I thought that one too. I considered that the Linksys router was also offering a service(s) to the Internet (the VPN service at minimum); I decided that given a vulnerability in HP iLO and in a Linksys router, HP would be more likely to patch first.
I had to ask myself who do I trust? I considered that my HP ProLiant server is business class equipment that costs thousands of dollars, and a commercial router is consumer grade equipment that costs tens of dollars. My trust would go with HP.
I also considered defense in depth. I trust HP enough to put iLO on the net, so what if I add a consumer firewall as well? It couldn't hurt, right? Wrong. If the router had a new firmware (security patches for example) and being a consumer product, there's a great chance that the router's configuration will be wiped during the upgrade. I've seen it on 3Com and Netgear switches, I have some deployed that I can't upgrade because I would lose remote access to it, and I wouldn't be able to configure it back up. (you can probably tell that I run on a very limited budget)
If we were talking about HP ilO vs a $20,000 firewall with annual maintenance, then I would trust the firewall more. I would also expect upgrades to work flawlessly and not wipe configurations.
How often do you go looking for new firmware for a fleet of heterogeneous linksys/ cisco/ d-link consumer routers? How often do you download a new HP Firmware Maintenance CD that can patch up just about every server in your inventory?
I'm talking a lot about HP because I have thought a lot about that company, their development and I recognize the class of servers they produce. I'm still trying to decide how I feel about VMWare.
I honestly had to decide between RedHat XEN and VMWare ESXi and we had already paid for RedHat. I chose VMWare because VM is what VMWare does. Red Hat does a lot, (base distribution, GFS, Cluster, etc) and Xen is only one portion of what they support. Everything VMWare does (VMFS, vMotion, HA, DR) is solely to support a VM infrastructure. The Deployment of ESXi was extremely simple and straight forward. Configuration was more "what do I want' than "how do I do it". Red Hat XEN involved the installation of RHEL, securing it, then configuring of XEN, features of which weren't even working (maintaining a static host interface name (vifname) to a VM in particular)
I am thankful that I was able to choose ESXi because it was free. I will order for support and maybe someday move this two node, 4 processer deployment into a proper VMWare cluster, but not at the current costs of vSphere Enterprise. ($3K per processor is >> than free !). I might move to to vSphere Essentials Plus (HA/ DR) but it's still missing the incredible vMotion.
If I can trust VMware as I trust HP, then an ESXi Server console should be safe on the Internet. Wouldn't it rock VMware's world to have a vulnerability found in it? I just wish it had a bit more configurability; connections only accepted from certain IP ranges, intrusion detection and the ability to disable root while temporarily locking out other admin accounts on multiple password failures.
Yet, I still see the foolishness in putting the service console out on the net. If hacked, or the password guessed, not only would you lose the ESX server, but also every VM running on the box. Possibly even the entire cluster or the entire network. Well, now I realize the same could be said for HP's iLO. You could shut down the machine, boot up it a recovery mode, reset the root password and the attacker is in.
Thus my decision is to not even get an Internet connection. Instead I'll order a private point-to-point data connection (Frame Relay or MPLS or Hosted VPN or something) and connect the branch over that. I might still order an Internet connection, but it will be connected to a different NIC for only the VM's that need it.
Brian
This would only be used for the iLO/Console connections. All other services (prod firewall/applications/etc) would be hosted as you propose above.