Inspur NF5280M5 Security Configuration Manual
M5 platform
Hide thumbs
Also See for NF5280M5:
- User manual (200 pages) ,
- Operation and maintenance manual (58 pages) ,
- Acceptance manual (30 pages)
Related Manuals for Inspur NF5280M5
Summary of Contents for Inspur NF5280M5
- Page 1 Inspur server security configuration Guide Inspur Server Security Configuration Guide (M5 Platform) Ver1.0 2019-11 1 / 42...
- Page 2 The products, services or features you purchase shall be subject to the commercial contracts and terms of Inspur Electronic Information Industry Co., Ltd. All or part of the products, product safety services or features described in this document may not be covered by your purchase or use.
-
Page 3: Table Of Contents
Inspur server security configuration Guide Contents 0 Introduction ..........................6 Hardware security configuration................... 8 Power module installation ....................8 Connect network interface ....................8 Power on ........................10 Power off ........................11 Firmware security configuration ..................13 Security configuration of system BIOS ................ 13 2.1.1 How to enter BIOS .................... - Page 4 Purpose This document introduces the security reinforcement methods and suggestions of Inspur server, which are applicable to almost all product models of M5 platform server (such as NF5280M5, NF8480M5, etc.). The purpose is to guide users how to configure the server to achieve the best security, eliminate potential threats and security risks brought by natural and human factors, and improve users' use experience.
- Page 5 Inspur server security configuration Guide Symbols and abbreviated terms Abbreviation Describe Uninterruptible Power Supply Power Distribution Unit Baseboard Management Controller BIOS Basic Input Output System CMOS Complementary Metal Oxide Semiconductor Trusted Platform Module NTFS New Technology File System UEFI Unified Extensible Firmware Interface...
-
Page 6: Introduction
Therefore, it is particularly important to guarantee the security and confidentiality of servers that carry and process information. Inspur has made great efforts to solve this problem, and has made a comprehensive and in-depth investigation and analysis of the security problems existing on the server, forming this security configuration manual. - Page 7 It is strongly recommended that you make basic security configuration for server to avoid most security problems. Note: The recommended configuration in this document is not applicable to all Inspur server product models. Please refer to the user manual of the corresponding product model for details. 7 / 42...
-
Page 8: Hardware Security Configuration
Inspur server security configuration Guide 1 Hardware security configuration Hardware security configuration includes power on and power off of server, network and interface configuration, including how to install the power module, how to access the network safely, how to ensure the safe power on and power off, and how to check the system information through the serial port in case of system startup problems. - Page 9 Inspur server security configuration Guide Figure 1.1 schematic diagram of server network port distribution Name Function and description 4 gigabit network interfaces per IO riser; Network interface The indicator LED of the network card is green when the speed 0/1/2/3 is 100MB;...
-
Page 10: Power On
Inspur server security configuration Guide Power on When powering up the server, pay attention to the status LED, ID LED, and power button on the front control panel of the server. The descriptions of various indicators are as follows: Name... -
Page 11: Power Off
Inspur server security configuration Guide Figure 1.2 putty interface Press the switch button on the front control panel of the server, the fan runs, and the system starts self-test. Power off There are two ways to shut down the server system: 1. - Page 12 Inspur server security configuration Guide the power cord or turn off the power supply plug). 12 / 42...
-
Page 13: Firmware Security Configuration
Inspur server security configuration Guide 2 Firmware security configuration Security configuration of system BIOS The purpose of this section is to guide the user how to configure the system BIOS safely. The specific operations include how to restore the BIOS to the default settings when the system crashes, how to enter the BIOS and configure various security parameters. - Page 14 Inspur server security configuration Guide crash, you can restore the BIOS to the default settings through the clear CMOS function, which can be realized in two ways: 1. unplug CMOS battery 1) power down the server AC; 2) unplug the CMOS battery and wait for two minutes;...
-
Page 15: How To Enter Bios
Inspur server security configuration Guide Figure 2.2 location of CMOS jumper on main board (Note: the system time will be reset if the CMOS battery is removed, so the jumper mode is recommended.) You can also restore the BIOS function through ‘load default’ option. -
Page 16: Bios System Menu Configuration
Inspur server security configuration Guide <ALT> + <del> at the same time to restart the system and repeat the above operations. According to the above operations, enter the BIOS main interface, as shown in Figure 2.3. Figure 2.3 2.1.2 BIOS system menu configuration... - Page 17 Inspur server security configuration Guide Advanced Set advanced features of CPU, integrated SATA controller, Configure processor, QPI, memory, IIO, PCH, ME and Chipset some general configurations Server Mgmt Configure server management features Security Configure the super user and user password of the system...
- Page 18 Inspur server security configuration Guide 1) Trusted Computing This item displays TPM related information. If your server does not have a TPM chip, ignore this submenu. Figure 2.5 If you need to use the TPM feature, set the ‘Security Device Support’...
- Page 19 Inspur server security configuration Guide Figure 2.6 This menu provides setting function items and FRU related information for system management. Only the main and common submenus or options are described below. 1) FRB-2 Timer This item is used to set whether to start the timing function of FRB-2. There are two options: [enabled]\[disabled].
- Page 20 Inspur server security configuration Guide arrival of the time. There are four options: "restart", "reset (default)", "shut down" and "do nothing". 4)BMC network configuration This item is used to view the configuration information of BMC network interface. Figure 2.7 20 / 42...
- Page 21 Inspur server security configuration Guide Figure 2.8. ① Sharelink Network This is used to enable/disable the shared network. If enable is selected, the public network interface of the server can access the server and BMC at the same time. If this item is disabled, the public network interface of the server can only be used to access the server.
