1. Technical Field
The present invention relates in general to the field of computers, and in particular to multiple blade servers housed in a server chassis. Still more particularly, the present invention relates to a method and system for filtering, through a secure remote supervisor, responses from Pre-boot eXecution Environment (PXE) servers to a server blade's request for a boot program, such that responses to the request for the boot program are only utilized from trusted PXE servers.
2. Description of the Related Art
Server blade computers offer multiple server blades (computers mounted on separate boards) in a single chassis (blade chassis). Although each server blade may be under at least partial control of primary server blade in the chassis, each server blade typically functions as an independent server to specific clients. A typical arrangement of such as system is shown in FIG. 1, in which a blade chassis 102, having multiple server blades 103a–c, is connected to a network 106, which connects to multiple clients 104.
A PXE boot server network 108 is connected to blade chassis 102 and the individual server blades 103 via network 106. Each of the server blades 103 may utilize a network boot protocol known as Pre-boot eXecution Environment (PXE). PXE allows server blade 103 to request a network boot program from a boot server in the PXE boot server network 108. Such a boot server can provide a boot image that can be used to load a new operating system (OS), flash a Basic Input/Output System (BIOS) memory, or even erase data on a local hard disk.
To download a boot program, server blade 103 broadcasts a request to PXE boot server network 108. One or more of the PXE boot servers in PXE boot server network 108 respond back to server blade 103 offering a requested boot program. If responses from multiple boot servers from PXE boot server network 108 are put on network 106, then server blade 103 typically responds to the first request response to arrive a server blade 103.
A network boot of server blade 103 as described is not secure, since the broadcasted boot request can result in a responsive offer from any PXE server connected to network 106, including an unauthorized PXE server attempting to tamper with the network. Thus, an unauthorized PXE boot server could result in possible undesired operations such as exposures to operational security and/or destroying data on a local fixed disk drive. What is needed, therefore, is a method and system for preventing booting from unauthorized PXE servers.