Intelligent platform management interface

from Wikipedia, the free encyclopedia

The Intelligent Platform Management Interface ( short IPMI ) is a standardized interface in computer - hardware - and firmware , via the computer at the hardware level remote control can be monitored and managed, even if they are turned off or no operating system is installed. IPMI thus represents a form of realization of Lights Out Management (LOM). IPMI was originally developed by Intel , Hewlett-Packard , NEC and Dell , but as a manufacturer-independent industrial standard with a focus on server systems , but can also be used for central EDP remote maintenance in larger organizations Workstation computers are used.

Due to the extensive control that IPMI grants over a computer equipped with it, adequate protection against unauthorized access is required. Systems that are massively accessible via the Internet with faulty, inadequately secured and outdated implementations of the IPMI interface are a serious security problem.

functionality

Structure of IPMI

The heart of the IPMI is a complex, application-specific integrated circuit , the so-called Baseboard Management Controller (BMC), which connects to the basic hardware components of the server, the required communication interfaces such as the Universal Serial Bus , via the Intelligent Platform Management Bus (IPMB) . a network interface and a number of sensors. As soon as the server is supplied with standby voltage, the BMC starts (comparable to booting ) and carries out a series of basic tests of the server hardware.

Although the server itself is still switched off, from this point in time it can already be basically administered or monitored via a serial connection or a local network .

The functions when switched off include:

  • Control of the operating states (start server, shutdown ...)
  • Reading out and downloading log files
  • The monitoring of basic sensor values ​​such as temperature
  • Transmission of status reports via SNMP

During operation, the server can be administered and monitored even more thoroughly, regardless of whether or not an operating system is installed. Using SOL ( English Serial Over LAN ), among other things, access to the BIOS is also possible. Optionally, the complete content of the monitor as well as mouse and keyboard entries can also be transmitted via KVM switch ( English keyboard, video, mouse ). This means that the administrator can also make very basic settings in the bios of the server or the RAID controller using remote control.

When the computer is operational, functions such as monitoring of sensor values ​​such as voltage, temperature, fan speed or the use of the KVM switch are available regardless of the operating system and computer settings.

Norms and standards

The IPMI specification is available in the following versions:

  • IPMI v1.0 (released September 16, 1998)
  • IPMI v1.5 (released February 27, 2001)
  • IPMI v2.0 (released February 18, 2004)
  • IPMI v2.0 revision 1.1 (introduced on October 1, 2013), additional support for IPv6.
  • IPMI v2.0 revision 1.1 Errata 7 (presented on April 21, 2015), especially more security with the RMCP + and RAKP + protocols.

Successor to Redfish

Since August 2015 there has been an industry standard called Redfish Scalable Platforms Management API (Redfish), which is more scalable than IPMI and is intended to replace IPMI-over-LAN.

Web links

Individual evidence

  1. a b IPMI v1.0 Overview (Intel Developer Forum 1998)
  2. Hundreds of thousands of servers can be attacked via remote maintenance protocols
  3. IPMI v1.5 Intro (Spring '01 Intel Developer Forum)
  4. Introducing the New IPMI v2.0 Specifications (Spring '04 Intel Developer Forum)
  5. IPMI Specification, V2.0, Rev. 1.1
  6. DMTF Helps Enable Multi-Vendor Data Center Management with New Redfish 1.0 Standard . Distributed Management Task Force. 4th August 2015.
  7. Redfish - Simple, Modern and Secure Management for Multi-Vendor Cloud and Web-Based Infrastructures (PDF; 387 kB) Distributed Management Task Force. August 2015.