ZPE Systems is featured in L’Informaticien Magazine, a France-based publication with a wide audience. Read the English translation here, and check out the original source content with the links at the bottom. Be sure to follow us on LinkedIn and Twitter for more updates about our global presence.
ZPE, All-in-one Supervision
Founded in 2013, ZPE Systems is world famous but discreet despite its presence in France with large accounts. The company offers an all-in-one solution combining software, equipment and sensors to provide automation and orchestration on network operations and security.
Gartner covers the type of solution offered by ZPE under the term of Hyperautomation. ZPE is the Swiss army knife of network services by providing a solution to simplify and unify the vision of the network and the operations on this one. The solution can be deployed on site or from the Cloud. Locally, ZPE offers routers that supply the supervision console in the Cloud from different sensors or agents. It is possible from the console to configure, deploy, manage, and ensure access to implement the desired solution. The publisher’s operating system brings a layer of virtualization which makes it possible to accommodate third-party services such as for security, for example, in order to allow Out-of-Band supervision of all the IT components present in the company. On site, the solution comes in the form of an appliance which brings together all the functionalities and extensions allowed by a whole set of APIs to meet specific business needs. Thus, in September of last year, ZPE announced that it could ship Palo Alto Networks Prisma SD-WAN in its edge routers. In this case, the solution behaves like a mini Cloud at the edge.
Multiple advantages
ZPE brings the benefit of both all-in-one solutions but also the ability to easily deploy best-of-breed solutions with a supervision from a central and unique point, while avoiding the need to deploy, manage, and pay for licenses or subscriptions for disparate solutions. The solution consolidates the network stack and simplifies the operations of deployment, configuration, updating network scale and management. This makes life easier for the teams in charge of the network. Who has not experienced the ordeal of deploying remote networks or to try to find the cause of an incident on this type of site and to restore the faulty services? ZPE is particularly suitable for companies with many sites or highly distributed infrastructures
Nodegrid 5.6
During the last Cisco Live, held in Las Vegas during June, ZPE announced a new version of its Nodegrid OS available for its consoles and routers. Like its predecessor, the solution makes it possible to deploy best-of-breed at the choice of the company from the Cloud console of the ZPE solution. It is thus possible to deploy solutions embedding the various software from pre-validated suppliers.
The solution thus provides a complete automation plan that can be orchestrated from Nodegrid for configuration change management, network monitoring and response to attacks and thus avoid service interruptions.
Large digital service providers face some unique data center and network management challenges. Customers and shareholders expect 24/7, high-speed access to these services from anywhere in the world. The scale and complexity of their infrastructure, combined with their highly distributed, global network architectures, can make it difficult for administrators to meet those expectations. In this article, we’ll discuss how data center orchestration with Gen 3 out-of-band (OOB) management helps digital service providers achieve the reliability their customers demand while reducing expenses and complexity.
Use case: Data center orchestration with Gen 3 out-of-band for digital service providers
The businesses in this use case provide digital services at a very large scale. They need to ensure constant availability and reliability because that’s what their customers expect, and it’s what their competitors promise. Some examples of large digital service providers include:
★ Music or video streaming services ★ Stock trading applications ★ Online banking portals ★ Cloud compute services ★SASE and SSE vendors ★ Internet service providers (ISPs) and telecom companies ★ Internet exchanges ★ Storage as a Service providers
These companies typically host their resources in private data centers or colocation facilities, so they have total control over the hardware and infrastructure. Because of the extremely large scale of their operations, they need to deploy, maintain, and administer many machines. And, since they typically provide global services, they have a large, complex, and highly-distributed network architecture.
There are several major pain points for network administrators in this environment. First, they need to maintain constant access to remote infrastructure, even during network outages. Second, they need the ability to scale up their infrastructure on-demand by quickly deploying new machines with the correct configurations. Finally, they need to be able to monitor, manage, and optimize their complex network architectures.
Let’s look at how these pain points are solved using data center orchestration with Gen 3 OOB.
1. Constant availability
People expect 100% uptime from their digital services, which is why it’s always major news when a big provider like Netflix goes down. To try and achieve constant availability, these vendors typically use their own hardware in private data centers and colocation facilities rather than relying on public cloud hosting. They host their infrastructure in many different facilities around the world, both for redundancy and to ensure peak performance for globally distributed customers.
