IPMI V2.0 eases blade management

Server vendors developed the IPMI standard for cross-platform system management. The new release features stronger security and standardized console access.

High-performing, reliable systems used to have one drawback: They were usually built with proprietary components that offered little or no interoperability. Server management relied on proprietary tools that made it difficult for IT to manage multi-vendor server racks and blade servers. A standard was needed to tie things together, and it arrived in the form of the Intelligent Platform Management Interface.

Server vendors developed the IPMI standard for cross-platform system management starting in 1998. The standard defines hardware management interfaces that let IT managers receive status alerts, send instructions to servers, and access various console screens to diagnose and recover from faults over a network. More than 160 vendors adopted IPMI Version 1.5.

The latest revision, IPMI Version 2.0, was announced in February and is backward-compatible. The most notable enhancements over Version 1.5 are stronger security and standardized console access.

At the heart of IPMI is a dedicated chip/controller – sometimes called a service processor or baseboard management controller (BMC), which typically sits on the system motherboard or blade. The IPMI firmware is combined with the BMC to create the basis for a stand-alone platform management subsystem.

This subsystem works regardless of the type or state of processors, BIOS or operating system, allowing for manageability, monitoring and recovery even when the rest of the system is unavailable.

All IPMI functions are accomplished by sending commands to the BMC, using instructions identified in the specification. The BMC receives and logs event messages in the system event log, and maintains a sensor data record that describes the sensors in a system.

A separate area, for the field-replaceable unit, stores information about a system’s hardware components that also can be retrieved – useful for service and support as well as asset systems.

IPMI 2.0’s new serial over LAN (SOL) feature is helpful when remote access to a system is required. SOL redirects the local serial interface over an IPMI session, allowing remote access to Emergency Management Services, the Special Administration Console for Windows, or the Linux serial console. The BMC does this by redirecting information destined for the serial port over the LAN – offering a standard way to remotely view the boot, operating system loader or emergency management consoles, irrespective of vendor, to diagnose and repair problems.

New user logon and security configuration options let configuration of IPMI security and performance match specific needs. These LAN session enhancements combined with new payload capabilities enable multiple types of management traffic (such as IPMI and SOL – encrypted or unencrypted) over a single LAN session.

Enhancements to IPMI authentication (Secure Hash Algorithm 1- and Keyed-Hashing for Message Authentication-based) and encryption (Advance Encryption Standard and Arcfour) help secure remote operations. Virtual LAN support facilitates setting up management-only networks and can be configured on a per-channel basis.

Hardware vendors can implement IPMI 2.0 using more-flexible design choices. Modular extensions provide enhanced blade replacement, and a firmware firewall supports partitioning and protection of management between blades in modular system implementations.

Rokov is director of marketing for OSA Technologies. He can be reached at steve.rokov@osatechnologies.com.