Serial Consoles Archives - ZPE Systems

What is Passive Optical Networking?

Jordan Baker — Fri, 06 Sep 2024 20:02:49 +0000

What is Passive Optical Networking (PON)?

Passive optical networking (PON) is a high-speed broadband technology that enables the delivery of multiple services over a single fiber optic cable. XGS-PON – 10G Symmetrical PON – offers speeds of up to 10 Gbps downstream and 10 Gbps upstream (hence the term ‘symmetrical’), making it ideal for applications such as video streaming, online gaming, and cloud computing.

What Problems Does PON Solve for Out-of-Band Management?

PON addresses the issue of efficiency in terms of both uplink costs and bandwidth usage. Traditional POTS lines and dedicated circuits rely on legacy infrastructure that requires regular maintenance. This infrastructure must scale as more out-of-band devices are added to the network, which increases costs and energy consumption. On top of this, using a 10G uplink for a serial console’s 10K traffic is like throwing away 99% of that high bandwidth. Per Gartner’s Market Guide for Optical Transport Systems report (Published 20 November 2023) the best way to “lower cost and energy per transported bit” is by using technologies such as passive optical networking.

Because PON uses passive optical splitters that have no moving parts or powered components between the central hub and end users, PON is much more efficient for deploying serial consoles close to target assets. These out-of-band devices can be deployed in large quantities and close to the network edge, with up to 256 devices sharing one uplink. This reduces cabling and power requirements, and is ideal for MSP and campus operators, where there are many out-of-band devices distributed over long distances.

More About PON: GPON and XGS-PON Technologies

Passive Optical Networking (PON) leverages time-division multiplexing (TDM) and different wavelengths of light to transmit and receive data on a single fiber strand. This allows efficient communication among up to 256 devices over a single fiber. Initially developed for fiber-to-the-home (FTTH) deployments, PON technology has evolved to facilitate the addition of network nodes with minimal infrastructure changes. GPON (gigabit-capable PON) and XGS-PON use different frequencies for upstream and downstream data transmission. The upstream headend, known as the Optical Line Terminal (OLT), manages and coordinates the time slots allocated to downstream Optical Network Units (ONUs) for data transmission.

GPON and XGS-PON Support on ZPE Systems’ Nodegrid SR Gateway

ZPE Systems’ Nodegrid SR appliances, which are used as out-of-band access nodes or complete branch gateways, now support GPON and XGS-PON technology (patent pending) via SFP and SFP+ ports. The Nodegrid SR family is offered in multiple form factors to be right-sized for deployments in branch offices, factories, smart buildings, and industrial environments (such as for SCADA).

Having support for GPON and XGS-PON means network engineers now have a flexible choice of high-speed uplink technologies. This versatility makes the Nodegrid SR gateway suitable for edge deployments, where it can establish an OOBI-WAN (out-of-band infrastructure WAN) link, and for data centers, where it enhances uplink efficiency. Given the low bandwidth requirements of serial console and out-of-band communications, PON technology is well-suited for these applications. A single fiber strand can be shared among hundreds of out-of-band and serial console devices using passive optical splitters. Organizations can deploy out-of-band devices close to the racks and edges of the network in a cost- and energy-efficient manner. Additionally, ZPE devices support ONU SFPs compatible with third-party OLT headends, ensuring broad interoperability and integration.

Benefits of Using XGS-PON with ZPE Systems’ Nodegrid SR Gateway

The benefits of using XGS-PON with ZPE Systems’ Nodegrid SR gateway include:

High-Speed Connectivity: XGS-PON delivers symmetrical speeds of up to 10 Gbps, making it ideal for high-bandwidth applications like video streaming, online gaming, and cloud computing. This ensures consistent and high-quality service for end-users.
Cost-Effectiveness: Deploying XGS-PON is a cost-effective solution for delivering high-speed broadband services, especially in scenarios where upgrading existing infrastructure may be challenging.
Scalability: The Nodegrid SR Gateway, acting as an ONU, can connect up to 256 serial consoles through a single fiber strand. PON’s use of asymmetric wavelengths and TDM enables multiple devices to share the same fiber strand efficiently. Optical splitters, which require no external power, facilitate the sharing of fiber between multiple ONUs, which makes scaling much more cost and energy efficient.
Reliability: The Nodegrid SR gateway is proven by service providers worldwide. Its robust design and compatibility with various network configurations make it a reliable choice for delivering high-quality broadband services.

Figure 1: ZPE Nodegrid SR gateway with XGS-PON ONU support

XGS-PON Enhances Efficiency of Out-of-Band

XGS-PON is a significant advancement over traditional, copper-based uplinks. The integration of XGS-PON support in the ZPE Systems Nodegrid SR Gateway allows network architects to deploy a dedicated out-of-band ring that is not only high-speed but also cost-effective, energy-efficient, and capable of covering longer distances. PON technology, with its ability to handle the lower data rates of out-of-band transmissions, is an ideal uplink medium for serial console transmission. The combination of XGS-PON and the Nodegrid SR Gateway provides a powerful and flexible solution for modern network infrastructure.

Be one of the first to try PON on the Nodegrid SR Gateway

Set up a demo for a deeper dive into PON use cases and how it can benefit your organization.

Schedule a demo

The post What is Passive Optical Networking? appeared first on ZPE Systems.

Comparing Console Server Hardware

ZPE Systems — Wed, 04 Sep 2024 17:03:31 +0000

Console servers – also known as serial consoles, console server switches, serial console servers, serial console routers, or terminal servers – are critical for data center infrastructure management. They give administrators a single point of control for devices like servers, switches, and power distribution units (PDUs) so they don’t need to log in to each piece of equipment individually. It also uses multiple network interfaces to provide out-of-band (OOB) management, which creates an isolated network dedicated to infrastructure orchestration and troubleshooting. This OOB network remains accessible during production network outages, offering remote teams a lifeline to recover systems without costly and time-consuming on-site visits.

Console server hardware can vary significantly across different vendors and use cases. This guide compares console server hardware from the three top vendors and examines four key categories: large data centers, mixed environments, break-fix deployments, and modular solutions.

Console server hardware for large data center deployments

Large and hyperscale data centers can include hundreds or even thousands of individual devices to manage. Teams typically use infrastructure automation, like infrastructure as code (IaC), because managing devices at such a large scale is impossible to do manually. The best console server hardware for high-density data centers will include plenty of managed serial ports, support hundreds of concurrent sessions, and provide support for infrastructure automation.

Click here to compare the hardware specs of the top providers, or read below for more information.

Nodegrid Serial Console Plus (NSCP)

The Nodegrid Serial Console Plus (NSCP) from ZPE Systems is the only console server providing up to 96 RS-232 serial ports in a 1U rack-mounted form factor. Its quad-core Intel processor and robust (as well as upgradable) internal storage and RAM options, as well as its Linux-based Nodegrid OS, support Guest OS and Docker containers for third-party applications. That means the NSCP can directly host infrastructure automation (like Ansible, Puppet, and Chef), security (like Palo Alto’s next-generation firewalls and Secure Access Service Edge), and much more. Plus, it can extend zero-touch provisioning (ZTP) to legacy and mixed-vendor devices that otherwise wouldn’t support automation.

The NSCP also comes packed with hardware security features including BIOS protection, UEFI Secure Boot, self-encrypted disk (SED), Trusted Platform Module (TPM) 2.0, and a multi-site VPN using IPSec, WireGuard, and OpenSSL protocols. Plus, it supports a wide range of USB environmental monitoring sensors to help remote teams control conditions in the data center or colocation facility.

Advantages:

Up to 96 managed serial ports in a 1U appliance
Intel x86 CPU and 4GB of RAM for 3rd-party Docker and VM apps
Extends ZTP and automation to legacy and mixed-vendor infrastructure
Robust on-board security features like BIOS protection and TPM 2.0
Supports a wide range of USB environmental monitoring sensors
Wi-Fi and 5G/4G LTE options available
Supports over 1,000 concurrent sessions

Disadvantages:

USB ports limited on 96-port model

Opengear CM8100

The Opengear CM8100 comes in two models: the 1G version includes up to 48 managed serial ports, while the 10G version supports up to 96 serial ports in a 2U form factor. Both models have a dual-core ARM Cortex processor and 2GB of RAM, allowing for some automation support with upgraded versions of the Lighthouse management software. They also come with an embedded firewall, IPSec and OpenVPN protocols for a single-site VPN, and TPM 2.0 security.

Advantages:

10G model comes with software-selectable serial ports
Supports OpenVPN and IPSec VPNs
Fast port speeds

Disadvantages:

Automation and ZTP require Lighthouse software upgrade
No cellular or Wi-Fi options
96-port model requires 2U of rack space

Perle IOLAN SCG (fixed)

The IOLAN SCG is Perle’s fixed-form-factor console server solution. It supports up to 48 managed serial ports and can extend ZTP to end devices. It comes with onboard security features including an embedded firewall, OpenVPN and IPSec VPN, and AES encryption. However, the IOLAN SCG’s underpowered single-core ARM processor, 1GB of RAM, and 4GB of storage limit its automation capabilities, and it does not integrate with any third-party automation or orchestration solutions.

Advantages:

Supports ZTP for end devices
Comprehensive firewall functionality

Disadvantages

Very limited CPU, RAM, and flash storage
Does not support third-party automation

Comparison Table: Console Server Hardware for Large Data Centers

	Nodegrid NSCP	Opengear CM8100	Perle IOLAN SCG
Serial Ports	16 / 32 / 48 / 96x RS-232	16 / 32 / 48 / 96x RS-232	16 / 32 / 48x RS-232
Max Port Speed	230,400 bps	230,400 bps	230,000 bps
Network Interfaces	2x SFP+ 2x ETH 1x Wi-Fi (optional) 2x Dual SIM LTE (optional)	2x ETH	1x ETH
Additional Interfaces	1x RS-232 console 2x USB 3.0 Type A 1x HDMI Output	1x RS-232 console 2x USB 3.0	1x RS-232 console 1x Micro USB w/DB9 Adapter
Environmental Monitoring	Any USB sensors	–	–
CPU	Intel x86_64 Quad-Core	ARM Cortex-A9 1.6 GHz Dual-Core	ARM 32-bit 500MHz Single-Core
Storage	32GB SSD (upgrades available)	32GB eMMC	4GB Flash
RAM	4GB DDR4 (upgrades available)	2GB DDR4	1GB
Power	Single or Dual AC Dual DC	Dual AC Dual DC	Single AC
Form Factor	1U Rack Mounted	1U Rack Mounted (up to 48 ports) 2U Rack Mounted (96 ports)	1U Rack Mounted
Data Sheet	Download	CM8100 1G CM8100 10G	Download

Console server hardware for mixed environments

Data center deployments that include a mix of legacy and modern solutions from multiple vendors benefit from console server hardware that includes software-selectable serial ports. This feature allows administrators to manage devices with straight or rolled RS-232 pinouts from the same console server.