Between hiring freezes and staff cuts at major companies like Apple, Google, and Netflix, many of these companies don’t have enough technical staff to maintain a physical presence in all of these data centers. Instead, their administrators and engineers access this infrastructure remotely, using tools like serial consoles, KVM switches, and jump boxes to connect to devices in the rack. However, if they lose network access to the management device due to an ISP outage, hardware failure, or configuration mistake, they’re left without a way to remotely recover. That means they need to either dispatch a technician from their home office or pay for costly on-site managed services from their hosting facility. Either way, valuable time and money are wasted on travel and other logistics.
Out-of-band management solves this problem by providing an alternative path to remote network infrastructure. Data center orchestration solutions with Gen 3 OOB use a secondary network connection (typically a cellular modem) that is dedicated to management and troubleshooting. That means administrators can configure, troubleshoot, and orchestrate remote infrastructure even when the primary network connection is offline or overloaded with production traffic. This gives digital service providers the ability to recover from outages and other issues much faster, bringing them closer to their goal of 24/7 availability.
2. Scalability
Large digital service providers need to serve millions of customers who may live all over the globe. They also need to meet sudden spikes in demand without limiting the performance of their product. That means they need to deploy lots of machines to many different facilities, often very quickly. Plus, they need to do so without configuration mistakes, as these could delay deployment, create security vulnerabilities, or even require a truck-roll to fix.
Since deployments need to happen quickly, accurately, and repeatedly, that makes them a prime candidate for automation. There are two primary technologies used to automate data center deployments: zero touch provisioning (ZTP) and Infrastructure as Code (IaC). A Gen 3 OOB data center orchestration tool enables both.
Zero touch provisioning gives administrators the ability to deploy device configurations to remote hardware over a network connection. Earlier generations of OOB data center solutions often included ZTP for devices within a specific vendor’s ecosystem, but Gen 3 tools are vendor-agnostic. That means administrators can remotely deploy an entire data center of mixed-vendor solutions without risking security breaches and the potential for opening a backdoor through pre-staging or on-site configuration. Plus, Gen 3 OOB provides a dedicated network to use in the provisioning process, so if there’s an issue with the configuration that takes the new device offline, administrators can still remotely recover.
IaC decouples a device’s configuration from the underlying hardware, turning it into software code that’s executed according to programmatic playbooks. Gen 3 OOB data center orchestration solutions support automation through IaC, either by integrating with third-party IaC platforms or by directly hosting playbooks. This allows administrators to apply DevOps best practices to infrastructure configurations, for example running automated tests to verify the quality and security of the code before deployment. IaC also reduces the time and complexity involved in configuring new devices, because scripts are easily reusable and can be deployed as many times as needed.
Through automation technologies like ZTP and IaC, Gen 3 OOB data center orchestration platforms allow digital service providers to scale their infrastructure quickly and efficiently. Automation also reduces the risk of human error, which reduces the chances that rapid scaling will cause service interruptions.
3. Network complexity
Large digital service providers have complex and distributed network architectures. They may have dozens or even hundreds of remote sites connected to the WAN, each of which may have different vendor hardware, bandwidth requirements, and security risks. Plus, there are many thousands of users accessing those resources from all over the world. In this kind of environment, manual network management is too time-consuming and prone to error.
Once again, automation is key to overcoming this challenge. Network automation is enabled in much the same way as infrastructure automation—by implementing software abstraction to decouple the management plane from the underlying hardware. This is known as software-defined networking (SDN) or, in the case of WAN architectures, software-defined wide area networking (SD-WAN). Digital service providers use SD-WAN to virtualize their distributed networks, employing software network controllers and APIs to route and load-balance traffic.
The right data center orchestration solution centralizes management of the entire SD-WAN architecture, giving administrators a single pane of glass from which to monitor and control the virtual network. Gen 3 OOB platforms are vendor-neutral, which means they can dig their hooks into all of the various hardware and software solutions that make up an SD-WAN infrastructure. They enable end-to-end automation of network management workflows and provide orchestration capabilities to automate the deployment and execution of those automated workflows. This makes it possible for digital service providers to manage their highly complex network architectures efficiently while maintaining optimal performance.
Gen 3 OOB data center orchestration with Nodegrid
The need for constant availability, easy scalability, and efficient network management is what brings many major digital service providers to ZPE Systems. The Nodegrid data center orchestration platform is the first Gen 3 out-of-band solution that enables end-to-end automation and complete vendor freedom.
