Most organizations rely on critical IT in order to serve their essential business functions. A reliable method to maintain critical IT is to use dedicated out-of-band (OOB) management networks, which traditionally have relied on plain old telephone service (POTS) lines or dedicated telephony circuits for remote access. However, these traditional links come with high costs, lots of complexity, and slow performance, which make them difficult to deploy and maintain.

Enter Starlink, a satellite-based Internet service that offers a cost-effective and scalable alternative for out-of-band remote access. This post discusses how Starlink solves these common problems and gives you a free guide that walks you through the setup process.

Problem: POTS and Telephony Lines Are Expensive

For decades, IT professionals have relied on POTS and telephony lines for OOB management, mainly because these lines remain operational even when the primary data network goes down. A major problem is that POTS lines are increasingly expensive to install and maintain, particularly in remote or rural areas. Additionally, 4G/5G LTE options aren’t always available due to coverage limitations or large enough data plans. The shift towards VoIP (Voice over IP) and digital communications has made POTS lines even less relevant, with many service providers phasing out support. This leaves businesses with fewer options and higher costs for maintaining these legacy systems.

Solution: Starlink is Cost-Effective

Starlink offers a much more cost-effective solution. You can use off-the-shelf routers to set up an OOB management network for a fraction of the cost of traditional methods. Starlink also has a relatively low monthly subscription fee and straightforward pricing model, which make it easy to budget and plan IT expenditures. If components fail or break, you can typically repair or replace them yourself to get back up and running quickly.

Figure 1: Starlink requires only a dish, router, and few other components, making it a cost-effective alternative to expensive POTS lines.

Problem: Traditional Lines Are Difficult To Scale

Traditional POTS-based systems are notoriously difficult to scale, often requiring significant infrastructure investments and complex configurations. Copper wiring is expensive to install and maintain, and as more connections come online, switching systems must be upgraded. On top of this, POTS lines are being phased out, which means there are fewer resources being devoted to scaling and maintaining them.

Solution: Starlink is Simple to Set Up and Scale

Starlink entirely eliminates the need for telephony lines, and is a simple and scalable solution for OOB remote access. You can find the full list of components in our setup guide below, but with a Starlink terminal, compatible router, and minimal configuration, you can scale your OOB network wherever you have Starlink coverage. This ease-of-use extends to day-to-day management as well. Starlink’s satellite service offers global coverage, meaning you can manage your network devices, servers, and other critical infrastructure from virtually anywhere in the world.

Figure 2: Starlink comes with a straightforward out-of-box experience and step-by-step instructions. You can set up an out-of-band network in about one hour.

Problem: POTS Lines Lack Performance

POTS is designed primarily for voice communication and offers extremely limited bandwidth. It can’t support modern data services (such as video or high-speed internet) efficiently. As out-of-band management advances with data and video monitoring capabilities (such as AI computer vision), POTS infrastructure just doesn’t have the bandwidth to keep up.

Solution: Starlink Meets Modern Performance Requirements

Starlink provides high-speed internet, at speeds that typically range from 50 to 200Mbps. The connection handles much larger volumes of data than POTS lines are capable of, and Starlink’s low-Earth orbit satellites reduce latency to as low at 25ms compared to the typical 150ms of POTS lines. Out-of-band using Starlink means that IT teams can manage more systems and data, and have a more responsive experience, whether they’re managing edge routers across their bank branches or monitoring the cooling systems in their distributed colocations.

Figure 3: Starlink provides high-speed connectivity, with speeds ranging from 50 to 200Mbps.

Get Started With Starlink Using Our Setup Guide

What is Passive Optical Networking (PON)?

Passive optical networking (PON) is a high-speed broadband technology that enables the delivery of multiple services over a single fiber optic cable. XGS-PON – 10G Symmetrical PON –  offers speeds of up to 10 Gbps downstream and 10 Gbps upstream (hence the term ‘symmetrical’), making it ideal for applications such as video streaming, online gaming, and cloud computing.

What Problems Does PON Solve for Out-of-Band Management?

PON addresses the issue of efficiency in terms of both uplink costs and bandwidth usage. Traditional POTS lines and dedicated circuits rely on legacy infrastructure that requires regular maintenance. This infrastructure must scale as more out-of-band devices are added to the network, which increases costs and energy consumption. On top of this, using a 10G uplink for a serial console’s 10K traffic is like throwing away 99% of that high bandwidth. Per Gartner’s Market Guide for Optical Transport Systems report (Published 20 November 2023) the best way to “lower cost and energy per transported bit” is by using technologies such as passive optical networking.

