Server management can be simplified
The need to reduce the complexity of IT infrastructure management remains a priority on every IT manager’s agenda. One of the most prominent open standards addressing that need, Intelligent Platform Management Interface (IPMI), has been adopted by more than 150 server technology vendors to provide remote access, monitoring and administration for servers and other hardware assets.
Version 2.0 of the IPMI specification is now supported on many rack-optimized servers and blade computing platforms. Servers with IPMI functionality let network administrators access and monitor server hardware, and diagnose and restore a frozen server to normal operations.
IPMI defines the protocols for interfacing with a service processor embedded into a server platform. This service processor is called a baseboard management controller (BMC) and resides on a server motherboard or on the chassis of a blade server or telecom platform. A BMC links to a main processor and other on-board elements using a simple serial bus.
Service processors monitor on-board instrumentation (such as temperature sensors, CPU status, fan speed and voltages), provide remote power control capabilities to reboot a server, and include remote access to BIOS configuration and operating system console information. Because a BMC is a separate processor, the system works whether a main processor is operational or not.
An administrator accesses a BMC by using an IPMI-compliant management application loaded on a desktop or remotely via Web interface on an out-of-band appliance that includes IPMI management firmware.
During normal operations, IPMI lets a server operating system obtain information about a system’s health and control system hardware. For example, IPMI enables the monitoring of sensors (such as temperature, fan speeds and voltages) for proactive problem detection. If server temperature rises above specified levels, the server operating system can direct the BMC to increase fan speed or reduce processor speed to address the problem.
IPMI also can operate out of band (independent of a production IT network) to let an external agent monitor system health and control hardware status. IPMI messages follow the same format whether they are received through an operating system or are sent and received out of band. Most of the operations involve sending a command to a BMC and receiving a response with the information requested.
Version 2.0 of the IPMI specification supports Serial over LAN to redirect serial console functionality into IPMI over IP. Administrators gain full remote access to text-based system information, and control for BIOS, utilities, operating systems and applications. Before Version 2.0, this access was limited to serial consoles via secure console servers.
IPMI Version 2.0 also offers major security enhancements:
● Enhanced authentication support that provides stronger processes for establishing secure remote sessions and authenticating users.
● Enhanced encryption support that allows for secure remote password configuration and protects sensitive systems data during any transfer through Serial over LAN.
● A firmware firewall, a collection of commands that prevent the execution of predefined activities that could place the system at risk.
Despite these advances, many corporations still do not use IPMI functionality, even when it is included on installed servers with IPMI Version 2.0 BMCs. One key factor that prevents widespread adoption of IPMI is its lack of support for enterprise security protocols.
Most likely, the next major IPMI release will include enterprise security support. Meanwhile, IT executives must choose between developing a separate security system for IPMI or deploying an out-of-band appliance with IPMI management firmware that supports enterprise security architecture. Regardless, IPMI Version 2.0 presents new ways to reduce the cost and complexity of IT infrastructure management.
服务器管理能够简化
减少IT基础设施管理复杂性这个需求,仍是每位IT管理者工作日程上的重点。解决此问题最著名的开放标准之一就是智能平台管理接口(IPMI),它已被150多家服务器技术供应商所采用,为服务器和其他硬件资产提供远程访问、监视和管理。
在很多机架优化的服务器和刀片式计算平台上都支持IPMI 2.0版规范。具有IPMI功能的服务器让网管员访问和监视服务器硬件,对冻结的服务器进行诊断和恢复正常运转。
IPMI定义了嵌入在服务器平台内的服务处理器接口的协议。此服务处理器称作基板管理控制器(BMC),驻留在服务器主板上或者刀片服务器或通信平台的底板上。BMC利用简单的串行总线与主处理器和板上其他部件相连。
服务处理器监视板上的各种设备的使用情况(如温度传感器、CPU状态、风扇速度和电压),提供远程电源控制功能以重新启动服务器,以及包括了对BIOS配置和操作系统控制面板信息的远程访问。由于BMC是一个单独的处理器,不管主处理器是否工作,系统总是工作的。
网管员通过使用加载在桌面上符合IPMI规范的管理应用程序、或者通过装有IPMI管理固件、与外界有联系的设备上的Web接口远程访问BMC。
在正常操作下,IPMI让服务器的操作系统获得系统正常工作的信息和控制系统的硬件。例如,IPMI能进行传感器的监测(如温度、风扇速度和电压),作为问题苗头检测。如果服务器温度超过规定值,服务器的操作系统就能指示BMC提高风扇速度或降低处理器的速度,以应对此问题。
IPMI也能带外工作(独立于用于生产的IT网络),以便让外部代理监视系统是否工作正常和控制硬件状态。IPMI消息遵循同一格式,不管它们是通过操作系统接收到的、还是带外收发的。大多数的操作涉及到给BMC发送命令和接收对应于请求信息的回应。
IPMI 2.0规范支持“通过局域网的串行”,通过IP使串行控制台功能重定向到IPMI,网管员获得全部基于文本的系统信息的远程访问,控制BIOS、实用程序、操作系统和应用程序。IPMI 2.0之前,这种访问局限于通过安全控制台服务器的串行控制台。
IPMI 2.0也增强了安全功能:
● 增强认证支持,对建立安全的远程会话和用户认证提供了更强大的处理能力。
● 增强加密支持,允许远程的安全口令配置和通过“局域网上串行”进行传输时保护敏感的系统数据。
● 固化的防火墙,一组命令集合,防止执行那些可能置系统于风险之中的预定动作。
尽管有了这些进展,甚至在安装的服务器中已经包括了IPMI 2.0的BMC,很多公司仍然不用IPMI功能。一个阻碍广泛采用IPMI的关键因素是缺乏对企业安全协议的支持。
下一个IPMI的重要版本非常有可能包括企业安全支持。同时,IT主管们必须在下列两者之间作选择: 为IPMI开发独立的安全系统还是部署拥有支持企业安全架构的IPMI管理固件的带外设备。但不管怎么说,IPMI 2.0提供了降低IT基础设施管理成本与复杂性的新方法。