The Nodegrid Serial Console Plus (NSCP) is a high-density serial console for large-scale and hyperscale data centers and includes features such as 5G/4G LTE cellular OOB and network failover to ensure 24/7 remote access. Built on the open, Linux-based Nodegrid OS, the NSCP supports integrations with your choice of third-party solutions, or you can directly host your automation, security, and SD-WAN applications on the device itself. Plus, the ZPE Cloud management software provides a centralized, web-based orchestration platform from which to deploy, monitor, and control your entire network architecture.
ZPE is here to help!
Still want to learn more about the Nodegrid Gen 3 data center orchestration platform for large digital service providers?
The Dow recently posted decreases of 1,300 and 1,000 points within weeks of each other. Companies including Apple, Google, and Netflix have slowed hiring this year or outright cut staff. For CIOs, the message is clear: Winter is coming, and so is a recession.
We all know that company revenue is directly tied to IT infrastructure and the digital services it provides. In the simplest terms: network down, revenue down. So when economic downturns lead to hiring freezes and increasing workloads for IT, CIOs need to figure out how to ‘do more with less’ in order to maintain service levels. The reality is that we’d still expect IT to fulfill our support tickets even during the zombie apocalypse.
Today, business leaders are gearing up for the possibility of such challenges looming larger on the horizon, not to mention the potential for more covid lockdowns and other disruptions. No matter the reason, the expectation remains the same – keep networks reliable and secure.
Business leaders are uncertain about the coming winter
Business leaders are growing uncertain about the coming winter months because of the potential for more major operational shakeups, like those that occurred at the start of the coronavirus pandemic in 2020. This uncertainty stems from two looming possibilities:
A winter recession, which economists predict is more likely as inflation increases. This will force business leaders to freeze hiring and keep operations running with limited staff on hand.
A covid resurgence, which experts predict could lead to up to one million daily cases in the United States alone and infect 100 million Americans. Having more than one-third of the adult population unable to work for weeks at a time will leave infrastructure minimally maintained, leading to service downtime and revenue loss.
As CIO, your peers will ask how you plan to increase top line revenue despite the winter recession, limited staff numbers, and potential lockdowns. This means you’ll need solid answers to three critical questions that will come up at your next board meeting.
3 Questions to Help CIOs Survive the Winter Recession
If we need to freeze hiring, can we continue to fulfill SLAs for internal & external digital services?
The IT workload has grown exponentially since infrastructure moved from centralized to decentralized. There’s just too much infrastructure scattered in so many data centers, colocations, and branch offices — from servers and routers, to branch gateways, remote sensors, smart building infrastructure, user experience monitoring applications, and firewalls. On top of this, pushing workloads to edge compute and 5G will inevitably lead to more micro and nano data centers that need to be maintained. Your IT teams are already struggling to keep up with everyday operations like configuration management, troubleshooting, and recovering down equipment. Now imagine how much stress they’ll endure if they’re unable to get additional help due to hiring freezes or pandemic lockdowns.
If staff can no longer physically access equipment, can we maintain IT availability?
As we saw at the beginning of the Covid pandemic, companies scrambled to find ways to accommodate normal operations while shifting staff to a fully digital workplace. But many companies were unprepared and are still struggling to adapt. In fact in 2021, IT organizations reported that their highest priority was to improve digital work for employees, but 66% said they didn’t have the capabilities to support the needs of remote and hybrid work. IT organizations must be prepared to accommodate flexible work well into the future, but this typically means employing a mix of local smart hands, third party service providers, and remote management solutions that significantly inflate operating costs. Despite any potential lockdowns, physical access can already be challenging when equipment resides at remote locations that are costly, inconvenient, or downright dangerous to access.
Will we be able to stay in compliance and keep up with security patches?
Many security breaches occur not because patches don’t exist, but because installing these patches might lead to unforeseen breakages. Some IT teams still run software that’s years old and several major revisions outdated. Meanwhile, these teams can only hope that vulnerabilities won’t be exploited and lead to business incurring regulatory fines or penalties. In a nutshell, systems go unpatched and grow more vulnerable as time goes on, because teams are afraid to risk breakages that they can’t easily recover from. This problem will only worsen when hiring is put on hold and physical site access is restricted.
