IPMI Remote Management

 

Remote Server Management is an important technology for network administrators. In remote server management, a typical solution is software management based on the server operating system, however, this method has a fatal defect because it relies too much on the operating system. Once a system problem occurs, it will be powerless and affect the daily operation of the server. What we want to introduce today is a remote management method that does not depend on the operating system-based on the Smart platform management interface (IPMI. IPMI defines how administrators monitor system hardware and sensors, control system components, and retrieve logs of important system events for remote management and recovery. In this way, you do not need to worry about the status of the operating system. Even if the system crashes, you can easily obtain the machine status, important system logs, and other information. You can also control the system restart and shutdown, very practical. Next, let's take a look at the use of IPMI.

　　Understanding IPMI

To use IPMI, let's first get to know this magic thing.

IPMI is the abbreviation of intelligent platform management interface (Intelligent platform management interface). It is an industrial standard used to manage peripheral devices in Enterprise Systems Based on Intel structures, the standards are determined by companies such as Intel, HP, NEC, Dell, and supermicro. You can use IPMI to monitor the physical health characteristics of servers, such as temperature, voltage, fan operating status, and Power status. More importantly, IPMI is an open and free standard. You do not have to pay additional fees for using this standard.

Dell Drac 5 Remote Control Card

Since 1998, the IPMI forum created the IPMI standard dependency, which has been supported by more than 170 vendors, this gradually makes it a complete hardware management specification that includes servers and other systems (such as storage devices, networks and communication devices). Currently, the latest version of this standard is IPMI 2.0, this version has made many improvements based on the original version, including remote Environment Management Server systems (including remote switches and switches) such as serial port, modem, and LAN ), as well as improvements in security, VLAN and blade support.

IPMI provides intelligent management for a large number of Monitoring, Control, and automatic server reply tasks. This standard applies to different server topologies, as well as windows, Linux, Solaris, Mac, or hybrid operating systems. In addition, because IPMI can operate under different attribute values, IPMI can still work even if the server itself is not operating normally or cannot provide services for any reason.

 

 

How IPMI works

The core of IPMI is a dedicated chip/controller (called server processor or substrate management controller (BMC), which does not depend on the server's processor, bios, or operating system, it can be said to be very independent. It is a non-agent management subsystem that runs independently in the system. As long as there is a BMC and IPMI firmware, it can start to work, while BMC is usually an independent board installed on the server board. Currently, the server board provides IPMI support. The good autonomy of IPMI overcomes the restrictions on operating system-based management methods in the past, for example, if the operating system does not respond or is not loaded, it can still perform operations such as on/off and information extraction.

During work, all IPMI functions are completed by sending commands to BMC. The commands use the commands specified in the IPMI specification. BMC receives and records event messages in System Event Logs, maintains sensor data records describing sensor situations in the system. When remote access to the system is required, IPMI's new serial LAN (SOL) feature is useful. Sol changes the transmission direction of the local serial port during IPMI sessions to provide remote access to emergency management services, Windows dedicated management console, or LINUX serial console. BMC does this by changing the direction of information transmitted to the serial port on the LAN, provides a vendor-independent standard way to remotely view the startup, operating system loaders, or the emergency management console for fault diagnosis and repair.

How IPMI works

The serial over LAN (SOL) function is useful when remote access to the system text console is required. Sol redirects a local serial interface through an IPMI session to allow remote access to the Windows Emergency Management Console (EMS) Special Management Console (SAC) or the LINUX serial console. In this process, the IPMI firmware intercepts data and resends the information directed to the serial port through the LAN. This provides a standard way to remotely view boot, OS loaders, or the Emergency Management Console to diagnose and fix server-related problems without considering vendors. It allows you to configure various components during the boot phase.

In terms of Command Transmission Security, users do not need to worry about IPMI Enhanced authentication (based on secure hash algorithm 1 and key-based Hash Message Authentication) and encryption (Advanced Encryption Standard and arcfour) function helps achieve secure remote operations. The support for VLANs makes it easy to set and manage private networks and can be configured based on channels.

In general, BMC has the following features:

1. access through the serial port of the system

2. Fault log records and SNMP alarm sending

3. Access System Event Log (SEL) and sensor STATUS

4. control includes boot and Shutdown

5. Support independent from system power supply or working status

6. Text console redirection for system settings, text utilities and the operating system console

With IPMI, You can actively monitor the component status to ensure that the preset threshold value is not exceeded, such as the server temperature. In this way, it helps maintain the running time of IT resources by avoiding irregular power outages. The fault forecast capability of IPMI also facilitates it cycle management. By checking system event logs (SEL), you can easily determine faulty components in advance.

