IPMI, iLO, blade management modules

As security awareness has increased particularly related to the operational and cost benefits inherent in the OOBI, high-end servers and other hardware equipment vendors are starting to incorporate specific hardware technologies that provide out-of-band management functions.

Examples include Intelligent Platform Management Interface (IPMI) and Integrated Lights Out (iLO) service processors and management modules in server blade systems.

IPMI is a proposed standard for communication with service processors (or baseboard management modules - BMC) to be embedded in every server motherboard. The BMC enables power control (the ability to turn the power off and on remotely over the network) and low-level hardware monitoring (temperature, fan speed, voltages on the bus, physical intrusion, etc.).

iLO is a proprietary implementation of the same concept in Compaq Proliant servers. Newly announced server blades may be equipped with management modules that consolidate OOBI administration within the blade chassis, enabling the monitoring and management of all server blades as a single system.

Those technologies can potentially be very useful and extend the scope and importance of OOBI administration. The problem is that they do not provide the security support for use in a secure data center.

Either they cannot support server-based authentication (LDAP, RADIUS, etc.) and data encryption (SSHv2, HTTPS, etc.) at all, or they depend on external software packages that are usually vendor specific and inadequate for the management requirements in a heterogeneous data center.

When taking advantage of the benefits provided by these new technologies, make sure to consider the security implications, and when necessary, deploy the appropriate security measures that can provide the access control, logging capabilities and consolidation required to maintain a secure environment.