This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Out-of-Band Management

What if, any, mechanisms do you use for out-of-band monitoring and (emergency or non-emergency) management of Sophos/Astaro (or other) appliances?


This thread was automatically locked due to age.
  • It's not needed for most security applications.  For multipurpose servers, VM hosts, etc. , yes, IPMI and KVM over IP is a good thing to have.  Not necessary for UTMs.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • I have IP based KVM & serial access to most of the devices but that's usually just for basic diagnostics to dtermine the source of a "Internet is Down" complaint. Most any problems beyond that I have to go onsite anyways so my cisco cable and USB Crashcart adapter are my usual freinds.
  • I'm not trying to suggest out-of-band functions are required for all environments/implementations.

    Some (many?) ASG/UTM/SGs units have never, and may never, in their deployed lives require keyboard/monitor/USB/CDROM intervention - but I don't think that means nobody could/should ever make considerations, or provisions, to reduce some of the pains that can come with needing such interventions for their own environments/implementations.

    I've used all of the above (including nothing) in the past - depending on the requirements and budget of the operations/projects.

    Out-of-Band access can help with:
    Limited/restricted physical access environments
    Business location/hours and IT staff location/skill/hours distribution disparities
    Risk management: time-to-identify/recover/repair