by Barry Cox

Satellite communications represent a cost effective and reliable means of transporting voice, video and data to and from remote locations. However, as the adoption of satellite-based communication networks continues to grow, so do the management challenges. Bolstered by high-speed satellite links, network infrastructures are pushing farther into the most demanding remote areas – jungles, mountaintops, deserts, and oceans. Regardless of geographic location, operational, and IT staffs are expected to maintain high availability, reliability, and security of their satellite networks to deliver the business applications they run — a daunting task.

However, when network problems arise and connectivity is lost, devices that use or manage this network are lost as well. These components include traditional network management devices and systems that communicate over the managed medium. When a remote device cannot be seen or managed over a network link, it requires an expensive and time-consuming site visit by a technician.

No one is more in tune to this problem than satellite service providers that frequently support terminals in remote areas. A terrestrial VSAT or teleport may be at a site that requires several hours of driving time. An isolated offshore drilling rig is at least a helicopter ride away. As a result, Service Level Agreements (SLAs) are missed, costs explode, and time is lost.

Next-Generation Remote Management

IT administrators who are tired of absorbing the costs and business risks of network problems, service providers and end users with demanding high availability requirements are applying a new remote management approach. This new approach reduces the cost and complexity of supporting satellite network environments, and can act intelligently as an IT administrator’s eyes, ears, and hands. The result performs routine maintenance and problem resolution to ensure the network and system devices consistently stay up and running to support the applications critical to the business.

Next-generation remote management is dependent upon an appliance-based architecture that integrates three built-in intelligence and security functions addressing remote management challenges more quickly, securely and accurately:

• Access: Enables constant accessibility to gather, store, and process information, regardless of the state of the network.
• Control: Automatically discovers, diagnoses, and fixes routine problems in near real time.
• Enforcement: Enforces IT and security policies though a comprehensive security model that can run standalone or in conjunction with the existing corporate security standards.

By working together, these functions displace remote site visits with a secure remote management solution that can be trusted and relied upon to execute monitoring, maintenance, and remediation any time of the day.

While there are many challenges secure remote management addresses, two specific problems satellite providers are most concerned about today include; automated problem resolution, and IT policy and security compliance.

Automated Problem Resolution

Whether IT staff is sent to remote locations in order to fix network problems like restoring unresponsive devices, or just to perform routine system maintenance such as upgrades or configuration changes, companies are forced to invest the time, money and valuable staff to remote locations. This time and cost can be recouped by simply relying on the intelligent automation capabilities that secure remote management can provide. Additionally, the use of automation helps reduce operator errors that may arise when relying on technicians to maintain and fix problems at remote sites.

According to Nemertes Research, IT staff at large enterprises spend between 30 and 50 percent of their time troubleshooting and fixing problems at remote locations. As companies who rely on using satellite-based networks continue to add more remote sites, IT staffs are stretched even further. In addition, delays in reaching these remote locations results in more production time lost. Nemertes Executive Vice President Robin Gareiss says this problem can easily be resolved by replacing the manual processes of IT staff with automated management tools.

Secure remote management has the ability to automate hundreds of network routine maintenance and recovery tasks. These include detection and correct diagnosis of equipment and communications failures; executing pre-defined, best-practice recovery procedures; provisioning and re-provisioning services; configuring devices via remote administration; and measuring and managing both application and network service levels from a remote perspective.

As the global demand for skilled remote IT staff increases, many industries and business sectors are deploying secure remote management. Satellite service providers have been able to automate more than 75 percent of their customer’s routine network support and maintenance tasks. In addition, they have been able to do more with less without having to increase or overextend IT staff, while also minimizing expensive, on-site visits that ultimately lower support costs in the process.

IT Policy and Security Compliance

Just as in the datacenter, security and management policies at remote sites must be enforced, even during a network outage or other maintenance window. System administrators and management must; a) have visibility to all who have access to devices on the network; b) control what is being done while the devices and network are being accessed; and c) have the ability to accurately report on all user interactions in order to satisfy security and compliance requirements. Secure remote management makes meeting these requirements possible.

