Out-of-band management

Last updated
An out-of-band management device 019-From-the-Hip-Photo.jpg
An out-of-band management device

In systems management, out-of-band management (OOB; also lights-out management or LOM) is a process for accessing and managing devices and infrastructure at remote locations through a separate management plane from the production network. OOB allows a system administrator to monitor and manage servers and other network-attached equipment by remote control regardless of whether the machine is powered on or whether an OS is installed or functional. It is contrasted to in-band management which requires the managed systems to be powered on and available over their operating system's networking facilities.

Contents

OOB can use dedicated management interfaces, serial ports, or cellular 4G and 5G networks for connectivity.

See https://www.lantronix.com/products-class/device-mgmt-oob/

Out-of-band management is now considered an essential network component to ensure business continuity and many manufacturers have it as a product offering.

Out-of-band versus in-band

By contrast, in-band management through VNC or SSH is based on in-band connectivity (the usual network channel). It typically requires software that must be installed on the remote system being managed and only works after the operating system has been booted and networking is brought up. It does not allow management of remote network components independently of the current status of other network components. A classic example of this limitation is when a sysadmin attempts to reconfigure the network on a remote machine only to find themselves locked out and unable to fix the problem without physically going to the machine. Despite these limitations, in-band solutions are still common because they are simpler and much lower-cost.

Design

A complete remote management system allows remote reboot, shutdown, powering on; hardware sensor monitoring (fan speed, power voltages, chassis intrusion, etc.); broadcasting of video output to remote terminals and receiving of input from remote keyboard and mouse (KVM over IP). It also can access local media like a DVD drive, or disk images, from the remote machine. If necessary, this allows one to perform remote installation of the operating system. Remote management can be used to adjust BIOS settings that may not be accessible after the operating system has already booted. Settings for hardware RAID or RAM timings can also be adjusted as the management card needs no hard drives or main memory to operate. [1]

As management via serial port has traditionally been important on servers, a complete remote management system also allows interfacing with the server through a serial over LAN cable.

As sending monitor output through the network is bandwidth intensive, cards like AMI's MegaRAC use built-in video compression [2] (versions of VNC are often used in implementing this [3] ). Devices like Dell DRAC also have a slot for a memory card where an administrator may keep server-related information independently from the main hard drive.

The remote system can be accessed either through an SSH command-line interface, specialized client software, or through various web-browser-based solutions. [4] Client software is usually optimized to manage multiple systems easily.

There are also various scaled-down versions, up to devices that only allow remote reboot by power cycling the server. This helps if the operating system hangs, but only needs a reboot to recover.

An older version of out-of-band management is a layout involving the availability of a separate network that allows network administrators to get command-line interface access over the console ports of network equipment, even when those devices are not forwarding any payload traffic.

If a location has several network devices, a terminal server can provide access to different console ports for direct CLI access. In case there is only one or just a few network devices, some of them provide AUX ports making it possible to connect a dial-in modem for direct CLI access. The mentioned terminal server can often be accessed via a separate network that does not use managed switches and routers for a connection to the central site, or it has a modem connected via dial-in access through POTS or ISDN.

Implementation

Remote management can be enabled on many computers (not necessarily only servers) by adding a remote management card (while some cards only support a limited list of motherboards). Newer server motherboards often have built-in remote management and need no separate management card.

Internally, Ethernet-based out-of-band management can either use a dedicated separate Ethernet connection, or some kind of traffic multiplexing can be performed on the system's regular Ethernet connection. That way, a common Ethernet connection becomes shared between the computer's operating system and the integrated baseboard management controller (BMC), usually by configuring the network interface controller (NIC) to perform Remote Management Control Protocol (RMCP) ports filtering, use a separate MAC address, or to use a virtual LAN (VLAN). Thus, out-of-band nature of the management traffic is ensured in a shared-connection scenario, as the system configures the NIC to extract the management traffic from the incoming traffic flow on the hardware level, and to route it to the BMC before reaching the host and its operating system. [5]

Both in-band and out-of-band management are usually done through a network connection, but an out-of-band management card can use a physically separated network connector if preferred. A remote management card usually has at least a partially independent power supply and can switch the main machine on and off through the network. Because a special device is required for each machine, out-of-band management can be much more expensive.

Serial consoles are an in-between case: they are technically OOB as they do not require the primary network to be functioning for remote administration. However, without special hardware, a serial console cannot configure the UEFI (or BIOS) settings, reinstall the operating system remotely, or fix problems that prevent the system from booting.

See also

Related Research Articles

<span class="mw-page-title-main">Wake-on-LAN</span> Mechanism to wake up computers via a network

Wake-on-LAN is an Ethernet or Token Ring computer networking standard that allows a computer to be turned on or awakened from sleep mode by a network message.

A network switch is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device.

Internet Small Computer Systems Interface or iSCSI is an Internet Protocol-based storage networking standard for linking data storage facilities. iSCSI provides block-level access to storage devices by carrying SCSI commands over a TCP/IP network. iSCSI facilitates data transfers over intranets and to manage storage over long distances. It can be used to transmit data over local area networks (LANs), wide area networks (WANs), or the Internet and can enable location-independent data storage and retrieval.

<span class="mw-page-title-main">Network interface controller</span> Hardware component that connects a computer to a network

A network interface controller is a computer hardware component that connects a computer to a computer network.

RealVNC is a company that provides remote access software. Their VNC Connect software consists of a server and client application, which exchange data over the RFB protocol to allow the Viewer to control the Server's screen remotely. The application is used, for example, by IT support engineers to provide helpdesk services to remote users.

<span class="mw-page-title-main">KVM switch</span> Device that connects computer front-end hardware to multiple computers

A KVM switch is a hardware device that allows a user to control multiple computers from one or more sets of keyboards, video monitors, and mouse.

