As networks become more complex, with even less room for downtime, enterprises are turning toward out-of-band network management in order to have access to assets even when networks are faltering.
These "out-of-band" systems offer several benefits, including reduced downtime, testing accuracy, reduction in labor costs and ultimately an increase in real-time system functionality. But network planners struggle to understand which assets must be included in an out-of-band network management system to address survivability and testing requirements without costing the organization years of capital in an already strained economy.
An out-of-band management system, simply defined, is any system that allows access to IT assets through external means. The term "access" is dictated by the types of assets that comprise the endpoints in the system. For instance, routers and switches can be accessed through both remote and local interfaces, which are exclusive of the in-band network and offer the support personnel complete control. Conversely, a server environment can be accessed locally through directly attached peripherals (keyboard, mouse, monitor, etc.) or remotely through external peripherals such as KVM switches or Network Interface Cards (NICs) with dial-in capability.
Considerations in out-of-band network management design
The first step in determining the design of an out-of-band network management system is to define which elements or components need to be managed and what is necessary for that access. Here are some examples of questions that should be answered prior to designing a system:
- What kind of visibility do I need? Do you need access to assets that have GUI-based operating systems or applications that require visibility to be controlled?
- Do I need access beyond command line interface (CLI)? Is CLI the only element I need access to, or will I need access to peripherals such as NICs, drives, SANs, etc.?
- Do I need the ability to transfer data? This is a very important question that can drive the cost of the out-of-band network management system and cause late-night trips to the site. You may need to transfer data for updating code, pushing patches and security updates. It's important to define which data needs to be transferred and the media needed for it to be presented to the managed assets.
These are just basic examples of things to consider, though each organization has unique needs. Once the requirements are defined, the next step is to determine the foundational assets that must be included in the out-of-band network management system.
Deciding what's core to an out-of-band network management system
If you belong to a multinational organization that has thousands of IT assets, it may not be cost effective to include every single item in an out-of-band management system. It's very important to first determine the most critical elements in your infrastructure and how you intend to manage them remotely. Keep in mind that an asset is not always a physical piece of equipment and can extend to services, applications, middleware and other software. The considerations of which elements should be included in an out-of-band system fall into the following areas:
- Does the asset directly influence revenue generation?
- Does the asset constitute a single-point-of-failure and act as a transport (router, switch, etc.), security (firewall, VPN) or access (NAC, portal) device?
- Does the asset control package distribution or storage of critical data (e.g., SAN, asset management systems)?
There are several more areas that should be addressed, but these should serve as a prelude to the level of detail needed to plan an out-of-band network management system.
Tools and equipment needed for out-of-band network management
Out-of-band models fall into two categories:
- Exclusive: A 100% isolated out-of-band system in which physical and logical paths never cross the production environment.
- Hybrid: An out-of-band system that includes both in-band and exclusive characteristics. This is the more common of the two, based on manageability and cost.
Regardless of the type of out-of-band model, organizations will find themselves purchasing the same foundational equipment:
- Terminal servers
- KVMs with remote access capability
- Network switches and/or routers
- Network interface cards (NICs)
The quantity, configuration and layout of the out-of-band equipment depend entirely on the design and desired outcome of the organization. Out-of-band systems can be as simple or as complex and costly as the production environment they are supporting, so it is important to define the requirements fully before deploying a system that will be difficult to rip out in the long term.