In order to troubleshoot issues with Acronis Cyber Infrastructure Support Engineers may need remote access to your Acronis Cyber Infrastructure environment.
There are three methods for accessing for Acronis Cyber Infrastructure remotely:
Method 1. Via the admin panel
https://<management_node_IP_address>:8888
This panel allows you to manage and monitor your cluster as well as set up SSH connections to it.
In order to let Acronis Support Engineers access the admin panel remotely, make sure that the TCP port 8888 is open for the management node IP address or virtual HA IP address.
This method works with any Acronis Cyber Infrastructure installation.
Method 2: Via SSH
SSH access is required for troubleshooting and log analysis. It is essential for resolving issues with Acronis Cyber Infrastructure.
You will need to whitelist Acronis IP addresses for accessing the management node IP address on TCP port 22 (or the custom port that you use) and add OpenSSH public keys sent by Acronis Support Engineers on the Settings > Security screen as pictured below.
If you need to provide the root credentials for your cluster, please do that by means of an encrypted ZIP archive (see Method 1)
This method works with any Acronis Cyber Infrastructure installation.
Method 3: Via IPMI
IPMI (Intelligent Platform Management Interface) is used for remote hardware management. Access to this interface is required for troubleshooting any potential hardware issues with the Acronis Cyber Appliance. In this case, Acronis Support Engineers will need access to the IPMI of each appliance node. Please make sure that RJ45 patch cables are connected to the IPMI ports of your appliance as per the Appliance Quick Start Guide. This is mandatory.
You can hide the IPMI IP addresses behind NAT but open the following ports for IPMI to work properly:
TCP ports:
Web port: 80
Web SSL Port: 443
WebUI for Self-Service Portal Port: 8800
IKVM Server port: 5900
Virtual Media Port: 623
SSH port: 22
UDP ports:
Remote IPMI management: 623 (immutable)
This method only works with Acronis Cyber Appliance.
Closing remote access after troubleshooting
After the troubleshooting is over and all the issues are resolved, disable the remote access and remove the accounts created for Acronis Support Engineers:
a. In the admin panel, navigate to Settings > Users and remove the acronis_support account
b. In the admin panel, navigate to Settings -> Security > SSH and remove the SSH keys, as described in the documentation
c. In IPMI WebUI of each node, navigate to Configuration > Users and remove the acronis_support account
d. Close all ports described above
Performing all of these steps will minimize potential breach risks.