The Distributed Enterprise: Access and Management of Remote Office IT Infrastructure



Similar documents
Server Room Solutions: How small to midsize IT businesses can make their IT budgets appear larger than they are

DS Series Solutions Integrated Solutions for Secure, Centralized Data Center Management

Power Management. Raritan Description.

DS SERIES SOLUTIONS ALL AT ONCE

Out-of-Band Management: the Integrated Approach to Remote IT Infrastructure Management

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Dominion PX. General Questions. What is Dominion PX (PX)?

APC Enterprise KVM Switches

Smart Card Deployment in the Data Center: Best Practices for Integrating Smart Card Authentication in a Secure KVM Environment

Secure, Remote Access for IT Infrastructure Management

A More Secure and Cost-Effective Replacement for Modems

The Leading KVM Switch Solutions Provider, ATEN. 40-Port KVM Over the NET - 1 local / 4 remote user access

Release Notes for Dominion SX Firmware 3.1.6

Power, Monitor, Measure, Access, Manage and Control Your Entire IT Infrastructure

CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System

Server Remote Control External KVM over IP. StarTech ID: SV1110IPEXT

CN8600 DVI KVM over IP

CN8000. Features. KVM on the NET

CN8000. KVM on the NET. Simply Better Connections

Opengear Technical Note

The ABCs of KVMs: How Remote KVM Switches Put You in Control of Your Data Center

Remote Data Center Control

Foglight Experience Monitor and Foglight Experience Viewer

How do I secure and manage an out-of-band connection to network devices?

Power, Monitor, Measure, Access, Manage and Control Your Entire IT Infrastructure

Dominion KX II-101-V2

PN5212/PN5320/PN7212/PN7320

Gigabyte Management Console User s Guide (For ASPEED AST 2400 Chipset)

Server Management with Lenovo ThinkServer System Manager

It s time to confront IT complexity and deal with it. With Avocent s Control and Manageability Solution

Taking KVM Switches Beyond the Data Center

Power Distribution Units (PDUs): Power monitoring and environmental monitoring to improve uptime and capacity planning

CC2000. Control Center Over the NET Management Software

S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s

KLE for KVM Link Extender

System Area Manager. Remote Management

Data Center Power Distribution and Capacity Planning:

KN1108v/KN1116v. KVM Over the NET. Enterprise Solutions

Securely manage data center and network equipment from anywhere in the world.

Cat 5 High-Density KVM Over the NET

MITEL. Enterprise Management Solutions

PC Proactive Solutions Technical View

SolarWinds Log & Event Manager

Opengear Application Note

Mobile Admin Architecture

The Leading KVM Switch Solutions Provider, ATEN

Lab Developing ACLs to Implement Firewall Rule Sets

KVM Over the NET. KN2124v 24 ports 1 local and 2 remote user. KN2140v 40 ports 1 local and 2 remote user. KN4124v 24 ports 1 local and 4 remote user

Network Management System (NMS) FAQ

Enhanced capabilities of KVM over IP switches also include: a Message Board, Panel Array Mode, Mouse DynaSync, and Adapter ID.

CommandCenter Secure Gateway User Guide Release 6.0

Common Access Card Application

DSVIEW 3. Installer/User Guide

Secure Remote Enterprise Network Management

Management, Logging and Troubleshooting

Whitepaper. Business Service monitoring approach

VPN. Date: 4/15/2004 By: Heena Patel

High Availability Server Management

Remote PC Guide for Standalone PC Implementation

GoToMyPC. Remote Access Technologies: A Comparison of GoToMyPC and Microsoft Windows XP Remote Desktop

Half Bridge mode }These options are all found under Misc Configuration

The role of Access and Control in DCIM

Contents. Secure Remote Data Center Management

THE SECURITY OF HOSTED EXCHANGE FOR SMBs

PE6108/PE6208/PE8108/PE8208

Intel Active Management Technology with System Defense Feature Quick Start Guide

AMX MULTI-USER, MULTI-PLATFORM SWITCHING FOR REAL-TIME DATA CENTER AND TEST LAB ENVIRONMENTS

Enterprise Remote Support Network

Gigabyte Content Management System Console User s Guide. Version: 0.1

Information Technology Security Procedures

Secure Web Access Solution

CCNA Security. Chapter Two Securing Network Devices Cisco Learning Institute.