Because PON uses passive optical splitters that have no moving parts or powered components between the central hub and end users, PON is much more efficient for deploying serial consoles close to target assets. These out-of-band devices can be deployed in large quantities and close to the network edge, with up to 256 devices sharing one uplink. This reduces cabling and power requirements, and is ideal for MSP and campus operators, where there are many out-of-band devices distributed over long distances. 

More About PON: GPON and XGS-PON Technologies

Passive Optical Networking (PON) leverages time-division multiplexing (TDM) and different wavelengths of light to transmit and receive data on a single fiber strand. This allows efficient communication among up to 256 devices over a single fiber. Initially developed for fiber-to-the-home (FTTH) deployments, PON technology has evolved to facilitate the addition of network nodes with minimal infrastructure changes. GPON (gigabit-capable PON) and XGS-PON use different frequencies for upstream and downstream data transmission. The upstream headend, known as the Optical Line Terminal (OLT), manages and coordinates the time slots allocated to downstream Optical Network Units (ONUs) for data transmission.

GPON and XGS-PON Support on ZPE Systems’ Nodegrid SR Gateway

ZPE Systems’ Nodegrid SR appliances, which are used as out-of-band access nodes or complete branch gateways, now support GPON and XGS-PON technology (patent pending) via SFP and SFP+ ports. The Nodegrid SR family is offered in multiple form factors to be right-sized for deployments in branch offices, factories, smart buildings, and industrial environments (such as for SCADA).

Having support for GPON and XGS-PON means network engineers now have a flexible choice of high-speed uplink technologies. This versatility makes the Nodegrid SR gateway suitable for edge deployments, where it can establish an OOBI-WAN (out-of-band infrastructure WAN) link, and for data centers, where it enhances uplink efficiency. Given the low bandwidth requirements of serial console and out-of-band communications, PON technology is well-suited for these applications. A single fiber strand can be shared among hundreds of out-of-band and serial console devices using passive optical splitters. Organizations can deploy out-of-band devices close to the racks and edges of the network in a cost- and energy-efficient manner. Additionally, ZPE devices support ONU SFPs compatible with third-party OLT headends, ensuring broad interoperability and integration.

Benefits of Using XGS-PON with ZPE Systems’ Nodegrid SR Gateway

The benefits of using XGS-PON with ZPE Systems’ Nodegrid SR gateway include:

• High-Speed Connectivity: XGS-PON delivers symmetrical speeds of up to 10 Gbps, making it ideal for high-bandwidth applications like video streaming, online gaming, and cloud computing. This ensures consistent and high-quality service for end-users.
• Cost-Effectiveness: Deploying XGS-PON is a cost-effective solution for delivering high-speed broadband services, especially in scenarios where upgrading existing infrastructure may be challenging.
• Scalability: The Nodegrid SR Gateway, acting as an ONU, can connect up to 256 serial consoles through a single fiber strand. PON’s use of asymmetric wavelengths and TDM enables multiple devices to share the same fiber strand efficiently. Optical splitters, which require no external power, facilitate the sharing of fiber between multiple ONUs, which makes scaling much more cost and energy efficient.
• Reliability: The Nodegrid SR gateway is proven by service providers worldwide. Its robust design and compatibility with various network configurations make it a reliable choice for delivering high-quality broadband services.

Figure 1: ZPE Nodegrid SR gateway with XGS-PON ONU support

XGS-PON Enhances Efficiency of Out-of-Band

XGS-PON is a significant advancement over traditional, copper-based uplinks. The integration of XGS-PON support in the ZPE Systems Nodegrid SR Gateway allows network architects to deploy a dedicated out-of-band ring that is not only high-speed but also cost-effective, energy-efficient, and capable of covering longer distances. PON technology, with its ability to handle the lower data rates of out-of-band transmissions, is an ideal uplink medium for serial console transmission. The combination of XGS-PON and the Nodegrid SR Gateway provides a powerful and flexible solution for modern network infrastructure.

Be one of the first to try PON on the Nodegrid SR Gateway

Set up a demo for a deeper dive into PON use cases and how it can benefit your organization.

