{"id":52458,"date":"2022-03-15T09:00:02","date_gmt":"2022-03-15T08:00:02","guid":{"rendered":"https:\/\/nolabnoparty.com\/?p=52458"},"modified":"2022-03-13T18:08:31","modified_gmt":"2022-03-13T17:08:31","slug":"kemp-secure-remote-access-to-loadmaster","status":"publish","type":"post","link":"https:\/\/nolabnoparty.com\/en\/kemp-secure-remote-access-to-loadmaster\/","title":{"rendered":"Kemp: secure remote access to LoadMaster"},"content":{"rendered":"<p><img decoding=\"async\" class=\"aligncenter wp-image-52473 size-full\" title=\"kemp-secure-remote-access-loadmaster-01\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/03\/kemp-secure-remote-access-loadmaster-01.jpg\" alt=\"kemp-secure-remote-access-loadmaster-01\" width=\"602\" height=\"202\" \/><\/p>\n<p>To increase the security level of your Kemp load balancer, you can secure remote access to <a href=\"https:\/\/nolabnoparty.com\/en\/kemp-load-balancer-for-vmware-horizon-deployment-pt-1\/\">LoadMaster<\/a> by isolating the administrative access to a <strong>separate interface<\/strong>.<\/p>\n<p>By default, the LoadMaster uses the <strong>IP address associated with eth0<\/strong> to remote access the Web User Interface (WUI). In a common scenario both <strong>Virtual Service<\/strong> address and the <strong>administrative WUI<\/strong> address resides in the <strong>same subnet<\/strong> and in the same interface.<!--more--><\/p>\n<p>Isolating the administrative access to a dedicated interface with <strong>its own subnet or VLAN<\/strong> is considered a best practice.<\/p>\n<p>&nbsp;<\/p>\n<h2>Secure remote access to LoadMaster<\/h2>\n<p>Before powering on the Kemp LoadMaster, you need to <strong>add a new NIC interface<\/strong> to the appliance to separate the management traffic.<\/p>\n<p>&nbsp;<\/p>\n<h4>Add a new NIC interface<\/h4>\n<p>Right click the Kemp appliance and select <strong>Edit Settings<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-52475 size-large\" title=\"kemp-secure-remote-access-loadmaster-02\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/03\/kemp-secure-remote-access-loadmaster-02-600x439.jpg\" alt=\"kemp-secure-remote-access-loadmaster-02\" width=\"600\" height=\"439\" \/><\/p>\n<p>Click <strong>Add New Device<\/strong> and select <strong>Network Adapter<\/strong> option under <strong>Network<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-52477 size-large\" title=\"kemp-secure-remote-access-loadmaster-03\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/03\/kemp-secure-remote-access-loadmaster-03-600x490.jpg\" alt=\"kemp-secure-remote-access-loadmaster-03\" width=\"600\" height=\"490\" \/><\/p>\n<p>Associate the new NIC with the <strong>management network<\/strong>, enable the <strong>Connect At Power On<\/strong> option and make sure <strong>VMXNET 3 <\/strong>is selected as <strong>Adapter Type<\/strong>. Click <strong>OK<\/strong> to save the configuration.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-52479 size-large\" title=\"kemp-secure-remote-access-loadmaster-04\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/03\/kemp-secure-remote-access-loadmaster-04-600x527.jpg\" alt=\"kemp-secure-remote-access-loadmaster-04\" width=\"600\" height=\"527\" \/><\/p>\n<p>Login to the <a href=\"https:\/\/nolabnoparty.com\/en\/kemp-load-balancer-for-vmware-horizon-configure-ha-pt-3\/\">Kemp LoadMaster<\/a>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-52481 size-large\" title=\"kemp-secure-remote-access-loadmaster-05\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/03\/kemp-secure-remote-access-loadmaster-05-600x392.jpg\" alt=\"kemp-secure-remote-access-loadmaster-05\" width=\"600\" height=\"392\" \/><\/p>\n<p>&nbsp;<\/p>\n<h4>Configure the new NIC<\/h4>\n<p>Access the <strong>System Configuration<\/strong> area and under <strong>Network Setup<\/strong> select the new <strong>eth interface<\/strong>\u00a0(<em>eth2<\/em> in the example). Specify the IP address to use for the <strong>Interface Address<\/strong> and click <strong>Set Address<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-52483 size-large\" title=\"kemp-secure-remote-access-loadmaster-06\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/03\/kemp-secure-remote-access-loadmaster-06-600x307.jpg\" alt=\"kemp-secure-remote-access-loadmaster-06\" width=\"600\" height=\"307\" \/><\/p>\n<p>Click <strong>OK<\/strong> to confirm.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-52485 size-full\" title=\"kemp-secure-remote-access-loadmaster-07\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/03\/kemp-secure-remote-access-loadmaster-07.jpg\" alt=\"kemp-secure-remote-access-loadmaster-07\" width=\"410\" height=\"133\" \/><\/p>\n<p>The new IP Address is being set.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-52487 size-large\" title=\"kemp-secure-remote-access-loadmaster-08\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/03\/kemp-secure-remote-access-loadmaster-08-600x140.jpg\" alt=\"kemp-secure-remote-access-loadmaster-08\" width=\"600\" height=\"140\" \/><\/p>\n<p>The new IP address has been configured successfully.