- Page 22 Inspur server security configuration Guide Auto: indicates the IP address obtained automatically. Manual: which means to manually configure the BMC's IP, gateway and other information. If you select ‘Manual’ in ‘Get BMC Sharelink Parameters’, you can select ‘Configuration Address source’, which also has three options: ‘Unspecified’, ‘Static’...
- Page 23 Inspur server security configuration Guide Figure 2.9 Here you need to set the user password according to the following requirements: 1. The password must be within the range of 8-64 characters; 2. The password must start with English letters, at least three combinations of uppercase letters, lowercase letters, numbers and special characters (except for spaces), and the user name cannot be a part of the password;...
- Page 24 Inspur server security configuration Guide There are 5 options for ‘User Privilege Limit’: • No Access • User • Operator • Administrator • OEM Proprietary Only administrator account has ‘Administrator’ operation permission. Other users can be assigned one of the remaining four operation permissions as required.
- Page 25 Inspur server security configuration Guide Figure 2.10 1)Account classification settings It is necessary to set the account hierarchically. It supports two accounts, ‘Administrator’ and ‘User’. Password and permission are separated. ‘Administrator’ has the highest permission. Only through ‘Administrator’ can ‘User’ accounts be added or deleted. ‘User’ only have the minimum access rights, such as the basic options of only modifying system time and restoring factory default values.
- Page 26 Inspur server security configuration Guide this motherboard must pass the authentication of these public keys. In UEFI mode, you can choose to enable/disable ‘Secure boot’. In Legacy mode, ‘Secure boot’ is invalid. When ‘Secure boot’ is enabled, if you want...
-
Page 27: Bmc Security Configuration
Inspur server security configuration Guide Log in to the server's BIOS as an administrator before configuration. The specific configuration steps are as follows: 1) select the ‘Boot’ menu, and its main interface is as shown in the figure above; 2) under ‘Boot Option Priorities’, select ‘Boot Option#1’, press ‘Enter’ and then select the hard disk you want to start;... -
Page 28: Remote Login Bmc
Java SE Runtime Environment: http://www.java.com/en/download/ You can also use Inspur driver CD to enter the Java directory under the CD root directory and install the browser plug-in directly. Before logging in to the remote Web interface, the client should install the... - Page 29 Inspur server security configuration Guide browser plug-in, and set the IP of the remote client in the same network segment as that of the BMC. 2. Remote login method Enter the IP address of BMC in the IP address column of client browser and press enter to open the management login interface, as shown in Figure 2.12.
-
Page 30: Bmc Web Interface Settings
Inspur server security configuration Guide which should not be less than 5 minutes and the recommended setting is 30 minutes. 2.2.3 BMC Web interface settings After logging in to the system, the left side of the interface is the navigation tree. - Page 31 Inspur server security configuration Guide Select a service, and then modify its interface, non-security port number, security port number and other information according to your needs. It is recommended to close unnecessary ports and services, check the service operation regularly, and make sure that the prohibited and enabled services are normal.
- Page 32 Inspur server security configuration Guide following table for details: User privileges Supported operations administrator Read/Write operator Read user Read No authority None In case of any of the following circumstances, the account number shall be revoked or the password of the account number shall be changed immediately, and records shall be made: ①...
- Page 33 Inspur server security configuration Guide 4)Disable BMC shared network If the BMC shared management network is enabled, the BMC can use the public network interface of the system. Based on security consideration, it is recommended to disable the BMC shared management network, and the BMC should use a private network interface.
- Page 34 Inspur server security configuration Guide Figure 2.17 3. System maintenance Select ‘system maintenance’ on the navigation tree to open the system maintenance page, which includes four pages: ‘BMC firmware update’, ‘BIOS firmware update’, ‘restore factory settings’ and ‘system administrator’. 1) BMC firmware update Figure 2.18...
- Page 35 ③ start the verification and record the result at the same time; ④compare the verification result with the standard MD5 value issued by Inspur. If it is consistent, the BMC image is complete. Otherwise, the BMC image is incomplete. BIOS firmware update is the same as BMC firmware, and the integrity of BIOS image needs to be verified before upgrading.
- Page 36 Inspur server security configuration Guide password with low complexity, there will be a security risk of password brute force cracking. Please be careful. 4. IPMI safety switch This section introduces the opening mode, application and influence of IPMI safety switch.
- Page 37 Inspur server security configuration Guide -H ip address -U(user name) -P(password) raw 0x3c 0x3a 0x1e 0x02 4)single open: note that the single open command is only valid when the chip security protection mechanism is enabled permanently. After the BMC is restarted, the command fails.
-
Page 38: System Security Configuration
Inspur server security configuration Guide 3 System security configuration This section is the system security configuration of the server. The purpose is to help users configure the server in a comprehensive and safe way. The main contents include: server hardware maintenance, server data backup, server software configuration and others. -
Page 39: Server Data Backup
Inspur server security configuration Guide 4. Avoid operation such as excessive force or forced pulling and inserting, so as not to damage the physical appearance of components or lead to connector failure (such as pin bending, pin short circuit, etc.). -
Page 40: Other
Inspur server security configuration Guide system log, security log and application log. And regularly install the latest patches or upgrade packages for the server's operating system and anti- virus software. It is recommended that you use vulnerability scanning and risk assessment... - Page 41 Inspur server security configuration Guide It is recommended that you establish an security incident response mechanism to deal with safety accidents, so as to ensure that production can be resumed and vulnerabilities can be solved as soon as possible after safety accidents occur, and the loss can be minimized.
-
Page 42: Conclusion
Inspur server security configuration Guide 4 Conclusion This configuration manual is different from the server user manual and does not cover the complete server operation steps, but it shows you how to use the server more safely, which is very important for you. We hope that this manual can help you to configure the server safely and protect it from attacks, viruses, etc.