Schedule a demo

AI data center infrastructure components

Computing

Generative AI and other artificial intelligence technologies require significant processing power. AI workloads typically run on graphics processing units (GPUs), which are made up of many smaller cores that perform simple, repetitive computing tasks in parallel. GPUs can be clustered together to process data for AI much faster than CPUs.

Storage

AI requires vast amounts of data for training and inference. On-premises AI data centers typically use object storage systems with solid-state disks (SSDs) composed of multiple sections of flash memory (a.k.a., flash storage). Storage solutions for AI workloads must be modular so additional capacity can be added as data needs grow, through either physical or logical (networking) connections between devices.

Networking

AI workloads are often distributed across multiple computing and storage nodes within the same data center. To prevent packet loss or delays from affecting the accuracy or performance of AI models, nodes must be connected with high-speed, low-latency networking. Additionally, high-throughput WAN connections are needed to accommodate all the data flowing in from end-users, business sites, cloud apps, IoT devices, and other sources across the enterprise.

Power

AI infrastructure uses significantly more power than traditional data center infrastructure, with a rack of three or four AI servers consuming as much energy as 30 to 40 standard servers. To prevent issues, these power demands must be accounted for in the layout design for new AI data center deployments and, if necessary, discussed with the colocation provider to ensure enough power is available.

Management

Data center infrastructure, especially at the scale required for AI, is typically managed with a jump box, terminal server, or serial console that allows admins to control multiple devices at once. The best practice is to use an out-of-band (OOB) management device that separates the control plane from the data plane using alternative network interfaces. An OOB console server provides several important functions:

1. It provides an alternative path to data center infrastructure that isn’t reliant on the production ISP, WAN, or LAN, ensuring remote administrators have continuous access to troubleshoot and recover systems faster, without an on-site visit.
2. It isolates management interfaces from the production network, preventing malware or compromised accounts from jumping over from an infected system and hijacking critical data center infrastructure.
3. It helps create an isolated recovery environment where teams can clean and rebuild systems during a ransomware attack or other breach without risking reinfection.

An OOB serial console helps minimize disruptions to AI infrastructure. For example, teams can use OOB to remotely control PDU outlets to power cycle a hung server. Or, if a networking device failure brings down the LAN, teams can use a 5G cellular OOB connection to troubleshoot and fix the problem. Out-of-band management reduces the need for costly, time-consuming site visits, which significantly improves the resilience of AI infrastructure.

AI data center challenges

Artificial intelligence workloads, and the data center infrastructure needed to support them, are highly complex. Many IT teams struggle to efficiently provision, maintain, and repair AI data center infrastructure at the scale and speed required, especially when workflows are fragmented across legacy and multi-vendor solutions that may not integrate. The best way to ensure data center teams can keep up with the demands of artificial intelligence is with a unified AI orchestration platform. Such a platform should include:

• Automation for repetitive provisioning and troubleshooting tasks
• Unification of all AI-related workflows with a single, vendor-neutral platform
• Resilience with cellular failover and Gen 3 out-of-band management.

To learn more, read AI Orchestration: Solving Challenges to Improve AI Value

Improving operational efficiency with a vendor-neutral platform

Nodegrid is a Gen 3 out-of-band management solution that provides the perfect unification platform for AI data center orchestration. The vendor-neutral Nodegrid platform can integrate with or directly run third-party software, unifying all your networking, management, automation, security, and recovery workflows. A single, 1RU Nodegrid Serial Console Plus (NSCP) can manage up to 96 data center devices, and even extend automation to legacy and mixed-vendor solutions that wouldn’t otherwise support it. Nodegrid Serial Consoles enable the fast and cost-efficient infrastructure scaling required to support GenAI and other artificial intelligence technologies.

Make Nodegrid your AI data center orchestration platform

Request a demo to learn how Nodegrid can improve the efficiency and resilience of your AI data center infrastructure.
 Contact Us

The world as we know it is connected to IT, and IT relies on its underlying infrastructure. Organizations must prioritize maintaining this infrastructure; otherwise, any disruption or breach has a ripple effect that takes services offline for millions of users (take the recent CrowdStrike outage, for example). A big part of this maintenance is ensuring that all hardware components, including console servers, are up-to-date and secure. Most console servers reach end-of-life (EOL) and need to be replaced, but for many reasons, whether budgetary concerns or the “if it isn’t broken” mentality, IT teams often keep their EOL devices. Let’s look at the risks of using EOL console servers, and why replacing them goes hand-in-hand with securing IT.

