CONTACT US
1-844-4ZPE-SYS
ZPE CLOUD

Providing Out-of-Band Connectivity to Mission-Critical IT Resources

Home » Serial Consoles » Page 8

Uplogix 5000 Local Manager EOL Best Replacement Options

by | Jan 5, 2023 | Increase Productivity, Minimize Impact of Disruptions, NetDevOps, Remote Network Management, Serial Consoles

A businessman considers two different options, such as which model to replace the Uplogix 5000 Local Manager EOL with
The Uplogix 5000 Local Manager line of serial console servers will go end-of-life (EOL) on December 31, 2025, with software support ending on December 31, 2023. Uplogix recommends the LM83X as a replacement model, but there are some concerns and limitations to be aware of before you make this switch. In this blog, we’ll compare the new LM83X to the Uplogix 5000 Local Manager and discuss an alternative replacement option.

About the Uplogix 5000 Local Manager

The 5000 Local Manager is Uplogix’s flagship serial console, providing out-of-band (OOB) management for up to 38 devices. Management access is delivered via two 10/100/1000 Mbps Base-T Ethernet interfaces, with a slot available for an optional v.92 modem, cellular SIM, RS-232 card, or fiber module.

All Uplogix serial console servers use the Local Manager software platform for monitoring and management. This software includes automation capabilities for routine management, maintenance, and recovery tasks. However, the Local Manager platform does not support the use of third-party automation tools or custom scripts. In addition, while the 5000 Local Manager hardware can access and manage devices from other vendors, the management software is not easily extensible by the customer. That means users are locked into the vendor’s feature roadmap and automation capabilities.

Uplogix 5000 Local Manager tech specs:

System
CPU Intel 1.3 GHz Atom
RAM 1 GB
Storage 40 GB 2.5″ SSD
Local interfaces – Up to 38 x RS-232 Serial ports

– Up to 8 x dedicated 10/100/1000 Mbps Ethernet ports

– 1 x RS-232 Power management port

– 1 x RJ-11 Modem port

– 2 x USB ports
Management interfaces – 2 x 10/100/1000 Mbps Base Ethernet interfaces

– 1 x RS-232 Console port
Option slots 1 available for field installable internal modems (v.92, cellular, or RS232) or a fiber module
Expansion slots 2 available for:

– 8 Port Serial card

– 16 Port Serial card

– 8 Port Ethernet card (10/100/1000 Mbps)
Power Dual AC or Dual DC
Features
Vendor-neutral Heterogeneous device access and management
Security – Secure Shell (SSHv2)

– TACACS and Radius authentication

– IP and caller ID filtering

– FIPS 140-2 Level 2

– Automatic session management to prevent unauthorized access

– Enforces RBAC, command-level authorization

– Logging of user access, device changes, and session activity
OOB/Failover – POTS lines

– Cellular modems

– Fiber

– DSL

– Satellite
Device monitoring In-band or out-of-band data collection every 5 to 30 seconds
Environmental monitoring – Temperature

– Humidity
Remote access – SSHv2

– Secure access to web-only management interfaces
Automation Rule-based engine for automation of routine management tasks

– No third-party automation

– cannot be easily expanded by customer
Remote power management Monitors and controls power, can remotely restart a managed device

Uplogix ended the sale of the 5000 Local Manager at the end of 2020, with the EOL date set at 12/31/2022. The EOL Uplogix 5000 product SKUs are listed below.

Uplogix 5000 EOL replacement option: The Uplogix LM83X

Uplogix released a new Local Manager serial console to replace the 5000: the LM83X. This model can manage up to 104 devices through the use of three expansion bays for additional serial and Ethernet ports. In addition to two 10/100/1000 Base-T Ethernet interfaces, the new Local Manager has a 1-Gbps SFP port for faster management access.

The LM83X runs on the same Local Manager software platform as its predecessor, which means it also suffers from vendor lock-in and limited automation capabilities. In addition, the Uplogix platform has some advanced security features like FIPS 140-2 Level 2 certification and support for Radius authentication, but it doesn’t support SAML 2.0 for cross-domain single sign-on. That makes it difficult to extend Zero Trust Security best practices to the out-of-band management network, which can leave the entire enterprise vulnerable to an attack.

Another crucial consideration is that Uplogix was just bought by Lantronix, one of its biggest competitors. It’s still unknown how Uplogix will be integrated, leaving existing customers uncertain about the future of their hardware and software support contracts.

Uplogix 5000 Local Manager vs. LM83X tech specs:

Uplogix 5000 Uplogix LM83X
System
CPU Intel 1.3 GHz Atom Not listed
RAM 1 GB Not listed
Storage 40 GB 2.5″ SSD 256 GB NVMe
Local interfaces – Up to 38 x RS-232 Serial ports

– Up to 8 x dedicated 10/100/1000 Mbps Ethernet ports

– 1 x RS-232 Power management port

– 1 x RJ-11 Modem port

– 2 x USB ports

 – Up to 104 x RS-232 Serial ports

– 1 x USB-A port

– 1 x USB-C port
Management interfaces – 2 x 10/100/1000 Mbps BaseT Ethernet interfaces

– 1 x RS-232 Console port

 – 2 x 10/100/1000 BaseT Ethernet ports

– 1 x 1-Gbps SFP port
Option slots 1 available for field installable internal modems (v.92, cellular, or RS232) or a fiber module 1 available for field installable internal modems (v.92, cellular, or RS232) or a fiber module
Expansion slots 2 available for:

– 8 Port Serial card

– 16 Port Serial card

– 8 Port Ethernet card (10/100/1000 Mbps)

 3 available for:

– 8 Port, 16 Port, or 32 Port Serial cards

– 8 Port Ethernet card (10/100/1000 Mbps)

– LCD keypad
Power Dual AC or Dual DC Redundant internal universal power
Features
Vendor-neutral Heterogeneous device access and management Heterogeneous device access and management
Security – Secure Shell (SSHv2)

– TACACS and Radius authentication

– IP and caller ID filtering

– FIPS 140-2 Level 2

– Automatic session management to prevent unauthorized access

– Enforces RBAC, command-level authorization

– Logging of user access, device changes, and session activity

 – Secure Shell (SSHv2)

– TACACS and Radius authentication

– IP and caller ID filtering

– FIPS 140-2 Level 2

– Automatic session management to prevent unauthorized access

– Enforces RBAC, command-level authorization

– Logging of user access, device changes, and session activity
OOB/Failover – POTS lines

– Cellular modems

– Fiber

– DSL

– Satellite

 – POTS lines

– Cellular modems

– Fiber

– DSL

– Satellite
Device monitoring In-band or out-of-band data collection every 5 to 30 seconds In-band or out-of-band data collection every 5 to 30 seconds
Environmental monitoring – Temperature

– Humidity

 – Temperature

– Humidity
Remote access – SSHv2

– Secure access to web-only management interfaces

 – SSHv2

– Secure access to web-only management interfaces
Automation Rule-based engine for automation of routine management tasks

– No third-party automation

– Not easily expandable

 Rule-based engine for automation of routine management tasks

– No third-party automation

– Not easily expandable
Remote power management Monitors and controls power, can remotely restart a managed device Monitors and controls power, can remotely restart a managed device

Alternative Uplogix 5000 EOL replacement options from ZPE Systems

The Uplogix Local Manager solutions are what’s known as second generation, or Gen 2, out-of-band serial consoles. That means they provide heterogeneous device management, built-in security features, and some automation capabilities. However, they fall short of true vendor neutrality, which makes it impossible to achieve end-to-end network automation. In addition, without SAML 2.0 support, Uplogix devices are vulnerable to compromise by malicious actors who could use them to gain control over the production network.

To get secure and extensible OOB management access with end-to-end automation capabilities, you need a Gen 3 out-of-band serial console solution like the Nodegrid platform from ZPE Systems.

About the Nodegrid Serial Console Plus (NSCP)

The Nodegrid Serial Console Plus (NSCP) provides Gen 3 OOB management for up to 96 devices, including support for Cisco and legacy pinouts. Management access is delivered via two Gigabit Ethernet ports, two SFP+ ports, or v.92 modem, with out-of-band and network failover to dual SIM 5G/4G LTE cellular, WiFi, or v.92 modem.