HP ProLiant Lights-Out 100c Remote Management Cards Overview

SECURELINK.COM ENTERPRISE REMOTE SUPPORT NETWORK

How it works. b) IP addresses are allocated dynamically and may change any time.

Intel Active Management Technology Embedded Host-based Configuration in Intelligent Systems

QuickSpecs. Overview. Compaq Remote Insight Lights-Out Edition

RemotelyAnywhere. Security Considerations

Transcription:

The Distributed Enterprise: Access and Management of Remote Office IT Infrastructure 2007 Raritan, Inc.

Executive Summary While the proliferation of branch and remote offices is a positive sign of company growth, it can be a challenge for IT staffers. Besides managing data centers, IT teams take on the additional responsibility of managing and repairing branch office assets like routers, switches, firewalls, WAN optimizers and servers. Employees who work in these remote locations typically do not have the IT skills to troubleshoot problems. To overcome this challenge, many IT staffers use remote access software to diagnose and repair branch office problems. However, these tools are only useful if the OS and network are functioning. If the network or OS is down, an on-site employee might be asked to go to the server closet and address the problem. If that doesn t work, then additional costs in travel, time, and lost business might be incurred. This paper will address the added value (in terms of uptime and security) of out-of-band access and control tools for branch offices, and why out-of-band should be considered a critical component of branch office networks. Challenges in the Branch Office According to data from the Internet Research Group, there are over 1.5 million branch offices in the United States today, and this number continues to grow. What s more, this does not take into account kiosks, ATMs and other self-service transaction locations. While branch offices broaden the reach of businesses, it also broadens the burden of IT managers who are responsible for the installation, monitoring and maintenance of technology assets in these various locations. These assets can include networking devices, such as routers, switches, WAN optimizers and firewalls. They can also include distributed application and storage servers for transactions and e-mail. The challenges associated with managing remote offices break down into the following categories: Control and Complexity: Branch office networks can have an array of heterogonous components in terms of devices and manufacturers. The increasing complexity of these networks brings an increased concern about failures and how to fix them. Also, with hundreds, or potentially thousands, of IT assets spread out across the globe, the need for a centralized dashboard to manage these devices becomes critical. Security: Many branch offices, especially retail locations and banks, contain sensitive customer information and/or credit card data that can be vulnerable to intrusion without the proper safeguards. The proliferation of Wi-Fi in branch locations adds yet another layer to this security concern. Limited Budgets and Resources: Typically, remote offices do not have their own dedicated IT staff. In this common scenario, it is incumbent on the HQ-based IT administrators to diagnose and correct networking and server problems. Sometimes, this involves traveling to the location to troubleshoot, which can increase the Mean Time to Repair (MTTR) as well as increase costs from travel expenses. Another option is to hire a service provider to do a truck roll to the location, which can also be costly. If the problem is critical and must be corrected immediately, then travel might not be an option. Remote access tools become an ideal way to log in and correct IT issues in the branches. Most remote access solutions are segmented into in-band and out-of-band categories. Page 2

In-Band Access Tools (e.g. Telnet, SSH etc.) Firewall Windows Server, Linux Server Application Server, POS Server, etc. IP Network Router Remote Office Headquarters In-Band Access Options Remote Management Software: This type of solution enables IT administrators to access the desktop and applications running on target servers. A significant limitation of remote management software is that it requires that the target OS is available. If the operating system is frozen or crashes, then the server cannot be accessed. In addition, these software solutions are dependent on a connection to the target server s network interface card. If the network is unavailable, then this also becomes a roadblock to repairing the problem. Table 1 illustrates the gap between remote access software and out-of-band options like KVM-over-IP. In-Band Out-of-Band Tasks Remote Access Software KVM-over-IP Remote access to servers BIOS-level access Dial-up access if network is unavailable User profiles, port-level permissions Support for multiple users, concurrent sessions Warm rebooting Cold rebooting * Logging *When used with remote power management Table 1 Page 3