Click here to compare the hardware specs of the top providers, or read below for more information.

Nodegrid Serial Console S Series

The Nodegrid Serial Console S Series has up to 48 auto-sensing RS-232 serial ports and 14 high-speed managed USB ports, allowing for the control of up to 62 devices. Like the NSCP, the S Series has a quad-core Intel CPU and upgradeable storage and RAM, supporting third-party VMs and containers for automation, orchestration, security, and more. It also comes with the same robust security features to protect the management network.

Advantages:

Includes 14 high-speed managed USB ports
Intel x86 CPU and 4GBof RAM for 3rd-party Docker and VM apps
Supports a wide range of USB environmental monitoring sensors
Extends ZTP and automation to legacy and mixed-vendor infrastructure
Robust on-board security features like BIOS protection and TPM 2.0
Supports 250+ concurrent sessions

Disadvantages

Only offers 1Gbps and Ethernet connectivity for OOB

Opengear OM2200

The Opengear OM2200 comes with 16, 32, or 48 software-selectable RS-232 ports, or, with the OM2224-24E model, 24 RS-232 and 24 managed Ethernet ports. It also includes 8 managed USB ports and the option for a V.92 analog modem. It has impressive storage space and 8GB of DDR4 RAM for automated workflows, though, as with all Opengear solutions, the upgraded version of the Lighthouse management software is required for ZTP and NetOps automation support.

Advantages:

Optional managed Ethernet ports
Optional V.92 analog modem for OOB
64GB of storage and 8GB DDR4 RAM

Disadvantages:

Automation and ZTP require Lighthouse software upgrade
No cellular or Wi-Fi options

Comparison Table: Console Server Hardware for Mixed Environments

	Nodegrid S Series	Opengear OM2200
Serial Ports	16 / 32 / 48x Software Selectable RS-232 14x USB-A serial	16 / 32 / 48x Software Selectable RS-232 8x USB 2.0 serial (OM2224-24E) 24x Software Selectable RS-232 and 24x Managed Ethernet
Max Port Speed	230,400 bps (RS-232) 921,600 bps (USB)	230,400 bps
Network Interfaces	2x1Gbps or 2x ETH	2x SFP+ or 2x ETH 1x V.92 modem (select models)
Additional Interfaces	1x RS-232 console 1x USB 3.0 Type A 1x HDMI Output	1x RS-232 console 1x Micro USB 2x USB 3.0
Environmental Monitoring	Any USB sensors	–
CPU	Intel x86_64 Dual-Core	AMD GX-412TC 1.4 GHz Quad-Core
Storage	32GB SSD (upgrades available)	64GB SSD
RAM	4GB DDR4 (upgrades available)	8GB DDR3
Power	Single or Dual AC Dual DC	Dual AC Dual DC
Form Factor	1U Rack Mounted	1U Rack Mounted
Data Sheet	Download	Download

Console server hardware for break-fix deployments

A full-featured console server solution may be too complicated and expensive for certain use cases, especially for organizations just looking for “break-fix” OOB access to remotely troubleshoot and recover from issues. The best console server hardware for this type of deployment provides fast and reliable network access to managed devices without extra features that increase the price and complexity.

Click here to compare the hardware specs of the top providers, or read below for more information.

Nodegrid Serial Console Core Edition (NSCP-CE)

The Nodegrid Serial Console Core Edition (NSCP-CE) provides the same hardware and security features as the NSCP, as well as ZTP, but without the advanced automation capabilities. Its streamlined management and affordable price tag make it ideal for lean, budget-conscious IT departments. And, like all Nodegrid solutions, it comes with the most comprehensive hardware security features in the industry.

Advantages:

Up to 48 managed serial ports in a 1U appliance
Extends ZTP and automation to legacy and mixed-vendor infrastructure
Robust on-board security features like BIOS protection and TPM
Supports a wide range of USB environmental monitoring sensors
Analog modem and 5G/4G LTE options available
Supports over 100 concurrent sessions

Disadvantages

Supports automation only via ZPE Cloud

Opengear CM7100

The Opengear CM7100 is the previous generation of the CM8100 solution. Its serial and network interface options are the same, but it comes with a weaker, Armada 800 MHz CPU, and there are options for smaller storage and RAM configurations to reduce the price. As with all Opengear console servers, the CM7100 doesn’t support ZTP without paying for an upgraded Lighthouse license, however.

Advantages:

Can reduce storage and RAM to save money
Supports OpenVPN and IPSec VPNs
Fast port speeds

Disadvantages:

Automation and ZTP require Lighthouse software upgrade
No cellular or Wi-Fi options
96-port model requires 2U of rack space

Comparison Table: Console Server Hardware for Break-Fix Deployments

	Nodegrid NSCP-CE	Opengear CM7100
Serial Ports	16 / 32 / 48 / RS-232	16 / 32 / 48 / 96x RS-232
Max Port Speed	230,400 bps	230,400 bps
Network Interfaces	2x SFP ETH 1x Analog modem (optional) 2x 5G/4G LTE (optional)	2x ETH
Additional Interfaces	1x RS-232 console 2x USB 3.0 Type A	1x RS-232 console 2x USB 2.0
Environmental Monitoring	Any USB sensors	Smoke, water leak, vibration
CPU	Intel x86_64 Dual-Core	Armada 370 ARMv7 800 MHz
Storage	16GB Flash (upgrades available)	4-64GB storage
RAM	4GB DDR4 (upgrades available)	256MB-2GB DDR3
Power	Dual AC Dual DC	Single or Dual AC
Form Factor	1U Rack Mounted	1U Rack Mounted (up to 48 ports) 2U Rack Mounted (96 ports)
Data Sheet	Download	Download

Modular console server hardware for flexible deployments

Modular console servers allow organizations to create customized solutions tailored to their specific deployment and use case. They also support easy scaling by allowing teams to add more managed ports as the network grows, and provide the flexibility to swap-out certain capabilities and customize their hardware and software as the needs of the business change.

Click here to compare the hardware specs of the top providers, or read below for more information.

Nodegrid Net Services Router (NSR)

The Nodegrid Net Services Router (NSR) has up to five expansion bays that can support any combination of 16 RS-232 or 16 USB serial modules. In addition to managed ports, there are NSR modules for Ethernet (with or without PoE – Power over Ethernet) switch ports, Wi-Fi and dual-SIM cellular, additional SFP ports, extra storage, and compute.

The NSR comes with an eight-core Intel CPU and 8GB DDR4 RAM, offering the same vendor-neutral Guest OS/Docker support and onboard security features as the NSCP. It can also run virtualized network functions to consolidate an entire networking stack in a single device. This makes the NSR adaptable to nearly any deployment scenario, including hyperscale data centers, edge computing sites, and branch offices.

Advantages:

Up to 5 expansion bays provide support for up to 80 managed devices
8GB of DDR4 RAM
Robust on-board security features like BIOS protection and TPM 2.0
Supports a wide range of USB environmental monitoring sensors
Wi-Fi and 5G/4G LTE options available
Optional modules for various interfaces, extra storage, and compute

Disadvantages

No V.92 modem support

Perle IOLAN SCG L/W/M

The Perle IOLAN SCG modular series is customizable with cellular LTE, Wi-Fi, a V.92 analog modem, or any combination of the three. It also has three expansion bays that support any combination of 16-port RS-232 or 16-port USB modules. Otherwise, this version of the IOLAN SCG comes with the same security features and hardware limitations as the fixed form factor models.

Advantages:

Cellular, Wi-Fi, and analog modem options
Supports ZTP for end devices
Comprehensive firewall functionality

Disadvantages

Very limited CPU, RAM, and flash storage
Does not support third-party automation

Comparison Table: Modular Console Server Hardware

	Nodegrid NSR	Perle IOLAN SCG R/U
Serial Ports	16 / 32 / 48 / 64 / 80x RS-232 with up to 5 serial modules 16 / 32 / 48 / 64 / 80x USB with up to 5 serial modules	Up to 50x RS-232/422/485 Up to 50x USB
Max Port Speed	230,400 bps	230,000 bps
Network Interfaces	1x SFP+ 1x ETH with PoE in 1x Wi-Fi (optional) 1x Dual SIM LTE (optional)	2x SFP or 2x ETH
Additional Interfaces	1x RS-232 console 2x USB 2.0 Type A 2x GPIO 2x Digital Out 1x VGA Optional Modules (up to 5): 16x ETH 8x PoE+ 16x SFP 8x SFP+ 16x USB OCP Debug	1x RS-232 console 1x Micro USB w/DB9 adapter
Environmental Monitoring	Any USB sensors	–
CPU	Intel x86_64 Quad- or Eight-Core	ARM 32-bit 500MHz Single-Core
Storage	32GB SSD (upgrades available)	4GB Flash
RAM	8GB DDR4 (upgrades available	1GB
Power	Dual AC Dual DC	Dual AC Dual DC
Form Factor	1U Rack Mounted	1U Rack Mounted
Data Sheet	Download	Download

Get the best console server hardware for your deployment with Nodegrid

The vendor-neutral Nodegrid platform provides solutions for any use case, deployment size, and pain points. Schedule a free Nodegrid demo to learn more.

Want to see Nodegrid in action?

Watch a demo of the Nodegrid Gen 3 out-of-band management solution to see how it can improve scalability for your data center architecture.

Watch a demo

The post Comparing Console Server Hardware appeared first on ZPE Systems.

Data Center Scalability Tips & Best Practices

ZPE Systems — Thu, 22 Aug 2024 17:25:32 +0000

Data center scalability is the ability to increase or decrease workloads cost-effectively and without disrupting business operations. Scalable data centers make organizations agile, enabling them to support business growth, meet changing customer needs, and weather downturns without compromising quality. This blog describes various methods for achieving data center scalability before providing tips and best practices to make scalability easier and more cost-effective to implement.

How to achieve data center scalability

There are four primary ways to scale data center infrastructure, each of which has advantages and disadvantages.

4 Data center scaling methods

Method	Description	Pros and Cons
1. Adding more servers	Also known as scaling out or horizontal scaling, this involves adding more physical or virtual machines to the data center architecture.	Can support and distribute more workloads Eliminates hardware constraints Deployment and replication take time Requires more rack space Higher upfront and operational costs
2. Virtualization	Dividing physical hardware into multiple virtual machines (VMs) or virtual network functions (VNFs) to support more workloads per device.	Supports faster provisioning Uses resources more efficiently Reduces scaling costs Transition can be expensive and disruptive Not supported by all hardware and software
3. Upgrading existing hardware	Also known as scaling up or vertical scaling, this involves adding more processors, memory, or storage to upgrade the capabilities of existing systems.	Implementation is usually quick and non-disruptive More cost-effective than horizontal scaling Requires less power and rack space Scalability limited by server hardware constraints Increases reliance on legacy systems
4. Using cloud services	Moving some or all workloads to the cloud, where resources can be added or removed on-demand to meet scaling requirements.	Allows on-demand or automatic scaling Better support for new and emerging technologies Reduces data center costs Migration is often extremely disruptive Auto-scaling can lead to ballooning monthly bills May not support legacy software

It’s important for companies to analyze their requirements and carefully consider the advantages and disadvantages of each method before choosing a path forward.

