Misplaced Pages

#978021

45-417: The OPMA specification, which can be freely downloaded from the web, specifies a signal list, connector and pin out, power requirements, mechanical form factor, BIOS and management controller firmware interfaces, and a detailed division of management subsystem resources between the motherboard and the mCard. OPMA enables a wide variety of mCards to individually interface to a given motherboard. It also enables

90-444: A dummy implementation may be used to allow development to progress before the final implementation is available. In another case, a fake or mock implementation may be substituted during testing. Such stub implementations are replaced by real code later in the development process. Usually, a method defined in an interface contains no code and thus cannot itself be called; it must be implemented by non-abstract code to be run when it

135-435: A given system. Hardware interfaces exist in many components, such as the various buses , storage devices , other I/O devices, etc. A hardware interface is described by the mechanical, electrical, and logical signals at the interface and the protocol for sequencing them (sometimes called signaling). A standard interface, such as SCSI , decouples the design and introduction of computing hardware, such as I/O devices, from

180-417: A larger on-card resource footprint such as WS-Management . OPMA supports two basic management subsystem connection paradigms. The first is where virtually the entire management subsystem resides on the mCard. Using this paradigm, the platform contains no basic management controller of any sort and relies on the presence of an OPMA card for all remote hardware management capabilities. In the second paradigm,

225-401: A programming style called programming to the interface . The idea behind this approach is to base programming logic on the interfaces of the objects used, rather than on internal implementation details. Programming to the interface reduces dependency on implementation specifics and makes code more reusable. Pushing this idea to the extreme, inversion of control leaves the context to inject

270-454: A remote console through the same connections e.g. system power-down and rebooting, or configuring watchdog timers . The standard also defines an alerting mechanism for the system to send a simple Network Management Protocol (SNMP) platform event trap (PET). The monitored system may be powered off, but must be connected to a power source and to the monitoring medium, typically a local area network (LAN) connection. IPMI can also function after

315-575: A single mCard to individually interface to multiple motherboard models. OPMA is mainly targeted at server platforms where the cost of a card based management subsystem is more easily borne, but high end workstations may also leverage the specification to handle cases where remote workstation platform management is required. The OPMA interface is flexible enough to handle multiple mCard price points and capabilities ranging from basic IPMI based management to those that support KVMoIP , remote virtual media , and newer external interface standards that require

360-434: A software module A is deliberately defined separately from the implementation of that module. The latter contains the actual code of the procedures and methods described in the interface, as well as other "private" variables, procedures, etc. Another software module B , for example the client to A , that interacts with A is forced to do so only through the published interface. One practical advantage of this arrangement

405-423: A specialized wire protocol defined by this specification. RMCP+ (a UDP -based protocol with stronger authentication than RMCP) is used for IPMI over LAN. Several vendors develop and market BMC chips. A BMC utilized for embedded applications may have limited memory and require optimized firmware code for implementation of the full IPMI functionality. Highly integrated BMCs can provide complex instructions and provide

450-740: A standardized interface and protocol allows systems-management software based on IPMI to manage multiple, disparate servers. As a message-based, hardware-level interface specification, IPMI operates independently of the operating system (OS) to allow administrators to manage a system remotely in the absence of an operating system or of the system management software . Thus, IPMI functions can work in any of three scenarios: System administrators can use IPMI messaging to monitor platform status (such as system temperatures, voltages, fans, power supplies and chassis intrusion); to query inventory information; to review hardware logs of out-of-range conditions; or to perform recovery procedures such as issuing requests from

495-466: A variety of platforms, the PCI bus did not provide direct access to all of the sensors needed to manage the hardware aspects of a platform. To gain full sensor access, custom headers had to be added to motherboards. Custom cables then linked these sideband signals between the card and the motherboard. PCI based platform management cards also consume a PCI slot which is a premium resource for many servers. This

