> What would YOU say to an admin who wants to make his DRAC open to the > internet? Does Dell address this scenario in documentation anywhere? > Is it as bad an idea as it immediately and intuitively seems to be?
Given that there are a number of proprietary services running on the DRAC, there are a number of unknowns when it comes to the robustness of the services. At its core it's running Linux with OpenSSH so I'd be prepared to make the SSH connection public, however it looks like you can only connect as root with password encryption. So make sure you pick a good password. I wouldn't want to put any of the other services online, which would at least require an external firewall between the DRAC and the Internet as there is no built in firewall support. Just remember that some of the Dell-provided services use custom kernel modules, so in theory it would be possible to crash the kernel if you could exploit a bug in one of these programs, which would take the DRAC offline until you could reboot it. I would hazard a guess and say that Dell haven't extensively tested for this sort of thing, given that the majority of their customers would deploy the DRAC on a restricted segment of their network reserved for admins only. Of course if your admin won't listen you can just post the IP on Slashdot and when the server keeps powering itself off maybe a lesson will be learned :-) Cheers, Adam. _______________________________________________ Linux-PowerEdge mailing list [email protected] https://lists.us.dell.com/mailman/listinfo/linux-poweredge Please read the FAQ at http://lists.us.dell.com/faq