Best practices for data center scalability

The following tips can help organizations ensure their data center infrastructure is flexible enough to support scaling by any of the above methods.

Run workloads on vendor-neutral platforms

Vendor lock-in, or a lack of interoperability with third-party solutions, can severely limit data center scalability. Using vendor-neutral platforms ensures that teams can add, expand, or integrate data center resources and capabilities regardless of provider. These platforms make it easier to adopt new technologies like artificial intelligence (AI) and machine learning (ML) while ensuring compatibility with legacy systems.

Use infrastructure automation and AIOps

Infrastructure automation technologies help teams provision and deploy data center resources quickly so companies can scale up or out with greater efficiency. They also ensure administrators can effectively manage and secure data center infrastructure as it grows in size and complexity.

For example, zero-touch provisioning (ZTP) automatically configures new devices as soon as they connect to the network, allowing remote teams to deploy new data center resources without on-site visits. Automated configuration management solutions like Ansible and Chef ensure that virtualized system configurations stay consistent and up-to-date while preventing unauthorized changes. AIOps (artificial intelligence for IT operations) uses machine learning algorithms to detect threats and other problems, remediate simple issues, and provide root-cause analysis (RCA) and other post-incident forensics with greater accuracy than traditional automation.

Isolate the control plane with Gen 3 serial consoles

Serial consoles are devices that allow administrators to remotely manage data center infrastructure without needing to log in to each piece of equipment individually. They use out-of-band (OOB) management to separate the data plane (where production workflows occur) from the control plane (where management workflows occur). OOB serial console technology – especially the third-generation (or Gen 3) – aids data center scalability in several ways:

Gen 3 serial consoles are vendor-neutral and provide a single software platform for administrators to manage all data center devices, significantly reducing management complexity as infrastructure scales out.
Gen 3 OOB can extend automation capabilities like ZTP to mixed-vendor and legacy devices that wouldn’t otherwise support them.
OOB management moves resource-intensive infrastructure automation workflows off the data plane, improving the performance of production applications and workflows.
Serial consoles move the management interfaces for data center infrastructure to an isolated control plane, which prevents malware and cybercriminals from accessing them if the production network is breached. Isolated management infrastructure (IMI) is a security best practice for data center architectures of any size.

How Nodegrid simplifies data center scalability

Nodegrid is a Gen 3 out-of-band management solution that streamlines vertical and horizontal data center scalability.

The Nodegrid Serial Console Plus (NSCP) offers 96 managed ports in a 1RU rack-mounted form factor, reducing the number of OOB devices needed to control large-scale data center infrastructure. Its open, x86 Linux-based OS can run VMs, VNFs, and Docker containers so teams can run virtualized workloads without deploying additional hardware. Nodegrid can also run automation, AIOps, and security on the same platform to further reduce hardware overhead.

Nodegrid OOB is also available in a modular form factor. The Net Services Router (NSR) allows teams to add or swap modules for additional compute, storage, memory, or serial ports as the data center scales up or down.

Want to see Nodegrid in action?

Watch a demo of the Nodegrid Gen 3 out-of-band management solution to see how it can improve scalability for your data center architecture.

Watch a demo

The post Data Center Scalability Tips & Best Practices appeared first on ZPE Systems.

Understanding Serial Console Interfaces

ZPE Systems — Thu, 22 Aug 2024 07:59:02 +0000

A serial console (also known as a console server or terminal server) is a device that allows admins to manage critical network infrastructure like servers, routers, switches, and power distribution units (PDUs) without needing to log in to each piece of equipment individually. It also provides out-of-band (OOB) management, which creates an isolated network dedicated to infrastructure orchestration and troubleshooting. Serial console interfaces help improve management efficiency, accelerate recovery from outages and cyberattacks, and isolate the control plane from malicious actors.

This blog defines serial console interfaces and describes their technological evolution before discussing the benefits of using a modern serial console solution.

What is a serial console interface?

The term serial console interface could mean different things depending on the context and who’s saying it.

1. Some people use this term to refer to the serial console’s management GUI (graphical user interface), which administrators use to view and control data center devices.

2. Others use this term to refer to the individual connections between a serial console and each managed data center device. In addition to traditional RS-232 serial interfaces, a serial console may support RJ45, KVM (keyboard, video, mouse), IPMI (intelligent platform management interface), and USB (universal serial bus) interfaces.

3. Another potential (but less common) use of the term is for the text-based console interface (also known as a CLI, or command-line interface) used to configure and manage data center devices without a GUI. The console interface could be accessed in several ways, such as through a serial console’s GUI, or via a Telnet or SSH (secure shell) client like PuTTY.

4. Finally, it’s quite common to use the term serial console interface to describe the entire serial console solution, from the hardware itself to its managed ports, GUI, and CLI. The serial console acts as an interface between the production network (a.k.a., the data plane) and the management network (a.k.a., the control plane).

For the purposes of this discussion, we will use this fourth definition of serial console interfaces.

The evolution of serial console interfaces

First-generation

The first generation of serial consoles provides the basics: unified management of multiple data center devices, and an OOB network connection (such as a dial-up modem or cellular SIM card) so management workflows don’t rely on the main production network. A Gen 1 serial console interface allows administrators to access the CLI for each connected device even if the production network goes down from an ISP outage, equipment failure, or cyberattack. However, these serial consoles lack many of the advanced features required for modern network infrastructures, such as hardware encryption, third-party integrations, and automation capabilities. They typically only support standard RS-232 serial interfaces using a specific pinout.

Second-generation

The second generation added built-in security features, advanced authentication methods, and the ability to manage multi-vendor devices. Some vendors also added support for Python scripts and other automation, as well as zero-touch provisioning (ZTP) for supported end devices. However, Gen 2 serial console interfaces have closed architectures that prevent full automation of multi-vendor infrastructure. Their management GUIs are also typically only available as an on-premises virtual machine (VM), so remote administrators must be on the enterprise network or connected via VPN to access them.

Third-generation

Third-generation serial consoles are completely vendor-neutral, so they can control – and extend automation to – every physical and virtual asset in your environment. They use high-speed OOB network interfaces such as 5G cellular, and offer cloud-based management software so teams can manage and troubleshoot remote infrastructure from anywhere in the world. Gen 3 serial console interfaces are built on an open, x86 Linux-based architecture that supports third-party integrations and can run other vendors’ software. They accommodate legacy pinouts to control a variety of devices, such as PDUs, IPMI devices, and environmental monitoring sensors, and also feature modules that allow you to customize or modify interface types.

Gen 3 serial consoles have enterprise-grade security features like an encrypted disk and TPM 2.0 security. They also support integrations with Zero Trust providers for multi-factor authentication (MFA) and single sign-on (SSO). The third generation enables end-to-end network infrastructure automation using third-party tools like Ansible, Chef, and Puppet, as well as customer-built tools in VMs, Docker, or Kubernetes. Gen 3 serial console interfaces are essentially infrastructure multi-tools capable of running and deploying any solution, at any time, from anywhere.

The benefits of a Gen 3 serial console interface

The latest generation of serial consoles provides three major advantages:

Improved management efficiency. A vendor-neutral serial console allows administrators to manage infrastructure workflows and automation for large, complex network architectures from a single pane of glass. Teams can also extend automation to every infrastructure device, even legacy solutions that wouldn’t support it otherwise.

Reduced network downtime. With fast, reliable Gen 3 OOB, infrastructure teams have a lifeline to troubleshoot and recover remote infrastructure when the WAN (wide area network) or LAN (local area network) goes down. They can remotely power-cycle frozen devices, view environmental monitoring logs, and automatically provision replacement equipment without the time or expense of on-site visits.

Isolated management infrastructure (IMI). Gen 3 OOB creates an isolated control plane for network infrastructure, which helps protect management interfaces from malicious actors who have breached the production network. It also helps establish an isolated recovery environment (IRE) where teams can rebuild and restore systems without risking re-infection or re-compromise.

Want to learn more about serial consoles?

Gen 3 serial console interfaces like the Nodegrid Serial Console (NSC) from ZPE Systems use vendor-neutral architectures and end-to-end automation capabilities to help companies improve operational efficiency and network resilience. To learn more about how a Gen 3 solution can help with your biggest infrastructure pain points, watch a Nodegrid demo.

Watch a demo

The post Understanding Serial Console Interfaces appeared first on ZPE Systems.

AI Data Center Infrastructure

ZPE Systems — Fri, 09 Aug 2024 14:00:01 +0000

Artificial intelligence is transforming business operations across nearly every industry, with the recent McKinsey global survey finding that 72% of organizations had adopted AI, and 65% regularly use generative AI (GenAI) tools specifically. GenAI and other artificial intelligence technologies are extremely resource-intensive, requiring more computational power, data storage, and energy than traditional workloads. AI data center infrastructure also requires high-speed, low-latency networking connections and unified, scalable management hardware to ensure maximum performance and availability. This post describes the key components of AI data center infrastructure before providing advice for overcoming common pitfalls to improve the efficiency of AI deployments.

AI data center infrastructure components

Computing

Generative AI and other artificial intelligence technologies require significant processing power. AI workloads typically run on graphics processing units (GPUs), which are made up of many smaller cores that perform simple, repetitive computing tasks in parallel. GPUs can be clustered together to process data for AI much faster than CPUs.

Storage

AI requires vast amounts of data for training and inference. On-premises AI data centers typically use object storage systems with solid-state disks (SSDs) composed of multiple sections of flash memory (a.k.a., flash storage). Storage solutions for AI workloads must be modular so additional capacity can be added as data needs grow, through either physical or logical (networking) connections between devices.

Networking

AI workloads are often distributed across multiple computing and storage nodes within the same data center. To prevent packet loss or delays from affecting the accuracy or performance of AI models, nodes must be connected with high-speed, low-latency networking. Additionally, high-throughput WAN connections are needed to accommodate all the data flowing in from end-users, business sites, cloud apps, IoT devices, and other sources across the enterprise.

Power

AI infrastructure uses significantly more power than traditional data center infrastructure, with a rack of three or four AI servers consuming as much energy as 30 to 40 standard servers. To prevent issues, these power demands must be accounted for in the layout design for new AI data center deployments and, if necessary, discussed with the colocation provider to ensure enough power is available.

