The present disclosure relates generally to information handling systems, and more particularly to providing in-band access to a remote access controller in an information handling system.
As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is information handling systems. An information handling system generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, information handling systems may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in information handling systems allow for information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, information handling systems may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.
Information handling systems such as, for example, server devices, are typically managed in order to update firmware, restore platforms, retrieve server event/error logs, retrieve or update boot configuration data, and/or provide for a variety of other server management activities known in the art. In conventional systems, server devices include a remote access controller (e.g., a Dell Remote Access Controller (DRAC) or integrated DRAC (iDRAC) available from DELL® Inc. of Round Rock, Tex., United States) that performs much of the management for the server device, and management data (e.g., firmware image data, platform restore data, server event/error logs, boot configuration data, etc.) is used for performing out-of-band server management activities. In some situations, operating system (OS) applications may require in-band access to the remote access controller. However, there are security concerns associated with in-band access to the remote access controller, as current solutions of in-band access use implicit trust and/or temporary authorization techniques. This implicit trust/authorization makes the remote access controller accessible to any OS application once the authorization is exposed. For example, a recent specification from the Distributed Management Task Force (DMTF), Redfish Host Interface, defines a method to create an authenticated Redfish session from an OS kernal. However, this proposal has a security concern associated with legacy operating systems exposing temporary credentials to any OS application. Other authentication mechanisms for OS applications include using Intelligent Platform Management Interface (IPMI) commands. However, the remote access controller will be accessible to any OS application once the IPMI commands are exposed.
Accordingly, it would be desirable to provide an improved remote access controller in-band access system.