Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1383
  • Last Modified:

Will an intermediate firewall interfere with IPMI?

I actually have a few questions about IPMI, and have had a very hard time finding good data online. Here we go:

1. Will an intermediate firewall interfere with IPMI? For example, I want to use IPMI to control a server of mine that is on another organization's network. Say they are running a firewall somewhere between me and my server, and allowing only port 80 to reach my system. When I try to contact my server's NIC to accomplish tasks via IPMI, what will happen? If the firewall is a problem, what kind of hole needs to be opened up to solve it? My current understanding is that IPMI used UDP, but no port, as the packets are intercepted before they ever reach the OS. Keep in mind that I'm talking about the IPMI protocol itself, not any particular software that uses IPMI to provide a server management interface.

2. Is there any problem with using IPMI over the Internet via a truly *Local* Area Network (LAN)? I see the term "IPMI over LAN" all over the place, and that makes me nervous. Some things that are available on a LAN (like MAC addresses) are not available over the Internet. Also, does the Internet reliably support IP Multicasting at this point?

3. Does anyone know of good sources of information on *using* IPMI to accomplish server management over the Internet? Mostly all I can find are press releases, hardware, and vague references to "IMPI may be a solution to your problem..."
0
furball4
Asked:
furball4
  • 6
  • 2
1 Solution
 
DoTheDEW335Commented:
I'm looking into this to try to find you some answers. But I have difficulty understanding a few things. It could be a lack on knowledge on my part. If so I appologize.

1. Have you ever heard of IPMI being able to transmit via Internet?

2. You stated"Is there any problem with using IPMI over the Internet via a truly *Local* Area Network (LAN)?" What do you mean Internet via a truly LAN? a LAN is seperate from the Internet, the only way you could really get into another LAN on the internet via VPN. Is this what you mean? Trying to use IPMI through VPN?
0
 
DoTheDEW335Commented:
My question 1 is stated wrong, ignore it please. (Very wrong lol)
0
 
DoTheDEW335Commented:
Take a look here, See if it's what your looking for:
http://www.afc.com/documents/literature_library/IPMI-7670-0024.pdf
http://www.ami.com/support/doc/ums-datasheet.pdf

1 Of those two I believe will be what you are asking to do, As far as information about it I found nothing that couldn't be found easily so I do not have any good documentation for you.
0
Sign your company up to try the MB 660 headset now

Take control and stay focused in noisy open office environments with the MB 660. By reducing background noise, you can revitalize your office and improve concentration.

 
mlynch24Commented:
The nature of IPMI is to create a secure hardware solution for remote connections to do administration. There are a multitude of vendors with complete packages. You should find what your budget limitations are and pick a reliable vendor. The firewall reference is kind of silly since authorized connections will be enabled in the firewall itself by the administrator(s), again, if it is an authorized activity!  
0
 
furball4Author Commented:
Thank you  DoTheDEW335, I mis-stated my question #2 as well. I meant to insert "as opposed to", like this: "Is there any problem with using IPMI over the Internet as opposed to via a truly *Local* Area Network (LAN)?"

Thanks for the PDF's. I think I've figured out one aspect of my problem, and that is that there is no one answer: IPMI doesn't demand a certain kind of network, but implementations of IPMI do. For example, I found one previous IPMI solution that operated over UDP. The AFC solution in the first PDF you mention operates over TCP (in one of its modes). I think maybe the IPMI specification doesn't cover the "how" of communication, but just the "what". That would mean I won't get any single, authoritative answer to my question.
0
 
furball4Author Commented:
mlynch24, I understand your perception regarding the firewall question, but I am investigating IPMI for use in a datacenter that is not my own. Therefore I don't have complete control over all of the firewalls that might be between my server and myself. And, to the extent that I do have control, I don't want to have to exercise it because it will be a hassle for someone that I am trying not to inconvenience.

As for picking a vendor, none of them do what I want when it comes to software. I plan to integrate IPMI functionality into own server management app using the ipmi-tools package for Linux.
0
 
DoTheDEW335Commented:
Your welcome, I am glad those PDF's helped out a little.
0
 
DoTheDEW335Commented:
no objections there ;)
0
 
DoTheDEW335Commented:
er here i meant :0
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now