Data Center Geeks Hub

Modern data center architectures are getting more and more complex. So much so that without a robust automation strategy managing them would be close to impossible. Unarguably, automation spares lots of pains by minimizing human errors, cutting the costs and freeing up the staff from mundane but essential data center tasks. No one knows it better than Neil Emeigh, President at Rayobyte. We were more than honored to help his company thrive on ever new levels of automation through our software. Recently Neil agreed to join us in a little chat and spill some beans on what made his company choose EasyDCIM in the first place. Have a pleasant reading! Before EasyDCIM... Rayobyte has stepped into the data center market a few years back and as many other start-ups, soon realized the amount of work that was cut out for them. Most of all, they needed a reliable automation software solution that would provide centralized access to all their data center resources. First off, we asked Neil what tools Rayobyte was using for this purpose before finding their way to EasyDCIM. The very first solution (Neil could not help but smile at the sheer thought of it) was just a makeshift excel sheet online that they quickly abandoned in search of more efficient alternatives. But none of them seemed to meet the needs of a yet developing company entirely. The two software instruments that did capture their interest were either too pricey, or "features were impossible to implement upon request, nor could we do it ourselves due to no API. Too many bugs/issues didn't allow us to be comfortable growing." After being on a hunt for a perfect tool for a while, Rayobyte came across EasyDCIM, and luckily for both sides – stayed there for longer. ...And After Today, Rayobyte uses EasyDCIM to run and manage hundreds of servers that operate their popular proxy service. Interested in what exactly changed for Rayobyte after they have switched their business automation software, we turned to Neil for some extra insight. And we got more than we could have wished for! "All of our owned hardware and parts are stored in a single system that allows for automatic ordering with WHMCS. Other management abilities (PDU, switch, CPU/temp/etc, etc) are yet to be used to their full potential, but as they continue to mature we'll be adopting them more and more. The biggest achievement is being comfortable having all our inventory in a system we can trust for the long term." Being obsessed with server provisioning and management automation, we never stop seeking new ways to push it to the next level in EasyDCIM. This obviously includes peeking at the other players on the market and learning a thing or two from them whenever we can. This time also we jumped at the opportunity and picked Neil’s brains on how he would rate automation in EasyDCIM versus other software his company had the chance to test out. Without a shadow of doubt in his voice, Neil concluded that most of them, "from order to sending out an email for the credentials for the server and the IPMI include some steps that require human involvement and we didn’t have that problem with EasyDCIM." Being oriented at fast service delivery, you must be able to reduce the time needed for ongoing tasks and concentrating on more strategic projects. And who doesn’t like the idea of generating maximum profit with minimum effort, right? Neil also agrees that "spending an hour of engineer time to set up a server takes away a lot from the bottom line". Establishing a solid software background is pivotal to reducing IT costs without losing out on service quality. And we feel extremely proud to have been recognized by Rayobyte as a means to this end! Before heading over to the last part of our conversation, we probed Neil about the feature that his company keeps deriving the greatest advantage from. "Full automatic deployment from start to end after a WHMCS order. This end to end solution has potential that is not seen very easily on the market elsewhere." This particular piece of feedback added a lot to our confidence because many clients in fact approached us on the subject of integration between EasyDCIM and WHMCS in the past. And so, seeing the growing interest in this popular billing and automation platform, we finally hooked up with guys from ModulesGarden who are experts at designing high-end addons for the WHMCS system. As a result of this close cooperation two modules were delivered - EasyDCIM Dedicated Servers For WHMCS and EasyDCIM Colocation For WHMCS. Both are offered completely free of charge to let you enjoy the best of two worlds at the same time. And it was great to hear from Rayobyte they really do! The power of feedback Many companies shy away from customer feedback. Because sometimes it comes with appraisals, sometimes – expectations. We thrive on both. To us, software development is more about brainstorming ideas with clients, finding the most optimal solutions, and working hard towards their direct implementation. And Rayobyte was more than generous with all the support they shared on our platform throughout these many months of being our dear partner. During today’s session we received even some more: "Without your responsive team fixing bugs, adding features, etc, my feelings toward the product might be entirely different. You have me as a customer for life and your one-time expenses for this amazing developer team will pay off over the months/years. A very wise business model that I highly suggest you continue to pursue." These words melted