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-52489 size-large\" title=\"kemp-secure-remote-access-loadmaster-09\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/03\/kemp-secure-remote-access-loadmaster-09-600x270.jpg\" alt=\"kemp-secure-remote-access-loadmaster-09\" width=\"600\" height=\"270\" \/><\/p>\n<p>&nbsp;<\/p>\n<h4>Secure the remote access<\/h4>\n<p>Now access the <strong>Certificate &amp; Security &gt; Remote Access<\/strong> area. From the <strong>Allow Web Administrative Access<\/strong> drop-down list select the <strong>IP address associated<\/strong> to your management network.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-52491 size-large\" title=\"kemp-secure-remote-access-loadmaster-10\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/03\/kemp-secure-remote-access-loadmaster-10-600x286.jpg\" alt=\"kemp-secure-remote-access-loadmaster-10\" width=\"600\" height=\"286\" \/><\/p>\n<p>Click <strong>OK<\/strong> to confirm.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-52493 size-full\" title=\"kemp-secure-remote-access-loadmaster-11\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/03\/kemp-secure-remote-access-loadmaster-11.jpg\" alt=\"kemp-secure-remote-access-loadmaster-11\" width=\"410\" height=\"165\" \/><\/p>\n<p>Also the <strong>Allow Remote SSH Access<\/strong> option should be configured to the management network to <strong>restrict the SSH access<\/strong> because by default it allows the access on any interface address. Specify the <strong>Admin Default Gateway<\/strong> associated with your management network then click <strong>Set Administrative Access<\/strong> button. Be careful since you <strong>lose the connectivity<\/strong> to your appliance.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-52495 size-large\" title=\"kemp-secure-remote-access-loadmaster-12\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/03\/kemp-secure-remote-access-loadmaster-12-600x300.jpg\" alt=\"kemp-secure-remote-access-loadmaster-12\" width=\"600\" height=\"300\" \/><\/p>\n<p>Click <strong>OK<\/strong> to confirm. The IP Address to manage the LoadMaster is now <strong>switched to the new subnet<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-52497 size-full\" title=\"kemp-secure-remote-access-loadmaster-13\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/03\/kemp-secure-remote-access-loadmaster-13.jpg\" alt=\"kemp-secure-remote-access-loadmaster-13\" width=\"410\" height=\"149\" \/><\/p>\n<p>To test the new configuration, enter the <strong>new IP Address\/DNS Name<\/strong> in your favorite browser. The Web User Interface of your LoadMaster is now <strong>accessible from the management network<\/strong> specified during the configuration.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-52499 size-large\" title=\"kemp-secure-remote-access-loadmaster-14\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/03\/kemp-secure-remote-access-loadmaster-14-600x419.jpg\" alt=\"kemp-secure-remote-access-loadmaster-14\" width=\"600\" height=\"419\" \/><\/p>\n<p>This configuration helps to increase the security level of your appliance and secure your LoadMaster from <strong>potential intruders<\/strong>.<\/p>\n<p>Kemp LoadMaster is available to download also as <a href=\"https:\/\/freeloadbalancer.com\/\" target=\"_blank\" rel=\"noopener\">free edition<\/a>.<\/p>\n<p><img decoding=\"async\" title=\"signature\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/images\/firma.jpg\" alt=\"signature\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>To increase the security level of your Kemp load balancer, you can secure remote access to LoadMaster by isolating the administrative access to a separate interface. By default, the LoadMaster uses the IP address associated with eth0 to remote access the Web User Interface (WUI). In a common scenario both Virtual Service address and the administrative WUI address resides in the same subnet and in the same interface.<\/p>\n","protected":false},"author":3,"featured_media":52473,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rop_custom_images_group":[],"rop_custom_messages_group":[],"rop_publish_now":"initial","rop_publish_now_accounts":{"linkedin_93tdZWzMZc_93tdZWzMZc":"","facebook_2879994398731222_17841400390232720":"","twitter_113568041_113568041":"","mastodon_115463926174894442_115463926174894442":""},"rop_publish_now_history":[],"rop_publish_now_status":"pending","footnotes":""},"categories":[1025,903],"tags":[2365,2443,2442],"class_list":["post-52458","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-horizon-en","category-vmware-en","tag-kemp","tag-loadmaster-en","tag-remote-access","has_thumb"],"_links":{"self":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts\/52458","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/comments?post=52458"}],"version-history":[{"count":0,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts\/52458\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/media\/52473"}],"wp:attachment":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/media?parent=52458"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/categories?post=52458"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/tags?post=52458"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}