Secure Out-of-Band Management Through Digi Remote Manager
Out-of-band management allows secure access to IT infrastructure, typically via serial ports. The implications are enormous for mission critical applications such as data centers that require equipment to achieve near 100% uptime.
Let’s talk about the challenges facing the IT industry and how out-of-band management (OOBM) supports critical IT needs.
Support for Shifting IT Challenges
IT departments worldwide are increasingly required to accomplish more tasks with fewer resources, and this trend has accelerated over the course of many years. Additionally, IT infrastructure deployments are often highly distributed due to corporate acquisitions, branch locations, industrial edge installations, home-office employees, and other factors.
The challenge is considerable for companies seeking to maintain reliable management access to a broad array of managed IT hardware made by manufacturers like Digi International, Opengear, Palo Alto Networks, Juniper Networks and Cisco.
What is the Definition of Out-of-Band Management?
Out of Band Management (OOBM) is a technique for remotely controlling and configuring the critical components of a network, often through use of a serial communication link. Examples of managed hardware include routers, switches, storage devices, servers and other network appliances.
How Digi Remote Manager Supports OOBM
Digi Remote Manager® — Digi’s network management solution — extends the security of Digi hardware. It achieves this through features like active configuration management, while providing a unique form of out-of-band management with a variety of network protocol options, including TCP/IP, UDP and others.
Other features include health and performance monitoring for cellular routers, gateways and console servers. There is even a comprehensive RESTful web services API for externalizing device data so users can create dashboards and trigger process workflows in other enterprise software platforms like Microsoft Azure, Amazon Web Services, Google Cloud and numerous ERP systems.
For more information on integration with these platforms, see my article, Digi Remote Manager, the IoT Stack, and Integration with AWS and Azure.
Console Access with Digi Remote Manager
Recently, Digi unveiled a particularly powerful feature with an update to the long-lived console feature in Digi Remote Manager.
While it has always been possible to issue command line instructions directly to Digi hardware through live console sessions, now customers can perform true out-of-band management with virtually any brand of enterprise hardware via serial connection through a combination of Digi Remote Manager 3.0 and cellular products running the Digi Accelerated Linux (DAL) operating system.
Digi products currently equipped with serial connectivity and the DAL operating system include:
- Digi IX14 industrial cellular router
- Digi EX15 enterprise cellular extender
- Digi 6350-SR enterprise cellular router
- Digi Connect IT Mini console server
- Digi Connect IT 4 console server
- Digi Connect IT 16 and 48 console servers
An Improved Method for Network Security
How does this process work and why is it a more secure way of performing out-of-band management?
Customers have long leveraged Digi cellular devices for out-of-band management of enterprise hardware built by numerous vendors. There are a few methods:
- Some approach this with a public, static cellular SIM / APN, allowing incoming traffic over the Internet, but this can be risky if the firewall is not properly configured to block all unwanted incoming IP traffic.
- Other customers choose a private SIM / APN, but that can take months for a cellular carrier to build since it requires construction of a VPN tunnel between the data centers of both the carrier and the customer.
The new console features in Digi Remote Manager 3.0 protect network security by allowing customers to easily utilize dynamic SIM cards that automatically disallow incoming IP traffic by design.
Because Digi devices securely connect to Digi Remote Manager through a pre-configured, device-initiated tunnel using TLS 1.2 encryption, all communication passing through the console to Digi hardware is also secure.
When using a console server from the Digi Connect IT family for out-of-band management through Digi Remote Manager, the architecture looks similar to the following diagram:
With the console feature in Digi Remote Manager 3.0, customers simply initiate a securely encrypted, live serial session with enterprise hardware from any vendor by creating a connection like the one shown:
The advent of secure out-of-band management through Digi Remote Manager represents a major shift in the way customers can access all types of IT assets wherever they may be located.
As networks are increasingly distributed, the need for this capability will be increasingly important.
Digi sales, support and professional services teams can help you with questions about cellular devices, remote management and OOBM. Contact a Digi expert for answers.