Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
13580
Views
10
Helpful
0
Comments

Out of Band Solution for Branch Offices

Ganesh Hariharan
VIP Alumni
VIP Alumni

on ‎03-01-2017 02:33 AM - edited on ‎06-29-2020 03:37 PM by Cisco Employee

Overview
 

Out-of-Band Management (OOB) involves the use of a dedicated channel for
managing network devices. This allows the network operator to establish trust boundaries in accessing the management function to apply it to network resources. It also can be used to ensure management connectivity (including the ability to determine the status of any network component) independent of the status of other in-band network components.

Implementation of an out-of-band management solution allows a network administrator to have full control over all the elements in wide area networks when in-band and IP based management strategies fail (via out of band connectivity). A comprehensive strategy for out-of- band management is a powerful tool in the arsenal of any administrator who desires a robust remote management strategy.

 

Challenges

Maintaining network availability, while managing cost, is a challenging exercise in any data center environment. When the data center is implemented across buildings and locations, the task takes on a new level of difficulty. There are many tools for managing IT infrastructures remotely but some availability issues require physical access to systems to determine the nature of the outage. When the site is remote, system access has the added cost of travel or the expense of a remote resource. This brief explores management strategies that enable remote diagnosis and repair of IT system issues even when the primary network is down. Enhanced remote management capability helps IT managers exceed their availability goals while reducing costs.

Secondary management networks (out-of-band) are becoming the standard at most large data centers but it is not always financially feasible to have redundant networks for out-of-band access at remote sites. Historically, a network outage at a remote site was resolved by dispatching a technician. This method was slow and costly. Today, IT managers commonly access and manage remote sites over an analog dial-up modem. However, some sites can be difficult to “wire” with analog lines or the installation could take several months. The cost of provisioning an analog line can also be prohibitive at certain sites.

 

Solution Architecture

Open gear Console Server variance models to achieve Out Of Band Management for Data centers and branch sites of CUSTOMER Network. Network devices console port will be connected with Open gear devices (RJ45 jack) via Rollover cable.
Below design depicts OOB solution to access the CUSTOMER Data Centers & Branch Sites Network Devices.

 

Diagram shared on attached Paper
 

A 3G/4G SIM or ADSL Broad Band Connection to remote branch location with min bandwidth connectivity at each site, Open gear boxes are capable to run IPSEC VPN tunnels with Data Center Firewall.
Branch location can have 3G/4G or ADSL Broad Band connection with dynamic public ip address, IPSEC Tunnel will be created dynamically based on traffic initiated from DC for Console Server at Branch Location.

Traffic will be secure over the tunnel and additionally box can act as Firewall for more security.

Remote Access Management

Secure access is available through the following local (analog console port) and remote (digital IP and dial-up) options:

o Mgmt. Port: Open gear management port should be connected in management segment and should be configured with in-band management IP address via Cat6 straight through cable.

o 2*1 10/100/1000 Ethernet for WAN connection from providers
o Console connection: An administrator can log in either from a local terminal or from a computer with a terminal emulation program that is connected to

the console port and can use the CLI utility.
o SSH & Telnet: An authorized user can make a Telnet, SSH v1, SSH v2

connection to a target device.
o Web Manager: Users and administrators can perform most tasks through the

web manager (accessed with HTTP or HTTPS). The web manager runs in Microsoft Internet Explorer, Mozilla Firefox, and Apple Safari on any supported computer that has network access to the console server. The list of supported client browsers and their versions are available in the release notes

Security Profile

Security profiles determine which network services are enabled on the console server. Administrators can either allow all users to access enabled ports or allow the configuration of group authorizations to restrict access. You can also select a security profile, which defines which services (FTP, ICMP, IPSec and Telnet) are enabled.

Benefits

Out of band management gives direct benefits:-

o Secure in-band and out-of-band network remote management

o Streamline installation and configuration with Zero Touch Provisioning
o Eliminates adaptors for Cisco pin-out conversions
o Compliance with data center access and security policies – customizable, multiple

access levels
o Integrated power management

o Centralized management
o Automatic event tracking and notification of fault conditions

 

 

Conclusion

Out of band management for remote branch office can done effortlessly by having secure communication over 3g or brand band links, which will make life of Network IT world easy in case of outage or to troubleshoot any issue.

Note:-

I have uploaded a paper as well for everyone interest and to think for OOB solution implementation , if they want to do in near future.

 

 

Best Regards

Ganeshh Iyer

 

 

 

 

Labels:
Preview file
494 KB
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents