Increase Productivity Archives

How to Use a Cloud Managed Gateway Router to Optimize OT Automation

by Jordan Baker | Jun 23, 2022 | Edge Computing, EdgeOps, Failover Connectivity, Increase Productivity, Minimize Impact of Disruptions, NetDevOps, Network Automation, Remote Network Management, Simplify Branch Infrastructure, Streamline Deployments, Uncategorized

The right cloud managed gateway router simplifies edge network management and unlocks remote access to operational technology (OT). In this blog, we’ll explain what OT automation is, how to manage it with a gateway router, and what to look for in an ideal solution.

What is operational technology (OT)?

Operational technology, or OT, controls equipment interacting with the physical world. The term is used to differentiate these systems and devices from information technology (IT), focused on non-physical data computing.

OT manages the physical equipment used for industrial manufacturing, water and energy utilities, medical procedures, building management, and other physical processes.

Some examples of operational technology include:

Programmable logic controller (PLC) – Controls assembly lines, industrial machines, robotic devices, and other manufacturing processes.
Supervisory control and data acquisition (SCADA) – A control system for high-level supervision of industrial machines and processes, including PLCs.
Building management system (BMS) and Building automation system (BAS) – manage a building’s mechanical and electrical equipment such as lighting and HVAC.

OT facilitates industrial automation, by reducing manual intervention required to control and optimize physical technology. OT automation systems are traditionally isolated from IT networks, running on specialized industrial computers. However, modern OT systems are converging with IT to allow operators to manage them via network-connected PC or even from a cloud platform.

Using a cloud managed gateway router to optimize OT automation

Frequently, OT devices operate outside your main headquarters, in remote facilities such as factories, warehouses, data centers, and branch offices. In the past, that meant you needed operational technology installed at each location, with operators on-site to monitor OT automation computers. However, IT/OT convergence enables you to connect operational technology to edge network gateway routers, facilitating remote control via specialized software or a cloud-based application.

Gateway routers connect remote facilities to WAN or SD-WAN architectures, providing seamless and secure access to enterprise network resources. They also provide administrators with access to monitor and manage edge network routing and security. Some gateway routers also function as serial console routers, which means they can be used to directly manage the devices connected to them—including operational technology. A cloud managed gateway router with serial console capabilities gives administrators the ability to control remote networking and OT systems anywhere.

One of the issues with remote OT automation is that it may consist of several different systems and applications. For example, a managed service provider (MSP) may need to control HVAC, power distribution, security systems, and other infrastructure for many different clients using a variety of OT computers. They may even have some old analog gauges in place which they monitor with a cheap IoT camera.

Each of these disparate OT systems has its own application or cloud portal that operators must learn, configure, and manage, which is inefficient and creates risk of human error. A vendor-neutral cloud managed gateway router can solve this problem by bringing all your OT applications together under one unified platform.

What to look for in a cloud managed gateway router

Not all cloud managed gateway routers are optimized for OT automation. Let’s examine what an ideal solution looks like.

★ Hardware

The gateway router itself should use high quality hardware, and it should integrate with high quality operational technology hardware as well. You should secure the router hardware with features like cryptographic modules and geofencing to prevent tampering if the devices are stolen or intercepted in transit. A vendor neutral gateway router also needs to support various hardware connections such as RS-232, RJ-45, USB, and IPMI so you can ensure compatibility with your various OT systems, including analog and IoT solutions.

★ Operating System

The OS that runs on the cloud managed gateway router should be hardened and frequently patched to prevent hackers from exploiting vulnerabilities. The provider will update an ideal solution, so you don’t have to constantly stay abreast of all new security vulnerabilities or keep on top of the vendor’s patch schedule. A vendor neutral gateway router should run on an open, Linux-based OS to allow easy integrations with OT software.

★ Zero touch provisioning

Zero touch provisioning (ZTP) allows you to automatically deploy device configurations over a network connection. A cloud managed gateway router should have ZTP capabilities both for itself and for other connected devices. This eliminates the need for pre-staging so that you won’t risk a configured device falling into the wrong hands during shipping. It also reduces the need for engineers to travel on-site to install and configure new devices, saving time and money.

★ Connectivity

The gateway router’s primary job is to provide remote systems and users with a reliable connection to the enterprise network, ideally using SD-WAN technology. It should also provide a dedicated out-of-band (OOB) management connection, so administrators have reliable access to control and troubleshoot the remote network. An ideal solution includes high-speed failover via 4G/5G to ensure seamless connectivity for both administrators and end-users.

★ OOB provisioning and management

Provisioning and changing device configurations over the production network is risky. There’s always the chance that a configuration mistake could take the whole network offline. That’s another reason why a cloud managed gateway router should provide an OOB network connection, so you can deploy and modify device configurations without affecting the production network.

