CONTACT US
1-844-4ZPE-SYS
ZPE CLOUD

Providing Out-of-Band Connectivity to Mission-Critical IT Resources

Home » Simplify Branch Infrastructure » Vendor Neutral Platform » Page 14

How to Implement Zero Trust: Technologies to Shield You From Million-Dollar Losses

by | Oct 19, 2021 | Data Logging, Improve Network Security, SD-WAN, Secure Access Service Edge (SASE), User Management, Vendor Neutral Platform, Zero Trust Security

Staff on laptop with zero trust security in place.

How to implement zero trust security is a growing focus of organizations across the globe. With cyber attacks frequently hitting some of the largest companies and threatening entire economies, it’s no wonder why comprehensive network security is a top priority among public- and private-sector entities.

In this post, we’ll show you what you need to implement zero trust security, from big-picture items to individual technologies.

But first, here’s a recap of zero trust security and why your business won’t be safe without it.

Why you need Zero Trust Security

Imagine bringing in a new hire to your department. Soon after, you notice suspicious computer slowdowns and applications that don’t respond as usual. You dive into your program files and discover an unknown .exe file, and you dive deeper to discover attackers actively exploiting your resources. You quickly pull your team together to lock down your network, sanitize every computer and connection, and send out a company-wide instruction to have every employee reset their password.

It turns out, your newest employee unknowingly clicked a bad link and opened the door for a trojan horse attack. But because of your quick response, no significant damage was done and you can rest easy again.

Months later, you come in for your normal workday only to find all your systems locked and unresponsive. Dave, a senior engineer, retired on the day of the attack and never reset his password. The hackers stole his credentials and have gone unnoticed for months. Now your company and its customers are compromised, and the consumer markets you serve are in a frenzy due to a shortage of goods. You can’t help but feel somewhat responsible for the entire ordeal.

This example mimics recent real-world cyberattacks and highlights the importance of moving away from traditional security approaches.

Traditional architecture uses the castle-and-moat security approach. Once a user gains access (crosses the moat), they become trusted to use your organization’s resources (the castle). Aside from the occasional password reset or other authentication protocol, this approach leaves plenty of opportunities for outsider and insider attacks. Zero trust security, however, places a moat around every node and user. This means that no matter how often a system or user needs to access a resource, they always have to verify their identity and intent.

In other words: never trust, always verify. In our example above, implementing simple two-factor authentication could have alerted Dave to his stolen credentials, which would have prevented the attack.

The need for zero trust is due to the explosion of distributed networking. Communications used to be straightforward and centralized: a trusted user using a trusted device would connect from a trusted office location to the data center. Apps and data were securely transmitted between parties, and sealing out attackers could be as simple as deploying a new point solution or product. But user expectations changed all this; now, they need to connect from anywhere using a variety of devices, which means the modern network includes SaaS, cloud, and third-party platforms. This hybrid infrastructure means there are now more nodes and lines of communication than ever — and each is vulnerable to attack.

If the recent attacks on SolarWinds, Microsoft Exchange, and Colonial Pipeline aren’t convincing enough, consider the latest hack involving Kaseya, an American company that specializes in IT and network management software. By exploiting the virtual systems/server administrator (VSA), attackers were able to compromise up to 1,500 of Kaseya’s customers, shutting down educational services, law firms, and an outpatient surgical center in South Carolina.

Pervasive attacks like these have prompted political action, with the President signing a cybersecurity executive order this past May. Read our breakdown of the legislation and how it aims to improve cybersecurity across public and private sectors.

Now that you know why you need better security, how do you implement zero trust?

How to implement Zero Trust: The big picture

Zero trust is merely a concept, however implementing Zero Trust Network Access (ZTNA) means putting this concept to work. Implementing ZTNA involves two parts:

  • The processes, which we covered in a previous post, and
  • The technologies, which we’ll talk about in this post

At a high level, this diagram shows the components you need when considering how to implement zero trust.

A high level diagram of the three main components of zero trust security, including the enterprise resource, policy enforcement point, and policy decision point.

