Monday, October 29, 2012

Be Prepared - What Local Management can do in disaster

The expectations for the storm as of Monday morning, October 29.
As the Northeast region of the United States hunkers down for the landfall of Hurricane Sandy it seems to be a good time to reflect (under the blue skies and cool temperatures of a nice early fall day here at Uplogix headquarters in Austin) about some of the benefits Local Management offers for disaster preparedness.


Stay home, but still stay connected: Secure remote access
While the federal government and many offices are closed today, with so many workers either working remotely, or given access to work remotely, the network still needs to be up and running. For IT staff riding out the storm at home, Uplogix Local Managers (LMs) offer a direct connection to managed devices -- just like plugging into a device's console port onsite.

Connectivity is available both in- and out-of-band to ensure that admins can reach devices, as well as to feed centralized reporting tools. Think of trying to get the status of a large network in the storm's path. Surveying a dashboard, many sites might show up red, or down, but they don't all necessarily have the same issues. It's much easier to triage the situation if you know what's going on at the site. The in-depth monitoring of local management will tell you much more than just red/green -- maybe lines are down, so there isn't any connectivity in-bound, or maybe a power surge put a router into ROMmon state and will be fixed automatically by Uplogix.

AAA is enforced even when the network is down or degraded with multiple failover options to ensure that strict access control is maintained even in the event that the primary AAA server is not reachable. With Local Management, you'll know that even if parts of your network are down, access is still protected.

When the storm hits: The graceful shutdown
As the storm hits, power failures are almost a guarantee. We generally talk about the power management features in Local Management when we talk about device recovery. After all, one of the easiest techniques is to power off a device and then turn it back on. But in a storm situation, it could be that power goes out suddenly, and stays off for some time.

Uplogix can maximize the time you have on a battery backup, or minimize the drain on a generator with automated actions. A LM can gracefully shutdown network gear by issuing the proper commands and waiting for appropriate responses to ensure that your gear goes down properly. Another option would be to reconfigure network gear to operate in a "light" mode, maybe some devices can be shut down automatically to reduce the power draw.


Picking up the pieces: After the storm
Uplogix has been tested in hurricanes in the Gulf of Mexico, where oil operations are sometimes suspended during extreme weather. With drilling rigs costing thousands of dollars a day to operate, rapidly returning to a functioning state is critical. With Uplogix, network operators are able to remotely re-start networks with confidence saving a trip for a technician back to the vessel. In a large event, this could mean network operations are restored in hours instead of days or even weeks. Configuration files are stored locally in the LM for easy access, and they are backed up in the Uplogix Control Center for offsite redundancy.

In the event of a catastrophic network event, Uplogix can serve as the foundation of a bare-metal restore. Wire up the new gear with a LM and Uplogix can push out the previous configurations, saving hours of work, and freeing up the most skilled network technicians to focus on more difficult problems in your network.

Maybe you already have a backup network connection using satellite or Wi-Fi. Uplogix can broker the transition over to the secondary connection automatically, ensuring your downtime is minimized. 

Hope for the best, but be prepared
If you are in the storm this week, our thoughts are with you. For your personal safety, take every precaution. For your network, remember that luck favors the prepared, so make some of your own luck with Uplogix Local Management.

Friday, October 19, 2012

Going beyond monitoring for true network management

Uplogix founder and CTO James Dollar was recent interviewed for a story in Via Satellite magazine on the state of network management in the satellite network world. Having been in the room during the phone interview, it was interesting to hear Dollar put Uplogix into the context of other solutions the reporter was including in the story.

Dollar said that network monitoring provides a display of the network and a historical record of what has happened, but network management also means that you can take actions. "We take in data and execute tasks, as a live person would," he said.

This key difference is critical to the Uplogix value proposition. Local Management is like the first-level support technician that would be sent out in a truck (or often in satellite networks, a helicopter), to identify root cause of issues and take run book steps to get things back to a working order. These relatively simple problems and solutions are key drivers of support costs. Being able to automate the monitoring and recovery from these issues can have a big impact.