★ Orchestration

A cloud managed gateway router should provide orchestration so you can coordinate automated tasks and workflows across all your OT systems. This brings all OT applications together behind one pane of glass, facilitating efficient management and powerful optimization. End-to-end OT automation at the edge is only possible with a truly vendor-neutral gateway router that supports integrations with your choice of OT solutions, automation tools, and scripting languages.

A cloud managed gateway router with these features will empower efficient OT automation at the edge.

Why choose the Nodegrid cloud managed gateway router solution?

The Nodegrid line of cloud managed gateway routers delivers powerful edge network management optimized for operational technology automation. Features like secure zero touch provisioning and gen 3 OOB management support efficient and low-risk operational technology deployments while ensuring constant availability. Nodegrid’s vendor-neutral hardware, operating system, and cloud-based management platform can integrate all your OT solutions for true end-to-end orchestration.

Learn more about edge network orchestration:

→ Simplifying Network Edge Orchestration with a Single Platform
→ Edge Computing Trends to Expect in the Post-Covid World
→ Out-of-Band Is a Lifesaver for Critical Edge Networking. Here’s Why…

Learn more about the Nodegrid cloud managed gateway router.

Call 1-844-4ZPE-SYS or Contact us online!

The Benefits of Vendor Agnostic Platforms in Network Management

by Jordan Baker | Jun 20, 2022 | Data Center Management, Increase Productivity, NetDevOps, Remote Network Management, Uncategorized

There are two basic approaches to choosing a network management platform: you can stick with a single vendor’s ecosystem of supported products, or go with a vendor agnostic platform. In this post, we’ll explain what a vendor agnostic platform is and how this approach can benefit your organization.

What is a vendor agnostic platform?

A vendor agnostic platform supports integrations with all (or most) viable and established networking solutions. That means both the technology needs to work well with other systems, and the vendor needs to provide adequate documentation and support for those third-party integrations.

Vendor agnostic vs. vendor neutral

These terms are synonymous, and any perceived differences are generally just marketing. Some companies may use the term vendor neutral to imply that a platform is typically open to integrations, without specific support from particular vendor solutions. By comparison, they would say vendor agnostic platforms provide specific integrations and the support infrastructure needed to work with leading third-party solutions.

In fact, these terms are used interchangeably, and these distinctions aren’t applied consistently across the industry. A platform described as vendor neutral almost always provides the same level of integration support as a vendor agnostic platform, so you shouldn’t let marketing fluff influence your purchasing decision.

The benefits of vendor agnostic platforms in network management

Taking a vendor agnostic approach to network management provides numerous benefits, such as:

★ Lower costs

Without a vendor agnostic platform, you’re stuck with a single vendor’s ecosystem of products. That means you’re limited to choosing among the hardware and software offered by that vendor, regardless of the price. Often, this approach results in spending too much money on solutions that offer more functionality than you really need. On the other hand, you could find yourself choosing a product that doesn’t quite fit your needs just because it’s all that’s available within your budget.

A vendor agnostic platform gives you a wider variety of options for building out your network infrastructure. You can shop around for solutions that provide all the functionality you need at a price you can afford, knowing that they will all still integrate with your network management platform. With a vendor agnostic platform, you’re much less likely to pay for features you don’t need, helping you reduce operational costs.

★ Specificity of features

On a related note, another issue with a single-ecosystem approach is that you’re limited to the functionality offered by that vendor’s network management platform. You may have multiple tiers of features that you can unlock for an additional cost. Still, there’s often no way to customize your solution with the exact functionality you want or need. That means you either pay extra for a whole suite of additional features—some of which you don’t need or want—or save money by compromising on functionality. Plus, if your requirements change later on, you’ll have fewer options to alter, scale, or manage.

The vendor agnostic approach, by comparison, leaves you with many more options for customization. You can shop around for a platform with all the needed functionality built-in, or look for third-party integrations to add that functionality to your existing solution. That also means you can scale and modify the platform at will or as your business grows and requirements change. A vendor agnostic platform allows you to build a completely customized solution with the specific features needed to manage your network optimally.

★ Automation and orchestration

As enterprise networks grow more extensive, complex, and highly distributed, managing these networks with entirely manual processes is less viable. Many closed vendor ecosystems provide some built-in automation functionality, but they typically don’t allow integrations with third-party automation scripting languages and solutions. Plus, the more automation you employ, the more you need centralized orchestration to manage and deploy that automation. A single-vendor orchestration platform may work for solutions within its ecosystem but will struggle to get its hooks into any legacy devices or third-party systems.