There are three major components to look at in the big picture of zero trust security:

  1. Enterprise resource — This includes all the IT stuff you need to protect and that your business relies on, like hardware, software, and network equipment. In simple terms, this is like the gold that you keep carefully guarded in the center of your castle.
  2. Policy enforcement point — This is the datapath element that enables, monitors, and terminates connections between users / devices / applications and enterprise resources. Simply put, this is like the guard that accompanies those wishing to access your gold.
  3. Policy decision point — This is the layer that decides who / what is safe and grants / revokes access accordingly. In other words, this is the gatekeeper who determines who is allowed into your castle.

To better understand these, here’s a closer look at each:

Enterprise resource

This component is pretty straightforward, and consists of elements you need to operate and manage IT environments. These elements can include hardware like computers and data storage devices; software such as web servers, content management systems, and operating systems; and network equipment like servers, routers, firewalls, and out-of-band devices.

 

Policy enforcement point

This component consists of the datapath elements that enable, monitor, and terminate connections between subjects (users / devices / applications) and your enterprise resources. Though this is represented as one component, it is comprised of two parts that are both typically used in deployments. These parts are:

  • A client-side agent, usually deployed on a laptop or server.
  • A resource-side gateway, which controls access in cases where a client-side agent is not used. Examples where gateways are used include regulated healthcare equipment, ATM machines, and operational technology equipment.

 

Policy decision point

This component is the management and orchestration layer. This layer essentially checks identities to verify who is safe, and assigns policies to determine who gets access and to what. This is also represented as one component but is comprised of two parts:

  • Policy engine — This is the engine that decides whether a machine or web traffic is safe. To accomplish this, the engine uses a variety of data sources when making its determination, such as PKIs and identity management providers, CDM systems, and activity logs.
  • Policy administrator — This administrator uses the policy engine’s determination to grant or revoke access to a machine or web traffic.

There are many tools available to help you monitor and visualize traffic, so you can create policies and configure your policy decision point to meet your zero trust outcomes.

In order to create your zero trust configuration, you need to deploy several essential technologies.

How to implement Zero Trust: Essential technologies

Zero trust is a complete re-imagining of network security and can be a daunting task. But when you add its fundamental technologies to your toolkit, you can effectively build the three components described above and achieve Zero Trust Network Access (ZTNA). Here are the essential technologies you need to accomplish this.

 

Identity and access management

Such a big part of zero trust security relies on verifying that a device or user really is who they say they are. For this, you need an identity management solution from a trusted provider and public key infrastructure (PKI). This allows you to essentially create and issue a digital fingerprint for every user, and includes information such as their username, role, and other unique data. Multi-factor authentication is a critical component of identity verification, which requires users to present two or more pieces of identification/verification before granting access.

Additionally, access management is an important piece that determines a user’s authorization level, or in other words, which resources they can access. Identity and access management both feed information into your zero trust model’s policy engine.

 

Policy management

Another essential technology to have is a policy management solution. This is integrated into your security stack and serves as a single policy creation point. This allows you to define access and authentication policies for your entire organization.

You can specify data access rules for users, devices, and roles, which is vital to achieving micro-segmentation, limiting lateral movement, and enforcing least-privilege access. All of these feed into your policy engine and are used by your policy enforcement point to validate whether a session is allowed to continue.

 

Zero trust equipment and applications

Tying everything together requires equipment and applications that are able to enforce your policies. These are physical or virtual solutions that sit in front of servers and serve as your enforcement points. For example, this could be your next-gen firewall (NGFW) that initiates the multi-factor authentication protocol, verifies a user’s identity, and uses your defined policies to restrict the user’s access to a specific segment of your network.

Where can you get these essential Zero Trust technologies?

When considering how to implement zero trust, keep in mind that there are many vendors who can provide you with the essential technologies.

