How do you manage your servers remotely?

[HodgeHi]

We have a server located externally now instead of in school. I would like to be able to manage/control it from my home in case of any issues that are raised.

The problem for me as far as i am concerned though is that i don't have a static IP address at my home. I am with Virgin Media who have stated they do not do this sort of thing and if I wanted it i would have to go to their business package.

So how do you guys get around this sort of thing?

[AngryITGuy]

I use LogMeIn to control my school servers from home.

Its free and work really well, details of it can be found here

[Jamman960]

I always found my ip with NTL/Virgin to be fairly static unless I disconnected for more than a day or so. Logmein is probably the best way to go

[CyberNerd]

I use ssh to manage servers from home

[maniac]

We use the Cisco VPN client provided to all Kent schools as part of their KCN subscription to connect into the school, then I can use Remopte desktop connection to connect to my work PC, and then in turn to my Servers. Works a treat, but obviously only if your LEA offers a service like this.

Mike.

[AndyD]

Another vote for LogMeIn. Secure, easy to setup and works well

[OutToLunch]

VPN + RDP as standard, backup of SSH server/tunnel + RDP if VPN is playing up.

[HodgeHi]

All those that use SSH, how do you get around the non-static IP? I was thinking of getting the services set up on the firewall so that only my IP address was allowed.

Obviously if my IP changed then i would be up the creek.

[powdarrmonkey]

Three pronged approach: SSHGuard, configured for three strikes (three failed attempts to log in firewalls the address off for an increasing amount of time), firewall off non-uk addresses, and good password practice (you do that already, right?)

[HodgeHi]

Well it's not me in charge of the firewall rules or ports, so no i don't do it. How would you firewall off non-UK addresses? Where would yo go for that sort of information?

I'm just getting into the network side of things at the moment

[AntiThesis]

You could use DynDNS or similar to map your home IP to a hostname and authenticate using that.

Set up a VPN and/or use RDP or even UltraVNC etc. And yes - strong passwords!

[powdarrmonkey]

You could use DynDNS or similar to map your home IP to a hostname and authenticate using that.

I'd be wary of putting that much trust in DNS, especially dynamic reverse addressing. Imagine: your reverse zone has a 24 hour expiry, you're right in the middle of some critical thing and the line drops. When you're reconnected, you've got a different address, but can't do anything else until ((time you started)+24) o'clock the next day.

As for walling off except a range: ask your provider what range they use for dynamic addresses, and restrict to that.

[AntiThesis]

mmm good points

Yah your ISP should be able to provide you with addresses you can restrict to pretty easily.

[powdarrmonkey]

Afterthought: using DNS for firewalling anything is risky, because it operates at a comparatively high level in the OSI model. If your DNS lookups break, you can't get in to fix that either - same kind of problem, but more serious.

[plexer]

zonedit.com for dynamic dns would be a good idea.

Ben