Skip to content. | Skip to navigation

Personal tools

Navigation

You are here: Home / Wiki / Access the iLO management interfaces on InstaGeni Racks.

Access the iLO management interfaces on InstaGeni Racks.

All of the nodes in an Instageni rack have an HP Integrated Lights-Out (iLO) management interface that allows administrators to perform activities on an HP server from a remote location. iLO uses a separate ethernet interface, and is given an IP addresses on the local network. Initially, they were given publically routable IP addresses, but they became targets of ssh and ipmi attacks, so they are now given IPs on a private subnet.

Being on a private (non-routable) subnet makes it hard to access the ilo interface from a remote location, especially the virtual console and virtual media functions, which cannot be proxied through a web proxy. Instead, we have made the private subnet available via an OpenVPN subnet. Below are instructions on how to setup a VPN that will allow your local machine to access an iLO interface.

Download OpenVPN:

There are numerous OpenVPN clients available for your desktop. The OpenVPN webpage has links to various clients, but if you are using a Mac, I think the best client is TunnelBlick cause its so easy to setup and use.

Download a config file:

The basic config file can be found on Utah's website.

Download the certificates:

You need two certificate files from the rack, located on boss in /usr/testbed/etc:

  • emulab.pem: This is the CA certificate for the rack. This is the public portion and is not a sensitive file.
  • openvpn-client.pem: This is the client certificate and key that allows your openvpn client to connect to the server. This file contains a non-encrypted key and should be kept in a safe and protected directory (not on a public web server!).

Edit the config file:

The are a few lines you need to edit in the config file. Change these to point to the certificate files you have downloaded.

ca emulab.pem
cert openvpn-client.pem
key openvpn-client.pem

And this line needs to be changed:

remote control.utah.geniracks.net 35902

The port number is always the same, but you wll need to edit the hostname to reflect the rack you are trying to access. This is typically "control" concatenated with the domain of the rack.

Connect to the iLO Interfaces:

Start your openvpn client. Once it is running, your desktop is connected to the 10.249.249.0/24 subnet on the rack. Use the following table to determine the URLs for your browser:

pc IP Address
pc1 https://10.249.249.1
pc2 https://10.249.249.2
pc3 https://10.249.249.3
pc4 https://10.249.249.4
pc4 https://10.249.249.5