Resend : Enable/disable access to BMC through interfaces for security
Jandra A
jandraara at gmail.com
Sat Nov 2 01:40:43 AEDT 2019
I am resending this message to who has thoughts on which BMC
interfaces need to be disabled for security purposes and what the best
way to do that would be. I would love to collaborate with all parties
interested.
------- begin message:
Hello all,
As part of the GUI design team, I am starting to look at requirements
for enabling and disabling network interfaces for which the BMC can be
accessed. For example, IPMI, SSH, Redfish, HTTP, and USB, to name a
few.
I know there has been some conversation on the topic before (see email
linked below) and want to reach out to see who is interested in this
topic. And I would love to get your thoughts on the following topics.
Some questions we want to tackle are:
1. Which interfaces need to be enabled/disabled and what is their
priority? (See full list in the redfish documentation)
2. What should be the default for the selected above (enabled/disabled)?
3. Do we need a staged plan for it?
4. When can we expect backend availability?
Redfish documentation:
https://redfish.dmtf.org/schemas/ManagerNetworkProtocol.v1_4_0.json
Related email discussion (on staged plans to address IPMI access):
https://lists.ozlabs.org/pipermail/openbmc/2019-September/018373.html
Regards,
Jandra Aranguren
More information about the openbmc
mailing list