A vendor agnostic platform doesn’t suffer from these limitations. By their very nature, they support integrations with leading automation tools, so you can use the scripting languages you’re most comfortable with and the third-party solutions that work best for your use case. And with vendor agnostic orchestration, you can ensure that you have total coverage even across legacy and hybrid infrastructure. A vendor agnostic platform empowers you to automate and orchestrate your network with the best tools for the job.

★ NetDevOps

NetDevOps is a methodology that combines Networking, Development, and IT Operations into a unified and collaborative team working towards common goals. Successful NetDevOps transformation requires abstracting your network and infrastructure management as software code decoupled from the underlying hardware.

This software abstraction makes it easier to use automation to deploy, update, and manage configurations, which means developers get the resources they need to deliver code faster. You can also use automation to manage, optimize, and troubleshoot the network through software-defined networking (SDN) and software-defined wide area networking (SD-WAN). This ensures optimal performance and high availability for applications and end-users.

A vendor agnostic platform is crucial to full NetDevOps transformation because the goal is to merge networking, development, and operations under one umbrella. That means you need a management platform that can extend its reach across all your networking appliances, virtual or physical servers, and development tools and resources. This gives organizations a complete picture of their entire NetDevOps environment and facilitates the creation of a fully integrated software development pipeline.

Vendor agnostic network management and orchestration with Nodegrid

Vendor agnostic platforms can help you lower costs, get the specific features you need, automate and orchestrate your network, and achieve NetDevOps transformation. For example, the Nodegrid platform from ZPE Systems can “say yes” to every vendor device and solution on your enterprise network. Nodegrid works with your choice of third-party systems, automation tools, scripting languages, and NetDevOps solutions so you can manage and orchestrate your complex infrastructure from behind one pane of glass.

Learn more about the benefits of vendor agnostic network orchestration:

→   Orchestrating Hybrid Network Environments: Challenges, Solutions, and Best Practices
→   Why Choose Nodegrid as Your Data Center Orchestration Tool
→   Hyperautomation vs Automation: How Are They Different?

See a demo of the Nodegrid vendor agnostic platform at work.

Call 1-844-4ZPE-SYS. Contact us!

Part 2: Immutable Infrastructure: Best Practices for Network Professionals

by Jordan Baker | Jun 16, 2022 | Actionable Data, DevOps, Increase Productivity, NetDevOps, Network Automation, Scripting, SD-WAN, Uncategorized

Immutable infrastructure involves servers, network appliances, and other devices which are never updated or changed. In part 1 of our blog series, we discussed the most inherent challenges with the immutable infrastructure paradigm. This post will cover immutable infrastructure best practices that you should follow to overcome these challenges and fully embrace immutable principles in your enterprise.

Immutable infrastructure best practices for network professionals

Infrastructure as Code (IaC)

Infrastructure as code, or IaC, uses software abstraction to separate infrastructure configurations from the underlying hardware, allowing you to write configurations as repeatable scripts that you can deploy to many different devices. It also facilitates automation and orchestration through tools like RedHat Ansible, which stores and automatically executes configuration scripts according to predefined playbooks.

IaC is used traditionally for physical and virtual server configurations, but you can also use it to create and maintain virtualized network device configurations. This is sometimes called network infrastructure as code or software-defined networking (SDN). SDN goes beyond just abstracting configurations from the underlying networking hardware. It virtualizes your entire network, creating an overlay for managing and optimizing network routing, load balancing, segmentation, and more.

IaC is an immutable infrastructure best practice because it allows you to create and deploy configurations quickly and at scale. It enables truly immutable infrastructure that you can copy, delete, and replace at will. Without IaC, you must provision each new and updated instance manually. Even with a large team of engineers, updates could take a long time, and intermediate periods during which different versions of the same server or network configuration were active simultaneously will appear. Plus, manual configurations are error-prone, and mistakes could create vulnerabilities in your network.

Infrastructure as code and network infrastructure as code allow you to deploy virtual configurations programmatically and automatically. For immutable infrastructure, IaC is frequently used to deploy and configure images for containers and other virtualized environments.

Golden images

A golden image is a standardized template for physical or virtualized infrastructure. You start with a base image with only the software and settings required universally across all instances of that device. Then, you install any agents or services needed for monitoring, threat detection, analysis, etc. Finally, you harden the image with security policies and tools, and patch any known security vulnerabilities. Once the golden image is complete, you freeze it so no further changes can be made.