The Risks of Using End-of-Life Console Servers

End-of-life console servers can undermine the security and functionality of IT systems. These risks include:

1. Lack of Security Features and Updates

Aging console servers lack adequate hardware and management security features, meaning they can’t support a zero trust approach. On top of this, once a console server reaches EOL, the manufacturer stops providing security patches and updates. The device then becomes vulnerable to newly discovered CVEs and complex cyberattacks (like the MOVEit and Ragnar Locker breaches). Cybercriminals often target outdated hardware because they know that these devices are no longer receiving updates, making them easy entry points for launching attacks.

2. Compliance Issues

Many industries have stringent regulatory requirements regarding data security and IT infrastructure. DORA, NIS2 (EU), NIST2 (US), PCI 4.0 (finance), and CER Directive are just a few of the updated regulations that are cracking down on how organizations architect IT, including the management layer. Using EOL hardware can lead to non-compliance, resulting in fines and legal repercussions. Regulatory bodies expect organizations to use up-to-date and secure equipment to protect sensitive information.

3. Prolonged Recovery

EOL console servers are prone to failures and inefficiencies. As these devices age, their performance deteriorates, leading to increased downtime and disruptions. Most console servers are Gen 2, meaning they offer basic remote troubleshooting (to address break/fix scenarios) and limited automation capabilities. When there is a severe disruption, such as a ransomware attack, hackers can easily access and encrypt these devices to lock out admin access. Organizations then must endure prolonged recovery (just look the still ongoing CrowdStrike outage, or last year’s MGM attack) because they need to physically decommission and restore their infrastructure.

The Importance of Replacing EOL Console Servers

Here’s why replacing EOL console servers is essential to securing IT:

1. Modern Security Approach

Zero trust is an approach that uses segmentation across IT assets. This ensures that only authorized users can access resources necessary for their job function. This approach requires SAML, SSO, MFA/2FA, and role-based access controls, which are only supported by modern console servers. Modern devices additionally feature advanced security through encryption, signed OS, and tampering detection. This ensures a complete cyber and physical approach to security.

2. Protection Against New Threats

New CVEs and evolving threats can easily take advantage of EOL devices that no longer receive updates. Modern console servers benefit from ongoing support in the form of firmware upgrades and security patches. Upgrading with a security-focused device vendor can drastically shrink the attack surface, by addressing supply chain security risks, codebase integrity, and CVE patching.

3. Ease of Compliance

EOL devices lack modern security features, but this isn’t the only reason why they make it difficult or impossible to comply with regulations. They also lack the ability to isolate the control plane from the production network (see Diagram 1 below), meaning attackers can easily move between the two in order to launch ransomware and steal sensitive information. Watchdog agencies and new legislation are stipulating that organizations follow the latest best practice of separating the control plane from production, called Isolated Management Infrastructure (IMI). Modern console servers make this best practice simple to achieve by offering drop-in out-of-band that is completely isolated from production assets (see Diagram 2 below). This means that the organization is always in control of its IT assets and sensitive data.

Diagram 1: Though an acceptable approach, Gen 2 out-of-band lacks isolation and leaves management interfaces vulnerable to the internet.

Diagram 2: Gen 3 out-of-band fully isolates the control plane to guarantee organizations retain control of their IT assets and sensitive info.

4. Faster Recovery

New console servers are designed to handle more workloads and functions, which eliminates single-purpose devices and shrinks the attack surface. They can also run VMs and Docker containers to host applications. This enables what Gartner calls the Isolated Recovery Environment (IRE) (see Diagram 3 below), which is becoming essential for faster recovery from ransomware. Since the IMI component prohibits attackers from accessing the control plane, admins retain control during an attack. They can use the IMI to deploy their IRE and the necessary applications — remotely — to decommission, cleanse, and restore their infected infrastructure. This means that they don’t have to roll trucks week after week when there’s an attack; they just need to log into their management infrastructure to begin assessing and responding immediately, which significantly reduces recovery times.

Diagram 3: The Isolated Recovery Environment allows for a comprehensive and rapid response to ransomware attacks.

Watch How To Secure The Network Backbone

I recently presented at Cisco Live Vegas on how to secure the network’s backbone using Isolated Management Infrastructure. I walk you through the evolution of network management, and it becomes obvious that end-of-life console servers are a major security concern, both from the hardware perspective itself and their lack of isolation capabilities. Watch my 10-minute presentation from the show and download some helpful resources, including the blueprint to building IMI.

