CONTACT US
1-844-4ZPE-SYS
ZPE CLOUD

Providing Out-of-Band Connectivity to Mission-Critical IT Resources

Home » Serial Consoles » Page 9

What is a Serial Console’s Role in Modern Enterprise Networks?

by | Jul 27, 2022 | Data Center Management, Data Center Resilience, DevOps, Increase Productivity, NetDevOps, NetDevOps Transformation, Network Automation, Out of Band Management, Power Management, Remote Network Management, Scripting, Serial Consoles, Uncategorized

what is a serial console

Serial consoles have been used to manage business networks since the 80s, but things have changed significantly since then. What is a serial console’s role in modern enterprise networks? In this blog, we discuss the history and evolution of serial consoles as well as the exciting functionality provided by the latest generation.

What is a serial console?

A serial console—a console server, terminal server, serial console router, or serial console switch—is a networking device used to manage other devices. It connects to servers, switches, routers, and other equipment using the serial port (hence the name). Network administrators can then use the serial console to access all connected devices in the data center, server room, or network closet in which it’s installed.

Serial consoles allow admins to manage critical infrastructure without needing to log in to each separate device individually. A serial console also provides out-of-band (OOB) management, creating a completely separate network that’s dedicated to infrastructure management and troubleshooting. OOB management allows you to remotely troubleshoot, monitor, and administer your infrastructure, and more.

How serial consoles have evolved over time

A basic serial console—also called a Generation 1 serial console—provides consolidated remote access to critical infrastructure. It uses a secondary network connection (such as a dial-up modem or cellular SIM card) so admins can control and troubleshoot equipment without relying on the main production network. Using a Gen 1 serial console, admins can access each connected device’s CLI (command line interface).

Gen 1 serial consoles are relatively limited in control, security, and automation. For example, many Gen 1 serial consoles can only manage devices from the same vendor (or a small pool of supported manufacturers). A Gen 1 serial console also lacks in-depth security features like hardware encryption, and generally can’t integrate with third-party Zero Trust Security policies and controls. Plus, most Gen 1s completely lack automation capabilities, or limit you to basic CLI scripts for single tasks.

Gen 2 serial consoles

Frustration over these limitations led to significant advancements in the second generation of serial consoles, or Gen 2. With Gen 2 serial consoles, admins get more control, added security features, and expanded automation capabilities.

For instance, most Gen 2 consoles offer management functionality for third-party devices. These serial consoles also have some built-in security features like Trusted Platform Module (TPM) and frequently support advanced authentication methods like AD/LDAP, Kerberos, and RADIUS. Gen 2 serial consoles also allow for greater automation using Python scripts, APIs, and zero touch provisioning (ZTP).

While Gen 2 serial consoles offer more multi-vendor support than their extremely limited predecessors, they still fall short of true vendor neutrality. For instance, managing third-party and legacy devices often requires expensive adapters or complicated configuration tweaks. Many Gen 2 serial consoles also lack support for Zero Trust integrations such as SAML 2.0 (e.g., Okta, Ping, DUO), making it impossible to completely secure your out-of-band network.

Finally, while Gen 2 serial consoles introduce more automation capabilities, their closed architectures make it impossible to implement end-to-end NetDevOps automation. For example, you might only be able to use one specific scripting language or an approved set of playbooks. It’s also common for Gen 2 serial consoles to only support ZTP of connected devices from the same vendor, so you’re either limited in your automated provisioning capabilities or your choice of infrastructure solutions.

Gen 1 serial consoles provide remote, out-of-band management of multiple devices using CLI commands and scripts over a serial connection. Gen 2 evolved to incorporate more devices, more security features, and more automation capabilities. However, the serial console needed to develop even further to handle the needs of a modern enterprise network.

What is a serial console’s role in modern enterprise networks?

Today’s enterprise network is larger, more complex, and more distributed than Gen 1 serial console developers could have possibly imagined. Network administrators and engineers need to monitor, manage, and troubleshoot infrastructure devices from many different vendors in many different locations. Networks are also constantly threatened by cybercriminals using sophisticated hacking techniques and state-of-the-art malware. Plus, modern businesses must ensure near-constant availability and optimal network performance to stay competitive. Gen 1 and Gen 2 serial consoles simply can’t deliver the control, security, and resilience required by enterprise networks today.

