CONTACT US
1-844-4ZPE-SYS
ZPE CLOUD

Providing Out-of-Band Connectivity to Mission-Critical IT Resources

Home » Minimize Impact of Disruptions » Data Center Resilience » Page 12

What is a Serial Console’s Role in Modern Enterprise Networks?

by | Jul 27, 2022 | Data Center Management, Data Center Resilience, DevOps, Increase Productivity, NetDevOps, NetDevOps Transformation, Network Automation, Out of Band Management, Power Management, Remote Network Management, Scripting, Serial Consoles, Uncategorized

what is a serial console

Serial consoles have been used to manage business networks since the 80s, but things have changed significantly since then. What is a serial console’s role in modern enterprise networks? In this blog, we discuss the history and evolution of serial consoles as well as the exciting functionality provided by the latest generation.

What is a serial console?

A serial console—a console server, terminal server, serial console router, or serial console switch—is a networking device used to manage other devices. It connects to servers, switches, routers, and other equipment using the serial port (hence the name). Network administrators can then use the serial console to access all connected devices in the data center, server room, or network closet in which it’s installed.

Serial consoles allow admins to manage critical infrastructure without needing to log in to each separate device individually. A serial console also provides out-of-band (OOB) management, creating a completely separate network that’s dedicated to infrastructure management and troubleshooting. OOB management allows you to remotely troubleshoot, monitor, and administer your infrastructure, and more.

How serial consoles have evolved over time

A basic serial console—also called a Generation 1 serial console—provides consolidated remote access to critical infrastructure. It uses a secondary network connection (such as a dial-up modem or cellular SIM card) so admins can control and troubleshoot equipment without relying on the main production network. Using a Gen 1 serial console, admins can access each connected device’s CLI (command line interface).

Gen 1 serial consoles are relatively limited in control, security, and automation. For example, many Gen 1 serial consoles can only manage devices from the same vendor (or a small pool of supported manufacturers). A Gen 1 serial console also lacks in-depth security features like hardware encryption, and generally can’t integrate with third-party Zero Trust Security policies and controls. Plus, most Gen 1s completely lack automation capabilities, or limit you to basic CLI scripts for single tasks.

Gen 2 serial consoles

Frustration over these limitations led to significant advancements in the second generation of serial consoles, or Gen 2. With Gen 2 serial consoles, admins get more control, added security features, and expanded automation capabilities.

For instance, most Gen 2 consoles offer management functionality for third-party devices. These serial consoles also have some built-in security features like Trusted Platform Module (TPM) and frequently support advanced authentication methods like AD/LDAP, Kerberos, and RADIUS. Gen 2 serial consoles also allow for greater automation using Python scripts, APIs, and zero touch provisioning (ZTP).

While Gen 2 serial consoles offer more multi-vendor support than their extremely limited predecessors, they still fall short of true vendor neutrality. For instance, managing third-party and legacy devices often requires expensive adapters or complicated configuration tweaks. Many Gen 2 serial consoles also lack support for Zero Trust integrations such as SAML 2.0 (e.g., Okta, Ping, DUO), making it impossible to completely secure your out-of-band network.

Finally, while Gen 2 serial consoles introduce more automation capabilities, their closed architectures make it impossible to implement end-to-end NetDevOps automation. For example, you might only be able to use one specific scripting language or an approved set of playbooks. It’s also common for Gen 2 serial consoles to only support ZTP of connected devices from the same vendor, so you’re either limited in your automated provisioning capabilities or your choice of infrastructure solutions.

Gen 1 serial consoles provide remote, out-of-band management of multiple devices using CLI commands and scripts over a serial connection. Gen 2 evolved to incorporate more devices, more security features, and more automation capabilities. However, the serial console needed to develop even further to handle the needs of a modern enterprise network.

What is a serial console’s role in modern enterprise networks?

Today’s enterprise network is larger, more complex, and more distributed than Gen 1 serial console developers could have possibly imagined. Network administrators and engineers need to monitor, manage, and troubleshoot infrastructure devices from many different vendors in many different locations. Networks are also constantly threatened by cybercriminals using sophisticated hacking techniques and state-of-the-art malware. Plus, modern businesses must ensure near-constant availability and optimal network performance to stay competitive. Gen 1 and Gen 2 serial consoles simply can’t deliver the control, security, and resilience required by enterprise networks today.

The new Gen 3 serial console addresses older generations’ limitations through true vendor neutrality, multi-layered zero trust security, and end-to-end automation capabilities.

