Getting Started with IMI

Introduction to Isolated Management Infrastructure

Isolated Management Infrastructure (IMI) is a specialized framework designed to enhance the security and reliability of managing critical IT assets by segregating the management traffic from the primary business-critical network traffic. This isolation reduces the risk of operational disruptions and security breaches that could affect the core network functions.
IMI operates parallel to your production environment, providing a backdoor for device access in case of an outage.

Key Features of IMI

Security: IMI provides a secure environment by physically and logically separating the management network from the production network. This isolation helps in safeguarding sensitive operations from unauthorized access and potential cyber threats.

Resilience: By decoupling the management tasks from the main network operations, IMI ensures that critical management functions remain operational even if the main network is compromised or experiencing downtime.

Centralized Control: Despite the physical separation, IMI allows for centralized control over all managed devices and systems, offering a holistic view and streamlined management capabilities from a single interface.

Scalability: IMI is designed to be inherently scalable, accommodating the growth of network devices and systems without compromising on performance or security.

Compliance and Best Practices: Adhering to regulatory standards and best practices, IMI helps organizations meet stringent compliance requirements for network management and data protection.

The following image depicts a sample IMI architecture:

Creating a Sample IMI Setup for a Hyperscale Datacenter

To understand how to set up an IMI architecture for a production environment, consider this sample architecture for a hyperscale data center. This example includes two data centers, each equipped with a local coordinator. The local coordinator, an NSR, manages the peers within its site and can support up to 50 peers. NSCP devices act as peers, each capable of managing up to 96 devices.

These devices are connected to a super coordinator located in a different data center. The setup includes two super coordinators, with only one active at any given time to ensure redundancy. This supercluster setup consists of Nodegrid devices deployed in a mesh topology, ensuring high availability and redundancy.

The infrastructure includes both local and remote components connected through various network interfaces, such as fiber and LTE/5G. Below is a pictorial representation of the sample IMI architecture:  

Consider Network Paths

Establishing reliable network paths is fundamental to ensuring that all components within the IMI can communicate effectively. Network paths should be meticulously planned to avoid single points of failure and ensure consistent communication.

• Define primary and secondary routes for each Nodegrid device.

• Configure network interfaces for each connection to ensure redundancy.

Define Network Paths for Reliable Communication

To maintain a resilient IMI, it is essential to define clear and reliable network paths. This involves identifying primary and secondary routes for data to travel between nodes, ensuring that if one path fails, another can seamlessly take over.

• Configure primary network connections (e.g., ETH0) for each Nodegrid device.

• Set up secondary connections (e.g., LTE) as backups.

• Ensure that each connection has its own IP address and configuration.

Define Redundancy and Failover Mechanisms

Redundancy and failover mechanisms are crucial for maintaining network integrity. By configuring multiple network connections and establishing automatic failover protocols, IMI can continue to operate smoothly even when individual components or connections fail.

• Enable network failover settings on each Nodegrid device.

• Set primary and secondary connections, specifying failover protocols.

• Ensure that failover mechanisms are tested and functional.

Verify Path Configurations

Once the network paths and failover mechanisms are configured, it is essential to verify that they function correctly. This involves testing each path and failover scenario to ensure the IMI operates as intended under all conditions.

• Conduct simulated failure tests to verify automatic failover.

• Monitor network performance to ensure optimal operation.

• Regularly test and update failover configurations as needed.

Integrating these elements into the IMI setup allows you to create a resilient and reliable management infrastructure that ensures continuous operation and robust network management.

Detailed Setup and Configuration Guide

Components Overview

This sample Isolated Management Infrastructure (IMI) setup is composed of several key components that work together to provide a secure and efficient management environment.

These components include:

• Super-coordinators: Nodegrid Net SR

• Local Coordinators: Nodegrid Net SR

  Note: You can also use other Nodegrid devices such as NSCP, Nodegrid Gate SR, Nodegrid Hive SR as Coordinators.

• Peer: Nodegrid Serial Console Plus

• Managed Devices

  • Temp/Humidity Sensor

  • Cisco switch

  • ServerTech PDU

• Cluster License

Before you begin, ensure that your Nodegrid NSR and NSCP devices are correctly installed, and it contains the configuration required for this Setup. For more information, refer to the Getting Started Guide for NSR and Getting Started Guide for NSCP.

Setting up a Local Coordinator

Setup Licenses

To enable the full functionality of the Nodegrid cluster, it is essential to apply the necessary licenses. The following steps will guide you through adding cluster licenses to the Nodegrid Coordinator.

1. Go to System :: License.

2. Add Cluster Licenses:

   1. Click the Add License button.

   2. Enter the provided cluster license key.
       

   3. Click Save to apply for the license.

Setup Network Connections

Configuring the network connections is crucial for establishing primary and backup connectivity. This includes setting up Ethernet and LTE connections.