Big tech has it figured out
Big tech companies have thrived on recessions and often come out stronger. How? Because they understand that they must empower their IT organizations during economic downturn. According to Gartner, there’s no better way to do this than to invest in digital transformation. But exactly what digital investments do these companies make? As CIO, you have such a large and distributed IT organization to wrap your arms around, that it’s difficult to define the practical steps you need to take. When answering these three key questions, your IT and executive teams will need to know: “How do you plan to accomplish this?”
Use big tech’s secret: The Network Automation Blueprint
The network automation blueprint is made up of four major building blocks that create a management network design pattern to accommodate hyperautomation. These building blocks are:
IT/OT production infrastructure: This includes servers, switches, routers, and common production equipment.
Automation infrastructure: This is a truly independent network that enables automation to reach the production infrastructure in an out-of-band fashion. Customers call this the double-ring network. This layer often uses a combination of serial console and Ethernet connections, and also includes staging jump boxes, local storage, TFTP source of truth, and version control systems.
Orchestration and automation systems: This is where the desired outcome and playbooks are sourced from. The key is that the orchestration reaches the production systems through the independent out-of-band network to achieve the desired outcome.
AI Ops infrastructure: This layer receives rich information from observability platforms to make reactive and predictive decisions at scale. Using machine learning and artificial intelligence, this layer learns the network’s normal behaviors and pushes changes through the orchestration and automation layer.
This blueprint is the reference architecture validated to successfully implement Gartner’s definition of hyperautomation, as well as meet the Open Networking User Group (ONUG) Orchestration and Automation recommendations. This blueprint gives you the necessary layers to confidently answer the three questions that will come up during your boardroom meeting, and outlines the practical steps required to achieve IT resilience. Here’s how it answers these questions:
If we need to freeze hiring, can we continue providing reliable IT services?
By separating the automation infrastructure from the production network, teams can build hyperautomated environments while having a safe way to recover from errors. Despite having limited staff and/or a virtual workforce, teams can develop their automation pipelines to reduce workloads and meet SLAs.
If staff can no longer physically access equipment, can we maintain IT availability?
With the network automation blueprint, teams get a management network design pattern that ties into all of their solutions. This means they get a full virtual presence to manage SD-WAN, firewalls, switches, servers, routers, and their entire stack. The blueprint also calls for running automation locally so workloads can be carried out despite connectivity problems. These allow teams to maintain their sites and availability across distributed architectures.
Will we be able to stay in compliance and keep up with security patches?
Automating via out-of-band means teams no longer need anxiety about the dreaded Friday night upgrade. Instead of running outdated software and configurations because “if it ain’t broke, don’t fix it,” teams can ensure the integrity of updates before pushing them live. This allows them to take advantage of the latest software releases, close security gaps, and maintain compliance.
Meeting customer expectations for always-on digital services is a major challenge for any enterprise. That’s why it’s important for CIOs to empower their teams with hyperautomation and automate as many processes as possible. The network automation blueprint gives you the reference architecture that’s been validated by big tech as the safe way to build hyperautomated environments. This blueprint is now available just in time to help organizations prepare for the looming winter recession.
Get the Network Automation Blueprint now
Now is the time to prepare for winter, and you can start laying the groundwork for hyperautomation. Click the button below to download the network automation blueprint. You’ll see the same network architecture used by Big Tech, now tailored to help any size company provide reliable digital services.
In a previous blog, we discussed the differences between out-of-band (OOB) networks and out-of-band (OOB) management. An OOB network is a separate network used to manage, orchestrate, and troubleshoot the primary production network. OOB management is the term for the network management that occurs on the out-of-band network. This differs from in-band management, which takes place on the main network alongside production traffic.
In this blog, we’ll compare In-band vs out-of-band management and explain why modern enterprise networks need out-of-band.
What is In-band management?
In-band management is the network management that occurs on the same channel as data communications. Network administrators connect to the device they want to manage (e.g., a router, switch, etc.) using protocols like Telnet/SSH or SNMP. In-band management requires the administrator to connect over the primary LAN interface—or the WAN, for remote network management.
The in-band network management workflow must compete with production traffic for bandwidth since they use the same network architecture. In addition, if the primary LAN, WAN, or ISP experiences problems or goes offline, administrators lose the ability to connect to network devices for troubleshooting remotely. That means they need to physically connect to the serial ports on affected devices, which could be hundreds or thousands of miles away.