Terminal Emulation Protocols: Telnet and its encrypted counterpart SSH are used to access and configure devices with serial ports: routers, switches, firewalls, power distribution units and servers. Like remote management software, this access method is only as effective as its network connection. If there is a problem with the WAN, then an IT professional might be required to go to the remote location to make the repairs. In addition, these maintenance interfaces can make branch locations more vulnerable to network intrusion since hackers could use these same interfaces to steal data and plant viruses. The security advantages of an out-of-band alternative like a secure console server is shown in Table 2. In-Band Out-of-Band Tasks Telnet SSH Secure Console Server Secure Appliance Dial-up access if network is unavailable Encryption Customize TCP Ports Strong Password Password Retry Lockout SYSLOG Keystroke Logging Security Login Banner Table 2 Out of Band Options Secure Console Servers: The common denominator of most branch office IT deployments is network connectivity, which typically requires a router, switch and firewall. If these components fail in a remote location, then business can suffer. Most networking equipment have serial interfaces and, as mentioned above, in-band tools like SSH and Telnet are common methods of accessing and maintaining the gear. Unfortunately, if there is a problem with the network then these access tools might be useless. Secure Console Servers (SCSs) provide remote access to serially-managed servers and other serial devices via SSH/Telnet and Web browser. One advantage of SCSs is that they provide one point of access and control to serially-managed servers, WAN equipment, networking gear and power control devices. Another advantage is that they can provide dial-up access if the WAN is unavailable, which can prevent a trip to the remote location and speed repair time. Selecting the right SCS can also add additional layers of security to the branch office and discourage hackers from acquiring sensitive business and customer data. (For additional information on this security topic, please refer to the white paper A Layered Approach to Securing Remote Maintenance Consoles /white-papers). Page 4

Sys Admin Magazine lists some of the buying considerations when selecting a console server: Rights and Authentication Local accounts Port-level access Strong passwords Support for Active Directory, LDAP, RADIUS, TACACS+ Console Features Logging SNMP traps Solaris key trapping Shared access Management Features E-mail alerts SNMP support Access Methods SSH Telnet Web interface Dial-in option Facilities Management Dual power Power management CAT5 cabling "Once we made a mistake, causing our firewall to lock up, so we couldn't connect through the network. We ended up having to send someone to the site, console into the server and restart it. If we had the Dominion SX at that time, it would have taken five minutes to fix. I think that was the incident that made it mandatory for us to add Raritan's secure serial console server solution to our IT infrastructure." - Kevin Byrne, Network Operations engineer, Charter Communications Page 5

KVM-over-IP: KVM switches provide the ability to access and control servers that have a Keyboard/Video/Mouse interface. They simulate the experience of being inside the data center and accessing the server directly. KVM-over-IP switches provide the same experience, but over a secure IP connection. One significant advantage of this is the ability to access servers from anywhere, which makes it ideal for accessing and controlling servers in remote offices. Whether IT administrators are at their HQ location or at home at 2 a.m. in a snowstorm, they will have access to their branch office assets. What s more, KVM-over-IP switches provide both in-band and out-of-band access. In other words, the IT staff can access and control their servers either at the OS/application level or at the BIOS level if the OS is unresponsive. For extra peace of mind, KVM-over-IP switches with integrated modems provide dial-up as an alternate access method in the event of a network failure. Additional value-added features like Virtual Media enable IT staffers to transfer files from their desktop, CR-ROM or USB stick to servers across the globe. This is an ideal tool for upgrades and patches that need to be installed at numerous remote locations. The KVM-over-IP Buyers Guide lists the following considerations when selecting a switch: True anytime/anywhere resource access Multiplatform support Browser/desktop compatibility IP and dial-up access No-cost, downloadable client Non-blocked access via local ports Full remote power control Virtual Media access Level of security and performance Minimized vulnerability External and internal access controls Syslog support Data encryption Strong password support Appliance-based solutions Ease of implementation Size and port density Reliability and uptime Intelligent Power Distribution Units: There are times when cold rebooting is required as a last-resort method to fix a problem. While switched Power Distribution Units (PDUs) are typically associated with remote power cycling, some PDUs are equipped with intelligence to provide additional monitoring capabilities. In a branch office, where IT equipment is typically relegated to a closet or small room, it is important to be notified when environmental factors and power utilization exceed user-defined thresholds. For example, electrical closets in small offices often suffer from poor ventilation and cooling and may have only one electrical circuit that is shared with other equipment. Monitoring the closet temperature and IT equipment current draw can prevent a network outage or equipment damage. Page 6

