Server management can be simplified

The need to reduce the complexity of IT infrastructure management remains a priority on every IT manager’s agenda. One of the most prominent open standards addressing that need, Intelligent Platform Management Interface (IPMI), has been adopted by more than 150 server technology vendors to provide remote access, monitoring and administration for servers and other hardware assets.

Version 2.0 of the IPMI specification is now supported on many rack-optimized servers and blade computing platforms. Servers with IPMI functionality let network administrators access and monitor server hardware, and diagnose and restore a frozen server to normal operations.

IPMI defines the protocols for interfacing with a service processor embedded into a server platform. This service processor is called a baseboard management controller (BMC) and resides on a server motherboard or on the chassis of a blade server or telecom platform. A BMC links to a main processor and other on-board elements using a simple serial bus.

Service processors monitor on-board instrumentation (such as temperature sensors, CPU status, fan speed and voltages), provide remote power control capabilities to reboot a server, and include remote access to BIOS configuration and operating system console information. Because a BMC is a separate processor, the system works whether a main processor is operational or not.

An administrator accesses a BMC by using an IPMI-compliant management application loaded on a desktop or remotely via Web interface on an out-of-band appliance that includes IPMI management firmware.

During normal operations, IPMI lets a server operating system obtain information about a system’s health and control system hardware. For example, IPMI enables the monitoring of sensors (such as temperature, fan speeds and voltages) for proactive problem detection. If server temperature rises above specified levels, the server operating system can direct the BMC to increase fan speed or reduce processor speed to address the problem.

IPMI also can operate out of band (independent of a production IT network) to let an external agent monitor system health and control hardware status. IPMI messages follow the same format whether they are received through an operating system or are sent and received out of band. Most of the operations involve sending a command to a BMC and receiving a response with the information requested.

Version 2.0 of the IPMI specification supports Serial over LAN to redirect serial console functionality into IPMI over IP. Administrators gain full remote access to text-based system information, and control for BIOS, utilities, operating systems and applications. Before Version 2.0, this access was limited to serial consoles via secure console servers.

IPMI Version 2.0 also offers major security enhancements:

● Enhanced authentication support that provides stronger processes for establishing secure remote sessions and authenticating users.

● Enhanced encryption support that allows for secure remote password configuration and protects sensitive systems data during any transfer through Serial over LAN.

● A firmware firewall, a collection of commands that prevent the execution of predefined activities that could place the system at risk.

Despite these advances, many corporations still do not use IPMI functionality, even when it is included on installed servers with IPMI Version 2.0 BMCs. One key factor that prevents widespread adoption of IPMI is its lack of support for enterprise security protocols.

Most likely, the next major IPMI release will include enterprise security support. Meanwhile, IT executives must choose between developing a separate security system for IPMI or deploying an out-of-band appliance with IPMI management firmware that supports enterprise security architecture. Regardless, IPMI Version 2.0 presents new ways to reduce the cost and complexity of IT infrastructure management.

服務器管理能夠簡化

減少IT基礎設施管理復雜性這個需求，仍是每位IT管理者工作日程上的重點。解決此問題最著名的開放標準之一就是智能平臺管理接口(IPMI)，它已被150多家服務器技術供應商所采用，為服務器和其他硬件資產提供遠程訪問、監視和管理。

在很多機架優化的服務器和刀片式計算平臺上都支持IPMI 2.0版規范。具有IPMI功能的服務器讓網管員訪問和監視服務器硬件，對凍結的服務器進行診斷和恢復正常運轉。

IPMI定義了嵌入在服務器平臺內的服務處理器接口的協議。此服務處理器稱作基板管理控制器(BMC)，駐留在服務器主板上或者刀片服務器或通信平臺的底板上。BMC利用簡單的串行總線與主處理器和板上其他部件相連。

服務處理器監視板上的各種設備的使用情況(如溫度傳感器、CPU狀態、風扇速度和電壓)，提供遠程電源控制功能以重新啟動服務器，以及包括了對BIOS配置和操作系統控制面板信息的遠程訪問。由于BMC是一個單獨的處理器，不管主處理器是否工作，系統總是工作的。

網管員通過使用加載在桌面上符合IPMI規范的管理應用程序、或者通過裝有IPMI管理固件、與外界有聯系的設備上的Web接口遠程訪問BMC。

在正常操作下，IPMI讓服務器的操作系統獲得系統正常工作的信息和控制系統的硬件。例如，IPMI能進行傳感器的監測(如溫度、風扇速度和電壓)，作為問題苗頭檢測。如果服務器溫度超過規定值，服務器的操作系統就能指示BMC提高風扇速度或降低處理器的速度，以應對此問題。

IPMI也能帶外工作(獨立于用于生產的IT網絡)，以便讓外部代理監視系統是否工作正常和控制硬件狀態。IPMI消息遵循同一格式，不管它們是通過操作系統接收到的、還是帶外收發的。大多數的操作涉及到給BMC發送命令和接收對應于請求信息的回應。

IPMI 2.0規范支持“通過局域網的串行”，通過IP使串行控制臺功能重定向到IPMI，網管員獲得全部基于文本的系統信息的遠程訪問，控制BIOS、實用程序、操作系統和應用程序。IPMI 2.0之前，這種訪問局限于通過安全控制臺服務器的串行控制臺。

IPMI 2.0也增強了安全功能：

● 增強認證支持，對建立安全的遠程會話和用戶認證提供了更強大的處理能力。

● 增強加密支持，允許遠程的安全口令配置和通過“局域網上串行”進行傳輸時保護敏感的系統數據。

● 固化的防火墻，一組命令集合，防止執行那些可能置系統于風險之中的預定動作。

盡管有了這些進展，甚至在安裝的服務器中已經包括了IPMI 2.0的BMC，很多公司仍然不用IPMI功能。一個阻礙廣泛采用IPMI的關鍵因素是缺乏對企業安全協議的支持。

下一個IPMI的重要版本非常有可能包括企業安全支持。同時，IT主管們必須在下列兩者之間作選擇: 為IPMI開發獨立的安全系統還是部署擁有支持企業安全架構的IPMI管理固件的帶外設備。但不管怎么說，IPMI 2.0提供了降低IT基礎設施管理成本與復雜性的新方法。