Best practices for creating, securing, and updating golden images for immutable infrastructure include:

Incorporate as many dependencies and settings as possible in your golden image to reduce the amount of configuration that needs to happen at deployment. This will ensure that the golden image you’ve tested and validated is as close as possible to the final production configuration. It will also make it faster and easier to scale.
Continuously scan and analyze golden images for new security vulnerabilities. That way, you can create and deploy patched versions as soon as possible, hopefully before a malicious actor has time to exploit those vulnerabilities.
Fully decommission old images once they’ve been replaced with newer, more secure versions. This will ensure a consistent and secure environment, and decrease the risk of accidentally spinning up new instances with old images.
Store golden images in multiple locations on a micro-segmented network. Use zero trust security to create granular policies and build customized micro-perimeters around your golden images. This will protect your images from exfiltration or unauthorized modifications. It will also ensure access to golden images for recovery purposes even if you must isolate particular micro-segments during a breach.

Golden images for virtualized servers and network devices can be deployed, modified, and updated through IaC orchestration platforms—Like AWS, Azure, etc. This further streamlines the provisioning of immutable infrastructure, ensures consistent configurations across instances, and facilitates fast and easy scaling.

Stateful and persistent data

You should strive to make infrastructure and data as ephemeral as possible. Still, there are cases where you’ll need data to persist as you’re creating, deleting, and copying immutable resources. For stateful and persistent data, you should use mountable storage attachable to new instances when old ones are terminated.

Make sure you separate the ephemeral data from stateful/persistent data, so you only keep what you absolutely need to. This will help you reduce storage costs and simplify your overall operations. In addition, you should ship log files off immutable instances and send them to a centralized monitoring server as frequently as possible to ensure they persist.

Implementing immutable infrastructure best practices in your enterprise

Many of these immutable infrastructure best practices rely on modern, software-defined technology stacks, making it challenging to apply them to legacy infrastructure. You also need clear, centralized orchestration to see and control every piece of your immutable infrastructure, even across highly distributed networks with remote branch and edge locations. Finally, all of your immutable infrastructure solutions must work together seamlessly regardless of vendor or ecosystem.

ZPE Systems can solve all these challenges with the Nodegrid network orchestration solution. Nodegrid supports network functions virtualization (NFV), which turns your physical networking appliances into virtualized solutions you can configure and manage through IaC and SDN. Nodegrid’s vendor-neutral serial console servers also support legacy pinouts, so you can bring your legacy physical infrastructure under your immutable orchestration umbrella.

The ZPE Cloud network orchestration platform can also control remote data center, branch, and edge infrastructure. You can host your choice of SD-WAN (software-defined wide area networking) solution on your Nodegrid devices or use ZPE Cloud’s SD-WAN app. This technology allows you to extend the reach of your virtualized network orchestration to your WAN architecture. To dig even deeper, you can use the SD-Branch app to control branch and edge LANs as well.

The ZPE Cloud platform and all Nodegrid devices are truly vendor-neutral, allowing integrations with leading third-party IaC, SDN, and security providers. Nodegrid empowers you to create a tightly-integrated, seamless immutable infrastructure solution for total network control.

Don’t miss out and learn more about immutable infrastructure challenges and the best solutions in part 1 of our blog series.

See how Nodegrid can help you implement immutable infrastructure best practices in your enterprise.

Call 1-844-4ZPE-SYS to view a free demo.

Part 1: Immutable Infrastructure: Challenges Your Company Needs to Be Aware of

by Jordan Baker | Jun 13, 2022 | DevOps, NetDevOps, Network Automation, Network Edge Orchestration, SD-WAN, Uncategorized

Immutable infrastructure refers to the critical network resources and systems that make up your infrastructure and that are never updated, changed, or fixed in any way—they stay exactly the same. If something needs to be modified, the entire system or device is replaced by a new one. While this approach has many advantages for organizations, there are still some immutable infrastructure challenges you’ll need to overcome.

Mutable vs immutable infrastructure

Traditional infrastructure deployments are mutable and continuously change in place. Sysadmins and network engineers will constantly deploy patches, modify configurations, and install new software on systems and devices while they’re actively in use. The benefit of this approach is that you don’t need to create entirely new server instances or network deployments every time you want to change something.

However, mutable infrastructure does create some risk. For example, what if you deploy a patch that breaks a core function? What if some new code introduces a security vulnerability to the system? How about if an in-place upgrade fails halfway through and you end up with an unplanned version of the configuration? With mutable infrastructure, you’re stuck troubleshooting the issues and attempting to deploy fixes on systems and devices actively in use.

On the other hand, immutable infrastructure is frequently copied, deleted, and recreated without making changes to the systems currently in use. Configurations are abstracted as software code and managed from a centralized location that’s physically and logically separate from the target infrastructure. This code can be copied and deployed to many different targets as frequently as necessary. The environments themselves are virtualized (and often containerized) which creates an additional abstraction layer from the underlying hardware. This also makes it possible to copy, delete, and recreate instances as needed.

