Right now, most of the new server equipment has built in KVM dedicated port. Whats the best pratice for assigning IP for each KVM devices? Do you assign a /30 with Vlan setup to prevent IP hijacking? But that would be wasting a lot of IP when you have hundreds of servers.
I'd recommend setting up a VPN and then simply use private addresses to access each KVM device. This would be much more secure than having them publicly facing and also save the addresses you do have for more important applications.
Empowering Your Web Ventures
In Business Since 2005
Specializing in Web Hosting, VPS, Managed Dedicated Servers and Managed Colocation
NAT sounds like a good idea, but it doesnt do much for security.
The best approach is private network addressing with a VPN tunnel, as well as router firewalling to only allow specific clients to access their designated subnets. This way no public traffic and no other clients can access each others IPMI's.
EasyDCIM.com - DataCenter Infrastructure Management - HELLO DEDICATED SERVER & COLO PROVIDERS! - Reach Me: [email protected] Bandwidth Billing | Inventory & Asset Management | Server Control
Order Forms | Reboots | IPMI Control | IP Management | Reverse&Forward DNS | Rack Management
NAT isn't really viable for IPMI as the java client expects to be listening on a particular port. We put most of our IPMI on a private network that we access by remotely accessing a particular server on the network that is also connected to the private network. For customers who want IPMI, we make an exception and assign an ip from our pool to that ipmi and then we move the ipmi to the public network. If we had a lot of people who wanted public ipmi access, we'd definitely be looking into a vpn solution, both for security and also to cut down on wasting ips for this sort of thing.