In my personal use, my OOB simply sit on a segmented VLAN that does not share any routing overlay or address space with my DC. It’s on a seperate VLAN to mitigate STP, DHCP overlap etc.
The use of OOB and iDRAC is to remotely administer your server/hypervisor should there be a problem (and sometimes also serves to help patch and firmware update kit). It doesn’t need to necessarily be internet facing, and I would discourage publicly exposing SSH to your hypervisor wherever possible.
In corporate environments, there are other methods to connect to the iDRAC (assuming all network isn’t down). You could use a VPN to connect to the corporate network, a jump box (via Azure Virtual Desktop or AWS Workspace) to name a few I’ve used.
In my personal use, my OOB simply sit on a segmented VLAN that does not share any routing overlay or address space with my DC. It’s on a seperate VLAN to mitigate STP, DHCP overlap etc.
The use of OOB and iDRAC is to remotely administer your server/hypervisor should there be a problem (and sometimes also serves to help patch and firmware update kit). It doesn’t need to necessarily be internet facing, and I would discourage publicly exposing SSH to your hypervisor wherever possible.
In corporate environments, there are other methods to connect to the iDRAC (assuming all network isn’t down). You could use a VPN to connect to the corporate network, a jump box (via Azure Virtual Desktop or AWS Workspace) to name a few I’ve used.
https://docs.extrahop.com/9.4/configure-i-drac/
https://1gbits.com/blog/understanding-idrac-port/