Best way to maintain some remote control but not absolute?
-
@Dashrender said in Best way to maintain some remote control but not absolute?:
XC won't give you access to the console on the server if there is a problem during say, bootup. XC and XO only work as long as XS is working.
Yes if there is some sort of boot or POST error, you are driving there.
I never used to put iDrac on servers, but after using it a few times, I'll never buy/support one without it now.
-
@BRRABill said in Best way to maintain some remote control but not absolute?:
@Dashrender said in Best way to maintain some remote control but not absolute?:
XC won't give you access to the console on the server if there is a problem during say, bootup. XC and XO only work as long as XS is working.
Yes if there is some sort of boot or POST error, you are driving there.
I never used to put iDrac on servers, but after using it a few times, I'll never buy/support one without it now.
Exactly - and it can generally be had for a few hundred dollars, over the life of the machine, totally worth it for me. Even more worth it if I work remotely to the hardware at all.
-
@BRRABill said in Best way to maintain some remote control but not absolute?:
@Dashrender said in Best way to maintain some remote control but not absolute?:
XC won't give you access to the console on the server if there is a problem during say, bootup. XC and XO only work as long as XS is working.
Yes if there is some sort of boot or POST error, you are driving there.
I never used to put iDrac on servers, but after using it a few times, I'll never buy/support one without it now.
Wouldn't you want a dedicate IP (and NIC?) for it and have to open up the firewall and everything? How do you maintain access for dynamic IPs from the ISP?
I have two servers with iDRAC, just never played with it yet. -
@guyinpv said in Best way to maintain some remote control but not absolute?:
@BRRABill said in Best way to maintain some remote control but not absolute?:
@Dashrender said in Best way to maintain some remote control but not absolute?:
XC won't give you access to the console on the server if there is a problem during say, bootup. XC and XO only work as long as XS is working.
Yes if there is some sort of boot or POST error, you are driving there.
I never used to put iDrac on servers, but after using it a few times, I'll never buy/support one without it now.
Wouldn't you want a dedicate IP (and NIC?) for it and have to open up the firewall and everything? How do you maintain access for dynamic IPs from the ISP?
I have two servers with iDRAC, just never played with it yet.You can user ZeroTier to a jump box.
-
@guyinpv said
Wouldn't you want a dedicate IP (and NIC?) for it and have to open up the firewall and everything? How do you maintain access for dynamic IPs from the ISP?
I have two servers with iDRAC, just never played with it yet.It can share its IP. Or, it can have its own.
For me, I own all the systems, so I VPN to the network, then access the iDrac. But I am assuming you could also open up the firewall as well.
-
@scottalanmiller said in Best way to maintain some remote control but not absolute?:
@guyinpv said in Best way to maintain some remote control but not absolute?:
@BRRABill said in Best way to maintain some remote control but not absolute?:
@Dashrender said in Best way to maintain some remote control but not absolute?:
XC won't give you access to the console on the server if there is a problem during say, bootup. XC and XO only work as long as XS is working.
Yes if there is some sort of boot or POST error, you are driving there.
I never used to put iDrac on servers, but after using it a few times, I'll never buy/support one without it now.
Wouldn't you want a dedicate IP (and NIC?) for it and have to open up the firewall and everything? How do you maintain access for dynamic IPs from the ISP?
I have two servers with iDRAC, just never played with it yet.You can user ZeroTier to a jump box.
But how does that help a server stuck at POST?
-
@BRRABill said in Best way to maintain some remote control but not absolute?:
@scottalanmiller said in Best way to maintain some remote control but not absolute?:
@guyinpv said in Best way to maintain some remote control but not absolute?:
@BRRABill said in Best way to maintain some remote control but not absolute?:
@Dashrender said in Best way to maintain some remote control but not absolute?:
XC won't give you access to the console on the server if there is a problem during say, bootup. XC and XO only work as long as XS is working.
Yes if there is some sort of boot or POST error, you are driving there.
I never used to put iDrac on servers, but after using it a few times, I'll never buy/support one without it now.
Wouldn't you want a dedicate IP (and NIC?) for it and have to open up the firewall and everything? How do you maintain access for dynamic IPs from the ISP?
I have two servers with iDRAC, just never played with it yet.You can user ZeroTier to a jump box.
But how does that help a server stuck at POST?
Nothing else that except for KVM or KVMoIP/OOB management tools.
-
All of this is great but how does it play out?