From the article:
"The oil and gas sector is a great example of how network management systems cut costs," says Dollar. "The average cost for an oil and gas company to send someone out to fix a piece of networking gear is around $5,000. They have to find a helicopter and a guy with the right visa and bring them together. Generally that takes more than eight hours to accomplish. They also have to combine that with their cost of downtime. You can double that $5,000 cost when it comes to fixing the same problems in the military satcom sector. And that includes putting a human in harm's way, which adds protecting personnel to the list of things that the operator needs to do. There are also dangers present in the enterprise sector. Think about being responsible for sending a technician out to the middle of the North Sea in January to resolve a problem with a router or an RF amplifier. These are situations where our solutions play a strong role. We not only reduce the operational expenses, but we increase the network's uptime."
The combination of persistent monitoring at frequent intervals and the ability to take actions to remediate issues with networking and VSAT communications gear is a strength of local management. While these examples were from the satellite world, their problems are really not all that different from typical enterprise networking in civilization -- the "office" is usually just more remote.

Wednesday, October 10, 2012

Being right there: Uplogix phones home


Thirty years ago, a wrinkly alien named ET showed how important the idea of phoning home can be as he went through great effort to phone home to report his status. Luckily with Uplogix you won't have to build an antenna out of an umbrella and aluminum foil. No need for a Speak & Spell either -- we'll do the dialing for you.

A key component of the Uplogix Local Management Platform is out-of-band (OOB) connectivity. While the Uplogix Local Manager (LM) can operate autonomously when the network is down and communicate with managed devices over a console connection, OOB ensures that centralized dashboard tools can continue to receive information on remote devices as well as provide technicians with secure remote access to gear.

When the network is functioning properly, Uplogix LMs use an Ethernet-based connection to connect and transmit data to the Uplogix Control Center through the in-band network (also referred to as the primary network connection). However, when the primary network connection is lost, the Uplogix LM immediately establishes remote connectivity using a dial-up modem, cellular network, or satellite communications.

By providing persistent connectivity to the devices you need to manage, Uplogix enables you to:
  • Maintain management access and control over distributed locations, even when the network is down or degraded.
  • Enforce security policies even during network outages to maintain compliance.
  • Log all changes and the results of those changes, and inspect the logs in real-time for problems.
  • Continuously monitor critical statistics and user interactions with managed devices via an always-on, serial connection.
Out-of-Band Categories

Uplogix uses two categories of out-of-band (OOB) methods to reach remote Local Managers:
  • Phone home | When detecting an outage, the LM initiates a phone home connection automatically.
  • Dial-in | A user manually connects to a remote LM via a secure dialer applet launched from the Uplogix Control Center (UCC.)

Phone Home
When the Uplogix Local Manager detects a network outage it will initiate an OOB connection in order to create an alternative path back to the NOC. A variety of technologies can be used to create the OOB connections including analog phone lines, cellular, DSL or alternate networks, and satellites.

The OOB connection allows the LM to resume communication with the Uplogix Control Center as well as other network monitoring tools.

Users will be alerted when the OOB connection is initiated and the UCC will display the LM’s new IP address. Users can connect to the OOB LM via SSH and will be authenticated as if the user were connecting via the in-band network.


Figure 1. Phone Home Scenario Using a POTS Line. Step 1: The in-band network goes down, in this case due to trouble with a router. Step 2: The Uplogix Local Manager detects the network outage and dials-out via a modem and POTS line. A PPP session is established. Step 3: The LM builds a VPN over the PPP connection and begins to communicate with the Uplogix Control Center.



Figure 2. Phone Home Scenario Using a Cellular Modem. Step 1: The in-band network goes down, in this case due to trouble with a router. Step 2: The Uplogix Local Manager detects the network outage and dials-out via a cellular modem. A PPP session is established. Step 3: The LM builds a VPN over the PPP connection and begins to communicate with the Uplogix Control Center.


Figure 3. Phone Home Scenario Using a Cellular Modem with a custom APN. Step 1: The in-band network goes down, in this case due to trouble with a router. Step 2: The Uplogix Local Manager detects the network outage and dials-out via a cellular modem using a SIM provisioned with the customer APN. Step 3: The modem automatically connects to the customer MPLS network. The LM then resumes communication with the UCC.

