Network management by remote control

Managing dispersed networks and attached devices can be costly if you have to send staff out to make changes. So what can...

Managing dispersed networks and attached devices can be costly if you have to send staff out to make changes. So what can ITdirectors do to minimise expense? Managing IT systems can be difficult at the best of times, even when all the equipment is within walking distance. When most of your infrastructure resides at remote branch...

offices life can be particularly miserable, both for the technicians who have to travel there to configure and fix it, and for the staff who have to wait for their systems to be repaired. The ideal scenario for companies with scattered infrastructures is to manage it all from a central site, without leaving the front door. Not surprisingly, cost is one of the biggest concerns for companies trying to manage networks and servers across a wide area. Apart from the price of downtime at the remote site, the obvious overhead is travel time. Installing an IT expert at a branch office is not feasible for most companies because they would not be used enough. But without them you will not have the local skills to troubleshoot problems, and training in basic IT maintenance for staff with other competencies is not the best use of their time. On the other hand, sending staff from a regional office to fix problems carries travel and staff time overheads. There are several ways that this dilemma can be tackled. Rolling out network and system management software to cope with branch office problems is one way around it, although this will involve a high degree of expertise and up-front investment. The alternative is to outsource the management tasks, getting someone else to look after the network infrastructure and the equipment sitting at the end of it. In some cases it is possible to outsource just one aspect of the infrastructure. For example, UK router supplier Activator offers not only branch office network routers, but also the management services supporting them. Managing director Chris Hyde explained that the equipment is designed to be remotely deployable without any IT expertise. Once it is physically attached at the branch office, it connects back to Activator's network using ADSL or ISDN and declares itself to the company's distributed services system. After the router identifies itself using a serial number, the system configures it according to settings preprogrammed by technical staff. Activator's routers can then network with each other via broadband connections to create a wide area network. The company provides a web-based portal system that customers can use to monitor their network of routers, finding out which ones are available and checking usage statistics. If a router experiences problems, it can e-mail the relevant people to report its status, and it can be configured from the head office. This dramatically reduces the number of field visits by IT staff, said Hyde. "The worst case we ever had was a customer having to hit the reset button on the back of the equipment. If we have to make a field replacement, we send out a man on a motorbike with a new one." Customers can either buy the router outright and pay for the service on a yearly basis (at around £100 per year per router plus the initial £500 cost for the equipment), or rent the equipment and fold the cost of that into the management contract. The latter would set them back about £40 per month per unit. However, Activator focuses purely on the network equipment. Companies dealing with a branch office scenario may have other concerns, such as the management of servers, desktops and printers. In November, Infonet, a telecoms company which provides datacommunications and other network consulting services, launches an outsourced network-management service called Firstwatch. Bob DaGiau, vice-president of enterprise management services, explained that the service will remotely monitor and manage client-owned infrastructure, regardless of network service provider or device supplier. Firstwatch covers four categories: network devices, security (the management of security appliances and firewalls), servers and IP telephony management. Users can buy seven levels of service, ranging from basic remote monitoring and full medication all the way up to the top level which includes engineering advice, change management and problem management. At the top level, Firstwatch will liaise with equipment suppliers on a user's behalf to resolve a problem. The seven levels of management are particularly important to customers, said DaGiau. "It is all around out-tasking: enabling the customer to choose which elements of the infrastructure will be monitored and managed by a third party." For those companies that do not want to outsource, however, there are several issues to consider when it comes to managing remote networks. "Before you even start," said Pete Nicholls, technical director for the UK and Ireland for Cisco, "think about consolidation." He hopes companies will consolidate multiple services such as firewalls, intrusion detection and telephony into a single branch office device. "By having a particular service running on the box, you can take other servers and pull them back to the datacentre," he said. Taking Windows servers and storage back to head office and caching file systems locally inside a single integrated network device, for example, reduces management costs, he said. While many branch offices currently have disparate devices, he hoped that, five years after the millennium, many companies are approaching the technology-refresh stage and will be ready to consolidate. Consolidation carries logistical relief because users only need a single warranty, rather than different agreements for different pieces of equipment. The