Security guidelines

IBM recommends that you use the following security guidelines for your eBMC system:

1. Install and operate the eBMC system on a private network or public network that is behind a firewall.
2. When you plug the eBMC system into the network, login to the default admin account of the eBMC system and set the password. You can complete this task by using the eBMC web-based Advanced System Management Interface (ASMI) GUI.
3. You can create a separate account for each entity to access the eBMC system. Assign the appropriate role to each account. From the ASMI GUI, go to Security and access > User management.
4. Use a strong password for each account. From the ASMI GUI, go to Security and access > User management.
5. Keep the admin account usable for service calls.
6. Keep the Intelligent Platform Management Interface (IPMI) service of the eBMC system in its default disabled state. The IPMI interface has security vulnerabilities and is deprecated. Alternatively, you can use the Redfish interface. From the ASMI GUI, go to Security and access > Policies > IPMI. For more information, see Risks of using IPMI on IBM Power systems.
7. Create an HTTPS server site-identity certificate and install it onto the eBMC system. From the ASMI GUI, go to Security and access > Certificates > HTTPS Certificate.
8. Verify that the following eBMC configuration and settings are correctly configured:
   • Settings > Date and time
   • Settings > Network
   • Security and access > User management
   • Security and access > User management > Account policy settings
   • Security and access > LDAP
   • Security and access > Certificates
   • Security and access > Policies
9. Keep up with security bulletins and firmware updates. For more information, see https://www.ibm.com/mysupport.