IPMI is an indispensable thing both for monitoring the health of a dedicated server and for accessing the server operating system in emergency situations when remote access services like SSH or RDP are unavailable.
Problem
How annoying it is to find out at the most inopportune moment that IPMI is not available. And recently it happens quite often, especially on older servers. The thing is that automated brute force attacks are constantly occurring on the Internet. IPMI runs on a separate chip, which is powerful enough to keep the web interface operational, but it can be easily overloaded by brute force or simply a large number of connections.
Decision
Now the IPMI of all servers is available only within our network, where it is much safer than on the Internet. We have developed a special application that works as a gateway. Thus, IPMI is available via SSH and RMCP protocols only within the network, and the web interface is accessible on the Internet through a gateway on a non-standard port.
Access is carried out by domain name over a secure HTTPS connection with a modern SSL certificate, even for those servers where IPMI is only accessible via HTTP. In addition to the web interface, the gateway also serves the console (iKVM) and Virtual Media.
Modern safety requirements
Due to the discovery of vulnerabilities, as well as the increase in performance, some encryption protocols quickly become outdated. So that relatively modern 7th generation HP servers, which have iLO version 3, can no longer be opened in any current browser. Thanks to our solution, the web interface of both iLO2 and iLO3 became available.
In addition, for iLO2, we have implemented the ability to connect ISO images and a Java web console.