Have a few Supermicro based CentOS boxes at remote date center. Is there anyway to do a remote KVM over TCP to them for the case when they do not seem to come back after a reboot?
On 9/18/2014 12:59 PM, Matt wrote:
Have a few Supermicro based CentOS boxes at remote date center. Is there anyway to do a remote KVM over TCP to them for the case when they do not seem to come back after a reboot?
the ones I've used have a full IPMI/KVM on a seperate ethernet management port. I believe this is an optional feature, some motherboards/systems have it, some don't. I would NOT plug this into the public internet, rather, I would have a seperate management LAN whihc you need to access via a VPN or ssh tunnel or something.
On Thu, 18 Sep 2014, John R Pierce wrote:
On 9/18/2014 12:59 PM, Matt wrote:
Have a few Supermicro based CentOS boxes at remote date center. Is there anyway to do a remote KVM over TCP to them for the case when they do not seem to come back after a reboot?
the ones I've used have a full IPMI/KVM on a seperate ethernet management port. I believe this is an optional feature, some motherboards/systems have it, some don't. I would NOT plug this into the public internet, rather, I would have a seperate management LAN whihc you need to access via a VPN or ssh tunnel or something.
+1
I've never used the remote KVM, but I use serial-over-LAN for console support on all our newer servers.
Make sure, as John cautioned, that you carefully guard access to the subnet hosting the IPMI interfaces. Supermicro's baseboard management console (BMC) leaks passwords like a sieve:
http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-e...
On 2014-09-18, Paul Heinlein heinlein@madboa.com wrote:
On Thu, 18 Sep 2014, John R Pierce wrote:
On 9/18/2014 12:59 PM, Matt wrote:
Have a few Supermicro based CentOS boxes at remote date center. Is there anyway to do a remote KVM over TCP to them for the case when they do not seem to come back after a reboot?
the ones I've used have a full IPMI/KVM on a seperate ethernet=20 management port. I believe this is an optional feature, some=20 motherboards/systems have it, some don't. I would NOT plug this=20 into the public internet, rather, I would have a seperate management=20 LAN whihc you need to access via a VPN or ssh tunnel or something.
+1
I've never used the remote KVM, but I use serial-over-LAN for console=20 support on all our newer servers.
I've used both remote KVM and SOL, and both work very well. Your board must have an active BMC for this to work; as John mentioned, it's not a default feature (though it's becoming more so on ''server-class'' boards.)
The remote KVM is a Java Web Start applet. I've had some issues getting it to work, especially on an OS X client. A CentOS client is usually okay but sometimes flaky. Serial-over-LAN is more convenient to access but less well documented (which says something, since Supermicro's docs on their IPMI implementation are generally quite poor).
And +2billion on securing the subnets used to access to the IPMI consoles.
--keith
-
John R Pierce -
Keith Keller -
Matt -
Paul Heinlein