Lighthouse central management provides several ways to access managed console servers, and their connected managed devices (e.g. router and switch consoles).
- Browse to managed console servers' web UI via Lighthouse
- Web Terminal and SSH Management Access is provided to the CLI of managed console servers themselves
- Console Gateway provides access to managed console server USB and Serial Ports, via an in-browser Web Terminal (UI) or SSH (CLI)
Using these methods, access is securely proxied behind and served by Lighthouse's central IP, simplifying firewall and routing setup. Central authorization is passed through to managed console servers, allowing users to connect to many console servers with a single sign on.
Note: SDT Connector is a Java Web Start application provided to simplify access to remote IP devices (Network Hosts) over automatically created SSH port forwards. Opengear are no longer actively updating the SDT Connector feature beyond critical security updates.
The primary method for to locate and access managed console servers and devices via Lighthouse is using the Manage -> Access Console Servers and Access Managed Devices pages.
Access Console Servers lists all console servers and ports the current user has access to, providing a "port-centric" view of the managed infrastructure.
Access Managed Devices lists all all the Managed Devices that have been created on all managed console servers. Note that standalone serial port connections are not automatically added as Managed Devices.
Using the Access UI, you can search across console servers or managed devices using Search Attributes. Search Attributes may be automatically populated (such as console server firmware version) – arbitrary search attributes may also be added (such as geographical region).
Searches may be saved as Device Groups. Device Groups are "smart", in that they automatically update to (de)select console servers or managed devices as attributes change (e.g. the console server firmware version attribute changes after an upgrade).
Note: Device Groups are saved for the current user, they are not shared between users.
For example, to conveniently group Opengear IM (Infrastructure Manager) family console servers that are hosted in the "MU1" data center, first tag the MU1 console servers:
- Click Access Console Servers
- On each console server, click Search Attributes -> Show -> Add Attribute
- A new attribute pair is displayed
- In the first field, enter the attribute name: Data Center
- In the second field, enter the attribute value: MU1
- Click Save Attributes
As new attribute names are added, they become available as shortcuts on the left hand side of the console server list.
To create the Device Group:
- Click Access Console Servers
- Click New Device of Group
- Set the first rule to Model – Begins With – IM
- Click Add Rule
- Set the second rule to Data Center – Is – MU1
- At the bottom right, enter: MU1 Infrastructure Managers
- Click Save Search
The new entry is added to Device Groups, click it to display the matching console servers.
Proxied access to console servers
"Proxied access" means the session between the user and console server's remote interface is connected via Lighthouse's central interface. This means the user only needs network access to one central Lighthouse to gain access to many console servers that may be firewalled, unroutable or otherwise inaccessible.
Under Manage -> Access Console Servers use the Web Terminal or SSH links to start a connection to the managed console server's CLI.
Use the Browse link to start a connection to the managed console server's web UI. During a proxied access session, the following banner is displayed at the bottom of the browser:
Note: Using Browse, Lighthouse uses pass-through authentication to automatically log you in to the console server. However, if this fails (e.g. due to an unstable network connection between the console server and Lighthouse) you will be prompted to re-authenticate.
Proxied access to managed devices and consoles
Refer to this article for details on the Console Gateway feature.
Article is closed for comments.