Intelligent Platform Management Interface

For example, IPMI provides a way to manage a computer that may be powered off or otherwise unresponsive by using a network connection to the hardware rather than to an operating system or login shell.

[3][4] Using a standardized interface and protocol allows systems-management software based on IPMI to manage multiple, disparate servers.

The standard also defines an alerting mechanism for the system to send a simple Network Management Protocol (SNMP) platform event trap (PET).

The satellite controllers within the same chassis connect to the BMC via the system interface called Intelligent Platform Management Bus/Bridge (IPMB) – an enhanced implementation of I²C (Inter-Integrated Circuit).

A BMC utilized for embedded applications may have limited memory and require optimized firmware code for implementation of the full IPMI functionality.

A field-replaceable unit (FRU) repository holds the inventory, such as vendor ID and manufacturer, of potentially replaceable devices.

The administrator can also remotely communicate with the BMC to take some corrective actions – such as resetting or power cycling the system to get a hung OS running again.

[9] On 2 July 2013, Rapid7 published a guide to security penetration testing of the latest IPMI 2.0 protocol and implementations by various vendors.

[10] Some sources in 2013 were advising against using the older version of IPMI,[5] due to security concerns related to the design and vulnerabilities of Baseboard Management Controllers (BMCs).

[citation needed] The DMTF organization has developed a secure and scalable interface specification called Redfish to work in modern datacenter environments.

The use of default short passwords, or "cipher 0" hacks can be easily overcome with the use of a RADIUS server for Authentication, Authorization, and Accounting (AAA) over SSL as is typical in a datacenter or any medium to large deployment.

The user's RADIUS server can be configured to store AAA securely in an LDAP database using either FreeRADIUS/OpenLDAP or Microsoft Active Directory and related services.

Role-based access provides a way to respond to current and future security issues by increasing amounts of restriction for higher roles.

IPMI architecture diagram shows BMC sideband via SMBUS.
Interfaces to the baseboard management controller (BMC)
Fully integrated BMC as a single chip on a server motherboard