zlacker

A major con of the enterprisey ilom systems (such as the idrac) is their atrocious security track record. You are basically giving up your "the network is untrusted, I can survive its compromise" badge if you plug in one of those.

>>fulafe+(OP)
Well those ports should never face the internet anyway. Most servers will have a dedicated (physical) port you use for IPMI or whatever -- vlan that and only allow access from your VPN. If you're extra secure you can full on disable the switchport until you need it.

>>parlia+t7
Make sure in the BIOS to disable fallback to one of the other ethernet ports. Quite a few IPMIs will listen on eth0 if it looses the dedicated IPMI port link by default.

>>parlia+t7
This fail-open "should" is bad besides for the obvious reasons, also because it'll be extra ops complexity compared to a secure kvm widget that you don't have to handle with kid gloves.

(And thirdly because of the sibling comment noted footgun.. or silent foot-boobytrap more properly)

>>fulafe+oq
The problem is BMC has an astounding array of features[1] that are worth the operational complexity. This isn't just KVM like in OP's post... being able to remote mount images is a godsend when you're provisioning a server or diagnosing hardware issues or doing a BIOS update on the other side of the globe (with your other alternative being shipping a flash drive[2], then paying $200/hr for DC remote hands to plug it in for you).

[1] https://www.supermicro.com/en/solutions/management-software/...

[2] don't even try to talk about PXE booting if you've never tried to get DHCP+BOOTP to work over a WAN

>>parlia+eR
The Pi is capable of remote mounting images.[0] I haven't implemented support for it in TinyPilot yet, but it should be possible.

[0] http://www.isticktoit.net/?p=1383

>>parlia+eR
I think you can do all those with iPXE, works well over wan. As a bonus you can get your images over https and not insecure tftp.