our hearts. But much as we appreciate this token of loyalty, we never intend to simply rest on our laurels. So, looking ahead into the future of EasyDCIM a bit, we asked Neil Emeigh about the upgrades that he would still love to see in our software. At the top of his company’s list appeared a broader toolkit related to IP management. And feeling pretty closely aligned with this prospect, we already look forward to getting around to it in earnest! Final thoughts Nowadays data centers have plenty of responsibilities, but not necessarily personnel. Rayobyte realized that the only way up is through full-time automation of their server ordering, provisioning, and management processes. This decision led them straight to EasyDCIM. Did they ever consider switching back to the tools they once tested? We believe Neil's following words to speak for themselves: "As for server management, inventory, monitoring, ordering, etc, nothing compares to EasyDCIM in terms of functionality and price." Slightly apprehensive but also full of hope, the moment came to ask Neil the decisive question. Whether he would recommend EasyDCIM to other server providers struggling with similar shortages his company once faced. Neil answered with an anecdote about how he met up with a close friend only to find out that they both used and loved EasyDCIM. This can only mean one thing - two testimonies are better than one, right? :) But still, nothing can compete with first-hand experience so see for yourself how EasyDCIM can help your company reach new heights of success!

Do you know what links a data center without a proper device monitoring system and a car with a faulty engine? They are both doomed to fail – and rather sooner than later. Luckily, EasyDCIM supplies you with all the tools you need to keep your inventory well-organized and easily accessible. The 1.5.5 release we have the pleasure of announcing today, makes this process even more automated and time-effective that ever before! Quick device and user overview Our very latest edition of EasyDCIM all gravitated toward more intuitive forms navigation enabled by useful helpers and placeholders. Wanting to push this idea some further, we now added equally handy tooltips for at least several different device types in EasyDCIM. Owing to this, every time you hover over a certain device from your inventory, a pop up notification will appear with all crucial details on the given item. Of course, the tooltip contents will vary depending on the device kind, including always the most essential information you may need on the fly. For example, the tooltip of the server on the below screen includes such data as location, assigned client, status and bandwidth usage. While here you may quickly pick such specifics of the chosen PDU like its label, model, location, number of outlets, or power usage from the set interval. The complete list of supported device types includes: Server Blade Server Network (Switches & Routers) PDU Colocation CPU, RAM and HDD Items But that is not all. In the same manner you will be able to preview summary of each user and with a single glance access the list of their devices along with specific location plus aggregated traffic from last month. Extended QR codes support Another area of focus in EasyDCIM v1.5.5 are QR codes. Each data center consists of multiple interconnected appliances which most of the time are handled remotely, ensuring maximum administrative supervision. But what if you need physical access to a certain device? Unless you have your equipment properly systematized, finding the right item to work on may take more of your time than you can probably spare. For this very purpose, we introduced the possibility to label each hardware component with designated QR codes that contain the most vital information on the device and can be easily printed out from the EasyDCIM panel. To best illustrate how this simple function can optimize the management of your entire physical inventory, let us walk you through a real-life scenario: The administrator prints out the QR code for a device (a server in our case). Then, the QR code in a paper form is placed on the corresponding physical device in the server room. The data center technician scans the QR code using his smartphone. After clicking the link, a window opens up with all specifications about the device. The technician is able to quickly check which parts are to be manually added to the server, without even having to log in to the application. And here is how the entire process looks like in a live demonstration: Numerous other novelties and improvements In addition to the already mentioned cornerstones, the toolkit of EasyDCIM has been further boosted with some other practical features as well. Assigning metadata for such items like CPU, RAM or HDD Possibility to define bulk metadata values for SNMP Settings and IPMI Settings Power to block certain actions within a particular device (boot device, install operating system, activate service and more) Maintaining order in your data center inventory is one of the chores that we cannot get rid of entirely. Just yet at least. But we definitely can make it as automated, effortless, and labor-saving as possible. As always, we would love to hear what you think about the type of Admin Experience we are striving towards with each next release of EasyDCIM. If there is anything you feel like sharing with our team, the comments section is all yours! Oh, and do not forget to follow up on the remaining points of our 1.5.5 update! View The Changelog!