All Nodegrid devices can be managed with one of two offerings: the on-premises Nodegrid Manager software or the ZPE Cloud application. Both solutions are easily extensible with your choice of third-party applications for infrastructure automation and orchestration, security, big data analytics, and more. Nodegrid hardware can even directly host other vendors’ software, giving you a convenient platform for Docker containers, Infrastructure as Code (IaC) playbooks, Security Service Edge (SSE) applications, and SD-WAN solutions.

The Gen 3 NSCP protects your infrastructure using Zero Trust best practices like SAML 2.0 support, disk encryption, and secure boot. ZPE Systems is also the only serial console vendor with a FIPS 140-3 pre-certification, making them the most secure OOB solution on the market.

Head-to-head: Uplogix 5000 vs. Uplogix LM83X vs. NSCP tech specs

Uplogix 5000 Uplogix LM83X Nodegrid Serial Console Plus (NSCP)
System
CPU Intel 1.3 GHz Atom Not listed Intel x 86, 64 bit
RAM 1 GB Not listed 4 GB / 8 GB
Storage 40 GB 2.5″ SSD 256 GB NVMe 32 GB FLASH
Local interfaces – Up to 38 x RS-232 Serial ports

– Up to 8 x dedicated 10/100/1000 Mbps Ethernet ports

– 1 x RS-232 Power management port

– 1 x RJ-11 Modem port

– 2 x USB ports

 – Up to 104 x RS-232 Serial ports

– 1 x USB-A port

– 1 x USB-C port

 – Up to 96 x RS-232 Serial ports

– 2 x 1-GbE Ethernet

– 2 x SFP+

– 2 x USB 3.0 ports

– 1 x HDMI port

– 1 x Console port

– can manage devices RS-232, USB, IPMI, SSH,Telenet, WebUI, RESTAPI

– can manage over 500 devices (mix of serial and IP) on a single appliance
Management interfaces – 2 x 10/100/1000 Mbps BaseT Ethernet interfaces

– 1 x RS-232 Console port

 – 2 x 10/100/1000 BaseT Ethernet ports

– 1 x 1-Gbps SFP port

 – 2 x 1-GbE Ethernet

– 2 x SFP+

– 1 x v.92 Modem
Option slots 1 available for field installable internal modems (v.92, cellular, or RS232) or a fiber module 1 available for field installable internal modems (v.92, cellular, or RS232) or a fiber module – Wi-Fi

– Dual SIM 5G/4G LTE cellular

– v.92 modem
Expansion slots 2 available for:

– 8 Port Serial card

– 16 Port Serial card

– 8 Port Ethernet card (10/100/1000 Mbps)

 3 available for:

– 8 Port, 16 Port, or 32 Port Serial cards

– 8 Port Ethernet card (10/100/1000 Mbps)

– LCD keypad
Power Dual AC or Dual DC Redundant internal universal power Single or Dual AC, Dual DC
Features
Vendor-neutral Heterogeneous device access and management Heterogeneous device access and management – Vendor-neutral device access and management

– Can directly host third-party apps for security, automation, etc.

– Platform integrates with third-party solutions not hosted on Nodegrid hardware

– Can extend Zero Touch Provisioning to other vendor devices
Security – Secure Shell (SSHv2)

– TACACS and Radius authentication

– IP and caller ID filtering

– FIPS 140-2 Level 2

– Automatic session management to prevent unauthorized access

– Enforces RBAC, command-level authorization

– Logging of user access, device changes, and session activity

 – Secure Shell (SSHv2)

– TACACS and Radius authentication

– IP and caller ID filtering

– FIPS 140-2 Level 2

– Automatic session management to prevent unauthorized access

– Enforces RBAC, command-level authorization

– Logging of user access, device changes, and session activity

 Hardware Security:

– TPM 2.0

– Encrypted solid-state disk

– UEFI BIOS with protection

– Secure boot (signed OS)

– Geofencing

Authentication:

– Local

– RADIUS

– TACACS+

– LDAP/AD

– NIS and Kerberos

– SAML 2.0 (Okta, Duo, PingID, ADFS)
OOB/Failover – POTS lines

– Cellular modems

– Fiber

– DSL

– Satellite

 – POTS lines

– Cellular modems

– Fiber

– DSL

– Satellite

 – 5G/4G/LTE

– V.92 modem

– Wi-Fi
Device monitoring In-band or out-of-band data collection every 5 to 30 seconds In-band or out-of-band data collection every 5 to 30 seconds – Keystroke logging

– Logging to ZPE Cloud, NFS, Local

– Alert on cable disconnects
Environmental monitoring – Temperature

– Humidity

 – Temperature

– Humidity

 – Particulate

– Smoke

– Airflow & temperature

– Proximity/door lock

– Temp & humidity

– 7-port USB hub

– 8-port GPIO

– 4-port Relay
Remote access – SSHv2

– Secure access to web-only management interfaces

 – SSHv2

– Secure access to web-only management interfaces

 – SSH direct to consoles

– ZPE Cloud (web) or Nodegrid Manager (local)
Automation Rule-based engine for automation of routine management tasks

– No third-party automation

– cannot be easily expanded by customer

 Rule-based engine for automation of routine management tasks

– No third-party automation

– cannot be easily expanded by customer

 – ZPE Cloud

– Chef

– Docker

– KVM Hypervisor

– Puppet

– Python

– RedHat Ansible

– Ruby

– ShellScript

– Node.js JavaScript
Remote power management Monitors and controls power, can remotely restart a managed device Monitors and controls power, can remotely restart a managed device – Support major power strip manufacturers

– Power management integrated with serial session (escape sequence in the serial session or power buttons in web serial session)

– Power control of VMs

– Access rights for users and user groups

The Uplogix LM83X is the direct replacement for the EOL Uplogix 5000 Local Manager, which means it provides the same base capabilities with some upgraded hardware features. However, this also means the LM83X suffers from the same limitations as its predecessor, namely a lack of SAML 2.0 integration and a closed management platform that doesn’t support third-party automation. To achieve end-to-end network automation, you need a Gen 3 OOB serial console solution like the Nodegrid Serial Console Plus.

Uplogix 5000 Local Manager EOL product SKUs

Product SKU Description End of Hardware Support End of Software Support End of Life End of Sale
71-1321-10 FIPS Uplogix 5000 Local manager, 14 Serial, V.92 modem 12/31/2023 12/31/2025 12/31/2025 12/31/2020
61-5001-01 Uplogix 5000 8 Port Serial Expansion Module w/LMS-FIPS 12/31/2023 12/31/2025 12/31/2025 12/31/2020
61-5500-30 Uplogix 5000 Local Manager 12/31/2023 12/31/2025 12/31/2025 12/31/2020
61-5500-33 FIPS Uplogix 5000 Local Manager 12/31/2023 12/31/2025 12/31/2025 12/31/2020

Ready to replace your Uplogix 5000​?

To replace your Uplogix 5000 Local Manager EOL serial console server with the Gen 3 Nodegrid Serial Console Plus, Contact ZPE Systems today!

Request a Demo Today

Data Center Colocation Services: Best Practices for Managing Remote Infrastructure

by | Sep 14, 2022 | Data Center Management, Data Center Resilience, Increase Productivity, NetDevOps, NetDevOps Transformation, Network Automation, Out of Band Management, Remote Network Management, Serial Consoles

Data center colocation services can help your customers stay secure

The demand for data center colocation services is on the rise, with the industry estimating an increase of 13.35% in 2022. Colocation services are often less expensive than maintaining an on-site data center, allowing you to redirect resources to more exciting and lucrative technology initiatives. However, remote infrastructure can be more challenging to monitor, secure, and troubleshoot. Plus, if you’re not careful, usage-based pricing could cause your budget to spiral out of control. Here’s what to know about the potential challenges and the best practices to implement to avoid common pitfalls.

