Advances in Intelligent Platform Management: IPMI v2.0 Technology Preview

1
Advances in Intelligent Platform Management IPMI
v2.0 Technology Preview

• Tom Slaight
• Principal Server Management Architect
• Intel Corporation
• September 17, 2003

2
Agenda

• IPMI Architecture and Initiative Update
• Directions for IPMI v2.0
• LAN Security, Connectivity, and Serial
  Redirection Technology
• IPMI future directions
• Summary

3
Introduction

• AudienceArchitects, Technical Managers,
  Firmware Leads, and Hardware Designers
• Involved in architecture, component selection,
  debug, test, or design of server baseboard and
  peripheral management subsystems
• Focus IPMI-based implementations
• Interfaces, firmware and software components

Directions and Technology Preview
4
IPMI

• Defines a common, abstracted, message-based
  interface to intelligent platform management
  hardware
• Defines common records for describing platform
  management devices and their characteristics

• Intelligent
• Platform
• Management
• Interface

Promoters
Adopters 156 and growing
IPMI enables cross-platform management software
5
Initiative News
IPMI v2.0 Adopters Preview, Updated Errata, and
IPMI Conformance Test Suite
Happy Birthday
5
developer.intel.com/design/servers/ipmi
6
IPMI Architecture
Baseboard
Chassis
Satellite Mgmt. Controller
IPMB (I2C)
NV Store
I2C / SMBus
Baseboard Mgmt. Controller (BMC)
sensors control circuitry
SDR, SEL, FRU
I2C/SMBus
FRU SEEPROM
SENSORs control circuitry
System Interface
System Bus
IPMI Messages
7
Agenda

• IPMI Architecture and Initiative Update
• Directions for IPMI v2.0
• LAN Security, Connectivity, and Serial
  Redirection Technology
• IPMI future directions
• Summary

8
New Directions for IPMI

• Integrated Serial over LANmanagement
• Low Cost Systems
• Baseline BMCs
• Group Managed Systems
• ICMB and LAN-managed systems
• Modular Systems
• General purpose andAdvancedTCA blade systems

IPMI grows to enable competitive features across
server classes
9
Where it fits
Management Applications
Management S/WStandards
Service Provider
Service Provider
Instrumentation Provider
ProxyInstrumentation Provider
IPMI Messages
IPMI I/F Code
IPMI I/F Code
In-Band
IPMI H/W I/F
IPMI
OOB I/F
Baseboard Mgmt. Controller and monitoring h/w
Out-Of-Band
Network, Serial, Modem, Inter-Chassis Mgmt Bus
Common interface for in-band andout-of-band
platform management
10
Whats New in v2.0

• Enhanced Security
• Authentication and Encryption Algorithms
• LAN Session Enhancements
• Enhanced discovery
• Support for new payload types under IPMI session
• Modular Extensions
• FRU Identification, Node replacement, Firmware
  Firewall, Redundant Management Bus monitoring
• Enhanced Serial RemoteManagement
• Serial Redirection over LAN
• Extended Terminal Mode
• Continued support for OEM value-added feature
  integration

11
Agenda

• IPMI Architecture and Initiative Update
• Directions for IPMI v2.0
• IPMI v2.0 Connectivity and Serial Redirection
  Technology
• IPMI future directions
• Summary

12
Security EnhancementsAuthentication, Encryption,
and VLAN

• Authentication
• Aligns with DMTF ASF 2.0 key exchange for session
  establishment
• Uses SHA-1 and HMAC based authentication
• MD5 based authentication option
• Encryption
• Enables remote operations such as user password
  configuration
• Use AES encryption
• RC4 -compatible encryption option
• VLAN Support
• Facilitates setting up management-only networks
• LAN Packet format extended for IEEE 802.1q
  Virtual LAN routing
• Works with side-band filtering in enhanced
  management network controllers

Other names and brands may be claimed as the
property of others
13
Security Enhancements for ModularPartitioning
for protection

• ProblemBus topology enables local mgmt s/w to
  access other nodes

• Solutionfirmware firewall

14
Security Enhancements for ModularPartitioning
for protection

• Firmware Firewall
• F/W blocks messaging to other nodes on shared bus
• Allows messages between local software and
  management module
• Local software may also be blocked from SDR or
  FRU updates that might be used to generate false
  events
• Firmware updates can only occur from management
  bus side
• Access rights can only be configured from
  management bus side

System Interface
Sensors
BMC
FRU, SEL, SDR
SatelliteController
FLASH
side-band port
BP I/F
backplane mgmt. bus
15
Session EnhancementsDiscovery and Connection

• New commands for managed system discovery
• Facilitates automated discovery and access by
  remote applications
• IPMI version (v1.5 or v2.0) discovery
• Cipher-Suite discovery
• Enhanced Session Setup
• Provides option for Role-only logins
• Simplifies use in small installations
• no username to remember, can simply login in as
  User, Operator, or Admin

