The IP Access feature is provided by the Software-Defined Infrastructure NetOps Module. This article walks through the steps required to activate the module and enable the feature.
1. Enable NetOps Automation
NetOps Modules are included with Lighthouse (version 19.Q2.0 and later) in the NetOps Modules disk image inside the Lighthouse OVA, OVF and VMX deployment packages.
When deploying using these packages, the NetOps disk image is automatically attached as a secondary disk. For other deployments, the raw disk image (e.g. lighthouse-x.y.z-nom-raw-hdd.tar) must be untarred and attached manually.
To enable NetOps Automation, boot Lighthouse with the NetOps Modules disk attached.
2. Activate the Software-Defined Infrastructure Module
NetOps Modules must be activated on Lighthouse and a per-node basis. In the case of Software-Defined Infrastructure module, this process happens automatically when you upload the nom-sdi licence file to Lighthouse.
The nom-sdi licence is currently available exclusively to Lighthouse Enterprise users, at no extra cost.
Login to the Lighthouse web UI as root or a Lighthouse Administrator, and upload the nom-sdi licence file under SETTINGS > System > Licensing > New.
Click CONFIGURE > NetOps Modules > Manage Modules and wait until Activation is complete.
3. Enable node IP Access
To enable IP Access to the Management LAN behind a node, the node must first be enabled for IP Access.
Login to the Lighthouse web UI as root or a Lighthouse Administrator, and click CONFIGURE > NetOps Modules > IP Access > Enable Nodes. Select the node(s) to enable, then click Enable. Alternatively, you may choose the shortcuts to Enable All/Disable All.
Note: Enabling a node for IP Access modifies its network configuration, placing its Management LAN Interface (eth1) into a bridging mode. This may interrupt network connections established via this interface.
4. Generate client configuration
Clients connect to Lighthouse via an OpenVPN client, which in turn connects them to the Management LAN network of a particular node.
IP Access provides a convenient means to configure the OpenVPN client by generating the configuration files that may be importing directly into your OpenVPN client of choice.
Login to the Lighthouse web UI as root or a Lighthouse Administrator, and click CONFIGURE > NetOps Modules > IP Access > Client Configurations. Select the node to generation a configuration file for, then click Save.
Note: Generating client configuration creates a unique client certificate used in client authentication. Conversely, deleting a client configuration file from Lighthouse revokes the client certificate.
5. Connect the VPN client
The final step is to establish the VPN connection that allows IP Access to the Management LAN behind a node.
Note: Before a connection can be established, the node's Management LAN interface must be configured with an address by either Static or DHCP assignment. Configure this on the node, e.g. access its Web UI and navigate to System > IP > Management LAN Interface.
Login to the Lighthouse web UI as root, a Lighthouse Administrator or a Node Administrator, and click CONFIGURE > NetOps Modules > IP Access > Client Configurations. Locate the node, the click the Download icon.
Import the configuration into your preferred OpenVPN client and start the VPN connection. When prompted, authenticate using the username/password of a user with at least Node User rights for the node you are connecting via.