Providing Out-of-Band Connectivity to Mission-Critical IT Resources

Zero Trust Network Access vs. VPN for Branch and Edge Networking

When comparing zero trust network access vs. VPN, they both have benefits for security, speed, and scalability

Organizations are starting to recognize the benefits of edge computing, which moves data processing resources closer to the sources of data generation and away from the central data center. In addition, businesses are becoming more geographically dispersed, with branch offices, manufacturing facilities, and other remote sites around the world.

While larger remote sites are typically connected to the enterprise network via WAN or SD-WAN, this may not be feasible for smaller branches with fewer staff. Traditionally, VPNs (virtual private networks) are used to create a private connection for remote systems and users. However, a new technology called Zero Trust Network Access improves upon VPNs by providing faster and more secure remote connections.

What is a VPN?

A VPN, or virtual private network, is a service that creates an encrypted connection between a device and a network. In this particular use case, VPNs are used to extend the enterprise network to branch and edge locations. Often, organizations use VPNs as an alternative to installing expensive WAN solutions in very small remote sites. They’re also used to connect sites that are unreachable by traditional network infrastructure, such as offshore oil rigs.

Though VPN traffic is encrypted, there are still security risks. Many VPNs still use single-factor authentication, meaning all you need is a username and password to connect. If a remote user’s account information is stolen, a hacker could easily gain access because they don’t need to provide a second form of identity verification.

In addition, VPNs grant complete access to the enterprise network, trusting remote users and devices just like they were in the main office. That means a malicious actor could use a compromised account or stolen laptop to move laterally around your enterprise network, stealing whatever data they can find.

What is Zero Trust Network Access (ZTNA)?

Zero trust network access, or ZTNA, is another product or service that connects remote users and devices to enterprise network resources. However, instead of creating a tunnel to the enterprise network itself, ZTNA directly connects users to the applications and services they need. Users then need to re-verify their identity and re-establish trust before they access another application.

ZTNA follows the “dark cloud” concept, which prevents remote users from seeing or interacting with any of the data, systems, or applications they aren’t explicitly authenticated to. Microsegmentation is used to create perimeters around each resource with granular, context-based access control policies.

For example, if a branch office employee uses ZTNA to access the shipping system, they can’t see or touch the payroll application unless they authenticate to that specific resource. If the account is behaving suspiciously (logging in at unusual times, accessing resources it doesn’t typically need, etc.) then the account is locked until trust can be re-established. The dark cloud principle prevents malicious actors from discovering valuable resources and moving laterally on the enterprise network.

Comparing zero trust network access vs. VPN for branch and edge networking

Trust

Zero trust network access is more secure than VPNs because it follows the zero trust security model of “never trust, always verify.” Branch and edge accounts are assumed to be untrustworthy until they prove otherwise through repeated identity verification and trustworthy behavior. Remote accounts never have full access to the enterprise network and can only see and interact with the specific resources they’re presently authenticated to.

Authentication

While newer VPNs may allow integrations with third-party MFA (multi-factor authentication) providers like Okta, many organizations are still using single-factor authentication for VPN clients. That makes it much easier for a hacker to use a single set of stolen credentials to gain unrestricted access to the enterprise network. In addition, if a branch employee leaves their VPN session active and their laptop is stolen (for example, because it was in an unsecured building that’s open to the public), the thief can use that session to jump around the network without ever needing to re-verify or re-authenticate.

Performance

VPN connections are notoriously slow. All VPN traffic needs to be backhauled through a centralized concentrator, which creates massive bottlenecks and network latency. ZTNA, on the other hand, connects branch and edge devices directly to the resources they need. If that resource lives on the web or in the cloud, the traffic bypasses the enterprise network entirely, reducing the load and improving performance for everyone.

Scalability

Finally, VPNs are meant to be deployed to individual users on a case-by-case basis. Scaling up is difficult and expensive because you need to purchase licenses and install software for each machine that connects. Also, the more VPN connections, the greater the impact on network performance, and the more VPN concentrator solutions you’ll need to deploy to distribute the load. Gartner predicts that by 2025, 75% of enterprise-generated data will be processed at the edge, so individual VPN solutions won’t be able to keep up.

ZTNA is often delivered on the “as-a-service” model, which means it’s hosted in the cloud and doesn’t require any customer premises equipment (CPE). Licenses are scaled up or down at the click of a button, and there’s no software to install on remote machines. This makes ZTNA the ideal choice for enterprises hoping to expand their global reach or scale up their edge computing capabilities.

Deploying ZTNA for branch and edge networks

Zero trust network access is available as a standalone service, but you can also find it among the cloud-oriented security stack in a Security Service Edge (SSE) solution. SSE combines ZTNA with security technology such as Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), and Firewall-as-a-Service (FWaaS). This suite of cloud security features delivers comprehensive protection for branch and edge networks while reducing the need for remote traffic to pass through the central data center.

Learn more about branch and edge networking:

Need more help on branch and edge networking?

Need more help comparing zero trust network access vs. VPN for branch and edge use cases?

Contact ZPE Systems

ZPE Systems Featured in L’Informaticien Magazine

L’Informaticien and ZPE Systems

ZPE Systems is featured in L’Informaticien Magazine, a France-based publication with a wide audience. Read the English translation here, and check out the original source content with the links at the bottom. Be sure to follow us on LinkedIn and Twitter for more updates about our global presence.

ZPE, All-in-one Supervision

Founded in 2013, ZPE Systems is world famous but discreet despite its presence in France with large accounts. The company offers an all-in-one solution combining software, equipment and sensors to provide automation and orchestration on network operations and security.

Gartner covers the type of solution offered by ZPE under the term of Hyperautomation. ZPE is the Swiss army knife of network services by providing a solution to simplify and unify the vision of the network and the operations on this one. The solution can be deployed on site or from the Cloud. Locally, ZPE offers routers that supply the supervision console in the Cloud from different sensors or agents. It is possible from the console to configure, deploy, manage, and ensure access to implement the desired solution. The publisher’s operating system brings a layer of virtualization which makes it possible to accommodate third-party services such as for security, for example, in order to allow Out-of-Band supervision of all the IT components present in the company. On site, the solution comes in the form of an appliance which brings together all the functionalities and extensions allowed by a whole set of APIs to meet specific business needs. Thus, in September of last year, ZPE announced that it could ship Palo Alto Networks Prisma SD-WAN in its edge routers. In this case, the solution behaves like a mini Cloud at the edge.