Over the last years the demand for easier, faster, and more efficient server provisioning and data center management has immensely intensified. But so have our attempts to fill the niche in these soaring expectations with ever more simple and intuitive design of our control panel. How well did we perform in accomplishing this goal? We feel in no position to answer this question ourselves, therefore we sat down today with Ahmed Shibani, the Chief Technology Officer at Libyan Spider, for a brief conversation about the dynamic nature of modern data centers and how EasyDCIM helped his company overcome the obstacles that were stopping it in the tracks. Libyan Spider on a quest for innovation Through the course of many years of business activity, Libyan Spider was relying on an open source DCIM system which had a fairly narrow set of utilities, but allowed them to provide personalized web hosting services to their clients with a satisfactory level of automation. Up to a point, that is, when the company’s board figured out that "If we can substantially decrease the time and effort required to bring our customers visualizations into realization, then we and our customers would both benefit greatly". Needless to say, saying goodbye to the outdated and somewhat crude software solution was for Libyan Spider the first step that they needed to make before plunging into this ambitious venture. Looking backward at the limitations that were preventing his company from making the dynamic progress they were set on, Ahmed notices: "As our infrastructure grew larger, we needed a robust solution that would allow us to have a 360 degrees view of our infrastructure at all times. And when a datacenter becomes larger you realize there are so many things to track, from available ports on a switch, to power management, bandwidth management, provisioning, etc". But greater administrative flexibility and round-the-clock monitoring of both software and hardware components were not the only requirements that their future control panel needed to incorporate. Ahmed goes on to reveal that when taking the long-term approach towards budget planning, you also need something to "fit nicely with your billing system." EasyDCIM steps in to fill the gap After recounting all sorts of specific essentials that they were after, Ahmed mentions that when this decisive moment finally came, Libyan Spider bound their future with EasyDCIM. When asked in what ways our tool exactly helped his company achieve the far-reaching goals they had pinned for themselves, without a moment of hesitation Ahmed replied: "EasyDCIM has delivered our expectations and surpassed it, it has allowed us to bring the datacenter closer to our customers, and it has made our technical staff's life easier". With our spirits immensely uplifted in reaction to this powerful vote of confidence, we immediately sprang up to learn some more details on the experience that Libyan Spider have had with our software throughout the many years of using it. Once again, we were deeply touched to hear that: "Today we depend on EasyDCIM as an accurate inventory management system, we trust it with servers life cycle management, integration with WHMCS and NOC-PS has decreased our average server delivery time from 24 hours to 1 hour." We were no less delighted about some truly kind-hearted words on our customer service as well: "and on top of that you get awesome friendly support." As our conversation was nearing to an end, partly of our own curiosity but mostly with the aim to understand our clients’ needs even better for the future, we asked Ahmed which single chunk of EasyDCIM brought the biggest boon to his business routine. Would you like to know what his first response was? "My favorite feature would be Server Provisioning, integration with NOC-PS is exceptional and reliable. This wouldn't have been possible if EasyDCIM didn't have another great feature which is IPMI Integration." Was it worth it? The final verdict Keeping in mind what led Libyan Spider to switching their old control panel for a more cutting-edge model in the first place, this answer may not have come as a complete shock to us, but left us with some other valuable conclusions instead. When we were preparing for this interview, our primary focus was to encourage other companies out there in the world to get out of the box that is confining them, and seek out innovative business solutions that provide them with plenty of room for growth. Just like Libyan Spider did. But little did we realize that this little project will turn into a valuable lesson for ourselves as well. A spark of hope, actually, that everything we are doing to help companies increase their productivity by taking as many redundant, repetitive tasks off their shoulders as possible, has a tangible impact that ripples through every sector of their lives. Whether you are just starting your journey with web hosting or find yourself stuck in the routine of mediocrity, let the passionate words of recommendation that Ahmed was so kind as to share with us today, guide you straight to EasyDCIM!