Management

Data center infrastructure, especially at the scale required for AI, is typically managed with a jump box, terminal server, or serial console that allows admins to control multiple devices at once. The best practice is to use an out-of-band (OOB) management device that separates the control plane from the data plane using alternative network interfaces. An OOB console server provides several important functions:

It provides an alternative path to data center infrastructure that isn’t reliant on the production ISP, WAN, or LAN, ensuring remote administrators have continuous access to troubleshoot and recover systems faster, without an on-site visit.
It isolates management interfaces from the production network, preventing malware or compromised accounts from jumping over from an infected system and hijacking critical data center infrastructure.
It helps create an isolated recovery environment where teams can clean and rebuild systems during a ransomware attack or other breach without risking reinfection.

An OOB serial console helps minimize disruptions to AI infrastructure. For example, teams can use OOB to remotely control PDU outlets to power cycle a hung server. Or, if a networking device failure brings down the LAN, teams can use a 5G cellular OOB connection to troubleshoot and fix the problem. Out-of-band management reduces the need for costly, time-consuming site visits, which significantly improves the resilience of AI infrastructure.

AI data center challenges

Artificial intelligence workloads, and the data center infrastructure needed to support them, are highly complex. Many IT teams struggle to efficiently provision, maintain, and repair AI data center infrastructure at the scale and speed required, especially when workflows are fragmented across legacy and multi-vendor solutions that may not integrate. The best way to ensure data center teams can keep up with the demands of artificial intelligence is with a unified AI orchestration platform. Such a platform should include:

Automation for repetitive provisioning and troubleshooting tasks
Unification of all AI-related workflows with a single, vendor-neutral platform
Resilience with cellular failover and Gen 3 out-of-band management.

To learn more, read AI Orchestration: Solving Challenges to Improve AI Value

Improving operational efficiency with a vendor-neutral platform

Nodegrid is a Gen 3 out-of-band management solution that provides the perfect unification platform for AI data center orchestration. The vendor-neutral Nodegrid platform can integrate with or directly run third-party software, unifying all your networking, management, automation, security, and recovery workflows. A single, 1RU Nodegrid Serial Console Plus (NSCP) can manage up to 96 data center devices, and even extend automation to legacy and mixed-vendor solutions that wouldn’t otherwise support it. Nodegrid Serial Consoles enable the fast and cost-efficient infrastructure scaling required to support GenAI and other artificial intelligence technologies.

Make Nodegrid your AI data center orchestration platform

Request a demo to learn how Nodegrid can improve the efficiency and resilience of your AI data center infrastructure.
Contact Us

The post AI Data Center Infrastructure appeared first on ZPE Systems.

Why Securing IT Means Replacing End-of-Life Console Servers

Jordan Baker — Thu, 25 Jul 2024 18:56:28 +0000

The world as we know it is connected to IT, and IT relies on its underlying infrastructure. Organizations must prioritize maintaining this infrastructure; otherwise, any disruption or breach has a ripple effect that takes services offline for millions of users (take the recent CrowdStrike outage, for example). A big part of this maintenance is ensuring that all hardware components, including console servers, are up-to-date and secure. Most console servers reach end-of-life (EOL) and need to be replaced, but for many reasons, whether budgetary concerns or the “if it isn’t broken” mentality, IT teams often keep their EOL devices. Let’s look at the risks of using EOL console servers, and why replacing them goes hand-in-hand with securing IT.

The Risks of Using End-of-Life Console Servers

End-of-life console servers can undermine the security and functionality of IT systems. These risks include:

1. Lack of Security Features and Updates

Aging console servers lack adequate hardware and management security features, meaning they can’t support a zero trust approach. On top of this, once a console server reaches EOL, the manufacturer stops providing security patches and updates. The device then becomes vulnerable to newly discovered CVEs and complex cyberattacks (like the MOVEit and Ragnar Locker breaches). Cybercriminals often target outdated hardware because they know that these devices are no longer receiving updates, making them easy entry points for launching attacks.

2. Compliance Issues

Many industries have stringent regulatory requirements regarding data security and IT infrastructure. DORA, NIS2 (EU), NIST2 (US), PCI 4.0 (finance), and CER Directive are just a few of the updated regulations that are cracking down on how organizations architect IT, including the management layer. Using EOL hardware can lead to non-compliance, resulting in fines and legal repercussions. Regulatory bodies expect organizations to use up-to-date and secure equipment to protect sensitive information.

3. Prolonged Recovery

EOL console servers are prone to failures and inefficiencies. As these devices age, their performance deteriorates, leading to increased downtime and disruptions. Most console servers are Gen 2, meaning they offer basic remote troubleshooting (to address break/fix scenarios) and limited automation capabilities. When there is a severe disruption, such as a ransomware attack, hackers can easily access and encrypt these devices to lock out admin access. Organizations then must endure prolonged recovery (just look the still ongoing CrowdStrike outage, or last year’s MGM attack) because they need to physically decommission and restore their infrastructure.

The Importance of Replacing EOL Console Servers

Here’s why replacing EOL console servers is essential to securing IT:

1. Modern Security Approach

Zero trust is an approach that uses segmentation across IT assets. This ensures that only authorized users can access resources necessary for their job function. This approach requires SAML, SSO, MFA/2FA, and role-based access controls, which are only supported by modern console servers. Modern devices additionally feature advanced security through encryption, signed OS, and tampering detection. This ensures a complete cyber and physical approach to security.

2. Protection Against New Threats

New CVEs and evolving threats can easily take advantage of EOL devices that no longer receive updates. Modern console servers benefit from ongoing support in the form of firmware upgrades and security patches. Upgrading with a security-focused device vendor can drastically shrink the attack surface, by addressing supply chain security risks, codebase integrity, and CVE patching.

3. Ease of Compliance

EOL devices lack modern security features, but this isn’t the only reason why they make it difficult or impossible to comply with regulations. They also lack the ability to isolate the control plane from the production network (see Diagram 1 below), meaning attackers can easily move between the two in order to launch ransomware and steal sensitive information. Watchdog agencies and new legislation are stipulating that organizations follow the latest best practice of separating the control plane from production, called Isolated Management Infrastructure (IMI). Modern console servers make this best practice simple to achieve by offering drop-in out-of-band that is completely isolated from production assets (see Diagram 2 below). This means that the organization is always in control of its IT assets and sensitive data.

Diagram 1: Though an acceptable approach, Gen 2 out-of-band lacks isolation and leaves management interfaces vulnerable to the internet.

Diagram 2: Gen 3 out-of-band fully isolates the control plane to guarantee organizations retain control of their IT assets and sensitive info.

4. Faster Recovery

New console servers are designed to handle more workloads and functions, which eliminates single-purpose devices and shrinks the attack surface. They can also run VMs and Docker containers to host applications. This enables what Gartner calls the Isolated Recovery Environment (IRE) (see Diagram 3 below), which is becoming essential for faster recovery from ransomware. Since the IMI component prohibits attackers from accessing the control plane, admins retain control during an attack. They can use the IMI to deploy their IRE and the necessary applications — remotely — to decommission, cleanse, and restore their infected infrastructure. This means that they don’t have to roll trucks week after week when there’s an attack; they just need to log into their management infrastructure to begin assessing and responding immediately, which significantly reduces recovery times.

Diagram 3: The Isolated Recovery Environment allows for a comprehensive and rapid response to ransomware attacks.

Watch How To Secure The Network Backbone

I recently presented at Cisco Live Vegas on how to secure the network’s backbone using Isolated Management Infrastructure. I walk you through the evolution of network management, and it becomes obvious that end-of-life console servers are a major security concern, both from the hardware perspective itself and their lack of isolation capabilities. Watch my 10-minute presentation from the show and download some helpful resources, including the blueprint to building IMI.

Watch My Presentation

The post Why Securing IT Means Replacing End-of-Life Console Servers appeared first on ZPE Systems.

The CrowdStrike Outage: How to Recover Fast and Avoid the Next Outage

Jordan Baker — Tue, 23 Jul 2024 13:22:34 +0000

On July 19, 2024, CrowdStrike, a leading cybersecurity firm renowned for its advanced endpoint protection and threat intelligence solutions, experienced a significant outage that disrupted operations for many of its clients. This outage, triggered by a software upgrade, resulted in crashes for Windows PCs, creating a wave of operational challenges for banks, airports, enterprises, and organizations worldwide. This blog post explores what transpired during this incident, what caused the outage, and the broader implications for the cybersecurity industry.

What happened?

The incident began on the morning of July 19, 2024, when numerous CrowdStrike customers started reporting issues with their Windows PCs. Users experienced the BSOD (blue screen of death), which is when Windows crashes and renders devices unusable. As the day went on, it became evident that the problem was widespread and directly linked to a recent software upgrade deployed by CrowdStrike.

Timeline of Events

Initial Reports: Early in the day, airports, hospitals, and critical infrastructure operators began experiencing unexplained crashes on their Windows PCs. The issue was quickly reported to CrowdStrike’s support team.
Incident Acknowledgement: CrowdStrike acknowledged the issue via their social media channels and direct communications with affected clients, confirming that they were investigating the cause of the crashes.
Root Cause Analysis: CrowdStrike’s engineering team worked diligently to identify the root cause of the problem. They soon determined that a software upgrade released the previous night was responsible for the crashes.
Mitigation Efforts: Upon isolating the faulty software update, CrowdStrike issued guidance on how to roll back the update and provided patches to fix the issue.

What caused the CrowdStrike outage?

The root cause of the outage was a software upgrade intended to enhance the functionality and security of CrowdStrike’s Falcon sensor endpoint protection platform. However, this upgrade contained a bug that conflicted with certain configurations of Windows PCs, leading to system crashes. Several factors contributed to the incident:

Insufficient Testing: The software update did not undergo adequate testing across all possible configurations of Windows PCs. This oversight meant that the bug was not detected before the update was deployed to customers.
Complex Interdependencies: The incident highlights the complex interdependencies between software components and operating systems. Even minor changes can have unforeseen impacts on system stability.
Rapid Deployment: In the cybersecurity industry, quick responses to emerging threats are crucial. However, the pressure to deploy updates rapidly can sometimes lead to insufficient testing and quality assurance processes.

We need to remember one important fact: whether software is written by humans or AI, there will be mistakes in coding and testing. When an issue slips through the cracks, the customer lab is the last resort to catch it. Usually, this can be done with a controlled rollout, where the IT team first upgrades their lab equipment, performs further testing, puts in place a rollback plan, and pushes the update to a less critical site. But in a cloud-connected SaaS world, the customer is no longer in control. That’s why they sign waivers stating that if such an incident occurs, the company that caused the problem is not liable. Experts are saying the only way to address this challenge is to have an infrastructure that’s designed, deployed, and operated for resilience. We discuss this architecture further down in this article.

