Simplifying the Enterprise Edge 
Products   | Solutions   | Resources   | Support   | News & Events   | About Us

 
Home » Resources
NetDevices Lifeline Management Framework

A NetDevices Technical Note


Download the PDF
PDF Icon
This technical note describes the key features of NetDevices' Lifeline management frame-work and how they enable enterprises to comprehensively address their requirements for branch infrastructure management.

With mission-critical business applications at the branch, it is vital for IT departments to be able to respond rapidly to any branch office issues that could impact the availability of applications. In addition, the increasing sophistication of applications and networking services at the branch requires skilled, expensive IT resources to operate and manage branch office infrastructure. It would be a challenge, and economically unviable, for enterprises to provide live support with skilled staff at each branch. In order to efficiently and cost-effectively overcome this challenge, enterprise IT staff require anytime access to all system management functions and they need 100% remote management access to these functions.

These requirements cannot be satisfied by traditional branch office solutions, which are based on cascaded point devices. Each device has its own management system leading to complex and resource-intensive system management. There is little or no support for remote management, and expensive truck rolls are required to fix problems and add new services. Delayed response to problems often results in unacceptable levels of downtime for critical applications. To overcome these challenges of branch infrastructure management, enterprises need next-generation branch office solutions that unify multiple branch networking services and enable them to fundamentally re-architect the way their branch office networks are built & managed.

To efficiently and effectively address the emerging new requirements of branch infrastructure management, a unified services platform, or gateway, has to deliver the following key capabilities:

  • Always available access to all system management functions, independent of the state of the system
  • 100% remote manageability, with ability to trouble-shoot, fix, upgrade & re-configure
    services remotely
  • Ability to roll out applications to all non-HQ employees on an as-needed basis
  • Efficient, unified management of all services

Lifeline Management Framework:
A Key Element of NetDevices Services Gateways

Through its patent-pending Lifeline management framework, NetDevices unified services gate-ways are purpose-built branch office solutions designed to provide unprecedented levels of manageability and serviceability for enterprise branch services. The key aspects of the Lifeline management framework include a separate management plane with dedicated processors, N+1 redundant architecture, multiple access mechanisms to reach the system and unified manage-ment of all services. These elements are combined with intelligent software processes to deliver highly available remote access to system management, independent of the state of the system.

Each key aspect of the Lifeline management framework and how it helps address the challenges outlined above are described in the following sections.

Separate Management Plane with Dedicated Resources

The foundation of the Lifeline management framework is a dedicated management plane that is separate from the data and control planes as noted in Figure 1 below. The separate management plane plays a critical role in ensuring uninterrupted access to system management even under the most adverse conditions.
Lifeline Tech 1
 

The management plane is equipped with dedicated resources, including a separate bus architecture, dedicated processors, dedicated switching fabric and separate management software processes. This enables complete isolation of system management functions from packet processing and control plane functions. As a result, management access to the system is unaffected under conditions such as failure of a data plane function (like routing or firewall), or high main processor utilization caused by high load or Denial of Service (DoS) attack. In contrast, with traditional solutions, there is no guarantee of being able to access the device when the main processing resource is unavailable.

N+1 Redundant Management Processors

Under the Lifeline management framework, there are multiple active instances of the management process running on each line card, powered by its own management processor. The management plane portion of each line card is connected to a separate management plane switch in the switching card, while the data plane portion is connected to a data plane switch in the switching card. Additionally, a second switching card can be provided for redundancy, with a parallel set of redundant connections between each line card and the second switching card.

This patent-pending architectural innovation, illustrated in Figure 2 below, plays a critical role in ensuring that access to system management functions through the management plane is always available. This will be elaborated further in the following section using a few example scenarios.

Lifeline Tech 2
 

Uninterrupted Access under Different Failure Modes

We will first take a look at how the Lifeline framework ensures continued access to system management when there is a failure in the Services Engine (SE), which is the packet processing core of the NetDevices services gateway. Typically all packets, including management data packets, are forwarded through the SE. As noted earlier, under the Lifeline management framework, there are multiple active instances of the management process running on each line card. Hence, if there is a problem with the SE, this is detected by the Lifeline Manager and a special “rescue� mode of operation is automatically initiated to ensure uninterrupted access through management plane processes running on a different line card as illustrated in Figure 3 below. As a result, full management functionality is available for rapid trouble-shooting and corrective action. In traditional solutions, such a scenario would have led to a complete loss of management access & functionality.
Lifeline Tech 3
 

Next we will take a look at how the Lifeline framework deals with failure of a regular line card. If there is a problem with just the data plane functionality on the line card, this will be detected by the management process on that card. The data plane can be re-initialized (automatically) or re-configured to fix the problem through the management plane processor on that card. On the other hand, if there is a failure of the line card itself, full management access to the card is still available through the management plane, which can be used to remotely power off/power on the card or do further trouble-shooting.

