Thursday, February 21, 2013

Staying Connected: Out-of-band options with local management

One of the key features of Local Management is persistent connectivity to remote gear. With Uplogix connected to your network and communications devices, and an out-of-band connection of some sort, you can count on maintaining management access and two-way control even when the network is down or degraded.

In addition to being able to connect to devices, when the network is down Uplogix Local Managers continue to enforce security policies, log all changes and the results of those changes, and continuously monitor critical device statistics and user interactions.

Out-of-Band Categories

Uplogix uses two categories of out-of-band (OOB) methods to reach remote Local Managers:
  • Phone home: When detecting an outage, the LM initiates a phone home connection automatically. 
  • Dial-in: A user manually connects to a remote LM via a secure dialer applet launched from the Uplogix Control Center (UCC.) 
Here is a quick overview of how the various OOB methods work.

Phone Home

When the Uplogix Local Manager detects a network outage it will initiate an OOB connection in order to create an alternative path back to the NOC. A variety of technologies can be used to create the OOB connections including analog phone lines, cellular, DSL or alternate networks, and satellites. 

The OOB connection allows the LM to resume communication to the Uplogix Control Center as well as other network monitoring tools.

Users will be alerted when the OOB connection is initiated and the UCC will display the LM’s new IP address. Users can connect to the OOB LM via SSH and will be authenticated as if the user were connecting via the in-band network. 

Figure 1. Phone Home Scenario Using a POTS Line. Step 1: The in-band network goes down, in this case due to trouble with a router. Step 2: The Uplogix Local Manager detects the network outage and dials-out via a modem and POTS line. A PPP session is established. Step 3: The LM builds a VPN over the PPP connection and begins to heartbeat to the Uplogix Control Center.

Figure 2. Phone Home Scenario Using a Cellular Modem. Step 1: The in-band network goes down, in this case due to trouble with a router. Step 2: The Uplogix Local Manager detects the network outage and dials-out via a cellular modem. A PPP session is established. Step 3: The LM builds a VPN over the PPP connection and begins to heartbeat to the Uplogix Control Center.
 
Figure 3. Phone Home Scenario Using a Cellular Modem with a custom APN. Step 1: The in-band network goes down, in this case due to trouble with a router. Step 2: The Uplogix Local Manager detects the network outage and dials-out via a cellular modem using a SIM provisioned with the customer APN. Step 3: The modem automatically connects to the customer MPLS network. The LM then resumes heartbeat with the UCC.
 
Figure 4. Phone Home Scenario Using Secondary Ethernet. Step 1: The in-band network goes down, in this case due to trouble with a router. Step 2: The Uplogix Local Manager detects the network outage and brings up its auxiliary Ethernet port. Step 3: The secondary Ethernet connection can be routed through an alternate internal network or through a cable or DSL provider. Step 4: If connecting from a cable or DSL provider, a VPN connection will be needed to re-enter the network.

Dial-In Overview

A network administrator establishes a dial-in connection to the LM, usually due to an in-band connection failure. Then they log into the UCC and launch a secure dial-in applet for the desired LM. The applet runs on the user’s local workstation and establishes a TLS 1.0 encrypted serial connection to the LM over the OOB session.

If normal AAA passwords are not cached, the administrator will need to define a user and password in the UCC that will exist in case AAA server are not reachable. Once the administrator logs out of the LM, the encrypted connection between the user’s workstation and the LM is torn down. 


Figure 5. Dial-In Scenario Using POTS Line. Step 1: User connects to the UCC and begins the encrypted dialer applet. Step 2: Running locally on the User’s computer, the dialer applet establishes a connection to the configured modem or access server. Step 3: The modem or access server dials the LM, establishing an encrypted session. Step 4: The user then logs into the LM.

Much more than a message in a bottle

Out-of-band connectivity through a variety of options including dial-up, cellular or satellite modems provides a reliable management connection to remote gear. For more information on the out-of-band methods described here, or using satellite connections for out-of-band such as Iridium or Inmarsat, please visit Uplogix.com/support. You may also contact Uplogix Support at support@uplogix.com or 888.663.6869.

Tuesday, February 19, 2013

Fighting Corruption with Local Management


Face it. Corruption happens. Maybe it's a hardware issue, maybe it's a software conflict, maybe it's just the result of an honest mistake by an admin trying to do their job.

The good news is that Local Management can fight corruption in your network devices automatically. Like a superhero watching over your network, Uplogix wages battles on your behalf wherever your gear resides. Local Managers (LMs) are constantly monitoring independently of the network, ready to spring into action to recover from anything from an IOS upgrade patch that doesn't execute, to those mysterious issues with no obvious cause.

Here are a couple of quick examples:

Scenario: Configuration Loss or Corruption

A network device loses its configuration and becomes unusable, or a corrupt configuration file is accidentally distributed as the new standard.

Uplogix Solution – Configuration Recovery

Issuing the recover configuration command on a port with a managed network device results in:

  • The LM cycles power to the network device
  • Breaks into boot sequence
  • Ignores current configuration
  • Network device comes up with no configuration
  • LM pushes last known good configuration

Scenario: Corrupt or Missing OS File

A hung or unresponsive router can enter ROMmon mode for various reasons such as a boot failure, settings in the virtual configuration register that force the router to stop in ROMmon mode during the boot, or a break sequence sent to the console.

Whatever the cause, the device isn’t available for business use, which likely means that the site is down and productivity comes to a halt.