Citation: Directive (EU) 2022/2557 of the European Parliament and of the Council of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC

Who does the Critical Entities Resilience Directive apply to, and why does it matter?

The CER Directive covers eleven sectors and subsectors that provide services essential to society, the economy, public health & safety, or preserving the environment. These include:

The Critical Entities Resilience Directive is one of several new EU regulations (such as DORA and NIS2) created to establish consistent guidelines for resilience in sectors where any service disruption has a significant negative impact on society or the economy. Whereas DORA applies primarily to financial institutions and supporting services, and NIS2 focuses on cybersecurity threats, the CER Directive is broader in scope and addresses other, non-digital threats to resilience such as natural disasters and global health crises (e.g., COVID-19).

The penalties for noncompliance will vary by Member State but are likely to include fines, public notification, remediation, and withdrawal of authorization.

CER Directive requirements for critical entities

Most of the CER Directive requirements apply to Member States, outlining how the designated authorities will adopt and enforce resilience measures and support critical entities in achieving compliance. However, there are five key provisions that relevant organizations should be aware of as they prepare for their identification as critical entities.

1. Article 4: Strategy on the resilience of critical entities

EU Member States have until 17 January 2026 to adopt a strategy outlining the guidelines and procedures for critical entities to achieve and maintain a high level of resilience. Essentially, this strategy will describe the requirements for CER Directive compliance in each Member State and provide guidance on how to meet those requirements. Potentially critical entities can prepare by examining existing resilience frameworks and regulations to anticipate the policies, tools, and procedures that will likely be required.

2. Article 5: Risk assessment by Member States

Member States have until 17 January 2026 to perform a risk assessment of all essential services. These assessments must account for natural and human-made risks, including accidents, natural disasters, public health emergencies, terrorist attacks, and antagonistic threats. Member States will then use the risk assessments to identify critical entities within each sector.

3. Article 12: Risk assessment by critical entities

Critical entities must perform risk assessments using similar criteria to Article 5 within nine months of being notified of their designation as critical and at least every four years afterward. If an organization already conducts risk assessments according to other similar resilience guidelines or frameworks, Member States have the authority to decide whether or not those assessments meet CER Directive compliance requirements.

4. Article 13: Resilience measures of critical entities

Critical entities must take the appropriate technical, security, and policy measures to ensure resilience, including a comprehensive strategy for service continuity and disaster recovery. Examples of resilience measures outlined by the CER Directive include:

5. Article 15: Incident notification

Critical entities must notify the competent authority of any incidents that have or could significantly disrupt essential services within 24 hours of detection. The significance of a disruption is determined according to the following parameters:

• How many users the disruption affects;
• How long the disruption lasts;
• The geographical area the disruption affects.

The incident notification must explain the nature, cause, and potential consequences of the disruption, including any cross-border implications.

How Nodegrid simplifies CER Directive compliance

Nodegrid is a Gen 3 out-of-band management platform that makes the perfect foundation for a resilience system. Nodegrid OOB separates the control plane from the data plane to ensure continuous remote management access to critical infrastructure even during production network outages. Vendor-neutral serial consoles and integrated branch service routers directly host third-party software for security, automation, recovery, and more, reducing hardware overhead at each site while ensuring teams have access to all the tools they need to restore essential services.

Looking to Upgrade to a Nodegrid serial console?

Prepare for the Critical Entities Resilience Directive by replacing your discontinued, EOL serial console with a Gen 3 out-of-band solution from Nodegrid.

Click here to learn more!

Read more about network resilience:

• Automated Infrastructure Management for Network Resilience
• Network Resilience vs Redundancy vs Backups
• Why network resilience requires Isolated Management Infrastructure
• Network Resilience Doesn’t Mean What it Did 20 Years Ago

The Digital Operational Resilience Act (DORA) is a regulatory initiative within the European Union that aims to enhance the operational resilience of the financial sector. Its main goal is to prevent and mitigate cyber threats and operational disruptions. The DORA Act outlines regulatory requirements for the security of network and information systems “whereby all firms need to make sure they can withstand, respond to and recover from all types of ICT-related disruptions and threats” (DORA Act website).

Who and What Are Covered Under the DORA Act?

