Advanced Remote Support

Advanced Remote Support (ARS) is a secure troubleshooting mechanism that allows Platform9 support engineers to log onto your Private Cloud Director hosts to analyze and resolve complex technical issues. By default, Platform9 support team members cannot interactively access your hosts. However, when you enable ARS, support engineers can securely connect through the host's existing connection to the Platform9 management plane.

Despite being based on SSH, ARS does not expose your host to SSH login from any external network. The mechanism leverages secure channels and does not require any firewall changes to your host or network infrastructure. In this guide, you will learn how to enable, configure, and disable Advanced Remote Support for your PCD hosts.

Prerequisites

Before you enable Advanced Remote Support, ensure you have:

  • Administrative access to the PCD UI

  • Root or sudo access to the target host

  • The SSH daemon (sshd) running on the target host

  • The pf9 user account created on the host (this is created automatically during PCD installation)

Enable Advanced Remote Support

To enable Advanced Remote Support for a host:

  1. Navigate to Infrastructure → Cluster Hosts in the PCD UI.

  2. Select the checkbox next to the host where you want to enable remote support.

  3. Click Edit Roles.

  4. Select the Advanced Remote Support checkbox.

  5. Click Update Role Assignment.

Expected outcome: The host now allows Platform9 support engineers to establish secure SSH connections through the management plane.

Verify SSH Daemon Configuration

To ensure the SSH daemon is properly configured:

  1. Connect to your host using your standard SSH method.

  2. Verify that the sshd service is running by executing the appropriate command for your operating system.

  3. Confirm that the SSH daemon configuration allows key-based authentication.

Consult your Linux operating system's documentation for specific instructions on verifying and configuring the SSH daemon.

Configure Sudo Access (Optional, Recommended)

When ARS is enabled, Platform9 support engineers log into the host using the pf9 user account. By default, this account has restricted privileges. To allow support engineers to run diagnostic commands with elevated privileges, you need to configure sudo access for the pf9 user.

Requirements for Sudo Access

To grant sudo access:

  • sudo must be enabled for the 'pf9' user

  • sudo must allow the 'pf9' user to authenticate without a password (ARS uses one-time SSH keys, so the 'pf9' user does not have a password by default)

Configure Sudo on Debian and Ubuntu Systems

To configure sudo access on Debian-based systems:

  1. Add the 'pf9' user to the wheel group by running the following command:

usermod -aG wheel pf9

  1. Edit the sudo rules by running the visudo command.

  2. Add or verify the following line to allow wheel group members to authenticate without a password:

pf9 ALL=(ALL) NOPASSWD: ALL

  1. Save and exit the editor.

Expected outcome: The 'pf9' user can now run commands with sudo privileges without entering a password.

For other Linux distributions, consult your operating system's documentation for specific instructions on configuring passwordless sudo access.

Coordinate with Platform9 Support

After enabling Advanced Remote Support, coordinate with your Platform9 support representative to arrange access:

  1. Identify the specific host that requires troubleshooting by sharing:

    • The contents of the host's /etc/pf9/host_id.conf file, or

    • The host's hostname

  2. Agree on a time window when the support engineer can access the host.

  3. Confirm that ARS is enabled and properly configured on the target host.

Disable Advanced Remote Support

When troubleshooting is complete, you should disable Advanced Remote Support to restore standard access controls.

To disable Advanced Remote Support:

  1. Navigate to Infrastructure → Cluster Hosts in the Private Cloud Director UI.

  2. Select the checkbox next to the host where you want to disable remote support.

  3. Click Edit Roles.

  4. Deselect the Advanced Remote Support checkbox.

  5. Click Update Role Assignment.

Expected outcome: Platform9 support engineers can no longer establish SSH connections to the host through the management plane.

PreviousManually Configure CPU ModelNextHost Aggregate

Last updated

Was this helpful?