SECTION 10

#1732794140979

540-421: A way to manage a computer that may be powered off or otherwise unresponsive by using a network connection to the hardware rather than to an operating system or login shell. Another use case may be installing a custom operating system remotely. Without IPMI, installing a custom operating system may require an administrator to be physically present near the computer, insert a DVD or a USB flash drive containing

585-411: Is a set of computer interface specifications for an autonomous computer subsystem that provides management and monitoring capabilities independently of the host system's CPU , firmware ( BIOS or UEFI ) and operating system . IPMI defines a set of interfaces used by system administrators for out-of-band management of computer systems and monitoring of their operation. For example, IPMI provides

630-431: Is a shared boundary across which two or more separate components of a computer system exchange information. The exchange can be between software , computer hardware , peripheral devices , humans , and combinations of these. Some computer hardware devices, such as a touchscreen , can both send and receive data through the interface, while others such as a mouse or microphone may only provide an interface to send data to

675-510: Is computationally impractical to break. Vendors as a result have provided patches that remediate these vulnerabilities. The DMTF organization has developed a secure and scalable interface specification called Redfish to work in modern datacenter environments. Some potential solutions exist outside of the IPMI standard, depending on proprietary implementations. The use of default short passwords, or "cipher 0" hacks can be easily overcome with

720-417: Is especially true of those using the 1U rack format and those which need PCI slots for RAID interface cards that enhance system hard disk throughput. AMD engineering teams were internally tasked with building server reference designs to support Opteron server processor evaluation by customers. During these early internal server design efforts it was determined that a standard management card subsystem that

765-460: Is invoked. An interface called " Stack " might define two methods: push() and pop() . It can be implemented in different ways, for example, FastStack and GenericStack —the first being fast, working with a data structure of fixed size, and the second using a data structure that can be resized, but at the cost of somewhat lower speed. Though interfaces can contain many methods, they may contain only one or even none at all. For example,

810-677: Is supported with three roles available: Administrator, Operator and User. Overall, the User role has read-only access of the BMC and no remote control ability such as power cycle or the ability to view or log into the main CPU on the motherboard. Therefore, any hacker with the User role has zero access to confidential information, and zero control over the system. The User role is typically used to monitor sensor readings, after an SNMP alert has been received by SNMP Network Monitoring Software. The Operator role

855-411: Is that replacing the implementation of A with another implementation of the same interface should not cause B to fail—how A internally meets the requirements of the interface is not relevant to B , which is only concerned with the specifications of the interface. (See also Liskov substitution principle .) In some object-oriented languages, especially those without full multiple inheritance ,

900-644: Is to disable the use of the Operator and Administrator roles in LDAP/RADIUS, and only enable them when needed by the LDAP/RADIUS administrator. For example, in RADIUS a role can have its setting Auth-Type changed to: Doing so will prevent RAKP hash attacks from succeeding since the username will be rejected by the RADIUS server. The IPMI standard specification has evolved through a number of iterations: Interface (computing) In computing, an interface

945-405: Is used in the rare event when a system is hung, to generate an NMI crash/core dump file and reboot or power cycle the system. In such a case, the Operator will also have access to the system software to collect the crash/core dump file. The Administrator role is used to configure the BMC on first boot during the commissioning of the system when first installed. Therefore, the prudent best practice

SECTION 20

#1732794140979

990-773: The Intelligent Platform Management Interface (IPMI) specification in order to provide a basic plug and play capability. Using IPMI-defined OEM command extensions, the system and the mCard exchange basic information during system boot such as mCard/motherboard make and model, specification version compliance, and optional capabilities defined by the OPMA specification. OPMA was created as a joint technology development effort between AMD and various platform management subsystem technology companies such as Agilent , AMI , Avocent , and Raritan Embedded Solutions (formerly called Peppercon). When OPMA

1035-506: The Java language defines the interface Readable that has the single read () method; various implementations are used for different purposes, including BufferedReader , FileReader , InputStreamReader , PipedReader , and StringReader . Marker interfaces like Serializable contain no methods at all and serve to provide run-time information to generic processing using Reflection . The use of interfaces allows for

