HP Integrated Lights-Out Security, 7th edition
27
Figure 14. Example configuration of a DMZ
InternetInternet
iLO can create a separate, secondary network (iLO Net in Figure 14) parallel to the primary or
production network. This dual-network architecture segregates management traffic from production
network traffic. It allows system-wide server management activities, including servers inside the DMZ,
while maintaining maximum security by limiting access to the production network.
Figure 14 shows a packet-filtering router that acts as an initial line of defense. Behind this router is a
firewall system. There is no direct connection from the Internet or the external router to the internal
network. All traffic to or from the internal network must pass through the firewall system. An additional
router filters packets destined for the public services in the DMZ and protects the internal network from
public access.
The firewall is a multi-targeted server that you can configure to evaluate traffic according to different
rules based on the traffic source and destination:
• From the Internet to the DMZ
• From the DMZ to the Internet
• From the Internet to the internal network
• From the internal network to the internet
• From the DMZ to the internal network
• From the internal network to the DMZ
Servers inside the DMZ and on the internal network can use iLO processors. There is no possibility for
data to flow between the DMZ network and the iLO network because the network connection to iLO is