Securing the
Physical Management Connection
Oracle ILOM is an out-of-band (OOB) management tool that uses
a dedicated management channel for maintaining and monitoring Oracle
servers. Unlike servers with in-band management tools, Oracle servers
arrive with built-in remote management capabilities, enabling system
administrators to gain secure access to Oracle ILOM through a separate
dedicated network connector on the service processor. While Oracle
ILOM's management functionality provides system administrators with
specific capabilities for monitoring and managing Oracle servers, Oracle
ILOM is not designed to be a general-purpose compute engine, or
accessed from an unsecured, non-trusted network connection.
Whether or not you establish a physical management connection
to Oracle ILOM through the local serial port, dedicated network
management port, or the standard data network port, it is essential
that this physical port on the server or chassis monitoring module
(CMM) is always connected to an internal trusted network, or a dedicated
secure management or private network. For further guidelines when establishing
a physical management connection to Oracle ILOM, see the following table.
|
|
|
Dedicated Connection |
-
Server (Port: NET MGT)
CMM (Port: NET MGT)
|
Use a dedicated internal
network for the service processor (SP) to separate it from the general
data network traffic.
For further details, about establishing a dedicated network management
connection to Oracle ILOM, see
|
Local Connection |
-
Server (Port: SER MGT)
CMM (Port: SER MGT)
|
Use a local serial management
connection to access Oracle ILOM directly from the physical server
or CMM.
For further details about establishing a local serial management connection
to Oracle ILOM, see:
|
Sideband Connection |
Server (Ports: NET0, NET1, NET2, NET3) |
Use a shared Ethernet data network to
access the service processor SP whenever it is necessary to simplify
cable management and network configuration by preventing the need
for two separate network connections.
For further details about establishing a sideband management connection
to Oracle ILOM, see
Note - Sideband management is supported on most Oracle servers. |
|
Note - To defend against security attacks, you should
never connect the Oracle ILOM SP to a public network,
such as the Internet. You should keep the Oracle ILOM SP management
traffic on a separate management network and grant access only to
system administrators.