  • Obtaining an identity and access management solution is the easiest task when implementing zero trust. Many organizations offer an identity store, such as Azure Active Directory or Google Cloud Identity. You can also use companies dedicated to identity management, such as Duo, Okta, or Ping Identity. Keep in mind that if you need to control third-party access, such as for customers or equipment management contractors, you’ll need a solution that can access multiple identity stores simultaneously.
  • Obtaining a policy management solution requires careful consideration and should be part of your overall security stack. Look for a solution that allows you to create policies and set up datapath enforcement points. An adequate framework enables you to create authentication and post-authentication access rules, with an enforcement point that segments your network and continuously authenticates sessions. This security stack can be an on-prem NGFW, or delivered via the cloud using a Secure Access Service Edge (SASE) model, both of which are available from trusted providers like Palo Alto Networks.
  • Regardless of whether you use an on-prem or SASE model, you need an edge infrastructure platform to sit in front of servers and host the enforcement point. For on-prem, this platform must be able to host an NGFW to secure network segments and VLANs. For SASE, this platform must be able to create VPN tunnels to your SASE platform, which can be used for inline inspection and policy enforcement. Either approach requires powerful computing capabilities and a flexible operating system to accommodate workloads for detecting, analyzing, and automatically responding to threats, which few vendors offer.

Here are examples of what proper zero trust implementations look like, with ZPE Systems’ Nodegrid as the edge infrastructure platform:

Implementation diagram showing how to implement ZTNA at the data center using Nodegrid.

In this diagram, you can see where ZTNA and Nodegrid fit into the scheme at the data center. The user connects via Internet, and the Nodegrid SR device serves as the Policy Enforcement Point hosting a VM. This VM communicates with the Policy Engine to authenticate the user, and then grants access to the data center application.

Implementation diagram showing how to implement ZTNA at a branch, edge, or other distributed location.

In this diagram, the user tries to connect to an application at a branch, edge, or other distributed location. The user connects via Internet, where SASE and ZTNA provide secure connectivity. The Nodegrid SR device connects via VPN to the Policy Engine for authentication, and then grants access to the branch application.

How to implement Zero Trust: A recap

To protect your organization, implementing zero trust requires you to build out the main components. With the policy decision point and policy enforcement point in place, you can secure your enterprise resources from outsider and insider attacks. Ensuring these components work like a well-oiled machine means you need the proper identity and access management tools, a complete policy management solution built into your security stack, and equipment and applications that can enforce your zero trust security policies.

Because user expectations have caused infrastructure to become incredibly distributed and complex, the attack surface has increased dramatically. The traditional castle-and-moat approach to security is no longer adequate, and recent newsworthy cyberattacks showcase the network vulnerabilities that even the largest companies still struggle to address. The President’s latest cybersecurity executive order is a step in the right direction to bolster infrastructure protection for public and private sector entities, and you can use this blog as a starting point to begin your zero trust journey.

Don’t get caught without these 5 security must-haves

Watch our webinar, Cyberattacks: 5 Security Must-Haves for Hybrid Infrastructure Gateways, and learn how to lay a solid foundation that makes implementing zero trust easier. Our experts will talk you through how to:

  • Keep edge networks and users fully protected
  • Make smart buying decisions
  • Get complete security and control for years of serviceability

Watch now to protect your business from growing cybercrime.

SASE vs Security Service Edge: What’s the difference?

by | Sep 28, 2021 | Improve Network Security, SD-WAN, Secure Access Service Edge (SASE), Vendor Neutral Platform

Employee tapping into cloud services such as security service edge

Security Service Edge. Is it just another fancy networking term? After all, we’ve already got SASE (Secure Access Service Edge), so why throw another buzzword into the mix?

The truth is, there’s a big difference between Security Service Edge (SSE) and SASE. SSE is a foundational element of SASE, but there’s another necessary component you need to be aware of. In this article, we’ll break down the differences between these two acronyms so you can understand how to achieve better security for your distributed users and devices.

But first, let’s quickly recap why networking and security have become decentralized.

Security Service Edge: An evolving need

The modern workforce is increasingly distributed. In fact, Gartner research shows that demand for remote work will increase 30% by 2030, as Gen Z fully enters the workforce. Another factor is the ongoing coronavirus pandemic, which has forced companies worldwide to accommodate off-site staff.

But the need for distributed networking goes back much earlier than the previous 18 months.

Connectivity and network architectures used to be simple. In the 1990s and 2000s, companies centralized data in the data center, connected branch offices to the data center, and set up simple security measures in between. Most staff worked from the office, which made it easy to provide secure access to and from these enterprise locations and resources.

