This post was originally published on ZPE Systems
A third, less common approach is to deploy OOBM devices both top-of-rack and end-of-row. This makes the OOBM network highly resilient to both outages and ransomware attacks, providing a completely isolated management environment while maintaining the flexibility of a ToR deployment.
Out-of-band deployment best practices
The following best practices can help improve the flexibility, security, scalability, and resilience of out-of-band deployments.
Vendor-neutral platforms
Using vendor-neutral OOBM console servers helps consolidate data center management in a single platform. These devices can manage infrastructure from any vendor and integrate with third-party solutions for security, automation, troubleshooting, and more. Vendor-neutral OOBM deployments reduce management complexity and costs, while ensuring easy scalability.
OOBM security
OOBM devices and networks must be protected against compromise to keep bad actors from commandeering the control plane. The best practice is to use OOBM switches with strong hardware security, SAML integrations for multi-factor authentication (MFA) and single sign-on (SSO), embedded firewalls, and frequent firmware/software updates to patch new vulnerabilities.
Infrastructure automation
OOBM serial consoles should support automation to improve scalability and efficiency, while reducing complexity and recovery times. At a minimum, they need zero-touch provisioning (ZTP) to automatically configure new infrastructure devices over the network. Advanced solutions like the Nodegrid
— Read the rest of this post, which was originally published on ZPE Systems.