Information Technology professionals commonly use tools to remotely access and control network nodes such as computer servers. These typical remote access tools permit the IT professional to manage and restore the operations of the network nodes remotely. Typically, these remote access tools are divided in two categories: In-band Tools and Out-of-band Tools. An In-band Tool communicates with the Managed Device relying on the same network interface utilized by the Managed Device for connection to the data network. An Out-of-band management tool communicates with the Managed Device using a separate access media (such as a serial console port or the keyboard-video-mouse interface) that is used exclusively for management. Out-of-band Tools permit the supervisor to access the Managed Device even when the Managed Device loses network connectivity.
In In-band solutions, the Managed Device and the Remote Access Client communicate using well known network protocols, such as Remote Desktop Protocol (RDP), Secure Shell (SSH) and Virtual Network Computing (VNC). In-band Tools allow network administrator to view and interact with the Managed Device using a simple program (the “Viewer” or Remote Access Client) on another computer anywhere on the network (Intranet, Internet and/or Extranet). The two computers need not be of the same type, so for example one can use and In-band Tool to view a Linux server on your Windows PC at home. FIG. 1 shows how In-Band Tools work.
In-band solution comprises three different components. The Remote Access Service which resides in the Managed Device; the Remote Access Client, which resides in the Client Node; and the Network, which is used as a communication path between the Server and the Client applications. Due to this architecture, any In-band Tool requires the proper functioning of all three components to work. If the Managed Device is not functioning properly the Remote Access Service software will not be able to work properly and thus the Client Software will not be able to access the Managed Device. Likewise, if there is a problem in the Network, the Remote Access Client will not be able to reach the Remote Access Service making the solution unusable. For these reasons In-band Tools are normally used for routine maintenance where there is little or no risk of an error occurring in any of the three components.
In-Band tools are included in all major Operating Systems. People are used to having these tools ready at no additional cost. Other important characteristics are performance and efficiency. Since In-Band Tools include a component that is embedded inside the Managed Device then the Server-Client communication can be optimized and closely coupled to the normal local user interface which minimized latency and bandwidth requirements. Many solutions (both open source and commercial) are offered today that allow In-band remote access such as Citrix Metaframe, Tarantella, PC Anywhere, OpenSSH, SecureCRT.
In-band Tools, however, become ineffective whenever the Network path associated with the Managed Device fails or the Managed Device loses network connectivity. To overcome this limitation, tools were created that enable the remote access to the out-of-band management ports of the Managed Device. These Out-of-band Tools use interfaces such as serial console and KVM ports to generate management data. FIG. 2 shows how out-of-band tools work.
In-Band Tools such as RDP or SSH are normally used for day to day maintenance of managed devices since they allow for almost instant secure remote access to systems and allow the operator to perform any duties as if they were at the system locally. They are normally network optimized and provide a combination of low bandwidth utilization (compared to Out-of-Band protocols such as KVM/IP) and very good performance with very little latency. The Remote Access Client software required to utilize these protocols are low cost and, in many cases, are included with the Client Node Operating System, which leads to a low cost of usage. The major disadvantage of In-Band Tools is that they require the Managed Device and the Network to be in a stable condition and so cannot be used in situations where the connection to the Managed Device has been lost.
In contrast, Out-of-Band Tools are normally used for emergency access to systems that are not available through In-Band Tools or for high risk management tasks that may cause some interruption to the In-Band Flow, such as changing an IP address, routing a table configuration, or executing operations that require a system restart. An Out-of-Band solution comprises three components: (1) Out-of-band Device, which interfaces with the out-of-band interface of the Managed Device and converts the data to a format suitable for transmission over the network; (2) the Remote Access Client, which resides in the Client node and communicates with the Out-of-Band Device; (3) and the Out-of-Band Network, which is used as a communication path between the Out-of-band Device and the Remote Access Client. Note that, in some cases, the Out-of-Band device can reside inside the Managed Device such as a service processor embedded onto a motherboard, but it is still a different entity altogether and its function does not rely on the Managed Device. Out-of-Band Devices in use today include Console Servers, like the Cyclades AlterPath ACS and the Lantronix SecureLinx; KVM over IP switches, like the Cyclades AlterPath KVM/net and the Avocent DS Series; and BMC (Baseboard Management Controller), like HP iLO and IPMI.
Out-of-band solutions are more expensive than In-band solutions. Out-of-band tools usually require more network bandwidth and often do not perform well over high-latency, low-bandwidth networks. There is also a limitation on the number of simultaneous connections. Out-of-band Devices usually have a limitation on the number of simultaneous management sessions they can provide and, increasing this number is expensive.
Out-of-Band Tools access the Managed Device using a dedicated management connection and so even when the system is unstable the Out-of-Band connection is normally still available. Since Out-of-Band Tools are required to convert signals from one form to a form suitable for secure transmission over TCP/IP, the network bandwidth requirement may be higher than when using In-Band Tools, performance of the Remote Access Client is lower, latency is introduced and the cost of deployment of the necessary infrastructure may be higher than for In-Band Tools.
Covering all remote access requirements in the most effective and efficient way requires a combined approach using both In-Band and Out-of-Band Tools. Some companies have provided solutions that allow this such as the SSL-UAG+ product from Xceedium. This approach however exhibits several key limitations as follows:                The user must have access to multiple Remote Access Clients (Viewers) in order to use each of the different In-Band and Out-of-Band Tools.        The user must be trained to use different Remote Access Clients and trained to make choices as to which method of access to use. This leads to both increased cost of deployment and ownership and also to increased operator error.        The user must decide which Tool (In-band or Out-of-Band) to utilize at any given time. This can lead to a loss of personnel productivity due to connections being unavailable or to Out-of-Band connections being unnecessarily blocked by another user.        Network bandwidth may be used inefficiently by operators choosing an Out-of-band Tool when an In-band Tool is available.        An operator will unexpectedly lose connectivity to a managed asset and will be required to restart the connection using an alternative protocol. This will be confusing and will lead to higher occurrences of operator error.        
Thus, it is desirable to provide a smart switch module that combines in-band access and tools with out-of-band access and tools while overcoming the limitations of the conventional solutions that combine both in-band and out-of-band tools, and it is to this end that the present invention is directed.