System information
VPN on the OnBoard
32 AlterPath OnBoard Administrator’s Guide
VPN on the OnBoard
As described in the AlterPath OnBoard User’s Guide, for security reasons an
authorized user must establish a trusted connection with the OnBoard before
gaining native IP access to native management features on connected service
processors. (In the user’s guide, see “Native IP” for details about the service
processor management actions that require a trusted connection using VPN.)
Caution! Once a user has been authenticated and the user’s authorizations to
access a device have been checked, the user with a VPN connection has
unlimited access to the device. Since the OnBoard cannot control whether a
connected device allows unrestricted access to the rest of the network, the
administrators of connected devices must take care to configure the connected
devices in such a way as to control the access of individual users on individual
devices to maintain the security of the network.
VPN connections establish encrypted communications between the OnBoard
and the remote host. The encryption creates a security tunnel for
communications through an intermediate network which is untrustworthy.
The remote host and the OnBoard take care of encryption and decryption on
their end. See “Configuring VPN Connections” on page 81 for what the
OnBoard administrator needs to do.
Message Logging (With Syslog) on the OnBoard
The administrator can set up logging of messages about the following types of
events:
• Events of interest from the OnBoard system
• Events of interest obtained by filtering data during device console
connections with connected devices
• Overcurrent status from a connected AlterPath PM IPDU
• Sensor alarms generated by sensors on connected devices
Messages can be sent to central logging servers, called syslog servers.
Messages can also be sent to the console or to the root user or both.