Small business with dynamic IP.
6 workstations and a copier that use the server.
1 server running file shares and 1 business app, Windows Server, on XenServer.
Dell hardware, iDRAC available if wanted.
Always trying to stick to free stuff, of course.
I could always use TeamViewer to one of the workstations and use XC from there, or XO installed on another VM.
I could install some remote software on the individual VM though I need to deal with router/IP issues depending on the software.
I could create some kind of dedicated jump box that only I have access to which then allows me in to various things over local network. Not sure how this works. Is it Linux? Can I still use the Windows VM gui?
And all this needs set up in a way where the owner has to grant access so that I don't have any-time access for liability reasons.
TeamViewer needs license for business so maybe I can use VNC software? I could do the ZeroTier thing if that is completely safe and transparent to all operations.
I could combine the above and just use normal Windows Remote Desktop, but I would have to maintain my own user account on the server, or be given admin credentials as needed.
Lots of options. Unsure about standard practices.
This seems like such a basic use case.
Assuming my ONLY option now is to show up physically at the office. What is the very next best thing? Probably at least direct remote access to the VM itself. But if I can't leave TeamViewer on there, and can't use Remote Desktop without credentials and opening firewall. What's the next option? -
@guyinpv said in Best way to maintain some remote control but not absolute?:
I could create some kind of dedicated jump box that only I have access to which then allows me in to various things over local network. Not sure how this works. Is it Linux? Can I still use the Windows VM gui?
We use LInux. What is a Windows VM GUI?
-
@guyinpv said in Best way to maintain some remote control but not absolute?:
I could combine the above and just use normal Windows Remote Desktop, but I would have to maintain my own user account on the server,
How else do you audit the access? You need a CAL regardless as you are a user.
-
@guyinpv said in Best way to maintain some remote control but not absolute?:
And all this needs set up in a way where the owner has to grant access so that I don't have any-time access for liability reasons.
I don't agree here. I think that that is silly. Good controls and he knows if you have accessed or not. If you dont have those, you have the liability regardless. If he has to grant you access, how will he do that when things are broken? Often it'll mean that you can't get in when needed.
-
@scottalanmiller said in Best way to maintain some remote control but not absolute?:
@guyinpv said in Best way to maintain some remote control but not absolute?:
I could create some kind of dedicated jump box that only I have access to which then allows me in to various things over local network. Not sure how this works. Is it Linux? Can I still use the Windows VM gui?
We use LInux. What is a Windows VM GUI?
I just mean if I use Linux, Ubuntu or something, can I still use the Windows GUI or would I be stuck with command line stuff?
Do you use a GUI on Linux? Mint or something? Fedora? I just mean I want full desktop access to Windows.@scottalanmiller said in Best way to maintain some remote control but not absolute?:
@guyinpv said in Best way to maintain some remote control but not absolute?:
I could combine the above and just use normal Windows Remote Desktop, but I would have to maintain my own user account on the server,
How else do you audit the access? You need a CAL regardless as you are a user.
Win Essentials here.
@scottalanmiller said in Best way to maintain some remote control but not absolute?:
@guyinpv said in Best way to maintain some remote control but not absolute?:
And all this needs set up in a way where the owner has to grant access so that I don't have any-time access for liability reasons.
I don't agree here. I think that that is silly. Good controls and he knows if you have accessed or not. If you dont have those, you have the liability regardless. If he has to grant you access, how will he do that when things are broken? Often it'll mean that you can't get in when needed.
Of course true.
The liability is if his business ever suffers a data loss or data theft or even remote hacks, that nobody can point a finger at me thinking it must have come through my access. If that is just tin foil thinking, then ya, I'd much rather have full access any time, as needed.
-
@guyinpv said in Best way to maintain some remote control but not absolute?:
I just mean if I use Linux, Ubuntu or something, can I still use the Windows GUI or would I be stuck with command line stuff?
Do you use a GUI on Linux? Mint or something? Fedora? I just mean I want full desktop access to Windows.You can but I rarely would. Just launch whatever tool you need directly. Like if you want to use Remmina to access RDP, just launch Remmina alone, not an entire desktop.
-
@guyinpv said in Best way to maintain some remote control but not absolute?:
How else do you audit the access? You need a CAL regardless as you are a user.
Win Essentials here.
CALs are requried the same regardless. In any case, you are consuming one of their "seats", might as well take advantage of the auditing that it brings.
