The OnBoard provides access to server-management services that are provided by
service processors. Service processors are
out-of-band management controllers that many vendors include in their servers. The OnBoard provides a single source for authentication, authorization, and management for multiple types of service processors. Using the OnBoard, users can access and manage multiple servers from a single point without having to learn how to use multiple service processor-management interfaces.
Secure Path to a Connected Service Processor is a conceptual illustration of a secure path between a remote user and a service processor through the OnBoard. (Users can also be on the same LAN as the OnBoard and the connected devices.)
In Figure 1-1, the public network is above the dashed line, and the private network is below the dashed line. The dedicated Ethernet port of a service processor is connected to one of the OnBoard’s private Ethernet ports. The IP address of the public Ethernet port is the only publicly-defined IP address.
After the user selects the desired management action, the OnBoard then creates a secure connection between the user and the service processor, acting as a proxy on behalf of the user when communicating with the service processor. While the user is performing any of the service processor management actions for which the user is authorized, the connection between the OnBoard and the service processor is kept separate and protected from the connection between the user and the OnBoard. Nothing that happens on the private network is exposed to the public network. Depending on the mode of access, HTTPS or SSH can be used to protect communications that are transported on the public network between the user and the OnBoard.