10-23-2013 05:39 AM - edited 03-01-2019 11:19 AM
Is there anyway to harden access to the webgui of CIMC of a standalone C series server say C220
Appreciate inputs!
10-23-2013 06:25 PM
Hi,
I have not heard of any specific procedure but do you have any specific feature you may be thinking about? I might be able if to tell you if there is something like that or see if at least there is an enhancement request.
-Kenny
10-23-2013 07:03 PM
We need to access the CIMC over internet for some remote servers (like we did DRAC,ILO in past) and they are in standalone mode ...no UCSM hook in...need to lockdown/harden access of CIMC as far as possible especially web...saw some ip blocking feature...more like thwart brute force i guess ...but nothing more..restricting source ips seems more of a UCSM thing i guess...please correct if amiss!
Any features to harden web access to CIMC appreciated for standalone severs...enablement of hardening can be from CLI also or any means
Appreciate
10-24-2013 06:33 AM
There is IP Blocking built into the system, but it doesn't appear to do what you need, though the User Guide kinda contradicts this:
IP blocking prevents the connection between a server or website and certain IP addresses or ranges of addresses. IP blocking effectively bans undesired connections from those computers to a website, mail server, or other Internet servers.
If WAN access needs to be hardened properly you'll want to use a firewall or ACLs to really be secured.
Let me look into whether or not we're adding IP filtering in a future release.
Regards,
Robert
10-24-2013 02:48 PM
Appreciate !...i did however think ipblocking for standalone was more as lockout for bruteforce ...and yes the manual is ambivalent..maybe it talks about UCSM based management pool access ...which is not the case for standalone!
so yes really left wondering ..ACLs at network level was something we consider as a frontline but also wanted something at host level...
10-24-2013 12:21 AM
Hi,
Please find the below link,Hope it would help you.
http://www.cisco.com/en/US/docs/unified_computing/ucs/release/notes/OL-26648-01.html
Regards,
Gaurav
10-24-2013 02:49 PM
is there somethign specific in this that helps with my question ...am i amiss? Appreciate inputs
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide