Hi everyone,
is it possible to update IGEL Clients Firmware over ICG?
Hi, not directly, you have the ability to use the external storage:
www.igelcommunity.com/igel-firmware-updates-guide
Related: That guide should definitely be written with new images used, as the compression used to save it makes most of them completely unreadable, IMO.
An [SFTP or FTPS] server in your DMZ can handle firmware updates over ICG just fine, IME. I imagine it’s even easier if you’re an AWS customer.
Would you mind to check this feedback?
Alright, i looked trough the Guide, definitly interesting.
Something im still wondering: i can download firmware from igel itself via www.igel.de/software-downloads/workspace-edition/.
Would it be possible for ICG Clients to automatically download firmware from igels website?
In theory: yes BUT the Firmwares there are packed into zip, and our endpoints expect them to be unpacked on a Web/FTP Public space.
Yes, I know… it has been on my todo list for a long time, i need to update it but just have not found the time to do it. Maybe soon. let’s see if i can move it up the list ….
Then, would it be possible using a provider using next cloud? We have someone who uses nextcloud, but i dont know if the ums/configuration can work with the username and passwort that are required when loging in.
Yes, a partner here in Germany did this! Thanks to @member: would you mind sharing your doc, or should I in your name?
I’m gonna test this out on my lab Monday
linuxconfig.org/how-to-setup-sftp-server-on-ubuntu-18-04-bionic-beaver-with-vsftpd linuxconfig.org/how-to-setup-sftp-server-on-ubuntu-18-04-bionic-beaver-with-vsftpd
Ill install the sftp server on the same vm where ICG is installed and increase the ressources if needed
SFTP (or SecureFTP in IGEL UMS) means FTP over SSH which should already be installed on most linux systems as it is a module for the openssh server – but could be a security problem as you need to open SSH to the whole internet for that.
I personally do net recommend using FTP as it is not an easy protocol for firewalls an can be make some trouble if firewalls and NAT are involved. We use a HTTPS server for our firmware updates and use lighttpd for that as it is lightweight and as all features needed for serving static files.
That’s a valid point, thanks for your input.
This is for a home lab and I was thinking about using vsftpd but I guess since it’s FTP the same security risk apply?
How To Install an FTP Server On Ubuntu with vsftpd
Ultimately, I want a free and easy to maintain solution. Also If I could avoid an extra VM just for that, it would be great. I’m not a linux guy so this is all new for me.
I will look into lighttpd.
Would you mind sharing your documentation for lighthttpd?
If you use vsftpd it will use Ports 20 and 21 and therefore you can restrict Port 22 for ssh remote administration to your management network for some extra security. But as I said this may cause problems with NAT and firewalls. I will get our config for lighttpd, do anonymize some settings and enter some comments before I post it here. I chose lighttpd because I already worked with it in the past, other lightweight webservers like nginx will also work and of course apache would work too but is a bit oversized for just serving some static files.
Here is our lighttpd.conf, it did replaced our the real server name with servername. We generate access stats once a day with awstats and also habe server stats enabled – both a password protected. We also distribute Jabra update packages to out IGEL devices. Folders for Igel firmware and Jabra update have different folders with different users and passwords – in the profiles in UMS we use igelfwupd and jabraupd for that. The user igeladmin will not be used by IGEL devices but by us admins to access the folder from a browser.
If anyone has suggestions to tighten security further, let me know 🙂
Continue reading and comment on the thread ‘Is it possible to update IGEL OS Clients Firmware over ICG?’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?
Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.Submit a question, or Join Today!