-2

I have tried searching the internet for many hours on this issue and I haven't found anything that would fit my needs.

Here is the problem: We have some HP DL380 servers in a network that is closed off to the Internet that we are trying to get a cmd.exe session or into. The main cable medium I am trying to use is a serial connection cable.

We are nowhere near the site that these HP DL380 servers are at but we had the idea that if we ship out a raspberry pi and a Verizon mobile hotspot and get a remote SSH session to the Raspberry Pi (using a service called remot3.it, we have tested this and it works) then if we can get a cmd.exe session from the Raspberry Pi into the HP DL380s (via a serial cable) we won't have to travel to go and work on these servers.

I have only found one Server Fault topic remotely similar to this (Windows serial console) and I was kind of confused on how to actually execute what they were saying.

This question is merely to see if this is possible.

Also, if you have any questions regarding this please let me know and I will answer as quickly as possible.

I apologize if I missed something as this is my first post on any stack exchange site so I am trying to get used to it :).

Thank you all!

cGpE
  • 1
  • 2
  • 1
    It's probably going to be _much_ easier if you connect a second Ethernet adapter to the Pi and the server network. That way you won't have to mess with the serial setup and can access all servers at once. – Zac67 Dec 05 '17 at 19:00
  • Why is the server isolated from the internet? What are the security implications of creating a new attack vector via the internet? – Skyhawk Dec 05 '17 at 19:04
  • It is isolated for security. If I can get the cmd session into the Windows server, the session will only be active for less than an hour, it would simply be to fix a small error on the server and then get out. The session and the connection will then be terminated after that. I do understand where you are coming from, but I would hope we can develop some security controls to help prevent the Pi from becoming a vulnerable attack vector. – cGpE Dec 05 '17 at 19:11
  • 1
    @cGpE Oops. Since you're going to have to get someone at the datacenter to issue console commands to enable you to issue console commands remotely, it might make more sense to just have someone at the datacenter issue the commands for the fix you need to make rather than issue the commands to enable the serial console. – Todd Wilcox Dec 05 '17 at 19:15
  • Hmmmm That is a very good point. I wonder if there are any other avenues I can pursue without having someone issue commands onto the server..... – cGpE Dec 05 '17 at 19:30

2 Answers2

0

I found the linked Q&A fairly clear, and based on my read of it, the answer to your question is Yes, it is possible. The catch is you'll have to have someone access the consoles on those servers and issue the commands mentioned in the linked Q&A, which will then enable the Pi to connect via the serial port.

It might clarify the process to understand what BCDedit is and does and how those commands work. It looks like after the BCDedit commands have been run on the servers, they will have to be rebooted before you can access the EMS on the serial interface.

You definitely want to test all this with some Windows server at your location to make sure you know how it works and what limitations there are. Sending some instructions off to a faraway datacenter and keeping your fingers crossed doesn't seem wise.

Todd Wilcox
  • 2,831
  • 2
  • 19
  • 31
  • Yea actually the Q&A was actually pretty clear but what I was basing my confusion off of was this (https://gist.github.com/Supermathie/7423949). That is something that was linked in a comment showing how to do it. I guess I'll just have to try it out on a server here though. Thank you for the quick reply! I will also do some reading into what BCDedit does. Again thank you and have a great day! – cGpE Dec 05 '17 at 19:06
  • @cGpE The link to the file on GitHub shows what it looks like when it's working, not how to make it work. To make it work you just issue the BCDedit commands. – Todd Wilcox Dec 05 '17 at 19:14
0

One solution I've used for isolated servers is to connect a spare/old computer to the same network as the servers' iLO ports (not your normal isolated network), and make that computer accessible via something like VPN. You can then remotely connect to the "bridge" computer and access the iLO interface for the servers, giving you management capabilities and a limited remote desktop. This assumes that your servers use different networks for management and normal communication, though. It has the added benefit of allowing you to use one "bridge" machine to access many servers, instead of requiring a bunch of RPis and serial cables.

bta
  • 536
  • 2
  • 8