Total infrastructure control

Gen 3’s complete vendor neutrality makes it possible to extend your automation capabilities—including zero touch provisioning—to every physical and virtual asset in your environment, regardless of manufacturer. Gen 3 serial consoles also give network administrators a virtual presence in remote network locations (like data centers and branch offices) through which they can monitor environmental conditions in the rack, power-cycle and enter the BIOS menu of devices, manage power load distribution, and more.

This control is delivered via high-speed OOB (such as a 5G/4G cellular SIM card), giving you 24/7 remote access to critical enterprise infrastructure, even during an ISP outage. Plus, Gen 3 serial consoles use centralized cloud management, which means engineers can manage and troubleshoot remote infrastructure from anywhere, anytime.

A Gen 3 serial console is based on an open architecture, x86 OS, that supports integrations with your choice of infrastructure solutions, cloud services, and automation toolkits. It also includes flexible port configurations and legacy pinouts to control a variety of devices, such as PDUs, IPMI devices, and environmental monitoring sensors.

Comprehensive security

On a hardware level, Gen 3 serial consoles use features like encrypted disks, UEFI secure boot, and TPM 2.0 to ensure unauthorized users can’t access management functionality. Additionally, the OS is frequently updated and patched against new security vulnerabilities before they can be exploited. The Gen 3 serial console also automatically checks the integrity of all newly integrated hardware and software to ensure there are no backdoor vulnerabilities.

A Gen 3 serial console’s vendor-neutral platform supports easy integrations with a variety of zero trust security controls. For instance, you can manage user access to a Gen 3 serial console through third-party Identity and Access Management (IAM) solutions, allowing you to follow zero trust best practices like 2FA, SSO, and dynamic trust verification. A Gen 3 serial console can also integrate with on-premises and cloud-based network security solutions such as next-generation firewalls (NGFW), Secure Access Service Edge (SASE), and Security Service Edge (SSE).

A Gen 3 console includes robust onboard security features, which reduces the risk of an attacker using a stolen serial console to access your management network (and ultimately, your production systems and data). Its open architecture also enables integration with zero trust security controls and providers.

End-to-end automation

The open architecture of a Gen 3 serial console makes it possible to integrate with your choice of infrastructure automation and orchestration tools, or directly host VMs and Docker containers so you can run your own tools. With a Gen 3 serial console, you can use solutions like Ansible, Chef, Puppet, or Kubernetes to automate deployments. You can also use any API you want to automate any workload you need to, no matter how complex.

Gen 3’s advanced automation capabilities enable full pipeline automation so you can achieve NetDevOps transformation. Gen 3 serial consoles also facilitate immutable infrastructure, allowing faster and more agile deployments, updates, and replacements of critical network resources.

With a Gen 3 serial console, you can create a fully-automated network environment. This allows engineers to work more efficiently and reduces the risk of human error causing an outage or security breach.

Nodegrid Serial Console Plus (NSCP)

A Gen 3 serial console, like the Nodegrid Serial Console Plus (NSCP), gives you complete remote control over every component of your network infrastructure, regardless of location or manufacturer. Nodegrid also secures your OOB management network using zero trust security best practices and comprehensive onboard features. Finally, the Gen 3 NSCP allows you to automate whatever tools you want to use, so you can efficiently manage a complex enterprise network without sacrificing speed, security, or control.

 

Learn more about Gen 3 serial consoles:

→   Comparing the Best Console Servers for Data Centers in 2022
→   What Makes a Gen 3 Serial Console?
→   Why You Need a Next-Gen OOB Console Server

What is a serial console’s role in modern enterprise networks?

Schedule a demo of the Gen 3 Nodegrid Serial Console Plus to see for yourself!

Demo

Branch-in-a-Box: Why All-in-One Devices Are the Future of Networking

by | Apr 11, 2022 | Data Center Resilience, Improve Network Security, Remote Network Management

shutterstock_588813473(1)

A branch network consists of many moving pieces that need to be remotely deployed, managed, and supported. That typically means separate devices for all the key functions like routing, switching, security, etc. However, as data and applications grow more distributed—especially due to the popularity of edge computing—it becomes harder for IT teams to keep up with the growing number of vendors and solutions at the branch. Branch-in-a-box seeks to solve that problem by delivering all your branch networking functions in an all-in-one device.

What is branch-in-a-box?

