Often, the remote Opengear console servers/management appliances, or the Lighthouse CMS itself, will be on a private firewalled networks. So they are unable to directly connect to each other.
Whatever the topology, as long as either Lighthouse can SSH to the console server or the console server can SSH to Lighthouse CMS, then Lighthouse CMS can manage the console server.
There are three main scenarios:
- The console server has a public address, the Lighthouse CMS has a private or firewalled address.
In this case, ensure the third-party firewall allows outbound connections the distributed console server's SSH port (outbound destination TCP port 22). This is the default behaviour of most firewalls.
The distributed console server will not be detected by the CMS, but can be added manually at the CMS using Configure -> Managed Console Servers -> New Console Server -> Add. - The console server has a private or firewalled address and the CMS has a public address.
This is common for console servers using cellular connections. On the console server, use Serial & Network -> Call Home to connect the console server to the CMS public address.
The distributed console server will then be detected by the CMS and can be added using Configure -> Managed Console Servers -> Remote Console Servers.
Call Home is discussed in more detail in:
faq372 - Call Home
faq373- Set up Call Home on console server and
faq374- Set up Call Home on CMS/VCMS. - Both the console server and CMS have a private or firewalled address.
There are two options in this scenario:
(a) Make CMS accessible by the console servers
This is usually the preferable option if there are multiple console servers with private or firewalled addresses - common with console servers using cellular connections connecting to a CMS on a central private operations network.
Configure the third-party firewall to port forward (PAT) from its public address to the CMS's private address, targeting TCP port 22. The public forwarded port may be any port, e.g. 2222.
Configure the CMS with the external IP or DNS address of the third-party firewall. Connect to the CMS command line using SSH and run:
config -s config.cms.address=4.3.2.1 ; config -s config.cms.sshport=2222
config -a
.. where 4.3.2.1 is public address of the third-party firewall, and 2222 is the public forwarded port.
Once this is done, the managed console server can Call Home to the CMS using the forwarded port as per scenario 2 above.
(b) Make the console server accessible by CMS
Configure the third-party firewall to port forward (PAT) from its public address to the console server's private address, targeting TCP port 22.
The public forwarded port may be any port, e.g. 1022, 2022 - this allows for multiple console servers to be managed behind a single firewall.
Once this is done, add the managed console server to CMS as per scenario 1 above.
Comments
0 comments
Article is closed for comments.