OpenGear - Reduce Business Downtime Using a Console Server with Out-of-Band Management
It would seem that a simple device is a console server, but today it is not just a stupid device, but a smart platform for creating an ecosystem for managing and automating the deployment of active network equipment. After all, she has the most important thing - the classic console, which provides an unlimited set of possibilities.
Everything revolves around increasing accessibility with a high emphasis on safety and usability . If you are building an IT system in which you want to provide 99.999% availability, then OpenGear solutions will help in this. In them you will find the classic console with centralized access and NetOps / DevOps modules for automation.
The solution includes:
- Failover to Cellular - Failover to Cellular - This feature allows you to support communication on 4G LTE or 3G channels when the main channel is unavailable.
- Smart Out-of-Band - works independently of the main network, automatically detects and fixes problems. This reduces costs and minimizes downtime.
- Zero Touch Provisioning - simplifies the process of equipment deployment, and automates repetitive tasks, reducing the proportion of human intervention in the process, which in turn reduces the number of possible errors.
- Centralized management - allows you to easily access any active network equipment in 3 clicks, wherever it is.
I hope you will be interested)
Opengear is a fast-growing company and is the most advanced in its sector. The company originally developed from Australia, but quickly became a global company and currently has a presence in all major regions from Asia to America. Development centers are located in Australia and Silicon Valley.
Opengear is a universal solution that can be applied in various sectors, from education to retail and banks.
The company was founded in 2004. Currently has a number of new products that are regularly updated.
Opengear - as a console server
Opengear belongs to the class of console server solutions. All active network equipment connects to Opengear via the console port. It supports both classic RS-232 and modern USB. You can also connect Ethernet management ports.
Supported hardware: any.
Lineup and selection
In terms of functionality, all equipment is identical. Only the form factor of the equipment is different. Among the Opengear models, there are both distributed compact infrastructure managers and quite impressive console servers with up to 96 console ports in 1U. The set of ports varies, there are various combinations .
Opengear - as a Smart Out-of-Band Solution
Out-of-Band (OOB) management allows you to make the network fault-tolerant, no matter what situation you are in. You will always have “Plan B”. Using this technology, you can access a remote site and diagnose a breakdown, thereby reducing network downtime - increase MTBF, decrease MTTR.
Options for external communication channels:
- two communication channels: primary and backup on copper / optics;
- 4G LTE / 3G modem (2 SIM cards in small devices);
- V.92 analog modem for PSTN lines;
All these communication channels can be used to build a connection to the control system. It doesn’t matter what kind of NAT the OpenGear device is located in, it will reach your data center.
Built-in TFTP, DHCP servers and a large amount of memory allow you to store firmware and configuration backups directly on the device. Therefore, even if the connection is poor (for example, via a satellite modem), you can always restore the connection.
Now let's look at the Opengear working scheme. Suppose you have a network and some remote site and you get access to this site through the main communication channel. In the event that the primary communication channel fails, you can access the backup channel. This way you won’t lose access to the remote site.
Key benefits of Smart OOB:
- Remote access to network equipment when you want, even when your network is unavailable;
- Providing situational awareness during failures;
- Minimizing network downtime and IT infrastructure;
- Fast recovery from network and IT failures with “Failover to Cellular” (F2C);
- Proactive detection of problems before they lead to failures by monitoring devices and the physical environment;
- Centralized management platform.
Opengear - as a monitoring and control center
Opengear devices can manage smart socket outlets (PDUs), monitor UPS status, and even monitor the environment. For example, detect penetration into the server room, respond to an increase in temperature or humidity.
- temperature and humidity (built into small devices), can be remote to measure the temperature of a specific point in the rack;
- any third-party sensor that can be connected to the relay.
Opengear supports more than 100 manufacturers and models of PDUs and UPSs that can be connected via Serial Console, Ethernet or USB. Supported by APC, Eaton, Server Tech, etc., a complete list is openly available .
- monitoring the status of UPS batteries and loading PDU outlets;
- Hotkey power management via console, out-of-band;
- automatic power control.
Built-in Open Source Tools:
- Network UPS Tools (NUT)
- IPMI Tool Kit
OpenGear can be integrated into any monitoring system via SNMP, in SolarWinds, Zabbix, etc. Nagios agent is integrated into the devices , which can be integrated into a higher system. It will monitor the servers at a remote site, and transmit information to a centralized system. This eliminates the need for a separate machine for the agent.
Event Response Automation
Perhaps the most interesting feature for me is automation. OpenGear allows you to check the input signals (Check), to respond to these signals (Respond) and the reaction to the disappearance of this signal (Resolve).
- you can monitor the console output and when Kernel panic appears, reset the power equipment;
- monitor the temperature and when it rises, automatically send a command to turn off the servers, then the data warehouse. After the temperature is restored, turn everything back on. Thus, we will save data and equipment.
The platform is flexible and does not block on built-in actions, you can write your own scripts / plugin that will check something and perform the desired action.
Lighthouse - centralized access to any device in 3 clicks
Lighthouse is the central hub and control portal for Opengear equipment. Console servers themselves make “Call home” using secure LHVPN (OpenVPN with X.509 certificates).
Lighthouse aggregates information from all Smart OOB console servers:
- The current list of all console servers;
- Console Gateway: List search and connect to console ports through an HTML5 web terminal or SSH.
Lighthouse supports clustering, including geo-redundancy of up to 10 nodes. Supports over 100,000 console ports under single management. Lighthouse is essentially a virtual machine and runs on the desired virtualization system. You can connect not only Opengear equipment, but also third-party solutions, for example from Cisco or regular SSH / Telnet. Lighthouse supports a powerful RESTful API.