Network architecture showing simplicity of data center connected via MPLS to branch office

As technologies advanced, companies and their employees discovered that it was becoming easier to work outside of the office. Cloud, SaaS, and edge offerings emerged to create a hybrid infrastructure, as everything moved from being centralized to highly distributed. Now data, security, networking, and computing are everywhere and comprise a complex web of services — owned by enterprises themselves as well as third parties. Securing it all has been an impossible feat for more than a decade.

Network architecture showing complexity of data center, CDN, remote user, branch office, all connected via many paths

Fortunately, Security Service Edge and SASE are models that can address this challenge.

SASE vs Security Service Edge (SSE)

Security Service Edge is a main component of SASE. In the simplest terms, SASE is the architecture that organizations strive to build. It involves delivering networking and security via the cloud, directly to the end user, device, office, etc. instead of having to backhaul through the company’s data center. Aside from SSE, the other main component of SASE is the access portion, which allows the edge services to be deployed and managed. This access portion includes the physical hardware required to connect ‘network’ the edges and services.

Therefore, SASE breaks down into two main components:

  • Security Service Edge, and
  • Access

Keep reading for a detailed explanation of each and why they have been separated out into two pieces now.

Security Service Edge

Security Service Edge (SSE) is the security component of SASE. As Gartner states, SSE ensures secure access to the web, cloud services, and applications. SSE is delivered via the cloud and offers several capabilities, including threat protection, security monitoring, and data security.

Security Service Edge capabilities are available from companies who provide NGFWs (next generation firewalls), SWGs (secure web gateways), and CASBs (cloud access security brokers).

  • NGFWs: Next generation firewalls are implemented to not only secure networking components and services, but also to protect against modern threats that exploit weaknesses in applications.  This type of service secures all the traffic even traffic that’s UDP and also non web based applications including malware exploits.
  • SWGs: Secure web gateways are self explanatory. They are placed between the user and the web, serving as a gateway that provides secure access to the web. Basic functions of SWGs include blocking access to certain websites, preventing unauthorized transfers of data, and inspecting for malicious content.  As its name implies this type of service is limited to web traffic and is used in specific use cases.
  • CASBs: Cloud access security brokers are software that sit between cloud users and cloud applications, to monitor activity and enforce security policies. This software keeps a close eye on data as it moves between cloud environments, SaaS, and users, and enforces security policies to block malware, protect sensitive data, and maintain compliance.  This type of service also has a specific use case of only examining specific cloud applications as its name suggests.

Access for Security Service Edge

In order to use the capabilities of Security Service Edge, you need the physical hardware to deploy services at your locations. This hardware is the access component, and includes SD-WAN capabilities. When deployed, it connects your location to a variety of services (NGFWs, SWGs, CASBs mentioned above) in order to make those services available to your location.

SASE = Security Service Edge + Access

A simple way to think about the SASE concept and its components is to imagine a skyscraper.

Imagine SSE capabilities live in the clouds, and you’d like to bring them down to your enterprise. You’ve got the blueprints to build a skyscraper (SASE) that can connect you to these cloud-based capabilities. But before you can do any of that, you need a sturdy foundation (the access portion) on which to build it all. In other words, your investment in cloud services needs a solid access onramp to those services.

With the right access component, your employees can shuffle in and out of your skyscraper, and easily perform their job functions using SSE capabilities in the cloud. And if you deploy a more robust access solution such as ZPE Systems’ Nodegrid, you’ll be able to maintain your SASE architecture no matter how the clouds change.

How to implement SASE: Focus on Access

When you’re considering implementing SASE architecture, you might be inclined to go to a SASE company to buy everything. But Gartner states that companies that offer the two segments have more mature offerings. 

Therefore, you should focus on purchasing the right solution for the access portion, since it serves as the foundation of your infrastructure at the edge, and then marry this to the right SSE solution for your company. This separation of vendors gives you flexibility to manage several IT systems, and eliminates vendor tie in.

Nodegrid puts the Access in SASE

The Nodegrid SR family of edge routers serves as the access portion in your SASE architecture. A single Nodegrid SR device is a powerful, cost-effective solution to connecting sites to Security Service Edge providers.

The onboard Intel CPU and Linux-based Nodegrid OS offer speed and flexibility. Orchestrate freely across vendors to activate service licenses, spin up VMs, and get your SSE solutions up and running automatically. Additional RAM and storage also help you deploy edge computing for data thinning, de-duplication, monitoring, and other edge workloads.