Setup Main Network Connection (ETH0):

1. Go to Network :: Connections.

2. Select ETH0.

3. Set the connection IP Address to <Main-IP-ADDR>.

4. Mark it as the primary connection.
    

Setup LTE Network Connection

To set up the LTE network connection, perform the following actions:

1. Go to Network :: Connections.

2. Select the LTE connection.

3. Configure the APN settings as provided by your network carrier.
    

Setup Network Settings

In other Network Configurations, you need to configure the set the hostname and network failover:

Assigning a hostname to the device helps in identifying it within the network.

1. Go to Network :: Settings.

2. Set the hostname to IMI-Coordinator-01.
    

Setup Network Failover

Configuring network failover ensures continuous network availability by switching to a secondary connection if the primary connection fails.

1. Go to Network :: Failover.

2. Enable network failover.

3. Set the primary connection to ETH0.

4. Add LTE as the secondary connection.
   
    

Configuring Firewalls

Configuring firewalls is crucial for securing the network by controlling the traffic allowed to and from your devices. While this setup does not specify any particular addresses to block, it is recommended to talk to your network administrator or consult network security policies for specific rules.

1. Go to Security :: Firewall in the Nodegrid WebUI.

2. Add Rules:

   1. Click Add Rule to create a new firewall rule.

   2. Configure the desired rules by specifying the source, destination, ports, and action (allow or block).

3. Consult Network Security Policies:

   1. Ensure that the rules comply with your organization’s security policies.

   2. Confirm with your network administrator if there are specific addresses or ports that need to be blocked.

Setup Audit Settings

Enabling audit settings allows you to track and record events within the system, providing a detailed log for security and compliance purposes.

1. Enable File Destination:

   1. Go to Audit > Settings.

   2. Enable File Destination.

2. Enable ZPE Cloud Events:

   1. Go to Audit :: Events :: Categories.

   2. Enable ZPE Cloud Events to ensure that relevant events are recorded and can be accessed for audit purposes.

Setting Up Authentication Services

Setting up authentication services allows for external authentication mechanisms, such as 2-Factor Authentication (2FA) or Single Sign-On (SSO), to enhance security.

1. Go to Security :: Authentication in the Nodegrid WebUI.

2. Add Authentication Server:

   1. Click Add Server.

   2. Select the type of authentication service you wish to add (e.g., 2FA, SSO).

   3. Enter the necessary details such as server address, port, and other required configurations.

3. Verify with your network administrator if an external authentication server is required and which type to use.

Setting Permissions

Setting user permissions ensures that users have the appropriate access levels and can perform only the actions they are authorized to.

1. Go to Authorization in the Nodegrid WebUI.

2. Select the user group for which you want to change permissions.

3. Change Permissions:

   1. Go to the Profile section.

   2. Adjust the permissions accordingly to ensure users have the appropriate access rights.

Setup Coordinator

Setting up the cluster configuration for the Coordinator is essential for managing and maintaining the cluster network. This configuration ensures that the Coordinator can manage connected peers effectively, maintain network stability, and provide centralized control.

1. Navigate to the Cluster tab in the Nodegrid WebUI.

2. Click on Settings under the Cluster section to access the configuration page. This step takes you to the main interface for configuring cluster settings, where you will set up various options to define the Coordinator's role and manage the cluster.

3. Check the Enable Cluster box: Enabling the cluster activates the cluster functionality on the Coordinator, allowing it to manage and communicate with other nodes within the network.

4. Select Coordinator Type: Under the Type section, select Coordinator. This setting designates the device as the main Coordinator, responsible for managing the cluster, overseeing network operations, and ensuring communication between nodes.

5. Allow Enrollment: Check the Allow Enrollment option. Enabling enrollment allows new peers to join the cluster. This is necessary for adding new nodes to the network and expanding the cluster.

6. Set a Pre-Shared Key (PSK): Enter a Pre-Shared Key in the Pre-Shared Key field. The Pre-Shared Key is a security measure that ensures only authorized nodes can join the cluster. This key must be shared with all nodes that will join the cluster.

7. Enable Clustering Access and Peer Management: Check the Enable Clustering Access option.

8. Check the Enable Peer Management option.
   These options enable the Coordinator to manage access permissions for clustering and allow it to handle peer nodes' administrative functions. Enabling peer management allows the Coordinator to oversee the health, status, and configuration of all connected peers

Setup System SNMP Settings

Configuring SNMP (Simple Network Management Protocol) settings is essential for network management and monitoring. SNMP allows network administrators to monitor network performance, detect network faults, and ensure smooth network operations. It enables devices like routers, switches, and servers to send alerts and performance data to a centralized monitoring system.

