Remote management of network and other critical ICT equipment has evolved rapidly over the last decade. Clever monitoring and automation technologies can detect and fix problems without human intervention, however providing remote access and control for operators and technicians is still key. When the location in question is half a world away on a mine site or oil rig, then remote management can become a challenge for many different reasons.
If as a network manager, you have ever tried dialling remote analogue modems for remote network access, then you would have certainly run into line quality issues. For example, trying to remotely configure an errant network switch can become a serious problem if the remote access server a thousand miles away refuses to even handshake or maintain a connection. In many cases, connections over analogue lines are further hampered through carrier compression technology that degrades line quality making a modem connection nearly impossible. And this assumes the remote phone line has not been accidentally disconnected – the classic gotcha of remote management over dial in.
Even with the rise of ubiquitous wireless IP networks, many organisations are still using POTS/PSTN dial in lines for remote management. The reason is typically lack of cellular coverage, lack of understanding as to how remote access over cellular works or concern as to its viability as a reliable fail safe. Low loss cabling and high gain antennas can help address the first, and as low frequency, far reaching spectrum continues to be reclaimed for cellular IP, remote management over cellular is becoming an option where only satellite would serve before.
While cellular does not suffer from the same line connectivity issues as PSTN or other wired solutions, it is by nature more complex and therefore requires technically sophisticated, dedicated remote management hardware to guarantee high availability in the face of carrier issues. Smart remote management devices, like the Opengear ACM, use a network watchdog to monitor connectivity and in very remote installs may even have dual SIMs installed as an added failsafe.
Unlike PSTN, the cellular network enables a broadband IP connection. Using a smart management device, this connection can be “always on” or brought up and down as and when a primary network fault is detected (“failover”). Using a business grade data plan, or SIM with a public APN designed for machine-to-machine telemetry (such as smart metering), remote access is simple – just browse, VPN or SSH to the SIM's IP address.
However, publically accessible SIMs may not be offered by your preferred carrier, or the incremental pricing model may not make sense for your usage pattern, particularly where an always-up cellular connection is preferred. These “always on” activities could include continuous network monitoring which can push data use into the 100s of MB per month.
On the other hand, commodity “SIM only” or “bring your own device” plans are readily available with generous blocks of data for as little as £5/month in the UK. These relatively cheap SIMs are suitable for remote management, as long as you’re aware of a couple of caveats. The first is that your carrier will typically masquerade the connection behind NAT (network address translation) the same way office LANs are hidden from the WAN, in a private address space. Remote management devices solve this by establishing a VPN or SSH tunnel or tunnels back to your central management network.
Security is another area to be mindful of when using the public WAN or cellular network. At a minimum, we recommend that all connections into and out of the management device are encrypted using strong cipher HTTPS and SSH, while best practice is using IPsec or similar VPN for an added layer of security. If your SIM has a public IP address, then ensure your remote management device is equipped with a stateful firewall to lock down remote access to trusted source IP address ranges, and operate a default-deny policy. As with any public service, always use strong passwords, or consider disabling password authentication entirely and using SSH key authentication instead.
The 3G and 4G LTE cellular network is proving a more compelling alternative to PSTN, ISDN, DSL and other wired solutions for out-of-band access for remote network provisioning, maintenance and repair. There is data for this in the real world and last year we saw sales for our cellular out-of-band solutions surpass the more traditional dial-up modem by just shy of 33%.
Reasons for this trend include speed of provisioning and ease of deployment, which is down to the mobile nature of the solution. But it’s also about the bottom line – in the era of tablets and smartphones, mobile data has never been cheaper. There are places all across the world where reliable electricity supply is a severe problem while getting a 3G signal is completely the norm. The relatively wide spread deployment of cellular data networks combined with healthy competition has also forced down the costs of using these networks for remote management.
Finding the right technology for remote management over cellular is not a huge challenge but it is also worth considering the process changes that admins or trouble-shooters need to consider when an onsite visit really is out of the question. One of the most important features is remote power cycling that can be triggered via automation on detection of a freeze state. If you ask admins, one of the most common fixes for an errant network element is a power cycle but if remote access is problematic then automation technology that can run scripts based on defined variables is a major benefit. Another area to consider is environmental and physical sensor monitoring. Monitoring of water vapour or heat can help with remote troubleshooting, especially if the problem is transitory, and pre-empt equipment failure. Monitoring cabinet open contact sensors can provide basic physical intrusion detection, and physical access is often the precursor to a fault.
The principles of managing network and critical elements in truly remote areas extend to any remote network with no or limited on-site technical staff which is increasingly the norm, so an understanding of a few of the key considerations is a useful skill to keep in the back of the mental storeroom.
Derek Watkins is director of sales at Opengear EMEA
Photo: www.freeimages.co.uk
Subscribe to our newsletter
Stay updated on the latest technology, innovation product arrivals and exciting offers to your inbox.
Newsletter