IpPower - The OUT-OF-BAND advantage

To be a true substitute of local access, a remote connectivity technology needs to fully guarantee two key requirements: security and availability. IPPower's Secure Connectivity Services technology meets the most stringent need of security and availability by implementing on one side a state-of-the-art ISS IPPower Security Standard and on the other the exclusive MultiPath InfraReach Technology that, auto-sensing and auto-switching between IN-BAND and OUT-OF-BAND connectivity, guarantees total availability.

Terminology

An IN-BAND maintenance connection to a network device is what you have when you use the same channel normally used by the device to perform its standard network functions, to perform extra functions, like remote maintenance. This is the case, as the simplest example, of a maintenance connection to a router through its normal network operational path.

An OUT-OF-BAND connection, on the other hand, uses an alternative path to reach the device. The most obvious (but clumsy and expensive) alternative path, available according to local access condition, could be installing a serial cable between a management computer and the router's console port, if we stick to the same example.

The OUT-OF-BAND advantage

While IN-BAND connections are the standard way to reach a device when everything works fine, OUT-OF-BAND connections are needed when, for any reason, some fault happens to the device's normal connectivity or to the device functionality itself.

Again, taking a router as an example of remote device, the router can become unreachable for maintenance purposes when either the network path that leads to the router has been interrupted (for instance for a failure of another router or network node) or the router's network interface becomes unusable for any reason like a miss-configuration operation on the router itself. In all these cases, to perform any intervention there is a needs of an OUT-OF-BAND connection. In the absence of some special hardware installed connected to the router is usually requires a technician to move to the router's location and connect a cable to the serial console port.

The IPPower solution

IPPower leverages on MultiPath InfraReach Technology, developed to guarantee OUT-OF-BAND access to remote devices without any need of local intervention. This allows, for example, InfraReach remote management solutions to help to meet the functional availability requirement by making the managed devices always reachable for management purposes.

MultiPath InfraReach Technology is included in all InfraNode remote controllers in the form of the capability of detecting any loss of the controlled device's IN-BAND connection and in a highly configurable automatic switching function to an alternative connectivity path.

Back to the router example, an InfraNode connected to the router's ethernet port can establish a secure IP tunnel to the mainteiner's computer running the InfraClient. Through this connection, the user can safely access a router via its private-network when the standard connectivity is available: the InfraNode can use the corporate network facility to access the InfraReachServer, the maintenetr's PC and the router itsef.

The availability becomes critical when the router starts being unaccessible via its normal network path due to the router's instability or a cut-off in the network connectivity. Even worse, if the router is the gateway to the Extranet or the Internet the whole network will become unaccessible. In this case, InfraReach with its Multipath InfraReach Technology can make the difference: If the InfraNode has been connected to the router's console port and its internal modem to a PSDN telephone line or an internal GSM/GPRS module has been installed, there will be no loss of availability. When automatically detecting the network loss of connectivity the InfraNode will switch for instance to a on demand PSTN connection to an Internet Service Provider or to a mobile carrier via GSM/GPRS. This way, the InfraNode will be able to connect to the InfraReachServer and trigger the sending of an alarm for the loss of conectivity to the technician in charge. The OUT-OF-BAND connectivity path, in the InfraReach Platform, can in most of cases be activated ON DEMAND. InfraReach OUT-OF-BAND connectivity will transparently allow the technician's InfraClient to start a maintenance session even when the main connectivity path is unusable. InfraReach OUT-OF-BAND connectivity will allow full operational access to the router's console via the virtual serial port automatically created on the technician's PC: He/she will functionally operate as when physicaly connected to the router's console itself. Via such a fully encrypted secure connection the technician will be able to send configuration commands, and make all necessary operation to reconfigure the router in order restore operational condition. This way operation on the router's console will take place independently from distance and standard connectivity conditions. The access will be functionally identical to a local cable connection to the router's console but won't require the user to travel to the router's location. If the router status is so compromised that bringing it back to life would require a hard boot, this can obviously be obtained only by switching off and back on again the router. Even this operation can be performed by the InfraReach powered technician fully securely and remotely thanks to InfraReach Secure Power Control (ISPC) technology. Secure Power Control (SPC) technology can perform as well boot sequence control (console interruption of standard automatic boot procedure) in order restore the router in a known configuration where everything, including system passwords have to be reloaded.