Multiple advantages

ZPE brings the benefit of both all-in-one solutions but also the ability to easily deploy best-of-breed solutions with a supervision from a central and unique point, while avoiding the need to deploy, manage, and pay for licenses or subscriptions for disparate solutions. The solution consolidates the network stack and simplifies the operations of deployment, configuration, updating network scale and management. This makes life easier for the teams in charge of the network. Who has not experienced the ordeal of deploying remote networks or to try to find the cause of an incident on this type of site and to restore the faulty services? ZPE is particularly suitable for companies with many sites or highly distributed infrastructures

Nodegrid 5.6

During the last Cisco Live, held in Las Vegas during June, ZPE announced a new version of its Nodegrid OS available for its consoles and routers. Like its predecessor, the solution makes it possible to deploy best-of-breed at the choice of the company from the Cloud console of the ZPE solution. It is thus possible to deploy solutions embedding the various software from pre-validated suppliers.

Here is the list:

  • Ansible
  • Gluware
  • Stackstorm
  • On-ramp to Cisco SIG/Umbrella/CDFW, Fortinet, Palo Alto Networks’ PANOS firewalls, ThousandEyes agents

The solution thus provides a complete automation plan that can be orchestrated from Nodegrid for configuration change management, network monitoring and response to attacks and thus avoid service interruptions.

LInformaticien

Data Center Orchestration with Gen 3 OOB for Digital Services Providers

ata center orchestration
Large digital service providers face some unique data center and network management challenges. Customers and shareholders expect 24/7, high-speed access to these services from anywhere in the world. The scale and complexity of their infrastructure, combined with their highly distributed, global network architectures, can make it difficult for administrators to meet those expectations. In this article, we’ll discuss how data center orchestration with Gen 3 out-of-band (OOB) management helps digital service providers achieve the reliability their customers demand while reducing expenses and complexity.

Use case: Data center orchestration with Gen 3 out-of-band for digital service providers

The businesses in this use case provide digital services at a very large scale. They need to ensure constant availability and reliability because that’s what their customers expect, and it’s what their competitors promise. Some examples of large digital service providers include:

   Music or video streaming services
   Stock trading applications
   Online banking portals
   Cloud compute services
   SASE and SSE vendors
   Internet service providers (ISPs) and telecom companies
   Internet exchanges
   Storage as a Service providers

These companies typically host their resources in private data centers or colocation facilities, so they have total control over the hardware and infrastructure. Because of the extremely large scale of their operations, they need to deploy, maintain, and administer many machines. And, since they typically provide global services, they have a large, complex, and highly-distributed network architecture.

There are several major pain points for network administrators in this environment. First, they need to maintain constant access to remote infrastructure, even during network outages. Second, they need the ability to scale up their infrastructure on-demand by quickly deploying new machines with the correct configurations. Finally, they need to be able to monitor, manage, and optimize their complex network architectures.

Let’s look at how these pain points are solved using data center orchestration with Gen 3 OOB.

1. Constant availability

People expect 100% uptime from their digital services, which is why it’s always major news when a big provider like Netflix goes down. To try and achieve constant availability, these vendors typically use their own hardware in private data centers and colocation facilities rather than relying on public cloud hosting. They host their infrastructure in many different facilities around the world, both for redundancy and to ensure peak performance for globally distributed customers.

Between hiring freezes and staff cuts at major companies like Apple, Google, and Netflix, many of these companies don’t have enough technical staff to maintain a physical presence in all of these data centers. Instead, their administrators and engineers access this infrastructure remotely, using tools like serial consoles, KVM switches, and jump boxes to connect to devices in the rack. However, if they lose network access to the management device due to an ISP outage, hardware failure, or configuration mistake, they’re left without a way to remotely recover. That means they need to either dispatch a technician from their home office or pay for costly on-site managed services from their hosting facility. Either way, valuable time and money are wasted on travel and other logistics.

Out-of-band management solves this problem by providing an alternative path to remote network infrastructure. Data center orchestration solutions with Gen 3 OOB use a secondary network connection (typically a cellular modem) that is dedicated to management and troubleshooting. That means administrators can configure, troubleshoot, and orchestrate remote infrastructure even when the primary network connection is offline or overloaded with production traffic. This gives digital service providers the ability to recover from outages and other issues much faster, bringing them closer to their goal of 24/7 availability.

2. Scalability

Large digital service providers need to serve millions of customers who may live all over the globe. They also need to meet sudden spikes in demand without limiting the performance of their product. That means they need to deploy lots of machines to many different facilities, often very quickly. Plus, they need to do so without configuration mistakes, as these could delay deployment, create security vulnerabilities, or even require a truck-roll to fix.

Since deployments need to happen quickly, accurately, and repeatedly, that makes them a prime candidate for automation. There are two primary technologies used to automate data center deployments: zero touch provisioning (ZTP) and Infrastructure as Code (IaC). A Gen 3 OOB data center orchestration tool enables both.

Zero touch provisioning gives administrators the ability to deploy device configurations to remote hardware over a network connection. Earlier generations of OOB data center solutions often included ZTP for devices within a specific vendor’s ecosystem, but Gen 3 tools are vendor-agnostic. That means administrators can remotely deploy an entire data center of mixed-vendor solutions without risking security breaches and the potential for opening a backdoor through pre-staging or on-site configuration. Plus, Gen 3 OOB provides a dedicated network to use in the provisioning process, so if there’s an issue with the configuration that takes the new device offline, administrators can still remotely recover.

IaC decouples a device’s configuration from the underlying hardware, turning it into software code that’s executed according to programmatic playbooks. Gen 3 OOB data center orchestration solutions support automation through IaC, either by integrating with third-party IaC platforms or by directly hosting playbooks. This allows administrators to apply DevOps best practices to infrastructure configurations, for example running automated tests to verify the quality and security of the code before deployment. IaC also reduces the time and complexity involved in configuring new devices, because scripts are easily reusable and can be deployed as many times as needed.

Through automation technologies like ZTP and IaC, Gen 3 OOB data center orchestration platforms allow digital service providers to scale their infrastructure quickly and efficiently. Automation also reduces the risk of human error, which reduces the chances that rapid scaling will cause service interruptions.

3. Network complexity

Large digital service providers have complex and distributed network architectures. They may have dozens or even hundreds of remote sites connected to the WAN, each of which may have different vendor hardware, bandwidth requirements, and security risks. Plus, there are many thousands of users accessing those resources from all over the world. In this kind of environment, manual network management is too time-consuming and prone to error.

