IPMI 2.0 Enhances Security Standard

The latest version of the system management standard adds authentication and SOL capabilities, as well as modular system support.

The Intelligent Platform Management Interface specification provides industry-standard guidelines for implementing a system monitoring and alerting subsystem that works across server platforms regardless of the platform vendor.

The IPMI standard was developed in the late 1990s as a cooperative venture of Intel Corp. and server vendors Hewlett-Packard Co., NEC Corp. and Dell Inc. IPMI enables IT managers to perform system management tasks such as checking system alerts and hardware component health, sending power commands, and accessing remote consoles over the network.

IPMI lets x86 shops manage multivendor server systems without adhering to vendor-specific management software. It provides low-cost out-of-band management capabilities that are ideal for entry-level or midrange servers and blades.

The BMC (Baseboard Management Controller), a specialized chip embedded on the system motherboard that runs system management tasks, is the core of IPMI.

When combined with the latest IPMI firmware, the BMC provides a complete stand-alone system management subsystem. The BMC collects system data such as device temperature, fan speeds, voltage fluctuations, power failures and chassis intrusions. It also logs events and can send out alerts via the LAN.

The controller operates on standby power and runs independently of the server hardware or operating system and provides out-of-band and offline management capabilities.

/zimages/3/28571.gifClick here to read about new security features in HPs ProCurve routers.

The number of industry adopters of IPMI has grown from a small number of supporters at the initial version of the standard to more than 170 industry adopters today.

IPMI 2.0 was ratified in April. It contains significant enhancements over its predecessor, IPMI 1.5. IPMI 2.0 is backward-compatible with older versions and includes important new features and security enhancements.

To address some security concerns, for example, IPMI Version 2.0 incorporates authentication based on SHA-1 (Secure Hash Algorithm-1) and supports AES (Advanced Encryption Standard). These enhancements will help secure remote management sessions and reduce the risk of system compromise.

The addition of SOL (Serial over LAN) capabilities redirects the serial interface over the IPMI session, allowing administrators to remotely access applications that normally run in serial consoles for system diagnostics.

Modular system support is another big improvement that brings IPMI into the blade server space. The ability to report blade status during hot-swap operations or to enable hardware redundancy via failover is invaluable in blade systems.

/zimages/3/28571.gifTo read the latest on HP & Fujitsu blade servers, click here.

IPMI is still being improved, and new capabilities such as directory-based authentication, persistent connections and Web services integration are under consideration for the next version of the standard, slated for possible release later this year.

/zimages/3/28571.gifCheck out eWEEK.coms for the latest news, views and analysis on servers, switches and networking protocols for the enterprise and small businesses.