Data center colocation services: Challenges and solutions

Challenge 1: Visibility

One way that data center colocation services differ from on-premises data centers is that there is often less physical access to and visibility over the infrastructure. Administrators can’t pop in every day to check environmental conditions like temperature and humidity or to verify that nobody has opened the cage without permission or physically tampered with the equipment. This can make it challenging to maintain optimal conditions to extend the life of your equipment and prevent catastrophic failure.

In addition, colocation facilities also follow the shared responsibility model, which means they’re responsible for a certain portion of security, and you’re responsible for the rest. The facility usually has security cameras, electronic door locks, and other security measures in place, but you generally won’t have access to the videos or logs as a customer. That means you need to ensure that you make up the difference with comprehensive monitoring solutions so there are no gaps in your coverage.

Solution 1: Environmental and infrastructure monitoring

Environmental monitoring sensors collect data on conditions in the data center, providing administrators with a virtual presence in remote colocation facilities. The sensors connect to the I/O ports of console servers and other infrastructure management systems, allowing administrators to monitor things like temperature, humidity, and air quality. Often, these systems use pre-set baselines and will trigger automatic alerts when conditions exceed safe levels, making it easier to efficiently monitor remote infrastructure.

Some environmental monitoring systems also include physical tampering sensors, which will alert administrators if someone opens the door to your cage or comes in close proximity to your equipment without prior authorization. This helps to supplement the physical security provided by colocation services and gives you more control over your remote infrastructure.

Challenge 2: Compliance with data privacy regulations

When the infrastructure used to store and process data is no longer managed on-site by in-house staff, it gets much more difficult to stay compliant with strict data privacy regulations. For example, if your organization processes HIPAA data, you need to know exactly who has access to that data, what specific data they access, and why they need access. That also includes access to the infrastructure that stores and processes the data.

If that infrastructure is housed and managed by a third party, as is the case with data center colocation, you need stricter privacy and security controls to maintain compliance.

Solution 2: Zero trust security

The zero trust security methodology is based on the principle of “never trust, always verify.” In the zero trust model, you microsegment your network to facilitate the creation of highly precise security policies and controls. This allows you to control exactly who has access to which resources in your colocation facility.

In addition, the zero trust methodology recommends identity and access management (IAM) solutions with two-factor authentication (2FA) and user and entity behavior analytics (UEBA). These solutions force an account to re-verify its identity and re-establish trust before it can move to different microsegments and access other resources. This both aids in data privacy compliance and limits the lateral movement of compromised accounts, improving the overall security of your remote infrastructure.

Challenge 3: Around-the-clock access to remote infrastructure

Colocation data center infrastructure is managed remotely over the WAN, which requires an internet connection. When administrators manage that infrastructure on the same production network used for data traffic, it’s known as in-band management.

The issue with in-band management is that it relies on the same LAN architecture that’s used in production. That means a misconfiguration or hardware failure that takes the LAN offline will also cut off all management access, making remote troubleshooting impossible. The same issue occurs if there’s a WAN failure or ISP outage.

If administrators can’t troubleshoot and recover the infrastructure remotely, you will need to dispatch a truck roll, which is both expensive and time-consuming. And, the longer that infrastructure is offline, the higher your downtime costs, including lost business and reputation damage.

Solution 3: Out-of-band (OOB) management

Out-of-band (OOB) management uses serial consoles with secondary WAN interfaces to provide an alternative path to remote infrastructure. OOB serial consoles create a dedicated management network that’s separate from the production LAN. This gives you the ability to perform resource-intensive orchestration workflows without negatively impacting production performance.

OOB management also allows administrators to remotely troubleshoot device failures, LAN misconfigurations, and other sources of outages. This reduces your reliance on truck rolls and helps you recover from outages quicker, so you can lower your costs and protect your reputation.

Challenge 4: Colocation bills

The cost of data center colocation services is generally dependent on your power and bandwidth usage as well as the amount of space your equipment takes up. If not managed properly, usage-based pricing can cause your monthly bill to vary dramatically, wreaking havoc on your budget. Many factors lead to usage spikes, such as sudden surges in demand and inefficient power distribution.

Plus, as your business grows and your technology requirements evolve, you may need to scale up the number of devices in your rack. And as you add more computing, storage, and server resources, you also need more management devices (e.g., serial consoles), all of which take up valuable real estate in the data center.

Solution 4: DCIM orchestration, SDN, and all-in-one devices

This particular challenge has multiple solutions, any or all of which can help keep costs in check while enabling easier scaling.

Data center infrastructure management (DCIM) solutions provide a centralized platform from which to monitor and control remote infrastructure. DCIM tools give administrators the ability to monitor power flows and redistribute loads on demand for more efficient power usage. Modern DCIM orchestration solutions also include automation capabilities for optimal power load balancing.

Software-defined networking (SDN) creates a virtual overlay network, dedicated to management and orchestration, that sits on top of the network architecture. This facilitates the use of sophisticated network automation workflows such as intelligent routing, which can automatically redirect traffic to alternative resources when the bandwidth load on your colocation infrastructure is too high. SDN can help you stay within bandwidth usage thresholds at your colocation data center(s), so you can use your services more cost-effectively.

Finally, all-in-one networking devices can help you reduce the number of boxes in your rack, so you use less square footage in the data center. For example, a device like the Nodegrid Serial Console Plus provides out-of-band management access, routing, switching, and network failover in a single box. Plus, it includes 96 managed serial ports in a single 1U rack-mount form factor, reducing the number of management devices required to control large-scale data center deployments.

Want more solutions on how ZPE can help?

Learn more about how Nodegrid can help you efficiently manage your data center colocation services!

Contact ZPE Systems

Zero Trust Network Access vs. VPN for Branch and Edge Networking

by | Sep 7, 2022 | Improve Network Security, Minimize Impact of Disruptions, NetDevOps, Secure Access Service Edge (SASE), Security Service Edge (SSE), Serial Consoles, User Management, Zero Trust Security

When comparing zero trust network access vs. VPN, they both have benefits for security, speed, and scalability

Organizations are starting to recognize the benefits of edge computing, which moves data processing resources closer to the sources of data generation and away from the central data center. In addition, businesses are becoming more geographically dispersed, with branch offices, manufacturing facilities, and other remote sites around the world.

While larger remote sites are typically connected to the enterprise network via WAN or SD-WAN, this may not be feasible for smaller branches with fewer staff. Traditionally, VPNs (virtual private networks) are used to create a private connection for remote systems and users. However, a new technology called Zero Trust Network Access improves upon VPNs by providing faster and more secure remote connections.

What is a VPN?

A VPN, or virtual private network, is a service that creates an encrypted connection between a device and a network. In this particular use case, VPNs are used to extend the enterprise network to branch and edge locations. Often, organizations use VPNs as an alternative to installing expensive WAN solutions in very small remote sites. They’re also used to connect sites that are unreachable by traditional network infrastructure, such as offshore oil rigs.

Though VPN traffic is encrypted, there are still security risks. Many VPNs still use single-factor authentication, meaning all you need is a username and password to connect. If a remote user’s account information is stolen, a hacker could easily gain access because they don’t need to provide a second form of identity verification.

In addition, VPNs grant complete access to the enterprise network, trusting remote users and devices just like they were in the main office. That means a malicious actor could use a compromised account or stolen laptop to move laterally around your enterprise network, stealing whatever data they can find.

What is Zero Trust Network Access (ZTNA)?

Zero trust network access, or ZTNA, is another product or service that connects remote users and devices to enterprise network resources. However, instead of creating a tunnel to the enterprise network itself, ZTNA directly connects users to the applications and services they need. Users then need to re-verify their identity and re-establish trust before they access another application.

ZTNA follows the “dark cloud” concept, which prevents remote users from seeing or interacting with any of the data, systems, or applications they aren’t explicitly authenticated to. Microsegmentation is used to create perimeters around each resource with granular, context-based access control policies.

For example, if a branch office employee uses ZTNA to access the shipping system, they can’t see or touch the payroll application unless they authenticate to that specific resource. If the account is behaving suspiciously (logging in at unusual times, accessing resources it doesn’t typically need, etc.) then the account is locked until trust can be re-established. The dark cloud principle prevents malicious actors from discovering valuable resources and moving laterally on the enterprise network.

