Title: Advances in Intelligent Platform Management: IPMI v2.0 Technology Preview
1Advances in Intelligent Platform Management IPMI
v2.0 Technology Preview
- Tom Slaight
- Principal Server Management Architect
- Intel Corporation
- September 17, 2003
2Agenda
- IPMI Architecture and Initiative Update
- Directions for IPMI v2.0
- LAN Security, Connectivity, and Serial
Redirection Technology - IPMI future directions
- Summary
3Introduction
- AudienceArchitects, Technical Managers,
Firmware Leads, and Hardware Designers - Involved in architecture, component selection,
debug, test, or design of server baseboard and
peripheral management subsystems - Focus IPMI-based implementations
- Interfaces, firmware and software components
Directions and Technology Preview
4IPMI
- Defines a common, abstracted, message-based
interface to intelligent platform management
hardware - Defines common records for describing platform
management devices and their characteristics
- Intelligent
- Platform
- Management
- Interface
Promoters
Adopters 156 and growing
IPMI enables cross-platform management software
5Initiative News
IPMI v2.0 Adopters Preview, Updated Errata, and
IPMI Conformance Test Suite
Happy Birthday
5
developer.intel.com/design/servers/ipmi
6IPMI Architecture
Baseboard
Chassis
Satellite Mgmt. Controller
IPMB (I2C)
NV Store
I2C / SMBus
Baseboard Mgmt. Controller (BMC)
sensors control circuitry
SDR, SEL, FRU
I2C/SMBus
FRU SEEPROM
SENSORs control circuitry
System Interface
System Bus
IPMI Messages
7Agenda
- IPMI Architecture and Initiative Update
- Directions for IPMI v2.0
- LAN Security, Connectivity, and Serial
Redirection Technology - IPMI future directions
- Summary
8New Directions for IPMI
- Integrated Serial over LANmanagement
- Low Cost Systems
- Baseline BMCs
- Group Managed Systems
- ICMB and LAN-managed systems
- Modular Systems
- General purpose andAdvancedTCA blade systems
IPMI grows to enable competitive features across
server classes
9Where it fits
Management Applications
Management S/WStandards
Service Provider
Service Provider
Instrumentation Provider
ProxyInstrumentation Provider
IPMI Messages
IPMI I/F Code
IPMI I/F Code
In-Band
IPMI H/W I/F
IPMI
OOB I/F
Baseboard Mgmt. Controller and monitoring h/w
Out-Of-Band
Network, Serial, Modem, Inter-Chassis Mgmt Bus
Common interface for in-band andout-of-band
platform management
10Whats New in v2.0
- Enhanced Security
- Authentication and Encryption Algorithms
- LAN Session Enhancements
- Enhanced discovery
- Support for new payload types under IPMI session
- Modular Extensions
- FRU Identification, Node replacement, Firmware
Firewall, Redundant Management Bus monitoring - Enhanced Serial RemoteManagement
- Serial Redirection over LAN
- Extended Terminal Mode
- Continued support for OEM value-added feature
integration
11Agenda
- IPMI Architecture and Initiative Update
- Directions for IPMI v2.0
- IPMI v2.0 Connectivity and Serial Redirection
Technology - IPMI future directions
- Summary
12Security EnhancementsAuthentication, Encryption,
and VLAN
- Authentication
- Aligns with DMTF ASF 2.0 key exchange for session
establishment - Uses SHA-1 and HMAC based authentication
- MD5 based authentication option
- Encryption
- Enables remote operations such as user password
configuration - Use AES encryption
- RC4 -compatible encryption option
- VLAN Support
- Facilitates setting up management-only networks
- LAN Packet format extended for IEEE 802.1q
Virtual LAN routing - Works with side-band filtering in enhanced
management network controllers
Other names and brands may be claimed as the
property of others
13Security Enhancements for ModularPartitioning
for protection
- ProblemBus topology enables local mgmt s/w to
access other nodes
- Solutionfirmware firewall
14Security Enhancements for ModularPartitioning
for protection
- Firmware Firewall
- F/W blocks messaging to other nodes on shared bus
- Allows messages between local software and
management module - Local software may also be blocked from SDR or
FRU updates that might be used to generate false
events - Firmware updates can only occur from management
bus side - Access rights can only be configured from
management bus side
System Interface
Sensors
BMC
FRU, SEL, SDR
SatelliteController
FLASH
side-band port
BP I/F
backplane mgmt. bus
15Session EnhancementsDiscovery and Connection
- New commands for managed system discovery
- Facilitates automated discovery and access by
remote applications - IPMI version (v1.5 or v2.0) discovery
- Cipher-Suite discovery
- Enhanced Session Setup
- Provides option for Role-only logins
- Simplifies use in small installations
- no username to remember, can simply login in as
