As a customer who purchases workstations, servers and cluster from Colfax International, you have the ability to remotely connect to your system through the Colfax Access Hub service in order to:
- Validate your system configuration;
- Provision and configure the operating system when your infrastructure requires a highly customized setup;
- Ensure the performance and stability of the system under your specific workload;
- Prepare the new machines for integration into your or your clients’ computing infrastructure;
- For systems returned for repairs or maintenance — validate the services applied.
Colfax Access Hub supports two modes for remote access: Express and Scale.
If you have been directed to this page by a Colfax representative, please click the button below to proceed to the private portal. You will need to create a free Colfax Experience Center account or log in if you already have one.
Important: use your work email address when registering for a Colfax Experience Center account.
Access Hub Express
A simple user experience that allows you to connect to a preinstalled OS on your Colfax Server in minutes. The connection procedure involves access to a password-protected user portal and requires uploading the public SSH key and running a single command in the terminal. Access Hub Express supports only one server per session and you cannot access the BMC or the BIOS. Your access is protected by SSH key authentication and your server resides in an isolated private network exclusive to you.
Access Hub Scale
A full-featured option that allows you to connect to a Linux-based landing host, which is a virtual machine residing in a private network exclusive to you and containing your Connected Systems. You can use remote desktop and access the BMC and the BIOS interface of your connected systems. The landing host storage is exposed with Samba, NFS and HTTP protocols, which allows you to run virtual media in the BMC and use it to provision, configure and fully prepare your connected systems for integration into your infrastructure.
Feature Comparison
Both Access Hub Express and Access Hub Scale are free services available to the customers of Colfax’s system business. Depending on the size of your order and your requirements (e.g., whether you prefer to provision and configure the systems yourself), you can choose how you want to connect. The table below can help guide you to the correct solution.
Feature | Access Hub Express | Access Hub Scale |
---|---|---|
SSH Access in Minutes | ✅ | ✅ |
User Portal with instructions | ✅ | ✅ |
SSH key-based authentication | ✅ | ✅ |
Private network isolated from other customers | ✅ | ✅ |
Internet access for software and data downloads | ✅ | ✅ |
Root access in the OS | ✅ | ✅ |
Connect directly to your system | ✅ | ❌ |
Separate VPS for external storage and access | ❌ | ✅ |
Access to multiple systems at once | ❌ | ✅ |
Access to the BMC and BIOS | ❌ | ✅ |
You perform the system provisioning and configuration | ❌ | ✅ |
Access to systems with Microsoft Windows | ❌ | ✅ |
Remote desktop | OS-dependent | ✅ |
If your goal is to connect to a single system, which is already provisioned by Colfax, and only inspect the OS configuration, then Access Hub Express may give you a quick and efficient experience. If your order contains multiple systems or you require access to the BMC, then opt for Access Hub Scale.
User Portal
To allow you to manage your SSH keys and to receive up-to-date status and instructions for your Access Hub experience, we are providing a website that we refer to as User Portal. The first time you use this portal, you will have to sign up for a Colfax Experience Center account and verify the email address used for it.
You will be guided to the sign-up process by an email invitation that our technicians initiate once your systems are ready for remote access. Make sure that you sign up and verify the same email address as the one that the invitation is sent to. We will use this address to match your new account to the reserved Access Hub session.
If you already have a Colfax Experience Center account with the correct email address (from an earlier Access Hub session or from one of our Test Drive programs), you can re-use it, no need to sign up for a new one.
Once you log in to the User Portal, you will see instructions for uploading your public SSH keys, configuring your SSH client for connection the Access Hub, and a variety of useful tips section.
What you will see in the User Portal after login may look like this:
SSH Access
When you follow the instructions in the User Portal to establish an SSH connection to your Colfax server (for Access Hub Express) or the Landing Host (for Access Hub Scale), your terminal will open a shell session on it. Users familiar with Linux will feel right at home in the shell session. It allows you to interact with the files and processes on your server, query and modify its configuration, install software, run applications and benchmarks.
Your Colfax server (for Access Hub Express) or Landing Host (for Access Hub Scale) will have access to the Internet, so you can clone repositories, pull containers, install additional software, as well as copy your data to the server.
Remote Desktop
Besides a shell session, you can interact with your Colfax server or Landing Host using a remote desktop client, a Jupyter Notebook/JupyterLab interface, or any other IP-based service. To do this, you will use port forwarding in your SSH client With port forwarding, your SSH client will forward one of your local ports through the SSH pipe to a port in your Access Hub private network. This will give you an encrypted path to your remote service.