The DORA Act is a regulation that covers all financial entities within the European Union (EU). It recognizes the critical role of information and communication technology (ICT) systems in financial services. DORA applies to financial services including payments, securities, credit rating, algorithmic trading, lending, insurance, and back-office operations. It establishes a framework for ICT risk management through technical standards, which are being released in two phases, the first of which was published on January 17, 2024. The DORA Act will go into effect in its entirety on January 17, 2025.

With cyberattacks constantly in the news cycle, it’s no surprise that governing bodies are putting forth standards for operational resilience. But without combing through this lengthy piece of legislation, what should IT teams start thinking about from a practical standpoint? Here are 5 takeaways on what the DORA Act means for the financial sector.

DORA Act: 5 Takeaways for the Financial Sector

1. Shore-up your cybersecurity measures

The DORA Act emphasizes strengthening cybersecurity measures within the financial sector. It requires financial institutions, such as banks, stock exchanges, and financial infrastructure providers, to implement robust cybersecurity controls and protocols. These include adopting advanced authentication mechanisms, encryption standards, and network segmentation to protect sensitive financial data and critical infrastructure from cyber threats. Part of this will also require organizations to apply system patches and updates in a timely manner, which means automated patching will become necessary to every organization’s security posture.

2. Implement resilience systems

Operational resilience is a key focus area of the DORA Act, aiming to ensure the continuity of essential financial services in the face of cyber threats, natural disasters, and other operational disruptions. Financial institutions are required to develop comprehensive business continuity plans, establish redundant systems and backup facilities, and conduct regular stress tests to assess their ability to withstand and recover from various scenarios. Implementing a resilience system helps with this, as it provides all the infrastructure, tools, and services necessary to continue operating during major incidents.

3. Conduct regular scans for vulnerabilities

The DORA Act mandates financial institutions to implement robust risk management practices to identify, assess, and mitigate cyber risks and operational vulnerabilities. This includes conducting regular assessments, vulnerability scans, and penetration tests, and developing incident response procedures to quickly address threats. This is all part of taking a proactive approach to identify and mitigate cyber incidents, and reduce the impact that adverse events have on financial stability and consumer confidence.

4. Collaborate and share information with industry peers

The DORA Act encourages financial institutions to share cybersecurity threat intelligence, incident data, and best practices with industry peers, regulators, and law enforcement agencies. The ability to monitor systems and collect data will be crucial to this approach, and will require systems that can rapidly (and securely) deploy apps/services during ongoing incidents. This will help financial institutions to better understand emerging threats, coordinate responses to cyber incidents, and strengthen collective defenses against threats and operational disruptions.

5. Segment physical and logical systems to pass regular audits

Through the DORA Act, regulators are empowered to conduct regular assessments, audits, and inspections of systems. This will ensure that financial institutions are implementing adequate controls and safeguards to protect against cyber threats and operational disruptions. A crucial part to this will involve physical and logical separation of systems, such as through Isolated Management Infrastructure, as well as implementing zero trust architecture across the organization. These will help bolster resilience by eliminating control dependencies between management and production networks, which will also help to streamline audits.

Get the blueprint to help you comply with the DORA Act

DORA’s requirements are meant to help IT teams better protect sensitive data and the integrity of financial systems as a whole. But without a proper network management infrastructure, their production networks are too sensitive to errors and vulnerable to attacks. ZPE has created the blueprint that covers these 5 crucial takeaways outlined in the DORA Act. The architecture outlined in this blueprint has been trusted by Big Tech for more than a decade, as it allows them to deploy modern cybersecurity measures, physically and logically separated systems, and rapid recovery processes. Download the blueprint now.

What is a resilience system?

A resilience system provides all the infrastructure, tools, and services necessary to continue operating, if in a degraded state, during major incidents. It also includes everything needed to recover data, rebuild systems, perform security testing, and continue delivering core business functionality. A resilience system is typically isolated from the production network, preventing cybercriminals from finding and compromising it and ensuring teams have continuous access even if the primary network goes down.

Resilience system use cases

Some examples of the challenges that resilience systems help overcome include:

1. Ransomware recovery

In a ransomware attack, cybercriminals infect systems with malware that spreads throughout the network and encrypts any data it encounters. Modern ransomware now uses packaged attacks that move at machine speed, instantly incapacitating entire networks. Organizations completely lose access to critical systems and data until they pay a ransom, often in untraceable cryptocurrency. Ransomware is an exceptionally tenacious form of malware and tends to reinfect backup data and rebuilt systems, significantly hampering recovery efforts and increasing the duration and cost of the attack. The best practice for resilience systems is to isolate them on an out-of-band (OOB) network, inaccessible to hackers who have breached the production in-band network. Doing so creates a safe, isolated recovery environment (IRE) where teams can restore critical data and systems without the risk of reinfection. The resilience system includes all the tools and hardware needed to restore critical business services and infrastructure. An IRE significantly accelerates ransomware recovery and minimizes downtime, so businesses can avoid paying ransoms and reduce the overall cost of attacks.