On top of this, Nodegrid gives you out-of-band management capabilities so you can remotely manage your SASE architecture from anywhere. If you need to optimize bandwidth, investigate data logs for security, or simply power cycle an edge device, you don’t have to get out of your pajamas. Nodegrid gives you secure access to everything via your web browser.

To summarize, the reason SSE has been separated from SASE is that many SD-WAN vendors began to confuse the market by advertising that they offered SASE. This prompted Gartner to point out that there are security-savvy companies that give you more mature security solutions, and to consider such solutions from vendors like zScaler, Netskope, and Acreto, for example. Regarding the Access component, vendors like ZPE Systems provide more capable and robust solutions for connectivity to cloud services, when compared to SD-WAN companies that claim to offer SASE.

Don’t miss out on valuable SSE content. Make sure to sign up for our newsletter using the form below.

If you have questions or would like to speak with an expert, feel free to contact us.

 

 

 

 

7 Reasons Why We Put Intel CPUs in the Nodegrid Serial Console

by | Dec 16, 2020 | DevOps, Improve Network Security, Vendor Neutral Platform, Virtualization, Zero Trust Security

Intel® CPUs power many of the computers we use today. These include everything from personal desktops and laptops, to high performance computing clusters that aggregate power to solve major global issues. So when choosing a suitable processor to build into our Nodegrid Serial Console, Intel was the obvious choice. In this post, we’ll go over 7 reasons why we put Intel CPUs in the NSC.

But before we get into the details, let’s review some basics.

Besides Intel CPUs, What Else is Available?

There are mainly two types of CPUs, or processors, available today: x86 (such as Intel’s offerings) and ARM. Though they serve a variety of purposes and can have some overlapping applications, x86 processors are typically deployed when speed & power are main concerns. Meanwhile, ARM processors are used in implementations geared toward minimizing power consumption and maximizing battery life.

The way these types of processors work is based on their underlying instruction set. x86 CPUs take advantage of the Complex Instruction Set Computer (CISC), which is able to process complex instructions that are crammed into a single line. ARM-based CPUs, on the other hand, use the Reduced Instruction Set Computer (RISC), which processes simple instructions over a span of multiple lines.

As for the advantages, x86 processors are able to perform more tasks rapidly, while ARM processors are able to consume less power and maximize energy efficiency. The main drawbacks include more power consumption for the x86 CPU, and slower speeds for the ARM CPU.

This is why purpose-built appliances, such as modems & routers, typically employ an ARM-based processor, while highly demanding devices such as desktops & servers use an x86 CPU.

In a nutshell, this is why we chose the multi-core Intel CPU for the Nodegrid Serial Console. But here’s a more detailed breakdown of the reasons for our choice.

Performance is Key

The Nodegrid Serial Console is designed to maximize speed and capabilities. Using x86 Intel CPUs, we created the world’s fastest 1U serial console that doesn’t compromise on performance. This processor allows for more simultaneous operations, more users, and more input/output than ARM-based CPUs. In terms of real-world benefits, this blazing fast processor means quicker CPU cycles that help customers complete more tasks, reduce MTTR, and increase their ROI.

Commonality Helps Users and Developers

Many existing servers use x86-based CPUs. Naturally, we wanted Nodegrid to integrate seamlessly for both users and developers. The Intel-based processor promises a common platform that these users are already accustomed to. They don’t have to worry about application incompatibilities or slowdowns, nor do they have to spend time learning new systems. The x86 CPU provides a management and maintenance experience that users are familiar with, so they can maintain OS & application availability.

Customization Through a Common Dev Environment

Our Intel-based devices are a perfect platform to deploy custom solutions. The x86 CPU allows developers to benefit from a variety of readily-downloadable SDKs and environments. The Nodegrid Serial Console’s SDK comes with Yocto, which means customers always have the latest updates, packages, and DIY customization capabilities. No more waiting for third-party fixes or workarounds, because customers can create solutions that meet their unique requirements.

