Will an intermediate firewall interfere with IPMI?

I actually have a few questions about IPMI, and have had a very hard time finding good data online. Here we go:

1. Will an intermediate firewall interfere with IPMI? For example, I want to use IPMI to control a server of mine that is on another organization's network. Say they are running a firewall somewhere between me and my server, and allowing only port 80 to reach my system. When I try to contact my server's NIC to accomplish tasks via IPMI, what will happen? If the firewall is a problem, what kind of hole needs to be opened up to solve it? My current understanding is that IPMI used UDP, but no port, as the packets are intercepted before they ever reach the OS. Keep in mind that I'm talking about the IPMI protocol itself, not any particular software that uses IPMI to provide a server management interface.

2. Is there any problem with using IPMI over the Internet via a truly *Local* Area Network (LAN)? I see the term "IPMI over LAN" all over the place, and that makes me nervous. Some things that are available on a LAN (like MAC addresses) are not available over the Internet. Also, does the Internet reliably support IP Multicasting at this point?

3. Does anyone know of good sources of information on *using* IPMI to accomplish server management over the Internet? Mostly all I can find are press releases, hardware, and vague references to "IMPI may be a solution to your problem..."
LVL 2
furball4Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DoTheDEW335Commented:
I'm looking into this to try to find you some answers. But I have difficulty understanding a few things. It could be a lack on knowledge on my part. If so I appologize.

1. Have you ever heard of IPMI being able to transmit via Internet?

2. You stated"Is there any problem with using IPMI over the Internet via a truly *Local* Area Network (LAN)?" What do you mean Internet via a truly LAN? a LAN is seperate from the Internet, the only way you could really get into another LAN on the internet via VPN. Is this what you mean? Trying to use IPMI through VPN?
0
DoTheDEW335Commented:
My question 1 is stated wrong, ignore it please. (Very wrong lol)
0
DoTheDEW335Commented:
Take a look here, See if it's what your looking for:
http://www.afc.com/documents/literature_library/IPMI-7670-0024.pdf
http://www.ami.com/support/doc/ums-datasheet.pdf

1 Of those two I believe will be what you are asking to do, As far as information about it I found nothing that couldn't be found easily so I do not have any good documentation for you.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

mlynch24Commented:
The nature of IPMI is to create a secure hardware solution for remote connections to do administration. There are a multitude of vendors with complete packages. You should find what your budget limitations are and pick a reliable vendor. The firewall reference is kind of silly since authorized connections will be enabled in the firewall itself by the administrator(s), again, if it is an authorized activity!  
0
furball4Author Commented:
Thank you  DoTheDEW335, I mis-stated my question #2 as well. I meant to insert "as opposed to", like this: "Is there any problem with using IPMI over the Internet as opposed to via a truly *Local* Area Network (LAN)?"

Thanks for the PDF's. I think I've figured out one aspect of my problem, and that is that there is no one answer: IPMI doesn't demand a certain kind of network, but implementations of IPMI do. For example, I found one previous IPMI solution that operated over UDP. The AFC solution in the first PDF you mention operates over TCP (in one of its modes). I think maybe the IPMI specification doesn't cover the "how" of communication, but just the "what". That would mean I won't get any single, authoritative answer to my question.
0
furball4Author Commented:
mlynch24, I understand your perception regarding the firewall question, but I am investigating IPMI for use in a datacenter that is not my own. Therefore I don't have complete control over all of the firewalls that might be between my server and myself. And, to the extent that I do have control, I don't want to have to exercise it because it will be a hassle for someone that I am trying not to inconvenience.

As for picking a vendor, none of them do what I want when it comes to software. I plan to integrate IPMI functionality into own server management app using the ipmi-tools package for Linux.
0
DoTheDEW335Commented:
Your welcome, I am glad those PDF's helped out a little.
0
DoTheDEW335Commented:
no objections there ;)
0
DoTheDEW335Commented:
er here i meant :0
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.