What is it, and what can it do for you?
08 March 2016 Source:
Intelligent Platform Management Interface - (IPMI) has been around since 1998 when the specification was launched. The standard, initially led by Intel, has since been adopted by virtually all server system vendors including Supermicro, HP, Dell & IBM (Lenovo).
Originally a basic set of management and monitoring tools in the first generation, there have been updates over the years leading to the current latest version 2.0 "revision 1.1 errata 7". These changes have added many enhancements such as additional useful management features, stronger security and even adding remote console access for greater administrative control. This in turn has led to a powerful server monitoring and management solution.
BASEBOARD MANAGEMENT CONTROLLER
IPMI runs on a separate hardware subsystem directly attached to a motherboard/server. Typically on a modern system it will be hard wired on to the motherboard, but add-on cards are also a possible implementation option for some systems. This hardware is referred to as a Baseboard Management Controller (BMC). The BMC manages the interface between system management software (such as Supermicro's IPMI View) and platform hardware.
As it is dedicated independent hardware, the BMC functions separately to the motherboard and runs its own independent software stack/firmware to the motherboard it is controlling and monitoring. This enables the administrator to connect to the BMC and operate the system power controls and sensors even if the main system is powered down, crashed or without any O/S at all.
TYPICAL FEATURES OF AN IPMI BMC
Hardware monitoring: The BMC allows the overall health of the system to be seen. CPU/system temperatures, fan speeds/status, voltages, power consumption, power supply status and chassis intrusion can be monitored remotely. In the event of failures or predefined thresholds being exceeded an event is logged and email notifications can be sent to an administrator for immediate action.
Remote Power Control: Power On, Power Off, Reset & Power Cycle servers remotely. This feature is useful to control power and shut down systems when not in use. In the event of an operating system crash, it's possible to reboot a system and bring it back online. Fan controls are also present to allow different settings dependant on server workload. Additionally, in order to identify a system in a crowded data centre there is a UID LED which can be blinked on the front and back of the system to enable technicians to easily identify specific systems.
Remote Control: Serial over LAN (SOL) enables a basic text output of the screen and remote control for diagnostic and administration of CLI (Command Line Interface) based applications and operating systems. This feature is often used by Linux & UNIX administrators and also by some Windows administrators via the EMS (Emergency Management Services) feature.
In addition to these standard features many system vendors build on this base and create a more complete remote management solution. Supermicro for example support the following on almost all of their X8, X9 X10 and X11 based motherboards.
KVM over IP Support: Using a Java based console it's possible to gain full graphical KVM access to a system over an IP network. This allows access at all times, even before an O/S has booted, giving access to the BIOS or DOS applications. It's even possible to perform installations of Linux and Windows remotely from this console.
Remote Media Redirection: Typically integrated into the KVM over IP support this feature enables the administrator to physically attach USB storage devices to the remote controlled system. This is in the format of a local physical drive such as a USB pen drive attached to the administrators system or an image file of a DVD/CD in ISO format or even a floppy raw disk image. This means that when combined with KVM over IP O/S installs and firmware/BIOS updates are possible remotely without any need for local hands on support.
Out Of Bound (OOB) BIOS & Firmware Updates: BIOS and IPMI firmware updates can be applied remotely via the IPMI interface (an additional license is required for BIOS updates). This can be done, for example, by uploading a locally downloaded BIOS or IPMI update to the IPMI interface and then flashed directly onto the target system from the administrator's terminal. Alternatively, media redirection as described above can allow the use of a local DOS bootable USB flash drive in order to update the BIOS through the KVM console at no extra cost.
Storage/RAID Monitoring: With IPMI, administrators can get an overview of current system storage. This will give information such as capacity, disk status and RAID configurations amongst other hardware information. This is useful as a quick way to see the health and configuration status. Please note that this feature is only available on Supermicro motherboards with an onboard LSI/Avago RAID controller.
IPMI Asset Tracking: Infrastructure asset information can be set, viewed and tracked through IPMI. This allows administrators to easily view part numbers/codes, asset tags, serial numbers and other manufacturing information. At Boston Ltd we enter this information as part of our manufacturing process.
