Resend : Enable/disable access to BMC through interfaces for security

Jandra A jandraara at gmail.com
Sat Nov 2 01:40:43 AEDT 2019


I am resending this message to who has thoughts on which BMC
interfaces need to be disabled for security purposes and what the best
way to do that would be. I would love to collaborate with all parties
interested.

------- begin message:

Hello all,

As part of the GUI design team, I am starting to look at requirements
for enabling and disabling network interfaces for which the BMC can be
accessed. For example, IPMI, SSH, Redfish, HTTP, and USB, to name a
few.

I know there has been some conversation on the topic before (see email
linked below) and want to reach out to see who is interested in this
topic. And I would love to get your thoughts on the following topics.

Some questions we want to tackle are:
1. Which interfaces need to be enabled/disabled and what is their
priority? (See full list in the redfish documentation)
2. What should be the default for the selected above (enabled/disabled)?
3. Do we need a staged plan for it?
4. When can we expect backend availability?


Redfish documentation:
https://redfish.dmtf.org/schemas/ManagerNetworkProtocol.v1_4_0.json

Related email discussion (on staged plans to address IPMI access):
https://lists.ozlabs.org/pipermail/openbmc/2019-September/018373.html



Regards,
Jandra Aranguren


More information about the openbmc mailing list