Branch-in-a-box consolidates an entire branch networking technology stack into one piece of hardware. A branch-in-a-box solution might include gateway routing, voice and data switching, firewall, Wi-Fi, and other crucial functionalities. Instead of learning, installing, managing, and troubleshooting five different boxes at each branch location, you only have to worry about one core device.

Next-generation branch-in-a-box solutions typically rely on the following branch networking technologies:

  • SD-WAN: Software-defined wide area networking, or SD-WAN, abstracts WAN management from the underlying MPLS, broadband, fiber, and cellular connection hardware. You can create intelligent routing policies to distribute and route WAN traffic for optimal network performance, with SD-WAN. SD-WAN intelligent routing also facilitates cloud-based edge security technologies like SSE (security service edge) and SASE (secure access service edge).
  • SD-Branch: The limitation of SD-WAN is that its capabilities generally end at the branch gateway. SD-Branch extends your software-defined networking functionality into the individual LANs so you can automatically manage and optimize traffic within the branch.
  • Compute: Some branch-in-a-box solutions also come with compute capabilities or modules. Meanign you can run guest operating systems—like VMs (virtual machines) and containers—without needing to install additional server hardware.
  • Out-of-Band: Out-of-band (OOB) separates your branch network’s management plane from the data plane so you can remotely manage and troubleshoot your branch infrastructure from a dedicated connection. With OOB, you get one unified control panel from which to remotely monitor and administer all your branch networking devices. OOB also provides an alternative path to your branch network, often over a cellular connection, so you don’t need to rely on the primary WAN link. You can troubleshoot and recover from outages remotely, reducing costly truck rolls.

SD-WAN optimizes traffic to and from the branch, ensuring optimal performance and productivity in all your remote locations. SD-Branch extends your reach into the individual branch LANs to give you more control over network routing and performance. Compute capabilities let you run VMs and containers without deploying additional servers. Finally, OOB ensures you always have access to your branch infrastructure, even during a WAN outage. A branch-in-a-box solution harnesses those technologies to give you control over a consolidated networking stack including routing, switching, firewall, and Wi-Fi capabilities.

Where did the concept of branch-in-a-box come from?

Let’s say the typical branch network relies on five boxes—a gateway router, a voice switch, a data switch, a wireless access point (AP), and a firewall. Five devices may not seem like a lot; and using a separate box for each branch networking job means you can, theoretically, choose the best-of-breed solution for each. If you only have one or two branch locations and a large, well-trained IT staff, then supporting multiple branch networking devices probably won’t be a problem.

But what happens when your business grows, and you need to scale up to 10 branches? And then 100 branches? And then 1,000? Suddenly, five best-of-breed devices turns into 5,000 individual boxes you need to purchase, configure, maintain, and troubleshoot.

Branch-in-a-box solves this problem by rolling-up all your crucial branch networking devices into one consolidated solution. This helps you save money on equipment, both in terms of the up-front costs and the recurring costs of licensing, software, and support. Device consolidation can also decrease the power consumption at your branches, saving you energy costs and reducing your carbon footprint. Deploying a branch-in-a-box is often faster and easier since you only need to ship and install one box instead of five.

Plus, an all-in-one branch networking solution reduces the overall complexity of your enterprise network by decreasing the number of devices and platforms that your engineers need to learn, manage, and support. That means your IT operations team can work more efficiently, spending less time on individual maintenance tasks and more time optimizing your branch networking. It also reduces the risk of configuration mistakes and other human errors that could potentially bring down your branches.

The challenge of branch-in-a-box

Of course, when you replace many different boxes with one solution, you run the risk of vendor lock-in. Suppose your branch-in-a-box solution runs in a closed ecosystem. In that case, it’s critical for that one box to truly cover every branch networking capability you need, because you won’t be able to extend its capabilities with third-party tools and devices. Plus, you’ll be forced to follow that vendor’s feature and support roadmap, which may diverge from your organization’s future goals and requirements.

To avoid these issues, it’s crucial to select a vendor-neutral branch-in-a-box that runs on an open platform, like Nodegrid.