For the past few years we have been really busy collecting ideas and implementing new features to make your experience with our software not only maximally beneficial, but enjoyable as well. Recently we came to the realization that the more options we pack into our system, the greater the need to keep things simple. Otherwise, what would be the point of having tons of functionalities stacked one on top of the other if you had to waste precious minutes every time when trying to find something? Finally, after a series of readjustments and tune-ups we managed to reconcile the expanding arsenal of server-related instruments with the ability to navigate through them in a still intuitive and swift manner. Get ready for an intense gust of refreshment triggered by the release of EasyDCIM v1.5.4! The first wave of a sweeping change has affected several forms that you use on an everyday basis to regulate all bits and pieces of your data center operations. What we did was add practical placeholders and helpers in suitable places so that you could know instantly what the given field is responsible for, and what type of information is supposed to be provided within. No need to worry any more that you may misunderstand a vital setting and be forced to start the configuration all over again. Among the forms that were immensely simplified you will find: Add/Edit Device Form Add/Edit Item Form Mass Create Form Auto Discovering Form SNMP Device Settings Form IPMI Device Settings Form Traffic Aggregation Settings Form Base Settings Form Having all details on your clients stored in one place proves of invaluable service when you wish to monitor the status and usage of their key resources in real time. From this day on you will have the opportunity to benefit from one more type of statistics and that is the traffic aggregated on each device assigned to a specific user. Another novel feature that we just could not help but to push into motion is the automated installation of Windows Server 2019 via the Remote Provisioning Module. Care to have a look at some of the other optimizations as well? Possibility to start the noVNC session in a new window, plus stop the active noVNC session directly in the active session window. Added support for HP iLO4 and Dell iDrac 8 console Capability to paginate the API results for a series of specific endpoints Smoother device-to-rack assignment A new popup informing about the termination of a service Enhancing admin experience has been the primary guideline for further development of EasyDCIM since the get-go, and always more of a feedback-reaction kind of process for us rather than a pursuit of some arbitrarily set standards. We hope our newly born 1.5.4 update to bring your way all the flexibility needed to exploiting your company’s potential to maximum. But enough from us. Let’s now hear in the comments your thoughts on the progress we have made and all those things that you like the most about EasyDCIM v1.5.4! Tap into the full changelog!

As the sophistication of IT systems has magnified over the past years (in terms of both software and hardware complexity & the number of deployed cooperating subsystems), so has the need to separate components responsible for different types of tasks. What eventually led to simplifying the configuration and management processes, that is the broadly understood administration, was the development of master/slave communication model. The general idea behind it is was allowing two or more completely independent and geographically dispersed programs to communicate with one another in order to achieve a common goal. And so, functioning as a service provider, the master program or device distributes tasks, while several other programs or slave devices are the users of this service, carrying out the issued commands. Such an architectural pattern will prove of great value when wanting to install a specific operating system in chosen locations spread all over the world. From the following article you will learn how to do it now from the confines of your very own EasyDCIM admin panel. EasyDCIM v1.5.2 – The way it worked before The 1.5.2 version of EasyDCIM was featured with built-in operating system installer supporting two different types of configurations that will be briefly discussed in the following sections. Simple configuration without VLANs In case of the basic setup without the use of VLAN, no additional router configuration is in fact necessary. All you need to do is make sure that there are no other active DHCP servers operating within the network as they may interfere with the DHCP server used by EasyDCIM. Advanced configuration with multiple VLANs Things look a bit different when you have several VLANs in your data center. First, you need to configure a router or L3 switch that will forward DHCP broadcasts from external VLANs to the EasyDCIM IP address. For this purpose, you can use the "DHCP Relay" function and enable the transmission of broadcasts from one DHCP server to another. But what if you have no access to the switch at the moment or simply cannot redirect queries from a subnetwork to the given DHCP server? That is a roadblock indeed and the only solution would be to set up another DHCP server in a new location. EasyDCIM v1.5.3 – The way it works now Remote applications Starting from the 1.5.3 version, EasyDCIM extends support for remote applications (called slaves) that can be installed in selected locations around the world. Each application contains three fundamental components