Products
Европейската програма Конкурентоспособност
Евперативна програма - Иновации и конкурентоспособност 2014-2020
Избор на изпълнител/и за надграждане на съществуваща ERP система с модули с нови функционалности
Best Practices for managing servers with IPMI features enabled in Datacenters
Baseboard Management controllers (BMC) with IPMI is commonly used to manage servers. Most Supermicro server models support IPMI either through a dedicated management interface or through ...

19 July 2013 12:07

Baseboard Management controllers (BMC) with IPMI is commonly used to manage servers. Most Supermicro server models support IPMI either through a dedicated management interface or through a shared LAN. All X7 and later generation products have IPMI 2.0 enabled that provides security through encryption algorithms. BMC provides powerful remote debugging capabilities in the datacenters but at the same time if not configured properly, causes unwarranted access to BMCs from Internet or within the company and can compromise the security of your machines. Supermicro recommends the following steps that datacenters need to consider while using IPMI to manage your machines.

1. Network Configuration
a. Restrict inbound traffic over internet directly to BMCs. Logon to a secure management server in datacenter and manage all BMCs from the management server.
b. Reserve special IP address range (private subnets) to BMC management interfaces and management servers. Don’t use reserved IP subnets with LAN interfaces of the managed machines.
c. Configure the firewall to restrict outbound traffic from BMC including alerts within the reserved IP range.
d. Use dedicated management interfaces for managing BMCs. If dedicated management interfaces are absent and have to use shared LAN, then configure separate VLANs for

2. BMC Configuration
a. Customize service ports information on the BMC to your datacenter specifications. For example; you can configure http port to 57880 instead of 80.
b. Change the default password during installation and use strong passwords
c. Create user policies and roles on BMC
d. Use the IP Access Policy to enable access rules to BMC from management servers

3. Additional measures
a. Monitor for unusual traffic between BMC and other machines in the network
b. Pay attention to firmware release notes (especially related to security fixes) and plan upgrades of the firmware during maintenance cycles

For further questions, please contact service@persy.com


Shopping Cart
0 Product

0 .00 USD
w/o VAT

View | Order
Contact us
0700 42030
 
Sales Team:
sales@persy.com

Service Team:

service@persy.com

Intel Technology Provider Platinium 2016

Intel Technology Provider HPC Data Centre Specialist

nVidia - Partner Force - TESLA Prefered Provider

Storpool

Online Newsletter
Learn for new products, promotions and news!


Persy Ltd. is working with quality management ISO 9001:2008
Certificate Number: 90810529

Payments
prices are calculated with rate 1.50 BGL for USD