Once again, automation is key to overcoming this challenge. Network automation is enabled in much the same way as infrastructure automation—by implementing software abstraction to decouple the management plane from the underlying hardware. This is known as software-defined networking (SDN) or, in the case of WAN architectures, software-defined wide area networking (SD-WAN). Digital service providers use SD-WAN to virtualize their distributed networks, employing software network controllers and APIs to route and load-balance traffic.

The right data center orchestration solution centralizes management of the entire SD-WAN architecture, giving administrators a single pane of glass from which to monitor and control the virtual network. Gen 3 OOB platforms are vendor-neutral, which means they can dig their hooks into all of the various hardware and software solutions that make up an SD-WAN infrastructure. They enable end-to-end automation of network management workflows and provide orchestration capabilities to automate the deployment and execution of those automated workflows. This makes it possible for digital service providers to manage their highly complex network architectures efficiently while maintaining optimal performance.

Gen 3 OOB data center orchestration with Nodegrid

The need for constant availability, easy scalability, and efficient network management is what brings many major digital service providers to ZPE Systems. The Nodegrid data center orchestration platform is the first Gen 3 out-of-band solution that enables end-to-end automation and complete vendor freedom.

The Nodegrid Serial Console Plus (NSCP) is a high-density serial console for large-scale and hyperscale data centers and includes features such as 5G/4G LTE cellular OOB and network failover to ensure 24/7 remote access. Built on the open, Linux-based Nodegrid OS, the NSCP supports integrations with your choice of third-party solutions, or you can directly host your automation, security, and SD-WAN applications on the device itself. Plus, the ZPE Cloud management software provides a centralized, web-based orchestration platform from which to deploy, monitor, and control your entire network architecture.

ZPE is here to help!

Still want to learn more about the Nodegrid Gen 3 data center orchestration platform for large digital service providers?

Contact Us

CIOs: 3 Boardroom Questions to Survive Winter Recession & Lockdowns

Winter is Approaching
The Dow recently posted decreases of 1,300 and 1,000 points within weeks of each other. Companies including Apple, Google, and Netflix have slowed hiring this year or outright cut staff. For CIOs, the message is clear: Winter is coming, and so is a recession.

We all know that company revenue is directly tied to IT infrastructure and the digital services it provides. In the simplest terms: network down, revenue down. So when economic downturns lead to hiring freezes and increasing workloads for IT, CIOs need to figure out how to ‘do more with less’ in order to maintain service levels. The reality is that we’d still expect IT to fulfill our support tickets even during the zombie apocalypse.

Today, business leaders are gearing up for the possibility of such challenges looming larger on the horizon, not to mention the potential for more covid lockdowns and other disruptions. No matter the reason, the expectation remains the same – keep networks reliable and secure.

Business leaders are uncertain about the coming winter

Business leaders are growing uncertain about the coming winter months because of the potential for more major operational shakeups, like those that occurred at the start of the coronavirus pandemic in 2020. This uncertainty stems from two looming possibilities:

As CIO, your peers will ask how you plan to increase top line revenue despite the winter recession, limited staff numbers, and potential lockdowns. This means you’ll need solid answers to three critical questions that will come up at your next board meeting.

3 Questions to Help CIOs Survive the Winter Recession

If we need to freeze hiring, can we continue to fulfill SLAs for internal & external digital services?

The IT workload has grown exponentially since infrastructure moved from centralized to decentralized. There’s just too much infrastructure scattered in so many data centers, colocations, and branch offices — from servers and routers, to branch gateways, remote sensors, smart building infrastructure, user experience monitoring applications, and firewalls. On top of this, pushing workloads to edge compute and 5G will inevitably lead to more micro and nano data centers that need to be maintained. Your IT teams are already struggling to keep up with everyday operations like configuration management, troubleshooting, and recovering down equipment. Now imagine how much stress they’ll endure if they’re unable to get additional help due to hiring freezes or pandemic lockdowns.

If staff can no longer physically access equipment, can we maintain IT availability?

As we saw at the beginning of the Covid pandemic, companies scrambled to find ways to accommodate normal operations while shifting staff to a fully digital workplace. But many companies were unprepared and are still struggling to adapt. In fact in 2021, IT organizations reported that their highest priority was to improve digital work for employees, but 66% said they didn’t have the capabilities to support the needs of remote and hybrid work. IT organizations must be prepared to accommodate flexible work well into the future, but this typically means employing a mix of local smart hands, third party service providers, and remote management solutions that significantly inflate operating costs. Despite any potential lockdowns, physical access can already be challenging when equipment resides at remote locations that are costly, inconvenient, or downright dangerous to access.

Will we be able to stay in compliance and keep up with security patches?

Many security breaches occur not because patches don’t exist, but because installing these patches might lead to unforeseen breakages. Some IT teams still run software that’s years old and several major revisions outdated. Meanwhile, these teams can only hope that vulnerabilities won’t be exploited and lead to business incurring regulatory fines or penalties. In a nutshell, systems go unpatched and grow more vulnerable as time goes on, because teams are afraid to risk breakages that they can’t easily recover from. This problem will only worsen when hiring is put on hold and physical site access is restricted.

Big tech has it figured out

Big tech companies have thrived on recessions and often come out stronger. How? Because they understand that they must empower their IT organizations during economic downturn. According to Gartner, there’s no better way to do this than to invest in digital transformation. But exactly what digital investments do these companies make? As CIO, you have such a large and distributed IT organization to wrap your arms around, that it’s difficult to define the practical steps you need to take. When answering these three key questions, your IT and executive teams will need to know: “How do you plan to accomplish this?”

Use big tech’s secret: The Network Automation Blueprint 

The network automation blueprint is made up of four major building blocks that create a management network design pattern to accommodate hyperautomation. These building blocks are:

  • IT/OT production infrastructure: This includes servers, switches, routers, and common production equipment.
  • Automation infrastructure: This is a truly independent network that enables automation to reach the production infrastructure in an out-of-band fashion.  Customers call this the double-ring network. This layer often uses a combination of serial console and Ethernet connections, and also includes staging jump boxes, local storage, TFTP source of truth, and version control systems.
  • Orchestration and automation systems: This is where the desired outcome and playbooks are sourced from. The key is that the orchestration reaches the production systems through the independent out-of-band network to achieve the desired outcome.
  • AI Ops infrastructure: This layer receives rich information from observability platforms to make reactive and predictive decisions at scale. Using machine learning and artificial intelligence, this layer learns the network’s normal behaviors and pushes changes through the orchestration and automation layer.

