To ensure that the Baseboard Management Controller (BMC) on the NVIDIA DGX A100 is not accessible from the internet, follow these detailed steps:
1. Connect to a Dedicated Management Network: NVIDIA recommends connecting the BMC port to a dedicated management network with firewall protection. This isolates the BMC from the general network and prevents unauthorized access from the internet[3][10].
2. Use Firewall Protection: Ensure that the dedicated management network is protected by a firewall. This will block any incoming traffic from the internet to the BMC, preventing unauthorized access[3][10].
3. Configure a Separate VLAN: If a dedicated network is not available, configure a separate VLAN for BMC traffic. This segregates the BMC traffic from other network traffic, enhancing security[10].
4. Disable Remote Access via Internet: Avoid configuring remote access to the BMC through the internet. If remote access is necessary, use a secure method such as a VPN server to isolate the BMC from the internet[3].
5. Change Default Credentials: Ensure that the default BMC credentials are changed during the initial setup. The BMC username will be the same as the administrator username, and a unique password should be set for the BMC[1][10].
6. Monitor for Vulnerabilities: Regularly check for security updates and vulnerabilities related to the BMC, such as CVE-2023-31033, and apply patches promptly to prevent exploitation[7][9].
7. Limit Physical Access: Restrict physical access to the DGX A100 system and its network connections to prevent unauthorized individuals from connecting to the BMC port directly[3].
By following these steps, you can effectively secure the BMC on the DGX A100 and prevent it from being accessible from the internet.
Citations:
[1] https://docs.nvidia.com/dgx/dgx-station-a100-user-guide/security.html
[2] https://docs.nvidia.com/dgx/dgxa100-user-guide/using-the-bmc.html
[3] https://docs.nvidia.com/dgx/dgxa100-user-guide/security.html
[4] https://docs.nvidia.com/dgx/dgxa100-user-guide/network-config.html
[5] https://www.robusthpc.com/wp-content/uploads/2021/11/nvidia-dgx-station-a100-system-architecture-white-paper_published.pdf
[6] https://support.brightcomputing.com/manuals/10/admin-manual.pdf
[7] https://ftp.ogma.in/blog/vulnerability-management-for-cve-2023-31033-in-nvidia-dgx-a100-bmc
[8] http://oss.zhidx.com/nvidia/2020/10/5f7fcf61ae943-nvidia-%E5%8F%82%E8%80%83%E6%9E%B6%E6%9E%84.pdf
[9] https://nvidia.custhelp.com/app/answers/detail/a_id/5510/~/security-bulletin:-nvidia-dgx-a100---january-2024
[10] http://cdn.cnetcontent.com/2f/68/2f6888a0-063f-4d76-94e4-8666b7619dfd.pdf