This post was originally published on ZPE Systems
Image: MSP remote access relies on the very infrastructure it manages.
This architecture has some benefits. It centralizes access control for the specific customer environment, somewhat simplifies credential management, and allows security teams to enforce authentication policies before engineers reach sensitive systems.
But remote access relies on the assumption that all of this production infrastructure remains operational.
What happens when it fails?
When In-Band Management Breaks: Common Failure Scenarios
VPNs and jump hosts operate entirely in-band, meaning they rely on the same network infrastructure they are meant to manage.
We covered this dependency at length in our last MSP article. Essentially, in-band management is cut off during failures, turning small issues into big outages that eat into MSP margins. And there’s a whole range of failures that can occur. Here are just a few of the common scenarios that lead to long outages and truck rolls:
Routing failures can entirely remove the path between engineers and the environment. A BGP misconfiguration, OSPF failure, or even a bad firmware update can drop VPN sessions instantly. The device causing the issue may still be running, but without access, engineers can’t fix it.
Firewall policy errors often block management traffic. A single misapplied rule
— Read the rest of this post, which was originally published on ZPE Systems.