This blueprint is the reference architecture validated to successfully implement Gartner’s definition of hyperautomation, as well as meet the Open Networking User Group (ONUG) Orchestration and Automation recommendations. This blueprint gives you the necessary layers to confidently answer the three questions that will come up during your boardroom meeting, and outlines the practical steps required to achieve IT resilience. Here’s how it answers these questions:

If we need to freeze hiring, can we continue providing reliable IT services?

By separating the automation infrastructure from the production network, teams can build hyperautomated environments while having a safe way to recover from errors. Despite having limited staff and/or a virtual workforce, teams can develop their automation pipelines to reduce workloads and meet SLAs.

If staff can no longer physically access equipment, can we maintain IT availability?

With the network automation blueprint, teams get a management network design pattern that ties into all of their solutions. This means they get a full virtual presence to manage SD-WAN, firewalls, switches, servers, routers, and their entire stack. The blueprint also calls for running automation locally so workloads can be carried out despite connectivity problems. These allow teams to maintain their sites and availability across distributed architectures.

Will we be able to stay in compliance and keep up with security patches?

Automating via out-of-band means teams no longer need anxiety about the dreaded Friday night upgrade. Instead of running outdated software and configurations because “if it ain’t broke, don’t fix it,” teams can ensure the integrity of updates before pushing them live. This allows them to take advantage of the latest software releases, close security gaps, and maintain compliance.

Meeting customer expectations for always-on digital services is a major challenge for any enterprise. That’s why it’s important for CIOs to empower their teams with hyperautomation and automate as many processes as possible. The network automation blueprint gives you the reference architecture that’s been validated by big tech as the safe way to build hyperautomated environments. This blueprint is now available just in time to help organizations prepare for the looming winter recession.

Blueprint

Get the Network Automation Blueprint now

Now is the time to prepare for winter, and you can start laying the groundwork for hyperautomation. Click the button below to download the network automation blueprint. You’ll see the same network architecture used by Big Tech, now tailored to help any size company provide reliable digital services.

 

Opengear CM7100 Alternative Options

Opengear CM Alternative Options

The Opengear CM series console servers provide out-of-band (OOB) management of data center infrastructure so that network administrators can access and control remote equipment from one centralized interface. Like other OOB serial consoles, the CM series gives admins an alternative path to remote infrastructure that doesn’t rely on the production LAN, WAN, or ISP network.

The CM7100 series is EOL as of the 31st of March, 2023, with an end-of-sale date of the 30th of September 2023 – click here to see a full list of affected product SKUs.

Opengear’s recommended replacement is the CM8100. Like the 7100, this is a traditional console server solution, which means it has gaps in its OOB capabilities due to vendor lock-in, limited automation support, and a lack of hardware security.

In this blog, we’ll discuss Opengear’s replacement solution as well as Opengear alternatives that deliver greater availability, functionality, and security.

Disclaimer: This comparison was written by a 3rd party in collaboration with ZPE Systems using data gathered from publicly available data sheets and admin guides, as of 4/28/2023.

Please email us if you have corrections or edits, or want to review additional attributes: Matrix@zpesystems.com

Table of Contents

Opengear CM7100 overview

The Opengear CM7100 is a line of OOB console servers for data centers and large enterprise deployments. The CM7100 comes with 16, 32, 48, or 96 managed RJ45 serial ports and dual USB 2.0 managed console ports. OOB management and network failover are provided via dual LAN ports or dual LAN/SFP ports.

The CM7100 is primarily used in data center deployments to provide centralized remote control and OOB access. With the CM7100 now EOL, Opengear recommends migrating to the CM8100 series. Let’s take a look at the features, specifications, and limitations of the Opengear CM8100 before discussing some alternative options.

Looking for replacement options for other discontinued serial consoles and branch routers? Try:

 

Opengear replacement options: CM8100

The CM8100 is Opengear’s newest console server for large data center and enterprise deployments. The CM8100 comes with 16, 32, or 48 managed serial ports and 2 managed USB ports in a 1RU form factor, or up to 96 ports in 2RU. Like the other CM models, the 8100 does not come with cellular or WI-Fi options, so it provides OOB and failover on dual Ethernet/SFP interfaces.

All CM models use Opengear’s Smart OOBTM, which includes automatic port discovery and VLAN support. However, the CM series does not support cellular access for OOB or failover. Further automation capabilities include zero-touch provisioning (ZTP), Opengear NetOps modules, and support for Ruby, Perl, and Bash.

On the security side, the CM8100 offers IPSec & OpenVPN, Secure Shell (SSHv2), Trusted Platform Module 2.0 (TPM 2.0), and advanced authentication via TACACS+, Kerberos, RADIUS, and more. However, none of the CM models support SAML 2.0, which makes it difficult to implement Zero Trust principles on the OOB management network.

Opengear CM8100 Features & Tech Specs

Notable Serial Console Features

• SSH direct to consoles

• Keystroke logging

• Multiple concurrent sessions

• Automatic device name discovery

OOB Managed Interfaces

• 16, 32, 48 ports (1RU)

• 96 ports (2RU)

Hardware

• 1.6 GHz Dual-Core ARM Cortex-A9 SoC CPU

• Dual Ethernet for OOB/Failover

Automation

• Opengear NetOps modules

• API access

• Docker support

• Python

• Perl and bash support

• ZTP

• SNMP-Standard MIBs

Automation for End Devices

ZTP

Guest OS

• Docker support

Power Management

• Control PDU outlets via serial, USB, and Ethernet

• Supports 100+ power vendors’ equipment

Hardware Security

• TPM 2.0

• Embedded firewall

Form Factor

Fixed 1RU or 2RU

Opengear CM limitations

While the CM8100 offers some improvements over the CM7100, it still falls short of delivering Gen 3 OOB console server functionality in the following ways.

The Opengear CM solution suffers from:

OOB inflexibility

While the CM7100 and CM8100 both provide OOB management access and network failover, they’re only available via dual Ethernet/SFP interfaces. None of the CM-series console servers come with options for cellular, Wi-Fi, or dial-up modem access. That means something like a regional network outage or data center LAN issue could potentially cut off access to both the OOB and production network.

Vendor lock-in

The Linux-based OS is programmable and extensible, but Opengear’s Lighthouse management software is not truly vendor-neutral. That means your hardware and software integration capabilities will be limited to specific supported solutions. For enterprises with hybrid, distributed, and multi-vendor infrastructures, this limitation could leave gaps in management and orchestration coverage. 

