Posted on by staff

IPMI Intelligent Platform Management Interface

What is IPMI ?

IPMI (  Intelligent Platform Management Interface )  is a hardware level interface specification that is ‘management software neutral’ providing monitoring and control functions that can be exposed through standard management software interfaces such as DMI, WMI, CIM, SNMP, etc. As a hardware level interface, it sits at the bottom of a typical management software stack.

IPMI is best used in conjunction with system management software running under the operating system. This provides an enhanced level of manageability by providing in-band access to the IPMI management information and integrating IPMI with the additional management functions provided by management applications and the OS. System management software and the OS can provide a more sophisticated control, error handling and alerting, than can be directly provided by the platform management subsystem.

Enhanced Authentication

Extensions to the protocols for IPMI over IP, collectively referred to as “RMCP+”, support new algorithms that provide more robust key exchange process for establishing sessions and authenticating users. These steps more closely align with those used for the DMTF ASF 2.0 specification (see [ASF2.0]), making it simpler to create applications that can connect to both ASF and IPMI-based system.

VLAN Support

Configuration options have been added to support IEEE 802.1q VLAN (virtual LAN) headers for IPMI over IP sessions on IEEE 802.3 Ethernet. VLAN works with VLAN-aware routers and switches to allow a physical network to be partitioned into ‘virtual’ networks where a group of devices on different physical LAN segments which can communicate with each other as if they were all on the same physical LAN segment. This can be used to isolate classes of network membership at the Ethernet Packet level rather than at the IP level, as might be done with a router. This can be used to set up a ‘management VLAN’ where only devices that are members of that VLAN will receive packets related to management, and, conversely, will be isolated from the need to process network traffic for other VLANs.

Serial Over LAN (SOL)

Serial Over LAN provides a mechanism that enables the serial controller of a managed system to be redirected over an IPMI session over IP. This enables remote console applications to provide access to text-based interfaces for BIOS, utilities, operating systems, and applications while simultaneously providing access to IPMI platform management functions. SOL is implemented as a payload type under the new payload capability in RMCP+.

Payloads

RMCP+ adds the ability to enable IPMI over IP sessions to other types of traffic in addition to IPMI messages. This includes both standard payload types defined in the IPMI specification (such as SOL), and OEM ‘value-added’ payload types.

Encryption Support

IPMI messages and other payloads carried over RMCP+ can be encrypted. This enables confidential remote configuration of parameters such as user passwords and transfer of sensitive payload data over SOL.

Extended User Login Options

New options support “Role Only” logins for simple environments where it is desirable to just enable logins according to a given privilege level, without the need to assign or configure usernames. Support for “two-key” logins enables a BMC to be configured for a very robust environment, where both a user-specific and BMC-specific key are required to connect to a given BMC.

Firmware Firewall

Firmware Firewall is the name for a collection of commands that enable a BMC implementation to restrict the ability to execute certain commands or functions from a given interface. This can be used to protect against operations that errant or malicious software may use to affect the managed system or other systems. For example, this enables a BMC to block the ability for local software to send a Chassis Control command to reset another blade in a modular server implementation where BMCs on individual blades share a common management bus across the blade backplane. Firmware Firewall includes a set of commands that enable software to discover which commands and functions are present and enabled on a given management controller. These commands can be used by themselves to provide a more efficient way for software and conformance tests to discover which features are available.

SMBus System Interface (SSIF)

The SMBus System Interface (SSIF) is a new, low pin-count, option for the hardware interface that provides local access to the BMC via a connection to the system’s SMBus host controller. SSIF helps support lower-cost BMC implementations by enabling an interface that can be used on low-cost microcontrollers in low pin-count packages.

IPMI Hardware Components

IPMI provides very few specifications for the actual hardware components used to implement the platform management hardware. IPMI seeks to ‘standardize the interface, not the implementation’. IPMI was designed so that it can be implemented with ‘off-the-shelf’ components. Thus, IPMI does not require specific microcontrollers to be used for management controllers, nor special ASICs or proprietary logic devices. As long as the interface, timing and (in the case of IPMB and ICMB) electrical specifications are met, the choice of components is up to the implementer. It is mandatory to implement a system interface that is compatible with one of the three specified system interfaces.

Source from https://www.intel.com/content/www/us/en/servers/ipmi/ipmi-intelligent-platform-mgt-interface-spec-2nd-gen-v2-0-spec-update.html