Comparing zero trust network access vs. VPN for branch and edge networking

Trust

Zero trust network access is more secure than VPNs because it follows the zero trust security model of “never trust, always verify.” Branch and edge accounts are assumed to be untrustworthy until they prove otherwise through repeated identity verification and trustworthy behavior. Remote accounts never have full access to the enterprise network and can only see and interact with the specific resources they’re presently authenticated to.

Authentication

While newer VPNs may allow integrations with third-party MFA (multi-factor authentication) providers like Okta, many organizations are still using single-factor authentication for VPN clients. That makes it much easier for a hacker to use a single set of stolen credentials to gain unrestricted access to the enterprise network. In addition, if a branch employee leaves their VPN session active and their laptop is stolen (for example, because it was in an unsecured building that’s open to the public), the thief can use that session to jump around the network without ever needing to re-verify or re-authenticate.

Performance

VPN connections are notoriously slow. All VPN traffic needs to be backhauled through a centralized concentrator, which creates massive bottlenecks and network latency. ZTNA, on the other hand, connects branch and edge devices directly to the resources they need. If that resource lives on the web or in the cloud, the traffic bypasses the enterprise network entirely, reducing the load and improving performance for everyone.

Scalability

Finally, VPNs are meant to be deployed to individual users on a case-by-case basis. Scaling up is difficult and expensive because you need to purchase licenses and install software for each machine that connects. Also, the more VPN connections, the greater the impact on network performance, and the more VPN concentrator solutions you’ll need to deploy to distribute the load. Gartner predicts that by 2025, 75% of enterprise-generated data will be processed at the edge, so individual VPN solutions won’t be able to keep up.

ZTNA is often delivered on the “as-a-service” model, which means it’s hosted in the cloud and doesn’t require any customer premises equipment (CPE). Licenses are scaled up or down at the click of a button, and there’s no software to install on remote machines. This makes ZTNA the ideal choice for enterprises hoping to expand their global reach or scale up their edge computing capabilities.

Deploying ZTNA for branch and edge networks

Zero trust network access is available as a standalone service, but you can also find it among the cloud-oriented security stack in a Security Service Edge (SSE) solution. SSE combines ZTNA with security technology such as Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), and Firewall-as-a-Service (FWaaS). This suite of cloud security features delivers comprehensive protection for branch and edge networks while reducing the need for remote traffic to pass through the central data center.

Learn more about branch and edge networking:

Need more help on branch and edge networking?

Need more help comparing zero trust network access vs. VPN for branch and edge use cases?

Contact ZPE Systems

Data Center Orchestration with Gen 3 OOB for Digital Services Providers

by | Aug 30, 2022 | Data Center Management, Data Center Resilience, Increase Productivity, NetDevOps, NetDevOps Transformation, Network Automation, Out of Band Management, Remote Network Management, Serial Consoles

ata center orchestration
Large digital service providers face some unique data center and network management challenges. Customers and shareholders expect 24/7, high-speed access to these services from anywhere in the world. The scale and complexity of their infrastructure, combined with their highly distributed, global network architectures, can make it difficult for administrators to meet those expectations. In this article, we’ll discuss how data center orchestration with Gen 3 out-of-band (OOB) management helps digital service providers achieve the reliability their customers demand while reducing expenses and complexity.

Use case: Data center orchestration with Gen 3 out-of-band for digital service providers

The businesses in this use case provide digital services at a very large scale. They need to ensure constant availability and reliability because that’s what their customers expect, and it’s what their competitors promise. Some examples of large digital service providers include:

   Music or video streaming services
   Stock trading applications
   Online banking portals
   Cloud compute services
   SASE and SSE vendors
   Internet service providers (ISPs) and telecom companies
   Internet exchanges
   Storage as a Service providers

These companies typically host their resources in private data centers or colocation facilities, so they have total control over the hardware and infrastructure. Because of the extremely large scale of their operations, they need to deploy, maintain, and administer many machines. And, since they typically provide global services, they have a large, complex, and highly-distributed network architecture.

There are several major pain points for network administrators in this environment. First, they need to maintain constant access to remote infrastructure, even during network outages. Second, they need the ability to scale up their infrastructure on-demand by quickly deploying new machines with the correct configurations. Finally, they need to be able to monitor, manage, and optimize their complex network architectures.

Let’s look at how these pain points are solved using data center orchestration with Gen 3 OOB.

1. Constant availability

People expect 100% uptime from their digital services, which is why it’s always major news when a big provider like Netflix goes down. To try and achieve constant availability, these vendors typically use their own hardware in private data centers and colocation facilities rather than relying on public cloud hosting. They host their infrastructure in many different facilities around the world, both for redundancy and to ensure peak performance for globally distributed customers.

Between hiring freezes and staff cuts at major companies like Apple, Google, and Netflix, many of these companies don’t have enough technical staff to maintain a physical presence in all of these data centers. Instead, their administrators and engineers access this infrastructure remotely, using tools like serial consoles, KVM switches, and jump boxes to connect to devices in the rack. However, if they lose network access to the management device due to an ISP outage, hardware failure, or configuration mistake, they’re left without a way to remotely recover. That means they need to either dispatch a technician from their home office or pay for costly on-site managed services from their hosting facility. Either way, valuable time and money are wasted on travel and other logistics.

Out-of-band management solves this problem by providing an alternative path to remote network infrastructure. Data center orchestration solutions with Gen 3 OOB use a secondary network connection (typically a cellular modem) that is dedicated to management and troubleshooting. That means administrators can configure, troubleshoot, and orchestrate remote infrastructure even when the primary network connection is offline or overloaded with production traffic. This gives digital service providers the ability to recover from outages and other issues much faster, bringing them closer to their goal of 24/7 availability.

2. Scalability

Large digital service providers need to serve millions of customers who may live all over the globe. They also need to meet sudden spikes in demand without limiting the performance of their product. That means they need to deploy lots of machines to many different facilities, often very quickly. Plus, they need to do so without configuration mistakes, as these could delay deployment, create security vulnerabilities, or even require a truck-roll to fix.

Since deployments need to happen quickly, accurately, and repeatedly, that makes them a prime candidate for automation. There are two primary technologies used to automate data center deployments: zero touch provisioning (ZTP) and Infrastructure as Code (IaC). A Gen 3 OOB data center orchestration tool enables both.

Zero touch provisioning gives administrators the ability to deploy device configurations to remote hardware over a network connection. Earlier generations of OOB data center solutions often included ZTP for devices within a specific vendor’s ecosystem, but Gen 3 tools are vendor-agnostic. That means administrators can remotely deploy an entire data center of mixed-vendor solutions without risking security breaches and the potential for opening a backdoor through pre-staging or on-site configuration. Plus, Gen 3 OOB provides a dedicated network to use in the provisioning process, so if there’s an issue with the configuration that takes the new device offline, administrators can still remotely recover.

IaC decouples a device’s configuration from the underlying hardware, turning it into software code that’s executed according to programmatic playbooks. Gen 3 OOB data center orchestration solutions support automation through IaC, either by integrating with third-party IaC platforms or by directly hosting playbooks. This allows administrators to apply DevOps best practices to infrastructure configurations, for example running automated tests to verify the quality and security of the code before deployment. IaC also reduces the time and complexity involved in configuring new devices, because scripts are easily reusable and can be deployed as many times as needed.

Through automation technologies like ZTP and IaC, Gen 3 OOB data center orchestration platforms allow digital service providers to scale their infrastructure quickly and efficiently. Automation also reduces the risk of human error, which reduces the chances that rapid scaling will cause service interruptions.

3. Network complexity

Large digital service providers have complex and distributed network architectures. They may have dozens or even hundreds of remote sites connected to the WAN, each of which may have different vendor hardware, bandwidth requirements, and security risks. Plus, there are many thousands of users accessing those resources from all over the world. In this kind of environment, manual network management is too time-consuming and prone to error.