When an infrastructure as code (IaC) or software-defined networking (SDN) configuration needs to be updated, a new version of the code is written, deployed to a new instance, and tested to ensure functionality and security. Then, traffic is redirected to the new instance and the the old one is simply deleted. If a virtualized or containerized environment fails, or is compromised by a hacker, you can delete it and replace it with an exact copy with minimum hassle.

Immutable infrastructure is becoming popular among DevOps and NetDevOps organizations that use IaC and SDN to integrate resource provisioning directly into the software development pipeline. While this approach has clear advantages—including security improvement, IT complexity and failure decrement, and easier troubleshooting than mutable infrastructure—there are also some immutable infrastructure challenges.

Immutable infrastructure challenges

The immutable infrastructure paradigm was initially conceptualized for hyperscale and enterprise data center deployments. It relies on software-defined technology stacks and orchestration solutions that automate deployment and provisioning. The challenge comes when you need to venture outside of this ideal deployment, as is the case for many organizations.

Modern enterprise networks are shifting away from massive, centralized data centers because modern enterprises are themselves less centralized than they used to be. As operations become more globalized and remote, distributed workforces evolve the norm, and enterprises deploy infrastructure closer to the network edge. Edge network infrastructure is deployed to small local data centers, branch offices, remote warehouses, and other distributed locations. Often, these smaller deployments rely on hardware-based appliances, servers, and legacy equipment.

This creates some significant challenges when you try to shift to immutable infrastructure, including:

Extending the software-defined network automation and orchestration to remote locations outside your enterprise network.
Bringing the orchestrator’s hooks into all of your disparate legacy hardware solutions.
Finding a way to apply immutable principles to this mutable hardware-based infrastructure.

Solving immutable infrastructure challenges

Immutable infrastructure requires centralized orchestration of software-defined technology, so you need to apply SDN to WAN architecture to bring immutable to the edge. This is called SD-WAN, or software-defined wide area network. SD-WAN decouples the management of your WAN from the underlying hardware, so you can use orchestration to control distributed WAN architecture.

However, SD-WAN only gets you to the perimeter of your edge networks. To use immutable infrastructure effectively, you also need to extend the orchestrator’s reach into the branch and edge LANs. You can achieve this through SD-Branch technology, which gives you software-defined control over the internal networking infrastructure of remote architectures.

The second goal is to ensure that your orchestration solution can see and control every piece of your edge architecture, even legacy systems not designed with automation in mind. The SD-WAN/SD-Branch gateways and console servers you install at the edge need to support legacy pinouts and integrate with third-party hardware and software. If the edge connectivity solution can’t say yes to every component of your distributed network infrastructure, you’ll have gaps in the software-defined orchestration coverage.

The third task is to turn mutable hardware into immutable infrastructure, which you can accomplish through virtualization. In the same way that a single physical server can be turned into many different virtual machines, you can use network functions virtualization (NFV) to turn physical networking appliances into virtualized solutions. NFV creates an abstraction layer that separates the underlying hardware’s routing, switching, load-balancing, and other management functions. This allows your orchestrator to manage these functions automatically and create, copy, delete, and recreate network configurations at will without worrying about the mutable hardware.

The tricky thing about solving each of these challenges is that you need a truly vendor-neutral solution to make it all work. For example, if you have different branch gateways in different locations, you need to ensure that the SD-WAN/SD-Branch platform will integrate with all of them. Otherwise, you’ll need to manage multiple software-defined technology stacks, or you’ll lose the ability to apply immutable principles consistently across your entire distributed network.

The network functions virtualization platform also needs to support all of your disparate vendor hardware and legacy architecture; otherwise, you won’t be able to turn all mutable infrastructure into virtualized, immutable solutions. Plus, the orchestrator needs to integrate with your NFV platform as well as all edge hardware and software, to have full coverage.

Many immutable infrastructure solutions fall short of true vendor-neutrality. That means, to use them effectively, you have to upgrade your edge infrastructure hardware and software to compatible versions. This is an expensive and time-consuming endeavor and one that creates a massive roadblock for globally distributed enterprises hoping to adopt immutable principles.

Nodegrid brings immutable infrastructure to edge networks

ZPE Systems can help you bring immutable infrastructure to your edge networks with the vendor-neutral Nodegrid platform. Nodegrid’s powerful, all-in-one branch gateways give you the best of both worlds: you can use our powerful SD-WAN and SD-Branch technology or directly host your choice of third-party software-defined networking solutions. The modular design of the Nodegrid Net Services Router (NSR) also gives you added capabilities like edge compute, terminal server, NetDevOps, and more.