Innovative and vendor-neutral branch networking

Nodegrid is a family of open-architecture, vendor-neutral networking solutions for branch, edge, and datacenter. All Nodegrid Services Routers consolidate multiple features and functionalities into one box so you can streamline your network infrastructure and reduce the complexity of your branches. For example, the Hive SR is a next-generation branch-in-a-box that can host many essential functions on one compact device, including:

Gateway routing

SD-WAN with AutoVPN

Wi-FI Access Point

5G/4G/LTE

Secure out-of-band access

Firewall

NetDevOps provisioning

Nodegrid also simplifies branch network management by providing a centralized, vendor-neutral platform from which to monitor, control, and troubleshoot your global network. ZPE Cloud gives your team access to all Nodegrid-connected devices from anywhere in the world through a secure, cloud-based web portal. Or you can use the on-premises Nodegrid Manager to gain complete control over every aspect of your branch network.

Plus, Nodegrid devices like the Hive SR run on the Linux-based Nodegrid OS. This open architecture supports easy integrations with third-party solutions. That means you can extend the device’s capabilities to include automation, orchestration, SSE, and other functions, allowing Nodegrid to scale with your organization.

Nodegrid delivers branch-in-a-box solutions through all-in-one hardware, consolidated management, and a completely open and extensible platform that scales on-demand.

Contact ZPE Systems today to view a free demo of Nodegrid branch-in-a-box in action.

Contact Us

Top Data Center Infrastructure Management (DCIM) Trends of 2022

by | Mar 30, 2022 | Data Center Management, Data Center Resilience, Improve Network Security, Remote Network Management, Uncategorized

shutterstock_2075585047(1)

Data center infrastructure management (DCIM) keeps evolving to address enterprises’ changing goals, requirements, and concerns. We spoke with DCIM sales engineers to find out which pain points are on their customer’s minds, and which emerging technologies their enterprises are currently excited about:

  • Providing 24/7 remote access with a virtual presence.
  • Consolidating infrastructure for simpler management.
  • Strategically automating DCIM workflows and equipment.

This blog will discuss why enterprises implement these DCIM tools and technologies and provide the best advice about using them within your data center environment.

The Top 3 DCIM trends of 2022

Remote DCIM

The Covid-19 pandemic has accelerated the existing trend towards remote DCIM with minimal on-site staff. Many organizations are cutting budgets and downsizing their staffing, and many  of the people they keep on board are working remotely. If you don’t have subject matter experts physically at your data centers, you need to be able to deploy, manage, and troubleshoot your infrastructure remotely.

One way to ensure you have 24/7 remote access to your data center infrastructure is with out-of-band (OOB) management. OOB separates the network management plane from the data plane and provides a dedicated connection to your management device, which means you always have access to your infrastructure even if there’s an ISP outage. A complementary component to having a virtual presence  is environmental monitoring, which uses sensors to detect temperature, humidity, tampering, and other data center conditions.

When an on-site visit is unavoidable, remote DCIM helps you determine the root cause of the issue beforehand so you can ensure you already have the parts and tools you need to fix it. Doing so prevents your engineers from making multiple trips or wasting time diagnosing problems on-site. Remote DCIM not only allows you to efficiently monitor and manage data center infrastructure, but it also helps minimize the amount of time and money spent traveling to remote sites to troubleshoot and fix issues.

Consolidated solutions

One of the biggest challenges in DCIM is dealing with many different appliances, solutions, and vendors. This means engineers and technicians need to be trained in deploying, managing, and troubleshooting all these disparate solutions. Vendor lock-in may prevent all these systems from working together or integrating with a central DCIM tool, which means engineers have to jump from box to box to monitor issues or perform maintenance. Plus, there’s the hassle of license management, and different vendor contracts coming up for renewal at different times.

That’s why many organizations are moving towards consolidated DCIM solutions with all-in-one devices. Instead of looking for best-of-breed solutions for routing, out-of-band access, infrastructure management, server/compute, and other data center devices, you can get all of these functions rolled-up into a single box. An all-in-one data center solution is like the Swiss Army Knife of DCIM—it may not be the absolute best at any one feature, but you get all the tools you need in one device.

Another way that organizations overcome vendor lock-in and infrastructure complexity is through vendor-neutral DCIM platforms. With an open-architecture platform, you can integrate all your disparate devices and solutions into one centralized control panel. This increases the ease and efficiency of your engineers to manage your entire data center infrastructure.

All-in-one devices and vendor-neutral DCIM platforms both help reduce the complexity of your data center infrastructure, saving you time, money, and frustration.

DCIM automation

Many organizations are beginning or continuing their DCIM automation initiatives in 2022. Some examples of the data center management workflows that are frequently automated include:

  • Power load balancing and management
  • VM (virtual machine) deployment and management
  • Environmental monitoring and analysis
  • Network load balancing
  • Issue remediation

DCIM automation reduces the amount of time your engineers spend performing tedious, repeatable, and manual tasks. This, in turn, reduces the risk of human error, so you can ensure optimal performance and uptime in your data center.