Once again, automation is key to overcoming this challenge. Network automation is enabled in much the same way as infrastructure automation—by implementing software abstraction to decouple the management plane from the underlying hardware. This is known as software-defined networking (SDN) or, in the case of WAN architectures, software-defined wide area networking (SD-WAN). Digital service providers use SD-WAN to virtualize their distributed networks, employing software network controllers and APIs to route and load-balance traffic.

The right data center orchestration solution centralizes management of the entire SD-WAN architecture, giving administrators a single pane of glass from which to monitor and control the virtual network. Gen 3 OOB platforms are vendor-neutral, which means they can dig their hooks into all of the various hardware and software solutions that make up an SD-WAN infrastructure. They enable end-to-end automation of network management workflows and provide orchestration capabilities to automate the deployment and execution of those automated workflows. This makes it possible for digital service providers to manage their highly complex network architectures efficiently while maintaining optimal performance.

Gen 3 OOB data center orchestration with Nodegrid

The need for constant availability, easy scalability, and efficient network management is what brings many major digital service providers to ZPE Systems. The Nodegrid data center orchestration platform is the first Gen 3 out-of-band solution that enables end-to-end automation and complete vendor freedom.

The Nodegrid Serial Console Plus (NSCP) is a high-density serial console for large-scale and hyperscale data centers and includes features such as 5G/4G LTE cellular OOB and network failover to ensure 24/7 remote access. Built on the open, Linux-based Nodegrid OS, the NSCP supports integrations with your choice of third-party solutions, or you can directly host your automation, security, and SD-WAN applications on the device itself. Plus, the ZPE Cloud management software provides a centralized, web-based orchestration platform from which to deploy, monitor, and control your entire network architecture.

ZPE is here to help!

Still want to learn more about the Nodegrid Gen 3 data center orchestration platform for large digital service providers?

Contact Us

Opengear CM7100 Alternative Options

by | Aug 26, 2022 | Increase Productivity, Minimize Impact of Disruptions, NetDevOps, Remote Network Management, Serial Consoles

Opengear CM Alternative Options

The Opengear CM series console servers provide out-of-band (OOB) management of data center infrastructure so that network administrators can access and control remote equipment from one centralized interface. Like other OOB serial consoles, the CM series gives admins an alternative path to remote infrastructure that doesn’t rely on the production LAN, WAN, or ISP network.

The CM7100 series is EOL as of the 31st of March, 2023, with an end-of-sale date of the 30th of September 2023 – click here to see a full list of affected product SKUs.

Opengear’s recommended replacement is the CM8100. Like the 7100, this is a traditional console server solution, which means it has gaps in its OOB capabilities due to vendor lock-in, limited automation support, and a lack of hardware security.

In this blog, we’ll discuss Opengear’s replacement solution as well as Opengear alternatives that deliver greater availability, functionality, and security.

Disclaimer: This comparison was written by a 3rd party in collaboration with ZPE Systems using data gathered from publicly available data sheets and admin guides, as of 4/28/2023.

Please email us if you have corrections or edits, or want to review additional attributes: Matrix@zpesystems.com

Table of Contents

Opengear CM7100 overview

The Opengear CM7100 is a line of OOB console servers for data centers and large enterprise deployments. The CM7100 comes with 16, 32, 48, or 96 managed RJ45 serial ports and dual USB 2.0 managed console ports. OOB management and network failover are provided via dual LAN ports or dual LAN/SFP ports.

The CM7100 is primarily used in data center deployments to provide centralized remote control and OOB access. With the CM7100 now EOL, Opengear recommends migrating to the CM8100 series. Let’s take a look at the features, specifications, and limitations of the Opengear CM8100 before discussing some alternative options.

Looking for replacement options for other discontinued serial consoles and branch routers? Try:

 

Opengear replacement options: CM8100

The CM8100 is Opengear’s newest console server for large data center and enterprise deployments. The CM8100 comes with 16, 32, or 48 managed serial ports and 2 managed USB ports in a 1RU form factor, or up to 96 ports in 2RU. Like the other CM models, the 8100 does not come with cellular or WI-Fi options, so it provides OOB and failover on dual Ethernet/SFP interfaces.

All CM models use Opengear’s Smart OOBTM, which includes automatic port discovery and VLAN support. However, the CM series does not support cellular access for OOB or failover. Further automation capabilities include zero-touch provisioning (ZTP), Opengear NetOps modules, and support for Ruby, Perl, and Bash.

On the security side, the CM8100 offers IPSec & OpenVPN, Secure Shell (SSHv2), Trusted Platform Module 2.0 (TPM 2.0), and advanced authentication via TACACS+, Kerberos, RADIUS, and more. However, none of the CM models support SAML 2.0, which makes it difficult to implement Zero Trust principles on the OOB management network.

Opengear CM8100 Features & Tech Specs

Notable Serial Console Features

• SSH direct to consoles

• Keystroke logging

• Multiple concurrent sessions

• Automatic device name discovery

OOB Managed Interfaces

• 16, 32, 48 ports (1RU)

• 96 ports (2RU)

Hardware

• 1.6 GHz Dual-Core ARM Cortex-A9 SoC CPU

• Dual Ethernet for OOB/Failover

Automation

• Opengear NetOps modules

• API access

• Docker support

• Python

• Perl and bash support

• ZTP

• SNMP-Standard MIBs

Automation for End Devices

ZTP

Guest OS

• Docker support

Power Management

• Control PDU outlets via serial, USB, and Ethernet

• Supports 100+ power vendors’ equipment

Hardware Security

• TPM 2.0

• Embedded firewall

Form Factor

Fixed 1RU or 2RU

Opengear CM limitations

While the CM8100 offers some improvements over the CM7100, it still falls short of delivering Gen 3 OOB console server functionality in the following ways.

The Opengear CM solution suffers from:

OOB inflexibility

While the CM7100 and CM8100 both provide OOB management access and network failover, they’re only available via dual Ethernet/SFP interfaces. None of the CM-series console servers come with options for cellular, Wi-Fi, or dial-up modem access. That means something like a regional network outage or data center LAN issue could potentially cut off access to both the OOB and production network.

Vendor lock-in

The Linux-based OS is programmable and extensible, but Opengear’s Lighthouse management software is not truly vendor-neutral. That means your hardware and software integration capabilities will be limited to specific supported solutions. For enterprises with hybrid, distributed, and multi-vendor infrastructures, this limitation could leave gaps in management and orchestration coverage. 

Limited automation

The CM8100 offers more automation capabilities than the 7100, but there are still limitations. For example, Lighthouse is required for ZTP and other automation capabilities, but it only extends to certain supported end-devices, which means you’ll need to manually configure, provision, and deploy the rest of your infrastructure–or stay within Opengear’s ecosystem, which limits your vendor freedom.

Lack of security

Opengear added embedded TPM 2.0 security to the new CM8100 line to make the hardware more secure. However, the CM series does not include additional hardware security like geofencing, BIOS protection, or UEFI secure boot. This increases the risk that a stolen or compromised console server could be used to provide cybercriminals with unrestricted access to your OOB management network.

Both the Opengear CM7100 and CM8100 are 2nd generation serial console servers. That means they provide OOB management access as well as some automation functionality to simplify individual network management workflows. However, due to a lack of alternative OOB/failover interfaces, vendor lock-in, limited automation integrations, and minimal hardware security, the CM series falls short of the end-to-end automation and security required for a Gen 3 OOB solution.

CM7100 migration options from ZPE Systems

The Nodegrid solution from ZPE Systems is the world’s first Gen 3 OOB management platform. With a wide range of serial console servers and integrated branch services routers to choose from, three models in particular serve as direct replacements for the EOL Opengear CM7100: the Nodegrid Serial Console Plus (NSCP), the Nodegrid Serial Console S Series, and the Nodegrid Net Services Router (NSR).

Nodegrid Serial Console Plus (NSCP)

The high-density Nodegrid Serial Console Plus comes in 16, 32, 48, and 96 serial RJ45 port configurations as well as providing 2 USB 3.0 ports for a total of 98 managed devices on a single 1RU device. That makes the NSCP a direct replacement for 96-port CM7100 devices – to get the same number of ports on the CM8100, you’ll need a 2RU device that uses more rack space.