Docker

Because the x86 platform is capable of robust performance, Nodegrid allows users to leverage Docker containers and deploy virtualized solutions. With regards to Docker, the Nodegrid Serial Console is optimizable right out of the box so customers can get the most functionality out of a single device.

Availability of Security

When it comes to open networking, the Intel CPU is the industry standard, which means customers get security patches as soon as they’re available. They don’t have to be left vulnerable waiting for third-party kernel patches from other chip makers. With an x86-based device, customers remain safe with up-to-date security, and in some cases can even apply patches before official updates are available.

Peripheral Support Via Multiple Interfaces

Part of designing a more powerful serial console was having the ability to support a variety of peripherals. The Nodegrid Serial Console features USB 3.0 and USB 2.0 ports, allowing customers to connect an array of add-on devices. They’re no longer limited by a single-purpose appliance that comes with minimal additional ports. With the NSC, customers can extend the box’s functionality by adding cellular, Wi-Fi, storage, and other peripherals.

Greater Storage

With power and speed at the core of the Nodegrid Serial Console, we needed to incorporate enough drive space. We built the NSC with 32GB of storage, along with 4GB of RAM. Not only can it store plenty of data, but it also has a healthy amount of memory to accommodate running more apps and functions. And if 32GB isn’t enough, customers can connect external drives via USB for even more local storage capacity.

This list is made up of 7 compelling reasons why we chose x86 Intel CPUs for our devices. However, there’s an 8th reason that we love to share…

Cost Savings That We Pass to Customers

By choosing the readily-available x86 CPU, we pass powerful processing along with cost savings to customers every day. Because we think having the world’s best serial console shouldn’t be prohibitively expensive.

ZPE Systems is an Intel Network Builders Winners’ Circle Partner

Intel

Driving digital innovations and network transformation are visions we closely share with Intel. That’s why ZPE Systems has been recognized as a Winners’ Circle Member and Solution Plus Partner. Together, we offer go-to-market solutions that cultivate customer success and enrich our partner ecosystem with innovative networking technologies.

We partner with Intel to transform networking. See how we do the same with our other partners by visiting our Strategic Alliances page.

Easily Migrate from One Console Server Maker and VM Vendor to Many Vendors

by | Sep 1, 2020 | Case Studies, Vendor Neutral Platform

Easily Migrate from One Console Server Maker and VM Vendor to Many Vendors

Background/Problem

A few years back, this company standardized on a particular vendor’s console servers. On top of this, they developed their own management tools based on scriptable CLI to the devices. However, they no longer want to be locked in to one specific console vendor’s server hardware. Also, they need to provide seamless access to the virtual serial port (vSPC) of thousands of VMware VMs and KVM VMs from the same solution, so they can run their scripts on the VMs without having to re-write them.

The Solution – Nodegrid Manager

Deploy NodeGrid Manager to bridge legacy and next-generation hardware, as well as abstract heterogeneous constellations of multi-vendor consoles. One of NodeGrid’s key strengths is that it doesn’t care which console server vendor is in use. Whether you’re using one or all of these brands (Cyclades/Avocent/Emerson, Raritan/Legrand, DIGI, OpenGear, Lantronix, Uplogix, Perle, Tripp Lite, WTI, etc), NodeGrid easily and seamlessly provides an agnostic approach to Access and Control across the enterprise. Hardware- and Hypervisor-agnostic NodeGrid manages multiple console server makers’ hardware. But that’s not all that NodeGrid does for you.

NodeGrid also provides remote out-of-band infrastructure (OOBI) management of multi-vendor servers, network switches and routers, storage gear, PDUs, UPSs, and virtual KVM or VMware VMs — all from one control surface.

Additionally, with the same interface and set of commands, NodeGrid provides secure remote control and migration tracking of VMware VMs and Linux KVM VMs. You choose how to access your IT assets:

  • Web browser via HTTPS/HTTP for accessing physical and virtual devices using a direct MKS graphical interface or native Service Processor portal.
  • Command line (CLI) to NodeGrid and the Console of your physical and virtual devices via SSH1/SSH2/Telnet
  • DeviceURL™ direct bookmarks for MKS, CLI, web GUI, or FireTrail™ secure tunnel-through-firewall IT asset access methods
  • NodeIQ™ natural language search for all IT assets regardless of vendor, model or location
  • NodeGrid manages up to 1,000 managed devices (physical and virtual) per instance. NodeGrid ensures efficient and fast delivery of services to these devices by way of live connections. These live connections also provide an active conduit of data collection to notify sysadmins immediately of customizable alarm conditions on a 24 x 7 basis.

