Network Terminology: What's the difference between "in-band" and "out-of-band"?

[Epsil0n00]

I am researching Cisco's Clean Access solution which helps ensure network policy compliance standards such as Windows Updates, Virus Status, etc. It scans computers when the connect to the network and doesn't allow full LAN access until policy compliance is met (ie. until the unit is virus free and patched, etc.)

In the documents it references In-Band or In-Line deployment as well as "out-of-band" deployment. However, I can't find any reference material explaining what these terms are refering to. Does this term define where on the network the server sits? I can't figure out what the difference is because, to be quite frank, I don't know what the hell they're talking about!

Here's a blurb about the Clean Access product:
http://news.morningstar.com/news/BW/M04/D25/20050425005350.html

Thanks for any help!
Epsil0n

 

[Epsil0n00]

I did find this blurb which provides some helpful details... I am now trying to figure out exactly how this Out of Band management applies to the Cisco Clean Access example.

"Out Of Band Management refers to products that permit secured technician access to "Network Elements" (firewall, routers, bridges, sonet switches, servers etc.) via dial up telephone lines (not in the bandwidth of the network). By far, SNMP (the Simple Network Management Protocol) network management is the industry choice for managing wide area and local area networks. This is In Band Management access via the network. SNMP is easy to use and inexpensive. It has however one inherent weakness: SNMP management information travels the same network path as your data. It uses the same WAN and LAN routers, hubs and communication links. Communication is subject to interception and the same problems that your network is currently having. When the network goes down or is severely disrupted, SNMP traffic has no way to get between the managed device and the management workstation. Quite often when a "Network Element" goes down, it loses its network connection, which renders In Band Management useless. This is where Out Of Band Management always works flawlessly."

 

[Epsil0n00]

found this too:

">> What does in-band and out-ofband management mean?

The term ``out-of-band'' refers to communication that does not follow
the same path as normal data. For example, we say that a telephone
system uses out-of-band communication to set up calls if the facilities
are separate from the facilities used to pass voice after the call has
been established.

When used with data network management, the term means that there is
a spearate (i.e., parallel) network used to monitor and control a data
network. Although some early data networks used out-of-band management,
the standard for the Internet, SNMP, uses in-band management (i.e.,
SNMP packets are sent over the same physical networks and routers as
normal data packets)."

 

[Epsil0n00]

Okay, I'm catching on to the idea of out-of-band device management. I get the idea of have a seperate pathway to monitor devices other than the pathway you are trying to monitor. (ie. It isn't the best idea to rely on your primary network in order to monitor that very same network.)

However, I am still failing to see how exactly this applies to Cisco's Clean Access product. more research to do....

 

[skyking]

Imagine that the network is being compromised by some really bad new unpatched vulnerability. Things aren't working, and you get the call from this remote office about it.
Out-of-band allows the remote technician to dial into the server, and possibly patch an otherwise unworkable system.

 

[nightowl]

For CCA, the inband solution all of the network traffic flows through the appliance. For the out-of-band solution the appliance only has 1 connection to the network and therefore all network traffic does not flow through it.

 

[Epsil0n00]

Thanks Nightowl... after hearing more about the out-of-band solution today your answer sounds correct to me.

 

[spidey07]

can also be called in-line or "bump in the road" where the device actively passes traffic.

in-band and out-of-band are more for control as mentioned earlier.

But marketing departments like to make up their own terms sometimes.