What is OOB management?
Out-of-band (OOB) management takes place on a separate channel known as an out-of-band network. This keeps management and orchestration workflows from adding latency to the production network. It can also provide a redundant connection to manage remote network infrastructure in case the primary WAN, LAN, and/or ISP goes down.
An OOB network may have its own LAN architecture, with a jump box (also known as a jump server) providing management access. This box connects to both the In-band and OOB network, so administrators can remotely connect to the jump server from the primary LAN and use it to access OOB management. Ideally, this secondary LAN is wholly isolated from the primary, with its own DNS, DHCP, and other critical network services. This will allow engineers to troubleshoot even if those services are unavailable on the primary LAN. However, administrators will be cut off if any of these services goes down on the OOB network.
Another approach to OOB management uses serial consoles (also known as console servers, serial console routers, serial console switches, or terminal servers). Serial consoles connect to the networking infrastructures via managed serial ports, giving administrators management access to many different devices from one centralized system. Unlike a jump box, serial consoles have a direct serial connection to the devices they manage, which means administrators can still view and troubleshoot this infrastructure even if critical network services are down.
An OOB serial console provides two or more network interfaces, so you can connect them to the primary ISP/WAN and a secondary network (such as a DSL, dial-up, or cellular connection). This secondary network acts as a failover if the primary goes down, giving engineers an alternative path to critical infrastructure. It also creates a dedicated out-of-band network for management and orchestration, leaving the production network free for critical business traffic.
Comparing In-band vs Out-of-band management
Many organizations still use In-band management simply because it’s easier and doesn’t require any extra hardware. To get out-of-band management, you must purchase, configure, and install dedicated hardware on top of your in-band infrastructure. However, while sticking with In-band management may save you some time and money now, it’s sure to cost you in the long run. In-band management negatively impacts the performance of the production network and doesn’t provide access to remote equipment if the primary LAN or WAN goes down.
In Band Management vs OOB Management
In band management
OOB management
Management traffic creates latency on the production network
Allows for complex management and orchestration workflows without impacting performance on the production network
Can’t remotely troubleshoot if the WAN or LAN goes down
Provides an alternative path to critical remote infrastructure even if WAN or LAN services are unavailable
No additional hardware needed
Requires additional hardware
Easy to set up
May involve more complicated network configurations
Why you need OOB management
Modern businesses expect 24/7 availability of network resources. When an outage occurs, your engineers need to be able to quickly troubleshoot and restore services so you can keep your SLAs and avoid lost business. This is especially difficult when your critical infrastructure is housed off-site in remote data centers.
As your enterprise network grows in size, complexity, and geographic distribution, there is a need for greater automation and orchestration so engineers can keep up. Automation reduces the risk of human error, improving the network’s reliability and security.
However, complex network automation and orchestration workflows often require more resources and bandwidth. Running network automation tasks through In-band management creates performance issues on the production network, such as an increase in latency and dropped packets. OOB management is required if you want to take advantage of automation without negatively impacting the speed and reliability of your primary network.
When using In-band management, a WAN outage or remote equipment failure means wasting valuable time and money on truck rolls or on-site managed services. Out-of-band management gives network administrators a dedicated, redundant path to remote equipment so they can diagnose and fix issues without ever leaving the office. They can begin troubleshooting as soon as a failure occurs, allowing your organization to recover quickly and reducing the negative impact of an outage on customers and shareholders.
Learn more about In-band vs Out-of-band management
OOB management is superior to In-band management because it allows for resource-intensive network automation and orchestration without impacting production performance. OOB management also empowers network administrators to remotely troubleshoot and recover from outages, even if the primary WAN or LAN is offline.
Want to learn more about In-band vs Out-of-band management?
Contact ZPE Systems at 1-844-4ZPE-SYS to see a live demo of how Nodegrid OOB management solution makes OOB easy to deploy on top of existing infrastructure, with hardware/software that help automatically configure networks, and more.
Serial consoles have been used to manage business networks since the 80s, but things have changed significantly since then. What is a serial console’s role in modern enterprise networks? In this blog, we discuss the history and evolution of serial consoles as well as the exciting functionality provided by the latest generation.
What is a serial console?