How to recover from the CrowdStrike outage

CrowdStrike gives two options for recovering:

Option 1: Reboot in Safe Mode – Reboot the affected device in Safe Mode, locate and delete the file “C-00000291*.sys”, and then restart the device.
Option 2: Re-image – Download and configure the recovery utility to create a new Windows image, add this image to a USB drive, and then insert this USB drive into the target device. The utility will automatically find and delete the file that’s causing the crash.

The biggest obstacle that is costing organizations a lot of time and money is that with either of these recovery methods, IT staff need to be physically present to work on each affected device. They need to go one by one manually remediating via Safe Mode or physically inserting the USB drive. What makes this more difficult is that many organizations use physical and software/management security controls to limit access. Locked device cabinets slow down physical access to devices, and things like role-based access policies and disk encryption can make Safe Mode unusable. Because this outage is affecting more than 8.5 million computers, this kind of work won’t scale efficiently. That’s why organizations are turning to Isolated Management Infrastructure (IMI) and the Isolated Recovery Environment (IRE).

How IMI and IRE help you recover faster

IMI is a dedicated control plane network that’s meant for administration and recovery of IT systems, including Windows PCs affected by the CrowdStrike outage. It uses the concept of out-of-band management, where you deploy a management device that is connected to dedicated management ports of your IT infrastructure (e.g., serial ports, IPMI ports, and other ethernet management ports). IMI also allows you to deploy recovery services for your digital estate that is immutable and near-line when recovery needs to take place.

IMI does not rely at all on the production assets, as it has its own dedicated remote access via WAN links like 4G/5G, and can contain and encrypt recovery keys and tools with zero trust.

IMI gives teams remote, low-level access to devices so they can recover their systems remotely without the need to visit sites. Organizations that employ IMI are able to revert back to a golden image through automation, or deploy bootable tools to all the computers at the site to rescue them without data loss.

The dedicated out-of-band access to serial/IPMI and management ports gives automation software the same abilities as if a physical crash cart was pulled up to the servers. ZPE Systems’ Nodegrid (now a brand of Legrand) enables this architecture as explained next. Using Nodegrid and ZPE Cloud, teams can use either option to recover from the CrowdStrike outage:

Option 1: Reboot in Pre-Execution Environment Software – Nodegrid gives low-level network access to connected Windows as if teams were sitting directly in front of the affected device. This means they can remote-in, reboot to a network image, remote into the booted image, delete the faulty file, and restart the system.
Option 2: Re-image – ZPE Cloud serves as a file repository and orchestration engine. Teams can upload their working Windows image, and then automatically push this across their global fleet of affected devices. This option speeds up recovery times exponentially.
Option 3 – Run Windows Deployment server on the IMI device at the location and re-image servers and workstations if a good backup of the data has been located. This backup can be made available through the IMI after the initial image has been deployed. The IMI can provide dedicated secure access to the InTune services in your M365 cloud, and the backups do not have to transit the entire internet for all workstations at the time, speeding up recovery many times over.

All of these options can be performed at scale or even automated. Server recovery with large backups, although it may take a couple of hours, can be delivered locally and tracked for performance and consistency.

But what about the risk of making mistakes when you have to repeat these tasks? Won’t this cause more damage and data loss?

Any team can make a mistake repeating these recovery tasks over a large footprint, and cause further damage or loss of data, slowing the recovery further. Automated recovery through the IMI addresses this, and can provide reliable recording and reporting to ensure that the restoration is complete and trusted.

What does IMI look like?

Here’s a simplified view of Isolated Management Infrastructure. You can see that ZPE’s Nodegrid device is needed, which sits beside production infrastructure and provides the platform for hosting all the tools necessary for fast recovery.

What you need to deploy IMI for recovery:

Out-of-band appliance with serial, USB, ethernet interfaces (e.g., ZPE’s Nodegrid Net SR)
Switchable PDU: Legrand Server Tech or Raritan PDU
Windows PXE Boot image

Here’s the order of operations for a faster CrowdStrike outage recovery:

Option 1 – Recover

1. IMI deployed with a ZPE Nodegrid device that will start Pre-Execution Environment (PXE) which are Windows boot images that the Nodegrid will push to the computers when they boot up
2. Send recovery keys from Intune to IMI remote storage over ZPE Cloud’s zero trust platform easily available in cloud or air-gapped through Nodegrid Manager
3. Enable PXE service (automated across entire enterprise) and define the PXE recovery image
4. Use serial or IP control of power to the computers, or if possible Intel vPro or IPMI capable machines, to reboot all machines
5. All machines will boot and check in to a control tower for PXE, or be made available to remote into using stored passwords on the PXE environment, Windows AD, or other Privileged Access Management (PAM)
6. Delete Files
7. Reboot

Option 2 – Lean re-image

1. IMI deployed with a Windows Pre-Execution boot image running PXE service
2. Enable access to cloud and Azure Intune to the IMI remote storage for the local image for the PC
3. Enable PXE service (automated across entire enterprise) and define the PXE recovery image
4. Use serial or IP control of power to the computers, or if possible, Intel vPro or IPMI capable machines, to reboot all machines
5. Machines will boot and check in to Intune either through the IMI or through normal Internet access and finish imaging
6. Once the machine completes the InTune tasks, InTune will signal backups to come down to the machines. If these backups are offsite, they can be staged on the IMI through backup software running on a virtual machine located on the IMI appliance to speed up recovery and not impede the Internet connection at the remote site
7. Pre-stage backups onto local storage, push recovery from the virtual machine on the IMI

Option 3 – Windows controlled re-image

1. Windows Deployment Server (WDS) installed as a virtual machine running on the IMI appliance (offline to prevent issues or online but under a slowed deployment cycle in case there was an issue)
2. Send recovery keys from Intune to IMI remote storage over a zero trust interface in cloud or air-gapped
3. Use serial or IP control of power to the computers, or if possible, Intel vPro or IPMI capable machines, to reboot all machines
4. Machines will boot and check in to the WDS for re-imaging
5. Machines will boot and check in to Intune either through the IMI or through normal Internet access and finish imaging
6. Once the machine completes the InTune tasks, InTune will signal backups to come down to the machines. If these backups are offsite, they can be staged on the IMI through backup software running on a virtual machine located on the IMI appliance to speed up recovery and not impede the Internet connection at the remote site
7. Pre-stage backups onto local storage, push recovery from the virtual machine on the IMI

Deploy IMI now to recover and avoid the next outage

Get in touch for help choosing the right size IMI deployment for your organization. Nodegrid and ZPE Cloud are the drop-in solution to recovering from the CrowdStrike outage, with plenty of device options to fit any budget and environment size. Contact ZPE Sales now or download the blueprint to help you begin implementing IMI.

Contact ZPE sales

Download blueprint

The post The CrowdStrike Outage: How to Recover Fast and Avoid the Next Outage appeared first on ZPE Systems.

ZPE Systems Unveils IT Resilience Products at Cisco Live, Including Solution to Protect AI Investments

Jordan Baker — Tue, 28 May 2024 12:53:05 +0000

Nodegrid Serial Console: Core Edition

Nodegrid Gate SR w/ Nvidia Jetson Nano

Budget-friendly console server product and dual-CPU NVIDIA platform help organizations protect their infrastructure and AI investments.

Fremont, CA — May 28, 2024 — ZPE Systems, a leader in network infrastructure and management solutions that is now part of Legrand, launches two new products at Cisco Live Las Vegas: the Nodegrid Serial Console Core Edition and the Nodegrid Gate SR platform with embedded NVIDIA Jetson Orin Nano module. These innovative products will empower organizations to better protect their vital IT infrastructure and NVIDIA AI investments from the growing risks of cyber-attacks.

The Nodegrid Serial Console Core Edition is a cost-effective third generation console server that resolves the vulnerabilities left by legacy console servers. It leverages drop-in Isolated Management Infrastructure (IMI) to fully separate management traffic from production networks. The creation of a separate management network provides physical and logical isolation from unauthorized users and cyber threats.

“The first step in cybersecurity resiliency is proper IT hygiene, starting with the right architecture to remove anxiety from automated patching and recovery,” said Koroush Saraf, VP of Products and Marketing at ZPE Systems. “The Core Edition simplifies IMI, providing secure, isolated management access from any branch office or remote location via any LAN or WAN link type, including cellular connections. This gives customers a safe environment for patching or configuration rollback even during an outage or cyberattack.”

Though IMI has been used primarily by hyperscalers and big tech brands, the Core Edition enables businesses of all sizes to build their own IMI networks and reap the benefits of a layered security approach at an affordable price.

“With the NSCP Core Edition, our goal is to make big tech’s resilience practices accessible and affordable for all organizations,” emphasizes Arnaldo Zimmermann, Cofounder of ZPE and VP/GM at Legrand. “Now, anyone can drop in our Gen 3 console server, create their IMI, and close those vulnerabilities created by their outdated devices.”

ZPE is also releasing the Nodegrid Gate SR with embedded Jetson module. This new platform internally hosts the NVIDIA Jetson Orin Nano module, serving as an out-of-band device for initial bring-up, patching, and upgrading when running NVIDIA workloads. ZPE’s Gate SR with embedded Jetson module offers a dual-CPU platform that uses the same IMI concept for provisioning AI workloads via out-of-band path and allows customers to deploy, manage, and upgrade remotely via ZPE Cloud. This new Nodegrid platform enables organizations to improve industrial floor safety, campus security, and manufacturing quality control, by deploying 3^rd party computer vision software at the edge. Organizations can now add resilience and recovery to the fleet of their NVIDIA AI workloads with ZPE embedded or external AI hardware devices.

To learn more, visit the Core Edition page or meet us in booth 5581 at Cisco Live.

The post ZPE Systems Unveils IT Resilience Products at Cisco Live, Including Solution to Protect AI Investments appeared first on ZPE Systems.

PCI DSS 4.0 Requirements

ZPE Systems — Wed, 15 May 2024 14:00:17 +0000

The Security Standards Council (SSC) of the Payment Card Industry (PCI) released the version 4.0 update of the Data Security Standard (DSS) in March 2022. PCI DSS 4.0 applies to any organization in any country that accepts, handles, stores, or transmits cardholder data. This standard defines cardholder data as any personally identifiable information (PII) associated with someone’s credit or debit card. The risks for PCI DSS 4.0 noncompliance include fines, reputational damage, and potentially lost business, so organizations must stay up to date with all recent changes.

The new requirements cover everything from protecting cardholder data to implementing user access controls, zero trust security measures, and frequent penetration (pen) testing. Each major requirement defined in the updated PCI DSS 4.0 is summarized below, with tables breaking down the specific compliance stipulations and providing tips or best practices for meeting them.