16
Session EnhancementsSession Payloads

• Payloads enables multiple types of trafficto be
  carried over a single IPMI session
• payloads can also be launched to a separate
  session
• Standard payload types
• Session Setup, IPMI Messages, Serial Over LAN
• OEM payload types
• Enable value-added features on IPMI session
  infrastructure
• Leverages IPMI User configuration and
  authentication
• Payload support is discoverable
• Payloads enabled on a per-user basis

Session Payloads and VLAN supportsimplify
management network partitioning
17
Session EnhancementsSession Payloads

• Payloads can be activated under common or
  separate ports

IPMI Payload Msgs
BMC
LAN
Port 26Fh
Network Controller
Payload Processing
IPMI Msgs
BMC
LAN
Port 26Fh
Network Controller
Port XYZ
Payload Processor
Payload Msgs
18
Serial Over LAN

• Defines common format and protocol for serial
  redirection under an IPMI Session
• Launched as a standard payload type under IPMI
  v2.0 Session
• Specification supports multiple serial
  connections
• Can be combined with IPMI Serial Port Sharing
• enables single back of the box serial
  connection to be shared for local serial/modem
  and LAN redirected mgmt

19
Packet FormatsIPMI v2.0 RMCP

• New v2.0 LAN packet format supports
• Enhanced authentication and encryption
• VLAN addressing
• Multiple payload types
• More commonality with ASF 2.0 fields
• Carries secure and non-secure traffic over
  single session
• Enables security level to match level of
  operation
• Authenticated/non-authenticated,
  encrypted/non-encrypted packets can be mixed
  under a single session

20
Packet FormatsLAN Message Encapsulation

• Sessions encapsulated in RMCP messages
• IPMI Payloads encapsulated in session

Configuration commandssupport VLAN filtering
MAC Addr, VLAN ID
TCP/IP-UDP
RMCPRMCP Seq FFh
New Payload Type field identifies payload content
IPMI SessionSession ID,Session Seqs Payload
Type Field
IPMI MessageIPMI Addr,IPMI SeqNetFn, LUN,
CMD, Data
21
IPMI Session Activation
CONSOLE
BMC
Rqrequest, Rsresponse
Get Channel Authentication Capabilities, Rq
Get Channel AuthenticationCapabilities, Rs
Discovery
Get Channel CipherSuites, Rq
Get Channel Cipher Suites, Rs
Get Session Challenge, Rq Open Session, Rq
Get Session Challenge, RsOpen Session, Rs
Activate Session, RqRAKP Message 1
Activation
Activate Session, RsRAKP Message 2
RAKP Message 3
RAKP Message 4
Set Privilege Level, Rq
Set Privilege Level, Rs
Active
Activate Payload, Rq
Activate Payload, Rs
Close Session, Rq
22
Backward Compatibility

• Managed systems can be discovered and used as an
  IPMI v1.5 system
• Compatible command superset
• V2.0 extends, but does not replace IPMI v1.5
  commands
• BMC supports connecting using IPMI v1.5 protocols
• IPMI v1.5 LAN packet support retained
• V2.0 packets/protocols required for new LAN
  features
• e.g. enhanced auth., encryption, SOL

23
Agenda

• IPMI Architecture and Initiative Update
• Directions for IPMI v2.0
• LAN Security, Connectivity, and Serial
  Redirection Technology
• IPMI future directions
• Summary

24
IPMI v2.0 Roadmap
2003
2004
Q1
Q2
Q3
Q4
Q1
Q2
Q3
Q4
AdopterPreview
TargetRelease
2.0
2.0
IPMI v1.5 Today
v2.0 Proposed Additions

• Monitoring (temp, volt, fan, etc.)
• Control (power on/off/cycle, reset, diag.
  interrupt)
• System Event Logging
• FRU SDR Information
• Watchdog Timer
• Serial and LAN access
• Serial and LAN alerts
• Platform Event Filtering
• Serial Port sharing
• Internal/extl mgmt busses

• Serial redirection over LAN
• Terminal mode extensions(improved CLI)
• Alignment with ASF Authentication
• Encryption support
• Modular (blade) support
• IPMI over Web (may be post 2.0)

IPMI continues to evolvevaluable new capabilities
25
Agenda

• IPMI Architecture and Initiative Update
• Directions for IPMI v2.0
• LAN Security, Connectivity, and Serial
  Redirection Technology
• IPMI future directions
• Summary

26
Summary

• IPMI is the foundation for cross-platform
  management
• IPMI v2.0 helps you keep up with latest
  management features
• IPMI v2.0 technology enables secure remote
  management
• IPMI will continue to evolve with valuable new
  capabilities

Get the specs, provide feedback, and
start planning your IPMI v2.0-based products today
27
Advances in Intelligent Platform Management

• Tom SlaightIntel Corporation

Questions?
More on IPMI and IPMI v2.0 at IDF Lab
Advanced IPMI Lab Predictive Fault Analysis
L170 Weds 330pm, Thurs 10am - room M Session
IPMI for WBEM/CIM Design Considerations
S193 Thurs 10am - room B1 Intel Pavilion IPMI
v2.0 Technology Preview - Intel pavilion booth
9 Weds 12-2pm, 530-730pm, Thurs 2-4pm
Please remember to turn in your session survey
form
28
(No Transcript)