62614: Providing Remote Access to Acronis Cyber Infrastructure

In order to troubleshoot issues with Acronis Cyber Infrastructure Support Engineers may need remote access to your Acronis Cyber Infrastructure environment.

Please keep in mind that for all the interfaces listed below you need to whitelist only the Acronis IP addresses specified by Acronis Support Engineers. Any port might be exploited by an external third party unless access is limited only to whitelisted IP addresses.

There are three methods for accessing for Acronis Cyber Infrastructure remotely:

Method 1. Via the admin panel

https://<management_node_IP_address>:8888

This panel allows you to manage and monitor your cluster as well as set up SSH connections to it.

In order to let Acronis Support Engineers access the admin panel remotely, make sure that the TCP port 8888 is open for the management node IP address or virtual HA IP address.

We recommend that you create a separate admin panel account for Acronis Support Engineers (“acronis_support”) with administrator rights. Navigate to Settings > Users, click Add User and select the "Administrator" role for the new account. Paste the account password into a text file, pack this file into an encrypted ZIP archive using cluster name as the password, and send the archive to Acronis Support Engineers by email. 

This method works with any Acronis Cyber Infrastructure installation.

Method 2: Via SSH

SSH access is required for troubleshooting and log analysis. It is essential for resolving issues with Acronis Cyber Infrastructure.

You will need to whitelist Acronis IP addresses for accessing the management node IP address on TCP port 22 (or the custom port that you use) and add OpenSSH public keys sent by Acronis Support Engineers on the Settings > Security screen as pictured below.

If you need to provide the root credentials for your cluster, please do that by means of an encrypted ZIP archive (see Method 1)

This method works with any Acronis Cyber Infrastructure installation.

Method 3: Via IPMI

IPMI (Intelligent Platform Management Interface) is used for remote hardware management. Access to this interface is required for troubleshooting any potential hardware issues with the Acronis Cyber Infrastructure Appliance. In this case, Acronis Support Engineers will need access to the IPMI of each appliance node. Please make sure that RJ45 patch cables are connected to the IPMI ports of your appliance as per the Appliance Quick Start Guide. This is mandatory.

You can hide the IPMI IP addresses behind NAT but open the following ports for IPMI to work properly:

TCP ports:
Web port: 80
Web SSL Port: 443
IKVM Server port: 5900
Virtual Media Port: 623
SSH port: 22

UDP ports:
Remote IPMI management: 623 (immutable)

The IPMI and admin panel do not communicate with each other. Therefore you must create IPMI users separately from admin panel users. We recommend that you create a separate IPMI account for Acronis Support Engineers (“acronis_support”) via the IPMI WebUI by navigating to Configuration > Users and clicking any of the reserved lines. This operation must be repeated for each node of the appliance. Please send the account password in an encrypted ZIP archive as described in Method 1.

This method  only works with Acronis Cyber Infrastructure Appliance.

Closing remote access after troubleshooting

After the troubleshooting is over and all the issues are resolved, disable the remote access and remove the accounts created for Acronis Support Engineers:

a. In the admin panel, navigate to Settings > Users and remove the acronis_support account 

b. In the admin panel, navigate to Settings -> Security > SSH and remove the SSH keys, as described in the documentation

c. In IPMI WebUI of each node, navigate to Configuration > Users and remove the acronis_support account 

d. Close all ports described above

Performing all of these steps will minimize potential breach risks.

Tags: 

You are reporting a typo in the following text:
Simply click the "Send typo report" button to complete the report. You can also include a comment.
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
11 + 2 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.