New Preseem appliances need to be activated. The activation process ensures that the latest Preseem software is installed and connects the appliance to your account.
The Preseem appliance will arrive with a one page card which provides the default login credentials and outlines the default configuration of the management ports. The interface names presented on the card will be used throughout the rest of this article.
If the card that came with your appliance is not available, Preseem support can provide you with the default login credentials.
For each appliance model, the associated page shows the default link configuration.
Activation Process Overview
At the highest level, the steps to activate a new Preseem appliance are:
- Power on the appliance
- Login to the appliance
- Configure the management interfaces as required for the deployment. Note: Preseem strongly recommends a static IP configuration for the management interfaces over DHCP.
- Provide remote access to Preseem staff to complete the activation and validate the deployment before processing subscriber traffic
Access the Preseem Appliance
The operating system level configuration of the Preseem appliance can be accomplished through one of three methods below. Note that in all cases, login credentials are required.
- Serial console. Each appliance ships with a blue USB serial cable. The serial port on the appliance looks like an Ethernet jack and can be located by looking at the model specific documentation (linked above). For information on how to connect to the appliance with the serial cable please see this article. The primary advantage of the serial console method is that the appliance does not need to be connected to the Internet to modify the IP configuration on the management ports.
- SSH. Available on the standard SSH port 22.
- Cockpit - Fedora's web based administration tool. This is available at https://<APPLIANCE IP>:9090.
Connecting Preseem to the Internet
Each Preseem appliance needs to be connected to the Internet. This is necessary for the appliance to reach the Preseem cloud during normal operation and to provide Preseem support remote access for management and debugging purposes.
Each Preseem appliance ships with two management interfaces (see the card for your model). By default, one interface is set for DHCP and the other has a specific static IP set. If DHCP is available in the environment, using the DHCP port is the simplest way to get initial access to the appliance. If DHCP is not available, configure a laptop or other equipment to be in the same subnet as the statically configured management port. This will enable SSH or Cockpit access.
Static IP Management Configuration
Preseem strongly recommends using a static IP address on the active management interface during production deployment. Often the simplest path to configure this is to use the serial console or DHCP port to initially access the appliance and then reconfigure the second management interface which already has a static IP to have the IP configuration required for deployment.
Please follow this article for instructions on how to change the management IP configuration.
Preseem strongly recommends that customers have a firewall in place to limit access to the management interfaces. This greatly reduces the possibility of remote compromise and the risk associated with brute force login attempts.
All inbound connections from Preseem staff come from a small set of IP addresses:
From a security standpoint, it does not matter if the firewall rules are enforced in the network on a upstream router or firewall or if they are enforced in the firewall on the Preseem appliance itself. For details on how to configure the firewall on the Preseem appliance, please see this article.
Activation and Validation
Once the appliance is connected to the Internet and the firewall is in place, please provide the management IP address to your Preseem on-boarding contact. They will login to the unit and perform the following actions:
- Ensure the latest base operating system and Preseem packages are installed
- Change the default password (provided on the card inside the box) and provide you with a new password
- Connect the appliance to your Preseem account
- Perform deployment specific configuration