Citation: The PCI DSS v4.0

PCI DSS 4.0 requirements and best practices

Every PCI DSS 4.0 requirement starts with a stipulation that the processes and mechanisms for implementation are clearly defined and understood. The best practice involves updating policy and process documents as soon as possible after changes occur, such as when business goals or technologies evolve, and communicating changes across all relevant business units.

Jump to the other requirements below:

Build and maintain a secure network and systems
- Requirement 1: Install and maintain network security controls
- Requirement 2: Apply Secure Configurations to All System Components
Protect Account Data
- Requirement 3: Protect Stored Account Data
- Requirement 4: Protect Cardholder Data with Strong Cryptography During Transmission Over Open, Public Networks
Maintain a Vulnerability Management Program
- Requirement 5: Protect All Systems and Networks from Malicious Software
- Requirement 6: Develop and Maintain Secure Systems and Software
Implement Strong Access Control Measures
Regularly Monitor and Test Networks
- Requirement 10: Log and Monitor All Access to System Components and Cardholder Data
- Requirement 11: Test Security of Systems and Networks Regularly
Maintain an Information Security Policy
- Requirement 12: Support Information Security with Organization Policies and Programs

Build and maintain a secure network and systems

Requirement 1: Install and maintain network security controls

Network security controls include firewalls and other security solutions that inspect and control network traffic. PCI DSS 4.0 requires organizations to install and properly configure network security controls to protect payment card data.

Stipulations for Compliance	Best Practices
Network security controls (NSCs) are configured and maintained.	Validate network security configurations before deployment and use configuration management to track changes and prevent configuration drift.
Network access to and from the cardholder data environment (CDE) is restricted.	Monitor all inbound traffic to the CDE, even from trusted networks, and, when possible, use explicit “deny all” firewall rules to prevent accidental gaps.
Network connections between trusted and untrusted networks are controlled.	Implement a DMZ that manages connections between untrusted networks and public-facing resources on the trusted network.
Risks to the CDE from computing devices that can connect to both untrusted networks and the CDE are mitigated.	Use security controls like endpoint protection and firewalls to protect devices from Internet-based attacks and zero-trust and network segmentation to prevent lateral movement to CDEs.

Requirement 2: Apply secure configurations to all system components

Attackers often compromise systems using known default passwords or old, forgotten services. PCI DSS 4.0 requires organizations to properly configure system security settings and reduce the attack surface by turning off unnecessary software, services, and accounts.

Stipulations for Compliance	Best Practices
System components are configured and managed securely.	Continuously check for vendor-default user accounts and security configurations and ensure all administrative access is encrypted using strong cryptographic protocols.
Wireless environments are configured and managed securely.	Apply the same security standards consistently across wired and wireless environments, and change wireless encryption keys whenever someone leaves the organization.

Protect account data

Requirement 3: Protect stored account data

Any payment account data an organization stores must be protected by methods such as encryption and hashing. Organizations should also limit account data storage unless it’s necessary and, when possible, truncate cardholder data.

Stipulations for Compliance	Best Practices
Storage of account data is kept to a minimum.	Use data retention and disposal policies to configure an automated, programmatic procedure to locate and remove unnecessary account data.
Sensitive authentication data (SAD) is not stored after authorization.	Review data sources to ensure that the full contents of any track, card verification code, and PIN/PIN blocks are not retained after the authorization process is completed.
Access to displays of full primary account number (PAN) and ability to copy cardholder data are restricted.	Use role-based access control (RBAC) to limit PAN access to individuals with a defined need and use the masking approach to display only the number of digits needed for a specific function.
PAN is secured wherever it is stored.	Render PAN unreadable using one-way hashing with a randomly generated secret key, truncation, index tokens, and strong cryptography with secure key management.
Cryptographic keys used to protect stored account data are secured.	Manage cryptographic keys with a centralized key management system that’s PCI DSS 4.0 compliant to restrict access to key-encrypting keys and store them separately from data-encrypting keys.
Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented.	Use a key management solution that simplifies or automates key replacement for old or compromised keys.

Requirement 4: Protect cardholder data with strong cryptography during transmission over open, public networks

While requirement 3 applies to stored card data, requirement 4 outlines stipulations for protecting cardholder data in transit.

Stipulations for Compliance	Best Practices
PAN is protected with strong cryptography during transmission.	Encrypt PAN over both public and internal networks and apply strong cryptography at both the data level and the session level.

Maintain a vulnerability management program

Requirement 5: Protect all systems and networks from malicious software

Organizations must take steps to prevent malicious software (a.k.a., malware) from infecting the network and potentially exposing cardholder data.

Stipulations for Compliance	Best Practices
Malware is prevented, or detected and addressed.	Use a combination of network-based controls, host-based controls, and endpoint security solutions; supplement signature-based tools with AI/ML-powered detection.
Anti-malware mechanisms and processes are active, maintained, and monitored.	Update tools and signature databases as soon as possible and prevent end-users from disabling or altering anti-malware controls.
Anti-phishing mechanisms protect users against phishing attacks.	Use a combination of anti-phishing approaches, including anti-spoofing controls, link scrubbers, and server-side anti-malware.

Requirement 6: Develop and maintain secure systems and software

Development teams should follow PCI-compliant processes when writing and validating code. Additionally, install all appropriate security patches immediately to prevent malicious actors from exploiting known vulnerabilities in systems and software.

Stipulations for Compliance	Best Practices
Bespoke and custom software are developed securely.	Use manual or automatic code reviews to search for undocumented features, validate that third-party libraries are used securely, analyze insecure code structures, and check for logical vulnerabilities.
Security vulnerabilities are identified and addressed.	Use a centralized patch management solution to automatically notify teams of known vulnerabilities and pending updates.
Public-facing web applications are protected against attacks.	Use automatic vulnerability security assessment tools that include specialized web scanners that analyze web application protection.
Changes to all system components are managed securely.	Use a centralized source code version management solution to track, approve, and roll back changes.

Implement strong access control measures

Requirement 7: Restrict access to system components and cardholder data by business need-to-know

This PCI DSS 4.0 requirement aims to limit who and what has access to sensitive cardholder data and CDEs to prevent malicious actors from gaining access through a compromised, over-provisioned account. “Need to know” means that only accounts with a specific need should have access to sensitive resources; it’s often applied using the “least-privilege” approach, which means only granting accounts the specific privileges needed to perform a job role.

Stipulations for Compliance	Best Practices
Access to system components and data is appropriately defined and assigned.	Use RBAC to provide accounts with access privileges based on their job functions (e.g., ‘customer service agent’ or ‘warehouse manager’) rather than on an individual basis.
Access to system components and data is managed via an access control system.	Use a centralized identity and access management (IAM) system to manage access across the enterprise, including branches, edge computing sites, and the cloud.

Requirement 8: Identify users and authenticate access to system components

Organizations must establish and prove the identity of any users attempting to access CDEs or sensitive data. This requirement is core to the zero trust security methodology which is designed to limit the scope of data access and theft once an attacker has already compromised an account or system.

Stipulations for Compliance	Best Practices
User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle.	Use an account lifecycle management solution to streamline account discovery, provisioning, monitoring, and deactivation.
Strong authentication for users and administrators is established and managed.	Replace relatively weak passwords/passphrases with stronger authentication factors like hardware tokens or biometrics.
Multi-factor authentication (MFA) is implemented to secure access into the CDE.	MFA should also protect access to management interfaces on isolated management infrastructure (IMI) to prevent attackers from controlling the CDE.
MFA systems are configured to prevent misuse.	Secure the MFA system itself with strong authentication and validate MFA configurations before deployment to ensure it requires two different forms of authentication and does not allow any access without a second factor.
Use of application and system accounts and associated authentication factors is strictly managed.	Whenever possible, disable interactive login on system and application accounts to prevent malicious actors from logging in with them.

Requirement 9: Restrict physical access to cardholder data

Malicious actors could gain access to cardholder data by physically interacting with payment devices or tampering with the hardware infrastructure that stores and processes that data. These PCI DSS 4.0 requirements outline how to prevent physical data access.

Stipulations for Compliance	Best Practices
Physical access controls manage entry into facilities and systems containing cardholder data.	Use logical or physical controls to prevent unauthorized users from connecting to network jacks and wireless access points within the CDE facility.
Physical access for personnel and visitors is authorized and managed.	Require visitor badges and an authorized escort for any third parties accessing the CDE facility, and keep an accurate log of when they enter and exit the building.
Media with cardholder data is securely stored, accessed, distributed, and destroyed.	Do not allow portable media containing cardholder data to leave the secure facility unless absolutely necessary.
Point of interaction (POI) devices are protected from tampering and unauthorized substitution.	Use a centralized, vendor-neutral asset management system to automatically discover and track all POI devices in use across the organization.
Use of application and system accounts and associated authentication factors is strictly managed.	Whenever possible, disable interactive login on system and application accounts to prevent malicious actors from logging in with them.

Regularly monitor and test networks

Requirement 10: Log and monitor all access to system components and cardholder data

User activity logging and monitoring will help prevent, detect, and mitigate CDE breaches. PCI DSS 4.0 requires organizations to collect, protect, and review audit logs of all user activities in the CDE.

Stipulations for Compliance	Best Practices
Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.	Use a user and entity behavior analytics (UEBA) solution to monitor user activity and detect suspicious behavior with machine learning algorithms.
Audit logs are protected from destruction and unauthorized modifications.	Never store audit logs in public-accessible locations; use strong RBAC and least-privilege policies to limit access.
Audit logs are reviewed to identify anomalies or suspicious activity.	Use an AIOps tool to analyze audit logs, detect anomalous activity, and automatically triage and notify teams of issues.
Audit log history is retained and available for analysis.	Retain audit logs for at least 12 months in a secure storage location; keep the last three months of logs immediately accessible to aid in breach resolution.
Time-synchronization mechanisms support consistent time settings across all systems.	Use NTP to synchronize clocks across all systems to help with breach mitigation and post-incident forensics.
Failures of critical security control systems are detected, reported, and responded to promptly.	Use AIOps to automatically detect, triage, and respond to security incidents. AIOps also provides automatic root-cause analysis (RCA) for faster incident resolution.

Requirement 11: Test security of systems and network regularly

Researchers and attackers continuously discover new vulnerabilities in systems and software, so organizations must frequently test network components, applications, and processes to ensure that in-place security controls are still adequate. ge changes; ensure alerts are monitored.