Limited automation

The CM8100 offers more automation capabilities than the 7100, but there are still limitations. For example, Lighthouse is required for ZTP and other automation capabilities, but it only extends to certain supported end-devices, which means you’ll need to manually configure, provision, and deploy the rest of your infrastructure–or stay within Opengear’s ecosystem, which limits your vendor freedom.

Lack of security

Opengear added embedded TPM 2.0 security to the new CM8100 line to make the hardware more secure. However, the CM series does not include additional hardware security like geofencing, BIOS protection, or UEFI secure boot. This increases the risk that a stolen or compromised console server could be used to provide cybercriminals with unrestricted access to your OOB management network.

Both the Opengear CM7100 and CM8100 are 2nd generation serial console servers. That means they provide OOB management access as well as some automation functionality to simplify individual network management workflows. However, due to a lack of alternative OOB/failover interfaces, vendor lock-in, limited automation integrations, and minimal hardware security, the CM series falls short of the end-to-end automation and security required for a Gen 3 OOB solution.

CM7100 migration options from ZPE Systems

The Nodegrid solution from ZPE Systems is the world’s first Gen 3 OOB management platform. With a wide range of serial console servers and integrated branch services routers to choose from, three models in particular serve as direct replacements for the EOL Opengear CM7100: the Nodegrid Serial Console Plus (NSCP), the Nodegrid Serial Console S Series, and the Nodegrid Net Services Router (NSR).

Nodegrid Serial Console Plus (NSCP)

The high-density Nodegrid Serial Console Plus comes in 16, 32, 48, and 96 serial RJ45 port configurations as well as providing 2 USB 3.0 ports for a total of 98 managed devices on a single 1RU device. That makes the NSCP a direct replacement for 96-port CM7100 devices – to get the same number of ports on the CM8100, you’ll need a 2RU device that uses more rack space.

Nodegrid Serial Console S Series

The Nodegrid S series, which comes in 16, 32, or 48-port configurations, uses auto-sensing ports to provide seamless management of modern, legacy, and mixed-vendor infrastructure. The S Series serial console switch is the perfect legacy modernization solution because it allows you to extend automation to end devices that otherwise wouldn’t support it.

Nodegrid Net Services Router (NSR)

The Nodegrid Net Services Router is an all-in-one branch network solution that delivers out-of-band management, SD-WAN capabilities, and more in a single box. The NSR has a modular design so you can add extra terminal server capabilities, more storage or processing power, or extra GbE Ethernet ports to create a completely customized solution.

All Nodegrid boxes deliver OOB access and network failover via built-in 5G/4G LTE cellular and Wi-Fi, so you get 24/7 availability even during LAN and ISP outages. These devices run the open, Linux-based Nodegrid OS with full support for integrated NetDevOps automation solutions like Ansible, Chef, Docker, and Puppet. Nodegrid provides a separate control plane for OOB and automation, making it the ideal solution for a wide variety of business use cases, including

  • Extending automation to any environment or device
  • Enabling Zero Trust Network Access (ZTNA)
  • Increasing OOB & failover flexibility
  • Helping organizations become AI-ready

In addition, the vendor-neutral, web-based ZPE Cloud orchestration solution can dig its hooks into any Nodegrid-connected infrastructure, regardless of vendor, location, or private cloud provider. This gives you a single pane of glass from which to monitor and manage your on-premises, remote, and/or cloud-based infrastructure. Nodegrid’s vendor-agnostic platform enables true end-to-end automation and hyperautomation of enterprise networks.

Plus, Nodegrid includes robust hardware security features like BIOS protection, TPM 2.0, geofencing, and UEFI Secure Boot. The embedded, stateful firewall provides functionality such as multi-site IPSec VPN, advanced authentication, selectable cryptographic protocols and cyber suite levels, and Zero Trust 2FA and SAML 2.0.

 

Nodegrid NSCP

Nodegrid S Series

Nodegrid NSR

Notable Serial Console Features

• SSH direct to consoles

• Keystroke logging

• Logging to ZPE Cloud, NFS, Local

• Alert on cable disconnects

• Text pattern match with scriptable actions

• Multiple concurrent sessions

• Automatic device name discovery

• Session sharing for collaboration

• IP address per serial port

• Secure session logout enforcement

• Power control hotkey on serial port

• Configurable icon per serial port

• SSH direct to consoles

• Keystroke logging

• Logging to ZPE Cloud, NFS, Local

• Alert on cable disconnects

• Text pattern match with scriptable actions

• Multiple concurrent sessions

• Automatic device name discovery

• Session sharing for collaboration

• IP address per serial port

• Secure session logout enforcement

• Power control hotkey on serial port

• Configurable icon per serial port

• SSH direct to consoles

• Keystroke logging

• Logging to ZPE Cloud, NFS, Local

• Alert on cable disconnects

• Text pattern match with scriptable actions

• Multiple concurrent sessions

• Automatic device name discovery

• Session sharing for collaboration

• IP address per serial port

• Secure session logout enforcement

• Power control hotkey on serial port

• Configurable icon per serial port

OOB Managed Interfaces

• 16, 32, 48, 96 ports (1RU)

• 16, 32, 48 ports

• Up to 5 x 16-port RJ-45 Serial modules

Hardware

• Intel X86, 64-bit CPU optimized for running VMs and automation tools

• Dual-SIM 5G/4G/LTE, Wi-Fi, and V.02 modem for OOB/Failover

• Intel X86, 64-bit CPU optimized for running VMs and automation tools

• Dual-SIM 5G/4G/LTE, Wi-Fi, and V.02 modem for OOB/Failover

• Intel X86, 64-bit CPU optimized for running VMs and automation tools

• Dual-SIM 5G/4G/LTE, Wi-Fi, and V.02 modem for OOB/Failover

Automation

• ZPE Cloud

• Chef

• Docker

• Puppet

• Python

• Ruby

• ShellScript

• Node.js JavaScript

• Redhat Ansible

• KVM Hypervisor

• ZPE Cloud

• Chef

• Docker

• Puppet

• Python

• Ruby

• ShellScript

• Node.js JavaScript

• Redhat Ansible

• KVM Hypervisor

• ZPE Cloud

• Chef

• Docker

• Puppet

• Python

• Ruby

• ShellScript

• Node.js JavaScript

• Redhat Ansible

• KVM Hypervisor

Automation for End Devices

• ZPE Cloud

• Chef

• Docker

• Puppet

• Python

• Ruby

• ShellScript

• Node.js JavaScript

• Redhat Ansible

• KVM Hypervisor

• ZPE Cloud

• Chef

• Docker

• Puppet

• Python

• Ruby

• ShellScript

• Node.js JavaScript

• Redhat Ansible

• KVM Hypervisor

• ZPE Cloud

• Chef

• Docker

• Puppet

• Python

• Ruby

• ShellScript

• Node.js JavaScript

• Redhat Ansible

• KVM Hypervisor

Guest OS

• VMs, Docker, Kubernetes, LXC

• VMs, Docker, Kubernetes, LXC

• VMs, Docker, Kubernetes, LXC

Power Management

• Supports major power strips manufacturers

• Power management integrated with serial session (escape sequence in the serial session or power buttons in web serial session)

