Chapter 4

IPMI & Out-of-Band Access

Remote power, console, when the OS is dead.

Learning objectives

  • Access IPMI/iDRAC/iLO for power and console
  • Know when out-of-band beats SSH
  • Secure the management interface

When the OS is dead

SSH requires a running network stack and sshd. If Workshop Co.’s kernel panics during a kernel upgrade, you need out-of-band (OOB) management — hardware-level access independent of the OS.

Vendors call it IPMI, Dell iDRAC, HPE iLO, or Supermicro IPMI. Swift Host gives Workshop Co. a dedicated management IP on a private VLAN.

What OOB lets you do

  • Power on / off / hard reset
  • Mount virtual ISO for OS install or rescue
  • Serial/console view of boot — see GRUB, fsck prompts
  • Read hardware sensors (temp, fan, PSU status)
Public traffic ──► 203.0.113.10 (production NIC)
Management     ──► 10.0.50.12 (IPMI — VPN / jump host only)
Never expose IPMI to the internet

IPMI has a troubled security history. Place it on a management VLAN, firewall aggressively, strong password + firmware updates. Swift Host typically restricts IPMI to staff VPN.

Worked example — stuck at initramfs

After a power blip, Workshop Co.’s server boots to initramfs shell — root UUID mismatch. SSH is down. Operator uses IPMI KVM console, runs blkid, fixes /etc/fstab from rescue ISO mounted via virtual media, reboots. Production restored without a site visit to Edmonton DC.

Typical access flow

  1. Connect VPN to Swift Host management network
  2. Open browser to IPMI web UI or use ipmitool
  3. Launch remote console (HTML5 or Java KVM)
  4. Power cycle if needed; watch POST for disk errors
# From jump host on management VLAN
ipmitool -I lanplus -H 10.0.50.12 -U admin power status
ipmitool -I lanplus -H 10.0.50.12 -U admin power reset

Try it yourself — OOB vs SSH

Match each task to SSH, IPMI, or both:

  1. Deploy Nginx config
  2. Power on server after PDU trip
  3. Install Ubuntu from ISO
  4. Read CPU temperature
Answer
  1. SSH (OS running)
  2. IPMI
  3. IPMI (virtual media) + then SSH after install
  4. IPMI sensors (or OS tools if up)

Quick quiz

  1. What does OOB mean?
  2. Why mount an ISO via IPMI?
  3. Should IPMI share the public website VLAN?
Answers
  1. Out-of-band — management path separate from production data plane.
  2. Install or rescue an OS when local physical access is impossible.
  3. No — isolate on management network with strict access control.