Collaborators? :: Enable/disable access to BMC through interfaces for security

All the mail mirrored from lore.kernel.org
 help / color / mirror / Atom feed

From: Jandra A <jandraara@gmail.com>
To: OpenBMC Maillist <openbmc@lists.ozlabs.org>,
	jrey@linux.ibm.com,  vernon.mauery@linux.intel.com
Subject: Collaborators? :: Enable/disable access to BMC through interfaces for security
Date: Mon, 28 Oct 2019 13:48:47 -0500	[thread overview]
Message-ID: <CAMTupoQThp=WRfdH+QHwmqP1ZqbgCKq81rS8Cp+0sYKQfNe4Sg@mail.gmail.com> (raw)

Hello all,

As part of the GUI design team, I am starting to look at requirements
for enabling and disabling network interfaces for which the BMC can be
accessed. For example, IPMI, SSH, Redfish, HTTP, and USB, to name a
few.

I know there has been some conversation on the topic before (see email
linked below) and want to reach out to see who is interested in this
topic. And I would love to get your thoughts on the following topics.

Some questions we want to tackle are:
1. Which interfaces need to be enabled/disabled and what is their
priority? (See full list in the redfish documentation)
2. What should be the default for the selected above (enabled/disabled)?
3. Do we need a staged plan for it?
4. When can we expect backend availability?

Redfish documentation:
https://redfish.dmtf.org/schemas/ManagerNetworkProtocol.v1_4_0.json

Related email discussion (on staged plans to address IPMI access):
https://lists.ozlabs.org/pipermail/openbmc/2019-September/018373.html

Regards,
Jandra Aranguren

next             reply	other threads:[~2019-10-28 18:49 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-10-28 18:48 Jandra A [this message]
2019-11-01 14:40 ` Resend : Enable/disable access to BMC through interfaces for security Jandra A
2019-11-01 16:55   ` Joseph Reynolds
2019-11-01 17:45     ` Justin Thaler
2019-11-04 22:57       ` Jandra A

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAMTupoQThp=WRfdH+QHwmqP1ZqbgCKq81rS8Cp+0sYKQfNe4Sg@mail.gmail.com' \
    --to=jandraara@gmail.com \
    --cc=jrey@linux.ibm.com \
    --cc=openbmc@lists.ozlabs.org \
    --cc=vernon.mauery@linux.intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.