a sneak peek of the blueprint, which includes a 10-step checklist to get started with automation now.

Want to learn more about key automation infrastructure?

To learn more about Nodegrid as a key automation infrastructure component, contact ZPE Systems today.

Contact Us

Edge computing and machine learning technologies are helping organizations use their data more efficiently and effectively. In this blog, we’ll explain what edge computing is and discuss how it’s used with machine learning to improve performance and keep data secure. We’ll also explore two different edge computing deployment models for machine learning and provide advice on how to manage them.

What is edge computing?

For many modern enterprises, most of their data is no longer generated in a centralized data center or office building. These days, that data comes from IoT devices, “smart” industrial systems, and other remote locations around the globe. Transferring all that data to and from a central data center for processing can introduce latency and negatively impact performance. Transmitting sensitive data over the internet also increases the risk of interception by hackers.

Edge computing moves computational power closer to the source of data so that data doesn’t need to be sent to a separate location for processing. The benefit of edge computing is that data doesn’t need to travel as far, which translates to less latency and improved application performance. Plus, the data stays behind the firewall on the local network, reducing security risks.

What is edge computing for machine learning?

Machine learning (ML) is powered by data, and with data moving to the edge of enterprise networks, machine learning needs to decentralize as well. Edge computing for machine learning places ML applications closer to remote sources of data. The benefits of edge computing for machine learning are the same for edge computing in general, just supercharged.

Machine learning requires data to make intelligent predictions and decisions. In many cases, that data originates from the edge of the network. For example, the healthcare industry uses ML algorithms to analyze health data from smart devices in hospitals and clinics around the world, sometimes in hard-to-reach and politically unstable regions.

Getting patient health data from these remote facilities back to a centralized data center for machine learning processing can be very challenging, especially if the internet infrastructure is outdated or inconsistent. In addition, this data is personal and sensitive, and healthcare organizations are obligated to ensure its protection, so transferring it over uncertain internet connections is too risky.

Instead, organizations can install the ML algorithm on servers in each remote facility, or even on the smart devices themselves. This drastically reduces their reliance on outside network infrastructure for running machine learning workloads, which improves performance and ensures patient health data stays private.

How to deploy edge computing for machine learning

There are two basic deployment models for machine learning at the edge.

A traditional edge machine learning deployment uses one or more racks of heavy-duty servers with high-performance machine learning processing units. This deployment model is best suited to large ML workloads that process massive amounts of edge data.

A “thin” or “nano” edge machine learning deployment runs on smaller servers or multi-purpose devices that share rack space with other edge infrastructure. This deployment model is more cost-effective and works best for smaller ML workloads in buildings where space is limited.

For either deployment model, you need a solution in place for remote management so administrators can maintain and troubleshoot edge infrastructure without traveling on-site. The best way to ensure reliable management access is through out-of-band (OOB) management. OOB management creates a separate network dedicated to remote management and troubleshooting, and that  provides an alternative path to remote infrastructure (typically via cellular LTE) in case the primary ISP or WAN link goes down.

Through that OOB management network, you can orchestrate workloads, push out security patches, and monitor the health and performance of edge infrastructure.

Deploy and manage edge computing machine learning infrastructure with Nodegrid

The Nodegrid Net Services Router (NSR) from ZPE Systems supports both traditional and nano edge computing machine learning deployment models. The NSR is a modular and customizable solution that delivers OOB management, cellular failover, edge routing and switching, and automation in a single device.

You can use the NSR’s serial console modules to monitor, manage, and orchestrate an entire rack of edge machine learning servers. For less intensive workloads, you can use the edge compute module to host ML applications, virtual machines, and Docker images.

Either way, you can take advantage of 5G/4G LTE to ensure fast and reliable OOB access and cellular failover. The NSR is also secured by Zero Trust features like SAML 2.0 integration and BIOS protection to keep edge machine learning data protected.

Ready to learn more about 5G/4G LTE to ensure fast and reliable OOB access?

To learn more about edge computing for machine learning with Nodegrid, contact ZPE Systems today.

Contact Us

Cellular failover is critical for business continuity because it ensures uninterrupted internet access even if the primary ISP connection goes down. When looking for an enterprise cellular failover solution, you’re likely to see the terms “cellular failover router,” “cellular failover bridge,” and “cellular failover gateway” used somewhat interchangeably. These three types of devices offer similar (and often overlapping) capabilities, which can make it difficult to tell which is the best option for your particular use case. In this post, we’ll define and compare these different cellular failover devices before discussing the best option for business continuity.

