Changing the Baseboard Management Controller (BMC) credentials on the NVIDIA DGX A100 is crucial for enhancing security and preventing unauthorized access. Here are the best practices for changing BMC credentials:
Initial Setup and Credential Change
1. Default Credentials: The DGX A100 ships with default BMC credentials, typically `admin` for both the username and password. It is essential to change these credentials during the first boot to ensure security[1][2].
2. First Boot Configuration: During the initial setup, you will be prompted to create an administrative user account for the operating system. The BMC username will be the same as this administrative username. You will also need to set a unique password for the BMC, which must be at least 13 characters long[1][7].
3. Disabling Default User: Once you configure the new BMC credentials, the default `admin` user is disabled, and its password is scrambled to prevent future use[1].
Changing BMC Credentials Post-Setup
1. Accessing the BMC Interface: To change the BMC credentials after the initial setup, access the BMC web interface by navigating to `https:///` in a browser. Ensure that the BMC is connected to your network and that you have the current login credentials[2][4].
2. Adding a New User:
- Log into the BMC interface using your current credentials.
- Navigate to Settings > User Management.
- Click the Help icon for guidance on user configuration.
- Add a new user with a unique username and strong password[2][4].
3. Disabling Old Users:
- Log out and log back in with the new credentials.
- Navigate to Settings > User Management.
- Disable the old user accounts, including the default `admin` and `anonymous` users if they are still active[2][4].
Security Best Practices
1. Network Isolation: Ensure the BMC is connected to a dedicated management network or a separate VLAN to isolate it from regular network traffic. This reduces the risk of unauthorized access[7].
2. Firewall Configuration: Use a firewall to restrict access to the BMC's IPMI port, limiting it to necessary management IP addresses[7].
3. Regular Updates: Keep the BMC firmware and system software updated to address any known vulnerabilities. Regularly check for updates and apply them as necessary[6][8].
4. Strong Passwords: Always use strong, unique passwords for BMC users. Avoid using easily guessable information or common patterns[1][7].
By following these practices, you can significantly enhance the security of your DGX A100 system by protecting it against unauthorized access and potential vulnerabilities.
Citations:
[1] https://docs.nvidia.com/dgx/dgx-station-a100-user-guide/security.html
[2] https://docs.nvidia.com/dgx/dgx-rhel8-install-guide/changing-bmc-login.html
[3] https://www.manualslib.com/manual/1925509/Nvidia-Dgx-A100.html
[4] https://docs.nvidia.com/dgx/dgxa100-user-guide/using-the-bmc.html
[5] https://support.hpe.com/hpesc/public/docDisplay?docId=a00115093en_us&page=Update_Nvidia_A100_GPU_Firmware.html&docLocale=en_US
[6] https://cve.mitre.org/cgi-bin/cvekey.cgi
[7] http://cdn.cnetcontent.com/2f/68/2f6888a0-063f-4d76-94e4-8666b7619dfd.pdf
[8] https://ogma.in/analysis-and-mitigation-strategies-for-cve-2023-31025