[CentOS] IPMI/BMC/BIOS

[CentOS] IPMI/BMC/BIOS

	Chris Murphy
	Jul 2, 2015 at 6:32 pm

https://lwn.net/Articles/630778/

I think you definitely want this stuff as far away from the regular
LAN, let alone the Internet, as possible.

Chris Murphy

Search Discussions

Discussion Posts

Greg Lindahl: I've used those for devices that were fairly dumb, but for servers it can be nicely cheaper to use serial-over-ipmi plus conman for that purpose. It's necessary to log and monitor the serial consoles, there are a variety of OOPses and BUGs and whatnot that only appear there. I've been using 'conman' for this purpose. I totally agree with you about having a separate admin-only network. It's not that expensive to build one up using dumb switches. -- greg

Follow ups

Peter Kjellström: +1 for this. We typically put all management ports for a 'system/project' on a sep. non-routed eth. segment to which only the, for the 'system/project', designated management servers can connect. It is probably a good idea to consider random ethernet connected 'things' as soft security wise and not suitable for the big bad internet... As for bios/firmware on servers the best one can do is to use non-deprecated hardware from responsible vendors and keep up to date with their sec. info and update

Related Discussions

Discussion Navigation

view	thread \| post
posts	‹ prev \| 4 of 5 \| next ›

Discussion Overview

group	centos @
categories	centos
posted	Jul 2, '15 at 10:11a
active	Jul 6, '15 at 8:28a
posts	5
users	5
website	centos.org
irc	#centos

font	variable	Hotkey: f
user style	avatars	Hotkey: a

[CentOS] IPMI/BMC/BIOS

Search Discussions

Discussion Posts

Related Discussions

5 users in discussion