2. Network outages

Enterprise network architectures and supply chains are highly complex, with lots of moving parts that rely on external vendors to maintain availability. Just one of those vendors dropping the ball could take the entire organization offline, severely impacting network resilience. For example, in 2023, an expired cryptographic certificate caused Cisco’s Viptela SD-WAN appliances to fail on reboot, completely taking down affected networks until the issue was resolved. With a resilience system, Viptela customers could have potentially avoided this downtime by failing over to alternative network resources. For example, a resilience system with integrated cellular failover allows branches to continue connecting to and delivering critical business services while also providing a lifeline for remote teams to access and recover failed systems. A resilience system also provides observability and automatic notifications so teams are instantly alerted to issues like certificate expirations and can respond quickly to recover critical services.

3. Shift to remote work

Incidents like ransomware attacks and equipment failures happen frequently enough that companies can create detailed plans and proactively implement solutions to minimize their impact, but not all adverse events are so predictable. When the COVID-19 pandemic struck, the massive shift to remote work strained the network resources of most organizations. Instead of maintaining a limited number of branch offices, teams suddenly had to treat every employee as a new branch, leading to performance degradation and outages as they scrambled to reinforce the business’s remote capabilities. A resilience system gives teams the tools and resources they need to provision additional infrastructure, manage networking logic, deploy new security solutions, and more, even while the primary network is offline or under a heavy load. A resilience system is the key to quickly adjusting network performance and security to adapt to sudden changes like a transition to fully remote operations.

Do backups and redundancy equate to network resilience?

The short answer is no; backups and redundancy do not equate to network resilience, though they do contribute to making systems more resilient.

• Backups are copies of data, configurations, and application code used to do a hot or cold restore when a production system fails. The underlying infrastructure must remain operational for teams to access and use backups, and unless additional resilience measures are taken, it’s easy for backups to become infected or compromised, severely hampering recovery efforts.
• Redundancy involves duplicating critical systems, services, and applications as a failsafe in case the primaries go down. Organizations can “fail over” to the redundancies to continue critical business operations during outages. However, redundant systems are just as susceptible to failures and infections without additional resilience measures like out-of-band management and isolated management infrastructure.

Backups and redundancy are part of network resilience but alone are not enough to ensure business continuity. Resilience systems focus on maintaining the architecture of the production network while adding the ability to recover or adapt to adversity. The next section discusses all the tools and technologies that make up network resilience systems.

What does a resilience system look like?

There are four key components that go into a resilience system.

Alternative networking and compute resources ensure the organization can failover in the event of a network failure or continue delivering services when production servers are unavailable. Teams also need enough storage to restore backup data, build new systems, and support the content delivery network (CDN). Automation solutions like zero-touch provisioning (ZTP), configuration management, and security validation tools accelerate the recovery process while mitigating the risk of human error. Combined, these components enable teams to reduce the frequency, severity, and duration of outages, improving overall network resilience.

Network resilience with ZPE Systems

A resilient network will continue delivering critical business services in the face of any challenge, whether from cybercriminals, supply chain issues, global events, or even plain human error. A resilience system is isolated from the production network to ensure security and availability, and it consists of all the tools and technologies needed to troubleshoot, recover, and deliver your most crucial data, applications, and infrastructure. The Nodegrid platform from ZPE Systems is the perfect foundation for a resilience system. Nodegrid is a vendor-neutral, out-of-band management solution capable of running your choice of third-party software. Nodegrid allows you to build a highly customizable IRE containing all the tools needed to safely recover from ransomware. You can even use Nodegrid to deliver services while the primary network or systems are down, making it your all-in-one network resilience multi-tool.

Want to ensure network resilience by accelerating ransomware recovery?

Minimize the business impact of ransomware with the help of our whitepaper, 3 Steps to Ransomware Recovery. Learn how to follow Gartner’s best practices to build an Isolated Recovery Environment

Download Whitepaper