Nodegrid Serial Console S Series

The Nodegrid S series, which comes in 16, 32, or 48-port configurations, uses auto-sensing ports to provide seamless management of modern, legacy, and mixed-vendor infrastructure. The S Series serial console switch is the perfect legacy modernization solution because it allows you to extend automation to end devices that otherwise wouldn’t support it.

Nodegrid Net Services Router (NSR)

The Nodegrid Net Services Router is an all-in-one branch network solution that delivers out-of-band management, SD-WAN capabilities, and more in a single box. The NSR has a modular design so you can add extra terminal server capabilities, more storage or processing power, or extra GbE Ethernet ports to create a completely customized solution.

All Nodegrid boxes deliver OOB access and network failover via built-in 5G/4G LTE cellular and Wi-Fi, so you get 24/7 availability even during LAN and ISP outages. These devices run the open, Linux-based Nodegrid OS with full support for integrated NetDevOps automation solutions like Ansible, Chef, Docker, and Puppet. Nodegrid provides a separate control plane for OOB and automation, making it the ideal solution for a wide variety of business use cases, including

  • Extending automation to any environment or device
  • Enabling Zero Trust Network Access (ZTNA)
  • Increasing OOB & failover flexibility
  • Helping organizations become AI-ready

In addition, the vendor-neutral, web-based ZPE Cloud orchestration solution can dig its hooks into any Nodegrid-connected infrastructure, regardless of vendor, location, or private cloud provider. This gives you a single pane of glass from which to monitor and manage your on-premises, remote, and/or cloud-based infrastructure. Nodegrid’s vendor-agnostic platform enables true end-to-end automation and hyperautomation of enterprise networks.

Plus, Nodegrid includes robust hardware security features like BIOS protection, TPM 2.0, geofencing, and UEFI Secure Boot. The embedded, stateful firewall provides functionality such as multi-site IPSec VPN, advanced authentication, selectable cryptographic protocols and cyber suite levels, and Zero Trust 2FA and SAML 2.0.

 

Nodegrid NSCP

Nodegrid S Series

Nodegrid NSR

Notable Serial Console Features

• SSH direct to consoles

• Keystroke logging

• Logging to ZPE Cloud, NFS, Local

• Alert on cable disconnects

• Text pattern match with scriptable actions

• Multiple concurrent sessions

• Automatic device name discovery

• Session sharing for collaboration

• IP address per serial port

• Secure session logout enforcement

• Power control hotkey on serial port

• Configurable icon per serial port

• SSH direct to consoles

• Keystroke logging

• Logging to ZPE Cloud, NFS, Local

• Alert on cable disconnects

• Text pattern match with scriptable actions

• Multiple concurrent sessions

• Automatic device name discovery

• Session sharing for collaboration

• IP address per serial port

• Secure session logout enforcement

• Power control hotkey on serial port

• Configurable icon per serial port

• SSH direct to consoles

• Keystroke logging

• Logging to ZPE Cloud, NFS, Local

• Alert on cable disconnects

• Text pattern match with scriptable actions

• Multiple concurrent sessions

• Automatic device name discovery

• Session sharing for collaboration

• IP address per serial port

• Secure session logout enforcement

• Power control hotkey on serial port

• Configurable icon per serial port

OOB Managed Interfaces

• 16, 32, 48, 96 ports (1RU)

• 16, 32, 48 ports

• Up to 5 x 16-port RJ-45 Serial modules

Hardware

• Intel X86, 64-bit CPU optimized for running VMs and automation tools

• Dual-SIM 5G/4G/LTE, Wi-Fi, and V.02 modem for OOB/Failover

• Intel X86, 64-bit CPU optimized for running VMs and automation tools

• Dual-SIM 5G/4G/LTE, Wi-Fi, and V.02 modem for OOB/Failover

• Intel X86, 64-bit CPU optimized for running VMs and automation tools

• Dual-SIM 5G/4G/LTE, Wi-Fi, and V.02 modem for OOB/Failover

Automation

• ZPE Cloud

• Chef

• Docker

• Puppet

• Python

• Ruby

• ShellScript

• Node.js JavaScript

• Redhat Ansible

• KVM Hypervisor

• ZPE Cloud

• Chef

• Docker

• Puppet

• Python

• Ruby

• ShellScript

• Node.js JavaScript

• Redhat Ansible

• KVM Hypervisor

• ZPE Cloud

• Chef

• Docker

• Puppet

• Python

• Ruby

• ShellScript

• Node.js JavaScript

• Redhat Ansible

• KVM Hypervisor

Automation for End Devices

• ZPE Cloud

• Chef

• Docker

• Puppet

• Python

• Ruby

• ShellScript

• Node.js JavaScript

• Redhat Ansible

• KVM Hypervisor

• ZPE Cloud

• Chef

• Docker

• Puppet

• Python

• Ruby

• ShellScript

• Node.js JavaScript

• Redhat Ansible

• KVM Hypervisor

• ZPE Cloud

• Chef

• Docker

• Puppet

• Python

• Ruby

• ShellScript

• Node.js JavaScript

• Redhat Ansible

• KVM Hypervisor

Guest OS

• VMs, Docker, Kubernetes, LXC

• VMs, Docker, Kubernetes, LXC

• VMs, Docker, Kubernetes, LXC

Power Management

• Supports major power strips manufacturers

• Power management integrated with serial session (escape sequence in the serial session or power buttons in web serial session)

• Power control of VMs

• Access rights for users & user groups

• Supports major power strips manufacturers

• Power management integrated with serial session (escape sequence in the serial session or power buttons in web serial session)

• Power control of VMs

• Access rights for users & user groups

• Supports major power strips manufacturers

• Power management integrated with serial session (escape sequence in the serial session or power buttons in web serial session)

• Power control of VMs

• Access rights for users & user groups

Hardware Security

• TPM 2.0

• Encrypted solid-state disk

• UEFI BIOS with protection

• Secure Boot (signed OS

• Geofencing

• TPM 2.0

• Encrypted solid-state disk

• UEFI BIOS with protection

• Secure Boot (signed OS

• Geofencing

• TPM 2.0

• Encrypted solid-state disk

• UEFI BIOS with protection

• Secure Boot (signed OS

• Geofencing

Form Factor

Fixed 1RU

Fixed 1RU

Modular 1RU

The Nodegrid Gen 3 OOB solution is an Opengear alternative that delivers 24/7 availability, end-to-end automation, Zero Trust Security, and complete vendor freedom.

Watch a free Nodegrid demo to see a Gen 3 OOB serial console solution in action. Watch Now

Opengear CM7100 migration SKUs:

Opengear CM7100 EOL SKU

In Scope Features

ZPE Replacement Product

CM7116-2-SAC

CM7116-2-DAC

16 Serial ports, OOB management

Fixed Form Factor:

ZPE-NSCP-T16R-STND-SAC

ZPE-NSC-T16S-STND-SAC

ZPE-NSCP-T16R-STND-DAC

ZPE-NSC-T16S-STND-DAC

Modular Form Factor:

ZPE-NSR-816-DAC with 1 x 16 port serial module 1 x ZPE-NSR-16SRL-EXPN

CM7132-2-DAC

32 Serial ports, OOB management

Fixed Form Factor:

ZPE-NSCP-T32R-STND-DAC

ZPE-NSC-T32S-STND-DAC

Modular Form Factor:

ZPE-NSR-816-DAC with 2 x 16 port serial module 2 x ZPE-NSR-16SRL-EXPN

CM7148-2-SAC

CM7148-2-DAC

48 Serial ports, OOB management

Fixed Form Factor:

ZPE-NSCP-T48R-STND-SAC

ZPE-NSC-T48S-STND-SAC

ZPE-NSCP-T48R-STND-DAC

ZPE-NSC-T48S-STND-DAC

Modular Form Factor:

ZPE-NSR-816-DAC with 3 x 16 port serial module 3 x ZPE-NSR-16SRL-EXPN

CM7196A-2-DAC

96 Serial ports, OOB management

ZPE-NSCP-T96R-STND-DAC

Ready to replace your EOL Opengear CM7100 with a Gen 3 out-of-band serial console solution?

