ipmi access

charles at thefnf.org charles at thefnf.org
Mon Jun 2 15:19:53 UTC 2014


On 2014-06-02 07:19, Andrew Latham wrote:
> I use OpenVPN to access an Admin/sandboxed network with insecure 
> portals,
> wiki, and ipmi.


Same here.  My entire in band management plane (DRAC 
(disk/cpu/temperature etc telemetry to my OpenManage/Zenoss server), 
OpenSSH and 80/443 for backend stuffs) is all behind OpenVPN. Zero 
outside exposure.

Out of band, is a cyclades (acs48) directly on the internet with all my 
consoles hooked up and it controls daisy chained Cyclades PDUs. I have 
fairly strong passwords on it, everything is SSH.

How important is it to setup ACLs on it? Like say some VPS that's 
outside my infra and lock the Cyclades down to that? Is that really a 
much higher level of security?



More information about the NANOG mailing list