No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

X6800 Server Node iBMC (Earlier Than V250) User Guide 30

This document describes the underlying management software Intelligent Baseboard Management Controller (iBMC) of the servers.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Security Features

Security Features

  • NC-SI

    The iBMC implements isolation between the management plane and the service plane. The Network Controller Sideband Interface (NC-SI) allows the iBMC and the service plane to share the same network interface card (NIC). Although the management and service planes share a physical network port, they are logically isolated by VLANs and are invisible to each other.

  • Protocol and port protection against attacks

    The iBMC provides the minimum required network service ports. By default, unnecessary services are disabled, network service ports for debugging are disabled during server normal operation, and network ports for insecure protocols are disabled.

  • Condition-based login restrictions

    The iBMC ensures secure web access by using login rules and user roles. A role specifies the operation permission of a user, and login rules implement time and location-based access.

    A maximum of three login rules can be configured. Each login rule contains three conditions: login duration, source IP address segment, and source MAC address segment. Users who comply with any one of three rules can log in to the iBMC.

  • User account security

    The iBMC ensures user account security through the following settings:

    • Password complexity rule
    • Password validity period
    • Minimum password age
    • Account inactive period
    • Emergency login user
    • Number of restricted previous passwords
    • Maximum number of login failures before account lockout
  • Certificate management

    The iBMC supports encryption and replacement of Secure Sockets Layer (SSL) certificates. Users can replace the certificates on the WebUI.

    It is recommended that the original certificate and keys be replaced with customized certificate and public and private key pairs in time for security purposes.

    The iBMC supports import of an LDAP certificate, which makes LDAP data transmission confidential and secure.

  • Operation log management

    The iBMC records all non-query operations performed on the iBMC. The operation logs are classified into Linux system process logs and user process logs. Each user process log contains the time when the operation was performed, the interface on which the operation was performed, source IP address, user name, and operation.

  • Encryption of data transmitted

    The iBMC allows you to enable Transport Layer Security (TLS) for Simple Mail Transfer Protocol (SMTP) to ensure data transmission security.

    The iBMC also allows you to enable the KVM and VNC encryption functions, which encrypt data transmitted to and from the Remote Virtual Console.

Translation
Download
Updated: 2019-06-04

Document ID: EDOC1000066341

Views: 147825

Downloads: 1083

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next