The vendor-neutral ZPE Cloud orchestration platform can say yes to every component of your distributed network architecture, including legacy hardware appliances and systems. ZPE Cloud gives you complete control over your mutable hardware, making it possible to apply software-defined orchestration to even the smallest branch deployments.

Plus, all Nodegrid devices run on the vendor-neutral, Linux-based Nodegrid OS with support for NFV. You can use Nodegrid OS to virtualize every piece of the edge networking stack, turning mutable branch hardware into immutable, automated solutions.

Immutable infrastructure is such an essential and vast topic that we created a second part of our blog series. It will give you a deeper look into the immutable infrastructure challenges you’ll need to overcome to extend immutable principles to distributed network architectures.

Learn how Nodegrid can solve your immutable infrastructure problems.

Call 1-844-4ZPE-SYS to see a demo.

Why cybersecurity can make you feel lost in space

by Jordan Baker | Jun 9, 2022 | Improve Network Security, Network Automation, SD-WAN, Secure Access Service Edge (SASE), Security Service Edge (SSE), User Management, Zero Trust Security

Cybersecurity has been a hot topic for years. With many high-profile breaches, malware attacks, and pricey payouts, it’s no wonder why companies continue to add more and more protection for their IT systems.

Despite this, hackers continue to succeed at exploiting vulnerabilities. Why are there still vulnerabilities in the first place? All it takes is one weak spot and one bad actor (looking at you, HAL 9000) to lock you out and leave you scrambling to regain control.

In this post, we’ll cover how network infrastructure has evolved in the past decade, why cybersecurity can make you feel lost in space, and why recovery is crucial to modern cybersecurity.

How network infrastructure evolved

The movie 2001: A Space Odyssey predicted that by the year 2001, technological advancements would enable things like space travel and virtual conferencing. In reality, we were still rolling around in gas-powered cars or waiting for 56kbps dial-up connections to load our email inboxes.

Times were simpler, but that also meant that network infrastructure and cybersecurity were simpler. Most people would go to work at a physical location like an HQ or branch office, and distributed or remote work technologies were very much in their infancy. This meant that network infrastructures were more simple and localized, usually requiring a simple MPLS connection from their off-site data center (if they had one) to their branch offices. Cybersecurity was simple: it was either inherent to the connection type (like MPLS), or required something like a basic firewall or encryption method.

Fast forward more than 20 years, and the network infrastructure common to 2001 is barely recognizable. With customers and employees demanding companies adapt to their on-the-go and remote-work lifestyles, the network infrastructure exploded, causing a sort of Big Bang of cybersecurity as we know it today.

Modern networks need to serve many branch offices and remote locations, and the only way to succeed is by incorporating a myriad of on-prem, cloud, and SaaS solutions. This creates a hybrid infrastructure of data, security, networking, and computing distributed everywhere. In other words, the attack surface continues to expand much like the universe itself, and security professionals have been struggling to contain all the vulnerabilities left in its wake.

Why cybersecurity makes you feel lost in space

You might relate to Frank Poole. In the movie, the HAL 9000 supercomputer leads Frank to perform a spacewalk in order to repair a portion of their ship. While Frank floats toward the ship, the corrupted HAL takes control of an EVA pod and slams it into Frank, causing him to tumble helplessly through the black void of space and eventually meet his demise.

Trying to secure your IT infrastructure can make you feel just as helpless and out of control. That’s because cybersecurity presents several challenges that make it difficult to gain your footing. And with 2021’s executive order regarding zero trust security, cybersecurity seems even more daunting as previous protection methodologies are becoming wholly obsolete.

Here’s a brief look at some of the challenges of modern cybersecurity.

Too many products

Regardless of your industry, there are so many security products to choose from that it can easily feel like you’re floating amongst an endless sky of stars. It’s difficult enough choosing properly secured servers, routers, storage devices, and other physical equipment. Add on the other crucial pieces of the modern network architecture, and it’s easy to make a full time job of researching, comparing, and selecting the right cloud and SaaS security products. Here’s a list that barely scratches the surface of different types of security products to choose from:

Firewalls & next-gen firewalls (NGFWs)
Security information and event management (SIEM) systems
Identify and access management (IAM) products
Pen testers
Data analytics
Intrusion prevention and detection systems (IDPS)
Endpoint protection apps
Database security solutions
Ransomware/malware detection and removal
Authentication and single sign-on

Too many vendors

All of these products have to originate from somewhere, which brings us to the next challenge: there are too many cybersecurity vendors to choose from. This isn’t necessarily a bad thing, since competition creates better products, but it does complicate the cybersecurity professional’s journey to achieving holistic protection.

