Difference between revisions of "RMU build Gen-1.5"

Latest revision as of 07:50, 17 April 2024

Process for building a new RMU to convert Gen-1 sites to Gen-1.5 sites.

The following guide describes how DFINITY monitors their ICR Sites using the equipment that is already standard in most Gen-1.a sites. If you choose to follow this guide, completing everything up to Best Practices will get you remote access to the RMU and the ability to add additional services via teleport. The Best Practices section does introduce some services that greatly improve the overall experience such as being able to update firmware on all servers remotely.

Please be aware that this guide provides only the foundational steps for setting up a Gen1.5 RMU. It does not encompass comprehensive security hardening for the RMU, nor does it address system maintenance. Responsibility to ensure a secure and well-maintained environment rests with each Node Provider.

I. Prerequisites

II. Proxmox

Once Proxmox is installed and reachable (Step II.A), the rest can be done remotely.

III. Teleport

This service will provide you secure remote access to all of the services installed on your RMU.

IV. MaaS (Metal as a Service)

V. Best Practices

A. Recommended: Proxmox Security
B. Optional: Install RACADM Tool On RMU (Dell Nodes)
C. Recommended: Dell OpenManage Enterprise (OME) (Dell Nodes)
D. Recommended: Update Firmware On SuperMicro Nodes
E. Recommended: Enable Remote Access To Servers Console (Dell Nodes)
F. Recommended: Enable GUI Access To OPNsense devices

@@ Line 2: / Line 2: @@
 The following guide describes how DFINITY monitors their ICR Sites using the equipment that is already standard in most Gen-1.a sites. If you choose to follow this guide, completing everything up to [[RMU build Gen-1.5#IV. Best Practices|Best Practices]] will get you remote access to the RMU and the ability to add additional services via teleport. The [[RMU build Gen-1.5#IV. Best Practices|Best Practices]] section does introduce some services that greatly improve the overall experience such as being able to update firmware on all servers remotely.
+Please be aware that this guide provides only the foundational steps for setting up a Gen1.5 RMU. It does not encompass comprehensive security hardening for the RMU, nor does it address system maintenance. Responsibility to ensure a secure and well-maintained environment rests with each Node Provider.
 === I.  [[RMU build Gen-1.5: I. Prerequisites|Prerequisites]] ===
@@ Line 13: / Line 15: @@
 * E. [[RMU build Gen-1.5: II. Proxmox - E. Add LAN Network Device|Add LAN Network Device]]
-=== II. Teleport ===
+=== III. Teleport ===
 This service will provide you secure remote access to all of the services installed on your RMU.
 * A. [[RMU build Gen-1.5: II. Teleport - A. Create Teleport CT|Create Teleport CT]]
@@ Line 20: / Line 22: @@
 * D. [[RMU build Gen-1.5: II. Teleport - D. Teleport Notes|Teleport Notes]]
-=== III. MaaS (Metal as a Service) ===
+=== IV. MaaS (Metal as a Service) ===
 * A. [[RMU build Gen-1.5: III. Maas - A. Create Proxmox CT|Create Proxmox CT]]
@@ Line 28: / Line 30: @@
 * E. [[RMU build Gen-1.5: III. Maas - E. Configure CHCP Subnet on MaaS|Configure DHCP Subnet on MaaS]]
-=== IV. Best Practices ===
+=== V. Best Practices ===
 * A. Recommended: [[RMU build Gen-1.5: IV. Best Practices - A. Proxmox Security|Proxmox Security]]
@@ Line 37: / Line 39: @@
 * F. Recommended: [[RMU build Gen-1.5: IV. Best Practices - F. Enable GUI Access to OPNsense devices|Enable GUI Access To OPNsense devices]]
-=== V. Reference Information ===
+=== VI. Reference Information ===
 * [[RMU build Gen-1.5: V. Reference Information - Internal Network Layout|Internal Network Layout]]
 * [[RMU build Gen-1.5: V. Reference Information - RMU Cabling|RMU Cabling]]
 * [[RMU build Gen-1.5: V. Reference Information - Checking number of internal drives|Checking number of internal drives]]