IBM 00E1662 Flex Service Processor FSP Card 9117-mmd CCIN 2bbb YZ
The IBM® Power® 770 (9117-MMD) system is based on POWER7® processor-based technology.
- Brand: IBM
- Part #: 00E1662
- Suitability: 9117-MMD (IBM Power 770) series
- Category: System Parts
- Condition: New, open box
- Warranty: 1 (one) year Tekmart warranty
Flexible Service Processor (FSP)-what they are and their intended purpose
The Flexible Service Processor (FSP) is firmware that provides diagnostics, initialization, configuration, run-time error detection and correction. FSP is what connects the managed system to the Hardware Management Console (HMC).
All IBM Power Systems that support PowerVM are equipped with a Flexible Service Processor (FSP) which is an always-on management processor helping in out-of-band management of the server. Thus the FSP is the external face of a POWER system providing various platform management interfaces. Consequently, it is critical to understand the potential vulnerabilities these interfaces can expose the system to and adopt best practices to minimize the attack surface.
Security vulnerabilities in the network elements (Compute servers, interconnect routers and switches, gateways etc.) have been exploited to launch Denial of Service (DOS) attacks and inflict loss of customer data and more importantly cause breach of trust.
In order to protect your network from such malicious attacks, the system admin must have a thorough understanding of the security controls provided by the network components. It is also critical to understand the inherent hardware and firmware/software limitations in each of the network elements to effectively prevent an intrusion.
Typical implementation, a simple example
Hide them if you can
POWER servers are typically deployed in a private network. Most customer deployments choose to deploy their servers in this manner in order to eliminate external intrusions. In the deployment example below, the eth0 interface is configured with a 192.168.10.0/24 subnet address while the eth1 interface is configured with a 192.168.20.0/24 subnet address.
There is one Hardware Management Console (HMC) responsible for each of the subnets. While the HMC (in the demilitarized zone) is accessible from the WAN, the FSP interfaces in the private network are not.
While this deployment vastly reduces the attack surface, some customers may have the need to remotely manage the POWER servers, thereby justifying the need to provision WAN accessible addresses on the FSP's ethernet interfaces. -(Tekmart Support)