iLoIpmiComparison

iLO vs. IPMI

Remote Server Management

Phil Hollenback, www.hollenback.net

Intro

• IPMI: Intelligent Platform Management Interface

  • Standard interface developed by Intel
  • Supported on servers from many vendors

  • This support is often in the form of a separate card attached to motherboard

    • Add-on at time of system purchase
  • Current Version is 2.0, which differs significantly from old (and installed everywhere) v1.5

• iLO: Integrated Lights Out

  • Developed by Compaq many years ago, then enhanced by HP
  • Standard on all 200- and 300- series Proliant Servers
  • Current version is 1.89

• Both

  • Separate management processor inside the system

  • As long as system is connected to power this management processor is alive

    • In IPMI this is called the Baseboard Management Controller or BMC
  • Allow remote access when system is turned off or crashed

Setup

• iLO

  • BIOS for basics of net connectivity and access

  • Web Interface for everything else

    • Requires Java on the client

• IPMI: varies by vendor.

  • Typically basic setup performed in BIOS similar to iLO

    • network
    • admin user / password

  • Further config via IPMI interface on local machine or on the net

    • In linux all access is via IPMITool

Security

• Users

  • iLO

    • users can be managed in bios
    • users can be managed in web interface (iLO has built-in web server)
    • Can authenticate users via your LDAP server.

  • IPMI

    • Admin user can be configured in bios
    • Use ipmitool to add/manage additional users (if needed)
    • No built-in web browser
    • Some vendors (SuperMicro) have added their own proprietary web interfaces

• Encryption

  • iLO

    • Web interface is via https
    • SSH is enabled by default and user keys can be stored in the iLO.

  • IPMI

    • No encryption in v1.5 (big installed base of servers)
    • SSL, etc. in v2.0

Network Model

• Old iLO requires separate physical network port on system

• IPMI and new iLO share primary ethernet with first ethernet port

  • Only first ethernet port

    • Can be a problem if your network driver swaps the port order
• Both have a separate MAC and IP address on shared port setup

• IPMI v2.0 and recent iLO support vlans

  • Segregate server management traffic

Server Power Control

Management controller can change power state of system

• hard power down (remove power to system)
• soft reset (simulate overtemp in ACPI to force system to do an OS shutdown (iLO only)
• hard reset (interrupt power to system)
• power on

Both examples performed from another system with network connectivity to test machine:

iLO

$ ssh server-ilo-address
... enter password...
</>hpiLO-> power
power: server power is currently: On

</>hpiLO-> power warm
... warm reboot of system...

IPMI

$ ipmitool -I lan -H server-ipmi-address -U admin -a chassis power soft

• You can flash the system status led too

  • So you can direct someone to find a machine in a rack of similar systems

Remote Console

• iLO: Ready out of the box

  • ssh to iLO address and run command remcons
  • or use java app in web interface

• You get the exact system console (text only), including bios

  • Have to configure OS to use text console also

    • In Linux add console=ttyS1,115200n8 console=tty0

• IPMI

  • Not official part of v1.5 standard
  • Serial Over Lan is supposed to redirect serial console to a proxy server

  • Proxy server has to be running on a different system

    • Dell proxy server for Linux
    • Then you can telnet to port 623 of that system and it translates the console display from IPMI on other server
    • Upgly hack and I've never seen it work!
  • Supposedly v2.0 defines a standard console
  • Vendors such as SuperMicro use java and a web server similar to iLO, but not standardized either

Sensors

• iLO

  • Can't see current fan, cpu readings
  • Will alert over snmp or in event log if values go out of spec
  • Will auto-shutdown on thermal failure

• IPMI

  • Direct Access to sensors:

$ ipmitool -I lan -H server-ipmi-address -U admin sensor get "Ambient Temp"
Password: ...enter bmc admin user password...
 Sensor ID              : Ambient Temp (0x8)
 Entity ID             : 7.1
 Sensor Type (Analog)  : Temperature
 Sensor Reading        : 21 (+/- -124) degrees C
 Status                : ok
 Lower Non-Recoverable : na
 Lower Critical        : 3.000
 Lower Non-Critical    : 8.000
 Upper Non-Critical    : 42.000
 Upper Critical        : 47.000
 Upper Non-Recoverable : na

Other Alternatives

Serial Console Server

• Very reliable
• Lots of extra cabling
• Additonal hardware (console server) required
• Serial port settings are fiddly
• But very powerful with conserver

VNC / Remote Desktop

• Only works at OS level
• Gives graphical interface
• Lots of network traffic

Conclusion

• IPMI is the way of the future
• iLO is being replaced by more powerful iLO 2 (which also uses IPMI) on new servers
• Server systems will probably all converge on IPMI 3 or something.

Further Reading

• iLO at HP: http://h18000.www1.hp.com/products/servers/management/ilo/index.html
• IPMI Spec: http://developer.intel.com/design/servers/ipmi/
• IPMITool for Linux: http://ipmitool.sourceforge.net
• Conserver: http://www.conserver.com
• Dell proxy server for Linux: http://lists.us.dell.com/pipermail/linux-poweredge/2005-December/023974.html
• Managing Dell Servers with IPMI: http://www.dell.com/downloads/global/power/ps4q04-20040204-Murphy.pdf
• Optimizing Console Redirection: http://www.dell.com/downloads/global/power/ps4q05-20040205-Hoke-OE.pdf
• This Page: http://www.hollenback.net/index.php/iLoIpmiComparison