SUPERMICRO IPMI MANAGEMENT TOOLS
IPMI View: For managing systems/groups Supermicro provide a Java tool called IPMI View which runs on a variety of platforms. It enables an administrator to keep track of multiple IPMI sessions and if required perform operations on groups of systems with a few simple clicks.
IPMI View can be downloaded from the following location: ftp://ftp.supermicro.com/utility/IPMIView
Web GUI: Supermicro also provide a web GUI which is available directly on the IP address of the BMC module via a web browser. This interface enables the administrator to take advantage of the full range of functions including KVM over IP and media redirection using a Java applet (HTML5 coming soon) without the requirement to install or load additional software.
OPEN IPMI TOOLS
For CLI (Command Line Interface) control with scripting support, there are several open source clients which can be used to connect to and control IPMI BMC's. The most common example of which is the Open IPMI package; this offers excellent functionality and can be easily scripted.
These tools and user guides are available to download directly from sourceforge here: http://openipmi.sourceforge.net
Supermicro IPMI Tool CLI: Supermicro has extended the functionality of the Open IPMI toolset with their own tool "SMCIPMITool" which allows a user to interface with SuperBlade enclosures and IPMI devices via CLI (Command Line Interface).
This tool is available for download directly from Supermicro's ftp here: ftp://ftp.supermicro.com/utility/SMCIPMItool/
Mobile Apps: For mobile server management and monitoring, Supermicro has developed an app called Supermicro IPMIView for iOS and Android devices. This allows access to common IPMI features such as server information, sensor readings, event logs and health checks amongst others. KVM is also included, making these apps even more powerful.
The iOS app is available from iTunes here.
The Android app is available from the Google Play Store here.
INITIAL IPMI CONFIGURATION
Configuring IPMI is a simple process, the initial setup is simply to configure an IP address (DHCP or static) with which to connect to the BMC. This is done either in the motherboard BIOS under the IPMI > BMC Network Configuration tab or by using the Supermicro IPMICFG tool from your O/S.
The IPMICFG tool can be downloaded from the following location: ftp://ftp.supermicro.com/utility/IPMICFG
The Android app is available from the Google Play Store here.
All these features are delivered remotely over a standard IP network port on the managed system. Most systems have both a dedicated LAN port for IPMI traffic or optionally it's possible to run this traffic over the 1st LAN port on the motherboard (eth0) alongside the systems standard IP traffic.
The default username and password for Supemicro's IPMI module is ADMIN in uppercase, however this should be changed immediately in any production environment to avoid any security breaches. It's possible to use local authentication and groups for varying levels or access or even connect to an LDAP or Active Directory service for authentication. It is also possible to setup up new users and give appropriate privileges ranging from basic access to full admin control. Supermicro also use encryption algorithms to allow all packets transmitted to the BMC to be encrypted.
In order to further enhance security and to ensure your live environment is protected Supermicro have a number of recommendations for the BMC and IPMI configuration to adhere to. The guidelines and best practises can be seen here.
IPMI is an invaluable tool for any administrator, it enables them to monitor systems on a hardware level and perform essential maintenance remotely.
Without it system installation, trouble shooting and monitoring can be a costly time consuming experience. With collocated systems, a system crash/hang that requires a system reboot can in some situations require a trip to a data centre in another city. Simply probing the KVM to determine the fault and if necessary power cycling the node can be done in seconds resulting in much faster response times and ensure longer uptime of essential services.
As all administrators know, if undiscovered, hardware failures can cause slowdown or even the complete halt of critical services. Email notifications of PSU or fan failures and changes in temperature/voltage can ensure that proactive maintenance can take place and avoid costly unscheduled downtime.
Even disregarding system failures, IPMI is a powerful tool for monitoring overall system health, applying firmware, BIOS and OS updates remotely, configuring new systems and using KVM to fully control the pre-OS and OS remotely.
All of these factors make IPMI an excellent tool for reducing your TCO and improving your productivity as an administrator and your company's services as a whole.