Best practice for Integrated Lights-Out
Posted on 2012-08-24
We are about to purchase a Integrated Lights-Out 3 (for a ProLiant DL380 G7 server) ADAVANCED licence. The main purpose is to have external access to the remote console, in case there is a problem during the server bootup process.
It currently has a private internal address assigned but unless we connect via VPN, which relies on one of the virtual machines i.e. our firewall...
Would it be safe to simply create an access rule for Integrated Lights-Out with a very long and complex password since it would be directly exposed to the internet? The remote console would have access to Hyper-V and everything else, including our data.
Are there any other more secure ways of doing this, perhaps some sort of TMG publishing rule?