Securing the Physical Management Connection

Language:

Oracle ILOM is an out-of-band (OOB) management tool that uses a dedicated management channel for maintaining and monitoring Oracle servers. Unlike servers with in-band management tools, Oracle servers arrive with built-in remote management capabilities, enabling system administrators to gain secure access to Oracle ILOM through a separate dedicated network connector on the service processor. While Oracle ILOM's management functionality provides system administrators with specific capabilities for monitoring and managing Oracle servers, Oracle ILOM is not designed to be a general-purpose compute engine, or accessed from an unsecured, non-trusted network connection.

Whether or not you establish a physical management connection to Oracle ILOM through the local serial port, dedicated network management port, or the standard data network port, it is essential that this physical port on the server or chassis monitoring module (CMM) is always connected to an internal trusted network, or a dedicated secure management or private network. For further guidelines when establishing a physical management connection to Oracle ILOM, see the following table.

Physical Port Management Connection to Oracle ILOM	Supported Oracle Hardware	Management Connection Security Guidelines
Dedicated Connection	Server (Port: `NET MGT)` CMM (Port: `NET MGT`)	Use a dedicated internal network for the service processor (SP) to separate it from the general data network traffic. For further details, about establishing a dedicated network management connection to Oracle ILOM, see Dedicated Network Management Connection, Oracle ILOM Administrator's Guide for Configuration and Maintenance (3.2.x)
Local Connection	Server (Port: `SER MGT`) CMM (Port: `SER MGT)`	Use a local serial management connection to access Oracle ILOM directly from the physical server or CMM. For further details about establishing a local serial management connection to Oracle ILOM, see: Local Serial Network Management Connection to Oracle ILOM, Oracle ILOM Administrator's Guide for Configuration and Maintenance (3.2.x)
Sideband Connection	Server (Ports: `NET0,` `NET1`, `NET2`, `NET3`)	Use a shared Ethernet data network to access the service processor SP whenever it is necessary to simplify cable management and network configuration by preventing the need for two separate network connections. For further details about establishing a sideband management connection to Oracle ILOM, see Sideband Management Connection, Oracle ILOM Administrator's Guide for Configuration and Maintenance (3.2.x) Note - Sideband management is supported on most Oracle servers.

Note - To defend against security attacks, you should never connect the Oracle ILOM SP to a public network, such as the Internet. You should keep the Oracle ILOM SP management traffic on a separate management network and grant access only to system administrators.