New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Seeking provider that provides secure OOBM.
It was brought to my attention in my thread seeking providers that do not require JavaScript that an interactive console IE for modification of BIOS settings might be difficult to implement with such restrictions, naturally my response was to point to OOBM solutions like IPMI to serve such tasks.
Now this brings me to this thread here, I am seeking providers that supply a secure OOBM solution to its client. Requirements for this are simple, it should not be exposed to the internet, the user should have to connect through a VPN.
Bonus points if the user does not have to go out of their way to request such a service offering like having to contact support and or open a ticket.
Comments
I thought you had a strong opinion against javascript. The ipmi web management panel is often loaded to high hell with it. Depending on the age of the machine, you might even need some ancient java runtime environment on the client in order to access the iKVM (Unless you're an enjoyer of serial over lan).
Anyone exposing IPMI to the internet is just asking for it. Its like driving your Ferrari to the hood and leaving the keys in the ignition with all the doors open.
Let me introduce you to ipmitool https://github.com/ipmitool/ipmitool
This is what I have been trying to tell people :-)
All of our bare metal IPMI is on a private, internal only network. Customers access it by clicking a button in the panel, which launches an in browser VNC session for a docker container that loads up the IPMI web panel or Java KVM.
Nothing to run locally on your machine, no VPN, just another browser window.
Sending IPMI commands is one thing.
The KVM session, which is probably the main reason you want IPMI, is a different one.
It's usually a vendor-specific implementation that typically gives you the option to either use the web interface with a JavaScript-based HTML5 WebSocket client, or use the Java client, which requires a decade-old version of Java.
(Some vendors also offer proprietary administration software you can download and install)
Right, is it utilizing JavaScript? the point of the VPN requirement was that this thread as mentioned in the first paragraph is in relation to my other thread about avoiding JavaScript. Sorry if that part was not clear.
Im well aware of ipmitool you can also alternatively SMASH, IPMIUtil etc to access serial over lan (SOL). But this assumes the vendor already has serial console redirection enabled and if you want remote console access within the OS you'll need to make sure is setup for it too. I already presume you know how to do all that.
I think most people enjoy the flare of the web panel and a graphical console. So this is much of an outlier here so expect to jump through some hoops.
Maybe Message the people @ svea.net with your specific requirements.
Yes, not to fear I am well aware that my requests are out of the ordinary for the forum but seeing the breadth of providers and users I hope to find at least a hand full of providers that meet my thread goals individually which will help me assess which one of these covers the most check boxes.
Are you aware if they have a LET account? I am glad to see that they support PGP but a bit disheartened at their use of JavaScript, never the less I will reach out to them thanks.
@Yuki_ said:
I doubt they are active on LET.
Maybe also check flokinet.is if i remember correctly they offered a VPN for accessing IPMI.
This is good! Flokinet is promising they don't need JavaScript accept Monero supports PGP :-)
Edit maybe they needed more JavaScript then at first glance :-(
I don't think there is any possible way you can access an IPMI KVM console without using Javascript or running some sort of client locally.
Most of QuickPacket's newer servers have HTML5 IPMI that launches from the client area. It's done over reverse proxy. Works just like if you clicked the button from the BMC web interface.
Note: We still have some older servers that require Java (E3 v1/v2, E5 v1/v2) since HTML5 support wasn't built into those firmware.
All of our IPMI is over secure VPN. There is no other acceptable option unless it's a tunneled session from a button as Datawagon said.
As QPS said some of the older systems require Java due to being dated and firmware isn't out for HTML5 but all new systems we use at https://purevoltage.com support html5 for IPMI.