The new Gen 3 serial console addresses older generations’ limitations through true vendor neutrality, multi-layered zero trust security, and end-to-end automation capabilities.

Total infrastructure control

Gen 3’s complete vendor neutrality makes it possible to extend your automation capabilities—including zero touch provisioning—to every physical and virtual asset in your environment, regardless of manufacturer. Gen 3 serial consoles also give network administrators a virtual presence in remote network locations (like data centers and branch offices) through which they can monitor environmental conditions in the rack, power-cycle and enter the BIOS menu of devices, manage power load distribution, and more.

This control is delivered via high-speed OOB (such as a 5G/4G cellular SIM card), giving you 24/7 remote access to critical enterprise infrastructure, even during an ISP outage. Plus, Gen 3 serial consoles use centralized cloud management, which means engineers can manage and troubleshoot remote infrastructure from anywhere, anytime.

A Gen 3 serial console is based on an open architecture, x86 OS, that supports integrations with your choice of infrastructure solutions, cloud services, and automation toolkits. It also includes flexible port configurations and legacy pinouts to control a variety of devices, such as PDUs, IPMI devices, and environmental monitoring sensors.

Comprehensive security

On a hardware level, Gen 3 serial consoles use features like encrypted disks, UEFI secure boot, and TPM 2.0 to ensure unauthorized users can’t access management functionality. Additionally, the OS is frequently updated and patched against new security vulnerabilities before they can be exploited. The Gen 3 serial console also automatically checks the integrity of all newly integrated hardware and software to ensure there are no backdoor vulnerabilities.

A Gen 3 serial console’s vendor-neutral platform supports easy integrations with a variety of zero trust security controls. For instance, you can manage user access to a Gen 3 serial console through third-party Identity and Access Management (IAM) solutions, allowing you to follow zero trust best practices like 2FA, SSO, and dynamic trust verification. A Gen 3 serial console can also integrate with on-premises and cloud-based network security solutions such as next-generation firewalls (NGFW), Secure Access Service Edge (SASE), and Security Service Edge (SSE).

A Gen 3 console includes robust onboard security features, which reduces the risk of an attacker using a stolen serial console to access your management network (and ultimately, your production systems and data). Its open architecture also enables integration with zero trust security controls and providers.

End-to-end automation

The open architecture of a Gen 3 serial console makes it possible to integrate with your choice of infrastructure automation and orchestration tools, or directly host VMs and Docker containers so you can run your own tools. With a Gen 3 serial console, you can use solutions like Ansible, Chef, Puppet, or Kubernetes to automate deployments. You can also use any API you want to automate any workload you need to, no matter how complex.

Gen 3’s advanced automation capabilities enable full pipeline automation so you can achieve NetDevOps transformation. Gen 3 serial consoles also facilitate immutable infrastructure, allowing faster and more agile deployments, updates, and replacements of critical network resources.

With a Gen 3 serial console, you can create a fully-automated network environment. This allows engineers to work more efficiently and reduces the risk of human error causing an outage or security breach.

Nodegrid Serial Console Plus (NSCP)

A Gen 3 serial console, like the Nodegrid Serial Console Plus (NSCP), gives you complete remote control over every component of your network infrastructure, regardless of location or manufacturer. Nodegrid also secures your OOB management network using zero trust security best practices and comprehensive onboard features. Finally, the Gen 3 NSCP allows you to automate whatever tools you want to use, so you can efficiently manage a complex enterprise network without sacrificing speed, security, or control.

 

Learn more about Gen 3 serial consoles:

→   Comparing the Best Console Servers for Data Centers in 2022
→   What Makes a Gen 3 Serial Console?
→   Why You Need a Next-Gen OOB Console Server

What is a serial console’s role in modern enterprise networks?

Schedule a demo of the Gen 3 Nodegrid Serial Console Plus to see for yourself!