Often, organizations make the mistake of automating the low-hanging fruit first (whichever tasks are easily automated by their chosen solution) rather than analyzing and prioritizing DCIM workflows based on what will help them achieve their specific business goals. This may not make DCIM any easier or more efficient for them in the long run. Other enterprises assume that DCIM automation is an all-or-nothing proposition that requires orchestration and highly complicated scripts and tooling. This leaves them feeling too intimidated to even begin their automation efforts.

DCIM automation doesn’t have to be difficult. Suppose you start with a complete understanding of your data center infrastructure and which workflows are most critical to your business. In that case, you can then automate them in the order that’s most beneficial to your team and your enterprise. And it doesn’t need to happen all at once—you can begin by creating a simple script to handle a single process, then move on to using technology like zero touch provisioning (ZTP) to automatically configure new data center devices. It is important to use DCIM devices and solutions that provide all the automation capabilities you need without locking you into a single vendor’s ecosystem or feature roadmap. This way, your automation initiatives can scale with you in exactly the way you need them to.

When you take the right approach, DCIM automation can help your organization run more efficiently to save time and resources.

In 2022, many enterprises are prioritizing remote DCIM solutions that give them a 24/7 virtual presence in their data center. They’re also consolidating their data center infrastructure with all-in-one solutions that provide centralized monitoring and management. Finally, organizations are looking for ways to automate DCIM workflows without adding to the complexity of their data center infrastructure and management.

Achieve your DCIM goals in 2022 with Nodegrid

Nodegrid is an innovative data center infrastructure management platform that can help you stay ahead of DCIM trends in 2022 and beyond.

shutterstock_2129974520(1)
The Nodegrid Serial Console delivers remote OOB management of up to 96 connected devices in a single 1U rack-mounted device, ensuring you have 24/7 access to monitor and manage your data center infrastructure. Nodegrid’s modular design means you can create a customized data center management solution with all the functionality you need in one box. You can also use Nodegrid’s environmental monitoring sensors to keep an eye on environmental conditions in your rack, even from thousands of miles away.

Any data center infrastructure connected to a Nodegrid box can be deployed, managed, and monitored from one consolidated software platform—Nodegrid Manager for fully on-premises deployments, or ZPE Cloud for hybrid and cloud-based infrastructure.

Finally, Nodegrid enables and simplifies DCIM automation through features like zero touch provisioning and network scripting support. With the vendor-neutral, Linux-based Nodegrid OS, you can automate and orchestrate your data center infrastructure without vendor lock-in hampering your efforts. Nodegrid allows you to create a completely customized automation architecture using third-party tools like Ansible, Docker, and RESTful.

Want to learn more about DCIM? Read our Q&A with a 20-year DCIM expert.

See how Nodegrid can help you take advantage of DCIM trends in 2022.

Contact ZPE Systems to view a free demo.

Contact Us

Automating Your Network Operations Does Not Have to Be Difficult

by | Mar 28, 2022 | Data Center Management, Data Center Resilience, Improve Network Security, Remote Network Management, Uncategorized

automating your network operations

The importance of network automation is clear—you can reduce human error, create more efficient workflows, and streamline operations. However, many enterprises delay their automation efforts because of how challenging the process can be.

Fortunately, automating your network operations does not have to be difficult if you start with a comprehensive plan and implement the right tools and solutions.

 

Best practices for automating your network operations

1. Automate what you need versus what you can

Start your automation journey by identifying and prioritizing the most beneficial workflows for your business to automate. It may seem easier to choose whatever automation tools are provided by your existing vendors and then try to make them work with your infrastructure. However, that could lead you to follow the automation path that’s best for your vendors, versus the path that’s best for your particular use cases and requirements.  Though the former approach may seem simpler in the short-term, it will reduce the overall success of your automation efforts and make it harder to achieve your goals.

You need a full understanding of all the components that make up your network infrastructure so you can accurately identify and prioritize which devices, processes, and applications to automate in which order. Then, you need to ensure your automation solution can get its hooks into every aspect of your infrastructure, including things like environmental monitoring sensors, PDUs (power distribution units), and other devices that may not be part of your initial orchestration framework. Automating your network operations based on what you need, versus what’s easiest, will ultimately save you time and effort in reaching your automation goals.