Multiple NodeGrid instances easily manage many thousands of IT devices regardless of where they physically or virtually reside.NodeGrid provides scalable software-defined access and control of your IT Infrastructure in true cloud cluster configuration.

Key FireTrail Tunnel Features

Secured tunnel via SSH TCP port forwarding
Keeps your Firewall whole. There’s no need to punch holes in your Firewall to give per-user access to various devices and ports.
Controlled user visibility of Authorized Devices behind Firewalls based on AD/LDAP enterprise authorization.
Dynamic user/device association. Users receive controlled access per managed device and per TCP port.

elast1

Next Step: Schedule a Demo and See What NodeGrid Can Do For You

We are perfectly positioned to meet anything manufacturers can throw at us. We pioneered IT infrastructure access and control back in the day and we’re pioneering IT infrastructure access and control for today and the future. Check us out. You’ll be glad you did.

Schedule a Nodegrid Demo Today

Nodegrid Manager® – Multi-Vendor Viewer

by | Sep 1, 2020 | Case Studies, Vendor Neutral Platform

Background/Problem

A Global customer had to deal with various vendor solutions implemented throughout their infrastructure – The customer wanted a single point of management to provide access and control over their devices.

With an environment built up of various manufacturers offerings, vendor lock-in is inevitable. What works to manage one device doesn’t manage same device types of different vendors – i.e PDU’s from Company A and Company B.

Another common pain point in the data center is the use of older Java based KVM management solutions that cause version match issues based on browser, applet, etc…

The Solution – Nodegrid Manager

ZPE Systems’ Nodegrid Manager® allows management of various devices, regardless of manufacturer all under a single software platform – That’s why Nodegrid Manager is Software Defined Infrastructure.

Gone are the days of having to use vendor specific viewers/apps to manage singular devices. Every manufacture has a best-fit solution for your infrastructure – Why can’t it all work together? With Nodegrid Manager, you no longer have to ask that question – Nodegrid Manager was made to be THE management solution for In-Band and Out-of-Band physical and virtual Infrastructure.

Nodegrid
Nodegrid Manager® Infrastructure Management software provides secure, vendor-neutral, out-of-band access and control of physical and virtual IT infrastructures. Make use of our comprehensive solution to control and manage all data center devices from one unified interface.

Existing Environment

  • Java security settings were causing issues, not allowing the customer to run the KVM applet
  • Browser refuses to connect with unsecure certificate
  • Management solution bound to single vendor appliances
  • Authentication limited by single method, server or domain
  • Monolithic solution doesn’t allow segmentation by organization and location
  • Scalability compromised by all nodes storing all data

Nodegrid Manager

  • Nodegrid Manager uses HTML5 connections to communicate with target devices, eliminating the need for Java
  • Browser-in-a-container handles untrusted connections
  • Seamless integration with multi-vendors KVM, PDU, Console Servers
  • Multiple authentication methods with fallback capability
  • Distributed nodes interconnected through SSL
  • Each node stores only its own data
  • Data is indexed and shared among other nodes
NGMDiagram2

How Nodegrid Manager Works

  • Multiple Authentication methods with fallback options
  • Ability to discover and access KVM target devices from multiple vendors
  • KVM sessions via HTML5 (no Java required)
  • Support to Servertech, APC, Emerson, Legrand and others smart PDUs
  • Power merged to managed devices
  • Support to IPMI (Power and vKVM access)
  • DeviceURL direct access
  • Discovery of existing VMs and IPMIs out of the box
  • Device access, control, monitoring and logging via CLI and WEB
  • Device search and 360° device view
  • Data logging, event notification and alarms

Next Step: Schedule a Demo and See What Nodegrid Can Do For You

We are perfectly positioned to meet anything manufacturers can throw at us. We pioneered IT infrastructure access and control back in the day and we’re pioneering IT infrastructure access and control for today and the future. Check us out. You’ll be glad you did.