User, Operator, or Admin
16Session EnhancementsSession Payloads
- Payloads enables multiple types of trafficto be
carried over a single IPMI session - payloads can also be launched to a separate
session - Standard payload types
- Session Setup, IPMI Messages, Serial Over LAN
- OEM payload types
- Enable value-added features on IPMI session
infrastructure - Leverages IPMI User configuration and
authentication - Payload support is discoverable
- Payloads enabled on a per-user basis
Session Payloads and VLAN supportsimplify
management network partitioning
17Session EnhancementsSession Payloads
- Payloads can be activated under common or
separate ports
IPMI Payload Msgs
BMC
LAN
Port 26Fh
Network Controller
Payload Processing
IPMI Msgs
BMC
LAN
Port 26Fh
Network Controller
Port XYZ
Payload Processor
Payload Msgs
18Serial Over LAN
- Defines common format and protocol for serial
redirection under an IPMI Session - Launched as a standard payload type under IPMI
v2.0 Session - Specification supports multiple serial
connections - Can be combined with IPMI Serial Port Sharing
- enables single back of the box serial
connection to be shared for local serial/modem
and LAN redirected mgmt
19Packet FormatsIPMI v2.0 RMCP
- New v2.0 LAN packet format supports
- Enhanced authentication and encryption
- VLAN addressing
- Multiple payload types
- More commonality with ASF 2.0 fields
- Carries secure and non-secure traffic over
single session - Enables security level to match level of
operation - Authenticated/non-authenticated,
encrypted/non-encrypted packets can be mixed
under a single session
20Packet FormatsLAN Message Encapsulation
- Sessions encapsulated in RMCP messages
- IPMI Payloads encapsulated in session
Configuration commandssupport VLAN filtering
MAC Addr, VLAN ID
TCP/IP-UDP
RMCPRMCP Seq FFh
New Payload Type field identifies payload content
IPMI SessionSession ID,Session Seqs Payload
Type Field
IPMI MessageIPMI Addr,IPMI SeqNetFn, LUN,
CMD, Data
21IPMI Session Activation
CONSOLE
BMC
Rqrequest, Rsresponse
Get Channel Authentication Capabilities, Rq
Get Channel AuthenticationCapabilities, Rs
Discovery
Get Channel CipherSuites, Rq
Get Channel Cipher Suites, Rs
Get Session Challenge, Rq Open Session, Rq
Get Session Challenge, RsOpen Session, Rs
Activate Session, RqRAKP Message 1
Activation
Activate Session, RsRAKP Message 2
RAKP Message 3
RAKP Message 4
Set Privilege Level, Rq
Set Privilege Level, Rs
Active
Activate Payload, Rq
Activate Payload, Rs
Close Session, Rq
22Backward Compatibility
- Managed systems can be discovered and used as an
IPMI v1.5 system - Compatible command superset
- V2.0 extends, but does not replace IPMI v1.5
commands - BMC supports connecting using IPMI v1.5 protocols
- IPMI v1.5 LAN packet support retained
- V2.0 packets/protocols required for new LAN
features - e.g. enhanced auth., encryption, SOL
23Agenda
- IPMI Architecture and Initiative Update
- Directions for IPMI v2.0
- LAN Security, Connectivity, and Serial
Redirection Technology - IPMI future directions
- Summary
24IPMI v2.0 Roadmap
2003
2004
Q1
Q2
Q3
Q4
Q1
Q2
Q3
Q4
AdopterPreview
TargetRelease
2.0
2.0
IPMI v1.5 Today
v2.0 Proposed Additions
- Monitoring (temp, volt, fan, etc.)
- Control (power on/off/cycle, reset, diag.
interrupt) - System Event Logging
- FRU SDR Information
- Watchdog Timer
- Serial and LAN access
- Serial and LAN alerts
- Platform Event Filtering
- Serial Port sharing
- Internal/extl mgmt busses
- Serial redirection over LAN
- Terminal mode extensions(improved CLI)
- Alignment with ASF Authentication
- Encryption support
- Modular (blade) support
- IPMI over Web (may be post 2.0)
IPMI continues to evolvevaluable new capabilities
25Agenda
- IPMI Architecture and Initiative Update
- Directions for IPMI v2.0
- LAN Security, Connectivity, and Serial
Redirection Technology - IPMI future directions
- Summary
26Summary
- IPMI is the foundation for cross-platform
management - IPMI v2.0 helps you keep up with latest
management features - IPMI v2.0 technology enables secure remote
management - IPMI will continue to evolve with valuable new
capabilities
Get the specs, provide feedback, and
start planning your IPMI v2.0-based products today
27Advances in Intelligent Platform Management
- Tom SlaightIntel Corporation
Questions?
More on IPMI and IPMI v2.0 at IDF Lab
Advanced IPMI Lab Predictive Fault Analysis
L170 Weds 330pm, Thurs 10am - room M Session
IPMI for WBEM/CIM Design Considerations
S193 Thurs 10am - room B1 Intel Pavilion IPMI
v2.0 Technology Preview - Intel pavilion booth
9 Weds 12-2pm, 530-730pm, Thurs 2-4pm
Please remember to turn in your session survey
form
28(No Transcript)