Set up Lighthouse as a Connected Resource Gateway (CRG)
The Connected Resource Gateway (CRG) feature provides a reliable, client-less way to discover and manage IP-based management interfaces. CRG leverages the Smart Management Fabric (SMF) network to securely proxy these connections and allow users to connect to those interfaces with the same authentication, authorization, and auditing controls that apply to console sessions.
Deploy CRG when you need to manage or access devices that are reachable via IP but are not necessarily directly attached to an Opengear console port.
As a Lighthouse user, you can use CRG to access device management interfaces such as:
-
WebUIs over HTTP or HTTPS
-
SSH services
-
Out-of-band management interfaces such as IPMI, iDRAC, iLO, or BMC
-
Any reachable management-port IP address within the local network of a Lighthouse-managed node
- CRG will be the primary solution moving forward, offering improved scalability, security, and continued enhancements.
- New users should begin with CRG as the recommended option, while existing AG users are encouraged to migrate to CRG.
- AG discovered resources are not automatically accessible on CRG.
- To migrate to CRG, you must set up CRG as if you are setting up a new implementation.
Prerequisites:
-
You only require DNS if you want to proxy the GUI for http/https.
-
Your DNS must have the following CNAME or A/AAAA record(s) that point to the Lighthouses:
-
CNAME - You must add the following CNAME record(s) to point to the FQDN of your Lighthouse instances: *.crg.your1stlighthouseaddress.com *.crg.your2ndlighthouseaddress.com.
-
A/AAAA - You must add the following A and/or AAAA record(s) to point to the IP addresses of your Lighthouse instances of *.crg.your1stlighthouseaddress.com *.crg.your2ndlighthouseaddress.com.
-
-
If Smart Management Fabric is already set up, you can start at step 7.
To set up Lighthouse as a CRG:
-
Optional: Create and upload the Lighthouse SSL Certificate and ensure that it is valid for all sub-domains.
Note: For Connected Resource Gateway (CRG), add the following subdomain patterns to your certificate:
*.crg.your1stlighthouseaddress.com
*.crg.your2ndlighthouseaddress.com -
Optional: To add any resources via the domain name for the resource (rather than IP address), ensure that Lighthouse is configured to use an appropriate DNS server. If Lighthouse:
- gets its primary IP address via DHCP, configure the DHCP server to specify the DNS server to use.
- uses a static IP address, edit the configuration for that connection on the Interfaces page and ensure that a DNS server address is configured.
Note: If you only want to add resources via IP address, you can skip this step.
- Enable Smart Management Fabric.
-
Create a Smart Management Fabric Template for enrolling nodes.
You can apply this template either on enrollment via bundle OR at any time by pushing a template..Notes:- If you are completing these steps for third-party nodes, then you do not require a SMF template and can skip this step.
- If you have existing nodes, and you push the SMF template, then steps 5 and 6 are not required.
-
Create an Enrollment Bundle and ensure that the Smart Management Template is linked to the bundle under the Bundle Templates section.
-
Enroll the node.
The node initially shows as enrolled with no templates applied.
The linked template is pushed and applied to the node. -
Notes:
- Lighthouse attempts to discover the configured routes, to ensure they exist, every 60 seconds. During this time, the following toast message may appear: 'The provided address is not an SMF discovered subnet.' This message also appears if there is no route in SMF to your device; check that you added a node near that network and configured SMF on that node (via template) correctly.
- Lighthouse now polls to check connectivity to the resource. When established, the appropriate HTTP, HTTPS and SSH icons are enabled.
-
Click the appropriate icon to connect to the resource.