Schedule a Nodegrid Demo Today

How One Unified Platform Gives You More Control Over Branch Networking,

by | May 5, 2020 | Monitoring & Reporting, SD-Branch, Vendor Neutral Platform, Videos

Branch networking comes with its own set of challenges that can get in the way of normal operations. As a network engineer, you’re tasked with preventing business disruptions while simultaneously scaling, troubleshooting, and managing network connections. This can be a daunting challenge that may lead to slow deployments, inevitable downtime, and unoptimized connectivity.

The good news is, Nodegrid was built from the ground up to address these major concerns with branch networking. Read on to see how our branch-in-a-box solution helps you scale, troubleshoot, and manage with one innovative system.

 

Make Branch Networking Easy to Secure and Scale

Consider the common challenges of scaling and adding branch locations to your enterprise network. You’re typically left to ship preconfigured devices to each site, which not only adds more time and cost, but more risk as well. What if these preconfigured devices get lost or end up in the wrong hands? Because they contain user accounts, passwords, and other sensitive information, having these devices get lost or stolen puts your network at greater risk of attack.

Once your devices successfully reach their destination, the real work begins. You need to manually set up all appliances at the location, which involves logging into each individually and making appropriate configurations. This takes even more of your time and money, and leaves you open to potential setbacks that can occur due to human error. What if your compliance documentation contains a mistake, or your IT personnel unknowingly repeat an error while deploying 10, 20, or even 50 new sites?

Nodegrid was made to address these concerns of security and scalability. Nodegrid appliances consolidate network functions, sport Linux OS for third-party application hosting, and feature ZPE Cloud connectivity.

When adding a new branch location, you don’t need to ship anything preconfigured. Ship bare-metal Nodegrid devices, which eliminates the threat of having your data lost or stolen, and simply plug them in. Zero touch provisioning means all configuration data can be automatically downloaded from ZPE Cloud, only when your devices are safely at their destination. This capability is even extended to devices that you connect to Nodegrid appliances.

Suddenly, backdoor security threats are no longer an issue, and neither is costly human error, since all your branch locations can be deployed consistently via the cloud.

Pinpoint Problems for Better Troubleshooting

Face it — troubleshooting issues could be a much more intuitive undertaking. But it’s difficult, mostly because of the sheer number of devices you deploy at each location. When something goes wrong, you probably refer to your spreadsheet that shows specific device information for each branch. From there, you might run through troubleshooting protocols to narrow the list of potentially problematic devices and what the issue might be, and then you can finally work toward a solution.

Nodegrid does away with all the hassle, because it uses consolidated devices and Nodegrid Manager software that pinpoints problems for you.

Nodegrid devices are powerful, featuring x86 64-bit architecture that accommodates third-party application hosting for cyber security, SD-WAN, firewalls, and more. For switching, routing, and computing, you need only a single Nodegrid device. This reduces potential points of failure so you can solve issues easier. On top of this, Nodegrid Manager is software that gives you a complete view of all your network-connected devices. It features alerts and notifications that let you know of problems before they occur. Together, Nodegrid’s hardware and software make it simple to pinpoint issues and prevent downtime.

Manage Using one Intuitive Platform

With many devices at each branch location, it’s likely that your hardware stack includes multiple vendors. This is part of achieving a right-fit solution for your enterprise, which can serve you well when looking at the bigger business picture.

But when you get down to the details of managing branch networking, this mishmash of vendors can be a nightmare. Each device has its own OS and interface, which can exhaust your staff. You need to spend time and money training them to become proficient with each. Still, even your best experts can become quickly fatigued when they’re forced to transition from device to device, interface to interface, protocol to protocol, and so on.

One of the best parts about Nodegrid is that it answers the question, “What if it could all be done using one tool?” That tool is Nodegrid Manager.

Nodegrid Manager shows you every device connected to your Nodegrid appliances, and features Guest OS that gives you total out-of-band control regardless of vendor. With one intuitive interface, you can control your entire infrastructure, get deeper visibility and insight into your network, and even extend features to bridge gaps between devices. It can all be done remotely as well, so you can manage and optimize your branch networking no matter where you are.

If you want a first hand look at all these benefits and more, schedule your Nodegrid demo today!