1. Navigate to the Network tab in the Nodegrid WebUI.

2. Click on SNMP under the Network section to access the SNMP configuration page.

3. This step takes you to the interface where you can configure SNMP settings to monitor your network devices.

4. Click the Add Community button. Adding a community string is crucial as it acts like a password to control access to the SNMP data. Community strings are used to define what data can be viewed or altered.

   1. Enter the community name in the Community field.

   2. Set the access level (e.g., Read Only or Read Write) from the Access Type dropdown menu.

      1. Read-Only access allows devices to be monitored without the risk of configuration changes, while Read-Write access permits configuration changes through SNMP.

   3. Optionally, configure the OID (Object Identifier) and Source if required. The OID specifies the data to be monitored, and the Source defines the IP addresses that are allowed to query the SNMP data.

   4. Click Save to apply the settings.

   5. Set the community name and access level as required.
       

Setting up a Peer

Setup Licenses

Similar to the Coordinator, the Peer node requires appropriate licenses to operate within the cluster.

1. Go to System > License.

2. Add Cluster Licenses:

   1. Click on the Add License button.

   2. Enter the provided cluster license key.

   3. Click Save to apply the license.

Setup Network Connections

Setting up the network connection for the Peer ensures it can communicate effectively within the cluster.

Setup Main Network Connection (ETH0):

1. Go to Network > Connections.

2. Select ETH0.

3. Set the connection IP Address to <Main-IP-ADDR>.

4. Mark it as the primary connection.

Setup Network Settings

Assigning a hostname to the Peer helps in identifying it within the network.

To assign a Hostname:

1. Go to Network :: Settings.

2. Set the hostname to IMI-Peer-01.

Setup Cluster

The Peer node needs to be configured to join the existing cluster managed by the Coordinator. This configuration ensures that the Peer can effectively communicate and be managed within the cluster network.

1. Go to the Cluster tab in the Nodegrid WebUI.

2. Click the Settings under the Cluster section to access the configuration page.

3. Check the Enable Cluster box. Enabling the cluster activates the cluster functionality on the Peer, allowing it to join and communicate within the existing cluster network.

4. Under the Type section, select Peer. This setting designates the device as a Peer, allowing it to join and be managed by the Coordinator.

5. Set Cluster Name, Coordinator's Address, and PSK:

   1. Enter the cluster name in the Cluster Name field.

   2. Enter the Coordinator's address in the Coordinator's Address field.

   3. Enter the Pre-Shared Key (PSK) in the Pre-Shared Key field.
      These settings ensure that the Peer joins the correct cluster and can communicate securely with the Coordinator.

6. Enable Clustering Access:

   1. Check the Enable Clustering Access option.

   2. This option allows the Peer to access and be managed within the cluster.
       

Setup System SNMP Settings

Configuring SNMP settings allows for network management and monitoring using SNMP protocols.

1. Go to Network :: SNMP.

2. Click Add Community.

3. Set the community name and access level as required.

Setting up a Super Coordinator

Setup Licenses

The Super Coordinator also requires cluster licenses to function properly.

1. Go to System > License.

2. Add Cluster Licenses:

   1. Click the Add License button.

   2. Enter the provided cluster license key.

   3. Click Save to apply the license.

Setup Network Connections

Setting up network failover for the Super Coordinator ensures continuous network availability.

1. To Enable Network Failover:

2. Go to Network :: Failover.

3. Enable network failover.

4. Set the primary connection to ETH0.

5. Add LTE as the secondary connection.

Setup Network Settings

Assigning a hostname to the Super Coordinator helps in identifying it within the network.:

1. Go to Network :: Settings.

2. Set the hostname to IMI-Super-01.

Setup Super Coordinator Cluster

Setting up the Super Coordinator cluster is similar to the Coordinator but with a different cluster name.

To configure cluster Settings for a super coordinator:

1. Go to Cluster :: Settings.

2. Enable the cluster.

3. Select Coordinator as the type.

4. Allow enrollment of peers.

5. Set a Pre-Shared Key (PSK).

6. Enable clustering access and peer management.

Join in Coordinator's Clusters

The Super Coordinator needs to join existing clusters managed by other Coordinators.

Join Existing Clusters:

1. Go to Cluster :: Clusters.

2. Click Join.

3. Enter the Local Coordinator's information such as Remote Cluster Name, Coordintor’s Address, and Pre-shared Key.
    

Setup System SNMP Settings

Configuring SNMP settings allows for network management and monitoring using SNMP protocols.

1. Go to Network :: SNMP.

2. Click on Add Community.

3. Set the community’s name and access level as required.

By following these detailed instructions, you can manually configure the Nodegrid Coordinator, Peer, and Super Coordinator to form a robust and efficient cluster network.