1080-588: The BMC to take some corrective actions – such as resetting or power cycling the system to get a hung OS running again. These abilities reduce the total cost of ownership of a system. Systems compliant with IPMI version 2.0 can also communicate via serial over LAN , whereby serial console output can be remotely viewed over the LAN. Systems implementing IPMI 2.0 typically also include KVM over IP , remote virtual media and out-of-band embedded web-server interface functionality, although strictly speaking, these lie outside of

1125-478: The OS installer and complete the installation process using a monitor and a keyboard. Using IPMI, an administrator can mount an ISO image , simulate an installer DVD, and perform the installation remotely. The specification is led by Intel and was first published on September 16, 1998. It is supported by more than 200 computer system vendors, such as Cisco , Dell , Hewlett Packard Enterprise , and Intel. Using

1170-517: The basic management module is soldered to the motherboard and the OPMA connector is used as an upgrade path for advanced platform management features. In this case, which is known as "upgrade kit mode", the OPMA card is able to access all sensors supported by the soldered down management controller using an SMBus link over which the Intelligent Platform Management Bus (IPMB) protocol is employed. OPMA also leverages

1215-517: The board network interface controller (NIC). This solution is less expensive than a dedicated LAN connection but also has limited bandwidth and security issues. Systems compliant with IPMI version 2.0 can also communicate via serial over LAN , whereby serial console output can be remotely viewed over the LAN. Systems implementing IPMI 2.0 typically also include KVM over IP , remote virtual media and out-of-band embedded web-server interface functionality, although strictly speaking, these lie outside of

1260-449: The board may contain sensors for temperature, fan speed, and voltage. The baseboard management controller (BMC) provides the intelligence in the IPMI architecture. It is a specialized microcontroller embedded on the motherboard of a computer  – generally a server . The BMC manages the interface between system-management software and platform hardware. BMC has its dedicated firmware and RAM. Different types of sensors built into

1305-403: The complete out-of-band functionality of a service processor. The firmware implementing the IPMI interfaces is provided by various vendors. A field-replaceable unit (FRU) repository holds the inventory, such as vendor ID and manufacturer, of potentially replaceable devices. A sensor data record (SDR) repository provides the properties of the individual sensors present on the board. For example,

1350-407: The computer system report to the BMC on parameters such as temperature , cooling fan speeds , power status, operating system (OS) status, etc. The BMC monitors the sensors and can send alerts to a system administrator via the network if any of the parameters do not stay within pre-set limits, indicating a potential failure of the system. The administrator can also remotely communicate with

1395-561: The design and introduction of other components of a computing system, thereby allowing users and manufacturers great flexibility in the implementation of computing systems. Hardware interfaces can be parallel with several electrical connections carrying parts of the data simultaneously or serial where data are sent one bit at a time. A software interface may refer to a wide range of different types of interfaces at different "levels". For example, an operating system may interface with pieces of hardware. Applications or programs running on

Open Platform Management Architecture - Misplaced Pages Continue

1440-419: The older version of IPMI, due to security concerns related to the design and vulnerabilities of Baseboard Management Controllers (BMCs). However, like any other management interface, best security practices dictate the placement of the IPMI management port on a dedicated management LAN or VLAN restricted to trusted Administrators. The IPMI specification has been updated with RAKP+ and a stronger cipher that

1485-431: The operating system has started, and exposes management data and structures to the system management software. IPMI prescribes only the structure and format of the interfaces as a standard, while detailed implementations may vary. An implementation of IPMI version 1.5 can communicate via a direct out-of-band LAN or serial connection or via a side-band LAN connection to a remote client . The side-band LAN connection utilizes

1530-435: The operating system may need to interact via data streams , filters, and pipelines. In object oriented programs , objects within an application may need to interact via methods . A key principle of design is to prohibit access to all resources by default, allowing access only through well-defined entry points, i.e., interfaces. Software interfaces provide access to computer resources (such as memory, CPU, storage, etc.) of