A serial console—a console server, terminal server, serial console router, or serial console switch—is a networking device used to manage other devices. It connects to servers, switches, routers, and other equipment using the serial port (hence the name). Network administrators can then use the serial console to access all connected devices in the data center, server room, or network closet in which it’s installed.
Serial consoles allow admins to manage critical infrastructure without needing to log in to each separate device individually. A serial console also provides out-of-band (OOB) management, creating a completely separate network that’s dedicated to infrastructure management and troubleshooting. OOB management allows you to remotely troubleshoot, monitor, and administer your infrastructure, and more.
How serial consoles have evolved over time
A basic serial console—also called a Generation 1 serial console—provides consolidated remote access to critical infrastructure. It uses a secondary network connection (such as a dial-up modem or cellular SIM card) so admins can control and troubleshoot equipment without relying on the main production network. Using a Gen 1 serial console, admins can access each connected device’s CLI (command line interface).
Gen 1 serial consoles are relatively limited in control, security, and automation. For example, many Gen 1 serial consoles can only manage devices from the same vendor (or a small pool of supported manufacturers). A Gen 1 serial console also lacks in-depth security features like hardware encryption, and generally can’t integrate with third-party Zero Trust Security policies and controls. Plus, most Gen 1s completely lack automation capabilities, or limit you to basic CLI scripts for single tasks.
Gen 2 serial consoles
Frustration over these limitations led to significant advancements in the second generation of serial consoles, or Gen 2. With Gen 2 serial consoles, admins get more control, added security features, and expanded automation capabilities.
For instance, most Gen 2 consoles offer management functionality for third-party devices. These serial consoles also have some built-in security features like Trusted Platform Module (TPM) and frequently support advanced authentication methods like AD/LDAP, Kerberos, and RADIUS. Gen 2 serial consoles also allow for greater automation using Python scripts, APIs, and zero touch provisioning (ZTP).
While Gen 2 serial consoles offer more multi-vendor support than their extremely limited predecessors, they still fall short of true vendor neutrality. For instance, managing third-party and legacy devices often requires expensive adapters or complicated configuration tweaks. Many Gen 2 serial consoles also lack support for Zero Trust integrations such as SAML 2.0 (e.g., Okta, Ping, DUO), making it impossible to completely secure your out-of-band network.
Finally, while Gen 2 serial consoles introduce more automation capabilities, their closed architectures make it impossible to implement end-to-end NetDevOps automation. For example, you might only be able to use one specific scripting language or an approved set of playbooks. It’s also common for Gen 2 serial consoles to only support ZTP of connected devices from the same vendor, so you’re either limited in your automated provisioning capabilities or your choice of infrastructure solutions.
Gen 1 serial consoles provide remote, out-of-band management of multiple devices using CLI commands and scripts over a serial connection. Gen 2 evolved to incorporate more devices, more security features, and more automation capabilities. However, the serial console needed to develop even further to handle the needs of a modern enterprise network.
What is a serial console’s role in modern enterprise networks?
Today’s enterprise network is larger, more complex, and more distributed than Gen 1 serial console developers could have possibly imagined. Network administrators and engineers need to monitor, manage, and troubleshoot infrastructure devices from many different vendors in many different locations. Networks are also constantly threatened by cybercriminals using sophisticated hacking techniques and state-of-the-art malware. Plus, modern businesses must ensure near-constant availability and optimal network performance to stay competitive. Gen 1 and Gen 2 serial consoles simply can’t deliver the control, security, and resilience required by enterprise networks today.
The new Gen 3 serial console addresses older generations’ limitations through true vendor neutrality, multi-layered zero trust security, and end-to-end automation capabilities.
Total infrastructure control
Gen 3’s complete vendor neutrality makes it possible to extend your automation capabilities—including zero touch provisioning—to every physical and virtual asset in your environment, regardless of manufacturer. Gen 3 serial consoles also give network administrators a virtual presence in remote network locations (like data centers and branch offices) through which they can monitor environmental conditions in the rack, power-cycle and enter the BIOS menu of devices, manage power load distribution, and more.
This control is delivered via high-speed OOB (such as a 5G/4G cellular SIM card), giving you 24/7 remote access to critical enterprise infrastructure, even during an ISP outage. Plus, Gen 3 serial consoles use centralized cloud management, which means engineers can manage and troubleshoot remote infrastructure from anywhere, anytime.
