S
scotch_tape
Guest
OP deleted original question...
Last edited by a moderator:
-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum has become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
- Status
That potential performance issue is well known and documented. That is also why the default is "dedicated".
You know all that stuff I keep telling people "don't change stuff unless you actually know what you are doing" just proved itself once again. :)
Failover is well documented to be a "less than obviously useful" feature as once it has "failed over" to your standard LAN port it does not switch back. This has proven to be a problem as some network switches may be on UPSes and others not. And since the darn thing doesn't fail back to the dedicated IPMI setting many people leave it as default and accept that a loss of IPMI may result and they may have to troubleshoot any LAN hardware problems at the server itself.
You know all that stuff I keep telling people "don't change stuff unless you actually know what you are doing" just proved itself once again. :)
Failover is well documented to be a "less than obviously useful" feature as once it has "failed over" to your standard LAN port it does not switch back. This has proven to be a problem as some network switches may be on UPSes and others not. And since the darn thing doesn't fail back to the dedicated IPMI setting many people leave it as default and accept that a loss of IPMI may result and they may have to troubleshoot any LAN hardware problems at the server itself.
KTrain
Dabbler
- Joined
- Dec 29, 2013
- Messages
- 36
HP iLO offers a similar feature set but defaults to the dedicated port by default. Definitely something you should always check when standing up a new server. Can't really comment on the security piece; I've never tried to harden or secure board level management.
gpsguy
Active Member
- Joined
- Jan 22, 2012
- Messages
- 4,472
Yes, there can be security issues with IPMI and/or iLO's. See the US-CERT Alert (TA13-207A) -
Risks of Using the Intelligent Platform Management Interface (IPMI)
And, you'll want to keep your firmware up to date, you can read up on Supermicro IPMI vulnerabilities here:
Supermicro IPMI Security Updates November 2013
Obviously, you can minimize your exposure by not doing stupid stuff like opening up IPMI directly to the internet. Ensure that you're using a strong password.
Risks of Using the Intelligent Platform Management Interface (IPMI)
And, you'll want to keep your firmware up to date, you can read up on Supermicro IPMI vulnerabilities here:
Supermicro IPMI Security Updates November 2013
Obviously, you can minimize your exposure by not doing stupid stuff like opening up IPMI directly to the internet. Ensure that you're using a strong password.
- Status
