In systems management, out-of-band management involves the use of management interfaces (or serial ports) for managing networking equipment. Out-of-band (''OOB'') management is a networking term which refers to accessing and managing network infrastructure at remote locations, and doing it through a separate management plane from the production network. Cellular 4G and 5G networks are used today for out-of-band management and many manufacturers have it as a product offering. Out-of-band management is now considered an essential network component to ensure business continuity.
Out-of-band management allows the network operator to establish trust boundaries in accessing the management function to apply it to network resources. It also can be used to ensure management connectivity (including the ability to determine the status of any network component) independent of the status of other ''in-band'' network components.
In computing, one form of out-of-band management is sometimes called lights-out management (LOM) and involves the use of a dedicated management channel for device maintenance. It allows a system administrator to monitor and manage servers and other network-attached equipment by remote control regardless of whether the machine is powered on or whether an OS is installed or functional.
By contrast, ''in-band management'' through VNC or
SSH
The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution.
SSH applications are based on ...
is based on in-band connectivity (the usual network channel). It typically requires software that must be installed on the remote system being managed and only works after the operating system has been booted and networking is brought up. It does not allow management of remote network components independently of the current status of other network components. A classic example of this limitation is when a sysadmin attempts to reconfigure the network on a remote machine only to find themselves locked out and unable to fix the problem without physically going to the machine. Despite these limitations, in-band solutions are still common because they are simpler and much lower-cost.
Both in-band and out-of-band management are usually done through a network connection, but an out-of-band management card can use a physically separated network connector if preferred. A remote management card usually has at least a partially independent power supply and can switch the main machine on and off through the network. Because a special device is required for each machine, out-of-bandwidth management can be much more expensive.
Serial consoles are an in-between case: they are technically OOB as they do not require the primary network to be functioning for remote administration. However, without special hardware, a serial console cannot configure the UEFI (or BIOS) settings, reinstall the operating system remotely, or fix problems that prevent the system from booting.
Purpose
A complete remote management system allows remote reboot, shutdown, powering on; hardware sensor monitoring (fan speed, power voltages, chassis intrusion, etc.); broadcasting of video output to remote terminals and receiving of input from remote keyboard and mouse (
KVM over IP
A KVM switch (with KVM being an abbreviation for "keyboard, video, and mouse") is a hardware device that allows a user to control multiple computers from one or more sets of keyboards, video monitors, and mice.
Name
Switches to connect ...
). It also can access local media like a DVD drive, or
disk image
A disk image, in computing, is a computer file containing the contents and structure of a disk volume or of an entire data storage device, such as a hard disk drive, tape drive, floppy disk, optical disc, or USB flash drive. A disk image is us ...
s, from the remote machine. If necessary, this allows one to perform remote installation of the operating system. Remote management can be used to adjust BIOS settings that may not be accessible after the operating system has already booted. Settings for hardware
RAID
Raid, RAID or Raids may refer to:
Attack
* Raid (military), a sudden attack behind the enemy's lines without the intention of holding ground
* Corporate raid, a type of hostile takeover in business
* Panty raid, a prankish raid by male college ...
or
RAM
Ram, ram, or RAM may refer to:
Animals
* A male sheep
* Ram cichlid, a freshwater tropical fish
People
* Ram (given name)
* Ram (surname)
* Ram (director) (Ramsubramaniam), an Indian Tamil film director
* RAM (musician) (born 1974), Dutch
* ...
timings can also be adjusted as the management card needs no hard drives or main memory to operate.
As management via
serial port
In computing, a serial port is a serial communication interface through which information transfers in or out sequentially one bit at a time. This is in contrast to a parallel port, which communicates multiple bits simultaneously in parallel. ...
has traditionally been important on servers, a complete remote management system also allows interfacing with the server through a serial over LAN cable.
As sending monitor output through the network is bandwidth intensive, cards like AMI's
MegaRAC use built-in video compression (versions of
VNC
Virtual Network Computing (VNC) is a graphical desktop-sharing system that uses the Remote Frame Buffer protocol (RFB) to remotely control another computer. It transmits the keyboard and mouse input from one computer to another, relaying the g ...
are often used in implementing this).
Devices like
Dell DRAC
The Dell Remote Access Controller, or DRAC, is an out-of-band management platform on certain Dell servers. The platform may be provided on a separate expansion card, or integrated into the main board; when integrated, the platform is referred to a ...
also have a slot for a memory card where an administrator may keep server-related information independently from the main hard drive.
The remote system can be accessed either through an
SSH
The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution.
SSH applications are based on ...
command-line interface, specialized client software, or through various web-browser-based solutions. Client software is usually optimized to manage multiple systems easily.
There are also various scaled-down versions, up to devices that only allow remote reboot by
power cycling
Power cycling is the act of turning a piece of equipment, usually a computer, off and then on again. Reasons for power cycling include having an electronic device reinitialize its set of configuration parameters or recover from an unresponsive sta ...
the server. This helps if the operating system hangs, but only needs a reboot to recover.
Implementation
Remote management can be enabled on many computers (not necessarily only servers) by adding a remote management card (while some cards only support a limited list of motherboards). Newer server motherboards often have built-in remote management and need no separate management card.
Internally,
Ethernet
Ethernet () is a family of wired computer networking technologies commonly used in local area networks (LAN), metropolitan area networks (MAN) and wide area networks (WAN). It was commercially introduced in 1980 and first standardized in 198 ...
