This topic discusses the steps to increase BMC's security including changing the password for the default account, and changing the default IP address for the BMC's network interface.
Intelligent Platform Management Interface (IPMI) is a set of specifications that defines how to manage and monitor a device independent of its Operating System (OS), underlying Hardware, and the BIOS installed on it. IPMI also defines a set of physical interfaces that enable system administrators to perform out-of-band management of IPMI capable devices, including such devices that have been powered off or that have network issues or are unresponsive. Without IPMI, a system administrator would need to be physically present near the device to resolve any issue.
IPMI is a message-based, hardware-level interface specification which exists and operates independently of the underlying operating system or the device's hardware. This enables IPMI to remotely manage a device even if the device does not have an installed OS. IPMI can also be used in scenarios where the device is powered down or even if there is a system or OS failure.
The target device can be powered down, however, for IPMI to work, it must at least be connected to an underlying local area network (LAN) and must be connected to a working power source.
IPMI can also be used to continuously monitor various statuses and statistics, such as temperature, fan speed, voltages, power supply status and physical access to the device.
Baseboard Management Controller (BMC) is a dedicated microcontroller embedded on a device's motherboard and has its own dedicated firmware, RAM, and network port. Sensors on the motherboard transmit data to the BMC which in turn transmits this data to dedicated centralized monitoring servers. When connected to a LAN, the network port on the BMC enables out-of-band control and monitoring of the underlying hardware.
BMC enables IPMI on a device.
BMC ships with a well known default User ID, password, and network configuration configured during firmware install at at the factory. This provides an security vulnerability that can be exploited to gain access to the device.
Securing BMC involves changing the default User ID's password and changing the default network configuration. SLX-OS provides commands that interacts with the underline BMC firmware to harden the security of your device's BMC.