including: DHCP Server - the DHCP protocol allows devices to automatically provide a pool of IP addresses that are fetched by the DHCP server and later on assigned to each DHCP key when entering the network. TFTP Server – TFTP is a protocol for transferring files through a network to other computers (PXE), used primarily for handling boot images. Samba Server – a file and print server designed for Linux/Unix and closely cooperating with Windows that allows to operate on the same exact files, regardless of the previously mentioned platforms. There are only two requirements for remote applications: Supported operating system: Debian 9 "Stretch" EasyDCIM (master) must be accessible from a remote (slave) application in order to synchronize the data How to install OS in autonomous locations As was already stated before, EasyDCIM will serve as your main (master) application. Now imagine you run two locations - one in London and the other one in New York. The devices in your London facility work in the 10.10.10.0/24 subnetwork, whilst those in New York in the 192.168.56.0/24 subnetwork. As for both locations you will need separate DHCP and TFTP servers, the next step is to install in each data center a remote application (slave) that already has DHCP, TFTP and Samba servers built into it. The remote application works on port 8080 and listens to the master EasyDCIM application for commands (EasyDCIM adds only relevant tasks to its database). An example of such a task may be as follows: "Start X system installation on Y device in London location". The remote applications set up in New York and London check every five seconds if there are any new orders from EasyDCIM. The New York location will find no instructions to carry on with, but the application in London will immediately begin the process of OS installation soon upon detecting the task. In other words, each slave application has to communicate with the master device only, independently of one another. Benefits of master/slave architecture model Unlimited remote application installations and no need to worry that the main thread may have insufficient amount of available resources Mutual separation of multiple locations No time-consuming and elaborate switch/router configuration Much greater security when compared to protocols like IPMI which often goes beyond the natural and strict firewall Determined to maintain your locations isolated, but still want to be able to exert full control over each of them, without wasting any of your precious time on advanced setups? Master/slave applications finally featured in our system will bring a powerful boon to the supervision of your extensive data center network, and yet at the minimum effort. To see also what other improvements our newly kicked off EasyDCIM 1.5.3 update has to amaze you with, pay a visit to our previous Blog article!

Starting today’s post with a little trip into the past, we believe our several previous releases to be the best testament to the completely fresh approach we have taken towards the continued development of our control panel. The direction of which we are immensely proud because it is dictated in large part by the people having most experience with EasyDCIM, that is you dear customers! And so, per your special request, we are back with the release of EasyDCIM v1.5.3 that makes remote OS installation in dispersed and separate locations your new real! Automated OS installation in multiple locations While benefits derived from fully automated OS installation have been already discussed in one of our previous articles, the possibility to remotely set up a desired operating system in other independent locations and subnets through EasyDCIM is a brand-new feature and thus deserves a more detailed mention. As from the 1.5.3 version, EasyDCIM guarantees flawless support for remote applications (called slaves) that can be installed in selected locations around the world to carry out the exact tasks issued by the master application (EasyDCIM in our case). Following the freshly implemented Remote Provisioning Module, end-to-end OS installation on a server located in another country and operating within a totally different subnet than EasyDCIM, is now one of those processes that can be easily ordered from the EasyDCIM panel, sparing you the hassle of advanced switch or router configuration. Loving your newly gained powers already? Hang on in there – the list of improvement continues on! Raising the bar of Admin Experience Among the most crucial aspects directly affecting Admin Experience in any piece of software is always the integrity of its interface – how well various functions are organized, how accessible and intuitive they are, and how much time you need to spend on navigating through its different sections. Bearing this mind, we have done a thorough refreshment of our tool so that it could serve your needs even better on so many different levels. Apart from numerous adjustments focused around UI, we have also smoothed the working of several forms such as SNMP Device Settings, IPMI Device Settings, Quick Create Device, or Quick Create Item. Other components that made it on the list of our extras include: Capability to start a new noVNC session for the JAVA KVM console from the client area Widget with informative statistics on particular reports BMC Cold Reset option using the IPMI protocol now available to the client A list of practical shortcuts leading to official video guides available on our YouTube channel that will vary depending on