Solved

Secure access to IPMI and vSphere from remote location

Posted on 2013-11-07
2
653 Views
Last Modified: 2013-11-14
I need some help brainstorming a good way to do this.

We are about to deploy a new server - a VMWare ESXi host which will run most of our internal company systems and services.

We have an entirely virtual company and everybody works remotely from home. We don't actually have an office of our own.

We DO rent the services of a "business incubator" - a shared office facility that is basically a receptionist and some shared boardrooms and meeting rooms. They happen to have a really nice 100MBPS internet connection, and that's where our server is going to be hosted.

Our server runs a virtual router - we have a pfSense VM which provides routing for the local area network available inside the host. All of the virtual machines are part of this virtual LAN, and the pfSense VM provides routing and VPN access to the network for our outside workers.

So workers VPN in to the pfSense router, and after that they can access the internal company network. I an also VPN into the network to administer servers via SSH, Remote Desktop etc.

This is great and all so long as everything is working, but on my end there's two low level management tasks I NEED to be able to do remotely, and securely:

1) Connecting to the host via vSphere, to manage virtual machines

2) The server itself has a SuperMicro motherboard with IPMI, and I can connect via IPMIVIEW over port 5900 and I can actually see the console of the physical server - very cool! This lets me see the sensors, power on/off the server, and come to the rescue when everything goes to hell and the server is down.


What's a good way to get remote access to these two services in a secure way? I'm a bit hesitant to just open it up to the Internet, and VPN access only works if the pfSense VM is actually functional - something I can't rely on if I'm trying to fix a broken server.


....... any ideas?
0
Comment
Question by:Frosty555
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 12

Accepted Solution

by:
Henk van Achterberg earned 250 total points
ID: 39631729
You should put a box in front which will access control connections to your box. I have used mikrotik for remote access as they are (very) cheap but very powerfull (100mbits VPN traffic is NO problem).
0
 

Assisted Solution

by:ChadSeaton
ChadSeaton earned 250 total points
ID: 39644284
I would use a hardware solution. Two Mikrotik Routers (or Cisco if you want to spend more money) set up to do a VPN Tunnel between the two routers. Use IPSec to secure the tunnel between the two. Done.

This a "always on" VPN sollution.

Video on how to set this up:
http://gregsowell.com/?p=787
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco ASA 5505's for VPN study 15 87
Sonicwall VPN and DHCP Setup 10 87
How to automatically add a route to a split tunnel VPN 2 45
security, windows patches update 17 31
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Read about achieving the basic levels of HRIS security in the workplace.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

742 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question