Configuring a Wireguard Overlay Network Between Super Coordinator and Coordinator

To establish a secure and efficient Wireguard VPN connection between the Super Coordinator and the Coordinator, follow these detailed steps:

1. Configure the Super Coordinator Wiregaurd Settings

   1. Go to Network :: VPN :: Wireguard.

   2. Click Add.

   3. Assign an interface name, such as WGVPN.

   4. Set Interface Type to Server.

   5. Set the IP Address to the Super Coordinator's VPN IP (e.g., 10.21.1.1).

   6. Set the Listening Port to 51820.

   7. Click the Generate Keypair button to create a new key pair for the interface.

   8. In the External Address field, enter the Super Coordinator's external IP address (e.g., 172.16.1.1).

   9. Click Save.
       

   10. Select the newly added interface.

   11. Click Export as Peer to save the configuration file. This file will be used to configure the Coordinator.
        

2. Configure the Coordinator Wiregaurd settings:

   1. Go to Network :: VPN:: Wireguard.

   2. Click on Add to add a new interface.

   3. Assign an interface name, such as WGVPN.

   4. Set Interface Type to Client.

   5. Set the IP Address to the Coordinator's VPN IP (e.g., 10.21.1.11).

   6. Click the Generate Keypair button to create a new key pair for the interface.

   7. Click Save.
       

3. Import the Peer Configuration:

   1. Click the newly created interface.

   2. Click Import Peer.

   3. Select the configuration file exported from the Super Coordinator.

   4. Assign a name to the peer.

   5. Click Save.

4. Export the Peer Configuration:

   1. Go back to the interface page.

   2. Select the newly created interface.

   3. Click Export as Peer to save the configuration file. This file will be used to configure the Super Coordinator to recognize the Coordinator as a peer.

5. Finalize Configuration on the Super Coordinator

   1. Go back to Network :: VPN :: Wireguard on the Super Coordinator.

   2. Select the newly created interface.

   3. Click Import Peer.

   4. Select the configuration file exported from the Coordinator

   5. Assign a name to the peer.

   6. Click Save.

Adding Managed Devices to the Peers

Adding a USB Sensor: Temp/Humidity Sensor

Plugging in a USB sensor for temperature and humidity allows the Nodegrid device to monitor environmental conditions. This process is straightforward and requires minimal configuration.

1. Plug in the USB Sensor to the peer Nodegrid device. In our case it is an NSCP.

   1. Plug a USB Temp/Humidity Sensor into one of the USB ports of the Nodegrid device.

   2. The sensor will be automatically discovered by the system.

2. Access the Sensor Data:

   1. Go to Access :: Table in the Nodegrid WebUI.

   2. Click the newly added device.
       

   3. Check the sensor data for temperature and humidity readings.
       

Addign a ServerTech PDU

Adding and managing a ServerTech PDU allows for remote power management of connected devices.

Add the PDU:

1. Log in the to peer Nodegrid device.

2. Go to the Managed Devices.

3. Click Add.

4. Give the PDU a name.

5. Select the type: pdu_servertech.

6. Fill in the IP address, username, and password.
    

7. Click Save.

Enable SNMP for PDU: Adding and managing a ServerTech PDU allows for remote power management of connected devices. Configuring SNMP (Simple Network Management Protocol) for the PDU is crucial for enabling network administrators to monitor and manage power distribution units remotely, providing essential data and control over power usage and status.

1. Click the newly added device.

2. Go to Management.

3. Enable SNMP.

4. Set the community for the PDU.

Manage PDU Outlets: 

1. Go to Access :: Table.

2. Click the PDU device.

3. Manage its outlets as needed.
    

Adding Console Devices

Adding console devices allows for remote console access and management.

To add the Console Device:

1. Go to Managed Devices.

2. Click Add.

3. Give the console device a name.

4. Select the type: device_console.

5. Fill in the IP address, username, and password.

6. Click Save.
    

Access the Console:

Perform the following actions, to access the console: 

1. Go to Access :: Table.

2. Click the console device.

3. Click Console to access the console interface.
    

Accessing and Managing Devices Through Tree View

Coordinator Access Tree View

You can access the devices that are managed by the peers through the coordinator. The tree view provides a hierarchical view of all devices and their relationships within the coordinator.

Access the Tree View:

1. Log in to the local coordinator Nodegrids webUI.

2. Go to Access :: Tree.
    

Super Coordinator Tree View

Similar to the coordinator, the super coordinator’s tree view provides an overview of the network hierarchy and device relationships.

To Access the managed devices:

1. Log in to the webUI of the Super Coordinator.

2. Go to Access :: Tree.
    

By following these steps, you can effectively manage devices within your Nodegrid setup, ensuring comprehensive monitoring and control over environmental sensors, power distribution units, console devices, and access hierarchies.