Out-of-band architecture-integration of remote network management

Source: Internet
Author: User
Abstract: This article reviews common methods for monitoring, maintenance, and system recovery, at the same time, we will explore more effective methods to meet the increasingly urgent requirements of network evaluation goals-reduce costs while improving the business level and production capacity.
This article also introduces the principle of remote IT management and the basis of next-generation network facility management.

Keywords: out-of-band architecture Remote Management

1. Introduction

For decades, the business goals of Information Technology (IT) have been the same-reducing costs while improving the business level and production capacity. This goal

It brings new urgency to the economy that is increasingly affected by the Internet. It is no longer a field of internal attention of technical experts. It is more external-oriented. There, customers, partners, prospective customers, and remote employees interact directly with the business provided by the enterprise through the network. Today, as long as an online service is unavailable, customers can immediately use the same service provided by your competitors with a few clicks. Simply put, an enterprise's network facilities have become the face of its business. It plays an extremely important role in giving customers the first impression, this will directly affect future cooperation between companies. Therefore, the network performance has become an important factor affecting the company's business.

In the face of such a reality, many large companies have invested millions or even thousands of yuan to build two times, three or even four times the redundant network to ensure that their network is not faulty. However, redundant system configurations not only cost a lot during installation, but also cost a lot for maintenance, this prompted senior managers to find more effective ways to manage and maintain their network device assets. Small and medium-sized enterprises lack sufficient financial resources to build redundant networks. They need to find better ways to maintain their business and improve productivity.

2. Network Architecture Overview

Nowadays, the typical network architecture of many large enterprises is composed of one or more data centers, and some also include remote sites or branch offices. In some cases, large enterprises build redundant data centers to ensure business continuity. In the event of a potential disaster, they can also provide the same it business as before. From an architectural point of view, each data center has a similar structure (including servers, storage systems and application software) and network facilities (including wires, hubs, routers, firewalls, vswitch and cable ).

Large enterprises may also include remote or branch offices that are connected to the enterprise intranet through a virtual private network (VPN) or wide area network (WAN. A large remote plant, such as a warehouse or a reserve room of a department store, may have a data center including servers, storage devices and network equipment. Small remote offices may be limited to network connections from routers, firewalls, and hubs to desktop PCs. Whether an enterprise is large enough to connect multiple scattered sites or small enough to be limited to a single data center, all of her network administrators face the same challenge-how to exchange the minimum price for the maximum possible operating level and availability of the system.

Generally, large enterprises rely on complex network management software. If a network device is disconnected, the network management software will remind the Administrator that the device is unavailable, however, because these software manages devices through the production network itself, they cannot provide detailed details of the problem, but only prompt that the device is offline. The traditional method of restoring a device requires a technician next to the device, whether the device is in a data center or a remote site. In particular, technicians must physically Connect the laptop to the faulty device to diagnose and fix the device. This not only cost-effective but time-consuming process details the meaning of the term "Local Management.

Remote or out-of-band management allows administrators to connect to a device through an alternative path different from the production network through a network, serial port, or modem. The Administrator does not have to be present in person. Further, remote management may take place thousands or less, regardless of whether the device is in a data center or on a remote site. Remote Management refers to all connections except local and physical connections.

Remote network management can be achieved through the out-of-band management architecture (oobi. Oobi provides a secure and alternative way for the entire intranet to remotely access, monitor, and manage network devices. If a network device fails, oobi can remotely repair it so that it can be restored in the shortest possible time. Oobi can minimize the need for local management and site access, significantly reducing the time and operation costs required for network devices to re-work.

3. Out-of-band management architecture (oobi)

Oobi is composed of one or more technical devices that provide alternative paths to productive networks. The relationship between the production network and oobi is similar to the logical structure shown in Figure 1.

Click to enlarge the image


Figure 1

The following describes how to use oobi.

1. (See figure 2) a device or server in the data center fails. Under normal circumstances, when a device fails and the network is still available, the administrator can remotely access the device through the production network or oobi. Once the Administrator has connected the device, he/she can locate the problem. If necessary, he/she can turn off or turn on the power, and the device will be able to resume work within a few minutes. This reduces labor costs, increases production capacity, and reduces risks.

Click to enlarge the image


Figure 2

2. (See figure 3) a switch connected to another server fails and the connection to the network is lost. In this case, the oobi connection of the switch is still available through the productive network. The network management software reminds the Administrator that this switch is no longer connected to the network. With oobi connection, the administrator can remotely access the vswitch, diagnose problems and fix the vswitch, and reconnect all devices connected to the vswitch to the network.

Click to enlarge the image


Figure 3

3. (see figure 4) a router that provides network connection for the entire site fails. This router provides a connection between the productive network and oobi, and all other devices connected to the network through the router. Because oobi cannot be accessed through a productive network, the administrator needs to access oobi through a dialing line. The Administrator connects to the vro through a serial port to quickly discover problems. He/she can correct the error and repair the router so that all devices connected to the network can work again. In this way, a problem that would have taken the Administrator several hours to solve on-site is easily solved again.

