Out of Band Management via Console Server

Out of band management is a vital capability for any network application that includes communication with remote network equipment, such as is often found at off-site data centers and in distant network equipment racks. When normal network communication with remote network devices is interrupted or not available, an out of band management solution provides an alternative avenue by which network administrators can communicate with remote network equipment in order to restore normal network communication.

Most out of band management solutions generally involve using a dial-up connection to communicate with a console server which is installed at the remote network equipment site. Typically, the console server is cable connected to console ports and setup ports on the various network devices at the remote equipment site. When normal network communication is not available, administrators and tech support personnel can dial-in to the console server, and then access console port command functions on various devices at the remote site in order to change configuration parameters, restart devices or check conditions at the remote site.

In dial-up out of band management applications, it’s important to provide security and some sort of authentication method to protect critical console port command functions from unauthorized users. Since dial-up doesn’t generally support many authentication or encryption protocols, some console server products offer alternative means to ensure that only authorized users are allowed to communicate via the console server. For example, one common solution for dial-in security is a “callback security” or “dialback security” feature. When callback security is properly configured and enabled, users who attempt to access the console server via dial-up are not immediately granted access to command mode. Instead, upon receiving the initial call, the console server will prompt the caller to enter a username and password. If a valid username and password are entered, the console server will then disconnect and call the user back at a phone number that has been predefined for the user account. For an added measure of security, some callback security solutions will then prompt the party who answers at the callback number to re-enter their username and password.

In addition to out of band management applications that rely on a dial-up connection, in some cases the out of band management solution includes a secondary maintenance network which runs in parallel to the primary user network and is reserved for use only by network administrators and support personnel. Although a secondary maintenance network like this is generally fairly secure by nature, it’s still a good idea to make certain that the console server includes adequate support for authentication protocols such as LDAP, Kerberos, RADIUS and TACACS+ as well as standard security measures such as a username/password prompt and a user directory.

When normal network communication with a distant network equipment cabinet or remote data center is not available, the last thing you want to do is waste budgetary resources on an expensive service call to the remote network equipment site. Not only are these types of service calls prohibitively expensive, but you’re still left without the services that are normally provided by the devices at the remote site while you wait for your service team to arrive at the off-site data center or remote equipment rack. An intelligently designed and implemented out of band management solution that includes a console server for communication with remote devices can save tech support resources for cases where they’re really needed, help network administrators to minimize system downtime and provide a secure, reliable means to communicate with remote network devices when a normal network connection is not available.

Link to Original Content

Tags: , , , , , ,

Comments are closed.