Managing through the underbrush

* A closer look at OOB management

In an earlier column we discussed the many networks overlaying a data center - one was the management network, which we defined mainly in terms of “out-of-band” (OOB) access. This is an area where there has been continued progress.

OOB management comprises both serial management networks - providing console access and KVM sharing - and Ethernet management networks, especially those connecting to servers through lights-out management cards. If the data network is the clear air through which services and data fly among servers, OOB access provides ground-level entry to the servers, through the brush.

Of course, there is plenty of management that goes on in-band, via the server connections to the data network, and typically using products from vendors such as HP, Tivoli, or BMC. Data center managers look to products like that to provide the highest degree of automation, with the expectation of being able to monitor - and to a lesser extent, manage - groups of devices and to do so with helpful, detail-abstracting GUIs.

On the other hand, they tend to look at their out-of-band networks as retail, rather than wholesale, management tools. Mired in the origins of such tools as console sharing devices, many data center managers still see them mainly as sophisticated, shared consoles.

The new functions that have generated the most excitement among users are implicit in that perspective. Replacing bulky, special-purpose cables with Cat-5 twisted pair (plus specialized dongles), for example, was greeted with enormous enthusiasm; providing remote console access by connecting the console manager to the data network was seen as revolutionary. But at the base, it was still about having the equivalent of a console on a box.

Nevertheless, OOB vendors have forged ahead. They have added features (and planned for more) intended to take advantage of the fact that direct-attached out-of-band management platforms offer a solid base from which to perform many tasks that are usually handled with in-band tools. They also exploit the fact that they can do things in-band tools can’t, since those require cycling power or switching network parameters.

Adding OOB access to the management network itself via modem or other low-cost, low-bandwidth alternate data connectivity to the appliance makes the solution even more attractive, especially for that 30% or so of enterprises that still host IT resources in branch and regional offices.

Of course, as soon as you take console access and put it on the data network or make it available via dial-up connections, the requirement for connection security becomes more acute. Any good OOB management tool will implement strong authentication, integrating with an enterprise's authentication framework, and will fully encrypt all traffic to and from managed nodes.

One big hurdle for vendors is that the real leverage for users only comes when they really trust and make use of the automation of management tasks, something they have shown themselves reluctant to do in our research. Consequently, these value-adds are often without value for administrators since they will not use them.

So, while the evolution of OOB management appliances continues apace, and the possibilities inherent in them continue to expand, the underlying problem to be resolved is one of trust, not technology per se. Vendors need to demonstrate that their automation and security are robust enough to make deploying newer tools safe and worthwhile. Administrators need to continue to try automation functionality, so that as it becomes reliable they can use it to get beat an easier path through the ever-expanding tangle of systems management they have to cope with.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.

IT Salary Survey: The results are in