To protect the security of our customers, we do not associate customer information with our case studies. Please contact us to discuss these and other solutions in further detail.

Bookmark & share this page

Requirement: To improve remote management of various network devices on remote sites without a permanent IT support person. The type of equipment to be managed included switches, firewalls, wireless network, security devices, WAN optimisation and other miscellaneous devices. All equipment required a serial connection for initial setup or troubleshooting. The aim was to reduce potential downtime in the event of a failure or network problem, reduce the need to travel to site and assist with the ability to perform remote upgrades. The solution had to provide robust security with the ability to apply granular access control.

Solution: After evaluating the requirements, Shield IT Solutions selected the Avocent Cyclades for an evaluation process. After a short period of testing, Shield IT Solutions recommended the solution to the customer. The Cyclades product offered console access via a web browser or via the command line using telnet or SSH.

The solution recommended was a single Avocent Cyclades device per site. These were to be connected to an existing firewall on a dedicated interface. The devices were to be accessible from both the internal network and from the Internet. To control access internally the devices were to be linked to an existing Cisco ACS server for authentication. For Internet access, the devices were to be made available by an SSL VPN on an existing firewall. These firewalls each had an ADSL line to ensure access in the event of a WAN failure. To secure access via the Internet, the SSL VPN was to authenticate support users via the existing Signify service. Once users had authenticated via the SSL VPN they then had a second level of authentication as per internal access. As security was a top priority, only SSH was to be used for command line access and the web server would be configured for HTTPS only.

Connecting to a dedicated interface on the firewall away from the switched network and making the devices accessible via the Internet ensured that in the event of a problem with the switched network the device would still be accessible for immediate remote support.

The customer accepted the solution and the devices were installed and connected with minimal impact. The devices were integrated into an existing network management tool using SNMP and configured to send events via syslog to the monitoring server. As a precaution, alerting was used on syslog events to catch failed login attempts.