• Power control of VMs

• Access rights for users & user groups

• Supports major power strips manufacturers

• Power management integrated with serial session (escape sequence in the serial session or power buttons in web serial session)

• Power control of VMs

• Access rights for users & user groups

• Supports major power strips manufacturers

• Power management integrated with serial session (escape sequence in the serial session or power buttons in web serial session)

• Power control of VMs

• Access rights for users & user groups

Hardware Security

• TPM 2.0

• Encrypted solid-state disk

• UEFI BIOS with protection

• Secure Boot (signed OS

• Geofencing

• TPM 2.0

• Encrypted solid-state disk

• UEFI BIOS with protection

• Secure Boot (signed OS

• Geofencing

• TPM 2.0

• Encrypted solid-state disk

• UEFI BIOS with protection

• Secure Boot (signed OS

• Geofencing

Form Factor

Fixed 1RU

Fixed 1RU

Modular 1RU

The Nodegrid Gen 3 OOB solution is an Opengear alternative that delivers 24/7 availability, end-to-end automation, Zero Trust Security, and complete vendor freedom.

Watch a free Nodegrid demo to see a Gen 3 OOB serial console solution in action. Watch Now

Opengear CM7100 migration SKUs:

Opengear CM7100 EOL SKU

In Scope Features

ZPE Replacement Product

CM7116-2-SAC

CM7116-2-DAC

16 Serial ports, OOB management

Fixed Form Factor:

ZPE-NSCP-T16R-STND-SAC

ZPE-NSC-T16S-STND-SAC

ZPE-NSCP-T16R-STND-DAC

ZPE-NSC-T16S-STND-DAC

Modular Form Factor:

ZPE-NSR-816-DAC with 1 x 16 port serial module 1 x ZPE-NSR-16SRL-EXPN

CM7132-2-DAC

32 Serial ports, OOB management

Fixed Form Factor:

ZPE-NSCP-T32R-STND-DAC

ZPE-NSC-T32S-STND-DAC

Modular Form Factor:

ZPE-NSR-816-DAC with 2 x 16 port serial module 2 x ZPE-NSR-16SRL-EXPN

CM7148-2-SAC

CM7148-2-DAC

48 Serial ports, OOB management

Fixed Form Factor:

ZPE-NSCP-T48R-STND-SAC

ZPE-NSC-T48S-STND-SAC

ZPE-NSCP-T48R-STND-DAC

ZPE-NSC-T48S-STND-DAC

Modular Form Factor:

ZPE-NSR-816-DAC with 3 x 16 port serial module 3 x ZPE-NSR-16SRL-EXPN

CM7196A-2-DAC

96 Serial ports, OOB management

ZPE-NSCP-T96R-STND-DAC

Ready to replace your EOL Opengear CM7100 with a Gen 3 out-of-band serial console solution?

Call ZPE Systems today at 1-844-4ZPE-SYS for a special trade-in promotion. Contact US

Opengear Alternatives: Replacing the ACM7000 Resilience Gateway

OpenGearAlternatives
A gateway router is a crucial device for connecting remote IT deployments—such as retail stores, branch offices, or edge data centers—to the primary enterprise network. In this blog, we’ll review Opengear’s ACM line of gateway routers and explain their key features and limitations. In addition, we’ll discuss some Opengear alternatives that provide greater customization, control, and functionality.

The Opengear ACM7000 Resilience Gateway

The Opengear ACM7000 is a compact form-factor network gateway and console server for small remote and edge deployments. The ACM7000 integrates with Opengear’s Lighthouse software for centralized management and some automation capabilities. Out-of-band management is provided via the Smart OOBTM feature, with failover to an embedded 4G LTE cellular modem or an optional dial-up PSTN modem.

The Opengear ACM7000 combines gateway routing features with terminal server capabilities, enabling you to reduce the number of devices in your small remote deployments. The ACM7000 comes with 4-8 Cisco pinout serial ports and 4 USB 2.0 console ports, as well as 2 Digital I/O (DIO) ports and 2 High Voltage Digital Outputs (HVDO). Gateway router features include a stateful firewall, DHCP server, DDNS, and IP filtering.

The ACM7000’s auto-response feature allows you to write custom scripts that are triggered by specific events such as power failures, environmental sensor alarms, or network outages. These scripts can alert administrators to problems and in some cases remediate issues without human intervention.

Opengear ACM7000 key features

  • Smart OOBTM management
  • Centralized management through Opengear Lighthouse
  • Integrations with Nagios NSCA & NRPE
  • Link Layer Discovery Protocol (LLDP) automatic device discovery
  • Failover to embedded 4G LTE cellular modem
  • SSL and IPsec VPN
  • Stateful firewall with IP filtering and port forwarding
  • Automatic monitoring, detection, and recovery from equipment faults

Opengear ACM7000 limitations

The Opengear ACM7000 is what’s known as a 2nd generation, or Gen 2, OOB device. That means it provides reliable out-of-band management access and some automation capabilities for individual tasks and workflows. However, the ACM’s automation is limited to a handful of supported integrations, specific scripting languages, and Lighthouse playbooks.

Some additional automation functionality—such as end-device zero-touch provisioning (ZTP)—is only available through upgraded versions of Opengear’s Lighthouse management software. This makes it challenging to fully automate and orchestrate remote network infrastructure, which is crucial for NetDevOps transformation.

In addition, the ACM7000 only goes part of the way towards consolidating your remote network infrastructure. It combines gateway routing and OOB terminal server capabilities, with an option to add a 4-port Ethernet switch in the 7004-5 models. The Opengear ACM does not include built-in functionality for SD-WAN (software-defined wide area networking), though it has the ability to work with third-party SD-WAN architectures. It also doesn’t support hosting for applications, VMs, or containers, which means you’ll need additional hardware for things like edge computing and next-generation firewall (NGFW) software hosting.