Cellular failover router vs. cellular failover bridge vs. cellular failover gateway

Let’s define the network functions provided by these devices and describe how cellular failover fits in. We’ll start with bridges, which provide the least amount of functionality.

What is a cellular failover router?

This router connects multiple LANs together but can also forward traffic to and from locations outside the domain. It forwards packets on the network layer of the OSI model (layer 3) using IP addresses. A basic router does not provide access to the internet—it must route traffic through a modem to forward packets outside of the LAN.

A cellular failover router provides a secondary internet connection over which traffic can be routed if the primary ISP link goes down. It includes a cellular modem for internet access as well as IP routing capabilities, giving it more functionality than a cellular failover bridge. Since cellular failover routers combine a modem and router into a single device, they’re often referred to as cellular failover gateways.

What is a cellular failover bridge?

A network bridge connects multiple local area networks (LANs) into a single domain but is not capable of moving data outside of the domain. It forwards frames on the data link layer of the OSI model (layer 2) using MAC addresses (also known as physical or hardware addresses).

A cellular failover bridge is essentially a device that connects the primary network to the cellular failover network so LAN devices can access that network if the ISP connection goes down. Usually, these come in the form of cellular modems configured in bridge mode. A cellular modem in bridge mode provides internet access via the cellular LTE network and gives devices on the LAN a link (or “bridge”) to cross over to that cellular network. It does not provide routing functionality itself, however, so it needs the primary router for that.

Fig. 1: A basic network topology using a cellular modem in bridge mode for failover.

What is a cellular failover gateway?

A gateway is a device that connects multiple networks with different transmission protocols together. All traffic flowing into and out of an enterprise network must pass through a gateway. Network gateways combine the functionality of a modem and a router, so they provide both an internet connection and the ability to route packets to and from IP addresses. That’s why cellular failover routers—which combine a cellular internet connection and IP routing—are frequently called cellular failover gateways.

Fig. 2: A basic network topology using a cellular failover gateway router

Cellular failover routers/gateways also function as cellular failover bridges, but the reverse is not true. A cellular failover bridge must rely on an external router for IP-based packet forwarding.

Why choose an integrated cellular failover device?

Generally speaking, the terms cellular failover router, bridge, or gateway refer to standalone devices. Often, they’re designed to provide simple cellular connectivity and rely on the primary router/gateway in order to function, such as Cradlepoint cellular failover adapters. Another option is to get a standalone cellular gateway, such as a Meraki, that you deploy alongside your primary router and fail traffic over to when the primary connection goes down.

In both cases, you’re investing in a single-purpose cellular failover device that must be purchased, installed, and managed in addition to the primary gateway router, network switches, serial consoles, etc. While this may not seem like a big deal in a single-site, centralized enterprise LAN, it grows much more onerous in a large and distributed network with many remote sites and a complicated SD-WAN architecture.

A much better option is to buy an all-in-one device that combines many networking capabilities into one, such as a Nodegrid Services Router. Nodegrid devices include production gateway, routing, and switching functionality in addition to cellular failover, remote out-of-band (OOB) management over serial, and more.

Fig. 3: A basic network topology using a Nodegrid Net Services Router with integrated networking, cellular failover, hosted firewall solution, and a serial console module.

The Nodegrid solution is highly customizable, with six integrated routers to choose from depending on your deployment size and use case. The most flexible option is the Nodegrid Net Services Router (NSR) with a modular design that lets you swap out expansion modules to get the exact functionality you need without paying for extras that you don’t. A single Nodegrid device can replace an entire rack of networking equipment, simplifying deployments in branch offices, edge computing data centers, manufacturing plants, and other remote sites.

Plus, Nodegrid’s vendor-neutral hardware and software allow you to consolidate infrastructure management behind a single pane of glass. You can use Nodegrid to orchestrate cellular failover, SD-WAN, DCIM, and more over a dedicated, reliable, and blazing-fast OOB management network.

Ready to learn more about Nodegrid cellular failover router connectivity?

To learn more or see a demo of Nodegrid in action, contact ZPE Systems today.

