Branch Office
Yankee Group reports that 40% of enterprise employees work outside the corporate headquarters and in larger more distributed organizations that figure can reach 80%. In USA, the majority of very large businesses (i.e. those with more than 10,000 employees) have 50 or more sites and 30% of this group have 150 or more sites.

Managing the mission-critical server and network infrastructure within the major data centers and central offices of such enterprises is a challenge. However managing the infrastructure that is distributed across regional headquarters, branches and offices - all diversely interconnected through private and public networks - is even more challenging, time consuming and costly. With the increasing regulatory and commercial pressures, the issues of security, reliability and serviceability for these sites dispersed at the edge of the enterprise network have grown in importance for the IT manager. No longer can these remote branch sites be treated as part of the hostile environment and managed by limiting interconnection.

Enterprise branch office

In the larger branch office, with more than thirty employees, you'll typically have some IT staff on-site and the infrastructure and applications are often replicated relatively uniformly (such as in bank branches, travel agencies). Such branches often have a dedicated data room with a few racks with multiple servers and heavy networking requirements. And, invariably, there'll be a UPS and some power distribution units so servers or network gear can be power cycled remotely when necessary.



The local and remote administration requirements for such sites go well beyond the services found in legacy KVM-over-IP devices and serial consoles servers. The servers in the branch will have been supplied by a major server vendor they'll be equipped with integrated out-of-band server management tools (e.g. HP servers will have ILO controllers, Dell/DRAC, IBM/RSA and Sun/ALOM or ILOM controllers). In most cases, such BMCs and service processors aren't an option, they're standard components of the server platforms.

These service processors provide for local and remote BIOS POST access, power cycling and status monitoring of the server. Most incorporate virtual KVM features of a quality level that they can be used as the primary management console (not just for remote management). So the IT staff in the branch office can connect through the service processor on the Windows server and use WTS/RDP to manage the operating system and configure applications. Assuming there's a dedicated management LAN, there is no need for the administrator to connect at all over the corporate operating LAN. Also external KVM devices would only be required where there were older servers on site.

The other networking, telecommunications and power infrastructure in the branch will also have their own local and remote management facilities. Most will be network based (e.g. simple HTTP or HTTPS browser configuration, SoL, Telnet) or serial port controlled. So there is a need to simply, securely and affordably manage this diverse collection, and Opengear can provide solutions that meet this challenge.

IMG4000 and IM4200 solutions The IM4200-2 or IMG4216-25 management solution is well suited to the larger branch office. These integrated solutions provide: A single gateway to locally and remotely manage all the serial and network connected servers and appliances at the site Service processor and BMC management for IPMI, RSA, DRAC, iLO, ALOM and more Centralized in-band and out-of-band management gateway with encrypted authenticated access for local and remote management Sophisticated monitoring, alerts and alarm management with embedded Nagios support The IMG4216-25 solution also has a built in 24 port management LAN for direct connection to service processors and network consoles. So the one gateway can provide simple secure access and control of all the infrastructure at the large remote branch site.

Smaller branch office solutions

On the other hand the enterprise remote or satellite offices can be quite small, with less than twenty employees. Such smaller branch and remote offices will generally be far less organized, not as homogeneous and not have any dedicated IT staff on-site. The IT infrastructure in these small offices is typically found in a small wiring closet. Maybe a 4RU or 6RU wall-mount rack that houses a network device or two and a small server; often in the same physical location as the Telco wiring. Today distributed offices tend to deploy highly integrated network devices like Cisco Integrated Service Routers (the one unit providing basic network connectivity, VPN, wireless access, VoIP functions and a limited number of switch ports). Similarly the smaller branch office will have integrated small business server solutions that consolidate email, print, file storage, web and applications servers. As a result there's less hardware to worry about and it's possible to confine the infrastructure of an entire small office to hardware occupying a few RU running on a small UPS.

So the small office doesn't have wide range of servers and devices as head office (HO), and disaster recovery and information loss may be somewhat mitigated with key local information being replicated at HO (as in many cases the core application is hosted at HO and accessed at the branch across the enterprise VPN). Notwithstanding, the branch can't operate if key equipment is frozen and small branches often represent the point where the enterprise actually presents to its customer. So uptime remains imperative. Also there will be a dispersed array of HO system and network administrators, corporate applications specialists and vendor help desks, and other service providers each seeking to access and control a piece of the branch office infrastructure. So secure remote access is an issue.

For such sites Opengear's IMG4004-5 gateway provides a single integrated point of secure in-band and out-of-band access for all these managers and for all their tools, protocols and management applications. The gateway has flexible yet powerful access control policies, restricting access by IP address, password and account. Users are locally or remotely authenticated and then restricted to only using nominated services and TCP/UDP ports to access the specifically approved devices. And all communications are encrypted so the remote managers have secure access and control. The IMG4004-5 gateway's Ethernet ports provide an affordable direct management LAN connection to four network management consoles, plus direct access to four serial management consoles. Monitoring and alert facilities can be set so the remote managers can ensure the branch enjoys the highest levels of service.