The IP Access feature is provided by the Software-Defined Infrastructure NetOps Module. This article walks through the steps required to activate the module and enable the feature.
1. Enable NetOps Automation
NetOps Modules are included with Lighthouse in the NetOps Modules disk image inside the Lighthouse OVA, OVF and VMX deployment packages.
When deploying using these packages, the NetOps disk image is automatically attached as a secondary disk. For other deployments, the raw disk image (e.g. lighthouse-x.y.z-nom-raw-hdd.tar) must be untarred and attached manually.
To enable NetOps Automation, boot Lighthouse with the NetOps Modules disk attached.
2. Activate the Software-Defined Infrastructure Module
NetOps Modules must be activated on Lighthouse and a per-node basis.
Login to the Lighthouse web UI as root or a Lighthouse Administrator, and upload the nom-sdi licence file under SETTINGS > System > Licensing > New.
Click CONFIGURE > NetOps Modules > Manage Modules and wait until Lighthouse activation is complete.
To activate on the node you wish to access IP networks via, use the following steps:
- Ensure CONFIGURE NODES > NetOps Modules > Manage Modules > Software-Defined Infrastructure > Always Activate is unchecked and applied
- Select CONFIGURE NODES > Configuration Templating > Apply Templates
- Under NetOps Module Activation choose the Software-Defined Infrastructure and click Next
- Select the nodes to to activate and click Next
- Refresh to ensure preflight checking is successful, then click Next
- Refresh to ensure activation is successful
See also: How do I activate a NetOps Module?
4. Generate a certificate and export client configuration
Clients connect to Lighthouse via an OpenVPN client, which in turn connects them to the Management LAN network of a particular node. IP Access provides a convenient means to configure the OpenVPN client by generating the configuration files that may be importing directly into your OpenVPN client of choice.
Login to the Lighthouse web UI as root or a Lighthouse Administrator, and click CONFIGURE > NetOps Modules > IP Access > Client Certificates. Enter a Certificate Name and click Create.
When the certificate is created, download an associated OpenVPN client configuration by clicking Export.
Note: Deleting a client configuration file from Lighthouse revokes that client certificate and any associated client configurations using that certificate will no longer be permitted to connect.
5. Connect the VPN client
The final step is to establish the VPN connection that allows IP Access to the Management LAN (and optionally other networks) behind a node.
Import the client configuration from the previous step into your preferred OpenVPN client and start the VPN connection.
When prompted to authenticate the VPN connection, you must also specify your Lighthouse credentials and the node that you want to establish remote IP access via.
Specify the node by adding :node-name to your Lighthouse username, e.g. authenticating with the username adal:my-acm7004-5 will authenticate as Lighthouse user adal and connect the VPN to the remote IP network(s) behind my-acm7004-5.
Note: To be permitted connection, the Lighthouse user must have at least Node User rights for the specified node.