A Gen 3 serial console is based on an open architecture, x86 OS, that supports integrations with your choice of infrastructure solutions, cloud services, and automation toolkits. It also includes flexible port configurations and legacy pinouts to control a variety of devices, such as PDUs, IPMI devices, and environmental monitoring sensors.
Comprehensive security
On a hardware level, Gen 3 serial consoles use features like encrypted disks, UEFI secure boot, and TPM 2.0 to ensure unauthorized users can’t access management functionality. Additionally, the OS is frequently updated and patched against new security vulnerabilities before they can be exploited. The Gen 3 serial console also automatically checks the integrity of all newly integrated hardware and software to ensure there are no backdoor vulnerabilities.
A Gen 3 serial console’s vendor-neutral platform supports easy integrations with a variety of zero trust security controls. For instance, you can manage user access to a Gen 3 serial console through third-party Identity and Access Management (IAM) solutions, allowing you to follow zero trust best practices like 2FA, SSO, and dynamic trust verification. A Gen 3 serial console can also integrate with on-premises and cloud-based network security solutions such as next-generation firewalls (NGFW), Secure Access Service Edge (SASE), and Security Service Edge (SSE).
A Gen 3 console includes robust onboard security features, which reduces the risk of an attacker using a stolen serial console to access your management network (and ultimately, your production systems and data). Its open architecture also enables integration with zero trust security controls and providers.
End-to-end automation
The open architecture of a Gen 3 serial console makes it possible to integrate with your choice of infrastructure automation and orchestration tools, or directly host VMs and Docker containers so you can run your own tools. With a Gen 3 serial console, you can use solutions like Ansible, Chef, Puppet, or Kubernetes to automate deployments. You can also use any API you want to automate any workload you need to, no matter how complex.
Gen 3’s advanced automation capabilities enable full pipeline automation so you can achieve NetDevOps transformation. Gen 3 serial consoles also facilitate immutable infrastructure, allowing faster and more agile deployments, updates, and replacements of critical network resources.
With a Gen 3 serial console, you can create a fully-automated network environment. This allows engineers to work more efficiently and reduces the risk of human error causing an outage or security breach.
Nodegrid Serial Console Plus (NSCP)
A Gen 3 serial console, like the Nodegrid Serial Console Plus (NSCP), gives you complete remote control over every component of your network infrastructure, regardless of location or manufacturer. Nodegrid also secures your OOB management network using zero trust security best practices and comprehensive onboard features. Finally, the Gen 3 NSCP allows you to automate whatever tools you want to use, so you can efficiently manage a complex enterprise network without sacrificing speed, security, or control.
An OOB (out-of-band) console server is a fundamental data center tool that allows you to view, manage, and troubleshoot critical remote infrastructure on a dedicated network connection.
While the functionality of generation 1 console servers is limited, generation 2 models evolved to include features like automation and security. Now, as more enterprises embrace NetDevOps, there’s a need for greater automation and orchestration, which is why next-generation or generation 3 console servers are emerging.
In this post, we’ll discuss the advantages of a next-gen OOB console server and how these devices address the challenges and limitations of previous generations.
The importance of an OOB console server
An out-of-band console server may also be referred to as a serial console, serial console server, or serial console switch. There are also OOB serial console routers which include gateway routing functionality for small branch offices and use cases for edge data centers.
OOB console servers are tools fundamental for data center infrastructure management; they connect to all your remote network devices and give you the ability to control them on a dedicated management network remotely. This network is completely separate from the WAN circuit and internal LAN, and is accessed typically via cellular, dial-up, or DSL modem.
Out-of-band data center access is crucial for a few key reasons:
It provides 24/7 remote access to your critical data center infrastructure even if your WAN link goes down, allowing you to troubleshoot and recover without expensive truck rolls.
You can still view and manage remote devices even if malicious actors compromise your production network or data center infrastructure without exposing yourself.
Conducting resource-intensive network orchestration on a dedicated management plane reduces the performance impact on your production network and end-users.
Why do you need a next-gen OOB console server?
As modern enterprise networks have grown more complex and distributed, so have network and data center management workflows. This complexity makes it harder for engineers to efficiently manage their workloads and increases the risk of human error, especially with multi-vendor and hybrid network infrastructures.