Demo

Why You Need a Next-Gen OOB Console Server

by | May 26, 2022 | Data Center Management, Failover Connectivity, Increase Productivity, Minimize Impact of Disruptions, NetDevOps, NetDevOps Transformation, Network Automation, Out of Band Management, Remote Network Management, Serial Consoles, Uncategorized

oob console server

An OOB (out-of-band) console server is a fundamental data center tool that allows you to view, manage, and troubleshoot critical remote infrastructure on a dedicated network connection.

While the functionality of generation 1 console servers is limited, generation 2 models evolved to include features like automation and security. Now, as more enterprises embrace NetDevOps, there’s a need for greater automation and orchestration, which is why next-generation or generation 3 console servers are emerging.

In this post, we’ll discuss the advantages of a next-gen OOB console server and how these devices address the challenges and limitations of previous generations.

The importance of an OOB console server

An out-of-band console server may also be referred to as a serial console, serial console server, or serial console switch. There are also OOB serial console routers which include gateway routing functionality for small branch offices and use cases for edge data centers.

OOB console servers are tools fundamental for data center infrastructure management; they connect to all your remote network devices and give you the ability to control them on a dedicated management network remotely. This network is completely separate from the WAN circuit and internal LAN, and is accessed typically via cellular, dial-up, or DSL modem.

Out-of-band data center access is crucial for a few key reasons:

  1. It provides 24/7 remote access to your critical data center infrastructure even if your WAN link goes down, allowing you to troubleshoot and recover without expensive truck rolls.
  2. You can still view and manage remote devices even if malicious actors compromise your production network or data center infrastructure without exposing yourself.
  3. Conducting resource-intensive network orchestration on a dedicated management plane reduces the performance impact on your production network and end-users.

Why do you need a next-gen OOB console server?

As modern enterprise networks have grown more complex and distributed, so have network and data center management workflows. This complexity makes it harder for engineers to efficiently manage their workloads and increases the risk of human error, especially with multi-vendor and hybrid network infrastructures.

These pain points led to the evolution of automated network management tools and solutions. Automation increases the speed and efficiency with which network administrators can provision, monitor, and optimize an infrastructure while reducing the risk of human error. Gen 2 OOB console servers have automation capabilities and scripting support that help fill the gap for data center management. Plus, Gen 2 serial consoles automate tasks like infrastructure provisioning (via zero touch provisioning, or ZTP) and basic troubleshooting (such as refreshing DNS or power-cycling) to reduce the amount of tedious manual work.

However, the needs and pain points of modern enterprises continue to evolve. It’s not enough to use individual, disparate scripts and solutions to automate specific tasks or workloads, especially to achieve NetOps or NetDevOps transformation. Gen 2 OOB console servers offer some automation support, but typically limit you to a particular vendor ecosystem or API library. Since enterprise networks consist of many different vendor solutions and devices, this rigidity leaves you with gaps in your automation coverage.

That’s why a new generation of console servers is rising to meet this challenge. Next-gen OOB console servers, also known as Gen 3, promise to deliver end-to-end automation and NetDevOps data center orchestration.

What to look for in a next-gen OOB console server

For an OOB console server to be truly next-gen, it must be able to dig its automation hooks into every device and solution in your rack. That means it needs to be vendor-neutral and include support for legacy systems not originally designed for automation.

In addition, a next-gen OOB serial console switch should support integrations with the third-party automation and orchestration tools of your choosing. That means both the hardware and software need to be vendor-neutral.

A next-gen console server should also provide high-speed OOB access and failover. Many Gen 1 and Gen 2 solutions use dial-up or 3G cellular connections, which can be slow and unreliable. Plus, 3G will be phased out (in the United States) by the end of this year. This leads to frustration when engineers try to troubleshoot and restore remote data center infrastructure as quickly as possible, and also hampers automation and orchestration efforts.

Another issue to consider is scalability. A next-gen OOB console server needs to provide enough managed ports for you to grow your data center infrastructure without needing to upgrade your management device continuously. You can even get modular serial consoles that allow you to expand or swap out port configurations as needed.

Last but not least, your next-gen console server needs to include and support advanced security controls. Imagine installing a preconfigured device that has unknowingly been infected. This could be like installing a trojan horse into your infrastructure. A next-gen OOB console server should include enterprise-grade security features and integrate with zero trust security controls and policies.

