IPMI 2.0 Improves Security, Remote Management

April 12, 2004
An enhanced version of the Intelligent Platform Management Interface, IPMI 2.0, provides a more secure environment for the embedded manageability of servers, server blades, network storage, network systems, and telecommunications equipment....

An enhanced version of the Intelligent Platform Management Interface, IPMI 2.0, provides a more secure environment for the embedded manageability of servers, server blades, network storage, network systems, and telecommunications equipment.

Version 2.0 delivers enhanced security above the features that are incorporated in version 1.5. For example, console redirection supports both remote viewing of the boot process and emergency management consoles. The specification also enhances support for modular systems such as blade computer cards. Of course, it's backward-compatible with IPMI 1.5 systems.

The enhanced security is achieved by incorporating new authentication procedures based on the SHA-1 algorithm and encryption based on the AES standard. These enhancements reduce operational risk by securing the remote operations. Sensitive functions such as password configuration then can be completed without the fear that the new passwords will be intercepted.

The console redirection capability provides a standard way of remotely viewing server consoles, irrespective of vendor type, to diagnose and repair server related issues. This will reduce the number of midnight or weekend runs to the computer center to troubleshoot balky systems.

Improved support for modular systems enables the hardware to report the status of the blades during hot-swap operations or provide redundancy switchover by monitoring the secondary IPMI bus. This is very helpful in Advanced Telecom Computing Architecture (ATCA) products.

Local-area-network (LAN) sessions use a command set called the cipher suite discovery. These commands are used to determine which authentication, integrity, and confidentiality algorithm Cipher Suite(s) can be used to establish the connection to IPMI v1.5 or v2.0 systems.

Multiple types of payloads also can be carried over a single IPMI session. Or, payloads can be launched to a dedicated session. New packet formats are available in v2.0, like enhanced authentication and encryption, virtual-LAN addressing, and multiple payload types. The payload packets can carry secure and nonsecure traffic.

For more information, go to http://developer.intel.com/design/servers/ipmi/spec.htm.

About the Author

Dave Bursky | Technologist

Dave Bursky, the founder of New Ideas in Communications, a publication website featuring the blog column Chipnastics – the Art and Science of Chip Design. He is also president of PRN Engineering, a technical writing and market consulting company. Prior to these organizations, he spent about a dozen years as a contributing editor to Chip Design magazine. Concurrent with Chip Design, he was also the technical editorial manager at Maxim Integrated Products, and prior to Maxim, Dave spent over 35 years working as an engineer for the U.S. Army Electronics Command and an editor with Electronic Design Magazine.

Sponsored Recommendations

Comments

To join the conversation, and become an exclusive member of Electronic Design, create an account today!