For example, using the Microsoft® Remote Desktop client, the configuration may look like this:
And this forwarded port resolves to the remote desktop on the Landing Host:
Server Management with BMC
The Access Hub Scale service allows you to use the server management features of your systems by connecting you to the Baseboard Management Controller (BMC) web interface. From the BMC interface, you can read server health metrics, control power to the system, mount virtual media, and interact with the system’s virtual console through your web browser. We simplify the workflow for you by automatically generating in the User Portal a list of URLs through which you can access your Connected Systems, both via a remote desktop and through SSH port forwarding. Here is an example of what you may see in your User Portal:
Below, we using a local browser to connect, through SSH port forwarding, to the BMC web interface of one of our Connected Systems, in which we are viewing the system’s iKVM console and installing an operating system from a virtual media mounted from the Landing Host storage:
Collaboration
If you need to share remote access to your server with your coworkers, do not give them your Colfax Experience Center account. Instead, add their public SSH key to your account, which will grant them SSH access. Additionally, you can create a separate user account for them if necessary. You can find details of these methods in the F.A.Q. section of the User Portal.
Connection Security
To reach your Colfax Server or Landing Host, you will use a Secure Shell (SSH) connection with public key authentication. To do that, you will have to create an SSH key pair (or use an existing pair if you already have one). The private key part is used to encrypt your data. You should keep it on your local system and never share with anyone. The public part is used to decrypt your data and to grant you access to servers. You can share it with people and entities that need to authenticate you using this key. When you share this key with Colfax, we will store it in our secure key server and configure your Colfax server or Landing Host to accept incoming SSH connections authenticated with this key.
For additional security, we do not expose your Colfax server or Landing Host directly to the Internet. Rather, we run a Jump Host that is exposed to the Internet and configure it to accept incoming SSH connections, authenticate them using your public key (Authentication 1), and forward these connections to your Colfax server. At the final destination, the SSH connection is authenticated once more using your SSH key (Authentication 2). This ensures that, even if your Colfax server is running some services other than SSH, they will not be exposed to unauthorized traffic.
The User Portal documentation guides you through the configuration of a key-based SSH connection passing through a Jump Host. The resulting connection operates as illustrated in the diagram below.
In Access Hub Express, to allow your Colfax server to communicate with our Public Key Server, our technicians will add a few lines to the SSH server configuration file on it. These lines may be retained when you receive your Colfax server (unless we re-provision it prior to shipping), however, they will not impact its operation in your environment. You can also remove these configuration lines from the file /etc/ssh/sshd_config with no ill effects.
For Access Hub Scale, the target of your SSH connection is the Landing Host, a virtual private server running inside Colfax’s cloud infrastructure. Its out-of-the-box configuration allows it to accept your incoming connection and authenticate it with your private SSH key:
In the Access Hub Scale service, your Colfax server configuration will not be modified. Furthermore, if you prefer to install the OS on your Connected Systems, you can configure your own authentication (e.g., with a username and a password or through your organization’s LDAP server). If you need the management credentials for the BMC (and IPMI), you will find them in the Access Hub User Portal.
Connected System Security
We use industry-standard practices for protecting your built Colfax systems from unauthorized access. These include:
- Isolating your systems from the Internet with the help of a firewall and a Jump Host as explained above;
- Isolating your server from other tenants of the Access Hub service by placing it into a separate private network;
- Further protecting your network from third-party traffic by VLAN-tagging the traffic directed to your systems;
- Securing the management services used for access automation with TLS, JWT, network isolation, and other appropriate mechanisms;
- Using a well-supported third-party implementation of the OAuth 2.0 protocol for access authorization to the User Portal.
With your Colfax server protected from external, internal, and cross-tenant traffic, only you and Colfax staff have the ability to interact with the server. Colfax applies the same high standards to your privacy during remote access as we do to building, testing, and shipping your Colfax-built systems. Our technicians will access your server only if you explicitly request us to do so for the purposes of assistance, troubleshooting, or any other need that you have. Colfax does not retain any technical means to access your server after the remote access program.
Please do your part in securing your Access Hub experience:
- Use a strong password for your Colfax Experience Center account and do not share it with others. If you need to share access to the server with a colleague, use the methods described in the User Portal section “Collaboration”;
- Keep the private part of your SSH key secure and do not share it with anyone;
- Be mindful of services and settings of your server that you create that may open it to unauthorized access once it leaves the Colfax infrastructure.
What This Means for You
The Colfax Access Hub service is a powerful tool for preparing your Colfax servers for integration into your or your customer’s infrastructure. You can install operating systems, configure BIOS settings, test networking, and otherwise prepare your Colfax servers for deployment before they are boxed and shipped to you. It may reduce your logistical hassles, eliminate remote hand expenses in the datacenter, and accelerate your infrastructure development. If you are interested in this experience, contact us by email.
Begin Your Remote Access
If you have been directed to this page by a Colfax representative, please click the button below to proceed to the private portal. You will need to create a free Colfax Experience Center account or log in if you already have one.
Important: use your work email address when registering for a Colfax Experience Center account.