Historically, when outages have occurred at a remote location, outsourced support staff would likely be given root-level access to systems and applications to quickly restore them from “bare metal” or other impaired states. As a result, organizations became unnecessarily exposed to potential security risks and threats.

The positive aspects of secure remote management are in providing encrypted access to all managed devices, enforces authorization and authentication policies while auditing all user interactions and configuration changes. In addition, the intelligent architecture ensures both internal and regulatory security standards will be enforced at all times, even during a network outage or service disruption, which addresses the problem without new costs and complexity.

Meeting All the Requirements

Secure remote management enables enterprises with distributed remote infrastructure to overcome the limitations of network-dependent monitoring tools to maintain remote sites online, under control and on budget.

By co-locating management technology at a remote site, secure remote management can perform the majority of the routine administration, maintenance and recovery tasks normally performed by an on-site technician, but in a quicker, error-free manner and at a fraction of the cost. And by diagnosing and fixing problems locally, automating routine maintenance tasks, and controlling access to networked devices from a centralized location, support costs and incidences of downtime are dramatically reduced.

Secure remote management supporting satellite-specific applications has been adopted within many business sectors including the financial services, oil/gas and maritime industries.

Therefore, the next time communication is lost with that oil rig off the coast of Africa, or just a VSAT or teleport across town, IT administrators and management can relax. Companies no longer need to absorb the cost and risk of sending a technician across the city or the world, and worry about lost production time. Getting communications with the remote site back up and running can be done quickly, automatically and error-free with a secure remote management solution.

How Secure Remote Management Works Because secure remote management (SRM) appliances are deployed at remote locations, they can locally manage a wide variety of networking gear, including satellite modems, switches and routers, as well as intelligent racks, and power and environmental control systems. To ensure the SRM appliances can communicate during a network outage, a secure and reliable alternative communication path is designed into the architecture. Dial-up and wireless service can be used; if the VSAT is in an extremely remote location, low earth orbit connections can also be used. Many satellite service providers use service from Globalstar or Iridium for their secondary connection. Through this direct connection to the console (serial) ports of the remote devices, the appliance can query the connected devices every few seconds, storing the data locally. Since the data is stored locally and doesn’t need to be transmitted on a regular basis, there isn’t a cost penalty for sampling frequently. Detailed event logs are available on an as-needed basis to help with problem resolution. Once a sufficient repository of data has been gathered, it can then be analyzed. For a SRM appliance polling console ports at a remote location, the amount of data to indicate a problem can usually be gathered in 30-seconds or less. Once the data has been gathered, a policy engine inside the appliance determines if a parameter is in or out of specification, and either resolves the incident based on pre-approved guidelines, or communicates the problem to the network management center. Once a problem signature is recognized, the SRM appliance can take steps to automatically resolve the incident and restore the service. In addition to restoring network connectivity, the logged and stored management data enable IT and service providers to establish a root cause that required the reboot. Such a determination can help to avoid in the future, or establish as a routine device issue that the SRM appliance is authorized to address automatically. Unexpected downtime is always a possibility during software upgrades of network hardware. In some cases, the devices fail to boot after a new software load, thereby requiring a reliable and secure way to backtrack. In these cases, the SRM appliance needs to be able to restore the last-known-good-configuration automatically. The local control logs can then be examined once the network has been restored to understand what caused the network aberration. Management actions and associated logging data exchanges between the NOC and the remote sites should be safeguarded. Designing a remote management platform with a robust AAA (authentication, authorization, and audit) security model, combined with the physical properties of a specific purpose appliance, ensures the protection of the systems and network devices and the network itself. This way, all actions are logged and stored locally, giving visibility to all management actions to these devices.

---

Barry Cox is the Chief Technology Officer at Uplogix and can be reached at bcox@uplogix.com. He has spent his career developing products for e-commerce and information systems and has managed across a number of corporate functions, including all areas of product design and development, as well as revenue generation and customer support. Prior to Uplogix, he was at AlterPoint, where he was responsible for product design and release management of their network device configuration management solution. Previously, Mr. Cox held senior technical, sales, and executive management positions at Coremetrics, Intellifact, Drake Industries, and CyberMark.