What Is IPMI And Why You Should Care

IPMI

A term you’ll hear thrown about on occasion when discussing setting up a server is IPMI. You get the feeling it’s something important you need to have, but the specifics are a little harder to grasp. What is IMPI and when would you use it?

An overview of IPMI

The official definition of IPMI (short for Intelligent Platform Management Interface) is a set of standardized specifications for hardware-based platform management systems making it possible to control and monitor servers centrally. The simpler definition is that IMPI is a security guard for your server.

Some primary functions of IMPI are to monitor hardware status (including temperatures, power consumption, voltage, etc.), log server data, and allow access to the server even when an operating system is not installed or is malfunctioning. It’s obviously quite handy for anyone concerned about the status of their servers and the information contained within.

What is IPMI and what are its key benefits?

IPMI is a hardware solution for controlling and managing your servers. It has significant differences and benefits compared to system diagnosis software. For example, IPMI gives you the ability to manage servers in remote physical locations regardless of the installed operating system. This is because IPMI is an industry standard, developed by Intel in cooperation with Dell, Hewlett Packard, and NEC.

IPMI key benefits:

  • It constantly monitors server health and issues advance warnings of possible system failures.
  • IPMI acts independently of the server and is always accessible.
  • Configuration changes are simple.
  • Enables user to access and make BIOS changes without SSH login or operating system access.
  • Server recovery is possible even if it’s switched off.
  • IMPI is a universal standard supported by the vast majority of hardware vendors.

Main IPMI features and components

By design, IPMI strives for a software-neutral approach while functioning independently from a server’s BIOS, CPU, and operating system. This may seem like some form of high magic, but the secret sauce behind IPMI’s success and versatility is its ability to execute the following four features effectively:

  • Monitor and supervise servers
  • Recover and restart servers
  • Log server states
  • List all server inventory

However, none of this would be possible without the following key components:

  • Baseboard Management Controller (BMC) – A micro-controller that’s a central and essential component of any IPMI.
  • Intelligent Chassis Management Bus (ICMB) – An interface that allows communication from one chassis to another.
  • Intelligent Platform Management Bus (IPMB) – Extends the BMC with management controllers while complying with IPMB communications protocol.
  • IPMI Memory – The IPMI’s Sensor Data Record, System Event Log, Field Replaceable Units, and Repository store data.
  • Communications Interfaces – These consist of local system interfaces, serial interface, LAN interface, ICMB and PCI Management Bus.

Differences Between IPMI v1.5 & v2.0 Specifications

The IPMI specification has undergone several updates since version 1.0 with various important additions made for v1.5 and v2.0 that we’ve listed here:

IPMI v1.5

  • Boot Options
  • Alert Policies
  • Serial Port Sharing
  • Serial Messaging and Alerting
  • LAN Messaging and Alerting
  • Platform Event Filtering (PEF)
  • Extended BMC Messaging in Channel Mode
  • Additional Sensor and Event Types

IPMI v2.0

  • Firmware Firewall
  • SMBus System Interface
  • Serial Over LAN
  • VLAN Support
  • Encryption Support
  • Extended User Login Options
  • Enhanced Authentication
  • Standardized and OEM-specific Payload Types

How IPMI Is Accessed Through Your Core Client Portal

Accessing your IPMI manager is a relatively simple process, but we recommend IPMI v2.0 since it has more defined protocols maximizing administrative control of your servers. Once you connect to the IPMI manager via LAN or the internet, the manager utilizes IPMI over IP to connect with the BMC on the server motherboard. Then, the BMC uses the system bus to connect with the BIOS, CPU, OS, power supply, and sensors allowing the administration of CPU speeds, fan speeds, voltages, temperatures, event log, and rebooting of the server.

Zenlayer implementation

IPMI is such a good idea with such a simple execution that nearly every server comes equipped with it these days. However, not all server providers offer the same access. Unlike most bare metal server providers, Zenlayer Bare Metal Cloud gives you access to the IPMI of each server you use. You have complete control and can check on your servers at any time.

Because IPMI IP addresses are a popular target for hackers, all IPMI traffic is run exclusively through Zenlayer’s internal network. There’s no need to make a choice between access and security – you can have both with Zenlayer (and 24/7 support too).

Final Thoughts

System administrators no longer need to stress about the status of their server hardware with an IPMI in place. Moreover, it makes sense for companies to invest in IPMIs as this reduces the need for onsite staff in their server rooms, resulting in reduced overhead costs.

Zenlayer’s dedicated bare metal servers come with IPMI and a whole lot more. Spin up a server in just 10 minutes.

3 Comments

  1. Christian A Buerger on July 17, 2018 at 9:10 AM

    What are your thoughts on DMTF RedFish vis a vie IPMI?

    • Jay on November 10, 2018 at 9:40 AM

      Redfish as yet is not ubiquitous, and where implemented, it’s currently usually flaky and slow.

      One challenge is that the specification in several places is intentionally open ended, making it difficult to write commands in a way that will work across multiple vendors.

      On the flip side, redfish does allow for representing more sorts of data, for example complex information about adapter firmware.

      Security is a mixed bag. Ipmi uses a shared secret for security, which means it isn’t vulnerable to cert spoofing/sniffing or quantum attacks. On the flip side, ipmi cannot be used with ldap and worse the server sends challenge first, so there’s no protection for offline crack attacks and ipmi passwords must be impossibly human hostile to be safe enough for ipmi.

  2. Chris on September 25, 2018 at 6:28 AM

    Hello, thanks for your article, what are the issues with security allowing external access to the server through IPMI ?

Leave a Comment