These pain points led to the evolution of automated network management tools and solutions. Automation increases the speed and efficiency with which network administrators can provision, monitor, and optimize an infrastructure while reducing the risk of human error. Gen 2 OOB console servers have automation capabilities and scripting support that help fill the gap for data center management. Plus, Gen 2 serial consoles automate tasks like infrastructure provisioning (via zero touch provisioning, or ZTP) and basic troubleshooting (such as refreshing DNS or power-cycling) to reduce the amount of tedious manual work.
However, the needs and pain points of modern enterprises continue to evolve. It’s not enough to use individual, disparate scripts and solutions to automate specific tasks or workloads, especially to achieve NetOps or NetDevOps transformation. Gen 2 OOB console servers offer some automation support, but typically limit you to a particular vendor ecosystem or API library. Since enterprise networks consist of many different vendor solutions and devices, this rigidity leaves you with gaps in your automation coverage.
That’s why a new generation of console servers is rising to meet this challenge. Next-gen OOB console servers, also known as Gen 3, promise to deliver end-to-end automation and NetDevOps data center orchestration.
What to look for in a next-gen OOB console server
For an OOB console server to be truly next-gen, it must be able to dig its automation hooks into every device and solution in your rack. That means it needs to be vendor-neutral and include support for legacy systems not originally designed for automation.
In addition, a next-gen OOB serial console switch should support integrations with the third-party automation and orchestration tools of your choosing. That means both the hardware and software need to be vendor-neutral.
A next-gen console server should also provide high-speed OOB access and failover. Many Gen 1 and Gen 2 solutions use dial-up or 3G cellular connections, which can be slow and unreliable. Plus, 3G will be phased out (in the United States) by the end of this year. This leads to frustration when engineers try to troubleshoot and restore remote data center infrastructure as quickly as possible, and also hampers automation and orchestration efforts.
Another issue to consider is scalability. A next-gen OOB console server needs to provide enough managed ports for you to grow your data center infrastructure without needing to upgrade your management device continuously. You can even get modular serial consoles that allow you to expand or swap out port configurations as needed.
Last but not least, your next-gen console server needs to include and support advanced security controls. Imagine installing a preconfigured device that has unknowingly been infected. This could be like installing a trojan horse into your infrastructure. A next-gen OOB console server should include enterprise-grade security features and integrate with zero trust security controls and policies.
Orchestrating critical data center infrastructure with a next-gen OOB console server
Next-gen or Gen 3 OOB console servers deliver end-to-end automation and orchestration capabilities, so you can efficiently control complex data center infrastructure. A next-gen solution includes vendor-neutral hardware and software, high-speed OOB access and failover, the ability to scale up or down as needed, and enterprise security features and functionality.
The Nodegrid next-gen OOB console server solution from ZPE Systems delivers true end-to-end automation for critical data center infrastructure. Nodegrid’s vendor-neutral hardware and software can control all your vendor solutions, so there are no barriers to automating anything and everything. For example, Nodegrid zero touch provisioning (ZTP) can extend to all connected devices, allowing you to deploy remote data center infrastructure with the push of a button.
The Nodegrid Serial Console S Series can even control legacy and mixed environments, so you can upgrade your data center infrastructure at your own pace without losing automation capabilities. The open architecture, Linux-based Nodegrid OS supports integrations with third-party automation solutions so you can create a customized orchestration platform that suits your enterprise’s unique use cases and staff skillsets.
Nodegrid delivers high-speed remote out-of-band access and failover via two dual-SIM high-speed 4G/5G/LTE slots, plus you can upgrade to 5G without having to do a forklift upgrade. With up to 96 managed ports in a streamlined 1U rack-mounted device, the Nodegrid Serial Console Plus can handle enterprise-scale deployments or scale with you as you grow. The Nodegrid next-gen OOB console server also keeps management and orchestration secure, with onboard security features like UEFI secure boot, properly integrated TPM 2.0 security, encrypted solid-state disks, and geofencing.
The Nodegrid Serial Console from ZPE Systems is a true next-gen OOB console server. It delivers end-to-end automation, high-speed OOB access and failover, scalable port configurations, and enterprise-grade zero trust security features.
ZPE Systems delivers innovative solutions to simplify infrastructure managment at the datacenter, branch, and edge.
Learn how our Zero Pain Ecosystem can solve your biggest network orchestration pain points.
