Out of Band Management – A Secure, Reliable Way to Deal with Problems at Remote Network Equipment Sites

When a network element at a remote installations site malfunctions, the last thing you want to do is send your IT support team off on an expensive, time consuming trip to visit the site in person. Not only are truck rolls and service calls often a waste of time and money, but if your remote network equipment site includes an out of band management solution with adequate security and authentication measures, then a service call is often completely unnecessary.

An out of band management solution allows secure, reliable communication with remote network elements when access via your main network is not available. Ideally, an out of band management solution includes a console server unit at the remote network site, and a secondary maintenance network that is only used for network maintenance, troubleshooting, testing and upgrades. Although the secondary maintenance network provides the ideal solution for out of band management, out of band connections to remote network elements can also be established via a satellite modem or dial-up connection to the console server unit. Modem based out of band management solutions are especially prevalent in applications where the presence of a secondary network would be prohibitively expensive.

Given the access to console port command functions provided by out of band access, it’s especially important that out of band management solutions include adequate security and authentication measures to prevent unauthorized access to critical command functions on vital network elements. In order to protect sensitive command functions, the console server unit at the heart of the out of band management solution should support basic security measures such as password validation, plus authentication protocols such as LDAP, TACACS+, Kerberos and RADIUS. The reason for this two tiered approach to security in out of band management applications is fairly straightforward; basic security measures provide a first line of defense to prevent unauthorized access to command functions, while authentication measures ensure that each potential user is indeed who they claim to be.

In more sensitive out of band management applications, it’s often a good idea to include additional security measures such as an IT address filter and an invalid access alarm. These two features prove very useful in effectively preventing unauthorized access to out of band management functions. An IP address filter completely blocks unknown IP addresses from connecting to the console server, while an invalid access alarm provides prompt notification to network administrators when excessive failed password attempts are detected, allowing administrators to take additional preventative measures when an unauthorized user might be trying random passwords in an attempt to gain access.

When one considers the wasted time and cost of sending IT support personnel out on service calls to deal with minor problems at remote network sites, it quickly becomes clear that an out of band management solution provides a much more efficient means for troubleshooting remote network elements and getting network communication back on line as quickly as possible. Not only does out of band management eliminate the costs associated with truck rolls and service calls, but it also eliminates the waiting period, while your support team is in the process of traveling to the remote network equipment site. An intelligently planned out of band management solution, that includes adequate security and authentication measures, essentially allows network administrators to reach out across the miles to quickly fix network snafus without even breaking a sweat or leaving the office.

Link to Original Content

Tags: , , , , , , , , ,

Comments are closed.