Building the branch office from the ground up

Successful management of a remote office starts with the right infrastructure and tools

Inevitably, the call comes in at 4 p.m.: problems at a remote site. The network seems OK, but one server is completely inaccessible. One switch is pingable but isn’t answering a Telnet connection. There’s no IT staff at the site, and this problem has caused all work to cease. Looks like a long night for the admins.

At least it used to mean a long night. Today, it could probably be

resolved by 5 p.m., without requiring some poor IT worker to embark on a 120-mile round-trip to power cycle a server and maybe a switch. Instead, everyone heads home for a cold beer.

But there’s more to keeping the branch office running than just solidifying remote out-of-band access. An effective branch-office infrastructure starts from the ground up: power control, servers and storage, remote access gear, and practices and procedures all come into play. Doing it right requires careful planning and presents a significant financial hurdle up front, but the first time the day is saved, the cost becomes minor. The second time, the cost is forgotten.

Of course, the gear needed at the site, and your approach to managing it, will depend largely on the work the branch office is doing. But in general, it helps to think in terms of the number of workers the infrastructure will support.

Here you’ll find that the needs and constraints tend to differ significantly for a staff of one to 10 people versus a staff of 10 to 30. The smaller office necessarily requires less bandwidth, less infrastructure, and less time from administrators, whereas a branch office of 20 or 30 workers typically requires a more significant investment of all three. For offices with more than 30 employees, you’ll typically need on-site IT staff, and you’re no longer talking about remote management.

Stocking the small office

The foundation of a small office is generally a small wiring closet and nothing more. In this case, size and heat generation of any SOBO (small office/branch office) hardware is of paramount importance. There may not be room for a standard rack, but there are many options for 4U and 6U wall-mount, locking racks that can actually reduce floor footprint and provide quite adequate housing for a router and a switch -- possibly a small server. Ideally, this gear is located in the same physical location as the telco demarc (the box where your telco’s wiring ends and yours begins), as this will concentrate all infrastructure gear into one space and will reduce the potential for internal building wiring to become a problem.

In this case, smaller is definitely better, with the possible exclusion of the UPS (uninterrupted power supply). The more functions you can pack into a single form factor, the better. Cisco’s ISR (Integrated Services Routers) appliances are a good example of this. Capable of handling either an Ethernet, ADSL, or TDM handoff from an ISP, Cisco ISRs provide basic network connectivity, VPN and MPLS (Multiprotocol Label Switching) capabilities, a limited number of switch ports, wireless access, and VoIP functions from a single, centrally managed point (see our Test Center Special Report: Branch-Office Infrastructure).

15FEbranch_in.gif
Click for larger view.

Even with the addition of a 12-port or 24-port switch, it’s possible to confine the infrastructure of an entire small office into 3U. This results in less hardware to worry about, less power consumption when running on a UPS, and less heat generation. It also means less hardware to worry about replacing, should it be necessary. The days of a small office requiring separate routers, switches, wireless gear, and so on are numbered, if not already gone.

Building the bigger branch

A larger branch office is an animal of a different color. Here, one or more servers may be present, and the networking requirements are generally much heavier. The bigger branch really requires a dedicated data room, but that’s not always an option. In this case, a half-rack such as the APC NetShelter VX is a good bet. The VX is a 25U, fully enclosed, well-vented, and lockable rack that should provide ample room for growth while supporting current needs. Teamed with an APC Smart-UPS XL 2200 VA and the APC Switched Rack PDU (power distribution unit), the basic needs of the office infrastructure are taken care of, and servers or network gear can be power cycled remotely when necessary.

If the rack is going to be home to one or two servers, then cooling becomes an issue. If at all possible, install the rack in a naturally cool and well-ventilated location, and standard office air-conditioning will do the trick.

Bring it on home

When these building blocks are in place, the focus should be on remote administration. For either a small or larger branch office, your remote admin solution should go well beyond KVM-over-IP devices and into the realm of true remote out-of-band management.

For network devices, the Uplogix Envoy is a good example of the new wave of remote admin solutions. The Envoy provides a simple way to remotely manage devices via their serial consoles, backing up normal network access with dial-in and dial-back modem access. It even goes the extra mile by providing a significant level of automated recovery procedures that can bring a network back up without requiring the intervention of an administrator.

When managing remote servers, the stakes are higher. A simple fact of life is that servers are less stable than solid-state network hardware, so they must be treated with greater care. Recently, KVM-over-IP has struck a balance of functionality and price that makes these units deployable in just about any situation. Good options range from Raritan’s KX101, a single-server solution, to Raritan’s KSX series, which provides support for eight servers and eight serially connected network devices, and Avocent’s DSR1031, which has similar characteristics. These devices are meant to be used in conjunction with a larger deployment of KVM switches at headquarters but are aimed squarely at the branch-office market.

Although the IP KVM market is approaching maturity, there is still plenty of room for improvement. Anyone who has used a KVM over IP for any length of time can tell you that video and mouse handling could be smoother. New features are cropping up, too. The Avocent DSR1031, for instance, provides USB data paths via IP, allowing an administrator to map a local USB device to a remote server. This feature can be used to boot and rebuild a remote server from a USB image local to the admin, or to quickly and easily build a data path to a server that’s hundreds or thousands of miles away.

Coming soon to a SOBO near you

Most major server vendors have realized the need for remote out-of-band server management tools for quite some time. Hewlett-Packard, née Compaq, has put at least six years of development into its ILO (Integrated Lights-Out) controllers, Dell has its DRAC (Dell Remote Access Controller), and Sun offers ALOM (Advanced Lights Out Management) and ILOM (Integrated Lights Out Management) controllers as well. In most cases, these controllers aren’t an option -- they’re standard components. Unfortunately, most of these controllers are never configured or used, but as their capabilities increase and they reach saturation, this may change. That doesn’t mean that IP KVM switches and other remote-access gear won’t be necessary because you can’t control switchable power strips, handle modem communications, or deal with serial-console devices with an embedded out-of-band management card in a server.

That said, several IP KVM vendors are working on ways to leverage embedded management controllers by interfacing them with their own KVM products, extending the reach of the IP KVM while providing the rest of the feature set to truly and completely remotely manage a small infrastructure.

Also on the horizon are wireless remote management tools that can do security and performance monitoring and administration over Wi-Fi, quite a big deal if your remote sites are retail stores with wireless registers.

Building out and maintaining any number of remote sites is like painting the Golden Gate Bridge. After you’ve finished the job, it’s generally time to start back at the beginning. If in the next pass you drop in the current crop of remote admin gear, however, you might be able to fire up a laptop, not your frequent-flyer account, when that time comes around again.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies