The Gen 3 serial console is the latest innovation in out-of-band management.
But what exactly is it, and where did it come from? In this post, we’ll briefly cover the basics of serial consoles and why you need them, and then dive into the evolving needs that brought about the Gen 3 serial console.
What is a serial console?
A serial console is a multi-port device that you connect to the console port of other devices. This allows you to gain management access to each device via one serial console, instead of having to individually connect to each separate device.
If you have a data center or other location with lots of IT equipment, a serial console is a must-have. It doesn’t just give you convenient access to your device stacks; the serial console is also a foundational component of out-of-band management. Out-of-band means having a completely separate network that you can use to manage your equipment, instead of having to rely on your main production network.
Why do you need out-of-band management?
Imagine relying on your production network to troubleshoot and manage your device stacks. This jeopardizes your security since it exposes you to any bad actors lurking on your network, and significantly increases this risk if directly connected to the Internet. Security risks aside, how are you going to remote-in to a server or router if your network suddenly goes offline?
With out-of-band, you have a management network that’s completely separate from your production network. This drastically shrinks or eliminates your exposure to threats, and also lets you access your assets even if there’s a main network outage. If a server needs to be rebuilt or a router needs to be power cycled, out-of-band lets you gain access through your serial console to perform these tasks independently of your production network.
Out-of-band has been around for a couple decades, and is now going through another evolution in which its requirements are changing. We’ll cover these evolving needs in the next sections, but here’s a quick breakdown to give you an idea:
Gen 1 Serial Console:
All About Remote Access
The main requirement of Gen 1 out-of-band was the need for remote access to infrastructure. Most vendors built a serial console to provide this simple connectivity.
Gen 1 serial consoles are suitable for gaining remote access to devices, but this is where the benefits begin to drop off substantially. That’s because they offer minimal scripting capabilities (if any at all), which means you’ll still spend plenty of time manually provisioning and troubleshooting your environments. When you want to automate fixes and repetitive work — like pushing firmware updates or configuration changes — this generation of serial console will leave you seriously underequipped. And when it comes to security measures and the growing need for Zero Trust Network Access (ZTNA), the Gen 1 simply lacks the internal components and open architecture required to enable Zero Trust controls.
Gen 1 serial consoles do a good job eliminating truck rolls and on-site troubleshooting. But if you’re looking to reduce your workload through automation or meet the latest requirements for Zero Trust Security, the Gen 1 won’t get you there.
Gen 2 Serial Console:
More Automation, Less Hands-on Troubleshooting
With admins and engineers able to remotely access their infrastructure, it became natural to wonder, “What added features could make the job easier?” This brought about a new set of out-of-band requirements focused on automating troubleshooting, and the Gen 2 serial console was born.
The Gen 2 features the same remote access capabilities as its predecessor, but brings more value to troubleshooting by expanding the automation toolkit. This serial console generation enables scripting and automation for more than just basic tasks. For example, if your servers were manually installed and configured but you recently discovered a bug, the Gen 2 allows you to script a fix and automatically push a new bug-free configuration across the environment. On the more advanced side, you could automate provisioning, feature delivery, and device recovery — but only if you have the right amount of resources and tenacity at hand.
Although Gen 2 serial consoles offer more automation capabilities than Gen 1 devices, most vendors limit how far you can extend your automation. Many of these serial consoles feature closed architecture that integrates only with specific vendor devices or APIs, meaning your automation eventually stops at some point. They also require you to learn certain programming languages like Python, or support only a limited set of workflows or Ansible playbooks.
On top of this, many claim to have added security features, but this can give you a false sense of security. Some use the Trusted Platform Module (TPM) but don’t properly integrate it, leaving you without a secure root of trust that makes you vulnerable when implementing new hardware and software. Vendors also often stop supporting their devices after a few years, meaning you don’t get an updated OS or the latest security patches. Because Out-of-Band devices have access to your entire production environment, an adversary can take over of our OOB also gives them access to your in-band systems and ultimately your business. Therefore the correct security implementation is even more important requirement in OOB deployments as it has a major impact on business continuity.
Gen 2 serial consoles help you with remote troubleshooting and can reduce some of your manual work through automation. But if you strive to maximize uptime, site reliability, and security, the Gen 2’s rigidity and vendor lock-in will only hold you back.
Gen 3 Serial Console:
End-to-end Automation, Security, and Control
Many enterprises realize that Gen 2 serial consoles don’t provide the flexibility for them to automate what they need to. There’s growing business demand for availability (i.e. everything needs to work 99.999% of the time), and also more attack vectors that hackers can exploit. In short, the network simply needs to work — from installation through refresh. That’s why we worked with many enterprises and the world’s tech giants to gather the latest out-of-band requirements and create a blueprint for the Gen 3 serial console.
The Gen 3 serial console comes with beefed-up capabilities in remote access and automation, along with added layers of security that enable true ZTNA. Here’s how this serial console meets Gen 3 out-of-band requirements:
Full Pipeline Automation
The Gen 3 serial console helps you minimize human intervention using full pipeline automation. This can only be achieved using an open architecture and rich API libraries. With a Gen 3 serial console, you can automate deployments with Ansible, Chef, Puppet; run own own tools in VM, Docker or Kubernetes; create complex workflows using any APIs you need; and interoperate with other systems in your enterprise ecosystem. Gen 3 addresses the requirements for Immutable infrastructure and NetDevOps.
Gen 3 lets you automate what you need not just what you can, without vendor lock-in getting in your way. You can use your existing expertise along with human-readable commands, instead of having to learn new programming languages and skills. Faster response times and fewer failures makes it easier to achieve 99.999% availability or more.
The same ZTNA principles need to apply to the OOB infrastructure both at HW, SW and management level. Gen 3 system have enterprise-grade security features like UEFI secure boot, encrypted disk, properly implemented TPM 2.0 security, and ongoing swift patches. These give you a sturdy foundation on which to build your automation, so you can maintain a secure root of trust, segment your network, and integrate the variety of Zero Trust controls you need.
Gen 3 security seals backdoor vulnerabilities by checking the integrity of hardware and software that you integrate. Its open architecture also allows you to implement Zero Trust policy tools, Identity and Access Management solutions, and safeguards of your choice.
In-depth Remote Control
Gen 3 serial consoles enable out-of-band that gives you complete access to all connected equipment. This includes the typical servers, switches, and routers, but also PDUs, IPMI devices, environmental sensors, and other physical or virtual assets. The Gen 3 can host all the tools your automation needs for virtual remote presence and also serve as your crash cart when humans want to log in. Centralized cloud management and out-of-box playbooks also helps Gen 3 enable true zero trust provisioning of entire environments.
Gen 3 enables remote out-of-band control of your entire infrastructure, as if you were physically at each location. And it serve as the right device for your automation journey by being the first device in the rack as the bootstrapping target, and also as your crash cart for automated or manual troubleshooting and management beyond Day 0.
See Gen 3 at Cisco Live
Check out this quick video of the Nodegrid Serial Console Plus, and meet us at Cisco Live for a one-on-one demonstration. We’ll show you Gen 3 out-of-band and an automation blueprint used by tech giants. Set up your meeting and we’ll see you at booth #1273.