Network managers of enterprise server racks and clusters will find this article to be a quick review of what they utilize every day but it may be enlightening to those who have not dealt with managing a large number of remote devices. This requirement is becoming more common as embedded devices have moved from standalone configurations, to network configurations, to a large number of devices.
The approach to many embedded designs is to make them as robust as possible and to provide a remote management and upgrade facility as part of the embedded application environment. This has the advantage of using a single, potentially simplier platform. The approach was common when processors were expensive and the idea of putting more than one in a system was laughed at. That time has long since past but the design philosophy still exists.
Putting extra service processors around a server for out-of-band control has long been common and even adding a service processor to microcontrollers is becoming more common. NXP's LPC4000 combines an ARM Cortex-M0 and Cortex-M4 DSP (see Expect More Mixed Cores, Less Power, And Faster Storage). In many cases, the lower performance processor controls the main processor. The control processor typically has the ability to reset the system and often update the BIOS. The approach has many advantages including those related to security because the host processor can be prevented from performing functions like BIOS update allowing developers to secure the simpler, more limited control processor.
Dealing with the LPC4000 will likely entail a custom interface but servers and now personal PCs have a range of standard interface mechanisms including.
- Intelligent Platform Management Interface (IPMI)
- Simple Network Management Protocol (SNMP)
- Intel Active Management Technology (AMT)
- Web-based management interface
Many systems support some or all of these interfaces. I happened to have Super Micro Computer's (SuperMicro) AS-4022G-6F A+ Server (see Hands-on SuperMicro's 32-core A+ Server) on hand to check some of these out.
The AS-4022G-6F does not support Intel AMT because this is a standard for Intel chips. In particular, AMT support is part of the Core vPro processor series that target enterprise servers and laptops. SuperMicro's Intel vPro-based solutions support AMT as well as SNMP and IPMI .
IPMI, SNMP and AMT are logically headless designs that have a network interface but do not present a user interface. This is normally provided as part of a control application. AMT does have a remote KVM (keyboard, video, mouse) component that allow remote interaction with the host's screen. Web-based management tools often provide remote KVM support. This is the case with SuperMicro's web-based remote management component.
Most server vendors provide capabilities similar to SuperMicro. For example, Dell OpenManage includes server administration tools designed to manage large numbers of remote servers and systems. The tools are often used to provide access to vendor-specific features or extensions although they typically use the standards such as IPMI and SNMP.
IPMI provides a hierarchical view (Fig. 1) of a system (see Fundamentals Of The Intelligent Platform Management Interface). It allows drill down access through a baseboard management controller (BMC) to devices within devices providing fine grain, modular control. Access to internal controllers is often done using the SMBus, a variant of I2C. IPMI is a common standard in high performance embedded platforms like AdvancedTCA, VPX, and CompactPCI. I wound up exercising the SuperMicro system's IPMI using OpenIPMI and the openipmigui. I will not get into IPMI details here because it is a topic that requires books to cover well. Simply know that I could check out the status of the hot swap power supply on the system as easily as checking on the processor temperature.
The Simple Network Management Protocol (SNMP) is just that, simple. IPMI tends to target the interior of a system and is usually intimately linked to the hardware. SNMP tends to be targeting systems and is more common in enterprise environments. SNMP agents often provide management of software components.
SNMP provides a messaging system for notification and it is often used in conjunction with the other standards. For example, IPMI can send SNMP notifications in response to a platform event trap (PET). SNMP uses a Management Information Base (MIB) definition to describe an agent's interface. A number of standard MIBs are available and the approach allows custom, target-specific features to be revealed allowing standard management tools to access these features.
AMT also shares IPMI and SNMP heritage. AMT specifically targets the host processor and is implemented as part of host and its chipset all brought to you by Intel. It can provide remote KVM support as well even through VPN gateways using the Fast Call For Help support. This is especially useful for managing desktop and laptops.
A web-based interface allows a browser to access and control a system. These interfaces work with standard web browsers but the interface tends to be vendor-specific. In my case, I am using SuperMicro's version (Fig. 2) that provides the usual status information as well as the ability to control the system, program the BIOS and perform other management functions.
Web-based management is useful for working with a small number of devices or to fix a particular device versus IPMI and SNMP that are designed to handle large numbers at the same time. In this sense, the web-based management is more similar to AMT although AMT also has aspects that lend itself to IPMI and SNMP type support.
SuperMicro's web-based interface has a few tricks up its sleeve in addition to providing remote KVM access and support. One trick is to expose a logical floppy disk or optical drive to the system. This allows a network manager to specify a file or remote device to be used as if it were a local device. It can do things like boot an operating system from a CD image even though the system has no optical drive.
The web interface can be used to configure features like IPMI and provides significantly more power but all the capability of the usual BIOS POST (power-on self test) post interface. Even the authentication and other security features of the SuperMicro web interface are extensive with support for network interfaces such as RADIUS, LDAP, and Active Directory (Fig. 3). Like IPMI, the feature list for this interface is too extensive to even list here. It is sufficient to note that essentially everything configurable on the system is available via this interface.
Much of the management magic is brought to you via Winbond's integrated BMC chip. This provides display support as well as the remote KVM support. It is also the gateway to the other IPMI devices within the system such as the removeable power supply. Actually the case I used has the capability to handle dual, hot swappable power supplies.
I have left out how SuperMicro's out-of-band communication works thus far. It is based on Ethernet as you may have noted. The motherboard actually has three Ethernet ports. Two are for the host and one is for IPMI/SNMP/web control interface. An added feature is the ability to automatically map the control interface to either of the other Ethernet ports. A single cable can be used to connect the system to a switch and VPN support can be used to logically isolate the two. Of course, it is possible to use the dedicated connection and completely isolate the control network from the regular application network.
As you might guess, there is a lot of overlap among these mangement solutions. Often a network manager may employ one or more than one of these depending upon their requirements. In fact, different groups within an organization may use different tools to manage the same device.
I really like SuperMicro's implementation and would recommend it to anyone needing a server. The support is similar or identical to that found on other SuperMicro systems although this is the first I have tried that has this level of integration. I would not want to do without features like the web interface or IPMI in the future. Ignore them at your own peril.