Out of Band Management refers to engineer access to network elements, firewalls, routers, switches, servers, etc., via dial up telephone lines, or cellular data, outside of the bandwidth of the network. In Band Management uses the network itself for management.
The big problem with Out of Band Management is security. All network based security requires the network to be operating in order to function. Out of Band Management is used when the network is in question.
As internet connectivity becomes more reliable, enterprise networks are looking to use the existing internet connection for OOB. This goes against PURE OOB, but can be practical. CDI refers to this “Pretty Good OOB” or “PGOOB”.
HOW TO ORDER/ by Extension:
- CDI achieves PGOOB by having a central CLOUD SERVER where all CDI PGOOB devices can connect. This ELIMINATES a fixed IP address at the customer.
- This CERTIFICATE BASED connection from the customer network to the “CDI SQUINT CLOUD SERVER” is secured by a certificate and, is now used for all OOB access to that site, “CSCS”.
- The Customer can then access their sites via the other side of “CSCS” where they are authenticated, and then put into a secure DOMAIN for their devices only.
- The PA200 series can be managed by CDI’s patent pending Out of Band Manager “OBM” software or can be administered with a lightweight “front end loader” program for insertion of security credentials and device parameters. A browser interface is also available for simple configuration and management on small installations.
- The PA240’s can be deployed in conjunction with CDI PA222 “Head-End” Clients installed in the NOC center. Remote PA240 devices can be installed in the field sites.
- The Client devices are accessed via an enterprise network management system “OBM” which provides SSH connectivity to the local client devices.
- The client devices are then used to connect to the remote devices via, cellular data, or secure internet access. User authentication can take place at the NOC center which will trigger the clients to “Device-authenticate” with the remotes using cryptography. Alternatively, authentication can take place at the remote site using RADIUS or an on board RSA authentication engine that can authenticate without contacting. All devices have available LTE cellular modules that allow Secure Out of Band Access over a private Cellular Network.
- The remote devices can also send telemetry data back over the cellular network in real time. A Global private cellular network can be provided by CDI or can be sourced from your carrier.