0

We have just started to install new hardware in preparation for MS launching Server 2016. This is my first encounter with IPMI. Having noted some to the warnings relating to security I did restrict the IP addresses that could connect (IPMI is currently set to failover and is running through LAN1).

All NIC are set to a static IP address.

There are clearly two disadvantages to this - the first being it's eating into our allocated IP addresses and the second not as secure.

As all existing servers/workstations have a second NIC is there any reason to prevent me from creating private addresses (say 510 from 192.168.0.1 to 192.168.1.254 using 255.255.254.0 as the netmask) and running to a separate switch? Adding the NAS for server backup on that network would also make it more secure as well as saving more outfacing IP addresses

In this scenario what would I use for the default gateway? Would I need to add a router to the mix?

I'm guessing that DNS server addresses do not matter?

If the question seems rather basic I apologise, just unable to find a clear answer anywhere.

Thanks

LAN

gchq
  • 363
  • 1
  • 4
  • 15

1 Answers1

0

Often it is a good idea to isolate the management network from the production network. One way to do this is separate physical switches and routers.

A backup network may be considerably more bandwidth than the management network alone. Your design should include capacity, and if you are comfortable with data over the out of band management.

Probably this is its own subnet. As usual you would need a default gateway to route outside of it.

Use DNS as anywhere else. If there are hosts that need to be accessed before DNS is up, note their IPs in particular. Such as the hosts DNS is running on. This should be documented in your power up procedures.

John Mahowald
  • 32,050
  • 2
  • 19
  • 34
  • John - thanks for the reply. To my mind a router sits in the middle of two different network segments. If the management network is the same segment I'm a little lost. Is there any kind of diagram online that you could point me to? Thanks – gchq Jun 25 '16 at 13:19
  • Yes routers connect segments. What is on each segment is a design decision. Sketch a diagram of the physical and logical layout you are considering. Evaluate the routing and broadcast domains against your requirements. – John Mahowald Jun 25 '16 at 14:50
  • Have included a quick sketch. Unless I am missing something there will only be one segment for the private network. – gchq Jun 25 '16 at 16:28