Stipulations for Compliance	Best Practices
Wireless access points are identified and monitored, and unauthorized wireless access points are addressed.	Use a wireless analyzer to detect rogue access points.
External and internal vulnerabilities are regularly identified, prioritized, and addressed.	PCI DSS 4.0 requires internal and external vulnerability scans at least once every three months, but performing them more often is encouraged if your network is complex or changes frequently.
External and internal penetration testing is regularly performed, and exploitable vulnerabilities and security weaknesses are corrected.	Work with a PCI DSS-approved vendor to perform external and internal penetration testing; conduct pen testing on network segmentation controls.
Network intrusions and unexpected file changes are detected and responded to.	Use AI-powered, next-generation firewalls (NGFWs) with enhanced detection algorithms and automatic incident response capabilities.
Unauthorized changes on payment pages are detected and responded to.	Use anti-skimming technology like file integrity monitoring (FIM) to detect unauthorized payment page changes; ensure alerts are monitored.

Maintain an information security policy

Requirement 12: Support information security with organizational policies and programs

The final requirement is to implement information security policies and programs to support the processes described above and get everyone on the same page about their responsibilities regarding cardholder data privacy.

Stipulations for Compliance	Best Practices
Acceptable use policies for end-user technologies are defined and implemented.	Enforce usage policies with technical controls capable of locking users out of systems, applications, or devices if they violate these policies.
Risks to the cardholder data and environment are formally identified, evaluated, and managed.	Use a centralized patch management system to monitor firmware and software versions, detect changes that may increase risk, and deploy updates to fix vulnerabilities.
PCI DSS compliance is managed.	Service providers must assign executive responsibility for managing PCI DSS 4.0 compliance.
PCI DSS scope is documented and validated.	Frequently validate PCI DSS scope by evaluating the CDE and all connected systems to determine if coverage should be expanded.
Security awareness education is an ongoing activity.	Require all users to take security awareness training upon hire and every year afterwards; it’s also recommended to provide refresher training when someone transfers into a role with more access to sensitive data.
Personnel are screened to reduce risks from insider threats.	In addition to screening new hires, conduct additional screening when someone moves into a role with greater access to the CDE.
Risk to information assets associated with third-party service provider (TPSP) relationships is managed.	Thoroughly analyze the risk of working with third-parties based on their reporting practices, breach history, incident response procedures, and PCI DSS validation.
Third-party service providers (TPSPs) support their customers’ PCI DSS compliance.	Require TPSPs to provide their PCI DSS Attestation of Compliance (AOC) to demonstrate their compliance status.
Suspected and confirmed security incidents that could impact the CDE are responded to immediately.	Create a comprehensive incident response plan that designates roles to key stakeholders.

Isolate your CDE and management infrastructure with Nodegrid

The Nodegrid out-of-band (OOB) management platform from ZPE Systems isolates your control plane and provides a safe environment for cardholder data, management infrastructure, and ransomware recovery. Our vendor-neutral, Gen 3 OOB solution allows you to host third-party tools for automation, security, troubleshooting, and more for ultimate efficiency.

Ready to know more about PCI DSS 4.0 Requirements?

Learn how to meet PCI DSS 4.0 requirements for network segmentation and security by downloading our isolated management infrastructure (IMI) solution guide.
Download the Guide

The post PCI DSS 4.0 Requirements appeared first on ZPE Systems.

Opengear Alternatives for the OM2200 and OM1200

Luiz Barbieri — Mon, 15 Apr 2024 23:24:33 +0000

The Opengear Operations Manager is a series of NetOps console servers providing out-of-band remote access to manage remote network infrastructure in data center, edge, and branch deployments. There are a few reasons to consider alternative options, including a lack of 3rd-party integrations, 5G support, and gateway routing capabilities. This blog goes over the pros and cons of the Operations Manager solutions before discussing Opengear alternatives that provide greater automation, orchestration, and security features as well as all-in-one branch networking capabilities.

- Executive summary

- Reviewing the Opengear Operations Manager platform

- Opengear Operations Manager limitations

- Opengear alternatives from ZPE Systems

- Key takeaways

- Product SKUs

Executive summary

Opengear’s Operations Manager (OM) appliances are NetOps console servers providing out-of-band (OOB) management for remote network infrastructure.
While OM appliances provide some automation capabilities, especially with the upgraded Automation Edition, they offer limited third-party integrations and end-device automation features.
The OM2200 and OM1200 both lack integrated branch gateway functionality and have limited security features overall.
The Nodegrid platform from ZPE Systems overcomes these limitations with vendor-neutral OOB serial consoles and branch services routers.
Nodegrid enables end-to-end automation through end-device ZTP and unlimited third-party integrations with leading tools like Ansible and Chef.
Nodegrid also consolidates data center and branch networking functionality like gateway routing, 5G cellular failover, and security to provide all-in-one solutions.

Reviewing the Opengear Operations Manager platform

Operations Manager (or OM) is Opengear’s line of NetOps console servers. OM appliances come with Smart OOBTM for out-of-band management, including automated port discovery and VLAN support. Opengear’s x86 Lighthouse platform supports Python scripts and Docker container deployments for NetOps automation. Lighthouse also supports over 100 power vendors’ equipment, allowing it to monitor and control UPS batteries, PDU outlets, and power load balancing. It’s important to note that, while the standard (Enterprise) edition of Lighthouse supports Python and Docker, customers must upgrade to the Automation edition for zero-touch provisioning (ZTP) or other third-party automation integrations. Additionally, OM solutions do not support 2FA or SAML authentication.

Opengear OM2200

The Opengear OM2200 Operations Manager model is designed for data center and high-density use cases. It features 16, 32, 48 serial and 24 serial/Ethernet mixed port configuration options, with an optional global LTE-A Pro cellular module. The OM2200 provides five regional options for dual AC power as well as a dual DC power cord model.

Click here to see a complete Opengear OM2200 Operations Manager product SKUs list.

OM2200 Pros:

Plenty of RAM and storage space
Many options for power and serial port configurations
Uniquely broad support for 3rd-party power equipment
Some NetOps automation capabilities

OM2200 Cons:

Requires upgraded software licenses for ZTP and most 3rd-party automation
No 2FA or SAML 2.0 support
No managed USB serial ports
No 5G support

Opengear OM1200

The Opengear OM1200 Operations Manager model is meant for small edge deployments. The compact chassis supports 4 serial, 8 serial, and 8 serial/8 Ethernet port combinations. It provides OOB and failover access via dual Ethernet (SFP Fiber is available on the 4E and 8E models) as well as an optional global LTE-A Pro cellular module.

Click here to see a full list of Opengear OM1200 Operations Manager product SKUs.

OM1200 Pros:

Compact size
Cost-effective range of port configurations
Supports 3rd-party power equipment, Docker, and Python

OM1200 Cons:

Requires upgraded software licenses for ZTP and most 3rd-party automation
No 2FA or SAML 2.0 support
It doesn’t have gateway routing/SD-WAN capabilities
No 5G support

Opengear Operations Manager limitations

Both the OM2200 and OM1200 models suffer from similar limitations regarding automation, especially with the base version of the Lighthouse software. Even the upgraded Automation Edition, which unlocks ZTP and RESTful APIs, doesn’t provide much automation for end devices beyond running Python playbooks. This limits operational efficiency, slows down new deployments, and impedes the team’s ability to quickly rebuild core infrastructure after a failure or ransomware attack. Another issue with the OM1200, in particular, is that while its compact size will save space in your edge data center and branch office rack, it’s still a single-purpose device. That means you still need to purchase separate solutions for gateway routing, switching, and/or edge compute. These additional devices take up space, cost extra money, and require time to configure and manage.

Opengear alternatives from ZPE Systems

ZPE Systems provides an alternative option for NetOps-enabled OOB console servers called the Nodegrid solution. All Nodegrid devices run on the open, Linux-based, x86 Nodegrid OS which supports VMs and Docker containers to run your choice of third-party automation, software-defined networking/SD-WAN, and security applications. Nodegrid’s robust, onboard security protects lost or stolen devices with features like TPM 2.0, encrypted SSD, UEFI BIOS, secure boot, and geofencing. Nodegrid can also extend ZTP and other automation to legacy and mixed-vendor end devices for end-to-end network infrastructure automation. Try ZPE’s product selector to see which of Nodegrid’s serial consoles or integrated branch routers is right for your deployment. Below, we review the two models that serve as direct replacements for the Opengear OM1200 and OM2200 solutions.

Nodegrid Serial Console Plus (NSCP)

The Nodegrid Serial Console Plus (NSCP) is an alternative to the OM2200 for data center and high-density deployments. The NSCP connects 16, 32, 48, or 96 (Patent No. 9,905,980) serial devices, all in a standard 1U rackmount chassis. Dual SFP+, dual Gigabit Ethernet, and optional Wi-FI and 4G/5G LTE modules provide secure Gen 3 OOB management access and failover, ensuring blazing fast speeds and high performance. Plus, the NSCP comes with two managed USB 3.0 ports for additional flexibility.

Click here to see a complete list of Nodegrid NSCP product SKUs.

Nodegrid Net Services Router (NSR)

The Nodegrid Net Services Router (NSR) is an alternative to the OM1200 for edge data center and branch office use cases. The NSR is a modular, compact device that can deliver gateway routing, switching, serial console, and compute capabilities all in a single appliance. Gen 3 OOB and network failover are provided out of the box via dual SFP+ and dual Gigabit Ethernet ports, with optional modules for WiFi and dual-SIM 5G/4G LTE. Additional NSR modules include:

16-port GbE Ethernet
Storage
16-port Serial (for console server capabilities)
16-port USB serial
Compute
8-port PoE+
M.2 Cellular/Wi-Fi/SATA
16-port GbE Ethernet SFP
8-port Ethernet SFP+

Click here to see a complete list of Nodegrid NSCP product SKUs.

Key takeaways:

While the OM1200 and OM2200 provide OOB management with some automation, they have serious limitations that negatively impact operational efficiency. Nodegrid is an Opengear alternative providing a vendor-neutral OOB management platform that delivers unlimited automation, enhanced security, and all-in-one networking for ultimate operational efficiency.