To get full end-to-end automation of remote and edge network deployments while consolidating your tech stack and reducing operational complexity, you need a Gen 3 OOB gateway like the Nodegrid line of services routers from ZPE Systems.

Opengear alternatives: Nodegrid Services Routers

Nodegrid Services Routers, or SRs, are vendor-neutral, all-in-one branch networking solutions. Nodegrid delivers secure out-of-band management access via your choice of high-speed 5G/4G LTE cellular, Wi-Fi, and/or dial-up modem. Nodegrid hardware runs on the Linux-based, x86-64bit Nodegrid OS to ensure easy integrations with third-party software, including automation and orchestration tools like Puppet, Chef, Ansible, and RESTful APIs. Plus, the ZPE Cloud management platform provides centralized, web-based management of your multi-vendor environments.

Nodegrid’s vendor-agnostic platform enables true NetDevOps hyperautomation, which is the ability to fully automate every task and workflow without compromise. That means more efficient management of remote, edge, and branch locations.

Plus, Nodegrid SRs are complete branch-in-a-box solutions, rolling up all your remote network technology into one compact device. For example, the Nodegrid Hive SR is a multi-function box that delivers gateway routing, SD-WAN, Wi-Fi, secure OOB, end-device ZTP, and VM/container/VNF (virtual network functions) hosting for small edge and branch deployments. Another option for more customized and scalable functionality is the modular Nodegrid Net SR (or NSR), which allows you to extend your solution with expansion modules for additional serial, Ethernet, USB, PoE+, and SFP ports as well as storage and compute modules.

Nodegrid Services Routers key features

  • Strong out-of-band management integration
  • Extensible applications with virtualization and containers
  • Zero Touch Provisioning (ZTP) over the WAN for fast and easy remote setup
  • Centralized, vendor-neutral management through ZPE Cloud and Nodegrid Manager solutions
  • Modern, open-architecture x86-64bit Linux Kernel with fast security patching
  • Failover to 5G/4G/LTE and Wi-Fi
  • SSL VPN & Secure Tunnel
  • DHCP server with extra IP addresses for remote site, or replace current router altogether
  • Embedded firewall with IP packet and security filtering, IP forwarding support
  • Selectable encrypted cryptographic protocols & cyber suite levels
  • Power control and monitoring to get alerts on device health and solve problems automatically
  • Orchestration support via Puppet, Chef, Ansible, RESTful

Nodegrid SR models and use cases

  • Nodegrid Net SR (NSR): Scalable and customizable for any use case, including data center and large branch deployments
  • Nodegrid Bold SR: Versatile all-in-one networking and terminal server functionality at edge and branch locations
  • Nodegrid Gate SR: Up to 10 types of managed interfaces for enhanced flexibility in branch and edge deployments
  • Nodegrid Hive SR: Branch-in-a-box capabilities in a compact device for distributed branch and edge sites

Nodegrid SRs are an alternative to Opengear ACM7000 gateways for organizations that need vendor freedom, end-to-end remote network automation, and consolidated technology stacks. With the Nodegrid solution, you get a unified network automation and orchestration platform from which to deploy, monitor, and control your distributed network architecture.

Learn more about remote, branch, and edge networking:

→   How to Choose the Best Branch Office Connectivity Solution for Your Network
→   Why Out-of-Band Remote Access is Critical for Branch Networking
→   Simplifying Network Edge Orchestration With a Single Platform
→   How to Use a Cloud Managed Gateway Router to Optimize OT Automation

Still curious about Opengear alternatives?

To see Opengear alternatives in action, contact ZPE Systems to watch a Nodegrid demo.

Request a Demo Today

Opengear ACM7000 product SKUs

Product SKU Description
ACM7004-2-L 4 serial Cisco Straight pinout, ext power, dual 1 GbE Ethernet, Global 4G LTE-A Pro cellular, 2 DIO and 2 output ports
ACM7004-2-LMP 4 serial Cisco Straight pinout, ext power, dual 1 GbE Ethernet, 4G LTE-A Pro cellular, 2 DIO and 2 output ports
ACM7004-5-L 4 serial Cisco Straight pinout, ext power, 1 GbE Ethernet or fiber SFP, 4 port GbE switch, Global 4G LTE-A Pro cellular, dual SIM, 2 DIO and 2 output ports, global power adapter
ACM7004-5-LMP 4 serial Cisco Straight pinout, ext power, 1 GbE Ethernet or fiber SFP, 4 port GbE switch, 4G LTE-A Pro cellular, dual SIM, 2 DIO and 2 output ports, global power adapter
ACM7008-2-L 8 serial Cisco Straight pinout, ext power, dual 1 GbE Ethernet, Global 4G LTE-A Pro cellular, 2 DIO and 2 output ports, global power adapter
ACM7008-2-LMP 8 serial Cisco Straight pinout, ext power, dual 1 GbE Ethernet, 4G LTE cellular, dual SIM, 2 DIO and 2 output ports, global power adapter
ACM7004-2 4 serial Cisco Straight pinout, ext power, dual 1 GbE Ethernet, 4 USB console ports, 2 DIO and 2 output ports, global power adapter
ACM7004-2-M 4 serial Cisco Straight pinout, ext power, dual 1 GbE Ethernet, 4 USB console ports, PSTN modem, 2 DIO and 2 output ports
ACM7004-5 4 serial Cisco Straight pinout, ext power, 1 GbE Ethernet or fiber SFP, 4 port GbE switch, 2 DIO and 2 output ports, global power adapter
ACM7008-2 8 serial Cisco Straight pinout, ext power, dual 1 GbE Ethernet, 4 USB console ports, 2 DIO and 2 output ports, global power adapter
ACM7008-2M 8 serial Cisco Straight pinout, ext power, dual 1 GbE Ethernet or fiber SFP, 4 USB console ports, PSTN modem, 2 DIO and 2 output ports, global power adapter

 