When selecting a remote power management solution, take into consideration the following capabilities: Remote serial and TCP/IP access to outlet-level switching User-configurable, outlet-level delays for power sequencing Unit-level and outlet-level power monitoring and utilization information User-defined thresholds Alerts via SNMP, e-mail and syslog when thresholds are exceeded Up to 256-bit AES encryption and strong password support Advanced authentication and authorization options including outlet-level permissions and LDAP/S, RADIUS and Active Directory Support for HTTP, HTTPS, IPMI, SMASH-CLP, SSH, Telnet and SNMP Centralized Management: Having tens, hundreds or over a thousand locations to manage can be a daunting task. Even with KVM-over-IP, secure console servers, Baseboard Management Controllers (ilo, DRAC, RSA) and intelligent PDUs to address remote troubleshooting challenges, the need to track all of these heterogeneous assets in a consolidated view is essential. Consider a centralized management solution that can support a wide breadth of devices, as well as advanced security and authorization capabilities. Sample screen of CommandCenter Secure Gateway, which provides centralized access and management of IT devices. Page 7

Conclusion While there is no substitute for having an IT professional in each branch office location to keep things running, this is a luxury that few businesses can afford. The next best solution is to have the right tools that extend the reach of HQ-based IT staff to the remote locations. While some tools are currently available for what seems like little or no cost, there is indeed a cost in terms of sacrificing availability and security. This can result in unforeseen travel expenses and downtime, which is what remote access solutions are meant to avoid. The gaps left by in-band access tools can best be filled with out-of-band solutions. For additional information on how Raritan can help you manage and maintain your remote office networks, please visit /branch-office-management. Dominion SX Secure Console Server CommandCenter Secure Gateway Dominion KX KVM-over-IP Dial-up connection Dominion PX Power Management PSTN IP Network Firewall Router Remote Office Windows Server, Linux Server, Application Server, Servers with ilo, DRAC, etc. Headquarters Recommended Reading (available from /white-papers) A Layered Approach to Securing Remote Maintenance Consoles A Buyers Guide to KVM-over-IP Technologies Secure Console Control: Browser-Based, Command Line Interface, or Both? Remote Server Management for Data Center Professionals References 2005 Branch Office Market Landscape Report, Internet Research Group, September 2005 Console Server Design Considerations, Ron McCarty, Sys Admin Magazine, May 2007 About Raritan Raritan is a leading provider of management solutions that simplify IT operations. Based on KVM (Keyboard, Video, Mouse) switches, serial console servers, management software, power management and remote connectivity, Raritan's secure solutions drive data center and branch office efficiency and productivity in more than 50,000 locations around the world. Raritan also serves the OEM market by developing advanced, hardware-based, remote-management components based on KVM-over-IP and IPMI technologies. Founded in 1985, Raritan today has 38 offices worldwide, and its products are distributed in 76 countries. For more information, please visit 2007 Raritan, Inc. All rights reserved. Raritan and When you are ready to take control are registered trademarks of Raritan, Inc. All other marks are trademarks or registered trademarks of their respective manufacturers. C1016

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information