-based out-of-band management can either use a dedicated separate Ethernet connection, or some kind of traffic multiplexing can be performed on the system's regular Ethernet connection. That way, a common Ethernet connection becomes shared between the computer's operating system and the integrated
baseboard management controller
The Intelligent Platform Management Interface (IPMI) is a set of computer interface specifications for an autonomous computer subsystem that provides management and monitoring capabilities independently of the host system's CPU, firmware (BIOS or ...
(BMC), usually by configuring the
network interface controller
A network interface controller (NIC, also known as a network interface card, network adapter, LAN adapter or physical network interface, and by similar terms) is a computer hardware component that connects a computer to a computer network.
Ear ...
(NIC) to perform
Remote Management Control Protocol (RMCP) ports filtering, use a separate MAC address, or to use a virtual LAN (
VLAN
A virtual local area network (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer ( OSI layer 2).IEEE 802.1Q-2011, ''1.4 VLAN aims and benefits'' In this context, virtual, refers to a ph ...
). Thus, out-of-band nature of the management traffic is ensured in a shared-connection scenario, as the system configures the NIC to extract the management traffic from the incoming traffic flow on the hardware level, and to route it to the BMC before reaching the host and its operating system.
Remote CLI access
An older version of out-of-band management is a layout involving the availability of a separate network that allows network administrators to get command-line interface access over the
console ports of
network equipment
Networking hardware, also known as network equipment or computer networking devices, are electronic devices which are required for communication and interaction between devices on a computer network. Specifically, they mediate data transmission ...
, even when those devices are not forwarding any payload traffic.
If a location has several network devices, a
terminal server
A terminal server connects devices with a serial port to a local area network (LAN). Products marketed as terminal servers can be very simple devices that do not offer any security functionality, such as data encryption and user authentication ...
can provide access to different console ports for direct CLI access. In case there is only one or just a few network devices, some of them provide AUX ports making it possible to connect a dial-in modem for direct CLI access. The mentioned terminal server can often be accessed via a separate network that does not use managed switches and routers for a connection to the central site, or it has a modem connected via dial-in access through
POTS or
ISDN
Integrated Services Digital Network (ISDN) is a set of communication standards for simultaneous digital transmission of voice, video, data, and other network services over the digitalised circuits of the public switched telephone network. Wo ...
.
See also
*
Intelligent Platform Management Interface
The Intelligent Platform Management Interface (IPMI) is a set of computer interface specifications for an autonomous computer subsystem that provides management and monitoring capabilities independently of the host system's CPU, firmware ( BIOS o ...
(IPMI; a server out-of-band management standard protocol)
*
Redfish (specification)
The Redfish standard is a suite of specifications that deliver an industry standard protocol providing a RESTful interface for the management of servers, storage, networking, and converged infrastructure.
History
The Redfish standard has been ...
(a server out-of-band management standard protocol)
*
Management Component Transport Protocol
Management Component Transport Protocol (MCTP) is a protocol designed by the Distributed Management Task Force (DMTF) to support communications between different intelligent hardware components that make up a platform management subsystem, provid ...
(MCTP; a low-level protocol used for controlling hardware components)
*
Desktop and mobile Architecture for System Hardware
Desktop and mobile Architecture for System Hardware (DASH) is a Distributed Management Task Force (DMTF) standard.
Description
In April 2007 the Desktop and Mobile Working Group (DMWG) of the DMTF started work on an implementation requirements ...
(an out-of-band management standard protocol)
*
Intel Active Management Technology
Intel Active Management Technology (AMT) is hardware and firmware for remote out-of-band management of select business computers, running on the Intel Management Engine, a microprocessor subsystem not exposed to the user, intended for monitorin ...
(AMT; Intel's out-of-band management technology)
* AMD PRO
*
HP Integrated Lights-Out
Integrated Lights-Out, or iLO, is a proprietary embedded server management technology by Hewlett-Packard Enterprise which provides out-of-band management facilities. The physical connection is an Ethernet port that can be found on most ProLian ...
(iLO; HP's out-of-band management implementation for x86 and newer Integrity servers)
*
Dell DRAC
The Dell Remote Access Controller, or DRAC, is an out-of-band management platform on certain Dell servers. The platform may be provided on a separate expansion card, or integrated into the main board; when integrated, the platform is referred to a ...
(iDRAC; DELL's out-of-band management implementation)
*
IBM Remote Supervisor Adapter
The IBM Remote Supervisor Adapter is a full-length ISA or PCI adapter produced by the IBM corporation.
Adapter versions Systems Management Adapter (ASMA)
This is a full-length ISA or PCI adapter. The ISA version is very rare, and was only ev ...
or Integrated Management Module (IMM; IBM's out-of-band management implementation)
* Lenovo XClarity Controller (XCC)
*
Sun LOM port (Lights Out Management port) is a remote access facility on Sun servers.
*
ZPE systems serial console plus ZPE may refer to:
*Zero-point energy
*''Zeitschrift für Papyrologie und Epigraphik
The ''Zeitschrift für Papyrologie und Epigraphik'' (commonly abbreviated ZPE; "Journal of Papyrology and Epigraphy") is a peer-reviewed academic journal which con ...
ZPE systems serial console
*
Opengear
Opengear is a global computer network technology company headquartered in Edison, New Jersey, U.S., with R&D operations in Brisbane, Qld, Australia and production in Sandy, UT.
The company develops and manufactures "smart out-of-band infrastru ...
("smart out-of-band infrastructure management" products)
*
Perle Systems
Perle Systems is a technology company that develops and manufactures serial to Ethernet, fiber to Ethernet, I/O connectivity, and device networking equipment. These types of products are commonly used to establish network connectivity across mult ...
(Advanced Console Servers for secure out-of-band management of any device with a serial, USB, or Ethernet console management port)
References
External links
*{{Commonscatinline
System administration