Homelab

380 readers

9 users here now

Rules

Be Civil.
Post about your homelab, discussion of your homelab, questions you may have, or general discussion about transition your skill from the homelab to the workplace.
No memes or potato images.
We love detailed homelab builds, especially network diagrams!
Report any posts that you feel should be brought to our attention.
Please no shitposting or blogspam.
No Referral Linking.
Keep piracy discussion off of this community

founded 1 year ago

MODERATORS

[email protected]

OOB Management iDRAC Datacenter Newbie Questions (alien.top)

submitted 1 year ago by [email protected] to c/[email protected]

10 comments fedilink hide all child comments

I do not work at a datacenter but been reading about out of band management and how it related to OOB servers like Dell PowerEdge and it's iDRAC features.

So, OOB network is a different network used for management in case the production network goes down. It needs to be accessed from the internet, as well as the production network of course.

Does that mean that two different edge devices need to be placed in the network, with two public IP addresses? (Firewall + Router) ?

Let's say I have 5 servers running Linux or Windows Server, no virtual machines, will I be able to remotely access the server from the iDRAC interface? is it only through SSH or like RDP?

Does the Dell server have to be like a hypervisor with VMs within, from me to manage them?

To access the management interface from the internet from a web browser I need port forwarding from public IP to the local management network correct?

Apart from the edge devices, do I need a routing device between the production and management network to access the production servers?

As you can see these are very basic questions as I am not familiarized with these technologies so please be patient.

Also, any good guides out there that would help me understand more with practical/configuration examples?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 1 year ago

The OOB management port let's you access the console of the hardware via the network, rather than having to physically attach a mouse and keyboard. That's the short version.

It is a separate IP address, in any business setting it will be on a separate network. In any decently secured environment, it will not be accessible directly from the Internet. It would normally be accessible only via a VPN or by being on-site.

So, OOB network is a different network used for management in case the production network goes down. It needs to be accessed from the internet, as well as the production network of course.

It doesn't have to be a separate network. OOB management is more about being able to manage the hardware if the operating system has failed. So if you have to hard reboot a server, or otherwise see the console, but you don't have to physically be in front of the machine.

Does that mean that two different edge devices need to be placed in the network, with two public IP addresses? (Firewall + Router) ?

No, it can have a different IP on the same network, though in business settings it's generally a separate network.

Let’s say I have 5 servers running Linux or Windows Server, no virtual machines, will I be able to remotely access the server from the iDRAC interface? is it only through SSH or like RDP?

The iDRAC interface is like using a KVM remotely. It's a remote keyboard and monitor for the server. You're not connecting to the server from the iDRAC, the iDRAC Iis just ask alternate access method for the server in question.

Does the Dell server have to be like a hypervisor with VMs within, from me to manage them?

No. Again, it's like you're sitting in front of the server with a keyboard and monitor.

To access the management interface from the internet from a web browser I need port forwarding from public IP to the local management network correct?

DO NOT EVER EXPOSE IDRAC/OOB INTERFACES TO THE INTERNET. You clearly aren't familiar with this, and exposing iDRACs to the Internet is a huge security issue. They are NOT well secured, and they give practically full access to the server. They say physical access is total access...iDRAC access isn't far off from that.

Apart from the edge devices, do I need a routing device between the production and management network to access the production servers?

If they're on different networks, yes.