the EasyDCIM section you are at the moment. With each new EasyDCIM update, we do our best not to fall into such traps where we focus on the big picture so much that smaller, but no less important details slip our attention completely. Hopefully, we have managed to pinpoint at least a portion of the elements that still needed some tweaks done here and there, and successfully make them an integral part of the 1.5.3 release. Be sure to expect more in the future updates as well! View The Changelog! Eager to broaden your knowledge on the ever-so-exciting topic of automated OS installation through slave applications? Keep your eyes peeled for our upcoming article where all the secrets will be revealed! UPDATE (Dec 13th): The article describing our new master/slave architecture model is ready! See also: Unattended OS Installation and Windows Servers OS Installation in EasyDCIM!

In our previous article we covered all major points related to IPMI protocol risks, and viable solutions to combat these threats, including the configuration of intermediary IPMI proxy servers. Today we intend to push the subject of data security a bit further, and provide you with a detailed preview of yet another backbone feature of the latest EasyDCIM v1.5.2 - ACL (Access Control List). No matter if working in a production environment or a web app - each user assigned to a specific task must be able to engage with the necessary tools to carry out their job in an optimal way. Does it mean it would be best if everyone had unlimited access to absolutely all resources as well as network and system functions? Of course not. It is not hard to imagine that doing so could seriously endanger the security of the entire company and compromise its stability. What needs to be done instead when using advanced web applications, is developing a proper mechanism for permissions management. Need for optimization Generally speaking, each user is being assigned to a specific role which defines the set of their available permissions. For example, users belonging to the "Full Administrator" group will have access to every part of the system while the "Sales" group will be permitted to access the pages regarding the management of company orders only. When using ACLs, you may also configure the so-called resources, that is individual rights set per a specific user group. These permissions will define the type of access to selected sections of the system or its functions. What needs to be stressed at this point is that those permissions may be assigned not only to single users, but the whole user groups. Wondering why? Just imagine a situation when you have to give access to the "Orders" section to, let’s say 50 employees. Of course you could click through every single person, changing their permissions. But why would you if you can do this so much faster by creating a new group called "Orders Access" for instance, quickly adding those 50 users and then granting access to the whole group? Principle of operation As was already mentioned before, the ACL model is based on distributing permissions to individual user groups. To access the section with group management, navigate to "Settings" → " Groups". By clicking on the desired group and opening the edition window, you can assign to this group appropriate permissions to specific sections of the application. Please note that by default none of the user groups has access to the application's back-end section. All available permissions are presented in the format of a drop-down tree and are divided into several main sections such as: 1. API Access - defines access to API for a given user through their API key 2. Backend Application Management - specifies if the user should be allowed to log in to the Backend section that covers: Clients Management Devices Management Infrastructure Management Modules Management Reports Management Settings Tools Management (system addons) After the user has correctly logged in to the application, a sidebar menu is being automatically generated, depending on the permissions admitted earlier on to the user group they belong to. Here, in our example, the user is assigned to the "Sales" group, which has the rights to: Log in to the Backend section Manage users, orders, and services Manage reports ACL benefits The first and most obvious advantage derived from the ACL model was already touched upon earlier and revolves around the convenience with which users can be divided into groups and assigned permissions. But another profit that may be even more valuable since it is closely related to privacy, is that the implementation of the ACL model makes the application considerably more safe and less susceptible to attacks. When securing any type of program, it is always the most optimal solution to give users access only to the sections they need. For example, a person who will just manage orders in the company will never need full root privileges, and certainly should not be allowed that much administrative freedom. The ACL security model allows you to do exactly that – authorize specific groups of users to navigate freely through only those sections that are really required for their tasks, without the worry that they might even inadvertently cause some major complications. And after all, is there anything more important than making sure your clients' confidential information is perfectly safe and sound with you, at all times? Be sure to skim our latest post on IPMI proxy integration, and notes on the EasyDCIM 1.5.2 release as well!