1575-612: The same chassis connect to the BMC via the system interface called Intelligent Platform Management Bus/Bridge (IPMB) – an enhanced implementation of I²C (Inter-Integrated Circuit). The BMC connects to satellite controllers or another BMC in another chassis via the Intelligent Platform Management Controller (IPMC) bus or bridge. It may be managed with the Remote Management Control Protocol (RMCP),

1620-401: The same time. An interface is thus a type definition; anywhere an object can be exchanged (for example, in a function or method call) the type of the object to be exchanged can be defined in terms of one of its implemented interface s or base-classes rather than specifying the specific class . This approach means that any class that implements that interface can be used. For example,

1665-594: The scope of the IPMI interface standard. DCMI (Data Center Manageability Interface) is a similar standard based on IPMI but designed to be more suitable for Data Center management: it uses the interfaces defined in IPMI, but minimizes the number of optional interfaces and includes power capping control, among other differences. An IPMI sub-system consists of a main controller, called the baseboard management controller (BMC) and other management controllers distributed among different system modules that are referred to as satellite controllers. The satellite controllers within

1710-430: The scope of the IPMI interface standard. Physical interfaces to the BMC include SMBuses , an RS-232 serial console, address and data lines and an IPMB, that enables the BMC to accept IPMI request messages from other management controllers in the system. A direct serial connection to the BMC is not encrypted as the connection itself is secure. Connection to the BMC over LAN may or may not use encryption depending on

1755-407: The security concerns of the user. There are rising concerns about general security regarding BMCs as a closed infrastructure. OpenBMC is a Linux Foundation Collaborative open-source BMC project. On 2 July 2013, Rapid7 published a guide to security penetration testing of the latest IPMI 2.0 protocol and implementations by various vendors. Some sources in 2013 were advising against using

1800-402: The server industry platform and infrastructure providers. Some of the motherboards may be seen using links in the external links section. To date, no tier one computer OEMs have offered OPMA enabled motherboards for sale. OPMA enabled channel motherboards OPMA mcards Standards SIG Intelligent Platform Management Interface The Intelligent Platform Management Interface ( IPMI )

1845-440: The term interface is used to define an abstract type that acts as an abstraction of a class . It contains no data, but defines behaviours as method signatures. A class having code and data for all the methods corresponding to that interface and declaring so is said to implement that interface. Furthermore, even in single-inheritance-languages, one can implement multiple interfaces, and hence can be of different types at

Open Platform Management Architecture - Misplaced Pages Continue

1890-457: The underlying computer system; direct access (i.e., not through well-designed interfaces) to such resources by software can have major ramifications—sometimes disastrous ones—for functionality and stability. Interfaces between software components can provide constants , data types , types of procedures , exception specifications, and method signatures . Sometimes, public variables are also defined as part of an interface. The interface of

1935-491: The use of a RADIUS server for Authentication, Authorization, and Accounting (AAA) over SSL as is typical in a datacenter or any medium to large deployment. The user's RADIUS server can be configured to store AAA securely in an LDAP database using either FreeRADIUS/OpenLDAP or Microsoft Active Directory and related services. Role-based access provides a way to respond to current and future security issues by increasing amounts of restriction for higher roles. Role-based access

1980-472: Was first released in February 2005, platform hardware management was being treated as a value added feature by OEMs. This resulted in a constant redesign of the management card infrastructure such that no two motherboard manufacturers could use the same card. Lack of standards and constant redesign resulted in higher end user costs. While PCI based management cards were available which could be plugged into

2025-499: Was reusable across many platforms would decrease time to market while saving design and support costs for AMD reference design platforms in the field. Such an interface would also allow AMD to outsource the design and test of the management card to industry experts. AMD reasoned that external audiences would derive these same benefits as its internal engineering teams and so OPMA was documented and released. According to AMD's press releases, there has been significant interest in OPMA by

#978021