Figure 1.1: secure path to a connected sp – Avocent 5240 User Manual
Page 15
Chapter 1: Introduction 3
Figure 1.1 is a conceptual illustration of a secure path between a remote user and an SP through the
MergePoint 5224/5240 SP manager. A remote user is shown, but users may also be locally located,
on the same LAN. In Figure 1.1, the remote user accesses the MergePoint 5224/5240 SP manager
through a network connection to the public Ethernet port. Users may also dial into the MergePoint
5224/5240 SP manager through an optional external modem or PC modem card.
Figure 1.1: Secure Path to a Connected SP
In Figure 1.1, the dedicated Ethernet port of an SP is separate from the server’s Ethernet ports. The
SP’s dedicated Ethernet port is connected to one of the SP manager’s private Ethernet ports.
The IP address of the public Ethernet port is the only publicly defined IP address used for
out
-
of
-
band management of all connected SPs, which reduces the deployment costs for the SPs.
Each target device is configured with a private designated IP address and, at the administrator’s
discretion, each target device may also have a virtual IP address. If virtual addresses are defined,
users may be allowed to see a target device’s virtual IP address but not to see the target device’s
privately defined IP address.
After the user selects the desired management action, the MergePoint 5224/5240 SP manager then
creates a secure connection between the user and the SP, acting as a proxy on behalf of the user.
While the user is performing any SP management action, the connection between the MergePoint
5224/5240 SP manager and the SP is kept separate and protected from the connection between the
user and the MergePoint 5224/5240 SP manager. Nothing that happens on the private network is
exposed to the public network. Depending on the mode of access (either by browser or by SSH),
either HTTPS or SSH is always being used to protect communications that are transported on the
public network between the user and the MergePoint 5224/5240 SP manager.
MergePoint 5224/5240
SP Manager
Remote User Workstation
Route/Optional Firewall/DSView
3 Management Software Server
Public Network Ethernet Port
Private Network Ethernet Port
Server
Key
Secure path
SP’s Dedicated
Ethernet Port