Trade in to get a discount on Opengear alternatives

If you’re ready to replace end-of-life devices from Opengear or other vendors, now’s your chance to get a discount. Visit our trade-in page to get your trade-in offer.
Get Trade-In Offer

See Nodegrid’s Opengear Alternatives in action

Reach out today to view a demo of Nodegrid’s Opengear alternatives in action.
Request a Demo

Opengear OM2200 – Product SKU’s:

OM2216 16 x Serial, 8GB RAM, 64GB SSD, 8 x USB 2.0, 2 x GbE/SFP Fiber
OM2216-AU	Dual AC – Australian power cord
OM2216-EU	Dual AC – European Union power cord
OM2216-JP	Dual AC – Japanese power cord
OM2216-UK	Dual AC – United Kingdom power cord
OM2216-US	Dual AC – United States power cord
OM2216-DDC	Dual DC power
OM2216-L-AU	Global 4G LTE-A Pro cellular module, Dual AC – AU power cord
OM2216-L-EU	Global 4G LTE-A Pro cellular module, Dual AC – EU power cord
OM2216-L-JP	Global 4G LTE-A Pro cellular module, Dual AC – JP power cord
OM2216-L-UK	Global 4G LTE-A Pro cellular module, Dual AC – UK power cord
OM2216-L-US	Global 4G LTE-A Pro cellular module, Dual AC – US power cord
OM-2216-DDC-L	Global 4G LTE-A Pro cellular module, Dual DC power

OM2224-24E 24 x Serial, 24 x GbE, 8GB RAM, 64GB Flash
OM2224-24E-AU	1 x GbE/SFP, Dual AC – Australian power cord
OM2224-24E-EU	1 x GbE/SFP, Dual AC – European Union power cord
OM2224-24E-JP	1 x GbE/SFP, Dual AC – Japanese power cord
OM2224-24E-UK	1 x GbE/SFP, Dual AC – United Kingdom power cord
OM2224-24E-US	1 x GbE/SFP, Dual AC – United States power cord
OM2224-24E-DDC	1 x GbE/SFP, Dual DC power
OM2224-24E-L-AU	1 x GbE/SFP, Global 4G LTE-A Pro cellular module, Dual AC – AU power cord
OM2224-24E-L-EU	1 x GbE/SFP, Global 4G LTE-A Pro cellular module, Dual AC – EU power cord
OM2224-24E-L-JP	1 x GbE/SFP, Global 4G LTE-A Pro cellular module, Dual AC – JP power cord
OM2224-24E-L-UK	1 x GbE/SFP, Global 4G LTE-A Pro cellular module, Dual AC – UK power cord
OM2224-24E-L-US	1 x GbE/SFP, Global 4G LTE-A Pro cellular module, Dual AC – US power cord
OM2224-24E-DDC-L	1 x GbE/SFP, Global 4G LTE-A Pro cellular module, Dual DC power
OM2224-24E-10G-AU	10 x GbE/SFP, Dual AC – AU power cord
OM2224-24E-10G-EU	10 x GbE/SFP, Dual AC – EU power cord
OM2224-24E-10G-JP	10 x GbE/SFP, Dual AC – JP power cord
OM2224-24E-10G-UK	10 x GbE/SFP, Dual AC – UK power cord
OM2224-24E-10G-US	10 x GbE/SFP, Dual AC – US power cord
OM2224-24E-10G-DDC	10 x GbE/SFP, Dual DC power
OM2224-24E-10G-L-AU	10 x GbE/SFP, Global 4G LTE-A Pro cellular module, Dual AC – AU power cord
OM2224-24E-10G-L-EU	10 x GbE/SFP, Global 4G LTE-A Pro cellular module, Dual AC – EU power cord
OM2224-24E-10G-L-JP	10 x GbE/SFP, Global 4G LTE-A Pro cellular module, Dual AC – JP power cord
OM2224-24E-10G-L-UK	10 x GbE/SFP, Global 4G LTE-A Pro cellular module, Dual AC – UK power cord
OM2224-24E-10G-L-US	10 x GbE/SFP, Global 4G LTE-A Pro cellular module, Dual AC – US power cord
OM2224-24E-10G-DDC-L	10 x GbE/SFP, Global 4G LTE-A Pro cellular module, Dual DC power

OM2232 32 x Serial, 8GB RAM, 64GB SSD, 2 x GbE/SFP Fiber
OM2232-AU	Dual AC – Australian power cord
OM2232-EU	Dual AC – European Union power cord
OM2232-JP	Dual AC – Japanese power cord
OM2232-UK	Dual AC – United Kingdom power cord
OM2232-US	Dual AC – United States power cord
OM2232-DDC	Dual DC power
OM2232-L-AU	Global 4G LTE-A Pro cellular module, Dual AC – AU power cord
OM2232-L-EU	Global 4G LTE-A Pro cellular module, Dual AC – EU power cord
OM2232-L-JP	Global 4G LTE-A Pro cellular module, Dual AC – JP power cord
OM2232-L-UK	Global 4G LTE-A Pro cellular module, Dual AC – UK power cord
OM2232-L-US	Global 4G LTE-A Pro cellular module, Dual AC – US power cord
OM2232-DDC-L	Global 4G LTE-A Pro cellular module, Dual DC power

OM2248 48 x Serial, 8GB RAM, 64GB SSD
OM2248-AU	2 x GbE/SFP, Dual AC – Australian power cord
OM2248-EU	2 x GbE/SFP, Dual AC – European Union power cord
OM2248-JP	2 x GbE/SFP, Dual AC – Japanese power cord
OM2248-UK	2 x GbE/SFP, Dual AC – United Kingdom power cord
OM2248-US	2 x GbE/SFP, Dual AC – United States power cord
OM2248-DDC	2 x GbE/SFP, Dual DC power
OM2248-L-AU	2 x GbE/SFP, Global 4G LTE-A Pro cellular module, Dual AC – AU power cord
OM2248-L-EU	2 x GbE/SFP, Global 4G LTE-A Pro cellular module, Dual AC – EU power cord
OM2248-L-JP	2 x GbE/SFP, Global 4G LTE-A Pro cellular module, Dual AC – JP power cord
OM2248-L-UK	2 x GbE/SFP, Global 4G LTE-A Pro cellular module, Dual AC – UK power cord
OM2248-L-US	2 x GbE/SFP, Global 4G LTE-A Pro cellular module, Dual AC – US power cord
OM2248-DDC-L	2 x GbE/SFP, Global 4G LTE-A Pro cellular module, Dual DC power
OM2248-10G-AU	10 x GbE/SFP, Dual AC – AU power cord
OM2248-10G-EU	10 x GbE/SFP, Dual AC – EU power cord
OM2248-10G-JP	10 x GbE/SFP, Dual AC – JP power cord
OM2248-10G-UK	10 x GbE/SFP, Dual AC – UK power cord
OM2248-10G-US	10 x GbE/SFP, Dual AC – US power cord
OM2248-10G-DDC	10 x GbE/SFP, Dual DC power
OM2248-10G-L-AU	10 x GbE/SFP, Global 4G LTE-A Pro cellular module, Dual AC – AU power cord
OM2248-10G-L-EU	10 x GbE/SFP, Global 4G LTE-A Pro cellular module, Dual AC – EU power cord
OM2248-10G-L-JP	10 x GbE/SFP, Global 4G LTE-A Pro cellular module, Dual AC – JP power cord
OM2248-10G-L-UK	10 x GbE/SFP, Global 4G LTE-A Pro cellular module, Dual AC – UK power cord
OM2248-10G-L-US	10 x GbE/SFP, Global 4G LTE-A Pro cellular module, Dual AC – US power cord
OM2248-10G-DDC-L	10 x GbE/SFP, Global 4G LTE-A Pro cellular module, Dual DC power

Opengear OM1200 – Product SKU’s

OM1204	4 x Serial, 2GB RAM, 16GB Flash, 1 x GbE
OM1204-L	4 x Serial, 2GB RAM, 16GB Flash, 1 x GbE, Global 4G LTE
OM1204-4E	4 x Serial, 4 x GbE, 4GB RAM, 16GB Flash, 1 x GbE SFP
OM1204-4E-L	4 x Serial, 4 x GbE, 4GB RAM, 16GB Flash, 1 x GbE SFP, Global 4G LTE
OM1208	8 x Serial, 2GB RAM, 16GB Flash, 1 x GbE
OM1208-L	8 x Serial, 2GB RAM, 16GB Flash, 1 x GbE, Global 4G LTE
OM1208-8E	8 x Serial straight X2 pinout, 8 x GbE switch, 4GB RAM, 16GB SSD, 2 x USB 2.0, 2 x GbE/SFP Fiber
OM1208-8E-L	8 x Serial straight X2 pinout, 8 x GbE switch, 4GB RAM, 16GB SSD, 2 x USB 2.0, 2 x GbE/SFP Fiber, Global 4G LTE

Nodegrid Serial Console Plus – Product SKU’s

Nodegrid Serial Console Plus (NSCP) 4-Core Intel CPU, 4GB DDR4 RAM, 32GB SSD, 2 x SFP+, 2 x GbE, 2 x USB 3.0, 1 x HDMI, 1 x Console
NSCP-T16R-STND-SAC	16 x Cisco Rolled Serial, Single AC power
NSCP-T16R-STND-DAC	16 x Cisco Rolled Serial, Dual AC power
NSCP-T16R-STND-DDC	16 x Cisco Rolled Serial, Dual AC power
NSCP-T32R-STND-SAC	32 x Cisco Rolled Serial, Single AC power
NSCP-T32R-STND-DAC	32 x Cisco Rolled Serial, Dual AC power
NSCP-T32R-STND-DDC	32 x Cisco Rolled Serial, Dual DC power
NSCP-T48R-STND-SAC	48 x Cisco Rolled Serial, Single AC power
NSCP-T48R-STND-DAC	48 x Cisco Rolled Serial, Dual AC power
NSCP-T48R-STND-DDC	48 x Cisco Rolled Serial, Dual DC power
NSCP-T96R-STND-SAC	96 x Cisco Rolled Serial, Single AC power
NSCP-T96R-STND-DAC	96 x Cisco Rolled Serial, Dual AC power
NSCP-T96R-STND-DDC	96 x Cisco Rolled Serial, Dual DC power

Nodegrid Net SR – Product SKU’s

Nodegrid Net Services Router (NSR) Multi-Core Intel CPU, On-board Switch, 8GB DDR4 RAM, 32GB MSATA, Hot-Swappable Fans, 2 x SFP+, 2 x GbE
NSR-TOP1-DAC	Dual AC power, 5 Slots support
NSR-BASE-DAC	Dual AC power, 3 Slots support
NSR-TOP1-SAC	Single AC power, 5 Slots support
NSR-BASE-SAC	Single AC power, 3 Slots support
NSR-TOP1-SAC-POE	Single AC and PoE, 5 Slots support
NSR-BASE-SAC-POE	Single AC and PoE, 3 Slots support
Expansion Cards
NSR-16ETH-EXPN	16 x GbE Ethernet expansion card
NSR-8ETH-POE-EXPN	8 x GbE Ethernet with PoE+ expansion card
NSR-16SRL-EXPN	16 x RJ45 Serial Rolled expansion card
NSR-16USB-EXPN	16 x USB Type A expansion card
NSR-8SFP-EXPN	8 x 10GbE SFP expansion card
NSR-DISK-EXPN	Storage expansion card
NSR-COMP-EXPN	Compute 4-core, 8GB DDR4, 32GB SATA expansion card
NSR-M2-EXPN	M.2/SATA Expansion Card

The post Opengear Alternatives for the OM2200 and OM1200 appeared first on ZPE Systems.