This ultimately means that every enterprise’s path to automation should look a little different. However, below are some recommendations for network operations, workflows, and tasks to automate.

 

2. Automate device provisioning

Device provisioning is often a time-consuming, tedious task, which makes it prone to human error—and a prime candidate for automation. There are a couple of common ways to automatically spin up new infrastructure, including:

Zero touch provisioning (ZTP): Devices enabled with ZTP automatically download and execute configurations over the network, allowing you to deploy routers, switches, console servers, and other appliances with very little human intervention. This is especially beneficial for remote infrastructure at colocation facilities, branch offices, warehouses, and other locations where you may not have IT staff available to install and configure devices on-site.

Infrastructure as Code (IaC): IaC uses software abstraction to separate infrastructure configurations from the underlying hardware. This allows you to write configurations as repeatable scripts that you can deploy and manage automatically. You can also use IaC orchestration tools like RedHat Ansible to store and automatically execute configuration scripts for all your infrastructure devices from one central control panel.

Automating the device provisioning process with ZTP and IaC will streamline your network operations by increasing the speed and accuracy with which you can spin up new resources.

 

3. Automate WAN and Branch management

Managing WAN (wide area network) and branch networks can be very challenging without automation. Often, you don’t have on-site staff to monitor and troubleshoot networking equipment. You also need to back-haul all remote traffic through your primary firewall to apply security policies and controls, which creates bottlenecks on the network and reduces productivity. Plus, every new site you add will further increase the complexity of your enterprise network.

One way to automate WAN and branch management is through software-defined wide area networking, or SD-WAN. SD-WAN decouples the WAN management plane from the underlying hardware and, similarly to IaC, abstracts it as software. This makes it easier to introduce automation to your WAN management. For example, you can use SD-WAN intelligent routing to separate cloud-destined traffic and divert to a cloud-based security stack such as Security Service Edge (SSE), reducing bottlenecks and improving performance. Automating your WAN and branch management through SD-WAN reduces the challenge of distributed network management.

 

4. Automate with NetDevOps

DevOps is a popular paradigm that combines software development and IT operations departments into one collaborative team to streamline software releases. NetDevOps takes this a step further by integrating network management into the equation. NetDevOps focuses on operationalizing processes by using a systematic approach to automating and orchestrating network management, development, and operations tasks.

NetDevOps automation uses technologies like IaC and SD-WAN but takes things a step further by integrating them with DevOps tools like code repositories, test automation, and CI/CD (continuous integration/continuous delivery). This allows your entire IT department to function together as one efficient unit, eliminating bottlenecks between teams and streamlining product releases.

  Want to learn more? Read What is NetDevOps? The Definitive Guide

Automating your network operations does not have to be difficult if you start with a robust plan that focuses on your organization’s unique environment, requirements, and capabilities. Often, enterprises start with automatic device provisioning because it’s a tedious and repeatable process. WAN and branch management is another good candidate for automation because it can have a large impact on overall network performance. Finally, for development-focused organizations, the NetDevOps methodology integrates DevOps tools and processes into network automation efforts to create more efficient software release cycles.

 

Automating your network operations is easier with the right solution

Not all network automation platforms offer the same capabilities, features, or level of control. For example, many solutions don’t allow integrations with popular IaC tools like Ansible, Chef, and Puppet. If your platform isn’t vendor-neutral, you’re going to find it challenging to create a fully-integrated NetDevOps environment using code repositories, IaC, and test automation. For true end-to-end automation, you need a platform that can get its hooks into every piece of your infrastructure, or else you’ll end up with a bloated patchwork of solutions that’s difficult to orchestrate and optimize.

ZPE Systems delivers a vendor-neutral network automation platform that doesn’t suffer from any of these limitations. Our Zero Pain Ecosystem can “say yes” to any device, system, or service you add to your network, ensuring you’re able to automate what you need, when you need it. With features like secure zero touch provisioning, SD-WAN, and even SD-Branch, you can automatically deploy and manage your infrastructure from behind one pane of glass. And, all ZPE solutions integrate with leading third-party automation tools, giving you end-to-end automation with consolidated, centralized orchestration.

Automating your network operations is easier with ZPE Systems. But don’t take our word for itsee our solution in action by requesting a free demo today.

