NAME
Conduit BMC Proxy — Secure, multi-tenant BMC proxy for hosting providers. Zero-exposure access to IPMI and Redfish.
SYNOPSIS
conduit [service] [options]
DESCRIPTION
Conduit is a specialized proxy system designed for hosting providers to give customers secure, multi-tenant access to server BMCs (IPMI / Redfish) without exposing management ports to the public internet. It bridges the gap between isolated management networks and public-facing interfaces.
KEY FEATURES
- Zero Public Exposure: No BMC ports are exposed to the internet; all traffic stays within the datacenter.
- Multi-Tenant Isolation: Securely silos access per customer and per server.
- Protocol Support: Full support for IPMI v2.0, Redfish, Serial-over-LAN (SOL), and graphical KVM via VNC.
- NAT-Friendly: Agents use outbound-only connections to the gateway, simplifying firewall configurations.
ARCHITECTURE
The system consists of four primary components:
| COMPONENT | ROLE |
|---|---|
| Manager | Central authority for AuthN/Z, token issuance, and admin dashboard. |
| Gateway | Regional routing point for web consoles and API proxying. |
| Local Agent | Datacenter-local service for discovery and BMC operations via tunnels. |
| CLI | Command-line interface for user automation and scripting. |
EXAMPLES
Start the full development environment:
make dev-full-up
Access the admin dashboard (if configured):
http://localhost:8080/admin
SECURITY
Conduit implements JWT tokens scoped per customer/server and role-based access control. All BMC traffic is proxied through encrypted tunnels, ensuring that sensitive management interfaces remain shielded from external threats.
SEE ALSO
Source Code: https://github.com/alexandrem/conduit-bmc
BUGS
Experimental status. Protocol adapters for non-standard RFB implementations are still in development.
OPTIONS / TECH STACK
- Golang
- IPMI
- Redfish
- Security
- Infrastructure