Thursday, February 21, 2013

Staying Connected: Out-of-band options with local management

One of the key features of Local Management is persistent connectivity to remote gear. With Uplogix connected to your network and communications devices, and an out-of-band connection of some sort, you can count on maintaining management access and two-way control even when the network is down or degraded.

In addition to being able to connect to devices, when the network is down Uplogix Local Managers continue to enforce security policies, log all changes and the results of those changes, and continuously monitor critical device statistics and user interactions.

Out-of-Band Categories

Uplogix uses two categories of out-of-band (OOB) methods to reach remote Local Managers:
  • Phone home: When detecting an outage, the LM initiates a phone home connection automatically. 
  • Dial-in: A user manually connects to a remote LM via a secure dialer applet launched from the Uplogix Control Center (UCC.) 
Here is a quick overview of how the various OOB methods work.

Phone Home

When the Uplogix Local Manager detects a network outage it will initiate an OOB connection in order to create an alternative path back to the NOC. A variety of technologies can be used to create the OOB connections including analog phone lines, cellular, DSL or alternate networks, and satellites. 

The OOB connection allows the LM to resume communication to the Uplogix Control Center as well as other network monitoring tools.

Users will be alerted when the OOB connection is initiated and the UCC will display the LM’s new IP address. Users can connect to the OOB LM via SSH and will be authenticated as if the user were connecting via the in-band network. 

Figure 1. Phone Home Scenario Using a POTS Line. Step 1: The in-band network goes down, in this case due to trouble with a router. Step 2: The Uplogix Local Manager detects the network outage and dials-out via a modem and POTS line. A PPP session is established. Step 3: The LM builds a VPN over the PPP connection and begins to heartbeat to the Uplogix Control Center.

Figure 2. Phone Home Scenario Using a Cellular Modem. Step 1: The in-band network goes down, in this case due to trouble with a router. Step 2: The Uplogix Local Manager detects the network outage and dials-out via a cellular modem. A PPP session is established. Step 3: The LM builds a VPN over the PPP connection and begins to heartbeat to the Uplogix Control Center.
 
Figure 3. Phone Home Scenario Using a Cellular Modem with a custom APN. Step 1: The in-band network goes down, in this case due to trouble with a router. Step 2: The Uplogix Local Manager detects the network outage and dials-out via a cellular modem using a SIM provisioned with the customer APN. Step 3: The modem automatically connects to the customer MPLS network. The LM then resumes heartbeat with the UCC.
 
Figure 4. Phone Home Scenario Using Secondary Ethernet. Step 1: The in-band network goes down, in this case due to trouble with a router. Step 2: The Uplogix Local Manager detects the network outage and brings up its auxiliary Ethernet port. Step 3: The secondary Ethernet connection can be routed through an alternate internal network or through a cable or DSL provider. Step 4: If connecting from a cable or DSL provider, a VPN connection will be needed to re-enter the network.

Dial-In Overview

A network administrator establishes a dial-in connection to the LM, usually due to an in-band connection failure. Then they log into the UCC and launch a secure dial-in applet for the desired LM. The applet runs on the user’s local workstation and establishes a TLS 1.0 encrypted serial connection to the LM over the OOB session.

If normal AAA passwords are not cached, the administrator will need to define a user and password in the UCC that will exist in case AAA server are not reachable. Once the administrator logs out of the LM, the encrypted connection between the user’s workstation and the LM is torn down. 


Figure 5. Dial-In Scenario Using POTS Line. Step 1: User connects to the UCC and begins the encrypted dialer applet. Step 2: Running locally on the User’s computer, the dialer applet establishes a connection to the configured modem or access server. Step 3: The modem or access server dials the LM, establishing an encrypted session. Step 4: The user then logs into the LM.

Much more than a message in a bottle

Out-of-band connectivity through a variety of options including dial-up, cellular or satellite modems provides a reliable management connection to remote gear. For more information on the out-of-band methods described here, or using satellite connections for out-of-band such as Iridium or Inmarsat, please visit Uplogix.com/support. You may also contact Uplogix Support at support@uplogix.com or 888.663.6869.