other advantage is that pulling different services into a single branch office network router can make management easier, because more things can be managed from a single environment by accessing the router directly. In many cases, it can be done without having a separate management software platform, Nicholls said. On the other hand, even if servers are moved back to head office, there will be many other Lan-based components that will need support, such as desktop PCs and printers. Companies such as Landesk Software, which offers a management suite to help support products in remote locations, are eager to promote the benefits of its software for taking control of far-flung equipment. Landesk's suite of tools also deals with the distribution of software patches, explained Daniel Power, north European sales manager for Landesk. "Getting patches out to machines as fast as possible so that an environment is not at risk is becoming a significant issue," he said. The system, which includes a software client at the remote end of the network, uses bandwidth throttling so that it will only use network capacity to download patches when the target machines are not busy sending or receiving traffic. These network and server management techniques are all very well, but what happens if a server goes down? Trying to manage a server without a functioning operating system or remote management client running on it presents its own challenges. However, there are some products to cater even for these contingencies. KVM, originally used as a protocol for switching the same keyboard and monitor between different computers, has been extended to run across IP. The result is rather like a very long set of virtual monitor and keyboard cables, extending between the remote site and your desktop. The advantage of this, explains CC Frinklin, product marketing manager for KVM switch supplier Avocent, is that a user can control a remote machine in its pre-boot state, changing Bios settings and altering boot sequences. It is also possible to control remote routers using the KVM switch, and even to create a remote VT100 session. Avocent is now working to incorporate support for the Intelligent Platform Management Interface (IPMI) into its next generation products. IPMI, which is being heavily promoted by Intel, places hardware diagnostic and monitoring capabilities inside the server hardware. Companies have used baseboard management controllers (BMCs) to do this in their hardware for years, but the equipment has often been proprietary. IPMI offers a commonly-accepted way to communicate data about system voltage, temperature and other metrics to network and system management software. IBM is a big supporter of IPMI, said Rob Sauerwalt, global brand manager for software and services within the company. IBM began supporting IPMI in Version 4.2 of Director, its hardware-management product. The company has traditionally shipped its mid- to high-end server hardware with integrated systems management processors - hardware monitoring equipment that sits on the motherboard. It also ships the same equipment on a card, called the remote supervisor adaptor, which can even be fitted into its low-end servers. "It is out there monitoring everything from memory, through processes, to hard drives," he said. "We have also added predictive failure analysis." By watching for trends in individually insignificant hardware errors, Director software can interact with the hardware monitors and predict when a component will fail. Used in this way, IPMI can complement other reporting standards such as SNMP, which focuses on more generic devices, and CIM from Distributed Management Task Force, which sits above IPMI in the reporting stack. Sauerwalt is excited about the rudimentary autonomic capability within Director software. Taking blade servers as an example, he explained that putting a spare blade into a chassis at the remote site gives a company's branch office the chance to take up the slack automatically, should another blade fail. Director's Remote Deployment Manager module can redistribute an image to a remote machine, so if a blade fails, the software can redistribute its workload among the other functional blades until it has downloaded a new image for the spare server blade, he explained. Then, staff at head office can cause lights on the faulty blade to blink so that local non-technical staff know which piece of equipment to pull out of the blade server chassis and send back to head office. The bottom line is that substituting technology for travel is a smart move for companies with dispersed IT infrastructures. A mixture of preventive measures, combined with fine-grained control and good software update mechanisms, will go a long way towards cutting travel bills and getting the far-flung corners of a business network up and running, should things go awry. Six of the best Tips for remote network management success

  • Consider outsourcing to take the strain off your IT department, leaving it to plan and innovate rather than fight fires
  • Consolidate. Pulling multiple services into a single box at the remote site makes management easier
  • Limit the potential for branch office staff to compromise remote systems by installing proper access controls at the remote site
  • Centralise. Even when running thin-client applications from a local server in the remote office rather than running everything from central office, it can make management easier because there is less to go wrong on each desktop
  • Use hardware monitoring within servers, and ensure that it interacts with system management software
  • Be sure to allow for "out-of-band" control - if a server or router goes down, users need to be able to control it using either KVM or programmable boot sequences

Read more on Voice networking and VoIP