Figure 4. Phone Home Scenario Using Secondary Ethernet. Step 1: The in-band network goes down, in this case due to trouble with a router. Step 2: The Uplogix Local Manager detects the network outage and brings up its secondary Ethernet port. Step 3: The secondary Ethernet connection can be routed through an alternate internal network or through a cable or DSL provider. Step 4: If connecting from a cable or DSL provider, a VPN connection will be needed to re-enter the network.







Dial-In Access

But maybe sometimes you might want to phone in to a local manager. To do this a user establishes a dial-in connection to the LM, usually due to an in-band connection failure. Then the user logs into the UCC and launches a secure dial applet for the desired LM. The dial applet runs on the user’s local workstation and establishes a TLS encrypted connection to the LM via the Remote Access Server.

If normal AAA passwords are not cached, the administrator will need to define a user and password in the UCC that will exist in case AAA servers are not reachable. Once the administrator logs out of the LM, the encrypted connection between the user’s workstation and the LM is torn down.


Figure 5. Dial-In Scenario Using POTS Line. Step 1: User connects to the UCC and launches the encrypted dialer applet. The applet establishes the socketed connection to an available modem on the Remote Access Server, and dials into the LM. Step 2: The user is presented with a login prompt for the LM.

Satellite-based OOB Connectivity
We haven't even touched on satellite options here, but many Uplogix customers use their Local Managers in networks that are quite off the beaten path. Maybe they are at sea, or on the battlefield where POTS lines are non-existent and cellular coverage is intermittent at best. For these deployments, satellite connections over Iridium or Inmarsat provide the same secure connections and two-way access. For more information, see the Uplogix website or this previous blog post.






Tuesday, October 9, 2012

The case for managed service providers to go local

Ensuring high availability and performance for customers with geographically distributed networks and multiple remote locations presents a number of unique management challenges for MSP staff. Since it’s not possible to be onsite everywhere, network device errors often require expensive support calls and drive missed SLAs.

Monitor AND Control Remote Networks
Local Management drastically reduces the cost and complexity of supporting highly distributed IT environments. Uplogix Local Managers (LMs) enable MSPs to remotely monitor, manage, and control network equipment on the customer’s premise—even when the network is down.

From the Uplogix Control Center, operations staff can centrally manage multiple customers’ networking, communications and other IT devices connected to Uplogix LMs via a simple, web-based interface with multi-tenant capabilities. With Uplogix, you can also give your customers the added value of secure access to their network infrastructure at all times.

Uplogix saves MSPs significant labor costs by displacing mundane daily maintenance tasks and reducing the dispatch of costly, limited IT personnel to remote customer sites. Uplogix augments existing network & systems management with a unique ability to not only alert, but to take immediate local action to remediate issues.

Uplogix in a Typical MSP Deployment
Uplogix LMs deployed at remote sites are connected over the console port to managed network devices. With a variety of out-of-band options, Uplogix ensures that you can always have local management and control. LMs at customer sites are managed from the Uplogix Control Center in the MSP NOC.







Here is a summary of the key benefits for MSPs:
  • Simplify Remote Management | The Uplogix Control Center can be configured to support and manage multiple customer environments via a multi-tenant model. MSPs can offer customers the added value of secure access their own remote sites through the Control Center.
  • Reduce support costs | Uplogix LMs work like on-site virtual IT administrators capable of anticipating/diagnosing problems and executing recovery actions in minutes or even seconds for less staff interaction and fewer tech support trips to remote locations
  • Maintain and Improve Service Levels | Uplogix LMs proactively find and fix problems before network performance is impacted. The Service Level Verification feature can monitor, measure and manage critical network and communication services including TCP/IP, web-based transactions, and voice over IP systems from each remote location where deployed to mirror, and improve, the quality of service that end users are experiencing.
  • Reduce Security Risk | Constantly enforces security policies by providing encrypted access to all managed devices, enforces authorization and authentication policies. Also audits all user interactions and configuration changes even during a network outage or service disruption.