Call ZPE Systems today at 1-844-4ZPE-SYS for a special trade-in promotion. Contact US

Opengear Alternatives: Replacing the ACM7000 Resilience Gateway

by | Aug 10, 2022 | Increase Productivity, Minimize Impact of Disruptions, NetDevOps, Remote Network Management, Serial Consoles

OpenGearAlternatives
A gateway router is a crucial device for connecting remote IT deployments—such as retail stores, branch offices, or edge data centers—to the primary enterprise network. In this blog, we’ll review Opengear’s ACM line of gateway routers and explain their key features and limitations. In addition, we’ll discuss some Opengear alternatives that provide greater customization, control, and functionality.

The Opengear ACM7000 Resilience Gateway

The Opengear ACM7000 is a compact form-factor network gateway and console server for small remote and edge deployments. The ACM7000 integrates with Opengear’s Lighthouse software for centralized management and some automation capabilities. Out-of-band management is provided via the Smart OOBTM feature, with failover to an embedded 4G LTE cellular modem or an optional dial-up PSTN modem.

The Opengear ACM7000 combines gateway routing features with terminal server capabilities, enabling you to reduce the number of devices in your small remote deployments. The ACM7000 comes with 4-8 Cisco pinout serial ports and 4 USB 2.0 console ports, as well as 2 Digital I/O (DIO) ports and 2 High Voltage Digital Outputs (HVDO). Gateway router features include a stateful firewall, DHCP server, DDNS, and IP filtering.

The ACM7000’s auto-response feature allows you to write custom scripts that are triggered by specific events such as power failures, environmental sensor alarms, or network outages. These scripts can alert administrators to problems and in some cases remediate issues without human intervention.

Opengear ACM7000 key features

  • Smart OOBTM management
  • Centralized management through Opengear Lighthouse
  • Integrations with Nagios NSCA & NRPE
  • Link Layer Discovery Protocol (LLDP) automatic device discovery
  • Failover to embedded 4G LTE cellular modem
  • SSL and IPsec VPN
  • Stateful firewall with IP filtering and port forwarding
  • Automatic monitoring, detection, and recovery from equipment faults

Opengear ACM7000 limitations

The Opengear ACM7000 is what’s known as a 2nd generation, or Gen 2, OOB device. That means it provides reliable out-of-band management access and some automation capabilities for individual tasks and workflows. However, the ACM’s automation is limited to a handful of supported integrations, specific scripting languages, and Lighthouse playbooks.

Some additional automation functionality—such as end-device zero-touch provisioning (ZTP)—is only available through upgraded versions of Opengear’s Lighthouse management software. This makes it challenging to fully automate and orchestrate remote network infrastructure, which is crucial for NetDevOps transformation.

In addition, the ACM7000 only goes part of the way towards consolidating your remote network infrastructure. It combines gateway routing and OOB terminal server capabilities, with an option to add a 4-port Ethernet switch in the 7004-5 models. The Opengear ACM does not include built-in functionality for SD-WAN (software-defined wide area networking), though it has the ability to work with third-party SD-WAN architectures. It also doesn’t support hosting for applications, VMs, or containers, which means you’ll need additional hardware for things like edge computing and next-generation firewall (NGFW) software hosting.

To get full end-to-end automation of remote and edge network deployments while consolidating your tech stack and reducing operational complexity, you need a Gen 3 OOB gateway like the Nodegrid line of services routers from ZPE Systems.

Opengear alternatives: Nodegrid Services Routers

Nodegrid Services Routers, or SRs, are vendor-neutral, all-in-one branch networking solutions. Nodegrid delivers secure out-of-band management access via your choice of high-speed 5G/4G LTE cellular, Wi-Fi, and/or dial-up modem. Nodegrid hardware runs on the Linux-based, x86-64bit Nodegrid OS to ensure easy integrations with third-party software, including automation and orchestration tools like Puppet, Chef, Ansible, and RESTful APIs. Plus, the ZPE Cloud management platform provides centralized, web-based management of your multi-vendor environments.

Nodegrid’s vendor-agnostic platform enables true NetDevOps hyperautomation, which is the ability to fully automate every task and workflow without compromise. That means more efficient management of remote, edge, and branch locations.

Plus, Nodegrid SRs are complete branch-in-a-box solutions, rolling up all your remote network technology into one compact device. For example, the Nodegrid Hive SR is a multi-function box that delivers gateway routing, SD-WAN, Wi-Fi, secure OOB, end-device ZTP, and VM/container/VNF (virtual network functions) hosting for small edge and branch deployments. Another option for more customized and scalable functionality is the modular Nodegrid Net SR (or NSR), which allows you to extend your solution with expansion modules for additional serial, Ethernet, USB, PoE+, and SFP ports as well as storage and compute modules.

Nodegrid Services Routers key features

  • Strong out-of-band management integration
  • Extensible applications with virtualization and containers
  • Zero Touch Provisioning (ZTP) over the WAN for fast and easy remote setup
  • Centralized, vendor-neutral management through ZPE Cloud and Nodegrid Manager solutions
  • Modern, open-architecture x86-64bit Linux Kernel with fast security patching
  • Failover to 5G/4G/LTE and Wi-Fi
  • SSL VPN & Secure Tunnel
  • DHCP server with extra IP addresses for remote site, or replace current router altogether
  • Embedded firewall with IP packet and security filtering, IP forwarding support
  • Selectable encrypted cryptographic protocols & cyber suite levels
  • Power control and monitoring to get alerts on device health and solve problems automatically
  • Orchestration support via Puppet, Chef, Ansible, RESTful

Nodegrid SR models and use cases

  • Nodegrid Net SR (NSR): Scalable and customizable for any use case, including data center and large branch deployments
  • Nodegrid Bold SR: Versatile all-in-one networking and terminal server functionality at edge and branch locations
  • Nodegrid Gate SR: Up to 10 types of managed interfaces for enhanced flexibility in branch and edge deployments
  • Nodegrid Hive SR: Branch-in-a-box capabilities in a compact device for distributed branch and edge sites

Nodegrid SRs are an alternative to Opengear ACM7000 gateways for organizations that need vendor freedom, end-to-end remote network automation, and consolidated technology stacks. With the Nodegrid solution, you get a unified network automation and orchestration platform from which to deploy, monitor, and control your distributed network architecture.

Learn more about remote, branch, and edge networking:

→   How to Choose the Best Branch Office Connectivity Solution for Your Network
→   Why Out-of-Band Remote Access is Critical for Branch Networking
→   Simplifying Network Edge Orchestration With a Single Platform
→   How to Use a Cloud Managed Gateway Router to Optimize OT Automation

Still curious about Opengear alternatives?

To see Opengear alternatives in action, contact ZPE Systems to watch a Nodegrid demo.