Modern servers are equipped with management processors enabling the remote administration and monitoring of all crucial system parameters. Most of them are based on the Intelligent Platform Management Interface (IPMI). But what does this term actually mean? Let’s have a look. IPMI is a powerful protocol that is supported by multiple server devices from major manufacturers such as Dell, HP, Oracle and Lenovo. The IPMI specification itself has been developed by Intel, to allow administrators to manage their computer systems when you have no possibility to do that on the spot, through physical access. Working on the basis of the Baseboard Management Controller (BMC), the IPMI protocol is very practical. Not only does it provide access to the BIOS, disks and other hardware, but also supports multiple communication protocols, and operates independently of the operating system currently installed on the computer as well. Risks stemming from the use of IPMI protocol Judging by this short introduction alone you might think that IPMI is something of a technological revelation. But not entirely. Unfortunately, motherboards with IPMI functionality used with older versions of the IPMI firmware are affected by many security gaps, making them easy to identify and hack if only connected to the Internet. Here are some of the major drawbacks of the IPMI protocol: Passwords for IPMI authentication are saved in plain text By knowing just one IPMI password it is possible to access all computers belonging to the IPMI managed group Main access to the IPMI system provides full control over both hardware and software The Baseboard Management Controller often uses excessive and legacy network services that may be particularly vulnerable to attacks IPMI can also provide remote console access to the system, and therefore, the BIOS Some types of BMC connections are not encrypted Providing extra security The above outline of biggest risks resulting from the use of IPMI protocol leaves no doubts why it is so crucial to establish additional safety measures for your data center. Let’s move then to the practical approach to this problem. Here are some of the most commonly implemented solutions: Limiting IPMI IP addresses to internal networks. IPMI traffic (usually UDP port 623) should be restricted to trusted internal networks, preferably to VLAN management segment only. If using IPMI outside the trusted network, scan and monitor it closely for any invalid activity. Using strong passwords. Devices operating within the IPMI system should have strong, unique passwords defined for the IPMI service. Encrypting traffic. If possible, enable the encryption option on IPMI interfaces. Detailed information on how to configure an encryption can be usually found in the manufacturer's instruction manual. Authentication requirements. The "Cipher 0" function is an option enabled by default on many devices with active IPMI interface, allowing to ignore the authentication requirement. Disable this as well as the “Anonymous login” function to prevent hackers from bypassing authentication and sending any IPMI commands. IPMI Proxy Server After configuring and securing your servers with IPMI support, you will definitely want to provide end users with access to the KVM console or default management panel. The latter contains plenty of details particularly useful from the customer’s point of view - system logs, information about the installed software and the properties of individual hardware components. Access to the KVM console, in turn, enables the remote access to the BIOS or SSH session. IPMI Proxy Server requirements The 1.5.2 version of EasyDCIM introduces the possibility to configure IPMI proxy server, and by doing so greatly improve the security layer of your infrastructure. To use the proxy server you need an additional server with the Debian 9 "Stretch" or Ubuntu 18.04 LTS (Bionic Beaver) system. Also, the server should have access to the internal network in which the IPMI IP is located. We recommend installing the proxy software on a separate server (either virtual or dedicated). The proxy server can have both a public and private IP address, but it must be available from EasyDCIM. It is possible to configure proxy on the EasyDCIM server, but we advise against it since every time you are using a proxy server with third-party software installed, the risk of unauthorized access to the target server significantly rises. Finally, please keep in mind that proxy increases the load on the proxy server, consequently slowing down the application. Principle of operation The remote JAVA console is downloaded directly from the server manufacturer's panel, using the specific CURL commands. Additionally, to download the JAVA console, you need a public address of the IPMI interface which may