<span class="mw-page-title-main">QEMU</span> Free virtualization and emulation software

QEMU is a free and open-source emulator. It emulates a computer's processor through dynamic binary translation and provides a set of different hardware and device models for the machine, enabling it to run a variety of guest operating systems. It can interoperate with Kernel-based Virtual Machine (KVM) to run virtual machines at near-native speed. QEMU can also do emulation for user-level processes, allowing applications compiled for one processor architecture to run on another.

<span class="mw-page-title-main">Terminal server</span> Device that interfaces serial hosts to a network

A terminal server connects devices with a serial port to a local area network (LAN). Products marketed as terminal servers can be very simple devices that do not offer any security functionality, such as data encryption and user authentication. The primary application scenario is to enable serial devices to access network server applications, or vice versa, where security of the data on the LAN is not generally an issue. There are also many terminal servers on the market that have highly advanced security functionality to ensure that only qualified personnel can access various servers and that any data that is transmitted across the LAN, or over the Internet, is encrypted. Usually, companies that need a terminal server with these advanced functions want to remotely control, monitor, diagnose and troubleshoot equipment over a telecommunications network.

The Intelligent Platform Management Interface (IPMI) is a set of computer interface specifications for an autonomous computer subsystem that provides management and monitoring capabilities independently of the host system's CPU, firmware and operating system. IPMI defines a set of interfaces used by system administrators for out-of-band management of computer systems and monitoring of their operation. For example, IPMI provides a way to manage a computer that may be powered off or otherwise unresponsive by using a network connection to the hardware rather than to an operating system or login shell. Another use case may be installing a custom operating system remotely. Without IPMI, installing a custom operating system may require an administrator to be physically present near the computer, insert a DVD or a USB flash drive containing the OS installer and complete the installation process using a monitor and a keyboard. Using IPMI, an administrator can mount an ISO image, simulate an installer DVD, and perform the installation remotely.

The Dell Remote Access Controller (DRAC) is an out-of-band management platform on certain Dell servers. The platform may be provided on a separate expansion card, or integrated into the main board; when integrated, the platform is referred to as iDRAC.

Integrated Lights-Out, or iLO, is a proprietary embedded server management technology by Hewlett-Packard Enterprise which provides out-of-band management facilities. The physical connection is an Ethernet port that can be found on most ProLiant servers and microservers of the 300 and above series.

In computer networking, DECserver initially referred to a highly successful family of asynchronous console server / terminal server / print server products introduced by Digital Equipment Corporation (DEC) and later referred to a class of UNIX-variant application and file server products based upon the MIPS processor. In February 1998, DEC sold its Network Products Business to Cabletron, which then spun out as its own company, Digital Networks, in September 2000.

<span class="mw-page-title-main">Perle Systems</span> Manufacturer of device networking hardware

Perle Systems is a technology company that develops and manufactures serial to Ethernet, fiber to Ethernet, I/O connectivity, and device networking equipment. These types of products are commonly used to establish network connectivity across multiple locations, securely transmit sensitive information across a LAN, and remotely monitor and control networked devices via out-of-band management.

<span class="mw-page-title-main">Intel vPro</span> Umbrella marketing term by Intel

Intel vPro technology is an umbrella marketing term used by Intel for a large collection of computer hardware technologies, including VT-x, VT-d, Trusted Execution Technology (TXT), and Intel Active Management Technology (AMT). When the vPro brand was launched, it was identified primarily with AMT, thus some journalists still consider AMT to be the essence of vPro.

The IBM Remote Supervisor Adapter is a full-length ISA or PCI adapter produced by the IBM corporation.

The current portfolio of PowerConnect switches are now being offered as part of the Dell Networking brand: information on this page is an overview of all current and past PowerConnect switches as per August 2013, but any updates on current portfolio will be detailed on the Dell Networking page.

<span class="mw-page-title-main">Intel Active Management Technology</span> Out-of-band management platform

Intel Active Management Technology (AMT) is hardware and firmware for remote out-of-band management of select business computers, running on the Intel Management Engine, a microprocessor subsystem not exposed to the user, intended for monitoring, maintenance, updating, and repairing systems. Out-of-band (OOB) or hardware-based management is different from software-based management and software management agents.

A headless computer is a computer system or device that has been configured to operate without a monitor, keyboard, and mouse. A headless system is typically controlled over a network connection, although some headless system devices require a serial connection to be made over RS-232 for administration of the device. Headless operation of a server is typically employed to reduce operating costs.

<span class="mw-page-title-main">Dell M1000e</span> Server computer

The Dell blade server products are built around their M1000e enclosure that can hold their server blades, an embedded EqualLogic iSCSI storage area network and I/O modules including Ethernet, Fibre Channel and InfiniBand switches.

Management Component Transport Protocol (MCTP) is a protocol designed by the Distributed Management Task Force (DMTF) to support communications between different intelligent hardware components that make up a platform management subsystem, providing monitoring and control functions inside a managed computer system. This protocol is independent of the underlying physical bus properties, as well as the data link layer messaging used on the bus. The MCTP communication model includes a message format, transport description, message exchange patterns, and operational endpoint characteristics.

References

  1. "On-board IPMI BMC specification". Super Micro Computer. Retrieved 2014-02-21.
  2. "American Megatrends MegaRAC G4 user's guide" (PDF). American Megatrends. p. 1. Retrieved 2020-07-10.
  3. "features embedded VNC® for remote control at Intel Developer Forum". RealVNC. 2011-09-02. Retrieved 2014-02-21.
  4. Oracle Integrated Lights Out Manager
  5. "Intel Ethernet Controller I210 Datasheet" (PDF). Intel. 2013. pp. 1, 15, 52, 621–776. Retrieved 2013-11-09.