Enroll Nodes

Enrolling nodes is the process of connecting nodes to Lighthouse to make them available for access, monitoring, and management. A node is a device that can be enrolled with Lighthouse, allowing it to be accessed, managed, and monitored.

You can enroll nodes in the following ways:

• From the Lighthouse Web UI.

• From the Node Web UI.

• USB drive.

• Mass Enrollment using Zero Touch Provisioning (ZTP).

• Automatic enrollment of appliances as managed through the preference settings in the Lighthouse Service Portal (LSP). The Lighthouse Service Portal is part of the Opengear Customer Portal.

Note:  OPERATIONS MANAGER support may be partial for earlier releases, which may currently involve mass node enrollment using ZTP and enrollment via USB drive. However, all template types are supported.

Credentials must be provided to authenticate either the Lighthouse during Enrollment via the Lighthouse WebUI, or the node during the other Enrollment scenarios.

Lighthouse uses OpenVPN tunnels secured with certificate authentication to connect the Lighthouse instance and remote nodes. For the connections to work properly, the clocks/times between the Lighthouse instance and each remote node server must be synchronized. During the enrollment process when a new remote node is being added, if that node is not using NTP (Network Time Protocol) to synchronize its time, the node checks the HTTP Date header sent by Lighthouse in the enrollment request.

The remote node then sets its own local system clock to match the time shown in that HTTP Date header from Lighthouse. This ensures that the new remote node has its time matched to the Lighthouse before the VPN tunnel is established, preventing potential time sync issues between the tunnel endpoints.

If a remote node is relying on an NTP server to set its own time, it still checks the HTTP Date header sent by Lighthouse to affect the time synchronization but does not set its local time to that of the Lighthouse instance.

When enrolling via Lighthouse, an administration username and password for the node must be provided. When enrolling via the node, an Enrollment token must be provided. A default Enrollment token can be set by selecting Node Tools > Enrollment Settings from the menu and individual tokens set per Enrollment bundle.

Enrollment is a two-step process:

1. After enrollment begins, nodes receive their Enrollment package, and establish a VPN connection to Lighthouse.

2. The node is now in the Pending state and must be Approved before the node is available for access, management, or monitoring.

Note:  This second step can be skipped by selecting the Auto-approve node checkbox when configuring an Enrollment bundle.