Typically, data centers forbid direct access to remote devices via SSH or Telnet connections. So, a data center admin trying to establish connection with a remote device should initially establish connection with a landing server and then 'hop' to the target device through that landing server. In some cases, he should have to make multiple such 'hops' before finally establishing connection with the required server. In each step of the remote access process - from the initial landing server to subsequent hops towards the target server - connection is established through Secure Shell (SSH), which essentially means the admin should provide the appropriate ssh keys associated with the servers at every level untill connection is established with the target server. Keeping track of all the keys is daunting and often leads to errors and inaccuracies.
Key Manager Plus has simplified this entire data center remote access management. You can use Key Manager Plus to effectively launch direct connections to IT equipments in the data centers, overcoming access barriers created by network segmentation while adhering to data center access protocols. Key Manager Plus also supports complete key management of those remote devices.
Using the landing server arrangement, you can make multiple 'hops' to remotely access an IT equipment in your data center. Configuring landing server for a resource is a one time process. Once you've appropriately configured the landing server for a remote device, Key Manager Plus automatically makes the 'hops' and establishes connection with the target device in a completely automated fashion.
Following are the steps involved in configuring landing servers:
The first step is discovering the resource that has to be configured as a landing server. The resource discovery process is similar to that of normal SSH discovery.
Click the () icon beside the server name and provide the credentials (username / password) of the appropriate user account associated with the server.
You then have to configure the discovered resource as a landing server. To do this,
The next step is associating the required remote device with the landing server. The remote devices are not directly reachable, and establishing connection with these devices can be done only through the landing servers. To associate a remote device to the landing server,
Now that the target device has been associated with a landing server, you can perform key management operations on the target device like on any other device. Key Manager Plus automatically establishes the connection path and connects you to the device.
Quite often, you need to perform multiple 'hops' in order to connect to a remote device. Let's consider the scenario below.
KMP Server ---> Server 1 ---> Server 2
You initially discover 'Server 1' which is within the scope of your network, and then discover 'Server 2', which is the target server through Server 1 (which acts as landing server).
KMP Server ----> Server 2 ---> Server 3
After establishing connection with 'Server 2', you then have to connect to Server 3 (target server in this scenario) through 'Server 2' which is now to be configured as a landing server for reaching 'Server 3'.
You can then perform key management operations directly in the target servers like you would do for any other server.