No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
Atlas 900 Compute Node iBMC (V3.01.00.00 or Later) User Guide 09
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Security Features

Security Features

  • NC-SI

    The iBMC implements isolation between the management plane and the service plane. The Network Controller Sideband Interface (NC-SI) allows the iBMC and the service plane to share the same network interface card (NIC). Although the management and service planes share a physical network port, they are logically isolated by VLANs and are invisible to each other.

  • Protocol and port protection against attacks

    The iBMC provides the minimum required network service ports. By default, unnecessary services are disabled, network service ports for debugging are disabled during server normal operation, and network ports for insecure protocols are disabled.

  • Condition-based login restrictions

    The iBMC ensures secure web access by using login rules and user roles. A role specifies the operation permission of a user, and login rules implement time- and location-based access.

    A maximum of three login rules can be configured. Each login rule contains three conditions: login duration, source IP address segment, and source MAC address segment. Users who comply with any one of three rules can log in to the iBMC.

  • User account security

    The iBMC ensures user account security through the following settings:

    • Password complexity rule
    • Weak password dictionary
    • Password validity period
    • Minimum password age
    • Account inactive period
    • Emergency login user
    • Number of restricted previous passwords
    • Maximum number of login failures before account lockout
  • Certificate management

    The iBMC supports encryption and replacement of Secure Sockets Layer (SSL) certificates. Users can replace the certificates on the WebUI.

    It is recommended that the original certificate and keys be replaced with customized certificate and public and private key pairs in time for security purposes.

    The iBMC supports import of an LDAP certificate, which makes LDAP data transmission confidential and secure.

  • Operation log management

    The iBMC records all non-query operations performed on the iBMC. The operation logs are classified into Linux system process logs and user process logs. Each user process log contains the time when the operation was performed, the interface on which the operation was performed, source IP address, user name, and operation.

  • Encryption of data transmitted

    The iBMC allows you to enable Transport Layer Security (TLS) for Simple Mail Transfer Protocol (SMTP) to ensure data transmission security.

    The iBMC also allows you to enable the KVM and VNC encryption functions, which encrypt data transmitted to and from the Remote Virtual Console.

Translation
简体中文
Download
Updated: 2023-08-04

Document ID: EDOC1100152759

Views: 270900

Downloads: 100

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :