Server management can be simplified

The need to reduce the complexity of IT infrastructure management remains a priority on every IT manager’s agenda. One of the most prominent open standards addressing that need, Intelligent Platform Management Interface (IPMI), has been adopted by more than 150 server technology vendors to provide remote access, monitoring and administration for servers and other hardware assets.

Version 2.0 of the IPMI specification is now supported on many rack-optimized servers and blade computing platforms. Servers with IPMI functionality let network administrators access and monitor server hardware, and diagnose and restore a frozen server to normal operations.

IPMI defines the protocols for interfacing with a service processor embedded into a server platform. This service processor is called a baseboard management controller (BMC) and resides on a server motherboard or on the chassis of a blade server or telecom platform. A BMC links to a main processor and other on-board elements using a simple serial bus.

Service processors monitor on-board instrumentation (such as temperature sensors, CPU status, fan speed and voltages), provide remote power control capabilities to reboot a server, and include remote access to BIOS configuration and operating system console information. Because a BMC is a separate processor, the system works whether a main processor is operational or not.

An administrator accesses a BMC by using an IPMI-compliant management application loaded on a desktop or remotely via Web interface on an out-of-band appliance that includes IPMI management firmware.

During normal operations, IPMI lets a server operating system obtain information about a system’s health and control system hardware. For example, IPMI enables the monitoring of sensors (such as temperature, fan speeds and voltages) for proactive problem detection. If server temperature rises above specified levels, the server operating system can direct the BMC to increase fan speed or reduce processor speed to address the problem.

IPMI also can operate out of band (independent of a production IT network) to let an external agent monitor system health and control hardware status. IPMI messages follow the same format whether they are received through an operating system or are sent and received out of band. Most of the operations involve sending a command to a BMC and receiving a response with the information requested.

Version 2.0 of the IPMI specification supports Serial over LAN to redirect serial console functionality into IPMI over IP. Administrators gain full remote access to text-based system information, and control for BIOS, utilities, operating systems and applications. Before Version 2.0, this access was limited to serial consoles via secure console servers.

IPMI Version 2.0 also offers major security enhancements:

● Enhanced authentication support that provides stronger processes for establishing secure remote sessions and authenticating users.

● Enhanced encryption support that allows for secure remote password configuration and protects sensitive systems data during any transfer through Serial over LAN.

● A firmware firewall, a collection of commands that prevent the execution of predefined activities that could place the system at risk.

Despite these advances, many corporations still do not use IPMI functionality, even when it is included on installed servers with IPMI Version 2.0 BMCs. One key factor that prevents widespread adoption of IPMI is its lack of support for enterprise security protocols.

Most likely, the next major IPMI release will include enterprise security support. Meanwhile, IT executives must choose between developing a separate security system for IPMI or deploying an out-of-band appliance with IPMI management firmware that supports enterprise security architecture. Regardless, IPMI Version 2.0 presents new ways to reduce the cost and complexity of IT infrastructure management.

服務(wù)器管理能夠簡(jiǎn)化

減少I(mǎi)T基礎(chǔ)設(shè)施管理復(fù)雜性這個(gè)需求，仍是每位IT管理者工作日程上的重點(diǎn)。解決此問(wèn)題最著名的開(kāi)放標(biāo)準(zhǔn)之一就是智能平臺(tái)管理接口(IPMI)，它已被150多家服務(wù)器技術(shù)供應(yīng)商所采用，為服務(wù)器和其他硬件資產(chǎn)提供遠(yuǎn)程訪問(wèn)、監(jiān)視和管理。

在很多機(jī)架優(yōu)化的服務(wù)器和刀片式計(jì)算平臺(tái)上都支持IPMI 2.0版規(guī)范。具有IPMI功能的服務(wù)器讓網(wǎng)管員訪問(wèn)和監(jiān)視服務(wù)器硬件，對(duì)凍結(jié)的服務(wù)器進(jìn)行診斷和恢復(fù)正常運(yùn)轉(zhuǎn)。

IPMI定義了嵌入在服務(wù)器平臺(tái)內(nèi)的服務(wù)處理器接口的協(xié)議。此服務(wù)處理器稱(chēng)作基板管理控制器(BMC)，駐留在服務(wù)器主板上或者刀片服務(wù)器或通信平臺(tái)的底板上。BMC利用簡(jiǎn)單的串行總線與主處理器和板上其他部件相連。

服務(wù)處理器監(jiān)視板上的各種設(shè)備的使用情況(如溫度傳感器、CPU狀態(tài)、風(fēng)扇速度和電壓)，提供遠(yuǎn)程電源控制功能以重新啟動(dòng)服務(wù)器，以及包括了對(duì)BIOS配置和操作系統(tǒng)控制面板信息的遠(yuǎn)程訪問(wèn)。由于BMC是一個(gè)單獨(dú)的處理器，不管主處理器是否工作，系統(tǒng)總是工作的。

網(wǎng)管員通過(guò)使用加載在桌面上符合IPMI規(guī)范的管理應(yīng)用程序、或者通過(guò)裝有IPMI管理固件、與外界有聯(lián)系的設(shè)備上的Web接口遠(yuǎn)程訪問(wèn)BMC。

在正常操作下，IPMI讓服務(wù)器的操作系統(tǒng)獲得系統(tǒng)正常工作的信息和控制系統(tǒng)的硬件。例如，IPMI能進(jìn)行傳感器的監(jiān)測(cè)(如溫度、風(fēng)扇速度和電壓)，作為問(wèn)題苗頭檢測(cè)。如果服務(wù)器溫度超過(guò)規(guī)定值，服務(wù)器的操作系統(tǒng)就能指示BMC提高風(fēng)扇速度或降低處理器的速度，以應(yīng)對(duì)此問(wèn)題。

IPMI也能帶外工作(獨(dú)立于用于生產(chǎn)的IT網(wǎng)絡(luò))，以便讓外部代理監(jiān)視系統(tǒng)是否工作正常和控制硬件狀態(tài)。IPMI消息遵循同一格式，不管它們是通過(guò)操作系統(tǒng)接收到的、還是帶外收發(fā)的。大多數(shù)的操作涉及到給BMC發(fā)送命令和接收對(duì)應(yīng)于請(qǐng)求信息的回應(yīng)。

IPMI 2.0規(guī)范支持“通過(guò)局域網(wǎng)的串行”，通過(guò)IP使串行控制臺(tái)功能重定向到IPMI，網(wǎng)管員獲得全部基于文本的系統(tǒng)信息的遠(yuǎn)程訪問(wèn)，控制BIOS、實(shí)用程序、操作系統(tǒng)和應(yīng)用程序。IPMI 2.0之前，這種訪問(wèn)局限于通過(guò)安全控制臺(tái)服務(wù)器的串行控制臺(tái)。

IPMI 2.0也增強(qiáng)了安全功能：

● 增強(qiáng)認(rèn)證支持，對(duì)建立安全的遠(yuǎn)程會(huì)話和用戶認(rèn)證提供了更強(qiáng)大的處理能力。

● 增強(qiáng)加密支持，允許遠(yuǎn)程的安全口令配置和通過(guò)“局域網(wǎng)上串行”進(jìn)行傳輸時(shí)保護(hù)敏感的系統(tǒng)數(shù)據(jù)。

● 固化的防火墻，一組命令集合，防止執(zhí)行那些可能置系統(tǒng)于風(fēng)險(xiǎn)之中的預(yù)定動(dòng)作。

盡管有了這些進(jìn)展，甚至在安裝的服務(wù)器中已經(jīng)包括了IPMI 2.0的BMC，很多公司仍然不用IPMI功能。一個(gè)阻礙廣泛采用IPMI的關(guān)鍵因素是缺乏對(duì)企業(yè)安全協(xié)議的支持。

下一個(gè)IPMI的重要版本非常有可能包括企業(yè)安全支持。同時(shí)，IT主管們必須在下列兩者之間作選擇: 為IPMI開(kāi)發(fā)獨(dú)立的安全系統(tǒng)還是部署擁有支持企業(yè)安全架構(gòu)的IPMI管理固件的帶外設(shè)備。但不管怎么說(shuō)，IPMI 2.0提供了降低IT基礎(chǔ)設(shè)施管理成本與復(fù)雜性的新方法。