In the datacenter environment, console servers will generally be located on a dedicated Management LAN or vlan. Mid sized to large data centers usually (invariably?) have separate/private management networks just for simplicity and segregation of traffic for updates/monitoring. Opengear devices have robust firewall security which is more than adequate for such installations.
In smaller sites and remote management applications (such as branch office networks, datacom rooms and wiring closets) the Opengear device mostly lives on the main operations network or directly connect to the Internet or cellular network - and again its fully functional firewall etc. ensures AAA security. Also many Opengear devices have additional Ethernet network or WAP ports, so in these RIM situations it can be configured to serve as a management gateway.
So Opengear devices often provide the management LAN (rather than just sitting on them :). They provide a management LAN gateway with firewall, router, DHCP server etc.
In the RIM sites Opengear device also provides out of band access - as an edge device directly connected to the public network. This is why all Opengear solutions maintain and enforce AAA policies that protect your distributed network and IT infrastructure from security threats:
- FIPS 140-2 compliant OpenSSL cryptographic module, certified for use in US Government
- Two-factor authentication using RSA SecurID
- Off-loads authentication to your RADIUS, TACACS+ or LDAP/Active Directory server, for complete user policy integration. Under normal circumstances remote TACACS+ or Radius authentication prevails. However if connectivity is lost, the console server falls back to local authentication to maintain authorized access
- Default-deny SSH bastion tunnels all management traffic through one secure network port, only permitting access to defined network services on defined network hosts