Introduction for Authorized Users > OnBoard Advantages for Server Management

OnBoard Advantages for Server Management
The OnBoard provides access to server-management services that are provided by service processors. Service processors are out-of-band management controllers that many vendors include in their servers. The OnBoard provides a single source for authentication, authorization, and management for multiple types of service processors. Using the OnBoard, users can access and manage multiple servers from a single point without having to learn how to use multiple service processor-management interfaces.
For example, the ability to manage power is provided by most service processors, but each service processor has its own interface and its own commands for power management. The OnBoard allows an authorized user to manage power on multiple servers from multiple vendors using a single interface and a single set of commands.
The security features provided by the OnBoard work together to create a secure path between a user and a server that is being managed.
Secure Path to a Connected Service Processor is a conceptual illustration of a secure path between a remote user and a service processor through the OnBoard. (Users can also be on the same LAN as the OnBoard and the connected devices.)
Secure Path to a Connected Service Processor
In Figure 1-1, the public network is above the dashed line, and the private network is below the dashed line. The dedicated Ethernet port of a service processor is connected to one of the OnBoard’s private Ethernet ports. The IP address of the public Ethernet port is the only publicly-defined IP address.
To allow management of the connected device, each device has a privately-designated IP address and at the administrator’s discretion, each device may also have a virtual IP address. If virtual addresses are defined, users may be allowed to see a connected device’s virtual IP address but not to see the device’s privately-defined IP address.
In the example, the remote user accesses the OnBoard through a network connection to the public Ethernet port and then selects a service processor management action that user is authorized to perform on a specific service processor. (Users may also dial into the OnBoard through an optional external modem or PCMCIA modem card.)
After the user selects the desired management action, the OnBoard then creates a secure connection between the user and the service processor, acting as a proxy on behalf of the user when communicating with the service processor. While the user is performing any of the service processor management actions for which the user is authorized, the connection between the OnBoard and the service processor is kept separate and protected from the connection between the user and the OnBoard. Nothing that happens on the private network is exposed to the public network. Depending on the mode of access, HTTPS or SSH can be used to protect communications that are transported on the public network between the user and the OnBoard.

Introduction for Authorized Users > OnBoard Advantages for Server Management