Secure Out-of-Band Management Using a Console Access Server

When an uncooperative network device in a remote equipment rack crashes and disrupts network communications, network administrators need a meals to deal with the problem immediately, without waiting for a service team to arrive on site and before users start to complain. In cases like this, a console access server can provide quick, reliable, out-of-band access to configuration and command functions on the remote device without the expenses and delays associated with a physical service call.

An intelligently deployed console access server provides administrators with a secure avenue for out-of-band communication with remote network devices. This capability can prove vital in dealing with emergencies at branch offices, off-site equipment racks and other distant network installations. In a typical application, the console access server is installed at the remote site and connected to the serial console ports on each network element at the site. In the event that one of the network elements at the site malfunctions, remote administrators can then connect to the console access server via secondary network, dial-up or cellular broadband and gain immediate access to command and configuration functions on the remote device without the need for a physical visit to the site to deal with the problem in person.

In addition to providing reliable, secure access to console port command functions on remote devices, an advanced console access server can also help network administrators to keep better track of conditions and events at off-site network equipment installations. When a console access server includes monitoring and alarm functions, network administrators can be immediately notified when high temperatures, unresponsive devices, power supply interruptions and other critical conditions are detected at the remote site.

In order to be truly effective a console access server should also include adequate security and authentication features to protect sensitive out-of-band communication functions from unauthorized access. Obviously, basic security features such as password protection are a must, but an intelligent console access server solution should also support a user directory to provide out-of-band access to a wide variety of different types of users and enable administrators to set access privileges for each individual user. In addition, a console access server should also support authentication protocols such as Kerberos, LDAP, TACACS+ and RADIUS to verify the identity of each potential user.

Tags: , , ,

Comments are closed.