Click to enlarge the image


Figure 4

The benefits of oobi are obvious: equipment availability is also improved when operating costs are reduced. When a redundant system does not function, the business will not be affected. Simply put, the basic goal of reducing costs and improving service quality and production capacity has been achieved.

4. Composition of oobi

Oobi may consist of one or more of the following components:

1. oobi manager is a network management software equivalent to HP OpenView in oobi. Oobi manager provides unified access and configuration management for different oobi components (such as serial control servers, KVM switches, business processing managers, and blade managers. It also provides management capabilities for all devices connected to oobi through a unified interface. This integrates the entire oobi system and improves the oobi system.

2. The serial control server (serial console server) provides remote access to the server and other network devices (routers, switches, cables, firewalls, etc.), rather than relying on the production network itself.

3. The KVM switch or KVM over IP Switch accesses the server through the keyboard, display, and mouse interface, as if the administrator is on site.

4. The smart power distribution unit (IPDS) provides the power switch capability for remote devices to control or restart software/hardware faults.

5. The service processor manager provides unified and centralized access to the business processors implanted into the computer motherboard. These operations are independent of the main central processor (CPU), So administrators can access, monitor, and manage the hardware portion of the server, and enable them to restart the device regardless of whether the main processor or operating system is running. IPMI (Intelligent platform management interface), ALOM (Advanced lights out management) of Sun Microsystem and ILO (Intelligent lights out) of HP/Compaq) all are technologies and protocols developed for the service processor interface.

6. The blade Manager enables the blade server and the blade back disk to be securely connected to oobi. It provides secure remote access to the blade system when the production network is unavailable. Because of the unique heat dissipation and power requirements of the blade system, people feel uncomfortable in the data center. Therefore, the oobi access of blade servers can reduce the risk of liability and operation costs. Each manufacturer's blade server system has its own specific management system, and the blade manager connected to oobi can provide an effective method for centralized management of Blade Systems of different manufacturers.

All these devices constitute oobi, which provides an alternative way to remotely manage network devices.

Obviously, oobi can provide powerful access capabilities to network devices, and these accesses should be safe. All oobi components must have administrator authentication and communication process encryption functions. Some oobi systems provide separate security facilities, which only increases complexity and makes it another attack point of the system. The administrator needs oobi to provide simple network management capabilities, rather than making things more complex. Ideally, oobi and all its components should support industry-standard authentication and encryption protocols so that managers can build oobi on their existing security facilities.

5. oobi implementation

Figure 5 shows the structure of the Internet-based tube.

The network layout adopts a star structure, that is, placing an advanced console server (ACS) on all network nodes and connecting the Console ports and server serial ports of all network devices in the node through ACS. Place a manager in the network management center to manage all the ACS and provide a centralized access portal for the network management facilities. Manager and ACs are connected separately through a leased line. The Internet-based communication network is independent of the operator's operating network, so it is not affected by the operating network.

You can use the ADSL leased line, edsl leased line, SDH leased line, FR, and other networking modes. In addition to the leased line networking mode, the backbone networks of telecom operators can also consider the two operation networks backing up each other to form an out-of-band network.

Engineers in the network management center can access the manager through the web interface or command line to manage all the devices in the network, even if the devices cannot be accessed through the network. In this way, engineers do not need to go to the site to solve the problem, reducing the time needed to solve the fault.

You can use manager to control the centralized access of all network devices and record all user behaviors logged on through manager, you can send alarms to the network management center for all devices managed by the OTs through the console interface. By setting different user groups and permissions on manager and ACS, you can divide Network Management Engineers into different groups to maintain different devices.

For node data centers not covered by the DCN network, you can use the "transmission + PSTN backup" access method. The network connection between the network management center and each data center uses a 64k time slot of the E1 line in the data center. A pair of encapsulation devices with "Ethernet protocol over E1 link" are placed between each data center and the network management center. The Ethernet port of this device is connected to the Ethernet port of ACS, and its E1 port is connected to the E1 line of the data center. This star structure provides an IP link from each data center to the network management center, using the PSTN network as the backup link.

Click to enlarge the image


Figure 5

6. Summary

Local management and site manual access are a waste of manpower, material resources, and financial resources. Oobi provides a better method-time-saving, secure, and cost-effective-to ensure continuous availability of network devices and to maintain connection with the network. To reduce costs, improve business level and productivity, the next-generation IT architecture must use oobi as one of its basic components.

However, to enable oobi to operate effectively, all its components must be integrated and managed through a unified interface, rather than just being separated. Oobi components must support all industry-standard security protocols and specifications so that oobi can be integrated into existing enterprise security facilities. Designing and building oobi systems correctly enables them to manage remote networks. This directly affects the cost of enterprises and enables them to return more quickly.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.