Data center management professionals commonly use network management tools for monitoring and restoring the operation of network nodes such as computer servers, network appliances, security appliances, storage devices, sensors, and controls. These typical network management tools permits the professional to manage and restore the operations of the network nodes remotely. Typically, these network management tools are divided in two categories: in-band management tools and out-of-band management tools. An in-band management tool relies on the data network connected to the network nodes to transport the management information. An out-of-band management tool creates an alternative path to communicate with the network nodes using alternative hardware means such as dial up phone lines or separate networks that are used exclusively for management. The out-of-band management tool permits the supervisor to access the managed network nodes even when the network nodes lose network connectivity.
The in-band management tools rely on network protocols, such as Simple Network Management Protocol (SNMP), which are commonly used to manage large networks. Several examples of commercial in-band management tools following that architecture are the HP® Open View, IBM® Tivoli, BMC® Patrol, and CA® Unicenter products. However, these in-band tools become ineffective whenever the data network associated with the network nodes fails or a managed device loses network connectivity. Thus, these in-band network management tools leave network administrators in a deadlock position (e.g., the device fails and brings the data network down and the administrator cannot reach the device because the data network is down). Examples of common causes of the deadlock position include software crashes, configuration errors, hardware malfunctions caused by power surges, need to upgrade firmware and/or network failures. Thus, failures that cause the network node to be disconnected from the data network require a human operator to travel to the location where the network node is located so that the human operator can interact with the piece of failing equipment through a terminal directly connected to a management port or actuate physical control switches to restore functionality of the failing equipment. The need to have a human operator travel to the location of the network node is expensive, causes a great amount of time to be spent by the human operator, and causes business losses by causing long data network downtime.
To overcome this limitation of in-band network management tools, systems were created that enable the remote access to the out-of-band management ports and other control functions of the network node, such as power-cycling, monitoring of temperature and other health indicators, without the need for a human operator to physically travel to the location where the incident occurred. Typically, the physical interfaces for out-of-band access includes serial consoles, KVM ports, power circuits, temperature and humidity probes and/or remote actuators. While effective, the building of an alternative, independent network using different connection media for out-of-band access increases the cost of building a data center.
In an effort to standardize the physical interface and reduce the cost of out-of-band access, an industry consortium has developed an interface called Intelligent Platform Management Interface (IPMI). Other vendors have created similar proprietary interfaces. For example, HP® has its Integrated Lights-Out (ILO) interface and Sun Microsystems® has its Advanced Lights Out Module (ALOM) interface. The protocols for these interfaces are well known. These out-of-band management interfaces can only be used with certain types of network nodes and define a protocol above TCP/IP and utilize common Ethernet media for transport of the management information.
Both legacy and newer out-of-band interfaces and protocols lack the robustness and security features to be transported beyond the local management network. Thus, there is a need for aggregators or gateways that consolidate one type of access interface and can provide the authentication and encryption functions required for remote network management. Examples of those aggregators include console servers (aggregators for serial console), KVM-over-IP switches (aggregators for keyboard-video-mouse ports), intelligent power distribution units (aggregators for power control circuits), IPMI gateways (aggregators for IPMI interfaces), etc. Several commercial products exist to aggregate each type of access interface/physical media and provide remote access.
The resulting conventional situation is a typical heterogeneous data center that utilizes a plurality of disparate systems for a complete management solution of new and legacy systems. In addition to the in-band management tools, data center managers utilize console servers (for Unix/Linux systems, network equipment and automation devices), KVM-over-IP switches (for Windows servers), intelligent power control units (for remote power control), environmental monitoring and the software systems associated with each type of out-of-band interface. This increases the cost to implement and the complexity to operate management systems for data networks, requires a great amount of training, fosters problems caused by operator errors, and increases the time needed to correlate incidents from different management systems and restore network services. Thus, it is desirable to provide a system and method for securing, consolidating and automating out-of-band access to network nodes in a data network wherein various different protocols and interfaces are supported and it is to this end that the present invention is directed.