Does the IPMI or KVM go on a private network of some sort? Surely you wouldn’t want to expose that to the internet.
Does the IPMI or KVM go on a private network of some sort? Surely you wouldn’t want to expose that to the internet.
This is good info! I’ll follow up with the provider. Unfortunately even though I live in a large city, of the two dozen or so places I contacted only two of them would consider less than a half rack.
consider server motherboards with KVM over IP capabilities
I had not considered this. My plan was to initially just swap the consumer grade stuff I have over to the 826 since it supports ATX, but now I’ll reconsider. Remote KVM has come in handy a few times with my dedicated servers over the years, so lacking that would suck pretty bad. I don’t know that I won’t have access, but several of the other providers stated on their websites that shared cabinets won’t have physical access (which I honestly would prefer since I’ll have several thousand dollars in hardware sitting in there).
Data centers are businesses and as a costumer they should be answering your questions about their operating policies. If they aren’t consider a different DC.
Great point and I totally agree! Just didn’t want to walk in like a complete noob asking a bunch of dumb questions if I could prevent it.
You’re no longer behind a home router with a firewall that has sensible rules, so it is now up to you to avoid getting pwned and footing the power bill. It is also up to you to avoid spamming out stray traffic.
Thankfully I’ve got quite a bit of experience hardening servers exposed directly to the internet. *knocks on wood* So far I’ve managed to not get pwned by turning on automatic security updates, keeping open ports limited to ssh with password/root login disabled and reverse proxying everything. If I need access to something that doesn’t need to be exposed I just port forward through ssh.
You’ll also need a security device like a firewall or router
This is one of the major reasons I’m moving to Proxmox. I’m going to virtualize OPNsense or pfSense and put everything behind that. I guess I should have said that I’ve host multiple dedicated servers over the decades, so from a security standpoint I’m pretty familiar. Really just trying to focus on the hardware side since this is the first time I will actually be responsible for managing and maintaining the hardware.
You’re mostly spot on, but point updates are usually patches for security and bugs. You SHOULD take all point updates.
IMO ansible is over kill for my homelab. All of my docker containers live on two servers. One remote and one at home. Both are built with docker compose and are backed up along with their data weekly to both servers and third party cloud backup. In the event one of them fails I have two copies of the data and could have everything back up and running in under 30 minutes.
I also don’t like that Ansible is owned by RedHat. They’ve shown recently they have zero care for their users.
I have a spare Pi4 sitting around the house that I could pretty cheaply turn into a PiKVM. Looks like there are some slick hats to install into a PCI-E slot so I don’t have a Pi and a bunch of wires hanging out in the chassis. Looks like I’ll be going that route. Just need to figure out how to power it (they all seem to require external 5v or POE).