Top user experience
Opengear equipment supports more than 50 simultaneous sessions per port, both through SSH and HTML5. This allows you to simultaneously restore complex systems, connect colleagues and representatives of the vendor. HTML5 does not use Java, so you don’t have to look for the right version of the software and keep up with security updates. Copying and pasting text works in the web interface - which significantly speeds up the work.
Calculation of equipment payback and downtime
Everyone, probably, was wondering how profitable the installation of equipment of this type is. To answer it, we simulate the following situation: suppose a company with its head office in Moscow has an extensive network of branches, one of which is located, for example, in the city of Yakutsk. The turnover of this branch is 1 million rubles / day, and in terms of 1 hour (with an operating mode of 16 hours a day) 62.5 thousand rubles / hour.
Suppose one day we lost contact with the branch due to a malfunction in the firmware of the equipment after the update. The administrator, of course, is not nearby, to ask a competent person living nearby to re-upload the firmware either is not possible, or the access mode to the object does not allow. And here you have to send a staff member from the head office to troubleshoot. Well, time has passed, we begin to consider the time and financial costs. 1 hour in total to the airport and from the airport to the branch, 6.5 hours from Moscow to Yakutsk and 15 minutes to resolve the malfunction itself, for a total of 7 hours and 45 minutes. In monetary terms, it turns out $ 7689, which is many times more than the cost of such equipment. Thus, its cost pays for one failure, which is quite a significant fact. We will reduce the calculations to a single table and here is what we get:
|Downtime||=||(R / H) * I * T||₽ 484,375 |
|R||=||Daily turnover||1 million ₽ |
$ 15 875
|H||=||Working time (hour)||16|
|I||=||Percentage Impact on Work||100%|
|T||=||Correction time (hour)||7.75|
Otherwise, if we are able to contact the branch using Opengear, the troubleshooting time will be 15 minutes. downtime, which financial equivalent in our example is 15625 ₽ or $ 248.
Warranty and Reliability
In the article, we often said that this device allows you to access a remote site even when the network is unavailable, but you can ask a logical question - how reliable is Opengear equipment in general? In the production of this equipment, reliability is laid into it an order of magnitude higher than that of a conventional network. This is achieved by testing component parts and increased requirements for it. The manufacturer gives a guarantee for the equipment for at least 4 years. You can talk about the reliability of Opengear equipment indefinitely, but here is one fact. At one of the exhibitions, at which Opengear equipment was also presented, a man approached the stand and became interested in the presented products. During the conversation, he shared the fact that in the company,
High security requirements
Since Opengear has such low-level access, the security requirements are as high as possible.
I will list the main points:
- regular firmware release - every 3 months. Intermediate firmware with vulnerability closure in used components;
- built-in firewall, default prohibition policy;
- IPSec, OpenVPN, PPTP, SSH, HTTPS;
- work behind the firewall, public / private APN, failover;
- strict isolation of access rights (role model) for each user for each port;
- LDAPS, TACACS +, RADIUS, 2-factor authentication;
- Compliance with PCI DSS 3.0+;
- integration with SIEM systems;
- audit logs of all output and input on console ports;
- event alerts, up to pulling out the console cable.
- SSHv2 support and the ability to disable SSHv1;
- access to source codes;
- the ability to create your own firmware images (Firmware) and Linux kernel modules.
I will dwell on the last two points in more detail.
Access to source codes and creating your own firmware
Perhaps you had a unique task and you needed to write a special program for it or you wanted to delve into the source code of the solution used in the company. Opengear gives this opportunity, because the word “open” is not in vain in the name.
Custom Development Kit (CDK) instructions can be downloaded here , the source code itself can be downloaded via FTP . You can put your own program next to it and it will be included in your own firmware.
NetOps / DevOps
Constant changes are a challenge for modern companies. Virtualization and digitalization continue to change the traditional ways of setting up and providing services in companies. IT environment is constantly changing, speed increased by several orders of magnitude.
Opengear integrates into any workflow and any application. The NetOps Automation platform is designed around proven components: Docker, Ansible, and Git. Various runtimes are supported: Python, Ruby, Perl, bash, x86 binary. This allows you to deploy a remote site from scratch - at hand you will have everything you need.
The basis of the NetOps Automation platform are:
- OM2000 device, works directly on the site;
- Lighthouse, centralization.
- Auto-tuning (Zero Touch Provisioning) of an OG device using DHCP options;
- auto check-in at Lighthouse;
- identification of active network equipment connected to a specific port;
- collection using Ansible configuration from Git;
- applying settings on active network equipment.
Knowledge Base and Documentation
The documentation for the solution is open and available on the site . Lighhouse images and firmware can be downloaded on FTP . The knowledge base is available openly , you can easily clarify the issue through a search engine.
Examples of using
The solution is used in various fields:
- public clouds and data centers;
Let me give you an example of DigitalOcean , I think many people know what the company is doing. It guarantees its customers 99.99% uptime of the virtual machines provided by KVM. To ensure this, the Out-of-band solution must meet the criteria:
- provide reliable constantly active backup connection;
- remove the time and cost of the engineer’s departure;
- provide reliable offline access to equipment in remote data centers;
- Minimize the capital and operating costs of your backup connectivity solution.
Opengear successfully solved the challenges of DigitalOcean.
In this way, Opengear provides remote configuration, maintenance, and disaster recovery for mission-critical IT infrastructure, power, and network. No one else has functionality equivalent to Opengear devices and centralized management through Lighthouse. The article describes only a small part of various usage scenarios and functions, and shows the main directions.
If you are interested in the solution, you can contact us - Factor Group company , distributor of Opengear. It is enough to write in free form at firstname.lastname@example.org .
Authors: popov-as and dima_go .