Tuesday, November 29, 2011

The Uplogix Platform & FIPS 140-2 Compliance

FIPS guidelines prevent unauthorized physical
access to critical security parameters
Recently at Uplogix we've had expanded interest in FIPS 140-2 compliance from outside the federal market as an even more secure version of the local management platform. The Federal Information Processing Standard (FIPS) Publication 140-2 is a computer security standard issued by the National Institute of Standards and Technology (NIST) to accredit cryptographic modules for government computing platforms.

Uplogix meets the requirements for FIPS 140-2 Level 2 certification and is in-process with NIST.

The enhancements made to the already-significant security features in the Uplogix Local Management Platform meet or exceed government standards for the protection of data and information captured and stored by Uplogix Local Managers (LMs).

Software enhancements for FIPS
Most of the differences between a standard Uplogix LM and a FIPS compliant device is in the operating software with some alterations to Roles, Services and Authentication procedures as well as rules for security policy.

A default Uplogix LM ships with the Admin and Guest roles. During FIPS initialization, a third role is created to allow operators the ability to Factory Reset, or zeroize the system. In FIPS mode, the Admin and Factory Reset roles are assigned to the Crypto Officer.

Additional security rules are implemented in FIPS mode by the Crypto Officer to confirm to FIPS 140-2. In FIPS mode, the Uplogix LM operates with specific security rules to ensure secure communication with administrators as well as the Uplogix Control Center using FIPS-compliant algorithms.

Hardware differences from standard Uplogix Local Managers
Additional improvements to the physical device itself include tamper-evident labels (TELs), visual obstructions and solid state onboard storage. The TELs indicate that someone has attempted to dismantle the LM, or in addition in the case of the Uplogix 430, access the device using the console connection.

The onboard storage differs by LM model:
  • Uplogix 430 LM, 8GB Compact Flash Card
  • Uplogix 3200 LM, 40GB SATA Solid State Drive

Get ready for the ride: Tech needs for 2012

A recent article by the Cisco Innovators Program likened managing a network today to being on a wild ride. With administrators strapped in and riding through: "
  • A steep climb in Internet traffic and network access from smartphones and tablets
  • Increased traction in cloud services and virtualization
  • The growing popularity of IP voice and video
  • Challenging twists and turns in security, including international hacking"
The article goes on to list five must-have technologies for 2012, including 1) reliable and secure Wi-Fi access, 2) power over Ethernet, 3) Stronger network security, 4) Collaborative communications and 5) High-performance, high-availability connections.

Of course, at Uplogix, we add Local Management to that list. If not as a must-have in itself, as an enabler for the other challenges network admins will face on the wild ride of networking.

With the challenges of managing increasingly sensitive and highly utilized WANs and LANs that deliver the high-performance, high-availability connections, Uplogix can help offload some of the basic care and feeding of the network. This frees up time for network admins to focus on the fine-tuning that will deliver SLAs and grow businesses.

If you look a the five future technology trends listed in the article, any device/any content, collaboration, video, network security, and a flexible network technology architecture, they each fit with the Uplogix view of IT trends:

So, as you ride your network into 2012, keep Local Management in mind as a complement to your traditional centralized management tools. It can help make the ride more enjoyable.

Monday, November 28, 2011

New users of local management on the high seas

For nearly 100 years, Radio Holland has brought the latest communications technology to sea to improve maritime business, shipboard life and safety. In addition, Radio Holland USA uses Uplogix to reduce support costs for satellite communications and to improve customer experience.

With a corporate emphasis on quality service, Radio Holland uses Uplogix to monitor shipboard communications and networking gear. In the event of trouble, Uplogix can automatically resolve many problems - often before they are noticed by ship or shore personnel.

The primary access to Uplogix Local Managers (LMs) is in-band over the core satellite connection, but if there is a problem with that link, out-of-band connectivity through a variety of options ensures that Radio Holland always has access to remote gear.

Uplogix offers Radio Holland an effective approach to reducing the cost and complexity of supporting satellite network environments. LMs enable operators to remotely monitor and control both satellite and terrestrial-based network equipment. The LMs co-locate and connect serially with network and satellite communications equipment to provide non-stop local management and control.

Uplogix LMs automate numerous network support, maintenance, configuration and recovery procedures - reducing the time, cost and error associated with manual support. Radio Holland administrators can manage all Uplogix LMs via the Uplogix Control Center, a centralized, web-based portal that presents a full inventory of both Uplogix devices and the infrastructure equipment connected to them.

To learn more about how Radio Holland USA uses
Uplogix Local Management, check out the case study.

Thursday, November 17, 2011

Out-of-band options for any situation

One of the key features of the Uplogix Local Management Platform is the ability for a Local Manager (LM) to connect back to the NOC over an out-of-band (OOB) link when the primary network link is not available. This connection is a secure two-way link that not only allows Uplogix to feed centralized management tools with granular data about which specific device in the stack is having trouble (or often, show that the stack is working just fine and the problem is external), but also creates a channel for human intervention with managed devices.

Uplogix LMs always “dial-out,” never allowing in-bound dial-up requests, to restore connectivity when the primary network connection goes down, closing common security holes.

Choose the OOB that works best for you
The variety of options for OOB links ensure that in virtually any installation, Uplogix can deploy with an OOB solution -- from an urban data center to a suburban branch office or from a ship at sea to a  forward operating base in a war zone. Here are some of the options for out-of-band links for the Uplogix platform:
  • Dial-up modem on a standard analog (POTS) lineNothing fancy here - if you have a phone line, it's easy to plug in an integrated modem or use an external modem with your Uplogix Local Manager. 
  • Secondary Ethernet
    If you are deploying local management in a location with a separate network, you can utilize it for an OOB connection. Just keep in mind how separate that network really is - does it utilize a different provider? Is all of the infrastructure really distinct? Is it accessible from an outside location? If the answer is yes, you might be able to take advantage of that investment for an OOB channel.
  • Cellular modem
    If you aren't too remote, odds are you are in range of a cell tower. An external cellular modem is a relatively inexpensive option for OOB that also offers the convenience/security of not using the cabling in the building. You can adjust or sometimes share data plans between multiple locations to minimize cost.

  • Satellite modem
    Many applications of local management are in remote environments such as energy platforms at sea, or military bases already using satellites for network connections. Phone lines and cellular signals are not available, so a separate satellite connection serves as the OOB channel.

    Uplogix works with Iridium modems to offer the option of connectivity anywhere on the planet. The constellation of LEO (low-Earth orbit) satellites provides access to the most remote locations.

    To ensure the best connection possible, Uplogix invented the LEO-I Kit, an integrated Iridium antenna and modem.  The kit makes it possible to place the antenna and modem at an optimal location for a clean, strong signal - up to 500 feet from the networking gear and Uplogix LM it is supporting.

    Similar to Iridium, Uplogix can use the Inmarsat system, whether it's FleetBroadband in the maritime industry, or the Broadband Global Area Network (BGAN) on land, to utilize the high-speed satellite data services.
The Uplogix LEO-I Kit integrated Iridium antenna and modem
for remote installation
An important strength of local management is the ability for a Local Manager to not only report out exactly what is going on even when the network is down, but also to provide a channel for expert human support to access remote equipment. The variety of options available for out-of-band access ensures that no matter how far away your deployment of local management is, you'll always be connected.