| Network management is the process of monitoring the IDPS and links, configuring the IDPS, and enabling network services. Network management also includes the collection of performance, diagnostics, and other relevant data about each element to ensure availability and that services are being delivered to meet or exceed service level agreements. Whether a network is being managed locally or from a Network Operations Center (NOC), achieving network management objectives depends on comprehensive and reliable network management solutions. From an architectural perspective, implementing out of band (OOB) management for the IDPS is a best practice and the first step in the deployment of a management network. OOBM networks isolate network users from communication channels dedicated to network management and thereby provide traffic separation to increase security for all network management activities. The management network should have a direct link with local connection to the managed the IDPS. Where this is not possible, the management traffic can traverse over the production network or transient IP backbone via private encrypted tunnel. The OOBM access switch will connect to the management interface of the managed network elements. The management interface of the managed network element will be directly connected to the OOBM network. An OOBM interface does not forward transit traffic; thereby, providing complete separation of production and management traffic. Since all management traffic is immediately forwarded into the management network, it is not exposed to possible tampering. The separation also ensures that congestion or failures in the managed network do not affect the management of the device. If the OOBM interface does not have an IP address from the managed network address space, it will not be accessible from the NOC using scalable and normal control plane and forwarding mechanisms. |