Customer strategies in Ukraine to protect privacy and IP

by | Mar 4, 2022 | Data Center Management, Data Center Resilience, Improve Network Security, Remote Network Management, Uncategorized

ZPEUkraine (1)

How autonomous decommissioning via out-of-band has become essential to disaster recovery for edge deployments in uncertain geographies

To say there’s instability in Eastern Europe would be a drastic understatement. Russia continues its attacks on many fronts in Ukraine, displacing millions of Ukrainians who are now left with an uncertain future. Security is on everyone’s mind, and while many have answered the call to arms and stand ready with AK-74 in hand, others recognize that defending Ukraine involves shielding IT infrastructure and intellectual property from cyberattacks.

For this, some of ZPE Systems’ customers are using an unlikely defense: out-of-band management. Despite recent attacks using wiper malware and DDoS to take down government websites, organizations are able to use generation 3 out-of-band to decommission their sites in order to protect their data against adversaries who have boots on the ground.

In this post, we’ll examine the current issues surrounding compromised edge sites and what organizations are doing right now to shield their intellectual property (IP).

What’s at stake?

Many companies have critical IT infrastructure distributed across countries, regions, and continents. This infrastructure consists of networking gear and edge compute equipment, such as servers, switches, routers, and other end devices. These are responsible for connecting users and customers to essential services, processing and storing sensitive data, and running intellectual property such as proprietary operating systems, applications, and network certificates.

All of these are essential to supporting normal business operations and the customers they serve.

For example, telco companies rely on their infrastructure of cell tower sites, fiber cable lines, and their connected hardware and software to provide voice networks and Internet service. These companies run intellectual property within their infrastructure. In many cases, this intellectual property includes software that can cover a range of types and uses, from multi-protocol access proxies that enable IT admins to remotely manage edge network clusters, to analytics applications that track data usage for media delivery and customer experience optimization.

These companies are also responsible for handling sensitive data. For administrative purposes, billing, and compliance, these companies use devices that process and store personal identifying information for customers, including names, addresses, birth dates, etc.

All of this is what is at stake when faced with disaster. This is why it’s important to have the proper disaster recovery plan and tools in place, and mitigate the risk of losing sensitive information or having it fall into the wrong hands.

What disaster looks like

Every enterprise and government organization should assess their level of risk regarding equipment deployed at the edge. Risks can come from geographical and geopolitical factors — such as tornadoes or flooding during seasons of inclimate weather, or regional instability during times of international conflict.

Imagine you’re in charge of a corporate or government organization. One day you stop receiving pingbacks from your edge sites, and you suddenly find that you’re cut off from these locations.

There’s no network. There’s no access. And like many organizations currently struggling in Ukraine, you’re simply no longer in control of what happens to your data.

What do you do now?

Your sensitive user credentials, customer information, and intellectual property are in jeopardy, and possibly being stolen by adversaries.

Could you have prevented this?

Disaster recovery: Autonomous decommissioning to stop data theft

Part of an adequate disaster recovery plan involves having hermetic and autonomous operations, down to the device level. In the case that you need to go into disaster recovery mode, consider all of the information that needs to be wiped at your locations:

  • Servers need to be wiped
  • Disks and partitions need to be wiped
  • Disks need to be overwritten so data can’t be recovered
  • Switches and supporting infrastructure need their configurations wiped

The problem is that since you’re cut off and unable to remotely access this equipment, you can’t perform these tasks.

However, ZPE’s customers are currently using our programmable out-of-band infrastructure for this exact use case. It’s being called ‘autonomous decommissioning’, and it combines network automation with manual commands to essentially perform the inverse of launching network sites. This process is being used to protect IP and personal identifying information from falling into the wrong hands.

How does it work?

With our generation 3 serial consoles and services routers co-located at data center and critical edge locations, customers are able to connect all of their equipment to the out-of-band network. Receiving pingbacks at regular intervals from HQ signals that all is well at these sites.

Due to instability in the region, some sites are becoming compromised and cut off from HQ. When this happens, the infrastructure goes into disaster decommissioning mode, and ZPE’s devices serve as on-prem automation workers which help remote IT admins to begin wiping the entire infrastructure.

Autonomous decommissioning network diagram

These devices are hooked into every piece of equipment, and they’re able to receive automated scripts and manual commands from remote admins to push decommissioning tasks to all connected gear. The ZPE device is then able to have its own configuration wiped and returns to its initial ‘seed of life’ mode, in which it awaits further instructions until the connection is restored to HQ. Once this connection is restored, Nodegrid waits for instructions to rebuild the infrastructure following the immutable infrastructure framework.

