Best practice for Integrated Lights-Out

We are about to purchase a Integrated Lights-Out 3 (for a ProLiant DL380 G7 server) ADAVANCED licence. The main purpose is to have external access to the remote console, in case there is a problem during the server bootup process.
It currently has a private internal address assigned but unless we connect via VPN, which relies on one of the virtual machines i.e. our firewall...
Would it be safe to simply create an access rule for Integrated Lights-Out with a very long and complex password since it would be directly exposed to the internet? The remote console would have access to Hyper-V and everything else, including our data.
Are there any other more secure ways of doing this, perhaps some sort of TMG publishing rule?
mark-199Asked:
Who is Participating?
 
andyalderCommented:
>unless we connect via VPN, which relies on one of the virtual machines...

Can't you setup VPN access via your router/firewall from outside instead of terminating the endpoint on a virtual machine that's currently shutdown? I know there are some very cheap ADSL routers that can't terminate VPN connections but surely it would be cheaper to buy one that can for $150 rather than spend hours obfuscating the iLO settings?
0
 
Gabriel OrozcoSolution ArchitectCommented:
iLO handles SSL.
if you setup a good enough password + ssl it should be ok.

Still I believe you need to have iLO on its own network, independent from the production network so you can enter always to see what happened.

for that, I would back what andyalder said. Implement a second access with at least a SSL vpn, avoid using the same switch than in production, the same power contact/supply, and you will have a reasonable configuration.
0
 
mark-199Author Commented:
Thank you both for your advice. As it happens we have an independent test environment with SSL VPN access that runs on a separate line in its own environment. I can connect the iLO to a private address on our test envrionment and then access it via SSL VPN.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.