Home / server / Questions / 93065
Accepted
Matthew Rankin
Asked: 2009-12-11 08:46:07 +0800 CST

Same or different network for BladeCenter Management Module

  • 772

I'm looking for recommendations and reasons for having the BladeCenter Management Modules either on the same network as the Blades and other servers or on a separate network.

Configuration Information

  • IBM BladeCenter (MTM 8677-2XX)
  • Three HS20 Baldes
  • Two Management Modules (not the Advanced Management Modules)
  • Static IPs for both the Blades and the Management Modules
networking

2 Answers

  1. Best Answer

    I'll disagree with dan here.

    There are 2 reasons to have your management network segregated from your production network.

    1. security. Typically you pass traffic over the mgmt network that's a bit more sensitive and trusted than the traffic in the production network. I'm not 100% convinced this is a sufficient reason to set up a management network. Say, for instance, if you're doing SNMPv2, it helps to have this stuff on a totally independent link / network.
    2. your management network shouldn't be routed and you should have out-of-band access to it. That way, if you do something to your production network that causes it to not work or work very poorly, you can still access all of your devices. Very handy if you screw up a routerID or a firewall rule or are dealing with a broadcast storm...

    In my opinion, the reliability aspect of the management network (reason 2) is the primary justification.

    • 4

  2. There's just one compelling reason to do so - security.

    Putting all of your management devices including any other switch and KVM-IP hardware into a separate network means that they are far away from your public production networks. This prevents management traffic from being as exposed and allows you to enforce different policies for access.

    • 0