Contact Us

Data center connectivity is more crucial than ever. Data, applications, and digital services power every aspect of business, which means your infrastructure needs to be available 24/7. However, according to the Uptime Institute’s 2022 Outage Analysis report, outages are still a frequent problem for enterprises and data centers, and the financial consequences of the resulting business interruptions are staggering.

One of the best tools for maintaining data center connectivity is remote out-of-band (OOB) management. OOB management creates an alternative path to remote infrastructure on a dedicated management network. An OOB management solution uses serial consoles and data center infrastructure management (DCIM) software to give administrators the ability to monitor and control remote data center infrastructure. With OOB, you can recover from outages faster and regain control over remote data center infrastructure even when the main network is down.

The importance of out-of-band data center connectivity

The first major takeaway from the Uptime Institute report is that outage rates have remained high over recent years. Twenty percent of responding organizations experienced a serious outage in the last three years, which is slightly higher than in the 2021 report. It was noted that 80% of data centers reported an outage of some kind (with varying severity), which hasn’t changed much since previous reports. The implication here is that businesses and data centers are both still struggling to maintain the 24/7 availability expected by their customers. Let’s dig deeper into the causes and effects of data center outages and discuss how out-of-band management can help.

1. Network issues are the biggest cause of downtime
   According to the 2022 report, networking problems were the single largest cause of outages over the last three years. These issues are frequently due to the complexity of distributed and software-defined network architectures, especially in cloud or hybrid cloud deployments.Out-of-band data center connectivity solutions use serial consoles which directly connect to other data center devices using the serial port. That means administrators can access and manage those devices without needing to use their IP addresses. So, if a configuration mistake causes the production LAN to go down, administrators can still remotely fix the problem, shortening the duration of the outage. And, since OOB serial consoles provide a secondary network interface—often an LTE cellular modem—you’ll still have remote access even if human error brings down the WAN or SD-WAN architecture.
   .
2. Power failures are another leading cause of outages
   Respondents reported that 43% of significant outages—ones that resulted in business interruption and financial loss—were caused by power issues. Many of those incidents were due to uninterruptible power supply (UPS) failures.As part of a data center infrastructure management (DCIM) solution, an OOB serial console gives administrators the ability to remotely monitor and manage UPS devices in the rack. Admins get alerts when devices aren’t performing efficiently or begin to show signs of imminent failure. That means organizations can proactively schedule repairs or deploy replacements before a power outage occurs.
   .
3. Out-of-band data center connectivity shortens recovery time
   One of the most alarming statistics from the report is the percentage of public outages lasting more than 24 hours. In 2017, just 8% of outages lasted longer than a day, but that increased to nearly 30% in 2021.Out-of-band data center connectivity can significantly reduce the time to recovery by ensuring administrators always have remote access to data center infrastructure. That means your organization will waste less time waiting for on-site managed services to arrive or for in-house technicians to travel to the data center. As soon as DCIM monitoring alerts them to an issue, admins can begin diagnosing and fixing the problem from their remote desktop.
   .
4. Outages are more expensive than ever
   Over 60% of reported outages resulted in at least $100,000 in losses, an increase of 21% since 2019. The number of outages costing more than $1 million also increased by 4%.OOB management gives teams the ability to remotely troubleshoot and recover from many issues, so you don’t need to pay for truck rolls or on-site managed services. If remote troubleshooting reveals that the problem requires an on-site fix, technicians can go in already knowing the source of the issue and with all the necessary tools to repair it. Either way, your organization saves time and money.

Out-of-band data center connectivity gives organizations reliable access to remote infrastructure even during a network outage. OOB serial consoles also provide visibility into the health and performance of critical data center devices like UPSs, so you can proactively address issues and prevent downtime from occurring. Through 24/7 remote access, monitoring, and management, you can reduce the incidence, duration, cost, and impact of data center downtime.

Gen 3 OOB data center connectivity with Nodegrid

The Nodegrid Serial Console Plus (NSCP) is a Gen 3 out-of-band data center connectivity solution that delivers reliable and blazing-fast remote access to up to 96 data center devices from a single 1U rack-mounted box. Nodegrid’s vendor-neutral OOB DCIM platform supports integrations with your choice of infrastructure solutions and automation tools, giving you total and efficient control over your data center infrastructure.

Ready to learn more about out-of-band data center connectivity?

To learn more about out-of-band data center connectivity with Nodegrid, contact ZPE Systems today.

Contact Us