The OnBoard SP manager, or OnBoard appliance, provides access to server-management services that are provided by SPs. SPs are out-of-band management controllers that many vendors include in their servers.
The OnBoard appliance provides a single source for authentication, authorization and management for multiple types of SPs. Through the OnBoard appliance, users can access and manage multiple servers from a single point without having to learn how to use multiple SP-management interfaces.
For example, the ability to manage power is provided by most SPs but each SP has its own interface and its own commands for power management. The OnBoard appliance allows an authorized user to manage power on multiple servers from multiple vendors using a single interface and a single set of power commands.
Figure 1.1 is a conceptual illustration of a secure path between a remote user and an SP through the OnBoard appliance. (Users can also be on the same LAN as the OnBoard appliance and the connected devices.)
In Figure 1.1, the dedicated Ethernet port of a SP is separate from the server’s Ethernet ports. The SP’s dedicated Ethernet port is connected to one of the OnBoard appliance’s private Ethernet ports.
To allow management of the connected device, each device has a privately-designated IP address and, at the administrator’s discretion, each device may also have a virtual IP address. If virtual addresses are defined, users may be allowed to see a connected device’s virtual IP address but not to see the device’s privately-defined IP address.
In Figure 1.1, the remote user accesses the OnBoard appliance through a network connection to the public Ethernet port and then selects an authorized action to perform on a specific SP. (Users may also dial into the OnBoard appliance through an optional external modem or PC modem card.)
After the user selects the desired management action, the OnBoard appliance then creates a secure connection between the user and the SP, acting as a proxy on behalf of the user. While the user is performing any of the authorized SP management actions, the connection between the OnBoard appliance and the SP is kept separate and protected from the connection between the user and the OnBoard appliance. Nothing that happens on the private network is exposed to the public network. Depending on the mode of access (either by browser or by SSH), either HTTPS or SSH is always being used to protect communications that are transported on the public network between the user and the OnBoard appliance.