IPMI V2.0 simplifies server management

The need to reduce the complexity of IT infrastructure management remains a priority on every IT manager's agenda. One of the most prominent open standards addressing that need, Intelligent Platform Management Interface, has been adopted by more than 150 server technology vendors to provide remote access, monitoring and administration for servers and other hardware assets.

Version 2.0 of the IPMI specification is now supported on many rack-optimized servers and blade computing platforms. Servers with IPMI functionality let network administrators access and monitor server hardware, and diagnose and restore a frozen server to normal operations.

IPMI defines the protocols for interfacing with a service processor embedded into a server platform. This service processor is called a baseboard management controller (BMC) and resides on a server motherboard or on the chassis of a blade server or telecom platform. A BMC links to a main processor and other on-board elements using a simple serial bus.

Service processors monitor on-board instrumentation (such as temperature sensors, CPU status, fan speed and voltages), provide remote power control capabilities to reboot a server, and include remote access to BIOS configuration and operating system console information. Because a BMC is a separate processor, the system works whether a main processor is operational or not.

An administrator accesses a BMC by using an IPMI-compliant management application loaded on a desktop or remotely via Web interface on an out-of-band appliance that includes IPMI management firmware.

During normal operations, IPMI lets a server operating system obtain information about a system's health and control system hardware. For example, IPMI enables the monitoring of sensors (such as temperature, fan speeds and voltages) for proactive problem detection. If server temperature rises above specified levels, the server operating system can direct the BMC to increase fan speed or reduce processor speed to address the problem.

IPMI also can operate out of band (independent of a production IT network) to let an external agent monitor system health and control hardware status. IPMI messages follow the same format whether they are received through an operating system or are sent and received out of band. Most of the operations involve sending a command to a BMC and receiving a response with the information requested.

Version 2.0 of the IPMI specification supports Serial over LAN to redirect serial console functionality into IPMI over IP. Administrators gain full remote access to text-based system information, and control for BIOS, utilities, operating systems and applications. Before Version 2.0, this access was limited to serial consoles via secure console servers.

IPMI Version 2.0 also offers major security enhancements:

• Enhanced authentication support that provides stronger processes for establishing secure remote sessions and authenticating users.
• Enhanced encryption support that allows for secure remote password configuration and protects sensitive systems data during any transfer through Serial over LAN.
• A firmware firewall, a collection of commands that prevent the execution of predefined activities that could place the system at risk.

Despite these advances, many corporations still do not use IPMI functionality, even when it is included on installed servers with IPMI Version 2.0 BMCs. One key factor that prevents widespread adoption of IPMI is its lack of support for enterprise security protocols.