iLoIpmiComparison

iLO vs. IPMI

Remote Server Management

Phil Hollenback, www.hollenback.net

Intro

  • IPMI: Intelligent Platform Management Interface

    • Standard interface developed by Intel
    • Supported on servers from many vendors
    • This support is often in the form of a separate card attached to motherboard

      • Add-on at time of system purchase
    • Current Version is 2.0, which differs significantly from old (and installed everywhere) v1.5
  • iLO: Integrated Lights Out

    • Developed by Compaq many years ago, then enhanced by HP
    • Standard on all 200- and 300- series Proliant Servers
    • Current version is 1.89
  • Both

    • Separate management processor inside the system
    • As long as system is connected to power this management processor is alive

      • In IPMI this is called the Baseboard Management Controller or BMC
    • Allow remote access when system is turned off or crashed

Setup

  • iLO

    • BIOS for basics of net connectivity and access
    • Web Interface for everything else

      • Requires Java on the client
  • IPMI: varies by vendor.

    • Typically basic setup performed in BIOS similar to iLO

      • network
      • admin user / password
    • Further config via IPMI interface on local machine or on the net

Security

  • Users

    • iLO

      • users can be managed in bios
      • users can be managed in web interface (iLO has built-in web server)
      • Can authenticate users via your LDAP server.
    • IPMI

      • Admin user can be configured in bios
      • Use ipmitool to add/manage additional users (if needed)
      • No built-in web browser
      • Some vendors (SuperMicro) have added their own proprietary web interfaces
  • Encryption

    • iLO

      • Web interface is via https
      • SSH is enabled by default and user keys can be stored in the iLO.
    • IPMI

      • No encryption in v1.5 (big installed base of servers)
      • SSL, etc. in v2.0

Network Model

  • Old iLO requires separate physical network port on system
  • IPMI and new iLO share primary ethernet with first ethernet port

    • Only first ethernet port

      • Can be a problem if your network driver swaps the port order
  • Both have a separate MAC and IP address on shared port setup
  • IPMI v2.0 and recent iLO support vlans

    • Segregate server management traffic

Server Power Control

Management controller can change power state of system

  • hard power down (remove power to system)
  • soft reset (simulate overtemp in ACPI to force system to do an OS shutdown (iLO only)
  • hard reset (interrupt power to system)
  • power on

Both examples performed from another system with network connectivity to test machine:

iLO

$ ssh server-ilo-address
... enter password...
</>hpiLO-> power
power: server power is currently: On

</>hpiLO-> power warm
... warm reboot of system...

IPMI

$ ipmitool -I lan -H server-ipmi-address -U admin -a chassis power soft
  • You can flash the system status led too

    • So you can direct someone to find a machine in a rack of similar systems

Remote Console

  • iLO: Ready out of the box

    • ssh to iLO address and run command remcons
    • or use java app in web interface
  • You get the exact system console (text only), including bios

    • Have to configure OS to use text console also

      • In Linux add console=ttyS1,115200n8 console=tty0
  • IPMI

    • Not official part of v1.5 standard
    • Serial Over Lan is supposed to redirect serial console to a proxy server
    • Proxy server has to be running on a different system

      • Dell proxy server for Linux
      • Then you can telnet to port 623 of that system and it translates the console display from IPMI on other server
      • Upgly hack and I've never seen it work!
    • Supposedly v2.0 defines a standard console
    • Vendors such as SuperMicro use java and a web server similar to iLO, but not standardized either

Sensors

  • iLO

    • Can't see current fan, cpu readings
    • Will alert over snmp or in event log if values go out of spec
    • Will auto-shutdown on thermal failure
  • IPMI

    • Direct Access to sensors:
$ ipmitool -I lan -H server-ipmi-address -U admin sensor get "Ambient Temp"
Password: ...enter bmc admin user password...
 Sensor ID              : Ambient Temp (0x8)
 Entity ID             : 7.1
 Sensor Type (Analog)  : Temperature
 Sensor Reading        : 21 (+/- -124) degrees C
 Status                : ok
 Lower Non-Recoverable : na
 Lower Critical        : 3.000
 Lower Non-Critical    : 8.000
 Upper Non-Critical    : 42.000
 Upper Critical        : 47.000
 Upper Non-Recoverable : na

Other Alternatives

Serial Console Server

  • Very reliable
  • Lots of extra cabling
  • Additonal hardware (console server) required
  • Serial port settings are fiddly
  • But very powerful with conserver

VNC / Remote Desktop

  • Only works at OS level
  • Gives graphical interface
  • Lots of network traffic

Conclusion

  • IPMI is the way of the future
  • iLO is being replaced by more powerful iLO 2 (which also uses IPMI) on new servers
  • Server systems will probably all converge on IPMI 3 or something.

Further Reading



Our Founder
ToolboxClick to hide/show