 

IPMI usage

In this example, we use the Dell poweredge r805 server, a 2u rack server launched in May this year. Dell calls it a product created for virtualization applications, this 2u rack-mounted Server is a dual-core quad-core design that uses the amd quad-core haolong platform, AMD's Barcelona processor uses new technologies such as direct connection architecture, fast virtual address changes, tagged tag conversion bypass buffers (TLB), and equipment rejection vectors, it has good performance in reducing latency, improving virtualization execution efficiency, enhancing virtual device management, and enhancing the security of virtual environments. In addition, this product provides support for the IPMI 2.0 standard, which can be directly used by users.

Price quoted by Dell poweredge r805 image library evaluation and test Forum

To use the IPMI specification for remote server management, we not only need the support of local servers, but also need IPMI tools for remote control.

Dell Drac 5 Remote Control Card

As we have mentioned earlier, IPMI is an open standard, so there are many independent tools and software. ipmitool, ipmiutil, and many other tools developed by server vendors are commonly used. In this instance, we use ipmiutil.

　　Local server settings

To use the remote management function of IPMI, you must first set it. When the server is started, the user is prompted to press Ctrl + E for relevant settings. Press Ctrl + e to enter the IPMI management interface.

IPMI Remote Management settings

The IPMI management interface has many options, so you do not need to set them one by one. First, set IPMI over LAN to on, which means to enable IPMI through LAN.

In Nic selection, select "dedicated"-select this option to enable remote access devices to use private network interfaces on Remote Access Controller (RAC. This interface is not shared with the host operating system and routes management communication to a separate physical network, thus being able to communicate with applications separately. This option is available only when a Drac card is installed in the system, and this card is installed on the local machine.

Network Settings

Set the IP address and other information of the IPMI interface in the third item. Note that the IP address here can be different from the IP address of the server Nic. If the user uses the LAN for IPMI control, the IP address must be in the same network segment as the control end.

In addition, you need to set the user name and password in "LAN User configeration. After these settings are complete, you can press ESC to create and release the instance. The system will prompt you to save and release the instance. After you select this option, you can remotely access IPMI with the system restarted.

User settings

Save and exit

 

Remote Server Management

After the ipmiutil toolkit is installed on the control end, we can use a series of commands to obtain information about the remote server and set it. Ipmiutil is a toolkit that includes ipmiutil, hwrese, and other tools. They have different purposes, such as hwrese, which can be used to start and shut down servers. You can use ipmiutil -? Or similar commands to view the role of each tool.

　　
It can be seen that after ipmiutil is installed, it contains the following executable commands:

• Alarms-display and set telco alarms (LED Display and latency)
• Bmchealth-test whether the BMC works properly.
• Fruconfig-display fru product information and write useful information
• Getevent-receives and displays an IPMI event.
• Hwreset-used to enable firmware to restart or disable the system
• Pefconfig-displays and configures the lanport, and configures the platform Event Filter table to generate bmc lan prompts through firmare event.
• Sensor-displays sensor data records, values, and thresholds.
• Showsel-displays system event log records.
• Tmconfig-displays and configures the BMC serial port.
• Wdt-display and set the watchdog time.
 
The sensor and pefconfig commands are the most commonly used commands. The sensor command can be used to obtain various monitoring information. Use the pefconfig command to set the BMC so that the BMC can trigger an alarm when the system has an event. Hwrese is also commonly used. This command can be used to restart the server and enable or disable the hardware.

Sensor Command help

The command formats of ipmiutil are generally:

Command name-operation to be performed-N nodename-u user-r passwd

Here, "-n" is followed by the name of the monitored server, "-U" is followed by the user name, and "-R" is followed by the user password.

Remote Boot

Remote Shutdown

For example, hwreset-u-n nodename-u user-r passwd can enable server startup.

Pefconfig command details

The pefconfig-e-n nodename-u user-r passwd command is used to set the BMC hardware. This command collects the relevant information from the operating system and sets the BMC, this enables BMC to trigger alarms when an event occurs.

Disable alarm settings

Pefconfig-D-N nodename-u user-r passwd does not allow alarms.

When the command is successfully executed, the words completed successfully will appear at the end of the execution. If a user fails to execute a command due to input errors or other reasons, the system will also prompt mutual errors.

Prompt when a problem occurs during Command Execution

Prompt when the command is correctly executed

Summary:

From the above examples, IPMI is indeed a very practical specification, which does not rely on the server's processor, operating system, and so on, making it very limited, as long as the system is powered on normally and the network interface is working properly, the server can be controlled. Taking advantage of the IPMI tool, we believe it will bring great convenience to server management.