Options

Out-of-band management

wastedtimewastedtime Member Posts: 586 ■■■■□□□□□□
in Off-Topic
Was curious what out-of-band management solutions people have seen in networks. Also if you can give me some details about them that would be great.
· Share on FacebookShare on Twitter

Comments

  • Options
    blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    We're using Avocent KVM's and MergePoint appliances... they integrate with the iLO and DRAC controllers of HP and Dell servers respectively... you can have these set up at all of your remote sites and roll up all KVM, power management, hardware logs, etc in one console. I'm sure there are better but it's pretty decent. There is also an appliance to which you can connect the consoles of your routers/switches and manage them out of band from the same user interface.
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
    · Share on FacebookShare on Twitter
  • Options
    mikedisd2mikedisd2 Member Posts: 1,096 ■■■■■□□□□□
    Mostly dealt with IBMs so RSA2 cards have been the way to go. These can then be accessed through IBM Director, the worst application of all time, for hardware mgmt.
    · Share on FacebookShare on Twitter
  • Options
    powerfoolpowerfool Member Posts: 1,666 ■■■■■■■■□□
    This is a point of contention for many, especially those that have to meet certain regulations. There are Raritan devices for managing serial devices (like routers and switches) out of band.

    But what is management? Is it just a means of connecting to the devices and being able to interface them out of band if your primary network fails? If that is all, you need some other network for the management devices. If it is more than that, and I would say it is, then you need to include monitoring, like SNMP and syslog (or SIEM based systems). The CCNA Security advocates setting up a separate interface on routers and switches connected to another network and not routing between them. But then again, if you are talking about monitoring your entire network, and not just network devices, you really cannot effectively monitor your servers (via SNMP, WMI, or other means) out-of-band, else you will need to double the size of your network... which is not cost effective.

    I would say a balance needs to be struck. Have out-of-band access to everything, monitor your network infrastructure out-of-band, and then monitor your servers through your main network, but use ACLs, encrypt (like SNMPv3), and take your alerts seriously (e.g. don't become desensitized to alerts... like "oh, that thing again? don't worry about that one") get it to the point that alerts only happen if there is something that you need to take action on, and not by disabling them.
    2024 Renew: [ ] AZ-204 [ ] AZ-305 [ ] AZ-400 [ ] AZ-500 [ ] Vault Assoc.
    2024 New: [X] AWS SAP [ ] CKA [ ] Terraform Auth/Ops Pro
    · Share on FacebookShare on Twitter
  • Options
    Daniel333Daniel333 Member Posts: 2,077 ■■■■■■□□□□
    For us it just means a dedicated VLAN for management traffic. We don't have anything special. Well, iLO and some PDUs.
    -Daniel
    · Share on FacebookShare on Twitter
  • Options
    jibbajabbajibbajabba Member Posts: 4,317 ■■■■■■■■□□
    A mix between Raritan and Avocent devices. All our servers are based on Supermicro and most of them have an IPMI card (based on Raritan) .. That is for the KVM-over-IP bit .. what else are you referring to ?
    My own knowledge base made public: http://open902.com :p
    · Share on FacebookShare on Twitter
Sign In or Register to comment.