-
@guyinpv said in Best way to maintain some remote control but not absolute?:
The liability is if his business ever suffers a data loss or data theft or even remote hacks, that nobody can point a finger at me thinking it must have come through my access. If that is just tin foil thinking, then ya, I'd much rather have full access any time, as needed.
Bottom line is people will lie and blame you anyway. Might as well at least be useful and have auditing. Otherwise, how do you even prove that you didn't have access? They'll just say that you did.
-
@scottalanmiller said in Best way to maintain some remote control but not absolute?:
@guyinpv said in Best way to maintain some remote control but not absolute?:
The liability is if his business ever suffers a data loss or data theft or even remote hacks, that nobody can point a finger at me thinking it must have come through my access. If that is just tin foil thinking, then ya, I'd much rather have full access any time, as needed.
Bottom line is people will lie and blame you anyway. Might as well at least be useful and have auditing. Otherwise, how do you even prove that you didn't have access? They'll just say that you did.
This is true. The person in question is a good dude, I'm just being overly paranoid probably.
I am also a sucker for tools. I like to play with new things, especially if they are free!
Speaking of that, what's the best free option for Win Essentials anyway?
-
I get the feeling that we might not be on the same page.
When you use TeamViewer or ScreenConnect, etc, to take over the owners computer, you could use that computer to access the iDRAC or any other IP services on their LAN.
You wouldn't need to worry about changing any routes or IPs, etc. The same would mostly be said if you use something like a jumpbox. This server, normally based on a free linux server, is published through the firewall onto the internet where you can access it remotely. You connect to the jump server, then use tools like RDP from linux to connect to your Windows server, or a web browser to access iDRAC, etc. -
@Dashrender said in Best way to maintain some remote control but not absolute?:
I get the feeling that we might not be on the same page.
When you use TeamViewer or ScreenConnect, etc, to take over the owners computer, you could use that computer to access the iDRAC or any other IP services on their LAN.
You wouldn't need to worry about changing any routes or IPs, etc. The same would mostly be said if you use something like a jumpbox. This server, normally based on a free linux server, is published through the firewall onto the internet where you can access it remotely. You connect to the jump server, then use tools like RDP from linux to connect to your Windows server, or a web browser to access iDRAC, etc.Ya that makes sense, but same rules apply. I don't necessarily want hands-off remote control of his workstation either.
I was thinking more along the lines of a remote tool directly to Win Server on the VM. Or connect to XS and use a console view or something for VM(s).At another location I have a server with XS and I have XO running on a VM. I've just found using XC to be nicer than XO.
I guess if I had my way, I would want this:
- I open my super secret client control panel.
- Find client and auth into that individually.
- Inside client control, find server or device I can remotely control and monitor.
- Select to remote control it or change something. Go to work.
Like a master control panel of all clients, and all system under those clients which I can control or monitor.
My master control panel would, of course, notify me of danger on monitored devices.I suppose MSPs have cool things like that.
-
@Dashrender said in Best way to maintain some remote control but not absolute?:
@scottalanmiller said in Best way to maintain some remote control but not absolute?:
@guyinpv said in Best way to maintain some remote control but not absolute?:
@scottalanmiller said in Best way to maintain some remote control but not absolute?:
What about Google Chrome Remoting?
The tool doesn't matter. It depends on the issue. What if it's the case that the VM is down but Xen is accessible? I could fix it that way if I had access to Xen.
To get to that level, we use a Jump server.
I don't understand how you get web gui access with a Jump server.
SSH Tunnel
-
This is the most long and drawn out thread for something simple:
- I feel like you are doing this for free or really cheap. If that is the case...walk away immediately. You sound like a young, excitable guy. I was there once, but after you get used a few times. You won't be so willing to help for nothing or very little.
- Pick a remote control tool. I've used Deskroll in the past and it is really nice because the user can launch a one time .exe file and has the option to install the client at the end so you always have access. If they prefer not to, then that's ok too. You can just send them the .exe everytime you need access.
- I think you don't need idrac access. I think you are being way too paranoid. You are talking about a business with 6 computers. If they are paying you by the incident then make them sweat a little. Otherwise they see you fix the problem in 10 or 15 minutes and they don't appreciate your work. You can always remote in and gain SSH access if you need to do so. If everything is too easy and streamline they will never realize your value. Many small businesses think IT is a waste of money anyway.
