I am managing a co-located server which has been rebooted and has not turned back on. It is in a data center and difficult to access, as such I am looking at Intel's RMM4 (compatible with the server board) as a solution.
Do I have to run two cables from the ISP's switch OR if there is a way to split a single cable? I assume that IPMI BMC needs to have it's own IP address?
Please note that the server is a computation server which is connected to a shared firewall and has a virtualized network (firewall + a virtual servers) and as such has one Ethernet cable connected to it.
Also, what are the security implications of IPMI BMC and how is it best to secure? I understand that Intel allows to limit access using IP addresses, is there anything else I should be aware of or do?
Best Answer
Depending on the platform (eg, I've seen this with the Intel S2600GZ and similar systems), you can configure the RMM4 to use one of the first two onboard LAN ports, or the dedicated RMM4 port.
These show up as IPMI LAN channels 1 - 3, the first two being onboard ethernet, the last being the dedicated port.
In short, you will still need a unique IP address for the RMM4 controller, but you can get away with just the one cable.
HOWEVER: you really don't want to run the RMM4 on a public facing IP address if you can avoid it, as a compromise of this can easily result in a complete compromise of your server (they effectively have remote console access). So while this is possible, you'd be much better off running a firewall device in front of your server, and having the IPMI/RMM4 and server connect to that, and then using a VPN to control access to the RMM4 management interfaces