If a software component or feature fails, the feature health monitor in the management plane detects this and automatically initiates a restart of the process. In most cases, a restart of the feature will resolve the issue and the problem is fixed without any manual intervention. If there is an extended failure within a very short interval of time (typically two minutes), an alarm is raised to trigger manual intervention for trouble-shooting and restart of the feature. The Lifeline management framework ensures that remote management access is always available for rapid and efficient manual intervention.

Multiple Access Mechanisms

The NetDevices unified services gateways support multiple access connections to reach the system, including in-band (primary) and out-of-band (secondary) access modes. While some traditional devices also support out-of-band access, by leveraging the dedicated management plane and intelligent software processes in the Lifeline framework, NetDevices delivers the following unique advantages: (1) full in-band management functionality continues to be available under a wide range of failure modes; (2) out-of-band access is available even if the data and control planes are not accessible. With traditional devices, since there is no separate management plane, if the data plane or control plane is unavailable, this will result in loss of both in-band and out-of-band management access.

Unified Management of all Services

To deliver the full set of operational benefits resulting from service convergence, a multi-service platform has to go beyond simple integration to support unified management of all services using a common management system. The NetDevices Lifeline management framework provides a comprehensive, unified, web-based or CLI management system to remotely manage all branch office services. All services are managed via a common interface with granular, detailed instrumentation and control provided for all components and modules in the system. A sample screen shot of the unified NetDevices management system has been included in Figure 4 below.
Lifeline Tech 4a
 

In a branch office network with multiple services, it is possible to have inadvertent conflicts between different services. For instance, the firewall access control policies may conflict with the routing policies. With NetDevices' unified services approach, the NetDevices management system has full visibility over all services and built-in knowledge of the interactions between services. Hence, it is able to support an application-aware configuration process, in which a wizard-based approach is used to drive towards the right configuration for each service, and automatically detect & resolve configuration conflicts. The system supports the ability to create common policies across multiple services. Additionally, in NetDevices' "Common Classification" approach, each packet is classified at the system ingress point and the packet traverses through the rest of the system with all aspects categorized. This approach allows a uniform view of classification across all services, thereby facilitating consistency and ease of configuration.

Comprehensive Remote Management

The distribution of sophisticated applications and services to branch offices requires skilled IT staff to manage branch office networks. This poses a serious problem for enterprises due to the difficulty of finding skilled resources and the cost of staffing each branch office with such resources. To overcome this challenge, enterprises need the ability to efficiently perform all management functions remotely from a central Network Operations Center (NOC) facility.

The NetDevices Lifeline management framework enables enterprises to meet this requirement by providing 100% remote manageability. All the sophisticated management capabilities described in earlier sections can be performed remotely while appearing to be local, thereby eliminating the need for on-site intervention and delivering substantial operational cost savings.

Granular visibility and control is provided for remotely performing all critical management functions such as system monitoring, trouble-shooting, service provisioning, configuration management and software upgrades. New services & applications can be quickly rolled out on an as-needed basis to all branch offices via remote software upgrades and remote provisioning of new services. This enables the centralized NOC staff to manage a complete remote office network and multiple services without the need for truck-rolls or on-site administration.

Key Benefits

The following table summarizes the key benefits offered by the NetDevices Lifeline management framework and the features that deliver these benefits:

Key BenefitsDerived From:
Maximum availability & enhanced enterprise productivity
  • Always available access to system management
  • Full management functionality under a wide range of failure modes, enabling rapid trouble-shooting & recovery
  • 100% remote manageability
  • Non-disruptive service upgrades & configuration changes
Lower OpEx
  • 100% remote manageability
  • Efficient, unified management of all services
  • Efficient use of centralized IT resources; less resources, less time
  • Elimination of on-site intervention & truck-rolls
Enhanced IT staff productivity
  • Less time spent on upgrades, trouble-shooting & routine maintenance
  • Efficient use of centralized IT resources

Summary

Enterprises are distributing more & more applications to branch offices. To support this trend, branch office networks are becoming more sophisticated, and enterprises need skilled IT staff to manage branch office infrastructure. IT staff has to respond rapidly to any issues that impact availability of critical business applications. Having skilled IT staff at each branch office is not feasible or economically viable. Hence, enterprises need always available access to all system management functions, combined with 100% remote manageability. The NetDevices Unified Services Gateways, based on NetDevices' Lifeline management framework, are purpose-built solutions architected from the ground up to unify multiple branch office services and deliver unprecedented levels of manageability & serviceability to branch office networks.
Lifeline Animation button
"To provide an effective platform for branch office information systems the whole platform has to be designed for a management subsystem. It must have reliable access to I/O busses and device control logic even if the core OS is tied in knots."

Peter Christy
Internet Research Group

Quick Links
PDF Icon
 Converged Branch Office Infrastructure
Internet Research Group, June 2005

 
Copyright © 2005-2008, NetDevices Inc. All rights reserved. NetD, NetDevices, the NetDevices logo,
ModuLive, LifeLine & OnePass are trademarks of NetDevices, Inc. 		Feedback | Privacy Policy