Request a Demo Today

Opengear ACM7000 product SKUs

Product SKU Description
ACM7004-2-L 4 serial Cisco Straight pinout, ext power, dual 1 GbE Ethernet, Global 4G LTE-A Pro cellular, 2 DIO and 2 output ports
ACM7004-2-LMP 4 serial Cisco Straight pinout, ext power, dual 1 GbE Ethernet, 4G LTE-A Pro cellular, 2 DIO and 2 output ports
ACM7004-5-L 4 serial Cisco Straight pinout, ext power, 1 GbE Ethernet or fiber SFP, 4 port GbE switch, Global 4G LTE-A Pro cellular, dual SIM, 2 DIO and 2 output ports, global power adapter
ACM7004-5-LMP 4 serial Cisco Straight pinout, ext power, 1 GbE Ethernet or fiber SFP, 4 port GbE switch, 4G LTE-A Pro cellular, dual SIM, 2 DIO and 2 output ports, global power adapter
ACM7008-2-L 8 serial Cisco Straight pinout, ext power, dual 1 GbE Ethernet, Global 4G LTE-A Pro cellular, 2 DIO and 2 output ports, global power adapter
ACM7008-2-LMP 8 serial Cisco Straight pinout, ext power, dual 1 GbE Ethernet, 4G LTE cellular, dual SIM, 2 DIO and 2 output ports, global power adapter
ACM7004-2 4 serial Cisco Straight pinout, ext power, dual 1 GbE Ethernet, 4 USB console ports, 2 DIO and 2 output ports, global power adapter
ACM7004-2-M 4 serial Cisco Straight pinout, ext power, dual 1 GbE Ethernet, 4 USB console ports, PSTN modem, 2 DIO and 2 output ports
ACM7004-5 4 serial Cisco Straight pinout, ext power, 1 GbE Ethernet or fiber SFP, 4 port GbE switch, 2 DIO and 2 output ports, global power adapter
ACM7008-2 8 serial Cisco Straight pinout, ext power, dual 1 GbE Ethernet, 4 USB console ports, 2 DIO and 2 output ports, global power adapter
ACM7008-2M 8 serial Cisco Straight pinout, ext power, dual 1 GbE Ethernet or fiber SFP, 4 USB console ports, PSTN modem, 2 DIO and 2 output ports, global power adapter

 

Nodegrid Net Services Router (NSR) product SKUs

Product SKU Description
NSR-TOP1-DAC 1 RS-232 serial, 1 USB 3.0 console port, 2 USB 2.0 console ports, dual 1GbE Ethernet, dual SFP+ Ethernet, 1 HDMI port, on-board switch, 5 slots, dual AC power
NSR-BASE-DAC 1 RS-232 serial, 1 USB 3.0 console port, 2 USB 2.0 console ports, dual 1GbE Ethernet, dual SFP+ Ethernet, 1 HDMI port, on-board switch, 5 slots, dual AC power
NSR-LITE-DAC 1 RS-232 serial, 1 USB 3.0 console port, 2 USB 2.0 console ports, dual 1GbE Ethernet, dual SFP+ Ethernet, 1 HDMI port, 5 slots, dual AC power
NSR-TOP1-SAC 1 RS-232 serial, 1 USB 3.0 console port, 2 USB 2.0 console ports, dual 1GbE Ethernet, dual SFP+ Ethernet, 1 HDMI port, on-board switch, 5 slots, single AC power
NSR-TOP1-SAC-POE 1 RS-232 serial, 1 USB 3.0 console port, 2 USB 2.0 console ports, dual 1GbE Ethernet, dual SFP+ Ethernet, 1 HDMI port, on-board switch, 5 slots, single AC and PoE power
NSR-BASE-SAC-POE 1 RS-232 serial, 1 USB 3.0 console port, 2 USB 2.0 console ports, dual 1GbE Ethernet, dual SFP+ Ethernet, 1 HDMI port, on-board switch, 5 slots, single AC and PoE power
NSR-16ETH-EXPN NSR 16 port 1GbE Ethernet expansion card
NSR-8ETH-POE-EXPN NSR 8 port 1GbE Ethernet with PoE+ expansion card
NSR-16SRL-EXPN NSR 16 port RJ45 Serial Rolled expansion card
NSR-16USB-EXPN NSR 16 port USB Type A expansion card
NSR-8SFP-EXPN NSR 8 port 1GbE SFP expansion card
NSR-16SFP-EXPN NSR 16 port 1GbE SFP expansion card
NSR-DISK-EXPN NSR Storage expansion card
NSR-COMP-EXPN NSR Compute 4-core, 8GB DDR4, 32GB SATA expansion card
NSR-M2-EXPN NSR M.2 / SATA expansion card
NSR-COVER Accessory: NSR Cover Plate
M2-WIFI Accessory: M.2 Wi-Fi
M2-CELL Accessory: M.2 Cellular – Dual SIM
M2-S064 Accessory: M.2 SATA 64GB
M2-S128 Accessory: M.2 SATA 128GB

 

Nodegrid Gate SR product SKUs

Product SKU Description
GSR-T8-BASE 8 RJ45 serial rolled, 1 GbE Ethernet, 2 SFP+, 4 GbE Ethernet with built-in switch, 4 PoE+ GbE Ethernet with built-in switch, 2 GPIO ports, 1 digital out port, 1 relay port, 2 USB 3.0 Type A, 2 USB 2.0 Type A, 1 HDMI port, 32GB iSLC SATADOM
GSR-T8-UPG1 8 RJ45 serial rolled, 1 GbE Ethernet, 2 SFP+, 4 GbE Ethernet with built-in switch, 4 PoE+ GbE Ethernet with built-in switch, 2 GPIO ports, 1 digital out port, 1 relay port, 2 USB 3.0 Type A, 2 USB 2.0 Type A, 1 HDMI port, 128GB iSLC SATADOM
GSR-PSU Accessory: 54VDC external 100-240 VAC, 50/60 Hz power adapter
PCI-WIFI-B Accessory: Mini PCI Wi-Fi
M2-CELL-C Accessory: M.2 Cellular 4G/LTE with dual-SIM
GSR-SATA Accessory: SATA Storage Expansion Kit (HDD/SDD not included)

 

Nodegrid Hive SR product SKUs

Product SKU Description
HSR-N8-BASE 1 RS-232 serial, 1 mini-USB console port, ext power, dual 1GbE Ethernet or SFP/vDSL, dual 10 Gbps cages for PON or SFP+, 4 10/100/1000/2.5 Gbps RJ45 with VLAN support, +12 VDC PSU w/regional AC cord options
CST-GEN-HSR-S 1 RS-232 serial, 1 mini-USB console port, ext power, dual 1GbE Ethernet or SFP/vDSL, dual 10 Gbps cages for PON or SFP+, 4 10/100/1000/2.5 Gbps RJ45 with VLAN support, +12 VDC PSU w/regional AC cord options, M.2 NVMe 128 GB SSD
CST-GEN-HSR-SW4G 1 RS-232 serial, 1 mini-USB console port, ext power, dual 1GbE Ethernet or SFP/vDSL, dual 10 Gbps cages for PON or SFP+, 4 10/100/1000/2.5 Gbps RJ45 with VLAN support, +12 VDC PSU w/regional AC cord options, M.2 NVMe 128 GB SSD, M.2 802.11ax Wi-Fi 6 dual-band, M.2 dual-SIM 4G LTE cellular
CST-GEN-HSR-4G 1 RS-232 serial, 1 mini-USB console port, ext power, dual 1GbE Ethernet or SFP/vDSL, dual 10 Gbps cages for PON or SFP+, 4 10/100/1000/2.5 Gbps RJ45 with VLAN support, +12 VDC PSU w/regional AC cord options, M.2 dual-SIM 4G LTE cellular
CST-GEN-HSR-5G 1 RS-232 serial, 1 mini-USB console port, ext power, dual 1GbE Ethernet or SFP/vDSL, dual 10 Gbps cages for PON or SFP+, 4 10/100/1000/2.5 Gbps RJ45 with VLAN support, +12 VDC PSU w/regional AC cord options, M.2 5G cellular
HSR-PSU Accessory: 12VDC external 100-240 VAC, 50/60 Hz power adapter
HSR-WMNT Accessory: HSR wall mounting kit

 

Nodegrid Link SR product SKUs

Product SKU Description
LSR-T1-Base 1 RJ45 serial rolled, 1 GbE SFP, 1 GbE Ethernet with PoE in, 2 GPIO ports, 2 digital out ports, 2 USB 2.0 Type A, 1 VGA port, 16GB SATADOM
LSR-T1-UPG1 1 RJ45 serial rolled, 1 GbE SFP, 1 GbE Ethernet with PoE in, 2 GPIO ports, 2 digital out ports, 2 USB 2.0 Type A, 1 VGA port, 128GB SATADOM
LSR-PSU Accessory: 12VDC external 100-240 VAC, 50/60 Hz power adapter
PCI-WIFI-B Accessory: Mini PCI Wi-Fi
M2-CELL-B Accessory: M.2 Cellular 4G/LTE with dual-SIM
LSR-SATA SATA Storage Expansion Kit (HDD/SDD not included)