This autonomous decommissioning prevents data from being stolen by adversaries. By wiping all data and returning to its seed-of-life state, it also keeps the environment’s configurations secure. That’s because the devices no longer contain any configuration information once they’ve been wiped, and configurations can only be restored once an authenticated connection is reestablished with HQ.

Check out a live demo at ONUG!

See how to automate without anxiety to combat cyberattacks. Join us Thursday, April 28 at 11:10am EST at ONUG for a live demo. Click here to register or get your free virtual pass.

Maintain Uptime With a Reliable Data Center and Business Continuity

by | May 11, 2020 | Data Center Resilience, Minimize Impact of Disruptions, Videos

The data center and business continuity — these go hand-in-hand, as one relies so heavily on the other. Because your data centers are mission critical, an outage can bring down your network and your business. But taking control of your data centers can be more than a hassle, especially if you use traditional out-of-band management (OOB) solutions.

In this article, you’ll explore some major shortcomings of common OOB, how they interfere with business continuity, and what ZPE Systems’ Nodegrid does to restore your peace of mind.

Challenges Involving the Data Center and Business Continuity

You Need to Stay Close.

For network maintenance and management, traditional out-of-band solutions force you to keep staff close to the data center. Not only is this because you need to perform routine tasks, such as monitoring power or opening shells for customers, but also because you need a reliable response in the event that your network faces major disruption. Otherwise, issues can result in you spending sums of time and money to put staff on-site, sometimes requiring late night wakeup calls and expensive round-trip airfare.

You Need Many Devices.

Rack space and energy consumption are at a premium when it comes to data center computing. But by nature, data centers require many appliances just to handle all necessary functions. Introducing OOB management typically involves adding even more devices, which steals more rack space, power, and money from your business. And with traditional OOB solutions, you usually end up with a rigid and complicated system that makes your job that much more difficult. Resolving most issues involves a lengthy administration protocol due to your enormous stack.

You Need Lots of Time.

When scaling and managing via traditional OOB solutions, time isn’t on your side. To deploy a new location, you need to risk shipping preconfigured devices that contain sensitive configuration data. Once you pass this first hurdle, you then need to put staff on-site to manually set up these devices, which can take weeks. Finally, your ongoing management of data center infrastructure involves juggling many vendor-specific consoles and interfaces. If you need to make quick adjustments or pinpoint a failed device, you’re forced to invest more time navigating a complex stack.

Nodegrid Improves Management of the Data Center and Business Continuity

Restore Uptime From Anywhere.

Nodegrid lets you untether staff from the data center’s physical location, and instead gives them the freedom to perform tasks 100% remotely. When you need to adapt to sudden work-from-home guidelines, or restore connectivity after a 3am outage, Nodegrid lets you thanks to flexible out-of-band management. It uses broadband links and 4G/LTE cellular to provide you with more speed than traditional OOB solutions, and you can even take control fo power management. No more midnight flights just to reboot devices — cycle power remotely and rest easy.

Save space and power

Nodegrid’s consolidated devices address the data center’s need for less — less occupied rack space, and less consumed energy. The all-in-one appliances handle network, compute, storage, and power functions, and also feature a blazing fast x86 64-bit architecture that supports direct third-party application hosting. For out-of-band management, you can connect via many common serial or digital interfaces, and even get a reliable cellular connection for backup. Nodegrid’s efficient devices free up rack space, consume less energy, and help you resolve issues faster.

Scale and manage fast

Nodegrid makes scaling quick and easy. With patented, all-in-one devices, cloud-based flexibility via ZPE Cloud, and Nodegrid Manager software, you can deploy and manage in minutes. Instead of shipping sensitive devices to your new location, you just need to send a bare-metal Nodegrid appliance. Once it’s safely at your new data center, simply plug it in and watch it work. ZPE Cloud delivers zero touch provisioning that’s secure, automatic, and consistent. For ongoing management, use this cloud connectivity coupled with Nodegrid Manager to get a full, in-depth view of your network infrastructure. Alerts and notifications pinpoint potential issues, and you can employ automation tools via Ansible, Puppet, Chef, and others for self-healing and repair.

Nodegrid keeps you secure with two-factor authentication and single sign-on. For added convenience and improved management, Nodegrid also comes with a screen- and session-sharing feature that lets you collaborate with others in real time. You can team up with your experts to find and fix issues fast.

If you want to see Nodegrid’s next gen out-of-band solution for the data center, schedule a demo now.