lead to unauthorized access. If such a situation occurs, you can create a proxy server for IPMI connections in the application that will serve as a gateway between the application and the end user. The proxy server also channels all IPMI commands such as device power-on, restart or power-off. Owing to such a solution, none of the IPMI interfaces requires a public IP address and all important operations can be carried out in a secure private data center network. Using a proxy server in EasyDCIM EasyDCIM automatically creates a VNC session on the proxy server and launches the JAVA applet or the default management panel of the device. As a result, all devices are accessible only from the proxy server and all the traffic is transferred using a special image transfer system from the virtual graphic environment. Even though the VNC session runs in a secure manner, it is important to ensure that the proxy server is properly protected against any unauthorized access. Conclusions The vulnerabilities of IPMI-enabled systems are many and range from the ability to steal system password to the bypass of authentication mechanisms. Luckily, EasyDCIM v1.5.2 empowers data center administrators to mitigate the risk of authorized access attempts by configuring their own IPMI proxy servers that will redirect IPMI and KVM console commands. Hope you enjoyed the article and learned a few new things about the double-edged sword nature of the IPMI protocol. If you are eager to soar the safety standards of your company even higher, stay tuned for our next Blog dedicated to ACL (Access Control List). And if you have not explored the 1.5.2 release in full yet, our latest post will brief you in on all new features now available!

Since the last major release of EasyDCIM, we have been working on a new version with all our dedication, carefully weighing what its cornerstone should be. What essential functionality EasyDCIM users would most want to get access to next. And now that we have finally figured it out, we are proud to announce that EasyDCIM v1.5.2 is officially out in the open, armed and ready to facilitate your server management process! Without dragging things out any more than necessary, let us see what novel features this vital new update presents at your disposal. IPMI protocol with Proxy server integration It is a well-known fact now that remote supervision of modern servers would be greatly obstructed, if not impossible, without such management processors as IPMI. But what is less obvious to the public is that this seemingly brilliant solution has quite a few drawbacks too, posing a serious security risk to all systems using this very protocol and connected to the Internet. To address and deal with this looming threat, the 1.5.2 version of our control panel provides administrators with the possibility to configure servers that will serve as proxy servers for all IPMI commands and KVM consoles. If you would like to read all about this specific function and how it works in practical terms, our dedicated article which is already scheduled for release will put you in the picture very shortly. ACL model for managing permissions among user groups No matter if you are currently working on the production environment or web app. You need rules defining to which parts of the system each particular user should be granted access so that your team could carry out their individual tasks effectively, but without compromising the safety of the entire infrastructure – either willingly or by accident. ACL model is one way to approach this problem. It not only shields your system against potential security breaches through advanced access control but also enables you to manage permissions on groups of users (not only each user separately) which turns out to be a huge time-saver when you need to define access to particular departments to multiple employees. EasyDCIM v1.5.2 is all about safety – our spotlight features, each briefly outlined above, are the best example of that. But a sharp eye will momentarily notice that our changelog accommodates a handful of other improvements and adjustments as well, all worthy of your close investigation. Here is a sample of some of them: Open two simultaneous login sessions separate for the administrator and the user Advanced device search tool based on the previously set filters Possibility to switch off such options as "Activate", "Suspend", "Unsuspend" per device A new bootloader in OS installation which supports booting of the older device types with network boot support Learn more about the new EasyDCIM v1.5.2 and stay tuned for the upcoming articles elaborating some more on our two keystone features! View The Changelog!   UPDATE: Two promised articles are now ready. Learn more about IPMI proxy integration and ACL in EasyDCIM v1.5.2!