Orchestrating critical data center infrastructure with a next-gen OOB console server

Next-gen or Gen 3 OOB console servers deliver end-to-end automation and orchestration capabilities, so you can efficiently control complex data center infrastructure. A next-gen solution includes vendor-neutral hardware and software, high-speed OOB access and failover, the ability to scale up or down as needed, and enterprise security features and functionality.

The Nodegrid next-gen OOB console server solution from ZPE Systems delivers true end-to-end automation for critical data center infrastructure. Nodegrid’s vendor-neutral hardware and software can control all your vendor solutions, so there are no barriers to automating anything and everything. For example, Nodegrid zero touch provisioning (ZTP) can extend to all connected devices, allowing you to deploy remote data center infrastructure with the push of a button.

The Nodegrid Serial Console S Series can even control legacy and mixed environments, so you can upgrade your data center infrastructure at your own pace without losing automation capabilities. The open architecture, Linux-based Nodegrid OS supports integrations with third-party automation solutions so you can create a customized orchestration platform that suits your enterprise’s unique use cases and staff skillsets.

Nodegrid delivers high-speed remote out-of-band access and failover via two dual-SIM high-speed 4G/5G/LTE slots, plus you can upgrade to 5G without having to do a forklift upgrade. With up to 96 managed ports in a streamlined 1U rack-mounted device, the Nodegrid Serial Console Plus can handle enterprise-scale deployments or scale with you as you grow. The Nodegrid next-gen OOB console server also keeps management and orchestration secure, with onboard security features like UEFI secure boot, properly integrated TPM 2.0 security, encrypted solid-state disks, and geofencing.

The Nodegrid Serial Console from ZPE Systems is a true next-gen OOB console server. It delivers end-to-end automation, high-speed OOB access and failover, scalable port configurations, and enterprise-grade zero trust security features.

Learn more about OOB console servers:

★  Comparing the Best Console Servers for Data Centers in 2022
★  Out-of-Band Network Management: Fundamental Principles & Use Cases
★  How to Choose Secure Out-of-Band Management

See the Nodegrid OOB console server at work.

Call 1-844-4ZPE-SYS to request a demo

Watch A Demo

Vertiv Avocent ACS EOL: Choose Your Replacement Option

by | Mar 28, 2022 | Serial Consoles

Old,Way,Or,New,Way,With,Business,Woman,Using,A

Vertiv discontinued their Avocent ACS6000 line of serial console servers at the end of 2018 and will stop supporting them on July 31, 2023 (or whenever your warranty expires). The Vertiv Avocent ACS EOL guide recommends the ACS8000 series as a direct replacement, but before you make the switch you should consider all your options.

In this blog, we’ll directly compare the ACS6000 to the ACS8000, as well as recommend an alternative replacement option for your EOL serial consoles.

Vertiv Avocent ACS EOL Model: ACS6000

The Vertiv Avocent ACS6000 series is an enterprise data center serial console server with support for remote out-of-band management and zero touch provisioning (ZTP). Vertiv offers on-premises management via their DSView™ management software, CLI (command line interface), and web app. The ACS6000 supports advanced authentication via Radius, TACACS+, LDAP/AD, NIS, and Kerberos, as well as one-time passwords (OTP). However, its automation capabilities are limited to ZTP and auto-sensing ports.

Vertiv Avocent ACS6000 tech specs

Serial console features:
  • SSH direct to consoles
  • Telnet, SSH, or a serial terminal connection
  • Multiple concurrent sessions
  • Automatic device name discovery
Pinout auto-detection: Cyclades and Cisco pinouts
Vendor neutral: No
CPU: PPC440Epx @ 533 MHz
DRAM: 256MB
Maximum ports: 48
Cellular failover: 3G/4G failover and OOB
Sensors: Internal temperature sensor
Operating system: Linux OS and DSViewTM management software
On-premises management: DSViewTM, CLI, web app
Cloud management: No
Automation:
  • Zero touch provisioning
  • Auto-sensing ports
Automation for end devices: No
Guest OS support: No
Authentication servers:
  • Local
  • Radius
  • TACACS+
  • LDAP/AD
  • NIS
  • Kerberos
Hardware security: Embedded FIPS 140-2 module
Two-Factor Authentication: Yes
Power management:
 Power management integrated with serial session as well as the Vertiv GXT UPS

 

Vertiv Avocent ACS EOL Replacement Option: ACS8000

Vertiv’s direct replacement for the EOL ACS6000 is the ACS8000 series. To make your migration easier, the ACS8000 supports your existing ACS6000 configuration files and CLI scripts. In addition, the ACS8000 delivers new features such as an upgraded CPU, more RAM, and an environmental sensor port with support for temperature, humidity, leak, pressure, and contact sensors. 