At RSA Conference 2022, for example, there were 450 security exhibitors present, 70 of which were funded well enough to afford the cost of a booth. During the show, many discussed that in the previous 18 months there were 1,800 new cybersecurity vendors that received funding to be installed in networks. The TL;DR — this multi-vendor ecosystem will persist (and probably grow even more), and so will the challenge of achieving holistic security.

Of course everyone wants the best of the best, which might draw your attention to staples like Cisco, Fortinet, and Palo Alto Networks. But because the modern hybrid infrastructure is so diverse, there now exist so many niche products available from thousands of vendors. In fact, CyberDB compiled a database that includes more than 3,500 security companies from the United States alone.

Here’s a graphic that puts into perspective just a fraction of the available vendors:

Too many gaps

The third and most important challenge stems from the first two above: there are just too many security gaps to address. Part of this problem is due to the diversity of hybrid infrastructure. But once you’re able to identify the gaps, you’ll find that addressing these will more often than not create even more gaps.

That’s because there’s no single vendor or suite of products that provides holistic cybersecurity. You deploy a variety of products but inevitably run into interoperability issues, which only perpetuates more vulnerabilities as you add more solutions to address these gaps.

What you end up with is a plethora of solutions that are secure themselves, but that don’t provide protection for your infrastructure as a whole.

Why recovery is key to modern cybersecurity

According to a Sophos survey, 66% of surveyed organizations suffered ransomware attacks in 2022. And when attacks happened, 70% of organizations needed more than two weeks to recover. Ransomware is the modern disaster, which makes minimizing recovery times an essential part of modern cybersecurity.

Recall the Fortinet 7.0 CVE from 2022. Customers upgrading to the then latest release of FortiOS suddenly found themselves vulnerable to an authentication bypass, where attackers could gain admin access using certain HTTP/S requests. This typical scenario leaves IT teams waiting for a solution while their business remains vulnerable. What’s needed is the ability to recover quickly and automatically, whether from an active attack or an at-risk configuration.

Get the blueprint for fast recovery times

Big Tech companies have spent years building this capability into their infrastructure. At ZPE Systems, we’ve directly collaborated with these companies and have created best practices based on these proven architectures. This Network Automation Blueprint details the components and practical steps to take, from automating IT/OT production infrastructure, to implementing an effective design for orchestration and automation environments.

The blueprint is your template to achieving fast recovery times and reducing your risk of attack. Download the blueprint now.

Download Blueprint

Watch the blueprint recover a failed upgrade

Watch this tech demo from Tech Field Day 26, where Rene Neumann shows how the blueprint helps you recover a failed device upgrade in minutes.

Why You Need a Next-Gen OOB Console Server

by Jordan Baker | May 26, 2022 | Data Center Management, Failover Connectivity, Increase Productivity, Minimize Impact of Disruptions, NetDevOps, NetDevOps Transformation, Network Automation, Out of Band Management, Remote Network Management, Serial Consoles, Uncategorized

An OOB (out-of-band) console server is a fundamental data center tool that allows you to view, manage, and troubleshoot critical remote infrastructure on a dedicated network connection.

While the functionality of generation 1 console servers is limited, generation 2 models evolved to include features like automation and security. Now, as more enterprises embrace NetDevOps, there’s a need for greater automation and orchestration, which is why next-generation or generation 3 console servers are emerging.

In this post, we’ll discuss the advantages of a next-gen OOB console server and how these devices address the challenges and limitations of previous generations.

The importance of an OOB console server

An out-of-band console server may also be referred to as a serial console, serial console server, or serial console switch. There are also OOB serial console routers which include gateway routing functionality for small branch offices and use cases for edge data centers.

OOB console servers are tools fundamental for data center infrastructure management; they connect to all your remote network devices and give you the ability to control them on a dedicated management network remotely. This network is completely separate from the WAN circuit and internal LAN, and is accessed typically via cellular, dial-up, or DSL modem.

Out-of-band data center access is crucial for a few key reasons:

It provides 24/7 remote access to your critical data center infrastructure even if your WAN link goes down, allowing you to troubleshoot and recover without expensive truck rolls.
You can still view and manage remote devices even if malicious actors compromise your production network or data center infrastructure without exposing yourself.
Conducting resource-intensive network orchestration on a dedicated management plane reduces the performance impact on your production network and end-users.

Why do you need a next-gen OOB console server?

As modern enterprise networks have grown more complex and distributed, so have network and data center management workflows. This complexity makes it harder for engineers to efficiently manage their workloads and increases the risk of human error, especially with multi-vendor and hybrid network infrastructures.