Uplogix Solution – ROMmon Recovery


  • Detect ROMmon state via default chassis monitor
  • Utilize power management to cycle the router
  • Load stored last known good OS file from the Local Manager to end device using the LM's TFTP, FTP or Xmodem functionality
  • Issue the boot command

Learn more

Tired of dealing with corruption by yourself? You need a vigilant superhero working on your behalf all day, everyday. Read more about the superpowers Uplogix can bring to your network infrastructure.

Wednesday, February 13, 2013

Case Study: Local management along a long and lonely pipeline



Uplogix helps secure and simplify management
of the network that controls the transportation
of energy for millions in North America

Enbridge operates the largest and most complex liquids pipeline system in the world

For over 60 years, Enbridge has operated pipeline systems. Today, millions of people across North America rely on energy transported by Enbridge pipelines every day. With a foundation built on safety, the number one concern at Enbridge is the integrity and viability of their pipelines.

Uplogix Benefits for Enbridge

To deliver energy safely across thousands of miles, Enbridge relies on an extensive information network to monitor and control its pipeline network. Uplogix Local Management enhances network security and serves as a common management platform for administrators supporting pipelines on land and sea:

  • Access Security | All access to remote network and communications devices goes through Uplogix to track user sessions for compliance and reporting.
  • Optimized Monitoring | Local management of devices allows for detailed monitoring with minimal network traffic. Data sent upstream to tools in the NOC is compressed and encrypted.
  • Heterogeneous Devices | From SCADA and networking gear to connectivity over dial-up, cellular and LEO satellite, Uplogix is a single management interface for diverse deployments.

Secure remote access and automation for SCADA and hybrid networks

The ongoing convergence of SCADA and IP has introduced additional complexity into networks in the Energy industry. At Enbridge, Uplogix has reduced the number of truck rolls required to service remote networking sites while increasing network security.

Secure, always-available access

Enbridge uses Uplogix to manage access to monitoring and control devices along the pipelines. Uplogix can maintain management access and control over distributed locations, even when the network is down or degraded. Uplogix Local Managers (LMs) function securely and consistently—both in-band and out-of-band—and provide multiple backup connectivity options (PPP/analog, cellular, satellite).

Enbridge uses Uplogix to enforce security policies and maintain compliance—even during network outages—by controlling access to managed devices; enforcing granular authorization controls; and logging all device changes and the results of those changes.

Local monitoring is more efficient

Uplogix Local Managers continuously monitor critical device statistics and user interactions with managed devices via an always-on, serial connection with no impact to network performance. For Enbridge, this is especially important because some sites operate at low bandwidths and benefit from the LM compressing and encrypting monitoring data before sending it upstream to tools in the NOC.

Heterogeneous device support

Pipelines bring together high technology and communications with the physical world of transporting energy from one location to another. This means a variety of devices are critical to the operation. Uplogix can monitor and manage SCADA, networking and communications gear.

Enbridge has remote connectivity across the pipeline and also to their barges and vessels offshore through a mix of out-of-band channels including dial-up, cellular and Iridium satellites.

Even at the most remote locations, Uplogix keeps Enbridge connected to critical monitoring and control infrastructure

As the operator of the largest pipeline system in the world, Enbridge is also one the largest users of Uplogix in the Energy industry. We’re proud to help in their mission to safely transport energy that millions of people rely on in their daily lives.

Friday, February 8, 2013

Out-of-this-World Managed Services

What's a greater risk? Asteroids or network
downtime from Level 1 support issues?
[UPDATED: 2/15/13 We survived!]

While the threat of an asteroid's path bringing it inside the orbit of geosynchronous weather and communications satellites and taking one out is real, it's much less of a concern for most satellite-based managed service providers than meeting customer SLAs on a daily basis. If you are more worried about asteroids, Google Bruce Willis. If you need to reduce the cost and complexity of supporting satellite deployments, keep reading, then call Uplogix.


Hit SLAs, Differentiate Your Satellite Services and Increase Profits with Local Management
Uplogix drastically reduces the cost and complexity of supporting satellite deployments in both the remote locations common in energy and government, as well as high volume urban deployments used in retail and finance. With the ability to remotely monitor, manage, and control traditional IP-networking and satellite equipment on the customer premise even when the network is down, Uplogix Local Managers (LMs) serve as a virtual onsite technician/satellite operator at each site. Think of the impact of being able to deploy your most trusted IT admin to each of your customer sites 24x7.

Typical Satellite Deployments
Uplogix LMs deployed at customer sites are connected over the console port to managed network devices. With a variety of out-of-band options, Uplogix ensures that you can always have access for local management and control. Appliances are managed from the Uplogix Control Center in the MSP operation center.



Save Operational Costs

  • Reduce site visits | Uplogix LMs can automate a majority of the routine maintenance and recovery tasks required for hybrid networks including failed configuration changes and rebooting hung equipment. Even if a device problem breaks the connection to the site, with the LM deployed locally, it can work to recover the device and restore the connection. Increase technician utilization rates by only deploying them for break-fix that requires a human onsite. Reduce SLA penalties at all levels by increasing uptime and reliability.
  • Know what’s happening at each site | Strengthen your existing monitoring and management solutions with robust information collected directly from devices and available when the network is up or down. Out-of-band connectivity through a variety of options including dial-up, cellular or satellite modems means you always have a management connection to the customer site.
  • Simplify remote management | The Uplogix Control Center can be configured to support and manage multiple customer environments via a multi-tenant model. Schedule changes to roll out across the world at the most appropriate time.
So, assuming NASA is correct that the relatively close pass of an asteroid next week won't hit Earth, AND it doesn't take out your comm satellite, put some thought into how you can impact your day-to-day operations with local management.