Where the ACS8000 really improves upon the old EOL series is with automation—it supports RESTful API Python and Perl scripts and automated management of PDU (power distribution unit) and UPS (universal power supply) products. However, the ACS8000 still only provides on-premises management, and it doesn’t support integrations with third-party automation and orchestration solutions.

Vertiv Avocent ACS6000 vs. ACS8000 tech specs

 

  Vertiv Avocent ACS6000 Vertiv Avocent ACS8000
Serial console features:
  • SSH direct to consoles
  • Telnet, SSH, or a serial terminal connection
  • Multiple concurrent sessions
  • Automatic device name discovery
    • SSH direct to consoles
  • Keystroke logging
    • Telnet, SSH, or a serial terminal connection
  • Alert on cable disconnects
  • Multiple concurrent sessions
  • Automatic device name discovery
Pinout auto-detection: Cyclades and Cisco pinouts Cyclades and Cisco pinouts
Vendor neutral: No No
CPU: PPC440Epx @ 533 MHz Dual-core ARM® Cortex™-A9 MPCore™ with CoreSight™
DRAM: 256MB 1GB
Maximum ports: 48 48
Cellular failover: 3G/4G failover and OOB 3G/4G failover and OOB
Sensors: Internal temperature sensor
    • Environmental sensor port
    • Internal temperature
  • Door
  • Dry contact
  • Humidity
Operating system: Linux OS and DSViewTM management software Linux OS and DSViewTM management software
On-premises management: DSViewTM, CLI, web app DSViewTM, CLI, web app
Cloud management: No No
Automation:
  • Zero touch provisioning
  • Auto-sensing ports
    • Zero touch provisioning
    • Auto-sensing ports
  • RESTful API
  • Python
  • Perl
Automation for end devices No
  • Avocent Power Management
  • Vertiv MPH2 Rack PDU
  • Cyclades PM
  • Intelligent PDU
  • Avocent SPC power control devices
  • Server Technology
  • SentryTM Server Technology
  • SentryTM Power Tower
  • Eaton
  • Raritan
  • APC
Guest OS support: No No
Authentication servers:
  • Local
  • Radius
  • TACACS+
  • LDAP/AD
  • NIS
  • Kerberos
  • Local
  • Radius
  • TACACS+
  • LDAP/AD
  • NIS
  • Kerberos
Hardware security: Embedded FIPS 140-2 module Embedded FIPS 140-2 module
Two-Factor Authentication: Yes Yes
Power management: Power management integrated with serial session as well as the Vertiv GXT UPS Power management integrated with serial session as well as the Vertiv GXT UPS

 

Vertiv Avocent ACS EOL Replacement Option: Nodegrid Serial Console Plus (NSCP)

The ACS8000 addresses some of the weaknesses of the EOL ACS6000 series. However, if your enterprise needs a NetDevOps data center solution with next-gen features like cloud management and vendor-neutral orchestration support, then Vertiv’s models fall short.

The Nodegrid Serial Console Plus (NSCP) from ZPE Solutions delivers these features and more in a high-density, 96-port 1U rackmount design. The NSCP also provides hardened device security with on-board features like secure boot, encrypted disk, TPM 2.0 and geofencing, as well as embedded firewall security and SAML 2.0 authentication. Plus, the NSCP runs on Nodegrid OS, an open Linux-based architecture with full support for NetDevOps automation and orchestration solutions like Docker, Chef, Puppet, and Ansible.