These pain points led to the evolution of automated network management tools and solutions. Automation increases the speed and efficiency with which network administrators can provision, monitor, and optimize an infrastructure while reducing the risk of human error. Gen 2 OOB console servers have automation capabilities and scripting support that help fill the gap for data center management. Plus, Gen 2 serial consoles automate tasks like infrastructure provisioning (via zero touch provisioning, or ZTP) and basic troubleshooting (such as refreshing DNS or power-cycling) to reduce the amount of tedious manual work.

However, the needs and pain points of modern enterprises continue to evolve. It’s not enough to use individual, disparate scripts and solutions to automate specific tasks or workloads, especially to achieve NetOps or NetDevOps transformation. Gen 2 OOB console servers offer some automation support, but typically limit you to a particular vendor ecosystem or API library. Since enterprise networks consist of many different vendor solutions and devices, this rigidity leaves you with gaps in your automation coverage.

That’s why a new generation of console servers is rising to meet this challenge. Next-gen OOB console servers, also known as Gen 3, promise to deliver end-to-end automation and NetDevOps data center orchestration.

What to look for in a next-gen OOB console server

For an OOB console server to be truly next-gen, it must be able to dig its automation hooks into every device and solution in your rack. That means it needs to be vendor-neutral and include support for legacy systems not originally designed for automation.

In addition, a next-gen OOB serial console switch should support integrations with the third-party automation and orchestration tools of your choosing. That means both the hardware and software need to be vendor-neutral.

A next-gen console server should also provide high-speed OOB access and failover. Many Gen 1 and Gen 2 solutions use dial-up or 3G cellular connections, which can be slow and unreliable. Plus, 3G will be phased out (in the United States) by the end of this year. This leads to frustration when engineers try to troubleshoot and restore remote data center infrastructure as quickly as possible, and also hampers automation and orchestration efforts.

Another issue to consider is scalability. A next-gen OOB console server needs to provide enough managed ports for you to grow your data center infrastructure without needing to upgrade your management device continuously. You can even get modular serial consoles that allow you to expand or swap out port configurations as needed.

Last but not least, your next-gen console server needs to include and support advanced security controls. Imagine installing a preconfigured device that has unknowingly been infected. This could be like installing a trojan horse into your infrastructure. A next-gen OOB console server should include enterprise-grade security features and integrate with zero trust security controls and policies.

Orchestrating critical data center infrastructure with a next-gen OOB console server

Next-gen or Gen 3 OOB console servers deliver end-to-end automation and orchestration capabilities, so you can efficiently control complex data center infrastructure. A next-gen solution includes vendor-neutral hardware and software, high-speed OOB access and failover, the ability to scale up or down as needed, and enterprise security features and functionality.

The Nodegrid next-gen OOB console server solution from ZPE Systems delivers true end-to-end automation for critical data center infrastructure. Nodegrid’s vendor-neutral hardware and software can control all your vendor solutions, so there are no barriers to automating anything and everything. For example, Nodegrid zero touch provisioning (ZTP) can extend to all connected devices, allowing you to deploy remote data center infrastructure with the push of a button.

The Nodegrid Serial Console S Series can even control legacy and mixed environments, so you can upgrade your data center infrastructure at your own pace without losing automation capabilities. The open architecture, Linux-based Nodegrid OS supports integrations with third-party automation solutions so you can create a customized orchestration platform that suits your enterprise’s unique use cases and staff skillsets.

Nodegrid delivers high-speed remote out-of-band access and failover via two dual-SIM high-speed 4G/5G/LTE slots, plus you can upgrade to 5G without having to do a forklift upgrade. With up to 96 managed ports in a streamlined 1U rack-mounted device, the Nodegrid Serial Console Plus can handle enterprise-scale deployments or scale with you as you grow. The Nodegrid next-gen OOB console server also keeps management and orchestration secure, with onboard security features like UEFI secure boot, properly integrated TPM 2.0 security, encrypted solid-state disks, and geofencing.

The Nodegrid Serial Console from ZPE Systems is a true next-gen OOB console server. It delivers end-to-end automation, high-speed OOB access and failover, scalable port configurations, and enterprise-grade zero trust security features.

Learn more about OOB console servers:

★ Comparing the Best Console Servers for Data Centers in 2022
★ Out-of-Band Network Management: Fundamental Principles & Use Cases
★ How to Choose Secure Out-of-Band Management

See the Nodegrid OOB console server at work.

Call 1-844-4ZPE-SYS to request a demo.

Watch A Demo

« Older Entries

Next Entries »

ZPE Solution Pathways

Discover Nodegrid