Nodegrid Net Services Router (NSR) product SKUs

Product SKU Description
NSR-TOP1-DAC 1 RS-232 serial, 1 USB 3.0 console port, 2 USB 2.0 console ports, dual 1GbE Ethernet, dual SFP+ Ethernet, 1 HDMI port, on-board switch, 5 slots, dual AC power
NSR-BASE-DAC 1 RS-232 serial, 1 USB 3.0 console port, 2 USB 2.0 console ports, dual 1GbE Ethernet, dual SFP+ Ethernet, 1 HDMI port, on-board switch, 5 slots, dual AC power
NSR-LITE-DAC 1 RS-232 serial, 1 USB 3.0 console port, 2 USB 2.0 console ports, dual 1GbE Ethernet, dual SFP+ Ethernet, 1 HDMI port, 5 slots, dual AC power
NSR-TOP1-SAC 1 RS-232 serial, 1 USB 3.0 console port, 2 USB 2.0 console ports, dual 1GbE Ethernet, dual SFP+ Ethernet, 1 HDMI port, on-board switch, 5 slots, single AC power
NSR-TOP1-SAC-POE 1 RS-232 serial, 1 USB 3.0 console port, 2 USB 2.0 console ports, dual 1GbE Ethernet, dual SFP+ Ethernet, 1 HDMI port, on-board switch, 5 slots, single AC and PoE power
NSR-BASE-SAC-POE 1 RS-232 serial, 1 USB 3.0 console port, 2 USB 2.0 console ports, dual 1GbE Ethernet, dual SFP+ Ethernet, 1 HDMI port, on-board switch, 5 slots, single AC and PoE power
NSR-16ETH-EXPN NSR 16 port 1GbE Ethernet expansion card
NSR-8ETH-POE-EXPN NSR 8 port 1GbE Ethernet with PoE+ expansion card
NSR-16SRL-EXPN NSR 16 port RJ45 Serial Rolled expansion card
NSR-16USB-EXPN NSR 16 port USB Type A expansion card
NSR-8SFP-EXPN NSR 8 port 1GbE SFP expansion card
NSR-16SFP-EXPN NSR 16 port 1GbE SFP expansion card
NSR-DISK-EXPN NSR Storage expansion card
NSR-COMP-EXPN NSR Compute 4-core, 8GB DDR4, 32GB SATA expansion card
NSR-M2-EXPN NSR M.2 / SATA expansion card
NSR-COVER Accessory: NSR Cover Plate
M2-WIFI Accessory: M.2 Wi-Fi
M2-CELL Accessory: M.2 Cellular – Dual SIM
M2-S064 Accessory: M.2 SATA 64GB
M2-S128 Accessory: M.2 SATA 128GB

 

Nodegrid Gate SR product SKUs

Product SKU Description
GSR-T8-BASE 8 RJ45 serial rolled, 1 GbE Ethernet, 2 SFP+, 4 GbE Ethernet with built-in switch, 4 PoE+ GbE Ethernet with built-in switch, 2 GPIO ports, 1 digital out port, 1 relay port, 2 USB 3.0 Type A, 2 USB 2.0 Type A, 1 HDMI port, 32GB iSLC SATADOM
GSR-T8-UPG1 8 RJ45 serial rolled, 1 GbE Ethernet, 2 SFP+, 4 GbE Ethernet with built-in switch, 4 PoE+ GbE Ethernet with built-in switch, 2 GPIO ports, 1 digital out port, 1 relay port, 2 USB 3.0 Type A, 2 USB 2.0 Type A, 1 HDMI port, 128GB iSLC SATADOM
GSR-PSU Accessory: 54VDC external 100-240 VAC, 50/60 Hz power adapter
PCI-WIFI-B Accessory: Mini PCI Wi-Fi
M2-CELL-C Accessory: M.2 Cellular 4G/LTE with dual-SIM
GSR-SATA Accessory: SATA Storage Expansion Kit (HDD/SDD not included)

 

Nodegrid Hive SR product SKUs

Product SKU Description
HSR-N8-BASE 1 RS-232 serial, 1 mini-USB console port, ext power, dual 1GbE Ethernet or SFP/vDSL, dual 10 Gbps cages for PON or SFP+, 4 10/100/1000/2.5 Gbps RJ45 with VLAN support, +12 VDC PSU w/regional AC cord options
CST-GEN-HSR-S 1 RS-232 serial, 1 mini-USB console port, ext power, dual 1GbE Ethernet or SFP/vDSL, dual 10 Gbps cages for PON or SFP+, 4 10/100/1000/2.5 Gbps RJ45 with VLAN support, +12 VDC PSU w/regional AC cord options, M.2 NVMe 128 GB SSD
CST-GEN-HSR-SW4G 1 RS-232 serial, 1 mini-USB console port, ext power, dual 1GbE Ethernet or SFP/vDSL, dual 10 Gbps cages for PON or SFP+, 4 10/100/1000/2.5 Gbps RJ45 with VLAN support, +12 VDC PSU w/regional AC cord options, M.2 NVMe 128 GB SSD, M.2 802.11ax Wi-Fi 6 dual-band, M.2 dual-SIM 4G LTE cellular
CST-GEN-HSR-4G 1 RS-232 serial, 1 mini-USB console port, ext power, dual 1GbE Ethernet or SFP/vDSL, dual 10 Gbps cages for PON or SFP+, 4 10/100/1000/2.5 Gbps RJ45 with VLAN support, +12 VDC PSU w/regional AC cord options, M.2 dual-SIM 4G LTE cellular
CST-GEN-HSR-5G 1 RS-232 serial, 1 mini-USB console port, ext power, dual 1GbE Ethernet or SFP/vDSL, dual 10 Gbps cages for PON or SFP+, 4 10/100/1000/2.5 Gbps RJ45 with VLAN support, +12 VDC PSU w/regional AC cord options, M.2 5G cellular
HSR-PSU Accessory: 12VDC external 100-240 VAC, 50/60 Hz power adapter
HSR-WMNT Accessory: HSR wall mounting kit

 

Nodegrid Link SR product SKUs

Product SKU Description
LSR-T1-Base 1 RJ45 serial rolled, 1 GbE SFP, 1 GbE Ethernet with PoE in, 2 GPIO ports, 2 digital out ports, 2 USB 2.0 Type A, 1 VGA port, 16GB SATADOM
LSR-T1-UPG1 1 RJ45 serial rolled, 1 GbE SFP, 1 GbE Ethernet with PoE in, 2 GPIO ports, 2 digital out ports, 2 USB 2.0 Type A, 1 VGA port, 128GB SATADOM
LSR-PSU Accessory: 12VDC external 100-240 VAC, 50/60 Hz power adapter
PCI-WIFI-B Accessory: Mini PCI Wi-Fi
M2-CELL-B Accessory: M.2 Cellular 4G/LTE with dual-SIM
LSR-SATA SATA Storage Expansion Kit (HDD/SDD not included)