Head-to-head: ACS6000 vs. ACS8000 vs. NSCP tech specs

 

  Vertiv Avocent ACS6000 Vertiv Avocent ACS8000 Nodegrid Serial Console Plus (NSCP)
Serial console features:
  • SSH direct to consoles
  • Telnet, SSH, or a serial terminal connection
  • Multiple concurrent sessions
  • Automatic device name discovery
  • SSH direct to consoles
  • Keystroke logging
  • Telnet, SSH, or a serial terminal connection
  • Alert on cable disconnects
  • Multiple concurrent sessions
  • Automatic device name discovery
    • SSH direct to consoles
  • Keystroke logging to ZPE Cloud
    • Alert on cable disconnects
  • Text pattern match
  • Multiple concurrent sessions
  • Automatic device name discovery
Pinout auto-detection: Cyclades and Cisco pinouts Cyclades and Cisco pinouts Cisco pinout
Vendor neutral: No No Yes
CPU: PPC440Epx @ 533 MHz Dual-core ARM® Cortex™-A9 MPCore™ with CoreSight™ Intel x86, 64 bit
DRAM: 256MB 1GB 4GB
Maximum ports: 48 48 96
Cellular failover: 3G/4G failover and OOB 3G/4G failover and OOB 5G/4G/LTE and Wifi failover and OOB
Sensors: Internal temperature sensor
  • Environmental sensor port
  • Internal temperature
  • Door
  • Dry contact
  • Humidity

External USB attached sensors:

  • Particulate
  • Smoke detector
  • Airflow and temperature
  • Proximity/door
  • Temperature
  • Humidity

Plus, a 7-port USB hub
Operating system: Linux OS and DSViewTM management software Linux OS and DSViewTM management software Flexible, open, 64-bit Linux-based Nodegrid OS optimized for integration with third-party automation and orchestration tools
On-premises management: DSViewTM, CLI, web app DSViewTM, CLI, web app Nodegrid Manager
Cloud management: No No ZPE Cloud Manager
Automation:
  • Zero touch provisioning
  • Auto-sensing ports
  • Zero touch provisioning
  • Auto-sensing ports
  • RESTful API
  • Python
  • Perl
    • Zero touch provisioning
    • Auto-sensing ports
    • Python
  • ZPE Cloud
  • Chef
  • Docker
  • KVM Hypervisor
  • Puppet
  • RedHat Ansible
  • Ruby
  • ShellScript
Automation for end devices No
  • Avocent Power Management
  • Vertiv MPH2 Rack PDU
  • Cyclades PM
  • Intelligent PDU
  • Avocent SPC power control devices
  • Server Technology
  • SentryTM Server Technology
  • SentryTM Power Tower
  • Eaton
  • Raritan
  • APC
  • ZPE Cloud
  • Chef
  • Docker
  • KVM Hypervisor
  • Puppet
  • RedHat Ansible
  • Ruby
  • ShellScript
Guest OS support: No No Ability to run VMs and Docker
Authentication servers:
  • Local
  • Radius
  • TACACS+
  • LDAP/AD
  • NIS
  • Kerberos
  • Local
  • Radius
  • TACACS+
  • LDAP/AD
  • NIS
  • Kerberos
    • Local
    • Radius
    • TACACS+
    • LDAP/AD
    • NIS
    • Kerberos
  • SAML 2.0 (Okta, DUO, PINGID, ADFS)
Hardware security: Embedded FIPS 140-2 module Embedded FIPS 140-2 module
  • TPM 2.0
  • BIOS protection
  • UEFI Secure Boot
  • Geofencing
Two-Factor Authentication: Yes Yes Yes
Power management: Power management integrated with serial session as well as the Vertiv GXT UPS Power management integrated with serial session as well as the Vertiv GXT UPS
    • Power management integrated with serial session (escape sequence in the serial session or power buttons in web serial session
  • Power control of VMs
  • Access rights for users and user groups

 Though the Vertiv Avocent ACS8000 series provides a close match to the capabilities of the EOL ACS6000 series, it fails to deliver the advanced features you need to achieve NetDevOps transformation. Only the Nodegrid Serial Console Plus gives you intuitive cloud management, hardened device security, and full automation and orchestration support.

Ready to replace your Vertiv Avocent ACS EOL serial console server with the Nodegrid Serial Console Plus?

Contact ZPE Systems online or call 1-844-ZPE-SYS.

Contact Us